urlscan.io logo urlscan.io
SecurityTrails logo

imf.qal3a.online Open in urlscan Pro
2a00:1450:4001:810::2013  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://imf.qal3a.online/2022/06/2022.html?m=1
Effective URL: https://imf.qal3a.online/2022/06/2022.html?m=1
Submission: On January 11 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 10 IPs in 2 countries across 8 domains to perform 36 HTTP transactions. The main IP is 2a00:1450:4001:810::2013, located in Frankfurt am Main, Germany and belongs to GOOGLE, US. The main domain is imf.qal3a.online.
TLS certificate: Issued by WR3 on December 7th 2024. Valid for: 3 months.
This is the only time imf.qal3a.online was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2a00:1450:400... 15169 (GOOGLE)
11 216.58.206.34 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
3 172.66.47.36 13335 (CLOUDFLAR...)
2 9 199.232.192.193 54113 (FASTLY)
3 157.240.251.35 32934 (FACEBOOK)
2 142.250.186.131 15169 (GOOGLE)
1 216.58.206.66 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
36 10
2    2a00:1450:4001:810::2013 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
imf.qal3a.online
11    216.58.206.34 (United States)

ASN15169 (GOOGLE, US)
PTR: lhr35s10-in-f2.1e100.net
pagead2.googlesyndication.com
4    2a00:1450:4001:810::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
blogger.googleusercontent.com
3    172.66.47.36 (United States)

ASN13335 (CLOUDFLARENET, US)
od-jsc.pages.dev
9    199.232.192.193 (United States)

ASN54113 (FASTLY, US)
i.imgur.com
3    157.240.251.35 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-01-fra5.facebook.com
www.facebook.com
2    142.250.186.131 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f3.1e100.net
fonts.gstatic.com
1    216.58.206.66 (United States)

ASN15169 (GOOGLE, US)
PTR: tzfraa-aa-in-f2.1e100.net
ep1.adtrafficquality.google
2    2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ep2.adtrafficquality.google
Apex Domain
Subdomains		 Transfer
11 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 110
256 KB
9 imgur.com
i.imgur.com — Cisco Umbrella Rank: 8961
4 MB
4 googleusercontent.com
blogger.googleusercontent.com — Cisco Umbrella Rank: 10221
207 KB
3 adtrafficquality.google
ep1.adtrafficquality.google — Cisco Umbrella Rank: 389
ep2.adtrafficquality.google — Cisco Umbrella Rank: 403
20 KB
3 facebook.com
www.facebook.com — Cisco Umbrella Rank: 120
3 KB
3 pages.dev
od-jsc.pages.dev
37 KB
2 gstatic.com
fonts.gstatic.com
48 KB
2 qal3a.online
imf.qal3a.online
16 KB
36 8
Domain Requested by
11 pagead2.googlesyndication.com imf.qal3a.online
pagead2.googlesyndication.com
9 i.imgur.com 2 redirects imf.qal3a.online
4 blogger.googleusercontent.com imf.qal3a.online
3 www.facebook.com imf.qal3a.online
3 od-jsc.pages.dev client
imf.qal3a.online
2 ep2.adtrafficquality.google pagead2.googlesyndication.com
ep2.adtrafficquality.google
2 fonts.gstatic.com od-jsc.pages.dev
2 imf.qal3a.online imf.qal3a.online
1 ep1.adtrafficquality.google pagead2.googlesyndication.com
36 9

This site contains links to these domains. Also see Links.

Domain
www.blogger.com
Subject Issuer Validity Valid
imf.qal3a.online
WR3		 2024-12-07 -
2025-03-07		 3 months crt.sh
*.g.doubleclick.net
WR2		 2024-12-09 -
2025-03-03		 3 months crt.sh
*.googleusercontent.com
WR2		 2024-12-09 -
2025-03-03		 3 months crt.sh
od-jsc.pages.dev
WE1		 2024-12-04 -
2025-03-04		 3 months crt.sh
*.imgur.com
Sectigo RSA Domain Validation Secure Server CA		 2024-02-15 -
2025-02-14		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-10-20 -
2025-01-18		 3 months crt.sh
*.gstatic.com
WR2		 2024-12-09 -
2025-03-03		 3 months crt.sh
adtrafficquality.google
WR2		 2024-12-09 -
2025-03-03		 3 months crt.sh

This page contains 8 frames:

Primary Page: https://imf.qal3a.online/2022/06/2022.html?m=1
Frame ID: 291F9337C991A940594E5A9EC141C812
Requests: 29 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/html/r20250108/r20190131/zrt_lookup_fy2021.html
Frame ID: EDE94BC210795C87386A6F8B6C0D0315
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/ads?npa=1&client=ca-pub-2457458440571846&output=html&adk=1812271804&adf=3025194257&abgtt=6&lmt=1736082806&plat=2%3A16777216%2C3%3A16%2C4%3A16%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fimf.qal3a.online%2F2022%2F06%2F2022.html%3Fm%3D1&host=ca-host-pub-1556223355139109&pra=5&wgl=1&aihb=0&aiof=3&asro=0&ailel=1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aiael=1~2~3~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aifxl=29_18~30_19&aiixl=29_5~30_6&itsi=-1&aiapm=0.15&aiapmi=0.33938&aief=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1736572598891&bpp=1&bdt=103&idt=145&shv=r20250108&mjsv=m202501030301&ptt=9&saldr=aa&abxe=1&eoidce=1&nras=1&correlator=7063091073651&frm=20&pv=2&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31089555%2C95344788%2C95349404%2C95350244%2C31089638&oid=2&pvsid=1268331467439935&tmod=1562535605&uas=0&nvt=1&fsapi=1&fc=1920&brdim=10%2C10%2C10%2C10%2C1600%2C0%2C1600%2C1285%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&td=1&tdf=2&nt=1&ifi=1&uci=a!1&fsb=1&dtd=163
Frame ID: D7B57BD35361750035386FBE9C1052B9
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/ads?npa=1&client=ca-pub-2457458440571846&output=html&h=280&adk=3088186576&adf=2620106563&pi=t.aa~a.2557519847~rp.1&daaos=1736571347905~1736571347905&w=1200&abgtt=6&fwrn=4&fwrnh=100&lmt=1736082806&rafmt=1&to=qs&pwprc=5555275673&format=1200x280&url=https%3A%2F%2Fimf.qal3a.online%2F2022%2F06%2F2022.html%3Fm%3D1&host=ca-host-pub-1556223355139109&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1736572599613&bpp=1&bdt=826&idt=-M&shv=r20250108&mjsv=m202501030301&ptt=9&saldr=aa&abxe=1&eoidce=1&prev_fmts=0x0&nras=2&correlator=7063091073651&frm=20&pv=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2955&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31089555%2C95344788%2C95349404%2C95350244%2C31089638&oid=2&pvsid=1268331467439935&tmod=1562535605&uas=0&nvt=1&fc=1920&brdim=10%2C10%2C10%2C10%2C1600%2C0%2C1600%2C1285%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&td=1&tdf=2&nt=1&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=5
Frame ID: 35C73AB7DC42363B364C8CE9C8582536
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/ads?npa=1&client=ca-pub-2457458440571846&output=html&h=280&adk=3088186576&adf=3215562993&pi=t.aa~a.768111169~rp.4&daaos=1736571347905~1736571347905&w=1200&abgtt=6&fwrn=4&fwrnh=100&lmt=1736082806&rafmt=1&to=qs&pwprc=5555275673&format=1200x280&url=https%3A%2F%2Fimf.qal3a.online%2F2022%2F06%2F2022.html%3Fm%3D1&host=ca-host-pub-1556223355139109&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1736572599613&bpp=1&bdt=826&idt=-M&shv=r20250108&mjsv=m202501030301&ptt=9&saldr=aa&abxe=1&eoidce=1&prev_fmts=0x0%2C1200x280&nras=3&correlator=7063091073651&frm=20&pv=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1397&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31089555%2C95344788%2C95349404%2C95350244%2C31089638&oid=2&pvsid=1268331467439935&tmod=1562535605&uas=0&nvt=1&fc=1920&brdim=10%2C10%2C10%2C10%2C1600%2C0%2C1600%2C1285%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&td=1&tdf=2&nt=1&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=8
Frame ID: 1B272D862830C39EAB1BD14530DD5F9A
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/ads?npa=1&client=ca-pub-2457458440571846&output=html&h=280&adk=3088186576&adf=1071414349&pi=t.aa~a.3299938725~rp.4&daaos=1736571347905~1736571347905&w=1200&abgtt=6&fwrn=4&fwrnh=100&lmt=1736082806&rafmt=1&to=qs&pwprc=5555275673&format=1200x280&url=https%3A%2F%2Fimf.qal3a.online%2F2022%2F06%2F2022.html%3Fm%3D1&host=ca-host-pub-1556223355139109&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1736572599613&bpp=1&bdt=825&idt=0&shv=r20250108&mjsv=m202501030301&ptt=9&saldr=aa&abxe=1&eoidce=1&prev_fmts=0x0%2C1200x280%2C1200x280&nras=4&correlator=7063091073651&frm=20&pv=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2090&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31089555%2C95344788%2C95349404%2C95350244%2C31089638&oid=2&pvsid=1268331467439935&tmod=1562535605&uas=0&nvt=1&fc=1920&brdim=10%2C10%2C10%2C10%2C1600%2C0%2C1600%2C1285%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&td=1&tdf=2&nt=1&ifi=4&uci=a!4&btvi=3&fsb=1&dtd=9
Frame ID: CA30A79150C0D747CF0F6E707509BD8E
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/html/r20250108/r20190131/zrt_lookup_fy2021.html
Frame ID: 4F307D19808B9DBAE0F3CD50968B8045
Requests: 1 HTTP requests in this frame

Frame: https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html
Frame ID: F66E49D051244B961CC80B5FD40A579A
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

برنامج الأغذية العالمي (WPF)

Page URL History Show full URLs

  1. http://imf.qal3a.online/2022/06/2022.html?m=1 HTTP 307
    https://imf.qal3a.online/2022/06/2022.html?m=1 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

36
Requests

92 %
HTTPS

33 %
IPv6

8
Domains

9
Subdomains

10
IPs

2
Countries

4433 kB
Transfer

5230 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://imf.qal3a.online/2022/06/2022.html?m=1 HTTP 307
    https://imf.qal3a.online/2022/06/2022.html?m=1 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10
  • https://i.imgur.com/dik62Au.jpg HTTP 302
  • https://i.imgur.com/removed.png
Request Chain 11
  • https://i.imgur.com/hDBSzIL.jpg HTTP 302
  • https://i.imgur.com/removed.png

36 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 2022.html
imf.qal3a.online/2022/06/
Redirect Chain
  • http://imf.qal3a.online/2022/06/2022.html?m=1
  • https://imf.qal3a.online/2022/06/2022.html?m=1
53 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imf.qal3a.online/2022/06/2022.html?m=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
2a508122371aaaa6e0893260e9f71f665192a55b5bd532aec6ef6da848d3c5e3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cache-control
private, max-age=0
content-encoding
gzip
content-length
13741
content-type
text/html; charset=UTF-8
date
Sat, 11 Jan 2025 05:16:38 GMT
etag
W/"b68a350a1967c4fa4ac959ee779c6381b6377d788f841bc5eb6178d0aff56b91"
expires
Sat, 11 Jan 2025 05:16:38 GMT
last-modified
Sun, 05 Jan 2025 13:13:26 GMT
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block

Redirect headers

Location
https://imf.qal3a.online/2022/06/2022.html?m=1
Non-Authoritative-Reason
HttpsUpgrades
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		158 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2457458440571846
Requested by
Host: imf.qal3a.online
URL: https://imf.qal3a.online/2022/06/2022.html?m=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f2.1e100.net
Software
cafe /
Resource Hash
2a1fe04cdb10b6236a2ffecf8100ba82bec2837c299bd34bb928481e8e7445be
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://imf.qal3a.online
Referer
https://imf.qal3a.online/

Response headers

content-encoding
br
etag
6492365120151223168
x-content-type-options
nosniff
expires
Sat, 11 Jan 2025 05:16:38 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Sat, 11 Jan 2025 05:16:38 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
content-disposition
attachment; filename="f.txt"
link
<https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
53752
x-xss-protection
0
server
cafe
img_1716506430580.png
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjvU_VtsfMmR6a5_dNihGM9dhyphenhyphen_TAU99odQNzGSHopfDLpqZ7XMWDfKO_1cpTYU_Q3RSRAx_5n3rs2KhYywsFFX91d5scpWfD8lwlqZHllgh_7_GSL6cZeAX_FWfdX6MuWeHT_qWy... 		170 KB
171 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjvU_VtsfMmR6a5_dNihGM9dhyphenhyphen_TAU99odQNzGSHopfDLpqZ7XMWDfKO_1cpTYU_Q3RSRAx_5n3rs2KhYywsFFX91d5scpWfD8lwlqZHllgh_7_GSL6cZeAX_FWfdX6MuWeHT_qWy-jJ4_uUGzUKaoS6AhQJgg3T9AmbEY3yEBAfmS7y5ZMnJ-4pdI74kQG/s1080/img_1716506430580.png
Requested by
Host: imf.qal3a.online
URL: https://imf.qal3a.online/2022/06/2022.html?m=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
8163c139f394d10a920245789492fd2cc36aeac9e1c1b0690ff10fa3ea0ee148
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://imf.qal3a.online/

Response headers

access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
etag
"vb0"
x-content-type-options
nosniff
expires
Sun, 12 Jan 2025 05:16:39 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
174549
date
Sat, 11 Jan 2025 05:16:39 GMT
x-xss-protection
0
content-type
image/png
vary
Origin
server
fife
content-disposition
inline;filename="img_1716506430580.png"
css2.css
od-jsc.pages.dev/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://od-jsc.pages.dev/css2.css?family=Poppins:wght@500;700&display=swap
Requested by
Host: client
URL: about:client
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.66.47.36 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
842be935d39dcb195e58cafdaf280ac1088b22e48538b4946fe4fb18e9852706
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://imf.qal3a.online/

Response headers

content-encoding
br
etag
W/"ea2f2b6f152177bb4346aa8b89e3c5d9"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VGGJ3Pz1lqX0R4D4Vw0aan5hsSfFCUQBBbcXAoGIT0GXnOOWuIeyqh9YtfcUCTg3zud%2FOeN51U7GrzIuO%2B0IEszKLb2gZ5oETnB5lagoHybbZ1yVNWdvPGjpAfxszLzqn9cw"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=6635&min_rtt=6578&rtt_var=1485&sent=13&recv=11&lost=0&retrans=0&sent_bytes=5214&recv_bytes=4998&delivery_rate=85841&cwnd=12000&unsent_bytes=0&cid=e3613a3627e7db5c&ts=32&x=1", cfExtPri, cfHdrFlush;dur=0
date
Sat, 11 Jan 2025 05:16:38 GMT
content-type
text/css; charset=utf-8
vary
Accept-Encoding
priority
u=0,i=?0
cache-control
public, max-age=0, must-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
90026f96a90b9bd6-FRA
access-control-allow-origin
*
server
cloudflare
droidarabicnaskh.css
od-jsc.pages.dev/ 		1 KB
1023 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://od-jsc.pages.dev/droidarabicnaskh.css
Requested by
Host: client
URL: about:client
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.66.47.36 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0facd387627530907acc0b41d7076a1313a748ba84d37983618c04f2e66f1849
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://imf.qal3a.online/

Response headers

content-encoding
br
etag
W/"4c47ee2aa08d75c53fbb400d0a2bd286"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jNpeNm7rHyuBMG%2BE78pAxYuUx28uFTivlZQL1AgYrC7nVsjfgujS7XdfRkBaCfcnVwZrj8W%2BRaAAiKeWcU4bxD3yoo0hSLaak2zYYjbv%2B6sEHmAQg8JYgfkN5YWUPnk96kZD"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=6635&min_rtt=6578&rtt_var=1485&sent=11&recv=11&lost=0&retrans=0&sent_bytes=4144&recv_bytes=4998&delivery_rate=85841&cwnd=12000&unsent_bytes=0&cid=e3613a3627e7db5c&ts=31&x=1", cfExtPri, cfHdrFlush;dur=0
date
Sat, 11 Jan 2025 05:16:38 GMT
content-type
text/css; charset=utf-8
vary
Accept-Encoding
priority
u=0,i=?0
cache-control
public, max-age=0, must-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
90026f96a90c9bd6-FRA
access-control-allow-origin
*
server
cloudflare
umdRtdF.gif
i.imgur.com/ 		4 MB
4 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.imgur.com/umdRtdF.gif
Requested by
Host: imf.qal3a.online
URL: https://imf.qal3a.online/2022/06/2022.html?m=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.192.193 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
983163f971593bcd09b71971f8cee6905a2bb8bfc104c68e1c8dacf69b308b08
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://imf.qal3a.online/

Response headers

etag
"7a05593d9b060d27822658a98327b755"
age
2695366
access-control-allow-methods
GET, OPTIONS
x-content-type-options
nosniff
x-cache
Miss from cloudfront, HIT, HIT
x-amz-cf-id
5oEywluwBaXSbcqQ-EGK9vyP9kOcu-hI63UoPamDqRqg4rcjokbUmg==
date
Sat, 11 Jan 2025 05:16:38 GMT
content-type
image/gif
last-modified
Tue, 18 Jul 2023 19:34:49 GMT
x-cache-hits
12, 1
x-served-by
cache-iad-kjyo7100054-IAD, cache-fra-etou8220091-FRA
strict-transport-security
max-age=300
cache-control
public, max-age=31536000
x-timer
S1736572599.829229,VS0,VE10
accept-ranges
bytes
access-control-allow-origin
*
content-length
3697349
x-amz-cf-pop
IAD89-C1
server
cat factory 1.0
x-amz-server-side-encryption
AES256
/
www.facebook.com/reaction/image/1635855486666999/ 		815 B
934 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/reaction/image/1635855486666999/?size=20&scale=1
Requested by
Host: imf.qal3a.online
URL: https://imf.qal3a.online/2022/06/2022.html?m=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.251.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-01-fra5.facebook.com
Software
/
Resource Hash
39d8ba5c57b637434d21319acfa9fe2029cc88839cab8a4767b8854c60339921
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://imf.qal3a.online/

Response headers

report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 25 Jan 2025 03:52:57 +0000
date
Sat, 11 Jan 2025 03:52:58 GMT
content-type
image/png
x-fb-debug
FdfMbJDUqQFtXfM2gmpQD9F6E+GTJRV5Z8oikahHscY/xxxBKG8O2Q83PyzHquPZcOLkZ6XJACkcnIEpnPftHQ==
priority
u=2,i
x-frame-options
DENY
strict-transport-security
max-age=15552000; preload
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control
public, max-age=1209600
cross-origin-opener-policy
same-origin-allow-popups
pragma
public
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy
force-load-at-top
content-length
815
x-xss-protection
0
origin-agent-cluster
?1
/
www.facebook.com/reaction/image/1678524932434102/ 		816 B
934 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/reaction/image/1678524932434102/?size=20&scale=1
Requested by
Host: imf.qal3a.online
URL: https://imf.qal3a.online/2022/06/2022.html?m=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.251.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-01-fra5.facebook.com
Software
/
Resource Hash
81d62c74016d8779cb91019934882095ad606798f3f32327fa4dadf9d023a4d5
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://imf.qal3a.online/

Response headers

report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Mon, 13 Jan 2025 03:37:25 +0000
date
Mon, 30 Dec 2024 03:37:25 GMT
content-type
image/png
x-fb-debug
QemR9idmrk6ToYXNPgYDs+SG5c+rmxke6EN0QNdze5+F1ABv4ViV8SqOsI9eh7yBEQfOPxVeFcGB9R3AJP8kQQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=2,i
x-frame-options
DENY
strict-transport-security
max-age=15552000; preload
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control
public, max-age=1209600
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
pragma
public
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy
force-load-at-top
content-length
816
x-xss-protection
0
origin-agent-cluster
?1
/
www.facebook.com/reaction/image/613557422527858/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/reaction/image/613557422527858/?size=20&scale=1
Requested by
Host: imf.qal3a.online
URL: https://imf.qal3a.online/2022/06/2022.html?m=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.251.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-01-fra5.facebook.com
Software
/
Resource Hash
7b7cc49ed4945a43ca361ca9e327cd907f5520cec87858b820e02a6db6d55779
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://imf.qal3a.online/

Response headers

report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 25 Jan 2025 03:52:57 +0000
date
Sat, 11 Jan 2025 03:52:58 GMT
content-type
image/png
x-fb-debug
1LeBp+/I4g1nmahvI5vz+nYMOepyOu8PP2zYjhpFsqgt3W2d8lNU9Q6uVZPToXqndHoWH9mVrHk4qXvzXT3dRA==
priority
u=2,i
x-frame-options
DENY
strict-transport-security
max-age=15552000; preload
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control
public, max-age=1209600
cross-origin-opener-policy
same-origin-allow-popups
pragma
public
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy
force-load-at-top
content-length
1179
x-xss-protection
0
origin-agent-cluster
?1
g4G5Sz2.jpeg
i.imgur.com/ 		29 KB
29 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.imgur.com/g4G5Sz2.jpeg
Requested by
Host: imf.qal3a.online
URL: https://imf.qal3a.online/2022/06/2022.html?m=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.192.193 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
e262f9cf00a1e067dde773a8983ca37650a3d608fd429cddc620b18ecd06e321
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://imf.qal3a.online/

Response headers

etag
"2265c45c5849a701de7f63246a0d7060"
age
2158855
access-control-allow-methods
GET, OPTIONS
x-content-type-options
nosniff
x-cache
Miss from cloudfront, HIT, HIT
x-amz-cf-id
jJUlFoIOg-3vXVjtLTWcXWqijfNK0LN_VhaYN9QvXjTgOIY5gmgvBg==
date
Sat, 11 Jan 2025 05:16:38 GMT
content-type
image/jpeg
last-modified
Fri, 23 Feb 2024 00:37:47 GMT
x-cache-hits
7, 1
x-served-by
cache-iad-kjyo7100172-IAD, cache-fra-etou8220091-FRA
strict-transport-security
max-age=300
cache-control
public, max-age=31536000
x-timer
S1736572599.828744,VS0,VE1
accept-ranges
bytes
access-control-allow-origin
*
content-length
29466
x-amz-cf-pop
PHL51-P1
server
cat factory 1.0
x-amz-server-side-encryption
AES256
2Z343cB.jpeg
i.imgur.com/ 		62 KB
62 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.imgur.com/2Z343cB.jpeg
Requested by
Host: imf.qal3a.online
URL: https://imf.qal3a.online/2022/06/2022.html?m=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.192.193 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
6ae105772fd284edf68de7fa2853104045f08850327d5e0c0637ff4a4151b356
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://imf.qal3a.online/

Response headers

etag
"621c38f3d1f9722327cc83114740c824"
age
916592
access-control-allow-methods
GET, OPTIONS
x-content-type-options
nosniff
x-cache
Miss from cloudfront, HIT, HIT
x-amz-cf-id
vfThfXW_SDia5OKtMapZ7DZZtjfkULI34emPgaazSAG2L037SrEyjg==
date
Sat, 11 Jan 2025 05:16:38 GMT
content-type
image/jpeg
last-modified
Fri, 23 Feb 2024 00:39:25 GMT
x-cache-hits
7, 1
x-served-by
cache-iad-kiad7000110-IAD, cache-fra-etou8220091-FRA
strict-transport-security
max-age=300
cache-control
public, max-age=31536000
x-timer
S1736572599.828729,VS0,VE1
accept-ranges
bytes
access-control-allow-origin
*
content-length
63098
x-amz-cf-pop
IAD89-P1
server
cat factory 1.0
x-amz-server-side-encryption
AES256
removed.png
i.imgur.com/
Redirect Chain
  • https://i.imgur.com/dik62Au.jpg
  • https://i.imgur.com/removed.png
503 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.imgur.com/removed.png
Requested by
Host: imf.qal3a.online
URL: https://imf.qal3a.online/2022/06/2022.html?m=1
Protocol
H2
Server
199.232.192.193 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
9b5936f4006146e4e1e9025b474c02863c0b5614132ad40db4b925a10e8bfbb9
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://imf.qal3a.online/

Response headers

etag
"d835884373f4d6c8f24742ceabe74946"
age
1545457
access-control-allow-methods
GET, OPTIONS
x-content-type-options
nosniff
x-cache
HIT, HIT
date
Sat, 11 Jan 2025 05:16:38 GMT
last-modified
Wed, 14 May 2014 05:44:36 GMT
content-type
image/png
x-served-by
cache-iad-kjyo7100081-IAD, cache-fra-etou8220091-FRA
x-cache-hits
23848, 24933
cache-control
public, max-age=31536000
x-timer
S1736572599.838588,VS0,VE0
accept-ranges
bytes
access-control-allow-origin
*
content-length
503
server
cat factory 1.0

Redirect headers

strict-transport-security
max-age=300
retry-after
0
location
https://i.imgur.com/removed.png
x-timer
S1736572599.828744,VS0,VE1
age
539
access-control-allow-methods
GET, OPTIONS
accept-ranges
bytes
access-control-allow-origin
*
x-cache
HIT, HIT
content-length
0
date
Sat, 11 Jan 2025 05:16:38 GMT
x-served-by
cache-iad-kiad7000154-IAD, cache-fra-etou8220091-FRA
x-cache-hits
0, 1
server
cat factory 1.0
removed.png
i.imgur.com/
Redirect Chain
  • https://i.imgur.com/hDBSzIL.jpg
  • https://i.imgur.com/removed.png
503 B
697 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.imgur.com/removed.png
Requested by
Host: imf.qal3a.online
URL: https://imf.qal3a.online/2022/06/2022.html?m=1
Protocol
H2
Server
199.232.192.193 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
9b5936f4006146e4e1e9025b474c02863c0b5614132ad40db4b925a10e8bfbb9
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://imf.qal3a.online/

Response headers

etag
"d835884373f4d6c8f24742ceabe74946"
age
1545457
access-control-allow-methods
GET, OPTIONS
x-content-type-options
nosniff
x-cache
HIT, HIT
date
Sat, 11 Jan 2025 05:16:38 GMT
last-modified
Wed, 14 May 2014 05:44:36 GMT
content-type
image/png
x-served-by
cache-iad-kjyo7100081-IAD, cache-fra-etou8220091-FRA
x-cache-hits
23848, 24933
strict-transport-security
max-age=300
cache-control
public, max-age=31536000
x-timer
S1736572599.838588,VS0,VE0
accept-ranges
bytes
access-control-allow-origin
*
content-length
503
server
cat factory 1.0

Redirect headers

strict-transport-security
max-age=300
retry-after
0
location
https://i.imgur.com/removed.png
x-timer
S1736572599.828702,VS0,VE1
age
539
access-control-allow-methods
GET, OPTIONS
accept-ranges
bytes
access-control-allow-origin
*
x-cache
HIT, HIT
content-length
0
date
Sat, 11 Jan 2025 05:16:38 GMT
x-served-by
cache-iad-kiad7000128-IAD, cache-fra-etou8220091-FRA
x-cache-hits
0, 1
server
cat factory 1.0
Gk1iXHp.jpeg
i.imgur.com/ 		28 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.imgur.com/Gk1iXHp.jpeg
Requested by
Host: imf.qal3a.online
URL: https://imf.qal3a.online/2022/06/2022.html?m=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.192.193 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
37be356d7131cbadfb089eb648cb3c1bd828b7a304e7d2563065e054b26a565a
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://imf.qal3a.online/

Response headers

etag
"f03522658088c24758933bbd48a2bbe4"
age
2137762
access-control-allow-methods
GET, OPTIONS
x-content-type-options
nosniff
x-cache
Miss from cloudfront, HIT, HIT
x-amz-cf-id
yklN0zWaurLJw1w2s0-_pv-C71rIKpMaMtqi_fZEhuP3HMHoaOzxZw==
date
Sat, 11 Jan 2025 05:16:38 GMT
content-type
image/jpeg
last-modified
Fri, 23 Feb 2024 00:38:33 GMT
x-cache-hits
2081, 1
x-served-by
cache-iad-kjyo7100064-IAD, cache-fra-etou8220091-FRA
strict-transport-security
max-age=300
cache-control
public, max-age=31536000
x-timer
S1736572599.835483,VS0,VE1
accept-ranges
bytes
access-control-allow-origin
*
content-length
28734
x-amz-cf-pop
IAD89-P1
server
cat factory 1.0
x-amz-server-side-encryption
AES256
WX71CLj.jpeg
i.imgur.com/ 		113 KB
113 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.imgur.com/WX71CLj.jpeg
Requested by
Host: imf.qal3a.online
URL: https://imf.qal3a.online/2022/06/2022.html?m=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.192.193 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
8190eebd2e6b09698957abd28747eb1debddf8afcd2f40e69c31d25f07a02a7d
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://imf.qal3a.online/

Response headers

etag
"971e373299f5be7559d78446d30faca2"
age
1542758
access-control-allow-methods
GET, OPTIONS
x-content-type-options
nosniff
x-cache
Miss from cloudfront, HIT, HIT
x-amz-cf-id
Z2ubc7lzxwHzBcYQrDfgjSZq3EzSVM62sqfjYYy7amFB4pGgq0yIEA==
date
Sat, 11 Jan 2025 05:16:38 GMT
content-type
image/jpeg
last-modified
Fri, 23 Feb 2024 00:40:14 GMT
x-cache-hits
7, 1
x-served-by
cache-iad-kiad7000053-IAD, cache-fra-etou8220091-FRA
strict-transport-security
max-age=300
cache-control
public, max-age=31536000
x-timer
S1736572599.835549,VS0,VE1
accept-ranges
bytes
access-control-allow-origin
*
content-length
115356
x-amz-cf-pop
MIA3-C5
server
cat factory 1.0
x-amz-server-side-encryption
AES256
3.jpg
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiF7e5qCDQ2MhWyKaPPGw_zplGhx6hwkrVdA39B7XvJxDI9BLlghoTnwy7RmNlxI4qTHXPnKc611Hrw02csi5bpENKHxy3fg6DyX8VW0Z2sp9MEM0UGHvSrS3us-ywNjgZ67RgIDIs42UaSD-Dm... 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiF7e5qCDQ2MhWyKaPPGw_zplGhx6hwkrVdA39B7XvJxDI9BLlghoTnwy7RmNlxI4qTHXPnKc611Hrw02csi5bpENKHxy3fg6DyX8VW0Z2sp9MEM0UGHvSrS3us-ywNjgZ67RgIDIs42UaSD-DmEo58xytYF9hBU3iQ5vbK_sN0nHv7eeqeG36NMFQz11c/s1600/3.jpg
Requested by
Host: imf.qal3a.online
URL: https://imf.qal3a.online/2022/06/2022.html?m=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
5ec73cf4d42170b4a8d173b35f0f1b9e2c73a5959fd4c905d0836a6a0612dcd8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://imf.qal3a.online/

Response headers

access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
etag
"v51"
x-content-type-options
nosniff
expires
Sun, 12 Jan 2025 05:16:39 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
10315
date
Sat, 11 Jan 2025 05:16:39 GMT
x-xss-protection
0
content-type
image/jpeg
vary
Origin
server
fife
content-disposition
inline;filename="3.jpg"
AVvXsEjT4eUm-2rj5zOJp4t0qinB8klLc9O3IS3esNRuAwjiDn0d6WYvAiXm_uupgYOx__4zXv-Eb-_naXSEGQOL2cFWX2spboihLYvschTuM4yjp39XahK3OM4cQpooFPVt=s0-d
blogger.googleusercontent.com/img/proxy/ 		26 KB
26 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blogger.googleusercontent.com/img/proxy/AVvXsEjT4eUm-2rj5zOJp4t0qinB8klLc9O3IS3esNRuAwjiDn0d6WYvAiXm_uupgYOx__4zXv-Eb-_naXSEGQOL2cFWX2spboihLYvschTuM4yjp39XahK3OM4cQpooFPVt=s0-d
Requested by
Host: imf.qal3a.online
URL: https://imf.qal3a.online/2022/06/2022.html?m=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
50ff52e0b7c92330ec9b5cb0b1431540aadbbb22f02829d0411a28faa4d5db61
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://imf.qal3a.online/

Response headers

access-control-expose-headers
Content-Length
timing-allow-origin
*
cache-control
public, max-age=86400, no-transform
x-content-type-options
nosniff
expires
Sun, 12 Jan 2025 05:16:38 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
26293
date
Sat, 11 Jan 2025 05:16:38 GMT
x-xss-protection
0
content-type
image/jpeg
vary
Origin
server
fife
content-disposition
attachment;filename="unnamed.jpg"
jquery-latest.min.js
od-jsc.pages.dev/ 		94 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://od-jsc.pages.dev/jquery-latest.min.js
Requested by
Host: imf.qal3a.online
URL: https://imf.qal3a.online/2022/06/2022.html?m=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.66.47.36 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://imf.qal3a.online/

Response headers

content-encoding
br
etag
W/"5e50651694cfe452faefafe2bf2e7b3a"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vKV4Nf1JJCv%2F2JdYDc9BAwISSM0uxhAcaT0IZMTPAujPepyr65jAGxWjfOozHcf6iy%2FLoaXsflhsQMNywacf7Pp%2BteLP%2F5gata2exOAAlOit%2FnlZXKgh%2BWi%2Fk27%2BDuwtjY%2FX"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=6635&min_rtt=6578&rtt_var=1485&sent=14&recv=11&lost=0&retrans=0&sent_bytes=6369&recv_bytes=4998&delivery_rate=85841&cwnd=12000&unsent_bytes=0&cid=e3613a3627e7db5c&ts=35&x=1", cfExtPri, cfHdrFlush;dur=0
date
Sat, 11 Jan 2025 05:16:38 GMT
content-type
text/javascript; charset=utf-8
vary
Accept-Encoding
priority
u=2,i=?0
cache-control
public, max-age=0, must-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
strict-origin-when-cross-origin
cf-ray
90026f96a90d9bd6-FRA
access-control-allow-origin
*
server
cloudflare
cookienotice.js
imf.qal3a.online/js/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imf.qal3a.online/js/cookienotice.js
Requested by
Host: imf.qal3a.online
URL: https://imf.qal3a.online/2022/06/2022.html?m=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://imf.qal3a.online/2022/06/2022.html?m=1

Response headers

cache-control
public, max-age=604800
content-encoding
gzip
cross-origin-resource-policy
cross-origin
report-to
{"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
x-content-type-options
nosniff
expires
Sat, 18 Jan 2025 05:16:38 GMT
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="blogger-tech"
content-length
2026
date
Sat, 11 Jan 2025 05:16:38 GMT
x-xss-protection
0
content-type
text/javascript
vary
Accept-Encoding
server
sffe
last-modified
Sat, 11 Jan 2025 02:52:12 GMT
DroidNaskh-Bold.woff2
fonts.gstatic.com/ea/droidarabicnaskh/v7/ 		40 KB
40 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/ea/droidarabicnaskh/v7/DroidNaskh-Bold.woff2
Requested by
Host: od-jsc.pages.dev
URL: https://od-jsc.pages.dev/droidarabicnaskh.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.131 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f3.1e100.net
Software
sffe /
Resource Hash
0a6b3b2583f0b9ea7da829409bcde3dc1641adb9092100bf2e1415d61cde46d6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://imf.qal3a.online
Referer
https://od-jsc.pages.dev/

Response headers

content-encoding
gzip
age
373014
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Tue, 06 Jan 2026 21:39:44 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 06 Jan 2025 21:39:44 GMT
last-modified
Wed, 13 Aug 2014 16:50:04 GMT
content-type
font/woff2
vary
Accept-Encoding
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
41271
x-xss-protection
0
server
sffe
pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ 		8 KB
8 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
Requested by
Host: od-jsc.pages.dev
URL: https://od-jsc.pages.dev/css2.css?family=Poppins:wght@500;700&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.131 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s07-in-f3.1e100.net
Software
sffe /
Resource Hash
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://imf.qal3a.online
Referer
https://od-jsc.pages.dev/

Response headers

age
332198
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Wed, 07 Jan 2026 09:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 07 Jan 2025 09:00:00 GMT
last-modified
Wed, 27 Apr 2022 16:11:40 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
7816
x-xss-protection
0
server
sffe
show_ads_impl_with_ama_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501030301/ 		434 KB
145 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501030301/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2457458440571846&plah=imf.qal3a.online&bust=31089638
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2457458440571846
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f2.1e100.net
Software
cafe /
Resource Hash
d7d53656e2412f07140f30dd53b74f234a0b4db081621e8ff54199cbc6ce4897
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://imf.qal3a.online/

Response headers

content-encoding
br
etag
10512349217571734107
x-content-type-options
nosniff
expires
Sat, 11 Jan 2025 05:16:38 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Sat, 11 Jan 2025 05:16:38 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
content-disposition
attachment; filename="f.txt"
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
148115
x-xss-protection
0
server
cafe
zrt_lookup_fy2021.html
pagead2.googlesyndication.com/pagead/html/r20250108/r20190131/ Frame EDE9 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/html/r20250108/r20190131/zrt_lookup_fy2021.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501030301/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2457458440571846&plah=imf.qal3a.online&bust=31089638
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://imf.qal3a.online/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

age
43410
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=1209600
content-encoding
br
content-length
4144
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 10 Jan 2025 17:13:09 GMT
etag
7793694970870604198
expires
Fri, 24 Jan 2025 17:13:09 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
gen_204
pagead2.googlesyndication.com/pagead/ 		0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=DIV&id=cookieChoiceInfo&cls=cookie-choices-info%20singleton-element&ign=false&pw=1600&ph=1200&x=0&y=0
Requested by
Host: imf.qal3a.online
URL: https://imf.qal3a.online/2022/06/2022.html?m=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://imf.qal3a.online/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Sat, 11 Jan 2025 05:16:39 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
ads
pagead2.googlesyndication.com/pagead/ Frame D7B5 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/ads?npa=1&client=ca-pub-2457458440571846&output=html&adk=1812271804&adf=3025194257&abgtt=6&lmt=1736082806&plat=2%3A16777216%2C3%3A16%2C4%3A16%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fimf.qal3a.online%2F2022%2F06%2F2022.html%3Fm%3D1&host=ca-host-pub-1556223355139109&pra=5&wgl=1&aihb=0&aiof=3&asro=0&ailel=1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aiael=1~2~3~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aifxl=29_18~30_19&aiixl=29_5~30_6&itsi=-1&aiapm=0.15&aiapmi=0.33938&aief=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1736572598891&bpp=1&bdt=103&idt=145&shv=r20250108&mjsv=m202501030301&ptt=9&saldr=aa&abxe=1&eoidce=1&nras=1&correlator=7063091073651&frm=20&pv=2&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31089555%2C95344788%2C95349404%2C95350244%2C31089638&oid=2&pvsid=1268331467439935&tmod=1562535605&uas=0&nvt=1&fsapi=1&fc=1920&brdim=10%2C10%2C10%2C10%2C1600%2C0%2C1600%2C1285%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&td=1&tdf=2&nt=1&ifi=1&uci=a!1&fsb=1&dtd=163
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501030301/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2457458440571846&plah=imf.qal3a.online&bust=31089638
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://imf.qal3a.online/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
br
content-length
51155
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 11 Jan 2025 05:16:39 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
reactive_library_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501030301/ 		177 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501030301/reactive_library_fy2021.js?bust=31089638
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501030301/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2457458440571846&plah=imf.qal3a.online&bust=31089638
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f2.1e100.net
Software
cafe /
Resource Hash
d7971b3c5158ec54a3c2fbd6454ded2ef01c8921dc0467b0a1b138ac4bfe8a0b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://imf.qal3a.online/

Response headers

content-encoding
br
etag
13646921704917397377
age
22968
x-content-type-options
nosniff
expires
Fri, 24 Jan 2025 22:53:51 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Fri, 10 Jan 2025 22:53:51 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, immutable, max-age=1209600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
60488
x-xss-protection
0
server
cafe
ads
pagead2.googlesyndication.com/pagead/ Frame 35C7 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/ads?npa=1&client=ca-pub-2457458440571846&output=html&h=280&adk=3088186576&adf=2620106563&pi=t.aa~a.2557519847~rp.1&daaos=1736571347905~1736571347905&w=1200&abgtt=6&fwrn=4&fwrnh=100&lmt=1736082806&rafmt=1&to=qs&pwprc=5555275673&format=1200x280&url=https%3A%2F%2Fimf.qal3a.online%2F2022%2F06%2F2022.html%3Fm%3D1&host=ca-host-pub-1556223355139109&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1736572599613&bpp=1&bdt=826&idt=-M&shv=r20250108&mjsv=m202501030301&ptt=9&saldr=aa&abxe=1&eoidce=1&prev_fmts=0x0&nras=2&correlator=7063091073651&frm=20&pv=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2955&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31089555%2C95344788%2C95349404%2C95350244%2C31089638&oid=2&pvsid=1268331467439935&tmod=1562535605&uas=0&nvt=1&fc=1920&brdim=10%2C10%2C10%2C10%2C1600%2C0%2C1600%2C1285%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&td=1&tdf=2&nt=1&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=5
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501030301/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2457458440571846&plah=imf.qal3a.online&bust=31089638
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://imf.qal3a.online/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
br
content-length
46176
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 11 Jan 2025 05:16:40 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ads
pagead2.googlesyndication.com/pagead/ Frame 1B27 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/ads?npa=1&client=ca-pub-2457458440571846&output=html&h=280&adk=3088186576&adf=3215562993&pi=t.aa~a.768111169~rp.4&daaos=1736571347905~1736571347905&w=1200&abgtt=6&fwrn=4&fwrnh=100&lmt=1736082806&rafmt=1&to=qs&pwprc=5555275673&format=1200x280&url=https%3A%2F%2Fimf.qal3a.online%2F2022%2F06%2F2022.html%3Fm%3D1&host=ca-host-pub-1556223355139109&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1736572599613&bpp=1&bdt=826&idt=-M&shv=r20250108&mjsv=m202501030301&ptt=9&saldr=aa&abxe=1&eoidce=1&prev_fmts=0x0%2C1200x280&nras=3&correlator=7063091073651&frm=20&pv=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=1397&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31089555%2C95344788%2C95349404%2C95350244%2C31089638&oid=2&pvsid=1268331467439935&tmod=1562535605&uas=0&nvt=1&fc=1920&brdim=10%2C10%2C10%2C10%2C1600%2C0%2C1600%2C1285%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&td=1&tdf=2&nt=1&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=8
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501030301/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2457458440571846&plah=imf.qal3a.online&bust=31089638
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://imf.qal3a.online/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
br
content-length
46159
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 11 Jan 2025 05:16:40 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ads
pagead2.googlesyndication.com/pagead/ Frame CA30 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/ads?npa=1&client=ca-pub-2457458440571846&output=html&h=280&adk=3088186576&adf=1071414349&pi=t.aa~a.3299938725~rp.4&daaos=1736571347905~1736571347905&w=1200&abgtt=6&fwrn=4&fwrnh=100&lmt=1736082806&rafmt=1&to=qs&pwprc=5555275673&format=1200x280&url=https%3A%2F%2Fimf.qal3a.online%2F2022%2F06%2F2022.html%3Fm%3D1&host=ca-host-pub-1556223355139109&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1736572599613&bpp=1&bdt=825&idt=0&shv=r20250108&mjsv=m202501030301&ptt=9&saldr=aa&abxe=1&eoidce=1&prev_fmts=0x0%2C1200x280%2C1200x280&nras=4&correlator=7063091073651&frm=20&pv=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2090&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31089555%2C95344788%2C95349404%2C95350244%2C31089638&oid=2&pvsid=1268331467439935&tmod=1562535605&uas=0&nvt=1&fc=1920&brdim=10%2C10%2C10%2C10%2C1600%2C0%2C1600%2C1285%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&td=1&tdf=2&nt=1&ifi=4&uci=a!4&btvi=3&fsb=1&dtd=9
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501030301/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2457458440571846&plah=imf.qal3a.online&bust=31089638
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://imf.qal3a.online/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
br
content-length
46129
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 11 Jan 2025 05:16:40 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
zrt_lookup_fy2021.html
pagead2.googlesyndication.com/pagead/html/r20250108/r20190131/ Frame 4F30 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/html/r20250108/r20190131/zrt_lookup_fy2021.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501030301/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2457458440571846&plah=imf.qal3a.online&bust=31089638
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://imf.qal3a.online/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

age
43410
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=1209600
content-encoding
br
content-length
4144
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 10 Jan 2025 17:13:09 GMT
etag
7793694970870604198
expires
Fri, 24 Jan 2025 17:13:09 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
ping
pagead2.googlesyndication.com/pagead/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/ping?e=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501030301/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2457458440571846&plah=imf.qal3a.online&bust=31089638
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s10-in-f2.1e100.net
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://imf.qal3a.online/

Response headers
sodar
ep1.adtrafficquality.google/getconfig/ 		17 KB
13 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gda&tv=r20250108&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501030301/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2457458440571846&plah=imf.qal3a.online&bust=31089638
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
tzfraa-aa-in-f2.1e100.net
Software
cafe /
Resource Hash
212e7f0b6907db0ac9fde40ef6e9accec8b8f4783a0be17864729c9974e08db6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://imf.qal3a.online/

Response headers

timing-allow-origin
*
content-encoding
br
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
13475
date
Sat, 11 Jan 2025 05:16:40 GMT
x-xss-protection
0
content-type
application/json; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
img_1716506430580.png
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjvU_VtsfMmR6a5_dNihGM9dhyphenhyphen_TAU99odQNzGSHopfDLpqZ7XMWDfKO_1cpTYU_Q3RSRAx_5n3rs2KhYywsFFX91d5scpWfD8lwlqZHllgh_7_GSL6cZeAX_FWfdX6MuWeHT_qWy... 		170 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjvU_VtsfMmR6a5_dNihGM9dhyphenhyphen_TAU99odQNzGSHopfDLpqZ7XMWDfKO_1cpTYU_Q3RSRAx_5n3rs2KhYywsFFX91d5scpWfD8lwlqZHllgh_7_GSL6cZeAX_FWfdX6MuWeHT_qWy-jJ4_uUGzUKaoS6AhQJgg3T9AmbEY3yEBAfmS7y5ZMnJ-4pdI74kQG/s1080/img_1716506430580.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
8163c139f394d10a920245789492fd2cc36aeac9e1c1b0690ff10fa3ea0ee148
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://imf.qal3a.online/

Response headers

access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
etag
"vb0"
x-content-type-options
nosniff
expires
Sun, 12 Jan 2025 05:16:39 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
174549
date
Sat, 11 Jan 2025 05:16:39 GMT
x-xss-protection
0
content-type
image/png
vary
Origin
server
fife
content-disposition
inline;filename="img_1716506430580.png"
sodar2.js
ep2.adtrafficquality.google/sodar/ 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ep2.adtrafficquality.google/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202501030301/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2457458440571846&plah=imf.qal3a.online&bust=31089638
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ff3de130872fe0fb5b770dfa2bc9f0daf8ab320403a34a60d089436f08d24f99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://imf.qal3a.online/

Response headers

content-encoding
gzip
etag
"1727224258380615"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
x-content-type-options
nosniff
expires
Sat, 11 Jan 2025 05:16:40 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 11 Jan 2025 05:16:40 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
private, max-age=3000
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
6445
x-xss-protection
0
server
sffe
runner.html
ep2.adtrafficquality.google/sodar/sodar2/232/ Frame F66E 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html
Requested by
Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://imf.qal3a.online/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
age
1164
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3000
content-encoding
gzip
content-length
5005
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Sat, 11 Jan 2025 04:57:16 GMT
expires
Sat, 11 Jan 2025 05:47:16 GMT
last-modified
Mon, 23 Sep 2024 18:12:21 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
sodar
ep1.adtrafficquality.google/pagead/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
ep1.adtrafficquality.google
URL
https://ep1.adtrafficquality.google/pagead/sodar?id=sodar2&v=232&t=2&li=gda_r20250108&jk=1268331467439935&bg=!wsGlwY7NAAYsEuUeDBI7ADQBe5WfOPp3LMGaqt6ea2Yfio3yu70IaO6JIIBxuLSaEyOAHnx_f4LY0nwFT-R5swobYzN0AgAAACdSAAAAAWgBB34ANt4fGJiNIh1-0yjLonDTsY4OKkFHOSJosuTdxsD1WYHuzBwkw64FoVBz1Jq_dS5KPaoKFVbVXJkClmNF2WYz-pL9HTeV3EqwcLmhjnP6IuueaeMSP79o9p3FnAy4jwC9S6wLF3WKsXlvATSD5EMEb5LFwegon6gpW6qdy-XCpE4GIjhcqSWQdHOIAjHpliNT4Gj8eqIv-1P2A8tp2n_mUaMctru1JNFKuPpZCV4_9IqEbdy8FIkTcZSOWMUDQpaQ5CXevjVlmWgPFbgiMpWVUr7iyn6_1214UfG2uVnqIkk0wn7BTZd4Tf-aIvT1IutUiVG8eJX_xaZz7B05aXWjhFaiwm7URslwrQPNQBbIieEScf-BGnHH3xKSg0JAul6aFBZ5ozr0elEe2MRwr4RTukQ8r_sWKGXws7dC3sXIWguRctOgIBEWK83C3nKOazh84cq8G3gJM7lv2GfYimFhj-SAvai0-Pv2N-Bo9GRCDhTK3OvFcDC5wdXaMafJCLtipFNX0xQc-yGHwHv8SWveG-npoDlZ2kkwybJw5CkFxCJJDhppPqy4lKExNWiQqYmk3Mf4wmvIvBJ_6DRC7vyG71om6yL8K4ybLIzqKLX_JtKjCz4vuxUp-xfQI7lTccEgiOkxLoe1-yV9piJoJCmzjbNaaqqFEzZS3kcKgrMtaMpVLWX4ED3Gv1y5Px3nc_9JZgkrT6eikPGJhnJ8wuinAVq2DfRXQ76SPrYhVnFdrlR8uXbVaCv132bEnBg9H53DrBvFWylDdL5P41_LG1E8rJf3pOBvpkX4bNgEk0fCzD5xb6DEBVD4haHkBX_qVKOkJIRmTxNRUybYyQRs8yHpipGg0f5tDBDfisByEB_qggfViFO2rVIgWeSIvHA5xQxrW8uQolOrWsD5JtJARmfMEBMnPck1J9_U0tzi_pgtAq4o4iMMZFuYCAJhnAPC4RXu

Verdicts & Comments Add Verdict or Comment

42 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| adsbygoogle function| $ function| jQuery string| errorname string| errornumber string| text string| link string| error string| cpa string| share object| google_js_reporting_queue number| google_srt object| google_logging_queue object| google_ad_modifications object| ggeac object| google_persistent_state_async object| google_tag_data object| google_reactive_ads_global_state object| google_sa_queue function| google_process_slots function| google_spfd number| google_unique_id object| google_sv_map number| google_rum_task_id_counter object| cookieChoices string| google_user_agent_client_hint function| google_sa_impl boolean| googFloatingToolbarManagerAsyncPositionUpdate object| google_image_requests number| google_global_correlator object| google_prev_clients object| ampInaboxIframes object| ampInaboxPendingMessages object| google_llp object| googletag object| GoogleGcLKhOms

1 Cookies

Domain/Path Name / Value
.qal3a.online/ Name: __eoi
Value: ID=c650bb774f1d1700:T=1736572599:RT=1736572599:S=AA-AfjaFmUz2Apfa1Y_YI7Fz4xF1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

blogger.googleusercontent.com
ep1.adtrafficquality.google
ep2.adtrafficquality.google
fonts.gstatic.com
i.imgur.com
imf.qal3a.online
od-jsc.pages.dev
pagead2.googlesyndication.com
www.facebook.com
ep1.adtrafficquality.google
142.250.186.131
157.240.251.35
172.66.47.36
199.232.192.193
216.58.206.34
216.58.206.66
2a00:1450:4001:810::2001
2a00:1450:4001:810::2013
2a00:1450:4001:82b::2001
068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568
0a6b3b2583f0b9ea7da829409bcde3dc1641adb9092100bf2e1415d61cde46d6
0facd387627530907acc0b41d7076a1313a748ba84d37983618c04f2e66f1849
212e7f0b6907db0ac9fde40ef6e9accec8b8f4783a0be17864729c9974e08db6
2a1fe04cdb10b6236a2ffecf8100ba82bec2837c299bd34bb928481e8e7445be
2a508122371aaaa6e0893260e9f71f665192a55b5bd532aec6ef6da848d3c5e3
37be356d7131cbadfb089eb648cb3c1bd828b7a304e7d2563065e054b26a565a
39d8ba5c57b637434d21319acfa9fe2029cc88839cab8a4767b8854c60339921
50ff52e0b7c92330ec9b5cb0b1431540aadbbb22f02829d0411a28faa4d5db61
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
5ec73cf4d42170b4a8d173b35f0f1b9e2c73a5959fd4c905d0836a6a0612dcd8
6ae105772fd284edf68de7fa2853104045f08850327d5e0c0637ff4a4151b356
7b7cc49ed4945a43ca361ca9e327cd907f5520cec87858b820e02a6db6d55779
8163c139f394d10a920245789492fd2cc36aeac9e1c1b0690ff10fa3ea0ee148
8190eebd2e6b09698957abd28747eb1debddf8afcd2f40e69c31d25f07a02a7d
81d62c74016d8779cb91019934882095ad606798f3f32327fa4dadf9d023a4d5
842be935d39dcb195e58cafdaf280ac1088b22e48538b4946fe4fb18e9852706
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
983163f971593bcd09b71971f8cee6905a2bb8bfc104c68e1c8dacf69b308b08
9b5936f4006146e4e1e9025b474c02863c0b5614132ad40db4b925a10e8bfbb9
d7971b3c5158ec54a3c2fbd6454ded2ef01c8921dc0467b0a1b138ac4bfe8a0b
d7d53656e2412f07140f30dd53b74f234a0b4db081621e8ff54199cbc6ce4897
e262f9cf00a1e067dde773a8983ca37650a3d608fd429cddc620b18ecd06e321
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ff3de130872fe0fb5b770dfa2bc9f0daf8ab320403a34a60d089436f08d24f99