baloot.safeis.sa Open in urlscan Pro
2606:4700:3037::681b:b720 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://baloot.safeis.sa/
Submission: On April 09 via automatic, source certstream-suspicious (April 9th 2020, 12:54:53 am UTC)

Summary HTTP 32 Redirects Behaviour Indicators

Similar DOM Content API

Summary

This website contacted 5 IPs in 2 countries across 5 domains to perform 32 HTTP transactions. The main IP is 2606:4700:3037::681b:b720, located in United States and belongs to CLOUDFLARENET, US. The main domain is baloot.safeis.sa.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on August 25th 2019. Valid for: a year.

This is the only time baloot.safeis.sa was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
27	2606:4700:303... 2606:4700:3037::681b:b720		13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:821::200a		15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:800::2008		15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:814::2003		15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:817::200e		15169 (GOOGLE) (GOOGLE)
32	5

27 2606:4700:3037::681b:b720 (United States)

ASN13335 (CLOUDFLARENET, US)

baloot.safeis.sa	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:821::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:814::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:817::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
27	safeis.sa baloot.safeis.sa	895 KB
2	google-analytics.com www.google-analytics.com	18 KB
1	gstatic.com fonts.gstatic.com	14 KB
1	googletagmanager.com www.googletagmanager.com	30 KB
1	googleapis.com fonts.googleapis.com	642 B
32	5

	Domain	Requested by
27	baloot.safeis.sa	baloot.safeis.sa
2	www.google-analytics.com	www.googletagmanager.com baloot.safeis.sa
1	fonts.gstatic.com	baloot.safeis.sa
1	www.googletagmanager.com	baloot.safeis.sa
1	fonts.googleapis.com	baloot.safeis.sa
32	5

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2019-08-25` - `2020-08-24`	a year	crt.sh
*.storage.googleapis.com GTS CA 1O1	`2020-03-03` - `2020-05-26`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-03-24` - `2020-06-16`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2020-03-24` - `2020-06-16`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://baloot.safeis.sa/
Frame ID: 726E49019E018A40585CBAA83E95DE39
Requests: 32 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

32
Requests

100 %
HTTPS

100 %
IPv6

5
Domains

5
Subdomains

5
IPs

2
Countries

956 kB
Transfer

1337 kB
Size

6
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

32 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
baloot.safeis.sa/ 11 KB
4 KB 251ms
104ms Document
text/html 2606:4700:3037::681b:b720
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://baloot.safeis.sa/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::681b:b720 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b3ec6b781a3f36abd2b951552ed30296a49c5e6a5729c4050a826cfff0e35adc

Request headers

:method: GET
:authority: baloot.safeis.sa
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: document
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: document

Response headers

status: 200
date: Thu, 09 Apr 2020 00:54:17 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=dac9fa1ba3bd815730d292f6aa53806131586393657; expires=Sat, 09-May-20 00:54:17 GMT; path=/; domain=.safeis.sa; HttpOnly; SameSite=Lax XSRF-TOKEN=eyJpdiI6IjFqc2xDeVJYMmozNVIzOGI3SDFOQmc9PSIsInZhbHVlIjoibUZjZmgrOFZ1SHQ4WGdicGt2ekdTUG1VNXpsRUk2dkEyc1ByYU8rSDhwQlJQOEtaeWRpeVwvdkRNMGtcL0RFYVpiNFdVa2V1bkpPNm5XWnFEdTk0bjJXZz09IiwibWFjIjoiMjFhZTBmMTFhODcxMTE5OGVjM2EwZDI3NzY3YWUyZWZkNjYxOTZjZDE4OGJhYTRkMDJkOTIyMGVkOWNjODE1NyJ9; expires=Sun, 26-Apr-2020 09:34:17 GMT; Max-Age=1500000; path=/ laravel_session=eyJpdiI6InBrTjBqc1JUenJLc0FcL21aM0RsbjVBPT0iLCJ2YWx1ZSI6IlN6bWhucFpXenVtWTdLbTJuNlVoSFwvZ1VkaEhlZHdkNjVtYUZ1XC8rVjAzMEk2VEU3U2g1eTJmOUY1N2trNHN2OU1oSGFMXC9RUGpGa1J6ZmJoM1BRMWtBPT0iLCJtYWMiOiI4NGI0M2U3ZDgyNTk4YThkNGQ1YzlkNWI0OGU0MGEzZmY4N2VkZTk4MTQwN2ZmNjRmZjRkYmY5NGZjMDZiMGJkIn0%3D; expires=Sun, 26-Apr-2020 09:34:17 GMT; Max-Age=1500000; path=/; HttpOnly
cache-control: no-cache
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 58104186cf711776-FRA
content-encoding: br

GET
H2 200 font-awesome.min.css
baloot.safeis.sa/newweb/mega-card/css/ 26 KB
6 KB 14ms
13ms Stylesheet
text/css 2606:4700:3037::681b:b720
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://baloot.safeis.sa/newweb/mega-card/css/font-awesome.min.css
Requested by: Host: baloot.safeis.sa
URL: https://baloot.safeis.sa/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::681b:b720 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 936ffccdc35bc55221e669d0e76034af76ba8c080c1b1149144dbbd3b5311829

Request headers

Referer: https://baloot.safeis.sa/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Thu, 09 Apr 2020 00:54:17 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 28 Jan 2020 14:13:41 GMT
server: cloudflare
age: 96149
etag: W/"5e304195-6857"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: max-age=432000
cf-ray: 58104187780a1776-FRA
expires: Sun, 12 Apr 2020 22:11:48 GMT

GET
H2 200 bootstrap.min.css
baloot.safeis.sa/newweb/mega-card/css/ 115 KB
18 KB 19ms
18ms Stylesheet
text/css 2606:4700:3037::681b:b720
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://baloot.safeis.sa/newweb/mega-card/css/bootstrap.min.css
Requested by: Host: baloot.safeis.sa
URL: https://baloot.safeis.sa/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::681b:b720 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dba21e30d870e33a8a344f2f5f50a783bdd1edefd1a7972a12ced8dfebd77945

Request headers

Referer: https://baloot.safeis.sa/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Thu, 09 Apr 2020 00:54:17 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 28 Jan 2020 14:13:41 GMT
server: cloudflare
age: 371051
etag: W/"5e304195-1cc94"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: max-age=432000
cf-ray: 58104187780d1776-FRA
expires: Thu, 09 Apr 2020 17:50:06 GMT

GET
H2 200 css
fonts.googleapis.com/ 2 KB
642 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:821::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat

Requested by

Host: baloot.safeis.sa
URL: https://baloot.safeis.sa/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

06818b2c41364e70021d420e1cc98f4bbcc0a082f6dbd02bb5a272c12b7764b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://baloot.safeis.sa/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 09 Apr 2020 00:54:17 GMT
server: ESF
date: Thu, 09 Apr 2020 00:54:17 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 09 Apr 2020 00:54:17 GMT

GET
H2 200 flipclock.css
baloot.safeis.sa/newweb/mega-card/css/ 10 KB
2 KB 18ms
17ms Stylesheet
text/css 2606:4700:3037::681b:b720
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://baloot.safeis.sa/newweb/mega-card/css/flipclock.css
Requested by: Host: baloot.safeis.sa
URL: https://baloot.safeis.sa/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::681b:b720 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6e925278b384fe4673ea385b0757d8edefda6213f2c557aebb41205ea6c5d718

Request headers

Referer: https://baloot.safeis.sa/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Thu, 09 Apr 2020 00:54:17 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 28 Jan 2020 14:13:41 GMT
server: cloudflare
age: 137649
etag: W/"5e304195-291d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: max-age=432000
cf-ray: 58104187780e1776-FRA
expires: Sun, 12 Apr 2020 10:40:08 GMT

GET
H2 200 style.css
baloot.safeis.sa/newweb/mega-card/css/ 31 KB
6 KB 14ms
13ms Stylesheet
text/css 2606:4700:3037::681b:b720
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://baloot.safeis.sa/newweb/mega-card/css/style.css?v1.0.12
Requested by: Host: baloot.safeis.sa
URL: https://baloot.safeis.sa/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::681b:b720 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1c92b08d0cdd139eb257a701dc458f8cd10cb628a69d1e1cf2f1edf4bfef1275

Request headers

Referer: https://baloot.safeis.sa/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Thu, 09 Apr 2020 00:54:17 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 28 Jan 2020 14:13:41 GMT
server: cloudflare
age: 190574
etag: W/"5e304195-7a87"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: max-age=432000
cf-ray: 58104187780f1776-FRA
expires: Sat, 11 Apr 2020 19:58:03 GMT

GET
H2 200 bootstrap-datepicker-1.8.0.min.css
baloot.safeis.sa/newweb/mega-card/css/ 15 KB
2 KB 12ms
11ms Stylesheet
text/css 2606:4700:3037::681b:b720
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://baloot.safeis.sa/newweb/mega-card/css/bootstrap-datepicker-1.8.0.min.css
Requested by: Host: baloot.safeis.sa
URL: https://baloot.safeis.sa/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::681b:b720 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 24305c9d8795d7d275e22b0677712d9ec0902b4e5df0f733279f9fbc4bc126f2

Request headers

Referer: https://baloot.safeis.sa/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Thu, 09 Apr 2020 00:54:17 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 28 Jan 2020 14:13:41 GMT
server: cloudflare
age: 96149
etag: W/"5e304195-3d73"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: max-age=432000
cf-ray: 5810418778111776-FRA
expires: Sun, 12 Apr 2020 22:11:48 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 80 KB
30 KB 17ms
16ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-126693942-1

Requested by

Host: baloot.safeis.sa
URL: https://baloot.safeis.sa/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

85f8d754928a10bb6cfd2a85d45dd5659cada9bbe6b394d2a9bed0aa82c92c9b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://baloot.safeis.sa/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Thu, 09 Apr 2020 00:54:17 GMT
content-encoding: br
status: 200
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 30188
x-xss-protection: 0
last-modified: Thu, 09 Apr 2020 00:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 09 Apr 2020 00:54:17 GMT

GET
H2 200 gea-logo.png
baloot.safeis.sa/newweb/mega-card/img/ 27 KB
27 KB 15ms
14ms Image
image/png 2606:4700:3037::681b:b720
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://baloot.safeis.sa/newweb/mega-card/img/gea-logo.png?v=1.4
Requested by: Host: baloot.safeis.sa
URL: https://baloot.safeis.sa/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::681b:b720 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b5ad5fc390eb31a14ec9e707614def45ce5f31bc46cd4bd5ed9bc1380233a06

Request headers

Referer: https://baloot.safeis.sa/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Thu, 09 Apr 2020 00:54:17 GMT
cf-cache-status: HIT
last-modified: Tue, 28 Jan 2020 14:13:41 GMT
server: cloudflare
age: 116782
etag: "5e304195-6ab1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 5810418778121776-FRA
content-length: 27313
expires: Sun, 12 Apr 2020 16:27:55 GMT

GET
H2 200 logo.jpg
baloot.safeis.sa/newweb/mega-card/img/ 29 KB
29 KB 22ms
19ms Image
image/jpeg 2606:4700:3037::681b:b720
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://baloot.safeis.sa/newweb/mega-card/img/logo.jpg?v=1.4
Requested by: Host: baloot.safeis.sa
URL: https://baloot.safeis.sa/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::681b:b720 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e6ae4ed4c85c95aa1a5a436518a60f148e24a940bab13da2ec654f1d85cb0eac

Request headers

Referer: https://baloot.safeis.sa/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Thu, 09 Apr 2020 00:54:17 GMT
cf-cache-status: HIT
last-modified: Tue, 28 Jan 2020 14:13:41 GMT
server: cloudflare
age: 57183
etag: "5e304195-733d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
status: 200
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 58104187a8461776-FRA
content-length: 29501
expires: Mon, 13 Apr 2020 09:01:13 GMT

GET
H2 200 riyadh-winter-logo.png
baloot.safeis.sa/newweb/mega-card/img/ 54 KB
54 KB 17ms
15ms Image
image/png 2606:4700:3037::681b:b720
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://baloot.safeis.sa/newweb/mega-card/img/riyadh-winter-logo.png?v=1.4
Requested by: Host: baloot.safeis.sa
URL: https://baloot.safeis.sa/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::681b:b720 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6ec1c01c0f92418b979153ddddc584cd1904e42cc8ef7af4a302d0caadbdbc0a

Request headers

Referer: https://baloot.safeis.sa/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Thu, 09 Apr 2020 00:54:17 GMT
cf-cache-status: HIT
last-modified: Tue, 28 Jan 2020 14:13:41 GMT
server: cloudflare
age: 179724
etag: "5e304195-d761"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 58104187a8471776-FRA
content-length: 55137
expires: Sat, 11 Apr 2020 22:58:53 GMT

GET
H2 200 matches.png
baloot.safeis.sa/newweb/mega-card/img/ 4 KB
4 KB 20ms
18ms Image
image/png 2606:4700:3037::681b:b720
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://baloot.safeis.sa/newweb/mega-card/img/matches.png
Requested by: Host: baloot.safeis.sa
URL: https://baloot.safeis.sa/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::681b:b720 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: daf9358479071b8441b80186f34a4cb40d2441a43ac0a852128ec86f81da08f1

Request headers

Referer: https://baloot.safeis.sa/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Thu, 09 Apr 2020 00:54:17 GMT
cf-cache-status: HIT
last-modified: Tue, 28 Jan 2020 14:13:41 GMT
server: cloudflare
age: 96149
etag: "5e304195-107e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 58104187a8491776-FRA
content-length: 4222
expires: Sun, 12 Apr 2020 22:11:48 GMT

GET
H2 200 players.png
baloot.safeis.sa/newweb/mega-card/img/ 2 KB
2 KB 16ms
14ms Image
image/png 2606:4700:3037::681b:b720
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://baloot.safeis.sa/newweb/mega-card/img/players.png
Requested by: Host: baloot.safeis.sa
URL: https://baloot.safeis.sa/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::681b:b720 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c0486895303b2ac1e27f191b0ce130e6b871de74e839ed3e6c7d6949f6d9eddd

Request headers

Referer: https://baloot.safeis.sa/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Thu, 09 Apr 2020 00:54:17 GMT
cf-cache-status: HIT
last-modified: Tue, 28 Jan 2020 14:13:41 GMT
server: cloudflare
age: 96149
etag: "5e304195-7c2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 58104187a84b1776-FRA
content-length: 1986
expires: Sun, 12 Apr 2020 22:11:48 GMT

GET
H2 200 award.png
baloot.safeis.sa/newweb/mega-card/img/ 3 KB
3 KB 16ms
14ms Image
image/png 2606:4700:3037::681b:b720
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://baloot.safeis.sa/newweb/mega-card/img/award.png
Requested by: Host: baloot.safeis.sa
URL: https://baloot.safeis.sa/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::681b:b720 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a8917b0f77803421aa698e6107ff6846f7bbd103bed48f976b9b2a152e230266

Request headers

Referer: https://baloot.safeis.sa/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Thu, 09 Apr 2020 00:54:17 GMT
cf-cache-status: HIT
last-modified: Tue, 28 Jan 2020 14:13:41 GMT
server: cloudflare
age: 419934
etag: "5e304195-cd4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 58104187a84e1776-FRA
content-length: 3284
expires: Thu, 09 Apr 2020 04:15:23 GMT

GET
H2 200 tables.png
baloot.safeis.sa/newweb/mega-card/img/ 983 B
1 KB 17ms
15ms Image
image/png 2606:4700:3037::681b:b720
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://baloot.safeis.sa/newweb/mega-card/img/tables.png
Requested by: Host: baloot.safeis.sa
URL: https://baloot.safeis.sa/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::681b:b720 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 50eaf30a8b55b51e31a521540e0da055f5be2bba3e01633eadfbc143101e1088

Request headers

Referer: https://baloot.safeis.sa/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Thu, 09 Apr 2020 00:54:17 GMT
cf-cache-status: HIT
last-modified: Tue, 28 Jan 2020 14:13:41 GMT
server: cloudflare
age: 24220
etag: "5e304195-3d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 58104187a84f1776-FRA
content-length: 983
expires: Mon, 13 Apr 2020 18:10:37 GMT

GET
H2 200 location.png
baloot.safeis.sa/newweb/mega-card/img/ 1 KB
1 KB 22ms
21ms Image
image/png 2606:4700:3037::681b:b720
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://baloot.safeis.sa/newweb/mega-card/img/location.png
Requested by: Host: baloot.safeis.sa
URL: https://baloot.safeis.sa/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::681b:b720 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 896c0e48e1e15803a2018005cf7f94ef641ef74d0cca662a0ff5c69e38d010c8

Request headers

Referer: https://baloot.safeis.sa/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Thu, 09 Apr 2020 00:54:17 GMT
cf-cache-status: HIT
last-modified: Tue, 28 Jan 2020 14:13:41 GMT
server: cloudflare
age: 18120
etag: "5e304195-487"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 58104187a8511776-FRA
content-length: 1159
expires: Mon, 13 Apr 2020 19:52:17 GMT

GET
H2 200 safeis-logo-transparent.png
baloot.safeis.sa/newweb/mega-card/img/ 20 KB
20 KB 20ms
18ms Image
image/png 2606:4700:3037::681b:b720
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://baloot.safeis.sa/newweb/mega-card/img/safeis-logo-transparent.png
Requested by: Host: baloot.safeis.sa
URL: https://baloot.safeis.sa/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::681b:b720 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f0c9cf08df8984441ee8633a4aabda2f9a239a21983fca338497390377a859ee

Request headers

Referer: https://baloot.safeis.sa/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Thu, 09 Apr 2020 00:54:17 GMT
cf-cache-status: HIT
last-modified: Tue, 28 Jan 2020 14:13:41 GMT
server: cloudflare
age: 24220
etag: "5e304195-4fe8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 58104187a8521776-FRA
content-length: 20456
expires: Mon, 13 Apr 2020 18:10:37 GMT

GET
H2 200 poweredby-hy.png
baloot.safeis.sa/newweb/mega-card/img/ 8 KB
9 KB 18ms
17ms Image
image/png 2606:4700:3037::681b:b720
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://baloot.safeis.sa/newweb/mega-card/img/poweredby-hy.png
Requested by: Host: baloot.safeis.sa
URL: https://baloot.safeis.sa/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::681b:b720 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c2cfb4d5951cbdcbc6d2d07c7b97370a7e1bd6b2cdd6d5cdf1e1229172e2c7f8

Request headers

Referer: https://baloot.safeis.sa/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Thu, 09 Apr 2020 00:54:17 GMT
cf-cache-status: HIT
last-modified: Tue, 28 Jan 2020 14:13:41 GMT
server: cloudflare
age: 137649
etag: "5e304195-21ba"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 58104187a8541776-FRA
content-length: 8634
expires: Sun, 12 Apr 2020 10:40:08 GMT

GET
H2 200 riyadh_winter.png
baloot.safeis.sa/newweb/mega-card/img/ 22 KB
22 KB 17ms
16ms Image
image/png 2606:4700:3037::681b:b720
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://baloot.safeis.sa/newweb/mega-card/img/riyadh_winter.png
Requested by: Host: baloot.safeis.sa
URL: https://baloot.safeis.sa/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::681b:b720 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cbc280cce73fe0c8a1745fd15c08f1ffc8c58ce0ff556e895ad7db5a999bfdb3

Request headers

Referer: https://baloot.safeis.sa/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Thu, 09 Apr 2020 00:54:17 GMT
cf-cache-status: HIT
last-modified: Tue, 28 Jan 2020 14:13:41 GMT
server: cloudflare
age: 252008
etag: "5e304195-5905"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 58104187a8581776-FRA
content-length: 22789
expires: Sat, 11 Apr 2020 02:54:09 GMT

GET
H2 200 jquery.min.js Show response
baloot.safeis.sa/newweb/mega-card/js/ 95 KB
32 KB 18ms
18ms Script
application/x-javascript 2606:4700:3037::681b:b720
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://baloot.safeis.sa/newweb/mega-card/js/jquery.min.js
Requested by: Host: baloot.safeis.sa
URL: https://baloot.safeis.sa/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::681b:b720 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8c2812ded6436715279f8fd8db58de307aa39ab0296fe3cf0e879067c51e9b18

Request headers

Referer: https://baloot.safeis.sa/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Thu, 09 Apr 2020 00:54:17 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 28 Jan 2020 14:13:41 GMT
server: cloudflare
age: 96149
etag: W/"5e304195-17b8a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
status: 200
cache-control: max-age=432000
cf-ray: 5810418798311776-FRA
expires: Sun, 12 Apr 2020 22:11:48 GMT

GET
H2 200 bootstrap.min.js Show response
baloot.safeis.sa/newweb/mega-card/js/ 36 KB
9 KB 14ms
13ms Script
application/x-javascript 2606:4700:3037::681b:b720
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://baloot.safeis.sa/newweb/mega-card/js/bootstrap.min.js
Requested by: Host: baloot.safeis.sa
URL: https://baloot.safeis.sa/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::681b:b720 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef

Request headers

Referer: https://baloot.safeis.sa/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Thu, 09 Apr 2020 00:54:17 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 28 Jan 2020 14:13:41 GMT
server: cloudflare
age: 116782
etag: W/"5e304195-90b5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
status: 200
cache-control: max-age=432000
cf-ray: 5810418798391776-FRA
expires: Sun, 12 Apr 2020 16:27:55 GMT

GET
H2 200 persianumber.js Show response
baloot.safeis.sa/newweb/mega-card/js/ 2 KB
664 B 20ms
18ms Script
application/x-javascript 2606:4700:3037::681b:b720
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://baloot.safeis.sa/newweb/mega-card/js/persianumber.js
Requested by: Host: baloot.safeis.sa
URL: https://baloot.safeis.sa/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::681b:b720 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b76b8d03a6faf355b52af37113a3bea73cda246b76a5e9d6f5dcced42c4a367b

Request headers

Referer: https://baloot.safeis.sa/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Thu, 09 Apr 2020 00:54:17 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 28 Jan 2020 14:13:41 GMT
server: cloudflare
age: 366715
etag: W/"5e304195-72d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
status: 200
cache-control: max-age=432000
cf-ray: 58104187a8441776-FRA
expires: Thu, 09 Apr 2020 19:02:22 GMT

GET
H2 200 flipclock.js Show response
baloot.safeis.sa/newweb/mega-card/js/ 54 KB
11 KB 22ms
20ms Script
application/x-javascript 2606:4700:3037::681b:b720
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://baloot.safeis.sa/newweb/mega-card/js/flipclock.js
Requested by: Host: baloot.safeis.sa
URL: https://baloot.safeis.sa/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::681b:b720 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 211543b003430e8feec4da6a99241925e7e57f269bebdde167c787fd2a155c9c

Request headers

Referer: https://baloot.safeis.sa/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Thu, 09 Apr 2020 00:54:17 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 28 Jan 2020 14:13:41 GMT
server: cloudflare
age: 96149
etag: W/"5e304195-d90a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
status: 200
cache-control: max-age=432000
cf-ray: 58104187a8451776-FRA
expires: Sun, 12 Apr 2020 22:11:48 GMT

GET
H2 200 background.png
baloot.safeis.sa/newweb/mega-card/img/ 254 KB
254 KB 15ms
14ms Image
image/png 2606:4700:3037::681b:b720
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://baloot.safeis.sa/newweb/mega-card/img/background.png
Requested by: Host: baloot.safeis.sa
URL: https://baloot.safeis.sa/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::681b:b720 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2583111b47c9f433b06ef4b63b7242c60067666b6e4252bbb230c14ed9066ce3

Request headers

Referer: https://baloot.safeis.sa/newweb/mega-card/css/style.css?v1.0.12
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Thu, 09 Apr 2020 00:54:17 GMT
cf-cache-status: HIT
last-modified: Tue, 28 Jan 2020 14:13:41 GMT
server: cloudflare
age: 366713
etag: "5e304195-3f857"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 58104187c87a1776-FRA
content-length: 260183
expires: Thu, 09 Apr 2020 19:02:24 GMT

GET
H2 200 pattern-bg.png
baloot.safeis.sa/newweb/mega-card/img/ 101 KB
101 KB 83ms
82ms Image
image/png 2606:4700:3037::681b:b720
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://baloot.safeis.sa/newweb/mega-card/img/pattern-bg.png
Requested by: Host: baloot.safeis.sa
URL: https://baloot.safeis.sa/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::681b:b720 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e66eb598c9d842c79ae527dd385f7f3e7e45e7df012762a0f3a8ae40fe4cef71

Request headers

Referer: https://baloot.safeis.sa/newweb/mega-card/css/style.css?v1.0.12
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Thu, 09 Apr 2020 00:54:17 GMT
cf-cache-status: MISS
last-modified: Tue, 28 Jan 2020 14:13:41 GMT
server: cloudflare
etag: "5e304195-193b6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 58104187c87c1776-FRA
content-length: 103350
expires: Tue, 14 Apr 2020 00:54:17 GMT

GET
H2 200 baloot.jpg
baloot.safeis.sa/newweb/mega-card/img/ 52 KB
53 KB 14ms
13ms Image
image/jpeg 2606:4700:3037::681b:b720
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://baloot.safeis.sa/newweb/mega-card/img/baloot.jpg
Requested by: Host: baloot.safeis.sa
URL: https://baloot.safeis.sa/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::681b:b720 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dbc7e221c4a2058f04952c10e4bb3dfbb55cdcd534d82a89088a666fc2073d4b

Request headers

Referer: https://baloot.safeis.sa/newweb/mega-card/css/style.css?v1.0.12
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Thu, 09 Apr 2020 00:54:17 GMT
cf-cache-status: HIT
last-modified: Tue, 28 Jan 2020 14:13:41 GMT
server: cloudflare
age: 410197
etag: "5e304195-d1e6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
status: 200
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 58104187c87d1776-FRA
content-length: 53734
expires: Thu, 09 Apr 2020 06:57:40 GMT

GET
H2 200 pattern-bg3.png
baloot.safeis.sa/newweb/mega-card/img/ 65 KB
65 KB 12ms
12ms Image
image/png 2606:4700:3037::681b:b720
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://baloot.safeis.sa/newweb/mega-card/img/pattern-bg3.png
Requested by: Host: baloot.safeis.sa
URL: https://baloot.safeis.sa/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::681b:b720 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e5505a34c15004e89b9591a0c3dd5b4103113fb290ee131aefe45c17f751de21

Request headers

Referer: https://baloot.safeis.sa/newweb/mega-card/css/style.css?v1.0.12
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Thu, 09 Apr 2020 00:54:17 GMT
cf-cache-status: HIT
last-modified: Tue, 28 Jan 2020 14:13:41 GMT
server: cloudflare
age: 374881
etag: "5e304195-102b0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: max-age=432000
accept-ranges: bytes
cf-ray: 58104187c87e1776-FRA
content-length: 66224
expires: Thu, 09 Apr 2020 16:46:16 GMT

GET
H2 200 DroidKufi-Bold.ttf
baloot.safeis.sa/newweb/mega-card/fonts/ 79 KB
80 KB 63ms
63ms Font
application/octet-stream 2606:4700:3037::681b:b720
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://baloot.safeis.sa/newweb/mega-card/fonts/DroidKufi-Bold.ttf
Requested by: Host: baloot.safeis.sa
URL: https://baloot.safeis.sa/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::681b:b720 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b9699e2c12780e649d7541ea8713377b3a04663d778823cd252cd7feee4a2024

Request headers

Referer: https://baloot.safeis.sa/newweb/mega-card/css/style.css?v1.0.12
Origin: https://baloot.safeis.sa
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 09 Apr 2020 00:54:17 GMT
cf-cache-status: REVALIDATED
last-modified: Tue, 28 Jan 2020 14:13:41 GMT
server: cloudflare
etag: "5e304195-13d44"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/octet-stream
status: 200
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 58104187c87f1776-FRA
content-length: 81220

GET
H2 200 DroidKufi-Regular.ttf
baloot.safeis.sa/newweb/mega-card/fonts/ 79 KB
79 KB 66ms
66ms Font
application/octet-stream 2606:4700:3037::681b:b720
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://baloot.safeis.sa/newweb/mega-card/fonts/DroidKufi-Regular.ttf
Requested by: Host: baloot.safeis.sa
URL: https://baloot.safeis.sa/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::681b:b720 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ae57aea1cb701121475bcd38a9264115c401927701f4b04a54f9166143c52fe0

Request headers

Referer: https://baloot.safeis.sa/newweb/mega-card/css/style.css?v1.0.12
Origin: https://baloot.safeis.sa
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 09 Apr 2020 00:54:17 GMT
cf-cache-status: REVALIDATED
last-modified: Tue, 28 Jan 2020 14:13:41 GMT
server: cloudflare
etag: "5e304195-13d48"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/octet-stream
status: 200
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 58104187c8801776-FRA
content-length: 81224

GET
H2 200 JTUSjIg1_i6t8kCHKm459WlhyyTh89Y.woff2
fonts.gstatic.com/s/montserrat/v14/ 13 KB
14 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:814::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v14/JTUSjIg1_i6t8kCHKm459WlhyyTh89Y.woff2

Requested by

Host: baloot.safeis.sa
URL: https://baloot.safeis.sa/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0ce5a460ace775560c3344a43245687bdbec5cb8ee20d209ab9fa67f4e09a3e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/css?family=Montserrat
Origin: https://baloot.safeis.sa
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 04 Apr 2020 13:45:40 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 03:46:48 GMT
server: sffe
age: 385717
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 13708
x-xss-protection: 0
expires: Sun, 04 Apr 2021 13:45:40 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 44 KB
18 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-126693942-1

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://baloot.safeis.sa/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 06 Feb 2020 00:21:02 GMT
server: Golfe2
age: 942
date: Thu, 09 Apr 2020 00:38:35 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 18174
expires: Thu, 09 Apr 2020 02:38:35 GMT

GET
H2 200 collect
www.google-analytics.com/r/ 35 B
101 B 13ms
13ms Image
image/gif 2a00:1450:4001:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/collect?v=1&_v=j81&a=1861131238&t=pageview&_s=1&dl=https%3A%2F%2Fbaloot.safeis.sa%2F&ul=en-us&de=UTF-8&dt=%D8%A8%D8%B7%D9%88%D9%84%D8%A9%20%D8%A7%D9%84%D9%85%D9%85%D9%84%D9%83%D8%A9%20%D9%84%D9%84%D8%A8%D9%84%D9%88%D8%AA%20%7C%20%D8%A7%D9%84%D8%B1%D8%A6%D9%8A%D8%B3%D9%8A%D8%A9&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAUAB~&jid=1336202663&gjid=1794872727&cid=1830726783.1586393658&tid=UA-126693942-1&_gid=1890642624.1586393658&_r=1&gtm=2ou432&z=1424590158

Requested by

Host: baloot.safeis.sa
URL: https://baloot.safeis.sa/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://baloot.safeis.sa/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Thu, 09 Apr 2020 00:54:17 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| gtag object| dataLayer object| google_tag_manager string| GoogleAnalyticsObject function| ga function| $ function| jQuery object| jQuery112408573873959648013 string| defaultSettings function| origParseInt function| origParseFloat function| Base function| FlipClock object| persiaNumberedDOM object| google_tag_data object| gaplugins object| gaGlobal object| gaData

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.safeis.sa/	1970-01-19 08:39:53	Name: _gat_gtag_UA_126693942_1 Value: 1
			baloot.safeis.sa/	1970-01-19 09:04:53	Name: XSRF-TOKEN Value: eyJpdiI6IjFqc2xDeVJYMmozNVIzOGI3SDFOQmc9PSIsInZhbHVlIjoibUZjZmgrOFZ1SHQ4WGdicGt2ekdTUG1VNXpsRUk2dkEyc1ByYU8rSDhwQlJQOEtaeWRpeVwvdkRNMGtcL0RFYVpiNFdVa2V1bkpPNm5XWnFEdTk0bjJXZz09IiwibWFjIjoiMjFhZTBmMTFhODcxMTE5OGVjM2EwZDI3NzY3YWUyZWZkNjYxOTZjZDE4OGJhYTRkMDJkOTIyMGVkOWNjODE1NyJ9
			.safeis.sa/	1970-01-19 08:41:20	Name: _gid Value: GA1.2.1890642624.1586393658
			baloot.safeis.sa/	1970-01-19 09:04:53	Name: laravel_session Value: eyJpdiI6InBrTjBqc1JUenJLc0FcL21aM0RsbjVBPT0iLCJ2YWx1ZSI6IlN6bWhucFpXenVtWTdLbTJuNlVoSFwvZ1VkaEhlZHdkNjVtYUZ1XC8rVjAzMEk2VEU3U2g1eTJmOUY1N2trNHN2OU1oSGFMXC9RUGpGa1J6ZmJoM1BRMWtBPT0iLCJtYWMiOiI4NGI0M2U3ZDgyNTk4YThkNGQ1YzlkNWI0OGU0MGEzZmY4N2VkZTk4MTQwN2ZmNjRmZjRkYmY5NGZjMDZiMGJkIn0%3D
			.safeis.sa/	1970-01-20 02:11:05	Name: _ga Value: GA1.2.1830726783.1586393658
			.safeis.sa/	1970-01-19 09:23:05	Name: __cfduid Value: dac9fa1ba3bd815730d292f6aa53806131586393657

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://baloot.safeis.sa/newweb/mega-card/js/flipclock.js(Line 255) Message: Trying to start timer when countdown already at 0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

baloot.safeis.sa
fonts.googleapis.com
fonts.gstatic.com
www.google-analytics.com
www.googletagmanager.com
2606:4700:3037::681b:b720
2a00:1450:4001:800::2008
2a00:1450:4001:814::2003
2a00:1450:4001:817::200e
2a00:1450:4001:821::200a
06818b2c41364e70021d420e1cc98f4bbcc0a082f6dbd02bb5a272c12b7764b2
0ce5a460ace775560c3344a43245687bdbec5cb8ee20d209ab9fa67f4e09a3e8
1c92b08d0cdd139eb257a701dc458f8cd10cb628a69d1e1cf2f1edf4bfef1275
211543b003430e8feec4da6a99241925e7e57f269bebdde167c787fd2a155c9c
24305c9d8795d7d275e22b0677712d9ec0902b4e5df0f733279f9fbc4bc126f2
2583111b47c9f433b06ef4b63b7242c60067666b6e4252bbb230c14ed9066ce3
3b5ad5fc390eb31a14ec9e707614def45ce5f31bc46cd4bd5ed9bc1380233a06
50eaf30a8b55b51e31a521540e0da055f5be2bba3e01633eadfbc143101e1088
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
6e925278b384fe4673ea385b0757d8edefda6213f2c557aebb41205ea6c5d718
6ec1c01c0f92418b979153ddddc584cd1904e42cc8ef7af4a302d0caadbdbc0a
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
85f8d754928a10bb6cfd2a85d45dd5659cada9bbe6b394d2a9bed0aa82c92c9b
896c0e48e1e15803a2018005cf7f94ef641ef74d0cca662a0ff5c69e38d010c8
8c2812ded6436715279f8fd8db58de307aa39ab0296fe3cf0e879067c51e9b18
936ffccdc35bc55221e669d0e76034af76ba8c080c1b1149144dbbd3b5311829
a8917b0f77803421aa698e6107ff6846f7bbd103bed48f976b9b2a152e230266
ae57aea1cb701121475bcd38a9264115c401927701f4b04a54f9166143c52fe0
b3ec6b781a3f36abd2b951552ed30296a49c5e6a5729c4050a826cfff0e35adc
b76b8d03a6faf355b52af37113a3bea73cda246b76a5e9d6f5dcced42c4a367b
b9699e2c12780e649d7541ea8713377b3a04663d778823cd252cd7feee4a2024
c0486895303b2ac1e27f191b0ce130e6b871de74e839ed3e6c7d6949f6d9eddd
c2cfb4d5951cbdcbc6d2d07c7b97370a7e1bd6b2cdd6d5cdf1e1229172e2c7f8
cbc280cce73fe0c8a1745fd15c08f1ffc8c58ce0ff556e895ad7db5a999bfdb3
daf9358479071b8441b80186f34a4cb40d2441a43ac0a852128ec86f81da08f1
dba21e30d870e33a8a344f2f5f50a783bdd1edefd1a7972a12ced8dfebd77945
dbc7e221c4a2058f04952c10e4bb3dfbb55cdcd534d82a89088a666fc2073d4b
e5505a34c15004e89b9591a0c3dd5b4103113fb290ee131aefe45c17f751de21
e66eb598c9d842c79ae527dd385f7f3e7e45e7df012762a0f3a8ae40fe4cef71
e6ae4ed4c85c95aa1a5a436518a60f148e24a940bab13da2ec654f1d85cb0eac
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
f0c9cf08df8984441ee8633a4aabda2f9a239a21983fca338497390377a859ee