Submitted URL: https://f0r.co/2FHUb
Effective URL: https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData...
Submission Tags: falconsandbox
Submission: On December 04 via api from US

Summary

This website contacted 22 IPs in 4 countries across 15 domains to perform 68 HTTP transactions. The main IP is 2606:4700::6812:1591, located in United States and belongs to CLOUDFLARENET, US. The main domain is act.fordeal.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on August 10th 2020. Valid for: a year.
This is the only time act.fordeal.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2606:4700:303... 13335 (CLOUDFLAR...)
13 2606:4700::68... 13335 (CLOUDFLAR...)
8 2606:4700::68... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 13.224.93.97 16509 (AMAZON-02)
4 2a03:2880:f01... 32934 (FACEBOOK)
6 2a00:1450:400... 15169 (GOOGLE)
1 13.224.93.90 16509 (AMAZON-02)
1 7 2a03:2880:f11... 32934 (FACEBOOK)
1 216.58.206.2 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
3 35.186.226.184 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2600:9000:219... 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
2 2600:9000:21f... 16509 (AMAZON-02)
68 22
Domain Requested by
7 www.facebook.com 1 redirects
7 s4.forcloudcdn.com act.fordeal.com
6 www.googletagmanager.com s4.forcloudcdn.com
www.googletagmanager.com
6 s3.forcloudcdn.com f0r.co
act.fordeal.com
s3.forcloudcdn.com
4 www.google.de
4 analytics.google.com www.googletagmanager.com
4 connect.facebook.net s4.forcloudcdn.com
connect.facebook.net
4 gw.fordeal.com s4.forcloudcdn.com
3 tr.snapchat.com
3 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
3 stats.g.doubleclick.net www.googletagmanager.com
www.google-analytics.com
2 api2.branch.io cdn.branch.io
2 www.google.com
2 dot.fordeal.com s4.forcloudcdn.com
2 dot-hub-x.fordeal.com s4.forcloudcdn.com
1 app.link cdn.branch.io
1 googleads.g.doubleclick.net www.googleadservices.com
1 www.googleadservices.com www.googletagmanager.com
1 cdn.branch.io s4.forcloudcdn.com
1 sc-static.net s4.forcloudcdn.com
1 h5.fordeal.com s4.forcloudcdn.com
1 act.fordeal.com f0r.co
1 f0r.co
0 client-metrics.fordeal.com Failed
68 24

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2020-08-30 -
2021-08-30
a year crt.sh
forcloudcdn.com
Cloudflare Inc ECC CA-3
2020-07-21 -
2021-07-21
a year crt.sh
fordeal.com
Cloudflare Inc ECC CA-3
2020-08-10 -
2021-08-10
a year crt.sh
sc-static.net
DigiCert SHA2 Secure Server CA
2019-03-11 -
2021-03-15
2 years crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2020-11-02 -
2021-01-30
3 months crt.sh
*.google-analytics.com
GTS CA 1O1
2020-11-03 -
2021-01-26
3 months crt.sh
*.branch.io
DigiCert TLS RSA SHA256 2020 CA1
2020-11-25 -
2021-12-25
a year crt.sh
www.googleadservices.com
GTS CA 1O1
2020-11-03 -
2021-01-26
3 months crt.sh
*.google.com
GTS CA 1O1
2020-11-03 -
2021-01-26
3 months crt.sh
*.g.doubleclick.net
GTS CA 1O1
2020-11-03 -
2021-01-26
3 months crt.sh
www.google.de
GTS CA 1O1
2020-11-03 -
2021-01-26
3 months crt.sh
tr.snapchat.com
DigiCert SHA2 Secure Server CA
2019-02-19 -
2021-02-23
2 years crt.sh
www.google.com
GTS CA 1O1
2020-11-03 -
2021-01-26
3 months crt.sh
*.google.de
GTS CA 1O1
2020-11-03 -
2021-01-26
3 months crt.sh
appipv4.link
Amazon
2020-07-22 -
2021-08-22
a year crt.sh

This page contains 4 frames:

Primary Page: https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
Frame ID: 6F970FF6E2EFEA75DB541FE5BF7A56F5
Requests: 64 HTTP requests in this frame

Frame: https://tr.snapchat.com/cm/i?pid=594717e0-8d76-4661-ba73-cab202295bb0
Frame ID: 2BFDC13E715E330A1F84A5B819AA5FD1
Requests: 1 HTTP requests in this frame

Frame: https://tr.snapchat.com/p
Frame ID: F26AC77DC8560D2052A1541C9AA27765
Requests: 1 HTTP requests in this frame

Frame: https://tr.snapchat.com/p
Frame ID: A02C40B68077E87B567CCFA7CAAFFDE7
Requests: 1 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://f0r.co/2FHUb Page URL
  2. https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_202010... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Page Statistics

68
Requests

97 %
HTTPS

81 %
IPv6

15
Domains

24
Subdomains

22
IPs

4
Countries

761 kB
Transfer

2102 kB
Size

10
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://f0r.co/2FHUb Page URL
  2. https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 36
  • https://www.facebook.com/tr/?id=1232841863581518&ev=PageView&dl=https%3A%2F%2Fact.fordeal.com%2Fact%2Fgame%2Fshare%2Faward%3Ff%3Dp_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1%26fdData%3Duh7YFDmtax4K%252FURUkIHfvr76qSTY0LMSs2%252BJTLICGqg%253D%26act_promotion_short_url%3D110909%26lan%3Dar%26cur%3DSAR%26luckyNumber%3D1012&rl=https%3A%2F%2Ff0r.co%2F2FHUb&if=false&ts=1607113668427&cd[content_type]=product&sw=1600&sh=1200&v=2.9.29&r=stable&ec=0&o=30&fbp=fb.1.1607113668423.2136992946&it=1607113668348&coo=false&rqm=GET HTTP 302
  • https://www.facebook.com/tr/?cd[content_type]=product&coo=false&dl=https%3A%2F%2Fact.fordeal.com%2Fact%2Fgame%2Fshare%2Faward%3Ff%3Dp_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1%26fdData%3Duh7YFDmtax4K%252FURUkIHfvr76qSTY0LMSs2%252BJTLICGqg%253D%26act_promotion_short_url%3D110909%26lan%3Dar%26cur%3DSAR%26luckyNumber%3D1012&ec=0&ev=PageView&fbp=fb.1.1607113668423.2136992946&id=1232841863581518&if=false&it=1607113668348&o=30&r=stable&redirect=0&rl=https%3A%2F%2Ff0r.co%2F2FHUb&rqm=GET&sh=1200&sw=1600&ts=1607113668427&v=2.9.29

68 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
2FHUb
f0r.co/
2 KB
2 KB
Document
General
Full URL
https://f0r.co/2FHUb
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::681b:a440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
74e4ba34676dc5ac82db3728157650d10ccb499bba7dd2ef0df282630bd34ecb

Request headers

:method
GET
:authority
f0r.co
:scheme
https
:path
/2FHUb
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Dec 2020 20:27:47 GMT
content-type
text/html;charset=UTF-8
set-cookie
__cfduid=dd2d32bc0f28b82fad19211ebcc65e0e11607113667; expires=Sun, 03-Jan-21 20:27:47 GMT; path=/; domain=.f0r.co; HttpOnly; SameSite=Lax
refresh
2;url=https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
content-language
en-US
cf-cache-status
DYNAMIC
cf-request-id
06d1098b4c00000614db3a0000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=f1Xs0KrQJYREyv7Oh%2B5uF%2Fx8PK75GsrZBFSDUYkdwX%2FWIHh9%2FwDMk%2Btk%2Fu4o3usnkoFK14xGSjP516r0U4WgPWYd5cwnt5rBLNPy8%2F9EO0OBqWM%3D"}],"group":"cf-nel","max_age":604800}
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
5fc845254b060614-FRA
content-encoding
br
37c4f9a3-3694-4eed-aa6f-b33f9d03b9f5-202x202.gif
s3.forcloudcdn.com/dmc/
22 KB
22 KB
Image
General
Full URL
https://s3.forcloudcdn.com/dmc/37c4f9a3-3694-4eed-aa6f-b33f9d03b9f5-202x202.gif
Requested by
Host: f0r.co
URL: https://f0r.co/2FHUb
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:19c9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://f0r.co/2FHUb
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Dec 2020 20:27:47 GMT
cf-cache-status
HIT
age
2742289
cf-polished
status=not_needed
cf-ray
5fc845263b26177e-FRA
last-modified
Fri, 06 Dec 2019 07:52:56 GMT
content-length
22117
x-amz-id-2
qFV9sgyfWPneA8YVT2IaL8/WErEdPP3tlL5gBpj4XrHzSsYb316kC0pBM1d4oEIK1NAEdodUN6Q=
cf-bgj
imgq:100,h2pri
server
cloudflare
etag
"62dd0f63cae4843fc18ab7564786bc64"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-request-id
FBED43F01FCEAA3E
cache-control
public, max-age=172800
x-amz-version-id
FtEke91YknnGoXGULXLtEtsHvwDQOhhv
cf-request-id
06d1098be70000177e86a2f000000001
accept-ranges
bytes
content-type
image/gif
expires
Sun, 06 Dec 2020 20:27:47 GMT
Primary Request award
act.fordeal.com/act/game/share/
6 KB
7 KB
Document
General
Full URL
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
Requested by
Host: f0r.co
URL: https://f0r.co/2FHUb
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1591 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b2dfe06fc77da82ebe76f75e47cab44bad0d0f2be06f017bc90da738019e9398

Request headers

:method
GET
:authority
act.fordeal.com
:scheme
https
:path
/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://f0r.co/2FHUb
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://f0r.co/2FHUb

Response headers

date
Fri, 04 Dec 2020 20:27:47 GMT
content-length
6622
set-cookie
__cfduid=d435398904912751405a11803c2a2e6f21607113667; expires=Sun, 03-Jan-21 20:27:47 GMT; path=/; domain=.fordeal.com; HttpOnly; SameSite=Lax; Secure
cf-cache-status
DYNAMIC
cf-request-id
06d1098c8f0000c2b3fe3e5000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
5fc845274e25c2b3-FRA
index.css
s4.forcloudcdn.com/-/libs/fd-base-style/1.3.2/base.css,libs/fd-lego-base/1.2.6/
22 KB
12 KB
Stylesheet
General
Full URL
https://s4.forcloudcdn.com/-/libs/fd-base-style/1.3.2/base.css,libs/fd-lego-base/1.2.6/index.css
Requested by
Host: act.fordeal.com
URL: https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:19c9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
efe24cf995481398cb7abeada5dcfae661d86350e8a415cd82334c853b352fca

Request headers

Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Dec 2020 20:27:47 GMT
content-encoding
br
cf-cache-status
HIT
age
6681
cf-polished
origSize=22829
x-cache-status
HIT
last-modified
Mon, 19 Oct 2020 09:07:39 GMT
web
aws-ir1-front-cdnsrc-017149
cf-request-id
06d1098d1a0000177e62172000000001
cf-bgj
minify
server
cloudflare
etag
W/"592d-MO3Y2AA8O/fa0VW4ykzvxbQr5Cg"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding
content-type
text/css; charset=utf-8
cache-control
public, max-age=172800
cf-ray
5fc845282f26177e-FRA
expires
Sun, 06 Dec 2020 20:27:47 GMT
fe8d04592fddef28cd9bdcc338ba40ab.css
s3.forcloudcdn.com/assets/lego/
35 KB
9 KB
Stylesheet
General
Full URL
https://s3.forcloudcdn.com/assets/lego/fe8d04592fddef28cd9bdcc338ba40ab.css
Requested by
Host: act.fordeal.com
URL: https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:19c9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ae433f52d4697a1ed9b458b97993d33c5676355a4714df1413c3aa86e765b6fd

Request headers

Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Dec 2020 20:27:47 GMT
content-encoding
br
cf-cache-status
HIT
age
2658212
cf-polished
origSize=35745
last-modified
Fri, 23 Oct 2020 09:19:49 GMT
x-amz-request-id
A760ABA9CE17627C
x-amz-id-2
tL7een8joSBnseC6G3mG8jUZCGitZFMTX7p+3EFUjFFTcqDl+hLpT9iPu7YiQCXgxy01NWrMwQ4=
cf-bgj
minify
server
cloudflare
etag
W/"09c1ab1b9318e92f623cff31b3db2d77"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=172800
x-amz-version-id
Yi6MeWCcY1okFqFXT.LiCVIy4CLMSIoD
cf-request-id
06d1098d140000177e42b19000000001
cf-ray
5fc845281f0b177e-FRA
expires
Sun, 06 Dec 2020 20:27:47 GMT
favicon.png
s3.forcloudcdn.com/
176 B
490 B
Image
General
Full URL
https://s3.forcloudcdn.com/favicon.png
Requested by
Host: act.fordeal.com
URL: https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:19c9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ae4f0e529fd049ee6c6211d0993b2abb8770feb295069037e6833926b9d2f3ec

Request headers

Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Dec 2020 20:27:47 GMT
cf-cache-status
HIT
age
68373
cf-polished
origFmt=png, origSize=268
last-modified
Sat, 12 Sep 2020 11:50:02 GMT
content-length
176
content-disposition
inline; filename="favicon.webp"
x-amz-request-id
E31750EB115377AA
x-amz-id-2
ycQ00HHNADIavmYSfL/Dt0yAoWARo804jyh6Wtd1h82dplPkORXjFaJHxeKrXDcTaFSlfQ1gaec=
cf-bgj
imgq:100,h2pri
server
cloudflare
etag
"e8e99d8cec7157963e4717c8480e8516"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
cache-control
public, max-age=172800
x-amz-version-id
YLQ4VTKqEnhUdDcQfjgd57F.vNJngUTm
cf-request-id
06d1098d2e0000177ec0b26000000001
accept-ranges
bytes
cf-ray
5fc845284f66177e-FRA
expires
Sun, 06 Dec 2020 20:27:47 GMT
cdef6048-715b-40de-8cd5-94353ae4dc80-530x100.png
s3.forcloudcdn.com/dmc/
19 KB
19 KB
Image
General
Full URL
https://s3.forcloudcdn.com/dmc/cdef6048-715b-40de-8cd5-94353ae4dc80-530x100.png
Requested by
Host: act.fordeal.com
URL: https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:19c9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fa61544d9ef006498f3fafbf1c26654d094597ab75ee8f9bb586acbc417d3821

Request headers

Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Dec 2020 20:27:47 GMT
cf-cache-status
HIT
age
59318
cf-polished
origFmt=png, origSize=21623
last-modified
Fri, 09 Oct 2020 12:53:37 GMT
content-length
19280
content-disposition
inline; filename="cdef6048-715b-40de-8cd5-94353ae4dc80-530x100.webp"
x-amz-request-id
B0B4A16AC369905D
x-amz-id-2
6uaDHIOlCJDdksG9LX4pR4J8Ms/Ist1XL5ArzdVRxYmLOV1XXPe3jH1RozWv9bbeGAGuunn37P0=
cf-bgj
imgq:100,h2pri
server
cloudflare
etag
"e7f273176159c39e4a446b7b4692f94a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
cache-control
public, max-age=172800
x-amz-version-id
QcwcAdJmqMT1EXe5_1nwlyOpd6Ikad3o
cf-request-id
06d1098d2e0000177e4439b000000001
accept-ranges
bytes
cf-ray
5fc845284f69177e-FRA
expires
Sun, 06 Dec 2020 20:27:47 GMT
js.cookie.js
s4.forcloudcdn.com/-/libs/vue/2.6.9/vue.runtime.min.js,libs/axios/0.18.0/axios.min.js,libs/js-cookie/2.2.0/src/
79 KB
27 KB
Script
General
Full URL
https://s4.forcloudcdn.com/-/libs/vue/2.6.9/vue.runtime.min.js,libs/axios/0.18.0/axios.min.js,libs/js-cookie/2.2.0/src/js.cookie.js?v=1
Requested by
Host: act.fordeal.com
URL: https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:19c9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ae2da0e95fb2c36a7bfc05c04cac11298d76720b98e67d84519d915cd56dbe82

Request headers

Origin
https://act.fordeal.com
Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Dec 2020 20:27:47 GMT
content-encoding
br
cf-cache-status
HIT
age
5197
cf-polished
origSize=81621
x-cache-status
HIT
last-modified
Tue, 03 Mar 2020 02:40:08 GMT
web
aws-ir1-front-cdnsrc-031095
cf-request-id
06d1098d3200001f19daacf000000001
cf-bgj
minify
server
cloudflare
etag
W/"13ed5-5h2nPdk4CmU5f8qYqWstdQ7INcI"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=172800
cf-ray
5fc845284ac91f19-FRA
expires
Sun, 06 Dec 2020 20:27:47 GMT
base.js
s4.forcloudcdn.com/-/libs/fd-polyfill/1.0.1/polyfill.js,libs/fd-f/3.4.0/f.js,libs/fd-image/1.4.1/image.js,libs/fd-base/1.3.0/
45 KB
16 KB
Script
General
Full URL
https://s4.forcloudcdn.com/-/libs/fd-polyfill/1.0.1/polyfill.js,libs/fd-f/3.4.0/f.js,libs/fd-image/1.4.1/image.js,libs/fd-base/1.3.0/base.js?v=1
Requested by
Host: act.fordeal.com
URL: https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:19c9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9a4edc2f6181c78030f3fe9cf2a897643ff733be5f1526807491fa97b668cdef

Request headers

Origin
https://act.fordeal.com
Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Dec 2020 20:27:47 GMT
content-encoding
br
cf-cache-status
HIT
age
571
cf-polished
origSize=46469
x-cache-status
HIT
last-modified
Fri, 16 Oct 2020 14:41:49 GMT
web
aws-ir1-front-cdnsrc-017149
cf-request-id
06d1098d3300001f193d8ea000000001
cf-bgj
minify
server
cloudflare
etag
W/"b585-pwEB1frs/tspx9VBgFYPqzu6lWw"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=172800
cf-ray
5fc845285ad31f19-FRA
expires
Sun, 06 Dec 2020 20:27:47 GMT
promotion.js
s4.forcloudcdn.com/-/libs/fd-url/1.3.1/url.js,libs/fd-dwp/1.7.0/dwp.js,libs/fd-dce/1.0.1/dce.js,libs/fd-native-app/1.2.8/native.js,libs/fd-logger/1.7.8/logger.js,libs/fd-tracker/2.0.4/tracker.js,li...
116 KB
31 KB
Script
General
Full URL
https://s4.forcloudcdn.com/-/libs/fd-url/1.3.1/url.js,libs/fd-dwp/1.7.0/dwp.js,libs/fd-dce/1.0.1/dce.js,libs/fd-native-app/1.2.8/native.js,libs/fd-logger/1.7.8/logger.js,libs/fd-tracker/2.0.4/tracker.js,libs/fd-promotion/1.5.0/promotion.js?v=1
Requested by
Host: act.fordeal.com
URL: https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:19c9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
867e9d08b5658be43b7537391034480293a65d6d2bd74461e4b6b5b17fd10ee7

Request headers

Origin
https://act.fordeal.com
Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Dec 2020 20:27:47 GMT
content-encoding
br
cf-cache-status
HIT
age
571
cf-polished
origSize=118661
x-cache-status
HIT
last-modified
Mon, 26 Oct 2020 09:43:39 GMT
web
aws-ir1-front-cdnsrc-031095
cf-request-id
06d1098d3300001f19f32d0000000001
cf-bgj
minify
server
cloudflare
etag
W/"1cf85-yYCyffKxd/g2Mqgy9/LXXvAxMX8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=172800
cf-ray
5fc845285acf1f19-FRA
expires
Sun, 06 Dec 2020 20:27:47 GMT
native-external.js
s4.forcloudcdn.com/-/libs/fd-mipha-core/2.2.1/app.js,libs/fd-lego-base/1.2.6/index.js,libs/fd-native-app/1.2.8/
20 KB
6 KB
Script
General
Full URL
https://s4.forcloudcdn.com/-/libs/fd-mipha-core/2.2.1/app.js,libs/fd-lego-base/1.2.6/index.js,libs/fd-native-app/1.2.8/native-external.js?v=1
Requested by
Host: act.fordeal.com
URL: https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:19c9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b41b61a32822149cb5d08b2a4ac1c4a5a459270a387a609c64559c121ca0c52a

Request headers

Origin
https://act.fordeal.com
Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Dec 2020 20:27:47 GMT
content-encoding
br
cf-cache-status
HIT
age
571
cf-polished
origSize=20172
x-cache-status
HIT
last-modified
Mon, 19 Oct 2020 09:07:40 GMT
web
aws-ir1-front-cdnsrc-031095
cf-request-id
06d1098d3200001f19053d7000000001
cf-bgj
minify
server
cloudflare
etag
W/"4ecc-VtgyMVnqPdRRNuFpXH3uUSJqZm8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=172800
cf-ray
5fc845284acd1f19-FRA
expires
Sun, 06 Dec 2020 20:27:47 GMT
fe8d04592fddef28cd9bdcc338ba40ab.js
s3.forcloudcdn.com/assets/lego/
66 KB
16 KB
Script
General
Full URL
https://s3.forcloudcdn.com/assets/lego/fe8d04592fddef28cd9bdcc338ba40ab.js?v=1
Requested by
Host: act.fordeal.com
URL: https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:19c9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8786c76184d1e72abb25a5becaf956e39d8600d46a8c28a8664d4324d350440e

Request headers

Origin
https://act.fordeal.com
Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Dec 2020 20:27:47 GMT
content-encoding
br
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cf-cache-status
HIT
age
2639788
last-modified
Fri, 23 Oct 2020 09:19:49 GMT
x-amz-request-id
986038B81217F267
x-amz-id-2
ACh8ztwW4iH0jZwGb3jBixBK+gM8DZjwn3JTGgom+fS4i44XjqAlkc9AWsLTym7331MNCojjD9w=
cf-bgj
minify
server
cloudflare
etag
W/"b8f8415ce0642f3d3103c691ec4157a5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
6000
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=172800
x-amz-version-id
U.nNPU7ud_9uKgHzYGa1guxxcispAdta
cf-request-id
06d1098d3b0000beba69362000000001
cf-ray
5fc845285c97beba-FRA
expires
Sun, 06 Dec 2020 20:27:47 GMT
1
gw.fordeal.com/gw/dwp.horizon.clientHttpRate/
101 B
1 KB
XHR
General
Full URL
https://gw.fordeal.com/gw/dwp.horizon.clientHttpRate/1?data=&gw_ver=1&plat=pc&ct=1607113667944&appname=fordeal&sign=7e88fef47b13aea537e03e5e7de2ab03
Requested by
Host: s4.forcloudcdn.com
URL: https://s4.forcloudcdn.com/-/libs/vue/2.6.9/vue.runtime.min.js,libs/axios/0.18.0/axios.min.js,libs/js-cookie/2.2.0/src/js.cookie.js?v=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1591 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
81bd3f9cfa4e8048c31e25c4c8d3a6f344418c0bfd6722ba03fb9cd3844398d7
Security Headers
Name Value
X-Frame-Options ALLOW-FROM https://www.snapchat.com

Request headers

Accept
application/json, text/plain, */*
Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

gw-trace-sampling
0
date
Fri, 04 Dec 2020 20:27:48 GMT
content-encoding
br
cf-cache-status
DYNAMIC
access-control-max-age
3600
service-rt
0
gw-code
1001
cf-request-id
06d1098d770000c2b37383b000000001
s_timestamp
1607113668
server
cloudflare
x-frame-options
ALLOW-FROM https://www.snapchat.com
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
front-end-https
on
access-control-allow-methods
POST, GET, OPTIONS
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://act.fordeal.com
gw-rt
17
access-control-expose-headers
GW-ST,GW-Code,gw-set-cookie,GW-RT,gw-trace-id
cache-control
no-cache
access-control-allow-credentials
true
real-server
aws-ir1-base-horizon-prod-018254
gw-st
1607113668001
cf-ray
5fc84528b8cac2b3-FRA
access-control-allow-headers
Content-Type,X-XSRF-TOKEN,sign,appname,plat,ct,gw_ver,gw-did,web-gw-did,web-id,f-g,Authorization,self-referer,gw-origin,gw-cookie-domain
gw-trace-id
0.1a27f6f6be144808bffda74f84a2954c.9078.16071136679842266
truncated
/
298 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b44163cb03740958fbf8b38b70317a2ec56567515513f86d37baca0dccd04a3c

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/svg+xml
1
gw.fordeal.com/gw/dwp.common.serverTime/
101 B
255 B
XHR
General
Full URL
https://gw.fordeal.com/gw/dwp.common.serverTime/1?data=&gw_ver=1&plat=pc&ct=1607113667960&appname=fordeal&sign=6efb888627539798b46c83c594fabf9c
Requested by
Host: s4.forcloudcdn.com
URL: https://s4.forcloudcdn.com/-/libs/vue/2.6.9/vue.runtime.min.js,libs/axios/0.18.0/axios.min.js,libs/js-cookie/2.2.0/src/js.cookie.js?v=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1591 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b17576de440089f3c222a16eb6b5c39c712b854d3814bf4bad2ac79bdde34fde
Security Headers
Name Value
X-Frame-Options ALLOW-FROM https://www.snapchat.com

Request headers

Accept
application/json, text/plain, */*
Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

gw-trace-sampling
1
date
Fri, 04 Dec 2020 20:27:48 GMT
content-encoding
br
cf-cache-status
DYNAMIC
access-control-max-age
3600
gw-code
1001
cf-request-id
06d1098d7f0000c2b30516f000000001
s_timestamp
1607113667
server
cloudflare
x-frame-options
ALLOW-FROM https://www.snapchat.com
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
front-end-https
on
access-control-allow-methods
POST, GET, OPTIONS
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://act.fordeal.com
gw-rt
8
access-control-expose-headers
GW-ST,GW-Code,gw-set-cookie,GW-RT,gw-trace-id
cache-control
no-cache
access-control-allow-credentials
true
gw-st
1607113667997
cf-ray
5fc84528c8dac2b3-FRA
access-control-allow-headers
Content-Type,X-XSRF-TOKEN,sign,appname,plat,ct,gw_ver,gw-did,web-gw-did,web-id,f-g,Authorization,self-referer,gw-origin,gw-cookie-domain
gw-trace-id
1.a8f2431dd0964785a31fbcf58d9f21b8.3888.16071136679895347
b6f0e50e-ae85-4b75-a6b9-fc2d06e6933c-650x140.png
s3.forcloudcdn.com/dmc/
11 KB
12 KB
Image
General
Full URL
https://s3.forcloudcdn.com/dmc/b6f0e50e-ae85-4b75-a6b9-fc2d06e6933c-650x140.png
Requested by
Host: s3.forcloudcdn.com
URL: https://s3.forcloudcdn.com/assets/lego/fe8d04592fddef28cd9bdcc338ba40ab.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:19c9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6f39624b6c39016601d7d80b2b921c2fcd68ccfce86210dae6d837a42c05bc0b

Request headers

Referer
https://s3.forcloudcdn.com/assets/lego/fe8d04592fddef28cd9bdcc338ba40ab.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Dec 2020 20:27:47 GMT
cf-cache-status
HIT
age
64372
cf-polished
origFmt=png, origSize=12864
last-modified
Tue, 06 Oct 2020 13:21:05 GMT
content-length
11292
content-disposition
inline; filename="b6f0e50e-ae85-4b75-a6b9-fc2d06e6933c-650x140.webp"
x-amz-request-id
2E4C468D94BAC6FF
x-amz-id-2
Srk5tjN8BvMS+HSqmYooYfYAuEFOvP6aYfeTaI3U0Ja7mM4ax7NlRQXC9Q0zhKQRGvAy+0ob0cc=
cf-bgj
imgq:100,h2pri
server
cloudflare
etag
"783f6d6a2061c65e5015ef6078c9ed3c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
content-type
image/webp
cache-control
public, max-age=172800
x-amz-version-id
nugn7haYPP7irL0d_6Tea7ShgqCUsFwy
cf-request-id
06d1098d7e0000177e7e9f5000000001
accept-ranges
bytes
cf-ray
5fc84528c887177e-FRA
expires
Sun, 06 Dec 2020 20:27:47 GMT
truncated
/
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0746983372f1b7e048c04f4b0b56b8f30d7b6240dc366d45ed329044d2c48392

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
dotRecords
dot-hub-x.fordeal.com/api/v2/ Frame
0
0
Other
General
Full URL
https://dot-hub-x.fordeal.com/api/v2/dotRecords
Protocol
H2
Server
2606:4700::6812:1491 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type
Origin
https://act.fordeal.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Fri, 04 Dec 2020 20:27:48 GMT
access-control-allow-origin
https://act.fordeal.com
access-control-allow-credentials
true
access-control-allow-methods
GET, HEAD, POST, PUT, PATCH, DELETE, OPTIONS
access-control-max-age
86400
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, x-token, Authorization, x-xsrf-token
allow
GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
cf-cache-status
DYNAMIC
cf-request-id
06d1098e9a0000d6edc399e000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
5fc8452a88a1d6ed-FRA
dotRecord
dot.fordeal.com/api/
32 B
330 B
XHR
General
Full URL
https://dot.fordeal.com/api/dotRecord
Requested by
Host: s4.forcloudcdn.com
URL: https://s4.forcloudcdn.com/-/libs/vue/2.6.9/vue.runtime.min.js,libs/axios/0.18.0/axios.min.js,libs/js-cookie/2.2.0/src/js.cookie.js?v=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1591 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d0c6e973789174cc9a87a6695c2f6ef3e5d5956f4038bed7b0a40b1f295bf618

Request headers

Accept
application/json, text/plain, */*
Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Fri, 04 Dec 2020 20:27:48 GMT
content-encoding
br
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
accept-encoding
access-control-allow-methods
GET, HEAD, POST, PUT, PATCH, DELETE, OPTIONS
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://act.fordeal.com
access-control-max-age
86400
access-control-allow-credentials
true
cf-ray
5fc8452aed28c2b3-FRA
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, x-token, Authorization, x-xsrf-token
cf-request-id
06d1098ed30000c2b3d5bb1000000001
dotRecords
dot-hub-x.fordeal.com/api/v2/
32 B
118 B
XHR
General
Full URL
https://dot-hub-x.fordeal.com/api/v2/dotRecords
Requested by
Host: s4.forcloudcdn.com
URL: https://s4.forcloudcdn.com/-/libs/vue/2.6.9/vue.runtime.min.js,libs/axios/0.18.0/axios.min.js,libs/js-cookie/2.2.0/src/js.cookie.js?v=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1591 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d0c6e973789174cc9a87a6695c2f6ef3e5d5956f4038bed7b0a40b1f295bf618

Request headers

Accept
application/json, text/plain, */*
Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/json

Response headers

date
Fri, 04 Dec 2020 20:27:48 GMT
content-encoding
br
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
accept-encoding
access-control-allow-methods
GET, HEAD, POST, PUT, PATCH, DELETE, OPTIONS
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://act.fordeal.com
access-control-max-age
86400
access-control-allow-credentials
true
cf-ray
5fc8452afd36c2b3-FRA
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, x-token, Authorization, x-xsrf-token
cf-request-id
06d1098ede0000c2b3e9bfa000000001
fd.promotion.config.json
h5.fordeal.com/
295 B
535 B
XHR
General
Full URL
https://h5.fordeal.com/fd.promotion.config.json
Requested by
Host: s4.forcloudcdn.com
URL: https://s4.forcloudcdn.com/-/libs/vue/2.6.9/vue.runtime.min.js,libs/axios/0.18.0/axios.min.js,libs/js-cookie/2.2.0/src/js.cookie.js?v=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1491 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
814363ffdc3390936740954a636377a4f4e8542fdd28b8a8a3a5be904a384d52

Request headers

Accept
application/json, text/plain, */*
Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Dec 2020 20:27:48 GMT
content-encoding
br
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method
cf-cache-status
DYNAMIC
x-amz-request-id
D2B32F5F3BCC179B
cf-ray
5fc8452a785bd6ed-FRA
x-amz-id-2
3AWbfzT1edoYXndQoIG4RmTWR7LTh12/HJP/meGKltCtPtxKDNd9AxHtOHi8fLg21ldtEoOmybk=
last-modified
Tue, 13 Oct 2020 04:06:04 GMT
server
cloudflare
etag
W/"6d1b53d8c6d692cc68227abe8d5859d4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
6000
access-control-allow-methods
GET
x-amz-version-id
655NV3XTTEQYQ6xxGoLABByrH3Wd6kNn
access-control-allow-origin
*
cf-request-id
06d1098e870000d6ed949e8000000001
content-type
application/json
9eb7615d-13ae-4c1b-8d79-c147238820a2-750x540.jpg_0.jpg
s4.forcloudcdn.com/dmc/
19 KB
19 KB
Image
General
Full URL
https://s4.forcloudcdn.com/dmc/9eb7615d-13ae-4c1b-8d79-c147238820a2-750x540.jpg_0.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:19c9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8148443d228eb296a94c0a9b59c9adce6e5dc45ec442df993673264fd63ac272

Request headers

Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Dec 2020 20:27:48 GMT
cf-cache-status
HIT
age
2565580
cf-polished
origSize=21292, status=vary_header_present
x-cache-status
HIT
last-modified
Thu, 05 Nov 2020 03:46:41 GMT
web
aws-ir1-front-cdnsrc-031095
cf-request-id
06d1098dce0000177eb81ad000000001
cf-bgj
imgq:100,h2pri
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=31536000
cf-ray
5fc84529497b177e-FRA
expires
Sat, 04 Dec 2021 20:27:48 GMT
f510149e-49c6-489f-9979-6633d3228f6a-260x260.jpg_0.jpg
s4.forcloudcdn.com/dmc/
6 KB
6 KB
Image
General
Full URL
https://s4.forcloudcdn.com/dmc/f510149e-49c6-489f-9979-6633d3228f6a-260x260.jpg_0.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:19c9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4c654cc6f20fdbc364b6594b2c24e3aff4bdeb6ae88ab2438360c6ea11b1a20e

Request headers

Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Dec 2020 20:27:48 GMT
cf-cache-status
HIT
age
2223250
cf-polished
origSize=6648, status=vary_header_present
x-cache-status
HIT
last-modified
Mon, 09 Nov 2020 01:46:59 GMT
web
aws-ir1-front-cdnsrc-031095
cf-request-id
06d1098dcd0000177e52123000000001
cf-bgj
imgq:100,h2pri
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=31536000
cf-ray
5fc84529497e177e-FRA
expires
Sat, 04 Dec 2021 20:27:48 GMT
scevent.min.js
sc-static.net/
13 KB
6 KB
Script
General
Full URL
https://sc-static.net/scevent.min.js
Requested by
Host: s4.forcloudcdn.com
URL: https://s4.forcloudcdn.com/-/libs/fd-url/1.3.1/url.js,libs/fd-dwp/1.7.0/dwp.js,libs/fd-dce/1.0.1/dce.js,libs/fd-native-app/1.2.8/native.js,libs/fd-logger/1.7.8/logger.js,libs/fd-tracker/2.0.4/tracker.js,libs/fd-promotion/1.5.0/promotion.js?v=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.93.97 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-93-97.zrh50.r.cloudfront.net
Software
CloudFront /
Resource Hash
4548c412ce3bd15ddf652328dd58fad638a41fbd5c08473a1ab485e5a12076c9

Request headers

Origin
https://act.fordeal.com
Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Dec 2020 20:27:48 GMT
content-encoding
gzip
server
CloudFront
x-amz-cf-pop
ZRH50-C1
x-cache
LambdaGeneratedResponse from cloudfront
content-type
application/javascript;charset=utf-8
access-control-allow-origin
*
cache-control
private, s-maxage=0, max-age=600
access-control-allow-headers
Content-Type
content-length
5415
via
1.1 7e81b1a3e22ce96cdfb0b6c2db121d58.cloudfront.net (CloudFront)
x-amz-cf-id
6qSfVSwN_lNvuF7PBk7xgwyU-cnoRzIOm1WXkMl5H6YrP0BHKBGh7A==
fbevents.js
connect.facebook.net/en_US/
89 KB
23 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: s4.forcloudcdn.com
URL: https://s4.forcloudcdn.com/-/libs/fd-url/1.3.1/url.js,libs/fd-dwp/1.7.0/dwp.js,libs/fd-dce/1.0.1/dce.js,libs/fd-native-app/1.2.8/native.js,libs/fd-logger/1.7.8/logger.js,libs/fd-tracker/2.0.4/tracker.js,libs/fd-promotion/1.5.0/promotion.js?v=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
0e49c2b4e86d3fda1dda93eb1210a47712f7b091181b4e7c6da2b3e6f8e86396
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
23320
x-xss-protection
0
pragma
public
x-fb-debug
yg6WJGcjbVf9SRGQx2+PEIm9avTf0aY/mnDpCkcBQOz4oCD38AR39w2tbKXjEXsy5Srgp9J1ikHs4hC6jR0l0g==
x-fb-trip-id
664085054
x-frame-options
DENY
date
Fri, 04 Dec 2020 20:27:48 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
expires
Sat, 01 Jan 2000 00:00:00 GMT
js
www.googletagmanager.com/gtag/
98 KB
39 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-94012617-9
Requested by
Host: s4.forcloudcdn.com
URL: https://s4.forcloudcdn.com/-/libs/fd-url/1.3.1/url.js,libs/fd-dwp/1.7.0/dwp.js,libs/fd-dce/1.0.1/dce.js,libs/fd-native-app/1.2.8/native.js,libs/fd-logger/1.7.8/logger.js,libs/fd-tracker/2.0.4/tracker.js,libs/fd-promotion/1.5.0/promotion.js?v=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
94d4e476403a8ebb0cf7fbeb6740613632e10059de7cff2f7479b1c52822979a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Origin
https://act.fordeal.com
Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Dec 2020 20:27:48 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Origin, Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
https://act.fordeal.com
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39696
x-xss-protection
0
expires
Fri, 04 Dec 2020 20:27:48 GMT
js
www.googletagmanager.com/gtag/
98 KB
39 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-94012617-8
Requested by
Host: s4.forcloudcdn.com
URL: https://s4.forcloudcdn.com/-/libs/fd-url/1.3.1/url.js,libs/fd-dwp/1.7.0/dwp.js,libs/fd-dce/1.0.1/dce.js,libs/fd-native-app/1.2.8/native.js,libs/fd-logger/1.7.8/logger.js,libs/fd-tracker/2.0.4/tracker.js,libs/fd-promotion/1.5.0/promotion.js?v=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
dc6ad078f9a35bc3668541cbe2405c7d3ac3f2e73fb2d06d2a454e1ae961fe87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Origin
https://act.fordeal.com
Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Dec 2020 20:27:48 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Origin, Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
https://act.fordeal.com
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39696
x-xss-protection
0
expires
Fri, 04 Dec 2020 20:27:48 GMT
branch-latest.min.js
cdn.branch.io/
78 KB
24 KB
Script
General
Full URL
https://cdn.branch.io/branch-latest.min.js
Requested by
Host: s4.forcloudcdn.com
URL: https://s4.forcloudcdn.com/-/libs/fd-url/1.3.1/url.js,libs/fd-dwp/1.7.0/dwp.js,libs/fd-dce/1.0.1/dce.js,libs/fd-native-app/1.2.8/native.js,libs/fd-logger/1.7.8/logger.js,libs/fd-tracker/2.0.4/tracker.js,libs/fd-promotion/1.5.0/promotion.js?v=1
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.224.93.90 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-93-90.zrh50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3ff0169292598bec1751fce80d0024e2c9e55c406b7456ef3aefae30bf3a4efb

Request headers

Origin
https://act.fordeal.com
Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
c7Vvzbb8uKgHcC4eD_pqp123QB.GvKI.
Content-Encoding
gzip
ETag
"d4ba055ba82c0baa510053e92eb83211"
X-Amz-Cf-Pop
ZRH50-C1
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
23541
Access-Control-Allow-Origin
*
Last-Modified
Thu, 19 Nov 2020 17:43:28 GMT
Server
AmazonS3
Date
Fri, 04 Dec 2020 20:27:48 GMT
Vary
Origin
Access-Control-Allow-Methods
GET
Content-Type
text/javascript
Via
1.1 c202f63846a430afd2d556266be8b50c.cloudfront.net (CloudFront)
Cache-Control
max-age=300
X-Amz-Cf-Id
m526FTqiUqzPSKpjnfJF-ewCZq73D6fxOH6DzZ4xc7yqvJMcrak-Kg==
1
gw.fordeal.com/gw/dwp.customerCenter.get_phone/
87 B
608 B
XHR
General
Full URL
https://gw.fordeal.com/gw/dwp.customerCenter.get_phone/1?data=&gw_ver=1&plat=pc&ct=1607113668330&appname=fordeal&sign=a905a12cea62a8f290d0a5e2a1d3be36
Requested by
Host: s4.forcloudcdn.com
URL: https://s4.forcloudcdn.com/-/libs/vue/2.6.9/vue.runtime.min.js,libs/axios/0.18.0/axios.min.js,libs/js-cookie/2.2.0/src/js.cookie.js?v=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1591 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
06462b9cde8acdb46d6ad810b2cca2aff934fcf1749f2569f342ce3e0a95d063
Security Headers
Name Value
X-Frame-Options ALLOW-FROM https://www.snapchat.com

Request headers

Accept
application/json, text/plain, */*
Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

gw-trace-sampling
0
date
Fri, 04 Dec 2020 20:27:48 GMT
content-encoding
br
cf-cache-status
DYNAMIC
access-control-max-age
3600
service-rt
1
gw-code
1001
cf-request-id
06d1098ef00000c2b3bcaa7000000001
s_timestamp
1607113668
server
cloudflare
x-frame-options
ALLOW-FROM https://www.snapchat.com
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
front-end-https
on
access-control-allow-methods
POST, GET, OPTIONS
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://act.fordeal.com
gw-rt
5
access-control-expose-headers
GW-ST,GW-Code,gw-set-cookie,GW-RT,gw-trace-id
cache-control
no-cache
access-control-allow-credentials
true
real-server
aws-ir1-trade-customer-center-prod-005056
gw-st
1607113668367
cf-ray
5fc8452b1d7fc2b3-FRA
access-control-allow-headers
Content-Type,X-XSRF-TOKEN,sign,appname,plat,ct,gw_ver,gw-did,web-gw-did,web-id,f-g,Authorization,self-referer,gw-origin,gw-cookie-domain
gw-trace-id
0.1b54fba2cacb40028880fae3ded7bf37.31.16071136683621898
171574500264944
connect.facebook.net/signals/config/
239 KB
69 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/171574500264944?v=2.9.29&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
8f82641cd10d709c474e2c3b3e2eb32a3779b767d7346d51b5d68d63c9011f36
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
70221
x-xss-protection
0
pragma
public
x-fb-debug
Mc6mU/lH5UmiR+0Fycs9jTgXl+9hXb4qhlOBROPX9yximqKR6JB7g2peWbri+LZXt1l2MrOsK+Tr1gFHY3M8PA==
x-fb-trip-id
664085054
x-frame-options
DENY
date
Fri, 04 Dec 2020 20:27:48 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-content-id
1203531502
expires
Sat, 01 Jan 2000 00:00:00 GMT
1232841863581518
connect.facebook.net/signals/config/
239 KB
69 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/1232841863581518?v=2.9.29&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
ad76fbc33fe30cdbedcc3ad3a36d2e40cf046e3d071b86822fb6dfb7925b0e60
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
70222
x-xss-protection
0
pragma
public
x-fb-debug
J6LVoxSj2llYLHEBzOjoz+T/vW4RF08YlPjL7sWcnytG8Lw+PE86b6yu27XU4395GYTsOW1bcwJz0TQr95gp9Q==
x-fb-trip-id
664085054
x-frame-options
DENY
date
Fri, 04 Dec 2020 20:27:48 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-content-id
113767419
expires
Sat, 01 Jan 2000 00:00:00 GMT
js
www.googletagmanager.com/gtag/
96 KB
38 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-927470498&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-94012617-9
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:818::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
d087ad1012c6202b27e75ee3b74e27949017b975ddadaed773a1dd5ab33e5214
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Dec 2020 20:27:48 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38741
x-xss-protection
0
last-modified
Fri, 04 Dec 2020 18:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 04 Dec 2020 20:27:48 GMT
js
www.googletagmanager.com/gtag/
133 KB
51 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-8XPR1T5L4G&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-94012617-9
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:818::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
2d011947db111744f7347b47dc5aff3365beecc43cc4f021ccaac5d22b936d95
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Dec 2020 20:27:48 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
51920
x-xss-protection
0
expires
Fri, 04 Dec 2020 20:27:48 GMT
js
www.googletagmanager.com/gtag/
96 KB
38 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-94012617-8&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-94012617-9
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:818::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
79271598e3af3899269689883826f9c9d22079f5da2a7d84a042ddf67f3875c7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Dec 2020 20:27:48 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38772
x-xss-protection
0
expires
Fri, 04 Dec 2020 20:27:48 GMT
js
www.googletagmanager.com/gtag/
133 KB
51 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-EHRJ3G5MJS&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-94012617-9
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:818::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
07132b10727e07799a2af83eb123237c889a89671650fb71c1aa4436e7a216f0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Dec 2020 20:27:48 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
51922
x-xss-protection
0
expires
Fri, 04 Dec 2020 20:27:48 GMT
948137468955233
connect.facebook.net/signals/config/
239 KB
69 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/948137468955233?v=2.9.29&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
1b5799846c2f6b75f6c61b6802ccd3940ffc8203ed4e30a9f53a82f4bd1a2f25
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
default-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.facebook.com/csp/reporting/;
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
70221
x-xss-protection
0
pragma
public
x-fb-debug
j9a501xFkM0/rvAbeDIItC6nbi42yu2wYW3/0ywdU0GZFmj4QEPqAc8+bjyCjP8YZdeDyV/XmV/s3kXrATYeFw==
x-fb-trip-id
664085054
x-frame-options
DENY
date
Fri, 04 Dec 2020 20:27:48 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-content-id
1924950400
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/
44 B
259 B
Image
General
Full URL
https://www.facebook.com/tr/?id=171574500264944&ev=PageView&dl=https%3A%2F%2Fact.fordeal.com%2Fact%2Fgame%2Fshare%2Faward%3Ff%3Dp_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1%26fdData%3Duh7YFDmtax4K%252FURUkIHfvr76qSTY0LMSs2%252BJTLICGqg%253D%26act_promotion_short_url%3D110909%26lan%3Dar%26cur%3DSAR%26luckyNumber%3D1012&rl=https%3A%2F%2Ff0r.co%2F2FHUb&if=false&ts=1607113668425&cd[content_type]=product&sw=1600&sh=1200&v=2.9.29&r=stable&ec=0&o=30&fbp=fb.1.1607113668423.2136992946&it=1607113668348&coo=false&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Dec 2020 20:27:48 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Fri, 04 Dec 2020 20:27:48 GMT
/
www.facebook.com/tr/
Redirect Chain
  • https://www.facebook.com/tr/?id=1232841863581518&ev=PageView&dl=https%3A%2F%2Fact.fordeal.com%2Fact%2Fgame%2Fshare%2Faward%3Ff%3Dp_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1%2...
  • https://www.facebook.com/tr/?cd[content_type]=product&coo=false&dl=https%3A%2F%2Fact.fordeal.com%2Fact%2Fgame%2Fshare%2Faward%3Ff%3Dp_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_...
44 B
100 B
Image
General
Full URL
https://www.facebook.com/tr/?cd[content_type]=product&coo=false&dl=https%3A%2F%2Fact.fordeal.com%2Fact%2Fgame%2Fshare%2Faward%3Ff%3Dp_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1%26fdData%3Duh7YFDmtax4K%252FURUkIHfvr76qSTY0LMSs2%252BJTLICGqg%253D%26act_promotion_short_url%3D110909%26lan%3Dar%26cur%3DSAR%26luckyNumber%3D1012&ec=0&ev=PageView&fbp=fb.1.1607113668423.2136992946&id=1232841863581518&if=false&it=1607113668348&o=30&r=stable&redirect=0&rl=https%3A%2F%2Ff0r.co%2F2FHUb&rqm=GET&sh=1200&sw=1600&ts=1607113668427&v=2.9.29
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Dec 2020 20:27:48 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Fri, 04 Dec 2020 20:27:48 GMT

Redirect headers

pragma
no-cache
date
Fri, 04 Dec 2020 20:27:48 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/plain
location
/tr/?cd[content_type]=product&coo=false&dl=https%3A%2F%2Fact.fordeal.com%2Fact%2Fgame%2Fshare%2Faward%3Ff%3Dp_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1%26fdData%3Duh7YFDmtax4K%252FURUkIHfvr76qSTY0LMSs2%252BJTLICGqg%253D%26act_promotion_short_url%3D110909%26lan%3Dar%26cur%3DSAR%26luckyNumber%3D1012&ec=0&ev=PageView&fbp=fb.1.1607113668423.2136992946&id=1232841863581518&if=false&it=1607113668348&o=30&r=stable&redirect=0&rl=https%3A%2F%2Ff0r.co%2F2FHUb&rqm=GET&sh=1200&sw=1600&ts=1607113668427&v=2.9.29
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
0
expires
0
/
www.facebook.com/tr/
44 B
214 B
Image
General
Full URL
https://www.facebook.com/tr/?id=948137468955233&ev=PageView&dl=https%3A%2F%2Fact.fordeal.com%2Fact%2Fgame%2Fshare%2Faward%3Ff%3Dp_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1%26fdData%3Duh7YFDmtax4K%252FURUkIHfvr76qSTY0LMSs2%252BJTLICGqg%253D%26act_promotion_short_url%3D110909%26lan%3Dar%26cur%3DSAR%26luckyNumber%3D1012&rl=https%3A%2F%2Ff0r.co%2F2FHUb&if=false&ts=1607113668427&cd[content_type]=product&sw=1600&sh=1200&v=2.9.29&r=stable&ec=0&o=30&fbp=fb.1.1607113668423.2136992946&it=1607113668348&coo=false&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Dec 2020 20:27:48 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Fri, 04 Dec 2020 20:27:48 GMT
conversion_async.js
www.googleadservices.com/pagead/
30 KB
12 KB
Script
General
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-927470498&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s20-in-f2.1e100.net
Software
cafe /
Resource Hash
5fb46ad88af0181f8aa600691dadedc2d6dd1946603b69bc36385f68efdd01a3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Dec 2020 20:27:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
12174
x-xss-protection
0
server
cafe
etag
1959326039972715456
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Fri, 04 Dec 2020 20:27:48 GMT
collect
analytics.google.com/g/
0
341 B
Other
General
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-8XPR1T5L4G&gtm=2oeb41&_p=1942978021&sr=1600x1200&_gaz=1&ul=en-us&cid=1393866930.1607113668&_s=1&dl=https%3A%2F%2Fact.fordeal.com%2Fact%2Fgame%2Fshare%2Faward%3Ff%3Dp_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1%26fdData%3Duh7YFDmtax4K%252FURUkIHfvr76qSTY0LMSs2%252BJTLICGqg%253D%26act_promotion_short_url%3D110909%26lan%3Dar%26cur%3DSAR%26luckyNumber%3D1012&dr=https%3A%2F%2Ff0r.co%2F2FHUb&dt=iPhone%2012%20%D9%85%D8%AC%D8%A7%D9%86%D8%A7%20%D9%84%D9%83%20!&sid=1607113668&sct=1&seg=0&en=page_view&_fv=1&_nsi=1&_ss=2
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-8XPR1T5L4G&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Fri, 04 Dec 2020 20:27:48 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://act.fordeal.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/
0
73 B
Other
General
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-8XPR1T5L4G&cid=1393866930.1607113668&gtm=2oeb41&aip=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-8XPR1T5L4G&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c09::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Fri, 04 Dec 2020 20:27:48 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://act.fordeal.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
analytics.js
www.google-analytics.com/
46 KB
18 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-94012617-9
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 23 Oct 2020 03:00:57 GMT
server
Golfe2
age
2308
date
Fri, 04 Dec 2020 19:49:20 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18817
expires
Fri, 04 Dec 2020 21:49:20 GMT
collect
analytics.google.com/g/
0
45 B
Other
General
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-EHRJ3G5MJS&gtm=2oeb41&_p=1942978021&sr=1600x1200&_gaz=1&ul=en-us&cid=1393866930.1607113668&_s=1&dl=https%3A%2F%2Fact.fordeal.com%2Fact%2Fgame%2Fshare%2Faward%3Ff%3Dp_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1%26fdData%3Duh7YFDmtax4K%252FURUkIHfvr76qSTY0LMSs2%252BJTLICGqg%253D%26act_promotion_short_url%3D110909%26lan%3Dar%26cur%3DSAR%26luckyNumber%3D1012&dr=https%3A%2F%2Ff0r.co%2F2FHUb&dt=iPhone%2012%20%D9%85%D8%AC%D8%A7%D9%86%D8%A7%20%D9%84%D9%83%20!&sid=1607113668&sct=1&seg=0&en=page_view&_fv=1&_ss=2
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-EHRJ3G5MJS&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Fri, 04 Dec 2020 20:27:48 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://act.fordeal.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/
0
54 B
Other
General
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-EHRJ3G5MJS&cid=1393866930.1607113668&gtm=2oeb41&aip=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-EHRJ3G5MJS&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c09::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Fri, 04 Dec 2020 20:27:48 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://act.fordeal.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
42 B
107 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-8XPR1T5L4G&cid=1393866930.1607113668&gtm=2oeb41&aip=1&z=301476990
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 04 Dec 2020 20:27:48 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
42 B
107 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-EHRJ3G5MJS&cid=1393866930.1607113668&gtm=2oeb41&aip=1&z=935819179
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 04 Dec 2020 20:27:48 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/
1 B
64 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j87&a=1942978021&t=pageview&_s=1&dl=https%3A%2F%2Fact.fordeal.com%2Fact%2Fgame%2Fshare%2Faward%3Ff%3Dp_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1%26fdData%3Duh7YFDmtax4K%252FURUkIHfvr76qSTY0LMSs2%252BJTLICGqg%253D%26act_promotion_short_url%3D110909%26lan%3Dar%26cur%3DSAR%26luckyNumber%3D1012&dr=https%3A%2F%2Ff0r.co%2F2FHUb&ul=en-us&de=UTF-8&dt=iPhone%2012%20%D9%85%D8%AC%D8%A7%D9%86%D8%A7%20%D9%84%D9%83%20!&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IADAAUABAAAAAC~&jid=1824920063&gjid=184361861&cid=1393866930.1607113668&tid=UA-94012617-9&_gid=719492794.1607113669&_r=1&gtm=2oub41&z=1424281331
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 04 Dec 2020 20:27:48 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://act.fordeal.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/
2 B
27 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j87&a=1942978021&t=pageview&_s=1&dl=https%3A%2F%2Fact.fordeal.com%2Fact%2Fgame%2Fshare%2Faward%3Ff%3Dp_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1%26fdData%3Duh7YFDmtax4K%252FURUkIHfvr76qSTY0LMSs2%252BJTLICGqg%253D%26act_promotion_short_url%3D110909%26lan%3Dar%26cur%3DSAR%26luckyNumber%3D1012&dr=https%3A%2F%2Ff0r.co%2F2FHUb&ul=en-us&de=UTF-8&dt=iPhone%2012%20%D9%85%D8%AC%D8%A7%D9%86%D8%A7%20%D9%84%D9%83%20!&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IADAAUABAAAAAC~&jid=1915976228&gjid=161532673&cid=1393866930.1607113668&tid=UA-94012617-8&_gid=719492794.1607113669&_r=1&gtm=2oub41&z=1666561239
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 04 Dec 2020 20:27:48 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://act.fordeal.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/927470498/
3 KB
1 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/927470498/?random=1607113668518&cv=9&fst=1607113668518&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2oab41&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fact.fordeal.com%2Fact%2Fgame%2Fshare%2Faward%3Ff%3Dp_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1%26fdData%3Duh7YFDmtax4K%252FURUkIHfvr76qSTY0LMSs2%252BJTLICGqg%253D%26act_promotion_short_url%3D110909%26lan%3Dar%26cur%3DSAR%26luckyNumber%3D1012&ref=https%3A%2F%2Ff0r.co%2F2FHUb&tiba=iPhone%2012%20%D9%85%D8%AC%D8%A7%D9%86%D8%A7%20%D9%84%D9%83%20!&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c00fd0da60ff22ac2b1264f58439f41ab8cd02c1016006de62d27ebdb41b63bf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 04 Dec 2020 20:27:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
1231
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/
4 B
423 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j87&tid=UA-94012617-8&cid=1393866930.1607113668&jid=1915976228&gjid=161532673&_gid=719492794.1607113669&_u=IADAAUABAAAAAC~&z=1365701717
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400c:c09::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Fri, 04 Dec 2020 20:27:48 GMT
content-type
text/plain
access-control-allow-origin
https://act.fordeal.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
i
tr.snapchat.com/cm/ Frame 2BFD
0
0
Document
General
Full URL
https://tr.snapchat.com/cm/i?pid=594717e0-8d76-4661-ba73-cab202295bb0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.226.184 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
184.226.186.35.bc.googleusercontent.com
Software
nginx/1.17.3 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

:method
GET
:authority
tr.snapchat.com
:scheme
https
:path
/cm/i?pid=594717e0-8d76-4661-ba73-cab202295bb0
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012

Response headers

server
nginx/1.17.3
date
Fri, 04 Dec 2020 20:27:48 GMT
content-type
text/html
content-length
0
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 google
alt-svc
h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
/
www.google.com/pagead/1p-user-list/927470498/
42 B
138 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/927470498/?random=1607113668518&cv=9&fst=1607112000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2oab41&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fact.fordeal.com%2Fact%2Fgame%2Fshare%2Faward%3Ff%3Dp_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1%26fdData%3Duh7YFDmtax4K%252FURUkIHfvr76qSTY0LMSs2%252BJTLICGqg%253D%26act_promotion_short_url%3D110909%26lan%3Dar%26cur%3DSAR%26luckyNumber%3D1012&ref=https%3A%2F%2Ff0r.co%2F2FHUb&tiba=iPhone%2012%20%D9%85%D8%AC%D8%A7%D9%86%D8%A7%20%D9%84%D9%83%20!&async=1&fmt=3&is_vtc=1&random=1057032802&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 04 Dec 2020 20:27:48 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/927470498/
42 B
530 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/927470498/?random=1607113668518&cv=9&fst=1607112000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2oab41&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fact.fordeal.com%2Fact%2Fgame%2Fshare%2Faward%3Ff%3Dp_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1%26fdData%3Duh7YFDmtax4K%252FURUkIHfvr76qSTY0LMSs2%252BJTLICGqg%253D%26act_promotion_short_url%3D110909%26lan%3Dar%26cur%3DSAR%26luckyNumber%3D1012&ref=https%3A%2F%2Ff0r.co%2F2FHUb&tiba=iPhone%2012%20%D9%85%D8%AC%D8%A7%D9%86%D8%A7%20%D9%84%D9%83%20!&async=1&fmt=3&is_vtc=1&random=1057032802&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 04 Dec 2020 20:27:48 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
_r
app.link/
90 B
739 B
Script
General
Full URL
https://app.link/_r?sdk=web2.57.1&branch_key=key_live_pgNaS6ti52mXzBeOV4FlAkfhEBfccw5b&callback=branch_callback__0
Requested by
Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2190:dc00:19:9934:6a80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty / Express
Resource Hash
1217a3a967efe5ddd8bf19f19baa88dbcc95ccf6f25b7a0e949d232f525c885a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Fri, 04 Dec 2020 20:27:48 GMT
Via
1.1 6b0e09b8a7d995016df1513b4b11c17e.cloudfront.net (CloudFront)
X-Content-Type-Options
nosniff
Server
openresty
X-Amz-Cf-Pop
ZRH50-C1
X-Powered-By
Express
X-Cache
Miss from cloudfront
Content-Type
text/javascript; charset=utf-8
Connection
keep-alive
Content-Length
90
ETag
W/"5a-DGDc38YZn8lEydtno4Iito/hgmk"
X-Amz-Cf-Id
rj86M25ZUzTex2T9KNXSVEeMZk8kzz4Aa-4ppKw3-Bh2YAtYGW0tRw==
p
tr.snapchat.com/ Frame F26A
0
0
Document
General
Full URL
https://tr.snapchat.com/p
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.226.184 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
184.226.186.35.bc.googleusercontent.com
Software
nginx/1.17.3 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

:method
POST
:authority
tr.snapchat.com
:scheme
https
:path
/p
content-length
497
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
origin
https://act.fordeal.com
content-type
application/x-www-form-urlencoded
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
Origin
https://act.fordeal.com
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012

Response headers

server
nginx/1.17.3
date
Fri, 04 Dec 2020 20:27:48 GMT
content-type
text/html
content-length
0
access-control-allow-origin
*
cache-control
no-cache, no-transform
set-cookie
sc_at=v2|H4sIAAAAAAAAAAXBgQ0AIQgDwIlI6D8WO44xMAXDe9e9jjK2lbIsznVTVNiSLoEmPsyAnsBP7vEHQNVUEzIAAAA=;SameSite=None;Version=1;Comment=;Domain=.snapchat.com;Path=/;Max-Age=33696000;Secure
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 google
alt-svc
h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
p
tr.snapchat.com/ Frame A02C
0
0
Document
General
Full URL
https://tr.snapchat.com/p
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.226.184 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
184.226.186.35.bc.googleusercontent.com
Software
nginx/1.17.3 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

:method
POST
:authority
tr.snapchat.com
:scheme
https
:path
/p
content-length
497
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
origin
https://act.fordeal.com
content-type
application/x-www-form-urlencoded
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
Origin
https://act.fordeal.com
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012

Response headers

server
nginx/1.17.3
date
Fri, 04 Dec 2020 20:27:48 GMT
content-type
text/html
content-length
0
access-control-allow-origin
*
cache-control
no-cache, no-transform
set-cookie
sc_at=v2|H4sIAAAAAAAAAAXBgQ0AIAgDsItItghz74iJV3C8raoazAzf5ch6DAuI2rcldR9rhsIml+TBBxTEAaIyAAAA;SameSite=None;Version=1;Comment=;Domain=.snapchat.com;Path=/;Max-Age=33696000;Secure
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 google
alt-svc
h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
ga-audiences
www.google.com/ads/
42 B
483 B
Image
General
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-94012617-8&cid=1393866930.1607113668&jid=1915976228&_u=IADAAUABAAAAAC~&z=405883266
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 04 Dec 2020 20:27:48 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
42 B
65 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-94012617-8&cid=1393866930.1607113668&jid=1915976228&_u=IADAAUABAAAAAC~&z=405883266
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 04 Dec 2020 20:27:48 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
open
api2.branch.io/v1/
264 B
579 B
XHR
General
Full URL
https://api2.branch.io/v1/open
Requested by
Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:2e00:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
7a58d63fbb105ec41455f5ecd7313cd47fd2cbd741be1e615d7edd5084581245

Request headers

Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Fri, 04 Dec 2020 20:27:48 GMT
via
1.1 ac0e9b19969df989a920e6d1b834d009.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C2
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
*
cache-control
no-cache
x-branch-request-id
49674087b53b4e628ca356b862356bd6-2020120420
content-length
264
x-amz-cf-id
78wGKJMzgE-KZT0nCdPOxAhYihLVYFkXg16j1yuWfRjyCsyZ-3LOcw==
/
www.facebook.com/tr/
44 B
100 B
Image
General
Full URL
https://www.facebook.com/tr/?id=171574500264944&ev=Microdata&dl=https%3A%2F%2Fact.fordeal.com%2Fact%2Fgame%2Fshare%2Faward%3Ff%3Dp_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1%26fdData%3Duh7YFDmtax4K%252FURUkIHfvr76qSTY0LMSs2%252BJTLICGqg%253D%26act_promotion_short_url%3D110909%26lan%3Dar%26cur%3DSAR%26luckyNumber%3D1012&rl=https%3A%2F%2Ff0r.co%2F2FHUb&if=false&ts=1607113668928&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22iPhone%2012%20%D9%85%D8%AC%D8%A7%D9%86%D8%A7%20%D9%84%D9%83%20!%20%22%2C%22meta%3Adescription%22%3A%22%D8%A7%D9%8A%20%D9%81%D9%88%D9%86%2011%20%D9%85%D8%AC%D8%A7%D9%86%D8%A7%20%D8%A8%D8%A7%D9%84%D9%86%D8%B3%D8%A8%D8%A9%20%D9%84%D9%83%22%2C%22meta%3Akeywords%22%3A%22%D8%A7%D9%8A%20%D9%81%D9%88%D9%86%2011%20%D9%85%D8%AC%D8%A7%D9%86%D8%A7%20%D8%A8%D8%A7%D9%84%D9%86%D8%B3%D8%A8%D8%A9%20%D9%84%D9%83%22%7D&cd[OpenGraph]=%7B%22og%3Atype%22%3A%22website%22%2C%22og%3Atitle%22%3A%22%D8%A7%D9%8A%20%D9%81%D9%88%D9%86%2011%20%D9%85%D8%AC%D8%A7%D9%86%D8%A7%20%D8%A8%D8%A7%D9%84%D9%86%D8%B3%D8%A8%D8%A9%20%D9%84%D9%83%22%2C%22og%3Adescription%22%3A%22%D8%A7%D9%8A%20%D9%81%D9%88%D9%86%2011%20%D9%85%D8%AC%D8%A7%D9%86%D8%A7%20%D8%A8%D8%A7%D9%84%D9%86%D8%B3%D8%A8%D8%A9%20%D9%84%D9%83%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fs3.forcloudcdn.com%2Fdmc%2F7548244d-545a-448a-ad2b-480ccfeae7eb-750x600.jpg%22%2C%22og%3Asite_name%22%3A%22Fordeal%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.29&r=stable&ec=1&o=30&fbp=fb.1.1607113668423.2136992946&it=1607113668348&coo=false&es=automatic&tm=3&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Dec 2020 20:27:48 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Fri, 04 Dec 2020 20:27:48 GMT
/
www.facebook.com/tr/
44 B
100 B
Image
General
Full URL
https://www.facebook.com/tr/?id=1232841863581518&ev=Microdata&dl=https%3A%2F%2Fact.fordeal.com%2Fact%2Fgame%2Fshare%2Faward%3Ff%3Dp_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1%26fdData%3Duh7YFDmtax4K%252FURUkIHfvr76qSTY0LMSs2%252BJTLICGqg%253D%26act_promotion_short_url%3D110909%26lan%3Dar%26cur%3DSAR%26luckyNumber%3D1012&rl=https%3A%2F%2Ff0r.co%2F2FHUb&if=false&ts=1607113668930&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22iPhone%2012%20%D9%85%D8%AC%D8%A7%D9%86%D8%A7%20%D9%84%D9%83%20!%20%22%2C%22meta%3Adescription%22%3A%22%D8%A7%D9%8A%20%D9%81%D9%88%D9%86%2011%20%D9%85%D8%AC%D8%A7%D9%86%D8%A7%20%D8%A8%D8%A7%D9%84%D9%86%D8%B3%D8%A8%D8%A9%20%D9%84%D9%83%22%2C%22meta%3Akeywords%22%3A%22%D8%A7%D9%8A%20%D9%81%D9%88%D9%86%2011%20%D9%85%D8%AC%D8%A7%D9%86%D8%A7%20%D8%A8%D8%A7%D9%84%D9%86%D8%B3%D8%A8%D8%A9%20%D9%84%D9%83%22%7D&cd[OpenGraph]=%7B%22og%3Atype%22%3A%22website%22%2C%22og%3Atitle%22%3A%22%D8%A7%D9%8A%20%D9%81%D9%88%D9%86%2011%20%D9%85%D8%AC%D8%A7%D9%86%D8%A7%20%D8%A8%D8%A7%D9%84%D9%86%D8%B3%D8%A8%D8%A9%20%D9%84%D9%83%22%2C%22og%3Adescription%22%3A%22%D8%A7%D9%8A%20%D9%81%D9%88%D9%86%2011%20%D9%85%D8%AC%D8%A7%D9%86%D8%A7%20%D8%A8%D8%A7%D9%84%D9%86%D8%B3%D8%A8%D8%A9%20%D9%84%D9%83%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fs3.forcloudcdn.com%2Fdmc%2F7548244d-545a-448a-ad2b-480ccfeae7eb-750x600.jpg%22%2C%22og%3Asite_name%22%3A%22Fordeal%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.29&r=stable&ec=1&o=30&fbp=fb.1.1607113668423.2136992946&it=1607113668348&coo=false&es=automatic&tm=3&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Dec 2020 20:27:48 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Fri, 04 Dec 2020 20:27:48 GMT
/
www.facebook.com/tr/
44 B
100 B
Image
General
Full URL
https://www.facebook.com/tr/?id=948137468955233&ev=Microdata&dl=https%3A%2F%2Fact.fordeal.com%2Fact%2Fgame%2Fshare%2Faward%3Ff%3Dp_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1%26fdData%3Duh7YFDmtax4K%252FURUkIHfvr76qSTY0LMSs2%252BJTLICGqg%253D%26act_promotion_short_url%3D110909%26lan%3Dar%26cur%3DSAR%26luckyNumber%3D1012&rl=https%3A%2F%2Ff0r.co%2F2FHUb&if=false&ts=1607113668932&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22iPhone%2012%20%D9%85%D8%AC%D8%A7%D9%86%D8%A7%20%D9%84%D9%83%20!%20%22%2C%22meta%3Adescription%22%3A%22%D8%A7%D9%8A%20%D9%81%D9%88%D9%86%2011%20%D9%85%D8%AC%D8%A7%D9%86%D8%A7%20%D8%A8%D8%A7%D9%84%D9%86%D8%B3%D8%A8%D8%A9%20%D9%84%D9%83%22%2C%22meta%3Akeywords%22%3A%22%D8%A7%D9%8A%20%D9%81%D9%88%D9%86%2011%20%D9%85%D8%AC%D8%A7%D9%86%D8%A7%20%D8%A8%D8%A7%D9%84%D9%86%D8%B3%D8%A8%D8%A9%20%D9%84%D9%83%22%7D&cd[OpenGraph]=%7B%22og%3Atype%22%3A%22website%22%2C%22og%3Atitle%22%3A%22%D8%A7%D9%8A%20%D9%81%D9%88%D9%86%2011%20%D9%85%D8%AC%D8%A7%D9%86%D8%A7%20%D8%A8%D8%A7%D9%84%D9%86%D8%B3%D8%A8%D8%A9%20%D9%84%D9%83%22%2C%22og%3Adescription%22%3A%22%D8%A7%D9%8A%20%D9%81%D9%88%D9%86%2011%20%D9%85%D8%AC%D8%A7%D9%86%D8%A7%20%D8%A8%D8%A7%D9%84%D9%86%D8%B3%D8%A8%D8%A9%20%D9%84%D9%83%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fs3.forcloudcdn.com%2Fdmc%2F7548244d-545a-448a-ad2b-480ccfeae7eb-750x600.jpg%22%2C%22og%3Asite_name%22%3A%22Fordeal%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.29&r=stable&ec=1&o=30&fbp=fb.1.1607113668423.2136992946&it=1607113668348&coo=false&es=automatic&tm=3&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Dec 2020 20:27:48 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Fri, 04 Dec 2020 20:27:48 GMT
pageview
api2.branch.io/v1/
28 B
388 B
XHR
General
Full URL
https://api2.branch.io/v1/pageview
Requested by
Host: cdn.branch.io
URL: https://cdn.branch.io/branch-latest.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:2e00:11:f728:3040:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/ Express
Resource Hash
a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb

Request headers

Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Fri, 04 Dec 2020 20:27:49 GMT
via
1.1 ac0e9b19969df989a920e6d1b834d009.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C2
x-powered-by
Express
etag
W/"1c-KRZWpHfIKyIHGKJ9mp9lAyX+vFY"
x-cache
Miss from cloudfront
content-type
application/json; charset=utf-8
access-control-allow-origin
*
x-branch-request-id
8bd311fdbb29456abcae43227c9d592f-2020120420
content-length
28
x-amz-cf-id
cEjxoJ-j8GhIKr9StR2w5YHubJlFDl1zkGHGHtVwvOSeRRMj6ObiWw==
1
gw.fordeal.com/gw/dwp.growth-api-svr.attribution-form/
84 B
371 B
XHR
General
Full URL
https://gw.fordeal.com/gw/dwp.growth-api-svr.attribution-form/1
Requested by
Host: s4.forcloudcdn.com
URL: https://s4.forcloudcdn.com/-/libs/vue/2.6.9/vue.runtime.min.js,libs/axios/0.18.0/axios.min.js,libs/js-cookie/2.2.0/src/js.cookie.js?v=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1591 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
99fe5b992fef63317f47c9dddcb6bfae6f6ed983cf809a4181b7c6da8a334728
Security Headers
Name Value
X-Frame-Options ALLOW-FROM https://www.snapchat.com

Request headers

Accept
application/json, text/plain, */*
Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

gw-trace-sampling
0
date
Fri, 04 Dec 2020 20:27:49 GMT
content-encoding
br
cf-cache-status
DYNAMIC
access-control-max-age
3600
service-rt
12
gw-code
1001
cf-request-id
06d10991560000c2b396003000000001
s_timestamp
1607113669
server
cloudflare
x-frame-options
ALLOW-FROM https://www.snapchat.com
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
front-end-https
on
access-control-allow-methods
POST, GET, OPTIONS
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://act.fordeal.com
gw-rt
35
access-control-expose-headers
GW-ST,GW-Code,gw-set-cookie,GW-RT,gw-trace-id
cache-control
no-cache
access-control-allow-credentials
true
real-server
aws-ir1-growth-growth-dwp-api-prod-031213
gw-st
1607113669084
cf-ray
5fc8452eed0bc2b3-FRA
access-control-allow-headers
Content-Type,X-XSRF-TOKEN,sign,appname,plat,ct,gw_ver,gw-did,web-gw-did,web-id,f-g,Authorization,self-referer,gw-origin,gw-cookie-domain
gw-trace-id
0.9030b6130d4d4f51b37b65385b16326c.4529.16071136690487045
dotData
dot.fordeal.com/api/
32 B
141 B
XHR
General
Full URL
https://dot.fordeal.com/api/dotData
Requested by
Host: s4.forcloudcdn.com
URL: https://s4.forcloudcdn.com/-/libs/vue/2.6.9/vue.runtime.min.js,libs/axios/0.18.0/axios.min.js,libs/js-cookie/2.2.0/src/js.cookie.js?v=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1591 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d0c6e973789174cc9a87a6695c2f6ef3e5d5956f4038bed7b0a40b1f295bf618

Request headers

Accept
application/json, text/plain, */*
Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/x-www-form-urlencoded;charset=UTF-8

Response headers

date
Fri, 04 Dec 2020 20:27:50 GMT
content-encoding
br
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
accept-encoding
access-control-allow-methods
GET, HEAD, POST, PUT, PATCH, DELETE, OPTIONS
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://act.fordeal.com
access-control-max-age
86400
access-control-allow-credentials
true
cf-ray
5fc84535cb98c2b3-FRA
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, x-token, Authorization, x-xsrf-token
cf-request-id
06d109959e0000c2b380bb2000000001
collect
analytics.google.com/g/
0
21 B
Other
General
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-EHRJ3G5MJS&gtm=2oeb41&_p=1942978021&sr=1600x1200&ul=en-us&cid=1393866930.1607113668&_s=2&dl=https%3A%2F%2Fact.fordeal.com%2Fact%2Fgame%2Fshare%2Faward%3Ff%3Dp_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1%26fdData%3Duh7YFDmtax4K%252FURUkIHfvr76qSTY0LMSs2%252BJTLICGqg%253D%26act_promotion_short_url%3D110909%26lan%3Dar%26cur%3DSAR%26luckyNumber%3D1012&dr=https%3A%2F%2Ff0r.co%2F2FHUb&dt=iPhone%2012%20%D9%85%D8%AC%D8%A7%D9%86%D8%A7%20%D9%84%D9%83%20!&sid=1607113668&sct=1&seg=0&en=scroll&_et=10&epn.percent_scrolled=90
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-EHRJ3G5MJS&l=dataLayer&cx=c
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Fri, 04 Dec 2020 20:27:53 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://act.fordeal.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
analytics.google.com/g/
0
337 B
Other
General
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-8XPR1T5L4G&gtm=2oeb41&_p=1942978021&sr=1600x1200&ul=en-us&cid=1393866930.1607113668&_s=2&dl=https%3A%2F%2Fact.fordeal.com%2Fact%2Fgame%2Fshare%2Faward%3Ff%3Dp_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1%26fdData%3Duh7YFDmtax4K%252FURUkIHfvr76qSTY0LMSs2%252BJTLICGqg%253D%26act_promotion_short_url%3D110909%26lan%3Dar%26cur%3DSAR%26luckyNumber%3D1012&dr=https%3A%2F%2Ff0r.co%2F2FHUb&dt=iPhone%2012%20%D9%85%D8%AC%D8%A7%D9%86%D8%A7%20%D9%84%D9%83%20!&sid=1607113668&sct=1&seg=0&en=scroll&_et=19&epn.percent_scrolled=90
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-8XPR1T5L4G&l=dataLayer&cx=c
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://act.fordeal.com/act/game/share/award?f=p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1&fdData=uh7YFDmtax4K%2FURUkIHfvr76qSTY0LMSs2%2BJTLICGqg%3D&act_promotion_short_url=110909&lan=ar&cur=SAR&luckyNumber=1012
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Fri, 04 Dec 2020 20:27:53 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://act.fordeal.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dotMets
client-metrics.fordeal.com/api/ Frame
0
0

dotMets
client-metrics.fordeal.com/api/ Frame
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
client-metrics.fordeal.com
URL
https://client-metrics.fordeal.com/api/dotMets
Domain
client-metrics.fordeal.com
URL
https://client-metrics.fordeal.com/api/dotMets

Verdicts & Comments Add Verdict or Comment

40 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| FD_ERROR_QUE string| F_PLAT object| F_CONFIG object| lib number| rem number| dpr function| Vue function| axios function| Cookies object| F function| EventEmitter string| F_PAGE_SESSION object| Mipha function| snaptr function| fbq function| _fbq object| dataLayer function| gtag object| branch object| google_tag_manager object| google_tag_data object| gaGlobal string| GoogleAnalyticsObject function| ga function| onYouTubeIframeAPIReady object| gaplugins object| gaData function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO

10 Cookies

Domain/Path Name / Value
.fordeal.com/ Name: lan
Value: en
.fordeal.com/ Name: timezone
Value: +3
.fordeal.com/ Name: __cfduid
Value: d435398904912751405a11803c2a2e6f21607113667
.fordeal.com/ Name: FORDEAL_ORIGIN_F
Value: p_fordeal.o_bixin.g_promo.c_share-winiphone5.t_20201016-103445.v_1
.fordeal.com/ Name: system
Value: pc
.fordeal.com/ Name: region
Value: DE
.fordeal.com/ Name: cur
Value: EUR
.fordeal.com/ Name: uuid
Value: web_h5_7e788f77bbcf4fcf9095666673ab91cb
.fordeal.com/ Name: has_uuid
Value: true
.fordeal.com/ Name: gw-did
Value: web_e8e22f5095fe49928585bdaed31fdaf6

2 Console Messages

Source Level URL
Text
console-api warning URL: https://s4.forcloudcdn.com/-/libs/fd-url/1.3.1/url.js,libs/fd-dwp/1.7.0/dwp.js,libs/fd-dce/1.0.1/dce.js,libs/fd-native-app/1.2.8/native.js,libs/fd-logger/1.7.8/logger.js,libs/fd-tracker/2.0.4/tracker.js,libs/fd-promotion/1.5.0/promotion.js?v=1(Line 1)
Message:
not support ServiceWorker or fail to register
console-api log URL: https://s3.forcloudcdn.com/assets/lego/fe8d04592fddef28cd9bdcc338ba40ab.js?v=1(Line 1)
Message:
本地时间-系统时间: 0.007

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

act.fordeal.com
analytics.google.com
api2.branch.io
app.link
cdn.branch.io
client-metrics.fordeal.com
connect.facebook.net
dot-hub-x.fordeal.com
dot.fordeal.com
f0r.co
googleads.g.doubleclick.net
gw.fordeal.com
h5.fordeal.com
s3.forcloudcdn.com
s4.forcloudcdn.com
sc-static.net
stats.g.doubleclick.net
tr.snapchat.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
client-metrics.fordeal.com
13.224.93.90
13.224.93.97
216.58.206.2
2600:9000:2190:dc00:19:9934:6a80:93a1
2600:9000:21f3:2e00:11:f728:3040:93a1
2606:4700:3033::681b:a440
2606:4700::6812:1491
2606:4700::6812:1591
2606:4700::6812:19c9
2a00:1450:4001:801::2002
2a00:1450:4001:802::2004
2a00:1450:4001:80b::200e
2a00:1450:4001:818::2008
2a00:1450:4001:81a::2003
2a00:1450:4001:81a::2004
2a00:1450:4001:824::200e
2a00:1450:400c:c09::9a
2a00:1450:400c:c09::9d
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
35.186.226.184
06462b9cde8acdb46d6ad810b2cca2aff934fcf1749f2569f342ce3e0a95d063
07132b10727e07799a2af83eb123237c889a89671650fb71c1aa4436e7a216f0
0746983372f1b7e048c04f4b0b56b8f30d7b6240dc366d45ed329044d2c48392
0e49c2b4e86d3fda1dda93eb1210a47712f7b091181b4e7c6da2b3e6f8e86396
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1217a3a967efe5ddd8bf19f19baa88dbcc95ccf6f25b7a0e949d232f525c885a
1b5799846c2f6b75f6c61b6802ccd3940ffc8203ed4e30a9f53a82f4bd1a2f25
2d011947db111744f7347b47dc5aff3365beecc43cc4f021ccaac5d22b936d95
3ff0169292598bec1751fce80d0024e2c9e55c406b7456ef3aefae30bf3a4efb
4548c412ce3bd15ddf652328dd58fad638a41fbd5c08473a1ab485e5a12076c9
4c654cc6f20fdbc364b6594b2c24e3aff4bdeb6ae88ab2438360c6ea11b1a20e
5fb46ad88af0181f8aa600691dadedc2d6dd1946603b69bc36385f68efdd01a3
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6f39624b6c39016601d7d80b2b921c2fcd68ccfce86210dae6d837a42c05bc0b
74e4ba34676dc5ac82db3728157650d10ccb499bba7dd2ef0df282630bd34ecb
79271598e3af3899269689883826f9c9d22079f5da2a7d84a042ddf67f3875c7
7a58d63fbb105ec41455f5ecd7313cd47fd2cbd741be1e615d7edd5084581245
814363ffdc3390936740954a636377a4f4e8542fdd28b8a8a3a5be904a384d52
8148443d228eb296a94c0a9b59c9adce6e5dc45ec442df993673264fd63ac272
81bd3f9cfa4e8048c31e25c4c8d3a6f344418c0bfd6722ba03fb9cd3844398d7
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
867e9d08b5658be43b7537391034480293a65d6d2bd74461e4b6b5b17fd10ee7
8786c76184d1e72abb25a5becaf956e39d8600d46a8c28a8664d4324d350440e
8f82641cd10d709c474e2c3b3e2eb32a3779b767d7346d51b5d68d63c9011f36
94d4e476403a8ebb0cf7fbeb6740613632e10059de7cff2f7479b1c52822979a
99fe5b992fef63317f47c9dddcb6bfae6f6ed983cf809a4181b7c6da8a334728
9a4edc2f6181c78030f3fe9cf2a897643ff733be5f1526807491fa97b668cdef
a82dc28d43942326b346f92907df3bea5e38b2325ef97176f3b6234966bf19eb
ad76fbc33fe30cdbedcc3ad3a36d2e40cf046e3d071b86822fb6dfb7925b0e60
ae2da0e95fb2c36a7bfc05c04cac11298d76720b98e67d84519d915cd56dbe82
ae433f52d4697a1ed9b458b97993d33c5676355a4714df1413c3aa86e765b6fd
ae4f0e529fd049ee6c6211d0993b2abb8770feb295069037e6833926b9d2f3ec
b17576de440089f3c222a16eb6b5c39c712b854d3814bf4bad2ac79bdde34fde
b2dfe06fc77da82ebe76f75e47cab44bad0d0f2be06f017bc90da738019e9398
b41b61a32822149cb5d08b2a4ac1c4a5a459270a387a609c64559c121ca0c52a
b44163cb03740958fbf8b38b70317a2ec56567515513f86d37baca0dccd04a3c
c00fd0da60ff22ac2b1264f58439f41ab8cd02c1016006de62d27ebdb41b63bf
d087ad1012c6202b27e75ee3b74e27949017b975ddadaed773a1dd5ab33e5214
d0c6e973789174cc9a87a6695c2f6ef3e5d5956f4038bed7b0a40b1f295bf618
dc6ad078f9a35bc3668541cbe2405c7d3ac3f2e73fb2d06d2a454e1ae961fe87
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efe24cf995481398cb7abeada5dcfae661d86350e8a415cd82334c853b352fca
fa61544d9ef006498f3fafbf1c26654d094597ab75ee8f9bb586acbc417d3821