says.com Open in urlscan Pro
2606:4700:4400::ac40:95ee Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1...
Effective URL:
https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1...
Submission: On December 01 via manual (December 1st 2023, 6:26:04 am UTC) from IN — Scanned from DE

Summary HTTP 250 Redirects Links 36 Behaviour Indicators

Summary

This website contacted 68 IPs in 7 countries across 45 domains to perform 250 HTTP transactions. The main IP is 2606:4700:4400::ac40:95ee, located in United States and belongs to CLOUDFLARENET, US. The main domain is says.com. The Cisco Umbrella rank of the primary domain is 188812.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on January 26th 2023. Valid for: a year.

This is the only time says.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:440... 2606:4700:4400::6812:2612	13335 (CLOUDFLAR...) (CLOUDFLARENET)
15	2606:4700:440... 2606:4700:4400::ac40:95ee	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:303... 2606:4700:3035::6815:273b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2a02:26f0:350... 2a02:26f0:3500:16::215:1495	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
10	2606:4700:440... 2606:4700:4400::ac40:97e6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:3865	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700::68... 2606:4700::6810:5514	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
2	52.85.92.52 52.85.92.52	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
1	184.30.16.195 184.30.16.195	16625 (AKAMAI-AS) (AKAMAI-AS)
4	2a03:2880:f08... 2a03:2880:f084:d:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
3	2a00:1450:400... 2a00:1450:4001:80f::2008	15169 (GOOGLE) (GOOGLE)
43	151.101.129.44 151.101.129.44	54113 (FASTLY) (FASTLY)
4	18.245.60.76 18.245.60.76	16509 (AMAZON-02) (AMAZON-02)
2	52.212.53.77 52.212.53.77	16509 (AMAZON-02) (AMAZON-02)
8	2a02:2638:3::3 2a02:2638:3::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2600:9000:201... 2600:9000:2016:f200:a:e047:753:a221	16509 (AMAZON-02) (AMAZON-02)
1	34.102.146.192 34.102.146.192	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2606:4700:10:... 2606:4700:10::ac43:266a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
5	2606:4700:20:... 2606:4700:20::ac43:4ac2	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	34.120.107.143 34.120.107.143	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	185.64.189.226 185.64.189.226	62713 (AS-PUBMATIC) (AS-PUBMATIC)
8	2a00:1450:400... 2a00:1450:4001:828::200e	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
2	2600:9000:207... 2600:9000:2070:5800:18:1fcd:353:c61	16509 (AMAZON-02) (AMAZON-02)
6	2606:4700:7::... 2606:4700:7::a29f:853d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	146.75.120.157 146.75.120.157	54113 (FASTLY) (FASTLY)
1	2a05:d014:21b... 2a05:d014:21b:8e02::6e:5	16509 (AMAZON-02) (AMAZON-02)
2	2620:1ec:bdf::45 2620:1ec:bdf::45	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2606:4700:440... 2606:4700:4400::6812:233f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	141.95.98.64 141.95.98.64	16276 (OVH) (OVH)
1 4	2a02:2638:3::c 2a02:2638:3::c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
4	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:400c:c00::9b	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::200e	15169 (GOOGLE) (GOOGLE)
1 6	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:82b::200e	15169 (GOOGLE) (GOOGLE)
1	2a04:4e42:600... 2a04:4e42:600::714	54113 (FASTLY) (FASTLY)
1	104.244.42.69 104.244.42.69	13414 (TWITTER) (TWITTER)
1	104.244.42.3 104.244.42.3	13414 (TWITTER) (TWITTER)
1	2a00:1450:400... 2a00:1450:4001:81c::200e	15169 (GOOGLE) (GOOGLE)
1 2	68.219.88.97 68.219.88.97	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	35.174.214.9 35.174.214.9	14618 (AMAZON-AES) (AMAZON-AES)
14	2a00:1450:400... 2a00:1450:4001:80e::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
1	34.98.64.218 34.98.64.218	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2a03:2880:f17... 2a03:2880:f177:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
3	104.211.35.148 104.211.35.148	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a02:2638:3::12 2a02:2638:3::12	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a00:1450:400... 2a00:1450:4001:803::2006	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:801::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:803::2016	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
8	141.226.228.48 141.226.228.48	200478 (TABOOLA-AS) (TABOOLA-AS)
1	178.250.1.6 178.250.1.6	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
4	2a02:2638:3::10 2a02:2638:3::10	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a02:2638:3::1a 2a02:2638:3::1a	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
1	2a02:2638:3::9 2a02:2638:3::9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	2606:4700:440... 2606:4700:4400::6812:27d0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700:7::... 2606:4700:7::a29f:863d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a04:4e42::300 2a04:4e42::300	54113 (FASTLY) (FASTLY)
1	141.226.224.32 141.226.224.32	200478 (TABOOLA-AS) (TABOOLA-AS)
250	68

1 2606:4700:4400::6812:2612 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

says.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2606:4700:4400::ac40:95ee (United States)

ASN13335 (CLOUDFLARENET, US)

says.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
images.says.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3035::6815:273b (United States)

ASN13335 (CLOUDFLARENET, US)

policy.revasia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a02:26f0:3500:16::215:1495 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2606:4700:4400::ac40:97e6 (United States)

ASN13335 (CLOUDFLARENET, US)

pcto.revmedia.my	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:3865 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6810:5514 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.85.92.52 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-85-92-52.ham50.r.cloudfront.net

tags.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.30.16.195 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-16-195.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f084:d:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

43 151.101.129.44 (United States)

ASN54113 (FASTLY, US)

cdn.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
images.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.245.60.76 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-60-76.fra60.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.212.53.77 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-212-53-77.eu-west-1.compute.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a02:2638:3::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2016:f200:a:e047:753:a221 (United States)

ASN16509 (AMAZON-02, US)

cdn.prod.uidapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.146.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.146.102.34.bc.googleusercontent.com

oa.openxcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::ac43:266a (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ce73e6b410d922c1f2e067cb16546cf3.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:20::ac43:4ac2 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.skypack.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.120.107.143 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 143.107.120.34.bc.googleusercontent.com

oajs.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.226 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

ut.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2070:5800:18:1fcd:353:c61 (United States)

ASN16509 (AMAZON-02, US)

static.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:7::a29f:853d (United States)

ASN13335 (CLOUDFLARENET, US)

says.api.useinsider.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
segment.api.useinsider.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
log.api.useinsider.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.120.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d014:21b:8e02::6e:5 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

c16d-35-240-187-111.ngrok.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:bdf::45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:233f (United States)

ASN13335 (CLOUDFLARENET, US)

heartbeat.mediaprimaplus.com.my	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.95.98.64 (France)

ASN16276 (OVH, FR)
PTR: ns3216658.ip-141-95-98.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:2638:3::c (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400c:c00::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ampcid.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:600::714 (United States)

ASN54113 (FASTLY, US)

mab.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.69 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.3 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81c::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ampcid.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 68.219.88.97 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.174.214.9 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-174-214-9.compute-1.amazonaws.com

ping.chartbeat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:80e::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.64.218 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com

google-bidout-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f177:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.211.35.148 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

y.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::12 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

static.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:801::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

jnn-pa.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::2016 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

i.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

yt3.ggpht.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 141.226.228.48 (Netherlands)

ASN200478 (TABOOLA-AS, IL)

am-trc-events.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.1.6 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.nl3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:2638:3::10 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

imageproxy.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::1a (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.nl3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:4400::6812:27d0 (United States)

ASN13335 (CLOUDFLARENET, US)

hb.revid.my	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:7::a29f:863d (United States)

ASN13335 (CLOUDFLARENET, US)

locationv2.api.useinsider.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
hit.api.useinsider.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42::300 (United States)

ASN54113 (FASTLY, US)

pips.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.226.224.32 (United States)

ASN200478 (TABOOLA-AS, IL)

cds.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
53	taboola.com cdn.taboola.com — Cisco Umbrella Rank: 1020 trc.taboola.com — Cisco Umbrella Rank: 648 am-trc-events.taboola.com — Cisco Umbrella Rank: 15316 images.taboola.com — Cisco Umbrella Rank: 1870 pips.taboola.com — Cisco Umbrella Rank: 1659 cds.taboola.com — Cisco Umbrella Rank: 1860	1 MB
16	says.com 1 redirects says.com — Cisco Umbrella Rank: 188812 images.says.com — Cisco Umbrella Rank: 252419	613 KB
15	googlesyndication.com ce73e6b410d922c1f2e067cb16546cf3.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 102 tpc.googlesyndication.com — Cisco Umbrella Rank: 148	142 KB
15	doubleclick.net securepubads.g.doubleclick.net — Cisco Umbrella Rank: 196 googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 stats.g.doubleclick.net — Cisco Umbrella Rank: 75 static.doubleclick.net — Cisco Umbrella Rank: 248	240 KB
13	criteo.net static.criteo.net — Cisco Umbrella Rank: 631 imageproxy.eu.criteo.net — Cisco Umbrella Rank: 10143 csm.eu.criteo.net — Cisco Umbrella Rank: 9625	73 KB
11	google.com 1 redirects region1.analytics.google.com — Cisco Umbrella Rank: 2693 ampcid.google.com — Cisco Umbrella Rank: 2783 www.google.com — Cisco Umbrella Rank: 2	17 KB
10	revmedia.my pcto.revmedia.my — Cisco Umbrella Rank: 592941	345 KB
9	useinsider.com says.api.useinsider.com — Cisco Umbrella Rank: 770494 segment.api.useinsider.com — Cisco Umbrella Rank: 18797 locationv2.api.useinsider.com — Cisco Umbrella Rank: 20384 log.api.useinsider.com — Cisco Umbrella Rank: 26150 hit.api.useinsider.com — Cisco Umbrella Rank: 16509	114 KB
8	youtube.com www.youtube.com — Cisco Umbrella Rank: 71	1001 KB
8	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27	42 KB
8	typekit.net use.typekit.net — Cisco Umbrella Rank: 446 p.typekit.net — Cisco Umbrella Rank: 559	120 KB
7	criteo.com 1 redirects gum.criteo.com — Cisco Umbrella Rank: 424 mug.criteo.com — Cisco Umbrella Rank: 2811 ads.eu.criteo.com — Cisco Umbrella Rank: 9522 cat.nl3.eu.criteo.com — Cisco Umbrella Rank: 10971 rtb.nl3.eu.criteo.com — Cisco Umbrella Rank: 16218	55 KB
7	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 796 c.clarity.ms — Cisco Umbrella Rank: 1377 y.clarity.ms — Cisco Umbrella Rank: 7425	28 KB
5	googleapis.com jnn-pa.googleapis.com — Cisco Umbrella Rank: 203 fonts.googleapis.com — Cisco Umbrella Rank: 29	33 KB
5	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 428	104 KB
5	google.de www.google.de — Cisco Umbrella Rank: 6765 ampcid.google.de — Cisco Umbrella Rank: 85078	1 KB
5	skypack.dev cdn.skypack.dev — Cisco Umbrella Rank: 39155	41 KB
4	gstatic.com fonts.gstatic.com www.gstatic.com	48 KB
4	scorecardresearch.com sb.scorecardresearch.com — Cisco Umbrella Rank: 172	5 KB
4	facebook.net connect.facebook.net — Cisco Umbrella Rank: 168	178 KB
4	crwdcntrl.net tags.crwdcntrl.net — Cisco Umbrella Rank: 979 bcp.crwdcntrl.net — Cisco Umbrella Rank: 850	31 KB
4	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 313	59 KB
3	chartbeat.com static.chartbeat.com — Cisco Umbrella Rank: 1767 mab.chartbeat.com — Cisco Umbrella Rank: 2658	34 KB
3	openx.net 1 redirects oajs.openx.net — Cisco Umbrella Rank: 1639 google-bidout-d.openx.net — Cisco Umbrella Rank: 1643	758 B
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 36	264 KB
3	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 206	124 KB
3	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 204	89 KB
2	revid.my hb.revid.my — Cisco Umbrella Rank: 192241	456 B
2	id5-sync.com cdn.id5-sync.com — Cisco Umbrella Rank: 893 id5-sync.com — Cisco Umbrella Rank: 425	34 KB
2	pubmatic.com ads.pubmatic.com — Cisco Umbrella Rank: 544 ut.pubmatic.com — Cisco Umbrella Rank: 7777	166 KB
2	revasia.com policy.revasia.com — Cisco Umbrella Rank: 402342	3 KB
1	ggpht.com yt3.ggpht.com — Cisco Umbrella Rank: 226	2 KB
1	ytimg.com i.ytimg.com — Cisco Umbrella Rank: 89	23 KB
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 98	185 B
1	chartbeat.net ping.chartbeat.net — Cisco Umbrella Rank: 1455	201 B
1	bing.com 1 redirects c.bing.com — Cisco Umbrella Rank: 228	759 B
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 713	397 B
1	t.co t.co — Cisco Umbrella Rank: 589	377 B
1	mediaprimaplus.com.my heartbeat.mediaprimaplus.com.my — Cisco Umbrella Rank: 191556	39 KB
1	ngrok.io c16d-35-240-187-111.ngrok.io
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 678	15 KB
1	openxcdn.net oa.openxcdn.net — Cisco Umbrella Rank: 1740	8 KB
1	uidapi.com cdn.prod.uidapi.com — Cisco Umbrella Rank: 2789	3 KB
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 864	7 KB
0	Failed function sub() { [native code] }. Failed
250	45

	Domain	Requested by
30	images.taboola.com
14	says.com	1 redirects says.com static.cloudflareinsights.com cdn.taboola.com
11	cdn.taboola.com	says.com cdn.taboola.com
10	pcto.revmedia.my	says.com cdn.taboola.com
9	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com says.com ce73e6b410d922c1f2e067cb16546cf3.safeframe.googlesyndication.com
8	am-trc-events.taboola.com
8	www.youtube.com	www.youtube.com
8	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
8	static.criteo.net	securepubads.g.doubleclick.net ads.eu.criteo.com
8	securepubads.g.doubleclick.net	says.com www.googletagservices.com securepubads.g.doubleclick.net ce73e6b410d922c1f2e067cb16546cf3.safeframe.googlesyndication.com
7	use.typekit.net	says.com use.typekit.net
6	www.google.com	1 redirects tpc.googlesyndication.com www.youtube.com
5	cdn.ampproject.org	securepubads.g.doubleclick.net
5	cdn.skypack.dev	says.com
4	imageproxy.eu.criteo.net	ads.eu.criteo.com
4	jnn-pa.googleapis.com	www.youtube.com
4	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com
4	www.google.de
4	region1.analytics.google.com	www.googletagmanager.com
4	sb.scorecardresearch.com	says.com
4	connect.facebook.net	says.com connect.facebook.net
4	cdn.jsdelivr.net	says.com securepubads.g.doubleclick.net
3	log.api.useinsider.com
3	y.clarity.ms	www.clarity.ms
3	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
3	gum.criteo.com	1 redirects static.criteo.net cdn.taboola.com
3	googleads.g.doubleclick.net	www.googletagmanager.com www.youtube.com says.com
3	www.googletagmanager.com	says.com www.googletagmanager.com
3	www.googletagservices.com	says.com ce73e6b410d922c1f2e067cb16546cf3.safeframe.googlesyndication.com
3	cdnjs.cloudflare.com	pcto.revmedia.my cdnjs.cloudflare.com says.com
2	hit.api.useinsider.com	says.api.useinsider.com
2	hb.revid.my	heartbeat.mediaprimaplus.com.my
2	www.gstatic.com	www.youtube.com www.gstatic.com
2	fonts.gstatic.com	www.youtube.com
2	c.clarity.ms	1 redirects
2	trc.taboola.com	cdn.taboola.com
2	www.clarity.ms	says.com www.clarity.ms
2	says.api.useinsider.com	www.googletagmanager.com says.api.useinsider.com
2	static.chartbeat.com	www.googletagmanager.com says.com
2	oajs.openx.net	1 redirects
2	ce73e6b410d922c1f2e067cb16546cf3.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	bcp.crwdcntrl.net	tags.crwdcntrl.net
2	tags.crwdcntrl.net	says.com securepubads.g.doubleclick.net
2	images.says.com	says.com
2	policy.revasia.com	says.com
1	cds.taboola.com	cdn.taboola.com
1	pips.taboola.com	cdn.taboola.com
1	locationv2.api.useinsider.com	says.api.useinsider.com
1	segment.api.useinsider.com	says.api.useinsider.com
1	rtb.nl3.eu.criteo.com	ce73e6b410d922c1f2e067cb16546cf3.safeframe.googlesyndication.com
1	fonts.googleapis.com	cdn.taboola.com
1	csm.eu.criteo.net	ads.eu.criteo.com
1	cat.nl3.eu.criteo.com	ads.eu.criteo.com
1	yt3.ggpht.com	www.youtube.com
1	i.ytimg.com	www.youtube.com
1	static.doubleclick.net	www.youtube.com
1	ads.eu.criteo.com	ce73e6b410d922c1f2e067cb16546cf3.safeframe.googlesyndication.com
1	www.facebook.com
1	google-bidout-d.openx.net	oa.openxcdn.net
1	ping.chartbeat.net
1	c.bing.com	1 redirects
1	ampcid.google.de	www.google-analytics.com
1	analytics.twitter.com
1	t.co
1	mab.chartbeat.com	static.chartbeat.com
1	mug.criteo.com
1	ampcid.google.com	www.google-analytics.com
1	id5-sync.com	cdn.id5-sync.com
1	heartbeat.mediaprimaplus.com.my	www.googletagmanager.com
1	c16d-35-240-187-111.ngrok.io	www.googletagmanager.com
1	static.ads-twitter.com	says.com
1	ut.pubmatic.com	ads.pubmatic.com
1	cdn.id5-sync.com	securepubads.g.doubleclick.net
1	oa.openxcdn.net	securepubads.g.doubleclick.net
1	cdn.prod.uidapi.com	securepubads.g.doubleclick.net
1	ads.pubmatic.com	says.com
1	p.typekit.net	use.typekit.net
1	static.cloudflareinsights.com	says.com
0	truncated Failed	says.com
250	79

This site contains links to these domains. Also see Links.

Domain
3uze.short.gy
www.audioplus.audio
facebook.com
twitter.com
instagram.com
www.youtube.com
www.openrice.com
www.bilibili.com
www.instagram.com
www.tiktok.com
t.me
www.dcard.tw
images.says.com
margaret.tw
www.sohu.com
www.hausfrage.de
popup.taboola.com
welighly-itario.icu
das-solar-portal.de
www.audibene.de
lhlrtvx.com
teavishedconers.com
careers.revasia.com
revmedia.my
www.mediaprima.com.my
bredings-person.com
maximparerurehab.com

Subject Issuer	Validity	Valid
says.com Cloudflare Inc ECC CA-3	`2023-01-26` - `2024-01-26`	a year	crt.sh
revasia.com Cloudflare Inc ECC CA-3	`2023-01-26` - `2024-01-26`	a year	crt.sh
use.typekit.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-21` - `2024-10-21`	a year	crt.sh
revmedia.my Cloudflare Inc ECC CA-3	`2023-01-25` - `2024-01-24`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-04-10` - `2024-04-09`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.crwdcntrl.net Amazon RSA 2048 M01	`2023-10-08` - `2024-11-05`	a year	crt.sh
*.pubmatic.com DigiCert TLS RSA SHA256 2020 CA1	`2023-11-26` - `2024-11-26`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-09-09` - `2023-12-08`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.taboola.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-23` - `2024-11-22`	a year	crt.sh
*.scorecardresearch.com Sectigo RSA Domain Validation Secure Server CA	`2022-12-15` - `2023-12-28`	a year	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-09` - `2024-01-06`	3 months	crt.sh
cdn.prod.uidapi.com R3	`2023-11-02` - `2024-01-31`	3 months	crt.sh
oa.openxcdn.net GTS CA 1D4	`2023-11-24` - `2024-02-22`	3 months	crt.sh
skypack.dev GTS CA 1P5	`2023-10-04` - `2024-01-02`	3 months	crt.sh
*.chartbeat.com Thawte TLS RSA CA G1	`2023-05-16` - `2024-06-06`	a year	crt.sh
useinsider.com Cloudflare Inc ECC CA-3	`2023-01-25` - `2024-01-24`	a year	crt.sh
ads-twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-21` - `2024-07-19`	a year	crt.sh
*.ngrok.io R3	`2023-10-24` - `2024-01-22`	3 months	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2023-08-29` - `2024-08-29`	a year	crt.sh
mediaprimaplus.com.my Cloudflare Inc ECC CA-3	`2023-07-01` - `2024-06-30`	a year	crt.sh
*.id5-sync.com R3	`2023-11-01` - `2024-01-30`	3 months	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-26` - `2023-12-23`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-05` - `2024-02-05`	a year	crt.sh
*.twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-31` - `2024-10-29`	a year	crt.sh
*.google.de GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.chartbeat.net Thawte TLS RSA CA G1	`2023-11-20` - `2024-12-20`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.openx.net RapidSSL TLS RSA CA G1	`2023-08-18` - `2024-08-18`	a year	crt.sh
a.clarity.ms Microsoft Azure TLS Issuing CA 06	`2023-02-13` - `2024-02-08`	a year	crt.sh
misc-sni.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-29` - `2023-12-23`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
edgestatic.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.nl3.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-30` - `2023-12-25`	3 months	crt.sh
*.eu.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-17` - `2024-01-18`	3 months	crt.sh
revid.my Cloudflare Inc ECC CA-3	`2023-01-30` - `2024-01-30`	a year	crt.sh

This page contains 11 frames:

Primary Page: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
Frame ID: A4E6F482F65C5C8904BD297815F09B21
Requests: 187 HTTP requests in this frame

Frame: https://ce73e6b410d922c1f2e067cb16546cf3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 648A7D9F466A1265AF44C78B6D19255E
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=says.com
Frame ID: 6D51B3C1F7AD78B2BB389182C8C02D6D
Requests: 2 HTTP requests in this frame

Frame: https://www.youtube.com/embed/Q7LmTiaVXg4
Frame ID: B77559B14B8FC849D3A47552DE49543B
Requests: 20 HTTP requests in this frame

Frame: https://says.api.useinsider.com/worker-new.html
Frame ID: 54235532FAEB6DD99D7CFC69A4A3A6F1
Requests: 1 HTTP requests in this frame

Frame: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Frame ID: 9654603503BD2238803EF9F82ECAB134
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: EF88C8B79649E47F5ABF7BCCB8F43CF7
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: ED62C55E67FD37EE70112D8179A0830C
Requests: 2 HTTP requests in this frame

Frame: https://ce73e6b410d922c1f2e067cb16546cf3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 51BF0A8308A98C21D142EEA86F3EAE0C
Requests: 8 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012310301456000/amp4ads-v0.mjs
Frame ID: 9AA4697D21ED5E00CA5B881B6CE70208
Requests: 11 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZWl8dAANUB4Iu8OhAAIwQ1oiVkILYfIepjYytA&u=%7CN7TW87BgKgfQ0gT7z4wUQpqxHs8LKdOFhVR%2BuJXRtPw%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU873PslWXxlgwqyDsvBp4X-0UEJ8w8gW49kLu82w_1JkF2ltYaQwysqsp8BxOuVMc2j5UcTTWBUDSYaCnH9D77upRmgKlsocxLY4Xg85pl_XOCfKHexGGrzhgWhUJoeX-7fhqx37ydEThElfJXmxrC7UDtjB_on0fgThqDC2JUY0XXFeBK41XQ2wnviTVQoCQdmk-zOBLBzW_gjknCICWXJjN8GgqBsGdp_gIuentAfPGromp7kUr1eZYJQlNgVY01CbdwZmE-oZ-bWD-j-rkEXL8y0eBJ3HzqeIp0UgWOFxwNshhBd1U7xyrtenLhLOSeB73W9JgiwlsphtlVJinobxh9UMkIbQ5NLvwUcx41AVI5Y_0RkXnqMN7Z7CvEAgUkpk0KOD5DdbaKeOJ-c1Jzx11NJ3nzybWBsAlUP2nmO2xA6SZ-ey6-NPQfNaIBZONnYzN_AVMH4CzW7xxY1ARu-BICb8Xb64q8lc-yq7QVZjVhOwivRPQgD3vVCeEU2Czsn-40Ui1YpAYIakmVbIT4A5CngxNokqDi-r8KMvF-YG-iS6xdkO2150ShltZzqALd3BiKJ-MZwGRBu8PiFolurj-P_4wsk70Wj&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCARxAdHxpZZ6gNaGH7_UPw-CI4ATJntKxXNWdkfdwwI23ARABIABglZqigrAHggEXY2EtcHViLTMyOTE2ODg0MjA2ODA3MzbIAQmpAvQ7k0BSRLI-4AIAqAMByAMCqgTSAk_Q_WlYeZUumUA63pV8p5-h0qEW4exudVTx3yqG6F3TYXF7mIq2cat2p0iMiYbiPAGUdo0T1o61R8GIXbiJAYGa-1dZ0Xr8K75kF6rz68Z-Z59Rj57bImZviR4iRoz8dFDiNbN7TLswDndPE0gMHB4P7GdOyOOrggDaVdl6WKkCq0ZW1xbCRHd6H0-ThBNmtr91uPuXqQrI7u5yTxGclRNJdgwv8qDGofAfJMCylRvPZpMPrzvtkZ69JKc8_eMp-GGUksa1o9XL962w7bg0d5ZnXRNJ80LHpw1SY3t7ejm4zJbHF9Zq5qiq5pofQWQ_Zxdya_ZNxUxZz9Qcd45pogJnxO_rfgO7uCQAW6q_6gzEf2NZerOw8QUxytv006hubrx9REv2U6ffM_sHHLaQf49eKgph4UZ-Mgu3aNugMm3d2Ov0xrWNCsj8KRDaUK28PXvb4AQBgAaU4vC72MW79JUBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YBwEAEyAusCOgKAQEi9_cE6WIeAtrrN7YID-gsCCAGADAHiDRMI2_i2us3tggMVocO7CB1DMAJM0BUBgBcB%26num%3D1%26sig%3DAOD64_2rI72OlLPVDMpbbLyED5MwYdugGg%26client%3Dca-pub-3291688420680736%26adurl%3D
Frame ID: 95DC572AA3410CB90CECCFE974FB64AD
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Man Screams At Haidilao Staff For Singing Birthday Song To HimGroup 3Group 3Group 3Group 3

Page URL History Show full URLs

http://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1... HTTP 301
https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1... Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Insider (Marketing automation) Expand

Overall confidence: 100%
Detected patterns

api\.useinsider\.\w+/

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Popper (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

<script [^>]*src="[^"]*/popper\.js/([0-9.]+)
/popper\.js/([0-9.]+)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Twitter typeahead.js (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

(?:typeahead|bloodhound)\.(?:jquery|bundle)?(?:\.min)?\.js

comScore (Analytics) Expand

Overall confidence: 100%
Detected patterns

<iframe[^>]* (?:id="comscore"|scr=[^>]+comscore)|\.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon
\.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

250
Requests

98 %
HTTPS

72 %
IPv6

45
Domains

79
Subdomains

68
IPs

7
Countries

5567 kB
Transfer

13475 kB
Size

38
Cookies

36 Outgoing links

These are links going to different origins than the main page.

URL: https://3uze.short.gy/t4iBSX

Search URL Search Domain Scan URL

URL: http://www.audioplus.audio/
Title: Get Audio+

Search URL Search Domain Scan URL

URL: http://facebook.com/saysdotcom

Search URL Search Domain Scan URL

URL: http://twitter.com/saysdotcom

Search URL Search Domain Scan URL

URL: http://instagram.com/saysdotcom

Search URL Search Domain Scan URL

URL: https://www.youtube.com/SAYSvideos

Search URL Search Domain Scan URL

URL: https://www.openrice.com/zh/macau/p-%E6%B5%B7%E5%BA%95%E6%92%88%E7%81%AB%E9%8D%8B-p11438531
Title: OpenRice

Search URL Search Domain Scan URL

URL: https://www.bilibili.com/video/BV1ni4y1M7WQ/
Title: bilibili

Search URL Search Domain Scan URL

URL: https://www.instagram.com/saysdotcom/
Title: Instagram

Search URL Search Domain Scan URL

URL: https://www.tiktok.com/@saysdotcom
Title: TikTok

Search URL Search Domain Scan URL

URL: http://t.me/saysdotcom
Title: Telegram

Search URL Search Domain Scan URL

URL: https://www.dcard.tw/f/relationship/p/240104107
Title: Dcard

Search URL Search Domain Scan URL

URL: https://images.says.com/uploads/story_source/source_image/1059063/2226.png

Search URL Search Domain Scan URL

URL: https://margaret.tw/taichung-haidilao/
Title: margaret.tw

Search URL Search Domain Scan URL

URL: https://images.says.com/uploads/story_source/source_image/1059065/264a.png

Search URL Search Domain Scan URL

URL: https://www.sohu.com/a/366402831_120477762
Title: 时空说 (Sohu)

Search URL Search Domain Scan URL

URL: https://images.says.com/uploads/story_source/source_image/1059068/5b4c.jpg

Search URL Search Domain Scan URL

URL: https://www.hausfrage.de/angebote/solarrechner/
Title: Hausfrage

Search URL Search Domain Scan URL

URL: https://popup.taboola.com/en/?template=colorbox&utm_source=revmediagroup-says&utm_medium=referral&utm_content=thumbs-feed-01-delta:Below%20Article%20Thumbnails%20|%20Card%201:
Title: Sponsored

Search URL Search Domain Scan URL

URL: https://welighly-itario.icu/f144a628-ac3c-4ec8-8156-d820f2be83bc
Title: Diesel Check 2023

Search URL Search Domain Scan URL

URL: https://popup.taboola.com/en/?template=colorbox&utm_source=revmediagroup-says&utm_medium=referral&utm_content=thumbs-feed-01-a-delta:Below%20Article%20Thumbnails%20|%20Card%202:
Title: Sponsored

Search URL Search Domain Scan URL

URL: https://www.hausfrage.de/artikel/treppenlift-fehler
Title: Hausfrage

Search URL Search Domain Scan URL

URL: https://das-solar-portal.de/solaranlagen-kosten-tab-02/
Title: Das Solar Portal

Search URL Search Domain Scan URL

URL: https://www.audibene.de/d/expert_letter/
Title: audibene

Search URL Search Domain Scan URL

URL: https://lhlrtvx.com/click
Title: Checkfox

Search URL Search Domain Scan URL

URL: https://teavishedconers.com/4273d485-1ae2-4e04-bc56-e5045526b62e
Title: ThermoAlpin

Search URL Search Domain Scan URL

URL: https://careers.revasia.com/
Title: Job Openings

Search URL Search Domain Scan URL

URL: https://revmedia.my/
Title: REV Media Group

Search URL Search Domain Scan URL

URL: https://www.mediaprima.com.my/
Title: Media Prima Group

Search URL Search Domain Scan URL

URL: https://popup.taboola.com/en/?template=colorbox&utm_source=revmediagroup-says&utm_medium=referral&utm_content=thumbs-feed-01-y-delta:Explore%20More%20|%20Card%202:
Title: Sponsored

Search URL Search Domain Scan URL

URL: https://bredings-person.com/f7736266-1593-4e7c-a15f-170d64b3724b
Title: Tinnitus Research

Search URL Search Domain Scan URL

URL: https://maximparerurehab.com/89e8bbd9-9810-456d-84eb-561a7ef7884a
Title: Das Immobilienportal

Search URL Search Domain Scan URL

URL: https://popup.taboola.com/en/?template=colorbox&utm_source=revmediagroup-says&utm_medium=referral&utm_content=thumbs-feed-01-y-delta:Explore%20More%20|%20Card%205:
Title: Sponsored

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA HTTP 301
https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 58

https://oajs.openx.net/esp?url=https%3A%2F%2Fsays.com%2Fmy%2Ffun%2Fman-screamed-haidilao-staff-happy-birthday-hot-pot%3Ffbclid%3DIwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA&rid=esp HTTP 302
https://oajs.openx.net/esp?url=https%3A%2F%2Fsays.com%2Fmy%2Ffun%2Fman-screamed-haidilao-staff-happy-birthday-hot-pot%3Ffbclid%3DIwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA&rid=esp&cc=1

Request Chain 94

https://gum.criteo.com/sid/json?origin=publishertagids&domain=says.com&sn=ChromeSyncframe&so=0&topUrl=says.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=LOszSHxOeElrZGJWQ2pvb25DL1dTRVlhUGR3RHhMRnVNK2VlemVrVEpvMldrUGFTVTlFUmRFRVZlNDdhWFlPcXpYZXQvZVhXajV4bWdYZ0ZJNWlpbW9DTjB0WWFQZXBrWHJlV01FN2lWR1ExS3BiRFcwWG9ncmJ0b2ZZUW53QkJ6UW5pY2ZaYTlnZmRRNEt3RTAyUzlPSXJ6VkFoejhQZE9yT3Z1TU1uR0JiSWZ0czJsYnpnOVFJUmNyY0tFQzhVVkdWV0dRdU5hUVAyVTg4MTZBUlVGenhaeEtDWk93bTYwZ09jOGFOTjRyQUY2QnhVK1BVSm5qU2RCMUFycm92Y3I1Qjg0NW83d3lyNTQ0WUU2Yk5TS1gvOGh3QT09fA&cppv=2

Request Chain 103

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=44A7A75394D4420BAA8C69ACF7F168DE&RedC=c.clarity.ms&MXFR=3AF759CEB0AD64BA3F1F4A14B4AD6A05 HTTP 302
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=44A7A75394D4420BAA8C69ACF7F168DE&MUID=314EF0CB296C630437A1E31128076281

Request Chain 163

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

250 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request man-screamed-haidilao-staff-happy-birthday-hot-pot Show response
says.com/my/fun/
Redirect Chain

http://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA

68 KB
18 KB

673ms
629ms

Document
text/html

2606:4700:4400::ac40:95ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:95ee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60d172579afcdbf0f740af1546bb5b184ecd8e03369528c0c8540c2c214c3fc4

Security Headers

Name	Value
Content-Security-Policy	default-src https: 'self'; connect-src 'self' data: https: wss: about: 'unsafe-eval' 'unsafe-inline' api.useinsider.com says.api.useinsider.com; font-src 'self' data: https: 'unsafe-eval' 'unsafe-inline' api.useinsider.com says.api.useinsider.com; frame-src 'self' data: https: wss: about: 'unsafe-eval' 'unsafe-inline' api.useinsider.com says.api.useinsider.com; img-src 'self' https: 'unsafe-eval' 'unsafe-inline' api.useinsider.com says.api.useinsider.com; script-src 'self' data: https: wss: about: 'unsafe-eval' 'unsafe-inline' api.useinsider.com says.api.useinsider.com; style-src 'self' data: https: 'unsafe-eval' 'unsafe-inline' api.useinsider.com says.api.useinsider.com
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=1800
cf-cache-status: EXPIRED
cf-ray: 82e941731df837e6-FRA
content-encoding: br
content-security-policy: default-src https: 'self'; connect-src 'self' data: https: wss: about: 'unsafe-eval' 'unsafe-inline' api.useinsider.com says.api.useinsider.com; font-src 'self' data: https: 'unsafe-eval' 'unsafe-inline' api.useinsider.com says.api.useinsider.com; frame-src 'self' data: https: wss: about: 'unsafe-eval' 'unsafe-inline' api.useinsider.com says.api.useinsider.com; img-src 'self' https: 'unsafe-eval' 'unsafe-inline' api.useinsider.com says.api.useinsider.com; script-src 'self' data: https: wss: about: 'unsafe-eval' 'unsafe-inline' api.useinsider.com says.api.useinsider.com; style-src 'self' data: https: 'unsafe-eval' 'unsafe-inline' api.useinsider.com says.api.useinsider.com
content-type: text/html; charset=utf-8
date: Fri, 01 Dec 2023 06:25:56 GMT
expires: Fri, 01 Dec 2023 06:55:56 GMT
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
status: 200 OK
strict-transport-security: max-age=631138519
vary: Accept-Encoding
via: 1.1 google
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-request-id: 8d89a0a1-a058-4493-85f8-21c2aada66cd
x-runtime: 0.162476
x-xss-protection: 1; mode=block

Redirect headers

CF-RAY: 82e941729f949948-FRA
Cache-Control: max-age=3600
Connection: keep-alive
Date: Fri, 01 Dec 2023 06:25:55 GMT
Expires: Fri, 01 Dec 2023 07:25:55 GMT
Location: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
Referrer-Policy: strict-origin-when-cross-origin
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
alt-svc: h3=":443"; ma=86400

GET
H2 200 bootstrap-9020e29a8803a9cc10a82a813d4090471b2c58c07af89d70d4362fb71e073ea4.css
says.com/assets/ 154 KB
24 KB 43ms
42ms Stylesheet
text/css 2606:4700:4400::ac40:95ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://says.com/assets/bootstrap-9020e29a8803a9cc10a82a813d4090471b2c58c07af89d70d4362fb71e073ea4.css

Requested by

Host: says.com
URL: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:95ee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9020e29a8803a9cc10a82a813d4090471b2c58c07af89d70d4362fb71e073ea4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:56 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 13382
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 28 Nov 2019 09:14:40 GMT
server: cloudflare
etag: W/"5ddf9000-26643"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: public, max-age=30
cf-ray: 82e94177098c37e6-FRA
expires: Fri, 01 Dec 2023 06:26:26 GMT

GET
H2 200 application-b20c5873f03072fcf7eeaaa3573c0883442b9ca40a926fe16582639d25f21ae7.css
says.com/assets/ 339 KB
67 KB 72ms
71ms Stylesheet
text/css 2606:4700:4400::ac40:95ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://says.com/assets/application-b20c5873f03072fcf7eeaaa3573c0883442b9ca40a926fe16582639d25f21ae7.css

Requested by

Host: says.com
URL: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:95ee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b20c5873f03072fcf7eeaaa3573c0883442b9ca40a926fe16582639d25f21ae7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:56 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 13382
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 16 Nov 2023 07:48:33 GMT
server: cloudflare
etag: W/"6555c951-54c64"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: public, max-age=30
cf-ray: 82e94177098e37e6-FRA
expires: Fri, 01 Dec 2023 06:26:26 GMT

GET
H2 200 cookie.consent.css
policy.revasia.com/ 1 KB
1 KB 97ms
32ms Stylesheet
text/css 2606:4700:3035::6815:273b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://policy.revasia.com/cookie.consent.css
Requested by: Host: says.com
URL: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:273b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cfe8e5168d661e94ef9fc3ae9d3f2a5b7a02093231694e1ae0573b5be6c4215a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:56 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2195
x-guploader-uploadid: ABPtcPplUehG2HQ5XFg8W79wryTLj1MS8N2C9Yj2vkoyxKJAbNfFuHj5hSiw6-PrQLwoGw84G3TcyTgGiQPJcROVxlNr1nfxv8M1
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 27 Sep 2019 04:27:42 GMT
server: cloudflare
etag: W/"fc2a34ee3689be25b96a81b966bc7cd8"
vary: Accept-Encoding
x-goog-hash: crc32c=yFoefQ==, md5=/Co07jaJviW5aoG5Zrx82A==
x-goog-generation: 1569558462623355
content-type: text/css
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Authorization, Content-Length, User-Agent, x-goog-resumable, x-goog-acl, Access-Control-Allow-Origin, X-Requested-With
cache-control: public, max-age=14400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VHUTYiuqBDmbO%2FUIx87PLhVfjt7jT0hMgHmnwStvRZcq0%2BvqSehNnhSBcB5m2AT6EwVJkXV3VrundYzQME14RZKqJVRv5pzSXd6hxuBOoXauHFall2z4kM4%2BbsvheHvmnuNErr0H5BggKmJGVtftc9c%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 1132
cf-ray: 82e9417779d119b1-FRA
expires: Fri, 01 Dec 2023 06:13:54 GMT

GET
H2 200 ner5wjl.css
use.typekit.net/ 7 KB
1 KB 130ms
35ms Stylesheet
text/css 2a02:26f0:3500:16::215:1495
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/ner5wjl.css

Requested by

Host: says.com
URL: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:16::215:1495 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

nginx /

Resource Hash

8207e7639d4d23b685b42877546eddd62dd9705488a485b246383fc9c9b615ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
date: Fri, 01 Dec 2023 06:25:56 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 1089

GET
H2 200 sto.css
pcto.revmedia.my/2023/11/cetaphil/ 17 KB
5 KB 112ms
35ms Stylesheet
text/css 2606:4700:4400::ac40:97e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pcto.revmedia.my/2023/11/cetaphil/sto.css?=v1.0

Requested by

Host: says.com
URL: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:97e6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3ffa5ffac34abbf935fd3dfc782377617336e180051c110b232d376d2e43e6a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:56 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2032
x-guploader-uploadid: ABPtcPppAEUb_OK8GKNg3-9-Gc6l4-WqH3ASG5aXeiXrman8PdAW_fzJ1Xpc6vRBt6522JQ-xBU
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 23 Nov 2023 03:12:09 GMT
server: cloudflare
etag: W/"eeb9df9f246167a82d32e4aaca1009bb"
vary: Accept-Encoding
x-goog-generation: 1700709129836299
content-type: text/css
access-control-allow-origin: *
x-goog-hash: crc32c=WsM/aw==, md5=7rnfnyRhZ6gtMuSqyhAJuw==
access-control-expose-headers: Content-Type
cache-control: public, max-age=14400
x-goog-stored-content-length: 17878
x-frame-options: SAMEORIGIN
cf-ray: 82e9417788004d79-FRA
expires: Fri, 01 Dec 2023 10:25:56 GMT

GET
H2 200 says-logo-white-7aef5e5dce9fc35f98a00aa174b9206cbb23460ee62c0bd446e3175dab4aece9.svg
says.com/assets/ 2 KB
1 KB 351ms
350ms Image
image/svg+xml 2606:4700:4400::ac40:95ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://says.com/assets/says-logo-white-7aef5e5dce9fc35f98a00aa174b9206cbb23460ee62c0bd446e3175dab4aece9.svg

Requested by

Host: says.com
URL: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:95ee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7aef5e5dce9fc35f98a00aa174b9206cbb23460ee62c0bd446e3175dab4aece9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:56 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 28 Nov 2019 09:14:40 GMT
server: cloudflare
etag: W/"5ddf9000-86a"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: max-age=60
cf-ray: 82e94177199237e6-FRA

GET
H2 200 93ef46bcea3fdba2d87cb4226c825dd2.jpg
images.says.com/uploads/user/avatar/706215/ 4 KB
5 KB 49ms
39ms Image
image/jpeg 2606:4700:4400::ac40:95ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.says.com/uploads/user/avatar/706215/93ef46bcea3fdba2d87cb4226c825dd2.jpg

Requested by

Host: says.com
URL: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:95ee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

70c976a37627dcd5f2b701c40ef07a54136786ca98ad5594a726d76be564a7e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:56 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 6659
cf-polished: origSize=4252, status=vary_header_present
x-guploader-uploadid: ABPtcPrwYIKN1i4Bw-ASQxMH9CQOzMze7UVCtTB_-u69zGq5DekqFgcNJym7545Q_PCeLe_-ubU
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
content-length: 4123
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
cf-bgj: imgq:100,h2pri
last-modified: Tue, 21 Jul 2020 13:18:07 GMT
server: cloudflare
etag: "a95705af7b29dfa66d9d8ba01141c8ef"
vary: Origin, Accept-Encoding
x-goog-generation: 1595337487325730
content-type: image/jpeg
x-frame-options: SAMEORIGIN
x-goog-hash: crc32c=FsZ/hQ==, md5=qVcFr3sp36ZtnYugEUHI7w==
cache-control: public, max-age=315576000
x-goog-stored-content-length: 4252
accept-ranges: bytes
cf-ray: 82e94177299b37e6-FRA
expires: Wed, 30 Nov 2033 18:25:56 GMT

GET
H2 200 favicon-16x16.png
says.com/ 278 B
630 B 369ms
369ms Image
image/webp 2606:4700:4400::ac40:95ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://says.com/favicon-16x16.png

Requested by

Host: says.com
URL: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:95ee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

599484f5458509339918e4b0c0cc0725214382038f76b41beeffca2fdb085ca9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:56 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
cf-polished: origFmt=png, origSize=638
content-disposition: inline; filename="favicon-16x16.webp"
alt-svc: h3=":443"; ma=86400
content-length: 278
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
cf-bgj: imgq:100,h2pri
last-modified: Thu, 30 Nov 2023 00:48:25 GMT
server: cloudflare
etag: "6567dbd9-27e"
vary: Accept
x-frame-options: SAMEORIGIN
content-type: image/webp
cache-control: public, max-age=1800
accept-ranges: bytes
cf-ray: 82e94177199337e6-FRA
expires: Fri, 01 Dec 2023 06:55:56 GMT

GET
H2 200 large_thumb_4c96.jpg
images.says.com/uploads/story/cover_image/57681/ 170 KB
170 KB 47ms
40ms Image
image/jpeg 2606:4700:4400::ac40:95ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.says.com/uploads/story/cover_image/57681/large_thumb_4c96.jpg

Requested by

Host: says.com
URL: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:95ee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2aae3daa1aaf67449270e59f070784e1f9b9c79ed24861480a142d55d57c8bf6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:56 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 53109
cf-polished: origSize=178128, status=vary_header_present
x-guploader-uploadid: ABPtcPo1q2oX5w8xqhO0jdM2haMQ9PF9gHTSN2PjsKZTfhPT27RZUC2V54HVhuzVHnhhY777n6U
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
content-length: 173829
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
cf-bgj: imgq:100,h2pri
last-modified: Thu, 06 Oct 2022 04:20:49 GMT
server: cloudflare
etag: "635feaa15f7667f84c02955300929400"
vary: Origin, Accept-Encoding
x-goog-generation: 1665030049620677
content-type: image/jpeg
x-frame-options: SAMEORIGIN
x-goog-hash: crc32c=cL6rKQ==, md5=Y1/qoV92Z/hMApVTAJKUAA==
cache-control: public, max-age=315576000
x-goog-stored-content-length: 178128
accept-ranges: bytes
cf-ray: 82e94177299c37e6-FRA
expires: Wed, 30 Nov 2033 18:25:56 GMT

GET
H3 200 rocket-loader.min.js Show response
says.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 23ms
23ms Script
application/javascript 2606:4700:4400::ac40:95ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://says.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: says.com
URL: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:95ee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 28 Nov 2023 16:06:21 GMT
server: cloudflare
etag: W/"65660ffd-302c"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 82e941774955900a-FRA
expires: Sun, 03 Dec 2023 06:25:56 GMT

GET
H2 200 v84a3a4012de94ce1a686ba8c167c359c1696973893317 Show response
static.cloudflareinsights.com/beacon.min.js/ 20 KB
7 KB 96ms
50ms Script
text/javascript 2606:4700::6810:3865
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317
Requested by: Host: says.com
URL: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:3865 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101

Request headers

Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
Origin: https://says.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:56 GMT
content-encoding: gzip
last-modified: Tue, 10 Oct 2023 21:38:13 GMT
server: cloudflare
etag: W/"2023.10.0"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 82e941779a881cc1-FRA

GET
H2 200 font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ 30 KB
6 KB 73ms
28ms Stylesheet
text/css 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Host: pcto.revmedia.my
URL: https://pcto.revmedia.my/2023/11/cetaphil/sto.css?=v1.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcto.revmedia.my/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:56 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 2003355
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 5631
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5f-7918"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jHI6NZDvtKefat7GbkZl%2BAnrEN8Q3hrNFEdaHM%2F73jJ1lRtI6uzeTO9%2FP14WArqNlg7T%2BnN4UwTQFFBHhrsEOYaNGNawDioj2G2iMzRZ7FrGzpSpvFEIgzEaHGktS%2B%2FKspBjX37D%2Bw8uIoDfAqfVlz20"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 82e941780b221c34-FRA
expires: Wed, 20 Nov 2024 06:25:56 GMT

GET
H2 200 p.css
p.typekit.net/ 5 B
172 B 48ms
34ms Stylesheet
text/css 2a02:26f0:3500:16::215:1495
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=ner5wjl&ht=tk&f=139.140.173.174.175.176.10444.10739.10741.17001.17005&a=526275&app=typekit&e=css
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/ner5wjl.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:1495 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://use.typekit.net/ner5wjl.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:56 GMT
last-modified: Fri, 23 Jun 2023 17:09:47 GMT
server: nginx
etag: "6495d1db-5"
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 5

GET
H2 200 typeahead.jquery.min.js Show response
cdn.jsdelivr.net/typeahead.js/0.10.5/ 20 KB
7 KB 75ms
31ms Script
application/javascript 2606:4700::6810:5514
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/typeahead.js/0.10.5/typeahead.jquery.min.js

Requested by

Host: says.com
URL: https://says.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3dad81ae9e89995623b89e9c6f7c5c926a098f0882f66dfeb6a7bf99926c1f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1809171
content-encoding: br
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230128-FRA
server: cloudflare
etag: W/"510c-S3JXs07We2e7+mK0ogQDjPiLH0c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fTENkEBd157oRzC2G5sdyLgOQ8XQ004gPqtyZRCLLT2P3hzu6V3zpNKbsEyjjmVVzjdX6ke3Rp4FxvWZ5sBbhFSa3eetnBvTYJ2L39lPDN0CC9sw%2B4HG0O%2B2ZiyU9nL28RXceNjmWBgQXDyh9wc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 82e941788c825c3e-FRA

GET
H2 200 algoliasearch.helper.min.js Show response
cdn.jsdelivr.net/algoliasearch.helper/2/ 125 KB
34 KB 78ms
33ms Script
application/javascript 2606:4700::6810:5514
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/algoliasearch.helper/2/algoliasearch.helper.min.js

Requested by

Host: says.com
URL: https://says.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

45a44547bc03bf28eef08b155e355f497ca18ee852614d0dc602b91e20c64512

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 9339
x-jsd-version: 2.28.1
content-encoding: br
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230054-FRA
x-jsd-version-type: version
server: cloudflare
etag: W/"1f4ce-yhw0k44Hf5WfhCJOdgej62yDo+U"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DCyArAlX5Yr5hub9tDFkwrnAPNLpaJRkHkT7dREEpKqtxmNwBNTK5mYno9TWZ7o%2BBNscfJqQwk6XByA99VukyR9f73bWqjr%2FcFizA888543XA5JipWvCeT%2FDgccyEKta1jeUQvMlWu%2FhK3c7O%2BU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 82e941788c885c3e-FRA

GET
H2 200 algoliasearch.min.js Show response
cdn.jsdelivr.net/algoliasearch/3.9/ 55 KB
17 KB 76ms
32ms Script
application/javascript 2606:4700::6810:5514
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/algoliasearch/3.9/algoliasearch.min.js

Requested by

Host: says.com
URL: https://says.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4d03ca7f3ce7f1698643944490152dd091759abaae48a654dcb8c0e1fff69094

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 4983
content-encoding: br
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230062-FRA
server: cloudflare
etag: W/"dca7-7EOIzEqVciton1p8sULUNdzPZIc"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TAoUfSwXQGjnaxXATEPHwGe8UnWJGIXiOzpM9RPOdQOhW9jeGSkjmgmPIzNvFzgUh9oAoH%2FsztzLgZ6bvlmEPS7jPMP8%2FIlNag9uyjRNIcVRUIl%2FNsihMHnP9p99OngHTDQTvhzwDxT%2BjYRFvcg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 82e941788c895c3e-FRA

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 92 KB
30 KB 149ms
98ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: says.com
URL: https://says.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c4222d95b2f31e3d26d75291d9c0ee15632c1305e61723e1dbd99ef66d0f8f25

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:56 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30396
x-xss-protection: 0
server: cafe
etag: 673 / 19692 / m202311150101 / config-hash: 11152387477177976423
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 01 Dec 2023 06:25:56 GMT

GET
H2 200 sto.js Show response
pcto.revmedia.my/2023/11/cetaphil/ 11 KB
3 KB 35ms
33ms Script
text/javascript 2606:4700:4400::ac40:97e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pcto.revmedia.my/2023/11/cetaphil/sto.js?=v1.1

Requested by

Host: says.com
URL: https://says.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:97e6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5b85cb07ced413da00fa74a9adc89da2796378b20a8a66173ce07831f0cae373

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:56 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1182
x-guploader-uploadid: ABPtcPo-k0fRwNPMdixv8AHzKkz8d8KvWUBRTt8NzFuC3CtoalnX0tNvus2QaonxZw4-VNuIgkI3V_pcZg
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 29 Nov 2023 06:35:29 GMT
server: cloudflare
etag: W/"3cb9ff95cd38ca43816e33c10c4d65e7"
vary: Accept-Encoding
x-goog-hash: crc32c=FRRj1g==, md5=PLn/lc04ykOBbjPBDE1l5w==
x-goog-generation: 1701239729837215
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=14400
x-goog-stored-content-length: 10887
x-frame-options: SAMEORIGIN
cf-ray: 82e9417848bd4d79-FRA
expires: Fri, 01 Dec 2023 10:25:56 GMT

GET
H2 200 lt.min.js Show response
tags.crwdcntrl.net/lt/c/11139/ 59 KB
18 KB 98ms
30ms Script
text/javascript 52.85.92.52
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/11139/lt.min.js
Requested by: Host: says.com
URL: https://says.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.92.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-92-52.ham50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e2161ae0d3c38f898060828992016a61570802c13de88c3ff87ba89de5023171

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 09:37:52 GMT
content-encoding: gzip
via: 1.1 d050e2738eeca6f287a6d79edd9743de.cloudfront.net (CloudFront)
last-modified: Mon, 18 Sep 2023 05:21:18 GMT
server: AmazonS3
x-amz-cf-pop: HAM50-C1
age: 74885
x-amz-server-side-encryption: AES256
etag: W/"20a9367e347b33fe6f89e7dba0f13105"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: public, max-age=86400
x-amz-cf-id: Q1M6uOiDzIEcdNEgeIDW0nJGzMj2_qNPGVUuVXojGESuAF-S13-Qow==

GET
H3 200 bootstrap-70ea4d281899906164d43782c7ef2212a415bed7753013e3777caecc303470b8.js Show response
says.com/assets/ 60 KB
17 KB 42ms
41ms Script
application/javascript 2606:4700:4400::ac40:95ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://says.com/assets/bootstrap-70ea4d281899906164d43782c7ef2212a415bed7753013e3777caecc303470b8.js

Requested by

Host: says.com
URL: https://says.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:95ee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

70ea4d281899906164d43782c7ef2212a415bed7753013e3777caecc303470b8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:56 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 13949
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 28 Nov 2019 09:14:40 GMT
server: cloudflare
etag: W/"5ddf9000-ef1b"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: public, max-age=30
cf-ray: 82e941784a71900a-FRA
expires: Fri, 01 Dec 2023 06:26:26 GMT

GET
H3 200 application-cbccbe0e6a648c7f70bbb904016388798338882e7a4966047a5a15832b27173d.js Show response
says.com/assets/ 492 KB
146 KB 62ms
62ms Script
application/javascript 2606:4700:4400::ac40:95ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://says.com/assets/application-cbccbe0e6a648c7f70bbb904016388798338882e7a4966047a5a15832b27173d.js

Requested by

Host: says.com
URL: https://says.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:95ee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cbccbe0e6a648c7f70bbb904016388798338882e7a4966047a5a15832b27173d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:56 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 13949
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 02 Mar 2021 15:22:36 GMT
server: cloudflare
etag: W/"603e583c-7b1ab"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: public, max-age=30
cf-ray: 82e941784a74900a-FRA
expires: Fri, 01 Dec 2023 06:26:26 GMT

GET
H2 200 cookie.consent.js Show response
policy.revasia.com/ 3 KB
2 KB 36ms
35ms Script
text/javascript 2606:4700:3035::6815:273b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://policy.revasia.com/cookie.consent.js
Requested by: Host: says.com
URL: https://says.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:273b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1bea71d07ca30415d598ea3dfbe6641f5aa63fe0414d3c27ed6bd0e89c603439

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:56 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2194
x-guploader-uploadid: ABPtcPpPmeGDb8GJ-epika4zKIyVXQ9KZk-aDkHNzAaxiG_nrXF_4zLD4hKOPIPqelxxlsWC6lvBX3UPadyaE0RC-u1l-A
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 29 Oct 2019 04:03:50 GMT
server: cloudflare
etag: W/"bb557a5a67bcb975a3040c2daf62db27"
vary: Accept-Encoding
x-goog-hash: crc32c=9GWciA==, md5=u1V6Wme8uXWjBAwtr2LbJw==
x-goog-generation: 1572321830602698
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Authorization, Content-Length, User-Agent, x-goog-resumable, x-goog-acl, Access-Control-Allow-Origin, X-Requested-With
cache-control: public, max-age=14400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=icJRNKbI44pmkGeRfPAcaLSCLMsyGFhFdAwkpsCXcWyZ6xYBt5hyMrPuWTpXz121CWoNgK3UMP63VV6CDTDtHteQBzRqQZ3AQ1YtrxEgNPfZMj3tPNC02L6ouDy7Axo4DzWEEZw1grvOLQxsFJ3JdLA%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 3234
cf-ray: 82e941784a7819b1-FRA
expires: Fri, 01 Dec 2023 06:49:22 GMT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 92 KB
30 KB 121ms
73ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: says.com
URL: https://says.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6f8be7b1ef816196f4990f5c84ca62799e6116f832959edd9c19eb17ac31bed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:56 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30396
x-xss-protection: 0
server: cafe
etag: 581 / 19692 / m202311150101 / config-hash: 11152387477177976423
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 01 Dec 2023 06:25:56 GMT

GET
H2 200 l
use.typekit.net/af/71f83c/00000000000000003b9b093b/27/ 19 KB
20 KB 103ms
34ms Font
application/font-woff2 2a02:26f0:3500:16::215:1495
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/71f83c/00000000000000003b9b093b/27/l?subset_id=2&fvd=n7&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/ner5wjl.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:1495 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 72b8d224b5745db5b3c242047a76edc6e27f5868a1c01a94d90d2048f3efcf44

Request headers

Referer: https://use.typekit.net/ner5wjl.css
Origin: https://says.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:56 GMT
server: nginx
etag: "642d9266d1f9c63e0e36cec5fe51c6a1134c359a"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 19924

GET
H2 200 l
use.typekit.net/af/27776b/00000000000000003b9b0939/27/ 19 KB
19 KB 111ms
43ms Font
application/font-woff2 2a02:26f0:3500:16::215:1495
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/27776b/00000000000000003b9b0939/27/l?subset_id=2&fvd=n6&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/ner5wjl.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:1495 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 407a888e655899d02d89088205b185e854860ae1d600eb91602b16df0c6a08a6

Request headers

Referer: https://use.typekit.net/ner5wjl.css
Origin: https://says.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:56 GMT
server: nginx
etag: "e1ccbb4a993cd81acf325a5b5760f522404cc494"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 19664

GET
H3 200 fa-brands-400.woff2
says.com/fonts/ 73 KB
73 KB 109ms
108ms Font
application/octet-stream 2606:4700:4400::ac40:95ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://says.com/fonts/fa-brands-400.woff2

Requested by

Host: says.com
URL: https://says.com/assets/application-b20c5873f03072fcf7eeaaa3573c0883442b9ca40a926fe16582639d25f21ae7.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:95ee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

975714c6cb70ba105bfa87d2415df2fddde4a46c1d3ab9d0cf45465e56cba97d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://says.com/assets/application-b20c5873f03072fcf7eeaaa3573c0883442b9ca40a926fe16582639d25f21ae7.css
Origin: https://says.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:56 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1696
alt-svc: h3=":443"; ma=86400
content-length: 74524
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 30 Nov 2023 00:48:25 GMT
server: cloudflare
etag: "6567dbd9-1231c"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/octet-stream
cache-control: public, max-age=1800
accept-ranges: bytes
cf-ray: 82e941785a9a900a-FRA
expires: Fri, 01 Dec 2023 06:55:56 GMT

GET
H3 200 fontawesome-webfont.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/ 75 KB
76 KB 51ms
28ms Font
application/octet-stream 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d792afdac7f7ae5de7c6964950c6c61dc6e3f3813180a59e141c7cb4ac4364dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
Origin: https://says.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:56 GMT
strict-transport-security: max-age=15780000
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 169249
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 77160
last-modified: Mon, 04 May 2020 16:10:07 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e5f-12d68"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=koHb7rcDeUPJ%2FPUzpDOuI331A9Ymoz8SrFYldbbu5mTuvCw2vZ1bshFDvijDiw25%2BXJuFDbM7zLtscleihCRLxJdY4KjL0kELraUCL1sD7BKQ7wSGSmutIcn09SNFHkK1a%2F%2BLY%2BaLEaO8dlcCMx4jUkp"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 82e941787de09b82-FRA
expires: Wed, 20 Nov 2024 06:25:56 GMT

GET
H3 200 fa-solid-900.woff2
says.com/fonts/ 74 KB
74 KB 112ms
111ms Font
application/octet-stream 2606:4700:4400::ac40:95ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://says.com/fonts/fa-solid-900.woff2

Requested by

Host: says.com
URL: https://says.com/assets/application-b20c5873f03072fcf7eeaaa3573c0883442b9ca40a926fe16582639d25f21ae7.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:95ee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

80fe90cb559538158bc235f4e539d9bcae203e19fab7c6970aad37b0154348ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://says.com/assets/application-b20c5873f03072fcf7eeaaa3573c0883442b9ca40a926fe16582639d25f21ae7.css
Origin: https://says.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:56 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1696
alt-svc: h3=":443"; ma=86400
content-length: 75408
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 30 Nov 2023 00:48:25 GMT
server: cloudflare
etag: "6567dbd9-12690"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/octet-stream
cache-control: public, max-age=1800
accept-ranges: bytes
cf-ray: 82e941785a9b900a-FRA
expires: Fri, 01 Dec 2023 06:55:56 GMT

GET
H2 200 l
use.typekit.net/af/4838bd/00000000000000003b9b0934/27/ 19 KB
19 KB 139ms
72ms Font
application/font-woff2 2a02:26f0:3500:16::215:1495
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/4838bd/00000000000000003b9b0934/27/l?subset_id=2&fvd=n4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/ner5wjl.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:1495 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 6b2b4de8c5528c92aaf3c7aaad67bdd0714df23bbcc85c5238e02581dd21deda

Request headers

Referer: https://use.typekit.net/ner5wjl.css
Origin: https://says.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:56 GMT
server: nginx
etag: "2c0b6e23328e638bb18899aafbc85ad950333c16"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 19372

GET
H2 200 l
use.typekit.net/af/6aec08/00000000000000003b9b0935/27/ 20 KB
20 KB 101ms
38ms Font
application/font-woff2 2a02:26f0:3500:16::215:1495
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/6aec08/00000000000000003b9b0935/27/l?subset_id=2&fvd=i4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/ner5wjl.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:1495 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 504d0250e5ecec00bb65dca041412e851ce493eb624c961d7a35598378320af1

Request headers

Referer: https://use.typekit.net/ner5wjl.css
Origin: https://says.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:56 GMT
server: nginx
etag: "1ba84f7704212796fc4339b5d2f9857087d10fca"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 20080

GET
H2 200 l
use.typekit.net/af/86b539/00000000000000003b9b093a/27/ 20 KB
20 KB 126ms
69ms Font
application/font-woff2 2a02:26f0:3500:16::215:1495
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/86b539/00000000000000003b9b093a/27/l?subset_id=2&fvd=i7&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/ner5wjl.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:1495 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: ced14124fdcf5b1197ef003df3f4b4e65c5b0bd8f74138c77de429f38f278fee

Request headers

Referer: https://use.typekit.net/ner5wjl.css
Origin: https://says.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:56 GMT
server: nginx
etag: "7a571531ba8746780d4709c32909a81a6b90fc36"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 20572

GET
H2 200 pwt.js Show response
ads.pubmatic.com/AdServer/js/pwt/121793/1376/ 518 KB
166 KB 88ms
23ms Script
application/javascript 184.30.16.195
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/pwt/121793/1376/pwt.js
Requested by: Host: says.com
URL: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.30.16.195 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-16-195.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 140ca6ff4b82c2f0b348ee2a1d0a3a5d88d226ec5e9224126419ec08569d555d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:56 GMT
content-encoding: gzip
last-modified: Mon, 20 Nov 2023 05:31:24 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=154945
accept-ranges: bytes
content-length: 169037
expires: Sun, 03 Dec 2023 01:28:21 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 202 KB
54 KB 78ms
21ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: says.com
URL: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), otp-credentials=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 01 Dec 2023 06:25:56 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 54273
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: QA1UP3idSF0zTTQeuJEHEW4pjqQInkp7KtlUpPXvCvDGFPsG3R5HR+J42pr/p5OYWR7i5PVXnCSVxjK9cUT3YQ==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 popper.min.js Show response
cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/ 21 KB
7 KB 26ms
26ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js

Requested by

Host: says.com
URL: https://says.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

66f3a07e1fa9b64a686b66381e4458dbc8abf3dbbff954720c4eec07b84411c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
Origin: https://says.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:56 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1640123
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 6646
last-modified: Mon, 04 May 2020 16:15:37 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03fa9-520c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ex2SaQhba53a%2FdqjQnunsTwPs32f%2BGoVBCas%2F5vNt23P87WM5sYDushI1H0XGKxgxgaW7RZtvVXdFWrACAcUUmXySqQ01oP0ijgkvtJ8MliW30Vq9a%2Fel%2BCupBCgtSrSh0TbcaORyrKUBXNcBKejcF2g"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 82e941796ea49b82-FRA
expires: Wed, 20 Nov 2024 06:25:56 GMT

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/ 431 KB
135 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/pubads_impl.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b033f59e4ffeaa6f3e4f2e839c035a14811d5469d3f772eda6056d7d5782c53f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 22:16:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 29369
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 138149
x-xss-protection: 0
server: cafe
etag: 11558412289700915514
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Fri, 29 Nov 2024 22:16:27 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 372 KB
102 KB 98ms
51ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5WNLRMX

Requested by

Host: says.com
URL: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

93406632f17171debbb0eeded11ed91574d88eb7328acfdda5e4f34bed3fba58

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:56 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 104336
x-xss-protection: 0
last-modified: Fri, 01 Dec 2023 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 01 Dec 2023 06:25:56 GMT

GET
H2 200 loader.js Show response
cdn.taboola.com/libtrc/revmediagroup-says/ 214 KB
47 KB 188ms
105ms Script
application/javascript 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/revmediagroup-says/loader.js
Requested by: Host: says.com
URL: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 41ae6cf2662ed0939c1112d01ecc242b44f759041d72544b04c8ff79ca631d56

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-amz-version-id: 1_6LCUeSMTzHLccwYtzHc2cIszFbA8PN
content-encoding: gzip
via: 1.1 varnish
date: Fri, 01 Dec 2023 06:25:56 GMT
x-amz-request-id: HGGBGG681WWKYAGE
age: 0
x-amz-server-side-encryption: AES256
x-cache: MISS
x-from-cache: 1
x-envoy-upstream-service-time: 13
x-amz-replication-status: FAILED
content-length: 47332
x-amz-id-2: 88TTCsOhcOorBhLLQHCYsCEgUMy1m/nCbyjGAyYmHM40g5dU8UeCxDWJ1L7+uVCQPrK/RuZFVwg=
x-served-by: cache-cph2320046-CPH
last-modified: Thu, 30 Nov 2023 20:54:52 UTC
server: nginx
x-timer: S1701411957.836126,VS0,VE70
etag: "b4b93b9fe92a0ffb687ee822095ae7da2c536625"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
abp: 31
cache-control: private,max-age=14400
accept-ranges: bytes
x-cache-hits: 0

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 92 KB
30 KB 126ms
126ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: says.com
URL: https://says.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a197c0bb444be153309897e48789a934ae3e465db7f1314675b04c02ee04cc88

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:56 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30280
x-xss-protection: 0
server: cafe
etag: 398 / 19692 / 31079857 / config-hash: 11152387477177976423
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 01 Dec 2023 06:25:56 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 33ms
21ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: says.com
URL: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

de361c064c4ec12fd000a3e08a0ec3e94cca87209fa048333c214149386c0474

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), otp-credentials=(), picture-in-picture=(), xr-spatial-tracking=()
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 01 Dec 2023 06:25:56 GMT
content-md5: 8ncP6oaYfr7EmyEr7nfbYQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1685
reporting-endpoints
x-fb-debug: wtZmz6dacWp0I29cd9ySPx+9hurdTPokETfb40kNoF4PoAhm/eK2tVwa9PAJBmQEoZYYnhbU7CPpMuXas8ergQ==
x-fb-content-md5: 81ece96f36cef036df9175ade12ba235
cross-origin-opener-policy: same-origin-allow-popups
etag: "a132737603effdead1d74b97e89154a6"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Fri, 01 Dec 2023 06:39:33 GMT

GET
H2 200 beacon.js Show response
sb.scorecardresearch.com/ 4 KB
2 KB 81ms
22ms Script
application/javascript 18.245.60.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: says.com
URL: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.245.60.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-245-60-76.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1aee66e2e24e851039801c0dace90f3efb7a1a17b033f7d5bbc12ca7c1d19432

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 09:28:31 GMT
content-encoding: gzip
via: 1.1 9bd86598a7f45cc948aa2f9674ece0b2.cloudfront.net (CloudFront)
last-modified: Fri, 21 Jul 2023 22:21:17 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P5
age: 75445
x-amz-server-side-encryption: AES256
etag: W/"a06e7a176f40dc26aa5e9567ac9d2d5e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=86400
x-amz-cf-id: fFMyiHHBZOyTaRYQQU7Y0kxGhkkeYTcWtpKFODdibjE4-owxOoPhnQ==

GET
H3 200 sto.js Show response
pcto.revmedia.my/2023/11/cetaphil/ 11 KB
4 KB 65ms
38ms Script
text/javascript 2606:4700:4400::ac40:97e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pcto.revmedia.my/2023/11/cetaphil/sto.js?=v1.1

Requested by

Host: says.com
URL: https://says.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:97e6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5b85cb07ced413da00fa74a9adc89da2796378b20a8a66173ce07831f0cae373

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
Origin: https://says.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:56 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1696
x-guploader-uploadid: ABPtcPoy4e8BESpCsIaLfxEe8hb_EhOMwGWFuP0hejMrBcUZC_iFyM2xlVE6xJOfSC4yNYQhmuDJEbOxhA
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 29 Nov 2023 06:35:29 GMT
server: cloudflare
etag: W/"3cb9ff95cd38ca43816e33c10c4d65e7"
vary: Accept-Encoding
x-goog-generation: 1701239729837215
content-type: text/javascript
access-control-allow-origin: *
x-goog-hash: crc32c=FRRj1g==, md5=PLn/lc04ykOBbjPBDE1l5w==
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=14400
x-goog-stored-content-length: 10887
x-frame-options: SAMEORIGIN
cf-ray: 82e94179dab19b77-FRA
expires: Fri, 01 Dec 2023 10:25:56 GMT

POST
H2 200 data Show response
bcp.crwdcntrl.net/6/ 60 B
330 B 154ms
47ms XHR
application/json 52.212.53.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/6/data
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/11139/lt.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.212.53.77 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-212-53-77.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 98343084b24e6a9e9189fdf4a7868764374403cd90a5ef956f57df65c4ba1be7

Request headers

Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 06:25:56 GMT
server: Jetty(9.4.38.v20210224)
content-type: application/json;charset=utf-8
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://says.com
cache-control: no-cache
x-server: 10.45.22.169
access-control-allow-credentials: true
content-length: 60
expires: 0

GET
H2 200 publishertag.ids.js Show response
static.criteo.net/js/ld/ 42 KB
13 KB 139ms
52ms Script
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.ids.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a1a256244f073b9ed474c52d16f8b7d0ed5d92ca4129042d6ee150817671bcd9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:56 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 27 Oct 2023 06:43:26 GMT
server: nginx
etag: W/"653b5c0e-a9a7"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sat, 02 Dec 2023 06:25:56 GMT

GET
H2 200 sync.min.js Show response
tags.crwdcntrl.net/lt/c/16589/ 39 KB
12 KB 29ms
28ms Script
text/javascript 52.85.92.52
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.92.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-92-52.ham50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e885badff253144e188588b5657e13cfa1135d4cd682053c9cca02b83baf1ef2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 07:38:20 GMT
content-encoding: gzip
via: 1.1 d050e2738eeca6f287a6d79edd9743de.cloudfront.net (CloudFront)
last-modified: Wed, 06 Sep 2023 15:56:57 GMT
server: AmazonS3
x-amz-cf-pop: HAM50-C1
age: 82057
x-amz-server-side-encryption: AES256
etag: W/"e073e71ed7a44e6f9cdd72904fda5940"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: public, max-age=86400
x-amz-cf-id: _Nul8TQWAQ1NoxCjlc9i-wt6PefkFq4Dz18LHh3WnTvUmCmrjrOEUw==

GET
H/1.1 200
OK uid2SecureSignal.js Show response
cdn.prod.uidapi.com/ 3 KB
3 KB 114ms
31ms Script
text/javascript 2600:9000:2016:f200:a:e047:753:a221
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.prod.uidapi.com/uid2SecureSignal.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/pubads_impl.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2016:f200:a:e047:753:a221 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 72e960baa80ec819264a604f2f8a8e5c21f81b785ebc17595211ad170d8b1bdc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-amz-version-id: KP_OVZMS6roEW_XJdOd.KnSEmM8GWiP3
Date: Thu, 30 Nov 2023 10:03:28 GMT
Via: 1.1 3ef9a20d3fa6ab2cb9dbcc2f635621ce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: HAM50-C2
Age: 73349
x-amz-server-side-encryption: AES256
X-Cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
Connection: keep-alive
Content-Length: 2776
Last-Modified: Thu, 19 Oct 2023 06:40:11 GMT
Server: AmazonS3
ETag: "a3a9a9ee8e72db69d54e805f0586c651"
Content-Type: text/javascript
Accept-Ranges: bytes
X-Amz-Cf-Id: FXSGlhe8B4XXt3YI1pKjPeOCA6pK9IRQRWmXYaLPxXi47BibMHPRzg==

GET
H2 200 esp.js Show response
oa.openxcdn.net/ 24 KB
8 KB 75ms
22ms Script
application/javascript 34.102.146.192
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oa.openxcdn.net/esp.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 192.146.102.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 13 Nov 2023 17:40:12 GMT
content-encoding: gzip
age: 1514744
x-guploader-uploadid: ABPtcPrYakBZZUaYUT2Aa4NoJoJQZRP6-ODG4Mlhh8MKCLApMvJzlaEJN2z8T9SAscKxSRsWb_zHAvxtH2n8WvZ8c-eAXA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7927
last-modified: Thu, 27 May 2021 18:30:51 GMT
server: UploadServer
etag: "df5542b88bc0e368c6999754a5b9e2ba"
x-goog-generation: 1622140251693895
x-goog-hash: crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
content-type: application/javascript
cache-control: no-transform
x-goog-stored-content-length: 7927
accept-ranges: bytes
expires: Tue, 12 Nov 2024 17:40:12 GMT

GET
H2 200 esp.js Show response
cdn.id5-sync.com/api/1.0/ 152 KB
33 KB 89ms
29ms Script
text/javascript 2606:4700:10::ac43:266a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/esp.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:266a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d050c56b76cb2dae10e3eadd8e8f5e83594db0916d25946bec2f662f69dd776d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:56 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 28 Nov 2023 11:19:25 GMT
server: cloudflare
x-amz-request-id: 53GGBM5A6XBRJD2W
age: 2430
etag: W/"d12fc51ceb66081fc72dabad6e4e0ded"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 82e9417a6eb0bbec-FRA
x-amz-id-2: +r3IAnmtspceOaG1P4pbsdXEsJtBBACfmiF8uWKvw4Pf0lwmAmf71J80yWQcWt5hYVJvZ/iixAE=

GET
H2 200 pubcid.min.js Show response
cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/ 732 B
781 B 27ms
27ms Script
application/javascript 2606:4700::6810:5514
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/pubcid.min.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 16816
x-jsd-version: master
content-encoding: br
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230131-FRA
x-jsd-version-type: branch
server: cloudflare
etag: W/"2dc-IrZxm/sP4aqtIfs1EfEw6Dg5q1Y"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QFmM7wY%2BXawb1upyu6i7t8zBGWRv4TZNAip21o0p%2FzYxniiE5ESqT1q6bDi%2FtyMPC970oZ5QkQkhSNc2r5L5arhuh9wGV3eGchshGG9Tv0SIhtQeGthJL2w%2FyG%2F%2BdFzxOOm1YqqlSl%2FHjvL2F%2Fw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 82e9417a0da95c3e-FRA

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 95 KB
28 KB 511ms
511ms Fetch
text/plain 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1650737213599825&correlator=1568821442599695&eid=31079527&output=ldjh&gdfp_req=1&vrg=202311150101&ptt=17&impl=fifs&iu_parts=1009103%2CSAYS_STO%2CSAYS_desktop_outofpage%2CSAYS_desktop_billboard%2CSAYS_desktop_leaderboard%2CSAYS_halfpage%2CSays_InArticle_Pixel%2CSAYS_desktop_in_article_mrec%2Csays_inskin%2CSays_Web_Interstitial%2CSays_Andbeyond_Pixel&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5%2C%2F0%2F6%2C%2F0%2F7%2C%2F0%2F8%2C%2F0%2F9%2C%2F0%2F10&prev_iu_szs=1x1%2C1x1%2C970x250%2C728x90%2C300x600%2C1x1%2C300x250%2C1x1%2C1x1%2C1x1&ifi=1&sfv=1-0-40&ists=258&fas=0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C8%2C0&sc=1&cookie_enabled=1&abxe=1&dt=1701411956790&lmt=1701411956&adxs=0%2C1015%2C315%2C215%2C1015%2C230%2C215%2C0%2C-9%2C1015&adys=4347%2C850%2C62%2C1270%2C1904%2C3979%2C2018%2C4346%2C-9%2C3623&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1%7C0%7C0%7C2%7C3%7C4%7C5%7C6%7C-1%7C7&ucis=1%7C2%7C3%7C4%7C5%7C6%7C7%7C8%7C9%7Ca&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fsays.com%2Fmy%2Ffun%2Fman-screamed-haidilao-staff-happy-birthday-hot-pot%3Ffbclid%3DIwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA&vis=1&psz=1600x4346%7C370x3345%7C1600x250%7C770x90%7C370x2675%7C770x386%7C770x604%7C1600x4346%7C0x-1%7C370x2675&msz=1600x0%7C370x0%7C970x-1%7C728x-1%7C370x0%7C1x-1%7C770x0%7C1x-1%7C0x-1%7C1x-1&fws=0%2C4%2C4%2C4%2C4%2C4%2C4%2C0%2C2%2C4&ohw=0%2C1600%2C1600%2C1600%2C1600%2C1600%2C1600%2C0%2C0%2C1600&ga_vid=1073581383.1701411957&ga_sid=1701411957&ga_hid=797652530&ga_fc=false&dlt=1701411956319&idt=450&cust_params=section%3Dfun%26pos%3Darticle%26environment%3Dproduction%26Brands%3D%26tagsSays%3Dfun%252Cconfession%252Chaidilao%252Chotpot%252Cviral%252Cbirthday%252Csinging&adks=1476963904%2C1585380070%2C3455604261%2C126976903%2C205075962%2C4088274682%2C3035523402%2C1044105006%2C765343895%2C468646908&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f87f627f9e06775775b23631257cc8025ed318eaf1adf9ee78f19ee45cd6783b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:57 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2,-2,-2,-2,-2,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28445
x-xss-protection: 0
google-lineitem-id: -2,-2,-2,-1,-1,-2,-2,-2,-2,-2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2,-2,-2,-1,-1,-2,-2,-2,-2,-2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://says.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 530 B
292 B 59ms
59ms Fetch
text/plain 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1650737213599825&correlator=1568821442599695&eid=31079527&output=ldjh&gdfp_req=1&vrg=202311150101&ptt=17&impl=fifs&iu_parts=1009103%2CSAYS_1x1_MG&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1&ifi=11&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1701411956797&lmt=1701411956&adxs=230&adys=3980&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=8&ucis=b&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fsays.com%2Fmy%2Ffun%2Fman-screamed-haidilao-staff-happy-birthday-hot-pot%3Ffbclid%3DIwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA&vis=1&psz=770x386&msz=740x0&fws=4&ohw=1600&ga_vid=1073581383.1701411957&ga_sid=1701411957&ga_hid=797652530&ga_fc=false&dlt=1701411956319&idt=450&cust_params=section%3Dfun%26pos%3Darticle%26environment%3Dproduction%26Brands%3D%26tagsSays%3Dfun%252Cconfession%252Chaidilao%252Chotpot%252Cviral%252Cbirthday%252Csinging&adks=2444254413&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e6e037f5845ed3777ba25d1aa67747ec39dc43fda8283f7670bb7f6fd2ca741f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:56 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 262
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://says.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
ce73e6b410d922c1f2e067cb16546cf3.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 648A 6 KB
3 KB 120ms
57ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ce73e6b410d922c1f2e067cb16546cf3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 01 Dec 2023 06:25:56 GMT
expires: Sat, 30 Nov 2024 06:25:56 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pubads_impl_page_level_ads.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/ 39 KB
13 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/pubads_impl_page_level_ads.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2428653048a13d41cc7aedcb47c0a8398d77a4d4a1cc3f999f9695d5e6d3d528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 21:47:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31104
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13736
x-xss-protection: 0
server: cafe
etag: 9658267497644244280
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Fri, 29 Nov 2024 21:47:32 GMT

GET
H2 200 Draggable.js Show response
cdn.skypack.dev/pin/gsap@v3.7.1-oqmeGbnx72naX9MRGwFV/mode=imports,min/unoptimized/ 465 B
588 B 146ms
82ms Script
application/javascript 2606:4700:20::ac43:4ac2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.skypack.dev/pin/gsap@v3.7.1-oqmeGbnx72naX9MRGwFV/mode=imports,min/unoptimized/Draggable.js
Requested by: Host: says.com
URL: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4ac2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 256de1accbccc4ffee65cf0ae6ddda99d1a056e669ddb390c959b942df9a5358

Request headers

Referer: https://pcto.revmedia.my/
Origin: https://says.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:56 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TSC%2BM62VNjCmBxY3WTU0cUSmXUD%2Fm%2BzwSa8emflQg9JscaTtiNN5DBC%2FIj9lGm2QCggV2u8L8mVT%2BWLL3Y%2BxMx1afDiU6zgp8KmzICAe0iN6NZdlJyOs4Wtcx%2BqH92IXA0s3OuKb11toR2dOrA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=31536000
x-import-url: /-/gsap@v3.7.1-oqmeGbnx72naX9MRGwFV/dist=es2020,mode=imports,min/unoptimized/Draggable.js
cf-ray: 82e9417a8d414d58-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 gsap.js Show response
cdn.skypack.dev/pin/gsap@v3.7.1-oqmeGbnx72naX9MRGwFV/mode=imports,min/optimized/ 305 B
713 B 145ms
81ms Script
application/javascript 2606:4700:20::ac43:4ac2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.skypack.dev/pin/gsap@v3.7.1-oqmeGbnx72naX9MRGwFV/mode=imports,min/optimized/gsap.js
Requested by: Host: says.com
URL: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4ac2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9b9233c0c01ce219c102432f8da76d92d40bee603d575e238540da05da0ad17c

Request headers

Referer: https://pcto.revmedia.my/
Origin: https://says.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:56 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=esK3pZB24YtzwNNVPgo%2Fu5zZx6UAQQUvCUB3Kc9JJDUZr4cElq%2FddTQuEDNgkn3R3HSDwRuuH5VWS%2FgmY70cuUlI2h8mk03HR2Ju%2Bb11tye%2F82OhpcPRbebOj3rNYxZtn7s8mzNLj4RYWIIDmg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=31536000
x-import-url: /-/gsap@v3.7.1-oqmeGbnx72naX9MRGwFV/dist=es2020,mode=imports,min/optimized/gsap.js
cf-ray: 82e9417a8d404d58-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 297 KB
85 KB 42ms
21ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=3edb04685c2520ad8ac42baaeeb2040d

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

36860291124bfb33f7f232d64a0f7899d74e0f723dc0bd6d3545c48634cf395d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
Origin: https://says.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), otp-credentials=(), picture-in-picture=(), xr-spatial-tracking=()
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 01 Dec 2023 06:25:56 GMT
content-md5: x+J7qI1+2AVtVTCYWx5Erg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 86869
reporting-endpoints
x-fb-debug: Ji/G+nIM/PxWFK8uf3qAnozCogoW7RRxCBUcbM3vS8aAoPlfpPI02b/aL9oqQ+V6wJ+xm5FVXsmz3L+43uwhZA==
x-fb-content-md5: 642e909f09003e3f5b8d0c8df0c3ba49
cross-origin-opener-policy: same-origin-allow-popups
etag: "f308bbffc6d543122a082b66990ebdc6"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
priority: u=3,i
expires: Sat, 30 Nov 2024 05:09:27 GMT

GET
H2 200 169284420317900 Show response
connect.facebook.net/signals/config/ 139 KB
36 KB 445ms
445ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/169284420317900?v=2.9.138&r=stable&domain=says.com

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

617a52c840d59d7fb39bd9641e60db5c3681f31fc1ad5d6f38fa299099f4d7c6

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), otp-credentials=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 01 Dec 2023 06:25:57 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: KL6AmDQtTcO3B4a8RuOMDIB837hrX0kO73HfGlXTmMLM7mpkE6t7PgA/fdFkiy6yBrwOmypsrwfT9vUMRX9uoQ==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 204 b
sb.scorecardresearch.com/ 0
224 B 22ms
22ms Image
text/plain 18.245.60.76
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b?c1=2&c2=6034955&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1701411956828&ns_c=UTF-8&c7=https%3A%2F%2Fsays.com%2Fmy%2Ffun%2Fman-screamed-haidilao-staff-happy-birthday-hot-pot%3Ffbclid%3DIwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA&c8=Man%20Screams%20At%20Haidilao%20Staff%20For%20Singing%20Birthday%20Song%20To%20Him&c9=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.245.60.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-245-60-76.fra60.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:56 GMT
via: 1.1 9bd86598a7f45cc948aa2f9674ece0b2.cloudfront.net (CloudFront)
accept-ch: UA, Platform, Arch, Model, Mobile
x-amz-cf-pop: FRA60-P5
x-amz-cf-id: bL7S2zaEZk5oeItKkzssDTd71BQ-Odnh7u234DtfHY85i9oZsWY-Qw==
x-cache: Miss from cloudfront

POST
H2 200 map Show response
bcp.crwdcntrl.net/6/ 60 B
329 B 47ms
46ms XHR
application/json 52.212.53.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/6/map
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.212.53.77 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-212-53-77.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 96aa3e693ca3f40a5f62ed2e9d9edf5ff67bc17e0ac3a15299166dd41e3417dc

Request headers

Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 06:25:56 GMT
server: Jetty(9.4.38.v20210224)
content-type: application/json;charset=utf-8
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://says.com
cache-control: no-cache
x-server: 10.45.16.100
access-control-allow-credentials: true
content-length: 60
expires: 0

GET
H2

200

esp Show response
oajs.openx.net/
Redirect Chain

https://oajs.openx.net/esp?url=https%3A%2F%2Fsays.com%2Fmy%2Ffun%2Fman-screamed-haidilao-staff-happy-birthday-hot-pot%3Ffbclid%3DIwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA&rid=esp
https://oajs.openx.net/esp?url=https%3A%2F%2Fsays.com%2Fmy%2Ffun%2Fman-screamed-haidilao-staff-happy-birthday-hot-pot%3Ffbclid%3DIwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA&rid=es...

85 B
193 B

135ms
134ms

Fetch
application/json

34.120.107.143
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oajs.openx.net/esp?url=https%3A%2F%2Fsays.com%2Fmy%2Ffun%2Fman-screamed-haidilao-staff-happy-birthday-hot-pot%3Ffbclid%3DIwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA&rid=esp&cc=1
Protocol: H2
Server: 34.120.107.143 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 143.107.120.34.bc.googleusercontent.com
Software: / Express
Resource Hash: 42a341b9dc16f8231c6fe7022a0565c490466a0d1b6c2cb71fe3f645799264c8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:57 GMT
via: 1.1 google
x-powered-by: Express
etag: W/"55-bOYcWbSySsZsClCCJw0I9oIludQ"
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://says.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 85

Redirect headers

date: Fri, 01 Dec 2023 06:25:57 GMT
via: 1.1 google
x-powered-by: Express
vary: Origin
access-control-allow-origin: https://says.com
location: /esp?url=https%3A%2F%2Fsays.com%2Fmy%2Ffun%2Fman-screamed-haidilao-staff-happy-birthday-hot-pot%3Ffbclid%3DIwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA&rid=esp&cc=1
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 geo Show response
ut.pubmatic.com/ 12 B
93 B 106ms
27ms Fetch
application/json 185.64.189.226
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://ut.pubmatic.com/geo?pubid=121793
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/121793/1376/pwt.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.64.189.226 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 642e0c55f52b2a291e47f5ab2d322e35f6776d8ce73b9cc0bd86c65bd4a26620

Request headers

Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
content-type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: *
date: Fri, 01 Dec 2023 06:25:57 GMT
cache-control: max-age=172800
content-length: 12
content-type: application/json

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 92 KB
30 KB 101ms
101ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: says.com
URL: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

26ab0787e17ac94d80c7e591726b5facda6e104e375cfbfc732521ea5689c951

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:56 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30403
x-xss-protection: 0
server: cafe
etag: 432 / 19692 / m202311150101 / config-hash: 11152387477177976423
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 01 Dec 2023 06:25:56 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 294 KB
95 KB 38ms
37ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-7S9H066JJ6&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5WNLRMX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e2f5ce247a4cb90fb38ccfe55119d1b797caf3dddce8b073e3ccce22dc3471b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:56 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 97149
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 01 Dec 2023 06:25:56 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 67ms
19ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5WNLRMX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 01 Dec 2023 05:49:38 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 2178
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Fri, 01 Dec 2023 07:49:38 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/830366072/ 3 KB
2 KB 80ms
33ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/830366072/?random=1701411956945&cv=11&fst=1701411956945&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v77806297&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fsays.com%2Fmy%2Ffun%2Fman-screamed-haidilao-staff-happy-birthday-hot-pot%3Ffbclid%3DIwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA&hn=www.googleadservices.com&frm=0&tiba=Man%20Screams%20At%20Haidilao%20Staff%20For%20Singing%20Birthday%20Song%20To%20Him&uamb=0&uaw=0&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5WNLRMX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

442a7bdba994bf7e108dfb01b7ba0c392c1a6c0b00fda15c687cf727d2897f9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 06:25:57 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1400
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 chartbeat_mab_image.js Show response
static.chartbeat.com/js/ 23 KB
10 KB 116ms
27ms Script
application/x-javascript 2600:9000:2070:5800:18:1fcd:353:c61
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat_mab_image.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5WNLRMX
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2070:5800:18:1fcd:353:c61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: cb83af0eec1fb71fb35196225c4a4a8964b7e47b52f9a85679c808907abd2b09

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 22:00:40 GMT
content-encoding: gzip
via: 1.1 a432ddebfd10465526f121270421362a.cloudfront.net (CloudFront)
last-modified: Thu, 16 Nov 2023 02:00:31 GMT
server: nginx
x-amz-cf-pop: HAM50-C3
age: 30317
etag: W/"655577bf-5df1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-amz-cf-id: rkoGweuOI4QwLcKe0hpAUB4OO2ZxdEvCAR85r81ddhq1HlpoV-oj9Q==
expires: Fri, 01 Dec 2023 22:00:40 GMT

GET
H2 200 ins.js Show response
says.api.useinsider.com/ 427 KB
108 KB 105ms
45ms Script
application/javascript 2606:4700:7::a29f:853d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://says.api.useinsider.com/ins.js?id=10002153

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5WNLRMX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:7::a29f:853d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d8f000f9f6680a3f7294238f51faf3681bd07c9f17ea28fa61458de16be57899

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-amz-version-id: MkzPwSdV.nLUePuFo02wG_b5GAO40XFY
cf-cache-status: HIT
x-amz-request-id: NA35VPQ2YRC9G14H
age: 2962
content-encoding: br
x-amz-id-2: J4SA8bdamTgggllaENOPm46KIrPFgsqWz1U5SPuye4SMBhCAhlhrdvu4Y3XLKiU9n2ERrXp68v0=
x-xss-protection: 1
pragma: public
last-modified: Fri, 01 Dec 2023 04:42:46 GMT
server: cloudflare
etag: W/"d6e9a8306047d1f17051ae8162be2d7a"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=300
cf-ray: 82e9417b5ab85d5d-FRA
expires: Fri, 01 Dec 2023 06:30:57 GMT

GET
H2 200 beacon.js Show response
sb.scorecardresearch.com/ 4 KB
2 KB 22ms
22ms Script
application/javascript 18.245.60.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: says.com
URL: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.245.60.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-245-60-76.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1aee66e2e24e851039801c0dace90f3efb7a1a17b033f7d5bbc12ca7c1d19432

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 09:28:31 GMT
content-encoding: gzip
via: 1.1 9bd86598a7f45cc948aa2f9674ece0b2.cloudfront.net (CloudFront)
last-modified: Fri, 21 Jul 2023 22:21:17 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P5
age: 75445
x-amz-server-side-encryption: AES256
etag: W/"a06e7a176f40dc26aa5e9567ac9d2d5e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=86400
x-amz-cf-id: jQXJgaSK8-EHHvLYNW0AZYJpBxYfbY00eAvX1S9PFLxbFUG2UGU5cA==

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 127ms
33ms Script
application/javascript 146.75.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: says.com
URL: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:57 GMT
content-encoding: gzip
last-modified: Thu, 27 Oct 2022 16:56:53 GMT
etag: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"
vary: Accept-Encoding,Host
x-cache: HIT, HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15375
x-served-by: cache-iad-kjyo7100081-IAD, cache-fra-etou8220030-FRA

GET
H/1.1 404
Not Found pcto.js
c16d-35-240-187-111.ngrok.io/ 0
0 68ms
20ms Script
text/html 2a05:d014:21b:8e02::6e:5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c16d-35-240-187-111.ngrok.io/pcto.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5WNLRMX
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2a05:d014:21b:8e02::6e:5 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

GET
H2 200 9zgdxuyjho Show response
www.clarity.ms/tag/ 650 B
1014 B 183ms
111ms Script
application/x-javascript 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/9zgdxuyjho
Requested by: Host: says.com
URL: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 6488668da3669afe974d4d69bc289931db7369534b0c9e83ec57de7d18e49f7b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

expires: -1
date: Fri, 01 Dec 2023 06:25:57 GMT
x-azure-ref: 20231201T062557Z-bg7x7m27q90sbdyfydgy9dtqsg00000002hg00000002nxa1
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 650
request-context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111

GET
H2 200 heartbeat.min.js Show response
heartbeat.mediaprimaplus.com.my/ 110 KB
39 KB 420ms
360ms Script
application/javascript 2606:4700:4400::6812:233f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://heartbeat.mediaprimaplus.com.my/heartbeat.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5WNLRMX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:233f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

921e931d131b3e5df4cd700f147992c745398d7503938a1e73742fc0642a0a22

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:57 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-guploader-uploadid: ABPtcPo5wDBt9QJ97ttIPf3o4Ou2KtFsUQSxeIUxbWZ-I6kVXsCINE3DXDyNuCHPBEbpy0jFdPg
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 14 Aug 2023 04:04:50 GMT
server: cloudflare
etag: W/"5f725977c0ffda5b4f37aba4a56c9b6c"
x-frame-options: SAMEORIGIN
x-goog-generation: 1691985890041510
content-type: application/javascript
x-goog-hash: crc32c=JcAjSg==, md5=X3JZd8D/2ltPN6ukpWybbA==
cache-control: no-store
x-goog-stored-content-length: 112773
cf-ray: 82e9417b5ba04d38-FRA
expires: Sat, 30 Nov 2024 06:25:57 GMT

GET
H2 204 increment Show response
id5-sync.com/api/esp/ 0
224 B 72ms
21ms XHR
text/plain 141.95.98.64
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/esp/increment?counter=no-config

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/esp.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.95.98.64 , France, ASN16276 (OVH, FR),

Reverse DNS

ns3216658.ip-141-95-98.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://says.com
date: Fri, 01 Dec 2023 06:25:56 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin

GET
H2 200 gsap.js Show response
cdn.skypack.dev/-/gsap@v3.7.1-oqmeGbnx72naX9MRGwFV/dist=es2020,mode=imports,min/optimized/ 60 KB
25 KB 31ms
30ms Script
application/javascript 2606:4700:20::ac43:4ac2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.skypack.dev/-/gsap@v3.7.1-oqmeGbnx72naX9MRGwFV/dist=es2020,mode=imports,min/optimized/gsap.js

Requested by

Host: says.com
URL: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4ac2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b947a3efe23b4827fa6e4f7c6c0364baa2f66d27d0eb8074d5ab36380876e952

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://cdn.skypack.dev/pin/gsap@v3.7.1-oqmeGbnx72naX9MRGwFV/mode=imports,min/optimized/gsap.js
Origin: https://says.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:56 GMT
strict-transport-security: max-age=63072000
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3667
alt-svc: h3=":443"; ma=86400
x-vercel-id: fra1::sfo1::t47n5-1701408289575-e29b2501db14
server: cloudflare
etag: W/"f114-9BlmNMloJV8XaPp0tvFxaV9bubg"
x-vercel-cache: HIT
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eg83TGJnIoEDj%2FxGrbdFLVlgv4KgSTEBFl2aN94ufJ7vdqU8y7rpArj61S%2F61S9i%2FppGWkUNO52l0NdTGsfbpars%2F%2BUFHqvQ0NmuyvS1JGhZtFrFuOESQKYSO2hD46mOSSgwEInz3ofXXZKQ1g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Content-Length, X-Imports
cache-control: public, max-age=31536000, immutable
cf-ray: 82e9417b1e234d58-FRA

GET
H2 200 Draggable.js Show response
cdn.skypack.dev/-/gsap@v3.7.1-oqmeGbnx72naX9MRGwFV/dist=es2020,mode=imports,min/unoptimized/ 29 KB
12 KB 34ms
34ms Script
application/javascript 2606:4700:20::ac43:4ac2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.skypack.dev/-/gsap@v3.7.1-oqmeGbnx72naX9MRGwFV/dist=es2020,mode=imports,min/unoptimized/Draggable.js

Requested by

Host: says.com
URL: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4ac2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ddf85037fd1f04c4684ed0357cf80a71a3c4aa19049bfccdaec678b4b18dc8e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://cdn.skypack.dev/pin/gsap@v3.7.1-oqmeGbnx72naX9MRGwFV/mode=imports,min/unoptimized/Draggable.js
Origin: https://says.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:56 GMT
strict-transport-security: max-age=63072000
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 104014
alt-svc: h3=":443"; ma=86400
x-vercel-id: fra1::sfo1::w8586-1701307942239-eb0ce45dee8f
server: cloudflare
x-imports: ../unoptimized/utils/matrix.js
etag: W/"7553-dYWEgV2hNUKDhK4RO4C1kpAmsIU"
x-vercel-cache: HIT
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lzFGagWw%2FAsS4wquwhIDpTzmIbFdjjFBlAv6l3t%2BX6wdS6BYE0KuZXwuxdltCVPKhw3M%2F88ohKBFiAOrrTjeyNG5qQwsERhXnmTfD7FmGWV5bvS5OUFw6CqKNJMYnNUke5YyMS%2FuYtwCmKXsvw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Content-Length, X-Imports
cache-control: public, max-age=31536000, immutable
cf-ray: 82e9417b1e244d58-FRA

GET
H2 200 matrix.js Show response
cdn.skypack.dev/-/gsap@v3.7.1-oqmeGbnx72naX9MRGwFV/dist=es2020,mode=imports,min/unoptimized/utils/ 5 KB
3 KB 37ms
36ms Script
application/javascript 2606:4700:20::ac43:4ac2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.skypack.dev/-/gsap@v3.7.1-oqmeGbnx72naX9MRGwFV/dist=es2020,mode=imports,min/unoptimized/utils/matrix.js

Requested by

Host: says.com
URL: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4ac2 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dcc156f774f770c9969f60f278f977ce3a561b5927bf0acb682f4834e1729c3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

Referer: https://cdn.skypack.dev/pin/gsap@v3.7.1-oqmeGbnx72naX9MRGwFV/mode=imports,min/unoptimized/Draggable.js
Origin: https://says.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:56 GMT
strict-transport-security: max-age=63072000
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 104014
alt-svc: h3=":443"; ma=86400
x-vercel-id: fra1::sfo1::w8586-1701307942236-ebf4af9e05df
server: cloudflare
etag: W/"1376-T/OrTzcg3vkKhdJZmnBcCh1Vf3g"
x-vercel-cache: HIT
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eoFpQ4TPeG5ETFp1ARto3JC7Dy5jHX6OvWmWst%2BLoIejKkX%2BpBnSBzdKpq3A2q2KLuXEQnUFkkMuVUaRKWgmhG3yumB9FL2JGkJrjxFuk6S0zEUDi5%2B2j6f4ps0rFtXGjvhRZmk4FU9r2ovO1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Content-Length, X-Imports
cache-control: public, max-age=31536000, immutable
cf-ray: 82e9417b1e274d58-FRA

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 6D51 15 KB
6 KB 110ms
37ms Document
text/html 2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=says.com

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

08106c7bf341e3850ac42fe1844e6a66013f726e6927a91c2b965a6861c97121

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 01 Dec 2023 06:25:56 GMT
server: Kestrel
server-processing-duration-in-ticks: 382207
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 impl.20231129-9-RELEASE.js Show response
cdn.taboola.com/libtrc/ 819 KB
170 KB 36ms
36ms Script
application/javascript 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/impl.20231129-9-RELEASE.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/revmediagroup-says/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3-br /
Resource Hash: 038235bd3cb8315d2a638e0dcb856d9aabbce9db44f08914cbb89cddb4e1ee15

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-amz-version-id: JKvyJ6oeTAccktRWwE6TuGca2nQqz7nt
content-encoding: br
via: 1.1 varnish
date: Fri, 01 Dec 2023 06:25:56 GMT
x-amz-request-id: YHSAPFR7XK2BZSP3
age: 14235
x-amz-server-side-encryption: AES256
x-cache: HIT
content-length: 173807
x-amz-id-2: xdw+VOIw6X8Ah8JEU1P3a1gT33n32ABSxVWBNBljrVRFMxRDdxF0vuYfluPXqe/36/91XHpXlaE=
x-served-by: cache-cph2320046-CPH
last-modified: Wed, 29 Nov 2023 10:21:28 GMT
server: AmazonS3-br
x-timer: S1701411957.994139,VS0,VE0
etag: "512d11c41cc7a064e1c4ce90b1cb9be5"
vary: Accept-Encoding
content-type: application/javascript
abp: 66
access-control-allow-origin: *
cache-control: private,max-age=31536000
accept-ranges: bytes
x-cache-hits: 22

GET
H2 204 b
sb.scorecardresearch.com/ 0
226 B 21ms
19ms Image
text/plain 18.245.60.76
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b?c1=2&c2=6034955&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1701411956983&ns_c=UTF-8&comscorekw=fbia&c7=https%3A%2F%2Fsays.com%2Fmy%2Ffun%2Fman-screamed-haidilao-staff-happy-birthday-hot-pot%3Ffbclid%3DIwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA&c8=Man%20Screams%20At%20Haidilao%20Staff%20For%20Singing%20Birthday%20Song%20To%20Him&c9=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.245.60.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-245-60-76.fra60.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:56 GMT
via: 1.1 9bd86598a7f45cc948aa2f9674ece0b2.cloudfront.net (CloudFront)
accept-ch: UA, Platform, Arch, Model, Mobile
x-amz-cf-pop: FRA60-P5
x-amz-cf-id: UCEt5aQjAfPI9NplfuDFAxOuYOLKVu0iCeLGv3VfGPYLKqBE2WiQxg==
x-cache: Miss from cloudfront

POST
H2 204 collect
region1.analytics.google.com/g/ 0
249 B 78ms
28ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-7S9H066JJ6&gtm=45je3bt0v893599173z877806297&_p=1701411956740&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1073581383.1701411957&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1701411957&sct=1&seg=0&dl=https%3A%2F%2Fsays.com%2Fmy%2Ffun%2Fman-screamed-haidilao-staff-happy-birthday-hot-pot%3Ffbclid%3DIwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA&dt=Man%20Screams%20At%20Haidilao%20Staff%20For%20Singing%20Birthday%20Song%20To%20Him&en=page_view&_fv=2&_ss=2&_c=1&ep.author=Yap%20Wan%20Xiang&ep.gigyaId_hit=n%2Fa&ep.category=fun&ep.tags=fun%2C%20confession%2C%20haidilao%2C%20hotpot%2C%20viral%2C%20birthday%2C%20singing&ep.article_id=57681&ep.pagetype=article&ep.publication_date=2022-10-06&ep.publication_time=12%3A49%3A46%2B08%3A00&ep.modified_date=2022-10-06&ep.modified_time=12%3A49%3A46%2B08%3A00&ep.site_name=SAYS&tfd=1461
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-7S9H066JJ6&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 06:25:57 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://says.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
249 B 83ms
27ms Ping
text/plain 2a00:1450:400c:c00::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-7S9H066JJ6&cid=1073581383.1701411957&gtm=45je3bt0v893599173z877806297&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-7S9H066JJ6&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 06:25:57 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://says.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 79ms
31ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-7S9H066JJ6&cid=1073581383.1701411957&gtm=45je3bt0v893599173z877806297&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=1317518407

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 06:25:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 publisher:getClientId Show response
ampcid.google.com/v1/ 74 B
434 B 110ms
28ms XHR
application/json 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ampcid.google.com/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

991bfe84fec788f2b7d432b99a60c1e2aa2e799bc0137da8cf478299d0fc9a10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 01 Dec 2023 06:25:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://says.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 94
x-xss-protection: 0

GET
H2 200 /
www.google.com/pagead/1p-user-list/830366072/ 42 B
455 B 77ms
31ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/830366072/?random=1701411956945&cv=11&fst=1701410400000&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v77806297&u_w=1600&u_h=1200&url=https%3A%2F%2Fsays.com%2Fmy%2Ffun%2Fman-screamed-haidilao-staff-happy-birthday-hot-pot%3Ffbclid%3DIwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA&frm=0&tiba=Man%20Screams%20At%20Haidilao%20Staff%20For%20Singing%20Birthday%20Song%20To%20Him&fmt=3&is_vtc=1&cid=CAQSKQDICaaNSWSe3-sGLWWqZYUWB9bAo3YL7ziocl9-fbcM5JMF0Ib358PJ&random=3114994876&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 06:25:57 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/830366072/ 42 B
154 B 70ms
32ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/830366072/?random=1701411956945&cv=11&fst=1701410400000&bg=ffffff&guid=ON&async=1&gtm=45He3bt0v77806297&u_w=1600&u_h=1200&url=https%3A%2F%2Fsays.com%2Fmy%2Ffun%2Fman-screamed-haidilao-staff-happy-birthday-hot-pot%3Ffbclid%3DIwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA&frm=0&tiba=Man%20Screams%20At%20Haidilao%20Staff%20For%20Singing%20Birthday%20Song%20To%20Him&fmt=3&is_vtc=1&cid=CAQSKQDICaaNSWSe3-sGLWWqZYUWB9bAo3YL7ziocl9-fbcM5JMF0Ib358PJ&random=3114994876&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 06:25:57 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sponsor-logo.png
pcto.revmedia.my/2023/11/cetaphil/assets/ 5 KB
6 KB 32ms
32ms Image
image/webp 2606:4700:4400::ac40:97e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcto.revmedia.my/2023/11/cetaphil/assets/sponsor-logo.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:97e6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2c59386bc6f029ae692b14f959525447295dbc2a67949ebf93a715d3f8ee9dca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:57 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2086
cf-polished: origFmt=png, origSize=7231
x-guploader-uploadid: ABPtcPone_0PqUbYNPT6wwhWoqFjiMebtl9PIS58P6pPA536rA5WIMft_5H0y2RIWSh6LxVxLxphxf6uAw
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-disposition: inline; filename="sponsor-logo.webp"
alt-svc: h3=":443"; ma=86400
content-length: 5034
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
cf-bgj: imgq:100,h2pri
last-modified: Wed, 22 Nov 2023 03:09:41 GMT
server: cloudflare
etag: "fe98f6c9fe9c04c29c097e9fde7fa344"
vary: Accept
x-goog-generation: 1700622581968853
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=JpdKSA==, md5=/pj2yf6cBMKcCX6f3n+jRA==
access-control-expose-headers: Content-Type
cache-control: public, max-age=14400
x-goog-stored-content-length: 7231
x-frame-options: SAMEORIGIN
accept-ranges: bytes
cf-ray: 82e9417b99bf90e6-FRA
expires: Fri, 01 Dec 2023 10:25:57 GMT

GET
H3 200 says-blue.png
pcto.revmedia.my/2023/11/cetaphil/assets/ 9 KB
10 KB 31ms
31ms Image
image/webp 2606:4700:4400::ac40:97e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcto.revmedia.my/2023/11/cetaphil/assets/says-blue.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:97e6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7b48aedf74c1af93cdae2c9ac3fbb8821d252e2b5683b3f0b5525c690473e058

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:57 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2086
cf-polished: origFmt=png, origSize=22232
x-guploader-uploadid: ABPtcPpt9qrul4I7EHlu6eh3JnVOpQRrpXaKmsUXjFJ7mz-JjPMbF1xavUEVbmkgo8oQ1T2RoQ
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-disposition: inline; filename="says-blue.webp"
alt-svc: h3=":443"; ma=86400
content-length: 9320
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
cf-bgj: imgq:100,h2pri
last-modified: Wed, 29 Nov 2023 04:31:29 GMT
server: cloudflare
etag: "dea80ed03309f3d937557f15debd1642"
vary: Accept
x-goog-generation: 1701232289357132
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=Q8vOQA==, md5=3qgO0DMJ89k3VX8V3r0WQg==
access-control-expose-headers: Content-Type
cache-control: public, max-age=14400
x-goog-stored-content-length: 22232
x-frame-options: SAMEORIGIN
accept-ranges: bytes
cf-ray: 82e9417b99c090e6-FRA
expires: Fri, 01 Dec 2023 10:25:57 GMT

GET
H3 200 says-desktop-banner.png
pcto.revmedia.my/2023/11/cetaphil/assets/ 105 KB
106 KB 362ms
362ms Image
image/png 2606:4700:4400::ac40:97e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcto.revmedia.my/2023/11/cetaphil/assets/says-desktop-banner.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:97e6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

335bfc4eb13f429d6ab8957c8c3c68c101c7fcc3b839f3899c88437039f01790

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:57 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
cf-polished: status=not_needed
x-guploader-uploadid: ABPtcPoax0k5yPnLQWEIpPkI4PQ2oqbZVfyjznG450vEFYVDJhdSo4ek-U7hgRg4DBP0z4Q4XrI
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
content-length: 107648
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
cf-bgj: imgq:100,h2pri
last-modified: Fri, 24 Nov 2023 06:07:11 GMT
server: cloudflare
etag: "d8a5f5d215a51204ef9ddcedf7d7c0c4"
vary: Accept-Encoding
x-goog-generation: 1700806031663751
content-type: image/png
access-control-allow-origin: *
x-goog-hash: crc32c=/CaX9w==, md5=2KX10hWlEgTvndzt99fAxA==
access-control-expose-headers: Content-Type
cache-control: public, max-age=14400
x-goog-stored-content-length: 107648
x-frame-options: SAMEORIGIN
accept-ranges: bytes
cf-ray: 82e9417b99c190e6-FRA
expires: Fri, 01 Dec 2023 10:25:57 GMT

GET
H3 200 sponsor-widget_en.gif
pcto.revmedia.my/2023/11/cetaphil/assets/ 98 KB
99 KB 50ms
50ms Image
image/webp 2606:4700:4400::ac40:97e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcto.revmedia.my/2023/11/cetaphil/assets/sponsor-widget_en.gif

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:97e6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b8f07b699df0f9637e174df1a1f2e4d4cd9e0202998d993d872327302a06253f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:57 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2086
cf-polished: origFmt=gif, origSize=163087
x-guploader-uploadid: ABPtcPr3577nVnqZ6CKTcDSMq1s19rM0oa-wRt51nbleg-H_zMknGnmMjO6oOJx90RC-po2ivC4
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-disposition: inline; filename="sponsor-widget_en.webp"
alt-svc: h3=":443"; ma=86400
content-length: 100254
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
cf-bgj: imgq:100,h2pri
last-modified: Wed, 22 Nov 2023 03:09:41 GMT
server: cloudflare
etag: "f9426033867e0c487bb993926a512254"
vary: Accept
x-goog-generation: 1700622581780489
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=SdfAAA==, md5=+UJgM4Z+DEh7uZOSalEiVA==
access-control-expose-headers: Content-Type
cache-control: public, max-age=14400
x-goog-stored-content-length: 163087
x-frame-options: SAMEORIGIN
accept-ranges: bytes
cf-ray: 82e9417b99c290e6-FRA
expires: Fri, 01 Dec 2023 10:25:57 GMT

GET
H2 200 l
use.typekit.net/af/256534/00000000000000003b9b0938/27/ 20 KB
20 KB 34ms
33ms Font
application/font-woff2 2a02:26f0:3500:16::215:1495
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/256534/00000000000000003b9b0938/27/l?subset_id=2&fvd=i6&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/ner5wjl.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:16::215:1495 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 4cd8bf51b15e6e0f2ae1b845b55e742d6bb7134d9a2291520026a507d66be2c9

Request headers

Referer: https://use.typekit.net/ner5wjl.css
Origin: https://says.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:57 GMT
server: nginx
etag: "2f3daa7b20e708b1be46806f3694b6aeb5f517a2"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 20136

GET
H3 403 update_show Show response
says.com/my/stories/57681/ 7 KB
5 KB 28ms
28ms XHR
text/html 2606:4700:4400::ac40:95ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://says.com/my/stories/57681/update_show?_=1701411956730

Requested by

Host: says.com
URL: https://says.com/assets/application-cbccbe0e6a648c7f70bbb904016388798338882e7a4966047a5a15832b27173d.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:95ee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

029210bb6046348cfc8962cc1179220567e1009ac6f3995da98cc30bad5a9471

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
X-CSRF-Token: Cl1uUy3J4CdxHwzDm3tk1W6QlezoY+TRJKfxoYoE62Y4y6JASt3F8M6PmvLuWXsZlSS7BICFRJRO4FnwcuHAhQ==
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:57 GMT
content-encoding: br
x-content-type-options: nosniff
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: same-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
cross-origin-opener-policy: same-origin
cf-mitigated: challenge
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
origin-agent-cluster: ?1
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cf-ray: 82e9417baf29900a-FRA
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 116ms
69ms XHR
application/json 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202311150101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9fd132900061777710af30c42ab8ba9dc3f16bf2f80060939dfc11b92fa9c087

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:57 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12185
x-xss-protection: 0

GET
H2 200 Q7LmTiaVXg4 Show response
www.youtube.com/embed/ Frame B775 92 KB
40 KB 157ms
106ms Document
text/html 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/Q7LmTiaVXg4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e35dde961c60c8346a03855ed4aefd8fcab6a0f3e7329e48e7423a6af063f3e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=utf-8
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
cross-origin-resource-policy: cross-origin
date: Fri, 01 Dec 2023 06:25:57 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
origin-trial: AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 204 rum Show response
says.com/cdn-cgi/ 0
136 B 24ms
22ms XHR
text/plain 2606:4700:4400::ac40:95ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://says.com/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:95ee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
content-type: application/json

Response headers

date: Fri, 01 Dec 2023 06:25:57 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://says.com
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 82e9417bcf38900a-FRA

GET
H2 200 chartbeat_video.js Show response
static.chartbeat.com/js/ 70 KB
24 KB 29ms
29ms Script
application/x-javascript 2600:9000:2070:5800:18:1fcd:353:c61
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat_video.js
Requested by: Host: says.com
URL: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2070:5800:18:1fcd:353:c61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: ff18779bb7f76122171e9faa51b7af30bc0239d361c926489b02032bb5bccb54

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 22:19:27 GMT
content-encoding: gzip
via: 1.1 a432ddebfd10465526f121270421362a.cloudfront.net (CloudFront)
last-modified: Thu, 16 Nov 2023 02:00:16 GMT
server: nginx
x-amz-cf-pop: HAM50-C3
age: 29190
etag: W/"655577b0-1197e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-amz-cf-id: DQBd94WXv7lYFbu-qqQMmpQ8Ruj-qFgQHluRKKezOHWzooSCqAtNeg==
expires: Fri, 01 Dec 2023 22:19:27 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame 6D51
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertagids&domain=says.com&sn=ChromeSyncframe&so=0&topUrl=says.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=LOszSHxOeElrZGJWQ2pvb25DL1dTRVlhUGR3RHhMRnVNK2VlemVrVEpvMldrUGFTVTlFUmRFRVZlNDdhWFlPcXpYZXQvZVhXajV4bWdYZ0ZJNWlpbW9DTjB0WWFQZXBrWHJlV01FN2lWR1ExS3BiRFcwWG9ncmJ0b2ZZUW...

435 B
651 B

37ms
37ms

Fetch
application/json

2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=LOszSHxOeElrZGJWQ2pvb25DL1dTRVlhUGR3RHhMRnVNK2VlemVrVEpvMldrUGFTVTlFUmRFRVZlNDdhWFlPcXpYZXQvZVhXajV4bWdYZ0ZJNWlpbW9DTjB0WWFQZXBrWHJlV01FN2lWR1ExS3BiRFcwWG9ncmJ0b2ZZUW53QkJ6UW5pY2ZaYTlnZmRRNEt3RTAyUzlPSXJ6VkFoejhQZE9yT3Z1TU1uR0JiSWZ0czJsYnpnOVFJUmNyY0tFQzhVVkdWV0dRdU5hUVAyVTg4MTZBUlVGenhaeEtDWk93bTYwZ09jOGFOTjRyQUY2QnhVK1BVSm5qU2RCMUFycm92Y3I1Qjg0NW83d3lyNTQ0WUU2Yk5TS1gvOGh3QT09fA&cppv=2

Protocol

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

ddaee1f247e1f8ef6218b7db3ad9ca9c4bb7946e49d003fb7f10eff229b04a0f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 06:25:56 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 762482
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 01 Dec 2023 06:25:56 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://mug.criteo.com/sid?cpp=LOszSHxOeElrZGJWQ2pvb25DL1dTRVlhUGR3RHhMRnVNK2VlemVrVEpvMldrUGFTVTlFUmRFRVZlNDdhWFlPcXpYZXQvZVhXajV4bWdYZ0ZJNWlpbW9DTjB0WWFQZXBrWHJlV01FN2lWR1ExS3BiRFcwWG9ncmJ0b2ZZUW53QkJ6UW5pY2ZaYTlnZmRRNEt3RTAyUzlPSXJ6VkFoejhQZE9yT3Z1TU1uR0JiSWZ0czJsYnpnOVFJUmNyY0tFQzhVVkdWV0dRdU5hUVAyVTg4MTZBUlVGenhaeEtDWk93bTYwZ09jOGFOTjRyQUY2QnhVK1BVSm5qU2RCMUFycm92Y3I1Qjg0NW83d3lyNTQ0WUU2Yk5TS1gvOGh3QT09fA&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 214031
content-length: 0
expires: 0

GET
H2 200 sync Show response
gum.criteo.com/ 73 B
314 B 39ms
38ms Script
text/javascript 2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sync?c=72&r=2&j=TRC.getRTUS

Requested by

Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20231129-9-RELEASE.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4c247ce494583ee6e3ea3dd2c09aa0363088b1946052f6451c447a8b2d28a68b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:56 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=3600
server-processing-duration-in-ticks: 1590469
expires: 60

GET
H2 200 json Show response
trc.taboola.com/revmediagroup-says/trc/3/ 55 KB
14 KB 443ms
431ms XHR
application/javascript 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/revmediagroup-says/trc/3/json?tim=07%3A25%3A57.112&lti=deflated&data=%7B%22id%22%3A607%2C%22ii%22%3A%22%2Fmy%2Ffun%2Fman-screamed-haidilao-staff-happy-birthday-hot-pot%22%2C%22it%22%3A%22text%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22uifp%22%3Anull%2C%22lbt%22%3A1701339774396%2C%22vi%22%3A1701411957111%2C%22cv%22%3A%2220231129-9-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fsays.com%2Fmy%2Ffun%2Fman-screamed-haidilao-staff-happy-birthday-hot-pot%22%2C%22bv%22%3A%220%22%2C%22wc%22%3Atrue%2C%22ul%22%3A%5B%22en-US%22%2C%22en%22%5D%2C%22uad%22%3A%7B%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%2C%22uaFullVersion%22%3A%22%22%7D%2C%22btv%22%3A%220%22%2C%22cos%22%3A%224g%22%2C%22bu%22%3A%22https%3A%2F%2Fsays.com%2Fmy%2Ffun%2Fman-screamed-haidilao-staff-happy-birthday-hot-pot%3Ffbclid%3DIwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA%22%2C%22vpi%22%3A%22%2Fmy%2Ffun%2Fman-screamed-haidilao-staff-happy-birthday-hot-pot%22%2C%22bad%22%3A-1%2C%22sw%22%3A1600%2C%22sh%22%3A1200%2C%22bw%22%3A1600%2C%22sde%22%3A%221.000%22%2C%22bh%22%3A1200%2C%22dw%22%3A1600%2C%22dh%22%3A4421%2C%22qs%22%3A%22%3Ffbclid%3DIwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-t2m%22%2C%22s%22%3A6%2C%22uim%22%3A%22thumbnails-b%3Aabp%3D0%22%2C%22uip%22%3A%22Below%20Article%20Thumbnails%22%2C%22orig_uip%22%3A%22Below%20Article%20Thumbnails%22%2C%22cd%22%3A4357.625%2C%22mw%22%3A740%7D%5D%2C%22cacheKey%22%3A%22text%3D%2Fmy%2Ffun%2Fman-screamed-haidilao-staff-happy-birthday-hot-pot%2CBelow%20Article%20Thumbnails%3Dthumbnails-b%3Aabp%3D0%22%2C%22cb%22%3A%22TRC.callbacks.recommendations_1%22%2C%22lt%22%3A%22deflated%22%7D&llvl=2
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20231129-9-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: da2a8bb9717cd0b2253207e227a15e2647295db50efdc7316fb4ab8053f098ed

Request headers

Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

x-vcl-time-ms: 396
date: Fri, 01 Dec 2023 06:25:57 GMT
content-encoding: gzip
via: 1.1 varnish
cpu: 0.781875
x-fastly-to-nlb-rtt: 13891
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
x-service-version: v1
x-served-by: cache-cph2320046-CPH
x-log-content-encoding: gzip
server: nginx
x-timer: S1701411957.136374,VS0,VE396
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: https://says.com
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H2 200 / Show response
mab.chartbeat.com/mab_strategy/headline_testing/get_strategy/ 206 B
516 B 77ms
20ms XHR
application/json 2a04:4e42:600::714
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://mab.chartbeat.com/mab_strategy/headline_testing/get_strategy/?host=says.com&domain=says.com&path=%2Fmy%2Ffun%2Fman-screamed-haidilao-staff-happy-birthday-hot-pot
Requested by: Host: static.chartbeat.com
URL: https://static.chartbeat.com/js/chartbeat_mab_image.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42:600::714 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: f596541cd2cf46ef09c0e008cfa62c62525f71737c737c6a23e395ef8be5dfc5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-cache-hits: 1
date: Fri, 01 Dec 2023 06:25:57 GMT
content-encoding: gzip
via: 1.1 varnish (Varnish/6.0), 1.1 varnish
age: 671
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 158
x-served-by: cache-fra-eddf8230123-FRA
x-timer: S1701411957.179961,VS0,VE1
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, s-maxage=0
accept-ranges: bytes
expires: Wed, 29 Nov 2023 06:14:46 GMT

GET
H2 200 worker-new.html Show response
says.api.useinsider.com/ Frame 5423 10 KB
3 KB 35ms
34ms Document
text/html 2606:4700:7::a29f:853d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://says.api.useinsider.com/worker-new.html
Requested by: Host: says.api.useinsider.com
URL: https://says.api.useinsider.com/ins.js?id=10002153
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:853d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8c3d3f8f234c097ceffd6fa4f04eb721a627e0149d07e68125f318b1be1bb841

Request headers

Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
age: 5250
cache-control: public, max-age=1209600
cf-cache-status: HIT
cf-ray: 82e9417c2b2b5d5d-FRA
content-encoding: br
content-type: text/html
date: Fri, 01 Dec 2023 06:25:57 GMT
expires: Fri, 15 Dec 2023 06:25:57 GMT
last-modified: Tue, 28 Nov 2023 12:17:54 GMT
server: cloudflare
vary: Accept-Encoding

GET
H2 200 adsct
t.co/i/ 43 B
377 B 185ms
130ms Image
image/gif 104.244.42.69
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=2999b2e9-381c-4b75-b898-cbc8252f7a94&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=7d2c9cd2-c64f-4c2d-9547-c0576108712a&tw_document_href=https%3A%2F%2Fsays.com%2Fmy%2Ffun%2Fman-screamed-haidilao-staff-happy-birthday-hot-pot%3Ffbclid%3DIwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o1blg&type=javascript&version=2.3.29

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.69 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-response-time: 110
date: Fri, 01 Dec 2023 06:25:57 GMT
strict-transport-security: max-age=0
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 6cfb479a16a42ca0
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: 1a36ae4f3329500bb6403123f8ba7f1f0d80faa9026b8d82b18595c48dd7693b
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
397 B 254ms
205ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=2999b2e9-381c-4b75-b898-cbc8252f7a94&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=7d2c9cd2-c64f-4c2d-9547-c0576108712a&tw_document_href=https%3A%2F%2Fsays.com%2Fmy%2Ffun%2Fman-screamed-haidilao-staff-happy-birthday-hot-pot%3Ffbclid%3DIwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o1blg&type=javascript&version=2.3.29

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-response-time: 185
date: Fri, 01 Dec 2023 06:25:56 GMT
strict-transport-security: max-age=631138519
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: a73ec8129dd2b67c
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: 6a0db6383bbbb96bf8401702757817b04413c24bff72b4aee46812f611c6b870
content-length: 43

POST
H2 200 publisher:getClientId Show response
ampcid.google.de/v1/ 3 B
363 B 102ms
27ms XHR
application/json 2a00:1450:4001:81c::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ampcid.google.de/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 01 Dec 2023 06:25:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://says.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23
x-xss-protection: 0

GET
H2 200 clarity.js Show response
www.clarity.ms/s/0.7.18/ 59 KB
25 KB 51ms
50ms Script
application/javascript 2620:1ec:bdf::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/s/0.7.18/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/9zgdxuyjho
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: f4e16c137bfcf443839c20e1038b9ee2dec570f047ae3b1c8f9378e9176750dd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:57 GMT
content-encoding: br
last-modified: Fri, 17 Nov 2023 13:41:44 GMT
etag: W/"0x8DBE772F014B026"
vary: Accept-Encoding
x-azure-ref: 20231201T062557Z-bg7x7m27q90sbdyfydgy9dtqsg00000002hg00000002nxbk
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
x-ms-request-id: 977c8097-b01e-001e-69de-21c203000000
cache-control: public, max-age=86400
x-cache: TCP_HIT
x-ms-version: 2018-03-28

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=44A7A75394D4420BAA8C69ACF7F168DE&RedC=c.clarity.ms&MXFR=3AF759CEB0AD64BA3F1F4A14B4AD6A05
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=44A7A75394D4420BAA8C69ACF7F168DE&MUID=314EF0CB296C630437A1E31128076281

42 B
443 B

46ms
46ms

Image
image/gif

68.219.88.97
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=44A7A75394D4420BAA8C69ACF7F168DE&MUID=314EF0CB296C630437A1E31128076281
Protocol: H2
Server: 68.219.88.97 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 06:25:56 GMT
last-modified: Wed, 30 Aug 2023 19:01:41 GMT
server: Microsoft-IIS/10.0
etag: "8d59566974dbd91:0"
x-powered-by: ASP.NET
content-type: image/gif
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-length: 42

Redirect headers

pragma: no-cache
date: Fri, 01 Dec 2023 06:25:57 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 43133BB1B3624DF295C04F7B5200071A Ref B: FRAEDGE1517 Ref C: 2023-12-01T06:25:57Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=44A7A75394D4420BAA8C69ACF7F168DE&MUID=314EF0CB296C630437A1E31128076281
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H2 200 ping
ping.chartbeat.net/ 43 B
201 B 354ms
115ms Image
image/gif 35.174.214.9
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ping.chartbeat.net/ping?h=says.com&p=%2Fmy%2Ffun%2Fman-screamed-haidilao-staff-happy-birthday-hot-pot&u=BiNVrFCHFU3sBPT4h2&d=says.com&g=65124&g0=fun&g1=yap%20wan%20xiang&n=1&f=00001&c=0&x=0&m=0&y=4421&o=1600&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=&PA=https%3A%2F%2Fsays.com%2Fmy%2Ffun%2Fman-screamed-haidilao-staff-happy-birthday-hot-pot%3Ffbclid%3DIwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA&b=1130&_s=%7B%22ga%22%3Anull%7D&t=C42DYKB9MMlcVgkBNCWaQH_DS4V0t&V=141&i=Man%20Screams%20At%20Haidilao%20Staff%20For%20Singing%20Birthday%20Song%20To%20Him&tz=-60&sn=1&sv=dMHCQByjeFhCmKDaUD6WlWwC7knV&sd=1&im=067b0ff3&_
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.174.214.9 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-174-214-9.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Fri, 01 Dec 2023 06:25:57 GMT
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-length: 43
expires: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 79ms
30ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 01 Dec 2023 06:25:57 GMT

GET
H2 200 www-player.css
www.youtube.com/s/player/5753e790/ Frame B775 378 KB
48 KB 21ms
21ms Stylesheet
text/css 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/5753e790/www-player.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/Q7LmTiaVXg4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a8b61fa32cdb1dbe2ce40d7e0636c394dc63b7615cb05bcd9ca1a0f6e1501d80

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/Q7LmTiaVXg4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 02:46:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 13151
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48796
x-xss-protection: 0
last-modified: Mon, 27 Nov 2023 02:43:52 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Sat, 30 Nov 2024 02:46:46 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame B775 15 KB
15 KB 73ms
26ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/Q7LmTiaVXg4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 23:26:56 GMT
x-content-type-options: nosniff
age: 25141
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Nov 2024 23:26:56 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame B775 15 KB
16 KB 67ms
20ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/Q7LmTiaVXg4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 21:01:27 GMT
x-content-type-options: nosniff
age: 120270
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 28 Nov 2024 21:01:27 GMT

GET
H2 200 pd Show response
google-bidout-d.openx.net/w/1.0/ Frame 9654 0
176 B 92ms
42ms Document
text/html 34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Requested by: Host: oa.openxcdn.net
URL: https://oa.openxcdn.net/esp.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 20
content-type: text/html
date: Fri, 01 Dec 2023 06:25:57 GMT
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H2 200 embed.js Show response
www.youtube.com/s/player/5753e790/player_ias.vflset/de_DE/ Frame B775 56 KB
18 KB 31ms
31ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/5753e790/player_ias.vflset/de_DE/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/Q7LmTiaVXg4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb7202f5817a1899549626e5725e9054a02123b925e70fa184cbabcc88060b3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/Q7LmTiaVXg4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 08:32:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 337990
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17858
x-xss-protection: 0
last-modified: Mon, 27 Nov 2023 02:43:52 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Tue, 26 Nov 2024 08:32:47 GMT

GET
H2 200 www-embed-player.js Show response
www.youtube.com/s/player/5753e790/www-embed-player.vflset/ Frame B775 322 KB
96 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/5753e790/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/Q7LmTiaVXg4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

810892545e4b290f8b8516bda6858ef698a342489be9800e2ba0e358c8d5d7a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/Q7LmTiaVXg4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:21:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 286
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 98548
x-xss-protection: 0
last-modified: Mon, 27 Nov 2023 02:43:52 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Sat, 30 Nov 2024 06:21:11 GMT

GET
H2 200 base.js Show response
www.youtube.com/s/player/5753e790/player_ias.vflset/de_DE/ Frame B775 2 MB
766 KB 49ms
48ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/5753e790/player_ias.vflset/de_DE/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/Q7LmTiaVXg4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d475d244ed345844e3b7fff8f616d6be3c824df7e2b2d47900e95cb4eebcf67

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/Q7LmTiaVXg4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 08:32:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 338000
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 783462
x-xss-protection: 0
last-modified: Mon, 27 Nov 2023 02:43:52 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Tue, 26 Nov 2024 08:32:37 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
142 B 26ms
26ms XHR
text/plain 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=797652530&t=pageview&_s=1&dl=https%3A%2F%2Fsays.com%2Fmy%2Ffun%2Fman-screamed-haidilao-staff-happy-birthday-hot-pot%3Ffbclid%3DIwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA&ul=en-us&de=UTF-8&dt=Man%20Screams%20At%20Haidilao%20Staff%20For%20Singing%20Birthday%20Song%20To%20Him&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aCDACAABBAQCACAEC~&jid=1160177469&gjid=1125467361&cid=1073581383.1701411957&tid=UA-27970811-1&_gid=2015496077.1701411957&_r=1&_slc=1&gtm=45He3bt0n815WNLRMXv77806297&cd1=Yap%20Wan%20Xiang&cd3=n%2Fa&cd5=fun&cd6=fun%2C%20confession%2C%20haidilao%2C%20hotpot%2C%20viral%2C%20birthday%2C%20singing&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&z=1857011017

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 06:25:57 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://says.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
194 B 19ms
19ms Image
image/gif 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=797652530&t=event&ni=1&_s=1&dl=https%3A%2F%2Fsays.com%2Fmy%2Ffun%2Fman-screamed-haidilao-staff-happy-birthday-hot-pot%3Ffbclid%3DIwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA&ul=en-us&de=UTF-8&dt=Man%20Screams%20At%20Haidilao%20Staff%20For%20Singing%20Birthday%20Song%20To%20Him&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Scroll%20Depth&ea=%2Fmy%2Ffun%2Fman-screamed-haidilao-staff-happy-birthday-hot-pot&el=25%25&_u=aCDACAABBAQCACAEC~&jid=&gjid=&cid=1073581383.1701411957&tid=UA-27970811-1&_gid=2015496077.1701411957&gtm=45He3bt0n815WNLRMXv77806297&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&z=1266241024

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Nov 2023 21:37:22 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 31715
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame EF88 13 KB
5 KB 22ms
21ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 60849
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 30 Nov 2023 13:31:48 GMT
expires: Fri, 29 Nov 2024 13:31:48 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame ED62 829 B
981 B 33ms
32ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

383804df61de5d058ec75635ece186d1fd79484a8dd6644329170f6fd22881d8

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-k5fBvtKH3SOhph9oeS_ANg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-k5fBvtKH3SOhph9oeS_ANg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 01 Dec 2023 06:25:57 GMT
expires: Fri, 01 Dec 2023 06:25:57 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
151 B 27ms
27ms XHR
text/plain 2a00:1450:400c:c00::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-27970811-1&cid=1073581383.1701411957&jid=1160177469&gjid=1125467361&_gid=2015496077.1701411957&_u=aCDACAAABAQCACAEC~&z=1745582556

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 01 Dec 2023 06:25:57 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://says.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 89ms
19ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=169284420317900&ev=PageView&dl=https%3A%2F%2Fsays.com%2Fmy%2Ffun%2Fman-screamed-haidilao-staff-happy-birthday-hot-pot%3Ffbclid%3DIwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA&rl=&if=false&ts=1701411957301&sw=1600&sh=1200&v=2.9.138&r=stable&ec=0&o=4126&fbc=fb.1.1701411957296.IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA&fbp=fb.1.1701411957299.523118233&cs_est=true&ler=empty&it=1701411956827&coo=false&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 01 Dec 2023 06:25:57 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

POST
H/1.1 204
No Content collect Show response
y.clarity.ms/ 0
288 B 483ms
237ms XHR
text/plain 104.211.35.148
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://y.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.18/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.211.35.148 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://says.com
Date: Fri, 01 Dec 2023 06:25:57 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:dfa4d45a-f309-4181-9ede-77e6e6c0ecf0

GET
H2 200 container.html Show response
ce73e6b410d922c1f2e067cb16546cf3.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 51BF 6 KB
3 KB 22ms
21ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ce73e6b410d922c1f2e067cb16546cf3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 01 Dec 2023 06:25:56 GMT
expires: Sat, 30 Nov 2024 06:25:56 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame EF88 39 KB
15 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 21:47:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 31100
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 29 Nov 2024 21:47:37 GMT

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012310301456000/ Frame 9AA4 196 KB
56 KB 68ms
20ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012310301456000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c6077711ce3174050ccebe6559eb5f0e251942c2cad21900d1c3ef316065565b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 29 Nov 2023 17:10:37 GMT
age: 134120
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56081
x-xss-protection: 0
server: sffe
etag: "6a17d296884b026a"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 28 Nov 2024 17:10:37 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012310301456000/v0/ Frame 9AA4 15 KB
5 KB 103ms
55ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012310301456000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b53b6ad23b258ce11eed97786741510819a369348afcf1260856fe3041fc33de

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 30 Nov 2023 21:48:00 GMT
age: 31077
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5225
x-xss-protection: 0
server: sffe
etag: "0b7142e00666043e"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Fri, 29 Nov 2024 21:48:00 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012310301456000/v0/ Frame 9AA4 95 KB
29 KB 106ms
58ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012310301456000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3907cc5ed9d4a0cdb316d069614220b55fccd5624ac173592a7a4c2c3aae0636

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sat, 25 Nov 2023 01:47:30 GMT
age: 535107
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29077
x-xss-protection: 0
server: sffe
etag: "7b1f1965b6cd6fda"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sun, 24 Nov 2024 01:47:30 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012310301456000/v0/ Frame 9AA4 5 KB
2 KB 118ms
70ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012310301456000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

516f5e4c2dc5c69f3e1707e76695f866f8e62468aca15c1a9ddb165eb684f6f0

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 24 Nov 2023 22:04:26 GMT
age: 548491
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1911
x-xss-protection: 0
server: sffe
etag: "5b0a82507b260c6e"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 23 Nov 2024 22:04:26 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012310301456000/v0/ Frame 9AA4 40 KB
13 KB 114ms
67ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012310301456000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18ebc36644e10f87e20812c15e329c1b25848c62cd6cdfe74427cdf8995bc3a9

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 29 Nov 2023 17:10:37 GMT
age: 134120
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12952
x-xss-protection: 0
server: sffe
etag: "9817e561a46c70fa"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Thu, 28 Nov 2024 17:10:37 GMT

GET truncated
/ Frame 9AA4 0
0

GET
H3 200 5642077469247812646
tpc.googlesyndication.com/simgad/ Frame 9AA4 79 KB
79 KB 23ms
23ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/5642077469247812646?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qlXGAkvPdzbW9DkvGe4e0o2XxbP-Q

Requested by

Host: says.com
URL: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4aa589d9190b16b42a44a9553ae00fa43c88b9b0aaa99c4ec536fd66a6b86751

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 23:27:23 GMT
x-content-type-options: nosniff
age: 25114
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 81152
x-xss-protection: 0
last-modified: Fri, 29 Sep 2023 10:58:07 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 29 Nov 2024 23:27:23 GMT

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 9AA4 2 KB
2 KB 22ms
21ms Image
image/png 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: says.com
URL: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 11:53:15 GMT
x-content-type-options: nosniff
server: cafe
age: 66762
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2502
x-xss-protection: 0
expires: Fri, 01 Dec 2023 11:53:15 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 9AA4 295 B
319 B 24ms
24ms Image
image/png 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: says.com
URL: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 17:24:33 GMT
x-content-type-options: nosniff
server: cafe
age: 46884
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Dec 2023 17:24:33 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 34ms
33ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-27970811-1&cid=1073581383.1701411957&jid=1160177469&_u=aCDACAAABAQCACAEC~&z=1933465775

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 06:25:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 31ms
30ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-27970811-1&cid=1073581383.1701411957&jid=1160177469&_u=aCDACAAABAQCACAEC~&z=1933465775

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 06:25:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
54 B 30ms
28ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-7S9H066JJ6&gtm=45je3bt0v893599173z877806297&_p=1701411956740&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1073581383.1701411957&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&sid=1701411957&sct=1&seg=0&dl=https%3A%2F%2Fsays.com%2Fmy%2Ffun%2Fman-screamed-haidilao-staff-happy-birthday-hot-pot%3Ffbclid%3DIwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA&dt=Man%20Screams%20At%20Haidilao%20Staff%20For%20Singing%20Birthday%20Song%20To%20Him&_s=2&tfd=1791
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-7S9H066JJ6&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 06:25:57 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://says.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame ED62 0
0 55ms
54ms Image
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202311150101&jk=1650737213599825&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 95DC 138 KB
47 KB 180ms
93ms Document
text/html 2a02:2638:3::12
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZWl8dAANUB4Iu8OhAAIwQ1oiVkILYfIepjYytA&u=%7CN7TW87BgKgfQ0gT7z4wUQpqxHs8LKdOFhVR%2BuJXRtPw%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU873PslWXxlgwqyDsvBp4X-0UEJ8w8gW49kLu82w_1JkF2ltYaQwysqsp8BxOuVMc2j5UcTTWBUDSYaCnH9D77upRmgKlsocxLY4Xg85pl_XOCfKHexGGrzhgWhUJoeX-7fhqx37ydEThElfJXmxrC7UDtjB_on0fgThqDC2JUY0XXFeBK41XQ2wnviTVQoCQdmk-zOBLBzW_gjknCICWXJjN8GgqBsGdp_gIuentAfPGromp7kUr1eZYJQlNgVY01CbdwZmE-oZ-bWD-j-rkEXL8y0eBJ3HzqeIp0UgWOFxwNshhBd1U7xyrtenLhLOSeB73W9JgiwlsphtlVJinobxh9UMkIbQ5NLvwUcx41AVI5Y_0RkXnqMN7Z7CvEAgUkpk0KOD5DdbaKeOJ-c1Jzx11NJ3nzybWBsAlUP2nmO2xA6SZ-ey6-NPQfNaIBZONnYzN_AVMH4CzW7xxY1ARu-BICb8Xb64q8lc-yq7QVZjVhOwivRPQgD3vVCeEU2Czsn-40Ui1YpAYIakmVbIT4A5CngxNokqDi-r8KMvF-YG-iS6xdkO2150ShltZzqALd3BiKJ-MZwGRBu8PiFolurj-P_4wsk70Wj&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCARxAdHxpZZ6gNaGH7_UPw-CI4ATJntKxXNWdkfdwwI23ARABIABglZqigrAHggEXY2EtcHViLTMyOTE2ODg0MjA2ODA3MzbIAQmpAvQ7k0BSRLI-4AIAqAMByAMCqgTSAk_Q_WlYeZUumUA63pV8p5-h0qEW4exudVTx3yqG6F3TYXF7mIq2cat2p0iMiYbiPAGUdo0T1o61R8GIXbiJAYGa-1dZ0Xr8K75kF6rz68Z-Z59Rj57bImZviR4iRoz8dFDiNbN7TLswDndPE0gMHB4P7GdOyOOrggDaVdl6WKkCq0ZW1xbCRHd6H0-ThBNmtr91uPuXqQrI7u5yTxGclRNJdgwv8qDGofAfJMCylRvPZpMPrzvtkZ69JKc8_eMp-GGUksa1o9XL962w7bg0d5ZnXRNJ80LHpw1SY3t7ejm4zJbHF9Zq5qiq5pofQWQ_Zxdya_ZNxUxZz9Qcd45pogJnxO_rfgO7uCQAW6q_6gzEf2NZerOw8QUxytv006hubrx9REv2U6ffM_sHHLaQf49eKgph4UZ-Mgu3aNugMm3d2Ov0xrWNCsj8KRDaUK28PXvb4AQBgAaU4vC72MW79JUBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YBwEAEyAusCOgKAQEi9_cE6WIeAtrrN7YID-gsCCAGADAHiDRMI2_i2us3tggMVocO7CB1DMAJM0BUBgBcB%26num%3D1%26sig%3DAOD64_2rI72OlLPVDMpbbLyED5MwYdugGg%26client%3Dca-pub-3291688420680736%26adurl%3D

Requested by

Host: ce73e6b410d922c1f2e067cb16546cf3.safeframe.googlesyndication.com
URL: https://ce73e6b410d922c1f2e067cb16546cf3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::12 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

ca61d6952b50eb64b6b59ebce2ca41b9f4046bfa8e9624bd4e9dd2d9253950d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ce73e6b410d922c1f2e067cb16546cf3.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Fri, 01 Dec 2023 06:25:56 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=0XB4-hPZzaw6HgbPU9IgXPy_yEz81M91lEqYQdEGD8abOTGT5Wwn-k1ZfS-ZolyxM1uCcGeopDqAXzB2TL-BbGfIFxo-_stbO9eDxaop5xMQHD0hZS3rv3e9HwXH7SvhFnTJ9-mHTXTTvTS7kijGqVuyQiNUl0jnuIielnLJ1CT2yDeXA9VWGVhU76q3lIXIyt83W7FAAI2EuRXkw31m1joEPxAM9OLgQnQxQUFD4QC94V56bKSEJWXEbSE"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 46971350
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/ Frame 51BF 3 KB
1 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/window_focus_fy2021.js

Requested by

Host: ce73e6b410d922c1f2e067cb16546cf3.safeframe.googlesyndication.com
URL: https://ce73e6b410d922c1f2e067cb16546cf3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ce73e6b410d922c1f2e067cb16546cf3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 20:02:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 37427
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Dec 2023 20:02:10 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/ Frame 51BF 20 KB
8 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231129/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: ce73e6b410d922c1f2e067cb16546cf3.safeframe.googlesyndication.com
URL: https://ce73e6b410d922c1f2e067cb16546cf3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

09b186dc119230c8ab2c806d31bcc8dd4a0a2ba347165f35156422307b8e10ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ce73e6b410d922c1f2e067cb16546cf3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 20:02:10 GMT
content-encoding: br
x-content-type-options: nosniff
age: 37427
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8544
x-xss-protection: 0
server: cafe
etag: 17124069415086231762
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 14 Dec 2023 20:02:10 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 51BF 24 KB
6 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: ce73e6b410d922c1f2e067cb16546cf3.safeframe.googlesyndication.com
URL: https://ce73e6b410d922c1f2e067cb16546cf3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ce73e6b410d922c1f2e067cb16546cf3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 11:55:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66605
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 29 Nov 2024 11:55:52 GMT

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 51BF 202 KB
64 KB 31ms
31ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: ce73e6b410d922c1f2e067cb16546cf3.safeframe.googlesyndication.com
URL: https://ce73e6b410d922c1f2e067cb16546cf3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1adb10c9a5878dd4306d66ff94ae27a07cbe47f57b34dec9a807e5d2d426eee0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ce73e6b410d922c1f2e067cb16546cf3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65067
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1701261208926228"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 01 Dec 2023 06:25:57 GMT

GET
H2 200 id Show response
googleads.g.doubleclick.net/pagead/ Frame B775 113 B
305 B 27ms
27ms XHR
application/json 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/5753e790/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a76f1c07273520db125a84321b8e2bcf23e41ce9fc5d3eaa293aca13a6668d4e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 133
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame B775 29 B
494 B 72ms
22ms Script
text/javascript 2a00:1450:4001:803::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/5753e790/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:23:55 GMT
x-content-type-options: nosniff
age: 122
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29
x-xss-protection: 0
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 01 Dec 2023 06:38:55 GMT

OPTIONS
H2 200 Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 75ms
27ms Preflight
text/html 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Fri, 01 Dec 2023 06:25:57 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H2 200 Create Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame B775 69 KB
32 KB 34ms
34ms XHR
application/json+protobuf 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/5753e790/player_ias.vflset/de_DE/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5468f07f349b710245b71b047a5e624db42832810744c1ff94ae4a5be397e77c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Fri, 01 Dec 2023 06:25:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32489
x-xss-protection: 0

GET
H3 200 remote.js Show response
www.youtube.com/s/player/5753e790/player_ias.vflset/de_DE/ Frame B775 116 KB
33 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/5753e790/player_ias.vflset/de_DE/remote.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/5753e790/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

63c2926408ea3f521180b5b4da3cb9f480913f68aaa4fde2ae7bbdbde9dad441

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/Q7LmTiaVXg4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 27 Nov 2023 08:32:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 337998
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33690
x-xss-protection: 0
last-modified: Mon, 27 Nov 2023 02:43:52 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Tue, 26 Nov 2024 08:32:39 GMT

GET
H3 200 Cz7e-VR341EnRw5g1wAl9brpVe2wOP5KsPJPm-1eumg.js Show response
www.google.com/js/th/ Frame B775 38 KB
15 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/th/Cz7e-VR341EnRw5g1wAl9brpVe2wOP5KsPJPm-1eumg.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/5753e790/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0b3edef95477e35127470e60d70025f5bae955edb038fe4ab0f24f9bed5eba68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sun, 26 Nov 2023 07:24:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 428464
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15072
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 17:00:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 25 Nov 2024 07:24:53 GMT

GET
H2 200 sddefault.jpg
i.ytimg.com/vi/Q7LmTiaVXg4/ Frame B775 23 KB
23 KB 82ms
31ms Image
image/jpeg 2a00:1450:4001:803::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/Q7LmTiaVXg4/sddefault.jpg?sqp=-oaymwEoCIAFEOAD8quKqQMcGADwAQH4Ac4FgAKACooCDAgAEAEYRCBPKGUwDw==&rs=AOn4CLBidDdBm9gBbBjq014LzjMqiwJefA

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/Q7LmTiaVXg4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bde1d254fa0219b5501e3e4a853826efa3c48dc3f8f2ee6b1e6df3f5a1b71ba5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:57 GMT
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23171
x-xss-protection: 0
server: sffe
etag: "1700226089"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 01 Dec 2023 08:25:57 GMT

GET
DATA 200
OK truncated
/ Frame B775 175 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 yMEC_FAjqmQ4p8GwLR0EgkTkKhGBA1ppQ4UIGEBCq4udTfXh7V3aKXQDoqkMJOW_hsOk4EEI=s68-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ Frame B775 2 KB
2 KB 71ms
21ms Image
image/jpeg 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/yMEC_FAjqmQ4p8GwLR0EgkTkKhGBA1ppQ4UIGEBCq4udTfXh7V3aKXQDoqkMJOW_hsOk4EEI=s68-c-k-c0x00ffffff-no-rj

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/Q7LmTiaVXg4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

f9b1bf70984fa7ca5c5eb648b2c3ba666faa8ddec963108cabcf5f8adf6ffa77

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 04:27:51 GMT
x-content-type-options: nosniff
age: 7086
content-disposition: inline;filename="channels4_profile.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2013
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 02 Dec 2023 04:27:51 GMT

GET
DATA 200
OK truncated
/ Frame 51BF 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 761b71f65cf0d847d2381eb5808b6db95c22933f28210643defb2ce5dfeeeefb

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 feed-card-placeholder.20231129-9-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ 5 KB
2 KB 35ms
35ms Script
application/javascript 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/feed-card-placeholder.20231129-9-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/revmediagroup-says/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 80ba56e5fab4d8e6199f3b33643962f1438e290143106b9b136cab890c568453

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-amz-version-id: Tr77tEfdrw45pvONkdqwxTaMSVeM4R36
content-encoding: gzip
via: 1.1 varnish
date: Fri, 01 Dec 2023 06:25:57 GMT
x-amz-request-id: 6HZB3XCN3WR36H9E
age: 72506
x-amz-server-side-encryption: AES256
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 1262
x-amz-id-2: 3rtVhDxX531OZzA8PLiXr3GY32Ab4DPbmdoo18wrEBaPl7mCxdO4opvMqv5yndbAWTGd6Ja7ohE=
x-served-by: cache-cph2320046-CPH
last-modified: Thu, 30 Nov 2023 10:17:32 GMT
server: AmazonS3
x-timer: S1701411958.599498,VS0,VE0
etag: "303da6cf7ed04e6466301390524bc177"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
abp: 28
access-control-allow-origin: *
cache-control: private,max-age=2629743
accept-ranges: bytes
x-cache-hits: 1569

GET
H2 200 userx.20231129-9-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ 17 KB
6 KB 35ms
35ms Script
application/javascript 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/userx.20231129-9-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/revmediagroup-says/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7e469a101940a00ed2e1f5c7899d0395443153626ca120f4c5bfaec3c299f353

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-amz-version-id: RHiB1hwnHGR1ukbuOx62aLey4UOeqiSv
content-encoding: gzip
via: 1.1 varnish
date: Fri, 01 Dec 2023 06:25:57 GMT
x-amz-request-id: 3QN8QPV9Y979S246
age: 72480
x-amz-server-side-encryption: AES256
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 5398
x-amz-id-2: HZbfeCH9A29or26lnfM6KNEbfpw14IyZiokAxX0asazZekFVEa/rcZ+KYv8tUvRFwAzBkA7dSVQ=
x-served-by: cache-cph2320046-CPH
last-modified: Thu, 30 Nov 2023 10:17:58 GMT
server: AmazonS3
x-timer: S1701411958.608679,VS0,VE0
etag: "eab52243f34f070136303de0dd9ebcdf"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
abp: 48
access-control-allow-origin: *
cache-control: private,max-age=2629743
accept-ranges: bytes
x-cache-hits: 2

GET
H2 200 distance-from-article.20231129-9-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ 2 KB
1 KB 37ms
37ms Script
application/javascript 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/distance-from-article.20231129-9-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/revmediagroup-says/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a0abf6fcfc0bf653c6841b9e80691ddb1cf908320e7253d01ab1231271fb016e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-amz-version-id: WcL.Aa.SwMc8cmY69SZQH102K8jD1TUS
content-encoding: gzip
via: 1.1 varnish
date: Fri, 01 Dec 2023 06:25:57 GMT
x-amz-request-id: EJWGVN0NAD5XP4X0
age: 72511
x-amz-server-side-encryption: AES256
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 1132
x-amz-id-2: EqqBZkXVrSrkiv5JlxB6QK0q3y+6VsKDDzQHwNH3Qkn2pZUtRq2mVXhWEBqYpTx0yLmY696+S/I=
x-served-by: cache-cph2320046-CPH
last-modified: Thu, 30 Nov 2023 10:17:27 GMT
server: AmazonS3
x-timer: S1701411958.608720,VS0,VE0
etag: "60e8cb8918c9cef791d0ddd2d4d60e0e"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
abp: 35
access-control-allow-origin: *
cache-control: private,max-age=2629743
accept-ranges: bytes
x-cache-hits: 1706

GET
H2 200 article-detection.20231129-9-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ 3 KB
2 KB 36ms
36ms Script
application/javascript 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/article-detection.20231129-9-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/revmediagroup-says/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 26a9dd9419f02a8f6848f783ccda3f24d24a085bb0aaf384181e7701127e9ffb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-amz-version-id: X7EmTEg833cV9wNldsJR0r9imPuvHSpQ
content-encoding: gzip
via: 1.1 varnish
date: Fri, 01 Dec 2023 06:25:57 GMT
x-amz-request-id: ZQF9KG1VH4DJZ0BE
age: 72517
x-amz-server-side-encryption: AES256
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 1291
x-amz-id-2: EGJtZCvzvdrDhYaeHhva+onHbAHzM5rXpHvx2YfzDiXMRh72vhoVRPyLRCe+6L+tTQijViLvFSo=
x-served-by: cache-cph2320046-CPH
last-modified: Thu, 30 Nov 2023 10:17:21 GMT
server: AmazonS3
x-timer: S1701411958.608751,VS0,VE0
etag: "2a55a7366207fba30aff775a80e2a33e"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
abp: 71
access-control-allow-origin: *
cache-control: private,max-age=2629743
accept-ranges: bytes
x-cache-hits: 1705

GET
H2 200 explore-more.20231129-9-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ 26 KB
8 KB 35ms
35ms Script
application/javascript 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/explore-more.20231129-9-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/revmediagroup-says/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: dd117a37a6ec7fee682db2054e18da64af049274f1070b9074f7a7656a54c4e4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-amz-version-id: OxKxZxm_US1zjdaVzubioKVdBW5uAjST
content-encoding: gzip
via: 1.1 varnish
date: Fri, 01 Dec 2023 06:25:57 GMT
x-amz-request-id: DW923B00QT5CBKBK
age: 72507
x-amz-server-side-encryption: AES256
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 7706
x-amz-id-2: gRRFN4OEGlI0bkLemo/MvFbAPbW8+quPLROSBvh3NZjg4n7VQT+BaWDKzhzc5IY7DDXmdKS0aSk=
x-served-by: cache-cph2320046-CPH
last-modified: Thu, 30 Nov 2023 10:17:30 GMT
server: AmazonS3
x-timer: S1701411958.617832,VS0,VE0
etag: "ea673d7171368c600f1570c42115eaae"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
abp: 33
access-control-allow-origin: *
cache-control: private,max-age=2629743
accept-ranges: bytes
x-cache-hits: 15

GET
H2 204 abtests
am-trc-events.taboola.com/revmediagroup-says/log/3/ 0
230 B 99ms
29ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-trc-events.taboola.com/revmediagroup-says/log/3/abtests?route=AM:AM:V&tvi48=11593&tvi50=11104&lti=deflated&ri=a4c9b438d61c5d8c54a44496c7ae09ef&sd=v2_cc13e697322af19d20629857db025b89_baf0e9aa-5781-4c6a-9edd-08824637a1cf-tuctc6301f5_1701411957_1701411957_CNawjgYQtppfGPfSuKDCMSABKAEwODib4wlAh4oQSMLV4gNQ____________AVgAYABo5-D4sc3qn58xcAA&ui=baf0e9aa-5781-4c6a-9edd-08824637a1cf-tuctc6301f5&pi=/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot&wi=-478537031570568458&pt=text&vi=1701411957111&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22block_clicks_init%22%2C%22type%22%3A%22block-clicks-manager%22%2C%22eventTime%22%3A1701411957593%7D&tim=07%3A25%3A57.593&id=7479&llvl=2&cv=20231129-9-RELEASE&
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Fri, 01 Dec 2023 06:25:57 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

GET
H2 204 supply-feature
am-trc-events.taboola.com/revmediagroup-says/log/3/ 0
231 B 98ms
28ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-trc-events.taboola.com/revmediagroup-says/log/3/supply-feature?route=AM:AM:V&tvi48=11593&tvi50=11104&lti=deflated&ri=a4c9b438d61c5d8c54a44496c7ae09ef&sd=v2_cc13e697322af19d20629857db025b89_baf0e9aa-5781-4c6a-9edd-08824637a1cf-tuctc6301f5_1701411957_1701411957_CNawjgYQtppfGPfSuKDCMSABKAEwODib4wlAh4oQSMLV4gNQ____________AVgAYABo5-D4sc3qn58xcAA&ui=baf0e9aa-5781-4c6a-9edd-08824637a1cf-tuctc6301f5&pi=/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot&wi=-478537031570568458&pt=text&vi=1701411957111&d=%7B%22event_type%22%3A%22EXPLORE_MORE%22%2C%22event_state%22%3A%22ADOPTED%22%2C%22event_value%22%3A%22%22%2C%22event_msg%22%3A%22%22%2C%22event_key%22%3A%22%22%7D&tim=07%3A25%3A57.606&id=1794&llvl=2&cv=20231129-9-RELEASE&
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Fri, 01 Dec 2023 06:25:57 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

GET
H2 200 f89e1763-220d-4e09-ba69-9e040548fb7a.svg
cdn.taboola.com/static/f8/ 4 KB
2 KB 35ms
35ms Image
image/svg+xml 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.taboola.com/static/f8/f89e1763-220d-4e09-ba69-9e040548fb7a.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 39b076e4bb4fab9b8a142499cf6155f8c128464974691a04de7e764f71b72618

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-amz-version-id: cMrDKn.emLmm9kiiOOF64ulDT4DRy6LK
content-encoding: gzip
via: 1.1 varnish
date: Fri, 01 Dec 2023 06:25:57 GMT
x-amz-request-id: QHZC3B8ZJ54QXXGE
age: 4
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 1758
x-amz-id-2: 5ZsPjSMI8DSQWbAZ2pWBYqYs3Uo9Ozp1eIqlI2UsrvVexYYWgayjFQNDgl60Y1oMNtOcbsYd7Ds=
x-served-by: cache-cph2320046-CPH
last-modified: Wed, 07 Feb 2018 11:15:52 GMT
server: AmazonS3
x-timer: S1701411958.667636,VS0,VE0
etag: "b8b410e4b18d45aa2f3d9bc09cd335fb"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/svg+xml
access-control-allow-origin: *
abp: 51
cache-control: private,max-age=31536000
accept-ranges: bytes
access-control-allow-headers: *
x-cache-hits: 2

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 95DC 2 KB
1 KB 43ms
43ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZWl8dAANUB4Iu8OhAAIwQ1oiVkILYfIepjYytA&u=%7CN7TW87BgKgfQ0gT7z4wUQpqxHs8LKdOFhVR%2BuJXRtPw%3D%7C&c1=jWCgqsKSUoWKRvDssmEQ3dRte9oWhU873PslWXxlgwqyDsvBp4X-0UEJ8w8gW49kLu82w_1JkF2ltYaQwysqsp8BxOuVMc2j5UcTTWBUDSYaCnH9D77upRmgKlsocxLY4Xg85pl_XOCfKHexGGrzhgWhUJoeX-7fhqx37ydEThElfJXmxrC7UDtjB_on0fgThqDC2JUY0XXFeBK41XQ2wnviTVQoCQdmk-zOBLBzW_gjknCICWXJjN8GgqBsGdp_gIuentAfPGromp7kUr1eZYJQlNgVY01CbdwZmE-oZ-bWD-j-rkEXL8y0eBJ3HzqeIp0UgWOFxwNshhBd1U7xyrtenLhLOSeB73W9JgiwlsphtlVJinobxh9UMkIbQ5NLvwUcx41AVI5Y_0RkXnqMN7Z7CvEAgUkpk0KOD5DdbaKeOJ-c1Jzx11NJ3nzybWBsAlUP2nmO2xA6SZ-ey6-NPQfNaIBZONnYzN_AVMH4CzW7xxY1ARu-BICb8Xb64q8lc-yq7QVZjVhOwivRPQgD3vVCeEU2Czsn-40Ui1YpAYIakmVbIT4A5CngxNokqDi-r8KMvF-YG-iS6xdkO2150ShltZzqALd3BiKJ-MZwGRBu8PiFolurj-P_4wsk70Wj&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCARxAdHxpZZ6gNaGH7_UPw-CI4ATJntKxXNWdkfdwwI23ARABIABglZqigrAHggEXY2EtcHViLTMyOTE2ODg0MjA2ODA3MzbIAQmpAvQ7k0BSRLI-4AIAqAMByAMCqgTSAk_Q_WlYeZUumUA63pV8p5-h0qEW4exudVTx3yqG6F3TYXF7mIq2cat2p0iMiYbiPAGUdo0T1o61R8GIXbiJAYGa-1dZ0Xr8K75kF6rz68Z-Z59Rj57bImZviR4iRoz8dFDiNbN7TLswDndPE0gMHB4P7GdOyOOrggDaVdl6WKkCq0ZW1xbCRHd6H0-ThBNmtr91uPuXqQrI7u5yTxGclRNJdgwv8qDGofAfJMCylRvPZpMPrzvtkZ69JKc8_eMp-GGUksa1o9XL962w7bg0d5ZnXRNJ80LHpw1SY3t7ejm4zJbHF9Zq5qiq5pofQWQ_Zxdya_ZNxUxZz9Qcd45pogJnxO_rfgO7uCQAW6q_6gzEf2NZerOw8QUxytv006hubrx9REv2U6ffM_sHHLaQf49eKgph4UZ-Mgu3aNugMm3d2Ov0xrWNCsj8KRDaUK28PXvb4AQBgAaU4vC72MW79JUBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YBwEAEyAusCOgKAQEi9_cE6WIeAtrrN7YID-gsCCAGADAHiDRMI2_i2us3tggMVocO7CB1DMAJM0BUBgBcB%26num%3D1%26sig%3DAOD64_2rI72OlLPVDMpbbLyED5MwYdugGg%26client%3Dca-pub-3291688420680736%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:57 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 25 Nov 2024 06:25:57 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 95DC 2 KB
1 KB 44ms
44ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:57 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 25 Nov 2024 06:25:57 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 95DC 308 B
636 B 45ms
44ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:57 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Mon, 25 Nov 2024 06:25:57 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame 95DC 293 B
621 B 44ms
44ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:57 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Mon, 25 Nov 2024 06:25:57 GMT

GET
H2 200 lg.php
cat.nl3.eu.criteo.com/delivery/ Frame 95DC 43 B
348 B 88ms
28ms Image
image/gif 178.250.1.6
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=0MtPj0w1vKREGpm8ff9nbhvlYMNJ59FK4oOUBb_948-b3vOJwB3esYQ4Be7SLYtFA_hFQSNv0B-UnyhPd-3d4K4uaw3gAiexVFbA7u8EA7cjndXBb4hOM7eDzNDMGau9sbRQQ2ZyAEj-DUBwkD6NmqN2BIWqUrBtfdXEJldi8sDtvTGuIOzxr4yBMzJfnv_9TRxlQnJMHRtuoDKywEP4h6EtnedtueO4LLogBngnabkHiRwya7cr-z0YPcSTolY1TR-nL2p_RV6yJB3ruapF6CCkecdqQMIGoxwMfOJ3Qc0sHSVbsPV4MgVKYQImrN7kYKwEbLWbxl4JvD0KIvt1_4DhjltMx_JI0zkqIhPrj9jE2-dVgvvC2DvdoHlH5USJnhJQweDbZ7ua9FMPYyFYkNTrMvcoEjbR7R9dwKUqVEi5mb4y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.6 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 06:25:57 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 2241056
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 9AA4
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

42ms
41ms

Image
text/html

2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: says.com
URL: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
Protocol: H3
Server: 2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Redirect headers

date: Fri, 01 Dec 2023 06:25:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

OPTIONS
H3 200 GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 28ms
27ms Preflight
text/html 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Fri, 01 Dec 2023 06:25:57 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 GenerateIT Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame B775 90 B
134 B 30ms
30ms XHR
application/json+protobuf 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/5753e790/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a41677346e0ae68054d04161c49c4222df8ca115b1bf3af730a5792132605f60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Fri, 01 Dec 2023 06:25:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 110
x-xss-protection: 0

GET
H2 204 abtests
am-trc-events.taboola.com/revmediagroup-says/log/3/ 0
230 B 37ms
29ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-trc-events.taboola.com/revmediagroup-says/log/3/abtests?route=AM:AM:V&tvi48=11593&tvi50=11104&lti=deflated&ri=a4c9b438d61c5d8c54a44496c7ae09ef&sd=v2_cc13e697322af19d20629857db025b89_baf0e9aa-5781-4c6a-9edd-08824637a1cf-tuctc6301f5_1701411957_1701411957_CNawjgYQtppfGPfSuKDCMSABKAEwODib4wlAh4oQSMLV4gNQ____________AVgAYABo5-D4sc3qn58xcAA&ui=baf0e9aa-5781-4c6a-9edd-08824637a1cf-tuctc6301f5&pi=/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot&wi=-478537031570568458&pt=text&vi=1701411957111&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22recommendation-reel%22%2C%22type%22%3A%22available%22%2C%22eventTime%22%3A1701411957713%7D&tim=07%3A25%3A57.713&id=2584&llvl=2&cv=20231129-9-RELEASE&
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Fri, 01 Dec 2023 06:25:57 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

GET
H2 200 60ed8ba2150e2e9835f7bc956d825193.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_450%2Cw_900%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 42 KB
43 KB 120ms
119ms Image
image/webp 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_450%2Cw_900%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/60ed8ba2150e2e9835f7bc956d825193.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 8e316dac6a1642935926265439208935ac5a13063fc9104f22980c549dc73a69

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-vcl-time-ms: 85
date: Fri, 01 Dec 2023 06:25:57 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_450%2Cw_900%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/60ed8ba2150e2e9835f7bc956d825193.jpg
age: 221256
edge-cache-tag: 536750727950973524112366842041908945319,618870499114759607638041997254694977048,29ecf9b93bbf306179626feeda1fab70
cache-tag: 536750727950973524112366842041908945319,618870499114759607638041997254694977048,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, HIT, HIT, HIT, MISS
x-envoy-upstream-service-time: 252
req-referer: https://www.stylevamp.de/
content-length: 43070
x-request-id: 9557fe6d25ab168bbd9ac1903b2d7314
x-backend-name: CH_nlb804
x-served-by: cache-iad-kcgs7200027-IAD, cache-iad-kcgs7200145-IAD, cache-lga21938-LGA, cache-iad-kcgs7200134-IAD, cache-cph2320046-CPH
last-modified: Mon, 20 Nov 2023 16:08:38 GMT
server: nginx
surrogate-reporting: width=1000,height=500,bytes=79164,owidth=1000,oheight=629,obytes=568769
x-timer: S1701411958.734486,VS0,VE85
etag: "5a8f5862b629b42336497a9915126771"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 1, 4, 0

GET
H2 200 2f87776b3580b772c988979fccc36347.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_245%2Cw_440%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 30 KB
30 KB 128ms
128ms Image
image/webp 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_245%2Cw_440%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/2f87776b3580b772c988979fccc36347.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: eaece4bd95b248c64d829dc22b99385917c64926d294662c5440414f2459cb75

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-vcl-time-ms: 86
date: Fri, 01 Dec 2023 06:25:57 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_245%2Cw_440%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/2f87776b3580b772c988979fccc36347.png
age: 2152330
edge-cache-tag: 539264722275397693898618951167535693130,418213119990820519753380268763636342871,29ecf9b93bbf306179626feeda1fab70
cache-tag: 539264722275397693898618951167535693130,418213119990820519753380268763636342871,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, HIT, HIT, HIT, MISS
x-envoy-upstream-service-time: 60
req-referer: https://www.psychologies.com/Therapies/Psychanalyse/Dictionnaire-des-reves/Urne
content-length: 30290
x-request-id: 81205a9b5de9894d4334d001c42b8336
x-backend-name: LA_nlb201
x-served-by: cache-iad-kjyo7100161-IAD, cache-iad-kcgs7200148-IAD, cache-lax-kwhp1940070-LAX, cache-iad-kjyo7100163-IAD, cache-cph2320046-CPH
last-modified: Thu, 12 Oct 2023 06:11:59 GMT
server: nginx
surrogate-reporting: width=440,height=245,bytes=44264,owidth=1200,oheight=800,obytes=1756948
x-timer: S1701411958.734480,VS0,VE86
etag: "540ba4b87176ff52e531491d52790a33"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 1, 60, 0

GET
H2 200 e56685c019e579160407c07f9abf1023.jpeg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_245%2Cw_440%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 9 KB
10 KB 36ms
35ms Image
image/webp 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_245%2Cw_440%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/e56685c019e579160407c07f9abf1023.jpeg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: ad83124c87c5e01c8804ea48618ebaa801f1d00b6e56626781a65b41c65c3013

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Fri, 01 Dec 2023 06:25:57 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_245%2Cw_440%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/e56685c019e579160407c07f9abf1023.jpeg
age: 3092922
edge-cache-tag: 546360490756365005906749645146783395311,418213119990820519753380268763636342871,29ecf9b93bbf306179626feeda1fab70
cache-tag: 546360490756365005906749645146783395311,418213119990820519753380268763636342871,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, HIT, MISS, HIT, HIT
x-envoy-upstream-service-time: 216
req-referer: https://www.wn.de/
content-length: 9394
x-request-id: fa3ba07a29bfef1acbd009fd2f6b56ba
x-backend-name: LA_nlb203
x-served-by: cache-iad-kiad7000075-IAD, cache-iad-kcgs7200092-IAD, cache-lax-kwhp1940050-LAX, cache-iad-kiad7000176-IAD, cache-cph2320046-CPH
last-modified: Thu, 12 Oct 2023 15:44:32 GMT
server: nginx
surrogate-reporting: width=440,height=245,bytes=16443,owidth=1600,oheight=1200,obytes=130210
x-timer: S1701411958.734328,VS0,VE1
etag: "17d6fb8205a81726f3f81195c3dfee55"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 7, 0, 23, 1

GET
H2 200 s0zibkczb2v3iiqmperf.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_450%2Cw_900%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//c3.taboola.com/libtrc/static/thumbnails/so_auto/f_jpg/v1700489431/ 61 KB
62 KB 125ms
124ms Image
image/webp 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_450%2Cw_900%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//c3.taboola.com/libtrc/static/thumbnails/so_auto/f_jpg/v1700489431/s0zibkczb2v3iiqmperf.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 54571d59b5bdb18d83b6912c130c4bd8e86c3054fe9808c24f7148d1e243ce75

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-vcl-time-ms: 85
date: Fri, 01 Dec 2023 06:25:57 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_450%2Cw_900%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//c3.taboola.com/libtrc/static/thumbnails/so_auto/f_jpg/v1700489431/s0zibkczb2v3iiqmperf.jpg
age: 916397
edge-cache-tag: 457820365240072258546114716208338049180,618870499114759607638041997254694977048,29ecf9b93bbf306179626feeda1fab70
cache-tag: 457820365240072258546114716208338049180,618870499114759607638041997254694977048,29ecf9b93bbf306179626feeda1fab70
x-cache: Miss from cloudfront, MISS, MISS, HIT, HIT, MISS
x-envoy-upstream-service-time: 293
expiration: expiry-date="Thu, 21 Dec 2023 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
req-referer: https://www.sport1.de/news/motorsport/formel1/2023/11/formel-1-red-bull-uberrascht-mit-fahrer-entscheidung
content-length: 62706
x-backend-name: CH_nlb801
x-served-by: cache-iad-kcgs7200173-IAD, cache-iad-kcgs7200142-IAD, cache-lga21929-LGA, cache-iad-kjyo7100037-IAD, cache-cph2320046-CPH
last-modified: Mon, 20 Nov 2023 15:48:35 GMT
server: nginx
surrogate-reporting: width=800,height=400,bytes=50931,owidth=800,oheight=480,obytes=56626
x-timer: S1701411958.735327,VS0,VE85
etag: "834407f867f2f88a04a35932755eef35"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 1, 29, 0

GET
H2 200 18719ac0ee1fe9911d53de4a6cc00934.jpeg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_245%2Cw_440%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 9 KB
10 KB 37ms
36ms Image
image/webp 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_245%2Cw_440%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/18719ac0ee1fe9911d53de4a6cc00934.jpeg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 383d190a888d7445ba737926777149cffeea80155d1edabfba973f42aadc0218

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Fri, 01 Dec 2023 06:25:57 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_245%2Cw_440%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/18719ac0ee1fe9911d53de4a6cc00934.jpeg
age: 4782279
edge-cache-tag: 514692762844373186263107621987516761342,542123104031085224879637386283300440882,29ecf9b93bbf306179626feeda1fab70
cache-tag: 514692762844373186263107621987516761342,542123104031085224879637386283300440882,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, HIT, MISS, HIT, HIT, HIT
x-envoy-upstream-service-time: 90
req-referer: https://www.tipranks.com/
content-length: 9476
x-request-id: 7e76cf94d4a2e443950148a2c200d10f
x-backend-name: CH_nlb804
x-served-by: cache-iad-kcgs7200162-IAD, cache-iad-kjyo7100135-IAD, cache-lga21983-LGA, cache-iad-kjyo7100169-IAD, cache-cph2320046-CPH
last-modified: Thu, 07 Sep 2023 15:25:50 GMT
server: nginx
surrogate-reporting: width=1000,height=555,bytes=46107,owidth=1000,oheight=600,obytes=87026
x-timer: S1701411958.735443,VS0,VE1
etag: "630c95993701fed9f106fa0d48a48b8e"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 0, 1, 88, 1

GET
H2 200 4ac1c71a7ff35b8c3a2606fddca06c3c.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_245%2Cw_440%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 15 KB
16 KB 38ms
38ms Image
image/webp 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_245%2Cw_440%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/4ac1c71a7ff35b8c3a2606fddca06c3c.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 5488404f8ea16d1737b67f56bf488290dfc1afadac0a12eaec970945c7afe844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Fri, 01 Dec 2023 06:25:57 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_245%2Cw_440%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/4ac1c71a7ff35b8c3a2606fddca06c3c.png
age: 2480318
edge-cache-tag: 597036692059317731596525082791172240850,418213119990820519753380268763636342871,29ecf9b93bbf306179626feeda1fab70
cache-tag: 597036692059317731596525082791172240850,418213119990820519753380268763636342871,29ecf9b93bbf306179626feeda1fab70
x-cache: Miss from cloudfront, HIT, HIT, HIT, HIT, HIT
x-envoy-upstream-service-time: 61
expiration: expiry-date="Sun, 22 Oct 2023 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
req-referer: https://www.unnuetzes.com/
content-length: 15108
x-backend-name: US_nlb106
x-served-by: cache-iad-kcgs7200061-IAD, cache-iad-kcgs7200082-IAD, cache-lga21945-LGA, cache-iad-kjyo7100103-IAD, cache-cph2320046-CPH
last-modified: Thu, 21 Sep 2023 09:39:58 GMT
server: nginx
surrogate-reporting: width=440,height=245,bytes=31083,owidth=1200,oheight=800,obytes=1168511
x-timer: S1701411958.735439,VS0,VE1
etag: "45146190117a45dbd1076cb1e9cdb7c0"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 2, 1, 5, 1

GET
H2 200 71d198c59073675ad96239e250119c1e.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_450%2Cw_900%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 76 KB
77 KB 38ms
36ms Image
image/webp 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_450%2Cw_900%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/71d198c59073675ad96239e250119c1e.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 1c8ad2d1b52031a31dd4772aa5db33f3f0eebf3e5b32eb86d98441ea5527ca58

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-vcl-time-ms: 2
date: Fri, 01 Dec 2023 06:25:57 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_450%2Cw_900%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/71d198c59073675ad96239e250119c1e.png
age: 1886992
edge-cache-tag: 500485166262708085999343149745427102901,618870499114759607638041997254694977048,29ecf9b93bbf306179626feeda1fab70
cache-tag: 500485166262708085999343149745427102901,618870499114759607638041997254694977048,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, MISS, HIT, HIT, HIT
x-envoy-upstream-service-time: 228
req-referer: https://backen24.eu/
content-length: 78034
x-request-id: 3e69bca252bc8cea1ac057980c934dfa
x-backend-name: US_nlb101
x-served-by: cache-iad-kiad7000066-IAD, cache-iad-kjyo7100036-IAD, cache-lga21934-LGA, cache-iad-kjyo7100078-IAD, cache-cph2320046-CPH
last-modified: Wed, 08 Nov 2023 23:33:53 GMT
server: nginx
surrogate-reporting: width=1920,height=960,bytes=387977,owidth=1920,oheight=1080,obytes=922774
x-timer: S1701411958.774026,VS0,VE2
etag: "718d62bdef88a91886344b2a098ea140"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 1, 12, 1

GET
H2 200 thumb_84e2.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_630%2Cw_1260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//images.says.com/uploads/story/cover_image/66076/ 48 KB
49 KB 120ms
120ms Image
image/webp 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_630%2Cw_1260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//images.says.com/uploads/story/cover_image/66076/thumb_84e2.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 65dce88a9bc9c3e634889a6ecba5adfff98bbbbaf7ee2e2f83d89f9b479c3035

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-vcl-time-ms: 85
date: Fri, 01 Dec 2023 06:25:57 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_630%2Cw_1260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//images.says.com/uploads/story/cover_image/66076/thumb_84e2.jpg
age: 165431
edge-cache-tag: 518392206641424021623325021835875547800,618870499114759607638041997254694977048,29ecf9b93bbf306179626feeda1fab70
cache-tag: 518392206641424021623325021835875547800,618870499114759607638041997254694977048,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, MISS, HIT, HIT, MISS
x-envoy-upstream-service-time: 379
req-referer: https://says.com/my/makan/you-can-now-order-klang-fruity-popular-apple-strudel-online
content-length: 48824
x-request-id: 29edd70ba6d0867c10f6de09fc0f8cf8
x-backend-name: US_nlb102
x-served-by: cache-iad-kjyo7100085-IAD, cache-iad-kcgs7200136-IAD, cache-lga21926-LGA, cache-iad-kcgs7200066-IAD, cache-cph2320046-CPH
last-modified: Wed, 29 Nov 2023 07:59:12 GMT
server: nginx
surrogate-reporting: width=600,height=300,bytes=34214,owidth=600,oheight=400,obytes=219502
x-timer: S1701411958.774015,VS0,VE85
etag: "a9d0bb7b9eddbfb4e0bfa361600bd10b"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 1, 2, 0

GET
H2 200 thumb_b0f5.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_630%2Cw_1260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//images.says.com/uploads/story/cover_image/66069/ 37 KB
38 KB 1858ms
1856ms Image
image/webp 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_630%2Cw_1260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//images.says.com/uploads/story/cover_image/66069/thumb_b0f5.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: da46289697ed20635f79feec3bd8f18afa8fd75cf869baa0ffdc22396dd5e5a4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-vcl-time-ms: 1821
date: Fri, 01 Dec 2023 06:25:59 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_630%2Cw_1260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//images.says.com/uploads/story/cover_image/66069/thumb_b0f5.jpg
age: 0
edge-cache-tag: 332794617222143256027355469135939717487,308988584250984091245729376248888710740,29ecf9b93bbf306179626feeda1fab70
cache-tag: 332794617222143256027355469135939717487,308988584250984091245729376248888710740,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, MISS, MISS, MISS, MISS
x-envoy-upstream-service-time: 1505
req-referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
content-length: 37724
x-request-id: 619a8f2081eece6d9b3c8967e36bbb26
x-backend-name: LA_nlb201
x-served-by: cache-iad-kcgs7200156-IAD, cache-iad-kcgs7200055-IAD, cache-lax-kwhp1940041-LAX, cache-iad-kcgs7200061-IAD, cache-cph2320046-CPH
last-modified: Wed, 29 Nov 2023 04:31:28 GMT
server: nginx
surrogate-reporting: width=1260,height=630,bytes=66840,owidth=600,oheight=315,obytes=49759
x-timer: S1701411958.776641,VS0,VE1821
etag: "0a3bd57edeb5534c5741910fc2802881"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 0, 0, 0

GET
H2 200 thumb_d73f.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_630%2Cw_1260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//images.says.com/uploads/story/cover_image/66099/ 50 KB
51 KB 788ms
788ms Image
image/webp 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_630%2Cw_1260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//images.says.com/uploads/story/cover_image/66099/thumb_d73f.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: d4fd0595d0d633b9e3091515ecd05c9afb50b5861021dd66da58782ea23ff23a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-vcl-time-ms: 753
date: Fri, 01 Dec 2023 06:25:58 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_630%2Cw_1260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//images.says.com/uploads/story/cover_image/66099/thumb_d73f.jpg
age: 0
edge-cache-tag: 505508674451354918294949058276414388554,308988584250984091245729376248888710740,29ecf9b93bbf306179626feeda1fab70
cache-tag: 505508674451354918294949058276414388554,308988584250984091245729376248888710740,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, MISS, MISS, MISS, MISS
x-envoy-upstream-service-time: 658
req-referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
content-length: 51370
x-request-id: a543d4e3186076ec8ef119b84ce5ac43
x-backend-name: US_nlb105
x-served-by: cache-iad-kiad7000124-IAD, cache-iad-kjyo7100113-IAD, cache-lga21968-LGA, cache-iad-kiad7000159-IAD, cache-cph2320046-CPH
last-modified: Thu, 30 Nov 2023 06:55:09 GMT
server: nginx
surrogate-reporting: width=1260,height=630,bytes=81240,owidth=600,oheight=314,obytes=56972
x-timer: S1701411958.820874,VS0,VE753
etag: "eed1b1171637af490da98fae6a33ae85"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 0, 0, 0

GET
H2 200 thumb_bee9.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_630%2Cw_1260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//images.says.com/uploads/story/cover_image/66066/ 29 KB
30 KB 1077ms
1077ms Image
image/webp 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_630%2Cw_1260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//images.says.com/uploads/story/cover_image/66066/thumb_bee9.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 970b9b93e7a75a81aff5deaf5960e89dce69684e0235501a1b438829e6fcd748

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-vcl-time-ms: 1043
date: Fri, 01 Dec 2023 06:25:58 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_630%2Cw_1260%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//images.says.com/uploads/story/cover_image/66066/thumb_bee9.jpg
age: 0
edge-cache-tag: 568268781945265701140285551427047613163,308988584250984091245729376248888710740,29ecf9b93bbf306179626feeda1fab70
cache-tag: 568268781945265701140285551427047613163,308988584250984091245729376248888710740,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, MISS, MISS, MISS, MISS
x-envoy-upstream-service-time: 930
req-referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
content-length: 29900
x-request-id: cc121dca3d1546c723637d366984c2ea
x-backend-name: CH_nlb804
x-served-by: cache-iad-kjyo7100086-IAD, cache-iad-kiad7000057-IAD, cache-lga21933-LGA, cache-iad-kjyo7100093-IAD, cache-cph2320046-CPH
last-modified: Wed, 29 Nov 2023 06:15:21 GMT
server: nginx
surrogate-reporting: width=1260,height=630,bytes=53604,owidth=600,oheight=304,obytes=129663
x-timer: S1701411958.860000,VS0,VE1043
etag: "d18cb1107a92ad2c6698e54c7f9dc590"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 0, 0, 0

GET
H2 200 thumb_e59d.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_330%2Cw_660%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//images.says.com/uploads/story/cover_image/66078/ 18 KB
19 KB 663ms
662ms Image
image/webp 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_330%2Cw_660%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//images.says.com/uploads/story/cover_image/66078/thumb_e59d.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: c62b2243cdcd4d6d8d30260a3ce0e8f13a57972f0e46e388bf9897a0d30f3390

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-vcl-time-ms: 626
date: Fri, 01 Dec 2023 06:25:58 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_330%2Cw_660%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//images.says.com/uploads/story/cover_image/66078/thumb_e59d.png
age: 164139
edge-cache-tag: 433539078786864401199820162131553928610,618870499114759607638041997254694977048,29ecf9b93bbf306179626feeda1fab70
cache-tag: 433539078786864401199820162131553928610,618870499114759607638041997254694977048,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, HIT, HIT, MISS, MISS
x-envoy-upstream-service-time: 475
req-referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
content-length: 18582
x-request-id: 8f68b8f43e0295f68ab17edf19d08f56
x-backend-name: LA_nlb202
x-served-by: cache-iad-kcgs7200170-IAD, cache-iad-kjyo7100088-IAD, cache-lax-kwhp1940089-LAX, cache-iad-kjyo7100028-IAD, cache-cph2320046-CPH
last-modified: Wed, 29 Nov 2023 08:20:36 GMT
server: nginx
surrogate-reporting: width=600,height=300,bytes=21233,owidth=600,oheight=315,obytes=254634
x-timer: S1701411958.871457,VS0,VE626
etag: "ff289906bb0cb6e4a1774c5901d7d5b5"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 1, 0, 0

GET
H2 200 60ed8ba2150e2e9835f7bc956d825193.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_523%2Cw_940%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 46 KB
47 KB 36ms
36ms Image
image/webp 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_523%2Cw_940%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/60ed8ba2150e2e9835f7bc956d825193.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 822fedf38709a53b736c3fc00dc0f4b161fab021c7ab6e2a688be9841978d447

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Fri, 01 Dec 2023 06:25:57 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_523%2Cw_940%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/60ed8ba2150e2e9835f7bc956d825193.jpg
age: 1354311
edge-cache-tag: 536750727950973524112366842041908945319,542123104031085224879637386283300440882,29ecf9b93bbf306179626feeda1fab70
cache-tag: 536750727950973524112366842041908945319,542123104031085224879637386283300440882,29ecf9b93bbf306179626feeda1fab70
x-cache: Miss from cloudfront, MISS, MISS, HIT, HIT, HIT
x-envoy-upstream-service-time: 297
expiration: expiry-date="Tue, 28 Nov 2023 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
req-referer: https://www.t-online.de/
content-length: 47384
x-backend-name: CH_nlb802
x-served-by: cache-iad-kcgs7200021-IAD, cache-iad-kcgs7200143-IAD, cache-lga21962-LGA, cache-iad-kjyo7100042-IAD, cache-cph2320046-CPH
last-modified: Sat, 28 Oct 2023 02:04:23 GMT
server: nginx
surrogate-reporting: width=1000,height=555,bytes=88064,owidth=1000,oheight=629,obytes=568769
x-timer: S1701411958.874451,VS0,VE1
etag: "88a4b727164c88e3b2e16cae375f6a46"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 17, 23, 1

GET
H2 200 6aee2a08-5b40-49f1-a744-aaf4fe7c54e8__qvJyy3lJ.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_523%2Cw_940%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/IMAGE_UPSCALER/EIU/ 37 KB
38 KB 36ms
36ms Image
image/webp 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_523%2Cw_940%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/IMAGE_UPSCALER/EIU/6aee2a08-5b40-49f1-a744-aaf4fe7c54e8__qvJyy3lJ.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 0e1ec6a3c61a7364f67590dc873dfd7b1cf684800963b6f5ed0d2dbc0a830a8a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Fri, 01 Dec 2023 06:25:57 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_523%2Cw_940%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/IMAGE_UPSCALER/EIU/6aee2a08-5b40-49f1-a744-aaf4fe7c54e8__qvJyy3lJ.jpg
age: 2482400
edge-cache-tag: 321194619511491062242132839077726262353,542123104031085224879637386283300440882,29ecf9b93bbf306179626feeda1fab70
cache-tag: 321194619511491062242132839077726262353,542123104031085224879637386283300440882,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, HIT, MISS, HIT, HIT, HIT
x-envoy-upstream-service-time: 335
req-referer: https://www.t-online.de/
content-length: 37920
x-request-id: c793467015b1bdc078af6af94dbb7ac1
x-backend-name: CH_nlb803
x-served-by: cache-iad-kiad7000041-IAD, cache-iad-kjyo7100116-IAD, cache-lga21937-LGA, cache-iad-kjyo7100124-IAD, cache-cph2320046-CPH
last-modified: Thu, 02 Nov 2023 12:52:38 GMT
server: nginx
surrogate-reporting: width=1999,height=1110,bytes=139265,owidth=1999,oheight=1249,obytes=185477
x-timer: S1701411958.900327,VS0,VE1
etag: "23df71d69a6a0c73dd1cd5aec68f4d74"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 0, 1, 6, 1

GET
H2 200 thumb_7f01.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_345%2Cw_620%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//images.says.com/uploads/story/cover_image/66070/ 22 KB
23 KB 121ms
121ms Image
image/webp 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_345%2Cw_620%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//images.says.com/uploads/story/cover_image/66070/thumb_7f01.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: b1add11780dc55794c09f8ce59e102bfc68d6fc03746a2d643a28afbb3026fc4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-vcl-time-ms: 85
date: Fri, 01 Dec 2023 06:25:58 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_345%2Cw_620%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//images.says.com/uploads/story/cover_image/66070/thumb_7f01.png
age: 171539
edge-cache-tag: 572539896751938641475440362638107218886,542123104031085224879637386283300440882,29ecf9b93bbf306179626feeda1fab70
cache-tag: 572539896751938641475440362638107218886,542123104031085224879637386283300440882,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, MISS, HIT, HIT, MISS
x-envoy-upstream-service-time: 114
req-referer: https://says.com/my/seismik/jangan-terus-panik-ini-langkah-yang-anda-perlu-ambil-lakukan-jika-ditipu-scammer
content-length: 22816
x-request-id: a25b0006befdf10bf49207f3220fb36d
x-backend-name: LA_nlb204
x-served-by: cache-iad-kjyo7100104-IAD, cache-iad-kcgs7200058-IAD, cache-lax-kwhp1940105-LAX, cache-iad-kjyo7100081-IAD, cache-cph2320046-CPH
last-modified: Wed, 29 Nov 2023 06:05:48 GMT
server: nginx
surrogate-reporting: width=567,height=315,bytes=25213,owidth=600,oheight=315,obytes=270881
x-timer: S1701411958.916779,VS0,VE85
etag: "6e45772c1296cfde28dee8e62d05c707"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 1, 2, 0

GET
H2 200 thumb_3128.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_345%2Cw_620%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//images.says.com/uploads/story/cover_image/66097/ 30 KB
31 KB 132ms
132ms Image
image/webp 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_345%2Cw_620%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//images.says.com/uploads/story/cover_image/66097/thumb_3128.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: d72788ed8ff247c498e3aba33fd33f5e9d867394a9be2e41342151a0d036a41a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-vcl-time-ms: 97
date: Fri, 01 Dec 2023 06:25:58 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_345%2Cw_620%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//images.says.com/uploads/story/cover_image/66097/thumb_3128.jpg
age: 84923
edge-cache-tag: 347444619962115765796581439139730227603,542123104031085224879637386283300440882,29ecf9b93bbf306179626feeda1fab70
cache-tag: 347444619962115765796581439139730227603,542123104031085224879637386283300440882,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, HIT, HIT, HIT, MISS
x-envoy-upstream-service-time: 136
req-referer: https://says.com/my/tech/starlink-official-authorised-reseller-malaysia-redtone
content-length: 30480
x-request-id: e0ea9c7f569910968c29bba07e43ab86
x-backend-name: LA_nlb204
x-served-by: cache-iad-kjyo7100024-IAD, cache-iad-kiad7000177-IAD, cache-lax-kwhp1940030-LAX, cache-iad-kjyo7100054-IAD, cache-cph2320046-CPH
last-modified: Thu, 30 Nov 2023 06:38:46 GMT
server: nginx
surrogate-reporting: width=567,height=315,bytes=31474,owidth=600,oheight=315,obytes=37989
x-timer: S1701411958.941077,VS0,VE97
etag: "f8f13313fd85ead8918baf188424fba0"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 2, 1, 1, 0

GET
H2 200 thumb_b0ec.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_345%2Cw_620%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//images.says.com/uploads/story/cover_image/66102/ 15 KB
16 KB 121ms
121ms Image
image/webp 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_345%2Cw_620%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//images.says.com/uploads/story/cover_image/66102/thumb_b0ec.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e9560d3934c8096e34d5ea6822bf5622a3dd00d4d8bfdf3a3d91ae7734e408a0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-vcl-time-ms: 85
date: Fri, 01 Dec 2023 06:25:58 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_345%2Cw_620%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//images.says.com/uploads/story/cover_image/66102/thumb_b0ec.png
age: 80174
edge-cache-tag: 377354150292624955224969838615770492857,542123104031085224879637386283300440882,29ecf9b93bbf306179626feeda1fab70
cache-tag: 377354150292624955224969838615770492857,542123104031085224879637386283300440882,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, MISS, HIT, HIT, MISS
x-envoy-upstream-service-time: 214
req-referer: https://says.com/my/news/you-will-be-able-to-claim-rm100-e-credit-starting-monday
content-length: 15468
x-request-id: 3e5f0530b212e68bf300997f78c196a8
x-backend-name: CH_nlb802
x-served-by: cache-iad-kiad7000048-IAD, cache-iad-kcgs7200098-IAD, cache-lga21968-LGA, cache-iad-kcgs7200177-IAD, cache-cph2320046-CPH
last-modified: Thu, 30 Nov 2023 08:03:09 GMT
server: nginx
surrogate-reporting: width=565,height=314,bytes=26755,owidth=600,oheight=314,obytes=187888
x-timer: S1701411958.040163,VS0,VE85
etag: "84462c6932f26157d3835a8c64b71985"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 1, 2, 0

GET
H2 200 thumb_415a.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_523%2Cw_940%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//images.says.com/uploads/story/cover_image/66093/ 28 KB
28 KB 119ms
119ms Image
image/webp 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_523%2Cw_940%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//images.says.com/uploads/story/cover_image/66093/thumb_415a.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: dcf165c5dcb6343f53ab014258a36f61ca43854c4a9478a5c1d3079a682c82e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-vcl-time-ms: 85
date: Fri, 01 Dec 2023 06:25:58 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_523%2Cw_940%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//images.says.com/uploads/story/cover_image/66093/thumb_415a.jpg
age: 97399
edge-cache-tag: 346937372001131736921328662518356946845,542123104031085224879637386283300440882,29ecf9b93bbf306179626feeda1fab70
cache-tag: 346937372001131736921328662518356946845,542123104031085224879637386283300440882,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, MISS, HIT, HIT, MISS
x-envoy-upstream-service-time: 260
req-referer: https://says.com/my/seismik/tunjuk-kebodohan-gadis-dikecam-sebab-permainkan-solat-sujud-sambil-selfie
content-length: 28184
x-request-id: 25855d63914dfffad403992a2016decb
x-backend-name: CH_nlb801
x-served-by: cache-iad-kiad7000176-IAD, cache-iad-kiad7000061-IAD, cache-lga21954-LGA, cache-iad-kjyo7100170-IAD, cache-cph2320046-CPH
last-modified: Thu, 30 Nov 2023 03:22:39 GMT
server: nginx
surrogate-reporting: width=547,height=304,bytes=21686,owidth=600,oheight=304,obytes=156293
x-timer: S1701411958.076048,VS0,VE85
etag: "880db8b80356e76d81f3403129b1f248"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 1, 2, 0

GET
H2 200 thumb_1fc3.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_523%2Cw_940%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//images.says.com/uploads/story/cover_image/66119/ 49 KB
50 KB 121ms
120ms Image
image/webp 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_523%2Cw_940%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//images.says.com/uploads/story/cover_image/66119/thumb_1fc3.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 6692244998cc3be866e58940589d2988fb779c9f05b0983fb2d675e72f898a78

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-vcl-time-ms: 85
date: Fri, 01 Dec 2023 06:25:58 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_523%2Cw_940%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//images.says.com/uploads/story/cover_image/66119/thumb_1fc3.jpg
age: 78203
edge-cache-tag: 584517112796791076064783883034039844735,542123104031085224879637386283300440882,29ecf9b93bbf306179626feeda1fab70
cache-tag: 584517112796791076064783883034039844735,542123104031085224879637386283300440882,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, HIT, HIT, HIT, MISS
x-envoy-upstream-service-time: 309
req-referer: https://says.com/my/news/m-sian-graduate-loses-battle-to-cancer-five-days-after-graduating?_ga=2.143477173.1646163636.1701351204-1756374346.1670594104
content-length: 49832
x-request-id: 84edf8458f3ba9242093b91633ce07dc
x-backend-name: CH_nlb804
x-served-by: cache-iad-kcgs7200149-IAD, cache-iad-kjyo7100020-IAD, cache-lga21980-LGA, cache-iad-kcgs7200057-IAD, cache-cph2320046-CPH
last-modified: Thu, 30 Nov 2023 08:40:53 GMT
server: nginx
surrogate-reporting: width=565,height=314,bytes=39568,owidth=600,oheight=314,obytes=227753
x-timer: S1701411958.162165,VS0,VE85
etag: "3b861eb9957d4467cd16e846c78c91f5"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 2, 1, 1, 0

GET
H2 200 2430fdda3d2f8a9ec18513d7a491225a.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_523%2Cw_940%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 98 KB
98 KB 37ms
37ms Image
image/webp 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_523%2Cw_940%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/2430fdda3d2f8a9ec18513d7a491225a.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 878d05dd70dc776930083ad085fb7e70da55bab9ff46eb5eb1ab92aeadc2434f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-vcl-time-ms: 2
date: Fri, 01 Dec 2023 06:25:58 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_523%2Cw_940%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/2430fdda3d2f8a9ec18513d7a491225a.jpg
age: 1205290
edge-cache-tag: 589285284731044613996660382065332621511,542123104031085224879637386283300440882,29ecf9b93bbf306179626feeda1fab70
cache-tag: 589285284731044613996660382065332621511,542123104031085224879637386283300440882,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, HIT, HIT, HIT, HIT
x-envoy-upstream-service-time: 235
req-referer: https://newstral.com/
content-length: 99840
x-request-id: fd644524ca44044c2e531ffc26df15cf
x-backend-name: CH_nlb803
x-served-by: cache-iad-kiad7000043-IAD, cache-iad-kcgs7200085-IAD, cache-lga21928-LGA, cache-iad-kcgs7200058-IAD, cache-cph2320046-CPH
last-modified: Thu, 16 Nov 2023 13:22:53 GMT
server: nginx
surrogate-reporting: width=1000,height=555,bytes=141909,owidth=1000,oheight=600,obytes=691448
x-timer: S1701411958.199165,VS0,VE2
etag: "f0317feb88db6ac504f1553171bbdea2"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 1, 3, 1

GET
H2 200 e00b5345967d099715d7cbb0e964e8db.png
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_523%2Cw_940%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/ 96 KB
97 KB 42ms
42ms Image
image/webp 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_523%2Cw_940%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/e00b5345967d099715d7cbb0e964e8db.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: c06c594faa4a0cf282a479e0e91f19c417c1a64df0ebb3d3e2e057d9c6c26564

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-vcl-time-ms: 1
date: Fri, 01 Dec 2023 06:25:58 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_523%2Cw_940%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/e00b5345967d099715d7cbb0e964e8db.png
age: 2556889
edge-cache-tag: 373213438864257917162193030022124530214,542123104031085224879637386283300440882,29ecf9b93bbf306179626feeda1fab70
cache-tag: 373213438864257917162193030022124530214,542123104031085224879637386283300440882,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, HIT, HIT, HIT, HIT
x-envoy-upstream-service-time: 255
req-referer: https://www.sueddeutsche.de/
content-length: 98410
x-request-id: 8f3e5ab06c7d25919a082bb46ae491cd
x-backend-name: LA_nlb201
x-served-by: cache-iad-kiad7000131-IAD, cache-iad-kiad7000131-IAD, cache-lax-kwhp1940106-LAX, cache-iad-kcgs7200043-IAD, cache-cph2320046-CPH
last-modified: Sun, 22 Oct 2023 14:32:29 GMT
server: nginx
surrogate-reporting: width=1000,height=555,bytes=143167,owidth=1000,oheight=600,obytes=1052670
x-timer: S1701411958.247257,VS0,VE1
etag: "0b2e728f32f779537aa0f8533897cc2f"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 1, 11, 1

GET
H2 200 thumb_b517.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_523%2Cw_940%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//images.says.com/uploads/story/cover_image/66131/ 52 KB
53 KB 443ms
443ms Image
image/webp 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_523%2Cw_940%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//images.says.com/uploads/story/cover_image/66131/thumb_b517.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 645540cc4a407a22ea042a7d7695364ed3161fbf9a676020644bf10ce35a2f6c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-vcl-time-ms: 407
date: Fri, 01 Dec 2023 06:25:58 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_523%2Cw_940%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//images.says.com/uploads/story/cover_image/66131/thumb_b517.jpg
age: 6308
edge-cache-tag: 384808040760543501607513729798908451698,542123104031085224879637386283300440882,29ecf9b93bbf306179626feeda1fab70
cache-tag: 384808040760543501607513729798908451698,542123104031085224879637386283300440882,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, MISS, HIT, MISS, MISS
x-envoy-upstream-service-time: 216
req-referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
content-length: 53686
x-request-id: 33c3309f7d34eb1d551d563ab5d9473c
x-backend-name: LA_nlb203
x-served-by: cache-iad-kiad7000153-IAD, cache-iad-kcgs7200090-IAD, cache-lax-kwhp1940111-LAX, cache-iad-kcgs7200059-IAD, cache-cph2320046-CPH
last-modified: Fri, 01 Dec 2023 04:40:51 GMT
server: nginx
surrogate-reporting: width=565,height=314,bytes=41858,owidth=600,oheight=314,obytes=63343
x-timer: S1701411958.286871,VS0,VE407
etag: "187b5000adb0432c4d4377bed4a4ec3a"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 1, 0, 0

GET
H2 200 thumb_35e6.jpg
images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_523%2Cw_940%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//images.says.com/uploads/story/cover_image/66113/ 46 KB
46 KB 1130ms
1130ms Image
image/webp 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_523%2Cw_940%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//images.says.com/uploads/story/cover_image/66113/thumb_35e6.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 0caec618b80cd84ae831b6d0556995179a82930690faff82e7c39343369839a9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-vcl-time-ms: 1082
date: Fri, 01 Dec 2023 06:25:59 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_523%2Cw_940%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/https%3A//images.says.com/uploads/story/cover_image/66113/thumb_35e6.jpg
age: 9484
edge-cache-tag: 412073058259235420581551790894191456537,542123104031085224879637386283300440882,29ecf9b93bbf306179626feeda1fab70
cache-tag: 412073058259235420581551790894191456537,542123104031085224879637386283300440882,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, MISS, HIT, MISS, MISS
x-envoy-upstream-service-time: 982
req-referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
content-length: 46698
x-request-id: 198fa41457f15616bfabdb19c0c6870e
x-backend-name: US_nlb106
x-served-by: cache-iad-kiad7000167-IAD, cache-iad-kjyo7100080-IAD, cache-lga21948-LGA, cache-iad-kcgs7200112-IAD, cache-cph2320046-CPH
last-modified: Fri, 01 Dec 2023 03:47:56 GMT
server: nginx
surrogate-reporting: width=565,height=314,bytes=38102,owidth=600,oheight=314,obytes=184255
x-timer: S1701411958.309597,VS0,VE1082
etag: "bcd94e04320d2c6658509371ab824fc3"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 1, 0, 0

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame 95DC 12 KB
6 KB 49ms
49ms Script
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:57 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 25 Nov 2024 06:25:57 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame EF88 0
10 B 23ms
20ms Image
text/plain 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?eM1T6w
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:57 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 95DC 13 KB
14 KB 193ms
106ms Image
image/png 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?h=176&m=0&partner=105623&q=80&r=0&u=https%3A%2F%2Fstatic.nl3.eu.criteo.net%2Fdesign%2Fdt%2F105623%2F5022139%2F2ad0250af6b64105b12172cc0682064c_eu_oveckarna_vertikalni_hneda.png&v=3&w=412&rid=4&s=4XmDzDhTj_Xt41SoTFfmZS1p

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

6cbe8afbaa101f41446ac5bfc341a559d315cab38a0e88e04fd82a10404f8917

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:57 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/png
cache-control: public, max-age=31104000
timing-allow-origin: *
content-length: 13661
expires: Sun, 03 Nov 2024 06:07:50 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 95DC 5 KB
5 KB 133ms
45ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=105623&q=80&r=0&u=https%3A%2F%2Fstatic.oveckarna.cz%2Fdata%2Ftmp%2F102%2F8%2F13428_102.jpg%3F1652957983_2&v=3&w=400&rid=4&s=FCLedqHbXHPjLEhVDP25aiS6&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

3c8a1c6175ebf8c196ef21fdc80868ab33ead86928b41d24f49e31ce57c077a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:57 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=2592000
timing-allow-origin: *
content-length: 4990
expires: Tue, 05 Dec 2023 14:54:58 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 95DC 13 KB
13 KB 175ms
88ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=105623&q=80&r=0&u=https%3A%2F%2Fstatic.oveckarna.cz%2Fdata%2Ftmp%2F102%2F5%2F9995_102.jpg%3F1635951174_2&v=3&w=400&rid=4&s=bbemO0SxEGZCGH1dw66Jgm8K&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e422414f4aa493e470ee85b8142cd51142f661603337694399421cf87db670f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:57 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=2592000
timing-allow-origin: *
content-length: 13368
expires: Wed, 06 Dec 2023 04:53:03 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 95DC 15 KB
15 KB 215ms
128ms Image
image/webp 2a02:2638:3::10
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=105623&q=80&r=0&u=https%3A%2F%2Fstatic.oveckarna.cz%2Fdata%2Ftmp%2F102%2F1%2F11461_102.jpg%3F1637921114_2&v=3&w=400&rid=4&s=Mk6aCbOMrkhsLsruILQ6XPcB&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::10 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

ee87e6547702fb6ef8a6f9d5ef54c46594c7481654f383a9ba9c17867932172c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:57 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=2592000
timing-allow-origin: *
content-length: 15494
expires: Tue, 05 Dec 2023 04:35:40 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 95DC 0
128 B 110ms
36ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=0XB4-hPZzaw6HgbPU9IgXPy_yEz81M91lEqYQdEGD8abOTGT5Wwn-k1ZfS-ZolyxM1uCcGeopDqAXzB2TL-BbGfIFxo-_stbO9eDxaop5xMQHD0hZS3rv3e9HwXH7SvhFnTJ9-mHTXTTvTS7kijGqVuyQiNUl0jnuIielnLJ1CT2yDeXA9VWGVhU76q3lIXIyt83W7FAAI2EuRXkw31m1joEPxAM9OLgQnQxQUFD4QC94V56bKSEJWXEbSE&sds=2&rev=89278&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Fri, 01 Dec 2023 06:25:57 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 95DC 2 KB
1 KB 45ms
43ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:57 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 25 Nov 2024 06:25:57 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 95DC 2 KB
1 KB 45ms
45ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:57 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Mon, 25 Nov 2024 06:25:57 GMT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_245%2Cw_440%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/e56685c019e579160407c07f9abf1023.jpeg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: ad83124c87c5e01c8804ea48618ebaa801f1d00b6e56626781a65b41c65c3013

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Fri, 01 Dec 2023 06:25:58 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_245%2Cw_440%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/e56685c019e579160407c07f9abf1023.jpeg
age: 3092923
edge-cache-tag: 546360490756365005906749645146783395311,418213119990820519753380268763636342871,29ecf9b93bbf306179626feeda1fab70
cache-tag: 546360490756365005906749645146783395311,418213119990820519753380268763636342871,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, HIT, MISS, HIT, HIT
x-envoy-upstream-service-time: 216
req-referer: https://www.wn.de/
content-length: 9394
x-request-id: fa3ba07a29bfef1acbd009fd2f6b56ba
x-backend-name: LA_nlb203
x-served-by: cache-iad-kiad7000075-IAD, cache-iad-kcgs7200092-IAD, cache-lax-kwhp1940050-LAX, cache-iad-kiad7000176-IAD, cache-cph2320046-CPH
last-modified: Thu, 12 Oct 2023 15:44:32 GMT
server: nginx
surrogate-reporting: width=440,height=245,bytes=16443,owidth=1600,oheight=1200,obytes=130210
x-timer: S1701411959.534605,VS0,VE0
etag: "17d6fb8205a81726f3f81195c3dfee55"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 7, 0, 23, 2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_245%2Cw_440%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/18719ac0ee1fe9911d53de4a6cc00934.jpeg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 383d190a888d7445ba737926777149cffeea80155d1edabfba973f42aadc0218

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Fri, 01 Dec 2023 06:25:58 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_245%2Cw_440%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/18719ac0ee1fe9911d53de4a6cc00934.jpeg
age: 4782280
edge-cache-tag: 514692762844373186263107621987516761342,542123104031085224879637386283300440882,29ecf9b93bbf306179626feeda1fab70
cache-tag: 514692762844373186263107621987516761342,542123104031085224879637386283300440882,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, HIT, MISS, HIT, HIT, HIT
x-envoy-upstream-service-time: 90
req-referer: https://www.tipranks.com/
content-length: 9476
x-request-id: 7e76cf94d4a2e443950148a2c200d10f
x-backend-name: CH_nlb804
x-served-by: cache-iad-kcgs7200162-IAD, cache-iad-kjyo7100135-IAD, cache-lga21983-LGA, cache-iad-kjyo7100169-IAD, cache-cph2320046-CPH
last-modified: Thu, 07 Sep 2023 15:25:50 GMT
server: nginx
surrogate-reporting: width=1000,height=555,bytes=46107,owidth=1000,oheight=600,obytes=87026
x-timer: S1701411959.571448,VS0,VE0
etag: "630c95993701fed9f106fa0d48a48b8e"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 0, 1, 88, 2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_245%2Cw_440%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/4ac1c71a7ff35b8c3a2606fddca06c3c.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 5488404f8ea16d1737b67f56bf488290dfc1afadac0a12eaec970945c7afe844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Fri, 01 Dec 2023 06:25:58 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_245%2Cw_440%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/4ac1c71a7ff35b8c3a2606fddca06c3c.png
age: 2480319
edge-cache-tag: 597036692059317731596525082791172240850,418213119990820519753380268763636342871,29ecf9b93bbf306179626feeda1fab70
cache-tag: 597036692059317731596525082791172240850,418213119990820519753380268763636342871,29ecf9b93bbf306179626feeda1fab70
x-cache: Miss from cloudfront, HIT, HIT, HIT, HIT, HIT
x-envoy-upstream-service-time: 61
expiration: expiry-date="Sun, 22 Oct 2023 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
req-referer: https://www.unnuetzes.com/
content-length: 15108
x-backend-name: US_nlb106
x-served-by: cache-iad-kcgs7200061-IAD, cache-iad-kcgs7200082-IAD, cache-lga21945-LGA, cache-iad-kjyo7100103-IAD, cache-cph2320046-CPH
last-modified: Thu, 21 Sep 2023 09:39:58 GMT
server: nginx
surrogate-reporting: width=440,height=245,bytes=31083,owidth=1200,oheight=800,obytes=1168511
x-timer: S1701411959.607629,VS0,VE0
etag: "45146190117a45dbd1076cb1e9cdb7c0"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 1, 2, 1, 5, 2

GET
H2 200 cast_sender.js Show response
www.gstatic.com/cv/js/sender/v1/ Frame B775 4 KB
2 KB 82ms
33ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/5753e790/player_ias.vflset/de_DE/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2007
x-xss-protection: 0
last-modified: Tue, 16 Feb 2021 23:57:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview"
vary: Accept-Encoding
report-to: {"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 01 Dec 2023 06:25:57 GMT

GET
H2 204 supply-feature
am-trc-events.taboola.com/revmediagroup-says/log/3/ 0
230 B 29ms
29ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-trc-events.taboola.com/revmediagroup-says/log/3/supply-feature?route=AM:AM:V&tvi48=11593&tvi50=11104&lti=deflated&ri=a4c9b438d61c5d8c54a44496c7ae09ef&sd=v2_cc13e697322af19d20629857db025b89_baf0e9aa-5781-4c6a-9edd-08824637a1cf-tuctc6301f5_1701411957_1701411957_CNawjgYQtppfGPfSuKDCMSABKAEwODib4wlAh4oQSMLV4gNQ____________AVgAYABo5-D4sc3qn58xcAA&ui=baf0e9aa-5781-4c6a-9edd-08824637a1cf-tuctc6301f5&pi=/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot&wi=-478537031570568458&pt=text&vi=1701411957111&d=%7B%22event_type%22%3A%22distance_from_article%22%2C%22event_state%22%3A%22reported%22%2C%22event_value%22%3A%22502.671875%22%2C%22event_msg%22%3A%22%22%2C%22event_key%22%3A%22%22%7D&tim=07%3A25%3A57.809&id=3961&llvl=2&cv=20231129-9-RELEASE&
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Fri, 01 Dec 2023 06:25:57 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

GET
H2 200 css2
fonts.googleapis.com/ 20 KB
1 KB 82ms
30ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Poppins:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

Requested by

Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20231129-9-RELEASE.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a44f5d561cd3e602e092304c1356809a206492fa189be1c11d923e8e768b06b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 01 Dec 2023 06:25:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 01 Dec 2023 05:23:47 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 01 Dec 2023 06:25:57 GMT

GET
H3 200 sponsor-widget_en.gif
pcto.revmedia.my/2023/11/cetaphil/assets/ 98 KB
99 KB 35ms
35ms Image
image/webp 2606:4700:4400::ac40:97e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcto.revmedia.my/2023/11/cetaphil/assets/sponsor-widget_en.gif

Requested by

Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/explore-more.20231129-9-RELEASE.es6.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:97e6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b8f07b699df0f9637e174df1a1f2e4d4cd9e0202998d993d872327302a06253f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:57 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2086
cf-polished: origFmt=gif, origSize=163087
x-guploader-uploadid: ABPtcPr3577nVnqZ6CKTcDSMq1s19rM0oa-wRt51nbleg-H_zMknGnmMjO6oOJx90RC-po2ivC4
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-disposition: inline; filename="sponsor-widget_en.webp"
alt-svc: h3=":443"; ma=86400
content-length: 100254
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
cf-bgj: imgq:100,h2pri
last-modified: Wed, 22 Nov 2023 03:09:41 GMT
server: cloudflare
etag: "f9426033867e0c487bb993926a512254"
vary: Accept
x-goog-generation: 1700622581780489
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=SdfAAA==, md5=+UJgM4Z+DEh7uZOSalEiVA==
access-control-expose-headers: Content-Type
cache-control: public, max-age=14400
x-goog-stored-content-length: 163087
x-frame-options: SAMEORIGIN
accept-ranges: bytes
cf-ray: 82e941806d0c90e6-FRA
expires: Fri, 01 Dec 2023 10:25:57 GMT

GET
H3 200 sponsor-logo.png
pcto.revmedia.my/2023/11/cetaphil/assets/ 5 KB
6 KB 34ms
33ms Image
image/webp 2606:4700:4400::ac40:97e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcto.revmedia.my/2023/11/cetaphil/assets/sponsor-logo.png

Requested by

Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/explore-more.20231129-9-RELEASE.es6.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:97e6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2c59386bc6f029ae692b14f959525447295dbc2a67949ebf93a715d3f8ee9dca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:57 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2086
cf-polished: origFmt=png, origSize=7231
x-guploader-uploadid: ABPtcPone_0PqUbYNPT6wwhWoqFjiMebtl9PIS58P6pPA536rA5WIMft_5H0y2RIWSh6LxVxLxphxf6uAw
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-disposition: inline; filename="sponsor-logo.webp"
alt-svc: h3=":443"; ma=86400
content-length: 5034
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
cf-bgj: imgq:100,h2pri
last-modified: Wed, 22 Nov 2023 03:09:41 GMT
server: cloudflare
etag: "fe98f6c9fe9c04c29c097e9fde7fa344"
vary: Accept
x-goog-generation: 1700622581968853
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=JpdKSA==, md5=/pj2yf6cBMKcCX6f3n+jRA==
access-control-expose-headers: Content-Type
cache-control: public, max-age=14400
x-goog-stored-content-length: 7231
x-frame-options: SAMEORIGIN
accept-ranges: bytes
cf-ray: 82e941806d0f90e6-FRA
expires: Fri, 01 Dec 2023 10:25:57 GMT

GET
H3 200 says-blue.png
pcto.revmedia.my/2023/11/cetaphil/assets/ 9 KB
10 KB 32ms
31ms Image
image/webp 2606:4700:4400::ac40:97e6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pcto.revmedia.my/2023/11/cetaphil/assets/says-blue.png

Requested by

Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/explore-more.20231129-9-RELEASE.es6.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:97e6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7b48aedf74c1af93cdae2c9ac3fbb8821d252e2b5683b3f0b5525c690473e058

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:57 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2086
cf-polished: origFmt=png, origSize=22232
x-guploader-uploadid: ABPtcPpt9qrul4I7EHlu6eh3JnVOpQRrpXaKmsUXjFJ7mz-JjPMbF1xavUEVbmkgo8oQ1T2RoQ
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-disposition: inline; filename="says-blue.webp"
alt-svc: h3=":443"; ma=86400
content-length: 9320
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
cf-bgj: imgq:100,h2pri
last-modified: Wed, 29 Nov 2023 04:31:29 GMT
server: cloudflare
etag: "dea80ed03309f3d937557f15debd1642"
vary: Accept
x-goog-generation: 1701232289357132
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=Q8vOQA==, md5=3qgO0DMJ89k3VX8V3r0WQg==
access-control-expose-headers: Content-Type
cache-control: public, max-age=14400
x-goog-stored-content-length: 22232
x-frame-options: SAMEORIGIN
accept-ranges: bytes
cf-ray: 82e941806d1090e6-FRA
expires: Fri, 01 Dec 2023 10:25:57 GMT

GET
H3 403 says-logo-white-7aef5e5dce9fc35f98a00aa174b9206cbb23460ee62c0bd446e3175dab4aece9.svg
says.com/assets/ 8 KB
8 KB 26ms
25ms Image
text/html 2606:4700:4400::ac40:95ee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://says.com/assets/says-logo-white-7aef5e5dce9fc35f98a00aa174b9206cbb23460ee62c0bd446e3175dab4aece9.svg

Requested by

Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/explore-more.20231129-9-RELEASE.es6.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::ac40:95ee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1bd6e701b4590fcfde64b99a0eafc202c76fb34e83ae699dd0f0a8edc63de34e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:57 GMT
content-encoding: br
x-content-type-options: nosniff
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: same-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
cross-origin-opener-policy: same-origin
cf-mitigated: challenge
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
origin-agent-cluster: ?1
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cf-ray: 82e941806af8900a-FRA
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H2 200 spa-detector.20231129-9-RELEASE.es6.js Show response
cdn.taboola.com/libtrc/ 2 KB
1 KB 42ms
41ms Script
application/javascript 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/spa-detector.20231129-9-RELEASE.es6.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/revmediagroup-says/loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 85ee68a75c3c358ed7ff6924e54e581e1eff9c63cd1b93f27eda250577c975b0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-amz-version-id: k0r3df6Hl7BAN_rx9J_wtudOanwdUSu_
content-encoding: gzip
via: 1.1 varnish
date: Fri, 01 Dec 2023 06:25:57 GMT
x-amz-request-id: 92HXFMK560H25K28
age: 72492
x-amz-server-side-encryption: AES256
x-cache: HIT
x-amz-replication-status: PENDING
content-length: 779
x-amz-id-2: M6h1Cpo0SgWc3cM3SvAyXWw6b/4oUDrX3WNHGcKodb6+z2LwTsLYh+73EcOg/8b6B3BS5uT7t44=
x-served-by: cache-cph2320046-CPH
last-modified: Thu, 30 Nov 2023 10:17:46 GMT
server: AmazonS3
x-timer: S1701411958.831923,VS0,VE0
etag: "494839c6c6d78d42033aae689ce8fb58"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
abp: 85
access-control-allow-origin: *
cache-control: private,max-age=2629743
accept-ranges: bytes
x-cache-hits: 1245

GET
H2 204 supply-feature
am-trc-events.taboola.com/revmediagroup-says/log/3/ 0
230 B 30ms
29ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-trc-events.taboola.com/revmediagroup-says/log/3/supply-feature?route=AM:AM:V&tvi48=11593&tvi50=11104&lti=deflated&ri=a4c9b438d61c5d8c54a44496c7ae09ef&sd=v2_cc13e697322af19d20629857db025b89_baf0e9aa-5781-4c6a-9edd-08824637a1cf-tuctc6301f5_1701411957_1701411957_CNawjgYQtppfGPfSuKDCMSABKAEwODib4wlAh4oQSMLV4gNQ____________AVgAYABo5-D4sc3qn58xcAA&ui=baf0e9aa-5781-4c6a-9edd-08824637a1cf-tuctc6301f5&pi=/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot&wi=-478537031570568458&pt=text&vi=1701411957111&d=%7B%22event_type%22%3A%22EXPLORE_MORE%22%2C%22event_state%22%3A%22AVAILABLE%22%2C%22event_value%22%3A%22%22%2C%22event_msg%22%3A%22%22%2C%22event_key%22%3A%22%22%7D&tim=07%3A25%3A57.815&id=3706&llvl=2&cv=20231129-9-RELEASE&
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Fri, 01 Dec 2023 06:25:57 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

GET
H2 204 abtests
am-trc-events.taboola.com/revmediagroup-says/log/3/ 0
230 B 30ms
29ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-trc-events.taboola.com/revmediagroup-says/log/3/abtests?route=AM:AM:V&tvi48=11593&tvi50=11104&lti=deflated&ri=a4c9b438d61c5d8c54a44496c7ae09ef&sd=v2_cc13e697322af19d20629857db025b89_baf0e9aa-5781-4c6a-9edd-08824637a1cf-tuctc6301f5_1701411957_1701411957_CNawjgYQtppfGPfSuKDCMSABKAEwODib4wlAh4oQSMLV4gNQ____________AVgAYABo5-D4sc3qn58xcAA&ui=baf0e9aa-5781-4c6a-9edd-08824637a1cf-tuctc6301f5&pi=/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot&wi=-478537031570568458&pt=text&vi=1701411957111&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22explore-more%22%2C%22type%22%3A%22header%20found%22%2C%22eventTime%22%3A1701411957816%7D&tim=07%3A25%3A57.816&id=775&llvl=2&cv=20231129-9-RELEASE&
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Fri, 01 Dec 2023 06:25:57 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

GET
H2 204 supply-feature
am-trc-events.taboola.com/revmediagroup-says/log/3/ 0
230 B 31ms
30ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-trc-events.taboola.com/revmediagroup-says/log/3/supply-feature?route=AM:AM:V&tvi48=11593&tvi50=11104&lti=deflated&ri=a4c9b438d61c5d8c54a44496c7ae09ef&sd=v2_cc13e697322af19d20629857db025b89_baf0e9aa-5781-4c6a-9edd-08824637a1cf-tuctc6301f5_1701411957_1701411957_CNawjgYQtppfGPfSuKDCMSABKAEwODib4wlAh4oQSMLV4gNQ____________AVgAYABo5-D4sc3qn58xcAA&ui=baf0e9aa-5781-4c6a-9edd-08824637a1cf-tuctc6301f5&pi=/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot&wi=-478537031570568458&pt=text&vi=1701411957111&d=%7B%22event_type%22%3A%22EXPLORE_MORE%22%2C%22event_state%22%3A%22CLICKABLE%22%2C%22event_value%22%3A%22tblOriginalState%3A%20true%22%2C%22event_msg%22%3A%22back%20button%20enabled%2C%20history%20changed.%22%2C%22event_key%22%3A%22%22%7D&tim=07%3A25%3A57.817&id=1448&llvl=2&cv=20231129-9-RELEASE&
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Fri, 01 Dec 2023 06:25:57 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

GET
H2 204 abtests
am-trc-events.taboola.com/revmediagroup-says/log/3/ 0
230 B 30ms
29ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://am-trc-events.taboola.com/revmediagroup-says/log/3/abtests?route=AM:AM:V&tvi48=11593&tvi50=11104&lti=deflated&ri=a4c9b438d61c5d8c54a44496c7ae09ef&sd=v2_cc13e697322af19d20629857db025b89_baf0e9aa-5781-4c6a-9edd-08824637a1cf-tuctc6301f5_1701411957_1701411957_CNawjgYQtppfGPfSuKDCMSABKAEwODib4wlAh4oQSMLV4gNQ____________AVgAYABo5-D4sc3qn58xcAA&ui=baf0e9aa-5781-4c6a-9edd-08824637a1cf-tuctc6301f5&pi=/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot&wi=-478537031570568458&pt=text&vi=1701411957111&d=%7B%22abTestsEventType%22%3A%22simple%22%2C%22name%22%3A%22explore-more%22%2C%22type%22%3A%22explore-more-available%22%2C%22eventTime%22%3A1701411957819%7D&tim=07%3A25%3A57.819&id=3717&llvl=2&cv=20231129-9-RELEASE&
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

access-control-allow-origin: *
pragma: no-cache
date: Fri, 01 Dec 2023 06:25:57 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

GET
H3 204 generate_204
www.youtube.com/ Frame B775 0
10 B 19ms
19ms Image
text/plain 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.youtube.com/generate_204?PwESXQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/Q7LmTiaVXg4
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:57 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 9AA4 0
0 61ms
61ms Image
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CeyYQdHxpZZ-gNaGH7_UPw-CI4AT87KejdNOyyKuBEo2Lj4qkQBABIIeWryBglZqigrAHoAG7z8XaKMgBAqkC9DuTQFJEsj7gAgCoAwHIAwiqBNICT9BoZ75dQxQYEyrXTJAFLLBvh7IL9jFZL5zWMT0Vh6IeACnp9WocKSlTZQ6GAbKMcEZoCLTFEtlxvevFvCzC6Zgevs_kQ-up8y8gXHiNCXiDYIxA2CbOcjnxubiRWMvjtvrfbJzYTAA5tcUsq2KKSUzT_bXzW5N1_NrLaBXrAnhR0kaawgVRnnvopZTjjxpu_j5MulATCkyLWaMpjfWvJ0G-J5d1DRNOyUghfFqpXksfQk0WYzUC-rNzRoFOJrSob287mFdpxxZxPIyczyGtkqwsSDKIiy4zl-MIq-aZMGhZMkGZlxfZq75kngFzMVJ4NkBbKTfM3Vq3YBXx5mvqRdSbXofPHow8ceO3YoXRlxTltGnFrlYc4RRcbjCcA65u-34AQhL0CZbEcc7sNamGwCfqmDogD242Rbcla5awnkUxuBeVzPXaL83Pl7c7By24-qfABJbcx525BOAEAYgFu-GG3EygBgKAB7uHlroDqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQrdwO0ggfCIDhgHAQARgdMgLrAjoCgEBIvf3BOliHgLa6ze2CA5oJygFodHRwczovL2JyaWxsYW50ZW5lcmdpZS5kZS8_ZXRjY19tZWQ9U0VBJmV0Y2NfcGFyPUdvb2dsZSZldGNjX2NtcD1EaXNwbGF5X1JlaWNod2VpdGVfT2Vrb2dhcyZldGNjX2dycD0xNTI4MDE3NjY5MzQmZXRjY19ia3k9JmV0Y2NfbXR5PSZldGNjX3BsYz1zYXlzLmNvbSZldGNjX2N0dj02NzU1OTI4ODU4NTYmZXRjY19iZGU9YyZldGNjX3Zhcj17Z2NsaWR9gAoDyAsBogwcKhoKGOS0sQLutbECtbixAuS0sQLutbECu7uxAuINEwjc-La6ze2CAxWhw7sIHUMwAkzYEwPQFQGAFwGyFx4KHAgAEhRwdWItNzI5MDYzNzU0NDc1MjcwNhifhgY&sigh=7TH3KmhGfHA&uach_m=%5B%5D&ase=2&nis=5&cid=CAQSTwDICaaNbIxIVSH1txCYNlAbj9zqjNYC3DzJe56QZS3If2idK4TVy3QIMaYt0wFIwgozL1IVXoUzIMhM6ZxQl8BYizOAdP8nX9qf9np5VgEYAQ&cbvp=2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_450%2Cw_900%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/71d198c59073675ad96239e250119c1e.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 1c8ad2d1b52031a31dd4772aa5db33f3f0eebf3e5b32eb86d98441ea5527ca58

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Fri, 01 Dec 2023 06:25:58 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_450%2Cw_900%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/71d198c59073675ad96239e250119c1e.png
age: 1886993
edge-cache-tag: 500485166262708085999343149745427102901,618870499114759607638041997254694977048,29ecf9b93bbf306179626feeda1fab70
cache-tag: 500485166262708085999343149745427102901,618870499114759607638041997254694977048,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, MISS, HIT, HIT, HIT
x-envoy-upstream-service-time: 228
req-referer: https://backen24.eu/
content-length: 78034
x-request-id: 3e69bca252bc8cea1ac057980c934dfa
x-backend-name: US_nlb101
x-served-by: cache-iad-kiad7000066-IAD, cache-iad-kjyo7100036-IAD, cache-lga21934-LGA, cache-iad-kjyo7100078-IAD, cache-cph2320046-CPH
last-modified: Wed, 08 Nov 2023 23:33:53 GMT
server: nginx
surrogate-reporting: width=1920,height=960,bytes=387977,owidth=1920,oheight=1080,obytes=922774
x-timer: S1701411959.613791,VS0,VE0
etag: "718d62bdef88a91886344b2a098ea140"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 1, 12, 2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_450%2Cw_900%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/60ed8ba2150e2e9835f7bc956d825193.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 8e316dac6a1642935926265439208935ac5a13063fc9104f22980c549dc73a69

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Fri, 01 Dec 2023 06:25:58 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_450%2Cw_900%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/60ed8ba2150e2e9835f7bc956d825193.jpg
age: 221257
edge-cache-tag: 536750727950973524112366842041908945319,618870499114759607638041997254694977048,29ecf9b93bbf306179626feeda1fab70
cache-tag: 536750727950973524112366842041908945319,618870499114759607638041997254694977048,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, HIT, HIT, HIT, HIT
x-envoy-upstream-service-time: 252
req-referer: https://www.stylevamp.de/
content-length: 43070
x-request-id: 9557fe6d25ab168bbd9ac1903b2d7314
x-backend-name: CH_nlb804
x-served-by: cache-iad-kcgs7200027-IAD, cache-iad-kcgs7200145-IAD, cache-lga21938-LGA, cache-iad-kcgs7200134-IAD, cache-cph2320046-CPH
last-modified: Mon, 20 Nov 2023 16:08:38 GMT
server: nginx
surrogate-reporting: width=1000,height=500,bytes=79164,owidth=1000,oheight=629,obytes=568769
x-timer: S1701411959.643851,VS0,VE0
etag: "5a8f5862b629b42336497a9915126771"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 1, 4, 1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_245%2Cw_440%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/2f87776b3580b772c988979fccc36347.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: eaece4bd95b248c64d829dc22b99385917c64926d294662c5440414f2459cb75

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Fri, 01 Dec 2023 06:25:58 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_245%2Cw_440%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//cdn.taboola.com/libtrc/static/thumbnails/2f87776b3580b772c988979fccc36347.png
age: 2152331
edge-cache-tag: 539264722275397693898618951167535693130,418213119990820519753380268763636342871,29ecf9b93bbf306179626feeda1fab70
cache-tag: 539264722275397693898618951167535693130,418213119990820519753380268763636342871,29ecf9b93bbf306179626feeda1fab70
status: 200 OK
x-cache: Miss from cloudfront, MISS, HIT, HIT, HIT, HIT
x-envoy-upstream-service-time: 60
req-referer: https://www.psychologies.com/Therapies/Psychanalyse/Dictionnaire-des-reves/Urne
content-length: 30290
x-request-id: 81205a9b5de9894d4334d001c42b8336
x-backend-name: LA_nlb201
x-served-by: cache-iad-kjyo7100161-IAD, cache-iad-kcgs7200148-IAD, cache-lax-kwhp1940070-LAX, cache-iad-kjyo7100163-IAD, cache-cph2320046-CPH
last-modified: Thu, 12 Oct 2023 06:11:59 GMT
server: nginx
surrogate-reporting: width=440,height=245,bytes=44264,owidth=1200,oheight=800,obytes=1756948
x-timer: S1701411959.656707,VS0,VE0
etag: "540ba4b87176ff52e531491d52790a33"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 1, 1, 60, 1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images.taboola.com/taboola/image/fetch/f_jpg%2Cq_auto%2Ch_450%2Cw_900%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//c3.taboola.com/libtrc/static/thumbnails/so_auto/f_jpg/v1700489431/s0zibkczb2v3iiqmperf.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 54571d59b5bdb18d83b6912c130c4bd8e86c3054fe9808c24f7148d1e243ce75

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-vcl-time-ms: 0
date: Fri, 01 Dec 2023 06:25:58 GMT
via: 1.1 varnish, 1.1 varnish
x-debug: /taboola/image/fetch/f_jpg%2Cq_auto%2Ch_450%2Cw_900%2Cc_fill%2Cg_faces:auto%2Ce_sharpen/http%3A//c3.taboola.com/libtrc/static/thumbnails/so_auto/f_jpg/v1700489431/s0zibkczb2v3iiqmperf.jpg
age: 916398
edge-cache-tag: 457820365240072258546114716208338049180,618870499114759607638041997254694977048,29ecf9b93bbf306179626feeda1fab70
cache-tag: 457820365240072258546114716208338049180,618870499114759607638041997254694977048,29ecf9b93bbf306179626feeda1fab70
x-cache: Miss from cloudfront, MISS, MISS, HIT, HIT, HIT
x-envoy-upstream-service-time: 293
expiration: expiry-date="Thu, 21 Dec 2023 00:00:00 GMT", rule-id="delete fetch for taboola after 30 days"
req-referer: https://www.sport1.de/news/motorsport/formel1/2023/11/formel-1-red-bull-uberrascht-mit-fahrer-entscheidung
content-length: 62706
x-backend-name: CH_nlb801
x-served-by: cache-iad-kcgs7200173-IAD, cache-iad-kcgs7200142-IAD, cache-lga21929-LGA, cache-iad-kjyo7100037-IAD, cache-cph2320046-CPH
last-modified: Mon, 20 Nov 2023 15:48:35 GMT
server: nginx
surrogate-reporting: width=800,height=400,bytes=50931,owidth=800,oheight=480,obytes=56626
x-timer: S1701411959.683266,VS0,VE0
etag: "834407f867f2f88a04a35932755eef35"
x-ratelimit-remaining: 100
vary: ImageFormat
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-ratelimit-reset: 1
x-ratelimit-limit: 101
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-headers: X-Requested-With
x-cache-hits: 0, 0, 1, 29, 1

GET
H2 200 cast_sender.js Show response
www.gstatic.com/eureka/clank/119/ Frame B775 50 KB
15 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/eureka/clank/119/cast_sender.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f4d5deb4709cebcb8d869180a1db81fab7c54f99dc2e72dab8b3db15eb76e660

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 10:25:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 72033
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview-release
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14705
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 15:08:53 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview-release"
vary: Accept-Encoding
report-to: {"group":"cloudview-release","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview-release"}]}
content-type: text/javascript
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Fri, 01 Dec 2023 10:25:24 GMT

GET
H3 200 destination Show response
www.googletagmanager.com/gtag/ 184 KB
67 KB 46ms
46ms Script
application/javascript 2a00:1450:4001:80f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=UA-27970811-1&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5WNLRMX

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

dbd7282f116dc324f6764b5e24d1cb4824012169dd0132348c78f2d0cfe20336

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:57 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68094
x-xss-protection: 0
last-modified: Fri, 01 Dec 2023 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 01 Dec 2023 06:25:57 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 51BF 0
0 61ms
61ms Image
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CYXmwdHxpZZ6gNaGH7_UPw-CI4ATJntKxXNWdkfdwwI23ARABIABglZqigrAHggEXY2EtcHViLTMyOTE2ODg0MjA2ODA3MzbIAQmpAvQ7k0BSRLI-4AIAqAMByAMCqgTPAk_Q_WlYeZUumUA63pV8p5-h0qEW4exudVTx3yqG6F3TYXF7mIq2cat2p0iMiYbiPAGUdo0T1o61R8GIXbiJAYGa-1dZ0Xr8K75kF6rz68Z-Z59Rj57bImZviR4iRoz8dFDiNbN7TLswDndPE0gMHB4P7GdOyOOrggDaVdl6WKkCq0ZW1xbCRHd6H0-ThBNmtr91uPuXqQrI7u5yTxGclRNJdgwv8qDGofAfJMCylRvPZpMPrzvtkZ69JKc8_eMp-GGUksa1o9XL962w7bg0d5ZnXRNJ80LHpw1SY3t7ejm4zJbHF9Zq5qiq5pofQWQ_Zxdya_ZNxUxZz9Qcd45pogJnxO_rfgO7uCQAW6q_6gzEf2NZerOw8QUxytv006hubrx9REv2U6ffM7kFPSQQ7F9jjNpGO8pe26-5T9EWOEPFWl88-xN_tdbQMYgQxI1V4AQBgAaU4vC72MW79JUBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIHQiA4YBwEAEyAusCOgKAQEi9_cE6WIeAtrrN7YIDgAoD-gsCCAGADAHiDRMI2_i2us3tggMVocO7CB1DMAJM0BUBgBcBshccChoSFHB1Yi0zMjkxNjg4NDIwNjgwNzM2GJ-GBg&sigh=X2rkGJaqud4&uach_m=%5BUACH%5D&cid=CAQSTwDICaaNbIxIVSH1txCYNlAbj9zqjNYC3DzJe56QZS3If2idK4TVy3QIMaYt0wFIwgozL1IVXoUzIMhM6ZxQl8BYizOAdP8nX9qf9np5VgEYAQ&cbvp=2&vis=1
Requested by: Host: ce73e6b410d922c1f2e067cb16546cf3.safeframe.googlesyndication.com
URL: https://ce73e6b410d922c1f2e067cb16546cf3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ce73e6b410d922c1f2e067cb16546cf3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

GET
H2 200 notify
rtb.nl3.eu.criteo.com/google/auction/ Frame 51BF 0
126 B 161ms
72ms Image
text/plain 2a02:2638:3::9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rtb.nl3.eu.criteo.com/google/auction/notify?profile=14&payload=k47EGMg12AVanYNiAgIAAADMkYLjhnruPxTJRk8JOY7bEHR8aWWrC87757etheAWAAASAAAKCkFRVUJBUUVCQVE&wp=ZWl8dAANUB4Iu8OhAAIwQ1oiVkILYfIepjYytA&cbvp=2

Requested by

Host: ce73e6b410d922c1f2e067cb16546cf3.safeframe.googlesyndication.com
URL: https://ce73e6b410d922c1f2e067cb16546cf3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ce73e6b410d922c1f2e067cb16546cf3.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:57 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 148790
server: Kestrel
content-length: 0

GET
H3 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=UA-27970811-1&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 01 Dec 2023 05:49:38 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 2180
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Fri, 01 Dec 2023 07:49:38 GMT

POST
H3 200 hb Show response
hb.revid.my/ 64 B
456 B 1296ms
1270ms XHR
application/json 2606:4700:4400::6812:27d0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hb.revid.my/hb

Requested by

Host: heartbeat.mediaprimaplus.com.my
URL: https://heartbeat.mediaprimaplus.com.my/heartbeat.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:4400::6812:27d0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2c4ba274a689cfdb347953beff0848cc73e0b42d5821d3393c9b09d9d5271b52

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 01 Dec 2023 06:26:00 GMT
via: 1.1 google, 1.1 google
content-encoding: br
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
vary: Origin
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: https://says.com
x-cloud-trace-context: 2f63f9f4cbd1e754a44630785c861d6a
access-control-allow-credentials: true
cf-ray: 82e9418a5e7e9b3d-FRA

OPTIONS
H2 204 hb
hb.revid.my/ Frame 0
0 1369ms
1295ms Preflight
text/html 2606:4700:4400::6812:27d0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hb.revid.my/hb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:27d0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://says.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: https://says.com
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 82e9418219681e59-FRA
content-type: text/html
date: Fri, 01 Dec 2023 06:25:59 GMT
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
vary: Origin, Access-Control-Request-Headers
via: 1.1 google, 1.1 google
x-cloud-trace-context: 01b800ede80e29a401cd46db604dc5cb
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

POST
H/1.1 204
No Content collect Show response
y.clarity.ms/ 0
288 B 376ms
241ms XHR
text/plain 104.211.35.148
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://y.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.18/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.211.35.148 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://says.com
Date: Fri, 01 Dec 2023 06:25:58 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:dfa4d45a-f309-4181-9ede-77e6e6c0ecf0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 66ms
66ms Image
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202311150101&jk=1650737213599825&bg=!JiWlJWrNAAY3kmNgF5I7ADQBe5WfOOYM4NJ0Y79PIeBazstgOkRh4OH7YePGw5fJfXgi1dhWBBWe27GB0ViZtS0XMooWAgAAAYdSAAAAA2gBB5kCu2Jrrm7WKLbeyKdgx9udY6TryxcuIJUfxm-vuM6doXcpMq86dtz3e0_B1Vzk4mwaR4limMr0uJc3cz7gAUj79uAcv3t6fa-i-LhZ-Cuq1YfTbD74tHixXEQustBXo6j2xtgXvoF-lIavi4148VME-TksnEH-XzUbWZHvLocuRYZevLeb8dZPIGOFjED7JhX-oajxxB-kZCvCrL6fM6xsLnR3FVWAuXAeazdufqaJ_2QOkcjfSapGEAZxTm_cvf57kpagSKHWeEm56W7oFrYF6ejSSy93OTHZTTx9Dyui6VaRw_eC5bVmFPQ8kgIvWxd0mp7msS_njayUVxFCCKo0IGBB_sUVGl8_bN7cUAadsiXObGixNkY3NnXqXyN_7NWnGfaTK3XVZplwDUqSiiMh4EB3k_U5akYhDmW6XtkH_KT4WWFAGuuNLtIQTgo5Kxu_kKfSbWtj9P-8Qd8LmKboogxWO-S_FW8AFpRJsfpEnqu-CLcNTk9octYdiImeDlqlitzWElBUIhu_v-9i9R1JfK2KmlNLq0qAp7Fy3qjdifcRb0Ci8H5kgfnpfN2zL0-JTKsos3tqcsNwPaEL3lpXeGgBRP1BqrirEHSjhBezrjlxWXcMN7OPJnjGfZ0WY8Af2ZxGLhjEjQWwJI7YCLzsJ7pFQGJwXMbGZS-7qsOBV_sNwhqtz3h3s0ZcZq0V9DyhS0IZPU8sLqg3p0URIc3BjB9QBkv_er1GsQ4KbI4p1Hi3q_E2WiUXe1Q5-0CY1q5AlpfyIw3OPlMMuJpsNsv_thSnomUbtE05v3C93kmhwDRWhUXVNiaGWa6PaPlZfuxFI3bq4xQMkqPSxFySnKorkFRRxbSFCjZZDA7E6v__MyeugZb11-pvF6cV6lVvaBsRynDPy_JfeDxrGjg1rwWCuA-lNBw2rhgCBsrfwQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

GET
H2 200 1701411958656470b9ee6d2.2ee3b603 Show response
segment.api.useinsider.com/v4/segments/ 927 B
789 B 159ms
101ms XHR
application/json 2606:4700:7::a29f:853d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://segment.api.useinsider.com/v4/segments/1701411958656470b9ee6d2.2ee3b603?partnerid=10002153&fields=e0e252a5d8c8cdc04eacbd926868cffc,1a3e01539f4264ca05f749a0c0b39d41&
Requested by: Host: says.api.useinsider.com
URL: https://says.api.useinsider.com/ins.js?id=10002153
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:853d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7ca79b17283dd424f6e491d2effc14b0a4861b5c8ea6580950551ba8e49b948a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:58 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
access-control-allow-methods: GET
content-type: application/json
access-control-allow-origin: *
cf-ray: 82e94185ebd85bf9-FRA

GET
H2 200 / Show response
locationv2.api.useinsider.com/ 241 B
507 B 124ms
61ms XHR
application/json 2606:4700:7::a29f:863d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://locationv2.api.useinsider.com/?v=2&pId=10002153&
Requested by: Host: says.api.useinsider.com
URL: https://says.api.useinsider.com/ins.js?id=10002153
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:863d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b2d5c0cb8451d83bc49de5d00b262ac4f0c6e0c006bcbcee4a0295cb90d15111

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:58 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
vary: Origin
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
cf-ray: 82e941860e071994-FRA

POST
H3 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
25 B 27ms
27ms XHR
text/plain 2a00:1450:400c:c00::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-27970811-1&cid=1073581383.1701411957&jid=715923992&gjid=1654096731&_gid=2015496077.1701411957&_u=6CDAiUABBAQCAGAEK~&z=1432216890

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 01 Dec 2023 06:25:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://says.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
region1.analytics.google.com/g/ 0
17 B 27ms
27ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-7S9H066JJ6&gtm=45je3bt0v893599173&_p=1701411956740&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1073581383.1701411957&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEI&sid=1701411957&sct=1&seg=0&dl=https%3A%2F%2Fsays.com%2Fmy%2Ffun%2Fman-screamed-haidilao-staff-happy-birthday-hot-pot%3Ffbclid%3DIwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA&dt=Man%20Screams%20At%20Haidilao%20Staff%20For%20Singing%20Birthday%20Song%20To%20Him&_s=3&tfd=3114
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-7S9H066JJ6&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 06:25:58 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://says.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
log.api.useinsider.com/v2/ 42 B
162 B 77ms
60ms Image
image/gif 2606:4700:7::a29f:853d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://log.api.useinsider.com/v2/collect?p=eyJyZWYiOiJodHRwczovL3NheXMuY29tL215L2Z1bi9tYW4tc2NyZWFtZWQtaGFpZGlsYW8tc3RhZmYtaGFwcHktYmlydGhkYXktaG90LXBvdD9mYmNsaWQ9SXdBUjNTdWFOdjFSQm4zTU9zemdad1hqUC10S0FVMXFvUXBmZEcxY1pRUmVHV2VpRExhZE5GaDg3bVFuQSIsInJlZmVyZXIiOiJodHRwczovL3NheXMuY29tL215L2Z1bi9tYW4tc2NyZWFtZWQtaGFpZGlsYW8tc3RhZmYtaGFwcHktYmlydGhkYXktaG90LXBvdD9mYmNsaWQ9SXdBUjNTdWFOdjFSQm4zTU9zemdad1hqUC10S0FVMXFvUXBmZEcxY1pRUmVHV2VpRExhZE5GaDg3bVFuQSIsInVzZXJJZCI6IjE3MDE0MTE5NTg2NTY0NzBiOWVlNmQyLjJlZTNiNjAzIiwicGxhdGZvcm0iOiJ3ZWIiLCJvcmlnaW5hbFByaWNlIjowLCJvcmlnaW5hbEN1cnJlbmN5IjoiTVlSIiwiY29udmVydGVkQ3VycmVuY3kiOiJNWVIiLCJjb252ZXJ0ZWRQcmljZSI6MCwic2Vzc2lvbklkIjoiZUdjNGVHeDZNVFV0YW1GdE5pMHdhbTAwTFRZeFkyb3RNWFp3WmpJMU9UZGpjSEI0WHpFM01ERTBNVEU1TlRrPSIsInNhbGVzU2VzSWQiOiIiLCJzYWxlc1Nlc1RpbWUiOiJ1bmRlZmluZWQtMTcwMTQxMTk1OSIsIm9yZGVySWQiOiIiLCJwYWlkUHJvZHVjdHMiOiJbXSIsImNhbXBJZCI6ImMxMzYiLCJ0eXBlIjoiaW1wcmVzc2lvbiIsIm90aGVyIjoiIiwiY3VzdG9tU3ViSWQiOiJOL0EiLCJwcm9kdWN0VHlwZSI6ImN1c3RvbSJ9&t=cu&pn=says
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:853d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:58 GMT
cache-control: no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 82e94185e9fb5d5d-FRA
content-length: 42
content-type: image/gif

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 21ms
21ms Image
image/gif 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=797652530&t=event&ni=1&_s=1&dl=https%3A%2F%2Fsays.com%2Fmy%2Ffun%2Fman-screamed-haidilao-staff-happy-birthday-hot-pot%3Ffbclid%3DIwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA&ul=en-us&de=UTF-8&dt=Man%20Screams%20At%20Haidilao%20Staff%20For%20Singing%20Birthday%20Song%20To%20Him&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=INSIDER&ea=Variation%20-%2011442603-impressions-custom&el=(builder%20ID%3A%201115)%20-%20Variation%20Ratio%3A%2095%25&_u=6CDAiUABBAQCACAEK~&jid=715923992&gjid=1654096731&cid=1073581383.1701411957&tid=UA-27970811-1&_gid=2015496077.1701411957&gtm=45He3bt0n815WNLRMXv77806297&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&z=618350727

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Nov 2023 21:16:24 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 32974
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
log.api.useinsider.com/v2/ 42 B
94 B 72ms
63ms Image
image/gif 2606:4700:7::a29f:853d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://log.api.useinsider.com/v2/collect?p=eyJyZWYiOiJodHRwczovL3NheXMuY29tL215L2Z1bi9tYW4tc2NyZWFtZWQtaGFpZGlsYW8tc3RhZmYtaGFwcHktYmlydGhkYXktaG90LXBvdD9mYmNsaWQ9SXdBUjNTdWFOdjFSQm4zTU9zemdad1hqUC10S0FVMXFvUXBmZEcxY1pRUmVHV2VpRExhZE5GaDg3bVFuQSIsInJlZmVyZXIiOiJodHRwczovL3NheXMuY29tL215L2Z1bi9tYW4tc2NyZWFtZWQtaGFpZGlsYW8tc3RhZmYtaGFwcHktYmlydGhkYXktaG90LXBvdD9mYmNsaWQ9SXdBUjNTdWFOdjFSQm4zTU9zemdad1hqUC10S0FVMXFvUXBmZEcxY1pRUmVHV2VpRExhZE5GaDg3bVFuQSIsInVzZXJJZCI6IjE3MDE0MTE5NTg2NTY0NzBiOWVlNmQyLjJlZTNiNjAzIiwicGxhdGZvcm0iOiJ3ZWIiLCJvcmlnaW5hbFByaWNlIjowLCJvcmlnaW5hbEN1cnJlbmN5IjoiTVlSIiwiY29udmVydGVkQ3VycmVuY3kiOiJNWVIiLCJjb252ZXJ0ZWRQcmljZSI6MCwic2Vzc2lvbklkIjoiZUdjNGVHeDZNVFV0YW1GdE5pMHdhbTAwTFRZeFkyb3RNWFp3WmpJMU9UZGpjSEI0WHpFM01ERTBNVEU1TlRrPSIsInNhbGVzU2VzSWQiOiIiLCJzYWxlc1Nlc1RpbWUiOiJ1bmRlZmluZWQtMTcwMTQxMTk1OSIsIm9yZGVySWQiOiIiLCJwYWlkUHJvZHVjdHMiOiJbXSIsImNhbXBJZCI6ImM4MSIsInR5cGUiOiJpbXByZXNzaW9uIiwib3RoZXIiOiIiLCJjdXN0b21TdWJJZCI6Ik4vQSIsInByb2R1Y3RUeXBlIjoiY3VzdG9tIn0%3D&t=cu&pn=says
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:853d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:58 GMT
cache-control: no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 82e94185e9fd5d5d-FRA
content-length: 42
content-type: image/gif

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 21ms
21ms Image
image/gif 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=797652530&t=event&ni=1&_s=1&dl=https%3A%2F%2Fsays.com%2Fmy%2Ffun%2Fman-screamed-haidilao-staff-happy-birthday-hot-pot%3Ffbclid%3DIwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA&ul=en-us&de=UTF-8&dt=Man%20Screams%20At%20Haidilao%20Staff%20For%20Singing%20Birthday%20Song%20To%20Him&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=INSIDER&ea=Cookie%20Consent%20Button%20Clicks-impressions-custom&el=(builder%20ID%3A%20382)%20-%20Variation%20Ratio%3A%2095%25&_u=6CDAiUABBAQCAGAEK~&jid=&gjid=&cid=1073581383.1701411957&tid=UA-27970811-1&_gid=2015496077.1701411957&gtm=45He3bt0n815WNLRMXv77806297&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&z=38605099

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Nov 2023 21:16:24 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 32974
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
log.api.useinsider.com/v2/ 42 B
94 B 67ms
64ms Image
image/gif 2606:4700:7::a29f:853d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://log.api.useinsider.com/v2/collect?p=eyJyZWYiOiJodHRwczovL3NheXMuY29tL215L2Z1bi9tYW4tc2NyZWFtZWQtaGFpZGlsYW8tc3RhZmYtaGFwcHktYmlydGhkYXktaG90LXBvdD9mYmNsaWQ9SXdBUjNTdWFOdjFSQm4zTU9zemdad1hqUC10S0FVMXFvUXBmZEcxY1pRUmVHV2VpRExhZE5GaDg3bVFuQSIsInJlZmVyZXIiOiJodHRwczovL3NheXMuY29tL215L2Z1bi9tYW4tc2NyZWFtZWQtaGFpZGlsYW8tc3RhZmYtaGFwcHktYmlydGhkYXktaG90LXBvdD9mYmNsaWQ9SXdBUjNTdWFOdjFSQm4zTU9zemdad1hqUC10S0FVMXFvUXBmZEcxY1pRUmVHV2VpRExhZE5GaDg3bVFuQSIsInVzZXJJZCI6IjE3MDE0MTE5NTg2NTY0NzBiOWVlNmQyLjJlZTNiNjAzIiwicGxhdGZvcm0iOiJ3ZWIiLCJvcmlnaW5hbFByaWNlIjowLCJvcmlnaW5hbEN1cnJlbmN5IjoiTVlSIiwiY29udmVydGVkQ3VycmVuY3kiOiJNWVIiLCJjb252ZXJ0ZWRQcmljZSI6MCwic2Vzc2lvbklkIjoiZUdjNGVHeDZNVFV0YW1GdE5pMHdhbTAwTFRZeFkyb3RNWFp3WmpJMU9UZGpjSEI0WHpFM01ERTBNVEU1TlRrPSIsInNhbGVzU2VzSWQiOiIiLCJzYWxlc1Nlc1RpbWUiOiJ1bmRlZmluZWQtMTcwMTQxMTk1OSIsIm9yZGVySWQiOiIiLCJwYWlkUHJvZHVjdHMiOiJbXSIsImNhbXBJZCI6ImM4NyIsInR5cGUiOiJpbXByZXNzaW9uIiwib3RoZXIiOiIiLCJjdXN0b21TdWJJZCI6Ik4vQSIsInByb2R1Y3RUeXBlIjoiY3VzdG9tIn0%3D&t=cu&pn=says
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:853d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 06:25:58 GMT
cache-control: no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 82e94185e9fc5d5d-FRA
content-length: 42
content-type: image/gif

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 21ms
21ms Image
image/gif 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=797652530&t=event&ni=1&_s=1&dl=https%3A%2F%2Fsays.com%2Fmy%2Ffun%2Fman-screamed-haidilao-staff-happy-birthday-hot-pot%3Ffbclid%3DIwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA&ul=en-us&de=UTF-8&dt=Man%20Screams%20At%20Haidilao%20Staff%20For%20Singing%20Birthday%20Song%20To%20Him&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=INSIDER&ea=NST%20Suggested%20Articles%20Track-impressions-custom&el=(builder%20ID%3A%20438)%20-%20Variation%20Ratio%3A%2095%25&_u=6CDAiUABBAQCAGAEK~&jid=&gjid=&cid=1073581383.1701411957&tid=UA-27970811-1&_gid=2015496077.1701411957&gtm=45He3bt0n815WNLRMXv77806297&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&z=2003094740

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Nov 2023 21:16:24 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 32974
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 33ms
32ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-27970811-1&cid=1073581383.1701411957&jid=715923992&_u=6CDAiUABBAQCAGAEK~&z=1058498065

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 06:25:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 34ms
33ms Image
image/gif 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-27970811-1&cid=1073581383.1701411957&jid=715923992&_u=6CDAiUABBAQCAGAEK~&z=1058498065

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 06:25:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 bulk Show response
trc.taboola.com/revmediagroup-says/log/3/ 0
318 B 89ms
89ms XHR
image/gif 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/revmediagroup-says/log/3/bulk?tvi48=11593&tvi50=11104&route=AM%3AAM%3AV&lti=deflated&bulkSize=11
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20231129-9-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

x-vcl-time-ms: 19
date: Fri, 01 Dec 2023 06:25:58 GMT
via: 1.1 varnish
x-fastly-to-nlb-rtt: 13465
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
x-service-version: v1
x-served-by: cache-cph2320046-CPH
pragma: no-cache
server: nginx
x-timer: S1701411959.756612,VS0,VE19
content-type: image/gif
access-control-allow-origin: https://says.com
cache-control: no-cache
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

POST
H2 200 hit Show response
hit.api.useinsider.com/ 16 B
297 B 76ms
59ms XHR
text/plain 2606:4700:7::a29f:863d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hit.api.useinsider.com/hit
Requested by: Host: says.api.useinsider.com
URL: https://says.api.useinsider.com/ins.js?id=10002153
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:863d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Request headers

Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Fri, 01 Dec 2023 06:25:58 GMT
cf-cache-status: DYNAMIC
server: cloudflare
access-control-allow-methods: GET
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
request-id: a1a52e2d-8565-4238-98af-4b4b81d573ad
cf-ray: 82e941868e671994-FRA
content-length: 16

POST
H2 200 hit Show response
hit.api.useinsider.com/ 16 B
352 B 66ms
59ms XHR
text/plain 2606:4700:7::a29f:863d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hit.api.useinsider.com/hit
Requested by: Host: says.api.useinsider.com
URL: https://says.api.useinsider.com/ins.js?id=10002153
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:7::a29f:863d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Request headers

Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Fri, 01 Dec 2023 06:25:58 GMT
cf-cache-status: DYNAMIC
server: cloudflare
access-control-allow-methods: GET
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
request-id: 4b5c4975-0fc8-40fb-9ed2-d0bceaa52783
cf-ray: 82e941868e661994-FRA
content-length: 16

GET
H2 200 f539211219b796ffbb49949997c764f0.png
cdn.taboola.com/libtrc/static/thumbnails/ 254 B
741 B 35ms
35ms Image
image/png 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.taboola.com/libtrc/static/thumbnails/f539211219b796ffbb49949997c764f0.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-amz-version-id: hL.cyLD7Q4TL5ceY.7JQwF9m5IYI8mkC
date: Fri, 01 Dec 2023 06:25:58 GMT
via: 1.1 varnish
x-amz-request-id: DDQ4N5PH847FSFFN
age: 21884
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 254
x-amz-id-2: aqXZ5TfXP8iRdMdELepuMA5C/5ciFi+p6Ky8KbHabejFtNJHH4peFIuNVRC4MRKY5KotSYHDQrQ=
x-served-by: cache-cph2320046-CPH
last-modified: Wed, 24 Jun 2015 07:14:11 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: uid:0/gname:root/uname:root/gid:0/mode:33188/mtime:1377415166/atime:1435052450/md5:dfa7b52c86e56bd67fa4002f6ed19854/ctime:1422381567
x-timer: S1701411959.830280,VS0,VE0
etag: "dfa7b52c86e56bd67fa4002f6ed19854"
content-type: image/png
abp: 25
access-control-allow-origin: *
cache-control: private,max-age=31536000
accept-ranges: bytes
x-cache-hits: 504

GET
H2 200 cds-pips.js Show response
cdn.taboola.com/scripts/ 3 KB
2 KB 35ms
35ms Script
application/javascript 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/scripts/cds-pips.js
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/impl.20231129-9-RELEASE.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bce4b47b8fc12de49fac0a00e9039e38aa568aba0ee9154b93d20465f0289cfa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-amz-version-id: uLMchp7BESXZGZqPSJ8.FcfKBYdWFxIf
content-encoding: gzip
via: 1.1 varnish
date: Fri, 01 Dec 2023 06:25:59 GMT
x-amz-request-id: W0R5QX74Q2PBN68B
age: 136
x-amz-server-side-encryption: AES256
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 1347
x-amz-id-2: lRET2IwXjaFSp1i3BB9GjPtIDVCIcc4VElrKEqBeVbmOXvFNBRdOilZaej53L9vIVa/7JXMdEcU=
x-served-by: cache-cph2320046-CPH
last-modified: Sun, 29 Oct 2023 14:06:32 GMT
server: AmazonS3
x-timer: S1701411960.596960,VS0,VE0
etag: "c52aa1ea682aef8ad5ebf7aff9662e35"
vary: Accept-Encoding
content-type: application/javascript
abp: 19
access-control-allow-origin: *
cache-control: private, max-age=3600
accept-ranges: bytes
x-cache-hits: 103

GET
H2 200 / Show response
pips.taboola.com/ 64 B
240 B 60ms
19ms XHR
text/plain 2a04:4e42::300
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://pips.taboola.com/
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/scripts/cds-pips.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42::300 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: 333bb4ab0315e79b777efe067411f976f31da5dfb0b1753de3f378e780f864ba

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-served-by: cache-fra-etou8220113-FRA
date: Fri, 01 Dec 2023 06:25:59 GMT
via: 1.1 varnish
server: Varnish
access-control-allow-methods: GET
x-cache: HIT
access-control-allow-origin: https://says.com
cache-control: no-store
accept-ranges: bytes
content-length: 64
retry-after: 0
x-cache-hits: 0

GET
H2 204 / Show response
cds.taboola.com/ 0
82 B 372ms
111ms XHR
text/plain 141.226.224.32
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cds.taboola.com/?uid=baf0e9aa-5781-4c6a-9edd-08824637a1cf-tuctc6301f5&uad=f0871092f9e672c52b6f12d73598a0c04b99bfb0b62dd1a8848ff49d524b8e48&mbl=ZmFsc2U=
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/scripts/cds-pips.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.224.32 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

access-control-allow-origin: *
date: Fri, 01 Dec 2023 06:26:00 GMT
cache-control: no-store
server: nginx

POST
H3 200 log_event Show response
www.youtube.com/youtubei/v1/ Frame B775 28 B
54 B 35ms
33ms XHR
application/json 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/5753e790/www-embed-player.vflset/www-embed-player.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
X-Goog-Request-Time: 1701411959796
Content-Type: application/json
X-YouTube-Utc-Offset: 60
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/Q7LmTiaVXg4
X-YouTube-Client-Version: 1.20231126.00.00
X-YouTube-Time-Zone: Europe/Berlin
X-Goog-Visitor-Id: Cgt1aEF2QzVEYjZ3byj1-KWrBjIKCgJERRIEEgAgFw%3D%3D
X-YouTube-Ad-Signals: dt=1701411957361&flash=0&frm=2&u_tz=60&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C370%2C208&vis=1&wgl=true&ca_type=image&bid=ANyPxKoK5hvzwwjZoXvBcFK9uQ482G382vEA7wRti6JtN7Rr2YjDoyJwGI7NJgvB2KbS6Q4TEO2HHivLsAUK5V3hhgqTW9aIlQ

Response headers

date: Fri, 01 Dec 2023 06:25:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
content-type: application/json; charset=UTF-8
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31
x-xss-protection: 0
expires: Fri, 01 Dec 2023 06:25:59 GMT

POST
H/1.1 204
No Content collect Show response
y.clarity.ms/ 0
288 B 117ms
117ms XHR
text/plain 104.211.35.148
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://y.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.18/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.211.35.148 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://says.com
Date: Fri, 01 Dec 2023 06:26:00 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:dfa4d45a-f309-4181-9ede-77e6e6c0ecf0

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 21ms
21ms Image
image/gif 2a00:1450:4001:828::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=797652530&t=event&ni=1&_s=1&dl=https%3A%2F%2Fsays.com%2Fmy%2Ffun%2Fman-screamed-haidilao-staff-happy-birthday-hot-pot%3Ffbclid%3DIwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA&ul=en-us&de=UTF-8&dt=Man%20Screams%20At%20Haidilao%20Staff%20For%20Singing%20Birthday%20Song%20To%20Him&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Views%20Tracker&ea=Seconds%20Views&el=5%20second%20Views&ev=0&_u=6CDACUABBAQCAGAEK~&jid=&gjid=&cid=1073581383.1701411957&tid=UA-27970811-1&_gid=2015496077.1701411957&gtm=45He3bt0n815WNLRMXv77806297&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&z=169440472

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 30 Nov 2023 21:16:24 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 32977
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
region1.analytics.google.com/g/ 0
17 B 28ms
27ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-7S9H066JJ6&gtm=45je3bt0v893599173z877806297&_p=1701411956740&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1073581383.1701411957&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&sid=1701411957&sct=1&seg=0&dl=https%3A%2F%2Fsays.com%2Fmy%2Ffun%2Fman-screamed-haidilao-staff-happy-birthday-hot-pot%3Ffbclid%3DIwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA&dt=Man%20Screams%20At%20Haidilao%20Staff%20For%20Singing%20Birthday%20Song%20To%20Him&_s=4&tfd=8115
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-7S9H066JJ6&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://says.com/my/fun/man-screamed-haidilao-staff-happy-birthday-hot-pot?fbclid=IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 01 Dec 2023 06:26:03 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://says.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: truncated
URL: data:truncated

Verdicts & Comments Add Verdict or Comment

490 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

38 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-21 01:58:27	Name: IDE Value: AHWqTUlHKBgdYIn88y-vbmci6iUpZx3o17RZeH2-nJXrv8hVzfcyUrxaZu3YzX2P
.useinsider.com/	1970-01-20 16:36:53	Name: __cf_bm Value: VK9EwGqFGxdn_BmwnUvK8Tk94dRQW5Y1x6mNYTTw6wg-1701411957-0-Ab/qIpUPJ+7XtaQ+GlIuktwdDojUVNnmdkRrzajt56dfUWSA5jsCBJDZY/8M4bdNkQ5Lbk7ylGZeAkxnTASUUv4=
.openx.net/	1970-01-21 01:22:27	Name: i Value: 0198a431-63ae-4d0d-be75-fd02e4ed580c\|1701411957
.criteo.com/	1970-01-21 01:58:27	Name: receive-cookie-deprecation Value: 1
.criteo.com/	1970-01-21 01:58:27	Name: uid Value: ca8dfe1b-48de-4517-a2bb-895ff7fa1a40
.says.com/	1970-01-20 16:36:53	Name: __cf_bm Value: x2s2RB.4XpBqzoTLuLIDZdE5dZq538RE_vm0m6qS0lU-1701411957-0-AZ3sBwR4w/0uYcB7nDzaCGnO5KvtqMWDEMh4owtyaE18htRV3UIjMtbIKpfztLRqpmLFzCmyOp/dW/zIWgrpop0=
www.clarity.ms/	1970-01-21 01:22:27	Name: CLID Value: a278b883e9b1424f908a1b9b657ff932.20231201.20241130
.says.com/	1970-01-21 02:05:39	Name: _cb Value: BiNVrFCHFU3sBPT4h2
.says.com/	1970-01-21 02:05:39	Name: _chartbeat2 Value: .1701411957154.1701411957154.1.dMHCQByjeFhCmKDaUD6WlWwC7knV.1
.says.com/	1970-01-20 16:36:53	Name: _cb_svref Value: null
.says.com/	1970-01-21 01:58:27	Name: cto_bundle Value: _mxID182WUI1T3JaZyUyRnFHJTJGTGNhT3BaOUdOakNQdjRhazR6WGJhYlB6R1BtdmdMMVVYTG1XeGFUbDQlMkJINUxkT3V1MVVmOEZUdkU3MCUyQmdudk9NczBFeU53MzVoQXpwTDJmQVhuVTZEU3lLdTFqTyUyQk5vWmd4VlhXWWJaN2ZsZGtpY1NqVjVqVXRXR1ROQVo3Yk9DaG5VMWdhakZBJTNEJTNE
.says.com/	1970-01-21 01:22:27	Name: _clck Value: 10qou6h%7C2%7Cfh6%7C0%7C1430
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: 6_1I-X_SITk
.youtube.com/	1970-01-20 20:56:03	Name: VISITOR_INFO1_LIVE Value: uhAvC5Db6wo
.says.com/	1970-01-20 16:36:55	Name: AMP_TOKEN Value: %24NOT_FOUND
.says.com/	1970-01-21 02:12:51	Name: _ga Value: GA1.2.1073581383.1701411957
.says.com/	1970-01-20 16:38:18	Name: _gid Value: GA1.2.2015496077.1701411957
.says.com/	1970-01-20 16:36:52	Name: _gat_UA-27970811-1 Value: 1
.says.com/	1970-01-20 18:46:27	Name: _fbc Value: fb.1.1701411957296.IwAR3SuaNv1RBn3MOszgZwXjP-tKAU1qoQpfdG1cZQReGWeiDLadNFh87mQnA
.says.com/	1970-01-20 18:46:27	Name: _fbp Value: fb.1.1701411957299.523118233
.doubleclick.net/	1970-01-20 16:36:52	Name: test_cookie Value: CheckForPermission
.says.com/	1970-01-21 01:58:27	Name: __gads Value: ID=f0442151a2e031a4:T=1701411956:RT=1701411956:S=ALNI_MZmyE9sQHZV602ZHWTCCYlFIrifow
.says.com/	1970-01-21 01:58:27	Name: __gpi Value: UID=00000cffa2be6c50:T=1701411956:RT=1701411956:S=ALNI_MavKmysHMurprGixpIlNpjNdw-jSQ
.t.co/	1970-01-21 02:12:51	Name: muc_ads Value: 09edad01-c53f-4529-ad57-26b41b80f2b0
.twitter.com/	1970-01-21 02:12:51	Name: personalization_id Value: "v1_WZnrzXxvQ27ZTWE9Q02/aQ=="
.bing.com/	1970-01-21 01:58:27	Name: MUID Value: 314EF0CB296C630437A1E31128076281
.c.bing.com/	1970-01-20 16:46:56	Name: MR Value: 0
.c.bing.com/	1970-01-21 01:58:27	Name: SRM_B Value: 314EF0CB296C630437A1E31128076281
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-21 01:58:27	Name: MUID Value: 314EF0CB296C630437A1E31128076281
.c.clarity.ms/	1970-01-20 16:46:56	Name: MR Value: 0
.c.clarity.ms/	1970-01-20 16:36:52	Name: ANONCHK Value: 0
says.com/	1970-01-21 01:22:27	Name: trc_cookie_storage Value: taboola%2520global%253Auser-id%3Dbaf0e9aa-5781-4c6a-9edd-08824637a1cf-tuctc6301f5
.doubleclick.net/	1970-01-20 16:36:55	Name: DSID Value: NO_DATA
.says.com/	1970-01-20 16:38:18	Name: _clsk Value: 1516qhs%7C1701411957848%7C1%7C1%7Cy.clarity.ms%2Fcollect
.says.com/	1970-01-20 16:36:52	Name: _dc_gtm_UA-27970811-1 Value: 1
hb.revid.my/	1970-01-21 02:12:51	Name: revid Value: yeFOupywJBfClvBhK8oUv
.says.com/	1970-01-21 02:12:51	Name: _ga_7S9H066JJ6 Value: GS1.1.1701411957.1.0.1701411961.56.0.0

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://says.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Message: A preload for 'https://pcto.revmedia.my/2023/11/cetaphil/sto.js?=v1.1' is found, but is not used because the request credentials mode does not match. Consider taking a look at crossorigin attribute.
network	error	Message: A bad HTTP response code (403) was received when fetching the script.
network	error	URL: https://c16d-35-240-187-111.ngrok.io/pcto.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://says.com/my/stories/57681/update_show?_=1701411956730 Message: Failed to load resource: the server responded with a status of 403 ()
security	error	URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202311150101/pubads_impl.js(Line 9) Message: Refused to load the image 'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACsAAAAWBAMAAACrl3iAAAAABlBMVEUAAAD+AciWmZzWAAAAAnRSTlMAApidrBQAAACBSURBVBjTbZEBDoAwCAO7H/T/rzVQWpmRRdxCLTcE/uMoalcrJ3aV66ncCqzVp6qQLJVTn1J3inq8S/Z6T+/zIXHIdXEj+uEPsZDpHuUtgt6cuTUEQAMQsZc3pPVHF8k04eJ2xj3BfqsJ3ylI58nsCSoWh284g7y8aZr2zgSx/s8DHU8Fqj1eB/gAAAAASUVORK5CYII=' because it violates the following Content Security Policy directive: "img-src 'self' https: 'unsafe-eval' 'unsafe-inline' api.useinsider.com says.api.useinsider.com".
other	warning	URL: https://ce73e6b410d922c1f2e067cb16546cf3.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html(Line 15) Message: Origin trial controlled feature not enabled: 'attribution-reporting'.
network	error	URL: https://says.com/assets/says-logo-white-7aef5e5dce9fc35f98a00aa174b9206cbb23460ee62c0bd446e3175dab4aece9.svg Message: Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src https: 'self'; connect-src 'self' data: https: wss: about: 'unsafe-eval' 'unsafe-inline' api.useinsider.com says.api.useinsider.com; font-src 'self' data: https: 'unsafe-eval' 'unsafe-inline' api.useinsider.com says.api.useinsider.com; frame-src 'self' data: https: wss: about: 'unsafe-eval' 'unsafe-inline' api.useinsider.com says.api.useinsider.com; img-src 'self' https: 'unsafe-eval' 'unsafe-inline' api.useinsider.com says.api.useinsider.com; script-src 'self' data: https: wss: about: 'unsafe-eval' 'unsafe-inline' api.useinsider.com says.api.useinsider.com; style-src 'self' data: https: 'unsafe-eval' 'unsafe-inline' api.useinsider.com says.api.useinsider.com
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ads.eu.criteo.com
ads.pubmatic.com
am-trc-events.taboola.com
ampcid.google.com
ampcid.google.de
analytics.twitter.com
bcp.crwdcntrl.net
c.bing.com
c.clarity.ms
c16d-35-240-187-111.ngrok.io
cat.nl3.eu.criteo.com
cdn.ampproject.org
cdn.id5-sync.com
cdn.jsdelivr.net
cdn.prod.uidapi.com
cdn.skypack.dev
cdn.taboola.com
cdnjs.cloudflare.com
cds.taboola.com
ce73e6b410d922c1f2e067cb16546cf3.safeframe.googlesyndication.com
connect.facebook.net
csm.eu.criteo.net
fonts.googleapis.com
fonts.gstatic.com
google-bidout-d.openx.net
googleads.g.doubleclick.net
gum.criteo.com
hb.revid.my
heartbeat.mediaprimaplus.com.my
hit.api.useinsider.com
i.ytimg.com
id5-sync.com
imageproxy.eu.criteo.net
images.says.com
images.taboola.com
jnn-pa.googleapis.com
locationv2.api.useinsider.com
log.api.useinsider.com
mab.chartbeat.com
mug.criteo.com
oa.openxcdn.net
oajs.openx.net
p.typekit.net
pagead2.googlesyndication.com
pcto.revmedia.my
ping.chartbeat.net
pips.taboola.com
policy.revasia.com
region1.analytics.google.com
rtb.nl3.eu.criteo.com
says.api.useinsider.com
says.com
sb.scorecardresearch.com
securepubads.g.doubleclick.net
segment.api.useinsider.com
static.ads-twitter.com
static.chartbeat.com
static.cloudflareinsights.com
static.criteo.net
static.doubleclick.net
stats.g.doubleclick.net
t.co
tags.crwdcntrl.net
tpc.googlesyndication.com
trc.taboola.com
truncated
use.typekit.net
ut.pubmatic.com
www.clarity.ms
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.youtube.com
y.clarity.ms
yt3.ggpht.com
truncated
104.211.35.148
104.244.42.3
104.244.42.69
141.226.224.32
141.226.228.48
141.95.98.64
146.75.120.157
151.101.129.44
178.250.1.6
18.245.60.76
184.30.16.195
185.64.189.226
2001:4860:4802:34::36
2600:9000:2016:f200:a:e047:753:a221
2600:9000:2070:5800:18:1fcd:353:c61
2606:4700:10::ac43:266a
2606:4700:20::ac43:4ac2
2606:4700:3035::6815:273b
2606:4700:4400::6812:233f
2606:4700:4400::6812:2612
2606:4700:4400::6812:27d0
2606:4700:4400::ac40:95ee
2606:4700:4400::ac40:97e6
2606:4700:7::a29f:853d
2606:4700:7::a29f:863d
2606:4700::6810:3865
2606:4700::6810:5514
2606:4700::6811:180e
2620:1ec:bdf::45
2620:1ec:c11::200
2a00:1450:4001:801::200a
2a00:1450:4001:803::2006
2a00:1450:4001:803::2016
2a00:1450:4001:80e::2001
2a00:1450:4001:80f::2002
2a00:1450:4001:80f::2008
2a00:1450:4001:813::2003
2a00:1450:4001:813::2004
2a00:1450:4001:81c::200e
2a00:1450:4001:827::2003
2a00:1450:4001:828::200e
2a00:1450:4001:829::200e
2a00:1450:4001:82b::200e
2a00:1450:4001:82f::2001
2a00:1450:4001:82f::2002
2a00:1450:4001:830::2001
2a00:1450:4001:831::2002
2a00:1450:4001:831::2003
2a00:1450:4001:831::200a
2a00:1450:400c:c00::9b
2a02:2638:3::10
2a02:2638:3::12
2a02:2638:3::1a
2a02:2638:3::3
2a02:2638:3::9
2a02:2638:3::c
2a02:26f0:3500:16::215:1495
2a03:2880:f084:d:face:b00c:0:3
2a03:2880:f177:83:face:b00c:0:25de
2a04:4e42:600::714
2a04:4e42::300
2a05:d014:21b:8e02::6e:5
34.102.146.192
34.120.107.143
34.98.64.218
35.174.214.9
52.212.53.77
52.85.92.52
68.219.88.97
029210bb6046348cfc8962cc1179220567e1009ac6f3995da98cc30bad5a9471
038235bd3cb8315d2a638e0dcb856d9aabbce9db44f08914cbb89cddb4e1ee15
08106c7bf341e3850ac42fe1844e6a66013f726e6927a91c2b965a6861c97121
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
09b186dc119230c8ab2c806d31bcc8dd4a0a2ba347165f35156422307b8e10ff
0b3edef95477e35127470e60d70025f5bae955edb038fe4ab0f24f9bed5eba68
0caec618b80cd84ae831b6d0556995179a82930690faff82e7c39343369839a9
0e1ec6a3c61a7364f67590dc873dfd7b1cf684800963b6f5ed0d2dbc0a830a8a
0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec
140ca6ff4b82c2f0b348ee2a1d0a3a5d88d226ec5e9224126419ec08569d555d
18ebc36644e10f87e20812c15e329c1b25848c62cd6cdfe74427cdf8995bc3a9
1adb10c9a5878dd4306d66ff94ae27a07cbe47f57b34dec9a807e5d2d426eee0
1aee66e2e24e851039801c0dace90f3efb7a1a17b033f7d5bbc12ca7c1d19432
1bd6e701b4590fcfde64b99a0eafc202c76fb34e83ae699dd0f0a8edc63de34e
1bea71d07ca30415d598ea3dfbe6641f5aa63fe0414d3c27ed6bd0e89c603439
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
1c8ad2d1b52031a31dd4772aa5db33f3f0eebf3e5b32eb86d98441ea5527ca58
2428653048a13d41cc7aedcb47c0a8398d77a4d4a1cc3f999f9695d5e6d3d528
256de1accbccc4ffee65cf0ae6ddda99d1a056e669ddb390c959b942df9a5358
26a9dd9419f02a8f6848f783ccda3f24d24a085bb0aaf384181e7701127e9ffb
26ab0787e17ac94d80c7e591726b5facda6e104e375cfbfc732521ea5689c951
2aae3daa1aaf67449270e59f070784e1f9b9c79ed24861480a142d55d57c8bf6
2c4ba274a689cfdb347953beff0848cc73e0b42d5821d3393c9b09d9d5271b52
2c59386bc6f029ae692b14f959525447295dbc2a67949ebf93a715d3f8ee9dca
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
333bb4ab0315e79b777efe067411f976f31da5dfb0b1753de3f378e780f864ba
335bfc4eb13f429d6ab8957c8c3c68c101c7fcc3b839f3899c88437039f01790
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
36860291124bfb33f7f232d64a0f7899d74e0f723dc0bd6d3545c48634cf395d
383804df61de5d058ec75635ece186d1fd79484a8dd6644329170f6fd22881d8
383d190a888d7445ba737926777149cffeea80155d1edabfba973f42aadc0218
3907cc5ed9d4a0cdb316d069614220b55fccd5624ac173592a7a4c2c3aae0636
39b076e4bb4fab9b8a142499cf6155f8c128464974691a04de7e764f71b72618
3c8a1c6175ebf8c196ef21fdc80868ab33ead86928b41d24f49e31ce57c077a6
3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
407a888e655899d02d89088205b185e854860ae1d600eb91602b16df0c6a08a6
41ae6cf2662ed0939c1112d01ecc242b44f759041d72544b04c8ff79ca631d56
42a341b9dc16f8231c6fe7022a0565c490466a0d1b6c2cb71fe3f645799264c8
442a7bdba994bf7e108dfb01b7ba0c392c1a6c0b00fda15c687cf727d2897f9c
45a44547bc03bf28eef08b155e355f497ca18ee852614d0dc602b91e20c64512
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
4aa589d9190b16b42a44a9553ae00fa43c88b9b0aaa99c4ec536fd66a6b86751
4c247ce494583ee6e3ea3dd2c09aa0363088b1946052f6451c447a8b2d28a68b
4cd8bf51b15e6e0f2ae1b845b55e742d6bb7134d9a2291520026a507d66be2c9
4d03ca7f3ce7f1698643944490152dd091759abaae48a654dcb8c0e1fff69094
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
504d0250e5ecec00bb65dca041412e851ce493eb624c961d7a35598378320af1
516f5e4c2dc5c69f3e1707e76695f866f8e62468aca15c1a9ddb165eb684f6f0
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
54571d59b5bdb18d83b6912c130c4bd8e86c3054fe9808c24f7148d1e243ce75
5468f07f349b710245b71b047a5e624db42832810744c1ff94ae4a5be397e77c
5488404f8ea16d1737b67f56bf488290dfc1afadac0a12eaec970945c7afe844
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
599484f5458509339918e4b0c0cc0725214382038f76b41beeffca2fdb085ca9
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5b85cb07ced413da00fa74a9adc89da2796378b20a8a66173ce07831f0cae373
5d475d244ed345844e3b7fff8f616d6be3c824df7e2b2d47900e95cb4eebcf67
60d172579afcdbf0f740af1546bb5b184ecd8e03369528c0c8540c2c214c3fc4
6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101
617a52c840d59d7fb39bd9641e60db5c3681f31fc1ad5d6f38fa299099f4d7c6
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
63c2926408ea3f521180b5b4da3cb9f480913f68aaa4fde2ae7bbdbde9dad441
642e0c55f52b2a291e47f5ab2d322e35f6776d8ce73b9cc0bd86c65bd4a26620
645540cc4a407a22ea042a7d7695364ed3161fbf9a676020644bf10ce35a2f6c
6488668da3669afe974d4d69bc289931db7369534b0c9e83ec57de7d18e49f7b
65dce88a9bc9c3e634889a6ecba5adfff98bbbbaf7ee2e2f83d89f9b479c3035
6692244998cc3be866e58940589d2988fb779c9f05b0983fb2d675e72f898a78
66f3a07e1fa9b64a686b66381e4458dbc8abf3dbbff954720c4eec07b84411c2
67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2
6b2b4de8c5528c92aaf3c7aaad67bdd0714df23bbcc85c5238e02581dd21deda
6cbe8afbaa101f41446ac5bfc341a559d315cab38a0e88e04fd82a10404f8917
6f8be7b1ef816196f4990f5c84ca62799e6116f832959edd9c19eb17ac31bed9
70c976a37627dcd5f2b701c40ef07a54136786ca98ad5594a726d76be564a7e4
70ea4d281899906164d43782c7ef2212a415bed7753013e3777caecc303470b8
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
72b8d224b5745db5b3c242047a76edc6e27f5868a1c01a94d90d2048f3efcf44
72e960baa80ec819264a604f2f8a8e5c21f81b785ebc17595211ad170d8b1bdc
761b71f65cf0d847d2381eb5808b6db95c22933f28210643defb2ce5dfeeeefb
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7aef5e5dce9fc35f98a00aa174b9206cbb23460ee62c0bd446e3175dab4aece9
7b48aedf74c1af93cdae2c9ac3fbb8821d252e2b5683b3f0b5525c690473e058
7ca79b17283dd424f6e491d2effc14b0a4861b5c8ea6580950551ba8e49b948a
7e469a101940a00ed2e1f5c7899d0395443153626ca120f4c5bfaec3c299f353
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
80ba56e5fab4d8e6199f3b33643962f1438e290143106b9b136cab890c568453
80fe90cb559538158bc235f4e539d9bcae203e19fab7c6970aad37b0154348ff
810892545e4b290f8b8516bda6858ef698a342489be9800e2ba0e358c8d5d7a3
8207e7639d4d23b685b42877546eddd62dd9705488a485b246383fc9c9b615ac
822fedf38709a53b736c3fc00dc0f4b161fab021c7ab6e2a688be9841978d447
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
85ee68a75c3c358ed7ff6924e54e581e1eff9c63cd1b93f27eda250577c975b0
878d05dd70dc776930083ad085fb7e70da55bab9ff46eb5eb1ab92aeadc2434f
8c3d3f8f234c097ceffd6fa4f04eb721a627e0149d07e68125f318b1be1bb841
8e316dac6a1642935926265439208935ac5a13063fc9104f22980c549dc73a69
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
9020e29a8803a9cc10a82a813d4090471b2c58c07af89d70d4362fb71e073ea4
921e931d131b3e5df4cd700f147992c745398d7503938a1e73742fc0642a0a22
93406632f17171debbb0eeded11ed91574d88eb7328acfdda5e4f34bed3fba58
96aa3e693ca3f40a5f62ed2e9d9edf5ff67bc17e0ac3a15299166dd41e3417dc
970b9b93e7a75a81aff5deaf5960e89dce69684e0235501a1b438829e6fcd748
975714c6cb70ba105bfa87d2415df2fddde4a46c1d3ab9d0cf45465e56cba97d
98343084b24e6a9e9189fdf4a7868764374403cd90a5ef956f57df65c4ba1be7
991bfe84fec788f2b7d432b99a60c1e2aa2e799bc0137da8cf478299d0fc9a10
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9b9233c0c01ce219c102432f8da76d92d40bee603d575e238540da05da0ad17c
9fd132900061777710af30c42ab8ba9dc3f16bf2f80060939dfc11b92fa9c087
a0abf6fcfc0bf653c6841b9e80691ddb1cf908320e7253d01ab1231271fb016e
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a197c0bb444be153309897e48789a934ae3e465db7f1314675b04c02ee04cc88
a1a256244f073b9ed474c52d16f8b7d0ed5d92ca4129042d6ee150817671bcd9
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a41677346e0ae68054d04161c49c4222df8ca115b1bf3af730a5792132605f60
a44f5d561cd3e602e092304c1356809a206492fa189be1c11d923e8e768b06b5
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a76f1c07273520db125a84321b8e2bcf23e41ce9fc5d3eaa293aca13a6668d4e
a8b61fa32cdb1dbe2ce40d7e0636c394dc63b7615cb05bcd9ca1a0f6e1501d80
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ad83124c87c5e01c8804ea48618ebaa801f1d00b6e56626781a65b41c65c3013
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b033f59e4ffeaa6f3e4f2e839c035a14811d5469d3f772eda6056d7d5782c53f
b1add11780dc55794c09f8ce59e102bfc68d6fc03746a2d643a28afbb3026fc4
b20c5873f03072fcf7eeaaa3573c0883442b9ca40a926fe16582639d25f21ae7
b2d5c0cb8451d83bc49de5d00b262ac4f0c6e0c006bcbcee4a0295cb90d15111
b53b6ad23b258ce11eed97786741510819a369348afcf1260856fe3041fc33de
b8f07b699df0f9637e174df1a1f2e4d4cd9e0202998d993d872327302a06253f
b947a3efe23b4827fa6e4f7c6c0364baa2f66d27d0eb8074d5ab36380876e952
bb7202f5817a1899549626e5725e9054a02123b925e70fa184cbabcc88060b3d
bce4b47b8fc12de49fac0a00e9039e38aa568aba0ee9154b93d20465f0289cfa
bde1d254fa0219b5501e3e4a853826efa3c48dc3f8f2ee6b1e6df3f5a1b71ba5
c06c594faa4a0cf282a479e0e91f19c417c1a64df0ebb3d3e2e057d9c6c26564
c4222d95b2f31e3d26d75291d9c0ee15632c1305e61723e1dbd99ef66d0f8f25
c6077711ce3174050ccebe6559eb5f0e251942c2cad21900d1c3ef316065565b
c62b2243cdcd4d6d8d30260a3ce0e8f13a57972f0e46e388bf9897a0d30f3390
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
ca61d6952b50eb64b6b59ebce2ca41b9f4046bfa8e9624bd4e9dd2d9253950d5
cb83af0eec1fb71fb35196225c4a4a8964b7e47b52f9a85679c808907abd2b09
cbccbe0e6a648c7f70bbb904016388798338882e7a4966047a5a15832b27173d
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
ced14124fdcf5b1197ef003df3f4b4e65c5b0bd8f74138c77de429f38f278fee
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee
cfe8e5168d661e94ef9fc3ae9d3f2a5b7a02093231694e1ae0573b5be6c4215a
d050c56b76cb2dae10e3eadd8e8f5e83594db0916d25946bec2f662f69dd776d
d4fd0595d0d633b9e3091515ecd05c9afb50b5861021dd66da58782ea23ff23a
d72788ed8ff247c498e3aba33fd33f5e9d867394a9be2e41342151a0d036a41a
d792afdac7f7ae5de7c6964950c6c61dc6e3f3813180a59e141c7cb4ac4364dc
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
d8f000f9f6680a3f7294238f51faf3681bd07c9f17ea28fa61458de16be57899
da2a8bb9717cd0b2253207e227a15e2647295db50efdc7316fb4ab8053f098ed
da46289697ed20635f79feec3bd8f18afa8fd75cf869baa0ffdc22396dd5e5a4
dbd7282f116dc324f6764b5e24d1cb4824012169dd0132348c78f2d0cfe20336
dcc156f774f770c9969f60f278f977ce3a561b5927bf0acb682f4834e1729c3c
dcf165c5dcb6343f53ab014258a36f61ca43854c4a9478a5c1d3079a682c82e1
dd117a37a6ec7fee682db2054e18da64af049274f1070b9074f7a7656a54c4e4
ddaee1f247e1f8ef6218b7db3ad9ca9c4bb7946e49d003fb7f10eff229b04a0f
ddf85037fd1f04c4684ed0357cf80a71a3c4aa19049bfccdaec678b4b18dc8e2
de361c064c4ec12fd000a3e08a0ec3e94cca87209fa048333c214149386c0474
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e2161ae0d3c38f898060828992016a61570802c13de88c3ff87ba89de5023171
e2f5ce247a4cb90fb38ccfe55119d1b797caf3dddce8b073e3ccce22dc3471b4
e35dde961c60c8346a03855ed4aefd8fcab6a0f3e7329e48e7423a6af063f3e8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3dad81ae9e89995623b89e9c6f7c5c926a098f0882f66dfeb6a7bf99926c1f2
e3ffa5ffac34abbf935fd3dfc782377617336e180051c110b232d376d2e43e6a
e422414f4aa493e470ee85b8142cd51142f661603337694399421cf87db670f0
e6e037f5845ed3777ba25d1aa67747ec39dc43fda8283f7670bb7f6fd2ca741f
e885badff253144e188588b5657e13cfa1135d4cd682053c9cca02b83baf1ef2
e9560d3934c8096e34d5ea6822bf5622a3dd00d4d8bfdf3a3d91ae7734e408a0
eaece4bd95b248c64d829dc22b99385917c64926d294662c5440414f2459cb75
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
ee87e6547702fb6ef8a6f9d5ef54c46594c7481654f383a9ba9c17867932172c
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f4d5deb4709cebcb8d869180a1db81fab7c54f99dc2e72dab8b3db15eb76e660
f4e16c137bfcf443839c20e1038b9ee2dec570f047ae3b1c8f9378e9176750dd
f596541cd2cf46ef09c0e008cfa62c62525f71737c737c6a23e395ef8be5dfc5
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
f68019eb4b4e5933301d4ee75969e0cb94ed8333bf514630fa749eb9c3e483c9
f87f627f9e06775775b23631257cc8025ed318eaf1adf9ee78f19ee45cd6783b
f9b1bf70984fa7ca5c5eb648b2c3ba666faa8ddec963108cabcf5f8adf6ffa77
ff18779bb7f76122171e9faa51b7af30bc0239d361c926489b02032bb5bccb54

says.com Open in urlscan Pro 2606:4700:4400::ac40:95ee Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

250 Requests

98 %HTTPS

72 %IPv6

45 Domains

79 Subdomains

68 IPs

7 Countries

5567 kBTransfer

13475 kBSize

38 Cookies

36 Outgoing links

Page URL History

Redirected requests

250 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

says.com Open in urlscan Pro
2606:4700:4400::ac40:95ee Public Scan

Screenshot
Live screenshot

Full Image

250
Requests

98 %
HTTPS

72 %
IPv6

45
Domains

79
Subdomains

68
IPs

7
Countries

5567 kB
Transfer

13475 kB
Size

38
Cookies

250 HTTP transactions
3 data transactions