sarahah.top Open in urlscan Pro
2606:4700:3033::6815:2edd Public Scan

Go To Rescan
Add Verdict Report

URL:
https://sarahah.top/
Submission: On February 01 via manual (February 1st 2022, 11:08:59 pm UTC) from EG — Scanned from DE

Summary HTTP 155 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 25 IPs in 4 countries across 17 domains to perform 155 HTTP transactions. The main IP is 2606:4700:3033::6815:2edd, located in United States and belongs to CLOUDFLARENET, US. The main domain is sarahah.top.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on August 11th 2021. Valid for: a year.

This is the only time sarahah.top was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
44	2606:4700:303... 2606:4700:3033::6815:2edd	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:808::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
26	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
3	2606:4700::68... 2606:4700::6810:125e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82f::200e	15169 (GOOGLE) (GOOGLE)
13	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:400c:c08::9b	15169 (GOOGLE) (GOOGLE)
1	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
1 3	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
20	2a00:1450:400... 2a00:1450:4001:80f::2001	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:802::2003	15169 (GOOGLE) (GOOGLE)
1	2a02:2638::2 2a02:2638::2	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a02:2638:1::11 2a02:2638:1::11	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
7	2a02:2638:1::3 2a02:2638:1::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	178.250.2.148 178.250.2.148	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
4	178.250.2.135 178.250.2.135	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	178.250.0.162 178.250.0.162	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a03:2880:f01... 2a03:2880:f01c:216:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
155	25

44 2606:4700:3033::6815:2edd (United States)

ASN13335 (CLOUDFLARENET, US)

sarahah.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:808::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c08::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2a00:1450:4001:80f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638::2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.fr.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:1::11 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a02:2638:1::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.2.148 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.nl.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 178.250.2.135 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: pix.am5.vip.prod.criteo.com

pix.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.0.162 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f01c:216:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

scontent-frt3-1.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
44	sarahah.top sarahah.top	271 KB
34	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 100 tpc.googlesyndication.com — Cisco Umbrella Rank: 124	411 KB
13	criteo.net static.criteo.net — Cisco Umbrella Rank: 645 pix.eu.criteo.net — Cisco Umbrella Rank: 7730 csm.eu.criteo.net — Cisco Umbrella Rank: 7881	184 KB
12	fbcdn.net static.xx.fbcdn.net — Cisco Umbrella Rank: 639 scontent-frt3-1.xx.fbcdn.net — Cisco Umbrella Rank: 12879	160 KB
12	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 46 stats.g.doubleclick.net — Cisco Umbrella Rank: 96	121 KB
11	gstatic.com fonts.gstatic.com www.gstatic.com	209 KB
5	google.com 1 redirects adservice.google.com — Cisco Umbrella Rank: 80 www.google.com — Cisco Umbrella Rank: 13	2 KB
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 165	151 KB
4	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 47	3 KB
3	criteo.com rtb.fr.eu.criteo.com — Cisco Umbrella Rank: 14362 ads.eu.criteo.com — Cisco Umbrella Rank: 7925 cat.nl.eu.criteo.com — Cisco Umbrella Rank: 10541	44 KB
3	google.de adservice.google.de — Cisco Umbrella Rank: 8028 www.google.de — Cisco Umbrella Rank: 5557	1 KB
3	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 227	9 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 98	17 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 146	82 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 42	20 KB
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 777	644 B
1	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 324	9 KB
155	17

	Domain	Requested by
44	sarahah.top	sarahah.top
20	tpc.googlesyndication.com	googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com
14	pagead2.googlesyndication.com	sarahah.top pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
11	static.xx.fbcdn.net	www.facebook.com static.xx.fbcdn.net
11	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net sarahah.top
7	static.criteo.net	ads.eu.criteo.com
7	fonts.gstatic.com	sarahah.top fonts.googleapis.com
4	pix.eu.criteo.net	ads.eu.criteo.com
4	www.gstatic.com	googleads.g.doubleclick.net
4	www.googletagservices.com	googleads.g.doubleclick.net
4	fonts.googleapis.com	sarahah.top googleads.g.doubleclick.net cdnjs.cloudflare.com
3	www.google.com	1 redirects sarahah.top tpc.googlesyndication.com
3	cdnjs.cloudflare.com	sarahah.top ads.eu.criteo.com cdnjs.cloudflare.com
2	csm.eu.criteo.net	ads.eu.criteo.com
2	www.facebook.com	sarahah.top connect.facebook.net
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.de	pagead2.googlesyndication.com
2	connect.facebook.net	sarahah.top connect.facebook.net
2	www.google-analytics.com	sarahah.top www.google-analytics.com
1	scontent-frt3-1.xx.fbcdn.net	www.facebook.com
1	cat.nl.eu.criteo.com	ads.eu.criteo.com
1	ads.eu.criteo.com	googleads.g.doubleclick.net
1	rtb.fr.eu.criteo.com	sarahah.top
1	www.google.de	sarahah.top
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	cdn.ampproject.org	sarahah.top
155	27

This site contains links to these domains. Also see Links.

Domain
silktide.com
www.facebook.com
facebook.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-08-11` - `2022-08-10`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-01-10` - `2022-04-04`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-11-11` - `2022-02-09`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-01-10` - `2022-04-04`	3 months	crt.sh
*.fr.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-09` - `2022-04-04`	3 months	crt.sh
*.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-09` - `2022-04-10`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-12-01` - `2022-02-24`	3 months	crt.sh
*.nl.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-09` - `2022-04-06`	3 months	crt.sh
*.eu.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-12-01` - `2022-02-25`	3 months	crt.sh

This page contains 16 frames:

Primary Page: https://sarahah.top/
Frame ID: CE24C7968A98F76C680660FCE4857B4D
Requests: 72 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220131/r20190131/zrt_lookup.html
Frame ID: 533385644B4883D513396E65059D6E9F
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4576544419463247&output=html&adk=1812271804&adf=3025194257&lmt=1643756933&plat=2%3A16777216%2C3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fsarahah.top%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1643756933758&bpp=2&bdt=175&idt=94&shv=r20220131&mjsv=m202201240101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2859625660521&frm=20&pv=2&ga_vid=2054447706.1643756934&ga_sid=1643756934&ga_hid=2129982220&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31064543%2C44756896&oid=2&pvsid=1670695000159438&pem=652&tmod=310619471&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=132
Frame ID: 4559C89822177EAD064104605CCB57F3
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4576544419463247&output=html&h=280&slotname=6148065413&adk=3972370446&adf=908040361&pi=t.ma~as.6148065413&w=336&lmt=1643756933&psa=0&format=336x280&url=https%3A%2F%2Fsarahah.top%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1643756933760&bpp=2&bdt=177&idt=146&shv=r20220131&mjsv=m202201240101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2859625660521&frm=20&pv=1&ga_vid=2054447706.1643756934&ga_sid=1643756934&ga_hid=2129982220&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=244&ady=191&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31064543%2C44756896&oid=2&pvsid=1670695000159438&pem=652&tmod=310619471&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CeE%7C&abl=NS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=j5QjeEFj7G&p=https%3A//sarahah.top&dtd=149
Frame ID: 55306FCEDE7823B50204569CBF1F939A
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4576544419463247&output=html&h=280&slotname=3361603013&adk=361493202&adf=1625653500&pi=t.ma~as.3361603013&w=1200&fwrn=4&fwrnh=100&lmt=1643756933&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fsarahah.top%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1643756933762&bpp=1&bdt=179&idt=157&shv=r20220131&mjsv=m202201240101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C336x280&nras=1&correlator=2859625660521&frm=20&pv=1&ga_vid=2054447706.1643756934&ga_sid=1643756934&ga_hid=2129982220&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=747&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31064543%2C44756896&oid=2&pvsid=1670695000159438&pem=652&tmod=310619471&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=zufAJYNDFF&p=https%3A//sarahah.top&dtd=159
Frame ID: 401F5B7A88A065D6776B97B40C991BDE
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: F64DBBE07CAB518AC4A0FEBF6A5B5A40
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220131/r20110914/zrt_lookup.html?fsb=1
Frame ID: 6E8708B91809D8C979519793DD59BD04
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220131/r20110914/zrt_lookup.html?fsb=1
Frame ID: 29E63D2039B7D118155DC55DC1371CB9
Requests: 8 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yfm9hQAN45YKd4aoAAw9Jcb1o0XDD94ChjsxFg&u=%7CoJx%2FeTM98ygST3wTQnP8CUJhH61gqEhRWgkoww5gq5g%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpOtYk8A6_xGUEjU08dWIaJP0eZa0C7d1zl_k0WibYnQkD0fPZOFO5uuUwiGAd9K_mDGg_xzecYK3Dy0ExA8iLa53YSdVjy1AIxF7scsAg2yHEEwm03QNVi4KEkisf4HZBx4VuulvWtOoQZJHgINSGKkVSmZIIgRnhzQI6DHVQr-cjmYxh2wWpKNErhC6Fjg1FDclJvHW1_UutfGICSdIfLbLAtx5OLQavrCNbbj4KhTiaRD3s-rQN-FC9XZSOYr1Xle5OS8m-kiuZGpScgXB72ENHCqLtLWHBsOb2dKRv_-xbjIui6tBCx6RWZ2KmJhy7nofzj2uGG6g_O8pMzpwlOssUsBJhQ9E3joE_0lU3gryaI9vB3p71QXeiongxCEgq7ShlKBh3MgLg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCKUYJhb35YZbHN6iN3gOl-rDoAcme0rFc1Z2R93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItNDU3NjU0NDQxOTQ2MzI0N6AB1bbS6gPIAQmpAnn1zcwl3rI-qAMBqgS0AU_QMJotCOtJuIw2FVQDpZUKvmNW8q5uADGff7ptB-kc9Ew8DbR2aSD4K7eX6ADmY0IlCbEeVjm8TKo8HYmCoYJtsG0JhN5ReL97bQ8s47O6GCRLfKnaUTHrLTpf7U0GdqwR5zB1WdxEp1ZEFhB_rUteCLOseIVDuHYQs0090Ez9RiuAdJ0F4nmR9XK_hGb-aBJ486WuAwgdiQX3uZggP4VkdpTPyywe8e51Aw_mQfwLkjjOUIAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_29xZfFoW3bdUCIoZp-CTVT13jRYg%26client%3Dca-pub-4576544419463247%26adurl%3D
Frame ID: 8AB5758712A455580669E15AE32AD999
Requests: 19 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/-RQXuketuW9jWIYsaM5S-Ql31PXoBsmd6vdkFHZtDQI.js
Frame ID: 289A9A33DBE4B5C59D3CBB777BE5D6A4
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20220131/r20110914/client/load_preloaded_resource_fy2019.js
Frame ID: 143FF733C8CC197A6FE64E1A641FF8BF
Requests: 6 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/-RQXuketuW9jWIYsaM5S-Ql31PXoBsmd6vdkFHZtDQI.js
Frame ID: E409047BB587AF55D96F7E77AA99273E
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/-RQXuketuW9jWIYsaM5S-Ql31PXoBsmd6vdkFHZtDQI.js
Frame ID: 14E8BC6C8468B6CB3B2D09AA0991663A
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v2.12/plugins/like_box.php?app_id=1878381995713635&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df8bb743d46a64%26domain%3Dsarahah.top%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fsarahah.top%252Ff3be9191eb94fc%26relation%3Dparent.parent&color_scheme=light&container_width=0&header=false&href=https%3A%2F%2Fwww.facebook.com%2Fsarahah.top&locale=en_US&sdk=joey&show_border=false&show_faces=false&stream=false
Frame ID: 8D53F383BDD45A0F7EFDA4C176703D98
Requests: 13 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 8E24DFBE51FAE4DF0A0F4D462687D283
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 6144A5F0EF745860C180CCE85C2D6709
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

صراحة

Detected technologies

Microsoft ASP.NET (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<input[^>]+name="__VIEWSTATE

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Osano (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cookieconsent\.min\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

155
Requests

100 %
HTTPS

83 %
IPv6

17
Domains

27
Subdomains

25
IPs

4
Countries

1693 kB
Transfer

3868 kB
Size

10
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: http://silktide.com/cookieconsent
Title: Cookie Consent plugin for the EU cookie law

Search URL Search Domain Scan URL

URL: https://www.facebook.com/messages/t/sarahah.top/
Title: زودنا ببعض الملاحظات عن الموقع

Search URL Search Domain Scan URL

URL: https://www.facebook.com/groups/129822224459618/
Title: إنضم للمجموعة

Search URL Search Domain Scan URL

URL: https://facebook.com/sarahah.top/
Title: تابعنا على Facebook

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 88

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

155 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
sarahah.top/ 12 KB
5 KB 211ms
61ms Document
text/html 2606:4700:3033::6815:2edd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sarahah.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:2edd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 84cb3e695c3f22c0428678406500d7e0e6ea86336eec7a2bcbebc9fce7ba8b7d

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Tue, 01 Feb 2022 23:08:53 GMT
content-type: text/html; charset=utf-8
cache-control: private
vary: Accept-Encoding
x-aspnet-version: 4.0.30319
access-control-allow-origin: *
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SQi2RQGV%2FH%2FooiWmDWd80YqTdGrBNResoZaVRJdX5be%2BHr%2FhWi%2BaTf3sOxVqxFBprgl1H4AoJVMC%2BXHFUfku7J%2FZyvsOlFRfLgHJmnj4ElEENiobRCw%2B%2BMyglG1h0qYOUnXO3NcSb8h6Ww%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6d6ed8229e0183ac-MXP
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 css
fonts.googleapis.com/ 2 KB
930 B 39ms
17ms Stylesheet
text/css 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Cairo:400,700&subset=arabic,latin-ext

Requested by

Host: sarahah.top
URL: https://sarahah.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

dfcc32ebe9aa77abfb262c93899419e290c0dfbeb081e5dac98a8dfd9c173ff7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 01 Feb 2022 23:04:18 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 01 Feb 2022 23:08:53 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 01 Feb 2022 23:08:53 GMT

GET
H2 200 toolkit-rtl.min.css
sarahah.top/css/ 144 KB
27 KB 28ms
27ms Stylesheet
text/css 2606:4700:3033::6815:2edd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sarahah.top/css/toolkit-rtl.min.css?r=01
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:2edd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a1dc3a94fc551047fbcf35e16820b7668cbed3554f4b791fc8065db05385c05c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:53 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 01 Feb 2020 07:23:01 GMT
server: cloudflare
age: 603
etag: W/"b0ecd6fd0d8d51:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FdQNaoPu8SIwYeSjP1AbYiERrDsshmj2nSW1wgITlmVSmwL%2FcBlQRwxQIoU4imc27mS1bsH4omq5zb1Rx7QXyPqEQosvWoY3D4sZ5YX%2BESuUrUfCJ7dvnQGJjoP5aUfUgSAWwLiKB6EzBA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6d6ed8230f6383ac-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 application-rtl.min.css
sarahah.top/css/ 1 KB
898 B 24ms
24ms Stylesheet
text/css 2606:4700:3033::6815:2edd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sarahah.top/css/application-rtl.min.css
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:2edd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: effc1357a7d1840e520a74c48828dd3c5b378047ff8380938446b1bc78d24ab6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:53 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 01 Feb 2020 07:23:01 GMT
server: cloudflare
age: 603
etag: W/"1970ee6fd0d8d51:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EVrcBOcfmJ87TC46Eiiyau%2FhPennVuhy3teJqDcbaEhhuMUSXLpNge2EKa4LWLzSQ0mDZtdvByArDo2RlMO0SJ87c2a%2Bg5pTBIb4eTIwrrwy0x87wf%2ByxE%2FbSq0ttgbnTMSTX7vCzhZ0UQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6d6ed8230f6583ac-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 css.css
sarahah.top/css/ 2 KB
974 B 26ms
25ms Stylesheet
text/css 2606:4700:3033::6815:2edd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sarahah.top/css/css.css
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:2edd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f292c4a125f044878fb361ea34e8bdd6b415cb0eebc52ce9ff5669bc2903fd41

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:53 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 91
cf-polished: origSize=4567
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sat, 01 Feb 2020 07:23:01 GMT
server: cloudflare
etag: W/"abedd6fd0d8d51:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G%2FWdlXiVWupCKDn0Oj4b5dPtNUNHFk1X9jSA7sp5WWfzKePvp%2Fke2NcsY5leTkEoA%2FIg8hEK3TTKSIIfePBhCkr2m8xQz05WSjnVbGk7opAyxo5x8pS8t17Z%2B3WOo96JxtAnwEXh%2F2Kk3g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
access-control-allow-origin: *
cf-ray: 6d6ed8230f6783ac-MXP
cf-bgj: minify

GET
H2 200 amp-auto-ads-0.1.js Show response
cdn.ampproject.org/v0/ 25 KB
9 KB 109ms
54ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-auto-ads-0.1.js

Requested by

Host: sarahah.top
URL: https://sarahah.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

02b30d20f4e399facb73968dd7dd33bfe9548a0229b08c2f971a6a0e3eca27af

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7742
x-xss-protection: 0
server: sffe
date: Tue, 01 Feb 2022 23:08:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: private, max-age=604800, stale-while-revalidate=604800
etag: "2e66cc78ad93b3b2"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 01 Feb 2022 23:08:53 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 149 KB
52 KB 71ms
33ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: sarahah.top
URL: https://sarahah.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86cdadfa23dce9fee83c7482c487f4c676bb7995c0874f38bb73ece168aad376

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 52980
x-xss-protection: 0
server: cafe
etag: 7372503915629668298
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 01 Feb 2022 23:08:53 GMT

GET
H2 200 Logo.png
sarahah.top/img/ 2 KB
3 KB 24ms
24ms Image
image/png 2606:4700:3033::6815:2edd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/img/Logo.png
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:2edd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2d5aaa16f9d7f3c00b42d7455411dc9bf5e8f2f3102728d153edb2a688c21309

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 603
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2240
last-modified: Sat, 01 Feb 2020 07:23:02 GMT
server: cloudflare
etag: "6bcc4d70d0d8d51:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OmfqoqOXsyynd%2F9FiHnkAZHUvsT84Hzh1YWhonDmIMTQ%2BG62kRbxO86EQgq%2FTdWPmNf2lPXkulY%2BWx9Gl8gTPEFBGAVXPY40vDPAm%2BOyMJhOgRLJBvvsFE4a1lq3uns6vNjeUPD7OL3Ccw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
accept-ranges: bytes
cf-ray: 6d6ed8231f6d83ac-MXP

GET
H2 200 cookieconsent.min.js Show response
cdnjs.cloudflare.com/ajax/libs/cookieconsent2/1.0.9/ 4 KB
2 KB 66ms
26ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/1.0.9/cookieconsent.min.js

Requested by

Host: sarahah.top
URL: https://sarahah.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

190fc02d8e8f1dd5acc40f48d0d6203e6115eb31e3f47f55db0c3f07797d68f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:53 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 5255900
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1618
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:09:17 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e2d-11d8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qJ5HIraoi4roe1W5YdQs1t%2FAJpfMjsl7jsZgwZcGdsKIVzsvF%2BTMgk36zyfOKmZVXgyZmECyBHDFxJUrbvy%2FWnyToIzdDxPy%2F4u%2Fx65BJFgOxzoLoCMUhRTEUac8LZlMXj0bjI4mdxQiF7K22YslcazI"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6d6ed823595a5a37-MXP
expires: Sun, 22 Jan 2023 23:08:53 GMT

GET
H2 200 jquery.min.js Show response
sarahah.top/js/ 84 KB
31 KB 30ms
29ms Script
application/javascript 2606:4700:3033::6815:2edd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sarahah.top/js/jquery.min.js
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:2edd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 962a514de7b249708e0478d0599d5af95e0e2ba0c6500bd0069ddf28dd38e217

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:53 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 01 Feb 2020 07:23:02 GMT
server: cloudflare
age: 603
etag: W/"ed68770d0d8d51:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Up44II3qtCiJaijudL4QuSyID5xWzaoCcZ9RuBUt79%2FCo3Gv5eanXHbiuarTX%2FxQXCuwOwVR%2BNqtkR8TFuM8LSrQfKz2PTYbknYYNBShU13wybmsi3DUcy2%2BQwzWTqmN%2F9fYdyeJ%2F8Llvg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6d6ed8230f6883ac-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 toolkit.min.js Show response
sarahah.top/js/ 43 KB
12 KB 29ms
28ms Script
application/javascript 2606:4700:3033::6815:2edd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sarahah.top/js/toolkit.min.js
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:2edd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b947054f6ebf52d850bc9d2c6ec86dfb8345f4b02a74779195cb5471aa7f6b2c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:53 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 01 Feb 2020 07:23:02 GMT
server: cloudflare
age: 603
etag: W/"a21d7b70d0d8d51:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O8AwkJj52F%2Bnx3Uo890mhhEkM1ZOeKCYPry91HIwyIaziFuLLXHPHTM6GdFVyKuC1GTHxs7RkgjtBfjGcl0FbLi6mqGHV%2FKDghkpATyUMjJnh37pQ77wnDie6bACK6b8rLZURqHLisfFWA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6d6ed8230f6b83ac-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 fb.js Show response
sarahah.top/js/ 758 B
771 B 25ms
25ms Script
application/javascript 2606:4700:3033::6815:2edd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sarahah.top/js/fb.js?v=2.4
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:2edd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 93b3d7438f5ab7204f909a016c1fddff78118a6d4525a7f718b4478b99d764f5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:53 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 603
cf-polished: origSize=1397
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sat, 01 Feb 2020 07:23:03 GMT
server: cloudflare
etag: W/"765a670d0d8d51:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jCLtUdqu6Af5f6Kcckh6NwEWaIxzt%2FZruH%2BIrbuq8OSA2NgD89itPI5XF4dc7GSjBPE9ANDfJSxw1%2B%2F2kIsjKizZ3F6x6Eta6f51oSs8guPvYX1F2q3l4xyQy4CKptBUvpgo1vhSylc1IA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cf-ray: 6d6ed8231f6c83ac-MXP
cf-bgj: minify

GET
H2 200 gtxIPk0-ZE5IZ2RrdsRLuQ.woff2
fonts.gstatic.com/s/cairo/v2/ 20 KB
21 KB 30ms
7ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/cairo/v2/gtxIPk0-ZE5IZ2RrdsRLuQ.woff2

Requested by

Host: sarahah.top
URL: https://sarahah.top/css/css.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6f17b85b76bf75df39adb6dddcf29c82c761cef8a35f92968f68431646814c63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sarahah.top/
Origin: https://sarahah.top
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 19:00:12 GMT
x-content-type-options: nosniff
age: 14921
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20588
x-xss-protection: 0
last-modified: Tue, 10 Oct 2017 23:15:39 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 01 Feb 2023 19:00:12 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 30ms
8ms Script
text/javascript 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: sarahah.top
URL: https://sarahah.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 5639
date: Tue, 01 Feb 2022 21:34:54 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Tue, 01 Feb 2022 23:34:54 GMT

GET
H2 200 IGeshMgNVhb2XU2TGWkITvesZW2xOQ-xsNqO47m55DA.woff2
fonts.gstatic.com/s/cairo/v2/ 20 KB
20 KB 18ms
15ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/cairo/v2/IGeshMgNVhb2XU2TGWkITvesZW2xOQ-xsNqO47m55DA.woff2

Requested by

Host: sarahah.top
URL: https://sarahah.top/css/css.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

72e046842e09ed37e960ab0575f4c5ab60bff1a0ea22d3c27335e505190e5504

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sarahah.top/
Origin: https://sarahah.top
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 05:21:56 GMT
x-content-type-options: nosniff
age: 64017
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20440
x-xss-protection: 0
last-modified: Tue, 10 Oct 2017 23:16:05 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 01 Feb 2023 05:21:56 GMT

GET
H3 200 toolkit-entypo.ttf
sarahah.top/fonts/ 74 KB
74 KB 19ms
19ms Font
application/octet-stream 2606:4700:3033::6815:2edd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sarahah.top/fonts/toolkit-entypo.ttf
Requested by: Host: sarahah.top
URL: https://sarahah.top/css/toolkit-rtl.min.css?r=01
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:2edd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4ce72d5b1eec9f07ff895dd2bc12c0420fe189f4d197177c8f9df792409c1fef

Request headers

Referer: https://sarahah.top/css/toolkit-rtl.min.css?r=01
Origin: https://sarahah.top
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7174
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 75572
last-modified: Sat, 01 Feb 2020 07:23:02 GMT
server: cloudflare
etag: "cd351270d0d8d51:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hlo3yrq7oBEQucDFuJnowBvigjOz7YyGD6onBoLXE47ScAWbn%2BbUsG9Ls8j0F%2BzTWkg55xOijRAMnmuRrpb%2Ba94mohajCgYY%2BvlY8b432GTOLoXc019b5XbhtqzzcH6m1WoSkKomzUhw4w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
access-control-allow-origin: *
accept-ranges: bytes
cf-ray: 6d6ed82369129104-FRA

GET
H2 200 RLgQnjqLWN5-LcxkRZr1cBTbgVql8nDJpwnrE27mub0.woff2
fonts.gstatic.com/s/cairo/v2/ 19 KB
19 KB 16ms
16ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/cairo/v2/RLgQnjqLWN5-LcxkRZr1cBTbgVql8nDJpwnrE27mub0.woff2

Requested by

Host: sarahah.top
URL: https://sarahah.top/css/css.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

827e4c5288548b930b54b74447c5e93ce460c584333e1985716917c6e84131cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sarahah.top/
Origin: https://sarahah.top
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 22:37:05 GMT
x-content-type-options: nosniff
age: 1908
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19400
x-xss-protection: 0
last-modified: Tue, 10 Oct 2017 23:16:05 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 01 Feb 2023 22:37:05 GMT

GET
H2 200 MoGpUcTu_oZLf0bsrG2xFQ.woff2
fonts.gstatic.com/s/cairo/v2/ 18 KB
18 KB 18ms
18ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/cairo/v2/MoGpUcTu_oZLf0bsrG2xFQ.woff2

Requested by

Host: sarahah.top
URL: https://sarahah.top/css/css.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

53c686d7e860fea3b69b3f32802936f4bc000af17289eb10bb4354cb26cc8867

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://sarahah.top/
Origin: https://sarahah.top
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 20:31:30 GMT
x-content-type-options: nosniff
age: 527843
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18556
x-xss-protection: 0
last-modified: Tue, 10 Oct 2017 23:15:36 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 26 Jan 2023 20:31:30 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 23ms
7ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: sarahah.top
URL: https://sarahah.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ba73f53e83efc518e20ef7d482a4988d203e0d33cfbe732c63058da915ffc706

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: oCsivY5ZkFjPKMVL8tXDug==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 1687
x-fb-rlafr: 0
x-fb-debug: q4EHMfACbTfgW77rLoHZp2Hm8JcosUxK8yjYa6RCgr8+wKm/DAXQqR5uzLUbIEMNoWIBBuSYqJaVqq/4Hn8eEw==
x-fb-trip-id: 686109401
x-fb-content-md5: 2e88dcd467125ad7deff6fb7088e9870
x-frame-options: DENY
date: Tue, 01 Feb 2022 23:08:53 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "22c808b692aa39b6b537f99d16e534ac"
timing-allow-origin: *
expires: Tue, 01 Feb 2022 23:22:29 GMT

GET
H3 200 UsersAjax.aspx Show response
sarahah.top/ 8 KB
2 KB 48ms
48ms XHR
text/html 2606:4700:3033::6815:2edd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sarahah.top/UsersAjax.aspx?Job=GetUsers
Requested by: Host: sarahah.top
URL: https://sarahah.top/js/jquery.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:2edd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c211f25e923ee035e6b17e0342b4633227f1368e8eb0256a287e84d2b58616c1

Request headers

Accept: */*
Referer: https://sarahah.top/
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:53 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-aspnet-version: 4.0.30319
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dm81NEWQFHs6FuFuycxGpIBVqf%2Bwh6CNQVmS2LgPPZQft2UrRSKJqrL%2FXrExSkFLsYQ4924H6zV77FrLaKms49ckgLsGiOpbWutdQKGi2jg%2BIrTLqYNpLNkBwgbOiIWCnH4TIyE6Dathqg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: private
cf-ray: 6d6ed823a9829104-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

POST
H3 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 29ms
14ms XHR
text/plain 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=2129982220&t=pageview&_s=1&dl=https%3A%2F%2Fsarahah.top%2F&ul=en-us&de=UTF-8&dt=%D8%B5%D8%B1%D8%A7%D8%AD%D8%A9&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=91362555&gjid=1134131824&cid=2054447706.1643756934&tid=UA-92277503-1&_gid=35606650.1643756934&_r=1&_slc=1&z=2028177816

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://sarahah.top/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 01 Feb 2022 23:08:53 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://sarahah.top
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202201240101/ 287 KB
103 KB 60ms
45ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202201240101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4576544419463247&plah=sarahah.top&bust=31064543

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7100e445fb5d6e14d41fac6de8e369246ad621dfe8473cabbdb9ce535c14e4a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 105918
x-xss-protection: 0
server: cafe
etag: 14867198716752998281
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 01 Feb 2022 23:08:53 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220131/r20190131/ Frame 5333 10 KB
5 KB 9ms
6ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220131/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a575e2f63d79cdaf5a92b4453bfcaadb462119aa1216b4f28920e37e2d9b8e7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4612
x-xss-protection: 0
date: Tue, 01 Feb 2022 19:07:27 GMT
expires: Tue, 15 Feb 2022 19:07:27 GMT
cache-control: public, max-age=1209600
age: 14486
etag: 18247940800414524076
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 3058428174418745.jpeg
sarahah.top/images/Thumb/ 3 KB
3 KB 68ms
67ms Image
image/jpeg 2606:4700:3033::6815:2edd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/3058428174418745.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:2edd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e48464584f64ab3552d631f1a6a17f316c65366253583428d728e7854608764b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 919
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2797
last-modified: Tue, 01 Feb 2022 22:29:01 GMT
server: cloudflare
etag: "a077ec1cbb17d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hUtSIGIpmgl1JPR21A5%2FSkpHjiO1xkYlRGdtnM1nA6cSxrHTO1esnqPJTR5Y6RivibrowrM%2FI2nUNdVbneDWB19eAjnfnTeoQ1DPRO8I2bFuq3GGljO0xBpfN5OJHzaSlqaZCqpGkH8lRA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
cf-ray: 6d6ed8242a8a9104-FRA

GET
H3 200 47b49bd8-5586-4c78-a4b8-9e5a0c2df27d.jpg
sarahah.top/images/Thumb/ 3 KB
4 KB 43ms
41ms Image
image/jpeg 2606:4700:3033::6815:2edd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/47b49bd8-5586-4c78-a4b8-9e5a0c2df27d.jpg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:2edd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d4cb1652534f75a69ac463235640a4af53f3d96a4ba004f9a8394dff42bc766d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 919
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3216
last-modified: Tue, 01 Feb 2022 22:22:06 GMT
server: cloudflare
etag: "736b8625ba17d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SKIJ10MouA8kv5jjcVE2PCldJmb7oTKcB4Gv4wzZZk2Bb8XFx%2FyHMP8LkNgzJ8DYHnTcHYl7pE8Q34pN9PCc1pLssTJdl2keXyRWE%2BuxbKjVPHgXSSvtqwYhQfJPheMSeUbAeV5kVGH8XA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
cf-ray: 6d6ed8242a9d9104-FRA

GET
H3 200 457628872483698.jpeg
sarahah.top/images/Thumb/ 3 KB
3 KB 44ms
41ms Image
image/jpeg 2606:4700:3033::6815:2edd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/457628872483698.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:2edd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8756d1490170c7255c209a84dcbbbec42edefb934feeafe822a2eec6f0142ce8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 34
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2893
last-modified: Tue, 01 Feb 2022 22:49:30 GMT
server: cloudflare
etag: "8184f6f8bd17d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eMBxv3n1Foel6p86c1KMs5Zqms1OXSVPoh1p326LcdajUuR5RQyh79G1eMhgU2pOOUVv3qpCx3Uj1zkKZI75vfUt8lAplKIGeLuc%2BuVu7LgY81jULqSs7m%2BTce5Ifj5yJe1H%2Bpl0GS783A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
cf-ray: 6d6ed8242a9f9104-FRA

GET
H3 200 4636439873148844.jpeg
sarahah.top/images/Thumb/ 3 KB
3 KB 55ms
53ms Image
image/jpeg 2606:4700:3033::6815:2edd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/4636439873148844.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:2edd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 29bbf92df196e9ee77a5e0e90dee337b66baf471fde48b0e23ef5445fc3d80eb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:53 GMT
cf-cache-status: MISS
last-modified: Tue, 01 Feb 2022 22:50:18 GMT
server: cloudflare
etag: W/"53d59b15be17d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O5VvUqxM11fdEm54ZzUner%2BNSFuOY6eoUm0imtRdu8iaAK1HPlgXtSS9Mi%2B5dAf92tLzinjybx99KpBAf9ZXsO0uhgH2D38Tq1pcg%2Buyjhpcvd4dgedlNNKDssRz%2BA83PJMFhCKYaLgIoA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6d6ed8242aa59104-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2875

GET
H3 200 138922858598189.jpeg
sarahah.top/images/Thumb/ 3 KB
4 KB 44ms
41ms Image
image/jpeg 2606:4700:3033::6815:2edd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/138922858598189.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:2edd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a109be98569aa2be003f382608f1432cbe7ff22bbed977660945fa6d38ca28e9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 919
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3205
last-modified: Tue, 01 Feb 2022 22:27:16 GMT
server: cloudflare
etag: "544aeeddba17d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cS6Tdl4M9QaybrHs0fi%2Bj%2B0RJtztqEbgCplq7GAuf0FgfpcxAYVPCE%2Foa%2FgglODJh2fjLZbqLuORUEGOdIImbWpXUzyH0XLHlv9gyIsAUz4rw4nowdE0QmdeHv5Zjcuo3Ux8ihg09X6yQg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
cf-ray: 6d6ed8242aa69104-FRA

GET
H3 200 2811845345628110.jpeg
sarahah.top/images/Thumb/ 4 KB
4 KB 45ms
42ms Image
image/jpeg 2606:4700:3033::6815:2edd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/2811845345628110.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:2edd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5c52bf2119c73966b5f2b826bbd1ee4ee9df0717fca1d9bf226ef889eef6e858

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 920
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3758
last-modified: Tue, 01 Feb 2022 22:20:15 GMT
server: cloudflare
etag: "5ed85fe3b917d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MM9PQclNTJq%2FSu9DO%2BrL7fmoLDuNsZhbb6sSHV28Gb7xYgWWDubr8oz7lZGOSz6J%2FjTda2%2FCa7GYtEGMk%2BjnW52bwpI18pA%2BAml2S2x0Jm23Sgg%2FmwoiDxvz1Gbp5CLwNxZVzCaCLf%2FSzQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
cf-ray: 6d6ed8242aa89104-FRA

GET
H3 200 473124150924266.jpeg
sarahah.top/images/Thumb/ 3 KB
3 KB 46ms
43ms Image
image/jpeg 2606:4700:3033::6815:2edd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/473124150924266.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:2edd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0ebed5767541cb448c2b90e307cf60e965eac5a71ea3ddb6a2f6de3d73e50353

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 919
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2689
last-modified: Tue, 01 Feb 2022 22:33:25 GMT
server: cloudflare
etag: "541934babb17d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eV6HobUOsLH5gjs%2B1FiDiEvZWpc8TUZdMX8k6QvGEY7sG0HaOXCJZr577c3sXdxDPUSzmrJe%2FizuV%2FwFnXgHAzWMOeQzI1dQx1nXY7uojeiJhnEOC9mKU1Kx3ONgTnZaEeDWk3SKMSP7Uw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
cf-ray: 6d6ed8242aa99104-FRA

GET
H3 200 10158433504281961.jpeg
sarahah.top/images/Thumb/ 3 KB
4 KB 47ms
44ms Image
image/jpeg 2606:4700:3033::6815:2edd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/10158433504281961.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:2edd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f27937036a58d7a435ba66552eac6384d75375f374e2e84622508982c40ee23

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 920
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3306
last-modified: Tue, 01 Feb 2022 22:20:37 GMT
server: cloudflare
etag: "28dcf0b917d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eWJd4nV8wTvQDIuAFA7xDSBOPrWwEI5qDxnYQk%2F5GgKXtPbKZQ3rCvbx8j2dp1%2Fc9KUACpzr27ygKMlaYP2n8Rew%2BbKqLm%2Fy8lj8VwgVM3zeikvZRhW4wCEEg6khN%2BNH7xqgC7Pb1Gm8Hg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
cf-ray: 6d6ed8242aab9104-FRA

GET
H3 200 482561986730105.jpeg
sarahah.top/images/Thumb/ 2 KB
3 KB 47ms
44ms Image
image/jpeg 2606:4700:3033::6815:2edd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/482561986730105.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:2edd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fd0dcc798a531cf129a23a382db83214b111bac8d4ac347bdd6ff78122b684ff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 34
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2249
last-modified: Tue, 01 Feb 2022 22:42:41 GMT
server: cloudflare
etag: "ad96a45bd17d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zxv1sGy0pjVl7lDtL5rLkuFaUUHZzJ0cG1%2FTjZXFj%2FgDTgplfKWvf9vJi1JAGQTvcGiJRLSen5QixFofTnwlBE476bqX8LscrzMxvKa9UN1QGgWY58hrscWAO%2FLm1sLwOxMbPXcgKfbLYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
cf-ray: 6d6ed8242aad9104-FRA

GET
H3 200 1838628473003003.jpeg
sarahah.top/images/Thumb/ 3 KB
4 KB 48ms
44ms Image
image/jpeg 2606:4700:3033::6815:2edd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/1838628473003003.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:2edd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d4ebe70293a86668ff364add4640070e147c584202a2df3bf0e804d15a8d1c8e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 919
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3491
last-modified: Tue, 01 Feb 2022 22:20:04 GMT
server: cloudflare
etag: "adfbb6dcb917d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gN76%2Bgk%2F1LXDhYoDQuu%2Bws5cDqycbiVue%2BnB8R7O1uSACc9aYBRkGqDwyXO0O7DTxzgQ%2BDIVm7SLnIBotEUvV5wQu5kKYp%2BjU8kt4b5xSBTFUboK16olBrtC3jNRYy5d7G8dEM%2FZMRx2MA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
cf-ray: 6d6ed8242ab09104-FRA

GET
H3 200 2793787707501969.jpeg
sarahah.top/images/Thumb/ 3 KB
4 KB 48ms
45ms Image
image/jpeg 2606:4700:3033::6815:2edd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/2793787707501969.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:2edd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b64024a14492eae928bd080531409008da07d2dfea8c0fa9c4ad02ef4f4e6f7f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 920
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3370
last-modified: Tue, 01 Feb 2022 22:26:14 GMT
server: cloudflare
etag: "c44c3fb9ba17d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s9lhW6bddQcMjUeW5UxA3MQL5N%2Bpjqn8FpKj6lILdRuu8fEIDaDsK%2F%2B8NppUJprEc0gxcZX%2FhNnbxxCyZ35J%2FkVlszJBjC5zB88Kv0AFshC3LAM%2BAxgmx9ucY5yhsA5q0cQJkvAh28jLdQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
cf-ray: 6d6ed8242ab19104-FRA

GET
H3 200 1764913983713838.jpeg
sarahah.top/images/Thumb/ 3 KB
4 KB 49ms
46ms Image
image/jpeg 2606:4700:3033::6815:2edd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/1764913983713838.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:2edd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2082ed962baaa06026bdedf5562be35ca86118d4e4b82e47b129a24c0c673c15

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 919
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3408
last-modified: Tue, 01 Feb 2022 22:28:56 GMT
server: cloudflare
etag: "42549319bb17d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vFa3llqlOazZufvBZp7GW%2Bo%2F90vfbeFeJ1uJBqJaVIrRyCWLMDaNKBlA3jGlY0OpyZec2e7ma%2F%2BqqmtJOen1GVpQv9MHf1x7LP51Fz5zmksDocnl1JFMyXiy8NhSqYQfg8pQ06UdYnvGpA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
cf-ray: 6d6ed8242ab49104-FRA

GET
H3 200 475974684081683.jpeg
sarahah.top/images/Thumb/ 4 KB
4 KB 50ms
47ms Image
image/jpeg 2606:4700:3033::6815:2edd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/475974684081683.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:2edd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7b8e8b551d6876a3571dc04e1d05c205b8ab56c3016bfec6db018557fc00d304

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 920
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3608
last-modified: Tue, 01 Feb 2022 22:20:30 GMT
server: cloudflare
etag: "607f54ecb917d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zPewkRHcaog4p3f4d%2FEl7P5LUx%2FKHeoq8vWSbFgPMLMpi93t7R%2Fjnuy9FNRyxIunl%2BcAl86fqo0ArEI%2FhxC5i8MQQCTH6v%2Bliw60xruQGtHA6RS4Fo554cQN%2BPMVKJZ7xxb3d6Vee82R3A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
cf-ray: 6d6ed8242ab69104-FRA

GET
H3 200 1219126121829656.jpeg
sarahah.top/images/Thumb/ 2 KB
3 KB 51ms
47ms Image
image/jpeg 2606:4700:3033::6815:2edd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/1219126121829656.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:2edd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 667886da25d93ec3d9ab7f661af79c01141e2542fc414fcc4a0d2f56582d4c03

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 34
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2252
last-modified: Tue, 01 Feb 2022 22:47:12 GMT
server: cloudflare
etag: "cf7fe3a6bd17d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lZ%2FLAs5P5YO2no9zORMUC4dqi6bDFdltzdHJSuoQ7IvEWF5W%2BHuOAkccLqwIHgxcUJcUpuGYiaeQWWpRKAfOMsM9PVwyOxwZdliPMhkeO6VHPmdwEnAh0tNqPEbpimLx46IN43v0C0SkoA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
cf-ray: 6d6ed8242ab99104-FRA

GET
H3 200 3125100811104049.jpeg
sarahah.top/images/Thumb/ 3 KB
3 KB 51ms
47ms Image
image/jpeg 2606:4700:3033::6815:2edd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/3125100811104049.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:2edd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: afbf652912f988e6125a0b35a6d57c00c647b67e7f7dbc70a351a19244c68df6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 34
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2676
last-modified: Tue, 01 Feb 2022 22:47:24 GMT
server: cloudflare
etag: "acf72caebd17d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B69y2fWvEyeNWWHVslGi%2BsOwfk9YfOQ1LlYeUrBki9tL0AScVP6rcM1CnBmWI2CxzLuM4NLKmsAaOHbXQv8SkZnCeDZ4qKnzdIECX9Lph%2F8j2L1%2F5j95%2BT3%2BVFFtLyfTwLYhI6TqZk%2FZyw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
cf-ray: 6d6ed8242abb9104-FRA

GET
H3 200 1124034275036530.jpeg
sarahah.top/images/Thumb/ 3 KB
3 KB 54ms
50ms Image
image/jpeg 2606:4700:3033::6815:2edd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/1124034275036530.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:2edd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5d4431c45c15b79f1d75ca60191417cf9daae5b0f79f0b1028eaaefaad4b94a0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 34
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2845
last-modified: Tue, 01 Feb 2022 22:45:42 GMT
server: cloudflare
etag: "30d03a71bd17d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KO4HXPVNLa9RgrVUOeMxi5YdAoz1YREikFZUpnIRLCWd1OH04dSvi0IAMkCsXh65AkI90ZtCCejTYHRBQoVGdzNfbdNnlKMh0RRbuACuqzw0KZnW9pKb9wBB6IHXNGNyhhwFr5MHpLIlyw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
cf-ray: 6d6ed8242abe9104-FRA

GET
H3 200 a7cd7711-47b3-439c-bdef-386849e19f2b.jpg
sarahah.top/images/Thumb/ 3 KB
3 KB 55ms
51ms Image
image/jpeg 2606:4700:3033::6815:2edd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/a7cd7711-47b3-439c-bdef-386849e19f2b.jpg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:2edd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 64b291740c94fb3fd034af321f3ae3ecfc3753e37247e7ca55553fcd72035e3b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 34
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2578
last-modified: Tue, 01 Feb 2022 22:37:56 GMT
server: cloudflare
etag: "b582915bbc17d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X3zCX%2BwR3boJEg%2FnF8UY2tgvqrh4GzvduARwXvv%2FKTbxX6abWXUwUGCplmAuEvdBI%2B6xKPgu5a1qkXia0fQQQANRByY0gRS3remdEhyJvSBunfKlhGd8%2Fgz6Y5ZZvzFkdHXueiD8zxbMyg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
cf-ray: 6d6ed8242ac09104-FRA

GET
H3 200 1368283950288560.jpeg
sarahah.top/images/Thumb/ 2 KB
3 KB 55ms
51ms Image
image/jpeg 2606:4700:3033::6815:2edd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/1368283950288560.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:2edd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6d654f991cf8c79773e2f501211e36e842d93c280a039b663404c17e572cb84d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 34
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2312
last-modified: Tue, 01 Feb 2022 22:37:01 GMT
server: cloudflare
etag: "e38de23abc17d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J9gn0sMa2%2BUX1RojizWZxA7wUUtNAMFnF7mgUN9VsmY5Y0JOGg55AYKiSNQ1LcqmEIIYjRUu0YcKhDi3aIZI5sGa0VKebzoVyep%2BHCaQSxITrA09HkXnIBaquTY3CY2w25RSXHldBhJj0w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
cf-ray: 6d6ed8242ac39104-FRA

GET
H3 200 4911645442236082.jpeg
sarahah.top/images/Thumb/ 3 KB
3 KB 55ms
51ms Image
image/jpeg 2606:4700:3033::6815:2edd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/4911645442236082.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:2edd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 69baae508fae8dcc93b23b677dbceac98de5d55f07c3b191c6c2f9162ec2024a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 34
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2670
last-modified: Tue, 01 Feb 2022 22:41:13 GMT
server: cloudflare
etag: "d2cfb8d0bc17d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UB5irFhCJnhRXLYbReFPNTlR7wTzUPXXYuuvue%2FUCtxKdyoxPU5Rc0gviUsB0o8XmlitrTpPPQzSkFZZTHvy0Co51oGfB7tr%2FXdkfTF5%2BxXKCE8wNWdXMKDLLM9frssNhO1PLUIsAZdLTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
cf-ray: 6d6ed8242ac79104-FRA

GET
H3 200 1411451439271106.jpeg
sarahah.top/images/Thumb/ 3 KB
3 KB 55ms
52ms Image
image/jpeg 2606:4700:3033::6815:2edd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/1411451439271106.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:2edd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 524ff9d44e41994a07f02fe5e090ca650776380b39b070909d843a2c2e41dc16

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 34
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2693
last-modified: Tue, 01 Feb 2022 22:48:00 GMT
server: cloudflare
etag: "edce9cc3bd17d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ntrs7%2FXhBcp6oUWSdPeEEgtVwzJiZSfUwhfdazhjYeXhvTLY6OuwHWZaTBvb%2BtgWzqeaUlOruS7l8P4%2FjjBHHPIDo%2FIsnQDkETxp4isgepkgTYV05e1i%2FDx%2FS6aqiuLOaUvQqWhfp8bWsA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
cf-ray: 6d6ed8242ac89104-FRA

GET
H3 200 490609052415425.jpeg
sarahah.top/images/Thumb/ 4 KB
4 KB 55ms
52ms Image
image/jpeg 2606:4700:3033::6815:2edd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/490609052415425.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:2edd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9feacd5a56049f0fda83dcbc12d02a3815fce4d940102bf666bc6551314a100a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 919
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3758
last-modified: Tue, 01 Feb 2022 22:21:33 GMT
server: cloudflare
etag: "3010e911ba17d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wCL%2BsuX7ACAxb1ACXvAr%2BQC44roWxED%2B0LtHBe8F9PXQkpb9adrEgihasIsS1MrEct4ZJCaxK61orn64o%2BRC6XbUIniTlVxdt5kSAze9BXWfgQrCtZSBg0zeIEquYPLWNLAfwEiZv3z6UA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
cf-ray: 6d6ed8242acd9104-FRA

GET
H3 200 266972092171681.jpeg
sarahah.top/images/Thumb/ 3 KB
3 KB 56ms
52ms Image
image/jpeg 2606:4700:3033::6815:2edd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/266972092171681.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:2edd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e0151c27cae3937b6b516a4f108c47c8c8fe53114db91b0bb4649e3115bb1190

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 34
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2718
last-modified: Tue, 01 Feb 2022 22:47:46 GMT
server: cloudflare
etag: "905e43bbbd17d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hSYWV6053fa2z%2F%2FQvQM4yTBfND51vJn818jwzHFEcen%2FbkeGdTwrdRSURSDRLsgP0hKLsSgn%2BnU9iicLwbo7TAQvyU5yb5hX01nR4RU5sqDE5U9t8b2Hp8%2Fmh1lBUGIoudtVKdY4aFSzWA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
cf-ray: 6d6ed8242ad29104-FRA

GET
H3 200 626086618467452.jpeg
sarahah.top/images/Thumb/ 3 KB
3 KB 56ms
53ms Image
image/jpeg 2606:4700:3033::6815:2edd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/626086618467452.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:2edd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ea645fce527a29a893e9055183c23344fff5e35c30bc95c60fb522f918619115

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 34
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2811
last-modified: Tue, 01 Feb 2022 22:48:32 GMT
server: cloudflare
etag: "f47ad4d6bd17d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q%2BoHqZom1o%2BVRQp4b938aNBcSQ2V%2BT7inWBK0zvCCsqPkfT505ZYVYAh9ao87ELyVpt7uh6oe5WE2oUu964uIhMzRvUm59ifVwk9%2FzW7FwlNaZGiPPFG7WcaO7UmtxONuNXKgi77RBkXFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
cf-ray: 6d6ed8242ad49104-FRA

GET
H3 200 2363546627144165.jpeg
sarahah.top/images/Thumb/ 3 KB
4 KB 56ms
53ms Image
image/jpeg 2606:4700:3033::6815:2edd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/2363546627144165.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:2edd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f8ed5dcc90b213e875f8f39529df45aff55d4f3bcfd5cdaf1cc90460d60964b0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 34
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3448
last-modified: Tue, 01 Feb 2022 22:36:39 GMT
server: cloudflare
etag: "cdebd82dbc17d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V2h9vXuy64Q9N6Z5uqurEjgXvOJepFBXzGrfVBAqdOBZcuuQlD0aJjVPOvPG%2F%2BphupzcJ7s%2B73ehizSVJTy9tCjZuLwXD8iahbu3xNKaMACt1gwbakP7vDFs64gr1mEVyVmy%2Bq%2Bsv%2BZlJA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
cf-ray: 6d6ed8242ad79104-FRA

GET
H3 200 169479868738980.jpeg
sarahah.top/images/Thumb/ 4 KB
4 KB 56ms
53ms Image
image/jpeg 2606:4700:3033::6815:2edd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/169479868738980.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:2edd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: afda9004c6b8ef5eae8de82ae8a4cd243b2fca06725802ba7629735d8b8d6882

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 919
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3585
last-modified: Tue, 01 Feb 2022 22:33:03 GMT
server: cloudflare
etag: "5186f2acbb17d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qlZM5%2BKduzqVMj8jsuDdGt6OHFaWegNrN9MA0tsEi%2F6QNkl%2FHcKaX3bMimvLWJl2iNNgyA3ycnqsYz38kx%2BKsvkrDa%2Fz%2FAZhbYiTX8Rt2DhhrRzC7AgmednLWRbhWsLFGQjqJDiBJ8B7BA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
cf-ray: 6d6ed8242ad89104-FRA

GET
H3 200 855ac725-c672-4a6f-97f2-3daa64a94508.jpg
sarahah.top/images/Thumb/ 4 KB
4 KB 57ms
54ms Image
image/jpeg 2606:4700:3033::6815:2edd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/855ac725-c672-4a6f-97f2-3daa64a94508.jpg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:2edd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3582ead06212989d00a1c16077fd48e9444ef672aa0af4826aee7ef85a51a18b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 919
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3590
last-modified: Tue, 01 Feb 2022 22:20:45 GMT
server: cloudflare
etag: "d515e8f4b917d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IQNNr4x6pCkWzJ9wPdANTonyxcmFgRIONH7ZzAXQAETkzHtaJKX8pKk0yyGlwLlcs8pM2hLXpW%2BOFY5PtHhJscYtWQnqbpDLrJAQBBc0vg3Lz9JN4nnxcki1q87clMN%2FiZWG4uyYPe6s3Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
cf-ray: 6d6ed8242ada9104-FRA

GET
H3 200 4961581917240533.jpeg
sarahah.top/images/Thumb/ 2 KB
3 KB 57ms
54ms Image
image/jpeg 2606:4700:3033::6815:2edd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/4961581917240533.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:2edd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6fd593d0b2d5d9d953b9ee4fe95708fadaae7e39fbb069b96fa1fdb1fb4c89c4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 34
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2337
last-modified: Tue, 01 Feb 2022 22:47:08 GMT
server: cloudflare
etag: "6446c2a4bd17d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xL8%2FKlad3WsXDPk3gF4FjnyoVkOeyJxbF7xguT0hUf3MvmJHjVxu4gTxJBojaYb6Q%2FefV2Jk%2BI%2FPv8xcNBw%2F%2BJ%2FNTqq5RVTHLQdMzOzg3osxPu6tM8rKDE2mCeR6WwW2W2lek5twIyHfQw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
cf-ray: 6d6ed8242adb9104-FRA

GET
H3 200 972362153671044.jpeg
sarahah.top/images/Thumb/ 3 KB
3 KB 57ms
54ms Image
image/jpeg 2606:4700:3033::6815:2edd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/972362153671044.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:2edd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 10650f32d423d53e49dd81ff216c72522efd66b6bfcbf10212a19b7da159dbcd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 34
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2672
last-modified: Tue, 01 Feb 2022 22:35:58 GMT
server: cloudflare
etag: "a09d2815bc17d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ITJo5%2BMgzIotoz%2BWGLNhwm%2Fg2QaAJI0AHEXl0dyCk0%2FtYBYp8Dj8XPrttuaa0%2Bppxt9%2BK2UOXsg3Jkqk9473m11sUNSAP4qwvjscEz%2FjjsU2ui0LeJiGeLiL9BXgCJB8W46viuOxY0cnoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
cf-ray: 6d6ed8242ae29104-FRA

GET
H3 200 1582131668793463.jpeg
sarahah.top/images/Thumb/ 3 KB
3 KB 57ms
55ms Image
image/jpeg 2606:4700:3033::6815:2edd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/1582131668793463.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:2edd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c221b035b0337380706d935b33d6cabb3824bbcd6f60e38727ea33acedb6a1f6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 34
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3031
last-modified: Tue, 01 Feb 2022 22:35:38 GMT
server: cloudflare
etag: "4aba939bc17d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L08FkX%2FzrZjVnISWPRSmlJ8RDadrPOW65jvt3la24iF7CIYt0Wf7EwBNCs0odwBRia7nVAla74xceZSR%2Bl%2FZtuB1zjZ%2F26FLKe%2F82cQ5UMXob05b1H29C93TtF%2FEWB736SszrCJMe5sLzw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
cf-ray: 6d6ed8242af39104-FRA

GET
H3 200 333794168640855.jpeg
sarahah.top/images/Thumb/ 1 KB
2 KB 58ms
55ms Image
image/jpeg 2606:4700:3033::6815:2edd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/333794168640855.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:2edd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 98e9b684c81956a4e37c20546d2aeef3eeb9e6bd90cd28fab1a40ca27dbe75a3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 920
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1216
last-modified: Tue, 01 Feb 2022 22:25:29 GMT
server: cloudflare
etag: "cb09e9eba17d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e07YqUsK%2BY4IPQXdzu%2FhrkwrcKIU%2FArBsCzMt%2BgVYRSF%2BZSReUM9Y3Wwqznyg2GzEaQtkSJdZGeq2VP7WAdKkV2%2BjFW%2BL9P4oZoijWxCTAzVwi84GHGxG2%2B2CXtmpDylLr9%2BB7iFIIV3Xg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
cf-ray: 6d6ed8242b039104-FRA

GET
H3 200 1209526692904910.jpeg
sarahah.top/images/Thumb/ 4 KB
4 KB 58ms
55ms Image
image/jpeg 2606:4700:3033::6815:2edd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/1209526692904910.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:2edd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dc9a39fb1a3f821a4dab271c1d6acbb6c2c36d9e551acc1855b1ecdfd1ac4c1a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 920
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3730
last-modified: Tue, 01 Feb 2022 22:28:30 GMT
server: cloudflare
etag: "aa1325abb17d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7qozJGsW1zmlqQNRRHZ1DuWXRTvc%2B4NbKZ6aDxkRzbiaH9mL0gMv%2B7NxifQkla5%2BnVLXRXfXsVDjazT5IZFUuSKJHYIPy3YBMqS1n%2FiVPKJ9vJhGKNsRypgrLIOjXwnFLu1Ugg4D8z8cJg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
cf-ray: 6d6ed8242b069104-FRA

GET
H3 200 1526661604379618.jpeg
sarahah.top/images/Thumb/ 3 KB
3 KB 58ms
56ms Image
image/jpeg 2606:4700:3033::6815:2edd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/1526661604379618.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:2edd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d7d937049391348269ab47fbd381d84b351deee720d2a3c3d03cde363f4db219

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 34
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2649
last-modified: Tue, 01 Feb 2022 22:42:47 GMT
server: cloudflare
etag: "37bc209bd17d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tPCvkK088l02qBRE%2BVpUQrygpZHHhc3422rLrYqv4LLDjwDtwHII%2BOj3pJi2zZSiQe2JP6Ciufaot3NdvdsrJXOLtwV5Ib5RE%2B4H948jpK%2F8Jjh3y2DJkDv6DpF0iJhwa2EyF8zRF%2BvMDA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
cf-ray: 6d6ed8242b079104-FRA

GET
H3 200 115217054399492.jpeg
sarahah.top/images/Thumb/ 3 KB
4 KB 58ms
56ms Image
image/jpeg 2606:4700:3033::6815:2edd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/115217054399492.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:2edd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 33e1777b68cbe02cf2a4bb85907e16b2466b36149c5203aed46b46876237e3a8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 34
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3364
last-modified: Tue, 01 Feb 2022 22:35:57 GMT
server: cloudflare
etag: "b97c614bc17d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8G1hdbliODKTO1%2FtE9l4MnRRiOt45MYp5O7OHJOMiZcIEd5JP3ok9eukxIsYR4CV8u6fyJiGd3Twe2NRi1qZ7PBaZPTJGmUPQsq7WJMAEmwnNiXjVXNrlapoTJCeMWzMU9AP1E49tuWlcg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
cf-ray: 6d6ed8242b089104-FRA

GET
H3 200 1363664504071350.jpeg
sarahah.top/images/Thumb/ 1 KB
2 KB 59ms
56ms Image
image/jpeg 2606:4700:3033::6815:2edd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sarahah.top/images/Thumb/1363664504071350.jpeg
Requested by: Host: sarahah.top
URL: https://sarahah.top/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:2edd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 98e9b684c81956a4e37c20546d2aeef3eeb9e6bd90cd28fab1a40ca27dbe75a3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 920
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1216
last-modified: Tue, 01 Feb 2022 22:30:02 GMT
server: cloudflare
etag: "82b2d640bb17d81:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EY%2BwTv2EVkkeP%2B%2F7Ly5PEOoMN4MYfnLCJKvr2Yf6PQV%2FCloI4NjwzSAOxYuedPTNmJSoYgkEPbVkm8vYG4KVoMdwYO2TMmProyyRuxGxIQrA4Lu36t9x%2FlfGUt00SXP5I8GowQVh%2BIzw1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
cf-ray: 6d6ed8242b099104-FRA

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
439 B 71ms
17ms XHR
text/plain 2a00:1450:400c:c08::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-92277503-1&cid=2054447706.1643756934&jid=91362555&gjid=1134131824&_gid=35606650.1643756934&_u=IEBAAEAAAAAAAC~&z=464407482

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c08::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://sarahah.top/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 01 Feb 2022 23:08:53 GMT
content-type: text/plain
access-control-allow-origin: https://sarahah.top
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 285 KB
80 KB 24ms
13ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=5d4d246fe7b318468a86ed717d86debe

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

be215947570547415b04b458ab2215135eeb8ac9d5f2e4ab0921b3d616418f03

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://sarahah.top/
Origin: https://sarahah.top
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: 3GAmPcRvRftGcGIJi81QmQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
expires: Wed, 01 Feb 2023 21:24:11 GMT
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 82041
x-fb-rlafr: 0
x-fb-debug: ncJbK4+es1d/hGbSNzAdBfLp9NAOF8MnOJDSHdJoOutHCSejkpdtErnQu6kWuYkeD+HwNXiGitUsgLcRbaXm5A==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: 31e7e08419e5dd1d8eca3a55669b8aa3
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 01 Feb 2022 23:08:53 GMT
x-frame-options: DENY
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "c88af936d23e3aaa1cc1fdd40c72145c"
timing-allow-origin: *
priority: u=3,i
access-control-expose-headers: X-FB-Content-MD5

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 215 B
644 B 38ms
15ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=sarahah.top&callback=_gfp_s_&client=ca-pub-4576544419463247

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202201240101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-4576544419463247&plah=sarahah.top&bust=31064543

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

359228042b34077f2434abf023bf7fcfb568c983c37df85ba3f80ab8797425aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 200
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 52ms
15ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=sarahah.top

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 01 Feb 2022 23:08:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 43ms
16ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=sarahah.top

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 01 Feb 2022 23:08:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 39ms
39ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fsarahah.top%2F&tn=NAV&cls=navbar%20navbar-inverse%20navbar-fixed-top%20app-navbar&ign=false&pw=1600&ph=1200&x=0&y=0

Requested by

Host: sarahah.top
URL: https://sarahah.top/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Feb 2022 23:08:53 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 4559 172 KB
47 KB 410ms
410ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4576544419463247&output=html&adk=1812271804&adf=3025194257&lmt=1643756933&plat=2%3A16777216%2C3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fsarahah.top%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1643756933758&bpp=2&bdt=175&idt=94&shv=r20220131&mjsv=m202201240101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2859625660521&frm=20&pv=2&ga_vid=2054447706.1643756934&ga_sid=1643756934&ga_hid=2129982220&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31064543%2C44756896&oid=2&pvsid=1670695000159438&pem=652&tmod=310619471&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=132

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8ca306e860992a646de6607ddd09da2d0d1f054e455df2c6bc6f967cf45c8518

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 01 Feb 2022 23:08:54 GMT
server: cafe
content-length: 48491
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 01 Feb 2022 23:08:54 GMT
cache-control: private

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 44ms
19ms Image
image/gif 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-92277503-1&cid=2054447706.1643756934&jid=91362555&_u=IEBAAEAAAAAAAC~&z=2048091971

Requested by

Host: sarahah.top
URL: https://sarahah.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Feb 2022 23:08:53 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 41ms
17ms Image
image/gif 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-92277503-1&cid=2054447706.1643756934&jid=91362555&_u=IEBAAEAAAAAAAC~&z=2048091971

Requested by

Host: sarahah.top
URL: https://sarahah.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Feb 2022 23:08:53 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 5530 66 KB
28 KB 317ms
317ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4576544419463247&output=html&h=280&slotname=6148065413&adk=3972370446&adf=908040361&pi=t.ma~as.6148065413&w=336&lmt=1643756933&psa=0&format=336x280&url=https%3A%2F%2Fsarahah.top%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1643756933760&bpp=2&bdt=177&idt=146&shv=r20220131&mjsv=m202201240101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2859625660521&frm=20&pv=1&ga_vid=2054447706.1643756934&ga_sid=1643756934&ga_hid=2129982220&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=244&ady=191&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31064543%2C44756896&oid=2&pvsid=1670695000159438&pem=652&tmod=310619471&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CeE%7C&abl=NS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=j5QjeEFj7G&p=https%3A//sarahah.top&dtd=149

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

349cf6936951588ed71f47dfcedfa1fe5406458c579954095b26e0c55e80f0e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 01 Feb 2022 23:08:54 GMT
server: cafe
content-length: 28281
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 01 Feb 2022 23:08:54 GMT
cache-control: private

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 401F 89 KB
31 KB 278ms
277ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4576544419463247&output=html&h=280&slotname=3361603013&adk=361493202&adf=1625653500&pi=t.ma~as.3361603013&w=1200&fwrn=4&fwrnh=100&lmt=1643756933&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fsarahah.top%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1643756933762&bpp=1&bdt=179&idt=157&shv=r20220131&mjsv=m202201240101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C336x280&nras=1&correlator=2859625660521&frm=20&pv=1&ga_vid=2054447706.1643756934&ga_sid=1643756934&ga_hid=2129982220&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=747&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31064543%2C44756896&oid=2&pvsid=1670695000159438&pem=652&tmod=310619471&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=zufAJYNDFF&p=https%3A//sarahah.top&dtd=159

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c8995ab31afcbbfd6583389988b4b1ca8130fa45961886067486baaa3f3caf8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 01 Feb 2022 23:08:54 GMT
server: cafe
content-length: 32036
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 01 Feb 2022 23:08:54 GMT
cache-control: private

GET
H2 200 /
www.facebook.com/tr/ 44 B
407 B 22ms
7ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1878381995713635&ev=fb_page_view&dl=https%3A%2F%2Fsarahah.top%2F&rl=&if=false&ts=1643756933925&sw=1600&sh=1200&at=

Requested by

Host: sarahah.top
URL: https://sarahah.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:53 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 44
expires: Tue, 01 Feb 2022 23:08:53 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 401F 4 KB
810 B 33ms
17ms Stylesheet
text/css 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4576544419463247&output=html&h=280&slotname=3361603013&adk=361493202&adf=1625653500&pi=t.ma~as.3361603013&w=1200&fwrn=4&fwrnh=100&lmt=1643756933&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fsarahah.top%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1643756933762&bpp=1&bdt=179&idt=157&shv=r20220131&mjsv=m202201240101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C336x280&nras=1&correlator=2859625660521&frm=20&pv=1&ga_vid=2054447706.1643756934&ga_sid=1643756934&ga_hid=2129982220&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=747&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31064543%2C44756896&oid=2&pvsid=1670695000159438&pem=652&tmod=310619471&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=zufAJYNDFF&p=https%3A//sarahah.top&dtd=159

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a7285580be75cd3030f88e9965590dbf8cc61ade01a82348b993c8f2a3f1245b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 01 Feb 2022 22:28:10 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 01 Feb 2022 23:08:54 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 01 Feb 2022 23:08:54 GMT

GET
H2 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220131/r20110914/client/ Frame 401F 1 KB
955 B 66ms
13ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220131/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fd11fa353cc6a8560f4c35e67c6fb8a3a4061ed3de4309cdf83fca65f8319bb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:03:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 314
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 848
x-xss-protection: 0
server: cafe
etag: 2277666839114365613
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 15 Feb 2022 23:03:40 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220131/r20110914/ Frame 401F 19 KB
8 KB 55ms
6ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220131/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9d9c224b9a0613f2b32232c1692facdba66da6722645c311854999087539186d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 22:34:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2060
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7717
x-xss-protection: 0
server: cafe
etag: 3424151191822960849
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 15 Feb 2022 22:34:34 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220131/r20110914/client/ Frame 401F 2 KB
1 KB 62ms
13ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220131/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:06:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 161
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 15 Feb 2022 23:06:13 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 401F 123 KB
38 KB 153ms
130ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

029e397f5091f72db15257548e07a6f9008457e90acb7cd22efbdb8264b2a592

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38373
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1643632328463892"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 01 Feb 2022 23:08:54 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220131/r20110914/client/ Frame 401F 14 KB
6 KB 55ms
7ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220131/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fde98a3e06f299a73b0a3eb6c095649b9c3f9c342596091936a4675fd6980a1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 22:55:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 823
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6195
x-xss-protection: 0
server: cafe
etag: 17106829078744545694
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 15 Feb 2022 22:55:11 GMT

GET
H2 200 4b5ee2b4ff5a9298bcc39e4df8189ef4.js Show response
www.gstatic.com/mysidia/ Frame 401F 27 KB
12 KB 30ms
6ms Script
text/javascript 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/4b5ee2b4ff5a9298bcc39e4df8189ef4.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61ded43bae7eeb79ab544e26dbad051960b7db1da4ceed550be859e979be23ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 29 Jan 2022 11:58:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 299444
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11337
x-xss-protection: 0
last-modified: Thu, 27 Jan 2022 01:51:31 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Fri, 29 Apr 2022 11:58:10 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 401F 0
0 52ms
52ms Fetch
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CZYtJhb35YZDpOZOOtweXtrP4DOjbh79l6K-SmqsLtayX494OEAEggOCgJmCV4pCCoAegAdzv8-UDyAEJqQLkIGA0oUuEPqgDAcgDywSqBMkBT9D-jmEcGbeScX2aDVrgclhTBhdPFEJ5JLVRdxpPRREy7wFvQeqEQSGpCB3bFNEPi4RcPS4t3qgPQKWLfFhk7lD6QS-a6G0egK1LZJYRoR_2UO0PVccrLohNUw2pZloOB7fSnBFI6M9F8pEOmCjcouEj9JBWLvMwKnO_3_4f7Qk_MjxehzETlSVQTV7Mb0VZUI9gQDIFutVcA0ehKarg85IE1u-6L9JtmaHKpVrdqCIwZcovLBAziM8lvN6mShWOxOSAiQudi8KJwAT_p4DNywKSBQQIBBgBkgUECAUYBKAGLoAHjJCMGqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcA8gcEEOHYCtIICQiA4YAQEAEYH4AKAcgLAbgTiCfYEwyIFAPQFQGYFgGAFwGyFxwKGggAEhRwdWItNDU3NjU0NDQxOTQ2MzI0NxgA&sigh=XYe452OVysg&uach_m=[UACH]&template_id=5000

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4576544419463247&output=html&h=280&slotname=3361603013&adk=361493202&adf=1625653500&pi=t.ma~as.3361603013&w=1200&fwrn=4&fwrnh=100&lmt=1643756933&rafmt=1&psa=0&format=1200x280&url=https%3A%2F%2Fsarahah.top%2F&flash=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1643756933762&bpp=1&bdt=179&idt=157&shv=r20220131&mjsv=m202201240101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C336x280&nras=1&correlator=2859625660521&frm=20&pv=1&ga_vid=2054447706.1643756934&ga_sid=1643756934&ga_hid=2129982220&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=747&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31064543%2C44756896&oid=2&pvsid=1670695000159438&pem=652&tmod=310619471&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=zufAJYNDFF&p=https%3A//sarahah.top&dtd=159
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Tue, 01 Feb 2022 23:08:54 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Tue, 01 Feb 2022 23:08:54 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/5872187346817548472/ Frame 401F 22 KB
22 KB 51ms
14ms Image
image/jpeg 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/5872187346817548472/downsize_200k_v1?w=600&h=314

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

daddfae8f2e98ebc8b30f9f82d815a6d3338d5c0bc13ea715fdd90f9c92eb9db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 19:51:18 GMT
x-content-type-options: nosniff
age: 357456
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22471
x-xss-protection: 0
last-modified: Thu, 23 Jan 2020 08:47:12 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 28 Jan 2023 19:51:18 GMT

GET
DATA 200
OK truncated
/ Frame 401F 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 401F 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 8101340754065323091
tpc.googlesyndication.com/simgad/ Frame 5530 30 KB
31 KB 21ms
16ms Image
image/png 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8101340754065323091?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qniy1SfF8ehVJFvoJDY38NqVWN9qA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4576544419463247&output=html&h=280&slotname=6148065413&adk=3972370446&adf=908040361&pi=t.ma~as.6148065413&w=336&lmt=1643756933&psa=0&format=336x280&url=https%3A%2F%2Fsarahah.top%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1643756933760&bpp=2&bdt=177&idt=146&shv=r20220131&mjsv=m202201240101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2859625660521&frm=20&pv=1&ga_vid=2054447706.1643756934&ga_sid=1643756934&ga_hid=2129982220&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=244&ady=191&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31064543%2C44756896&oid=2&pvsid=1670695000159438&pem=652&tmod=310619471&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CeE%7C&abl=NS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=j5QjeEFj7G&p=https%3A//sarahah.top&dtd=149

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca8ad2739b1e87ee76eaecb660938b3baf35007434ab74bd3e86e65ac4105232

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sun, 30 Jan 2022 23:00:04 GMT
x-content-type-options: nosniff
age: 173330
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31218
x-xss-protection: 0
last-modified: Fri, 28 May 2021 07:00:00 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 30 Jan 2023 23:00:04 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220131/r20110914/ Frame 5530 19 KB
8 KB 13ms
8ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220131/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9d9c224b9a0613f2b32232c1692facdba66da6722645c311854999087539186d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 22:34:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2060
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7717
x-xss-protection: 0
server: cafe
etag: 3424151191822960849
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 15 Feb 2022 22:34:34 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220131/r20110914/client/ Frame 5530 2 KB
1 KB 22ms
20ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220131/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:06:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 161
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 15 Feb 2022 23:06:13 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220131/r20110914/client/ Frame 5530 14 KB
6 KB 14ms
12ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220131/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fde98a3e06f299a73b0a3eb6c095649b9c3f9c342596091936a4675fd6980a1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 22:55:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 823
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6195
x-xss-protection: 0
server: cafe
etag: 17106829078744545694
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 15 Feb 2022 22:55:11 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5530 123 KB
38 KB 173ms
172ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

029e397f5091f72db15257548e07a6f9008457e90acb7cd22efbdb8264b2a592

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38373
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1643632328463892"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 01 Feb 2022 23:08:54 GMT

GET
H2 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220131/r20110914/client/ Frame 5530 27 KB
11 KB 22ms
20ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220131/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bfaab13f143182d1440b669a897f1483fa62875630704be96b14470cb3f2fc83

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 18:31:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 16672
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11420
x-xss-protection: 0
server: cafe
etag: 10042690048157680901
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 15 Feb 2022 18:31:02 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 5530 0
0 54ms
54ms Fetch
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CxA0ihb35YaWOOYmQtwel1p-IDp7YpoBjyLaV1M0Ns7H0_QgQASCA4KAmYJXikIKgB6AB0KT09wPIAQKpAlZvmx7H37I-qAMByAPJBKoEvQFP0D_ndW5xUQXaSaXnT891y9iIFc5RyxYBknfINlKDb9gjpPKwfdKsagNMxqZqgLrxDHnMmzVILP6_GhAEOBrwWlDzD4l0AZn428rIT-I1Fu_6pvVtt81C5wyMB0sM45NHncdgEri8ecz7qXpNY9Jo9yBFiLtktsvx-znC46N7O_8b9KsMTKCNZg45MFGAZIqfu-ZHYepzOJuJpOC1qmbMNYQgyymX53VfIB1kotPLnGo0pYFcrSgjnwIFWZ_ABIfElrnUA5IFBAgEGAGSBQQIBRgEoAYCgAfIr8i-AqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcB8gcEELfrCdIICQiA4YAQEAEYH4AKAcgLAdgTDdAVAYAXAbIXHAoaCAASFHB1Yi00NTc2NTQ0NDE5NDYzMjQ3GAA&sigh=aMY2_Uwqnpk&uach_m=[UACH]

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4576544419463247&output=html&h=280&slotname=6148065413&adk=3972370446&adf=908040361&pi=t.ma~as.6148065413&w=336&lmt=1643756933&psa=0&format=336x280&url=https%3A%2F%2Fsarahah.top%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1643756933760&bpp=2&bdt=177&idt=146&shv=r20220131&mjsv=m202201240101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2859625660521&frm=20&pv=1&ga_vid=2054447706.1643756934&ga_sid=1643756934&ga_hid=2129982220&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=244&ady=191&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31064543%2C44756896&oid=2&pvsid=1670695000159438&pem=652&tmod=310619471&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CeE%7C&abl=NS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=j5QjeEFj7G&p=https%3A//sarahah.top&dtd=149
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Tue, 01 Feb 2022 23:08:54 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Tue, 01 Feb 2022 23:08:54 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame F64D 143 B
163 B 7ms
6ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4576544419463247&output=html&h=280&slotname=6148065413&adk=3972370446&adf=908040361&pi=t.ma~as.6148065413&w=336&lmt=1643756933&psa=0&format=336x280&url=https%3A%2F%2Fsarahah.top%2F&flash=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&dt=1643756933760&bpp=2&bdt=177&idt=146&shv=r20220131&mjsv=m202201240101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2859625660521&frm=20&pv=1&ga_vid=2054447706.1643756934&ga_sid=1643756934&ga_hid=2129982220&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=244&ady=191&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31064543%2C44756896&oid=2&pvsid=1670695000159438&pem=652&tmod=310619471&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CeE%7C&abl=NS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=j5QjeEFj7G&p=https%3A//sarahah.top&dtd=149

Response headers

x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 145
x-xss-protection: 0
date: Tue, 01 Feb 2022 23:03:04 GMT
cache-control: public, max-age=3600
content-type: text/html; charset=UTF-8
age: 350
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 5530 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f0399c3058b2e3a164497ff6995715d6099c810f5ba8c5600a70ea74e8d5f00d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame F64D
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

88ms
88ms

Document
text/html

2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Tue, 01 Feb 2022 23:08:54 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 01 Feb 2022 23:08:54 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Tue, 01 Feb 2022 23:08:54 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 reactive_library_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202201240101/ 150 KB
54 KB 54ms
54ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202201240101/reactive_library_fy2019.js?bust=31064543

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

adb1d98f909a408aeefe290022ea69de8014d8c3aababa210f70cb6855e12af8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 54884
x-xss-protection: 0
server: cafe
etag: 4067849695821315054
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Tue, 01 Feb 2022 23:08:54 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 32ms
17ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=sarahah.top

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 01 Feb 2022 23:08:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 33ms
17ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=sarahah.top

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 01 Feb 2022 23:08:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220131/r20110914/ Frame 6E87 10 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220131/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a575e2f63d79cdaf5a92b4453bfcaadb462119aa1216b4f28920e37e2d9b8e7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4612
x-xss-protection: 0
date: Tue, 01 Feb 2022 18:58:04 GMT
expires: Tue, 15 Feb 2022 18:58:04 GMT
cache-control: public, max-age=1209600
age: 15050
etag: 18247940800414524076
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220131/r20110914/ Frame 29E6 10 KB
5 KB 8ms
7ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220131/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a575e2f63d79cdaf5a92b4453bfcaadb462119aa1216b4f28920e37e2d9b8e7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4612
x-xss-protection: 0
date: Tue, 01 Feb 2022 18:58:04 GMT
expires: Tue, 15 Feb 2022 18:58:04 GMT
cache-control: public, max-age=1209600
age: 15050
etag: 18247940800414524076
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 401F 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fc68f78f98d9b6d78b51e2cceb06314c98dddf574c58ab99064dd3b714b6f2b2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 4Ua_rENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RFD48TE63OOYKtrwEIJllpyk.woff2
fonts.gstatic.com/s/googlesans/v41/ Frame 401F 17 KB
17 KB 21ms
7ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v41/4Ua_rENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RFD48TE63OOYKtrwEIJllpyk.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

953f95177cf9d22c325e2c95b1ad88160975a71ed6ce0454f261aec4b13fe610

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 18:11:45 GMT
x-content-type-options: nosniff
age: 17829
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17140
x-xss-protection: 0
last-modified: Tue, 18 Jan 2022 17:53:47 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 01 Feb 2023 18:11:45 GMT

GET
H3 200 css2
fonts.googleapis.com/ Frame 6E87 4 KB
634 B 17ms
16ms Stylesheet
text/css 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220131/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 01 Feb 2022 22:16:41 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 01 Feb 2022 23:08:54 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 01 Feb 2022 23:08:54 GMT

GET
H3 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 6E87 205 B
229 B 24ms
9ms Image
image/png 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220131/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 16:38:58 GMT
x-content-type-options: nosniff
age: 23396
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 01 Feb 2023 16:38:58 GMT

GET
H3 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 6E87 604 B
628 B 23ms
8ms Image
image/png 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220131/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 31 Jan 2022 19:46:46 GMT
x-content-type-options: nosniff
age: 98528
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Tue, 31 Jan 2023 19:46:46 GMT

GET
H3 200 interstitial_ad_frame_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220131/r20110914/elements/html/ Frame 6E87 19 KB
8 KB 24ms
7ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220131/r20110914/elements/html/interstitial_ad_frame_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220131/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6b93887e254ebeb4138023845a5b29a6fbae9293bdbdcbd2bfb772814c22d388

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:01:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 454
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8049
x-xss-protection: 0
server: cafe
etag: 11932668728170215831
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 15 Feb 2022 23:01:20 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 29E6 0
0 48ms
47ms Fetch
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Ck3qyhb35YZbHN6iN3gOl-rDoAcme0rFc1Z2R93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItNDU3NjU0NDQxOTQ2MzI0N6AB1bbS6gPIAQmpAnn1zcwl3rI-qAMBqgSxAU_QMJotCOtJuIw2FVQDpZUKvmNW8q5uADGff7ptB-kc9Ew8DbR2aSD4K7eX6ADmY0IlCbEeVjm8TKo8HYmCoYJtsG0JhN5ReL97bQ8s47O6GCRLfKnaUTHrLTpf7U0GdqwR5zB1WdxEp1ZEFhB_rUteCLOseIVDuHYQs0090Ez9RiuAdJ0F4nmR9XL9hkds753k4BoyF6vNtKMPsIwqiY9KbhZ7AxG4A1FrLxdj63gYLYAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBABgAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTQ1NzY1NDQ0MTk0NjMyNDcYAA&sigh=MzbdPY4YL0A&uach_m=[UACH]&cid=CAQSGwCNIrLMSHtIkCo6_cFlyH7mgI5ozZ_IXSpeFRgB

Requested by

Host: sarahah.top
URL: https://sarahah.top/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20220131/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Tue, 01 Feb 2022 23:08:54 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 notify
rtb.fr.eu.criteo.com/google/auction/ Frame 29E6 0
0 54ms
16ms Fetch 2a02:2638::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.fr.eu.criteo.com/google/auction/notify?profile=14&payload=UMDUEcz6RO0HfJ2DYgICAAAAACowVdka1rQQhb35YegLjRDtrNfXIv-GABI&wp=Yfm9hQAN45YKd4aoAAw9Jcb1o0XDD94ChjsxFg

Requested by

Host: sarahah.top
URL: https://sarahah.top/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:54 GMT
server: Kestrel
server-processing-duration-in-ticks: 287210
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 8AB5 128 KB
44 KB 127ms
85ms Document
text/html 2a02:2638:1::11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=Yfm9hQAN45YKd4aoAAw9Jcb1o0XDD94ChjsxFg&u=%7CoJx%2FeTM98ygST3wTQnP8CUJhH61gqEhRWgkoww5gq5g%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpOtYk8A6_xGUEjU08dWIaJP0eZa0C7d1zl_k0WibYnQkD0fPZOFO5uuUwiGAd9K_mDGg_xzecYK3Dy0ExA8iLa53YSdVjy1AIxF7scsAg2yHEEwm03QNVi4KEkisf4HZBx4VuulvWtOoQZJHgINSGKkVSmZIIgRnhzQI6DHVQr-cjmYxh2wWpKNErhC6Fjg1FDclJvHW1_UutfGICSdIfLbLAtx5OLQavrCNbbj4KhTiaRD3s-rQN-FC9XZSOYr1Xle5OS8m-kiuZGpScgXB72ENHCqLtLWHBsOb2dKRv_-xbjIui6tBCx6RWZ2KmJhy7nofzj2uGG6g_O8pMzpwlOssUsBJhQ9E3joE_0lU3gryaI9vB3p71QXeiongxCEgq7ShlKBh3MgLg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCKUYJhb35YZbHN6iN3gOl-rDoAcme0rFc1Z2R93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItNDU3NjU0NDQxOTQ2MzI0N6AB1bbS6gPIAQmpAnn1zcwl3rI-qAMBqgS0AU_QMJotCOtJuIw2FVQDpZUKvmNW8q5uADGff7ptB-kc9Ew8DbR2aSD4K7eX6ADmY0IlCbEeVjm8TKo8HYmCoYJtsG0JhN5ReL97bQ8s47O6GCRLfKnaUTHrLTpf7U0GdqwR5zB1WdxEp1ZEFhB_rUteCLOseIVDuHYQs0090Ez9RiuAdJ0F4nmR9XK_hGb-aBJ486WuAwgdiQX3uZggP4VkdpTPyywe8e51Aw_mQfwLkjjOUIAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_29xZfFoW3bdUCIoZp-CTVT13jRYg%26client%3Dca-pub-4576544419463247%26adurl%3D

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220131/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

9813edaa720fe3a8238532e67b79e95ed4a5c018de8a988ccd901eb906cc0f61

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/

Response headers

date: Tue, 01 Feb 2022 23:08:54 GMT
content-type: text/html
server: Kestrel
cache-control: private, max-age=0, no-cache
pragma: no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cross-origin-resource-policy: cross-origin
p3p: CP='CUR ADM OUR NOR STA NID'
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=CATm0D9BBw7aKoVsIxm2UWHdpry3y2NJYKxDZjvXK3sRS_sPKs3H-SA8n6yXob5Gsuc1I7KtOnL88iCQHCyIoSz7KL5bsf_yEZFzq8XblCx4hNFjW6P14ZsPyOylUVUD9geLxyjQqW5P3gmsP6VxITIUQbQnCgAKpkn9RmY3sIeobi-CFFVnrp4KluBAb_a2BM6Uu567VkGHKOCm1UDZG6mvkZAy4AVC6Z8Dewox7B6rmwVefgsFtGyipOEiqs-O1t6cFA"}], "max_age": 86400}
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
server-processing-duration-in-ticks: 64643150
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220131/r20110914/client/ Frame 29E6 2 KB
1 KB 20ms
9ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220131/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220131/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:06:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 161
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 15 Feb 2022 23:06:13 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 29E6 123 KB
38 KB 71ms
55ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220131/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

029e397f5091f72db15257548e07a6f9008457e90acb7cd22efbdb8264b2a592

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38373
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1643632328463892"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 01 Feb 2022 23:08:54 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220131/r20110914/client/ Frame 29E6 14 KB
6 KB 17ms
8ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220131/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220131/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fde98a3e06f299a73b0a3eb6c095649b9c3f9c342596091936a4675fd6980a1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 22:55:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 823
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6195
x-xss-protection: 0
server: cafe
etag: 17106829078744545694
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 15 Feb 2022 22:55:11 GMT

GET
H3 200 -RQXuketuW9jWIYsaM5S-Ql31PXoBsmd6vdkFHZtDQI.js Show response
pagead2.googlesyndication.com/bg/ Frame 289A 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/-RQXuketuW9jWIYsaM5S-Ql31PXoBsmd6vdkFHZtDQI.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f91417ba47adb96f6358862c68ce52f90977d4f5e806c99deaf76414766d0d02

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 20:20:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 355686
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13701
x-xss-protection: 0
last-modified: Thu, 27 Jan 2022 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 28 Jan 2023 20:20:48 GMT

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220131/r20110914/client/ Frame 143F 1 KB
875 B 7ms
6ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220131/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220131/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fd11fa353cc6a8560f4c35e67c6fb8a3a4061ed3de4309cdf83fca65f8319bb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:03:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 314
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 848
x-xss-protection: 0
server: cafe
etag: 2277666839114365613
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 15 Feb 2022 23:03:40 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220131/r20110914/ Frame 143F 19 KB
8 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220131/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220131/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9d9c224b9a0613f2b32232c1692facdba66da6722645c311854999087539186d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 22:34:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2060
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7717
x-xss-protection: 0
server: cafe
etag: 3424151191822960849
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 15 Feb 2022 22:34:34 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220131/r20110914/client/ Frame 143F 2 KB
1 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220131/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220131/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:06:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 161
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 15 Feb 2022 23:06:13 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 143F 123 KB
38 KB 55ms
55ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220131/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

029e397f5091f72db15257548e07a6f9008457e90acb7cd22efbdb8264b2a592

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38373
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1643632328463892"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 01 Feb 2022 23:08:54 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220131/r20110914/client/ Frame 143F 14 KB
6 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220131/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220131/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fde98a3e06f299a73b0a3eb6c095649b9c3f9c342596091936a4675fd6980a1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 22:55:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 823
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6195
x-xss-protection: 0
server: cafe
etag: 17106829078744545694
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 15 Feb 2022 22:55:11 GMT

GET
H3 200 4b5ee2b4ff5a9298bcc39e4df8189ef4.js Show response
www.gstatic.com/mysidia/ Frame 143F 27 KB
11 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/4b5ee2b4ff5a9298bcc39e4df8189ef4.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220131/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61ded43bae7eeb79ab544e26dbad051960b7db1da4ceed550be859e979be23ba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Sat, 29 Jan 2022 11:58:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 299444
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11337
x-xss-protection: 0
last-modified: Thu, 27 Jan 2022 01:51:31 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Fri, 29 Apr 2022 11:58:10 GMT

GET
H3 200 -RQXuketuW9jWIYsaM5S-Ql31PXoBsmd6vdkFHZtDQI.js Show response
pagead2.googlesyndication.com/bg/ Frame E409 35 KB
13 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/-RQXuketuW9jWIYsaM5S-Ql31PXoBsmd6vdkFHZtDQI.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f91417ba47adb96f6358862c68ce52f90977d4f5e806c99deaf76414766d0d02

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 20:20:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 355686
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13701
x-xss-protection: 0
last-modified: Thu, 27 Jan 2022 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 28 Jan 2023 20:20:48 GMT

GET
DATA 200
OK truncated
/ Frame 29E6 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9e164b466640b7e611cffcb68f74706356e7f3813f553d9ba928fa1f7c625dd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 8AB5 2 KB
1 KB 47ms
13ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=Yfm9hQAN45YKd4aoAAw9Jcb1o0XDD94ChjsxFg&u=%7CoJx%2FeTM98ygST3wTQnP8CUJhH61gqEhRWgkoww5gq5g%3D%7C&c1=JrbohDAzizBCiLKN5O6jHUI-6dJ9lV_AM8iEE4GHx4XAZ8-c9e5LlJfMjehYPJbM0j2hknANCpOtYk8A6_xGUEjU08dWIaJP0eZa0C7d1zl_k0WibYnQkD0fPZOFO5uuUwiGAd9K_mDGg_xzecYK3Dy0ExA8iLa53YSdVjy1AIxF7scsAg2yHEEwm03QNVi4KEkisf4HZBx4VuulvWtOoQZJHgINSGKkVSmZIIgRnhzQI6DHVQr-cjmYxh2wWpKNErhC6Fjg1FDclJvHW1_UutfGICSdIfLbLAtx5OLQavrCNbbj4KhTiaRD3s-rQN-FC9XZSOYr1Xle5OS8m-kiuZGpScgXB72ENHCqLtLWHBsOb2dKRv_-xbjIui6tBCx6RWZ2KmJhy7nofzj2uGG6g_O8pMzpwlOssUsBJhQ9E3joE_0lU3gryaI9vB3p71QXeiongxCEgq7ShlKBh3MgLg&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCKUYJhb35YZbHN6iN3gOl-rDoAcme0rFc1Z2R93DAjbcBEAEgAGCV4pCCoAeCARdjYS1wdWItNDU3NjU0NDQxOTQ2MzI0N6AB1bbS6gPIAQmpAnn1zcwl3rI-qAMBqgS0AU_QMJotCOtJuIw2FVQDpZUKvmNW8q5uADGff7ptB-kc9Ew8DbR2aSD4K7eX6ADmY0IlCbEeVjm8TKo8HYmCoYJtsG0JhN5ReL97bQ8s47O6GCRLfKnaUTHrLTpf7U0GdqwR5zB1WdxEp1ZEFhB_rUteCLOseIVDuHYQs0090Ez9RiuAdJ0F4nmR9XK_hGb-aBJ486WuAwgdiQX3uZggP4VkdpTPyywe8e51Aw_mQfwLkjjOUIAG7bnj9_Gs-6OOAaAGIagHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_29xZfFoW3bdUCIoZp-CTVT13jRYg%26client%3Dca-pub-4576544419463247%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:54 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 27 Jan 2023 23:08:54 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 8AB5 2 KB
1 KB 51ms
17ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:54 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 27 Jan 2023 23:08:54 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 8AB5 308 B
636 B 48ms
18ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:54 GMT
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Fri, 27 Jan 2023 23:08:54 GMT

GET
H2 200 back_button.svg
static.criteo.net/flash/icon/ Frame 8AB5 507 B
835 B 44ms
14ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:54 GMT
last-modified: Thu, 01 Apr 2021 14:03:13 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "6065d2a1-1fb"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 507
expires: Fri, 27 Jan 2023 23:08:54 GMT

GET
H2 200 lg.php
cat.nl.eu.criteo.com/m/delivery/ Frame 8AB5 43 B
347 B 50ms
16ms Image
image/gif 178.250.2.148
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl.eu.criteo.com/m/delivery/lg.php?cppv=3&cpp=NP4rGjqIuRg9IBP6gwNPNSoSd0XLq3whHVUvWGi-CywWhOBd6GOt95jyeRt01oxTO3J0yyuVIsa7nmaxlQDL6pKaX53h4H8NjkI0wUQ9KlOUfFtfDIiLLsyTyaI08_XJfIPV1S0pryc6R-PnQfNceOnpyXOZqDz1nL__FeYTCiec4vn2v_VFDagNay-kAvm1ecIB079B1aZRZP9eCBju0AvQagxGeZCSFtWqXuI0hFnZlWhsXyaU4iwzszf_hkT_M1EtJbVy0j0nbXj4fCBw3P8KP02Ie0UGy3Ji1WLHEaTDKkBAV3uNP9dVOsms0Sv_aepRfoQs8QOsgOZffvD3hgKcREVIhHbiotGKBfgB2XQe5Q1AuavQdiGsS5HyUv0K3a6lTukDCcCHGJfbvmj1vBCT2rCuK7kIAlGDWH6D-cb5GTGY1JgUuJowL8z-MgoHffXa1Q

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.148 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Feb 2022 23:08:53 GMT
server: Kestrel
strict-transport-security: max-age=31536000; preload;
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 3065040
content-type: image/gif
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 -RQXuketuW9jWIYsaM5S-Ql31PXoBsmd6vdkFHZtDQI.js Show response
pagead2.googlesyndication.com/bg/ Frame 14E8 35 KB
13 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/-RQXuketuW9jWIYsaM5S-Ql31PXoBsmd6vdkFHZtDQI.js

Requested by

Host: sarahah.top
URL: https://sarahah.top/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f91417ba47adb96f6358862c68ce52f90977d4f5e806c99deaf76414766d0d02

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 20:20:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 355686
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13701
x-xss-protection: 0
last-modified: Thu, 27 Jan 2022 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 28 Jan 2023 20:20:48 GMT

GET
H3 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame 8AB5 12 KB
5 KB 24ms
13ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:54 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 659662
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4420
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p2cmeWKT7cBrHv%2Fq8XyA9VzzVkVH%2B3qaqys2PfHY1uIV7F7g3vE3PRPgvNnDek4hQpauRDJGHh%2FJmCyviqJi9f9YdU%2BsynedqolF7wtHSplmycKrQ7oyJlwARbM2kR1sZO85JpVYLw0q6gFMPORPGj9d"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6d6ed829e9bd906c-FRA
expires: Sun, 22 Jan 2023 23:08:54 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame 8AB5 12 KB
6 KB 40ms
18ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:54 GMT
content-encoding: gzip
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 27 Jan 2023 23:08:54 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 8AB5 11 KB
11 KB 50ms
14ms Image
image/png 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?h=244&m=0&partner=90357&q=80&r=0&u=http%3A%2F%2Fstatic.nl.eu.criteo.net%2Fdesign%2Fdt%2F90357%2F211115%2F33300702bd0247d48074e3362ef06108_screenshot_2021-11-08_at_12.17.08.png&v=3&w=196&s=mhWwn-irkdD7mZLREJ1cecKL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

fcbc61a1473aea0abbd62eef06b8b7bf34ff9452ea74f6efcfef28a4ac587ff1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:54 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=30453912
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 11345
expires: Fri, 20 Jan 2023 10:34:07 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 8AB5 37 KB
37 KB 62ms
25ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1302106-_x600-nocrop.jpg&v=3&w=400&s=s0OW7ov4jZq1MmzrMoXxWZ5l&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

42ce6ebd65be59ae44c7ddc35fa4f184292ea45cc46b61ea93abd95554fb14c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:54 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=30654517
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 37762
expires: Sun, 22 Jan 2023 18:17:32 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 8AB5 66 KB
66 KB 74ms
38ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1167546-_x600-nocrop.jpg&v=3&w=400&s=BSa_CYNiehYpKpTcNn2jt3hT&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

4fb565264af26107bb37b1e495c4b4bf768cf212d74a9eb357249a67b5e64923

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:54 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=30640678
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 67290
expires: Sun, 22 Jan 2023 14:26:52 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame 8AB5 56 KB
56 KB 87ms
51ms Image
image/webp 178.250.2.135
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=90357&q=80&r=2&u=https%3A%2F%2Fcdn.reisenaktuell.com%2Fimages%2F1591320-_x600-nocrop.jpg&v=3&w=400&s=TugTgJiFiMVLsfonnPymCDUv&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.135 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

97450914bfdae5de294dddcd25a0b8ec78805acc3d34c8cce7980a7349bd0b0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:53 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=30606758
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 57486
expires: Sun, 22 Jan 2023 05:01:32 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 8AB5 0
127 B 58ms
15ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=CATm0D9BBw7aKoVsIxm2UWHdpry3y2NJYKxDZjvXK3sRS_sPKs3H-SA8n6yXob5Gsuc1I7KtOnL88iCQHCyIoSz7KL5bsf_yEZFzq8XblCx4hNFjW6P14ZsPyOylUVUD9geLxyjQqW5P3gmsP6VxITIUQbQnCgAKpkn9RmY3sIeobi-CFFVnrp4KluBAb_a2BM6Uu567VkGHKOCm1UDZG6mvkZAy4AVC6Z8Dewox7B6rmwVefgsFtGyipOEiqs-O1t6cFA&sds=2&rev=80362&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 01 Feb 2022 23:08:54 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 8AB5 2 KB
1 KB 24ms
24ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:54 GMT
content-encoding: gzip
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 27 Jan 2023 23:08:54 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 8AB5 2 KB
1 KB 18ms
17ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:54 GMT
content-encoding: gzip
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 27 Jan 2023 23:08:54 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 8AB5 2 KB
507 B 19ms
18ms Stylesheet
text/css 2a00:1450:4001:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4c8637d0e9be13cf21057f33cf485a942d0ab8283c5813fcdc5c57ccd403896b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 01 Feb 2022 22:59:26 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 01 Feb 2022 23:08:54 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 01 Feb 2022 23:08:54 GMT

GET
H3 200 jizaRExUiTo99u79D0KExQ.woff2
fonts.gstatic.com/s/ptsans/v16/ Frame 8AB5 44 KB
44 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v16/jizaRExUiTo99u79D0KExQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e13ffa988be59cbf299d7ff68f019f902b60848203ac4990819eb7e4624ee52d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ads.eu.criteo.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:33:58 GMT
x-content-type-options: nosniff
age: 531296
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45300
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 18:57:55 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 26 Jan 2023 19:33:58 GMT

GET
H3 200 jizfRExUiTo99u79B_mh0O6tLQ.woff2
fonts.gstatic.com/s/ptsans/v16/ Frame 8AB5 46 KB
46 KB 13ms
13ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v16/jizfRExUiTo99u79B_mh0O6tLQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=latin,cyrillic,latin-ext,cyrillic-ext,vietnamese,greek-ext,greek

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

141f0c53e457585d4ac7426eb3d757666d250ee6fbf0e9c0878128e4c627f0b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ads.eu.criteo.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 26 Jan 2022 19:33:58 GMT
x-content-type-options: nosniff
age: 531296
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47048
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 18:57:46 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 26 Jan 2023 19:33:58 GMT

GET
H3 200 dark-bottom.css
cdnjs.cloudflare.com/ajax/libs/cookieconsent2/1.0.9/ 3 KB
1 KB 14ms
13ms Stylesheet
text/css 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/1.0.9/dark-bottom.css

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/1.0.9/cookieconsent.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c0ffccca0958c2710d1eb8b56616436104e48271e70c3dddf1ba4eb0a9df065a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:54 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 659660
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 700
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:09:17 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e2d-c27"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lXQBjoLoWXt4XgWImfmcCDkAl6Z5AqMZZ4kdMN0ZBN%2Fk028DW5bxZaqIo7RXFwZO%2BpsYKIpXjCMg3o8a0SEe9fs8dzjMmAkYrL0SGUzRG5pwx4DX7g62qR%2Bmv6SIIkT9SYuOOv9LCsGU3CoApaOsl2fG"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6d6ed82abb14906c-FRA
expires: Sun, 22 Jan 2023 23:08:54 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 13 KB
10 KB 39ms
23ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220131&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1eb4199bb68d8528c5e2cb27ba7b26a136bb8ac0ec42c98cc5a510c2332d09ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 01 Feb 2022 23:08:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9872
x-xss-protection: 0

GET
H3 200 like_box.php Show response
www.facebook.com/v2.12/plugins/ Frame 8D53 53 KB
16 KB 69ms
58ms Document
text/html 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v2.12/plugins/like_box.php?app_id=1878381995713635&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df8bb743d46a64%26domain%3Dsarahah.top%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fsarahah.top%252Ff3be9191eb94fc%26relation%3Dparent.parent&color_scheme=light&container_width=0&header=false&href=https%3A%2F%2Fwww.facebook.com%2Fsarahah.top&locale=en_US&sdk=joey&show_border=false&show_faces=false&stream=false

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=5d4d246fe7b318468a86ed717d86debe

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

12291e22d0e54420c1a0ae41cfc303ee8df918458653ca986f8574b8f9319ca5

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: attachment.fbsbx.com ws://localhost:* blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/

Response headers

vary: Accept-Encoding
content-encoding: br
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-opener-policy: unsafe-none
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
facebook-api-version: v5.0
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: cjn+PRchh6nfwVshEffAyl/rXFnBIEqcrE3PnkICwm1MXvgkztQmwlq1x39MSbrbxFQx5h4Oa401Gdk9lhJ0Hw==
date: Tue, 01 Feb 2022 23:08:54 GMT
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 76ms
75ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 01 Feb 2022 23:08:54 GMT

GET
H2 200 Xge6LOaVXrA.css
static.xx.fbcdn.net/rsrc.php/v3/y_/l/0,cross/ Frame 8D53 18 KB
5 KB 27ms
8ms Stylesheet
text/css 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/y_/l/0,cross/Xge6LOaVXrA.css?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v2.12/plugins/like_box.php?app_id=1878381995713635&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df8bb743d46a64%26domain%3Dsarahah.top%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fsarahah.top%252Ff3be9191eb94fc%26relation%3Dparent.parent&color_scheme=light&container_width=0&header=false&href=https%3A%2F%2Fwww.facebook.com%2Fsarahah.top&locale=en_US&sdk=joey&show_border=false&show_faces=false&stream=false

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0c950232a1ea109d7a015c072826ca8dab24b6d7e19e15e499608a6006f6e50e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:54 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: 5h0jSW9Iui8h6LoI1es1Xg==
document-policy: force-load-at-top
content-security-policy-report-only: default-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?minimize=0;require-trusted-types-for 'script';
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 4749
x-fb-rlafr: 0
x-fb-debug: FUJluGD83TlKgRdr7kjdgSlNl3uRpIthiCHNN1OUS1jVP2tHQTdVrz4w4GQHkLB1Tt8xa/LEbL1aHACb7nDMuQ==
x-fb-trip-id: 686109401
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: text/css; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Wed, 01 Feb 2023 19:45:59 GMT

GET
H2 200 FPdNN1TK3wJ.css
static.xx.fbcdn.net/rsrc.php/v3/yF/l/0,cross/ Frame 8D53 2 KB
1 KB 27ms
9ms Stylesheet
text/css 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yF/l/0,cross/FPdNN1TK3wJ.css?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a33a18d3ade364ae94fdc88f786c869ff8b45cae9bf98f2e2a16dd1459d98cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:54 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: qki4Wy05mlz5CwH9oqDKag==
document-policy: force-load-at-top
content-security-policy-report-only: default-src fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 815
x-fb-rlafr: 0
x-fb-debug: /oUVVgcV76/sfnaBsQfwUo8SDDqea3YlPm5QOPiNE0W0LacCR6JebhTGOGx5RejHYHK3J8mTLrHM2EOPNYik4A==
x-fb-trip-id: 686109401
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: text/css; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
expires: Thu, 26 Jan 2023 21:06:05 GMT

GET
H2 200 45LapIJFFqp.js Show response
static.xx.fbcdn.net/rsrc.php/v3/y_/r/ Frame 8D53 307 KB
83 KB 28ms
9ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/y_/r/45LapIJFFqp.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3b095582926d785ec101de15de7cd7310e8c3961a2a9101cf1aac3f90ef2d9dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:54 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: Iyn3V19JQR8hbEKrIU0XwA==
document-policy: force-load-at-top
content-security-policy-report-only: default-src fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 84331
x-fb-rlafr: 0
x-fb-debug: EpgQ2dWPyJM92JoB5ALYkgIdHbQVHEt+dD/Yq9mTD3KuIbQnvcnH8KCNa9gYDoGLJLG3v9/VR3FvttbVIBOAgw==
x-fb-trip-id: 686109401
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Wed, 01 Feb 2023 14:43:30 GMT

GET
H2 200 GG1Y0sYc7My.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yv/r/ Frame 8D53 5 KB
2 KB 28ms
9ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yv/r/GG1Y0sYc7My.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

de934a085817710cb3bbd98d33e5b0c91709425d89eada2a2c55909c8b3443de

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:54 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: yJ9Wq2491L53MWugs2kUlg==
document-policy: force-load-at-top
content-security-policy-report-only: default-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?minimize=0;require-trusted-types-for 'script';
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 1642
x-fb-rlafr: 0
x-fb-debug: 4CDMyHxS+anhxZhPrxv1xGs8dtvNSUhFZna56PaOdQvnwrLToqIxI+9Uj93Yx1F4Y0HWaZzTJJlpIcXq6DUY2Q==
x-fb-trip-id: 686109401
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
expires: Thu, 26 Jan 2023 20:10:25 GMT

GET
H2 200 VSW8dUTDzHM.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yW/r/ Frame 8D53 42 KB
13 KB 28ms
9ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yW/r/VSW8dUTDzHM.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b6c87e34a8918cb44cdba9606325887a96848b71f27e710a1cdc75ba7fa34cb8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:54 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: ukQOwxilElpixKXcZMuJVA==
document-policy: force-load-at-top
content-security-policy-report-only: default-src fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 13584
x-fb-rlafr: 0
x-fb-debug: kHojzlkIq9FnzP5sXXBSRgkkyVEODv/cRbXMTWlHtU77td7Ln26EQaHLSzmdOWxffHz5WSM2LnGS11zwVA8U5Q==
x-fb-trip-id: 686109401
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
expires: Thu, 26 Jan 2023 18:21:40 GMT

GET
H2 200 NjoKkVaD8Nz.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yN/r/ Frame 8D53 46 KB
15 KB 28ms
10ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yN/r/NjoKkVaD8Nz.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9119f8342d3146d0f8fac151da01cef0b13e4ab7b2703c113436654c0845eaee

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:54 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: gxLK90ziRaeLM8QNpaguZA==
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 14901
x-fb-rlafr: 0
x-fb-debug: jgb3Rx2wvmEmGgD2pa4THjYAo0jEZpuhMVzS9z915CT/ctJ2tWUtEAep3tlQmuXCqR8vz/YzZ8ez34/O5k1nsw==
x-fb-trip-id: 686109401
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 26 Jan 2023 20:07:31 GMT

GET
H2 200 x9ZrO_yAkJs.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/y0/l/en_US/ Frame 8D53 82 KB
23 KB 41ms
23ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/y0/l/en_US/x9ZrO_yAkJs.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9d2756a4dd6451d25d3d288415e7e7db44ea989af5db7e94633d8e8f005ec1ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:54 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: uEQL6fK9mOjfUewzwiCDFw==
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 22910
x-fb-rlafr: 0
x-fb-debug: 6VoaP8GF+O9UPxBgoIplPF4+rjuEMzXEH+LGb8QEtIHHLJNnMDK3tcyOJjHV/+xfrL50RmAAMZwSV3Jtz+SWpQ==
x-fb-trip-id: 686109401
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
expires: Thu, 26 Jan 2023 19:39:41 GMT

GET
H2 200 16807405_1281761078578779_4892462652892413971_n.jpg
scontent-frt3-1.xx.fbcdn.net/v/t1.18169-1/ Frame 8D53 1 KB
2 KB 49ms
12ms Image
image/jpeg 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://scontent-frt3-1.xx.fbcdn.net/v/t1.18169-1/16807405_1281761078578779_4892462652892413971_n.jpg?stp=cp0_dst-jpg_p50x50&_nc_cat=102&ccb=1-5&_nc_sid=dbb9e7&_nc_ohc=x4EN9juP2akAX9QelM5&_nc_ht=scontent-frt3-1.xx&edm=AGggysMEAAAA&oh=00_AT_hWcCmwjsgF-ADaFrB9uKrJQQ1FyqifFKfboVmwhc2cg&oe=621FF759
Requested by: Host: www.facebook.com
URL: https://www.facebook.com/v2.12/plugins/like_box.php?app_id=1878381995713635&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df8bb743d46a64%26domain%3Dsarahah.top%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fsarahah.top%252Ff3be9191eb94fc%26relation%3Dparent.parent&color_scheme=light&container_width=0&header=false&href=https%3A%2F%2Fwww.facebook.com%2Fsarahah.top&locale=en_US&sdk=joey&show_border=false&show_faces=false&stream=false
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash: 5a0c9f201b99eef8a461ebfa232796ba4391bfc76ee935f61e1894e07a95b385

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

x-haystack-needlechecksum: 476311761
date: Tue, 01 Feb 2022 23:08:55 GMT
x-fb-trip-id: 686109401
last-modified: Sat, 18 Feb 2017 18:08:25 GMT
content-type: image/jpeg
access-control-allow-origin: *
content-digest: adler32=257975720
cache-control: max-age=1209600, no-transform
cross-origin-resource-policy: cross-origin
x-needle-checksum: 3500225080
timing-allow-origin: *
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 1244

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 8E24 13 KB
5 KB 7ms
7ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 01 Feb 2022 20:30:56 GMT
expires: Wed, 01 Feb 2023 20:30:56 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 9478
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 6144 783 B
535 B 22ms
21ms Document
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

c9ecc17f4319d75bc599c9b8918d18645b212f754c1bcae581d96959534cc617

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-qQdX6JipuGzLqLhOcWLFNg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Tue, 01 Feb 2022 23:08:54 GMT
date: Tue, 01 Feb 2022 23:08:54 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-qQdX6JipuGzLqLhOcWLFNg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 odN6yT5qyq_.png
static.xx.fbcdn.net/rsrc.php/v3/yS/r/ Frame 8D53 1 KB
1 KB 32ms
20ms Image
image/png 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yS/r/odN6yT5qyq_.png

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/y_/l/0,cross/Xge6LOaVXrA.css?_nc_x=Ij3Wp8lg5Kz

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e3a16bbf4914a49b1afe816e119c7da2d731dead9167c01d07984ef323e26bfa

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://static.xx.fbcdn.net/rsrc.php/v3/y_/l/0,cross/Xge6LOaVXrA.css?_nc_x=Ij3Wp8lg5Kz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:55 GMT
x-content-type-options: nosniff
content-md5: jWtlBZOXpZs9LMNqqzeJoA==
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 1341
x-fb-rlafr: 0
x-fb-debug: yIRQa4CvY9UZIWZX0E6DOmZwTkhVse0fca0n6bNXwGOaTipLh1YvuZ+obBaZGOkFQYRx3c8iFhGIsuCsefX46g==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=1
expires: Sat, 21 Jan 2023 14:09:35 GMT

GET
H3 200 RHKJlxaGsHb.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yV/r/ Frame 8D53 22 KB
7 KB 16ms
16ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yV/r/RHKJlxaGsHb.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/y_/r/45LapIJFFqp.js?_nc_x=Ij3Wp8lg5Kz

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

dc661afb221b1ae218aaa434df4f88bbed344ad25d9fd957d7ec777b065fd3c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:55 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: FmPm6VCKw7i/aIOayuZ4lw==
document-policy: force-load-at-top
content-security-policy-report-only: default-src fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 7135
x-fb-rlafr: 0
x-fb-debug: 6qsPgRiPDjJqgqfFMspIjnybx/rAWaOE9P8/EmDLT7FE5jhraJ5U6bLwbMNK4/GTo2CZYRsXYzXsZbY1sfRY1w==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=1
expires: Fri, 27 Jan 2023 09:11:55 GMT

GET
H3 200 CWJINsGKrOS.js Show response
static.xx.fbcdn.net/rsrc.php/v3/y3/r/ Frame 8D53 18 KB
6 KB 17ms
17ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/y3/r/CWJINsGKrOS.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/y_/r/45LapIJFFqp.js?_nc_x=Ij3Wp8lg5Kz

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9e31058534b68e728b3cfe4d4f122333f19479a72ce4ac79b596ba346376f16c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:55 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: 4rHnUh0ztUMBselfW2HUmA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 5946
x-fb-rlafr: 0
x-fb-debug: oAB2/trMNEGPANkLtfY5kNvU/JKz5DED92YFwJ2mUV31cEGC2Q2f9jJTd+s3J0wTSMtihC9kb+LrnkppH+lajg==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 19 Jan 2023 19:30:52 GMT

GET
H3 200 cN-N4Eu_deZ.js Show response
static.xx.fbcdn.net/rsrc.php/v3/yv/r/ Frame 8D53 7 KB
2 KB 18ms
18ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yv/r/cN-N4Eu_deZ.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3/y_/r/45LapIJFFqp.js?_nc_x=Ij3Wp8lg5Kz

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

095eceabca5358699a8efc64f4e44b27576d45c2ab864f1f50c3401676f9a827

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.facebook.com/
Origin: https://www.facebook.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:55 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: XkHzn1WHKMxOAJmWI3FJ7A==
document-policy: force-load-at-top
content-security-policy-report-only: default-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?minimize=0;require-trusted-types-for 'script';
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 2277
x-fb-rlafr: 0
x-fb-debug: HZQWFwCngGxmwnbL7Jh6b9SH4hjPeL7g8pVHRWRxPTt09p76vNFhlty1oqX4iAxMr/ZON9SRVIOZ8XrZ3Qd3Jg==
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Origin
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://www.facebook.com
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Sun, 22 Jan 2023 23:19:56 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 6144 0
0 47ms
47ms Image
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220131&jk=1670695000159438&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 200 -RQXuketuW9jWIYsaM5S-Ql31PXoBsmd6vdkFHZtDQI.js Show response
pagead2.googlesyndication.com/bg/ Frame 8E24 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/-RQXuketuW9jWIYsaM5S-Ql31PXoBsmd6vdkFHZtDQI.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f91417ba47adb96f6358862c68ce52f90977d4f5e806c99deaf76414766d0d02

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 28 Jan 2022 20:20:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 355687
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13701
x-xss-protection: 0
last-modified: Thu, 27 Jan 2022 13:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 28 Jan 2023 20:20:48 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 8E24 0
9 B 7ms
6ms Image
text/plain 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?e8wKiw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 01 Feb 2022 23:08:55 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 43ms
43ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gda_r20220131&jk=1670695000159438&bg=!Tk2lTQnNAAYZkRhwGZE7ACkAdvg8Wk23o3C4znd29TrLZRtpbrR3M5PLdqBeSXwYjDpe-rUm6qTH0AIAAABhUgAAAAJoAQeZArYIaDD0H-JC0Zrb7nTIgDL3A-6mpBE07A03hoae0lTM3nJ73bHuHM3JWVidp1jROepgkDrVWCmzhQN2WG_l9GDIGQEWYesG3VU4kj9oXpITbjgDbkFuMeYcVcNxuLOTLBQEETub6BGY-u2EH5Ol_4m2qBq7jkbnvtNW16Bm0YC2jPlwkglhm1AMJ-mVmJZu_-OOHDuhiW-2lfubdYJ9KJf2FLAsZib4MVsRG5mtU03ZbItezT4_5PWzqhzhsDzyzcwV6rYJW01nmDULZT5YJkS5BCjSaYMyAdPBkY-zMYro-Y04QNpq3AazXzsIhqK79_YTIP-YKqCUdj4nrZIwA8FvdeH7bF40_s6DkzRecNBgkS1JNhBzgS0lbGleGRbMBRlQzBxoADOiHMNw9hDGKZxhk3pFThxIjB5isczQ4c5KjCkwsS_060oDe01ne00dm59L8hbHxqC1GbSL4LNEHtB_3Cp-EU1zgKqOCg-K1J5_srx57OMlhty0r-0awZtd49dahIHhQke0Kv0ni2xPCTG3iWLz-S6rw7r3WnFmC8CBzhcIbgM-7Yhyup-bfG4Yci-HY_W46gkFj_exzDuvv-qP3CP15OsvVrVPwccznJYAD0TGk9UxL_es0OoxO8_lXUEifrtUH3zKQ-eJU3w0MMSQR1UI1SIdKf7zJK4b-VRpQksnJW41xvwN6r4OOA7VihY8dsAgGgXGq_WR4veB93jWuKZDVuLTpWIbHcIPXk1W3ww3PpIXs88MU4OYrcEdzV3Xer1z60Sr1vuktm9csFH1lHR_Y1LDv9Qc3mV-Dk8mzlU6HqX1TxvNr9XOxC9Gt_SsjIKHEww9FVFVBPsp4Sivz5NtsgI4_VrConq_Xn835w2GR8h-Da6lUeWCO1PMxejZGuthmMOyGgeQ3R1ask_hIfz-DZTe

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://sarahah.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Feb 2022 23:08:55 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 401F 42 B
64 B 43ms
43ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssCFQLsAy6lqt_hkrk7ptydOkkrc_IAgX3Izfr905PLxJK-mZy3Y0f2xEwzQiisWeu9It0BaqzYc3bVMw0IlZkg2aSDmobfNXlYhowRICQwTVFb5du3Tw&sai=AMfl-YSYubhDhTTlvWsIkMAtQ0tATfAvPqHa1BY6Ay8kJ5B6xAI1N6WCg8Vmg3NVUQEE0BwBQYYT27l4TEfC&sig=Cg0ArKJSzESqW5Jqpq6YEAE&id=lidar2&mcvt=1000&p=0,0,280,1200&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220131&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=22&adk=361493202&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0%3D&vs=4&r=v&rst=1643756933922&rpt=545&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Feb 2022 23:08:55 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 5530 42 B
64 B 41ms
41ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuMJJ4vTfIfJf9lEE524GoMK8jqpREWHsX_65-UGMKWIGUdoyOvGbYnDfIW5KnWb1C8lWauZ05GZZv-U_J8WFD5-HkjhkxdGOyjPkNXvvkNkayMO2jRnA&sai=AMfl-YQTPQRgvkaUUmXjt38tvrYEXzkhmfbSJ2YUOEgvfRTZhnEzQ7jfi4ukNnkMOp_G1nCDk9SuhcgUTp03&sig=Cg0ArKJSzO1VmJHN0TQdEAE&id=lidar2&mcvt=1000&p=0,0,280,336&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220131&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=4&adk=3972370446&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0%3D&vs=4&r=v&rst=1643756933910&rpt=584&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Feb 2022 23:08:55 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 29E6 42 B
64 B 40ms
39ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssWmKMKIgWCrn9x323FPuqZXKH-YvQ0M1vYw1XeOWhzAe6OMTR9pj57_9WXvJkuLOtuKiGqJawh9NaAiY6VyIO-&sig=Cg0ArKJSzAXWHWPc3BQGEAE&id=lidar2&mcvt=1000&p=0,0,124,1005&mtos=83,763,1000,1107,1145&tos=83,680,237,107,38&v=20220131&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0%3D&vs=4&r=v&rst=1643756934399&rpt=251&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 01 Feb 2022 23:08:55 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 8AB5 0
127 B 15ms
15ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 01 Feb 2022 23:08:55 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

Verdicts & Comments Add Verdict or Comment

55 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
sarahah.top/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: h24wjpxvd3qrlou4aibo0qjq
sarahah.top/	1970-01-20 02:59:55	Name: lang Value: ar-jo
.sarahah.top/	1970-01-20 00:35:58	Name: __cf_bm Value: YOCKgF.l1kmlMQOZ1a4lpo0LTG1Hsxf8ngeHKnEVtQg-1643756933-0-AfalH/5U4ZtbKY+tXamEOzXhFWG4CgmMqU5WWyk+B+WTVgY2rV3LiN97t8q9Z+X1/5UxvOntv3R7hSaI3gV3+Ws=
.sarahah.top/	1970-01-20 18:07:08	Name: _ga Value: GA1.2.2054447706.1643756934
.sarahah.top/	1970-01-20 00:37:23	Name: _gid Value: GA1.2.35606650.1643756934
.sarahah.top/	1970-01-20 00:35:56	Name: _gat Value: 1
.sarahah.top/	1970-01-20 09:57:32	Name: __gads Value: ID=cbda4e7eae51de7f-2218675e31cd0089:T=1643756933:RT=1643756933:S=ALNI_MYV9I0Nn_eji6dxEbrCn3VxxZFe_g
.facebook.com/	1970-01-20 02:45:32	Name: fr Value: 05JMNEXPN8mRysk9F..Bh-b2F...1.0.Bh-b2F.
.doubleclick.net/	1970-01-20 09:57:32	Name: IDE Value: AHWqTUl_asp6SRSYrISPpBLSb9rFKGPvU_-XaITp6JnRMK7l5BqnnEPD_iZOj2BCJto
.doubleclick.net/	1970-01-20 00:36:00	Name: DSID Value: NO_DATA

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ads.eu.criteo.com
adservice.google.com
adservice.google.de
cat.nl.eu.criteo.com
cdn.ampproject.org
cdnjs.cloudflare.com
connect.facebook.net
csm.eu.criteo.net
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
pagead2.googlesyndication.com
partner.googleadservices.com
pix.eu.criteo.net
rtb.fr.eu.criteo.com
sarahah.top
scontent-frt3-1.xx.fbcdn.net
static.criteo.net
static.xx.fbcdn.net
stats.g.doubleclick.net
tpc.googlesyndication.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagservices.com
www.gstatic.com
142.250.185.226
178.250.0.162
178.250.2.135
178.250.2.148
2606:4700:3033::6815:2edd
2606:4700::6810:125e
2a00:1450:4001:802::2003
2a00:1450:4001:808::200a
2a00:1450:4001:80e::2002
2a00:1450:4001:80f::2001
2a00:1450:4001:80f::2003
2a00:1450:4001:810::2002
2a00:1450:4001:813::2004
2a00:1450:4001:828::2003
2a00:1450:4001:82a::2001
2a00:1450:4001:82b::2002
2a00:1450:4001:82f::200e
2a00:1450:400c:c08::9b
2a02:2638:1::11
2a02:2638:1::3
2a02:2638::2
2a03:2880:f01c:216:face:b00c:0:3
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
029e397f5091f72db15257548e07a6f9008457e90acb7cd22efbdb8264b2a592
02b30d20f4e399facb73968dd7dd33bfe9548a0229b08c2f971a6a0e3eca27af
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
095eceabca5358699a8efc64f4e44b27576d45c2ab864f1f50c3401676f9a827
0c950232a1ea109d7a015c072826ca8dab24b6d7e19e15e499608a6006f6e50e
0ebed5767541cb448c2b90e307cf60e965eac5a71ea3ddb6a2f6de3d73e50353
10650f32d423d53e49dd81ff216c72522efd66b6bfcbf10212a19b7da159dbcd
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
12291e22d0e54420c1a0ae41cfc303ee8df918458653ca986f8574b8f9319ca5
141f0c53e457585d4ac7426eb3d757666d250ee6fbf0e9c0878128e4c627f0b1
144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
190fc02d8e8f1dd5acc40f48d0d6203e6115eb31e3f47f55db0c3f07797d68f0
1eb4199bb68d8528c5e2cb27ba7b26a136bb8ac0ec42c98cc5a510c2332d09ae
2082ed962baaa06026bdedf5562be35ca86118d4e4b82e47b129a24c0c673c15
29bbf92df196e9ee77a5e0e90dee337b66baf471fde48b0e23ef5445fc3d80eb
2d5aaa16f9d7f3c00b42d7455411dc9bf5e8f2f3102728d153edb2a688c21309
33e1777b68cbe02cf2a4bb85907e16b2466b36149c5203aed46b46876237e3a8
349cf6936951588ed71f47dfcedfa1fe5406458c579954095b26e0c55e80f0e4
3582ead06212989d00a1c16077fd48e9444ef672aa0af4826aee7ef85a51a18b
359228042b34077f2434abf023bf7fcfb568c983c37df85ba3f80ab8797425aa
3b095582926d785ec101de15de7cd7310e8c3961a2a9101cf1aac3f90ef2d9dd
42ce6ebd65be59ae44c7ddc35fa4f184292ea45cc46b61ea93abd95554fb14c7
44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e
4c8637d0e9be13cf21057f33cf485a942d0ab8283c5813fcdc5c57ccd403896b
4ce72d5b1eec9f07ff895dd2bc12c0420fe189f4d197177c8f9df792409c1fef
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f27937036a58d7a435ba66552eac6384d75375f374e2e84622508982c40ee23
4fb565264af26107bb37b1e495c4b4bf768cf212d74a9eb357249a67b5e64923
524ff9d44e41994a07f02fe5e090ca650776380b39b070909d843a2c2e41dc16
53c686d7e860fea3b69b3f32802936f4bc000af17289eb10bb4354cb26cc8867
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5a0c9f201b99eef8a461ebfa232796ba4391bfc76ee935f61e1894e07a95b385
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5c52bf2119c73966b5f2b826bbd1ee4ee9df0717fca1d9bf226ef889eef6e858
5d4431c45c15b79f1d75ca60191417cf9daae5b0f79f0b1028eaaefaad4b94a0
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
61ded43bae7eeb79ab544e26dbad051960b7db1da4ceed550be859e979be23ba
64b291740c94fb3fd034af321f3ae3ecfc3753e37247e7ca55553fcd72035e3b
667886da25d93ec3d9ab7f661af79c01141e2542fc414fcc4a0d2f56582d4c03
69baae508fae8dcc93b23b677dbceac98de5d55f07c3b191c6c2f9162ec2024a
6b93887e254ebeb4138023845a5b29a6fbae9293bdbdcbd2bfb772814c22d388
6d654f991cf8c79773e2f501211e36e842d93c280a039b663404c17e572cb84d
6f17b85b76bf75df39adb6dddcf29c82c761cef8a35f92968f68431646814c63
6fd593d0b2d5d9d953b9ee4fe95708fadaae7e39fbb069b96fa1fdb1fb4c89c4
7100e445fb5d6e14d41fac6de8e369246ad621dfe8473cabbdb9ce535c14e4a6
72e046842e09ed37e960ab0575f4c5ab60bff1a0ea22d3c27335e505190e5504
7b8e8b551d6876a3571dc04e1d05c205b8ab56c3016bfec6db018557fc00d304
827e4c5288548b930b54b74447c5e93ce460c584333e1985716917c6e84131cc
84cb3e695c3f22c0428678406500d7e0e6ea86336eec7a2bcbebc9fce7ba8b7d
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
86cdadfa23dce9fee83c7482c487f4c676bb7995c0874f38bb73ece168aad376
8756d1490170c7255c209a84dcbbbec42edefb934feeafe822a2eec6f0142ce8
8ca306e860992a646de6607ddd09da2d0d1f054e455df2c6bc6f967cf45c8518
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
8f9a7962cf58f27b89c0627d094ee1b631ec118675f9eae1dc06031353360422
9119f8342d3146d0f8fac151da01cef0b13e4ab7b2703c113436654c0845eaee
93b3d7438f5ab7204f909a016c1fddff78118a6d4525a7f718b4478b99d764f5
953f95177cf9d22c325e2c95b1ad88160975a71ed6ce0454f261aec4b13fe610
962a514de7b249708e0478d0599d5af95e0e2ba0c6500bd0069ddf28dd38e217
97450914bfdae5de294dddcd25a0b8ec78805acc3d34c8cce7980a7349bd0b0a
9813edaa720fe3a8238532e67b79e95ed4a5c018de8a988ccd901eb906cc0f61
98e9b684c81956a4e37c20546d2aeef3eeb9e6bd90cd28fab1a40ca27dbe75a3
9d2756a4dd6451d25d3d288415e7e7db44ea989af5db7e94633d8e8f005ec1ef
9d9c224b9a0613f2b32232c1692facdba66da6722645c311854999087539186d
9e164b466640b7e611cffcb68f74706356e7f3813f553d9ba928fa1f7c625dd7
9e31058534b68e728b3cfe4d4f122333f19479a72ce4ac79b596ba346376f16c
9feacd5a56049f0fda83dcbc12d02a3815fce4d940102bf666bc6551314a100a
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a109be98569aa2be003f382608f1432cbe7ff22bbed977660945fa6d38ca28e9
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a1dc3a94fc551047fbcf35e16820b7668cbed3554f4b791fc8065db05385c05c
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a33a18d3ade364ae94fdc88f786c869ff8b45cae9bf98f2e2a16dd1459d98cdc
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a575e2f63d79cdaf5a92b4453bfcaadb462119aa1216b4f28920e37e2d9b8e7b
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a7285580be75cd3030f88e9965590dbf8cc61ade01a82348b993c8f2a3f1245b
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
adb1d98f909a408aeefe290022ea69de8014d8c3aababa210f70cb6855e12af8
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
afbf652912f988e6125a0b35a6d57c00c647b67e7f7dbc70a351a19244c68df6
afda9004c6b8ef5eae8de82ae8a4cd243b2fca06725802ba7629735d8b8d6882
b64024a14492eae928bd080531409008da07d2dfea8c0fa9c4ad02ef4f4e6f7f
b6c87e34a8918cb44cdba9606325887a96848b71f27e710a1cdc75ba7fa34cb8
b947054f6ebf52d850bc9d2c6ec86dfb8345f4b02a74779195cb5471aa7f6b2c
ba73f53e83efc518e20ef7d482a4988d203e0d33cfbe732c63058da915ffc706
be215947570547415b04b458ab2215135eeb8ac9d5f2e4ab0921b3d616418f03
bfaab13f143182d1440b669a897f1483fa62875630704be96b14470cb3f2fc83
c0ffccca0958c2710d1eb8b56616436104e48271e70c3dddf1ba4eb0a9df065a
c211f25e923ee035e6b17e0342b4633227f1368e8eb0256a287e84d2b58616c1
c221b035b0337380706d935b33d6cabb3824bbcd6f60e38727ea33acedb6a1f6
c8995ab31afcbbfd6583389988b4b1ca8130fa45961886067486baaa3f3caf8e
c9ecc17f4319d75bc599c9b8918d18645b212f754c1bcae581d96959534cc617
ca8ad2739b1e87ee76eaecb660938b3baf35007434ab74bd3e86e65ac4105232
d4cb1652534f75a69ac463235640a4af53f3d96a4ba004f9a8394dff42bc766d
d4ebe70293a86668ff364add4640070e147c584202a2df3bf0e804d15a8d1c8e
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
d7d937049391348269ab47fbd381d84b351deee720d2a3c3d03cde363f4db219
daddfae8f2e98ebc8b30f9f82d815a6d3338d5c0bc13ea715fdd90f9c92eb9db
dc661afb221b1ae218aaa434df4f88bbed344ad25d9fd957d7ec777b065fd3c1
dc9a39fb1a3f821a4dab271c1d6acbb6c2c36d9e551acc1855b1ecdfd1ac4c1a
de934a085817710cb3bbd98d33e5b0c91709425d89eada2a2c55909c8b3443de
dfcc32ebe9aa77abfb262c93899419e290c0dfbeb081e5dac98a8dfd9c173ff7
e0151c27cae3937b6b516a4f108c47c8c8fe53114db91b0bb4649e3115bb1190
e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047
e13ffa988be59cbf299d7ff68f019f902b60848203ac4990819eb7e4624ee52d
e3a16bbf4914a49b1afe816e119c7da2d731dead9167c01d07984ef323e26bfa
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e48464584f64ab3552d631f1a6a17f316c65366253583428d728e7854608764b
ea645fce527a29a893e9055183c23344fff5e35c30bc95c60fb522f918619115
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
effc1357a7d1840e520a74c48828dd3c5b378047ff8380938446b1bc78d24ab6
f0399c3058b2e3a164497ff6995715d6099c810f5ba8c5600a70ea74e8d5f00d
f292c4a125f044878fb361ea34e8bdd6b415cb0eebc52ce9ff5669bc2903fd41
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
f8ed5dcc90b213e875f8f39529df45aff55d4f3bcfd5cdaf1cc90460d60964b0
f91417ba47adb96f6358862c68ce52f90977d4f5e806c99deaf76414766d0d02
fc68f78f98d9b6d78b51e2cceb06314c98dddf574c58ab99064dd3b714b6f2b2
fcbc61a1473aea0abbd62eef06b8b7bf34ff9452ea74f6efcfef28a4ac587ff1
fd0dcc798a531cf129a23a382db83214b111bac8d4ac347bdd6ff78122b684ff
fd11fa353cc6a8560f4c35e67c6fb8a3a4061ed3de4309cdf83fca65f8319bb4
fde98a3e06f299a73b0a3eb6c095649b9c3f9c342596091936a4675fd6980a1c

sarahah.top Open in urlscan Pro 2606:4700:3033::6815:2edd Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

155 Requests

100 %HTTPS

83 %IPv6

17 Domains

27 Subdomains

25 IPs

4 Countries

1693 kBTransfer

3868 kBSize

10 Cookies

4 Outgoing links

Redirected requests

155 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

sarahah.top Open in urlscan Pro
2606:4700:3033::6815:2edd Public Scan

Screenshot
Live screenshot

Full Image

155
Requests

100 %
HTTPS

83 %
IPv6

17
Domains

27
Subdomains

25
IPs

4
Countries

1693 kB
Transfer

3868 kB
Size

10
Cookies

155 HTTP transactions
5 data transactions