URL: https://bareeqal5alij.hewaaya.com/user/hammerrepair77
Submission: On November 28 via manual from GB — Scanned from NZ

Summary

This website contacted 14 IPs in 3 countries across 11 domains to perform 39 HTTP transactions. The main IP is 172.67.196.105, located in United States and belongs to CLOUDFLARENET, US. The main domain is bareeqal5alij.hewaaya.com. The Cisco Umbrella rank of the primary domain is 597411.
TLS certificate: Issued by E1 on November 18th 2022. Valid for: 3 months.
This is the only time bareeqal5alij.hewaaya.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
15 172.67.196.105 13335 (CLOUDFLAR...)
1 172.253.118.95 15169 (GOOGLE)
2 142.250.4.94 15169 (GOOGLE)
6 142.250.4.154 15169 (GOOGLE)
1 46.105.201.240 16276 (OVH)
2 142.251.12.154 15169 (GOOGLE)
1 172.217.194.155 15169 (GOOGLE)
1 74.125.200.155 15169 (GOOGLE)
1 142.251.10.154 15169 (GOOGLE)
1 192.99.13.63 16276 (OVH)
3 142.251.10.132 15169 (GOOGLE)
1 172.64.162.7 13335 (CLOUDFLAR...)
1 74.125.24.104 15169 (GOOGLE)
39 14
Apex Domain
Subdomains
Transfer
15 hewaaya.com
bareeqal5alij.hewaaya.com — Cisco Umbrella Rank: 597411
126 KB
9 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 131
tpc.googlesyndication.com — Cisco Umbrella Rank: 182
254 KB
2 google.com
adservice.google.com — Cisco Umbrella Rank: 121
www.google.com — Cisco Umbrella Rank: 16
2 KB
2 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 64
10 KB
2 histats.com
s10.histats.com — Cisco Umbrella Rank: 12740
s4.histats.com — Cisco Umbrella Rank: 10066
5 KB
2 gstatic.com
fonts.gstatic.com
43 KB
1 dtscout.com
e.dtscout.com — Cisco Umbrella Rank: 11447
t.dtscout.com Failed
4 KB
1 google.co.nz
adservice.google.co.nz — Cisco Umbrella Rank: 103261
792 B
1 googleadservices.com
partner.googleadservices.com — Cisco Umbrella Rank: 961
695 B
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 107
1 KB
0 s-onetag.com Failed
get.s-onetag.com Failed
39 11
Domain Requested by
15 bareeqal5alij.hewaaya.com bareeqal5alij.hewaaya.com
6 pagead2.googlesyndication.com bareeqal5alij.hewaaya.com
pagead2.googlesyndication.com
tpc.googlesyndication.com
3 tpc.googlesyndication.com pagead2.googlesyndication.com
tpc.googlesyndication.com
2 googleads.g.doubleclick.net pagead2.googlesyndication.com
2 fonts.gstatic.com fonts.googleapis.com
1 www.google.com tpc.googlesyndication.com
1 e.dtscout.com s4.histats.com
1 s4.histats.com s10.histats.com
1 adservice.google.com pagead2.googlesyndication.com
1 adservice.google.co.nz pagead2.googlesyndication.com
1 partner.googleadservices.com pagead2.googlesyndication.com
1 s10.histats.com bareeqal5alij.hewaaya.com
1 fonts.googleapis.com bareeqal5alij.hewaaya.com
0 get.s-onetag.com Failed e.dtscout.com
0 t.dtscout.com Failed e.dtscout.com
39 15

This site contains links to these domains. Also see Links.

Domain
www.q2amarket.com
www.question2answer.org
Subject Issuer Validity Valid
*.hewaaya.com
E1
2022-11-18 -
2023-02-16
3 months crt.sh
upload.video.google.com
GTS CA 1C3
2022-11-02 -
2023-01-25
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2022-11-02 -
2023-01-25
3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3
2022-11-02 -
2023-01-25
3 months crt.sh
histats.com
R3
2022-09-30 -
2022-12-29
3 months crt.sh
*.googleadservices.com
GTS CA 1C3
2022-11-02 -
2023-01-25
3 months crt.sh
*.google.co.nz
GTS CA 1C3
2022-11-02 -
2023-01-25
3 months crt.sh
*.google.com
GTS CA 1C3
2022-11-02 -
2023-01-25
3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3
2022-11-02 -
2023-01-25
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2022-05-28 -
2023-05-28
a year crt.sh
www.google.com
GTS CA 1C3
2022-11-02 -
2023-01-25
3 months crt.sh

This page contains 7 frames:

Primary Page: https://bareeqal5alij.hewaaya.com/user/hammerrepair77
Frame ID: 92C4F9AA515ED2A9A7CCC83DDADF6B35
Requests: 25 HTTP requests in this frame

Frame: https://bareeqal5alij.hewaaya.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1669608000
Frame ID: F1180D9664D7C5EDFE1C23206C43929B
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20221110/r20190131/zrt_lookup.html
Frame ID: A49E20219D32609B5C919B8403827B8C
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8343227950611411&output=html&adk=1812271804&adf=3025194257&lmt=1669616536&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32&format=0x0&url=https%3A%2F%2Fbareeqal5alij.hewaaya.com%2Fuser%2Fhammerrepair77&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669616535232&bpp=4&bdt=2237&idt=1314&shv=r20221110&mjsv=m202211100101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=553442706341&frm=20&pv=2&ga_vid=1397793494.1669616537&ga_sid=1669616537&ga_hid=1422418442&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44777876%2C42531706%2C44769661&oid=2&pvsid=2509834244090227&tmod=335679938&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=1339
Frame ID: ECC030CE4309AB3493F117C2CED629E2
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: E222AE6953A947190BF205E515BC07B2
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: B798044B9F0A3DDC6B2EF9DE80ED8360
Requests: 2 HTTP requests in this frame

Frame: https://t.dtscout.com/idg/?su=51A016696165393E0B3617B6F33E32E9
Frame ID: 0C513A140F4444F51F9452BE2111D030
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

بريق الخليج

Detected technologies

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

39
Requests

92 %
HTTPS

0 %
IPv6

11
Domains

15
Subdomains

14
IPs

3
Countries

446 kB
Transfer

1140 kB
Size

17
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

39 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request hammerrepair77
bareeqal5alij.hewaaya.com/user/
9 KB
4 KB
Document
General
Full URL
https://bareeqal5alij.hewaaya.com/user/hammerrepair77
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.196.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
63d7dbb2a8d0bc7c08c6dcc73fa6a8d8fd9b3c8c19041c1d2db695b547c07dac

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
en-NZ,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
771101fbf834a8a6-SYD
content-encoding
br
content-type
text/html; charset=utf-8
date
Mon, 28 Nov 2022 06:22:12 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VGS0wKXt9CKtxXMSdFJoLKjxRCo8g6TJzhUCy4QtilrHslMS7kbRKda0QyaO9OMtirpQ8hx6W40xoWVyIBpaZJ3IeSCvE9gQxB6RbVkx%2F%2BslSPpbLXWmhllus9VtUqJpz8NOPIARGx38FFhP"}],"group":"cf-nel","max_age":604800}
server
cloudflare
qa-styles.css
bareeqal5alij.hewaaya.com/qa-theme/SnowFlat/
57 KB
11 KB
Stylesheet
General
Full URL
https://bareeqal5alij.hewaaya.com/qa-theme/SnowFlat/qa-styles.css?1.8.3
Requested by
Host: bareeqal5alij.hewaaya.com
URL: https://bareeqal5alij.hewaaya.com/user/hammerrepair77
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.196.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
37dc34da0809c1150251a605939830aa9a0bc74d66e8afb335b040f4eb6e7dc2

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://bareeqal5alij.hewaaya.com/user/hammerrepair77
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 28 Nov 2022 06:22:13 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
94307
cf-polished
origSize=72433
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj
minify
last-modified
Sat, 12 Jan 2019 22:22:42 GMT
server
cloudflare
etag
W/"5c3a68b2-11af1"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ptOC9YHpYaYaobOhI%2B0NIXUlKU20tXaoCGfX03KquQlSNg9U7bhyTqQzSXVgp3%2BeQfLSGWQ9aewQOOQuqnbT9DT29Gz16yctdfTdCNyrjGbvYWUHMJbMolpLgE3Mcp4lCQAjPU8JfehSfVxI"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=2678400
cf-ray
77110203b865a8a6-SYD
expires
Tue, 27 Dec 2022 04:10:26 GMT
qa-styles-rtl.css
bareeqal5alij.hewaaya.com/qa-theme/SnowFlat/
6 KB
2 KB
Stylesheet
General
Full URL
https://bareeqal5alij.hewaaya.com/qa-theme/SnowFlat/qa-styles-rtl.css?1.8.3
Requested by
Host: bareeqal5alij.hewaaya.com
URL: https://bareeqal5alij.hewaaya.com/user/hammerrepair77
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.196.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8a0a840d54ebc1a4525af39787c3aa67bdd8a9c75813d0fded90652401dcade5

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://bareeqal5alij.hewaaya.com/user/hammerrepair77
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 28 Nov 2022 06:22:13 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
94307
cf-polished
origSize=7514
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj
minify
last-modified
Sat, 12 Jan 2019 22:22:42 GMT
server
cloudflare
etag
W/"5c3a68b2-1d5a"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YXELGhPTqNKWqLAjwHE8UEU0gcAsVs51mMjs5sZAEl04BzXvWx6kKIw7c45x3myifehJ%2FOCweA3MqNt2qw4tvVswFgGdAqlUcw%2FQ1FBq5brRmVCdfYQw6MbX61aVo7NR%2F1Plmt5HedtpG7Zu"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=2678400
cf-ray
77110203b866a8a6-SYD
expires
Tue, 27 Dec 2022 04:10:26 GMT
css2
fonts.googleapis.com/
5 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=El+Messiri:wght@400;500;600;700&display=swap
Requested by
Host: bareeqal5alij.hewaaya.com
URL: https://bareeqal5alij.hewaaya.com/user/hammerrepair77
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.118.95 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sl-in-f95.1e100.net
Software
ESF /
Resource Hash
bb1d99c6538f14597a5fd79319d6d8b4b8f31705979036676411af1e9bd3e850
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://bareeqal5alij.hewaaya.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Mon, 28 Nov 2022 06:22:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Mon, 28 Nov 2022 06:22:13 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 28 Nov 2022 06:22:13 GMT
rocket-loader.min.js
bareeqal5alij.hewaaya.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/
12 KB
4 KB
Script
General
Full URL
https://bareeqal5alij.hewaaya.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Requested by
Host: bareeqal5alij.hewaaya.com
URL: https://bareeqal5alij.hewaaya.com/user/hammerrepair77
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.196.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://bareeqal5alij.hewaaya.com/user/hammerrepair77
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 28 Nov 2022 06:22:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 22 Nov 2022 13:35:09 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"637cd00d-302c"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8xFpHGCTsnpKLU0Pe3x%2FVsVcWF1QTX1Nr8JLb3Zq%2Blip%2FKyQRAnX9C7R8WM8RHj71eK4%2Bpkb3flkRu37LiYIVM75PKh1CapmpZeireVxZOllQPtBumON7EzSEQIZYvOOmakYfjWFGGfGHT3C"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
x-frame-options
DENY
cache-control
max-age=172800, public
cf-ray
77110204a973a8a6-SYD
expires
Wed, 30 Nov 2022 06:22:13 GMT
spinner-icon-14x14.gif
bareeqal5alij.hewaaya.com/qa-theme/SnowFlat/images/
8 KB
8 KB
Image
General
Full URL
https://bareeqal5alij.hewaaya.com/qa-theme/SnowFlat/images/spinner-icon-14x14.gif?1410117644
Requested by
Host: bareeqal5alij.hewaaya.com
URL: https://bareeqal5alij.hewaaya.com/qa-theme/SnowFlat/qa-styles.css?1.8.3
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.196.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
07a75636966b34dd8bbafee0ebced659b03bab0e57641e1fa035ca7da0bd39ce

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://bareeqal5alij.hewaaya.com/qa-theme/SnowFlat/qa-styles.css?1.8.3
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 28 Nov 2022 06:22:15 GMT
cf-cache-status
MISS
last-modified
Sat, 12 Jan 2019 22:15:16 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"5c3a66f4-1e65"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gNJMwJ1WDUv55a1nweCSbON0%2FZ8XIDW%2F7Vhjq34Y7F0ByzrioTba7jiHqNr2Vma8oAIkjvkFjqLXFCyVV2flveTSMca5bN3NRiRvqpq6SwONk5DRzJ1SoBE2aR%2BZR8h1WaH4PgHFesOiD%2FZB"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
771102090baca97a-SYD
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
7781
expires
Wed, 28 Dec 2022 06:22:14 GMT
fontello.woff
bareeqal5alij.hewaaya.com/qa-theme/SnowFlat/fonts/
7 KB
8 KB
Font
General
Full URL
https://bareeqal5alij.hewaaya.com/qa-theme/SnowFlat/fonts/fontello.woff?70015067
Requested by
Host: bareeqal5alij.hewaaya.com
URL: https://bareeqal5alij.hewaaya.com/qa-theme/SnowFlat/qa-styles.css?1.8.3
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.196.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c7aca9ebef12465aad206aae5351ba575eebe4b5e3f0fb1d99f4f92f1c4f396d

Request headers

Referer
https://bareeqal5alij.hewaaya.com/qa-theme/SnowFlat/qa-styles.css?1.8.3
Origin
https://bareeqal5alij.hewaaya.com
accept-language
en-NZ,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 28 Nov 2022 06:22:15 GMT
cf-cache-status
MISS
last-modified
Mon, 25 Jul 2016 22:01:58 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"57968c56-1c20"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QmeRtVDCGYBYbMA0ODHS2W6BV6zbpUyz%2BzeNm08lxvGwx2yGD7ASH9eS2jvu%2BcH6k%2BbmHPaNM46hXgxB%2B2uurYyHp4E9ZKPGbL%2F4nAtgW8l8eh7RnGe8UhSrqxzQuLZtp8uiGHLP9qhYoTCk"}],"group":"cf-nel","max_age":604800}
content-type
font/woff
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
771102090bb1a97a-SYD
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
7200
K2F0fZBRmr9vQ1pHEey6MoiAAhLz.woff2
fonts.gstatic.com/s/elmessiri/v16/
20 KB
20 KB
Font
General
Full URL
https://fonts.gstatic.com/s/elmessiri/v16/K2F0fZBRmr9vQ1pHEey6MoiAAhLz.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=El+Messiri:wght@400;500;600;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.4.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sm-in-f94.1e100.net
Software
sffe /
Resource Hash
d21ea66884a90a9148d3f6e109a6bb1e2bcad851e2a06b46350eb1edefa5a546
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://bareeqal5alij.hewaaya.com
accept-language
en-NZ,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 25 Nov 2022 05:22:13 GMT
x-content-type-options
nosniff
age
262801
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20108
x-xss-protection
0
last-modified
Mon, 11 Jul 2022 19:12:23 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 25 Nov 2023 05:22:13 GMT
K2F0fZBRmr9vQ1pHEey6Mo2AAg.woff2
fonts.gstatic.com/s/elmessiri/v16/
23 KB
23 KB
Font
General
Full URL
https://fonts.gstatic.com/s/elmessiri/v16/K2F0fZBRmr9vQ1pHEey6Mo2AAg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=El+Messiri:wght@400;500;600;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.4.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sm-in-f94.1e100.net
Software
sffe /
Resource Hash
feafd9234c68a7f1d92fee6ec91b0f37668660b83611bf3e91fa73621f56d58c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://bareeqal5alij.hewaaya.com
accept-language
en-NZ,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 27 Nov 2022 10:41:12 GMT
x-content-type-options
nosniff
age
70862
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
23296
x-xss-protection
0
last-modified
Mon, 11 Jul 2022 19:14:46 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 27 Nov 2023 10:41:12 GMT
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/
143 KB
49 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: bareeqal5alij.hewaaya.com
URL: https://bareeqal5alij.hewaaya.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.4.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sm-in-f154.1e100.net
Software
cafe /
Resource Hash
08c7806c08738f72104f8fa4512fd0ba30139a485fbec47baec2417c912552e9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://bareeqal5alij.hewaaya.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 28 Nov 2022 06:22:14 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
49129
x-xss-protection
0
server
cafe
etag
9064991244784242262
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Mon, 28 Nov 2022 06:22:14 GMT
snow-core.js
bareeqal5alij.hewaaya.com/qa-theme/SnowFlat/js/
2 KB
1 KB
Script
General
Full URL
https://bareeqal5alij.hewaaya.com/qa-theme/SnowFlat/js/snow-core.js?1.8.3
Requested by
Host: bareeqal5alij.hewaaya.com
URL: https://bareeqal5alij.hewaaya.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.196.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5eecfa645aee35cb0c6820e187451ab14a9df51283635a2117d7ba866a6a74aa

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://bareeqal5alij.hewaaya.com/user/hammerrepair77
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 28 Nov 2022 06:22:15 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Sat, 12 Jan 2019 22:22:42 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"5c3a68b2-94f"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CWElufeOZdCqeWgCFK6ROXfBKHKicr2sXXxb3hFLDXx1Av0AmlVlM1GGWeY2Dtw2wEqeTx9AStyExlrnAyB%2B2C8sSyYaTMHxOrCYM2Ss719Bd6iq3k0fR%2FjSRn%2BxezeKpr0zwpynBq17A9hN"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=2678400
cf-ray
771102092bdda97a-SYD
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Wed, 28 Dec 2022 06:22:14 GMT
qa-global.js
bareeqal5alij.hewaaya.com/qa-content/
20 KB
6 KB
Script
General
Full URL
https://bareeqal5alij.hewaaya.com/qa-content/qa-global.js?1.8.3
Requested by
Host: bareeqal5alij.hewaaya.com
URL: https://bareeqal5alij.hewaaya.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.196.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b79950172d0e6c3091a44a69d615ee5711f57bb59e202b2a383d48e4ca2a4ce3

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://bareeqal5alij.hewaaya.com/user/hammerrepair77
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 28 Nov 2022 06:22:15 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Sat, 12 Jan 2019 22:22:42 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"5c3a68b2-5046"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E29Jb77mV0vvK1mzEvFfEvVf9m%2B%2BAoQS7MV%2Fl%2FBx38SQW0GLrAPwwLOHrDmeNtQERonma8a285m7hfEzcmB6XYFQwTS%2FwFfUVUV8zPb7kML%2FEbAxOZ%2BAdPJ3iOt05itTnfPlqyUfwdSZ%2Bzwm"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=2678400
cf-ray
771102092be0a97a-SYD
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Wed, 28 Dec 2022 06:22:14 GMT
jquery-3.3.1.min.js
bareeqal5alij.hewaaya.com/qa-content/
85 KB
31 KB
Script
General
Full URL
https://bareeqal5alij.hewaaya.com/qa-content/jquery-3.3.1.min.js
Requested by
Host: bareeqal5alij.hewaaya.com
URL: https://bareeqal5alij.hewaaya.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.196.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d30b6114fb9496ae46b2a8cdf59379c8ffdb957534bd1dd73e626c7c61c7e67d

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://bareeqal5alij.hewaaya.com/user/hammerrepair77
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 28 Nov 2022 06:22:15 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Tue, 07 Sep 2021 18:26:12 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"6137aec4-1538f"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QHfD12cgmywy4qOjFMcyF6PxrkQ3NCvO6VFQalv70MiDD%2FpLxRqJRPO5f9EFil4ZMrbQQ4lH%2Fnppp8Xwni8PWVH0KUpvj2zhoHxGTC%2BCKSUNEdMkebbncY2IkDfInKof1QjA8p7Bwztlp%2BMt"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=2678400
cf-ray
771102092be1a97a-SYD
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Wed, 28 Dec 2022 06:22:14 GMT
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/
144 KB
49 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8343227950611411
Requested by
Host: bareeqal5alij.hewaaya.com
URL: https://bareeqal5alij.hewaaya.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.4.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sm-in-f154.1e100.net
Software
cafe /
Resource Hash
d7001964ee7269c1662b4dff3bd7921d4d206eaceb6de65f0d50b771ee5ab742
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://bareeqal5alij.hewaaya.com/
Origin
https://bareeqal5alij.hewaaya.com
accept-language
en-NZ,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 28 Nov 2022 06:22:14 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
49345
x-xss-protection
0
server
cafe
etag
11737187824125773399
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Mon, 28 Nov 2022 06:22:14 GMT
invisible.js
bareeqal5alij.hewaaya.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/ Frame F118
35 KB
15 KB
Script
General
Full URL
https://bareeqal5alij.hewaaya.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1669608000
Requested by
Host: bareeqal5alij.hewaaya.com
URL: https://bareeqal5alij.hewaaya.com/user/hammerrepair77
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.196.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
33142177b039c10a8e040bb1b3b868fdb5af2ccb5633b5d66a6feb819a016086

Request headers

accept-language
en-NZ,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 28 Nov 2022 06:22:15 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pdzRec7VfHwome4XvsPwm6%2BBM1Q8okT7g1zj95eITAFkjqfJ%2Bi2ofGJZgmJUn617hDwvGyFqHfWh7dEQb7yqaewCsYZ%2F8a%2BvP8jW0INkZj1nyFxz%2BrEftQFoaML0pfaxBLYfGpyT9dh4DV8d"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
x-control-type-options
nosniff
cf-ray
771102118941a97a-SYD
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
js15_as.js
s10.histats.com/
11 KB
5 KB
Script
General
Full URL
https://s10.histats.com/js15_as.js
Requested by
Host: bareeqal5alij.hewaaya.com
URL: https://bareeqal5alij.hewaaya.com/user/hammerrepair77
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
46.105.201.240 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
/
Resource Hash
2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://bareeqal5alij.hewaaya.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 28 Nov 2022 06:21:27 GMT
content-encoding
br
last-modified
Thu, 16 Apr 2020 10:44:16 GMT
x-cacheable
Matched cache
x-cdn-pop-ip
51.254.41.128/25
etag
"-375139978"
content-type
application/javascript; charset=UTF-8
x-cdn-pop
rbx1
accept-ranges
bytes
content-length
4364
x-request-id
808225290
show_ads_impl_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211100101/
355 KB
117 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211100101/show_ads_impl_fy2021.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8343227950611411
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.4.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sm-in-f154.1e100.net
Software
cafe /
Resource Hash
3aa5fb4dfb2e8b1e9e852dc9fc8de0042325921a91f085d3804d4a8a897bb13e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://bareeqal5alij.hewaaya.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 28 Nov 2022 06:22:15 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
119594
x-xss-protection
0
server
cafe
etag
7850298243256081665
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Mon, 28 Nov 2022 06:22:15 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20221110/r20190131/ Frame A49E
10 KB
5 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20221110/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8343227950611411
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.12.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
se-in-f154.1e100.net
Software
cafe /
Resource Hash
9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://bareeqal5alij.hewaaya.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
en-NZ,en;q=0.9

Response headers

age
26726
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=1209600
content-encoding
br
content-length
4242
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sun, 27 Nov 2022 22:56:49 GMT
etag
10353107486223812946
expires
Sun, 11 Dec 2022 22:56:49 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
pica.js
bareeqal5alij.hewaaya.com/cdn-cgi/challenge-platform/h/b/scripts/ Frame F118
19 KB
8 KB
Other
General
Full URL
https://bareeqal5alij.hewaaya.com/cdn-cgi/challenge-platform/h/b/scripts/pica.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.196.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f8f02e553901bd1b7f2b505fee1ff118771eca4cbce04c469f3cf7f641141dcc

Request headers

accept-language
en-NZ,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 28 Nov 2022 06:22:15 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wo3E8q6IkPOIy2ejSwQ7QSygPdgkD8nrp9gmh6l7zkWbN4enxe%2BEJ00c7Vkm5FUqhUBHXb1a8TaWvXNgUa3p3eS2TKZnsGACOVyOiomfdSzjbqh%2FZtRfY%2F0RXatIEBjLaTgf9Wfgh6gDIcoW"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
x-control-type-options
nosniff
cf-ray
771102128ac7a97a-SYD
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
771101fbf834a8a6
bareeqal5alij.hewaaya.com/cdn-cgi/challenge-platform/h/b/cv/result/ Frame F118
2 B
674 B
XHR
General
Full URL
https://bareeqal5alij.hewaaya.com/cdn-cgi/challenge-platform/h/b/cv/result/771101fbf834a8a6
Requested by
Host: bareeqal5alij.hewaaya.com
URL: https://bareeqal5alij.hewaaya.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1669608000
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.196.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer
accept-language
en-NZ,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 28 Nov 2022 06:22:15 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bvg8rXvFslwCI52vfF2R6X0m8N7yzMDRWftvmEYxbL%2F%2FN583dcOI83YwBwXr5o1kalqQuygX%2BMV4WZz6jWgwr7CSawe9zS8LjSMm%2B0uLrS%2F3k92GNAuXVJIy4XulvUAEJLW2nlR9yetvNDym"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
cf-ray
771102155f88a97a-SYD
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
invisible.js
bareeqal5alij.hewaaya.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/ Frame F118
41 KB
17 KB
Script
General
Full URL
https://bareeqal5alij.hewaaya.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1669608000
Requested by
Host: bareeqal5alij.hewaaya.com
URL: https://bareeqal5alij.hewaaya.com/user/hammerrepair77
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.196.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
03e72341ce4eb2e84b49d0d8164ea88a9ea46135ef48b51fa30f73f9392f07a3

Request headers

accept-language
en-NZ,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 28 Nov 2022 06:22:15 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nsrWDEX4rEe767asUADm0Mh8EG2FaJmAwrHN4QZRDRWzgMn14L3s%2FaqEXgzylV%2F3nvMLZ8UNL7dEvxd3gyjl%2FSEBjdMxOSIlL6r8D%2BWjriMrIsJKRsiPDsz6NvbtLW0eToe2qgy%2BIYI1lQWN"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
x-control-type-options
nosniff
cf-ray
771102157fbea97a-SYD
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
pica.js
bareeqal5alij.hewaaya.com/cdn-cgi/challenge-platform/h/b/scripts/ Frame F118
24 KB
10 KB
Other
General
Full URL
https://bareeqal5alij.hewaaya.com/cdn-cgi/challenge-platform/h/b/scripts/pica.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.196.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c31deccf4c92480e13331c74f1f42d3799056e937b47137165340fd80c434631

Request headers

accept-language
en-NZ,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 28 Nov 2022 06:22:16 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CvDFHUE8JjlrNbfGi4z6dfPmbDYhEq4RSc3rurCYOmReF%2BaI77p4sWfo61VDD4GYWRY6UnLk8IzwUZLvGYVLqTZ6hztfAY1zAIQ6IMGTLKe0uDFj6I%2B0QREudmlkXwJV2sIgi2pNfi8j3oLw"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
x-control-type-options
nosniff
cf-ray
771102167a0aa97a-SYD
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
771101fbf834a8a6
bareeqal5alij.hewaaya.com/cdn-cgi/challenge-platform/h/b/cv/result/ Frame F118
2 B
663 B
XHR
General
Full URL
https://bareeqal5alij.hewaaya.com/cdn-cgi/challenge-platform/h/b/cv/result/771101fbf834a8a6
Requested by
Host: bareeqal5alij.hewaaya.com
URL: https://bareeqal5alij.hewaaya.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1669608000
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.196.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer
accept-language
en-NZ,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 28 Nov 2022 06:22:16 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DzlEFNHz0hGpCoPYeu3rg4RGr2AtIv7wZV%2FlrcpFWqOw81YP40o7woCdgJaNiXOvXxxg9Gbg9PwxnNhmdYWmHcO%2BK5rKMcjlqBp1hp2KPCx13kTCrqjE9KO9cZDmSfdkWY3w1mMnrfmhl12Y"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
cf-ray
77110219bf6da97a-SYD
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cookie.js
partner.googleadservices.com/gampad/
389 B
695 B
Script
General
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=bareeqal5alij.hewaaya.com&callback=_gfp_s_&client=ca-pub-8343227950611411&gpid_exp=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211100101/show_ads_impl_fy2021.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.194.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
si-in-f155.1e100.net
Software
cafe /
Resource Hash
37cc6001967fb4be2e7fb462462c0aed4ee24f8d9269b0a5cc34335e6b5a7862
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://bareeqal5alij.hewaaya.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 28 Nov 2022 06:22:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
251
x-xss-protection
0
integrator.js
adservice.google.co.nz/adsid/
107 B
792 B
Script
General
Full URL
https://adservice.google.co.nz/adsid/integrator.js?domain=bareeqal5alij.hewaaya.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211100101/show_ads_impl_fy2021.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.200.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sa-in-f155.1e100.net
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://bareeqal5alij.hewaaya.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 28 Nov 2022 06:22:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
107 B
549 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=bareeqal5alij.hewaaya.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211100101/show_ads_impl_fy2021.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.10.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sd-in-f154.1e100.net
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://bareeqal5alij.hewaaya.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 28 Nov 2022 06:22:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame ECC0
14 KB
5 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8343227950611411&output=html&adk=1812271804&adf=3025194257&lmt=1669616536&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32&format=0x0&url=https%3A%2F%2Fbareeqal5alij.hewaaya.com%2Fuser%2Fhammerrepair77&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1669616535232&bpp=4&bdt=2237&idt=1314&shv=r20221110&mjsv=m202211100101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=553442706341&frm=20&pv=2&ga_vid=1397793494.1669616537&ga_sid=1669616537&ga_hid=1422418442&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C44777876%2C42531706%2C44769661&oid=2&pvsid=2509834244090227&tmod=335679938&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=1339
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211100101/show_ads_impl_fy2021.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.12.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
se-in-f154.1e100.net
Software
cafe /
Resource Hash
af9f96bae025e89b2ae25c86fee51bf91e6b501cdad3c99420bf6bd1992a37f4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://bareeqal5alij.hewaaya.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
en-NZ,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
br
content-length
5194
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 28 Nov 2022 06:22:17 GMT
expires
Mon, 28 Nov 2022 06:22:17 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
sodar
pagead2.googlesyndication.com/getconfig/
16 KB
12 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20221110&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211100101/show_ads_impl_fy2021.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.4.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sm-in-f154.1e100.net
Software
cafe /
Resource Hash
4af4651e0e54079db9cc53d44364c1cdebec24e93c0f88d230d337b33bfce5e5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://bareeqal5alij.hewaaya.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 28 Nov 2022 06:22:17 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12460
x-xss-protection
0
0.php
s4.histats.com/stats/
378 B
513 B
Script
General
Full URL
https://s4.histats.com/stats/0.php?4631733&@f16&@g1&@h1&@i1&@j1669616536587&@k0&@l1&@m%D8%A8%D8%B1%D9%8A%D9%82%20%D8%A7%D9%84%D8%AE%D9%84%D9%8A%D8%AC&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1600&@b1:81923473&@b3:1669616537&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fbareeqal5alij.hewaaya.com%2Fuser%2Fhammerrepair77&@w
Requested by
Host: s10.histats.com
URL: https://s10.histats.com/js15_as.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.99.13.63 , Canada, ASN16276 (OVH, FR),
Reverse DNS
ns504751.ip-192-99-13.net
Software
/
Resource Hash
7c36c475bbe9031e92173b4e88aa6dd86de74a02532ec922bd6a78ded16159b4

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://bareeqal5alij.hewaaya.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 28 Nov 2022 06:22:18 GMT
Connection
close
Content-Length
378
Content-Type
text/html;charset=UTF-8
sodar2.js
tpc.googlesyndication.com/sodar/
17 KB
7 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202211100101/show_ads_impl_fy2021.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.10.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sd-in-f132.1e100.net
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://bareeqal5alij.hewaaya.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 28 Nov 2022 06:22:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Mon, 28 Nov 2022 06:22:18 GMT
/
e.dtscout.com/e/
7 KB
4 KB
Script
General
Full URL
https://e.dtscout.com/e/?v=1a&pid=5200&site=1&l=https%3A%2F%2Fbareeqal5alij.hewaaya.com%2Fuser%2Fhammerrepair77&j=
Requested by
Host: s4.histats.com
URL: https://s4.histats.com/stats/0.php?4631733&@f16&@g1&@h1&@i1&@j1669616536587&@k0&@l1&@m%D8%A8%D8%B1%D9%8A%D9%82%20%D8%A7%D9%84%D8%AE%D9%84%D9%8A%D8%AC&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1600&@b1:81923473&@b3:1669616537&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fbareeqal5alij.hewaaya.com%2Fuser%2Fhammerrepair77&@w
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.162.7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
269aaf7e0e1e77e668cb1bd21cba9a31ad4b6a0e742abf88b8c3733b5906422a

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://bareeqal5alij.hewaaya.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 28 Nov 2022 06:22:19 GMT
x-t
1.074
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D1vqgafrXYwdgok2wAJDjrAIFThtRg8TMqok8v6CZl4mwuE%2B5Wnk27SK%2BbLv%2F5znczBxDtRP81CgGQNI1WqK5R0kZ6lssuhiJHUZSgAyKXVSF%2BbdEuTOrIHGS3xe%2B%2F36"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
no-cache
x-s
ger1
cf-ray
771102268e0fa8a7-SYD
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Mon, 28 Nov 2022 06:22:18 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame E222
13 KB
5 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.10.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sd-in-f132.1e100.net
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://bareeqal5alij.hewaaya.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
en-NZ,en;q=0.9

Response headers

accept-ranges
bytes
age
55810
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Sun, 27 Nov 2022 14:52:08 GMT
expires
Mon, 27 Nov 2023 14:52:08 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame B798
783 B
1 KB
Document
General
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.24.104 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sf-in-f104.1e100.net
Software
GSE /
Resource Hash
de0263ef96f0cd68ea30fa31e8338fed576bc33fa7c015399b17b201835138c7
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-jsfWOC_h7XeQpecJKMWRww' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://bareeqal5alij.hewaaya.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language
en-NZ,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=300
content-encoding
gzip
content-length
513
content-security-policy
script-src 'report-sample' 'nonce-jsfWOC_h7XeQpecJKMWRww' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Mon, 28 Nov 2022 06:22:19 GMT
expires
Mon, 28 Nov 2022 06:22:19 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
api979c0EJY6QQNrS8TSWwgKrshdt-vRMqEtOqF-hYY.js
pagead2.googlesyndication.com/bg/ Frame E222
36 KB
16 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/api979c0EJY6QQNrS8TSWwgKrshdt-vRMqEtOqF-hYY.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.4.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sm-in-f154.1e100.net
Software
sffe /
Resource Hash
6a98bdefd73410963a41036b4bc4d25b080aaec85db7ebd132a12d3aa17e8586
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 25 Nov 2022 04:59:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
264145
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16010
x-xss-protection
0
last-modified
Thu, 03 Nov 2022 09:28:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 25 Nov 2023 04:59:54 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame B798
0
0
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20221110&jk=2509834244090227&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.4.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sm-in-f154.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

generate_204
tpc.googlesyndication.com/ Frame E222
0
10 B
Image
General
Full URL
https://tpc.googlesyndication.com/generate_204?khrx6Q
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.10.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sd-in-f132.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-NZ,en;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 28 Nov 2022 06:22:19 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
/
t.dtscout.com/idg/ Frame 0C51
0
0

tag.min.js
get.s-onetag.com/f0c84061-4182-4398-8e37-5ff5b5698a6f/
0
0

/
t.dtscout.com/pv/
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
t.dtscout.com
URL
https://t.dtscout.com/idg/?su=51A016696165393E0B3617B6F33E32E9
Domain
get.s-onetag.com
URL
https://get.s-onetag.com/f0c84061-4182-4398-8e37-5ff5b5698a6f/tag.min.js
Domain
t.dtscout.com
URL
https://t.dtscout.com/pv/?_a=v&_h=bareeqal5alij.hewaaya.com&_ss=5fn1ifkuez&_pv=1&_ls=0&_u1=1&_u3=1&_cc=nz&_pl=d&_cbid=3jw9&_cb=_dtspv.c

Verdicts & Comments Add Verdict or Comment

88 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| __cfQR object| _Hasync string| qa_root string| qa_request object| google_js_reporting_queue number| google_srt object| google_logging_queue number| tmod object| google_ad_modifications object| ggeac object| google_persistent_state_async boolean| google_measure_js_timing object| google_tag_data object| google_reactive_ads_global_state object| adsbygoogle boolean| _gfp_a_ object| google_sa_queue function| google_process_slots object| google_ama_state function| google_spfd number| google_unique_id object| google_sv_map number| google_rum_task_id_counter string| google_user_agent_client_hint function| $ function| jQuery function| qa_reveal function| qa_conceal function| qa_set_inner_html function| qa_set_outer_html function| qa_show_waiting_after function| qa_hide_waiting function| qa_vote_click function| qa_notice_click function| qa_favorite_click function| qa_ajax_post function| qa_ajax_error function| qa_display_rule_show object| qa_element_revealed function| qa_toggle_element function| qa_submit_answer function| qa_submit_comment function| qa_answer_click function| qa_comment_click function| qa_show_comments function| qa_form_params function| qa_scroll_page_to function| qa_title_change function| qa_html_unescape function| qa_html_escape function| qa_tag_click function| qa_tag_hints function| qa_tags_to_html function| qa_caret_from_end function| qa_tag_typed_parts function| qa_category_select function| set_category_description function| qa_submit_wall_post function| qa_wall_post_click function| qa_pm_click object| b number| google_lpabyc boolean| __cfRLUnblockHandlers function| google_sa_impl object| googleToken object| googleIMState boolean| _gfp_p_ function| processGoogleToken number| google_global_correlator object| google_prev_clients object| gaGlobal object| ampInaboxIframes object| ampInaboxPendingMessages function| chfh function| chfh2 string| _HST_cntval object| Histats object| GoogleGcLKhOms object| _HistatsCounterGraphics_0_setValues object| a object| cv object| _dtspv

17 Cookies

Domain/Path Name / Value
bareeqal5alij.hewaaya.com/ Name: PHPSESSID
Value: em0gf8n1ped9elj9q6jh3d288j
bareeqal5alij.hewaaya.com/ Name: qa_key
Value: tjmr15dihmo129cpf7j1u1710a7uev53
bareeqal5alij.hewaaya.com/ Name: HstCfa4631733
Value: 1669616536587
bareeqal5alij.hewaaya.com/ Name: HstCla4631733
Value: 1669616536587
bareeqal5alij.hewaaya.com/ Name: HstCmu4631733
Value: 1669616536587
bareeqal5alij.hewaaya.com/ Name: HstPn4631733
Value: 1
bareeqal5alij.hewaaya.com/ Name: HstPt4631733
Value: 1
bareeqal5alij.hewaaya.com/ Name: HstCnv4631733
Value: 1
bareeqal5alij.hewaaya.com/ Name: HstCns4631733
Value: 1
.hewaaya.com/ Name: __cf_bm
Value: 0ndtmhHz5w1lvHEhAuFqQXNiv5YEyMo29wAyT1hqdIk-1669616536-0-AWghhLnYK+CRvH3Auw4aiBg/ip5w49GJV51CIk20ueT3S7pBVpOF/2jmAqCS87rZWbneDygM8bVWlDV15HhK/CIRAdKuSCObU947pB4eYTqYb6AzxhX4Nh/S2sjKyV23nm0qFNjtPpWFqs7CeZ4Ex3s=
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.hewaaya.com/ Name: __gads
Value: ID=0a4375654d6e386c-223f7dd780d800e5:T=1669616537:RT=1669616537:S=ALNI_MbnM2tWG0LshdZzTSj3qpATmnrSEA
.hewaaya.com/ Name: __gpi
Value: UID=00000b84d4bf097d:T=1669616537:RT=1669616537:S=ALNI_MYgB5n_lRp1GmRS9JdL8Zbxm1ZTKw
.dtscout.com/ Name: m
Value: 1
.dtscout.com/ Name: oa
Value: 1
.dtscout.com/ Name: df
Value: 1669616539
.dtscout.com/ Name: l
Value: 51A016696165393E0B3617B6F33E32E9

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.co.nz
adservice.google.com
bareeqal5alij.hewaaya.com
e.dtscout.com
fonts.googleapis.com
fonts.gstatic.com
get.s-onetag.com
googleads.g.doubleclick.net
pagead2.googlesyndication.com
partner.googleadservices.com
s10.histats.com
s4.histats.com
t.dtscout.com
tpc.googlesyndication.com
www.google.com
get.s-onetag.com
t.dtscout.com
142.250.4.154
142.250.4.94
142.251.10.132
142.251.10.154
142.251.12.154
172.217.194.155
172.253.118.95
172.64.162.7
172.67.196.105
192.99.13.63
46.105.201.240
74.125.200.155
74.125.24.104
03e72341ce4eb2e84b49d0d8164ea88a9ea46135ef48b51fa30f73f9392f07a3
07a75636966b34dd8bbafee0ebced659b03bab0e57641e1fa035ca7da0bd39ce
08c7806c08738f72104f8fa4512fd0ba30139a485fbec47baec2417c912552e9
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
269aaf7e0e1e77e668cb1bd21cba9a31ad4b6a0e742abf88b8c3733b5906422a
2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede
33142177b039c10a8e040bb1b3b868fdb5af2ccb5633b5d66a6feb819a016086
37cc6001967fb4be2e7fb462462c0aed4ee24f8d9269b0a5cc34335e6b5a7862
37dc34da0809c1150251a605939830aa9a0bc74d66e8afb335b040f4eb6e7dc2
3aa5fb4dfb2e8b1e9e852dc9fc8de0042325921a91f085d3804d4a8a897bb13e
4af4651e0e54079db9cc53d44364c1cdebec24e93c0f88d230d337b33bfce5e5
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5eecfa645aee35cb0c6820e187451ab14a9df51283635a2117d7ba866a6a74aa
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
63d7dbb2a8d0bc7c08c6dcc73fa6a8d8fd9b3c8c19041c1d2db695b547c07dac
6a98bdefd73410963a41036b4bc4d25b080aaec85db7ebd132a12d3aa17e8586
7c36c475bbe9031e92173b4e88aa6dd86de74a02532ec922bd6a78ded16159b4
8a0a840d54ebc1a4525af39787c3aa67bdd8a9c75813d0fded90652401dcade5
9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
af9f96bae025e89b2ae25c86fee51bf91e6b501cdad3c99420bf6bd1992a37f4
b79950172d0e6c3091a44a69d615ee5711f57bb59e202b2a383d48e4ca2a4ce3
bb1d99c6538f14597a5fd79319d6d8b4b8f31705979036676411af1e9bd3e850
c31deccf4c92480e13331c74f1f42d3799056e937b47137165340fd80c434631
c7aca9ebef12465aad206aae5351ba575eebe4b5e3f0fb1d99f4f92f1c4f396d
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
d21ea66884a90a9148d3f6e109a6bb1e2bcad851e2a06b46350eb1edefa5a546
d30b6114fb9496ae46b2a8cdf59379c8ffdb957534bd1dd73e626c7c61c7e67d
d7001964ee7269c1662b4dff3bd7921d4d206eaceb6de65f0d50b771ee5ab742
de0263ef96f0cd68ea30fa31e8338fed576bc33fa7c015399b17b201835138c7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f8f02e553901bd1b7f2b505fee1ff118771eca4cbce04c469f3cf7f641141dcc
feafd9234c68a7f1d92fee6ec91b0f37668660b83611bf3e91fa73621f56d58c