hd.yalla-shoot.io Open in urlscan Pro
2606:4700:3033::6815:91 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://hd.yalla-shoot.io/
Effective URL:
https://hd.yalla-shoot.io:2096/m/
Submission: On April 04 via manual (April 4th 2022, 8:37:59 am UTC) from US — Scanned from DE

Summary HTTP 109 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 25 IPs in 2 countries across 17 domains to perform 109 HTTP transactions. The main IP is 2606:4700:3033::6815:91, located in United States and belongs to CLOUDFLARENET, US. The main domain is hd.yalla-shoot.io.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on March 24th 2022. Valid for: a year.

This is the only time hd.yalla-shoot.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 24	2606:4700:303... 2606:4700:3033::6815:91	13335 (CLOUDFLAR...) (CLOUDFLARENET)
13	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::2008	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:830::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:808::2001	15169 (GOOGLE) (GOOGLE)
12	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
12	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
1 4	2a00:1450:400... 2a00:1450:4001:812::2004	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
1	142.250.13.157 142.250.13.157	15169 (GOOGLE) (GOOGLE)
1	143.204.215.43 143.204.215.43	16509 (AMAZON-02) (AMAZON-02)
3 4	172.217.16.130 172.217.16.130	15169 (GOOGLE) (GOOGLE)
2 4	23.35.236.247 23.35.236.247	16625 (AKAMAI-AS) (AKAMAI-AS)
2 3	37.252.172.45 37.252.172.45	29990 (ASN-APPNEX) (ASN-APPNEX)
8	2a00:1450:400... 2a00:1450:4001:830::2006	15169 (GOOGLE) (GOOGLE)
2	172.217.18.98 172.217.18.98	15169 (GOOGLE) (GOOGLE)
2	151.101.1.108 151.101.1.108	54113 (FASTLY) (FASTLY)
2	2600:9000:205... 2600:9000:2057:f600:2:d490:4d80:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6810:5714	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
3	99.86.7.112 99.86.7.112	16509 (AMAZON-02) (AMAZON-02)
109	25

24 2606:4700:3033::6815:91 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

hd.yalla-shoot.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 142.250.184.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:808::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:812::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.13.157 (United States)

ASN15169 (GOOGLE, US)
PTR: we-in-f157.1e100.net

bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.215.43 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-43.fra53.r.cloudfront.net

choices.truste.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.217.16.130 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: zrh04s06-in-f130.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.35.236.247 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-236-247.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.252.172.45 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:830::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.18.98 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s05-in-f98.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.1.108 (United States)

ASN54113 (FASTLY, US)

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2057:f600:2:d490:4d80:93a1 (United States)

ASN16509 (AMAZON-02, US)

wrappers.geoedge.be	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5714 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 99.86.7.112 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-7-112.fra6.r.cloudfront.net

choices.trustarc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
27	googlesyndication.com 0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 98 tpc.googlesyndication.com — Cisco Umbrella Rank: 125	127 KB
24	doubleclick.net 3 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 193 googleads.g.doubleclick.net — Cisco Umbrella Rank: 43 bid.g.doubleclick.net — Cisco Umbrella Rank: 492 cm.g.doubleclick.net — Cisco Umbrella Rank: 206 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 274	264 KB
24	yalla-shoot.io 2 redirects hd.yalla-shoot.io	312 KB
8	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 257	97 KB
5	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 245 acdn.adnxs.com — Cisco Umbrella Rank: 560	1 MB
5	google.com 1 redirects adservice.google.com — Cisco Umbrella Rank: 76 www.google.com — Cisco Umbrella Rank: 7	2 KB
4	casalemedia.com 2 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 568	4 KB
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 169	145 KB
3	trustarc.com choices.trustarc.com — Cisco Umbrella Rank: 674	15 KB
3	gstatic.com www.gstatic.com	14 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 45	2 KB
2	geoedge.be wrappers.geoedge.be — Cisco Umbrella Rank: 21394	7 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 39	20 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 431	2 KB
1	truste.com choices.truste.com — Cisco Umbrella Rank: 660	10 KB
1	google.de adservice.google.de — Cisco Umbrella Rank: 8069	792 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 70	38 KB
109	17

	Domain	Requested by
24	hd.yalla-shoot.io	2 redirects hd.yalla-shoot.io
13	securepubads.g.doubleclick.net	hd.yalla-shoot.io securepubads.g.doubleclick.net www.googletagservices.com
12	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com 0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com googleads.g.doubleclick.net
12	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com 0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com bid.g.doubleclick.net www.googletagservices.com
8	s0.2mdn.net	hd.yalla-shoot.io s0.2mdn.net
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	cm.g.doubleclick.net	3 redirects googleads.g.doubleclick.net
4	www.googletagservices.com	0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com securepubads.g.doubleclick.net
4	googleads.g.doubleclick.net	0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com hd.yalla-shoot.io
4	www.google.com	1 redirects tpc.googlesyndication.com 0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com
3	choices.trustarc.com	choices.truste.com
3	www.gstatic.com	0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com
3	ib.adnxs.com	2 redirects googleads.g.doubleclick.net
3	0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	fonts.googleapis.com	0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com
2	wrappers.geoedge.be	acdn.adnxs.com
2	acdn.adnxs.com	securepubads.g.doubleclick.net
2	googleads4.g.doubleclick.net	hd.yalla-shoot.io
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
1	cdn.jsdelivr.net	acdn.adnxs.com
1	choices.truste.com	0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com
1	bid.g.doubleclick.net	0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	www.googletagmanager.com	hd.yalla-shoot.io
109	25

This site contains links to these domains. Also see Links.

Domain
t.me
twitter.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-03-24` - `2023-03-24`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.truste.com Amazon	`2022-01-17` - `2023-02-15`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
cdn.adnxs.com GlobalSign Organization Validated CA - SHA256 - G4	`2021-05-10` - `2022-06-11`	a year	crt.sh
gw.geoedge.be Amazon	`2021-10-13` - `2022-11-10`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.trustarc.com Go Daddy Secure Certificate Authority - G2	`2020-05-21` - `2022-07-17`	2 years	crt.sh

This page contains 13 frames:

Primary Page: https://hd.yalla-shoot.io:2096/m/
Frame ID: 90824BB4C20714B3C16A5ACB837A0207
Requests: 46 HTTP requests in this frame

Frame: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: B88F0C31124436032371582CC3293AF8
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: B66B6AE0CD96360BB523B27567756071
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: AAF8A2CBB0B8C71418B08C704EE52F46
Requests: 2 HTTP requests in this frame

Frame: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 8BE85DD92BEAE09749AB59A8D5C4D67B
Requests: 20 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJW2SxDHxKr-AhiF_ui7ATAB&v=APEucNXmPwCn-K7YSOA4QRe9Ou_Kg5rT13vtpvmQFwQKaBf6il42YbJ1ces7-cklw3ca-OL5tm2kBvoseF7e5osMUMXgNngzAfsEv3tIe1L_Da1PygoygR7eQPjnCaoFN2V6fRlffTOO-kKfzZLndFuVMGp58mfLnIHsx_9E24j0Fb4RVjVz8S0
Frame ID: 576D39FB292EA0665BADB4060998CB18
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 9EFECDDCA20B93788E4058FA378EAB8E
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/11855457808776525415/index.html
Frame ID: 8B55AD3D99976846DB66815136FE4B8A
Requests: 7 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuYKnGW6lTin_NGK5QBs_LS5KOIreC2Oz7ghYM2zAwLqbLD7AhkeoxW35idkhFyBKpERe3JMoavDO_82KhOCMNGIBvP4VTR5mFubh31l1_byddpZg1Ire0K-QLsEyNGFCwAmur8P11CHiRgsf9qnh7Fn2pTxbajWNQzMquKU4T3emi3lDdXeLSypOpqqMBTzn1QdAYAH2kNlhvNgTYdFStLcCQTFwnsNYpYwHmwEnygr6XE2R7LuoSuqV9qjHp1KWY76Mj2Wu729DCdg0aXkdTUGOPVbFBWUIFXIUQvKSpXHBhsjshOkuSxsm1_01VEYT0&sai=AMfl-YQxdVqAO8XIDUuftnU4TJY1ZUk_46cdopcCbGRcSmKOLx9sPUmRVCJuuAlIjKyg2TxWkerc9Pm8tsbyrX-s-5kaGlJrPwaD_shb0K6yaGab5r8_Jl3Bw3WehemuLKQ&sig=Cg0ArKJSzGv-mKdvZ9ROEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: 5F94A03068F222F6BD670299AE11F938
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssr25WX8CT7TikKUJLRnBjvkpKyprOhun1W84dP3Redj9nItKxX7GnrBo9gcGrHoqv0D2kLNfDC6ieZYJ6vajXO7hLRR0w81eIUzIjBWwH1-t1LsGN60Ujm2jT8I5A6Wpnoh35BEw6hy9a9hg2P3UQYkd2bjfXAVun6ZhqdHtn8XY9r5LpxoXpaacAt-XTiNxwwZbadbH6jzkQiM7HGuz36_Cst-Tvec1QHSK74MBz7jJyT8YiSDILdjgIeSS_oowa6L88FULk8RAiPBdq5o5RMLp92McPSiZ3nz_c1kwiG5GOVcfaUNrGzDGqegpK2pHE&sai=AMfl-YRFQbj_ENzXx93z2mqNPZHZEukR2q8NAvffQyNxfmoT92Q3iXPeVV-DycEIl1jxhBYVFHO_uBcczOEWsQIniFzQl8r30d84PGZSNwtRnWH3aSMm07UiQMq9JYMrfk4&sig=Cg0ArKJSzMwN36M1nFSnEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: E493A0C8FEC25F7BEF00DE8E8AEE7A64
Requests: 7 HTTP requests in this frame

Frame: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: BC70EBDBDECB79651979AAC1A7CE0077
Requests: 5 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: BD19A4385650CAE992DDD54F13A3E780
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 3410235B5794C0BDB90C4BCF7DC28577
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

يلا شوت الجديد الرسمي | Yalla Shoot New أهم مباريات اليوم بث مباشر جوال

Page URL History Show full URLs

https://hd.yalla-shoot.io/ HTTP 301
https://hd.yalla-shoot.io:2096/ HTTP 301
https://hd.yalla-shoot.io:2096/m/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

/prebid\.js
adnxs\.com/[^"]*(?:prebid|/pb\.js)

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

109
Requests

94 %
HTTPS

63 %
IPv6

17
Domains

25
Subdomains

25
IPs

2
Countries

2357 kB
Transfer

6945 kB
Size

13
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://t.me/yallashootio

Search URL Search Domain Scan URL

URL: https://twitter.com/yallash35332369

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://hd.yalla-shoot.io/ HTTP 301
https://hd.yalla-shoot.io:2096/ HTTP 301
https://hd.yalla-shoot.io:2096/m/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 60

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI5rYuu-w0KdFCyblfE19EE&google_cver=1

Request Chain 61

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YkquYlkROSj0Qjhj-vyw5AAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC_SrxP2NwSw2uCuzswAj9s&google_cver=1

Request Chain 62

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEMLyZ7NcOSFBNBip_zxGZCY&google_cver=1

Request Chain 63

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzczMjQ1NTkyMDMxNTMzOTgzMQ%3D%3D

Request Chain 109

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

109 HTTP transactions
8 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
hd.yalla-shoot.io/m/
Redirect Chain

https://hd.yalla-shoot.io/
https://hd.yalla-shoot.io:2096/
https://hd.yalla-shoot.io:2096/m/

72 KB
16 KB

48ms
48ms

Document
text/html

2606:4700:3033::6815:91
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hd.yalla-shoot.io:2096/m/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::6815:91 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6377c50d247a2bb8f230a95c62cb95df87da9798f3c72a2b75a7a1a13759f586

Request headers

Accept-Language: de-DE,de;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":2096"; ma=86400, h3-29=":2096"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 6f68b983e89e9125-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 04 Apr 2022 08:37:53 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
link: <https://hd.yalla-shoot.io:2096/wp-json/>; rel="https://api.w.org/" <https://hd.yalla-shoot.io:2096/wp-json/wp/v2/pages/8972>; rel="alternate"; type="application/json" <https://hd.yalla-shoot.io:2096/?p=8972>; rel=shortlink
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6oxtJGzYrv%2BiQP%2BU%2Bf35rgNB5yU98nPwk%2BOKetfQ%2BDN6Uump1hOy4aY9g%2BHVYQdSsInNrkKhfFZEsnTDXocH34PvdOLe8CCO0H5ZsMQ2jIugM4mHsF%2B7q1dkxxiVKFiYWrzQ9LttJAebC2vGhWkxeXD06w2c"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-fastcgi-cache: HIT

Redirect headers

alt-svc: h3=":2096"; ma=86400, h3-29=":2096"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 6f68b983a8229125-FRA
content-type: text/html; charset=UTF-8
date: Mon, 04 Apr 2022 08:37:53 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
location: https://hd.yalla-shoot.io:2096/m/
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vyr4JAyE46NJsTgjsdcOBtj46CHOJDnakNWllAp7ANiiL17uVAYeW5atg4bVLzy77Xxq2R6XqDjpmC6wjdfRJZgJXHjWdXfY9YbeyB%2B%2BtdopIt363%2BldG2l1A0dN3jq2gLKC%2B%2FCVdZ5dSpZTWrzR8gcLt1Uq"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-fastcgi-cache: HIT
x-redirect-by: WordPress

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 83 KB
28 KB 83ms
34ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: hd.yalla-shoot.io
URL: https://hd.yalla-shoot.io:2096/m/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

d33fc852271c8e85abe9b52d14bd0aac97f053d9d8a5dcba1d7fb15159724cbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hd.yalla-shoot.io:2096/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 08:37:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28297
x-xss-protection: 0
server: sffe
etag: "1177 / 519 of 1000 / last-modified: 1648850764"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 04 Apr 2022 08:37:54 GMT

GET
H3 200 logo.png
hd.yalla-shoot.io/wp-content/themes/YallaShoot1/img/ 4 KB
5 KB 67ms
67ms Image
image/png 2606:4700:3033::6815:91
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hd.yalla-shoot.io:2096/wp-content/themes/YallaShoot1/img/logo.png
Requested by: Host: hd.yalla-shoot.io
URL: https://hd.yalla-shoot.io:2096/m/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:91 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d66ddf63cfc9a614849bcb959e3b616478106a8754cb9f8ecb8b618977a73209

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hd.yalla-shoot.io:2096/m/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 08:37:54 GMT
cf-cache-status: DYNAMIC
last-modified: Sat, 01 Jan 2022 19:02:44 GMT
server: cloudflare
etag: "61d0a554-fff"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gs6nZzn0x3mk3j0sJH6Vu6PX4%2BPOJcQQJt%2BW%2B%2FgRlO7BbZA9mx6302x73pxzpK4Gaxu2FRocdLdiHY7sjcrw%2F%2FgHPWnU6%2FAwtT8peCvn44JPfsAOMIcETmKbfewP2x17vpRPyWNOd%2FLqJDwnf0SKia3ecvcr"}],"group":"cf-nel","max_age":604800}
content-type: image/png
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6f68b9845e299ba4-FRA
alt-svc: h3=":2096"; ma=86400, h3-29=":2096"; ma=86400
content-length: 4095

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 96 KB
38 KB 76ms
33ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-107335079-1

Requested by

Host: hd.yalla-shoot.io
URL: https://hd.yalla-shoot.io:2096/m/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0155ae4c34de8746eaece5c99d7d2c6b03a90f2f71358eb06794fb6550081e15

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hd.yalla-shoot.io:2096/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 08:37:54 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38068
x-xss-protection: 0
last-modified: Mon, 04 Apr 2022 06:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 04 Apr 2022 08:37:54 GMT

GET
H3 200 lazyload.js Show response
hd.yalla-shoot.io/wp-content/themes/YallaShoot1/js/ 7 KB
3 KB 66ms
65ms Script
application/javascript 2606:4700:3033::6815:91
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hd.yalla-shoot.io:2096/wp-content/themes/YallaShoot1/js/lazyload.js
Requested by: Host: hd.yalla-shoot.io
URL: https://hd.yalla-shoot.io:2096/m/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:91 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b4b49d4d31bafde40cecd2f1810924311d1c8e3809fbaaddc3a1578c3e18b34e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hd.yalla-shoot.io:2096/m/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 08:37:54 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Sun, 02 Jan 2022 15:54:22 GMT
server: cloudflare
etag: W/"61d1caae-1c9f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XS4R8l%2Bx0pHUR8PYkCNtaGoFaL9MODuNIUn1MMizCkQ%2FJwQVYC39VocKiNrIo1TEBoRWaHQaIvtTG6rrZAjEqedbHQedn64HLk1YYCIYPXYdaRZiUjsQbRw16QyRLt5srtdXaefOzLpJhYVoK%2BjdppduvZ0k"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6f68b9846e349ba4-FRA
alt-svc: h3=":2096"; ma=86400, h3-29=":2096"; ma=86400

GET
DATA 200
OK truncated
/ 451 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: de103d5f4ad393bb96697192045e2f571c47b491690081364d746755fbc9a3f9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
DATA 200
OK truncated
/ 401 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c5a8cec60b5774c8e0ea5d3feed60f15820528d3cf18a4634cd29c6b23baa2b4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
DATA 200
OK truncated
/ 944 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 183a8a45d21c9e08f327306b313a677e14df544b7fbe005f832bae1ae0828f4a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
DATA 200
OK truncated
/ 248 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 50b355d30ddbdcfbc57eb2a32734c6574995395b4c64f278ce270f8646b5f3b4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
DATA 200
OK truncated
/ 460 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 725695280088b4a7f1f43936b2ff0ec321040d4921c1b782e97c74cc5c89e02f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
H3 200 NeoSansArabic.woff
hd.yalla-shoot.io/wp-content/themes/YallaShoot1/fonts/ 56 KB
57 KB 43ms
42ms Font
font/woff 2606:4700:3033::6815:91
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hd.yalla-shoot.io:2096/wp-content/themes/YallaShoot1/fonts/NeoSansArabic.woff
Requested by: Host: hd.yalla-shoot.io
URL: https://hd.yalla-shoot.io:2096/m/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:91 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 18588f1581eeeebaef76be52d09261c5c1a886d1a02ede533adb62c334d122e6

Request headers

Referer: https://hd.yalla-shoot.io:2096/m/
Origin: https://hd.yalla-shoot.io:2096
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 08:37:54 GMT
cf-cache-status: DYNAMIC
last-modified: Sat, 01 Jan 2022 19:02:44 GMT
server: cloudflare
etag: "61d0a554-e014"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cSQWSYU%2FmjR62yC40wHMjZrmxOChZ86dAztDEw6seBjVW8S8tVuPvHmFLe3il2ttlRNhwZu0L9iLF%2BArOCo%2BoYlmjdmooEiZO6keQmup2EdXDSroH9Z%2FfH%2FtT52x3sbAN9F7On4xeDqUhvs3qdLOtvgopPQ5"}],"group":"cf-nel","max_age":604800}
content-type: font/woff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6f68b9846e419ba4-FRA
alt-svc: h3=":2096"; ma=86400, h3-29=":2096"; ma=86400
content-length: 57364

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 500 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0bc8ca412c2757b04141fe0ceff1706842aa84596b18c889668718146c7778ea

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET
H3 200 VoKsJ6RitaHGhsM62e6AXQ_96x96.png
hd.yalla-shoot.io/wp-content/uploads/2021/07/ 8 KB
9 KB 32ms
31ms Image
image/png 2606:4700:3033::6815:91
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hd.yalla-shoot.io:2096/wp-content/uploads/2021/07/VoKsJ6RitaHGhsM62e6AXQ_96x96.png
Requested by: Host: hd.yalla-shoot.io
URL: https://hd.yalla-shoot.io:2096/m/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:91 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 28c33e9f6778c5ecef99513343b186c525965b39d6c243c4d676b65980afd81e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hd.yalla-shoot.io:2096/m/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 08:37:54 GMT
cf-cache-status: DYNAMIC
last-modified: Sat, 24 Jul 2021 05:26:30 GMT
server: cloudflare
etag: "60fba486-2194"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7%2Bkd%2FGWsCosutK%2Bd7DRrcPDVzadX2Txc%2FgFOn2Gwj7dogJVj9pNWjunuvelLY9OwqJYxCXUJNN132SZmHAOa%2FfWVUd2sMrBIcWhx3Ps6WW36eCmbVxranOS3ml6OX9F%2B%2BWJK3zGPe%2Fgw5t1WoIMujLpuX39C"}],"group":"cf-nel","max_age":604800}
content-type: image/png
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6f68b984df0c9ba4-FRA
alt-svc: h3=":2096"; ma=86400, h3-29=":2096"; ma=86400
content-length: 8596

GET
H3 200 bologna.png
hd.yalla-shoot.io/wp-content/uploads/2021/10/ 9 KB
9 KB 37ms
36ms Image
image/png 2606:4700:3033::6815:91
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hd.yalla-shoot.io:2096/wp-content/uploads/2021/10/bologna.png
Requested by: Host: hd.yalla-shoot.io
URL: https://hd.yalla-shoot.io:2096/m/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:91 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c3ad006b390607f774d61b6ba65b6bc0216b92f4a68b9982fba448df6ddbc4ce

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hd.yalla-shoot.io:2096/m/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 08:37:54 GMT
cf-cache-status: DYNAMIC
last-modified: Sat, 23 Oct 2021 03:32:05 GMT
server: cloudflare
etag: "61738235-22d4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oVdecp2QAjRJUb0TmFAArIOw2Oana5iez9Jdjk2qvSAeOj47a0otfBy%2FHihLuCTnS5UQtE6qR85TcDe%2FEj6D4d9eQL30kesnpABql56v2bqTEon7b7VE9b4Hpv7mHewhVEv949%2Bl41Kg2F5Wps9rZHypSlIA"}],"group":"cf-nel","max_age":604800}
content-type: image/png
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6f68b984df0d9ba4-FRA
alt-svc: h3=":2096"; ma=86400, h3-29=":2096"; ma=86400
content-length: 8916

GET
H3 200 8piQOzndGmApKYTcvyN9vA_96x96.png
hd.yalla-shoot.io/wp-content/uploads/2021/08/ 11 KB
12 KB 33ms
32ms Image
image/png 2606:4700:3033::6815:91
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hd.yalla-shoot.io:2096/wp-content/uploads/2021/08/8piQOzndGmApKYTcvyN9vA_96x96.png
Requested by: Host: hd.yalla-shoot.io
URL: https://hd.yalla-shoot.io:2096/m/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:91 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 300f287e77598e64c4b5951157b0a3764b1f42d31023a107500f28bba61f43c1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hd.yalla-shoot.io:2096/m/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 08:37:54 GMT
cf-cache-status: DYNAMIC
last-modified: Sat, 14 Aug 2021 02:07:33 GMT
server: cloudflare
etag: "61172565-2cb6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NmXDwOEkhSfZzIY2hQjXr%2Ftzq96rsU4qzjBVScw7Ut6aGGZueHgs7EJSiKWy6XA%2FjUGdqo6FlZGU4hxrrJ0by5Fp9Bco2nOqxa8ZJBagvBjoXVrARL5dNh%2BIQXYYUc5gsDp8Yam%2BT7T9nD0zSPDzN1Llc0EU"}],"group":"cf-nel","max_age":604800}
content-type: image/png
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6f68b984df109ba4-FRA
alt-svc: h3=":2096"; ma=86400, h3-29=":2096"; ma=86400
content-length: 11446

GET
H3 200 4us2nCgl6kgZc0t3hpW75Q_96x96.png
hd.yalla-shoot.io/wp-content/uploads/2021/07/ 10 KB
11 KB 49ms
47ms Image
image/png 2606:4700:3033::6815:91
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hd.yalla-shoot.io:2096/wp-content/uploads/2021/07/4us2nCgl6kgZc0t3hpW75Q_96x96.png
Requested by: Host: hd.yalla-shoot.io
URL: https://hd.yalla-shoot.io:2096/m/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:91 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 37dd18a296e3d20dd8168ba27f43252af6016711bd2f54d0704d702c930cee2d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hd.yalla-shoot.io:2096/m/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 08:37:54 GMT
cf-cache-status: DYNAMIC
last-modified: Tue, 13 Jul 2021 01:33:05 GMT
server: cloudflare
etag: "60eced51-28f2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cORhcIPRizsvQNf81uOSazyheOanrkO1ZjGXEcFGsLX6%2BaGsDSVAsgtftjei8Rm8rKrRUCv%2B0zDgNCNXN020JG9oKctmDBtZrzMmyffqL4rJXQoWbM7iJfeLdh2cnj5QvZHtzsnjtBZe19p8jeZmfONQUdrQ"}],"group":"cf-nel","max_age":604800}
content-type: image/png
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6f68b984df149ba4-FRA
alt-svc: h3=":2096"; ma=86400, h3-29=":2096"; ma=86400
content-length: 10482

GET
H3 200 5yyzMyBmafK6hScIzlIx4Q_96x96-1.png
hd.yalla-shoot.io/wp-content/uploads/2021/08/ 10 KB
11 KB 48ms
46ms Image
image/png 2606:4700:3033::6815:91
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hd.yalla-shoot.io:2096/wp-content/uploads/2021/08/5yyzMyBmafK6hScIzlIx4Q_96x96-1.png
Requested by: Host: hd.yalla-shoot.io
URL: https://hd.yalla-shoot.io:2096/m/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:91 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 257bd8aa57a3c0f12f6e50ad641a72238e56cb085cda6ffa9f76fb3481627270

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hd.yalla-shoot.io:2096/m/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 08:37:54 GMT
cf-cache-status: DYNAMIC
last-modified: Sat, 21 Aug 2021 09:24:48 GMT
server: cloudflare
etag: "6120c660-27f4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g9jlGOtRGyBtO6Jhswh9lup%2FkysaRfEoU4j%2F7yxaTVGTNlpUHZNaSTIY1agMWhNT3NAVp22gE3Wr5qjIFFxjwWA2GFn3pzGDptIJZzTUIHTXP0nnuu0X7VQtNMg6nzT6zX9eaclog7PvHnG5ZZOlyqo35ez7"}],"group":"cf-nel","max_age":604800}
content-type: image/png
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6f68b984df1a9ba4-FRA
alt-svc: h3=":2096"; ma=86400, h3-29=":2096"; ma=86400
content-length: 10228

GET
H3 200 PEguKntDUcic44Rqa7JdEw_96x96.png
hd.yalla-shoot.io/wp-content/uploads/2021/12/ 9 KB
10 KB 54ms
52ms Image
image/png 2606:4700:3033::6815:91
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hd.yalla-shoot.io:2096/wp-content/uploads/2021/12/PEguKntDUcic44Rqa7JdEw_96x96.png
Requested by: Host: hd.yalla-shoot.io
URL: https://hd.yalla-shoot.io:2096/m/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:91 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 41639d9dacd382913d7dffce2dbcae0b529e00eb071d8dcf18d47dc6c77f2cae

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hd.yalla-shoot.io:2096/m/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 08:37:54 GMT
cf-cache-status: DYNAMIC
last-modified: Sat, 25 Dec 2021 23:44:52 GMT
server: cloudflare
etag: "61c7acf4-2438"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=myIE73vTdzILh4%2BLUMBNBv8p1%2BlwfgOs87CQ6%2BNy90%2FeRWiO0HGaT2uPD6yJjJ7aMw7ACv93DP8%2Frouc9lDdejUW9kvk6n3%2FmfM3QgZeejcCQH8mSXSjyHPZiQhYApkFyM%2BWIr4rlh5CjpZ31cpiFl3Pz%2FxS"}],"group":"cf-nel","max_age":604800}
content-type: image/png
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6f68b984df1d9ba4-FRA
alt-svc: h3=":2096"; ma=86400, h3-29=":2096"; ma=86400
content-length: 9272

GET
H3 200 Raja-Club-Vs-Es-Setif-300x157.jpg
hd.yalla-shoot.io/wp-content/uploads/2022/04/ 14 KB
14 KB 50ms
47ms Image
image/jpeg 2606:4700:3033::6815:91
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hd.yalla-shoot.io:2096/wp-content/uploads/2022/04/Raja-Club-Vs-Es-Setif-300x157.jpg
Requested by: Host: hd.yalla-shoot.io
URL: https://hd.yalla-shoot.io:2096/m/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:91 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4e00b87b9f44d18a4e0624d8a8d0b8d4e73f33aeb02a4448b476819551b46959

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hd.yalla-shoot.io:2096/m/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 08:37:54 GMT
cf-cache-status: DYNAMIC
last-modified: Sun, 03 Apr 2022 04:39:40 GMT
server: cloudflare
etag: "6249250c-36c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Am%2Fe%2FsfPaK2y0BJJOj8YJZqVWctftrHElvi%2Bxl0ExaaxtGLW0V%2FSYcVF5bAumJEY92gb7KWZUTAVwTwPxqZb4MujhlvuwUy5LYsvt87nyZDbTjF7tScxdi8XNXRUeNaRN3EIZRbe4sVmiNuOlsSoUTm84P6N"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6f68b984df1f9ba4-FRA
alt-svc: h3=":2096"; ma=86400, h3-29=":2096"; ma=86400
content-length: 14016

GET
H3 200 Al-Ahly-Vs-Al-Hilal-300x157.jpg
hd.yalla-shoot.io/wp-content/uploads/2022/04/ 14 KB
14 KB 33ms
31ms Image
image/jpeg 2606:4700:3033::6815:91
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hd.yalla-shoot.io:2096/wp-content/uploads/2022/04/Al-Ahly-Vs-Al-Hilal-300x157.jpg
Requested by: Host: hd.yalla-shoot.io
URL: https://hd.yalla-shoot.io:2096/m/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:91 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7b4cf9257e24c1889f6ec117dd6cbac33fc5f8fd0e353a955d382966a94daaf8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hd.yalla-shoot.io:2096/m/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 08:37:54 GMT
cf-cache-status: DYNAMIC
last-modified: Sun, 03 Apr 2022 04:30:00 GMT
server: cloudflare
etag: "624922c8-37a7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aFm97Ru4LSmymb7oq46XL2LcGHuytDzfB%2FfQ%2BC%2FKZXeKygnxC6vMQ3rBUsQ2wvTiVBnLGr4GuEbKymge%2B5CPXbKRNEhRQROydQ11id4QxdrWxUwv01xpPaiDSecPTHOlDwF%2B0vFExZRbl63U3WOU9HGb4mKL"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6f68b984df219ba4-FRA
alt-svc: h3=":2096"; ma=86400, h3-29=":2096"; ma=86400
content-length: 14247

GET
H3 200 Al-Hilal-Vs-Al-Shabab-300x157.jpg
hd.yalla-shoot.io/wp-content/uploads/2022/04/ 14 KB
14 KB 50ms
47ms Image
image/jpeg 2606:4700:3033::6815:91
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hd.yalla-shoot.io:2096/wp-content/uploads/2022/04/Al-Hilal-Vs-Al-Shabab-300x157.jpg
Requested by: Host: hd.yalla-shoot.io
URL: https://hd.yalla-shoot.io:2096/m/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:91 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2c691f2ba220277ace9e35906a561ac156db7d4e78f119581f7eb3eaa71370bd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hd.yalla-shoot.io:2096/m/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 08:37:54 GMT
cf-cache-status: DYNAMIC
last-modified: Sun, 03 Apr 2022 04:21:05 GMT
server: cloudflare
etag: "624920b1-3600"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QwfY9N8Kr9bjzx1suHWA7zkWUEYRtq2owjeYfM%2BlW9RRDCQhc5HRCjm6ci1NwW%2BVtCvwZPsRLlBjokUz0u%2Flz08pW4%2FIa4BQBsaIxAH3Aa8d6m1s558oBKjPkBtWR25fTMXO2JRbuU%2F7QjvUaScwwzf2lk69"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6f68b984df239ba4-FRA
alt-svc: h3=":2096"; ma=86400, h3-29=":2096"; ma=86400
content-length: 13824

GET
H3 200 Barcelona-Vs-Sevilla-300x157.jpg
hd.yalla-shoot.io/wp-content/uploads/2022/04/ 13 KB
14 KB 54ms
52ms Image
image/jpeg 2606:4700:3033::6815:91
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hd.yalla-shoot.io:2096/wp-content/uploads/2022/04/Barcelona-Vs-Sevilla-300x157.jpg
Requested by: Host: hd.yalla-shoot.io
URL: https://hd.yalla-shoot.io:2096/m/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:91 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1ae9c0d7c03c9e7a7fdf7fc880edaed0bacc60ef078f2fdf49aaaf48847e74db

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hd.yalla-shoot.io:2096/m/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 08:37:54 GMT
cf-cache-status: DYNAMIC
last-modified: Sat, 02 Apr 2022 04:34:07 GMT
server: cloudflare
etag: "6247d23f-35c9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rC9aajRWWwg5gJ2nIjUR7PUciTEOBLuXBZ8IbIOR%2F2rQ9ejPos%2Bn62I3clUNU06i1OAKOgydk74U%2Fz%2BbG835H7%2BaRX4NHNoVk3mpVh8NpOyf99klqvT%2BoNBvHw5G7DbP5sxptI37T0njs2zjVYMYBHcFsnCv"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6f68b984df259ba4-FRA
alt-svc: h3=":2096"; ma=86400, h3-29=":2096"; ma=86400
content-length: 13769

GET
H3 200 Juventus-Vs-Inter-300x157.jpg
hd.yalla-shoot.io/wp-content/uploads/2022/04/ 13 KB
14 KB 63ms
61ms Image
image/jpeg 2606:4700:3033::6815:91
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hd.yalla-shoot.io:2096/wp-content/uploads/2022/04/Juventus-Vs-Inter-300x157.jpg
Requested by: Host: hd.yalla-shoot.io
URL: https://hd.yalla-shoot.io:2096/m/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:91 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 75328f63d0132f422b0bb6f77b09386f8e7ad2691eb9ec071d68bdb5dffb2a3d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hd.yalla-shoot.io:2096/m/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 08:37:54 GMT
cf-cache-status: DYNAMIC
last-modified: Sat, 02 Apr 2022 04:26:55 GMT
server: cloudflare
etag: "6247d08f-35bd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YWJ%2BS0F9DgaLAAl7FUz%2Bk0nWY0kCzM77a6z0PdGgZEo8Rv3NPXKYRACsr2oEFjFn36t3QpvdwIu7YuPSzvvoanBBasY7W%2FlgDMotftSK5m4at8pGBptJ7CcKX8%2BodOsFrf3a45UyDUaAveSlmiZ3P%2Bec4tAk"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6f68b984df279ba4-FRA
alt-svc: h3=":2096"; ma=86400, h3-29=":2096"; ma=86400
content-length: 13757

GET
H3 200 Paris-Sg-Vs-Lorient-300x157.jpg
hd.yalla-shoot.io/wp-content/uploads/2022/04/ 14 KB
14 KB 45ms
43ms Image
image/jpeg 2606:4700:3033::6815:91
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hd.yalla-shoot.io:2096/wp-content/uploads/2022/04/Paris-Sg-Vs-Lorient-300x157.jpg
Requested by: Host: hd.yalla-shoot.io
URL: https://hd.yalla-shoot.io:2096/m/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:91 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5afccded806975af4d489d80eec03c867d6d8455b094b01abd9a788fa18dc41e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hd.yalla-shoot.io:2096/m/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 08:37:54 GMT
cf-cache-status: DYNAMIC
last-modified: Sat, 02 Apr 2022 04:21:19 GMT
server: cloudflare
etag: "6247cf3f-363c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QL82DO%2BjhY9O8hmycjWSGSOgi7hby9w9IrsHZOEbEbbOS%2BPMrIDyZdxTT0BpH%2FxNNRveNL7bKh7Jm6tiA10Lz6Be088y5g%2BEjtZ%2BSZSCpWrxS8PfemhoUMkzq98jMyFyS%2FB2VMotff3XuwWIPcyIj9E2RnmR"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6f68b984df299ba4-FRA
alt-svc: h3=":2096"; ma=86400, h3-29=":2096"; ma=86400
content-length: 13884

GET
H3 200 mazembe-vs-el-masry-300x157.jpg
hd.yalla-shoot.io/wp-content/uploads/2022/04/ 14 KB
14 KB 45ms
43ms Image
image/jpeg 2606:4700:3033::6815:91
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hd.yalla-shoot.io:2096/wp-content/uploads/2022/04/mazembe-vs-el-masry-300x157.jpg
Requested by: Host: hd.yalla-shoot.io
URL: https://hd.yalla-shoot.io:2096/m/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:91 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4eba83a2f7780de6d5262709bc88dacc0865a801ce775799abb3e022e14d000a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hd.yalla-shoot.io:2096/m/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 08:37:54 GMT
cf-cache-status: DYNAMIC
last-modified: Sat, 02 Apr 2022 04:07:50 GMT
server: cloudflare
etag: "6247cc16-369e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gxx5SEkM%2BQuROibMxQj%2FihH08qjxXP3P6re0zCzNewN%2FP1tZu5UGqn2mGBYG0zN%2BDStHUn674On1Oa77gk8LlBRExKasnyLXgSo0TB5Ca14Se4JklAqDILg9jR%2BuuGcbaaXrVp91wq7ZhV4oZrzC6cTkdeQa"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6f68b984df2a9ba4-FRA
alt-svc: h3=":2096"; ma=86400, h3-29=":2096"; ma=86400
content-length: 13982

GET
H3 200 Wydad-Ac-Vs-Petro-Atletico-De-Luanda-300x157.jpg
hd.yalla-shoot.io/wp-content/uploads/2022/04/ 14 KB
14 KB 64ms
63ms Image
image/jpeg 2606:4700:3033::6815:91
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hd.yalla-shoot.io:2096/wp-content/uploads/2022/04/Wydad-Ac-Vs-Petro-Atletico-De-Luanda-300x157.jpg
Requested by: Host: hd.yalla-shoot.io
URL: https://hd.yalla-shoot.io:2096/m/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:91 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c4c880a7f8ea867ce790f194de65783df5e6e36b276f3afd2a9f95d4e04d2f02

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hd.yalla-shoot.io:2096/m/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 08:37:54 GMT
cf-cache-status: DYNAMIC
last-modified: Sat, 02 Apr 2022 03:59:30 GMT
server: cloudflare
etag: "6247ca22-366d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F89yX9ebsUkYnirefi0sSqq4IbhaIUM3xzJGR%2BDjLtrlaQPTAVMZrhe8PV54bHGSoApgAH3DSvZecYixWEDIH5lzb4SJA%2BdmzsLhAS0knZs8rNeSaBBpmUS%2B%2FdCNypQDy012uxixPbJwbIVdcozP4XWAeh5i"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6f68b984df2c9ba4-FRA
alt-svc: h3=":2096"; ma=86400, h3-29=":2096"; ma=86400
content-length: 13933

GET
H3 200 Esperance-Tunis-Vs-Cr-Belouizdad-300x157.jpg
hd.yalla-shoot.io/wp-content/uploads/2022/04/ 14 KB
15 KB 64ms
63ms Image
image/jpeg 2606:4700:3033::6815:91
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hd.yalla-shoot.io:2096/wp-content/uploads/2022/04/Esperance-Tunis-Vs-Cr-Belouizdad-300x157.jpg
Requested by: Host: hd.yalla-shoot.io
URL: https://hd.yalla-shoot.io:2096/m/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:91 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 53c6f4d37fbade902178cc0299397472934bb3c16803f229a85fdf809f6ae6cb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hd.yalla-shoot.io:2096/m/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 08:37:54 GMT
cf-cache-status: DYNAMIC
last-modified: Sat, 02 Apr 2022 03:51:24 GMT
server: cloudflare
etag: "6247c83c-3814"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o2FX%2FWldcqVTPnhvjWIKkJtYI1hFjxtnME55RQvOgRl3hcJPQHzpW%2F9ishAiiygDq8ni%2FC7ekKHHsuzJviQOKrgvAUHsd4pn6DqbudokwWTvyuzbS84joniz4uDpRCnHODUyGOEcPpFGSI4mqoLv6LPKTRnF"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6f68b984df2d9ba4-FRA
alt-svc: h3=":2096"; ma=86400, h3-29=":2096"; ma=86400
content-length: 14356

GET
H3 200 Atletico-Madrid-Vs-Alaves-300x157.jpg
hd.yalla-shoot.io/wp-content/uploads/2022/04/ 14 KB
14 KB 64ms
63ms Image
image/jpeg 2606:4700:3033::6815:91
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hd.yalla-shoot.io:2096/wp-content/uploads/2022/04/Atletico-Madrid-Vs-Alaves-300x157.jpg
Requested by: Host: hd.yalla-shoot.io
URL: https://hd.yalla-shoot.io:2096/m/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:91 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 132ee5eb3ae2d527cadc1ffde1be983c79ee2afaf575a50fb86b3290afb4da3a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hd.yalla-shoot.io:2096/m/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 08:37:54 GMT
cf-cache-status: DYNAMIC
last-modified: Fri, 01 Apr 2022 04:27:38 GMT
server: cloudflare
etag: "62467f3a-3612"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SVKmh8DBAsqAZQYHT88y5szQ74qXfMBhDvediy096%2FMwxF7xg89QEmAq3DZNM8tmoX4rSsqwxMBoOMIv1fWz0l0koB8ac6nNeC%2B5AAd9NfMUxR34ZQhFZ%2FTJwos7%2Fi4DKqhfYoONaI2eRZAFACeUK6Ffi6iY"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6f68b984df2f9ba4-FRA
alt-svc: h3=":2096"; ma=86400, h3-29=":2096"; ma=86400
content-length: 13842

GET
H3 200 Celta-De-Vigo-Vs-Real-Madrid-300x157.jpg
hd.yalla-shoot.io/wp-content/uploads/2022/04/ 13 KB
14 KB 65ms
64ms Image
image/jpeg 2606:4700:3033::6815:91
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hd.yalla-shoot.io:2096/wp-content/uploads/2022/04/Celta-De-Vigo-Vs-Real-Madrid-300x157.jpg
Requested by: Host: hd.yalla-shoot.io
URL: https://hd.yalla-shoot.io:2096/m/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:91 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0b8c4e63ec70a9085485178bf185cf57d5153f8d545ffa3627fb017c9d623fad

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hd.yalla-shoot.io:2096/m/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 08:37:54 GMT
cf-cache-status: DYNAMIC
last-modified: Fri, 01 Apr 2022 04:20:57 GMT
server: cloudflare
etag: "62467da9-34ff"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Tjyss8SnpHthlOEzDkpdw4%2F9yIjpAT6qXZ%2BuNGy9XzKfK9sR%2BE6Kue8hQ3vvh0ID8i0wWqBQ6A%2BjW7ssIrCxrRq%2FVKUjecuDJUuXojNyGAozuTsfQEROr2Fq8zimXU5akROBotVfkTAWa%2BsWFnXmqBubsb7N"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6f68b984df309ba4-FRA
alt-svc: h3=":2096"; ma=86400, h3-29=":2096"; ma=86400
content-length: 13567

GET
H3 200 Dortmund-Vs-Leipzig-300x157.jpg
hd.yalla-shoot.io/wp-content/uploads/2022/04/ 14 KB
14 KB 65ms
64ms Image
image/jpeg 2606:4700:3033::6815:91
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hd.yalla-shoot.io:2096/wp-content/uploads/2022/04/Dortmund-Vs-Leipzig-300x157.jpg
Requested by: Host: hd.yalla-shoot.io
URL: https://hd.yalla-shoot.io:2096/m/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:91 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b786104daa7a2898e96f965a09b193a5fa68b6aec76ee8fb2e252e10dcd4338d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hd.yalla-shoot.io:2096/m/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 08:37:54 GMT
cf-cache-status: DYNAMIC
last-modified: Fri, 01 Apr 2022 04:14:14 GMT
server: cloudflare
etag: "62467c16-36ad"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J%2FSj9Rj0oVLkO9zjcnLr1iwXRCzJpmL5%2F9VUleOQCDSh3lzFfQz5XXIicH%2BU2D88A7jeMwld7dZZaezjdjI%2BI1ODq%2Bw6q7p8e4fKisRV71jdRLmwK104NooqCyDm1XoSYSHbvm4A5HgFxIp4Bj3bFD1lXV27"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6f68b984df379ba4-FRA
alt-svc: h3=":2096"; ma=86400, h3-29=":2096"; ma=86400
content-length: 13997

GET
H3 200 pubads_impl_2022032907.js Show response
securepubads.g.doubleclick.net/gpt/ 367 KB
125 KB 40ms
16ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032907.js?cb=31066036

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

3122eb769afe3611fa87c42581d5478642d7082432237fd0e0ec62387cb0873f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hd.yalla-shoot.io:2096/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 22:30:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 382070
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 127892
x-xss-protection: 0
last-modified: Tue, 29 Mar 2022 19:40:50 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 30 Mar 2023 22:30:04 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 178 B
145 B 51ms
27ms XHR
application/json 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=hd.yalla-shoot.io%3A2096

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

ef3cd42ee43cad75a80a68212f6945c8ad7fb4dd4de5a27ebc0c36635531aa0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hd.yalla-shoot.io:2096/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 08:37:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 120
x-xss-protection: 0
expires: Mon, 04 Apr 2022 08:37:54 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 238ms
18ms Script
text/javascript 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-107335079-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hd.yalla-shoot.io:2096/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 1988
date: Mon, 04 Apr 2022 08:04:46 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Mon, 04 Apr 2022 10:04:46 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 74ms
28ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=hd.yalla-shoot.io

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032907.js?cb=31066036

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hd.yalla-shoot.io:2096/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 08:37:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 72ms
27ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=hd.yalla-shoot.io

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032907.js?cb=31066036

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hd.yalla-shoot.io:2096/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 08:37:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 124 KB
33 KB 1425ms
1424ms XHR
text/plain 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2036252058317100&correlator=3309740461121808&eid=31065999%2C31066036%2C31064225%2C31061828%2C44761144&output=ldjh&gdfp_req=1&vrg=2022032907&ptt=17&impl=fif&iu_parts=21939239661%3A22405246745%2Capl%2Cinter&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=1x1&ifi=1&adks=4290626634&sfv=1-0-38&ecs=20220404&ists=1&fas=8&fsapi=false&sc=1&cookie_enabled=1&abxe=1&dt=1649061474376&lmt=1649061474&dlt=1649061473951&idt=392&biw=1600&bih=1200&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fhd.yalla-shoot.io%3A2096%2Fm%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=0x-1&msz=0x-1&fws=2&ohw=0&ga_vid=2063892645.1649061474&ga_sid=1649061474&ga_hid=2053990681&ga_fc=false&btvi=-1&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032907.js?cb=31066036

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

a6b5904a70350dcd550b51499b39cd018cdef8fbba755b49c7655eeef46aa4ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hd.yalla-shoot.io:2096/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 08:37:55 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33245
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://hd.yalla-shoot.io:2096
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 21 KB
9 KB 748ms
747ms XHR
text/plain 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2036252058317100&correlator=3309740461121808&eid=31065999%2C31066036%2C31064225%2C31061828%2C44761144&output=ldjh&gdfp_req=1&vrg=2022032907&ptt=17&impl=fif&iu_parts=21939239661%3A22405246745%2Capl%2Caplmcm%2Ccube&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=300x250%7C336x280&ifi=2&adks=3212919061&sfv=1-0-38&ecs=20220404&fsapi=false&sc=1&cookie_enabled=1&abxe=1&dt=1649061474380&lmt=1649061474&dlt=1649061473951&idt=392&biw=1600&bih=1200&adxs=650&adys=110&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fhd.yalla-shoot.io%3A2096%2Fm%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=1000x0&msz=1000x0&fws=0&ohw=0&ga_vid=2063892645.1649061474&ga_sid=1649061474&ga_hid=2053990681&ga_fc=false&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032907.js?cb=31066036

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

1ac5aa4fe12cdd23f0c0843ffd53b462b93a2efb1e86e0e71ce9d0600f1ef694

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hd.yalla-shoot.io:2096/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 08:37:55 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9603
x-xss-protection: 0
google-lineitem-id: 5504336788
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138326289254
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://hd.yalla-shoot.io:2096
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 21 KB
10 KB 966ms
965ms XHR
text/plain 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2036252058317100&correlator=3309740461121808&eid=31065999%2C31066036%2C31064225%2C31061828%2C44761144&output=ldjh&gdfp_req=1&vrg=2022032907&ptt=17&impl=fif&iu_parts=21939239661%3A22405246745%2Capl%2Caplmcm%2Crich&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=728x90%7C320x50%7C320x100&ifi=3&adks=1242842709&sfv=1-0-38&ecs=20220404&fsapi=false&sc=1&cookie_enabled=1&abxe=1&dt=1649061474382&lmt=1649061474&dlt=1649061473951&idt=392&biw=1600&bih=1200&adxs=436&adys=168&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fhd.yalla-shoot.io%3A2096%2Fm%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=1000x0&msz=1000x0&fws=4&ohw=1000&ga_vid=2063892645.1649061474&ga_sid=1649061474&ga_hid=2053990681&ga_fc=false&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032907.js?cb=31066036

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

074aba7322690bb9710c77e250d936ef4f8744609bd22406be251f9f60ce1385

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hd.yalla-shoot.io:2096/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 08:37:55 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9946
x-xss-protection: 0
google-lineitem-id: 5504336788
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138326328708
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://hd.yalla-shoot.io:2096
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 25 KB
10 KB 375ms
374ms XHR
text/plain 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2036252058317100&correlator=3309740461121808&eid=31065999%2C31066036%2C31064225%2C31061828%2C44761144&output=ldjh&gdfp_req=1&vrg=2022032907&ptt=17&impl=fif&iu_parts=21939239661%3A22405246745%2Capl%2Caplmcm%2Ccube2&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=336x280%7C300x250&ifi=4&adks=1564947952&sfv=1-0-38&ecs=20220404&fsapi=false&sc=1&cookie_enabled=1&abxe=1&dt=1649061474383&lmt=1649061474&dlt=1649061473951&idt=392&biw=1600&bih=1200&adxs=632&adys=588&ucis=4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fhd.yalla-shoot.io%3A2096%2Fm%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=1000x0&msz=1000x0&fws=4&ohw=1000&ga_vid=2063892645.1649061474&ga_sid=1649061474&ga_hid=2053990681&ga_fc=false&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032907.js?cb=31066036

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

c710144c388b2c80f8ff99c5a8e29c39da3e377524f25d72041e6b99490548d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hd.yalla-shoot.io:2096/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 08:37:54 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10362
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://hd.yalla-shoot.io:2096
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 428 B
265 B 223ms
222ms XHR
text/plain 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2036252058317100&correlator=3309740461121808&eid=31065999%2C31066036%2C31064225%2C31061828%2C44761144&output=ldjh&gdfp_req=1&vrg=2022032907&ptt=17&impl=fif&iu_parts=7047%3A22405246745%2Cnativefeedapl&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50&fluid=height&ifi=5&adks=1751743422&sfv=1-0-38&ecs=20220404&fsapi=false&sc=1&cookie_enabled=1&abxe=1&dt=1649061474385&lmt=1649061474&dlt=1649061473951&idt=392&biw=1600&bih=1200&adxs=300&adys=1911&ucis=5&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fhd.yalla-shoot.io%3A2096%2Fm%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=1024x0&msz=1000x0&fws=0&ohw=0&ga_vid=2063892645.1649061474&ga_sid=1649061474&ga_hid=2053990681&ga_fc=false&btvi=1&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032907.js?cb=31066036

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

1f4b2473f064e4fad3d4df0685956b652ecbfc071c92a9bcaa1acfa542f04f18

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hd.yalla-shoot.io:2096/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 08:37:54 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 235
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://hd.yalla-shoot.io:2096
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame B88F 6 KB
4 KB 102ms
27ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032907.js?cb=31066036

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hd.yalla-shoot.io:2096/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 08:37:54 GMT
expires: Tue, 04 Apr 2023 08:37:54 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pubads_impl_page_level_ads_2022032907.js Show response
securepubads.g.doubleclick.net/gpt/ 35 KB
13 KB 17ms
17ms Script
text/javascript 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_page_level_ads_2022032907.js?cb=31066036

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032907.js?cb=31066036

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

sffe /

Resource Hash

d15d1d7a1825e2bc3100264e68755d15931cfaed248f2c541c4dfe523b3929da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hd.yalla-shoot.io:2096/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 22:30:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 382053
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13203
x-xss-protection: 0
last-modified: Tue, 29 Mar 2022 19:40:50 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 30 Mar 2023 22:30:21 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 50ms
25ms XHR
text/plain 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=2053990681&t=pageview&_s=1&dl=https%3A%2F%2Fhd.yalla-shoot.io%2Fm%2F&ul=en-us&de=UTF-8&dt=%D9%8A%D9%84%D8%A7%20%D8%B4%D9%88%D8%AA%20%D8%A7%D9%84%D8%AC%D8%AF%D9%8A%D8%AF%20%D8%A7%D9%84%D8%B1%D8%B3%D9%85%D9%8A%20%7C%20Yalla%20Shoot%20New%20%D8%A3%D9%87%D9%85%20%D9%85%D8%A8%D8%A7%D8%B1%D9%8A%D8%A7%D8%AA%20%D8%A7%D9%84%D9%8A%D9%88%D9%85%20%D8%A8%D8%AB%20%D9%85%D8%A8%D8%A7%D8%B4%D8%B1%20%D8%AC%D9%88%D8%A7%D9%84&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YAhAAUABAAAAAC~&jid=1368004257&gjid=1228964450&cid=2063892645.1649061474&tid=UA-107335079-1&_gid=633900675.1649061474&_r=1&gtm=2ou3u0&z=1327521421

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://hd.yalla-shoot.io:2096/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 08:37:54 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://hd.yalla-shoot.io:2096
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 82ms
32ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022032907&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032907.js?cb=31066036

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ff7b8783e6d2795679723629ed1bd1331c223e0faf0fc9fd3deb67b03c78ea1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hd.yalla-shoot.io:2096/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 08:37:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10754
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 87ms
41ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032907.js?cb=31066036

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hd.yalla-shoot.io:2096/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 08:37:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 04 Apr 2022 08:37:54 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame B66B 13 KB
5 KB 46ms
18ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hd.yalla-shoot.io:2096/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 99
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 08:36:15 GMT
expires: Tue, 04 Apr 2023 08:36:15 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame AAF8 783 B
1 KB 74ms
28ms Document
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

6670d2ec810a340077c652c696d03e814755229a558f343993df740890f7b4fc

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-J3m/uJz3dfAjAnj3fekFYg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hd.yalla-shoot.io:2096/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-J3m/uJz3dfAjAnj3fekFYg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 08:37:54 GMT
expires: Mon, 04 Apr 2022 08:37:54 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 V_I9kkE0weacsZYJ7hXHsf1U2l7Bs5zHQi7wjQJaUfA.js Show response
pagead2.googlesyndication.com/bg/ Frame B66B 35 KB
13 KB 47ms
19ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/V_I9kkE0weacsZYJ7hXHsf1U2l7Bs5zHQi7wjQJaUfA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

57f23d924134c1e69cb19609ee15c7b1fd54da5ec1b39cc7422ef08d025a51f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 08:30:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 469
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13731
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 04 Apr 2023 08:30:05 GMT

GET
H3 200 container.html Show response
0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 8BE8 6 KB
3 KB 48ms
19ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032907.js?cb=31066036

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hd.yalla-shoot.io:2096/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 08:37:54 GMT
expires: Tue, 04 Apr 2023 08:37:54 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame AAF8 0
0 71ms
71ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022032907&jk=2036252058317100&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 576D 624 B
976 B 74ms
29ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJW2SxDHxKr-AhiF_ui7ATAB&v=APEucNXmPwCn-K7YSOA4QRe9Ou_Kg5rT13vtpvmQFwQKaBf6il42YbJ1ces7-cklw3ca-OL5tm2kBvoseF7e5osMUMXgNngzAfsEv3tIe1L_Da1PygoygR7eQPjnCaoFN2V6fRlffTOO-kKfzZLndFuVMGp58mfLnIHsx_9E24j0Fb4RVjVz8S0

Requested by

Host: 0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com
URL: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 276
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 08:37:54 GMT
expires: Mon, 04 Apr 2022 08:37:54 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 8BE8 14 KB
11 KB 92ms
48ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CsK0wPqjbo7O2s8KfxbM8KmTuPhHsuP1rdmp7324v8_-0WNwLZOUjk1mlimmdSOplTZ-ysW0t9X0eHVqHijuxq4UVP5qOGgI1dq93vmqiek4lPJ0YQZLbqOb7_tpyBAhQVWa0PJugtn798xTmm79JEMDCREg&dbm_d=AKAmf-D0A4ZqjlpUaepg293Ph_Qf3RS0ImxQR6rQakinW8GdsauF40iYXQa90b88R_493mUphFifoWNPZ6s_9nNxU_lbj-AnnZmxSk4SBie6yKITFrFEmhn_1VY3bXFr_pYEBq8V2vtquWlDPuPfQnpgzlhJgna1DQxkBkpQk2D5AqDUe-5iOwE6FQ7C4oDtvsgRxrPDsdRghGAq1GCX2lYzDabSH7_yA6QogzV6ygeakiDlT3qumcI3zJwnPcB5Uw_QbRUqR_nI3T4ind-0dajpln6vGrHmWX59k-0d9sHd87XM3PGMW1yjdWKgB166Q-Y3llHV6d7kCZ4a67Hst1jBK9EH4sBJlwXVNhVY74LmIhH2gBeq1iivlTaKczEwhSSoCua0xmXNeacsTJTvUl1n2q1ivm78xfw7yvnJn8IZgWeg3V7neyvjw9921buOQkGX2nM_wmwSmev4grfcTJjmpkGk7F6gZUI5ruQZyL6MhxDA7ZJAiH_Lx-OlnNezk8YyNco35VbbZMMGkZyhoMKd0fNDErHWdlp1LSUaDbkT_GYgukRRgs1ixL87AMYKzKNGWvUkHUuhqb3YgZw4nkgeL4YTNPCN6B06-MJMt5vpcv2Pk4qYDmZQoFw_PeFfgMNlRoIXoabjlpbqQTU0Rf1ifMNmHz7eMrclEWL4M0bu9GJNH2SFq1qrHS4e-JsRuUgoI0dRkZBzVuuaoYKTXcgiyHIwvWTEUClCdnqmjAjDMnqvO1BcPN4vsscgHLHe9T5sjO9PMiCN-m3LrkMeyI9d9kvdTBssTMa_Wz13XCKUTSpc_SXMQWbNjA5Jv2YBbTHae_Uux-lQOdAFPp3ZVFrTA6817FpsPHn17S8bzWJ0OE5ZzPTseaiaSpdj2Z1zZ75ZyTfGFOVVau5xXy5jg2DwV2tVeYn1fAZ35JApZGsJzshqtqRMpic93I6uDKJz5ytgyyNQpmyFNaiaAkXnau7xkge8dFExTVypNCxiDazXyoEP_yMPUMgUuZsdcQpLiu0NF1w5yULRSQFBpVir9o7rJ1eLIAxPLRPXazc1u7VfJL7jjYvP5wgnU8mjm3LojNPEwrM7wyrnXteUOXqY1VqOABgY_5ncK8UUO2kq70EhHfU1sZnIelaIs_UqWCavwBRJzvnaYpyBI_Sb4K4Bufo4O5zguPLHumDhveoQaS499C1XUDk-_1a8iEozPA6C8PlBadY-U8Zy6sFCC2fRl7vP5UpnhfGAZDbSD8oN3DFwYWn4FmcmeIGci5FvtMWBWMFlIWxETdVqlWidNXSgLlrcD2FXt_DzCVd_E5liD_j0lH6NFfD6pgwfbMASfCK7DRsYMA17C2CgJ-muw8MmQTNGfCgLSqldkJiQYU0p6yrXEv6RjPg_u5uGimQXtNbXsweKWFhfYlfPvbljOvpknap0nI3qtydiTmFjm1mAuJCimM5Be1EC_JUtLgpDCcMywTNF6Xvnn80zqaSWoM1GAENV43I9x00ubvh9cpX7TdpzSWxaBr6awBoKqcgODyKHfc1-KPs-jp2OMbl717wut3k9_rDijP5aZ9iPNk666iDICU4XOwMLizRYg8_u0U7siyZlEPvM2sBnpuRGBTh5C8Y5lrN8rSML-0363XVFEmvCysVa0BWcFAMqq4ek0wf8Y1gDsjVas7xeO2QgZxAN7meNo52HPvMoIGhFLMWSM59vEzTG_lxx-jtr3cfJPmH66GeoPSzucGKLosWvVFLbsivMQwXJkKI_RjgK10cbTu7w2T0cS7wQJON2th0hhvK-ru7nVjmehjGbHxQUQXTKWcMwHN3yoxd_FWZPECvBPtdxfadtw1l0zVvidER549RDKlOJogWr_0uAQ2XES29BxkosPbcFwXhsdKwktVRyEXQ5h5j9oQLdktZ1sQ-WOm8tG5yKUXQPbSs90dkrvWkS68CRM6GplgiU1WsC4jeO7j4f0_njUan6TO72XMGbISrUu1r7W7NHyKyJ1iGybRX3gyv7QlAKoiwqp-nY-mUY-B28wleWk0Pwa7XCAO_d5JnAJ8-qm4vd7RPbCUZDK2QgkOtjSOngHNbPAo_jcS9TsDiSNcvIKdg4rIfgOZdbnchB8sphwVcBjV1Vi0FvUzYzdYrh1e7kHs3HK21N-quodG02PIvk0uiBO4RstsMcBYne9T_UDoDPljWJVbaxaYHu0y32GvsW3YxwdYeea03janggDoa9Z8bOXdvB3cCDQrOkzFt3nxZiIC8ZTb5TSsO5qlob2aahOgHdD9IC1CuBL_aOt36Wzd_bbrd6Kml8VUI_0HR3XIgI5enL26fzh_0uO_ZOx1R0KghjSastNhV8_k2xVdrab9kRpbbRxWFdGgxzV7LjX9cM5RVCf4t_TMta_uGDFlR5nz5yjC0AdDVLQkvERCjrhaOziUoA5VPgMlp8n7rOFpH14Qgm_D5I70XLPpwy1umE2BILJVe95mQFCKkdEpog9Omu86KSlp11DwilCdYea-z5bBT80YKEqnlHjc1fmyrlBcND43duVTSQ9p-9BZqUtFhHYKmmG9Naf53LvYz_uCPCbQPd8_Z0TBUDDu49LVdCBbuFLjAuhkEGNM0GdyktR1fl8gWt1r2jcTdpmDT0-YdHCcO5cbMNHDM8Nde0P-TotSuHMGsZuA1SmHqNMIegg-1nz6hU1HdKH4UHw3GBopcCK_0gv5h17X-zuyJerGrqKUqCmA&cid=CAQSLQCNIrLMnTfsMZU1z8TTJWeOjiyV0w6lw5hzfMHVqYxzRxOa3WaqOOEtYnHszxgB&rfl=1%2Chttps%253A%252F%252Fhd.yalla-shoot.io%253A2096%252F%240

Requested by

Host: hd.yalla-shoot.io
URL: https://hd.yalla-shoot.io:2096/m/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef413b0b80c03fc5034b6476bc093240df6fe35c78e3e7994148d6b6899a276d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 08:37:54 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10827
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8BE8 42 B
63 B 52ms
51ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Bj8peAyYa_b1DmTWZfQYxsO4ygdpbPuGGaSzo_wzngtaPHqHJF0D0GY830YOdNDEg9nhXN_ru5Ic4kntG9rzXIJKhR561l7mQ3BVBp97qBmJbRsbU

Requested by

Host: 0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com
URL: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 08:37:54 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adj Show response
bid.g.doubleclick.net/xbbe/creative/ Frame 8BE8 61 KB
22 KB 127ms
50ms Script
text/javascript 142.250.13.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNWlqY3B-qIBLiSAyYXyQ8-fHLeNzEmVQbtui6C02D2vZgKoC3U&d=CnkAoCZ_4Cr5jMZj24yfh3JqK_LDsCyqrkgtwX7n303ahUMM_a1IvLfl-x5PpuLbFLjFzYecNqablFvnyV5dZ6E0OiMAFgEy5XJZRcExm2RqdL4H5GNF1TVrf8OWB1ZlCW1Wcp7JF0aGVpKclSAqd4XkU9OXMbLLhAUWErkSAKAmf-CfHAmmgRU70QsvAPsHV_JjoVaK9yanqPKVev9GEdLGQYDHex5xW5ubZpfV5bCFMxpJqNsbQFSWmgL6ytTunI8GK46NsTXtbZ1WCq1PvigSQD6lpiZ_NI9ipjuB-sPoK_yLBfY7vbpmpcOKpwW8RrjqD3CPiHw6S0Zn_rwHjTd5FNHvr_fgPUyvGR_j054-7owqovrtuEYoKY3Fsn-2flsacGIYmF4w0GFF5YAKuEQL2ggChDUfU9K17V-b9zUXDAhsX352ICAFVy3eJOcT-gph6a7U52pmOQU3wvrhpy42t4J90Im2fV8HPzloGfjktmg_D3u9wYDZQcFnM0yXlu29ylmRr8ZRsOW-BpwIejn66Y-edw9zrf9LHEQp0GCxG06mN_ClhIO3uSb8Eo88EVpbNV360fITayjd25etpVryk-6MZ_CzI9NmxUJd83f1BWu_E-b3QDfwXKQqfA_XwzAbXEGUTiKIH-vpzwr2QY4MCRTCVD5Icjj8EdVxUerTnF8FR9ozESTaQw921WU8nEJI9jw3aaoxrPpXn7CvJep9bgyuqIxsAFVHtz7IKQrFUNasmpE7zH7IBaWw99eiObDCdbdSRaGzUtpWRsFSe3YWF7bFsmhyi7cXyRlKxCmUot0p1BBGkYOb5EdpkvBpSBMysulL6VPzBq2w0UKB6NO_aFiMc8LXA1YKhh3iAT695YSHYeIcz1HVXrXENqvyLxyID4nt3YEKZWQncHBGrmQDK-qNd2lW4S5jakDpwTqujlb-yBvWbhlRnhoBJIIoVV6AoLlfjN52C2DeUo7X30n18m9CVQSi_TH_KaQzhC56gci4R2y0BSOjMQh-8a6SJQ-yKWapPIlQ7qACPYvwH_HZ3AZBplRwZm_l_IVJkXbu59C7TMKPVS_kvszf7Bi9KySgvYYfHPDDCOFkuP-qNk3vgZgs1QBLXcVQSn26pbpB6nqpc0NLYRb30qxMM0x_hopVStqKLM5pJbD7sGyQ7ip-80ED0BvrD8eynuQq8ybxT_Cvc_9TP63PVgZ86Riic66OzboapspgfUDy4sH-IpnwGEU3Q-LLof1xCSf7e3AxUbaMz2Tut9aJIxSJcczII6RYCxUsh8loawSgT269ZTMpQWXki_1N9dhdJGdsbivVKA0fs5J_wVWdjhkFCBa95GgktX36fp9zfyhyZXBjStAPiBv5l3KDQEA6AtcPyRI0u9BADldGHPyG_BQjA83wiR5czYwJaUs4LB0qU9r5dbxnJYBOSHsEf3oBhn19BjPb0_sqKLwTy9Ljz2oO4DV3hl8lbQOpfXP5Kx8GCcNCczAzdlytqW2GGpL1nbErj9W1vvQ2dolcOJu0neWnCxBTdlw9pzZxZM9nS515IexlqCSEeRVJcHfVNC0F8WXPHmCuYjAYOxxPiF-3SMFjxqyliKbGcNZmwwE-QyF1rJji6kkIkUE6PXanB8rrxhuxyDQWRIis57uKUhCNUI0Yx_LzASEFXnZI9ng8qqLxZ2tH7NAk6izTm0EC9S7TNbmdQun-fE0qozSNYM8qWQGvomSulv-pFBLUYl-daascNxoDbGTb6o7_T_a2kiekEmpY0on6Qj_HXAHuEsUVAxx7YIE2-OueclG-gC6NMQxMy9vFRY4P3zF0s8QDIwliafDQ1iZcgZ8UqofXW_9-7Ry-hTe8cBtvG1oa4mKZ5usDsxcxjFQqEnUNbWLxrpIXClDam-HFHv84AyOgnOmDRyMhAn3p0yn6TiiqRKZpBtqyIonlVzieh7BfFWMTX_TFrOge3ruGBf-e97Y6ZcVTlVDPuotWNucJCw18GhHKdvNHeSAYJLPexLEZ2L37XOC8kLLYtZNTQd8L987lWqVe9LZMOMDQYGc3A6yAlqptNhhlBiOBzXiIOboceh_vuE9fVwRtWPA-zapKRbMVrSRVbFshcrQCGSVsSdFTVCmRF5zMOT7TNYLtGbiZ3C2CvE57191o4QcUUSTW8etjSeUdUbgCrIQyg2gqKWygG5mGpy_6S0pVzdk-oirepeykFtCBEXIU6cA9Ypo3D9bb8m-l88x8jgYKKiRw3rNHEcYksMhH1jBo0q-P18S0qoh9NWH8BOIJcNZ2Iictmfk1lgu5aERRHcbSqBmYuoLGWab72cmiBghqP9UOODQDyEtIIwf-pya59CqLtzNawfwzTggxq1ZgzsUaUANIMckbb6xWJDk6Yg1wetppOKLXNFnlJ7E9p5JfhJetKNbnBBRGrSxIKeNJtfmJReg0fuOsJ1y43MZ3W7MEBtCIJ5nBxr_0TU67zGEPKh7kgGgFh2AF2aA-YIr976H2FppjmOeew2hSVpi1jML_ohmK-PhkJKbxSiLuuMTuOnNMem82K_pbvDM3wxQ9bWI5b4nORXRtlOa2iAs6Jhkfgfg71w5xDSA3QuvghRLDx8OSUoJxg7EeeUy2kMJhRTe8Q7SzcFX4fdKENsiRXg3wTE43Lp6LXPFBKiBhHuP0XN9ES0YOVOrelCPtDK0h_hzDhKVNSDJZagiYTUNsBsEvGzosVGF-wiPY8glKvvLashzDE9SAetbHbMbJ1LvQExWA7ESVnLu58a1nkkQxMJXIwwo1rpVrt-ErvUjVqkL0y3XwriSZodPQf-Nwsx2yQRkoQ465J73EKIQf_oy8514YZL8IAuqKbHXWzs9intYITuDCIZ7NTImo2t1ipU9DVXc2JN4YEMBIbX-0vdcGA7g8AyPQbR7oSm8-26NE9K6eDD0j6Vu_kZlDzLiVJ0Uo-WNqIPjgFhHrAB2LpoAv9DVMLRpgWUyX3Mdh1aLfEtQ_MVfqLUAYKctpO1VMVzRfOntn25jU5QFVAqGUzu5aIb_pM25ibHTpP6X17tmxbXvhKr0TowIZnON1pABaiqWbXd3mWj7RM2UHtvSF-yViQEkisIXbxBtVYM08RBT0nOIGQfjCYE4YcGKjPWb-uVXt71VO-KzrU5XxmgmSUcLyyj3bENd_WZXQBeo3takUV28bZQB06WsBxIuH9cjv6yIifT1aDcMPNM9LpZpf-drptr_JrWYrrjOO9u1cKYPXwdwd0xD9SKZADuFYTJqxuVaQvRy9bxeuyG_HN-VIpYKatorrUpEmRbHWYcFp-UetGAF70NYtgZlAP5lBGjMIBBItAI0issydN-wxlTXPxNMlZ46OLJXTDqXDmHN8wdWpjHNHE5rdZqo44S1icezPGAFgAQ

Requested by

Host: 0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com
URL: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.13.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

we-in-f157.1e100.net

Software

cafe /

Resource Hash

bfff0d76c096d6482dbef005228c6b366df5cca84500a880de4de82c6a5d863b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 08:37:54 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21471
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ca Show response
choices.truste.com/ Frame 8BE8 27 KB
10 KB 67ms
18ms Script
text/javascript 143.204.215.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://choices.truste.com/ca?pid=digitas01&aid=hpeus01&js=pmw0&cid=1&c=digitas01cont2&w=300&h=250
Requested by: Host: 0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com
URL: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-43.fra53.r.cloudfront.net
Software: nginx /
Resource Hash: 0f749df8033979c430311f2eb745fd1ad8ef79314bad093400285beece4db223

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 03 Apr 2022 09:00:52 GMT
content-encoding: gzip
server: nginx
age: 85022
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
via: 1.1 85dc19f43b2a0bd8840fdf8baf07d762.cloudfront.net (CloudFront)
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-amz-cf-pop: FRA53-C1
x-amz-cf-id: jQE6tcpTfk8EpOgSZjmn2XSYC3pi3hzxh4ELyZjnPInbeHlsx0bcAQ==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/ Frame 8BE8 2 KB
1 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/window_focus_fy2019.js

Requested by

Host: 0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com
URL: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 08:27:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 621
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 08:27:33 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8BE8 119 KB
37 KB 75ms
32ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com
URL: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d593fdf64289375adaa96b87ebf4c4beec2995d730e3601254e0a226808bfe57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 08:37:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36916
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648640521462251"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 04 Apr 2022 08:37:54 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/ Frame 8BE8 15 KB
6 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com
URL: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 08:34:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 208
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6407
x-xss-protection: 0
server: cafe
etag: 6055885685211612390
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 08:34:26 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 8BE8 0
0 53ms
26ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSJCi_IiHJxTAlu_E0qmknlZvbACngpxk-fhkQAf9K1w_uDh5dBrNPx6abBh0wpKSObxWN0
Requested by: Host: 0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com
URL: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame B66B 0
9 B 17ms
17ms Image
text/plain 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?u7O39Q
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 08:37:54 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 576D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI5rYuu-w0KdFCyblfE19EE&google_cver=1

43 B
1014 B

37ms
35ms

Image
image/gif

23.35.236.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI5rYuu-w0KdFCyblfE19EE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJW2SxDHxKr-AhiF_ui7ATAB&v=APEucNXmPwCn-K7YSOA4QRe9Ou_Kg5rT13vtpvmQFwQKaBf6il42YbJ1ces7-cklw3ca-OL5tm2kBvoseF7e5osMUMXgNngzAfsEv3tIe1L_Da1PygoygR7eQPjnCaoFN2V6fRlffTOO-kKfzZLndFuVMGp58mfLnIHsx_9E24j0Fb4RVjVz8S0
Protocol: HTTP/1.1
Server: 23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-247.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 08:37:55 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 04 Apr 2022 08:37:55 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Apr 2022 08:37:54 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEI5rYuu-w0KdFCyblfE19EE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 576D
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YkquYlkROSj0Qjhj-vyw5AAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC_SrxP2NwSw2uCuzswAj9s&google_cver=1

43 B
894 B

27ms
27ms

Image
image/gif

23.35.236.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC_SrxP2NwSw2uCuzswAj9s&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJW2SxDHxKr-AhiF_ui7ATAB&v=APEucNXmPwCn-K7YSOA4QRe9Ou_Kg5rT13vtpvmQFwQKaBf6il42YbJ1ces7-cklw3ca-OL5tm2kBvoseF7e5osMUMXgNngzAfsEv3tIe1L_Da1PygoygR7eQPjnCaoFN2V6fRlffTOO-kKfzZLndFuVMGp58mfLnIHsx_9E24j0Fb4RVjVz8S0
Protocol: HTTP/1.1
Server: 23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-247.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 08:37:55 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 04 Apr 2022 08:37:55 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Apr 2022 08:37:55 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEC_SrxP2NwSw2uCuzswAj9s&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 576D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEMLyZ7NcOSFBNBip_zxGZCY&google_cver=1

43 B
1020 B

51ms
18ms

Image
image/gif

37.252.172.45
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEMLyZ7NcOSFBNBip_zxGZCY&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJW2SxDHxKr-AhiF_ui7ATAB&v=APEucNXmPwCn-K7YSOA4QRe9Ou_Kg5rT13vtpvmQFwQKaBf6il42YbJ1ces7-cklw3ca-OL5tm2kBvoseF7e5osMUMXgNngzAfsEv3tIe1L_Da1PygoygR7eQPjnCaoFN2V6fRlffTOO-kKfzZLndFuVMGp58mfLnIHsx_9E24j0Fb4RVjVz8S0

Protocol

HTTP/1.1

Server

37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 08:37:55 GMT
X-Proxy-Origin: 217.114.215.132; 217.114.215.132; 693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 1f74556b-22d3-4f79-8a0d-2725fa75ed1c
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Apr 2022 08:37:54 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEMLyZ7NcOSFBNBip_zxGZCY&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 576D
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzczMjQ1NTkyMDMxNTMzOTgzMQ%3D%3D

170 B
188 B

55ms
28ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzczMjQ1NTkyMDMxNTMzOTgzMQ%3D%3D

Requested by

Protocol

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 08:37:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 04 Apr 2022 08:37:55 GMT
X-Proxy-Origin: 217.114.215.132; 217.114.215.132; 693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 754696c6-e53b-4a5a-918b-a54e2305104e
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzczMjQ1NTkyMDMxNTMzOTgzMQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 8BE8 41 KB
15 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CsK0wPqjbo7O2s8KfxbM8KmTuPhHsuP1rdmp7324v8_-0WNwLZOUjk1mlimmdSOplTZ-ysW0t9X0eHVqHijuxq4UVP5qOGgI1dq93vmqiek4lPJ0YQZLbqOb7_tpyBAhQVWa0PJugtn798xTmm79JEMDCREg&dbm_d=AKAmf-D0A4ZqjlpUaepg293Ph_Qf3RS0ImxQR6rQakinW8GdsauF40iYXQa90b88R_493mUphFifoWNPZ6s_9nNxU_lbj-AnnZmxSk4SBie6yKITFrFEmhn_1VY3bXFr_pYEBq8V2vtquWlDPuPfQnpgzlhJgna1DQxkBkpQk2D5AqDUe-5iOwE6FQ7C4oDtvsgRxrPDsdRghGAq1GCX2lYzDabSH7_yA6QogzV6ygeakiDlT3qumcI3zJwnPcB5Uw_QbRUqR_nI3T4ind-0dajpln6vGrHmWX59k-0d9sHd87XM3PGMW1yjdWKgB166Q-Y3llHV6d7kCZ4a67Hst1jBK9EH4sBJlwXVNhVY74LmIhH2gBeq1iivlTaKczEwhSSoCua0xmXNeacsTJTvUl1n2q1ivm78xfw7yvnJn8IZgWeg3V7neyvjw9921buOQkGX2nM_wmwSmev4grfcTJjmpkGk7F6gZUI5ruQZyL6MhxDA7ZJAiH_Lx-OlnNezk8YyNco35VbbZMMGkZyhoMKd0fNDErHWdlp1LSUaDbkT_GYgukRRgs1ixL87AMYKzKNGWvUkHUuhqb3YgZw4nkgeL4YTNPCN6B06-MJMt5vpcv2Pk4qYDmZQoFw_PeFfgMNlRoIXoabjlpbqQTU0Rf1ifMNmHz7eMrclEWL4M0bu9GJNH2SFq1qrHS4e-JsRuUgoI0dRkZBzVuuaoYKTXcgiyHIwvWTEUClCdnqmjAjDMnqvO1BcPN4vsscgHLHe9T5sjO9PMiCN-m3LrkMeyI9d9kvdTBssTMa_Wz13XCKUTSpc_SXMQWbNjA5Jv2YBbTHae_Uux-lQOdAFPp3ZVFrTA6817FpsPHn17S8bzWJ0OE5ZzPTseaiaSpdj2Z1zZ75ZyTfGFOVVau5xXy5jg2DwV2tVeYn1fAZ35JApZGsJzshqtqRMpic93I6uDKJz5ytgyyNQpmyFNaiaAkXnau7xkge8dFExTVypNCxiDazXyoEP_yMPUMgUuZsdcQpLiu0NF1w5yULRSQFBpVir9o7rJ1eLIAxPLRPXazc1u7VfJL7jjYvP5wgnU8mjm3LojNPEwrM7wyrnXteUOXqY1VqOABgY_5ncK8UUO2kq70EhHfU1sZnIelaIs_UqWCavwBRJzvnaYpyBI_Sb4K4Bufo4O5zguPLHumDhveoQaS499C1XUDk-_1a8iEozPA6C8PlBadY-U8Zy6sFCC2fRl7vP5UpnhfGAZDbSD8oN3DFwYWn4FmcmeIGci5FvtMWBWMFlIWxETdVqlWidNXSgLlrcD2FXt_DzCVd_E5liD_j0lH6NFfD6pgwfbMASfCK7DRsYMA17C2CgJ-muw8MmQTNGfCgLSqldkJiQYU0p6yrXEv6RjPg_u5uGimQXtNbXsweKWFhfYlfPvbljOvpknap0nI3qtydiTmFjm1mAuJCimM5Be1EC_JUtLgpDCcMywTNF6Xvnn80zqaSWoM1GAENV43I9x00ubvh9cpX7TdpzSWxaBr6awBoKqcgODyKHfc1-KPs-jp2OMbl717wut3k9_rDijP5aZ9iPNk666iDICU4XOwMLizRYg8_u0U7siyZlEPvM2sBnpuRGBTh5C8Y5lrN8rSML-0363XVFEmvCysVa0BWcFAMqq4ek0wf8Y1gDsjVas7xeO2QgZxAN7meNo52HPvMoIGhFLMWSM59vEzTG_lxx-jtr3cfJPmH66GeoPSzucGKLosWvVFLbsivMQwXJkKI_RjgK10cbTu7w2T0cS7wQJON2th0hhvK-ru7nVjmehjGbHxQUQXTKWcMwHN3yoxd_FWZPECvBPtdxfadtw1l0zVvidER549RDKlOJogWr_0uAQ2XES29BxkosPbcFwXhsdKwktVRyEXQ5h5j9oQLdktZ1sQ-WOm8tG5yKUXQPbSs90dkrvWkS68CRM6GplgiU1WsC4jeO7j4f0_njUan6TO72XMGbISrUu1r7W7NHyKyJ1iGybRX3gyv7QlAKoiwqp-nY-mUY-B28wleWk0Pwa7XCAO_d5JnAJ8-qm4vd7RPbCUZDK2QgkOtjSOngHNbPAo_jcS9TsDiSNcvIKdg4rIfgOZdbnchB8sphwVcBjV1Vi0FvUzYzdYrh1e7kHs3HK21N-quodG02PIvk0uiBO4RstsMcBYne9T_UDoDPljWJVbaxaYHu0y32GvsW3YxwdYeea03janggDoa9Z8bOXdvB3cCDQrOkzFt3nxZiIC8ZTb5TSsO5qlob2aahOgHdD9IC1CuBL_aOt36Wzd_bbrd6Kml8VUI_0HR3XIgI5enL26fzh_0uO_ZOx1R0KghjSastNhV8_k2xVdrab9kRpbbRxWFdGgxzV7LjX9cM5RVCf4t_TMta_uGDFlR5nz5yjC0AdDVLQkvERCjrhaOziUoA5VPgMlp8n7rOFpH14Qgm_D5I70XLPpwy1umE2BILJVe95mQFCKkdEpog9Omu86KSlp11DwilCdYea-z5bBT80YKEqnlHjc1fmyrlBcND43duVTSQ9p-9BZqUtFhHYKmmG9Naf53LvYz_uCPCbQPd8_Z0TBUDDu49LVdCBbuFLjAuhkEGNM0GdyktR1fl8gWt1r2jcTdpmDT0-YdHCcO5cbMNHDM8Nde0P-TotSuHMGsZuA1SmHqNMIegg-1nz6hU1HdKH4UHw3GBopcCK_0gv5h17X-zuyJerGrqKUqCmA&cid=CAQSLQCNIrLMnTfsMZU1z8TTJWeOjiyV0w6lw5hzfMHVqYxzRxOa3WaqOOEtYnHszxgB&rfl=1%2Chttps%253A%252F%252Fhd.yalla-shoot.io%253A2096%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 13:41:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 413811
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 30 Mar 2023 13:41:03 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 9EFE 22 KB
8 KB 18ms
17ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 10393
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 05:44:41 GMT
expires: Tue, 04 Apr 2023 05:44:41 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 express_html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame 8BE8 106 KB
38 KB 65ms
18ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Requested by

Host: hd.yalla-shoot.io
URL: https://hd.yalla-shoot.io:2096/m/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/
Origin: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Sun, 03 Apr 2022 14:41:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 64572
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37892
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 04 Apr 2022 14:41:43 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220330/r20110914/elements/html/ Frame 8BE8 8 KB
3 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220330/r20110914/elements/html/omrhp.js

Requested by

Host: bid.g.doubleclick.net
URL: https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNWlqY3B-qIBLiSAyYXyQ8-fHLeNzEmVQbtui6C02D2vZgKoC3U&d=CnkAoCZ_4Cr5jMZj24yfh3JqK_LDsCyqrkgtwX7n303ahUMM_a1IvLfl-x5PpuLbFLjFzYecNqablFvnyV5dZ6E0OiMAFgEy5XJZRcExm2RqdL4H5GNF1TVrf8OWB1ZlCW1Wcp7JF0aGVpKclSAqd4XkU9OXMbLLhAUWErkSAKAmf-CfHAmmgRU70QsvAPsHV_JjoVaK9yanqPKVev9GEdLGQYDHex5xW5ubZpfV5bCFMxpJqNsbQFSWmgL6ytTunI8GK46NsTXtbZ1WCq1PvigSQD6lpiZ_NI9ipjuB-sPoK_yLBfY7vbpmpcOKpwW8RrjqD3CPiHw6S0Zn_rwHjTd5FNHvr_fgPUyvGR_j054-7owqovrtuEYoKY3Fsn-2flsacGIYmF4w0GFF5YAKuEQL2ggChDUfU9K17V-b9zUXDAhsX352ICAFVy3eJOcT-gph6a7U52pmOQU3wvrhpy42t4J90Im2fV8HPzloGfjktmg_D3u9wYDZQcFnM0yXlu29ylmRr8ZRsOW-BpwIejn66Y-edw9zrf9LHEQp0GCxG06mN_ClhIO3uSb8Eo88EVpbNV360fITayjd25etpVryk-6MZ_CzI9NmxUJd83f1BWu_E-b3QDfwXKQqfA_XwzAbXEGUTiKIH-vpzwr2QY4MCRTCVD5Icjj8EdVxUerTnF8FR9ozESTaQw921WU8nEJI9jw3aaoxrPpXn7CvJep9bgyuqIxsAFVHtz7IKQrFUNasmpE7zH7IBaWw99eiObDCdbdSRaGzUtpWRsFSe3YWF7bFsmhyi7cXyRlKxCmUot0p1BBGkYOb5EdpkvBpSBMysulL6VPzBq2w0UKB6NO_aFiMc8LXA1YKhh3iAT695YSHYeIcz1HVXrXENqvyLxyID4nt3YEKZWQncHBGrmQDK-qNd2lW4S5jakDpwTqujlb-yBvWbhlRnhoBJIIoVV6AoLlfjN52C2DeUo7X30n18m9CVQSi_TH_KaQzhC56gci4R2y0BSOjMQh-8a6SJQ-yKWapPIlQ7qACPYvwH_HZ3AZBplRwZm_l_IVJkXbu59C7TMKPVS_kvszf7Bi9KySgvYYfHPDDCOFkuP-qNk3vgZgs1QBLXcVQSn26pbpB6nqpc0NLYRb30qxMM0x_hopVStqKLM5pJbD7sGyQ7ip-80ED0BvrD8eynuQq8ybxT_Cvc_9TP63PVgZ86Riic66OzboapspgfUDy4sH-IpnwGEU3Q-LLof1xCSf7e3AxUbaMz2Tut9aJIxSJcczII6RYCxUsh8loawSgT269ZTMpQWXki_1N9dhdJGdsbivVKA0fs5J_wVWdjhkFCBa95GgktX36fp9zfyhyZXBjStAPiBv5l3KDQEA6AtcPyRI0u9BADldGHPyG_BQjA83wiR5czYwJaUs4LB0qU9r5dbxnJYBOSHsEf3oBhn19BjPb0_sqKLwTy9Ljz2oO4DV3hl8lbQOpfXP5Kx8GCcNCczAzdlytqW2GGpL1nbErj9W1vvQ2dolcOJu0neWnCxBTdlw9pzZxZM9nS515IexlqCSEeRVJcHfVNC0F8WXPHmCuYjAYOxxPiF-3SMFjxqyliKbGcNZmwwE-QyF1rJji6kkIkUE6PXanB8rrxhuxyDQWRIis57uKUhCNUI0Yx_LzASEFXnZI9ng8qqLxZ2tH7NAk6izTm0EC9S7TNbmdQun-fE0qozSNYM8qWQGvomSulv-pFBLUYl-daascNxoDbGTb6o7_T_a2kiekEmpY0on6Qj_HXAHuEsUVAxx7YIE2-OueclG-gC6NMQxMy9vFRY4P3zF0s8QDIwliafDQ1iZcgZ8UqofXW_9-7Ry-hTe8cBtvG1oa4mKZ5usDsxcxjFQqEnUNbWLxrpIXClDam-HFHv84AyOgnOmDRyMhAn3p0yn6TiiqRKZpBtqyIonlVzieh7BfFWMTX_TFrOge3ruGBf-e97Y6ZcVTlVDPuotWNucJCw18GhHKdvNHeSAYJLPexLEZ2L37XOC8kLLYtZNTQd8L987lWqVe9LZMOMDQYGc3A6yAlqptNhhlBiOBzXiIOboceh_vuE9fVwRtWPA-zapKRbMVrSRVbFshcrQCGSVsSdFTVCmRF5zMOT7TNYLtGbiZ3C2CvE57191o4QcUUSTW8etjSeUdUbgCrIQyg2gqKWygG5mGpy_6S0pVzdk-oirepeykFtCBEXIU6cA9Ypo3D9bb8m-l88x8jgYKKiRw3rNHEcYksMhH1jBo0q-P18S0qoh9NWH8BOIJcNZ2Iictmfk1lgu5aERRHcbSqBmYuoLGWab72cmiBghqP9UOODQDyEtIIwf-pya59CqLtzNawfwzTggxq1ZgzsUaUANIMckbb6xWJDk6Yg1wetppOKLXNFnlJ7E9p5JfhJetKNbnBBRGrSxIKeNJtfmJReg0fuOsJ1y43MZ3W7MEBtCIJ5nBxr_0TU67zGEPKh7kgGgFh2AF2aA-YIr976H2FppjmOeew2hSVpi1jML_ohmK-PhkJKbxSiLuuMTuOnNMem82K_pbvDM3wxQ9bWI5b4nORXRtlOa2iAs6Jhkfgfg71w5xDSA3QuvghRLDx8OSUoJxg7EeeUy2kMJhRTe8Q7SzcFX4fdKENsiRXg3wTE43Lp6LXPFBKiBhHuP0XN9ES0YOVOrelCPtDK0h_hzDhKVNSDJZagiYTUNsBsEvGzosVGF-wiPY8glKvvLashzDE9SAetbHbMbJ1LvQExWA7ESVnLu58a1nkkQxMJXIwwo1rpVrt-ErvUjVqkL0y3XwriSZodPQf-Nwsx2yQRkoQ465J73EKIQf_oy8514YZL8IAuqKbHXWzs9intYITuDCIZ7NTImo2t1ipU9DVXc2JN4YEMBIbX-0vdcGA7g8AyPQbR7oSm8-26NE9K6eDD0j6Vu_kZlDzLiVJ0Uo-WNqIPjgFhHrAB2LpoAv9DVMLRpgWUyX3Mdh1aLfEtQ_MVfqLUAYKctpO1VMVzRfOntn25jU5QFVAqGUzu5aIb_pM25ibHTpP6X17tmxbXvhKr0TowIZnON1pABaiqWbXd3mWj7RM2UHtvSF-yViQEkisIXbxBtVYM08RBT0nOIGQfjCYE4YcGKjPWb-uVXt71VO-KzrU5XxmgmSUcLyyj3bENd_WZXQBeo3takUV28bZQB06WsBxIuH9cjv6yIifT1aDcMPNM9LpZpf-drptr_JrWYrrjOO9u1cKYPXwdwd0xD9SKZADuFYTJqxuVaQvRy9bxeuyG_HN-VIpYKatorrUpEmRbHWYcFp-UetGAF70NYtgZlAP5lBGjMIBBItAI0issydN-wxlTXPxNMlZ46OLJXTDqXDmHN8wdWpjHNHE5rdZqo44S1icezPGAFgAQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 08:36:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 110
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 08:36:04 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220330/r20110914/ Frame 8BE8 25 KB
9 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220330/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4a18b0faf6a447454e134730303202f8416b72f1d4f744b1d3b4646636240eb7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 08:37:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9657
x-xss-protection: 0
server: cafe
etag: 16576748017229546422
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 08:37:25 GMT

GET
H3 200 V_I9kkE0weacsZYJ7hXHsf1U2l7Bs5zHQi7wjQJaUfA.js Show response
pagead2.googlesyndication.com/bg/ Frame 9EFE 35 KB
13 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/V_I9kkE0weacsZYJ7hXHsf1U2l7Bs5zHQi7wjQJaUfA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

57f23d924134c1e69cb19609ee15c7b1fd54da5ec1b39cc7422ef08d025a51f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 08:30:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 470
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13731
x-xss-protection: 0
last-modified: Mon, 28 Mar 2022 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 04 Apr 2023 08:30:05 GMT

GET
DATA 200
OK truncated
/ Frame 8BE8 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3bb5a8d6326cad30f3659d4d268e312dbd907c83733062c64e1fb5e31189251e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/11855457808776525415/ Frame 8B55 13 KB
4 KB 49ms
20ms Document
text/html 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/11855457808776525415/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3344d8e01236838797e394eb8fc67aee0a04981208db43b303c6029260b960aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 445051
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 3727
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Wed, 30 Mar 2022 05:00:24 GMT
expires: Thu, 30 Mar 2023 05:00:24 GMT
last-modified: Tue, 30 Nov 2021 18:20:03 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 8BE8 0
575 B 98ms
53ms Ping
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuVYXNb4OizrLWhh8waSjK80piNCdBSyYY6Jas6oztCEAgHP75DPhyWalu3rHMIrAbaW1Dv3Gb2LHCkn27TCUWJg2kcDLx47KuqPycsmYhiV3PWHMB5khSjbDXSc9cvu85Hh4Z6&sai=AMfl-YTSWIA-YC4rwWqIuTfwd7wosONZBWjQwcRTHyzgcAOz4nz8NMUUeNwpt9FpWTMigdWYW-1hT8D0L2KIm8Vr4n2jpirdLByE0wA7dTvlathXTJc5EfqXnvIOjWg&sig=Cg0ArKJSzOohb9ABCj7FEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=105&cbvp=1&cstd=103&cisv=r20220330.60962&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: hd.yalla-shoot.io
URL: https://hd.yalla-shoot.io:2096/m/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 08:37:55 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 5F94 0
0 52ms
52ms Fetch
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuYKnGW6lTin_NGK5QBs_LS5KOIreC2Oz7ghYM2zAwLqbLD7AhkeoxW35idkhFyBKpERe3JMoavDO_82KhOCMNGIBvP4VTR5mFubh31l1_byddpZg1Ire0K-QLsEyNGFCwAmur8P11CHiRgsf9qnh7Fn2pTxbajWNQzMquKU4T3emi3lDdXeLSypOpqqMBTzn1QdAYAH2kNlhvNgTYdFStLcCQTFwnsNYpYwHmwEnygr6XE2R7LuoSuqV9qjHp1KWY76Mj2Wu729DCdg0aXkdTUGOPVbFBWUIFXIUQvKSpXHBhsjshOkuSxsm1_01VEYT0&sai=AMfl-YQxdVqAO8XIDUuftnU4TJY1ZUk_46cdopcCbGRcSmKOLx9sPUmRVCJuuAlIjKyg2TxWkerc9Pm8tsbyrX-s-5kaGlJrPwaD_shb0K6yaGab5r8_Jl3Bw3WehemuLKQ&sig=Cg0ArKJSzGv-mKdvZ9ROEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: hd.yalla-shoot.io
URL: https://hd.yalla-shoot.io:2096/m/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hd.yalla-shoot.io:2096/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 08:37:55 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1 200
OK prebid.js Show response
acdn.adnxs.com/prebid/not-for-prod/ Frame 5F94 2 MB
652 KB 64ms
16ms Script
application/javascript 151.101.1.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/prebid/not-for-prod/prebid.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032907.js?cb=31066036
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.1.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 5cf86ea3904f96ce75441057cc58106eedc9f049d34e2a7ed5023a87d916ec6a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hd.yalla-shoot.io:2096/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 04 Apr 2022 08:37:55 GMT
Content-Encoding: gzip
Fastly-Original-Body-Size: 666704
Age: 67075
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 666704
X-Served-By: cache-lga21942-LGA, cache-hhn4020-HHN
Access-Control-Allow-Origin: *
Last-Modified: Thu, 10 Feb 2022 18:43:39 GMT
Server: nginx/1.18.0 (Ubuntu)
X-Timer: S1649061475.213437,VS0,VE0
ETag: W/"62055cdb-23771c"
Vary: Accept-Encoding
Content-Type: application/javascript
Via: 1.1 varnish, 1.1 varnish
Expires: Sat, 02 Apr 2022 13:59:57 GMT
Cache-Control: max-age=86402
Accept-Ranges: bytes
X-Cache-Hits: 2, 3

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5F94 119 KB
36 KB 62ms
35ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032907.js?cb=31066036

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d593fdf64289375adaa96b87ebf4c4beec2995d730e3601254e0a226808bfe57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hd.yalla-shoot.io:2096/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 08:37:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36916
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648640521462251"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 04 Apr 2022 08:37:55 GMT

GET
H3 200 d7f1c17162b23a1997e2a6527b94d5e7.js Show response
s0.2mdn.net/sadbundle/11855457808776525415/ Frame 8B55 65 KB
17 KB 20ms
19ms Script
application/x-javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/11855457808776525415/d7f1c17162b23a1997e2a6527b94d5e7.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11855457808776525415/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89fcc0375149a3f29180c96159cca98bffe1e6bbb2ba93727628c90ccaa91db5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11855457808776525415/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 05:00:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 445051
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17295
x-xss-protection: 0
last-modified: Tue, 30 Nov 2021 18:20:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Mar 2023 05:00:24 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9EFE 0
20 B 54ms
54ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BoG_nYq5KYuTcN9r43wOMq4GYCwAAAAA4AeAEAg&bg=!DQ6lDkrNAAZku-1yRLs7ACkAdvg8WoU_fvFWMFv8aZDu7KFp63meVUG3Q-l7s9JfjprlhVbHFYxZlAIAAACFUgAAAAJoAQeZAzH3Xx1HQzwbKD9izUuK8JlzmJzDxrSgniOtt4FE5Gh06z9xCFB8f6WfFKbBcHIMNMJ1AgsiwQ1aTc8IAesuFuG8KH6TibzmiJmWIhnmDc5JPDK1JGuhDBLFZdZhA7Aqo2m2cWwYW4UKlJw5zMt1ElW3AndqNmZE9aFZB4xNZ_loxbazIsgquFVlamIiQQkN7wt2Jh5HWYj2JVnfThQ03gDif5VVv3VMvEuL66KR6tCpmKILDVdAH14YCcDfSfd4KAySCQb3rS0f9fGGHJKN-ssQHB4cE46umoYuF4gmXqYXLOZtloPyfZVuTPbj2Q562q3dOLKIAvzKLprkWCzsj2NrQ3s5xzfUhBCwKSnxTVchgZUe78UY65VGZACwBiR1l3ksgB5Un4Wey1opmWvLe_DcV7P0x3-yCx2cXRBgiPz1au83oxkUnzJ8S_QHvY2TnrZNASmC4h6l7rJncfOqw8lVI59K4OVsvVgcv60ioAxb9nkaYfkIRbZA5s3_yWSINokVFKAYW41z5frQXyZ9ei7TNqfIpomLj4UB7lC0UM3tfnWQ5ibzbvrDlDZoRsMjfachh-Nf-rbArM9rH9QFSzgsVCQzn1rLz2PeP2Mej7DpYGjl_DHGOulES0KuxWi48yJb7Vw4a1MCYuaoUoHrcDrmsHGIak9uJwlhHiZ_NSvSkIqEDFQOhVmAZtleuNI5YF_aaWV7o6zbTpngE0LCrbaEYSLn1Ylxu1REICYygRRZnAVTWdeg_1OV2mah-8SL7ihSaTYnPLdLxYZxaPftYH9hGtDUdZteHEG-52nazYYQKwlLEonrZuqS-5rEjxvZs_aHGRq5wR9kGdS-v9HbroL7-TiofXmpodS1nYqkW6bmqO_wux41ljs5gl4_UNIfFThHQWGChxL0OLzUc-N0QXjvnS2dxY5jj0Zhnawggp5SPt03CfeWHzk5y4lxz11-w2BGgCN5hZwUO2Yhq8212LUS2OY7HyYz6l13lgAwoXSlrBSCNKtNYd5qheBBoAQwR3YWJ02YXw-HrCfgrgiLdi9BuyKV5FOQRT1qyNNOgmBrJI2mHDS_z41NW0logk-1dlFW

Requested by

Host: 0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com
URL: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 08:37:55 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 e9439cabfef2fd5382d639fb72ad7f07.png
s0.2mdn.net/sadbundle/11855457808776525415/media/ Frame 8B55 33 KB
33 KB 23ms
22ms Image
image/png 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11855457808776525415/media/e9439cabfef2fd5382d639fb72ad7f07.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11855457808776525415/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d04e265f592f9dd22e534707569ea81b46e9ebac59f22869f25b522b9b341f51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11855457808776525415/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 05:00:24 GMT
x-content-type-options: nosniff
age: 445051
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33754
x-xss-protection: 0
last-modified: Tue, 30 Nov 2021 18:20:03 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Mar 2023 05:00:24 GMT

GET
H3 200 020c18acbfb89981b85c8d7af8a26899.svg
s0.2mdn.net/sadbundle/11855457808776525415/media/ Frame 8B55 3 KB
859 B 19ms
19ms Image
image/svg+xml 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11855457808776525415/media/020c18acbfb89981b85c8d7af8a26899.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11855457808776525415/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

78ade184ea09ec2b6fa1fbbe503999ad6d796c3257167f63fbf5975b2317284e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11855457808776525415/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 05:00:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 445051
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 830
x-xss-protection: 0
last-modified: Tue, 30 Nov 2021 18:20:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Mar 2023 05:00:24 GMT

GET
H3 200 485947788e69126eba2048e7c2e8b050.svg
s0.2mdn.net/sadbundle/11855457808776525415/media/ Frame 8B55 7 KB
2 KB 21ms
20ms Image
image/svg+xml 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11855457808776525415/media/485947788e69126eba2048e7c2e8b050.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11855457808776525415/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f84fe760c5f41a718116f581828a4118a07c55386683602ff8778a777bdc939c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11855457808776525415/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 05:00:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 445051
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1698
x-xss-protection: 0
last-modified: Tue, 30 Nov 2021 18:20:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Mar 2023 05:00:24 GMT

GET
H3 200 93e1148d6c00774a0115f589566781c8.svg
s0.2mdn.net/sadbundle/11855457808776525415/media/ Frame 8B55 855 B
491 B 30ms
30ms Image
image/svg+xml 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11855457808776525415/media/93e1148d6c00774a0115f589566781c8.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11855457808776525415/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

479a8c676416b8e3bd723fcad11174a82b0f1d985317e65663a286b0365d6cf9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11855457808776525415/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 05:00:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 445051
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 462
x-xss-protection: 0
last-modified: Tue, 30 Nov 2021 18:20:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Mar 2023 05:00:24 GMT

GET
H3 200 3986f8998b9de996c13efdbf72a05970.svg
s0.2mdn.net/sadbundle/11855457808776525415/media/ Frame 8B55 7 KB
3 KB 31ms
30ms Image
image/svg+xml 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11855457808776525415/media/3986f8998b9de996c13efdbf72a05970.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11855457808776525415/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0007d23baa268a1cd61074407a65f5d2850f4f78a77d0cf141a0c0fdf8fc403f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11855457808776525415/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Wed, 30 Mar 2022 05:00:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 445051
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3072
x-xss-protection: 0
last-modified: Tue, 30 Nov 2021 18:20:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 30 Mar 2023 05:00:24 GMT

GET
DATA 200
OK truncated
/ Frame 5F94 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 76366170a2516debf896555ad7b9fe7eb41a17736bd57a9a3f65e220641a5bd1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 8BE8 0
26 B 80ms
54ms Ping
image/gif 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuVYXNb4OizrLWhh8waSjK80piNCdBSyYY6Jas6oztCEAgHP75DPhyWalu3rHMIrAbaW1Dv3Gb2LHCkn27TCUWJg2kcDLx47KuqPycsmYhiV3PWHMB5khSjbDXSc9cvu85Hh4Z6&sai=AMfl-YTSWIA-YC4rwWqIuTfwd7wosONZBWjQwcRTHyzgcAOz4nz8NMUUeNwpt9FpWTMigdWYW-1hT8D0L2KIm8Vr4n2jpirdLByE0wA7dTvlathXTJc5EfqXnvIOjWg&sig=Cg0ArKJSzOohb9ABCj7FEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=298&vt=11&dtpt=193&dett=3&cstd=103&cisv=r20220330.60962&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: hd.yalla-shoot.io
URL: https://hd.yalla-shoot.io:2096/m/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 08:37:55 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 wrapper.html Show response
wrappers.geoedge.be/ Frame 5F94 3 KB
3 KB 82ms
18ms XHR
text/html 2600:9000:2057:f600:2:d490:4d80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://wrappers.geoedge.be/wrapper.html
Requested by: Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/prebid/not-for-prod/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:f600:2:d490:4d80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8265c5aec9ae3882691303cec1b6993e75b12e8071fe6710826f7fc6b5cbccdb

Request headers

Referer: https://hd.yalla-shoot.io:2096/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 04 Apr 2022 03:06:38 GMT
via: 1.1 560d8d35213ac925f8d05c5730db1582.cloudfront.net (CloudFront)
last-modified: Mon, 12 Apr 2021 12:46:04 GMT
server: AmazonS3
age: 19878
etag: "4a6c546fe449447f2a620613c0655458"
access-control-allow-methods: GET
x-amz-version-id: gVDFxbxIIKkKTV40SMjG._OTMed_.wGK
access-control-allow-origin: *
x-cache: Hit from cloudfront
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
content-type: text/html
content-length: 3121
x-amz-cf-id: H8wXqR2PnwIiQTmUs3gTAbCspiwXuLvBR3uPPXjSjd0X3e9HT0nmFA==

GET
H2 200 freewheel-mapping.json Show response
cdn.jsdelivr.net/gh/prebid/category-mapping-file@1/ Frame 5F94 14 KB
2 KB 71ms
28ms XHR
application/json 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/category-mapping-file@1/freewheel-mapping.json

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/prebid/not-for-prod/prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60d0cdf0b18fc47a4d55b4a2aeccd0b2bcc71063ca21ec0eb538bea39833dda4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://hd.yalla-shoot.io:2096/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 04 Apr 2022 08:37:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 40539
x-jsd-version: 1.0.0
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19162-FRA, cache-hhn4083-HHN
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"36b6-ffkBzh2j6c/gCM5tBPQMcNXdZI8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
cf-ray: 6f68b98d58129a33-FRA

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame E493 0
0 53ms
52ms Fetch
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssr25WX8CT7TikKUJLRnBjvkpKyprOhun1W84dP3Redj9nItKxX7GnrBo9gcGrHoqv0D2kLNfDC6ieZYJ6vajXO7hLRR0w81eIUzIjBWwH1-t1LsGN60Ujm2jT8I5A6Wpnoh35BEw6hy9a9hg2P3UQYkd2bjfXAVun6ZhqdHtn8XY9r5LpxoXpaacAt-XTiNxwwZbadbH6jzkQiM7HGuz36_Cst-Tvec1QHSK74MBz7jJyT8YiSDILdjgIeSS_oowa6L88FULk8RAiPBdq5o5RMLp92McPSiZ3nz_c1kwiG5GOVcfaUNrGzDGqegpK2pHE&sai=AMfl-YRFQbj_ENzXx93z2mqNPZHZEukR2q8NAvffQyNxfmoT92Q3iXPeVV-DycEIl1jxhBYVFHO_uBcczOEWsQIniFzQl8r30d84PGZSNwtRnWH3aSMm07UiQMq9JYMrfk4&sig=Cg0ArKJSzMwN36M1nFSnEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: hd.yalla-shoot.io
URL: https://hd.yalla-shoot.io:2096/m/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hd.yalla-shoot.io:2096/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 08:37:55 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1 200
OK prebid.js Show response
acdn.adnxs.com/prebid/not-for-prod/ Frame E493 2 MB
652 KB 17ms
16ms Script
application/javascript 151.101.1.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/prebid/not-for-prod/prebid.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032907.js?cb=31066036
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.1.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 5cf86ea3904f96ce75441057cc58106eedc9f049d34e2a7ed5023a87d916ec6a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hd.yalla-shoot.io:2096/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Date: Mon, 04 Apr 2022 08:37:55 GMT
Content-Encoding: gzip
Fastly-Original-Body-Size: 666704
Age: 67075
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 666704
X-Served-By: cache-lga21942-LGA, cache-hhn4020-HHN
Access-Control-Allow-Origin: *
Last-Modified: Thu, 10 Feb 2022 18:43:39 GMT
Server: nginx/1.18.0 (Ubuntu)
X-Timer: S1649061475.414391,VS0,VE0
ETag: W/"62055cdb-23771c"
Vary: Accept-Encoding
Content-Type: application/javascript
Via: 1.1 varnish, 1.1 varnish
Expires: Sat, 02 Apr 2022 13:59:57 GMT
Cache-Control: max-age=86402
Accept-Ranges: bytes
X-Cache-Hits: 2, 4

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E493 119 KB
36 KB 43ms
43ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032907.js?cb=31066036

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d593fdf64289375adaa96b87ebf4c4beec2995d730e3601254e0a226808bfe57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hd.yalla-shoot.io:2096/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 08:37:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36916
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648640521462251"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 04 Apr 2022 08:37:55 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 5F94 0
0 55ms
54ms Fetch
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuk3yW91tMyHfKOqM8wBZHzrorO_Wl_G1savtDbbcTKUj7w_9H1J1V5eKvsMtdxW5ui0phc84OeAfTs-MNaWal_VRlsF1zHydAckQvDqLHlI051IXFUgqSdEiRYauQvyoS9xmu086Juqgr6lzc0PH1aRHvJX8CBpEFhzlIgwqZMfp-oFnyF-Q2O7WzcCmvR9ZhuMVPtq9CIS4tuCtFtqPjAySUG_pweR8qaedYX-wXd3motwu9zwCzr5yH2YibpPrW39GLHSr0qmpI9ext7UpOtRbxnr0tSuujLDmt3e--HheCkmSzSwzJKLNUChmwweERgWw&sai=AMfl-YSEyoFHrpVVqWu6Qb-2_PgdL3H-HwZDtm3bbBb6vSaTOa3hEZ86djJzglpNiIJyN1CPqTLK8muakNo5_xxe7Qm7tGtG7MdTQUU9GjL-KwcCC4NjgZNCu8uXtM5XCc0&sig=Cg0ArKJSzD22RcVe581YEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hd.yalla-shoot.io:2096/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 08:37:55 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 04 Apr 2022 08:37:55 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 74ms
73ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022032907&jk=2036252058317100&bg=!NTalNnLNAAZku-1yRLs7ACkAdvg8Wn4q6IS3sKEgBbZEsegHB8gT2oBKhia4iHwCEFplzBQgopgFyAIAAABXUgAAAAhoAQeZAtQfeFZ0R0vXBb4_O_fwhindnwCqKbtISRfMjc2RpXQrmFC1U-cFuuZIZWVZ0x-jp9lctdccslF98dmP4QaiqALV-h6JKrJPWs_P2gKa8bq5nQRFtStNbhi35_qzTV5ATXXL6_td9z5nZZGM2_rt1wZE8HRMCVx_YAHeGHdxxuFHm16Wno-JPjHwGRLdX_48YMMyASNtKACGJEkAlRw1CYpg7Tlo5JMtv_a6-PWD9wHNhZcqc9Fkvq0YIMxqBscCyUFfbKgsWFES-rbUp2_Ssnsubxjrdbg7Jj6sp3Fy8yBx9FjfhTmWoFfXjfp3Ao26DKdEbKE4Hh9ZhQbOIkZXdJTFNS6DA_P0epD3iiXLtyvuAINZIYzWJfcUeh3tjBLjOYt6w06G1_YGyknIiTLqUEd1aOP4qw58GTvqClhddNI06yXAZEeN928gtJ9rznZAbE9jT13u-HCnmeijo8sP7h4v5elDd3yCP6ZULIZ0Fj1Jb7vQPIQVhqKbZgcTExB3y_mxTQXdMGvvD8P8m0NCL_ElGPDNn1VqubQ3CCoNg2kjJ9zcIHk__ZiEYRoocVrVj7zcAguHq3Vf7okr7QRa6GCVaSnFwsbyJt7lqRkvnegzaN-5Zzc-naKdUfrVBq5QRPH4itPI62yZs1c60ibgW95JhkfBjsajB5wksydLi_R7RgBUBZcawH5NzZHSCsR4eG2CMnlM4cRkeI7mARDnnJ_cyJZUf9WW6cMqpv2cw-OypHhCWF2Umf9_gmZbRu1yxGp-4WOEzYUkGwU0ZiTb6EVqb3FKH1d8QIdK1-_DbDmpSgz1HsmF_Toh7Cc4FZWKuq14NISjp8EbwHHR-fAqJ-3CgyfxkCa8yUcJST7FgaLy27oOj057VSslBAEmnNY4JnsnvHOHmNYCMqRZh4Xyn_vuFlFIMowCNoIDyM6ucoglwnkZ3isEPXIvOG1AExnHgstRNFjp
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hd.yalla-shoot.io:2096/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame E493 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cc16b8fa65b5aa44cbd3e8c9b0e61601626ee6c1ec11614b9c3dfe6023eef1f1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 wrapper.html Show response
wrappers.geoedge.be/ Frame E493 3 KB
3 KB 36ms
35ms XHR
text/html 2600:9000:2057:f600:2:d490:4d80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://wrappers.geoedge.be/wrapper.html
Requested by: Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/prebid/not-for-prod/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:f600:2:d490:4d80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8265c5aec9ae3882691303cec1b6993e75b12e8071fe6710826f7fc6b5cbccdb

Request headers

Referer: https://hd.yalla-shoot.io:2096/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 04 Apr 2022 03:06:38 GMT
via: 1.1 560d8d35213ac925f8d05c5730db1582.cloudfront.net (CloudFront)
last-modified: Mon, 12 Apr 2021 12:46:04 GMT
server: AmazonS3
age: 19878
etag: "4a6c546fe449447f2a620613c0655458"
access-control-allow-methods: GET
x-amz-version-id: gVDFxbxIIKkKTV40SMjG._OTMed_.wGK
access-control-allow-origin: *
x-cache: Hit from cloudfront
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
content-type: text/html
content-length: 3121
x-amz-cf-id: hSxREVu_ABUx8u2A6thZDyp6Cw8oahLBPfYGSOhD7bzI4sECt1IROw==

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame E493 0
0 52ms
51ms Fetch
image/gif 142.250.184.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstSXIuvlh5r2JVL9nt-g_x5EMdGFZc-dJsJqQtloxxf3lWpjry2ofR0hVH1ohqUj8RTkaa46m2ndCRHQI1YrqM0WMiPfOjZ5RkD8u1UgXGIi-H7LqI-1t_2A23pr5KaTi3-VA3gyHYybyJZfR06RL0oNjWR7-pkb6m_-SHiTFlCn-EAxypVNbzyIID0EM81dSYm-9P61aBuScWevW3iNMiMJGCxiFNcNVmPMtulByMpO1J6Qpcte-KCu78vpZUgTIBqICYLgytM-C5oXaJMCxIPkT-hM-PZ94wYMO5qyVpBm0Uz_W_RTMcOP4ipqqysHqGtdw&sai=AMfl-YTMEgvey8aG8f3FgYwamazgK4AEKabVdZaCOtdipVAglSeu1BPBNn6TX8K4TnQvjnpdd7DiVkxtsW3Zf1zLS-WWrR6sp_ndlidmcVkIhrHyAM05yWFPAC-xz8a774s&sig=Cg0ArKJSzHdiI7EQ8ymoEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hd.yalla-shoot.io:2096/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Apr 2022 08:37:55 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Mon, 04 Apr 2022 08:37:55 GMT

GET
H3 200 container.html Show response
0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame BC70 6 KB
3 KB 19ms
19ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032907.js?cb=31066036

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hd.yalla-shoot.io:2096/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 04 Apr 2022 08:37:54 GMT
expires: Tue, 04 Apr 2023 08:37:54 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css2
fonts.googleapis.com/ Frame BC70 4 KB
1 KB 72ms
27ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: 0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com
URL: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 04 Apr 2022 07:43:03 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 04 Apr 2022 08:37:55 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 04 Apr 2022 08:37:55 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame BD19 8 KB
965 B 63ms
28ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: 0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com
URL: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1e046a89bb90f44dadb24f5fdfbe412b5f6d320b790f7317fad956b193234726

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 04 Apr 2022 07:38:06 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 04 Apr 2022 08:37:55 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 04 Apr 2022 08:37:55 GMT

GET
H3 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/ Frame BD19 2 KB
904 B 17ms
17ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: 0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com
URL: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 08:34:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 177
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 877
x-xss-protection: 0
server: cafe
etag: 13035868154101442325
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 08:34:58 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/ Frame BD19 19 KB
8 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/abg_lite_fy2019.js

Requested by

Host: 0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com
URL: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d072a09604e6a1fea8ef42203503771aa36b63a3c91fd1059966e26e6f5812b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 08:36:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 108
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7871
x-xss-protection: 0
server: cafe
etag: 7397949449432438406
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 08:36:07 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/ Frame BD19 2 KB
1 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/window_focus_fy2019.js

Requested by

Host: 0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com
URL: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 08:27:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 622
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 08:27:33 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame BD19 119 KB
36 KB 31ms
30ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com
URL: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d593fdf64289375adaa96b87ebf4c4beec2995d730e3601254e0a226808bfe57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 08:37:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36916
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648640521462251"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 04 Apr 2022 08:37:55 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/ Frame BD19 15 KB
6 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com
URL: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 08:34:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 209
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6407
x-xss-protection: 0
server: cafe
etag: 6055885685211612390
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 08:34:26 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame BD19 0
0 28ms
27ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRhA-UU73cO4CEhypjf3ge-MmqWLcU8g6xXqeRkpCgmmDHUT3LFGXbLwn0L4UFkoJRhuTcU
Requested by: Host: 0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com
URL: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

GET
H2 200 dfa9fdc9b45632ba17ba59fe64d4dcb5.js Show response
www.gstatic.com/mysidia/ Frame BD19 29 KB
12 KB 62ms
19ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/dfa9fdc9b45632ba17ba59fe64d4dcb5.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: 0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com
URL: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aa0992b4e17a3324d53313c014452f8636a4c6b1b84d3187886c386140911535

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Sat, 02 Apr 2022 11:21:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 162982
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12015
x-xss-protection: 0
last-modified: Tue, 29 Mar 2022 18:36:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Fri, 01 Jul 2022 11:21:33 GMT

GET
H3 200 interstitial_ad_frame_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220330/r20110914/elements/html/ Frame BC70 19 KB
8 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220330/r20110914/elements/html/interstitial_ad_frame_fy2019.js

Requested by

Host: 0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com
URL: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e11dced993be3d8dc0b83a9532f0423d64ef189d577b91a7f9794b653ba435bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Mon, 04 Apr 2022 08:24:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 801
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8226
x-xss-protection: 0
server: cafe
etag: 11792478805792993122
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 18 Apr 2022 08:24:34 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame BC70 205 B
519 B 62ms
22ms Image
image/png 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: 0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com
URL: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Sun, 03 Apr 2022 21:38:16 GMT
x-content-type-options: nosniff
age: 39579
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Mon, 03 Apr 2023 21:38:16 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame BC70 604 B
695 B 62ms
22ms Image
image/png 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: 0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com
URL: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

date: Sun, 03 Apr 2022 21:25:50 GMT
x-content-type-options: nosniff
age: 40325
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Mon, 03 Apr 2023 21:25:50 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 3410 143 B
163 B 46ms
18ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: 0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com
URL: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

age: 1942
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
date: Mon, 04 Apr 2022 08:05:33 GMT
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 3410
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

74ms
74ms

Document
text/html

2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: 0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com
URL: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 04 Apr 2022 08:37:56 GMT
expires: Mon, 04 Apr 2022 08:37:56 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 04 Apr 2022 08:37:56 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ca Show response
choices.trustarc.com/ Frame 8BE8 7 KB
3 KB 60ms
16ms Script
text/javascript 99.86.7.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://choices.trustarc.com/ca?aid=hpeus01&pid=digitas01&cid=1&w=300&h=250&c=digitas01cont2&js=pmw1&base=te-clr1-aa886d09-e315-44fb-be99-1e2a52e7b265
Requested by: Host: choices.truste.com
URL: https://choices.truste.com/ca?pid=digitas01&aid=hpeus01&js=pmw0&cid=1&c=digitas01cont2&w=300&h=250
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.7.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-7-112.fra6.r.cloudfront.net
Software: nginx /
Resource Hash: 3996a1baf53e5aaa0af7198dbf15f9a9f8f63a1eabc5c2450a3d16102692a61e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 03 Apr 2022 09:01:25 GMT
content-encoding: gzip
server: nginx
age: 84991
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
via: 1.1 c275031486c6f7b744b8d30847e98b14.cloudfront.net (CloudFront)
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-amz-cf-pop: FRA6-C1
content-length: 2467
x-amz-cf-id: bXRZ-kR-3RpNX3u9-G5503sI-iqw_R82fIFlS3R-idy4sSdHH_bdMg==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 ca Show response
choices.trustarc.com/ Frame 8BE8 38 KB
11 KB 62ms
18ms Script
text/javascript 99.86.7.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://choices.trustarc.com/ca?aid=hpeus01&pid=digitas01&cid=1&w=300&h=250&c=digitas01cont2&js=pmw2
Requested by: Host: choices.truste.com
URL: https://choices.truste.com/ca?pid=digitas01&aid=hpeus01&js=pmw0&cid=1&c=digitas01cont2&w=300&h=250
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.7.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-7-112.fra6.r.cloudfront.net
Software: nginx /
Resource Hash: e15a095adc9899b592ceccdd4885a3be3674a6bf6ec4be762566360424deb1f3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 03 Apr 2022 16:38:20 GMT
content-encoding: gzip
server: nginx
age: 57576
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
via: 1.1 c275031486c6f7b744b8d30847e98b14.cloudfront.net (CloudFront)
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: lPq7eW3SlgORR6jwa3MPZsn6a8CqMnmcFXKQF5M3MucCE4fO1eEIfw==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 cap
choices.trustarc.com/ Frame 8BE8 43 B
395 B 330ms
286ms Image
image/gif 99.86.7.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://choices.trustarc.com/cap?aid=hpeus01&pid=digitas01&cid=1&w=300&h=250&c=2003
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.7.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-7-112.fra6.r.cloudfront.net
Software: nginx /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 08:37:56 GMT
via: 1.1 c275031486c6f7b744b8d30847e98b14.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA6-C1
vary: Origin
x-cache: Miss from cloudfront
content-type: image/gif
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 43
x-amz-cf-id: VIGlGT6eR7cQb_Z0UWwbzggjVpxgVDoyWhUjaq1zYdUzSYZTRtRfBg==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 8BE8 42 B
64 B 78ms
53ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv2aE38J0xNdXIBwwXMqVUu8Xc_I43lopIGYYpX4GNUtCXIqd1y6FiCWoJy-DVsipnPP5RtBbwxiR2FROfhm3xVwR3j9I7itg7RyQ7MfRExHl7oN-K3Cg&sai=AMfl-YRodsWWdYue_ebT6wAROeMvC7Lb04FC6MLrDABDGW1WBIFNliUslHTfLAnpXvqApaWqkv1QlRTGFvxkfsegAMhyVeA9II_CAbg64L6Z&sig=Cg0ArKJSzHaTBnc4S_AsEAE&cid=CAQSLQCNIrLMnTfsMZU1z8TTJWeOjiyV0w6lw5hzfMHVqYxzRxOa3WaqOOEtYnHszxgB&id=lidar2&mcvt=1000&p=588,650,838,950&mtos=366,1000,1000,1000,1000&tos=366,634,0,0,0&v=20220330&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1564947952&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1649061474775&rpt=267&isd=0&lsd=0&met=ce&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 08:37:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 5F94 42 B
64 B 50ms
50ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss1lbS_pNwEyByxZZA_Luz-0mQoG4Jr-Ty6nHZbr18Mg4QgYfvuDsoRJMxnJXxBdWqwEz6Mlph3pVUv9dNzzJxRkkjggsoSNjTd1VgYebMtjT1nrMTu&sig=Cg0ArKJSzBCV0m567AaaEAE&id=lidar2&mcvt=1000&p=110,650,360,950&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220330&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=3212919061&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1649061475149&rpt=263&isd=0&lsd=0&met=ce&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hd.yalla-shoot.io:2096/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 08:37:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame E493 42 B
64 B 51ms
51ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstD5XGV5fIOfgIPuWNtgOyJfWe0n9mkG_I5UZ7POz65ALGZ6YkfZ04nM2DaTvwhV7jRwkNltL0l-QflAhOXtiD3c-14ZFmD-k1PWN8bYtKxxEeEmPlN&sig=Cg0ArKJSzI3fue3bYQFuEAE&id=lidar2&mcvt=1000&p=433,640,533,960&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220330&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=1242842709&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1649061475401&rpt=126&isd=0&lsd=0&met=ce&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hd.yalla-shoot.io:2096/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Apr 2022 08:37:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

44 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

13 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.yalla-shoot.io/	1970-01-20 19:35:33	Name: _ga Value: GA1.2.2063892645.1649061474
.yalla-shoot.io/	1970-01-20 02:05:47	Name: _gid Value: GA1.2.633900675.1649061474
.yalla-shoot.io/	1970-01-20 02:04:21	Name: _gat_gtag_UA_107335079_1 Value: 1
.doubleclick.net/	1970-01-20 11:25:57	Name: IDE Value: AHWqTUnTng70esOzA8YdSswXE6Wx3_nDWzxVmlHU2UwrpWa5vXGxQPTG4AgtldNnl9M
.adnxs.com/	1970-01-20 04:13:57	Name: uuid2 Value: 7732455920315339831
.casalemedia.com/	1970-01-20 10:49:57	Name: CMID Value: YkquYlkROSj0Qjhj-vyw5AAA
.casalemedia.com/	1970-01-20 04:13:57	Name: CMPS Value: 3193
.casalemedia.com/	1970-01-20 04:13:57	Name: CMPRO Value: 1193
.casalemedia.com/	1970-01-20 02:05:47	Name: CMST Value: YkquY2JKrmMA
.adnxs.com/	1970-01-20 04:13:57	Name: anj Value: dTM7k!M41.D>6NRF']wIg2E>=pPGpD!]tbPl1M>e)ZlrFUfJ+tGXxpG>Q$i%CfB3hW!3MGEoPkIOrX(-Yvq#T]!^+G3If)y3KL9D3I?+EUpp/R
.casalemedia.com/	1970-01-20 10:49:57	Name: CMRUM3 Value: 2d624aae632760CAESEC_SrxP2NwSw2uCuzswAj9s
.yalla-shoot.io/	1970-01-20 11:25:57	Name: __gads Value: ID=bd0151013cb21d84:T=1649061474:S=ALNI_MYMx_nQ2FSHeaWnLK7zUacV85i2hw
.doubleclick.net/	1970-01-20 02:04:25	Name: DSID Value: NO_DATA

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://hd.yalla-shoot.io:2096/m/(Line 323) Message: <link rel=preload> must have a valid `as` value

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0971ad065994753a6f248c27dc753bda.safeframe.googlesyndication.com
acdn.adnxs.com
adservice.google.com
adservice.google.de
bid.g.doubleclick.net
cdn.jsdelivr.net
choices.trustarc.com
choices.truste.com
cm.g.doubleclick.net
dsum-sec.casalemedia.com
fonts.googleapis.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
hd.yalla-shoot.io
ib.adnxs.com
pagead2.googlesyndication.com
s0.2mdn.net
securepubads.g.doubleclick.net
tpc.googlesyndication.com
wrappers.geoedge.be
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
142.250.13.157
142.250.184.226
143.204.215.43
151.101.1.108
172.217.16.130
172.217.18.98
23.35.236.247
2600:9000:2057:f600:2:d490:4d80:93a1
2606:4700:3033::6815:91
2606:4700::6810:5714
2a00:1450:4001:808::2001
2a00:1450:4001:80e::2002
2a00:1450:4001:812::2004
2a00:1450:4001:813::2002
2a00:1450:4001:827::2003
2a00:1450:4001:828::2002
2a00:1450:4001:82a::2001
2a00:1450:4001:82a::200a
2a00:1450:4001:82f::2008
2a00:1450:4001:830::2002
2a00:1450:4001:830::2006
2a00:1450:4001:830::200e
37.252.172.45
99.86.7.112
0007d23baa268a1cd61074407a65f5d2850f4f78a77d0cf141a0c0fdf8fc403f
0155ae4c34de8746eaece5c99d7d2c6b03a90f2f71358eb06794fb6550081e15
074aba7322690bb9710c77e250d936ef4f8744609bd22406be251f9f60ce1385
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0b8c4e63ec70a9085485178bf185cf57d5153f8d545ffa3627fb017c9d623fad
0bc8ca412c2757b04141fe0ceff1706842aa84596b18c889668718146c7778ea
0f749df8033979c430311f2eb745fd1ad8ef79314bad093400285beece4db223
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
132ee5eb3ae2d527cadc1ffde1be983c79ee2afaf575a50fb86b3290afb4da3a
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
183a8a45d21c9e08f327306b313a677e14df544b7fbe005f832bae1ae0828f4a
18588f1581eeeebaef76be52d09261c5c1a886d1a02ede533adb62c334d122e6
1ac5aa4fe12cdd23f0c0843ffd53b462b93a2efb1e86e0e71ce9d0600f1ef694
1ae9c0d7c03c9e7a7fdf7fc880edaed0bacc60ef078f2fdf49aaaf48847e74db
1e046a89bb90f44dadb24f5fdfbe412b5f6d320b790f7317fad956b193234726
1f4b2473f064e4fad3d4df0685956b652ecbfc071c92a9bcaa1acfa542f04f18
257bd8aa57a3c0f12f6e50ad641a72238e56cb085cda6ffa9f76fb3481627270
28c33e9f6778c5ecef99513343b186c525965b39d6c243c4d676b65980afd81e
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
2c691f2ba220277ace9e35906a561ac156db7d4e78f119581f7eb3eaa71370bd
300f287e77598e64c4b5951157b0a3764b1f42d31023a107500f28bba61f43c1
3122eb769afe3611fa87c42581d5478642d7082432237fd0e0ec62387cb0873f
3344d8e01236838797e394eb8fc67aee0a04981208db43b303c6029260b960aa
37dd18a296e3d20dd8168ba27f43252af6016711bd2f54d0704d702c930cee2d
3996a1baf53e5aaa0af7198dbf15f9a9f8f63a1eabc5c2450a3d16102692a61e
3bb5a8d6326cad30f3659d4d268e312dbd907c83733062c64e1fb5e31189251e
41639d9dacd382913d7dffce2dbcae0b529e00eb071d8dcf18d47dc6c77f2cae
479a8c676416b8e3bd723fcad11174a82b0f1d985317e65663a286b0365d6cf9
4a18b0faf6a447454e134730303202f8416b72f1d4f744b1d3b4646636240eb7
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e00b87b9f44d18a4e0624d8a8d0b8d4e73f33aeb02a4448b476819551b46959
4eba83a2f7780de6d5262709bc88dacc0865a801ce775799abb3e022e14d000a
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
50b355d30ddbdcfbc57eb2a32734c6574995395b4c64f278ce270f8646b5f3b4
53c6f4d37fbade902178cc0299397472934bb3c16803f229a85fdf809f6ae6cb
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
57f23d924134c1e69cb19609ee15c7b1fd54da5ec1b39cc7422ef08d025a51f0
5afccded806975af4d489d80eec03c867d6d8455b094b01abd9a788fa18dc41e
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5cf86ea3904f96ce75441057cc58106eedc9f049d34e2a7ed5023a87d916ec6a
60d0cdf0b18fc47a4d55b4a2aeccd0b2bcc71063ca21ec0eb538bea39833dda4
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6377c50d247a2bb8f230a95c62cb95df87da9798f3c72a2b75a7a1a13759f586
6670d2ec810a340077c652c696d03e814755229a558f343993df740890f7b4fc
68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
725695280088b4a7f1f43936b2ff0ec321040d4921c1b782e97c74cc5c89e02f
75328f63d0132f422b0bb6f77b09386f8e7ad2691eb9ec071d68bdb5dffb2a3d
76366170a2516debf896555ad7b9fe7eb41a17736bd57a9a3f65e220641a5bd1
78ade184ea09ec2b6fa1fbbe503999ad6d796c3257167f63fbf5975b2317284e
7a487d46a028c374c609924015d8c7ef6dd28b613a3739aa97ed2080984775bb
7b4cf9257e24c1889f6ec117dd6cbac33fc5f8fd0e353a955d382966a94daaf8
8265c5aec9ae3882691303cec1b6993e75b12e8071fe6710826f7fc6b5cbccdb
89fcc0375149a3f29180c96159cca98bffe1e6bbb2ba93727628c90ccaa91db5
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a6b5904a70350dcd550b51499b39cd018cdef8fbba755b49c7655eeef46aa4ef
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
aa0992b4e17a3324d53313c014452f8636a4c6b1b84d3187886c386140911535
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b4b49d4d31bafde40cecd2f1810924311d1c8e3809fbaaddc3a1578c3e18b34e
b786104daa7a2898e96f965a09b193a5fa68b6aec76ee8fb2e252e10dcd4338d
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bfff0d76c096d6482dbef005228c6b366df5cca84500a880de4de82c6a5d863b
c3ad006b390607f774d61b6ba65b6bc0216b92f4a68b9982fba448df6ddbc4ce
c4c880a7f8ea867ce790f194de65783df5e6e36b276f3afd2a9f95d4e04d2f02
c5a8cec60b5774c8e0ea5d3feed60f15820528d3cf18a4634cd29c6b23baa2b4
c710144c388b2c80f8ff99c5a8e29c39da3e377524f25d72041e6b99490548d1
cc16b8fa65b5aa44cbd3e8c9b0e61601626ee6c1ec11614b9c3dfe6023eef1f1
d04e265f592f9dd22e534707569ea81b46e9ebac59f22869f25b522b9b341f51
d072a09604e6a1fea8ef42203503771aa36b63a3c91fd1059966e26e6f5812b3
d15d1d7a1825e2bc3100264e68755d15931cfaed248f2c541c4dfe523b3929da
d33fc852271c8e85abe9b52d14bd0aac97f053d9d8a5dcba1d7fb15159724cbb
d593fdf64289375adaa96b87ebf4c4beec2995d730e3601254e0a226808bfe57
d66ddf63cfc9a614849bcb959e3b616478106a8754cb9f8ecb8b618977a73209
de103d5f4ad393bb96697192045e2f571c47b491690081364d746755fbc9a3f9
e11dced993be3d8dc0b83a9532f0423d64ef189d577b91a7f9794b653ba435bd
e15a095adc9899b592ceccdd4885a3be3674a6bf6ec4be762566360424deb1f3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef3cd42ee43cad75a80a68212f6945c8ad7fb4dd4de5a27ebc0c36635531aa0f
ef413b0b80c03fc5034b6476bc093240df6fe35c78e3e7994148d6b6899a276d
f84fe760c5f41a718116f581828a4118a07c55386683602ff8778a777bdc939c
ff7b8783e6d2795679723629ed1bd1331c223e0faf0fc9fd3deb67b03c78ea1e

hd.yalla-shoot.io Open in urlscan Pro 2606:4700:3033::6815:91 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

109 Requests

94 %HTTPS

63 %IPv6

17 Domains

25 Subdomains

25 IPs

2 Countries

2357 kBTransfer

6945 kBSize

13 Cookies

2 Outgoing links

Page URL History

Redirected requests

109 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 8 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

hd.yalla-shoot.io Open in urlscan Pro
2606:4700:3033::6815:91 Public Scan

Screenshot
Live screenshot

Full Image

109
Requests

94 %
HTTPS

63 %
IPv6

17
Domains

25
Subdomains

25
IPs

2
Countries

2357 kB
Transfer

6945 kB
Size

13
Cookies

109 HTTP transactions
8 data transactions