www.baltana.com Open in urlscan Pro
95.211.152.187 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://www.baltana.com/movies/birds-of-prey-hd-wallpaper-50230.html
Submission: On April 09 via manual (April 9th 2021, 8:53:31 am UTC) from IN

Summary HTTP 161 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 59 IPs in 9 countries across 61 domains to perform 161 HTTP transactions. The main IP is 95.211.152.187, located in Netherlands and belongs to LEASEWEB-NL-AMS-01 Netherlands, NL. The main domain is www.baltana.com.

This is the only time www.baltana.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
15	95.211.152.187 95.211.152.187	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
1	2600:9000:207... 2600:9000:2070:4600:1c:8a07:5e80:93a1	16509 (AMAZON-02) (AMAZON-02)
6	2606:4700:20:... 2606:4700:20::ac43:4597	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:800::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:bcf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:82b::200e	15169 (GOOGLE) (GOOGLE)
1	2606:4700:20:... 2606:4700:20::681a:fee	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
1	2600:9000:207... 2600:9000:2070:3e00:c:abe:f440:93a1	16509 (AMAZON-02) (AMAZON-02)
7	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
1	2600:9000:209... 2600:9000:2093:8e00:c:a9b7:ddc0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
1	2a04:4e42:3::621 2a04:4e42:3::621	54113 (FASTLY) (FASTLY)
1	2606:4700:20:... 2606:4700:20::681a:eee	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	3.122.26.231 3.122.26.231	16509 (AMAZON-02) (AMAZON-02)
1	35.174.194.37 35.174.194.37	14618 (AMAZON-AES) (AMAZON-AES)
7	2600:9000:201... 2600:9000:2016:7200:1d:85c3:6640:93a1	16509 (AMAZON-02) (AMAZON-02)
1	216.58.212.162 216.58.212.162	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:808::2001	15169 (GOOGLE) (GOOGLE)
6 8	37.252.172.45 37.252.172.45	29990 (ASN-APPNEX) (ASN-APPNEX)
4 5	136.144.59.88 136.144.59.88	54825 (PACKET) (PACKET)
1	178.250.0.165 178.250.0.165	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	184.31.84.150 184.31.84.150	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	185.184.8.30 185.184.8.30	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
1 2	5.178.65.245 5.178.65.245	50673 (SERVERIUS-AS) (SERVERIUS-AS)
1 13	2606:4700:20:... 2606:4700:20::681a:24e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	18.156.195.47 18.156.195.47	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:80f::2001	15169 (GOOGLE) (GOOGLE)
2	2a02:2638:1::3 2a02:2638:1::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a02:2638::1c 2a02:2638::1c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	151.101.13.108 151.101.13.108	54113 (FASTLY) (FASTLY)
17	2606:4700:10:... 2606:4700:10::6816:1957	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6 19	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
6 6	172.217.16.130 172.217.16.130	15169 (GOOGLE) (GOOGLE)
2 3	35.227.248.159 35.227.248.159	15169 (GOOGLE) (GOOGLE)
2 3	37.157.6.242 37.157.6.242	198622 (ADFORM) (ADFORM)
3 5	52.17.101.63 52.17.101.63	16509 (AMAZON-02) (AMAZON-02)
1	151.101.13.44 151.101.13.44	54113 (FASTLY) (FASTLY)
1	154.57.158.51 154.57.158.51	26558 (FREEWHEEL) (FREEWHEEL)
2	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	2a05:d018:24:... 2a05:d018:24:b001:d120:1359:acbb:2de6	16509 (AMAZON-02) (AMAZON-02)
2 2	34.246.39.225 34.246.39.225	16509 (AMAZON-02) (AMAZON-02)
1	18.198.69.109 18.198.69.109	16509 (AMAZON-02) (AMAZON-02)
1 1	151.1.205.165 151.1.205.165	3242 (ASN-ITNET) (ASN-ITNET)
1 1	85.114.159.93 85.114.159.93	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
2 2	35.201.81.244 35.201.81.244	15169 (GOOGLE) (GOOGLE)
1	89.163.159.109 89.163.159.109	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
3 4	52.208.103.128 52.208.103.128	16509 (AMAZON-02) (AMAZON-02)
1 1	212.82.100.182 212.82.100.182	34010 (YAHOO-IRD) (YAHOO-IRD)
1 1	3.127.52.31 3.127.52.31	16509 (AMAZON-02) (AMAZON-02)
1	34.98.67.61 34.98.67.61	15169 (GOOGLE) (GOOGLE)
2	52.51.159.158 52.51.159.158	16509 (AMAZON-02) (AMAZON-02)
1	168.119.149.178 168.119.149.178	24940 (HETZNER-AS) (HETZNER-AS)
2 2	151.101.14.49 151.101.14.49	54113 (FASTLY) (FASTLY)
1 1	2.18.233.201 2.18.233.201	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	34.237.146.133 34.237.146.133	14618 (AMAZON-AES) (AMAZON-AES)
1 2	52.95.123.167 52.95.123.167	16509 (AMAZON-02) (AMAZON-02)
1 1	23.45.110.176 23.45.110.176	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	54.194.247.63 54.194.247.63	16509 (AMAZON-02) (AMAZON-02)
4 4	18.156.0.31 18.156.0.31	16509 (AMAZON-02) (AMAZON-02)
3 3	72.251.249.14 72.251.249.14	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
2 2	23.111.200.118 23.111.200.118	7979 (SERVERS-COM) (SERVERS-COM)
3 3	52.59.28.101 52.59.28.101	16509 (AMAZON-02) (AMAZON-02)
7	51.89.9.254 51.89.9.254	16276 (OVH) (OVH)
1	67.202.110.32 67.202.110.32	32748 (STEADFAST) (STEADFAST)
2	2.18.233.180 2.18.233.180	16625 (AKAMAI-AS) (AKAMAI-AS)
3 3	185.29.132.144 185.29.132.144	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
3 4	52.29.176.117 52.29.176.117	16509 (AMAZON-02) (AMAZON-02)
2 4	52.94.232.32 52.94.232.32	16509 (AMAZON-02) (AMAZON-02)
1 1	3.81.223.233 3.81.223.233	14618 (AMAZON-AES) (AMAZON-AES)
1 1	2a02:fa8:8806... 2a02:fa8:8806:12::1370	41041 (VCLK-EU-SE) (VCLK-EU-SE)
2 3	104.111.242.53 104.111.242.53	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	193.0.160.129 193.0.160.129	54312 (ROCKETFUEL) (ROCKETFUEL)
1 2	54.204.142.198 54.204.142.198	14618 (AMAZON-AES) (AMAZON-AES)
161	59

15 95.211.152.187 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

www.baltana.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2070:4600:1c:8a07:5e80:93a1 (United States)

ASN16509 (AMAZON-02, US)

platform-api.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:20::ac43:4597 (United States)

ASN13335 (CLOUDFLARENET, US)

services.vlitag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.vlitag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:fee (United States)

ASN13335 (CLOUDFLARENET, US)

tag.vlitag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2070:3e00:c:abe:f440:93a1 (United States)

ASN16509 (AMAZON-02, US)

buttons-config.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2093:8e00:c:a9b7:ddc0:93a1 (United States)

ASN16509 (AMAZON-02, US)

c.sharethis.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:3::621 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:eee (United States)

ASN13335 (CLOUDFLARENET, US)

logs.vlitag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.122.26.231 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-122-26-231.eu-central-1.compute.amazonaws.com

l.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.174.194.37 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-174-194-37.compute-1.amazonaws.com

count-server.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2600:9000:2016:7200:1d:85c3:6640:93a1 (United States)

ASN16509 (AMAZON-02, US)

platform-cdn.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.212.162 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f162.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:808::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 37.252.172.45 (Frankfurt am Main, Germany) 6 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 136.144.59.88 (Secaucus, United States) 4 redirects

ASN54825 (PACKET, US)

prebid.a-mo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.0.165 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: bidder.par.vip.prod.criteo.com

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.31.84.150 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a184-31-84-150.deploy.static.akamaitechnologies.com

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.184.8.30 (Amsterdam, Netherlands)

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-30.rtbhouse.net

prebid-eu.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 5.178.65.245 (Woerden, Netherlands) 1 redirects

ASN50673 (SERVERIUS-AS, NL)
PTR: ads.us.e-planning.net

ads.us.e-planning.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2606:4700:20::681a:24e (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

useast.quantumdex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.quantumdex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ms.quantumdex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.156.195.47 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-195-47.eu-central-1.compute.amazonaws.com

c2shb.ssp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

bee38a3939055239b53840bc7eacab5f.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:1::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638::1c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.13.108 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2606:4700:10::6816:1957 (United States)

ASN13335 (CLOUDFLARENET, US)

spl.zeotap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mwzeom.zeotap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2.18.234.21 (Frankfurt am Main, Germany) 6 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

js-sec.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 172.217.16.130 (United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: fra15s46-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.227.248.159 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 159.248.227.35.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.157.6.242 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

dmp.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.17.101.63 (Dublin, Ireland) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-17-101-63.eu-west-1.compute.amazonaws.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.13.44 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 154.57.158.51 (United States)

ASN26558 (FREEWHEEL, US)
PTR: amsadvip2.fwmrm.net

dmp.v.fwmrm.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.190.78 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:d018:24:b001:d120:1359:acbb:2de6 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

sync.tidaltv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.246.39.225 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-246-39-225.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.198.69.109 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-198-69-109.eu-central-1.compute.amazonaws.com

loadeu.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.1.205.165 (Erba, Italy) 1 redirects

ASN3242 (ASN-ITNET, IT)

bn01.er.bemail.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.93 (Germany) 1 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.201.81.244 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)

idsync.frontend.weborama.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 89.163.159.109 (Düsseldorf, Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)

dmp.theadex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.208.103.128 (Dublin, Ireland) 3 redirects

ASN16509 (AMAZON-02, US)

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 212.82.100.182 (United Kingdom) 1 redirects

ASN34010 (YAHOO-IRD, GB)

cms.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.127.52.31 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.61 (Kansas City, United States)

ASN15169 (GOOGLE, US)

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.51.159.158 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 168.119.149.178 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.178.149.119.168.clients.your-server.de

sync.richaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.14.49 (Frankfurt am Main, Germany) 2 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.233.201 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-201.deploy.static.akamaitechnologies.com

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.237.146.133 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

usermatch.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.95.123.167 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

aax-eu.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.45.110.176 (Frankfurt am Main, Germany) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-45-110-176.deploy.static.akamaitechnologies.com

tags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.194.247.63 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-194-247-63.eu-west-1.compute.amazonaws.com

obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.156.0.31 (Frankfurt am Main, Germany) 4 redirects

ASN16509 (AMAZON-02, US)

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 72.251.249.14 (Amsterdam, Netherlands) 3 redirects

ASN29791 (VOXEL-DOT-NET, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.111.200.118 (Russian Federation) 2 redirects

ASN7979 (SERVERS-COM, US)

ads.betweendigital.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.59.28.101 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 51.89.9.254 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: ip254.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.202.110.32 (United States)

ASN32748 (STEADFAST, US)
PTR: ip32.67-202-110.static.steadfastdns.net

ic.tynt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.233.180 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-180.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.29.132.144 (United Kingdom) 3 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel-eu.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.29.176.117 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.94.232.32 (Ashburn, United States) 2 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.81.223.233 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

nep.advangelists.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:12::1370 (United States) 1 redirects

ASN41041 (VCLK-EU-SE, US)

casale-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.111.242.53 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-242-53.deploy.static.akamaitechnologies.com

px.owneriq.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.0.160.129 (United States) 1 redirects

ASN54312 (ROCKETFUEL, US)

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.204.142.198 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

um2.eqads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	casalemedia.com 6 redirects htlb.casalemedia.com ssum.casalemedia.com ssum-sec.casalemedia.com dsum-sec.casalemedia.com dsum.casalemedia.com	18 KB
17	zeotap.com spl.zeotap.com mwzeom.zeotap.com	6 KB
15	baltana.com www.baltana.com	2 MB
14	doubleclick.net 6 redirects googleads.g.doubleclick.net securepubads.g.doubleclick.net cm.g.doubleclick.net	110 KB
13	quantumdex.io 1 redirects useast.quantumdex.io sync.quantumdex.io ms.quantumdex.io	6 KB
11	sharethis.com platform-api.sharethis.com buttons-config.sharethis.com l.sharethis.com count-server.sharethis.com platform-cdn.sharethis.com	41 KB
10	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com bee38a3939055239b53840bc7eacab5f.safeframe.googlesyndication.com	203 KB
9	yahoo.com 5 redirects c2shb.ssp.yahoo.com cms.analytics.yahoo.com ups.analytics.yahoo.com	7 KB
9	adnxs.com 6 redirects ib.adnxs.com acdn.adnxs.com	24 KB
8	vlitag.com services.vlitag.com tag.vlitag.com assets.vlitag.com logs.vlitag.com	360 KB
7	onetag-sys.com onetag-sys.com	3 KB
6	amazon-adsystem.com 3 redirects aax-eu.amazon-adsystem.com s.amazon-adsystem.com	3 KB
5	adsrvr.org 3 redirects match.adsrvr.org	2 KB
5	a-mo.net 4 redirects prebid.a-mo.net	1 KB
4	bidswitch.net 3 redirects x.bidswitch.net	1 KB
4	mathtag.com 4 redirects pixel.mathtag.com sync.mathtag.com	2 KB
4	crwdcntrl.net 3 redirects bcp.crwdcntrl.net	2 KB
4	pubmatic.com image6.pubmatic.com ads.pubmatic.com	18 KB
4	google.com adservice.google.com	1 KB
4	google.de adservice.google.de	2 KB
3	owneriq.net 2 redirects px.owneriq.net	1 KB
3	advertising.com 3 redirects pixel.advertising.com	1022 B
3	lijit.com 3 redirects ap.lijit.com	2 KB
3	krxd.net 1 redirects beacon.krxd.net usermatch.krxd.net	943 B
3	adform.net 2 redirects dmp.adform.net	1 KB
3	tapad.com 2 redirects pixel.tapad.com	1 KB
2	eqads.com 1 redirects um2.eqads.com	564 B
2	betweendigital.com 2 redirects ads.betweendigital.com	925 B
2	everesttech.net 2 redirects sync-tm.everesttech.net	854 B
2	weborama.fr 2 redirects idsync.frontend.weborama.fr	845 B
2	demdex.net 2 redirects dpm.demdex.net	2 KB
2	tidaltv.com 2 redirects sync.tidaltv.com	792 B
2	indexww.com js-sec.indexww.com	2 KB
2	criteo.net static.criteo.net	51 KB
2	e-planning.net 1 redirects ads.us.e-planning.net	1 KB
2	criteo.com bidder.criteo.com gum.criteo.com	294 B
2	googletagservices.com www.googletagservices.com	48 KB
2	gstatic.com fonts.gstatic.com	32 KB
2	google-analytics.com www.google-analytics.com	17 KB
1	rfihub.com 1 redirects p.rfihub.com	773 B
1	dotomi.com 1 redirects casale-match.dotomi.com	187 B
1	advangelists.com 1 redirects nep.advangelists.com	232 B
1	rubiconproject.com pixel-eu.rubiconproject.com	239 B
1	tynt.com ic.tynt.com
1	imrworldwide.com obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com	38 B
1	bluekai.com 1 redirects tags.bluekai.com	346 B
1	richaudience.com sync.richaudience.com	360 B
1	mookie1.com odr.mookie1.com	324 B
1	agkn.com 1 redirects aa.agkn.com	378 B
1	theadex.com dmp.theadex.com	378 B
1	adition.com 1 redirects dsp.adfarm1.adition.com	596 B
1	bemail.it 1 redirects bn01.er.bemail.it	659 B
1	exelator.com loadeu.exelator.com	324 B
1	fwmrm.net dmp.v.fwmrm.net	361 B
1	taboola.com trc.taboola.com	163 B
1	creativecdn.com prebid-eu.creativecdn.com	176 B
1	googleadservices.com partner.googleadservices.com	640 B
1	jsdelivr.net cdn.jsdelivr.net	1 KB
1	consensu.org c.sharethis.mgr.consensu.org	1 KB
1	bootstrapcdn.com maxcdn.bootstrapcdn.com	7 KB
1	googleapis.com fonts.googleapis.com	1 KB
161	61

	Domain	Requested by
15	www.baltana.com	www.baltana.com
14	mwzeom.zeotap.com
11	sync.quantumdex.io	assets.vlitag.com sync.quantumdex.io onetag-sys.com ssum-sec.casalemedia.com
9	dsum-sec.casalemedia.com	3 redirects ssum-sec.casalemedia.com um2.eqads.com
8	ib.adnxs.com	6 redirects assets.vlitag.com spl.zeotap.com
7	onetag-sys.com	sync.quantumdex.io onetag-sys.com
7	platform-cdn.sharethis.com
6	ssum-sec.casalemedia.com	2 redirects sync.quantumdex.io js-sec.indexww.com ssum-sec.casalemedia.com
6	cm.g.doubleclick.net	6 redirects
6	googleads.g.doubleclick.net	pagead2.googlesyndication.com
6	pagead2.googlesyndication.com	www.baltana.com pagead2.googlesyndication.com tpc.googlesyndication.com
5	match.adsrvr.org	3 redirects ssum-sec.casalemedia.com
5	prebid.a-mo.net	4 redirects assets.vlitag.com
4	s.amazon-adsystem.com	2 redirects ssum-sec.casalemedia.com
4	x.bidswitch.net	3 redirects ssum-sec.casalemedia.com
4	ups.analytics.yahoo.com	4 redirects
4	bcp.crwdcntrl.net	3 redirects ssum-sec.casalemedia.com
4	c2shb.ssp.yahoo.com	assets.vlitag.com
4	adservice.google.com	pagead2.googlesyndication.com securepubads.g.doubleclick.net
4	adservice.google.de	pagead2.googlesyndication.com securepubads.g.doubleclick.net
4	assets.vlitag.com	tag.vlitag.com
3	px.owneriq.net	2 redirects ssum-sec.casalemedia.com
3	sync.mathtag.com	3 redirects
3	pixel.advertising.com	3 redirects
3	ap.lijit.com	3 redirects
3	dmp.adform.net	2 redirects spl.zeotap.com
3	pixel.tapad.com	2 redirects spl.zeotap.com
3	spl.zeotap.com	assets.vlitag.com spl.zeotap.com
3	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com securepubads.g.doubleclick.net
2	um2.eqads.com	1 redirects ssum-sec.casalemedia.com
2	ads.pubmatic.com	sync.quantumdex.io ads.pubmatic.com
2	ads.betweendigital.com	2 redirects
2	aax-eu.amazon-adsystem.com	1 redirects
2	sync-tm.everesttech.net	2 redirects
2	beacon.krxd.net	spl.zeotap.com
2	idsync.frontend.weborama.fr	2 redirects
2	dpm.demdex.net	2 redirects
2	sync.tidaltv.com	2 redirects
2	image6.pubmatic.com	spl.zeotap.com ads.pubmatic.com
2	js-sec.indexww.com	assets.vlitag.com ssum-sec.casalemedia.com
2	static.criteo.net	assets.vlitag.com static.criteo.net
2	ads.us.e-planning.net	1 redirects
2	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net
2	www.googletagservices.com	tag.vlitag.com pagead2.googlesyndication.com
2	fonts.gstatic.com	fonts.googleapis.com
2	www.google-analytics.com	www.baltana.com
2	services.vlitag.com	www.baltana.com services.vlitag.com
1	p.rfihub.com	1 redirects
1	dsum.casalemedia.com	ssum-sec.casalemedia.com
1	casale-match.dotomi.com	1 redirects
1	nep.advangelists.com	1 redirects
1	pixel-eu.rubiconproject.com	onetag-sys.com
1	ic.tynt.com	sync.quantumdex.io
1	ms.quantumdex.io	1 redirects
1	ssum.casalemedia.com	1 redirects
1	obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com	spl.zeotap.com
1	tags.bluekai.com	1 redirects
1	usermatch.krxd.net	1 redirects
1	pixel.mathtag.com	1 redirects
1	sync.richaudience.com	spl.zeotap.com
1	odr.mookie1.com	spl.zeotap.com
1	aa.agkn.com	1 redirects
1	cms.analytics.yahoo.com	1 redirects
1	dmp.theadex.com	spl.zeotap.com
1	dsp.adfarm1.adition.com	1 redirects
1	bn01.er.bemail.it	1 redirects
1	loadeu.exelator.com	spl.zeotap.com
1	dmp.v.fwmrm.net	spl.zeotap.com
1	trc.taboola.com	spl.zeotap.com
1	acdn.adnxs.com	assets.vlitag.com
1	gum.criteo.com	static.criteo.net
1	bee38a3939055239b53840bc7eacab5f.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	useast.quantumdex.io	assets.vlitag.com
1	prebid-eu.creativecdn.com	assets.vlitag.com
1	htlb.casalemedia.com	assets.vlitag.com
1	bidder.criteo.com	assets.vlitag.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	count-server.sharethis.com	platform-api.sharethis.com
1	l.sharethis.com	platform-api.sharethis.com
1	logs.vlitag.com	www.baltana.com
1	cdn.jsdelivr.net	assets.vlitag.com
1	c.sharethis.mgr.consensu.org	platform-api.sharethis.com
1	buttons-config.sharethis.com	platform-api.sharethis.com
1	tag.vlitag.com	services.vlitag.com
1	maxcdn.bootstrapcdn.com	www.baltana.com
1	fonts.googleapis.com	www.baltana.com
1	platform-api.sharethis.com	www.baltana.com
161	87

This site contains links to these domains. Also see Links.

Domain
valueimpression.com

Subject Issuer	Validity	Valid
*.g.doubleclick.net GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-07-14` - `2021-07-14`	a year	crt.sh
sharethis.com Amazon	`2020-08-17` - `2021-09-16`	a year	crt.sh
sharethis.mgr.consensu.org Amazon	`2021-04-07` - `2022-05-06`	a year	crt.sh
f3.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2021-03-25` - `2022-03-26`	a year	crt.sh
*.googleadservices.com GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
*.google.de GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2021-03-16` - `2021-06-08`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.a-mo.net R3	`2021-03-12` - `2021-06-10`	3 months	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-01-30` - `2021-04-28`	3 months	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
*.creativecdn.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-03-30` - `2022-04-12`	a year	crt.sh
ads.us.e-planning.net R3	`2021-03-15` - `2021-06-13`	3 months	crt.sh
web.ssp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-03-18` - `2021-09-08`	6 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-01-30` - `2021-04-28`	3 months	crt.sh
cdn.adnxs.com GlobalSign CloudSSL CA - SHA256 - G3	`2021-03-16` - `2022-03-17`	a year	crt.sh
track.adform.net DigiCert SHA2 Secure Server CA	`2019-09-16` - `2021-09-20`	2 years	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-25` - `2021-12-26`	a year	crt.sh
*.v.fwmrm.net DigiCert TLS RSA SHA256 2020 CA1	`2020-11-17` - `2021-12-18`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2020-12-07` - `2021-12-14`	a year	crt.sh
*.exelator.com Go Daddy Secure Certificate Authority - G2	`2019-05-17` - `2021-06-25`	2 years	crt.sh
*.tapad.com DigiCert SHA2 Secure Server CA	`2020-10-05` - `2021-11-06`	a year	crt.sh
*.theadex.com GeoTrust RSA CA 2018	`2019-10-11` - `2021-10-10`	2 years	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-22` - `2022-03-25`	a year	crt.sh
beacon.krxd.net DigiCert TLS RSA SHA256 2020 CA1	`2021-01-13` - `2022-01-07`	a year	crt.sh
*.richaudience.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-03-17` - `2022-03-16`	a year	crt.sh
aax-eu.amazon-adsystem.com Amazon	`2020-06-15` - `2021-06-15`	a year	crt.sh
*.redinuid.imrworldwide.com Amazon	`2020-07-24` - `2021-08-24`	a year	crt.sh
onetag-sys.com R3	`2021-03-16` - `2021-06-14`	3 months	crt.sh
*.tynt.com Sectigo RSA Domain Validation Secure Server CA	`2020-06-01` - `2021-09-30`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2020-12-18` - `2022-01-18`	a year	crt.sh
*.adsrvr.org Trustwave Organization Validation SHA256 CA, Level 1	`2019-03-07` - `2021-04-19`	2 years	crt.sh
s.amazon-adsystem.com Amazon	`2020-08-28` - `2021-08-20`	a year	crt.sh
*.crwdcntrl.net Go Daddy Secure Certificate Authority - G2	`2019-06-13` - `2021-06-28`	2 years	crt.sh
*.owneriq.net GeoTrust RSA CA 2018	`2021-01-29` - `2022-02-02`	a year	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2020-04-23` - `2022-05-04`	2 years	crt.sh
um3.eqads.com Amazon	`2020-07-24` - `2021-08-24`	a year	crt.sh

This page contains 21 frames:

Primary Page: http://www.baltana.com/movies/birds-of-prey-hd-wallpaper-50230.html
Frame ID: DFF885C2FDBA0C1E2FA0AE94F9417837
Requests: 76 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210406/r20190131/zrt_lookup.html
Frame ID: 7957A2F781DED5CB9C28CE4902F820E4
Requests: 1 HTTP requests in this frame

Frame: https://c.sharethis.mgr.consensu.org/portal-v2.html
Frame ID: B68CFEFE52EA87F6949B5D6E72C7942B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?gdpr=1&client=ca-pub-8822717667672157&output=html&h=280&slotname=4122239477&adk=3617611172&adf=428091284&pi=t.ma~as.4122239477&w=1200&fwrn=4&fwrnh=100&lmt=1617958393&rafmt=1&psa=0&format=1200x280&url=http%3A%2F%2Fwww.baltana.com%2Fmovies%2Fbirds-of-prey-hd-wallpaper-50230.html&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1617958392613&bpp=19&bdt=277&idt=113&shv=r20210406&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=5830682931129&frm=20&pv=2&ga_vid=757497140.1617958393&ga_sid=1617958393&ga_hid=1774293243&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=358&ady=223&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736524%2C44740079%2C44739387%2C21065725&oid=3&pvsid=3084223088655524&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CoeE%7C&abl=NS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=ySogBbnl95&p=http%3A//www.baltana.com&dtd=635
Frame ID: 75748977D213A83B265CE70DC0D21348
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?gdpr=1&client=ca-pub-8822717667672157&output=html&h=280&slotname=9511443968&adk=1347380643&adf=50715647&pi=t.ma~as.9511443968&w=1200&fwrn=4&fwrnh=100&lmt=1617958393&rafmt=1&psa=0&format=1200x280&url=http%3A%2F%2Fwww.baltana.com%2Fmovies%2Fbirds-of-prey-hd-wallpaper-50230.html&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1617958392613&bpp=4&bdt=277&idt=133&shv=r20210406&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&correlator=5830682931129&frm=20&pv=1&ga_vid=757497140.1617958393&ga_sid=1617958393&ga_hid=1774293243&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=358&ady=1801&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736524%2C44740079%2C44739387%2C21065725&oid=3&pvsid=3084223088655524&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CoeEbr%7C&abl=NS&pfx=0&fu=128&bc=23&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=B78cj1qzns&p=http%3A//www.baltana.com&dtd=657
Frame ID: 4D12BF0FD81494F77102D2CDD41694D7
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?gdpr=1&client=ca-pub-8822717667672157&output=html&h=280&slotname=9511443968&adk=1313859671&adf=2115528348&pi=t.ma~as.9511443968&w=1200&fwrn=4&fwrnh=100&lmt=1617958393&rafmt=1&psa=0&format=1200x280&url=http%3A%2F%2Fwww.baltana.com%2Fmovies%2Fbirds-of-prey-hd-wallpaper-50230.html&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1617958392613&bpp=1&bdt=276&idt=206&shv=r20210406&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C1200x280&correlator=5830682931129&frm=20&pv=1&ga_vid=757497140.1617958393&ga_sid=1617958393&ga_hid=1774293243&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=358&ady=2582&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736524%2C44740079%2C44739387%2C21065725&oid=3&pvsid=3084223088655524&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CoeEbr%7C&abl=NS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=Sdjx3GJUug&p=http%3A//www.baltana.com&dtd=726
Frame ID: FC4D17C4E6690B9FEA5330DCFDD2BA06
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?gdpr=1&client=ca-pub-8822717667672157&output=html&adk=1812271804&adf=3025194257&lmt=1617958393&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=http%3A%2F%2Fwww.baltana.com%2Fmovies%2Fbirds-of-prey-hd-wallpaper-50230.html&ea=0&flash=0&pra=7&wgl=1&dt=1617958392613&bpp=1&bdt=277&idt=228&shv=r20210406&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C1200x280%2C1200x280&nras=1&correlator=5830682931129&frm=20&pv=1&ga_vid=757497140.1617958393&ga_sid=1617958393&ga_hid=1774293243&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736524%2C44740079%2C44739387%2C21065725&oid=3&pvsid=3084223088655524&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=23&ifi=4&uci=a!4&fsb=1&dtd=740
Frame ID: A6DB4A1C455DFCC28067B7579D75E910
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Frame ID: F335B240D6DB238C2616072547ADE006
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?gdpr=1&client=ca-pub-8822717667672157&output=html&h=250&adk=1339671731&adf=866502912&pi=t.aa~a.3586623994~rp.3&w=317&fwrn=4&fwrnh=100&lmt=1617958393&rafmt=1&to=qs&pwprc=8811152736&psa=0&format=317x250&url=http%3A%2F%2Fwww.baltana.com%2Fmovies%2Fbirds-of-prey-hd-wallpaper-50230.html&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1617958393439&bpp=1&bdt=1103&idt=1&shv=r20210406&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5159d8359849cb4a-22b1b4fd09bb004b%3AT%3D1617958393%3ART%3D1617958393%3AS%3DALNI_MYcm6_scg4frYD-JikM9ZHtCEmQmA&prev_fmts=1200x280%2C1200x280%2C1200x280%2C0x0&nras=2&correlator=5830682931129&frm=20&pv=1&ga_vid=757497140.1617958393&ga_sid=1617958393&ga_hid=1774293243&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=8&ady=1531&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736524%2C44740079%2C44739387%2C21065725&oid=3&pvsid=3084223088655524&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=AvC4x1ywoB&p=http%3A//www.baltana.com&dtd=523
Frame ID: 0AD7DB97A1EDDB677FBFBE6E0BD78201
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?topUrl=www.baltana.com&gdpr=1&gdpr_consent=
Frame ID: D32BC2BF968B9F5607E12E35AC411248
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 64945C5553035C68EF79A9C489F007DF
Requests: 1 HTTP requests in this frame

Frame: https://spl.zeotap.com/cmp?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361&cmp=0
Frame ID: 4ADD1E1DC125811FD229C585A135ABF5
Requests: 31 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: D4FB37CEFCEA13C1F57090422ECA2C84
Requests: 1 HTTP requests in this frame

Frame: https://sync.quantumdex.io/usersync/quantumdex
Frame ID: A916E53A73DE6BC38A945F197769925D
Requests: 9 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=2bb78272a859ca6
Frame ID: BCD59B2D3F78A669B29BFB5CBDBDA8E6
Requests: 9 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&s=192922&C=1
Frame ID: 7EAD3DF4F12ADF0387E64DF9064F8E72
Requests: 10 HTTP requests in this frame

Frame: https://ic.tynt.com/r/d?m=xch&rt=html&id=zzz000000000002zzz&ru=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X
Frame ID: 4833E5CB6EB31F1010605A9B65DFCF04
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D
Frame ID: 274343EA90D5D9F6D7099C7F5B4FB7EA
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?gdpr=1&gdpr_consent=&d=http://www.baltana.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Frame ID: 76A579BB8C9131A78F2E68DC601BD947
Requests: 9 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: F3AD2DAD7289B2C14C16F8A7E83BE83C
Requests: 2 HTTP requests in this frame

Frame: https://um2.eqads.com/um/cs&eq_cc=1
Frame ID: 116828DD742003CE0EF7ACBEF240793E
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Ubuntu (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Ubuntu/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googletagservices\.com\/tag\/js\/gpt(?:_mobile)?\.js/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

161
Requests

83 %
HTTPS

31 %
IPv6

61
Domains

87
Subdomains

59
IPs

9
Countries

3370 kB
Transfer

5159 kB
Size

8
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: http://valueimpression.com/?ref=www.baltana.com

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 18

http://www.google-analytics.com/ga.js HTTP 307
https://www.google-analytics.com/ga.js

Request Chain 33

http://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=406017170&utmhn=www.baltana.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Birds%20of%20Prey%20HD%20Wallpaper%2050230%20-%20Baltana&utmhid=1774293243&utmr=-&utmp=%2Fmovies%2Fbirds-of-prey-hd-wallpaper-50230.html&utmht=1617958392699&utmac=UA-35935134-61&utmcc=__utma%3D254129179.757497140.1617958393.1617958393.1617958393.1%3B%2B__utmz%3D254129179.1617958393.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=952413162&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ HTTP 307
https://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=406017170&utmhn=www.baltana.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Birds%20of%20Prey%20HD%20Wallpaper%2050230%20-%20Baltana&utmhid=1774293243&utmr=-&utmp=%2Fmovies%2Fbirds-of-prey-hd-wallpaper-50230.html&utmht=1617958392699&utmac=UA-35935134-61&utmcc=__utma%3D254129179.757497140.1617958393.1617958393.1617958393.1%3B%2B__utmz%3D254129179.1617958393.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=952413162&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~

Request Chain 70

https://ads.us.e-planning.net/hb/1/2c995/1/www.baltana.com/ROS?rnd=0.5221956895653816&e=300x600_0%3A300x600%2B160x600_0%3A160x600%2B300x250_0%3A300x250%2B970x90_0%3A970x90%2B728x90_0%3A728x90&ur=http%3A%2F%2Fwww.baltana.com%2Fmovies%2Fbirds-of-prey-hd-wallpaper-50230.html&r=pbjs&pbv=4.28.0&ncb=1&vs=FFFFF&crs=UTF-8&fr=http%3A%2F%2Fwww.baltana.com%2Fmovies%2Fbirds-of-prey-hd-wallpaper-50230.html&gdpr=1&gdprcs= HTTP 302
https://ads.us.e-planning.net/hb/1/2c995/1/www.baltana.com/ROS?ct=1&rnd=0.5221956895653816&e=300x600_0%3A300x600%2B160x600_0%3A160x600%2B300x250_0%3A300x250%2B970x90_0%3A970x90%2B728x90_0%3A728x90&ur=http%3A%2F%2Fwww.baltana.com%2Fmovies%2Fbirds-of-prey-hd-wallpaper-50230.html&r=pbjs&pbv=4.28.0&ncb=1&vs=FFFFF&crs=UTF-8&fr=http%3A%2F%2Fwww.baltana.com%2Fmovies%2Fbirds-of-prey-hd-wallpaper-50230.html&gdpr=1&gdprcs=

Request Chain 90

https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361 HTTP 302
https://mwzeom.zeotap.com/mw?google_gid=CAESECbZLkEpPMu_F0fMblid8r8&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361

Request Chain 91

https://pixel.tapad.com/idsync/ex/push?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dc9d220bd-db23-44dd-4d96-2f4003ffe6db%26reqId%3De5453c2f-0639-4d45-59fe-f39dc4ced3a6%26zdid%3D1361 HTTP 302
https://pixel.tapad.com/idsync/ex/push/check?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dc9d220bd-db23-44dd-4d96-2f4003ffe6db%26reqId%3De5453c2f-0639-4d45-59fe-f39dc4ced3a6%26zdid%3D1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=08071df3-9911-11eb-8964-66c9555750b1&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361

Request Chain 93

https://match.adsrvr.org/track/cmf/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dc9d220bd-db23-44dd-4d96-2f4003ffe6db%26reqId%3De5453c2f-0639-4d45-59fe-f39dc4ced3a6%26zdid%3D1361 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dc9d220bd-db23-44dd-4d96-2f4003ffe6db%26reqId%3De5453c2f-0639-4d45-59fe-f39dc4ced3a6%26zdid%3D1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=474b2b88-d3d1-40ef-9ef6-e5c02d2cc42d&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361

Request Chain 97

https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361 HTTP 302
https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361&s_h=1 HTTP 302
https://mwzeom.zeotap.com/mw?cid=2ddaa7e9-a919-4462-9140-d307b49e5418&zpartnerid=317&gdpr=1&gdpr_consent=

Request Chain 98

https://dpm.demdex.net/ibs:dpid=199624&dpuuid=c9d220bd-db23-44dd-4d96-2f4003ffe6db&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dc9d220bd-db23-44dd-4d96-2f4003ffe6db%26reqId%3De5453c2f-0639-4d45-59fe-f39dc4ced3a6%26zdid%3D1361 HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=199624&dpuuid=c9d220bd-db23-44dd-4d96-2f4003ffe6db&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dc9d220bd-db23-44dd-4d96-2f4003ffe6db%26reqId%3De5453c2f-0639-4d45-59fe-f39dc4ced3a6%26zdid%3D1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=54342672271308396101967468911220421526&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361

Request Chain 100

https://bn01.er.bemail.it/zeotap.php?_bid=c9d220bd-db23-44dd-4d96-2f4003ffe6db&_from=Zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=BE1-2021040910-48984-0.125615001617958400-6c7559a906b86b10955d6ce12f48b39b&zdid=533&env=mWeb

Request Chain 101

https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%25%25COOKIE%25%25%26env%3DmWeb%26zpartnerid%3D563%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dc9d220bd-db23-44dd-4d96-2f4003ffe6db%26reqId%3De5453c2f-0639-4d45-59fe-f39dc4ced3a6%26zdid%3D1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=6949078410006952075&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361

Request Chain 103

https://idsync.frontend.weborama.fr/ids?key=zeotap&value=c9d220bd-db23-44dd-4d96-2f4003ffe6db&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dc9d220bd-db23-44dd-4d96-2f4003ffe6db%26reqId%3De5453c2f-0639-4d45-59fe-f39dc4ced3a6%26zdid%3D1361 HTTP 302
https://idsync.frontend.weborama.fr/ids?key=zeotap&value=c9d220bd-db23-44dd-4d96-2f4003ffe6db&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dc9d220bd-db23-44dd-4d96-2f4003ffe6db%26reqId%3De5453c2f-0639-4d45-59fe-f39dc4ced3a6%26zdid%3D1361&bounce=1&random=3313031769 HTTP 302
https://mwzeom.zeotap.com/mw?webouuid=WC8oepBhkW5hU8iDg..eP.&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361

Request Chain 105

https://bcp.crwdcntrl.net/map/c=13620/tp=ZEOT/tpid=c9d220bd-db23-44dd-4d96-2f4003ffe6db?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361 HTTP 302
https://bcp.crwdcntrl.net/map/ct=y/c=13620/tp=ZEOT/tpid=c9d220bd-db23-44dd-4d96-2f4003ffe6db?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361 HTTP 302
https://mwzeom.zeotap.com/mw?pid=e513da902aa12f12468af9455776a734&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361

Request Chain 106

https://cms.analytics.yahoo.com/cms?partner_id=ZTAP HTTP 302
https://mwzeom.zeotap.com/mw?cid=y-VgoD1YBE2oovLvxczT.oJNhxeCNKfJVwUQ--~A&zpartnerid=570&env=mWeb

Request Chain 107

https://aa.agkn.com/adscores/g.pixel?sid=9212299398&zctry=DEU&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361 HTTP 302
https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=4KrTc7jWVdHponHJJN26tnhB3TPuMCAd%2BS41iYitP1U%3D

Request Chain 111

https://sync-tm.everesttech.net/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dc9d220bd-db23-44dd-4d96-2f4003ffe6db%26reqId%3De5453c2f-0639-4d45-59fe-f39dc4ced3a6%26zdid%3D1361 HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dc9d220bd-db23-44dd-4d96-2f4003ffe6db%26reqId%3De5453c2f-0639-4d45-59fe-f39dc4ced3a6%26zdid%3D1361&_test=YHAWAAAAAaPk_AAJ HTTP 302
https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YHAWAAAAAaPk_AAJ&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361&_test=YHAWAAAAAaPk_AAJ

Request Chain 112

https://pixel.mathtag.com/sync/img?mt_exid=10092&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%5BMM_UUID%5D%26env%3DmWeb%26zpartnerid%3D979%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dc9d220bd-db23-44dd-4d96-2f4003ffe6db%26reqId%3De5453c2f-0639-4d45-59fe-f39dc4ced3a6%26zdid%3D1361 HTTP 302
https://mwzeom.zeotap.com/mw?cid=d6a06070-1600-4c00-a5cc-ac57f6e3c571&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361

Request Chain 113

https://usermatch.krxd.net/um/v2?partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361 HTTP 302
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361

Request Chain 114

https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=c9d220bd-db23-44dd-4d96-2f4003ffe6db&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361 HTTP 302
https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=c9d220bd-db23-44dd-4d96-2f4003ffe6db&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361&dcc=t

Request Chain 115

https://tags.bluekai.com/site/87734?id=c9d220bd-db23-44dd-4d96-2f4003ffe6db&gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1202%26env%3DmWeb%26cid%3D%24_BK_UUID%26BK_SWAP_DEST%3D87734&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361 HTTP 302
https://mwzeom.zeotap.com/mw?zpartnerid=1202&env=mWeb&cid=$_BK_UUID&BK_SWAP_DEST=87734

Request Chain 119

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dappnexus%26uid%3D%24UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fsync.quantumdex.io%252Fsetuid%253Fbidder%253Dappnexus%2526uid%253D%2524UID HTTP 302
https://sync.quantumdex.io/setuid?bidder=appnexus&uid=4681053116447614071

Request Chain 120

https://ups.analytics.yahoo.com/ups/58424/occ HTTP 302
https://ups.analytics.yahoo.com/ups/58424/occ?verify=true HTTP 302
https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-NK2OuIpE2uGgtFN6khB2PpmMg8oZUEzBy8kSGuI-~A

Request Chain 121

https://prebid.a-mo.net/cchain/0?cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Damx-rtb%26uid%3D HTTP 302
https://ib.adnxs.com/getuid?https%3A%2F%2Fprebid.a-mo.net%2Fcchain%2F0%3FA%3D60fe2dfb-165e-4312-a6d2-c97cd2ec55d7%26bidder%3Dappnexus%26cbx%3DaHR0cHM6Ly9zeW5jLnF1YW50dW1kZXguaW8vc2V0dWlkP2JpZGRlcj1hbXgtcnRiJnVpZD0%253D%26uid%3D$UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fprebid.a-mo.net%252Fcchain%252F0%253FA%253D60fe2dfb-165e-4312-a6d2-c97cd2ec55d7%2526bidder%253Dappnexus%2526cbx%253DaHR0cHM6Ly9zeW5jLnF1YW50dW1kZXguaW8vc2V0dWlkP2JpZGRlcj1hbXgtcnRiJnVpZD0%25253D%2526uid%253D%24UID HTTP 302
https://prebid.a-mo.net/cchain/0?A=60fe2dfb-165e-4312-a6d2-c97cd2ec55d7&bidder=appnexus&cbx=aHR0cHM6Ly9zeW5jLnF1YW50dW1kZXguaW8vc2V0dWlkP2JpZGRlcj1hbXgtcnRiJnVpZD0%3D&uid=4681053116447614071 HTTP 302
https://ap.lijit.com/pixel?redir=https%3A%2F%2Fprebid.a-mo.net%2Fcchain%2F1%3FA%3D60fe2dfb-165e-4312-a6d2-c97cd2ec55d7%26bidder%3Dsovrn%26cbx%3DaHR0cHM6Ly9zeW5jLnF1YW50dW1kZXguaW8vc2V0dWlkP2JpZGRlcj1hbXgtcnRiJnVpZD0%253D%26uid%3D$UID HTTP 307
https://prebid.a-mo.net/cchain/1?A=60fe2dfb-165e-4312-a6d2-c97cd2ec55d7&bidder=sovrn&cbx=aHR0cHM6Ly9zeW5jLnF1YW50dW1kZXguaW8vc2V0dWlkP2JpZGRlcj1hbXgtcnRiJnVpZD0=&uid=9f952a208c5f5d00a0dc4e15 HTTP 302
https://ssum.casalemedia.com/usermatchredir?s=191503&cb=https%3A%2F%2Fprebid.a-mo.net%2Fcchain%2F2%3FA%3D60fe2dfb-165e-4312-a6d2-c97cd2ec55d7%26bidder%3Dindex_rtb%26cbx%3DaHR0cHM6Ly9zeW5jLnF1YW50dW1kZXguaW8vc2V0dWlkP2JpZGRlcj1hbXgtcnRiJnVpZD0%253D%26uid%3D HTTP 302
https://prebid.a-mo.net/cchain/2?A=60fe2dfb-165e-4312-a6d2-c97cd2ec55d7&bidder=index_rtb&cbx=aHR0cHM6Ly9zeW5jLnF1YW50dW1kZXguaW8vc2V0dWlkP2JpZGRlcj1hbXgtcnRiJnVpZD0%3D&uid=YHAV-8KbC54EzrxED1Ao2gAA%26713 HTTP 302
https://sync.quantumdex.io/setuid?bidder=amx-rtb&uid=60fe2dfb-165e-4312-a6d2-c97cd2ec55d7

Request Chain 122

https://ap.lijit.com/pixel?redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsovrn%26uid%3D%24UID HTTP 307
https://ap.lijit.com/pixel?redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsovrn%26uid%3D%24UID&sovrn_retry=true HTTP 307
https://sync.quantumdex.io/setuid?bidder=sovrn&uid=9f952a208c5f5d00a0dc4e15

Request Chain 123

https://ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D HTTP 302
https://ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D&crf=1 HTTP 302
https://sync.quantumdex.io/setuid?bidder=between&uid=152c0c6d-b565-5163-b867-9b3fd8178ec0

Request Chain 124

https://ms.quantumdex.io/user/sync/quantumdex HTTP 302
https://sync.quantumdex.io/setuid?bidder=dsp_quantumdex&uid=9ec45d3b-500d-40aa-9055-ba39c69529a5

Request Chain 125

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Danswermedia%26uid%3D%24UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fsync.quantumdex.io%252Fsetuid%253Fbidder%253Danswermedia%2526uid%253D%2524UID HTTP 302
https://sync.quantumdex.io/setuid?bidder=answermedia&uid=4407561887413824931

Request Chain 126

https://pixel.advertising.com/ups/58425/sync?&gdpr=&gdpr_consent=&redir=true HTTP 302
https://pixel.advertising.com/ups/58425/sync?&gdpr=&gdpr_consent=&redir=true&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/58425/sync?&gdpr=&gdpr_consent=&redir=true&apid=UP08199522-9911-11eb-943a-02578e492e1c HTTP 302
https://sync.quantumdex.io/setuid?bidder=verizon-video&uid=UP08199522-9911-11eb-943a-02578e492e1c

Request Chain 128

https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D HTTP 302
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&s=192922&C=1

Request Chain 131

https://ssum-sec.casalemedia.com/usermatch?gdpr=1&gdpr_consent=&d=http://www.baltana.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F HTTP 302
https://ssum-sec.casalemedia.com/usermatch?gdpr=1&gdpr_consent=&d=http://www.baltana.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Request Chain 132

https://sync.mathtag.com/sync/img?mt_exid=75&redir=%2F%2Fonetag-sys.com%2Fsync%2Fi%2C1%2F%5BMM_UUID%5D HTTP 302
https://onetag-sys.com/sync/i,1/fc0f6070-15ff-4e00-8ef1-153ba18f83af

Request Chain 134

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_cm&no_r=1 HTTP 302
https://onetag-sys.com/sync/i,19/?no_r=1&google_gid=CAESEIkZe_1gt1onFZC57sqkTDA&google_cver=1

Request Chain 135

https://match.adsrvr.org/track/cmf/generic?ttd_pid=vw6iyrn&ttd_tpi=1&gpdr=1&gdpr_consent= HTTP 302
https://onetag-sys.com/sync/i,29/?tdid=474b2b88-d3d1-40ef-9ef6-e5c02d2cc42d&ttl=1620550399

Request Chain 136

https://x.bidswitch.net/sync?ssp=onetag HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=onetag HTTP 302
https://sync.mathtag.com/sync/img?mt_exid=46&redir=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D80%26user_id%3D%5BUUID%5D%26expires%3D30%26ssp%3Donetag%26bsw_param%3D281a2b80-b189-4ff4-81a3-55962ba3fcba&gdpr=&gdpr_consent= HTTP 302
https://x.bidswitch.net/sync?dsp_id=80&user_id=91dd6070-15ff-4200-ad19-c3c8efa1f3cb&expires=30&ssp=onetag&bsw_param=281a2b80-b189-4ff4-81a3-55962ba3fcba&gdpr=&gdpr_consent= HTTP 302
https://onetag-sys.com/match/?int_id=30&uid=281a2b80-b189-4ff4-81a3-55962ba3fcba&gdpr=&gdpr_consent=&us_privacy=

Request Chain 137

https://dmp.adform.net/serving/cookie/match?party=1167&cid=49_CIiwDR9Dwuipd1sM_BLUD2yvqIJRSWHcrdJNZoco HTTP 302
https://dmp.adform.net/serving/cookie/match?CC=1&party=1167&cid=49_CIiwDR9Dwuipd1sM_BLUD2yvqIJRSWHcrdJNZoco HTTP 302
https://onetag-sys.com/sync/i,34/1250100982957210311

Request Chain 138

https://pixel.advertising.com/ups/58198/sync?&gdpr=&gdpr_consent=&redir=true HTTP 302
https://ups.analytics.yahoo.com/ups/58198/sync?&gdpr=&gdpr_consent=&redir=true&apid=UP08199522-9911-11eb-943a-02578e492e1c HTTP 302
https://onetag-sys.com/sync/i,39/y-_1XJ2_VE2uGsfFV1hdqoF8aQSEFn6GMA~A~UP08199522-9911-11eb-943a-02578e492e1c

Request Chain 142

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YHAV_8KbC54EzrxED1Ao2gAAAskAAAAB HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&google_gid=CAESEH2KfkCcDx0A_5vrX9eYES4&google_cver=1

Request Chain 144

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1 HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YHAV-8KbC54EzrxED1Ao2gAA HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEJwJ_5a5w4ixo4zmy7tKC9s&google_cver=1&gdpr=1

Request Chain 145

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YHAV_8KbC54EzrxED1Ao2gAAAskAAAAB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YHAV_8KbC54EzrxED1Ao2gAAAskAAAAB&dcc=t

Request Chain 146

https://nep.advangelists.com/xp/user-sync?acctid=405&redirect=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D195%26external_user_id%3D%7BPARTNER_VISITOR_ID%7D%0A HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-0ee3f13e-b563-48c8-9cd6-3a9793da46ca

Request Chain 147

https://casale-match.dotomi.com/match/bounce/current?networkId=19998&version=1&gdpr=1 HTTP 302
https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1618044799&gdpr=1

Request Chain 148

https://sync.mathtag.com/sync/img?mt_exid=15&redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D3%26external_user_id%3D%5BMM_UUID%5D&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=91dd6070-15ff-4200-ad19-c3c8efa1f3cb&gdpr=1&gdpr_consent=

Request Chain 149

https://bcp.crwdcntrl.net/map/c=6725/tp=INDX/tpid=YHAV-8KbC54EzrxED1Ao2gAA%26713 HTTP 302
https://bcp.crwdcntrl.net/map/ct=y/c=6725/tp=INDX/tpid=YHAV-8KbC54EzrxED1Ao2gAA%26713

Request Chain 151

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YHAV_5PxsMptC2Am8ZY0UQAAAOMAAAAB HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&google_gid=CAESEH2KfkCcDx0A_5vrX9eYES4&google_cver=1

Request Chain 152

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1 HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YHAV-5PxsMptC2Am8ZY0UQAA HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEJwJ_5a5w4ixo4zmy7tKC9s&google_cver=1&gdpr=1

Request Chain 154

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YHAV_5PxsMptC2Am8ZY0UQAAAOMAAAAB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YHAV_5PxsMptC2Am8ZY0UQAAAOMAAAAB&dcc=t

Request Chain 155

https://px.owneriq.net/eucm/p/cc?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D31%26external_user_id%3D(OIQ_UUID) HTTP 302
https://px.owneriq.net/ecc?redir=https%3a%2f%2fdsum-sec.casalemedia.com%2fcrum%3fcm_dsp_id%3d31%26external_user_id%3dQ6712448001350135487&uid=Q6712448001350135487&ref=%2Feucm%2Fp%2Fcc HTTP 302
https://px.owneriq.net/noop?ct=image%2Fgif

Request Chain 156

https://p.rfihub.com/cm?in=1&pub=2079&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=1871878969063639629

Request Chain 159

https://um2.eqads.com/um/cs HTTP 302
https://um2.eqads.com/um/cs&eq_cc=1

Request Chain 160

https://dsum-sec.casalemedia.com/crum?cm_dsp_id=40&external_user_id=de4f338f-a342-4929-9589-c9c2792b7279&expiration=1625820803 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=40&external_user_id=de4f338f-a342-4929-9589-c9c2792b7279&expiration=1625820803&C=1

161 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set birds-of-prey-hd-wallpaper-50230.html Show response
www.baltana.com/movies/ 28 KB
7 KB 1143ms
1109ms Document
text/html 95.211.152.187
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.baltana.com/movies/birds-of-prey-hd-wallpaper-50230.html
Protocol: HTTP/1.1
Server: 95.211.152.187 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 17441a11621b0d8d9ea03c06211432f76b555729963f043d8f1e710beef8f89e

Request headers

Host: www.baltana.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server: nginx/1.10.3 (Ubuntu)
Date: Fri, 09 Apr 2021 08:53:11 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=l3qrl1n1i8jbmkui782kaso0i0; path=/ wss_previouslyviewed=51531%2C; expires=Sun, 18-Jul-2021 08:53:11 GMT; Max-Age=8640000; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Encoding: gzip

GET
H/1.1 200
OK style.css
www.baltana.com/templates/paintbrush/ 14 KB
15 KB 55ms
55ms Stylesheet
text/css 95.211.152.187
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.baltana.com/templates/paintbrush/style.css
Requested by: Host: www.baltana.com
URL: http://www.baltana.com/movies/birds-of-prey-hd-wallpaper-50230.html
Protocol: HTTP/1.1
Server: 95.211.152.187 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 69d4c116fa1b44c4a249b18d99b9348aa2e877808bf0b2f2d5669e6ce3e34804

Request headers

Referer: http://www.baltana.com/movies/birds-of-prey-hd-wallpaper-50230.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 09 Apr 2021 08:53:12 GMT
Last-Modified: Sun, 23 Feb 2020 05:57:20 GMT
Server: nginx/1.10.3 (Ubuntu)
ETag: "5e521440-3946"
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 14662

GET
H/1.1 200
OK wss.js Show response
www.baltana.com/includes/ 10 KB
10 KB 110ms
84ms Script
application/javascript 95.211.152.187
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.baltana.com/includes/wss.js
Requested by: Host: www.baltana.com
URL: http://www.baltana.com/movies/birds-of-prey-hd-wallpaper-50230.html
Protocol: HTTP/1.1
Server: 95.211.152.187 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 68ef14d5aa1992243b597f857d059ca742107d2745cd0904e1f515113393146a

Request headers

Referer: http://www.baltana.com/movies/birds-of-prey-hd-wallpaper-50230.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 09 Apr 2021 08:53:12 GMT
Last-Modified: Tue, 28 Mar 2017 09:50:44 GMT
Server: nginx/1.10.3 (Ubuntu)
ETag: "58da31f4-28f0"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 10480

GET
H/1.1 200
OK sharethis.js Show response
platform-api.sharethis.com/js/ 101 KB
32 KB 29ms
14ms Script
text/javascript 2600:9000:2070:4600:1c:8a07:5e80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://platform-api.sharethis.com/js/sharethis.js
Requested by: Host: www.baltana.com
URL: http://www.baltana.com/movies/birds-of-prey-hd-wallpaper-50230.html
Protocol: HTTP/1.1
Server: 2600:9000:2070:4600:1c:8a07:5e80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: d5059f32fbb319603fd421035ba8ae20f2a80c2978279efb10cba65961bdcfe9

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 09 Apr 2021 08:52:51 GMT
Content-Encoding: gzip
Connection: keep-alive
Age: 21
ETag: W/"192cc-S85VNqqDcmpq46cMbazrSJLaAD0"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: text/javascript; charset=utf-8
Via: 1.1 7f3d82c6ba482f74d3d5c3921ce57cbe.cloudfront.net (CloudFront)
Edge-control: cache-maxage=60m,downstream-ttl=60m
Cache-Control: max-age=600, public
Transfer-Encoding: chunked
X-Amz-Cf-Pop: HAM50-C3
X-Amz-Cf-Id: VH6M21DCx5Fr_8hEe6gqvG0fGaNUSMEyLAlLJj1VOvuMdtxM5x_s3g==

GET
H/1.1 200
OK / Show response
services.vlitag.com/adv1/ 930 B
2 KB 141ms
134ms Script
application/javascript 2606:4700:20::ac43:4597
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://services.vlitag.com/adv1/?q=48634f99a806c5315cedcf769fcc9b33

Requested by

Host: www.baltana.com
URL: http://www.baltana.com/movies/birds-of-prey-hd-wallpaper-50230.html

Protocol

HTTP/1.1

Server

2606:4700:20::ac43:4597 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6a560f4d005b89e689d1fba2700ea8ef7988452111e70d03659687364ac5fe61

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 09 Apr 2021 08:53:12 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
NEL: {"report_to":"cf-nel","max_age":604800}
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09576eea1b00000629969f0000000001
Pragma: no-cache
Last-Modified: Fri, 9 Apr 2021 08:53:12 GMT
Server: cloudflare
Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=F3UDlRnl5PUf12BgIcZa3V0YerwEqGfqWoroL7ALoIknWtsMvejrDj9edtg9peLvBvp1K7woxbw42B%2BsPk80zx%2FmCOgw1srmPh2YO2sGs5tM1NQAalm53RmV0fFTbrmp"}]}
Content-Type: application/javascript
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
CF-RAY: 63d280f02e660629-FRA
Expires: on, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK logo.png
www.baltana.com/templates/paintbrush/images/ 14 KB
14 KB 55ms
55ms Image
image/png 95.211.152.187
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.baltana.com/templates/paintbrush/images/logo.png
Requested by: Host: www.baltana.com
URL: http://www.baltana.com/movies/birds-of-prey-hd-wallpaper-50230.html
Protocol: HTTP/1.1
Server: 95.211.152.187 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 5a6e1ef59b0e25b35922fc2117ab18d4a7aaee0752637011fd065ff1572792be

Request headers

Referer: http://www.baltana.com/movies/birds-of-prey-hd-wallpaper-50230.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 09 Apr 2021 08:53:12 GMT
Last-Modified: Fri, 12 Apr 2019 11:25:30 GMT
Server: nginx/1.10.3 (Ubuntu)
ETag: "5cb075aa-38da"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 14554

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 135 KB
48 KB 66ms
22ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.baltana.com
URL: http://www.baltana.com/movies/birds-of-prey-hd-wallpaper-50230.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

95ff1ad4decf8d07bf149c9625f8e01a2c8cfebccac5e2b4e64482c92256047b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 09 Apr 2021 08:53:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48440
x-xss-protection: 0
server: cafe
etag: 10815487621706771417
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 09 Apr 2021 08:53:12 GMT

GET
H/1.1 200
OK Birds-of-Prey-HD-Wallpaper-50230.jpg
www.baltana.com/files/wallpapers-20/ 2 MB
2 MB 57ms
55ms Image
image/jpeg 95.211.152.187
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.baltana.com/files/wallpapers-20/Birds-of-Prey-HD-Wallpaper-50230.jpg
Requested by: Host: www.baltana.com
URL: http://www.baltana.com/movies/birds-of-prey-hd-wallpaper-50230.html
Protocol: HTTP/1.1
Server: 95.211.152.187 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: affe844f70693f916c36cce7647aa9d08a7daddb84db3bed7eaa890e09c94014

Request headers

Referer: http://www.baltana.com/movies/birds-of-prey-hd-wallpaper-50230.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 09 Apr 2021 08:53:12 GMT
Last-Modified: Tue, 11 Feb 2020 15:52:31 GMT
Server: nginx/1.10.3 (Ubuntu)
ETag: "5e42cdbf-21b991"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2210193

GET
H/1.1 200
OK adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 135 KB
48 KB 31ms
24ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.baltana.com
URL: http://www.baltana.com/movies/birds-of-prey-hd-wallpaper-50230.html

Protocol

HTTP/1.1

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

95ff1ad4decf8d07bf149c9625f8e01a2c8cfebccac5e2b4e64482c92256047b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Timing-Allow-Origin: *
Date: Fri, 09 Apr 2021 08:53:12 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: cafe
ETag: 10815487621706771417
Vary: Accept-Encoding, Origin
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Cache-Control: private, max-age=3600
Cross-Origin-Resource-Policy: cross-origin
Content-Disposition: attachment; filename="f.txt"
Content-Type: text/javascript; charset=UTF-8
Content-Length: 48440
X-XSS-Protection: 0
Expires: Fri, 09 Apr 2021 08:53:12 GMT

GET
H/1.1 200
OK 290x180.png
www.baltana.com/imagecache/thumbnails/51530/ 18 KB
18 KB 112ms
84ms Image
image/png 95.211.152.187
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.baltana.com/imagecache/thumbnails/51530/290x180.png
Requested by: Host: www.baltana.com
URL: http://www.baltana.com/movies/birds-of-prey-hd-wallpaper-50230.html
Protocol: HTTP/1.1
Server: 95.211.152.187 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: d7622b456443aae64b4b526dac029c53ea834c1f9a909b84814199f1f2f185f0

Request headers

Referer: http://www.baltana.com/movies/birds-of-prey-hd-wallpaper-50230.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 09 Apr 2021 08:53:12 GMT
Last-Modified: Sat, 06 Feb 2021 05:44:07 GMT
Server: nginx/1.10.3 (Ubuntu)
ETag: "601e2ca7-4606"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 17926

GET
H/1.1 200
OK 290x180.png
www.baltana.com/imagecache/thumbnails/51529/ 30 KB
30 KB 114ms
86ms Image
image/png 95.211.152.187
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.baltana.com/imagecache/thumbnails/51529/290x180.png
Requested by: Host: www.baltana.com
URL: http://www.baltana.com/movies/birds-of-prey-hd-wallpaper-50230.html
Protocol: HTTP/1.1
Server: 95.211.152.187 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 6f467dc90200e5a25272dd88c6cebc49426f2bd34620ce2f7f0a097327eac61d

Request headers

Referer: http://www.baltana.com/movies/birds-of-prey-hd-wallpaper-50230.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 09 Apr 2021 08:53:12 GMT
Last-Modified: Sat, 06 Feb 2021 03:09:22 GMT
Server: nginx/1.10.3 (Ubuntu)
ETag: "601e0862-7667"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 30311

GET
H/1.1 200
OK 290x180.png
www.baltana.com/imagecache/thumbnails/51528/ 14 KB
14 KB 114ms
86ms Image
image/png 95.211.152.187
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.baltana.com/imagecache/thumbnails/51528/290x180.png
Requested by: Host: www.baltana.com
URL: http://www.baltana.com/movies/birds-of-prey-hd-wallpaper-50230.html
Protocol: HTTP/1.1
Server: 95.211.152.187 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 3d8eaa3ac37c35e0db8a09f0f260d00365626ffe7955e07c566137b1ff41772e

Request headers

Referer: http://www.baltana.com/movies/birds-of-prey-hd-wallpaper-50230.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 09 Apr 2021 08:53:12 GMT
Last-Modified: Sat, 06 Feb 2021 03:09:23 GMT
Server: nginx/1.10.3 (Ubuntu)
ETag: "601e0863-3643"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 13891

GET
H/1.1 200
OK 290x180.png
www.baltana.com/imagecache/thumbnails/51527/ 34 KB
34 KB 112ms
84ms Image
image/png 95.211.152.187
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.baltana.com/imagecache/thumbnails/51527/290x180.png
Requested by: Host: www.baltana.com
URL: http://www.baltana.com/movies/birds-of-prey-hd-wallpaper-50230.html
Protocol: HTTP/1.1
Server: 95.211.152.187 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 796c3abcb783ca3026028be5b51e9384a3c47cdf5c9a4d1c575e8771e3e2e0c1

Request headers

Referer: http://www.baltana.com/movies/birds-of-prey-hd-wallpaper-50230.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 09 Apr 2021 08:53:12 GMT
Last-Modified: Fri, 05 Feb 2021 21:27:15 GMT
Server: nginx/1.10.3 (Ubuntu)
ETag: "601db833-87ee"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 34798

GET
H/1.1 200
OK 290x180.png
www.baltana.com/imagecache/thumbnails/51526/ 20 KB
20 KB 56ms
55ms Image
image/png 95.211.152.187
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.baltana.com/imagecache/thumbnails/51526/290x180.png
Requested by: Host: www.baltana.com
URL: http://www.baltana.com/movies/birds-of-prey-hd-wallpaper-50230.html
Protocol: HTTP/1.1
Server: 95.211.152.187 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: c4579a64806d0cbdae16290ceb72615f5a1c55299eb47bfdb960bcc5f1132d74

Request headers

Referer: http://www.baltana.com/movies/birds-of-prey-hd-wallpaper-50230.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 09 Apr 2021 08:53:12 GMT
Last-Modified: Sat, 06 Feb 2021 03:09:24 GMT
Server: nginx/1.10.3 (Ubuntu)
ETag: "601e0864-505e"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 20574

GET
H/1.1 200
OK 290x180.png
www.baltana.com/imagecache/thumbnails/51525/ 26 KB
26 KB 56ms
56ms Image
image/png 95.211.152.187
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.baltana.com/imagecache/thumbnails/51525/290x180.png
Requested by: Host: www.baltana.com
URL: http://www.baltana.com/movies/birds-of-prey-hd-wallpaper-50230.html
Protocol: HTTP/1.1
Server: 95.211.152.187 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: b074e1edb545a90b079b20e512bfa3b4210ccf7f6d73515475aa362c0c71080b

Request headers

Referer: http://www.baltana.com/movies/birds-of-prey-hd-wallpaper-50230.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 09 Apr 2021 08:53:12 GMT
Last-Modified: Sat, 06 Feb 2021 03:09:24 GMT
Server: nginx/1.10.3 (Ubuntu)
ETag: "601e0864-66dd"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 26333

GET
H/1.1 200
OK 290x180.png
www.baltana.com/imagecache/thumbnails/51524/ 19 KB
19 KB 56ms
55ms Image
image/png 95.211.152.187
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.baltana.com/imagecache/thumbnails/51524/290x180.png
Requested by: Host: www.baltana.com
URL: http://www.baltana.com/movies/birds-of-prey-hd-wallpaper-50230.html
Protocol: HTTP/1.1
Server: 95.211.152.187 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: d46312ae59b8c0cf1b3f9913e9d4b49a9e084cb9f8689e13c3397da9ce8cb049

Request headers

Referer: http://www.baltana.com/movies/birds-of-prey-hd-wallpaper-50230.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 09 Apr 2021 08:53:12 GMT
Last-Modified: Sat, 06 Feb 2021 03:09:24 GMT
Server: nginx/1.10.3 (Ubuntu)
ETag: "601e0864-4a74"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 19060

GET
H/1.1 200
OK 290x180.png
www.baltana.com/imagecache/thumbnails/51523/ 16 KB
17 KB 56ms
56ms Image
image/png 95.211.152.187
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.baltana.com/imagecache/thumbnails/51523/290x180.png
Requested by: Host: www.baltana.com
URL: http://www.baltana.com/movies/birds-of-prey-hd-wallpaper-50230.html
Protocol: HTTP/1.1
Server: 95.211.152.187 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 280135f1e3bb87fe84a05e1ee481417179cdcedb060ae6f7260733f0f6839659

Request headers

Referer: http://www.baltana.com/movies/birds-of-prey-hd-wallpaper-50230.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 09 Apr 2021 08:53:12 GMT
Last-Modified: Sat, 06 Feb 2021 08:14:52 GMT
Server: nginx/1.10.3 (Ubuntu)
ETag: "601e4ffc-41fd"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 16893

GET
H/1.1 200
OK css
fonts.googleapis.com/ 4 KB
1 KB 15ms
14ms Stylesheet
text/css 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Requested by

Host: www.baltana.com
URL: http://www.baltana.com/templates/paintbrush/style.css

Protocol

HTTP/1.1

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

84036856b85cd9613dd98a1271b7a0dce86bf6a96bf803e742f4182bb4d2e25f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 09 Apr 2021 08:53:12 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Fri, 09 Apr 2021 08:53:12 GMT
Server: ESF
X-Frame-Options: SAMEORIGIN
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=86400, stale-while-revalidate=604800
Transfer-Encoding: chunked
Cross-Origin-Resource-Policy: cross-origin
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
X-XSS-Protection: 0
Expires: Fri, 09 Apr 2021 08:53:12 GMT

GET
H/1.1 200
OK font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/ 23 KB
7 KB 19ms
12ms Stylesheet
text/css 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css

Requested by

Host: www.baltana.com
URL: http://www.baltana.com/templates/paintbrush/style.css

Protocol

HTTP/1.1

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 09 Apr 2021 08:53:12 GMT
Content-Encoding: gzip
x-content-type-options: nosniff
CF-Cache-Status: HIT
CDN-EdgeStorageId: 723, 617, 617
Age: 2553940
Transfer-Encoding: chunked
CDN-CachedAt: 2021-03-10 20:26:28
CDN-PullZone: 252412
cross-origin-resource-policy: cross-origin
Connection: keep-alive
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09576eea6f0000dfa972b0e000000001
timing-allow-origin: *
access-control-allow-origin: *
Last-Modified: Mon, 25 Jan 2021 22:04:54 GMT
Server: cloudflare
CDN-RequestPullCode: 200
Vary: Accept-Encoding
Content-Type: text/css; charset=utf-8
CDN-Cache: HIT
CDN-Uid: b1941f61-b576-4f40-80de-5677acb38f74
Cache-Control: public, max-age=31919000
CDN-RequestId: dbc1afb9a84d639148de495f557e96e6
CF-RAY: 63d280f0b8bddfa9-FRA
CDN-RequestCountryCode: DE
CDN-RequestPullSuccess: True

GET
H2

200

ga.js Show response
www.google-analytics.com/
Redirect Chain

http://www.google-analytics.com/ga.js
https://www.google-analytics.com/ga.js

45 KB
17 KB

7ms
6ms

Script
text/javascript

2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/ga.js

Requested by

Host: www.baltana.com
URL: http://www.baltana.com/movies/birds-of-prey-hd-wallpaper-50230.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 19 Mar 2021 19:22:18 GMT
server: Golfe2
age: 6734
date: Fri, 09 Apr 2021 07:00:58 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17168
expires: Fri, 09 Apr 2021 09:00:58 GMT

Redirect headers

Location: https://www.google-analytics.com/ga.js
Non-Authoritative-Reason: HSTS

GET
H2 200 / Show response
services.vlitag.com/uv/ 13 B
811 B 192ms
148ms XHR
application/json 2606:4700:20::ac43:4597
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://services.vlitag.com/uv/?page_url=http%3A%2F%2Fwww.baltana.com%2Fmovies%2Fbirds-of-prey-hd-wallpaper-50230.html&mtk=97

Requested by

Host: services.vlitag.com
URL: http://services.vlitag.com/adv1/?q=48634f99a806c5315cedcf769fcc9b33

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4597 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

76aacba4eece592e3a3281e69a5762c6f10b527a29fbba5eae5ac091f47ae554

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 09 Apr 2021 08:53:12 GMT
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 13
cf-request-id: 09576eeacf0000d6cde406a000000001
pragma: no-cache
last-modified: Fri, 9 Apr 2021 08:53:12 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2FlqldWcTQw7Er%2Fz0nkp5W34MCaZhoJtLQFMLuN51De9QmRueOJjnTC8DhpfD0BW2zbPYs8dTw4CrGr6NWh%2B67vQUNzocLdKHEtrbdIJoi7o1AmA8jd3YyDy4oV85PtjA"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: http://www.baltana.com
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
cf-ray: 63d280f149cdd6cd-FRA
expires: on, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK 48634f99a806c5315cedcf769fcc9b33.js Show response
tag.vlitag.com/v1/1617939590/ 535 KB
140 KB 39ms
26ms Script
application/javascript 2606:4700:20::681a:fee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://tag.vlitag.com/v1/1617939590/48634f99a806c5315cedcf769fcc9b33.js

Requested by

Host: services.vlitag.com
URL: http://services.vlitag.com/adv1/?q=48634f99a806c5315cedcf769fcc9b33

Protocol

HTTP/1.1

Server

2606:4700:20::681a:fee , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

22e5c9e457e3e29eff2899c7dcc3e6e88633e823888f248d132c7f43f3421770

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 09 Apr 2021 08:53:12 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
NEL: {"max_age":604800,"report_to":"cf-nel"}
Age: 18620
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09576eeabc00004ee58ea34000000001
Cf-Bgj: minify
Server: cloudflare
Vary: Accept-Encoding
Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2BQbFOV960ieUaWQ4rxuug5qxw5UpvwGSJNUxEQqNxCOf2qq%2F1egwN%2FYfhrF7l%2FSfkys8EI5VXB1ke%2BKCKVyq2r8CkoKAG3Ol7xOfDWb1M%2FpyGrrJWG5IWJoYtQ%3D%3D"}],"max_age":604800}
Content-Type: application/javascript; charset=utf-8
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000, immutable
CF-RAY: 63d280f12c474ee5-FRA

GET
H/1.1 200
OK bg.png
www.baltana.com/images/ 35 KB
36 KB 82ms
54ms Image
image/png 95.211.152.187
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.baltana.com/images/bg.png
Requested by: Host: www.baltana.com
URL: http://www.baltana.com/templates/paintbrush/style.css
Protocol: HTTP/1.1
Server: 95.211.152.187 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 5c47565e09dcc0d542ef7240e436c7bde3d589ed6ca467f504021ee6bbd09b62

Request headers

Referer: http://www.baltana.com/templates/paintbrush/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 09 Apr 2021 08:53:12 GMT
Last-Modified: Fri, 15 Nov 2019 08:05:09 GMT
Server: nginx/1.10.3 (Ubuntu)
ETag: "5dce5c35-8d0b"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 36107

GET
H/1.1 200
OK 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v14/ 16 KB
16 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.gstatic.com/s/sourcesanspro/v14/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

HTTP/1.1

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9950fa5ca9cf47072770900d259bcf6778aa1119652d2e706d5eb92df254199

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: http://www.baltana.com
Referer: http://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 07 Apr 2021 18:02:02 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 15 Sep 2020 18:10:09 GMT
Server: sffe
Age: 139870
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 16112
X-XSS-Protection: 0
Expires: Thu, 07 Apr 2022 18:02:02 GMT

GET
DATA 200
OK truncated
/ 267 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d516bec1d9d810d970c30ee4ebe9ba1d071b15cee301e41ec3457e63142bfa0b

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK 6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v14/ 16 KB
16 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.gstatic.com/s/sourcesanspro/v14/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

HTTP/1.1

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

efb3cdc5e4582fd67dffab6fc6e5062074ce3f8c51747346af944e97749dc309

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: http://www.baltana.com
Referer: http://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Thu, 08 Apr 2021 02:03:20 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 15 Sep 2020 18:10:32 GMT
Server: sffe
Age: 110992
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 15948
X-XSS-Protection: 0
Expires: Fri, 08 Apr 2022 02:03:20 GMT

GET
H2 200 5d075f254351e90012650ec4.js Show response
buttons-config.sharethis.com/js/ 2 KB
1 KB 427ms
393ms Script
text/javascript 2600:9000:2070:3e00:c:abe:f440:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://buttons-config.sharethis.com/js/5d075f254351e90012650ec4.js
Requested by: Host: platform-api.sharethis.com
URL: http://platform-api.sharethis.com/js/sharethis.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2070:3e00:c:abe:f440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7295cc0c05892a880716934e60b146265e256879ad78f5b81da08bc50cd229f6

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 09 Apr 2021 08:53:13 GMT
content-encoding: gzip
etag: W/"c8a3b5e2da0aa5c587cc3afef59f2591"
last-modified: Tue, 02 Jun 2020 18:17:50 GMT
server: AmazonS3
x-amz-cf-pop: HAM50-C3
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: text/javascript
via: 1.1 9fc99ee5c5f05c23e5f643dbb0f4aeb9.cloudfront.net (CloudFront)
cache-control: public, max-age=60
x-amz-cf-id: GuW9tD4Hk_KAEtkI7aFzAiyLTuJaf7mHeR4OgbOzgnbBGbPOdfJONg==

GET
H3-Q050 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210406/r20190131/ 219 KB
82 KB 57ms
44ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210406/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8822717667672157&plah=www.baltana.com&amaexp=1

Requested by

Host: pagead2.googlesyndication.com
URL: http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bd5713e27f4481988d37b5b719dedea4e4379ec3c3bafea0fba9d0abe8db4973

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 09 Apr 2021 08:53:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 83926
x-xss-protection: 0
server: cafe
etag: 9615343531509228114
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 09 Apr 2021 08:53:12 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210406/r20190131/ Frame 7957 10 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210406/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a5cb642ef22434a24612329870579fbb272cb9fa7475360035596ea56fb0431a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210406/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://www.baltana.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://www.baltana.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Thu, 08 Apr 2021 14:06:23 GMT
expires: Thu, 22 Apr 2021 14:06:23 GMT
content-type: text/html; charset=UTF-8
etag: 10446291943670460780
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4644
x-xss-protection: 0
age: 67609
cache-control: public, max-age=1209600
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 cmp-v2.0.1.js Show response
assets.vlitag.com/plugins/cmptcf2/ 267 KB
68 KB 59ms
32ms Script
application/javascript 2606:4700:20::ac43:4597
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.vlitag.com/plugins/cmptcf2/cmp-v2.0.1.js

Requested by

Host: tag.vlitag.com
URL: http://tag.vlitag.com/v1/1617939590/48634f99a806c5315cedcf769fcc9b33.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:4597 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

645c745c972fa286538b481ff3da9a58bf2a8b2fba6b8a195853f6d221a4775e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 09 Apr 2021 08:53:12 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 712372
cf-polished: origSize=489839
cf-bgj: minify
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09576eeb6d00006347db89d000000001
x-robots-tag: noindex, nofollow
last-modified: Tue, 29 Dec 2020 02:18:12 GMT
server: cloudflare
etag: W/"5fea91e4-7796f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=LI7DT9ol3aYbwbevYrBPAQeeC7ufqXYgnhptOZOnWyx3GyeK8ZFJRGFiME7RcV7nffMqmPjnU1A0CtQ8KqOD%2BKQ9eDhA7bMCN9nvxo2RsXUAMXcoULHt9LXVg9pbrQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-xss-protection: 1; mode=block
cache-control: max-age=16070400
cf-ray: 63d280f249b66347-FRA
expires: Thu, 01 Apr 2021 03:30:20 GMT

GET
H/1.1 200
OK prebid-v4.28.4.js Show response
assets.vlitag.com/prebid/default/ 399 KB
125 KB 27ms
15ms Script
application/javascript 2606:4700:20::ac43:4597
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://assets.vlitag.com/prebid/default/prebid-v4.28.4.js

Requested by

Host: tag.vlitag.com
URL: http://tag.vlitag.com/v1/1617939590/48634f99a806c5315cedcf769fcc9b33.js

Protocol

HTTP/1.1

Server

2606:4700:20::ac43:4597 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

303fcac4d8aa919d458b2637bd478efeb0ea24d612ff44ab37e7fa712ae05db0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 09 Apr 2021 08:53:12 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
CF-Cache-Status: HIT
NEL: {"max_age":604800,"report_to":"cf-nel"}
Age: 1815921
Cf-Polished: origSize=409186
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 19 Mar 2021 08:27:45 GMT
Server: cloudflare
ETag: W/"60546081-63e62"
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
Report-To: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=3KYGHluSI16F9R6VTsBHFIJzdMt20V3GJ75bXGSxflWNnWvpsJhTbeDcE6GmKxo8T3qDNnXmrCs1L9B1OcREK%2Bo6UWAm1AjLVZeCL%2B%2FAC3udow3AOJiHCFYKkckE%2BA%3D%3D"}],"group":"cf-nel"}
Content-Type: application/javascript
Expires: Fri, 19 Mar 2021 08:57:51 GMT
Cache-Control: max-age=16070400
cf-request-id: 09576eeb5f00002bad3e965000000001
CF-RAY: 63d280f23f7a2bad-FRA
Cf-Bgj: minify

GET
H/1.1 200
OK gpt.js Show response
www.googletagservices.com/tag/js/ 59 KB
20 KB 21ms
14ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: tag.vlitag.com
URL: http://tag.vlitag.com/v1/1617939590/48634f99a806c5315cedcf769fcc9b33.js

Protocol

HTTP/1.1

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9664ec93940083910dbcae82bd60e1c7e535c1b7212ccc85bea9131edd87d631

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 09 Apr 2021 08:53:12 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: sffe
ETag: "837 / 35 of 1000 / last-modified: 1617926953"
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: private, max-age=900, stale-while-revalidate=3600
Timing-Allow-Origin: *
Content-Length: 20334
X-XSS-Protection: 0
Expires: Fri, 09 Apr 2021 08:53:12 GMT

GET
H/1.1 200
OK sf_host.min.js Show response
assets.vlitag.com/plugins/safeframe/src/js/ 38 KB
19 KB 23ms
12ms Script
application/javascript 2606:4700:20::ac43:4597
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://assets.vlitag.com/plugins/safeframe/src/js/sf_host.min.js

Requested by

Host: tag.vlitag.com
URL: http://tag.vlitag.com/v1/1617939590/48634f99a806c5315cedcf769fcc9b33.js

Protocol

HTTP/1.1

Server

2606:4700:20::ac43:4597 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1916cf4455a526aadafd82710bf7304154905dcdf69dd9e0b516a63cc82e27e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 09 Apr 2021 08:53:12 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
CF-Cache-Status: HIT
NEL: {"max_age":604800,"report_to":"cf-nel"}
Age: 1814477
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09576eeb5e00004de214bdf000000001
Last-Modified: Fri, 01 Nov 2019 05:04:50 GMT
Server: cloudflare
ETag: W/"5dbbbcf2-9806"
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
Report-To: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=WhIyu7BYqrlzeZ8Nv2qCCrXjo%2Bse%2BJXlwDoH4uMwo3LftEMRWsvYDmHqu%2FGDok0MyE01768Ils7ZTB0rbZn%2FJJ%2BBSgd%2BnmdKT2y4aR1MxQ9M1NcdTyPjQe2kHPoxBQ%3D%3D"}],"group":"cf-nel"}
Content-Type: application/javascript
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=16070400
CF-RAY: 63d280f23e1a4de2-FRA
Expires: Fri, 19 Mar 2021 09:21:55 GMT

GET
H2 200 portal-v2.html Show response
c.sharethis.mgr.consensu.org/ Frame B68C 2 KB
1 KB 48ms
14ms Document
text/html 2600:9000:2093:8e00:c:a9b7:ddc0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.sharethis.mgr.consensu.org/portal-v2.html
Requested by: Host: platform-api.sharethis.com
URL: http://platform-api.sharethis.com/js/sharethis.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2093:8e00:c:a9b7:ddc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: ac84513c4c5ea7e4458e91c46e33ba71b56e19fabf93cc079ffcb01a975c2e3d

Request headers

:method: GET
:authority: c.sharethis.mgr.consensu.org
:scheme: https
:path: /portal-v2.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://www.baltana.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://www.baltana.com/

Response headers

content-type: text/html; charset=utf-8
content-encoding: gzip
date: Fri, 09 Apr 2021 08:00:13 GMT
cache-control: max-age=3600, public
etag: W/"83a-K1Ex0xzH2LCxSyRnDnyZEg18N68"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a69bfd4d39a9b992855d914318a2c367.cloudfront.net (CloudFront)
x-amz-cf-pop: HAM50-C1
x-amz-cf-id: 61qtxRHxJVooRaWMaANskC9f07jWY0MIs9aY8qScal9jsuKqaPyASQ==
age: 3179

GET
H3-Q050

200

__utm.gif
www.google-analytics.com/r/
Redirect Chain

http://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=406017170&utmhn=www.baltana.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Birds%...
https://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=406017170&utmhn=www.baltana.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Birds...

35 B
80 B

13ms
13ms

Image
image/gif

2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=406017170&utmhn=www.baltana.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Birds%20of%20Prey%20HD%20Wallpaper%2050230%20-%20Baltana&utmhid=1774293243&utmr=-&utmp=%2Fmovies%2Fbirds-of-prey-hd-wallpaper-50230.html&utmht=1617958392699&utmac=UA-35935134-61&utmcc=__utma%3D254129179.757497140.1617958393.1617958393.1617958393.1%3B%2B__utmz%3D254129179.1617958393.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=952413162&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~

Requested by

Host: www.baltana.com
URL: http://www.baltana.com/movies/birds-of-prey-hd-wallpaper-50230.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Apr 2021 08:53:12 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=406017170&utmhn=www.baltana.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Birds%20of%20Prey%20HD%20Wallpaper%2050230%20-%20Baltana&utmhid=1774293243&utmr=-&utmp=%2Fmovies%2Fbirds-of-prey-hd-wallpaper-50230.html&utmht=1617958392699&utmac=UA-35935134-61&utmcc=__utma%3D254129179.757497140.1617958393.1617958393.1617958393.1%3B%2B__utmz%3D254129179.1617958393.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=952413162&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~
Non-Authoritative-Reason: HSTS

GET
H2 200 pubads_impl_2021040101.js Show response
securepubads.g.doubleclick.net/gpt/ 286 KB
101 KB 189ms
65ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021040101.js

Requested by

Host: www.googletagservices.com
URL: http://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

sffe /

Resource Hash

7567de6febdd2a6dcaf3bd32f277c6415a6f6d1c3c6b0a4da3f15f10a84a6fc7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 09 Apr 2021 08:53:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 01 Apr 2021 08:39:48 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 103004
x-xss-protection: 0
expires: Fri, 09 Apr 2021 08:53:12 GMT

GET
H2 200 latest.json Show response
cdn.jsdelivr.net/gh/prebid/currency-file@1/ 2 KB
1 KB 19ms
6ms XHR
application/json 2a04:4e42:3::621
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20210409

Requested by

Host: assets.vlitag.com
URL: http://assets.vlitag.com/prebid/default/prebid-v4.28.4.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:3::621 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

4fef5869a93f9ee44db05fd30e893b88a01b0cf052ef5ec1be12e69ab1e8624b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 2837
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 935
etag: W/"679-qvtohZXt3IhwQqQMEgeUtnYwezQ"
x-served-by: cache-fra19125-FRA
date: Fri, 09 Apr 2021 08:53:12 GMT
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H/1.1 200
OK /
logs.vlitag.com/sub/ 0
817 B 128ms
116ms Image
image/jpeg 2606:4700:20::681a:eee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://logs.vlitag.com/sub/?d=baltana.com&h=www.baltana.com
Requested by: Host: www.baltana.com
URL: http://www.baltana.com/movies/birds-of-prey-hd-wallpaper-50230.html
Protocol: HTTP/1.1
Server: 2606:4700:20::681a:eee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 09 Apr 2021 08:53:12 GMT
CF-Cache-Status: DYNAMIC
NEL: {"max_age":604800,"report_to":"cf-nel"}
Server: cloudflare
Report-To: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=9pzCfDgU2EATsfvukPLVJmuemphAmHVcHZKBDwSnEOt0f5eO7XFdcduYHRAESLJZr6Sv2X2PTcI%2FAuUb8EXMl7RTaC5bcG3ubTezvoiKLe9iRqI4GSk%2F0Ee1HjM%3D"}],"max_age":604800}
Content-Type: image/jpeg
Cache-Control: public, max-age=31536000
Connection: keep-alive
CF-RAY: 63d280f2ec980631-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 0
cf-request-id: 09576eebd000000631a83db000000001

GET
H/1.1 204
No Content pview Show response
l.sharethis.com/ 0
336 B 197ms
49ms XHR
text/plain 3.122.26.231
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://l.sharethis.com/pview?event=pview&hostname=www.baltana.com&location=%2Fmovies%2Fbirds-of-prey-hd-wallpaper-50230.html&product=inline-share-buttons&url=http%3A%2F%2Fwww.baltana.com%2Fmovies%2Fbirds-of-prey-hd-wallpaper-50230.html&source=sharethis.js&fcmp=false&fcmpv2=false&has_segmentio=false&title=Birds%20of%20Prey%20HD%20Wallpaper%2050230%20-%20Baltana&cms=unknown&publisher=5d075f254351e90012650ec4&sop=true&bsamesite=true&consent_cookie_duration=274&consent_duration=274&gdpr_domain=.consensu.org&gdpr_method=cookie&version=st_sop.js&lang=en&description=Download%20free%20Birds%20of%20Prey%20HD%20Wallpaper%2050230%20available%20in%20different%20HD%20resolutions.
Requested by: Host: platform-api.sharethis.com
URL: http://platform-api.sharethis.com/js/sharethis.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.122.26.231 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-122-26-231.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 09 Apr 2021 08:53:13 GMT
Access-Control-Max-Age: 1728000
Access-Control-Allow-Origin: http://www.baltana.com
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK get_counts Show response
count-server.sharethis.com/v2.0/ 168 B
414 B 496ms
136ms Script
text/javascript 35.174.194.37
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://count-server.sharethis.com/v2.0/get_counts?cb=window.__sharethis__.cb2&url=http%3A%2F%2Fwww.baltana.com%2Fmovies%2Fbirds-of-prey-hd-wallpaper-50230.html
Requested by: Host: platform-api.sharethis.com
URL: http://platform-api.sharethis.com/js/sharethis.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.174.194.37 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-35-174-194-37.compute-1.amazonaws.com
Software: / Express
Resource Hash: 858b756139274eb9deea13ba4c0a2d3dc5b8093cc8f7edb235166353a9032fc4

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 09 Apr 2021 08:53:13 GMT
Cache-Control: public, max-age=900
ETag: ee4e7b65ca1963475f050d497f968883
Connection: keep-alive
X-Powered-By: Express
Content-Length: 168
Content-Type: text/javascript; charset=utf-8

GET
H2 200 facebook.svg
platform-cdn.sharethis.com/img/ 301 B
677 B 89ms
15ms Image
image/svg+xml 2600:9000:2016:7200:1d:85c3:6640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://platform-cdn.sharethis.com/img/facebook.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2016:7200:1d:85c3:6640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 768d97ec0916217ae82c70aeda3a61b9b0dab344edc4a3240a4f7cd94af00307

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Fri, 12 Mar 2021 20:40:37 GMT
via: 1.1 1976c24012aa5629cb792e79edc4e7bf.cloudfront.net (CloudFront)
last-modified: Thu, 10 Oct 2019 01:20:12 GMT
server: AmazonS3
age: 2376756
etag: "c6e9be45643e197ce1db1d7e24a99adc"
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=2592000
x-amz-cf-pop: HAM50-C2
accept-ranges: bytes
content-length: 301
x-amz-cf-id: xsjxtRhYiw6ns_aSz0086i8m1GRij_B7mTnv2FCDWK_td7gtvtXa-Q==

GET
H2 200 twitter.svg
platform-cdn.sharethis.com/img/ 731 B
1 KB 89ms
15ms Image
image/svg+xml 2600:9000:2016:7200:1d:85c3:6640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://platform-cdn.sharethis.com/img/twitter.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2016:7200:1d:85c3:6640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7c93346d4f681a0be90d1dfc19346382a4700f1810f41caa54415688dee1777f

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Tue, 06 Apr 2021 20:03:18 GMT
via: 1.1 1976c24012aa5629cb792e79edc4e7bf.cloudfront.net (CloudFront)
last-modified: Thu, 10 Oct 2019 01:20:13 GMT
server: AmazonS3
age: 218996
etag: "0af2fb38987598376c99e21af17ade45"
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=2592000
x-amz-cf-pop: HAM50-C2
accept-ranges: bytes
content-length: 731
x-amz-cf-id: N14gFwGh2F1lqbOr8Su-rVgwvsSka3iPunB0RrL63SOUbBc1c4FLVA==

GET
H2 200 pinterest.svg
platform-cdn.sharethis.com/img/ 771 B
1 KB 89ms
15ms Image
image/svg+xml 2600:9000:2016:7200:1d:85c3:6640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://platform-cdn.sharethis.com/img/pinterest.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2016:7200:1d:85c3:6640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: efc737b4f58cfe73a9bd0e57d7570365701381da31e628b269e7217a0ce3359d

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Sun, 14 Mar 2021 03:43:17 GMT
via: 1.1 1976c24012aa5629cb792e79edc4e7bf.cloudfront.net (CloudFront)
last-modified: Thu, 10 Oct 2019 01:20:13 GMT
server: AmazonS3
age: 2264997
etag: "2b10a062e719c64b686e2e8fcdc216dc"
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=2592000
x-amz-cf-pop: HAM50-C2
accept-ranges: bytes
content-length: 771
x-amz-cf-id: tcgU7AiQ5VsO73O1KiuAw-rjuhbSZhYetfLsqxg6oyODH9jH0tDrXA==

GET
H2 200 reddit.svg
platform-cdn.sharethis.com/img/ 910 B
1 KB 90ms
16ms Image
image/svg+xml 2600:9000:2016:7200:1d:85c3:6640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://platform-cdn.sharethis.com/img/reddit.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2016:7200:1d:85c3:6640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: dadbb59b37bfea4c78c6e15c8cbb96dfba84526e43a0767dc244fd062a841aba

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Fri, 02 Apr 2021 20:03:57 GMT
via: 1.1 1976c24012aa5629cb792e79edc4e7bf.cloudfront.net (CloudFront)
last-modified: Thu, 10 Oct 2019 01:20:13 GMT
server: AmazonS3
age: 564557
etag: "78d796ca648d8a5e665b48ed0217c56a"
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=2592000
x-amz-cf-pop: HAM50-C2
accept-ranges: bytes
content-length: 910
x-amz-cf-id: bZruuHXuoCO5wNV_aDq7bxVUkpS2hJOPq3trkDz0FZc_Ef6z2zMisw==

GET
H2 200 whatsapp.svg
platform-cdn.sharethis.com/img/ 832 B
1 KB 89ms
16ms Image
image/svg+xml 2600:9000:2016:7200:1d:85c3:6640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://platform-cdn.sharethis.com/img/whatsapp.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2016:7200:1d:85c3:6640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 847eb36b4dc4b05f94052dcd98077319e74d882334a106bb9ca451ba211c9c2c

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Tue, 16 Mar 2021 02:14:00 GMT
via: 1.1 1976c24012aa5629cb792e79edc4e7bf.cloudfront.net (CloudFront)
last-modified: Thu, 10 Oct 2019 01:20:13 GMT
server: AmazonS3
age: 2097554
etag: "afe7fc60ed757db39a88d2950fce69c9"
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=2592000
x-amz-cf-pop: HAM50-C2
accept-ranges: bytes
content-length: 832
x-amz-cf-id: 4iH7sRVfSEVJPtOsjtgdITsOBsPkqN41OKvt9nl-zdjiIJzlROePlw==

GET
H2 200 email.svg
platform-cdn.sharethis.com/img/ 343 B
722 B 89ms
16ms Image
image/svg+xml 2600:9000:2016:7200:1d:85c3:6640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://platform-cdn.sharethis.com/img/email.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2016:7200:1d:85c3:6640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5f5012132c752db2433e17712d91ef8689f1bc95167b2720e23224c2ae62e009

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Mon, 05 Apr 2021 03:40:47 GMT
via: 1.1 1976c24012aa5629cb792e79edc4e7bf.cloudfront.net (CloudFront)
last-modified: Thu, 10 Oct 2019 01:20:12 GMT
server: AmazonS3
age: 364346
etag: "5977437466e857c7ddcadda6f6d88c2a"
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=2592000
x-amz-cf-pop: HAM50-C2
accept-ranges: bytes
content-length: 343
x-amz-cf-id: GovyZUSBLGnRmgUPwrcN9hLsA-2LIqWn_NilQ-nPq5JWWUTYU89_Cw==

GET
H2 200 sharethis.svg
platform-cdn.sharethis.com/img/ 514 B
890 B 15ms
14ms Image
image/svg+xml 2600:9000:2016:7200:1d:85c3:6640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://platform-cdn.sharethis.com/img/sharethis.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2016:7200:1d:85c3:6640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9a83c65bdd0ff9488af9d25720686457ea7295c9c44f9f1d285a0c9ec89bab99

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Fri, 12 Mar 2021 10:00:12 GMT
via: 1.1 1976c24012aa5629cb792e79edc4e7bf.cloudfront.net (CloudFront)
last-modified: Thu, 10 Oct 2019 01:20:13 GMT
server: AmazonS3
age: 2415182
etag: "deecdaa377907db5cc1722fc831670a1"
x-cache: Hit from cloudfront
content-type: image/svg+xml
cache-control: public, max-age=2592000
x-amz-cf-pop: HAM50-C2
accept-ranges: bytes
content-length: 514
x-amz-cf-id: caqwle0QwsdUqHePRv9x5sCo-g_gg9Kar2P717xzCqCTtLh4yVhpZA==

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 201 B
640 B 216ms
91ms Script
text/javascript 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.baltana.com&callback=_gfp_s_&client=ca-pub-8822717667672157

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210406/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8822717667672157&plah=www.baltana.com&amaexp=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f162.1e100.net

Software

cafe /

Resource Hash

783d80c5b6fd1d540b6a40b1b27fb93da720e0d01d8d5a8e3ed80a2035f0d97f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 09 Apr 2021 08:53:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 192
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
799 B 37ms
14ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.baltana.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 09 Apr 2021 08:53:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
553 B 41ms
15ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.baltana.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 09 Apr 2021 08:53:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 7574 399 B
382 B 101ms
100ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?gdpr=1&client=ca-pub-8822717667672157&output=html&h=280&slotname=4122239477&adk=3617611172&adf=428091284&pi=t.ma~as.4122239477&w=1200&fwrn=4&fwrnh=100&lmt=1617958393&rafmt=1&psa=0&format=1200x280&url=http%3A%2F%2Fwww.baltana.com%2Fmovies%2Fbirds-of-prey-hd-wallpaper-50230.html&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1617958392613&bpp=19&bdt=277&idt=113&shv=r20210406&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=5830682931129&frm=20&pv=2&ga_vid=757497140.1617958393&ga_sid=1617958393&ga_hid=1774293243&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=358&ady=223&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736524%2C44740079%2C44739387%2C21065725&oid=3&pvsid=3084223088655524&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CoeE%7C&abl=NS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=ySogBbnl95&p=http%3A//www.baltana.com&dtd=635

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dbb93969f257a16d38cee88dcd9ecc01973e8f79d3a387fada929fd7f8f747d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?gdpr=1&client=ca-pub-8822717667672157&output=html&h=280&slotname=4122239477&adk=3617611172&adf=428091284&pi=t.ma~as.4122239477&w=1200&fwrn=4&fwrnh=100&lmt=1617958393&rafmt=1&psa=0&format=1200x280&url=http%3A%2F%2Fwww.baltana.com%2Fmovies%2Fbirds-of-prey-hd-wallpaper-50230.html&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1617958392613&bpp=19&bdt=277&idt=113&shv=r20210406&cbv=r20190131&ptt=9&saldr=aa&abxe=1&correlator=5830682931129&frm=20&pv=2&ga_vid=757497140.1617958393&ga_sid=1617958393&ga_hid=1774293243&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=358&ady=223&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736524%2C44740079%2C44739387%2C21065725&oid=3&pvsid=3084223088655524&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CoeE%7C&abl=NS&pfx=0&fu=128&bc=23&ifi=1&uci=a!1&fsb=1&xpc=ySogBbnl95&p=http%3A//www.baltana.com&dtd=635
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://www.baltana.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://www.baltana.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Fri, 09 Apr 2021 08:53:13 GMT
server: cafe
content-length: 199
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 09-Apr-2021 09:08:13 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 09 Apr 2021 08:53:13 GMT
cache-control: private

GET
H3-Q050 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 8 KB
7 KB 45ms
31ms XHR
application/json 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210406&st=env

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

112522ab3038129677c1847dd9b57d3cc195e8bd76ccc0e99f0fbf301e48eb17

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 09 Apr 2021 08:53:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6534
x-xss-protection: 0

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
28 KB 36ms
13ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d686acfc12a44fc472fb2a3c0ff9baa4638ced8f0da5b32f9ae5c15a2611def

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 09 Apr 2021 08:53:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1617795245888949"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28266
x-xss-protection: 0
expires: Fri, 09 Apr 2021 08:53:13 GMT

GET
H3-Q050 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 4D12 399 B
223 B 107ms
105ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?gdpr=1&client=ca-pub-8822717667672157&output=html&h=280&slotname=9511443968&adk=1347380643&adf=50715647&pi=t.ma~as.9511443968&w=1200&fwrn=4&fwrnh=100&lmt=1617958393&rafmt=1&psa=0&format=1200x280&url=http%3A%2F%2Fwww.baltana.com%2Fmovies%2Fbirds-of-prey-hd-wallpaper-50230.html&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1617958392613&bpp=4&bdt=277&idt=133&shv=r20210406&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&correlator=5830682931129&frm=20&pv=1&ga_vid=757497140.1617958393&ga_sid=1617958393&ga_hid=1774293243&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=358&ady=1801&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736524%2C44740079%2C44739387%2C21065725&oid=3&pvsid=3084223088655524&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CoeEbr%7C&abl=NS&pfx=0&fu=128&bc=23&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=B78cj1qzns&p=http%3A//www.baltana.com&dtd=657

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

15ebc92c52eb04a35623e48e8030bb731fa6fa274694d1b62103425fbedade49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?gdpr=1&client=ca-pub-8822717667672157&output=html&h=280&slotname=9511443968&adk=1347380643&adf=50715647&pi=t.ma~as.9511443968&w=1200&fwrn=4&fwrnh=100&lmt=1617958393&rafmt=1&psa=0&format=1200x280&url=http%3A%2F%2Fwww.baltana.com%2Fmovies%2Fbirds-of-prey-hd-wallpaper-50230.html&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1617958392613&bpp=4&bdt=277&idt=133&shv=r20210406&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&correlator=5830682931129&frm=20&pv=1&ga_vid=757497140.1617958393&ga_sid=1617958393&ga_hid=1774293243&ga_fc=1&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=358&ady=1801&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736524%2C44740079%2C44739387%2C21065725&oid=3&pvsid=3084223088655524&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CoeEbr%7C&abl=NS&pfx=0&fu=128&bc=23&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=B78cj1qzns&p=http%3A//www.baltana.com&dtd=657
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://www.baltana.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://www.baltana.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Fri, 09 Apr 2021 08:53:13 GMT
server: cafe
content-length: 199
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 09-Apr-2021 09:08:13 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 09 Apr 2021 08:53:13 GMT
cache-control: private

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 35ms
14ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 09 Apr 2021 08:53:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1616005470650935"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Fri, 09 Apr 2021 08:53:13 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
165 B 15ms
14ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.baltana.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 09 Apr 2021 08:53:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 15ms
15ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.baltana.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 09 Apr 2021 08:53:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame FC4D 399 B
370 B 100ms
100ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?gdpr=1&client=ca-pub-8822717667672157&output=html&h=280&slotname=9511443968&adk=1313859671&adf=2115528348&pi=t.ma~as.9511443968&w=1200&fwrn=4&fwrnh=100&lmt=1617958393&rafmt=1&psa=0&format=1200x280&url=http%3A%2F%2Fwww.baltana.com%2Fmovies%2Fbirds-of-prey-hd-wallpaper-50230.html&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1617958392613&bpp=1&bdt=276&idt=206&shv=r20210406&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C1200x280&correlator=5830682931129&frm=20&pv=1&ga_vid=757497140.1617958393&ga_sid=1617958393&ga_hid=1774293243&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=358&ady=2582&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736524%2C44740079%2C44739387%2C21065725&oid=3&pvsid=3084223088655524&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CoeEbr%7C&abl=NS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=Sdjx3GJUug&p=http%3A//www.baltana.com&dtd=726

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c6566d19714ae694bd03c265d872d77d018b7be3c94b819f1aa550d702ca6edb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?gdpr=1&client=ca-pub-8822717667672157&output=html&h=280&slotname=9511443968&adk=1313859671&adf=2115528348&pi=t.ma~as.9511443968&w=1200&fwrn=4&fwrnh=100&lmt=1617958393&rafmt=1&psa=0&format=1200x280&url=http%3A%2F%2Fwww.baltana.com%2Fmovies%2Fbirds-of-prey-hd-wallpaper-50230.html&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1617958392613&bpp=1&bdt=276&idt=206&shv=r20210406&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C1200x280&correlator=5830682931129&frm=20&pv=1&ga_vid=757497140.1617958393&ga_sid=1617958393&ga_hid=1774293243&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=358&ady=2582&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736524%2C44740079%2C44739387%2C21065725&oid=3&pvsid=3084223088655524&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CoeEbr%7C&abl=NS&pfx=0&fu=128&bc=23&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=Sdjx3GJUug&p=http%3A//www.baltana.com&dtd=726
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://www.baltana.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://www.baltana.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Fri, 09 Apr 2021 08:53:13 GMT
server: cafe
content-length: 199
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 09-Apr-2021 09:08:13 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 09 Apr 2021 08:53:13 GMT
cache-control: private

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame A6DB 2 KB
721 B 52ms
52ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?gdpr=1&client=ca-pub-8822717667672157&output=html&adk=1812271804&adf=3025194257&lmt=1617958393&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=http%3A%2F%2Fwww.baltana.com%2Fmovies%2Fbirds-of-prey-hd-wallpaper-50230.html&ea=0&flash=0&pra=7&wgl=1&dt=1617958392613&bpp=1&bdt=277&idt=228&shv=r20210406&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C1200x280%2C1200x280&nras=1&correlator=5830682931129&frm=20&pv=1&ga_vid=757497140.1617958393&ga_sid=1617958393&ga_hid=1774293243&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736524%2C44740079%2C44739387%2C21065725&oid=3&pvsid=3084223088655524&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=23&ifi=4&uci=a!4&fsb=1&dtd=740

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

749de4b78ed8ce435dbf7b411452bf813882d6b2faef63d8b2e86fb10aff086a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?gdpr=1&client=ca-pub-8822717667672157&output=html&adk=1812271804&adf=3025194257&lmt=1617958393&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=http%3A%2F%2Fwww.baltana.com%2Fmovies%2Fbirds-of-prey-hd-wallpaper-50230.html&ea=0&flash=0&pra=7&wgl=1&dt=1617958392613&bpp=1&bdt=277&idt=228&shv=r20210406&cbv=r20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280%2C1200x280%2C1200x280&nras=1&correlator=5830682931129&frm=20&pv=1&ga_vid=757497140.1617958393&ga_sid=1617958393&ga_hid=1774293243&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736524%2C44740079%2C44739387%2C21065725&oid=3&pvsid=3084223088655524&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=23&ifi=4&uci=a!4&fsb=1&dtd=740
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://www.baltana.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://www.baltana.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Fri, 09 Apr 2021 08:53:13 GMT
server: cafe
content-length: 518
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Fri, 09-Apr-2021 09:08:13 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 09 Apr 2021 08:53:13 GMT
cache-control: private

GET
H3-Q050 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/222/ Frame F335 12 KB
5 KB 28ms
14ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/222/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://www.baltana.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://www.baltana.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Fri, 09 Apr 2021 08:47:38 GMT
expires: Sat, 09 Apr 2022 08:47:38 GMT
last-modified: Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 335
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 rg7ZOtwj_KsF30rM_Y0_DmvJrp5jy6rfjTYWIxfvKAc.js Show response
pagead2.googlesyndication.com/bg/ Frame F335 14 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/rg7ZOtwj_KsF30rM_Y0_DmvJrp5jy6rfjTYWIxfvKAc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ae0ed93adc23fcab05df4accfd8d3f0e6bc9ae9e63cbaadf8d36162317ef2807

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 09 Apr 2021 06:36:44 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Wed, 24 Mar 2021 17:18:00 GMT
server: sffe
age: 8189
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5683
x-xss-protection: 0
expires: Sat, 09 Apr 2022 06:36:44 GMT

POST
H/1.1 200
OK wallpaper_hit.php Show response
www.baltana.com/includes/wallpaper/ajax/ 0
234 B 56ms
56ms XHR
text/html 95.211.152.187
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: http://www.baltana.com/includes/wallpaper/ajax/wallpaper_hit.php
Requested by: Host: www.baltana.com
URL: http://www.baltana.com/includes/wss.js
Protocol: HTTP/1.1
Server: 95.211.152.187 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://www.baltana.com/movies/birds-of-prey-hd-wallpaper-50230.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Date: Fri, 09 Apr 2021 08:53:13 GMT
Content-Encoding: gzip
Server: nginx/1.10.3 (Ubuntu)
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
111 B 42ms
42ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gda_r20210406&jk=3084223088655524&bg=!2tml2Z3NAAY56aLOOek7ACkAdvg8Wrnpvt7PXm8GMnMyvF7OGmS6q52uqdy7fcftWMcaH0f5KYZV2wIAAACiUgAAAA1oAQcKAbA_MLEOZEwzxZmpOkFvdG2GD_ZlWpSDmG8cAoCR6r9xA9Z-V9Qb5DpRlNQFa0o2PCa3qd4_oVSJk35P-hUbzM0cJjy3Kcjuh4z9YbvSh7PRum3jGmmYI0vm_rqTpyKcFGhSLQ3usYivWvx6sAKYNzFBuZ19LilOlFq3POF4zvpknMkgVCYygj6vRyZZXkhoQbLFwIFADOlPnmHJQiYc06PKfGU9aZdBoMpdtmSi39CRT0s78BxCoCBLiYMkD4SoyG-4tfruniXM39EVCch76oPI58G-BGm-DcVhVBk4RvTFKHtVP7lusm3jgsg34sbwb1MM0nn-GbQ9Sfitcwjfk-SSXOLMc4tZNauquNgR-2ZQrwcPbgvhW2D2g89Ab_6h4kE3eAqg1oVStnvMNErNCGfG57PD5DQIJ0wrb0KTD5Ry3BA3yarzuyq7-OCpgjDnbKoXAaApwrPRb--Krrinub6JXEEMxXEYspfmXigbR8SBiHE_tdRNMwX-8ztF1pEn2NDhhVkjSSBkhzCHhJ-eDLiLpn_DX8bKgiifkXSuBml0q_yiyZInYuBycY_yZtOeNPuZAdc5cW1at09o9t6QpkCNDlDfkSSDeXLEh3B6wJi37uzpZq3DyhMoHYEzMn85kCxicE2ZHNmLpvyVnXw12rVZUi5cTtFxyld6MSaJZRqDVf3IpfTdGMUIOSSNSKDTQicfrRCZ_EBgcSjLr9VFNzrVpoJUtlX27U0diNViP0bdm7zb0CxxuK_EmNwyEZs9XTtZRs8H30zT9dlWPhZ7ZM6eoXT9PboKr6O5HmRNKlgsFp5r6K3b70pjV-O30Nkco4EQxcey6kee4L6m-QBogxV07OH3cfPCZKZwqAodsPFf3iNkPVfXwevNjireuKKUfqoh5dpAZ7Rk1r7XBGE2iJK6hlPzZ2fgL9kuzREZyFu433bgGarTKDenOLIiOUQll5A3HQ_IFK0pY5KnDvte6KhpAR8kQOjyA8nLGwGUlnJzuoV89vRXhCSxT1mrCGA5YuglV02SeT09jtQ6swCIGr4sYk6IRFIffOeFsriEfN7ozGrbDpz-HskFGrl9ElW-OYpZuWxFXf0X8d2bOA1kylpOTnY6Cn68WsDoYiVao41wH33XSuOZdppAQg7dotwM2L0Jo6YFmdBMIPSQfYkV0a31QwKEt8KtP3Z8trirExGN_F0hnHw2QFpqVgE

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Apr 2021 08:53:13 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
777 B 35ms
21ms Script
application/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.baltana.com

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 09 Apr 2021 08:53:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
531 B 46ms
31ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.baltana.com

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 09 Apr 2021 08:53:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 0AD7 399 B
496 B 91ms
90ms Document
text/html 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?gdpr=1&client=ca-pub-8822717667672157&output=html&h=250&adk=1339671731&adf=866502912&pi=t.aa~a.3586623994~rp.3&w=317&fwrn=4&fwrnh=100&lmt=1617958393&rafmt=1&to=qs&pwprc=8811152736&psa=0&format=317x250&url=http%3A%2F%2Fwww.baltana.com%2Fmovies%2Fbirds-of-prey-hd-wallpaper-50230.html&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1617958393439&bpp=1&bdt=1103&idt=1&shv=r20210406&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5159d8359849cb4a-22b1b4fd09bb004b%3AT%3D1617958393%3ART%3D1617958393%3AS%3DALNI_MYcm6_scg4frYD-JikM9ZHtCEmQmA&prev_fmts=1200x280%2C1200x280%2C1200x280%2C0x0&nras=2&correlator=5830682931129&frm=20&pv=1&ga_vid=757497140.1617958393&ga_sid=1617958393&ga_hid=1774293243&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=8&ady=1531&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736524%2C44740079%2C44739387%2C21065725&oid=3&pvsid=3084223088655524&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=AvC4x1ywoB&p=http%3A//www.baltana.com&dtd=523

Requested by

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

80dad03ec2c8f829d5d51e3cadf0c871a1a42793e1a27f848cd351033e550c38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?gdpr=1&client=ca-pub-8822717667672157&output=html&h=250&adk=1339671731&adf=866502912&pi=t.aa~a.3586623994~rp.3&w=317&fwrn=4&fwrnh=100&lmt=1617958393&rafmt=1&to=qs&pwprc=8811152736&psa=0&format=317x250&url=http%3A%2F%2Fwww.baltana.com%2Fmovies%2Fbirds-of-prey-hd-wallpaper-50230.html&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&dt=1617958393439&bpp=1&bdt=1103&idt=1&shv=r20210406&cbv=r20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D5159d8359849cb4a-22b1b4fd09bb004b%3AT%3D1617958393%3ART%3D1617958393%3AS%3DALNI_MYcm6_scg4frYD-JikM9ZHtCEmQmA&prev_fmts=1200x280%2C1200x280%2C1200x280%2C0x0&nras=2&correlator=5830682931129&frm=20&pv=1&ga_vid=757497140.1617958393&ga_sid=1617958393&ga_hid=1774293243&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=8&ady=1531&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44736524%2C44740079%2C44739387%2C21065725&oid=3&pvsid=3084223088655524&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=23&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=AvC4x1ywoB&p=http%3A//www.baltana.com&dtd=523
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://www.baltana.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://www.baltana.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Fri, 09 Apr 2021 08:53:14 GMT
server: cafe
content-length: 199
x-xss-protection: 0
set-cookie: IDE=AHWqTUkgQvjj5MjkZiaFCwwtECMTQmJvAx7ARjuzPqMCzrf2T7U-6YuZAGXmPif4dOY; expires=Wed, 04-May-2022 08:53:13 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 09 Apr 2021 08:53:14 GMT
cache-control: private

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 607 B
992 B 224ms
121ms XHR
application/json 37.252.172.45
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: assets.vlitag.com
URL: http://assets.vlitag.com/prebid/default/prebid-v4.28.4.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

98ca9c255527be5c2cb21a961e035b22d33ecac323f43f4ea94c41ff63c92e63

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Date: Fri, 09 Apr 2021 08:53:15 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 185.236.42.25; 185.236.42.25; 693.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.139:80
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 74bd2b99-1fdf-4685-8651-0e374713aa80
Server: nginx/1.17.9
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: http://www.baltana.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 c Show response
prebid.a-mo.net/a/ 0
364 B 352ms
122ms XHR
text/plain 136.144.59.88
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: assets.vlitag.com
URL: http://assets.vlitag.com/prebid/default/prebid-v4.28.4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 136.144.59.88 Secaucus, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: http://www.baltana.com
date: Fri, 09 Apr 2021 08:53:15 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
server: envoy
x-envoy-upstream-service-time: 8
vary: origin

POST
H2 204 cdb Show response
bidder.criteo.com/ 0
144 B 195ms
64ms XHR
text/plain 178.250.0.165
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.criteo.com/cdb?profileId=207&av=33&wv=4.28.0&cb=67167907468
Requested by: Host: assets.vlitag.com
URL: http://assets.vlitag.com/prebid/default/prebid-v4.28.4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.165 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS: bidder.par.vip.prod.criteo.com
Software: Finatra /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: http://www.baltana.com
date: Fri, 09 Apr 2021 08:53:15 GMT
access-control-allow-credentials: true
server: Finatra
timing-allow-origin: *
vary: Origin

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 25 B
372 B 327ms
222ms XHR
application/json 184.31.84.150
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=623289&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%22189a4cb9053d59d%22%2C%22site%22%3A%7B%22page%22%3A%22http%3A%2F%2Fwww.baltana.com%2Fmovies%2Fbirds-of-prey-hd-wallpaper-50230.html%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22mfu%22%3A0%2C%22bu%22%3A5%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allU%22%3A5%2C%22ren%22%3Afalse%2C%22version%22%3A%224.28.0%22%2C%22msd%22%3A0%2C%22msi%22%3A0%7D%7D%2C%22regs%22%3A%7B%22ext%22%3A%7B%22gdpr%22%3A1%7D%7D%2C%22user%22%3A%7B%22ext%22%3A%7B%22consent%22%3A%22%22%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2219ac95f2ce41757%22%2C%22ext%22%3A%7B%22siteID%22%3A%22623289%22%2C%22sid%22%3A%22300x600%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2220ead4dbb81b166%22%2C%22ext%22%3A%7B%22siteID%22%3A%22623289%22%2C%22sid%22%3A%22160x600%22%7D%2C%22banner%22%3A%7B%22w%22%3A160%2C%22h%22%3A600%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%222180bafb8df7e3c%22%2C%22ext%22%3A%7B%22siteID%22%3A%22623289%22%2C%22sid%22%3A%22300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22227075b834375a2%22%2C%22ext%22%3A%7B%22siteID%22%3A%22623289%22%2C%22sid%22%3A%22970x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A970%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2223a11ba0a3a936c%22%2C%22ext%22%3A%7B%22siteID%22%3A%22623289%22%2C%22sid%22%3A%22728x90%22%7D%2C%22banner%22%3A%7B%22w%22%3A728%2C%22h%22%3A90%2C%22topframe%22%3A1%7D%7D%5D%7D
Requested by: Host: assets.vlitag.com
URL: http://assets.vlitag.com/prebid/default/prebid-v4.28.4.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.31.84.150 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a184-31-84-150.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: c1ba36a23c324e53ce900225fb7486c3598d0f9efc5d1ee3ec989e6e7d4cd3a1

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 09 Apr 2021 08:53:16 GMT
content-encoding: gzip
x-ak-initial-geo: CC:[SE], RC:[AB], CN:[EU], CIP:[185.236.42.25], XFF:[]
server: Apache
vary: Is-Traffic-Invalid,Accept-Encoding
content-type: application/json
access-control-allow-origin: http://www.baltana.com
x-cs-client-geo: 10
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 45
x-ak-client-geo: 10
expires: Fri, 09 Apr 2021 08:53:16 GMT

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ 0
176 B 165ms
61ms XHR
text/plain 185.184.8.30
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: assets.vlitag.com
URL: http://assets.vlitag.com/prebid/default/prebid-v4.28.4.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.30 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: http://www.baltana.com
date: Fri, 09 Apr 2021 08:53:15 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

GET
H2

200

ROS Show response
ads.us.e-planning.net/hb/1/2c995/1/www.baltana.com/
Redirect Chain

https://ads.us.e-planning.net/hb/1/2c995/1/www.baltana.com/ROS?rnd=0.5221956895653816&e=300x600_0%3A300x600%2B160x600_0%3A160x600%2B300x250_0%3A300x250%2B970x90_0%3A970x90%2B728x90_0%3A728x90&ur=ht...
https://ads.us.e-planning.net/hb/1/2c995/1/www.baltana.com/ROS?ct=1&rnd=0.5221956895653816&e=300x600_0%3A300x600%2B160x600_0%3A160x600%2B300x250_0%3A300x250%2B970x90_0%3A970x90%2B728x90_0%3A728x90&...

440 B
854 B

54ms
54ms

XHR
application/json

5.178.65.245
SERVERIUS-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.us.e-planning.net/hb/1/2c995/1/www.baltana.com/ROS?ct=1&rnd=0.5221956895653816&e=300x600_0%3A300x600%2B160x600_0%3A160x600%2B300x250_0%3A300x250%2B970x90_0%3A970x90%2B728x90_0%3A728x90&ur=http%3A%2F%2Fwww.baltana.com%2Fmovies%2Fbirds-of-prey-hd-wallpaper-50230.html&r=pbjs&pbv=4.28.0&ncb=1&vs=FFFFF&crs=UTF-8&fr=http%3A%2F%2Fwww.baltana.com%2Fmovies%2Fbirds-of-prey-hd-wallpaper-50230.html&gdpr=1&gdprcs=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.178.65.245 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash: bf9f73b39b1d795fe778669d936d0de883a6fcd47f8297056074cb1b7eeac3cd

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 09 Apr 2021 08:53:15 GMT
server: openresty
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
access-control-allow-origin: http://www.baltana.com
expires: Fri, 09 Apr 2021 08:53:15 GMT
cache-control: max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
content-length: 440
x-sid: AMS-607

Redirect headers

date: Fri, 09 Apr 2021 08:53:15 GMT
server: openresty
access-control-allow-origin: http://www.baltana.com
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
location: /hb/1/2c995/1/www.baltana.com/ROS?ct=1&rnd=0.5221956895653816&e=300x600_0%3A300x600%2B160x600_0%3A160x600%2B300x250_0%3A300x250%2B970x90_0%3A970x90%2B728x90_0%3A728x90&ur=http%3A%2F%2Fwww.baltana.com%2Fmovies%2Fbirds-of-prey-hd-wallpaper-50230.html&r=pbjs&pbv=4.28.0&ncb=1&vs=FFFFF&crs=UTF-8&fr=http%3A%2F%2Fwww.baltana.com%2Fmovies%2Fbirds-of-prey-hd-wallpaper-50230.html&gdpr=1&gdprcs=
access-control-allow-credentials: true
content-type: text/html; charset=iso-8859-1
x-sid: AMS-607

POST
H2 204 quantumdex Show response
useast.quantumdex.io/auction/ 0
735 B 246ms
230ms XHR
text/plain 2606:4700:20::681a:24e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://useast.quantumdex.io/auction/quantumdex
Requested by: Host: assets.vlitag.com
URL: http://assets.vlitag.com/prebid/default/prebid-v4.28.4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:24e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 09 Apr 2021 08:53:16 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods: POST, GET
access-control-allow-origin: http://www.baltana.com
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Kiawxb%2BCGVDNTWKvngTOBQyHF4Igf8gfgdrymgDJlYh37x30Lay9ZkN5tg2fq1MCpvLLqbE87XwOAuQiSOXoOgEFvaLqBaHnDzOaMV6GSAdNTK9y8oxIjnz34dINge3Opw%3D%3D"}]}
access-control-allow-credentials: true
cf-ray: 63d28105df094e19-FRA
cf-request-id: 09576ef7ab00004e1953255000000001

GET
H/1.1 200
OK bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
746 B 202ms
102ms XHR
application/json 18.156.195.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96957d01727298b51a9a3aed860067&pos=8a96957d01727298b51a9a40b18f0075&cmd=bid&gdpr=1
Requested by: Host: assets.vlitag.com
URL: http://assets.vlitag.com/prebid/default/prebid-v4.28.4.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software: ATS/7.1.2.128 /
Resource Hash: 6e2db2ec90d303171d0fac5bd3104726c6646522160a6f79d4d197cc79f849d3

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Date: Fri, 09 Apr 2021 08:53:15 GMT
Server: ATS/7.1.2.128
Age: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: http://www.baltana.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 62

GET
H/1.1 200
OK bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
746 B 211ms
111ms XHR
application/json 18.156.195.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96957d01727298b51a9a3aed860067&pos=8a96957d01727298b51a9a3ee5990072&cmd=bid&gdpr=1
Requested by: Host: assets.vlitag.com
URL: http://assets.vlitag.com/prebid/default/prebid-v4.28.4.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software: ATS/7.1.2.128 /
Resource Hash: 01c7ab6469aa6d3e36f7ac9a4a1e9799d969e015c331279742439f36422e7f64

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Date: Fri, 09 Apr 2021 08:53:15 GMT
Server: ATS/7.1.2.128
Age: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: http://www.baltana.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 62

GET
H/1.1 200
OK bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
746 B 204ms
105ms XHR
application/json 18.156.195.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96957d01727298b51a9a3aed860067&pos=8a96957d01727298b51a9a3c46f80069&cmd=bid&gdpr=1
Requested by: Host: assets.vlitag.com
URL: http://assets.vlitag.com/prebid/default/prebid-v4.28.4.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software: ATS/7.1.2.128 /
Resource Hash: 4e219fda0da31a62b87ca3657d6101422e093efa4972cd8a2b71465319767aff

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Date: Fri, 09 Apr 2021 08:53:15 GMT
Server: ATS/7.1.2.128
Age: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: http://www.baltana.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 62

GET
H/1.1 200
OK bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
746 B 260ms
161ms XHR
application/json 18.156.195.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96957d01727298b51a9a3aed860067&pos=8a96957d01727298b51a9a3db518006f&cmd=bid&gdpr=1
Requested by: Host: assets.vlitag.com
URL: http://assets.vlitag.com/prebid/default/prebid-v4.28.4.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software: ATS/7.1.2.128 /
Resource Hash: 1bb37043947f0c5cc6455d368c2d39116a1bbd675b9cc968488fa15fbc1fc46f

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

Date: Fri, 09 Apr 2021 08:53:16 GMT
Server: ATS/7.1.2.128
Age: 1
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: http://www.baltana.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 62

GET
H/1.1 200
OK vi-logo.svg
assets.vlitag.com/media/icon/ 11 KB
4 KB 22ms
22ms Image
image/svg+xml 2606:4700:20::ac43:4597
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://assets.vlitag.com/media/icon/vi-logo.svg

Protocol

HTTP/1.1

Server

2606:4700:20::ac43:4597 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

24a104ef6529cb9bbceaeca4e037ecf14d40db5207009ac23e8224703fa11bb8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 09 Apr 2021 08:53:16 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
CF-Cache-Status: HIT
NEL: {"max_age":604800,"report_to":"cf-nel"}
Age: 1645035
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09576ef90000002bad0d94b000000001
Last-Modified: Fri, 01 Nov 2019 05:04:49 GMT
Server: cloudflare
ETag: W/"5dbbbcf1-2c34"
X-Robots-Tag: noindex, nofollow
Vary: Accept-Encoding
Report-To: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=nlPRyaqY0J7eUrX1J%2BOk%2F56hKbPqy0joWlK447lX9DWrKoQDTTLY7zkPQwelfe4stKqZjkaH9mRtKsbbeqntJ5W0SzujZZZsD6vQa%2BqKKSxnZVc14VOENYNzyTTNGw%3D%3D"}],"group":"cf-nel"}
Content-Type: image/svg+xml
X-XSS-Protection: 1; mode=block
Cache-Control: max-age=16070400
CF-RAY: 63d28107f9892bad-FRA

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
165 B 15ms
15ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.baltana.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021040101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 09 Apr 2021 08:53:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 14ms
14ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.baltana.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021040101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 09 Apr 2021 08:53:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 477 B
757 B 179ms
178ms XHR
text/plain 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3084223088655524&correlator=3571932456727622&output=ldjh&impl=fifs&eid=31060550%2C31060699%2C21068031%2C31060321%2C44739387%2C21065725&vrg=2021040101&ptt=17&gdpr=1&sc=0&sfv=1-0-38&ecs=20210409&iu_parts=307492156%2C97_Baltana.com%2C97_Baltana.com_SmartBanner_1&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=970x90&prev_scp=vli_adslot%3D45063%26vli_adtype%3Ddisplay%26vli_sf%3D1&eri=1&cust_params=hb_domain%3Dbaltana.com&cookie_enabled=1&bc=23&abxe=1&lmt=1617958396&dt=1617958396675&dlt=1617958392336&idt=712&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=1226&adks=1463956022&ucis=1&ifi=6&u_tz=120&u_his=2&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fwww.baltana.com%2Fmovies%2Fbirds-of-prey-hd-wallpaper-50230.html&vis=1&scr_x=0&scr_y=0&psz=1600x-1&msz=970x-1&ga_vid=757497140.1617958393&ga_sid=1617958393&ga_hid=1774293243&ga_fc=false&fws=512&ohw=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021040101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

e6f201d7504c492a16fb0ce027b85c153f01eab82ef4796be96ddeb24597990e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 09 Apr 2021 08:53:16 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 248
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://www.baltana.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
bee38a3939055239b53840bc7eacab5f.safeframe.googlesyndication.com/safeframe/1-0-38/html/ 0
0 46ms
13ms Other
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://bee38a3939055239b53840bc7eacab5f.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021040101.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-38/html/ 0
0 6ms
6ms Other
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021040101.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ 80 KB
26 KB 51ms
24ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: assets.vlitag.com
URL: http://assets.vlitag.com/prebid/default/prebid-v4.28.4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: b27963d64b79220f6a94fafa3a3c67a2404d363b4ad53dbb83ab2187eacde46f

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 09 Apr 2021 08:53:17 GMT
content-encoding: gzip
last-modified: Thu, 18 Mar 2021 09:52:27 GMT
server: nginx
etag: W/"605322db-14013"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
timing-allow-origin: *
expires: Sat, 10 Apr 2021 08:53:17 GMT

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame D32B 0
150 B 68ms
23ms Document
text/html 2a02:2638::1c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?topUrl=www.baltana.com&gdpr=1&gdpr_consent=

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:method: GET
:authority: gum.criteo.com
:scheme: https
:path: /syncframe?topUrl=www.baltana.com&gdpr=1&gdpr_consent=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://www.baltana.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://www.baltana.com/

Response headers

cache-control: private, max-age=0
content-type: text/html; charset=utf-8
strict-transport-security: max-age=31536000
server-processing-duration-in-ticks: 1876
date: Fri, 09 Apr 2021 08:53:17 GMT
content-length: 0

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ 80 KB
26 KB 43ms
15ms XHR
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: b27963d64b79220f6a94fafa3a3c67a2404d363b4ad53dbb83ab2187eacde46f

Request headers

Referer: http://www.baltana.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 09 Apr 2021 08:53:17 GMT
content-encoding: gzip
last-modified: Thu, 18 Mar 2021 09:52:27 GMT
server: nginx
etag: W/"605322db-14013"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
timing-allow-origin: *
expires: Sat, 10 Apr 2021 08:53:17 GMT

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 6494 52 KB
17 KB 163ms
53ms Document
text/html 151.101.13.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: assets.vlitag.com
URL: http://assets.vlitag.com/prebid/default/prebid-v4.28.4.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.13.108 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.13.10 /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Host: acdn.adnxs.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: http://www.baltana.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://www.baltana.com/

Response headers

Connection: keep-alive
Content-Length: 17053
Server: nginx/1.13.10
Content-Type: text/html
Last-Modified: Wed, 02 Dec 2020 20:56:47 GMT
ETag: W/"5fc7ff8f-cf34"
Expires: Thu, 08 Apr 2021 05:51:50 GMT
Cache-Control: max-age=86402
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Accept-Ranges: bytes
Date: Fri, 09 Apr 2021 08:53:19 GMT
Age: 10887
X-Served-By: cache-lga21934-LGA, cache-fra19143-FRA
X-Cache: HIT, HIT
X-Cache-Hits: 1, 111658
X-Timer: S1617958399.298800,VS0,VE0
Vary: Accept-Encoding

GET
H2 200 / Show response
spl.zeotap.com/ Frame 4ADD 8 KB
2 KB 51ms
35ms Document
text/html 2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Requested by: Host: assets.vlitag.com
URL: http://assets.vlitag.com/prebid/default/prebid-v4.28.4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1db057fb4513ed810cce24b8375bfd5a78084a3775e0125034744ffd44c2cf81

Request headers

:method: GET
:authority: spl.zeotap.com
:scheme: https
:path: /?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://www.baltana.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://www.baltana.com/

Response headers

date: Fri, 09 Apr 2021 08:53:19 GMT
content-type: text/html
set-cookie: __cfduid=d2bd38711a9c10abb3cd14ae83ba932bd1617958399; expires=Sun, 09-May-21 08:53:19 GMT; path=/; domain=.zeotap.com; HttpOnly; SameSite=Lax zc=c9d220bd-db23-44dd-4d96-2f4003ffe6db; Path=/; Domain=.zeotap.com; Max-Age=31536000; SameSite=None; Secure zsc=%09%8B%3F%3C%80%E3h%13%FD%93%EF%8A%BA%E8%8E%FE%F4%EA%BB%9D%1E%A4%909%03y%B5%28V%C1%F3J+%5BZ%CF%0F%B0%9B%BAy%96~%9C%C7%CC%A4%16%D3%D9%BF%17%BB%9Eo%11%21%09%3D%ACJ%89%10%F8%C5e3Ay56L%10%23%FD%B1%FC%AD%C5%F3%99x%EE%DF%BB%89P%05%AAL%F1%B9%1E+%A7%C0%FD%A2%8F%C1m%BA%A8%B3%7Ci1%5C%06%90%8E%12%10%B73%18%12%D9s%86GmB%09%60%ADm%D0%02%0D%1D%ED%EE%2Cn%AD%3F%FC%00%16%D1k%E3P%21P%1A%FE%28%CBQ6%03%A8%29%21%A8%5C%5Ct_%EA%D7%ACo%B4%06%DD; Path=/; Domain=.zeotap.com; Max-Age=86400; SameSite=None; Secure
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: http://www.baltana.com
vary: Origin
via: 1.1 google
cf-cache-status: DYNAMIC
cf-request-id: 09576f04ca00004e3dc2304000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 63d2811add414e3d-FRA
content-encoding: br

GET
H/1.1 200
OK ixmatch.html Show response
js-sec.indexww.com/um/ Frame D4FB 2 KB
1 KB 162ms
53ms Document
text/html 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: assets.vlitag.com
URL: http://assets.vlitag.com/prebid/default/prebid-v4.28.4.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7eca7977c6ade416c20775a7fd7cfa2291c5752cd1225d5c4342b057c37a000c

Request headers

Host: js-sec.indexww.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: http://www.baltana.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://www.baltana.com/

Response headers

Server: Apache
Last-Modified: Thu, 11 Feb 2021 16:12:45 GMT
ETag: "e20015-90b-5bb11ca420f07"
Accept-Ranges: bytes
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Fri, 09 Apr 2021 08:53:19 GMT
Content-Length: 1151
Connection: keep-alive

GET
H2 200 quantumdex Show response
sync.quantumdex.io/usersync/ Frame A916 3 KB
1 KB 138ms
130ms Document
text/html 2606:4700:20::681a:24e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.quantumdex.io/usersync/quantumdex
Requested by: Host: assets.vlitag.com
URL: http://assets.vlitag.com/prebid/default/prebid-v4.28.4.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:24e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 82e15637646bb47ba916bcac4dfb2459313fd31a0f208c2cdd91341d6968c24a

Request headers

:method: GET
:authority: sync.quantumdex.io
:scheme: https
:path: /usersync/quantumdex
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://www.baltana.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://www.baltana.com/

Response headers

date: Fri, 09 Apr 2021 08:53:19 GMT
content-type: text/html
set-cookie: __cfduid=de04f8637d923bc21900a5cea419570bb1617958399; expires=Sun, 09-May-21 08:53:19 GMT; path=/; domain=.quantumdex.io; HttpOnly; SameSite=Lax uid=4d799501-7c54-4d29-a192-9546db82a2e7; expires=Thu, 29 Apr 2021 08:53:19 GMT; domain=quantumdex.io; path=/; secure; SameSite=None
cf-cache-status: DYNAMIC
cf-request-id: 09576f04c300004e195cb77000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=l%2FT%2BKytyjT%2BJdFYEQ2u6QFkeP4FAZgzP800uGacJ6p28bvvMYjYHG7Mn%2Ftz%2BJjoGXSOsKpOlYjHsbzrQqPJqJ7pz1YyMNVdxB32xw4FsqjyVCztUlg6luzu7BslTu7s%3D"}]}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 63d2811ada154e19-FRA
content-encoding: br

GET
H/1.1 400
Request failed due to privacy signals getuid
ib.adnxs.com/ Frame 4ADD 0
0 144ms
48ms Image
text/html 37.252.172.45
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ib.adnxs.com/getuid?https://mwzeom.zeotap.com/mw?adnxs_uid=$UID&zpartnerid=2&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 37.252.172.45 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS: 693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 4ADD
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59...
https://mwzeom.zeotap.com/mw?google_gid=CAESECbZLkEpPMu_F0fMblid8r8&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c...

95 B
179 B

106ms
106ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?google_gid=CAESECbZLkEpPMu_F0fMblid8r8&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 09 Apr 2021 08:53:19 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 63d2811c48674e3d-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 09576f05b100004e3dd510f000000001

Redirect headers

pragma: no-cache
date: Fri, 09 Apr 2021 08:53:19 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://mwzeom.zeotap.com/mw?google_gid=CAESECbZLkEpPMu_F0fMblid8r8&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 470
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 4ADD
Redirect Chain

https://pixel.tapad.com/idsync/ex/push?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26...
https://pixel.tapad.com/idsync/ex/push/check?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent...
https://mwzeom.zeotap.com/mw?cid=08071df3-9911-11eb-8964-66c9555750b1&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45...

95 B
179 B

27ms
26ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=08071df3-9911-11eb-8964-66c9555750b1&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 09 Apr 2021 08:53:19 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 63d2811c38464e3d-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 09576f05a400004e3db93ff000000001

Redirect headers

date: Fri, 09 Apr 2021 08:53:19 GMT
via: 1.1 google
server: Jetty(9.4.28.v20200408)
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location: https://mwzeom.zeotap.com/mw?cid=08071df3-9911-11eb-8964-66c9555750b1&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361
alt-svc: clear
content-length: 0

GET
H2 403 /
dmp.adform.net/serving/cookie/match/ Frame 4ADD 0
331 B 116ms
36ms Image
text/plain 37.157.6.242
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dmp.adform.net/serving/cookie/match/?party=1105&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361

Requested by

Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.242 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Apr 2021 08:53:19 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 4ADD
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dc9d220bd-db23-44dd-4d96-2f4003ffe6db%26reqId%3De...
https://match.adsrvr.org/track/cmb/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dc9d220bd-db23-44dd-4d96-2f4003ffe6db%26reqId%3De...
https://mwzeom.zeotap.com/mw?cid=474b2b88-d3d1-40ef-9ef6-e5c02d2cc42d&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45...

95 B
295 B

29ms
29ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=474b2b88-d3d1-40ef-9ef6-e5c02d2cc42d&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 09 Apr 2021 08:53:19 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 63d2811c0feb4e3d-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 09576f058700004e3dd0358000000001

Redirect headers

pragma: no-cache
date: Fri, 09 Apr 2021 08:53:19 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://mwzeom.zeotap.com/mw?cid=474b2b88-d3d1-40ef-9ef6-e5c02d2cc42d&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 481

GET
H2 200 cm
trc.taboola.com/sg/zeotap/1/ Frame 4ADD 0
163 B 230ms
119ms Image
text/plain 151.101.13.44
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/zeotap/1/cm?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.13.44 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms: 67
date: Fri, 09 Apr 2021 08:53:19 GMT
via: 1.1 varnish
server: nginx
x-timer: S1617958399.360785,VS0,VE67
x-cache: MISS
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
x-served-by: cache-fra19160-FRA

GET
H/1.1 200
OK u
dmp.v.fwmrm.net/ad/ Frame 4ADD 0
361 B 150ms
48ms Image
text/html 154.57.158.51
FREEWHEEL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dmp.v.fwmrm.net/ad/u?mode=echo&cr=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1368%26env%3DmWeb%26cid%3D%23%7Buser.id%7D%26gdpr%3D%24%7BGDPR_ENFORCED%7D%26gdpr_consent%3D%24%7BGDPR_CONSENT%7D
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 154.57.158.51 , United States, ASN26558 (FREEWHEEL, US),
Reverse DNS: amsadvip2.fwmrm.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 09 Apr 2021 08:53:19 GMT
Cache-Control: no-store
Expires: 0
Content-Type: text/html
Content-Length: 0
P3P: policyref="https://www.freewheel.tv/w3c/p3p.xml",CP="ALL DSP COR NID"

GET
H/1.1 200
OK UCookieSetPug
image6.pubmatic.com/AdServer/ Frame 4ADD 0
240 B 244ms
59ms Image
text/html 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image6.pubmatic.com/AdServer/UCookieSetPug?gdpr=1&gdpr_consent=&rd=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1384%26env%3DmWeb%26cid%3D%23PM_USER_ID%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dc9d220bd-db23-44dd-4d96-2f4003ffe6db%26reqId%3De5453c2f-0639-4d45-59fe-f39dc4ced3a6%26zdid%3D1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 09 Apr 2021 08:53:17 GMT
P3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 4ADD
Redirect Chain

https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361
https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=136...
https://mwzeom.zeotap.com/mw?cid=2ddaa7e9-a919-4462-9140-d307b49e5418&zpartnerid=317&gdpr=1&gdpr_consent=

95 B
179 B

121ms
120ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=2ddaa7e9-a919-4462-9140-d307b49e5418&zpartnerid=317&gdpr=1&gdpr_consent=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 09 Apr 2021 08:53:19 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 63d2811bffc44e3d-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 09576f057700004e3dac3f7000000001

Redirect headers

pragma: no-cache
date: Fri, 09 Apr 2021 08:53:19 GMT
server: Apache-Coyote/1.1
location: https://mwzeom.zeotap.com/mw?cid=2ddaa7e9-a919-4462-9140-d307b49e5418&zpartnerid=317&gdpr=1&gdpr_consent=
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 0
x-xss-protection: 1; mode=block
expires: 0

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 4ADD
Redirect Chain

https://dpm.demdex.net/ibs:dpid=199624&dpuuid=c9d220bd-db23-44dd-4d96-2f4003ffe6db&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3D...
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=199624&dpuuid=c9d220bd-db23-44dd-4d96-2f4003ffe6db&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env...
https://mwzeom.zeotap.com/mw?cid=54342672271308396101967468911220421526&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-...

95 B
179 B

29ms
29ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=54342672271308396101967468911220421526&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 09 Apr 2021 08:53:19 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 63d2811d7a484e3d-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 09576f066800004e3d953b8000000001

Redirect headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: L9ApYRd0Q1U=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://mwzeom.zeotap.com/mw?cid=54342672271308396101967468911220421526&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 204 /
loadeu.exelator.com/load/ Frame 4ADD 0
324 B 173ms
66ms Image
text/plain 18.198.69.109
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://loadeu.exelator.com/load/?p=709&g=008&j=0&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.198.69.109 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-198-69-109.eu-central-1.compute.amazonaws.com
Software: nginx / Undertow/1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 09 Apr 2021 08:53:19 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
x-powered-by: Undertow/1
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 4ADD
Redirect Chain

https://bn01.er.bemail.it/zeotap.php?_bid=c9d220bd-db23-44dd-4d96-2f4003ffe6db&_from=Zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-...
https://mwzeom.zeotap.com/mw?cid=BE1-2021040910-48984-0.125615001617958400-6c7559a906b86b10955d6ce12f48b39b&zdid=533&env=mWeb

95 B
179 B

33ms
32ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=BE1-2021040910-48984-0.125615001617958400-6c7559a906b86b10955d6ce12f48b39b&zdid=533&env=mWeb
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 09 Apr 2021 08:53:19 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 63d2811deace4e3d-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 09576f06ad00004e3debaba000000001

Redirect headers

Location: https://mwzeom.zeotap.com/mw?cid=BE1-2021040910-48984-0.125615001617958400-6c7559a906b86b10955d6ce12f48b39b&zdid=533&env=mWeb
Date: Fri, 09 Apr 2021 08:53:20 GMT
Server: nginx/1.10.2
Connection: keep-alive
X-Powered-By: PHP/5.4.16
Transfer-Encoding: chunked
Content-Type: text/html

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 4ADD
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%25%25COOKIE%25%25%26env%3DmWeb%26zpartnerid%3D563%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_con...
https://mwzeom.zeotap.com/mw?cid=6949078410006952075&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-...

95 B
179 B

28ms
27ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=6949078410006952075&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 09 Apr 2021 08:53:19 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 63d2811d5a144e3d-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 09576f065500004e3ddb3a3000000001

Redirect headers

Location: https://mwzeom.zeotap.com/mw?cid=6949078410006952075&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361
Date: Fri, 09 Apr 2021 08:53:19 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H2 200 receive
pixel.tapad.com/idsync/ex/ Frame 4ADD 95 B
427 B 57ms
56ms Image
image/png 35.227.248.159
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive?partner_id=2885&partner_device_id=c9d220bd-db23-44dd-4d96-2f4003ffe6db

Requested by

Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.227.248.159 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

159.248.227.35.bc.googleusercontent.com

Software

Jetty(9.4.28.v20200408) /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 09 Apr 2021 08:53:19 GMT
via: 1.1 google
server: Jetty(9.4.28.v20200408)
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/png
alt-svc: clear
content-length: 95

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 4ADD
Redirect Chain

https://idsync.frontend.weborama.fr/ids?key=zeotap&value=c9d220bd-db23-44dd-4d96-2f4003ffe6db&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26...
https://idsync.frontend.weborama.fr/ids?key=zeotap&value=c9d220bd-db23-44dd-4d96-2f4003ffe6db&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26...
https://mwzeom.zeotap.com/mw?webouuid=WC8oepBhkW5hU8iDg..eP.&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d...

95 B
202 B

776ms
775ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?webouuid=WC8oepBhkW5hU8iDg..eP.&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 09 Apr 2021 08:53:20 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 63d2811d5a194e3d-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 09576f065800004e3d953b7000000001

Redirect headers

pragma: no-cache
date: Fri, 09 Apr 2021 08:53:19 GMT
via: 1.1 google
last-modified: Fri, 09 Apr 2021 08:53:19 GMT
server: nginx/1.12.0
location: https://mwzeom.zeotap.com/mw?webouuid=WC8oepBhkW5hU8iDg..eP.&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: clear
content-length: 0
expires: Tue, 03 Jul 2001 06:00:00 GMT

GET
H2 200 2.gif
dmp.theadex.com/d/949/i/ Frame 4ADD 36 B
378 B 197ms
61ms Image
image/gif 89.163.159.109
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dmp.theadex.com/d/949/i/2.gif?axd_fuid=c9d220bd-db23-44dd-4d96-2f4003ffe6db&axd_pid=175
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 89.163.159.109 Düsseldorf, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software: nginx /
Resource Hash: 204265a6f1fc8529e4a64cff2c17c04709b46455f93003d24edb50bd78977223

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Apr 2021 08:53:19 GMT
server: nginx
p3p: CP="CAO PSAa PSDa IVAa IVDa OUR UNI COM NAV"
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
content-length: 36
expires: 0

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 4ADD
Redirect Chain

https://bcp.crwdcntrl.net/map/c=13620/tp=ZEOT/tpid=c9d220bd-db23-44dd-4d96-2f4003ffe6db?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_con...
https://bcp.crwdcntrl.net/map/ct=y/c=13620/tp=ZEOT/tpid=c9d220bd-db23-44dd-4d96-2f4003ffe6db?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdp...
https://mwzeom.zeotap.com/mw?pid=e513da902aa12f12468af9455776a734&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-06...

95 B
179 B

192ms
192ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?pid=e513da902aa12f12468af9455776a734&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 09 Apr 2021 08:53:19 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 63d2811e6bbb4e3d-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 09576f06fc00004e3de7b6a000000001

Redirect headers

pragma: no-cache
date: Fri, 09 Apr 2021 08:53:19 GMT
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location: https://mwzeom.zeotap.com/mw?pid=e513da902aa12f12468af9455776a734&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361
cache-control: no-cache
x-server: 10.45.19.165
content-length: 0
expires: 0

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 4ADD
Redirect Chain

https://cms.analytics.yahoo.com/cms?partner_id=ZTAP
https://mwzeom.zeotap.com/mw?cid=y-VgoD1YBE2oovLvxczT.oJNhxeCNKfJVwUQ--~A&zpartnerid=570&env=mWeb

95 B
179 B

24ms
23ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=y-VgoD1YBE2oovLvxczT.oJNhxeCNKfJVwUQ--~A&zpartnerid=570&env=mWeb
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 09 Apr 2021 08:53:19 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 63d2811e5ba94e3d-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 09576f06f500004e3dfe848000000001

Redirect headers

date: Fri, 09 Apr 2021 08:53:19 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: text/html;charset=utf-8
location: https://mwzeom.zeotap.com/mw?cid=y-VgoD1YBE2oovLvxczT.oJNhxeCNKfJVwUQ--~A&zpartnerid=570&env=mWeb
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000
content-length: 0
x-content-type-options: nosniff

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 4ADD
Redirect Chain

https://aa.agkn.com/adscores/g.pixel?sid=9212299398&zctry=DEU&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zd...
https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=4KrTc7jWVdHponHJJN26tnhB3TPuMCAd%2BS41iYitP1U%3D

95 B
179 B

91ms
89ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=4KrTc7jWVdHponHJJN26tnhB3TPuMCAd%2BS41iYitP1U%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 09 Apr 2021 08:53:19 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 63d2811deacc4e3d-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 09576f06ad00004e3d9282c000000001

Redirect headers

pragma: no-cache
date: Fri, 09 Apr 2021 08:53:19 GMT
server: AAWebServer
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
location: https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=4KrTc7jWVdHponHJJN26tnhB3TPuMCAd%2BS41iYitP1U%3D
cache-control: no-cache, no-store, must-revalidate
content-length: 0
expires: 0

GET
H2 200 v2
odr.mookie1.com/t/ Frame 4ADD 43 B
324 B 114ms
52ms Image
image/gif 34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2?tagid=V2_746632&src.visitorId=c9d220bd-db23-44dd-4d96-2f4003ffe6db&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Apr 2021 08:53:19 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 204 usermatch.gif
beacon.krxd.net/ Frame 4ADD 0
338 B 213ms
67ms Image
text/plain 52.51.159.158
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner=zeotap&partner_uid=141838&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.51.159.158 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 09 Apr 2021 08:53:19 GMT
cache-control: private, no-cache, no-store
x-request-time: D=31 t=1617958399
x-served-by: beacon-n020-dub-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 /
sync.richaudience.com/1988B3F6BED450961C9D70DD91/ Frame 4ADD 95 B
360 B 186ms
54ms Image
image/png 168.119.149.178
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.richaudience.com/1988B3F6BED450961C9D70DD91/?uuid=c9d220bd-db23-44dd-4d96-2f4003ffe6db&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 168.119.149.178 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.178.149.119.168.clients.your-server.de
Software: nginx/1.10.3 /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 09 Apr 2021 08:53:19 GMT
server: nginx/1.10.3
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type: image/png

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 4ADD
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_co...
https://sync-tm.everesttech.net/ct/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr...
https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YHAWAAAAAaPk_AAJ&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39...

95 B
259 B

24ms
24ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YHAWAAAAAaPk_AAJ&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361&_test=YHAWAAAAAaPk_AAJ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 09 Apr 2021 08:53:20 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 63d28125effc4e3d-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 09576f0bb200004e3dd5175000000001

Redirect headers

pragma: no-cache
date: Fri, 09 Apr 2021 08:53:20 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1617958401.919122,VS0,VE0
x-served-by: cache-fra19177-FRA
x-cache: HIT
location: https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YHAWAAAAAaPk_AAJ&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361&_test=YHAWAAAAAaPk_AAJ
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 4ADD
Redirect Chain

https://pixel.mathtag.com/sync/img?mt_exid=10092&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%5BMM_UUID%5D%26env%3DmWeb%26zpartnerid%3D979%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_co...
https://mwzeom.zeotap.com/mw?cid=d6a06070-1600-4c00-a5cc-ac57f6e3c571&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2...

95 B
334 B

30ms
30ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?cid=d6a06070-1600-4c00-a5cc-ac57f6e3c571&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 09 Apr 2021 08:53:20 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 63d281251e8d4e3d-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 09576f0b3400004e3d9c01c000000001

Redirect headers

Date: Fri, 09 Apr 2021 08:53:20 GMT
Server: MT3 3660 495c301 master cdg-pixel-x27
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://mwzeom.zeotap.com/mw?cid=d6a06070-1600-4c00-a5cc-ac57f6e3c571&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 0
Expires: Fri, 09 Apr 2021 08:54:26 GMT

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame 4ADD
Redirect Chain

https://usermatch.krxd.net/um/v2?partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ce...

0
337 B

69ms
69ms

Image
text/plain

52.51.159.158
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.51.159.158 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 09 Apr 2021 08:53:21 GMT
cache-control: private, no-cache, no-store
x-request-time: D=32 t=1617958401
x-served-by: beacon-n019-dub-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361
date: Fri, 09 Apr 2021 08:53:20 GMT
x-cache-hits: 0
x-age: 0
content-length: 0
x-cache: MISS
x-served-by: usermatch-a002-ash-prod.krxd.net

GET
H/1.1

200
OK

dcm
aax-eu.amazon-adsystem.com/s/ Frame 4ADD
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=c9d220bd-db23-44dd-4d96-2f4003ffe6db&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d9...
https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=c9d220bd-db23-44dd-4d96-2f4003ffe6db&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d9...

43 B
433 B

74ms
74ms

Image
image/gif

52.95.123.167
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=c9d220bd-db23-44dd-4d96-2f4003ffe6db&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361&dcc=t
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.123.167 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 09 Apr 2021 08:53:20 GMT
Server: Server
Vary: User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 09 Apr 2021 08:53:20 GMT
Server: Server
Vary: User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=c9d220bd-db23-44dd-4d96-2f4003ffe6db&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 4ADD
Redirect Chain

https://tags.bluekai.com/site/87734?id=c9d220bd-db23-44dd-4d96-2f4003ffe6db&gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1202%26env%3DmWeb%26cid%3D%24_BK_UUID%26BK...
https://mwzeom.zeotap.com/mw?zpartnerid=1202&env=mWeb&cid=$_BK_UUID&BK_SWAP_DEST=87734

95 B
202 B

818ms
818ms

Image
image/png

2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=1202&env=mWeb&cid=$_BK_UUID&BK_SWAP_DEST=87734
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 09 Apr 2021 08:53:21 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
cf-ray: 63d28121e9094e3d-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 09576f093300004e3de11b3000000001

Redirect headers

Location: https://mwzeom.zeotap.com/mw?zpartnerid=1202&env=mWeb&cid=$_BK_UUID&BK_SWAP_DEST=87734
Date: Fri, 09 Apr 2021 08:53:20 GMT
Connection: keep-alive
Content-Length: 0
BK-Server: c255
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"

GET
H2 200 zeo
obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com/ Frame 4ADD 0
38 B 1474ms
69ms Image
text/plain 54.194.247.63
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com/zeo?url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1395%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3Dc9d220bd-db23-44dd-4d96-2f4003ffe6db%26reqId%3De5453c2f-0639-4d45-59fe-f39dc4ced3a6%26zdid%3D1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.194.247.63 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-194-247-63.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://spl.zeotap.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 09 Apr 2021 08:53:21 GMT
content-length: 0

GET
H2 200 cmp.min.js Show response
spl.zeotap.com/ Frame 4ADD 557 B
596 B 38ms
37ms Script
text/plain 2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://spl.zeotap.com/cmp.min.js?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a5f4e8238cf9af75ffb826e8c84bc51d68d9c28b11f66b54c0d1b2ceadf6de00

Request headers

Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cf-ray: 63d2811b2df04e3d-FRA
date: Fri, 09 Apr 2021 08:53:19 GMT
via: 1.1 google
cf-cache-status: MISS
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://spl.zeotap.com
access-control-allow-credentials: true
content-encoding: br
access-control-allow-headers: *
cf-request-id: 09576f04fb00004e3dc2306000000001

GET
H2 204 cmp
spl.zeotap.com/ Frame 4ADD 0
0 27ms
26ms Document
text/plain 2606:4700:10::6816:1957
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://spl.zeotap.com/cmp?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361&cmp=0
Requested by: Host: spl.zeotap.com
URL: https://spl.zeotap.com/cmp.min.js?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1957 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:method: GET
:authority: spl.zeotap.com
:scheme: https
:path: /cmp?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=c9d220bd-db23-44dd-4d96-2f4003ffe6db&reqId=e5453c2f-0639-4d45-59fe-f39dc4ced3a6&zdid=1361&cmp=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: zc=c9d220bd-db23-44dd-4d96-2f4003ffe6db; zsc=%09%8B%3F%3C%80%E3h%13%FD%93%EF%8A%BA%E8%8E%FE%F4%EA%BB%9D%1E%A4%909%03y%B5%28V%C1%F3J+%5BZ%CF%0F%B0%9B%BAy%96~%9C%C7%CC%A4%16%D3%D9%BF%17%BB%9Eo%11%21%09%3D%ACJ%89%10%F8%C5e3Ay56L%10%23%FD%B1%FC%AD%C5%F3%99x%EE%DF%BB%89P%05%AAL%F1%B9%1E+%A7%C0%FD%A2%8F%C1m%BA%A8%B3%7Ci1%5C%06%90%8E%12%10%B73%18%12%D9s%86GmB%09%60%ADm%D0%02%0D%1D%ED%EE%2Cn%AD%3F%FC%00%16%D1k%E3P%21P%1A%FE%28%CBQ6%03%A8%29%21%A8%5C%5Ct_%EA%D7%ACo%B4%06%DD
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map

Response headers

date: Fri, 09 Apr 2021 08:53:19 GMT
set-cookie: __cfduid=da9aca0e02be614440908e021693ef1a51617958399; expires=Sun, 09-May-21 08:53:19 GMT; path=/; domain=.zeotap.com; HttpOnly; SameSite=Lax
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-origin: https://spl.zeotap.com
vary: Origin
via: 1.1 google
cf-cache-status: DYNAMIC
cf-request-id: 09576f052500004e3dd0351000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 63d2811b6e9c4e3d-FRA

GET
H2

200

setuid
sync.quantumdex.io/ Frame A916
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dappnexus%26uid%3D%24UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fsync.quantumdex.io%252Fsetuid%253Fbidder%253Dappnexus%2526uid%253D%2524UID
https://sync.quantumdex.io/setuid?bidder=appnexus&uid=4681053116447614071

43 B
323 B

132ms
129ms

Image
image/gif

2606:4700:20::681a:24e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=appnexus&uid=4681053116447614071
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:24e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 09 Apr 2021 08:53:19 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=wU%2FY%2Fji16Ke09NHZWygrTxAuIJ78hpxzjxWaWZfKVawimexJxOH3i0Zp5NguG0k57wdnk1V7lYNIlQViBP3JGr3v5eyNzh6HaB6tz8nE49kQjcinrLBdnDox9Pt977I%3D"}]}
content-type: image/gif
cf-ray: 63d2811d0daa4e19-FRA
content-length: 43
cf-request-id: 09576f062300004e194d06a000000001

Redirect headers

Pragma: no-cache
Date: Fri, 09 Apr 2021 08:53:19 GMT
X-Proxy-Origin: 185.236.42.25; 185.236.42.25; 693.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.173.69:80
AN-X-Request-Uuid: ecf0de45-d320-401e-bd9a-4f78df45efa0
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://sync.quantumdex.io/setuid?bidder=appnexus&uid=4681053116447614071
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

setuid
sync.quantumdex.io/ Frame A916
Redirect Chain

https://ups.analytics.yahoo.com/ups/58424/occ
https://ups.analytics.yahoo.com/ups/58424/occ?verify=true
https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-NK2OuIpE2uGgtFN6khB2PpmMg8oZUEzBy8kSGuI-~A

43 B
330 B

132ms
131ms

Image
image/gif

2606:4700:20::681a:24e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-NK2OuIpE2uGgtFN6khB2PpmMg8oZUEzBy8kSGuI-~A
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:24e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 09 Apr 2021 08:53:19 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=BOW2o%2BLOGKQks6DuJPARE3uQbc7lGAZ15b72Ho6Ju5JhqjWpG25fgsBGXsrKGSywmFZ2e3OFW5gRYmxj0LKaVWhtv%2FeCAyPjLu4NE%2B%2FMvm8DaAaEK%2B%2F4pXMyrHMELho%3D"}]}
content-type: image/gif
cf-ray: 63d2811d0daf4e19-FRA
content-length: 43
cf-request-id: 09576f062300004e19501bf000000001

Redirect headers

Date: Fri, 09 Apr 2021 08:53:19 GMT
Server: ATS/7.1.2.128
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-NK2OuIpE2uGgtFN6khB2PpmMg8oZUEzBy8kSGuI-~A
Connection: keep-alive
Content-Length: 0

GET
H2

200

setuid
sync.quantumdex.io/ Frame A916
Redirect Chain

https://prebid.a-mo.net/cchain/0?cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Damx-rtb%26uid%3D
https://ib.adnxs.com/getuid?https%3A%2F%2Fprebid.a-mo.net%2Fcchain%2F0%3FA%3D60fe2dfb-165e-4312-a6d2-c97cd2ec55d7%26bidder%3Dappnexus%26cbx%3DaHR0cHM6Ly9zeW5jLnF1YW50dW1kZXguaW8vc2V0dWlkP2JpZGRlcj1...
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fprebid.a-mo.net%252Fcchain%252F0%253FA%253D60fe2dfb-165e-4312-a6d2-c97cd2ec55d7%2526bidder%253Dappnexus%2526cbx%253DaHR0cHM6Ly9zeW5jLnF1Y...
https://prebid.a-mo.net/cchain/0?A=60fe2dfb-165e-4312-a6d2-c97cd2ec55d7&bidder=appnexus&cbx=aHR0cHM6Ly9zeW5jLnF1YW50dW1kZXguaW8vc2V0dWlkP2JpZGRlcj1hbXgtcnRiJnVpZD0%3D&uid=4681053116447614071
https://ap.lijit.com/pixel?redir=https%3A%2F%2Fprebid.a-mo.net%2Fcchain%2F1%3FA%3D60fe2dfb-165e-4312-a6d2-c97cd2ec55d7%26bidder%3Dsovrn%26cbx%3DaHR0cHM6Ly9zeW5jLnF1YW50dW1kZXguaW8vc2V0dWlkP2JpZGRlc...
https://prebid.a-mo.net/cchain/1?A=60fe2dfb-165e-4312-a6d2-c97cd2ec55d7&bidder=sovrn&cbx=aHR0cHM6Ly9zeW5jLnF1YW50dW1kZXguaW8vc2V0dWlkP2JpZGRlcj1hbXgtcnRiJnVpZD0=&uid=9f952a208c5f5d00a0dc4e15
https://ssum.casalemedia.com/usermatchredir?s=191503&cb=https%3A%2F%2Fprebid.a-mo.net%2Fcchain%2F2%3FA%3D60fe2dfb-165e-4312-a6d2-c97cd2ec55d7%26bidder%3Dindex_rtb%26cbx%3DaHR0cHM6Ly9zeW5jLnF1YW50dW...
https://prebid.a-mo.net/cchain/2?A=60fe2dfb-165e-4312-a6d2-c97cd2ec55d7&bidder=index_rtb&cbx=aHR0cHM6Ly9zeW5jLnF1YW50dW1kZXguaW8vc2V0dWlkP2JpZGRlcj1hbXgtcnRiJnVpZD0%3D&uid=YHAV-8KbC54EzrxED1Ao2gAA%...
https://sync.quantumdex.io/setuid?bidder=amx-rtb&uid=60fe2dfb-165e-4312-a6d2-c97cd2ec55d7

43 B
458 B

136ms
136ms

Image
image/gif

2606:4700:20::681a:24e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=amx-rtb&uid=60fe2dfb-165e-4312-a6d2-c97cd2ec55d7
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:24e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 09 Apr 2021 08:53:20 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=OaKocAP01e6qAaaLnv07fzHl4f%2FfzRsWC1XJKrzLaP3cHlSIdSFHCjqKV8rjI4XwlT82Qz%2FtVNXQSz6FyI%2B1tLwVrFSg95gkizqmFV0rhVH%2FBceHvehXV%2BrghMTLHoI%3D"}]}
content-type: image/gif
cf-ray: 63d28120ecc34e19-FRA
content-length: 43
cf-request-id: 09576f089a00004e192924d000000001

Redirect headers

location: https://sync.quantumdex.io/setuid?bidder=amx-rtb&uid=60fe2dfb-165e-4312-a6d2-c97cd2ec55d7
date: Fri, 09 Apr 2021 08:53:19 GMT
cache-control: max-age=0, private, must-revalidate
x-envoy-upstream-service-time: 1
server: envoy
content-length: 0

GET
H2

200

setuid
sync.quantumdex.io/ Frame A916
Redirect Chain

https://ap.lijit.com/pixel?redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsovrn%26uid%3D%24UID
https://ap.lijit.com/pixel?redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsovrn%26uid%3D%24UID&sovrn_retry=true
https://sync.quantumdex.io/setuid?bidder=sovrn&uid=9f952a208c5f5d00a0dc4e15

43 B
351 B

130ms
129ms

Image
image/gif

2606:4700:20::681a:24e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=sovrn&uid=9f952a208c5f5d00a0dc4e15
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:24e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 09 Apr 2021 08:53:19 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=isXGVG1hT%2FI29BY%2FRWHTx7YM9y8EuHbcdTGhBKEet79pdAr%2BENciVxJfZws474WJHQ4Vwr%2FGaAmwPz0Ds1vbxd13JmyjHMfgUsRrklrGIR34ApyaMXhE%2Ffb6IQiczt4%3D"}]}
content-type: image/gif
cf-ray: 63d2811d5e4d4e19-FRA
content-length: 43
cf-request-id: 09576f065700004e19350a7000000001

Redirect headers

Date: Fri, 09 Apr 2021 08:53:19 GMT
Server: nginx
Location: https://sync.quantumdex.io/setuid?bidder=sovrn&uid=9f952a208c5f5d00a0dc4e15
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap1ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H2

200

setuid
sync.quantumdex.io/ Frame A916
Redirect Chain

https://ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D
https://ads.betweendigital.com/match?bidder_id=43894&callback_url=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dbetween%26uid%3D%24%7BUSER_ID%7D&crf=1
https://sync.quantumdex.io/setuid?bidder=between&uid=152c0c6d-b565-5163-b867-9b3fd8178ec0

43 B
433 B

148ms
148ms

Image
image/gif

2606:4700:20::681a:24e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=between&uid=152c0c6d-b565-5163-b867-9b3fd8178ec0
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:24e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 09 Apr 2021 08:53:19 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ZenPwM3UKb0wRDktgm9myqT9j6PiWw8nawgcOjp1tMXw%2B0qsx9YeXuUpMCQzBbEeeM4q7Jec%2FMB8sQE4ONpMYgxMb5bQtbb%2FaU2ZeMZSwk2nkvuwHIeOJsubN56oySQ%3D"}]}
content-type: image/gif
cf-ray: 63d2811d7e804e19-FRA
content-length: 43
cf-request-id: 09576f066900004e1939898000000001

Redirect headers

location: https://sync.quantumdex.io/setuid?bidder=between&uid=152c0c6d-b565-5163-b867-9b3fd8178ec0
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-length: 0

GET
H2

200

setuid
sync.quantumdex.io/ Frame A916
Redirect Chain

https://ms.quantumdex.io/user/sync/quantumdex
https://sync.quantumdex.io/setuid?bidder=dsp_quantumdex&uid=9ec45d3b-500d-40aa-9055-ba39c69529a5

43 B
335 B

147ms
144ms

Image
image/gif

2606:4700:20::681a:24e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=dsp_quantumdex&uid=9ec45d3b-500d-40aa-9055-ba39c69529a5
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:24e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 09 Apr 2021 08:53:19 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=BS7tcfm%2BWJt2rxCFKG2MlXHAzf%2F2QZD89omZ1kaVUsJz6t120iK5htlCJIm5ID4GkZjdMpg6kLvALhSB9xl0o0RGYabbvwpNs%2F14wjK169rqa86o6VeZHLZc07xdcmE%3D"}]}
content-type: image/gif
cf-ray: 63d2811c8cce4e19-FRA
content-length: 43
cf-request-id: 09576f05d100004e195334b000000001

Redirect headers

date: Fri, 09 Apr 2021 08:53:19 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=MVQOsmJfXm8oOrRA4EkpDVRsIhyo%2FDsvZs%2FAvf6ZnQh3%2F3zJbsY4zerYBm4G2mX%2F39gjPRy6rY9WwF7%2FEbASGXtaycOcK3LdfylgJQFoJkO4oxOQlmbK6WSnBtjT"}]}
location: https://sync.quantumdex.io/setuid?bidder=dsp_quantumdex&uid=9ec45d3b-500d-40aa-9055-ba39c69529a5
cf-ray: 63d2811bbb9f4e19-FRA
content-length: 0
cf-request-id: 09576f055800004e1946223000000001

GET
H2

200

setuid
sync.quantumdex.io/ Frame A916
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Danswermedia%26uid%3D%24UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fsync.quantumdex.io%252Fsetuid%253Fbidder%253Danswermedia%2526uid%253D%2524UID
https://sync.quantumdex.io/setuid?bidder=answermedia&uid=4407561887413824931

43 B
325 B

134ms
133ms

Image
image/gif

2606:4700:20::681a:24e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=answermedia&uid=4407561887413824931
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:24e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 09 Apr 2021 08:53:19 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=0F%2FUKwiaKF6AicJ1Luc2JwAEA13ehwPenOguAYyqN%2Bf301OOUNX1ColtWXnvQZ1n%2Boru6eaXkndgWkub4TAMi%2Bs975o0OFWHBxZlauSYfyzqCbU8c6cKwNUSmFB8fPY%3D"}]}
content-type: image/gif
cf-ray: 63d2811d5e4c4e19-FRA
content-length: 43
cf-request-id: 09576f065600004e199498c000000001

Redirect headers

Pragma: no-cache
Date: Fri, 09 Apr 2021 08:53:19 GMT
X-Proxy-Origin: 185.236.42.25; 185.236.42.25; 693.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.78:80
AN-X-Request-Uuid: f0e2039a-9a98-43fc-9673-755cf3e1c27c
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://sync.quantumdex.io/setuid?bidder=answermedia&uid=4407561887413824931
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

setuid
sync.quantumdex.io/ Frame A916
Redirect Chain

https://pixel.advertising.com/ups/58425/sync?&gdpr=&gdpr_consent=&redir=true
https://pixel.advertising.com/ups/58425/sync?&gdpr=&gdpr_consent=&redir=true&verify=true
https://ups.analytics.yahoo.com/ups/58425/sync?&gdpr=&gdpr_consent=&redir=true&apid=UP08199522-9911-11eb-943a-02578e492e1c
https://sync.quantumdex.io/setuid?bidder=verizon-video&uid=UP08199522-9911-11eb-943a-02578e492e1c

43 B
335 B

133ms
133ms

Image
image/gif

2606:4700:20::681a:24e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=verizon-video&uid=UP08199522-9911-11eb-943a-02578e492e1c
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:24e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://sync.quantumdex.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 09 Apr 2021 08:53:19 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ZBTZV9sv%2Bj4clf7QBZTttv%2FZqxD1u%2FbqPM6OYHhpIx0Fl2Nu2LVJd2%2FYhOXvGHD1O%2BzgREswlHAzEH%2BmADXKFe0yccGAMe7OTV6FAy%2BiOU%2BQhiVpI8Z%2FN5WjWcbMij0%3D"}]}
content-type: image/gif
cf-ray: 63d2811d5e4e4e19-FRA
content-length: 43
cf-request-id: 09576f065700004e196b3f8000000001

Redirect headers

Date: Fri, 09 Apr 2021 08:53:19 GMT
Server: ATS/7.1.2.128
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://sync.quantumdex.io/setuid?bidder=verizon-video&uid=UP08199522-9911-11eb-943a-02578e492e1c
Connection: keep-alive
Content-Length: 0

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame BCD5 3 KB
1 KB 203ms
83ms Document
text/html 51.89.9.254
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=2bb78272a859ca6

Requested by

Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip254.ip-51-89-9.eu

Software

Resource Hash

9019191531cacd2f5734b09fd52ed0ce9717725027a89a8837e176e679083f99

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

:method: GET
:authority: onetag-sys.com
:scheme: https
:path: /usync/?pubId=2bb78272a859ca6
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://sync.quantumdex.io/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://sync.quantumdex.io/

Response headers

p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
set-cookie: OTP=49_CIiwDR9Dwuipd1sM_BLUD2yvqIJRSWHcrdJNZoco; path=/; expires=Sun, 09 Apr 2023 08:53:19; domain=onetag-sys.com; SameSite=None; Secure
content-type: text/html
cache-control: no-transform, no-cache
content-encoding: gzip
strict-transport-security: max-age=15552000

GET
H/1.1

200
OK

Cookie set usermatch Show response
ssum-sec.casalemedia.com/ Frame 7EAD
Redirect Chain

https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&s=192922&C=1

2 KB
3 KB

88ms
88ms

Document
text/html

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&s=192922&C=1
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 70d12d7a233dfd7c62e694196fb3ecc6ec3e5602fce001310632f333fa58c119

Request headers

Host: ssum-sec.casalemedia.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://sync.quantumdex.io/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: CMID=YHAV-8KbC54EzrxED1Ao2gAA; CMPS=223
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://sync.quantumdex.io/

Response headers

Server: Apache
Content-Type: text/html
Dropped-Udsids: 230|39|45|241|195|65|3|221
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: Is-Traffic-Usersync
Content-Length: 1880
Expires: Fri, 09 Apr 2021 08:53:19 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 09 Apr 2021 08:53:19 GMT
Connection: keep-alive
Set-Cookie: CMID=YHAV-8KbC54EzrxED1Ao2gAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sat, 09 Apr 2022 08:53:19 GMT CMPS=223;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Thu, 08 Jul 2021 08:53:19 GMT CMPRO=713;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Thu, 08 Jul 2021 08:53:19 GMT CMRUM3=03607015ff05a0&2d607015ff05a0&dd607015ff27600&27607015ff0b40&f1607015ff05a0&e6607015ff27600&41607015ff05a0&c3607015ff05a00;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sat, 09 Apr 2022 08:53:19 GMT CMST=YHAV-2BwFf8A;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sat, 10 Apr 2021 08:53:19 GMT

Redirect headers

Server: Apache
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1
Location: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&s=192922&C=1
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Expires: Fri, 09 Apr 2021 08:53:19 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 09 Apr 2021 08:53:19 GMT
Connection: keep-alive
Set-Cookie: CMID=YHAV-8KbC54EzrxED1Ao2gAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sat, 09 Apr 2022 08:53:19 GMT CMPS=223;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Thu, 08 Jul 2021 08:53:19 GMT

GET
H2 204 d
ic.tynt.com/r/ Frame 4833 0
0 418ms
139ms Document
text/plain 67.202.110.32
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://ic.tynt.com/r/d?m=xch&rt=html&id=zzz000000000002zzz&ru=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.110.32 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip32.67-202-110.static.steadfastdns.net
Software: nginx/1.16.1 /
Resource Hash

Request headers

:method: GET
:authority: ic.tynt.com
:scheme: https
:path: /r/d?m=xch&rt=html&id=zzz000000000002zzz&ru=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3D33across%26uid%3D33XUSERID33X
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://sync.quantumdex.io/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://sync.quantumdex.io/

Response headers

server: nginx/1.16.1
date: Fri, 09 Apr 2021 08:53:19 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

GET
H/1.1 200
OK user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 2743 8 KB
3 KB 202ms
85ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D
Requested by: Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/quantumdex
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 23371b5319a53a0a2d3c59d738d679c384822c244ea4e791ef87a4110b8a291e

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://sync.quantumdex.io/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://sync.quantumdex.io/

Response headers

Last-Modified: Wed, 21 Oct 2020 18:57:29 GMT
ETag: "1300708-1f78-5b232eb4914bb"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 2654
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=26208
Expires: Fri, 09 Apr 2021 16:10:07 GMT
Date: Fri, 09 Apr 2021 08:53:19 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1

200
OK

Cookie set usermatch Show response
ssum-sec.casalemedia.com/ Frame 76A5
Redirect Chain

https://ssum-sec.casalemedia.com/usermatch?gdpr=1&gdpr_consent=&d=http://www.baltana.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F
https://ssum-sec.casalemedia.com/usermatch?gdpr=1&gdpr_consent=&d=http://www.baltana.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

2 KB
3 KB

126ms
125ms

Document
text/html

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?gdpr=1&gdpr_consent=&d=http://www.baltana.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 418dcd08807855803c9ad120c8be5829b0b331c6d3229b94b03ebbe6cf85fab0

Request headers

Host: ssum-sec.casalemedia.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://js-sec.indexww.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: CMPS=223; CMID=YHAV-5PxsMptC2Am8ZY0UQAA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://js-sec.indexww.com/

Response headers

Server: Apache
Content-Type: text/html
Dropped-Udsids: 230|45|39|241|40|31|57|51
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: Is-Traffic-Usersync
Content-Length: 1688
Expires: Fri, 09 Apr 2021 08:53:19 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 09 Apr 2021 08:53:19 GMT
Connection: keep-alive
Set-Cookie: CMID=YHAV-5PxsMptC2Am8ZY0UQAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sat, 09 Apr 2022 08:53:19 GMT CMPS=223;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Thu, 08 Jul 2021 08:53:19 GMT CMPRO=227;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Thu, 08 Jul 2021 08:53:19 GMT CMRUM3=27607015ff0b40&f1607015ff05a0&28607015ff05a00&2d607015ff05a0&33607015ff05a0&39607015ff05a0&1f607015ff05a00&e6607015ff27600;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sat, 09 Apr 2022 08:53:19 GMT CMST=YHAV-2BwFf8A;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sat, 10 Apr 2021 08:53:19 GMT

Redirect headers

Server: Apache
Content-Length: 366
Content-Type: text/html; charset=iso-8859-1
Location: https://ssum-sec.casalemedia.com/usermatch?gdpr=1&gdpr_consent=&d=http://www.baltana.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Expires: Fri, 09 Apr 2021 08:53:19 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 09 Apr 2021 08:53:19 GMT
Connection: keep-alive
Set-Cookie: CMID=YHAV-5PxsMptC2Am8ZY0UQAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sat, 09 Apr 2022 08:53:19 GMT CMPS=223;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Thu, 08 Jul 2021 08:53:19 GMT

GET
H2

200

fc0f6070-15ff-4e00-8ef1-153ba18f83af
onetag-sys.com/sync/i,1/ Frame BCD5
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=75&redir=%2F%2Fonetag-sys.com%2Fsync%2Fi%2C1%2F%5BMM_UUID%5D
https://onetag-sys.com/sync/i,1/fc0f6070-15ff-4e00-8ef1-153ba18f83af

0
290 B

54ms
54ms

Image
text/plain

51.89.9.254
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/sync/i,1/fc0f6070-15ff-4e00-8ef1-153ba18f83af

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=2bb78272a859ca6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip254.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-cache, no-transform
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

Date: Fri, 09 Apr 2021 08:53:19 GMT
Server: MT3 3660 495c301 master zrh-pixel-x26
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://onetag-sys.com/sync/i,1/fc0f6070-15ff-4e00-8ef1-153ba18f83af
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Fri, 09 Apr 2021 08:53:18 GMT

GET
H/1.1 204
No Content sync.php
pixel-eu.rubiconproject.com/exchange/ Frame BCD5 0
239 B 479ms
61ms Image
image/gif 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-eu.rubiconproject.com/exchange/sync.php?p=onetag
Requested by: Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=2bb78272a859ca6
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: de8527bfa1ccfd6c1590da0d3b6cff52
Content-Type: image/gif

GET
H2

204

/
onetag-sys.com/sync/i,19/ Frame BCD5
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_cm&no_r=1
https://onetag-sys.com/sync/i,19/?no_r=1&google_gid=CAESEIkZe_1gt1onFZC57sqkTDA&google_cver=1

0
290 B

54ms
53ms

Image
text/plain

51.89.9.254
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/sync/i,19/?no_r=1&google_gid=CAESEIkZe_1gt1onFZC57sqkTDA&google_cver=1

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=2bb78272a859ca6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip254.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-cache, no-transform
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Fri, 09 Apr 2021 08:53:19 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://onetag-sys.com/sync/i,19/?no_r=1&google_gid=CAESEIkZe_1gt1onFZC57sqkTDA&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 298
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
onetag-sys.com/sync/i,29/ Frame BCD5
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=vw6iyrn&ttd_tpi=1&gpdr=1&gdpr_consent=
https://onetag-sys.com/sync/i,29/?tdid=474b2b88-d3d1-40ef-9ef6-e5c02d2cc42d&ttl=1620550399

43 B
375 B

56ms
55ms

Image
image/gif

51.89.9.254
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/sync/i,29/?tdid=474b2b88-d3d1-40ef-9ef6-e5c02d2cc42d&ttl=1620550399

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=2bb78272a859ca6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip254.ip-51-89-9.eu

Software

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
cache-control: no-cache, no-transform
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Fri, 09 Apr 2021 08:53:19 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://onetag-sys.com/sync/i,29/?tdid=474b2b88-d3d1-40ef-9ef6-e5c02d2cc42d&ttl=1620550399
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 211

GET
H2

200

/
onetag-sys.com/match/ Frame BCD5
Redirect Chain

https://x.bidswitch.net/sync?ssp=onetag
https://x.bidswitch.net/ul_cb/sync?ssp=onetag
https://sync.mathtag.com/sync/img?mt_exid=46&redir=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D80%26user_id%3D%5BUUID%5D%26expires%3D30%26ssp%3Donetag%26bsw_param%3D281a2b80-b189-4ff4-81a3-55962ba3fcba...
https://x.bidswitch.net/sync?dsp_id=80&user_id=91dd6070-15ff-4200-ad19-c3c8efa1f3cb&expires=30&ssp=onetag&bsw_param=281a2b80-b189-4ff4-81a3-55962ba3fcba&gdpr=&gdpr_consent=
https://onetag-sys.com/match/?int_id=30&uid=281a2b80-b189-4ff4-81a3-55962ba3fcba&gdpr=&gdpr_consent=&us_privacy=

0
291 B

54ms
54ms

Image
text/plain

51.89.9.254
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=30&uid=281a2b80-b189-4ff4-81a3-55962ba3fcba&gdpr=&gdpr_consent=&us_privacy=

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=2bb78272a859ca6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip254.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

location: //onetag-sys.com/match/?int_id=30&uid=281a2b80-b189-4ff4-81a3-55962ba3fcba&gdpr=&gdpr_consent=&us_privacy=
date: Fri, 09 Apr 2021 08:53:20 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2

200

1250100982957210311
onetag-sys.com/sync/i,34/ Frame BCD5
Redirect Chain

https://dmp.adform.net/serving/cookie/match?party=1167&cid=49_CIiwDR9Dwuipd1sM_BLUD2yvqIJRSWHcrdJNZoco
https://dmp.adform.net/serving/cookie/match?CC=1&party=1167&cid=49_CIiwDR9Dwuipd1sM_BLUD2yvqIJRSWHcrdJNZoco
https://onetag-sys.com/sync/i,34/1250100982957210311

0
290 B

54ms
54ms

Image
text/plain

51.89.9.254
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/sync/i,34/1250100982957210311

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=2bb78272a859ca6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip254.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-cache, no-transform
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Fri, 09 Apr 2021 08:53:19 GMT
server: nginx
location: https://onetag-sys.com/sync/i,34/1250100982957210311
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2

200

y-_1XJ2_VE2uGsfFV1hdqoF8aQSEFn6GMA~A~UP08199522-9911-11eb-943a-02578e492e1c
onetag-sys.com/sync/i,39/ Frame BCD5
Redirect Chain

https://pixel.advertising.com/ups/58198/sync?&gdpr=&gdpr_consent=&redir=true
https://ups.analytics.yahoo.com/ups/58198/sync?&gdpr=&gdpr_consent=&redir=true&apid=UP08199522-9911-11eb-943a-02578e492e1c
https://onetag-sys.com/sync/i,39/y-_1XJ2_VE2uGsfFV1hdqoF8aQSEFn6GMA~A~UP08199522-9911-11eb-943a-02578e492e1c

0
290 B

57ms
54ms

Image
text/plain

51.89.9.254
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/sync/i,39/y-_1XJ2_VE2uGsfFV1hdqoF8aQSEFn6GMA~A~UP08199522-9911-11eb-943a-02578e492e1c

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=2bb78272a859ca6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.254 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip254.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-cache, no-transform
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

Date: Fri, 09 Apr 2021 08:53:19 GMT
Server: ATS/7.1.2.128
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://onetag-sys.com/sync/i,39/y-_1XJ2_VE2uGsfFV1hdqoF8aQSEFn6GMA~A~UP08199522-9911-11eb-943a-02578e492e1c
Connection: keep-alive
Content-Length: 0

GET
H2 200 setuid
sync.quantumdex.io/ Frame BCD5 43 B
575 B 133ms
132ms Image
image/gif 2606:4700:20::681a:24e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=onetag&uid=49_CIiwDR9Dwuipd1sM_BLUD2yvqIJRSWHcrdJNZoco
Requested by: Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=2bb78272a859ca6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:24e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 09 Apr 2021 08:53:19 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=4pP70VTzNyvXXZ5pbvvlZ8ZlLOVlnn1k%2FTiMDZFEig5vEOF7NO2LvMT1N0zEUTKUFSkKtW3yw5xqXpAeCFuaX8c5zsmVVekpbE%2By6A6q%2FHkZkLNvtQXyJG7gH%2B6ijIQ%3D"}]}
content-type: image/gif
cf-ray: 63d2811d0db84e19-FRA
content-length: 43
cf-request-id: 09576f062700004e19501c1000000001

GET
H/1.1 200
OK showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame F3AD 38 KB
14 KB 67ms
66ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 6f80d2ce30fd487ef699cbde41c7c334981b9c49d5ac09de4023346911b10696

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dpubmatic%26uid%3D

Response headers

Last-Modified: Thu, 01 Apr 2021 09:51:48 GMT
ETag: "13006b6-98c9-5bee62e0efabf"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 14061
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=107254
Expires: Sat, 10 Apr 2021 14:40:53 GMT
Date: Fri, 09 Apr 2021 08:53:19 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK PugMaster Show response
image6.pubmatic.com/AdServer/ Frame F3AD 0
75 B 59ms
59ms Script
text/plain 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=38095439&p=0&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 09 Apr 2021 08:53:17 GMT
Content-Length: 0

GET
H/1.1

200
OK

usermatchredir
ssum-sec.casalemedia.com/ Frame 7EAD
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YHAV_8KbC54EzrxED1Ao2gAAAskAAAAB
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&google_gid=CAESEH2KfkCcDx0A_5vrX9eYES4&google_cver=1

43 B
315 B

64ms
63ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&google_gid=CAESEH2KfkCcDx0A_5vrX9eYES4&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&s=192922&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 09 Apr 2021 08:53:19 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Fri, 09 Apr 2021 08:53:19 GMT

Redirect headers

pragma: no-cache
date: Fri, 09 Apr 2021 08:53:19 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&google_gid=CAESEH2KfkCcDx0A_5vrX9eYES4&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 314
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame 7EAD 70 B
264 B 71ms
66ms Image
image/gif 52.17.101.63
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale?cm_callback_url=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum&cm_dsp_id=70&cm_user_id=YHAV-8KbC54EzrxED1Ao2gAA&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&s=192922&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.17.101.63 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-101-63.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Apr 2021 08:53:19 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 7EAD
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YHAV-8KbC54EzrxED1Ao2gAA
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEJwJ_5a5w4ixo4zmy7tKC9s&google_cver=1&gdpr=1

43 B
1000 B

135ms
69ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEJwJ_5a5w4ixo4zmy7tKC9s&google_cver=1&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&s=192922&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 09 Apr 2021 08:53:19 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 09 Apr 2021 08:53:19 GMT

Redirect headers

pragma: no-cache
date: Fri, 09 Apr 2021 08:53:19 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEJwJ_5a5w4ixo4zmy7tKC9s&google_cver=1&gdpr=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 325
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame 7EAD
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YHAV_8KbC54EzrxED1Ao2gAAAskAAAAB
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YHAV_8KbC54EzrxED1Ao2gAAAskAAAAB&dcc=t

43 B
433 B

273ms
136ms

Image
image/gif

52.94.232.32
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YHAV_8KbC54EzrxED1Ao2gAAAskAAAAB&dcc=t
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&s=192922&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.94.232.32 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 09 Apr 2021 08:53:21 GMT
Server: Server
Vary: User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 09 Apr 2021 08:53:20 GMT
Server: Server
Vary: User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YHAV_8KbC54EzrxED1Ao2gAAAskAAAAB&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 7EAD
Redirect Chain

https://nep.advangelists.com/xp/user-sync?acctid=405&redirect=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D195%26external_user_id%3D%7BPARTNER_VISITOR_ID%7D%0A
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-0ee3f13e-b563-48c8-9cd6-3a9793da46ca

43 B
1 KB

83ms
83ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-0ee3f13e-b563-48c8-9cd6-3a9793da46ca
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&s=192922&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 09 Apr 2021 08:53:21 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 09 Apr 2021 08:53:21 GMT

Redirect headers

location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-0ee3f13e-b563-48c8-9cd6-3a9793da46ca
date: Fri, 09 Apr 2021 08:53:20 GMT
server: Apache-Coyote/1.1
content-length: 0

GET
H/1.1

200
OK

rum
dsum.casalemedia.com/ Frame 7EAD
Redirect Chain

https://casale-match.dotomi.com/match/bounce/current?networkId=19998&version=1&gdpr=1
https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1618044799&gdpr=1

43 B
315 B

171ms
63ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1618044799&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&s=192922&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 09 Apr 2021 08:53:19 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Fri, 09 Apr 2021 08:53:19 GMT

Redirect headers

location: https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1618044799&gdpr=1
pragma: no-cache
date: Fri, 09 Apr 2021 08:53:19 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
content-length: 0
expires: 0

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 7EAD
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=15&redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D3%26external_user_id%3D%5BMM_UUID%5D&gdpr=1
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=91dd6070-15ff-4200-ad19-c3c8efa1f3cb&gdpr=1&gdpr_consent=

43 B
1 KB

188ms
66ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=91dd6070-15ff-4200-ad19-c3c8efa1f3cb&gdpr=1&gdpr_consent=
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&s=192922&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 09 Apr 2021 08:53:19 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 09 Apr 2021 08:53:19 GMT

Redirect headers

Date: Fri, 09 Apr 2021 08:53:19 GMT
Server: MT3 3660 495c301 master zrh-pixel-x13
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=91dd6070-15ff-4200-ad19-c3c8efa1f3cb&gdpr=1&gdpr_consent=
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Fri, 09 Apr 2021 08:53:18 GMT

GET
H2

200

tpid=YHAV-8KbC54EzrxED1Ao2gAA%26713
bcp.crwdcntrl.net/map/ct=y/c=6725/tp=INDX/ Frame 7EAD
Redirect Chain

https://bcp.crwdcntrl.net/map/c=6725/tp=INDX/tpid=YHAV-8KbC54EzrxED1Ao2gAA%26713
https://bcp.crwdcntrl.net/map/ct=y/c=6725/tp=INDX/tpid=YHAV-8KbC54EzrxED1Ao2gAA%26713

49 B
711 B

83ms
83ms

Image
image/gif

52.208.103.128
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bcp.crwdcntrl.net/map/ct=y/c=6725/tp=INDX/tpid=YHAV-8KbC54EzrxED1Ao2gAA%26713
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&s=192922&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.208.103.128 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Apr 2021 08:53:19 GMT
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.45.11.165
content-type: image/gif
content-length: 49
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 09 Apr 2021 08:53:19 GMT
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location: https://bcp.crwdcntrl.net/map/ct=y/c=6725/tp=INDX/tpid=YHAV-8KbC54EzrxED1Ao2gAA%26713
cache-control: no-cache
x-server: 10.45.24.27
content-length: 0
expires: 0

GET
H2 200 setuid
sync.quantumdex.io/ Frame 7EAD 43 B
448 B 129ms
126ms Image
image/gif 2606:4700:20::681a:24e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.quantumdex.io/setuid?bidder=ix&uid=YHAV_8KbC54EzrxED1Ao2gAAAskAAAAB
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D&s=192922&C=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:24e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 09 Apr 2021 08:53:19 GMT
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=0b0I%2FBaXQTrTi%2BNoo32e9VXDeKXIKMGR3jdCzvPMwKbB6%2BlqO2gZjwx7e6RObL%2BsvLmI%2BcB4MhcuwjmCegaTEWtMwoE92zX%2B3Juue7tJV4QVZLU4gitakWiwcfaGAL0%3D"}]}
content-type: image/gif
cf-ray: 63d2811dbeea4e19-FRA
content-length: 43
cf-request-id: 09576f068f00004e1972b41000000001

GET
H/1.1

200
OK

usermatchredir
ssum-sec.casalemedia.com/ Frame 76A5
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YHAV_5PxsMptC2Am8ZY0UQAAAOMAAAAB
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&google_gid=CAESEH2KfkCcDx0A_5vrX9eYES4&google_cver=1

43 B
315 B

68ms
68ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&google_gid=CAESEH2KfkCcDx0A_5vrX9eYES4&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?gdpr=1&gdpr_consent=&d=http://www.baltana.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 09 Apr 2021 08:53:19 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Fri, 09 Apr 2021 08:53:19 GMT

Redirect headers

pragma: no-cache
date: Fri, 09 Apr 2021 08:53:19 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&google_gid=CAESEH2KfkCcDx0A_5vrX9eYES4&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 314
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 76A5
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YHAV-5PxsMptC2Am8ZY0UQAA
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEJwJ_5a5w4ixo4zmy7tKC9s&google_cver=1&gdpr=1

43 B
1 KB

135ms
67ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEJwJ_5a5w4ixo4zmy7tKC9s&google_cver=1&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?gdpr=1&gdpr_consent=&d=http://www.baltana.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 09 Apr 2021 08:53:20 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 09 Apr 2021 08:53:20 GMT

Redirect headers

pragma: no-cache
date: Fri, 09 Apr 2021 08:53:19 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEJwJ_5a5w4ixo4zmy7tKC9s&google_cver=1&gdpr=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 325
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame 76A5 70 B
264 B 69ms
66ms Image
image/gif 52.17.101.63
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale?cm_callback_url=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum&cm_dsp_id=70&cm_user_id=YHAV-5PxsMptC2Am8ZY0UQAA&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?gdpr=1&gdpr_consent=&d=http://www.baltana.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.17.101.63 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-101-63.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Apr 2021 08:53:19 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame 76A5
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YHAV_5PxsMptC2Am8ZY0UQAAAOMAAAAB
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YHAV_5PxsMptC2Am8ZY0UQAAAOMAAAAB&dcc=t

43 B
433 B

227ms
123ms

Image
image/gif

52.94.232.32
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YHAV_5PxsMptC2Am8ZY0UQAAAOMAAAAB&dcc=t
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?gdpr=1&gdpr_consent=&d=http://www.baltana.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.94.232.32 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 09 Apr 2021 08:53:21 GMT
Server: Server
Vary: User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 09 Apr 2021 08:53:21 GMT
Server: Server
Vary: User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YHAV_5PxsMptC2Am8ZY0UQAAAOMAAAAB&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

noop
px.owneriq.net/ Frame 76A5
Redirect Chain

https://px.owneriq.net/eucm/p/cc?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D31%26external_user_id%3D(OIQ_UUID)
https://px.owneriq.net/ecc?redir=https%3a%2f%2fdsum-sec.casalemedia.com%2fcrum%3fcm_dsp_id%3d31%26external_user_id%3dQ6712448001350135487&uid=Q6712448001350135487&ref=%2Feucm%2Fp%2Fcc
https://px.owneriq.net/noop?ct=image%2Fgif

0
287 B

53ms
53ms

Image
image/gif

104.111.242.53
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.owneriq.net/noop?ct=image%2Fgif
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?gdpr=1&gdpr_consent=&d=http://www.baltana.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.242.53 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-242-53.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 09 Apr 2021 08:53:20 GMT
Server: Apache/2.2.15 (CentOS)
Connection: keep-alive
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-Powered-By: PHP/5.3.3
Content-Length: 0
Content-Type: image/gif

Redirect headers

Location: https://px.owneriq.net/noop?ct=image%2Fgif
Date: Fri, 09 Apr 2021 08:53:20 GMT
Server: AkamaiGHost
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 76A5
Redirect Chain

https://p.rfihub.com/cm?in=1&pub=2079&gdpr=1
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=1871878969063639629

43 B
1 KB

69ms
69ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=1871878969063639629
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?gdpr=1&gdpr_consent=&d=http://www.baltana.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 09 Apr 2021 08:53:20 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 09 Apr 2021 08:53:20 GMT

Redirect headers

Location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=1871878969063639629
Date: Fri, 09 Apr 2021 08:53:20 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 sync
x.bidswitch.net/ Frame 76A5 43 B
146 B 1010ms
50ms Image
image/gif 52.29.176.117
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=index&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?gdpr=1&gdpr_consent=&d=http://www.baltana.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.29.176.117 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 09 Apr 2021 08:53:20 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H/1.1 200
OK htw-pixel.gif
js-sec.indexww.com/ht/ Frame 76A5 43 B
425 B 54ms
52ms Image
image/gif 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://js-sec.indexww.com/ht/htw-pixel.gif?YHAV-5PxsMptC2Am8ZY0UQAA%26227
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?gdpr=1&gdpr_consent=&d=http://www.baltana.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 09 Apr 2021 08:53:19 GMT
Last-Modified: Tue, 24 Jan 2017 19:36:04 GMT
Server: Apache
ETag: "da1f1d-2b-546dc3a097100"
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=3037
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 09 Apr 2021 09:43:56 GMT

GET
H2

200

cs&eq_cc=1 Show response
um2.eqads.com/um/ Frame 1168
Redirect Chain

https://um2.eqads.com/um/cs
https://um2.eqads.com/um/cs&eq_cc=1

186 B
370 B

119ms
119ms

Document
text/html

54.204.142.198
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://um2.eqads.com/um/cs&eq_cc=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?gdpr=1&gdpr_consent=&d=http://www.baltana.com/&s=184674&cb=https%3A%2F%2Fjs-sec.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.204.142.198 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e41f04066d3e5b68fd307fad80e90fcd8679d5fa09f561bf89b95126ea4726f9

Request headers

:method: GET
:authority: um2.eqads.com
:scheme: https
:path: /um/cs&eq_cc=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ssum-sec.casalemedia.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: EQUser=UID=de4f338f-a342-4929-9589-c9c2792b7279
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ssum-sec.casalemedia.com/

Response headers

date: Fri, 09 Apr 2021 08:53:23 GMT
content-type: text/html; charset=utf-8
content-length: 186
cache-control: no-cache, must-revalidate
expires: Sat, 6 May 1995 12:00:00 GMT
last-modified: Fri, 09 Apr 2021 08:53:23 GMT
pragma: no-cache

Redirect headers

date: Fri, 09 Apr 2021 08:53:23 GMT
content-type: text/html; charset=utf-8
content-length: 41
location: /um/cs&eq_cc=1
set-cookie: EQUser=UID=de4f338f-a342-4929-9589-c9c2792b7279; Path=/; Domain=eqads.com; Expires=Fri, 09 Jul 2021 08:53:23 GMT; Secure; SameSite=None

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame 1168
Redirect Chain

https://dsum-sec.casalemedia.com/crum?cm_dsp_id=40&external_user_id=de4f338f-a342-4929-9589-c9c2792b7279&expiration=1625820803
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=40&external_user_id=de4f338f-a342-4929-9589-c9c2792b7279&expiration=1625820803&C=1

43 B
1021 B

96ms
95ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=40&external_user_id=de4f338f-a342-4929-9589-c9c2792b7279&expiration=1625820803&C=1
Requested by: Host: um2.eqads.com
URL: https://um2.eqads.com/um/cs&eq_cc=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://um2.eqads.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 09 Apr 2021 08:53:23 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 09 Apr 2021 08:53:23 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 09 Apr 2021 08:53:23 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=40&external_user_id=de4f338f-a342-4929-9589-c9c2792b7279&expiration=1625820803&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 326
Expires: Fri, 09 Apr 2021 08:53:23 GMT

Verdicts & Comments Add Verdict or Comment

139 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.baltana.com/	1970-01-19 17:26:00	Name: __utmb Value: 254129179.1.10.1617958393
.baltana.com/	1970-01-19 17:25:58	Name: __utmt Value: 1
.baltana.com/	1970-01-20 10:57:10	Name: __utma Value: 254129179.757497140.1617958393.1617958393.1617958393.1
www.baltana.com/	1970-01-19 17:26:05	Name: __vliIPL Value: {"value":["2a01:4f8:192:5414::2"],"expiredAt":1617965592635}
.baltana.com/	1970-01-19 21:48:46	Name: __utmz Value: 254129179.1617958393.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none)
www.baltana.com/	1970-01-19 19:49:58	Name: wss_previouslyviewed Value: 51531%2C
.baltana.com/	1969-12-31 23:59:59	Name: __utmc Value: 254129179
www.baltana.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: l3qrl1n1i8jbmkui782kaso0i0

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	warning	URL: http://assets.vlitag.com/prebid/default/prebid-v4.28.4.js(Line 1) Message: fun-hooks: referenced 'registerAdserver' but it was never created
console-api	error	URL: https://assets.vlitag.com/plugins/cmptcf2/cmp-v2.0.1.js(Line 439) Message: TypeError: Cannot read property 'getItem' of null

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aa.agkn.com
aax-eu.amazon-adsystem.com
acdn.adnxs.com
ads.betweendigital.com
ads.pubmatic.com
ads.us.e-planning.net
adservice.google.com
adservice.google.de
ap.lijit.com
assets.vlitag.com
bcp.crwdcntrl.net
beacon.krxd.net
bee38a3939055239b53840bc7eacab5f.safeframe.googlesyndication.com
bidder.criteo.com
bn01.er.bemail.it
buttons-config.sharethis.com
c.sharethis.mgr.consensu.org
c2shb.ssp.yahoo.com
casale-match.dotomi.com
cdn.jsdelivr.net
cm.g.doubleclick.net
cms.analytics.yahoo.com
count-server.sharethis.com
dmp.adform.net
dmp.theadex.com
dmp.v.fwmrm.net
dpm.demdex.net
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
dsum.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
gum.criteo.com
htlb.casalemedia.com
ib.adnxs.com
ic.tynt.com
idsync.frontend.weborama.fr
image6.pubmatic.com
js-sec.indexww.com
l.sharethis.com
loadeu.exelator.com
logs.vlitag.com
match.adsrvr.org
maxcdn.bootstrapcdn.com
ms.quantumdex.io
mwzeom.zeotap.com
nep.advangelists.com
obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com
odr.mookie1.com
onetag-sys.com
p.rfihub.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel-eu.rubiconproject.com
pixel.advertising.com
pixel.mathtag.com
pixel.tapad.com
platform-api.sharethis.com
platform-cdn.sharethis.com
prebid-eu.creativecdn.com
prebid.a-mo.net
px.owneriq.net
s.amazon-adsystem.com
securepubads.g.doubleclick.net
services.vlitag.com
spl.zeotap.com
ssum-sec.casalemedia.com
ssum.casalemedia.com
static.criteo.net
sync-tm.everesttech.net
sync.mathtag.com
sync.quantumdex.io
sync.richaudience.com
sync.tidaltv.com
tag.vlitag.com
tags.bluekai.com
tpc.googlesyndication.com
trc.taboola.com
um2.eqads.com
ups.analytics.yahoo.com
useast.quantumdex.io
usermatch.krxd.net
www.baltana.com
www.google-analytics.com
www.googletagservices.com
x.bidswitch.net
104.111.242.53
136.144.59.88
142.250.185.66
151.1.205.165
151.101.13.108
151.101.13.44
151.101.14.49
154.57.158.51
168.119.149.178
172.217.16.130
178.250.0.165
18.156.0.31
18.156.195.47
18.198.69.109
184.31.84.150
185.184.8.30
185.29.132.144
185.64.190.78
193.0.160.129
2.18.233.180
2.18.233.201
2.18.234.21
212.82.100.182
216.58.212.162
23.111.200.118
23.45.110.176
2600:9000:2016:7200:1d:85c3:6640:93a1
2600:9000:2070:3e00:c:abe:f440:93a1
2600:9000:2070:4600:1c:8a07:5e80:93a1
2600:9000:2093:8e00:c:a9b7:ddc0:93a1
2606:4700:10::6816:1957
2606:4700:20::681a:24e
2606:4700:20::681a:eee
2606:4700:20::681a:fee
2606:4700:20::ac43:4597
2606:4700::6812:bcf
2a00:1450:4001:800::200a
2a00:1450:4001:803::2002
2a00:1450:4001:808::2001
2a00:1450:4001:80f::2001
2a00:1450:4001:80f::2003
2a00:1450:4001:813::2002
2a00:1450:4001:82a::2002
2a00:1450:4001:82b::2002
2a00:1450:4001:82b::200e
2a02:2638:1::3
2a02:2638::1c
2a02:fa8:8806:12::1370
2a04:4e42:3::621
2a05:d018:24:b001:d120:1359:acbb:2de6
3.122.26.231
3.127.52.31
3.81.223.233
34.237.146.133
34.246.39.225
34.98.67.61
35.174.194.37
35.201.81.244
35.227.248.159
37.157.6.242
37.252.172.45
5.178.65.245
51.89.9.254
52.17.101.63
52.208.103.128
52.29.176.117
52.51.159.158
52.59.28.101
52.94.232.32
52.95.123.167
54.194.247.63
54.204.142.198
67.202.110.32
69.173.144.138
72.251.249.14
85.114.159.93
89.163.159.109
95.211.152.187
01c7ab6469aa6d3e36f7ac9a4a1e9799d969e015c331279742439f36422e7f64
112522ab3038129677c1847dd9b57d3cc195e8bd76ccc0e99f0fbf301e48eb17
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
15ebc92c52eb04a35623e48e8030bb731fa6fa274694d1b62103425fbedade49
17441a11621b0d8d9ea03c06211432f76b555729963f043d8f1e710beef8f89e
1916cf4455a526aadafd82710bf7304154905dcdf69dd9e0b516a63cc82e27e0
1bb37043947f0c5cc6455d368c2d39116a1bbd675b9cc968488fa15fbc1fc46f
1db057fb4513ed810cce24b8375bfd5a78084a3775e0125034744ffd44c2cf81
204265a6f1fc8529e4a64cff2c17c04709b46455f93003d24edb50bd78977223
22e5c9e457e3e29eff2899c7dcc3e6e88633e823888f248d132c7f43f3421770
23371b5319a53a0a2d3c59d738d679c384822c244ea4e791ef87a4110b8a291e
24a104ef6529cb9bbceaeca4e037ecf14d40db5207009ac23e8224703fa11bb8
280135f1e3bb87fe84a05e1ee481417179cdcedb060ae6f7260733f0f6839659
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
303fcac4d8aa919d458b2637bd478efeb0ea24d612ff44ab37e7fa712ae05db0
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3d8eaa3ac37c35e0db8a09f0f260d00365626ffe7955e07c566137b1ff41772e
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
418dcd08807855803c9ad120c8be5829b0b331c6d3229b94b03ebbe6cf85fab0
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e219fda0da31a62b87ca3657d6101422e093efa4972cd8a2b71465319767aff
4fef5869a93f9ee44db05fd30e893b88a01b0cf052ef5ec1be12e69ab1e8624b
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5a6e1ef59b0e25b35922fc2117ab18d4a7aaee0752637011fd065ff1572792be
5c47565e09dcc0d542ef7240e436c7bde3d589ed6ca467f504021ee6bbd09b62
5f5012132c752db2433e17712d91ef8689f1bc95167b2720e23224c2ae62e009
645c745c972fa286538b481ff3da9a58bf2a8b2fba6b8a195853f6d221a4775e
6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc
68ef14d5aa1992243b597f857d059ca742107d2745cd0904e1f515113393146a
69d4c116fa1b44c4a249b18d99b9348aa2e877808bf0b2f2d5669e6ce3e34804
6a560f4d005b89e689d1fba2700ea8ef7988452111e70d03659687364ac5fe61
6e2db2ec90d303171d0fac5bd3104726c6646522160a6f79d4d197cc79f849d3
6f467dc90200e5a25272dd88c6cebc49426f2bd34620ce2f7f0a097327eac61d
6f80d2ce30fd487ef699cbde41c7c334981b9c49d5ac09de4023346911b10696
70d12d7a233dfd7c62e694196fb3ecc6ec3e5602fce001310632f333fa58c119
7295cc0c05892a880716934e60b146265e256879ad78f5b81da08bc50cd229f6
749de4b78ed8ce435dbf7b411452bf813882d6b2faef63d8b2e86fb10aff086a
7567de6febdd2a6dcaf3bd32f277c6415a6f6d1c3c6b0a4da3f15f10a84a6fc7
768d97ec0916217ae82c70aeda3a61b9b0dab344edc4a3240a4f7cd94af00307
76aacba4eece592e3a3281e69a5762c6f10b527a29fbba5eae5ac091f47ae554
783d80c5b6fd1d540b6a40b1b27fb93da720e0d01d8d5a8e3ed80a2035f0d97f
796c3abcb783ca3026028be5b51e9384a3c47cdf5c9a4d1c575e8771e3e2e0c1
7c93346d4f681a0be90d1dfc19346382a4700f1810f41caa54415688dee1777f
7d686acfc12a44fc472fb2a3c0ff9baa4638ced8f0da5b32f9ae5c15a2611def
7eca7977c6ade416c20775a7fd7cfa2291c5752cd1225d5c4342b057c37a000c
80dad03ec2c8f829d5d51e3cadf0c871a1a42793e1a27f848cd351033e550c38
82e15637646bb47ba916bcac4dfb2459313fd31a0f208c2cdd91341d6968c24a
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84036856b85cd9613dd98a1271b7a0dce86bf6a96bf803e742f4182bb4d2e25f
847eb36b4dc4b05f94052dcd98077319e74d882334a106bb9ca451ba211c9c2c
858b756139274eb9deea13ba4c0a2d3dc5b8093cc8f7edb235166353a9032fc4
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
9019191531cacd2f5734b09fd52ed0ce9717725027a89a8837e176e679083f99
95ff1ad4decf8d07bf149c9625f8e01a2c8cfebccac5e2b4e64482c92256047b
9664ec93940083910dbcae82bd60e1c7e535c1b7212ccc85bea9131edd87d631
98ca9c255527be5c2cb21a961e035b22d33ecac323f43f4ea94c41ff63c92e63
9a83c65bdd0ff9488af9d25720686457ea7295c9c44f9f1d285a0c9ec89bab99
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5cb642ef22434a24612329870579fbb272cb9fa7475360035596ea56fb0431a
a5f4e8238cf9af75ffb826e8c84bc51d68d9c28b11f66b54c0d1b2ceadf6de00
a9950fa5ca9cf47072770900d259bcf6778aa1119652d2e706d5eb92df254199
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
ac84513c4c5ea7e4458e91c46e33ba71b56e19fabf93cc079ffcb01a975c2e3d
ae0ed93adc23fcab05df4accfd8d3f0e6bc9ae9e63cbaadf8d36162317ef2807
affe844f70693f916c36cce7647aa9d08a7daddb84db3bed7eaa890e09c94014
b074e1edb545a90b079b20e512bfa3b4210ccf7f6d73515475aa362c0c71080b
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b27963d64b79220f6a94fafa3a3c67a2404d363b4ad53dbb83ab2187eacde46f
bd5713e27f4481988d37b5b719dedea4e4379ec3c3bafea0fba9d0abe8db4973
bf9f73b39b1d795fe778669d936d0de883a6fcd47f8297056074cb1b7eeac3cd
c1ba36a23c324e53ce900225fb7486c3598d0f9efc5d1ee3ec989e6e7d4cd3a1
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c4579a64806d0cbdae16290ceb72615f5a1c55299eb47bfdb960bcc5f1132d74
c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645
c6566d19714ae694bd03c265d872d77d018b7be3c94b819f1aa550d702ca6edb
d46312ae59b8c0cf1b3f9913e9d4b49a9e084cb9f8689e13c3397da9ce8cb049
d5059f32fbb319603fd421035ba8ae20f2a80c2978279efb10cba65961bdcfe9
d516bec1d9d810d970c30ee4ebe9ba1d071b15cee301e41ec3457e63142bfa0b
d7622b456443aae64b4b526dac029c53ea834c1f9a909b84814199f1f2f185f0
dadbb59b37bfea4c78c6e15c8cbb96dfba84526e43a0767dc244fd062a841aba
dbb93969f257a16d38cee88dcd9ecc01973e8f79d3a387fada929fd7f8f747d5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41f04066d3e5b68fd307fad80e90fcd8679d5fa09f561bf89b95126ea4726f9
e6f201d7504c492a16fb0ce027b85c153f01eab82ef4796be96ddeb24597990e
efb3cdc5e4582fd67dffab6fc6e5062074ce3f8c51747346af944e97749dc309
efc737b4f58cfe73a9bd0e57d7570365701381da31e628b269e7217a0ce3359d

www.baltana.com Open in urlscan Pro 95.211.152.187 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

161 Requests

83 %HTTPS

31 %IPv6

61 Domains

87 Subdomains

59 IPs

9 Countries

3370 kBTransfer

5159 kBSize

8 Cookies

1 Outgoing links

Redirected requests

161 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.baltana.com Open in urlscan Pro
95.211.152.187 Public Scan

Screenshot
Live screenshot

Full Image

161
Requests

83 %
HTTPS

31 %
IPv6

61
Domains

87
Subdomains

59
IPs

9
Countries

3370 kB
Transfer

5159 kB
Size

8
Cookies

161 HTTP transactions
1 data transactions