URL: https://bl.news-dealer.com/landing/da2040?subPublisher=popunder:bikernext.com&zone=popunder:bikernext.com&adformat=popunder...
Submission: On August 02 via api from US — Scanned from DE

Summary

This website contacted 7 IPs in 3 countries across 5 domains to perform 30 HTTP transactions. The main IP is 2606:4700:4400::6812:23c2, located in United States and belongs to CLOUDFLARENET, US. The main domain is bl.news-dealer.com.
TLS certificate: Issued by E6 on July 28th 2024. Valid for: 3 months.
This is the only time bl.news-dealer.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2606:4700:440... 13335 (CLOUDFLAR...)
17 2606:4700:440... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
6 2606:4700:440... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 104.18.10.207 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
30 7
Apex Domain
Subdomains
Transfer
23 servefilesonly.com
lpmedia.servefilesonly.com — Cisco Umbrella Rank: 241271
imedia.servefilesonly.com — Cisco Umbrella Rank: 241222
183 KB
2 gstatic.com
fonts.gstatic.com
83 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 110
ajax.googleapis.com — Cisco Umbrella Rank: 641
32 KB
2 news-dealer.com
bl.news-dealer.com
11 KB
1 bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1832
8 KB
30 5
Domain Requested by
17 lpmedia.servefilesonly.com bl.news-dealer.com
lpmedia.servefilesonly.com
6 imedia.servefilesonly.com bl.news-dealer.com
2 fonts.gstatic.com fonts.googleapis.com
2 bl.news-dealer.com
1 maxcdn.bootstrapcdn.com bl.news-dealer.com
1 ajax.googleapis.com bl.news-dealer.com
1 fonts.googleapis.com bl.news-dealer.com
30 7

This site contains no links.

Subject Issuer Validity Valid
news-dealer.com
E6
2024-07-28 -
2024-10-26
3 months crt.sh
servefilesonly.com
E6
2024-06-08 -
2024-09-06
3 months crt.sh
upload.video.google.com
WR2
2024-07-30 -
2024-10-22
3 months crt.sh
bootstrapcdn.com
WE1
2024-07-23 -
2024-10-21
3 months crt.sh
*.gstatic.com
WR2
2024-07-30 -
2024-10-22
3 months crt.sh

This page contains 1 frames:

Primary Page: https://bl.news-dealer.com/landing/da2040?subPublisher=popunder:bikernext.com&zone=popunder:bikernext.com&adformat=popunder&auctionid=66a9a38aed66f-305862&uniqueid=9e1be87ad9103e885bb69d259474faf2&name=2965_popunder_aus_all_milf_mainstream&newservice=true&cmsid=landing--da2040&...%20544%20...z=true&ur-api-fetch-hitid=true
Frame ID: 8F0A4425CDFD72828D916E35E56BA3D4
Requests: 30 HTTP requests in this frame

Screenshot

Page Title

bl.news-dealer.com

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

30
Requests

100 %
HTTPS

86 %
IPv6

5
Domains

7
Subdomains

7
IPs

3
Countries

317 kB
Transfer

486 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

30 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request da2040
bl.news-dealer.com/landing/
42 KB
10 KB
Document
General
Full URL
https://bl.news-dealer.com/landing/da2040?subPublisher=popunder:bikernext.com&zone=popunder:bikernext.com&adformat=popunder&auctionid=66a9a38aed66f-305862&uniqueid=9e1be87ad9103e885bb69d259474faf2&name=2965_popunder_aus_all_milf_mainstream&newservice=true&cmsid=landing--da2040&...%20544%20...z=true&ur-api-fetch-hitid=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:23c2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3581b5ead005f0cadf0a2da0c78b5d46df2664fe73a14a4b7526ea6beca4c655

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
X-Requested-With, Content-Type, Accept, Origin, Authorization
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD
access-control-allow-origin
*
cache-control
max-age=0, private, must-revalidate no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-cache-status
DYNAMIC
cf-ray
8acd294f7a1f19ad-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Fri, 02 Aug 2024 09:50:02 GMT
link
<bl.news-dealer.com/landing/da2040?tpcampid=6bed10a3-d244-4d7c-ae2f-3d82f6504b1d>; rel="canonical"
pragma
no-cache
server
cloudflare
vary
Accept-Encoding
styles.min.css
lpmedia.servefilesonly.com/build/widgets/registrationFormBuilder/
5 KB
2 KB
Stylesheet
General
Full URL
https://lpmedia.servefilesonly.com/build/widgets/registrationFormBuilder/styles.min.css?1389020
Requested by
Host: bl.news-dealer.com
URL: https://bl.news-dealer.com/landing/da2040?subPublisher=popunder:bikernext.com&zone=popunder:bikernext.com&adformat=popunder&auctionid=66a9a38aed66f-305862&uniqueid=9e1be87ad9103e885bb69d259474faf2&name=2965_popunder_aus_all_milf_mainstream&newservice=true&cmsid=landing--da2040&...%20544%20...z=true&ur-api-fetch-hitid=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:23e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
92efabd0cc8550e8dfd323bc6ea787a2cf250f437a7f6d1349fe187d73f5c895

Request headers

Referer
https://bl.news-dealer.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Fri, 02 Aug 2024 09:50:02 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 01 Aug 2024 02:02:55 GMT
server
cloudflare
age
83817
etag
W/"66aaeccf-133a"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=691200
cf-ray
8acd2952387b18ed-FRA
expires
Sat, 10 Aug 2024 09:50:02 GMT
styles-1.min.css
lpmedia.servefilesonly.com/build/widgets/loginFormBuilder/
4 KB
2 KB
Stylesheet
General
Full URL
https://lpmedia.servefilesonly.com/build/widgets/loginFormBuilder/styles-1.min.css?1389020
Requested by
Host: bl.news-dealer.com
URL: https://bl.news-dealer.com/landing/da2040?subPublisher=popunder:bikernext.com&zone=popunder:bikernext.com&adformat=popunder&auctionid=66a9a38aed66f-305862&uniqueid=9e1be87ad9103e885bb69d259474faf2&name=2965_popunder_aus_all_milf_mainstream&newservice=true&cmsid=landing--da2040&...%20544%20...z=true&ur-api-fetch-hitid=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:23e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1d6a2a98dc86acf1ff13dc2e621f9b4030025095526ee84a157f3ae20f190ddc

Request headers

Referer
https://bl.news-dealer.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Fri, 02 Aug 2024 09:50:02 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 01 Aug 2024 02:02:55 GMT
server
cloudflare
age
83818
etag
W/"66aaeccf-1100"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=691200
cf-ray
8acd2952387d18ed-FRA
expires
Sat, 10 Aug 2024 09:50:02 GMT
corner.css
lpmedia.servefilesonly.com/widgets/corner/
170 B
491 B
Stylesheet
General
Full URL
https://lpmedia.servefilesonly.com/widgets/corner/corner.css?1389020
Requested by
Host: bl.news-dealer.com
URL: https://bl.news-dealer.com/landing/da2040?subPublisher=popunder:bikernext.com&zone=popunder:bikernext.com&adformat=popunder&auctionid=66a9a38aed66f-305862&uniqueid=9e1be87ad9103e885bb69d259474faf2&name=2965_popunder_aus_all_milf_mainstream&newservice=true&cmsid=landing--da2040&...%20544%20...z=true&ur-api-fetch-hitid=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:23e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
af20ecf90d909e4e11697221b69426777e9570321c28455ff39ed4e421fcb181

Request headers

Referer
https://bl.news-dealer.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Fri, 02 Aug 2024 09:50:02 GMT
content-encoding
gzip
cf-cache-status
HIT
cf-bgj
minify
last-modified
Thu, 01 Aug 2024 02:03:12 GMT
server
cloudflare
age
83818
cf-polished
origSize=246
etag
W/"66aaece0-f6"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=691200
cf-ray
8acd2952387f18ed-FRA
expires
Sat, 10 Aug 2024 09:50:02 GMT
css
fonts.googleapis.com/
9 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Montserrat:400,700|Roboto+Condensed:400,700&display=swap
Requested by
Host: bl.news-dealer.com
URL: https://bl.news-dealer.com/landing/da2040?subPublisher=popunder:bikernext.com&zone=popunder:bikernext.com&adformat=popunder&auctionid=66a9a38aed66f-305862&uniqueid=9e1be87ad9103e885bb69d259474faf2&name=2965_popunder_aus_all_milf_mainstream&newservice=true&cmsid=landing--da2040&...%20544%20...z=true&ur-api-fetch-hitid=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
69a651a30c4b07b36c3f880bec80dc5da8c18b4311dde96caf15319f113d1877
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://bl.news-dealer.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Fri, 02 Aug 2024 09:50:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 02 Aug 2024 09:50:02 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 02 Aug 2024 09:50:02 GMT
style.min.css
lpmedia.servefilesonly.com/build/templates/DigitalAssistant1/
16 KB
4 KB
Stylesheet
General
Full URL
https://lpmedia.servefilesonly.com/build/templates/DigitalAssistant1/style.min.css?1389020
Requested by
Host: bl.news-dealer.com
URL: https://bl.news-dealer.com/landing/da2040?subPublisher=popunder:bikernext.com&zone=popunder:bikernext.com&adformat=popunder&auctionid=66a9a38aed66f-305862&uniqueid=9e1be87ad9103e885bb69d259474faf2&name=2965_popunder_aus_all_milf_mainstream&newservice=true&cmsid=landing--da2040&...%20544%20...z=true&ur-api-fetch-hitid=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:23e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d4f56afb1cc76fb7f41520b500bb84f8778eee30f7f0fa743a6fdf7b74080ccc

Request headers

Referer
https://bl.news-dealer.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Fri, 02 Aug 2024 09:50:02 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 01 Aug 2024 02:02:55 GMT
server
cloudflare
age
83817
etag
W/"66aaeccf-41b1"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=691200
cf-ray
8acd2952388118ed-FRA
expires
Sat, 10 Aug 2024 09:50:02 GMT
casualdatingHeart.png
lpmedia.servefilesonly.com/img/_logos/
4 KB
4 KB
Image
General
Full URL
https://lpmedia.servefilesonly.com/img/_logos/casualdatingHeart.png
Requested by
Host: bl.news-dealer.com
URL: https://bl.news-dealer.com/landing/da2040?subPublisher=popunder:bikernext.com&zone=popunder:bikernext.com&adformat=popunder&auctionid=66a9a38aed66f-305862&uniqueid=9e1be87ad9103e885bb69d259474faf2&name=2965_popunder_aus_all_milf_mainstream&newservice=true&cmsid=landing--da2040&...%20544%20...z=true&ur-api-fetch-hitid=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:23e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0ad52165cc6b3c50eba82c56abb65284455ad606c29b6f134ee1e472dc4cbaa2

Request headers

Referer
https://bl.news-dealer.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Fri, 02 Aug 2024 09:50:02 GMT
cf-cache-status
HIT
last-modified
Mon, 29 Jul 2024 02:02:33 GMT
server
cloudflare
age
144670
etag
"66a6f839-1040"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=691200
accept-ranges
bytes
cf-ray
8acd2952388418ed-FRA
content-length
4160
expires
Sat, 10 Aug 2024 09:50:02 GMT
casualdatingHeart_w.png
lpmedia.servefilesonly.com/img/_logos/
3 KB
4 KB
Image
General
Full URL
https://lpmedia.servefilesonly.com/img/_logos/casualdatingHeart_w.png
Requested by
Host: bl.news-dealer.com
URL: https://bl.news-dealer.com/landing/da2040?subPublisher=popunder:bikernext.com&zone=popunder:bikernext.com&adformat=popunder&auctionid=66a9a38aed66f-305862&uniqueid=9e1be87ad9103e885bb69d259474faf2&name=2965_popunder_aus_all_milf_mainstream&newservice=true&cmsid=landing--da2040&...%20544%20...z=true&ur-api-fetch-hitid=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:23e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ceb58acc54679268926472a6a05930c84036b8b1ba18be1a33d10e1838382f7b

Request headers

Referer
https://bl.news-dealer.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Fri, 02 Aug 2024 09:50:02 GMT
cf-cache-status
HIT
last-modified
Mon, 29 Jul 2024 02:02:33 GMT
server
cloudflare
age
138436
etag
"66a6f839-dec"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=691200
accept-ranges
bytes
cf-ray
8acd2952388518ed-FRA
content-length
3564
expires
Sat, 10 Aug 2024 09:50:02 GMT
bow.svg
lpmedia.servefilesonly.com/img/_btns/
3 KB
2 KB
Image
General
Full URL
https://lpmedia.servefilesonly.com/img/_btns/bow.svg
Requested by
Host: bl.news-dealer.com
URL: https://bl.news-dealer.com/landing/da2040?subPublisher=popunder:bikernext.com&zone=popunder:bikernext.com&adformat=popunder&auctionid=66a9a38aed66f-305862&uniqueid=9e1be87ad9103e885bb69d259474faf2&name=2965_popunder_aus_all_milf_mainstream&newservice=true&cmsid=landing--da2040&...%20544%20...z=true&ur-api-fetch-hitid=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:23e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1257bc3979e3466a2d7e073925ca9b4a88691ae2620ab637ecd8734b83877c07

Request headers

Referer
https://bl.news-dealer.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Fri, 02 Aug 2024 09:50:02 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Mon, 29 Jul 2024 02:02:33 GMT
server
cloudflare
age
147717
etag
W/"66a6f839-dc3"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=691200
cf-ray
8acd2952489b18ed-FRA
expires
Sat, 10 Aug 2024 09:50:02 GMT
candels.svg
lpmedia.servefilesonly.com/img/_btns/
7 KB
4 KB
Image
General
Full URL
https://lpmedia.servefilesonly.com/img/_btns/candels.svg
Requested by
Host: bl.news-dealer.com
URL: https://bl.news-dealer.com/landing/da2040?subPublisher=popunder:bikernext.com&zone=popunder:bikernext.com&adformat=popunder&auctionid=66a9a38aed66f-305862&uniqueid=9e1be87ad9103e885bb69d259474faf2&name=2965_popunder_aus_all_milf_mainstream&newservice=true&cmsid=landing--da2040&...%20544%20...z=true&ur-api-fetch-hitid=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:23e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
11a8a4370fa87bc4906c9309d938c651fa85aed67081601c5a5cdb9548bed32d

Request headers

Referer
https://bl.news-dealer.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Fri, 02 Aug 2024 09:50:02 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Mon, 29 Jul 2024 02:02:33 GMT
server
cloudflare
age
151958
etag
W/"66a6f839-1cf6"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=691200
cf-ray
8acd2952489e18ed-FRA
expires
Sat, 10 Aug 2024 09:50:02 GMT
parfume.svg
lpmedia.servefilesonly.com/img/_btns/
6 KB
3 KB
Image
General
Full URL
https://lpmedia.servefilesonly.com/img/_btns/parfume.svg
Requested by
Host: bl.news-dealer.com
URL: https://bl.news-dealer.com/landing/da2040?subPublisher=popunder:bikernext.com&zone=popunder:bikernext.com&adformat=popunder&auctionid=66a9a38aed66f-305862&uniqueid=9e1be87ad9103e885bb69d259474faf2&name=2965_popunder_aus_all_milf_mainstream&newservice=true&cmsid=landing--da2040&...%20544%20...z=true&ur-api-fetch-hitid=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:23e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e72ec3f9b09d9b1e82f4f24fba969ac79c496b7d175ba18686cc959d11657363

Request headers

Referer
https://bl.news-dealer.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Fri, 02 Aug 2024 09:50:02 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Mon, 29 Jul 2024 02:02:33 GMT
server
cloudflare
age
147625
etag
W/"66a6f839-1841"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=691200
cf-ray
8acd2952489f18ed-FRA
expires
Sat, 10 Aug 2024 09:50:02 GMT
champaign.svg
lpmedia.servefilesonly.com/img/_btns/
7 KB
4 KB
Image
General
Full URL
https://lpmedia.servefilesonly.com/img/_btns/champaign.svg
Requested by
Host: bl.news-dealer.com
URL: https://bl.news-dealer.com/landing/da2040?subPublisher=popunder:bikernext.com&zone=popunder:bikernext.com&adformat=popunder&auctionid=66a9a38aed66f-305862&uniqueid=9e1be87ad9103e885bb69d259474faf2&name=2965_popunder_aus_all_milf_mainstream&newservice=true&cmsid=landing--da2040&...%20544%20...z=true&ur-api-fetch-hitid=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:23e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
da34a3b43775b1b28d38270d9c606b15152b7e2fc6c95cf669f5a7462cc38747

Request headers

Referer
https://bl.news-dealer.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Fri, 02 Aug 2024 09:50:02 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Mon, 29 Jul 2024 02:02:33 GMT
server
cloudflare
age
138222
etag
W/"66a6f839-1d77"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=691200
cf-ray
8acd295248ab18ed-FRA
expires
Sat, 10 Aug 2024 09:50:02 GMT
6a57d374-d716-406a-bb39-e05abe3b3eef.png
imedia.servefilesonly.com/
7 KB
7 KB
Image
General
Full URL
https://imedia.servefilesonly.com/6a57d374-d716-406a-bb39-e05abe3b3eef.png
Requested by
Host: bl.news-dealer.com
URL: https://bl.news-dealer.com/landing/da2040?subPublisher=popunder:bikernext.com&zone=popunder:bikernext.com&adformat=popunder&auctionid=66a9a38aed66f-305862&uniqueid=9e1be87ad9103e885bb69d259474faf2&name=2965_popunder_aus_all_milf_mainstream&newservice=true&cmsid=landing--da2040&...%20544%20...z=true&ur-api-fetch-hitid=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9819 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
747497f7db4f5cbfca228d94c162bc2324bb8a3a72ccaae6279a48512b765ef0

Request headers

Referer
https://bl.news-dealer.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Fri, 02 Aug 2024 09:50:02 GMT
via
1.1 42b75b2f786059fa572a801a0e071c32.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-cf-pop
TLV50-C1
age
445264
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
7276
last-modified
Thu, 14 Mar 2024 08:49:35 GMT
server
cloudflare
etag
"b37325173bc5f811c27276c888515963"
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=691200
accept-ranges
bytes
cf-ray
8acd29524c384d67-FRA
x-amz-cf-id
Ey4jFLIumnyGa7FnU9Ic_PWkyIePtHtb_l3-Ucv6qhFgDoUClCjFdA==
expires
Sat, 10 Aug 2024 09:50:02 GMT
24055f06-f5b3-46ef-858f-3554aebfb320.png
imedia.servefilesonly.com/
7 KB
8 KB
Image
General
Full URL
https://imedia.servefilesonly.com/24055f06-f5b3-46ef-858f-3554aebfb320.png
Requested by
Host: bl.news-dealer.com
URL: https://bl.news-dealer.com/landing/da2040?subPublisher=popunder:bikernext.com&zone=popunder:bikernext.com&adformat=popunder&auctionid=66a9a38aed66f-305862&uniqueid=9e1be87ad9103e885bb69d259474faf2&name=2965_popunder_aus_all_milf_mainstream&newservice=true&cmsid=landing--da2040&...%20544%20...z=true&ur-api-fetch-hitid=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9819 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
40950ba2f32ed84bff3cc6f0988839b17b9125a5d365e51131afbe78794ef1c7

Request headers

Referer
https://bl.news-dealer.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Fri, 02 Aug 2024 09:50:02 GMT
via
1.1 7e038b68f9f72fffb56ed14d01b11f3a.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-cf-pop
TLV50-C1
age
445264
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
7407
last-modified
Thu, 14 Mar 2024 08:49:35 GMT
server
cloudflare
etag
"cb22d21fc693499512ebbff695eaf365"
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=691200
accept-ranges
bytes
cf-ray
8acd29524c3d4d67-FRA
x-amz-cf-id
Np8z6pr-onJcHitLaAjGGLglARZUdg-eNubIk6gauvVyVc76yS86cQ==
expires
Sat, 10 Aug 2024 09:50:02 GMT
a475ca64-1ca6-451b-a533-3f7e49422b74.png
imedia.servefilesonly.com/
8 KB
8 KB
Image
General
Full URL
https://imedia.servefilesonly.com/a475ca64-1ca6-451b-a533-3f7e49422b74.png
Requested by
Host: bl.news-dealer.com
URL: https://bl.news-dealer.com/landing/da2040?subPublisher=popunder:bikernext.com&zone=popunder:bikernext.com&adformat=popunder&auctionid=66a9a38aed66f-305862&uniqueid=9e1be87ad9103e885bb69d259474faf2&name=2965_popunder_aus_all_milf_mainstream&newservice=true&cmsid=landing--da2040&...%20544%20...z=true&ur-api-fetch-hitid=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9819 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c3a3b7eb52e7510e0ff36211e61c6a9757027efc986b012d126cb4b0e55f345d

Request headers

Referer
https://bl.news-dealer.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Fri, 02 Aug 2024 09:50:02 GMT
via
1.1 759e09affff41285e9585e1a31532bd4.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-cf-pop
TLV50-C1
age
445264
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
7758
last-modified
Thu, 14 Mar 2024 08:49:36 GMT
server
cloudflare
etag
"25b8f136c5985e449f02c62cfdf35322"
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=691200
accept-ranges
bytes
cf-ray
8acd29524c3b4d67-FRA
x-amz-cf-id
NZ8bOPCe1yErDYinvIqTPpE_XJuEdN2886-shNYkxfMNd11mawjgDQ==
expires
Sat, 10 Aug 2024 09:50:02 GMT
2f2c7747-9133-4972-8477-40f017c5a462.png
imedia.servefilesonly.com/
7 KB
7 KB
Image
General
Full URL
https://imedia.servefilesonly.com/2f2c7747-9133-4972-8477-40f017c5a462.png
Requested by
Host: bl.news-dealer.com
URL: https://bl.news-dealer.com/landing/da2040?subPublisher=popunder:bikernext.com&zone=popunder:bikernext.com&adformat=popunder&auctionid=66a9a38aed66f-305862&uniqueid=9e1be87ad9103e885bb69d259474faf2&name=2965_popunder_aus_all_milf_mainstream&newservice=true&cmsid=landing--da2040&...%20544%20...z=true&ur-api-fetch-hitid=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9819 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9501683fd7011e9bb252c5edb1ee3646f4b46cb0a740e28be5039d848d3b1cf1

Request headers

Referer
https://bl.news-dealer.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Fri, 02 Aug 2024 09:50:02 GMT
via
1.1 2d4a1087f3ef25ab8e6dac5fe05a063e.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-cf-pop
TLV50-C1
age
445264
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
6740
last-modified
Thu, 14 Mar 2024 08:49:37 GMT
server
cloudflare
etag
"b4ca48e235bd6774308ede6eca0bf661"
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=691200
accept-ranges
bytes
cf-ray
8acd29524c404d67-FRA
x-amz-cf-id
40wU4kl_obFA4wCQy5YDCM0ia_N4RncjrVsRmbLeS53V0YX6jO3tnQ==
expires
Sat, 10 Aug 2024 09:50:02 GMT
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.6.0/
87 KB
31 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js
Requested by
Host: bl.news-dealer.com
URL: https://bl.news-dealer.com/landing/da2040?subPublisher=popunder:bikernext.com&zone=popunder:bikernext.com&adformat=popunder&auctionid=66a9a38aed66f-305862&uniqueid=9e1be87ad9103e885bb69d259474faf2&name=2965_popunder_aus_all_milf_mainstream&newservice=true&cmsid=landing--da2040&...%20544%20...z=true&ur-api-fetch-hitid=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://bl.news-dealer.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 30 Jul 2024 17:40:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
231001
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31017
x-xss-protection
0
last-modified
Wed, 10 Mar 2021 14:28:09 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 30 Jul 2025 17:40:01 GMT
scripts.min.js
lpmedia.servefilesonly.com/build/widgets/registrationFormBuilder/
21 KB
7 KB
Script
General
Full URL
https://lpmedia.servefilesonly.com/build/widgets/registrationFormBuilder/scripts.min.js?1389020
Requested by
Host: bl.news-dealer.com
URL: https://bl.news-dealer.com/landing/da2040?subPublisher=popunder:bikernext.com&zone=popunder:bikernext.com&adformat=popunder&auctionid=66a9a38aed66f-305862&uniqueid=9e1be87ad9103e885bb69d259474faf2&name=2965_popunder_aus_all_milf_mainstream&newservice=true&cmsid=landing--da2040&...%20544%20...z=true&ur-api-fetch-hitid=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:23e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4722954ecc836fc6c7a33cb9165028311707de6a881f263cca72db7308053d04

Request headers

Referer
https://bl.news-dealer.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Fri, 02 Aug 2024 09:50:02 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 01 Aug 2024 02:02:55 GMT
server
cloudflare
age
83817
etag
W/"66aaeccf-541a"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=691200
cf-ray
8acd295248a018ed-FRA
expires
Sat, 10 Aug 2024 09:50:02 GMT
scripts.min.js
lpmedia.servefilesonly.com/build/widgets/loginFormBuilder/
3 KB
1 KB
Script
General
Full URL
https://lpmedia.servefilesonly.com/build/widgets/loginFormBuilder/scripts.min.js?1389020
Requested by
Host: bl.news-dealer.com
URL: https://bl.news-dealer.com/landing/da2040?subPublisher=popunder:bikernext.com&zone=popunder:bikernext.com&adformat=popunder&auctionid=66a9a38aed66f-305862&uniqueid=9e1be87ad9103e885bb69d259474faf2&name=2965_popunder_aus_all_milf_mainstream&newservice=true&cmsid=landing--da2040&...%20544%20...z=true&ur-api-fetch-hitid=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:23e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5d37e562434311caef8e5421351c7432ad680b84739fd104258f88efc25249c7

Request headers

Referer
https://bl.news-dealer.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Fri, 02 Aug 2024 09:50:02 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 01 Aug 2024 02:02:55 GMT
server
cloudflare
age
83818
etag
W/"66aaeccf-ca2"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=691200
cf-ray
8acd295248a418ed-FRA
expires
Sat, 10 Aug 2024 09:50:02 GMT
scripts.min.js
lpmedia.servefilesonly.com/build/widgets/conversation/
6 KB
2 KB
Script
General
Full URL
https://lpmedia.servefilesonly.com/build/widgets/conversation/scripts.min.js?1389020
Requested by
Host: bl.news-dealer.com
URL: https://bl.news-dealer.com/landing/da2040?subPublisher=popunder:bikernext.com&zone=popunder:bikernext.com&adformat=popunder&auctionid=66a9a38aed66f-305862&uniqueid=9e1be87ad9103e885bb69d259474faf2&name=2965_popunder_aus_all_milf_mainstream&newservice=true&cmsid=landing--da2040&...%20544%20...z=true&ur-api-fetch-hitid=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:23e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9855ffd7206e3d0fce4cdda2d3a36476745d1f2d70e19b374aa45e18487f9ed9

Request headers

Referer
https://bl.news-dealer.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Fri, 02 Aug 2024 09:50:02 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 01 Aug 2024 02:02:55 GMT
server
cloudflare
age
83817
etag
W/"66aaeccf-163a"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=691200
cf-ray
8acd295248a618ed-FRA
expires
Sat, 10 Aug 2024 09:50:02 GMT
scripts.min.js
lpmedia.servefilesonly.com/build/templates/DigitalAssistant1/
7 KB
3 KB
Script
General
Full URL
https://lpmedia.servefilesonly.com/build/templates/DigitalAssistant1/scripts.min.js?1389020
Requested by
Host: bl.news-dealer.com
URL: https://bl.news-dealer.com/landing/da2040?subPublisher=popunder:bikernext.com&zone=popunder:bikernext.com&adformat=popunder&auctionid=66a9a38aed66f-305862&uniqueid=9e1be87ad9103e885bb69d259474faf2&name=2965_popunder_aus_all_milf_mainstream&newservice=true&cmsid=landing--da2040&...%20544%20...z=true&ur-api-fetch-hitid=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:23e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
66b3dc172a34613a8fbc1944016ca18fc997ba5df3db0c1a68800f75f13475ac

Request headers

Referer
https://bl.news-dealer.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Fri, 02 Aug 2024 09:50:02 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 01 Aug 2024 02:02:55 GMT
server
cloudflare
age
83817
etag
W/"66aaeccf-1de4"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=691200
cf-ray
8acd295248a818ed-FRA
expires
Sat, 10 Aug 2024 09:50:02 GMT
popwin.js
lpmedia.servefilesonly.com/js/
854 B
872 B
Script
General
Full URL
https://lpmedia.servefilesonly.com/js/popwin.js?1389020
Requested by
Host: bl.news-dealer.com
URL: https://bl.news-dealer.com/landing/da2040?subPublisher=popunder:bikernext.com&zone=popunder:bikernext.com&adformat=popunder&auctionid=66a9a38aed66f-305862&uniqueid=9e1be87ad9103e885bb69d259474faf2&name=2965_popunder_aus_all_milf_mainstream&newservice=true&cmsid=landing--da2040&...%20544%20...z=true&ur-api-fetch-hitid=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:23e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
10f46a9e64c756a7af5ec1e9793f711be5c81aa8b473edd28f6a0e419cfd0299

Request headers

Referer
https://bl.news-dealer.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Fri, 02 Aug 2024 09:50:02 GMT
content-encoding
gzip
cf-cache-status
HIT
cf-bgj
minify
last-modified
Thu, 01 Aug 2024 02:03:11 GMT
server
cloudflare
age
83818
cf-polished
origSize=1177
etag
W/"66aaecdf-499"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=691200
cf-ray
8acd295248aa18ed-FRA
expires
Sat, 10 Aug 2024 09:50:02 GMT
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/
30 KB
8 KB
Stylesheet
General
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Requested by
Host: bl.news-dealer.com
URL: https://bl.news-dealer.com/landing/da2040?subPublisher=popunder:bikernext.com&zone=popunder:bikernext.com&adformat=popunder&auctionid=66a9a38aed66f-305862&uniqueid=9e1be87ad9103e885bb69d259474faf2&name=2965_popunder_aus_all_milf_mainstream&newservice=true&cmsid=landing--da2040&...%20544%20...z=true&ur-api-fetch-hitid=true
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.10.207 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://bl.news-dealer.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Fri, 02 Aug 2024 09:50:02 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
1078
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
7724939
cdn-cachedat
03/18/2024 12:28:12
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:04:55 GMT
cdn-proxyver
1.04
cdn-requestpullcode
200
server
cloudflare
etag
W/"269550530cc127b6aa5a35925a7de6ce"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
7a1c9dbc32c16186eedda7c8c11c4540
timing-allow-origin
*
cdn-requestcountrycode
DE
cdn-status
200
cf-ray
8acd295229794d3a-FRA
cdn-requestpullsuccess
True
d1932d62-55ea-45cf-8e5a-8ead8b99abf0.jpg
imedia.servefilesonly.com/
87 KB
87 KB
Image
General
Full URL
https://imedia.servefilesonly.com/d1932d62-55ea-45cf-8e5a-8ead8b99abf0.jpg
Requested by
Host: bl.news-dealer.com
URL: https://bl.news-dealer.com/landing/da2040?subPublisher=popunder:bikernext.com&zone=popunder:bikernext.com&adformat=popunder&auctionid=66a9a38aed66f-305862&uniqueid=9e1be87ad9103e885bb69d259474faf2&name=2965_popunder_aus_all_milf_mainstream&newservice=true&cmsid=landing--da2040&...%20544%20...z=true&ur-api-fetch-hitid=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9819 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
317d63fc19642e2c75606f71b2f91a2b317efeb06e2a6089907d04c043b8c6ea

Request headers

Referer
https://bl.news-dealer.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Fri, 02 Aug 2024 09:50:02 GMT
via
1.1 fbd2b51fce9ee4f3aa7b93dbbda3d698.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-cf-pop
FRA56-P8
age
431596
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
content-length
88797
cf-bgj
h2pri
last-modified
Thu, 14 Mar 2024 08:50:06 GMT
server
cloudflare
etag
"e1dc3e7d2b94393c1e6286e2eb8dcefe"
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=691200
accept-ranges
bytes
cf-ray
8acd2952cce14d67-FRA
x-amz-cf-id
0_Zyzjb1H11EgkKYrrw8gcwCtWD9Za0kVOsPNH9fXj6NpfOvNDq7vA==
expires
Sat, 10 Aug 2024 09:50:02 GMT
JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v26/
32 KB
32 KB
Font
General
Full URL
https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:400,700|Roboto+Condensed:400,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://bl.news-dealer.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Mon, 29 Jul 2024 21:09:13 GMT
x-content-type-options
nosniff
age
304849
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
33092
x-xss-protection
0
last-modified
Wed, 13 Sep 2023 22:51:58 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 29 Jul 2025 21:09:13 GMT
arrow_right.svg
lpmedia.servefilesonly.com/img/_btns/
1 KB
751 B
Image
General
Full URL
https://lpmedia.servefilesonly.com/img/_btns/arrow_right.svg
Requested by
Host: lpmedia.servefilesonly.com
URL: https://lpmedia.servefilesonly.com/build/templates/DigitalAssistant1/style.min.css?1389020
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:23e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1ca1a1ee4fd0edc1c9bc490bcf24cce4f2104b683baf5b25945774ef8464fc10

Request headers

Referer
https://lpmedia.servefilesonly.com/build/templates/DigitalAssistant1/style.min.css?1389020
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Fri, 02 Aug 2024 09:50:02 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Mon, 29 Jul 2024 02:02:33 GMT
server
cloudflare
age
151762
etag
W/"66a6f839-4bf"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=691200
cf-ray
8acd2952c95918ed-FRA
expires
Sat, 10 Aug 2024 09:50:02 GMT
quotationmarks.svg
lpmedia.servefilesonly.com/img/_btns/
749 B
520 B
Image
General
Full URL
https://lpmedia.servefilesonly.com/img/_btns/quotationmarks.svg
Requested by
Host: lpmedia.servefilesonly.com
URL: https://lpmedia.servefilesonly.com/build/templates/DigitalAssistant1/style.min.css?1389020
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:23e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
150784b50aeb11151034be1b7e22d9bfb32c4efe5dc339c6e9d800377c73108a

Request headers

Referer
https://lpmedia.servefilesonly.com/build/templates/DigitalAssistant1/style.min.css?1389020
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Fri, 02 Aug 2024 09:50:02 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Mon, 29 Jul 2024 02:02:33 GMT
server
cloudflare
age
192119
etag
W/"66a6f839-2ed"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=691200
cf-ray
8acd2952c95c18ed-FRA
expires
Sat, 10 Aug 2024 09:50:02 GMT
ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
fonts.gstatic.com/s/robotocondensed/v27/
50 KB
51 KB
Font
General
Full URL
https://fonts.gstatic.com/s/robotocondensed/v27/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:400,700|Roboto+Condensed:400,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
517edd119c5b2719e6ac4b30bf1fd864a6395179a41d273c0afc0696e7495d8e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://bl.news-dealer.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 30 Jul 2024 14:44:54 GMT
x-content-type-options
nosniff
age
241508
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
51404
x-xss-protection
0
last-modified
Wed, 18 Oct 2023 17:52:59 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 30 Jul 2025 14:44:54 GMT
27eb012c-1d17-4dd8-af33-106ead902d27.png
imedia.servefilesonly.com/
22 KB
22 KB
Image
General
Full URL
https://imedia.servefilesonly.com/27eb012c-1d17-4dd8-af33-106ead902d27.png
Requested by
Host: bl.news-dealer.com
URL: https://bl.news-dealer.com/landing/da2040?subPublisher=popunder:bikernext.com&zone=popunder:bikernext.com&adformat=popunder&auctionid=66a9a38aed66f-305862&uniqueid=9e1be87ad9103e885bb69d259474faf2&name=2965_popunder_aus_all_milf_mainstream&newservice=true&cmsid=landing--da2040&...%20544%20...z=true&ur-api-fetch-hitid=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9819 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a3a6ae4c02d4c88b5d38ad1938e325906906597e539352febc932ff47e4c35fa

Request headers

Referer
https://bl.news-dealer.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Fri, 02 Aug 2024 09:50:02 GMT
via
1.1 b8455bc5c5405f573b6e4da5524ee9e2.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-cf-pop
FRA56-P8
age
29777
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
22111
last-modified
Thu, 14 Mar 2024 09:04:59 GMT
server
cloudflare
etag
"e4cdefaf9361a5ee6b8cfe607a77373c"
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=691200
accept-ranges
bytes
cf-ray
8acd2952dcf84d67-FRA
x-amz-cf-id
CeNjJ5MC5ZbhaPcO2_fesnrMB073t3SuULv5nLU5nhb-w9H-mxt-Tg==
expires
Sat, 10 Aug 2024 09:50:02 GMT
casualdatingHeart_fav.png
bl.news-dealer.com/assets/img/_favicons/
1 KB
1 KB
Other
General
Full URL
https://bl.news-dealer.com/assets/img/_favicons/casualdatingHeart_fav.png?1389020
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:23c2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1e18486908bfa209ac16eb30755e51b4c93f7629bbafc5aae6be0428efd8fa6c

Request headers

Referer
https://bl.news-dealer.com/landing/da2040?deeplink_type=tag&deeplink_id=big_tits&fetish=breast&subPublisher=popunder:bikernext.com&zone=popunder:bikernext.com&adformat=popunder&auctionid=66a9a38aed66f-305862&uniqueid=9e1be87ad9103e885bb69d259474faf2&name=2965_popunder_aus_all_milf_mainstream&newservice=true&cmsid=landing--da2040&...%20544%20...z=true&ur-api-fetch-hitid=true
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Fri, 02 Aug 2024 09:50:02 GMT
cf-cache-status
HIT
last-modified
Thu, 01 Aug 2024 02:02:56 GMT
server
cloudflare
age
78159
etag
"66aaecd0-4c5"
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=172800
accept-ranges
bytes
cf-ray
8acd29532fb819ad-FRA
content-length
1221
expires
Sun, 04 Aug 2024 09:50:02 GMT

Verdicts & Comments Add Verdict or Comment

54 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| $birthDay object| $birthMonth object| $birthYear object| $birthDate function| eventChangeBirthDate function| disabledSelectOption function| validate18YearOld function| updateBirthDate function| insertParamsToURL string| avatar string| conversationData function| $ function| jQuery object| x function| closeAllSelect object| dataCountries number| doneTyping object| countries function| _eventClickAutocomplete function| findCountryCode function| displayCountry function| findCountryName function| buildAutocomplete function| getCurentLocation function| getCurentLocationByIp function| sendCurrentLocation function| sendValidateLocation function| fillLocationValidated function| validateLocation function| validateLocationMessage function| getCurrentLink function| goToStep function| countdownToNextStep function| activeProgressBar function| Validator object| $btnOpenLogin object| $btnCloseLogin object| $loginFormHolder object| $errors object| $formLogin function| loginFormAddRequiredError function| submitHttpRequest function| Conversation object| configs object| conversation function| disableSelectLabel function| handlingCompleteValidateLocation function| showMessageInChat function| handleAfterGoNextStep function| validateUsername function| slideBackground object| Popwin function| deeplinkQueryStringToArray function| deeplinkAddParametersToURL

3 Cookies

Domain/Path Name / Value
bl.news-dealer.com/ Name: PHPSESSID
Value: qbtu1pnahqou8836qsashajets
.news-dealer.com/ Name: __cf_bm
Value: FNN24jIMb8Giz6ODyi_ijCB_1ZfgSbmAMtoBhqoEh.Y-1722592202-1.0.1.1-kjqtESOMv_Y.uUnrvqpNrEab9EZIfDhzkhtlZiIRvzbrJA5efH_VJiVMO0bA6vS5WC.DgKV8KgR0ij3xmaYM.A
.servefilesonly.com/ Name: __cf_bm
Value: w2WrkZ3wdWMCqtLMBD6XykNKTuSpzFSNgazn1l_kKOQ-1722592202-1.0.1.1-lY5OsUaJpj1pht.q1hKgRbROrRmzlW_fov9rQU8TeOb.CkCZy.mebx3fPW_lWFdK80oTsos6v7xGUztBJuSTsA

1 Console Messages

Source Level URL
Text
recommendation verbose URL: https://bl.news-dealer.com/landing/da2040?subPublisher=popunder:bikernext.com&zone=popunder:bikernext.com&adformat=popunder&auctionid=66a9a38aed66f-305862&uniqueid=9e1be87ad9103e885bb69d259474faf2&name=2965_popunder_aus_all_milf_mainstream&newservice=true&cmsid=landing--da2040&...%20544%20...z=true&ur-api-fetch-hitid=true
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
bl.news-dealer.com
fonts.googleapis.com
fonts.gstatic.com
imedia.servefilesonly.com
lpmedia.servefilesonly.com
maxcdn.bootstrapcdn.com
104.18.10.207
2606:4700:4400::6812:23c2
2606:4700:4400::6812:23e7
2606:4700:4400::ac40:9819
2a00:1450:4001:829::200a
2a00:1450:4001:82a::2003
2a00:1450:4001:831::200a
0ad52165cc6b3c50eba82c56abb65284455ad606c29b6f134ee1e472dc4cbaa2
10f46a9e64c756a7af5ec1e9793f711be5c81aa8b473edd28f6a0e419cfd0299
11a8a4370fa87bc4906c9309d938c651fa85aed67081601c5a5cdb9548bed32d
1257bc3979e3466a2d7e073925ca9b4a88691ae2620ab637ecd8734b83877c07
150784b50aeb11151034be1b7e22d9bfb32c4efe5dc339c6e9d800377c73108a
1ca1a1ee4fd0edc1c9bc490bcf24cce4f2104b683baf5b25945774ef8464fc10
1d6a2a98dc86acf1ff13dc2e621f9b4030025095526ee84a157f3ae20f190ddc
1e18486908bfa209ac16eb30755e51b4c93f7629bbafc5aae6be0428efd8fa6c
317d63fc19642e2c75606f71b2f91a2b317efeb06e2a6089907d04c043b8c6ea
3581b5ead005f0cadf0a2da0c78b5d46df2664fe73a14a4b7526ea6beca4c655
40950ba2f32ed84bff3cc6f0988839b17b9125a5d365e51131afbe78794ef1c7
4722954ecc836fc6c7a33cb9165028311707de6a881f263cca72db7308053d04
517edd119c5b2719e6ac4b30bf1fd864a6395179a41d273c0afc0696e7495d8e
5d37e562434311caef8e5421351c7432ad680b84739fd104258f88efc25249c7
66b3dc172a34613a8fbc1944016ca18fc997ba5df3db0c1a68800f75f13475ac
69a651a30c4b07b36c3f880bec80dc5da8c18b4311dde96caf15319f113d1877
747497f7db4f5cbfca228d94c162bc2324bb8a3a72ccaae6279a48512b765ef0
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
92efabd0cc8550e8dfd323bc6ea787a2cf250f437a7f6d1349fe187d73f5c895
9501683fd7011e9bb252c5edb1ee3646f4b46cb0a740e28be5039d848d3b1cf1
9855ffd7206e3d0fce4cdda2d3a36476745d1f2d70e19b374aa45e18487f9ed9
a3a6ae4c02d4c88b5d38ad1938e325906906597e539352febc932ff47e4c35fa
af20ecf90d909e4e11697221b69426777e9570321c28455ff39ed4e421fcb181
bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b
c3a3b7eb52e7510e0ff36211e61c6a9757027efc986b012d126cb4b0e55f345d
ceb58acc54679268926472a6a05930c84036b8b1ba18be1a33d10e1838382f7b
d4f56afb1cc76fb7f41520b500bb84f8778eee30f7f0fa743a6fdf7b74080ccc
da34a3b43775b1b28d38270d9c606b15152b7e2fc6c95cf669f5a7462cc38747
e72ec3f9b09d9b1e82f4f24fba969ac79c496b7d175ba18686cc959d11657363
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e