www.balatarin.com Open in urlscan Pro
107.178.241.59 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.balatarin.com/users/couponplay
Submission: On July 18 via api (July 18th 2023, 2:00:36 am UTC) from IE — Scanned from DE

Summary HTTP 58 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 17 IPs in 2 countries across 12 domains to perform 58 HTTP transactions. The main IP is 107.178.241.59, located in Kansas City, United States and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is www.balatarin.com. The Cisco Umbrella rank of the primary domain is 459586.
TLS certificate: Issued by R3 on June 29th 2023. Valid for: 3 months.

This is the only time www.balatarin.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	107.178.241.59 107.178.241.59	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
5	18.66.97.60 18.66.97.60	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:831::2008	15169 (GOOGLE) (GOOGLE)
13	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:809::200a	15169 (GOOGLE) (GOOGLE)
1	52.217.204.232 52.217.204.232	16509 (AMAZON-02) (AMAZON-02)
1	143.204.94.19 143.204.94.19	16509 (AMAZON-02) (AMAZON-02)
2	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:829::200a	15169 (GOOGLE) (GOOGLE)
13	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:808::2003	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::2004	15169 (GOOGLE) (GOOGLE)
58	17

1 107.178.241.59 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 59.241.178.107.bc.googleusercontent.com

www.balatarin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 18.66.97.60 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-60.fra56.r.cloudfront.net

assets.balatarin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.217.204.232 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1.amazonaws.com

s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.94.19 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-94-19.fra50.r.cloudfront.net

z-na.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
25	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 135 tpc.googlesyndication.com — Cisco Umbrella Rank: 160	333 KB
8	doubleclick.net securepubads.g.doubleclick.net — Cisco Umbrella Rank: 216 googleads.g.doubleclick.net — Cisco Umbrella Rank: 57	237 KB
6	gstatic.com www.gstatic.com fonts.gstatic.com	109 KB
6	balatarin.com www.balatarin.com — Cisco Umbrella Rank: 459586 assets.balatarin.com	178 KB
3	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 433 fonts.googleapis.com — Cisco Umbrella Rank: 88	36 KB
2	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 205	113 KB
2	google.com adservice.google.com — Cisco Umbrella Rank: 113 www.google.com — Cisco Umbrella Rank: 10	2 KB
2	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 1623	309 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 1129	605 B
1	amazon-adsystem.com z-na.amazon-adsystem.com — Cisco Umbrella Rank: 8867	8 KB
1	amazonaws.com s3.amazonaws.com	1 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 79	83 KB
58	12

	Domain	Requested by
13	tpc.googlesyndication.com	googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com
12	pagead2.googlesyndication.com	www.balatarin.com pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
6	googleads.g.doubleclick.net	pagead2.googlesyndication.com www.balatarin.com
5	assets.balatarin.com	www.balatarin.com assets.balatarin.com
4	fonts.gstatic.com	fonts.googleapis.com
2	www.gstatic.com	googleads.g.doubleclick.net
2	www.googletagservices.com	googleads.g.doubleclick.net
2	fonts.googleapis.com	googleads.g.doubleclick.net
2	region1.google-analytics.com	www.googletagmanager.com
2	securepubads.g.doubleclick.net	www.balatarin.com securepubads.g.doubleclick.net
1	www.google.com	tpc.googlesyndication.com
1	adservice.google.com	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	z-na.amazon-adsystem.com	www.balatarin.com
1	s3.amazonaws.com	www.balatarin.com
1	ajax.googleapis.com	www.balatarin.com
1	www.googletagmanager.com	www.balatarin.com
1	www.balatarin.com
58	18

This site contains links to these domains. Also see Links.

Domain
couponplay.com
help.balatarin.com
www.balavision.com
www.facebook.com
twitter.com

Subject Issuer	Validity	Valid
www.balatarin.com R3	`2023-06-29` - `2023-09-27`	3 months	crt.sh
*.balatarin.com Amazon RSA 2048 M02	`2023-06-01` - `2024-06-29`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
s3.amazonaws.com Amazon RSA 2048 M01	`2023-04-11` - `2023-12-20`	8 months	crt.sh
z-na.amazon-adsystem.com Amazon RSA 2048 M01	`2023-01-18` - `2024-02-17`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh

This page contains 9 frames:

Primary Page: https://www.balatarin.com/users/couponplay
Frame ID: 993272C50C05CC77890ED1B98B92CC34
Requests: 23 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230713/r20190131/zrt_lookup.html
Frame ID: 05A774EAA087FE743EA7A66C7AF23560
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7031645305449270&output=html&adk=1812271804&adf=3025194257&lmt=1689645630&plat=1%3A16777216%2C2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x675_l%7C212x675_r&format=0x0&url=https%3A%2F%2Fwww.balatarin.com%2Fusers%2Fcouponplay&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1689645630247&bpp=6&bdt=582&idt=146&shv=r20230713&mjsv=m202307120102&ptt=9&saldr=aa&abxe=1&nras=1&correlator=690798676680&frm=20&pv=2&ga_vid=1577338946.1689645630&ga_sid=1689645630&ga_hid=613334155&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759876%2C44759927%2C31075849%2C31076162%2C44788441&oid=2&pvsid=1771731691192469&tmod=1016944441&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=173
Frame ID: C228FB772B50424AF21ADBD96467A93E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7031645305449270&output=html&h=280&slotname=1232758454&adk=3628107873&adf=3250638448&pi=t.ma~as.1232758454&w=336&lmt=1689645630&rafmt=12&format=336x280&url=https%3A%2F%2Fwww.balatarin.com%2Fusers%2Fcouponplay&hl=en&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1689645630256&bpp=1&bdt=591&idt=168&shv=r20230713&mjsv=m202307120102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=690798676680&frm=20&pv=1&ga_vid=1577338946.1689645630&ga_sid=1689645630&ga_hid=613334155&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=254&ady=603&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759876%2C44759927%2C31075849%2C31076162%2C44788441&oid=2&pvsid=1771731691192469&tmod=1016944441&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CeE%7C&abl=NS&pfx=0&fu=256&bc=31&ifi=2&uci=a!2&fsb=1&xpc=TEIxlerjTw&p=https%3A//www.balatarin.com&dtd=173
Frame ID: 25845CD41036CE0E180053671433177E
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7031645305449270&output=html&h=280&slotname=9543430451&adk=17676442&adf=2032819628&pi=t.ma~as.9543430451&w=779&fwrn=4&fwrnh=100&lmt=1689645630&rafmt=1&format=779x280&url=https%3A%2F%2Fwww.balatarin.com%2Fusers%2Fcouponplay&hl=en&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1689645630257&bpp=1&bdt=592&idt=175&shv=r20230713&mjsv=m202307120102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C336x280&nras=1&correlator=690798676680&frm=20&pv=1&ga_vid=1577338946.1689645630&ga_sid=1689645630&ga_hid=613334155&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=605&ady=125&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759876%2C44759927%2C31075849%2C31076162%2C44788441&oid=2&pvsid=1771731691192469&tmod=1016944441&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CEe%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=yDeSTRWFBZ&p=https%3A//www.balatarin.com&dtd=180
Frame ID: 3E252680C698F1F2AE5F9D061D31B114
Requests: 15 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/79Hy1jOkYXTpKXqlcd2FYXx1C4-H0WpSd41bxBCbcBc.js
Frame ID: 03B32F636CA850DC93E474F5FFA17B23
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/79Hy1jOkYXTpKXqlcd2FYXx1C4-H0WpSd41bxBCbcBc.js
Frame ID: A26B111F55E4A252261856D86A0E0455
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: AC041807BAF26428120CFE10289FB41E
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: BB20D5C5591E5F9C1279A3E56543C73A
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

بالاترین: لینک‌های couponplay (فرستاده)

Detected technologies

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

58
Requests

100 %
HTTPS

75 %
IPv6

12
Domains

18
Subdomains

17
IPs

2
Countries

1099 kB
Transfer

2931 kB
Size

7
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://couponplay.com/
Title: couponplay.com

Search URL Search Domain Scan URL

URL: https://help.balatarin.com/
Title: راهنما

Search URL Search Domain Scan URL

URL: https://help.balatarin.com/home/advertising
Title: آگهی

Search URL Search Domain Scan URL

URL: https://www.balavision.com/
Title: بالاویزیون

Search URL Search Domain Scan URL

URL: https://help.balatarin.com/about
Title: About

Search URL Search Domain Scan URL

URL: https://www.facebook.com/balatarin

Search URL Search Domain Scan URL

URL: https://twitter.com/balatarin

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

58 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request couponplay Show response
www.balatarin.com/users/ 14 KB
6 KB 3457ms
442ms Document
text/html 107.178.241.59
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.balatarin.com/users/couponplay

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

107.178.241.59 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

59.241.178.107.bc.googleusercontent.com

Software

nginx /

Resource Hash

6ea9abbbd1c09dca9c54694b3a1d2dda791b8cdc571f2f932dddd6694462f67c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556952; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: max-age=0, private, must-revalidate
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 18 Jul 2023 02:00:29 GMT
etag: W/"6ea9abbbd1c09dca9c54694b3a1d2dda"
link: <https://assets.balatarin.com/assets/application-ba8f4551cd729b352f4b8c7737ef0d7ac4d13446c12c1ae75564fe03a377a086.css>; rel=preload; as=style; nopush,<https://assets.balatarin.com/assets/application-feb7ef4e9620f57bfd7a2a87179c3310db2ea0eeec076fb1a28dbef3f45cc5b5.js>; rel=preload; as=script; nopush
referrer-policy: strict-origin-when-cross-origin
server: nginx
strict-transport-security: max-age=31556952; includeSubDomains; preload
via: 1.1 google
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-request-id: f3bf7d88-e04a-4f2c-aafa-20dfc5fe1c72
x-runtime: 0.043010
x-xss-protection: 0

GET
H/1.1 200
OK application-ba8f4551cd729b352f4b8c7737ef0d7ac4d13446c12c1ae75564fe03a377a086.css
assets.balatarin.com/assets/ 244 KB
43 KB 200ms
46ms Stylesheet
text/css 18.66.97.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.balatarin.com/assets/application-ba8f4551cd729b352f4b8c7737ef0d7ac4d13446c12c1ae75564fe03a377a086.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-60.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 45110b7736d40b3c5425c89370ad298cc6e8a146a2aa6ed6f861c0d208f4fd99

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.balatarin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Tue, 11 Jul 2023 09:33:34 GMT
Content-Encoding: gzip
Via: 1.1 c2e56cd54e2593df95ccca8a6d98c958.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P2
Age: 577616
x-amz-server-side-encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Wed, 22 Mar 2023 19:45:13 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: md5:0b0a0c51f34641025be08e39fbef6ccc
ETag: W/"0b0a0c51f34641025be08e39fbef6ccc"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=31536000
X-Amz-Cf-Id: WYmjgITeRnn54zY3pT3deBiJ2ophk3NuluzQcZQtn4ogRUU32bE_Gw==

GET
H/1.1 200
OK application-feb7ef4e9620f57bfd7a2a87179c3310db2ea0eeec076fb1a28dbef3f45cc5b5.js Show response
assets.balatarin.com/assets/ 185 KB
49 KB 202ms
49ms Script
application/javascript 18.66.97.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.balatarin.com/assets/application-feb7ef4e9620f57bfd7a2a87179c3310db2ea0eeec076fb1a28dbef3f45cc5b5.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-60.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: feb7ef4e9620f57bfd7a2a87179c3310db2ea0eeec076fb1a28dbef3f45cc5b5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.balatarin.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Thu, 13 Jul 2023 23:43:22 GMT
Content-Encoding: gzip
Via: 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P2
Age: 353828
x-amz-server-side-encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Fri, 19 May 2023 11:12:47 GMT
Server: AmazonS3
x-amz-meta-s3cmd-attrs: md5:311ea5e22726edea87e85f46b245a3cf
ETag: W/"311ea5e22726edea87e85f46b245a3cf"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=31536000
X-Amz-Cf-Id: Pmo4LqVlJlkPSdvrEKGwPVRKWWYJeeP--TAg2UeDH26oJH2_wW_PcQ==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 237 KB
83 KB 163ms
56ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-8X79LBSGX3

Requested by

Host: www.balatarin.com
URL: https://www.balatarin.com/users/couponplay

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b4328b807345e27f16502a0881e39e36c1495906101cfc548728562912145f39

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.balatarin.com/users/couponplay
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 18 Jul 2023 02:00:30 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 84204
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 18 Jul 2023 02:00:30 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 148 KB
50 KB 158ms
68ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.balatarin.com
URL: https://www.balatarin.com/users/couponplay

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

59adc632e7b6f20a828cd60713b518e10d07793033dd608a5d40abc971331c59

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.balatarin.com/users/couponplay
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 18 Jul 2023 02:00:30 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50842
x-xss-protection: 0
server: cafe
etag: 14736583360777804878
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 18 Jul 2023 02:00:30 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 81 KB
28 KB 159ms
55ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.balatarin.com
URL: https://www.balatarin.com/users/couponplay

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9b9db2210e40b1eab93eb8ef36575eba30c20fb68e0dbb315ade1c43c6eb859e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.balatarin.com/users/couponplay
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 18 Jul 2023 02:00:30 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27653
x-xss-protection: 0
server: cafe
etag: 193 / 19556 / 31076101 / config-hash: 2841643792367511638
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 18 Jul 2023 02:00:30 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.12.4/ 95 KB
34 KB 140ms
40ms Script
text/javascript 2a00:1450:4001:809::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js

Requested by

Host: www.balatarin.com
URL: https://www.balatarin.com/users/couponplay

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.balatarin.com/users/couponplay
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 17 Jul 2023 15:55:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 36309
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33951
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 16 Jul 2024 15:55:20 GMT

GET
H/1.1 200
OK medium.jpg
s3.amazonaws.com/bala.static/avatars/210017/ 821 B
1 KB 410ms
166ms Image
image/jpeg 52.217.204.232
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/bala.static/avatars/210017/medium.jpg?1683603694
Requested by: Host: www.balatarin.com
URL: https://www.balatarin.com/users/couponplay
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.204.232 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: c3feea69069e9ae3a6ac897a67de37d1c05e860d1ad13f6788d465b3707d63be

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.balatarin.com/users/couponplay
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Tue, 18 Jul 2023 02:00:31 GMT
Last-Modified: Tue, 09 May 2023 03:41:35 GMT
Server: AmazonS3
x-amz-request-id: 8DBRMHZR2VBP29RD
ETag: "136bde260e507971d34ebbb68be53e6c"
x-amz-server-side-encryption: AES256
Content-Type: image/jpeg
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Content-Length: 821
x-amz-id-2: x6LBpWFxsPsTnOAwZpjH8g2XM3IyUXkV9UazxS0nDDmO0rMHJC7GUMU4P1ZTW0fLdp5oqmPZ9xw=

GET
H2 200 onejs Show response
z-na.amazon-adsystem.com/widgets/ 22 KB
8 KB 168ms
44ms Script
application/javascript 143.204.94.19
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://z-na.amazon-adsystem.com/widgets/onejs?MarketPlace=US&adInstanceId=072caa77-813c-41fc-84e3-1af5067d7f16
Requested by: Host: www.balatarin.com
URL: https://www.balatarin.com/users/couponplay
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.94.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-94-19.fra50.r.cloudfront.net
Software: Server /
Resource Hash: 7633db93bffbe5d998163e92c1799de01d98ded7bb2c86faa059686e4f0fc73e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.balatarin.com/users/couponplay
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: Public
date: Tue, 18 Jul 2023 01:59:37 GMT
content-encoding: gzip
via: 1.1 9eb0e845437929074828e0cf53f179ae.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA50-C1
age: 53
x-cache: Hit from cloudfront
content-type: application/javascript;charset=UTF-8
access-control-allow-origin: *
charset: UTF-8
cache-control: public,max-age=300,s-maxage=300,no-transform
content-length: 7385
x-amz-cf-id: artEFf7vJuXX5jBUFnOPXfJ5_OiUC995atmp1eRW292CwTtTsb2BUw==
expires: Tue, 18 Jul 2023 02:04:37 GMT

GET
H/1.1 200
OK logo-c6042222156b5e26db18d7a25025e4b71e9c1d3d4cf90793e4030154b2dea1f5.svg
assets.balatarin.com/assets/ 4 KB
2 KB 40ms
40ms Image
image/svg+xml 18.66.97.60
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.balatarin.com/assets/logo-c6042222156b5e26db18d7a25025e4b71e9c1d3d4cf90793e4030154b2dea1f5.svg
Requested by: Host: www.balatarin.com
URL: https://www.balatarin.com/users/couponplay
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-60.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c6042222156b5e26db18d7a25025e4b71e9c1d3d4cf90793e4030154b2dea1f5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.balatarin.com/users/couponplay
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Mon, 15 May 2023 00:20:22 GMT
Content-Encoding: gzip
Via: 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront)
Last-Modified: Mon, 09 Nov 2020 23:17:47 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA56-P2
Age: 5535608
ETag: W/"699129013888caccc30ce00dc03acd6f"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: image/svg+xml
X-Cache: Hit from cloudfront
Cache-Control: max-age=31536000
Connection: keep-alive
X-Amz-Cf-Id: Sn8PXSYHI6FG0Vv1JwqW3jmfcYxnYCC9bfGtr4EsvaJMXWKijpKmAQ==

GET
H/1.1 200
OK logo-footer-5b1979a4ecb584da673a08d6a737a10d87ae84aa6f5c2d18ab97da15c7462f11.png
assets.balatarin.com/assets/ 826 B
1 KB 41ms
41ms Image
image/png 18.66.97.60
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.balatarin.com/assets/logo-footer-5b1979a4ecb584da673a08d6a737a10d87ae84aa6f5c2d18ab97da15c7462f11.png
Requested by: Host: assets.balatarin.com
URL: https://assets.balatarin.com/assets/application-ba8f4551cd729b352f4b8c7737ef0d7ac4d13446c12c1ae75564fe03a377a086.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-60.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5b1979a4ecb584da673a08d6a737a10d87ae84aa6f5c2d18ab97da15c7462f11

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://assets.balatarin.com/assets/application-ba8f4551cd729b352f4b8c7737ef0d7ac4d13446c12c1ae75564fe03a377a086.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Wed, 17 May 2023 05:52:16 GMT
Via: 1.1 c2e56cd54e2593df95ccca8a6d98c958.cloudfront.net (CloudFront)
Last-Modified: Mon, 09 Nov 2020 23:17:47 GMT
Server: AmazonS3
X-Amz-Cf-Pop: FRA56-P2
Age: 5342894
ETag: "d6866d17619bc26a183d1c88f469f3e5"
X-Cache: Hit from cloudfront
Content-Type: image/png
Cache-Control: max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 826
X-Amz-Cf-Id: e_NldXguiejZl9NX5tqpyZZnphraMIHC9AkPt9g_1d_tAxM6XNu_iQ==

GET
H/1.1 200
OK fontawesome-webfont-2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe.woff2
assets.balatarin.com/assets/ 75 KB
76 KB 130ms
45ms Font
binary/octet-stream 18.66.97.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.balatarin.com/assets/fontawesome-webfont-2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe.woff2
Requested by: Host: assets.balatarin.com
URL: https://assets.balatarin.com/assets/application-ba8f4551cd729b352f4b8c7737ef0d7ac4d13446c12c1ae75564fe03a377a086.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.97.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-97-60.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Referer: https://assets.balatarin.com/assets/application-ba8f4551cd729b352f4b8c7737ef0d7ac4d13446c12c1ae75564fe03a377a086.css
Origin: https://www.balatarin.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Thu, 18 May 2023 01:07:28 GMT
Via: 1.1 50c53efe331c3da25a4faf191817af8c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P2
Age: 5273583
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 77160
Last-Modified: Mon, 09 Nov 2020 23:17:46 GMT
Server: AmazonS3
ETag: "af7ae505a9eed503f8b8e6982036873e"
Access-Control-Max-Age: 31536000
Access-Control-Allow-Methods: GET
Content-Type: binary/octet-stream
Access-Control-Allow-Origin: https://www.balatarin.com
Cache-Control: max-age=31536000
Access-Control-Allow-Credentials: true
Vary: Origin,Access-Control-Request-Method
Accept-Ranges: bytes
X-Amz-Cf-Id: gheypc6rmj56zF7O98zJxSxNd64yMjN3vrYg8l58UD0O73xgcmNThA==

POST
H2 204 collect
region1.google-analytics.com/g/ 0
255 B 142ms
47ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-8X79LBSGX3&gtm=45je37c0&_p=613334155&cid=1577338946.1689645630&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ngs=1&_s=1&sid=1689645630&sct=1&seg=0&dl=https%3A%2F%2Fwww.balatarin.com%2Fusers%2Fcouponplay&dt=%D8%A8%D8%A7%D9%84%D8%A7%D8%AA%D8%B1%DB%8C%D9%86%3A%20%D9%84%DB%8C%D9%86%DA%A9%E2%80%8C%D9%87%D8%A7%DB%8C%20couponplay%20(%D9%81%D8%B1%D8%B3%D8%AA%D8%A7%D8%AF%D9%87)&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&up.logged_in=false
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-8X79LBSGX3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.balatarin.com/users/couponplay
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 18 Jul 2023 02:00:30 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.balatarin.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307120101/ 391 KB
125 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202307120101/pubads_impl.js?cb=31076101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ddf8ed50c8e98fd5487859d7b60442e342e76496191eaecca316ffdffa437a5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.balatarin.com/users/couponplay
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 17 Jul 2023 17:27:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30782
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 127551
x-xss-protection: 0
server: cafe
etag: 11165969021637306507
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Tue, 16 Jul 2024 17:27:28 GMT

GET
H2 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202307120102/ 357 KB
123 KB 71ms
71ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202307120102/show_ads_impl_with_ama_fy2021.js?client=ca-pub-7031645305449270&plah=www.balatarin.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4b02f46623d77ef13e18f3277b9821f34437dfb9c11844f7bfd4153875abf20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.balatarin.com/users/couponplay
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 18 Jul 2023 02:00:30 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 125731
x-xss-protection: 0
server: cafe
etag: 16949619963168347165
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 18 Jul 2023 02:00:30 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230713/r20190131/ Frame 05A7 10 KB
5 KB 135ms
39ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230713/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18e7a53e3b3abd7ac0242719f7f62cb56b8efe7065091585b8ad22cbc2b8c41c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.balatarin.com/users/couponplay
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 8061
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4544
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 17 Jul 2023 23:46:09 GMT
etag: 12368291122986407432
expires: Mon, 31 Jul 2023 23:46:09 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 393 B
605 B 136ms
48ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.balatarin.com&callback=_gfp_s_&client=ca-pub-7031645305449270

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202307120102/show_ads_impl_with_ama_fy2021.js?client=ca-pub-7031645305449270&plah=www.balatarin.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

59ecc5ef7c9726a2850cfb1e2687e6cfe6f45da88d04c122fff409e61e36960f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.balatarin.com/users/couponplay
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 18 Jul 2023 02:00:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 253
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
456 B 137ms
49ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.balatarin.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.balatarin.com/users/couponplay
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 18 Jul 2023 02:00:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 73ms
73ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=DIV&cls=cc-window%20cc-banner%20cc-type-info%20cc-theme-block%20cc-bottom%20cc-color-override--1528114192%20&ign=false&pw=1600&ph=1200&x=1575&y=1175

Requested by

Host: www.balatarin.com
URL: https://www.balatarin.com/users/couponplay

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.balatarin.com/users/couponplay
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 18 Jul 2023 02:00:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 73ms
73ms Image
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=DIV&cls=navbar%20navbar-default%20navbar-fixed-top%20navbar-headroom%20headroom%20headroom--top%20headroom--bottom&ign=false&pw=1600&ph=1200&x=0&y=0

Requested by

Host: www.balatarin.com
URL: https://www.balatarin.com/users/couponplay

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.balatarin.com/users/couponplay
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 18 Jul 2023 02:00:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C228 20 KB
5 KB 185ms
184ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7031645305449270&output=html&adk=1812271804&adf=3025194257&lmt=1689645630&plat=1%3A16777216%2C2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x675_l%7C212x675_r&format=0x0&url=https%3A%2F%2Fwww.balatarin.com%2Fusers%2Fcouponplay&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1689645630247&bpp=6&bdt=582&idt=146&shv=r20230713&mjsv=m202307120102&ptt=9&saldr=aa&abxe=1&nras=1&correlator=690798676680&frm=20&pv=2&ga_vid=1577338946.1689645630&ga_sid=1689645630&ga_hid=613334155&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759876%2C44759927%2C31075849%2C31076162%2C44788441&oid=2&pvsid=1771731691192469&tmod=1016944441&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=173

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

98124e63745c06b709ad75c56035ef3a2672cef50bed26f381cfa67519f6d867

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.balatarin.com/users/couponplay
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 5275
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 18 Jul 2023 02:00:30 GMT
expires: Tue, 18 Jul 2023 02:00:30 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 2584 98 KB
35 KB 803ms
803ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7031645305449270&output=html&h=280&slotname=1232758454&adk=3628107873&adf=3250638448&pi=t.ma~as.1232758454&w=336&lmt=1689645630&rafmt=12&format=336x280&url=https%3A%2F%2Fwww.balatarin.com%2Fusers%2Fcouponplay&hl=en&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1689645630256&bpp=1&bdt=591&idt=168&shv=r20230713&mjsv=m202307120102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=690798676680&frm=20&pv=1&ga_vid=1577338946.1689645630&ga_sid=1689645630&ga_hid=613334155&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=254&ady=603&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759876%2C44759927%2C31075849%2C31076162%2C44788441&oid=2&pvsid=1771731691192469&tmod=1016944441&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CeE%7C&abl=NS&pfx=0&fu=256&bc=31&ifi=2&uci=a!2&fsb=1&xpc=TEIxlerjTw&p=https%3A//www.balatarin.com&dtd=173

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

869f4dd1d1aa9cf0d897ca661233d8c4d4b345fabcdfbed83278ab536bcb61fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.balatarin.com/users/couponplay
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 35902
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 18 Jul 2023 02:00:31 GMT
expires: Tue, 18 Jul 2023 02:00:31 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 3E25 117 KB
39 KB 754ms
753ms Document
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7031645305449270&output=html&h=280&slotname=9543430451&adk=17676442&adf=2032819628&pi=t.ma~as.9543430451&w=779&fwrn=4&fwrnh=100&lmt=1689645630&rafmt=1&format=779x280&url=https%3A%2F%2Fwww.balatarin.com%2Fusers%2Fcouponplay&hl=en&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1689645630257&bpp=1&bdt=592&idt=175&shv=r20230713&mjsv=m202307120102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C336x280&nras=1&correlator=690798676680&frm=20&pv=1&ga_vid=1577338946.1689645630&ga_sid=1689645630&ga_hid=613334155&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=605&ady=125&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759876%2C44759927%2C31075849%2C31076162%2C44788441&oid=2&pvsid=1771731691192469&tmod=1016944441&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CEe%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=yDeSTRWFBZ&p=https%3A//www.balatarin.com&dtd=180

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d3ac09c851d3eb0c52dcbe4bbd51d686e3c18b3c3760c4377cdc08d26bfb2f32

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.balatarin.com/users/couponplay
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 40081
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 18 Jul 2023 02:00:31 GMT
expires: Tue, 18 Jul 2023 02:00:31 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css
fonts.googleapis.com/ Frame 3E25 14 KB
1 KB 204ms
81ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7031645305449270&output=html&h=280&slotname=9543430451&adk=17676442&adf=2032819628&pi=t.ma~as.9543430451&w=779&fwrn=4&fwrnh=100&lmt=1689645630&rafmt=1&format=779x280&url=https%3A%2F%2Fwww.balatarin.com%2Fusers%2Fcouponplay&hl=en&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1689645630257&bpp=1&bdt=592&idt=175&shv=r20230713&mjsv=m202307120102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C336x280&nras=1&correlator=690798676680&frm=20&pv=1&ga_vid=1577338946.1689645630&ga_sid=1689645630&ga_hid=613334155&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=605&ady=125&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759876%2C44759927%2C31075849%2C31076162%2C44788441&oid=2&pvsid=1771731691192469&tmod=1016944441&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CEe%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=yDeSTRWFBZ&p=https%3A//www.balatarin.com&dtd=180

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 18 Jul 2023 02:00:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 18 Jul 2023 01:41:28 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 18 Jul 2023 02:00:31 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230713/r20110914/client/ Frame 3E25 2 KB
973 B 248ms
125ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230713/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 17 Jul 2023 13:50:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 43782
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 865
x-xss-protection: 0
server: cafe
etag: 5051423035144352294
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 Jul 2023 13:50:49 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230713/r20110914/ Frame 3E25 23 KB
9 KB 286ms
187ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230713/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2fbcc1508834534cff9d947b309e68956bac07a7a4e0d6bf84e1f4d308b307a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 17 Jul 2023 13:48:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 43921
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9071
x-xss-protection: 0
server: cafe
etag: 17378926570389699705
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 Jul 2023 13:48:30 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230713/r20110914/client/ Frame 3E25 3 KB
1 KB 282ms
184ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230713/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 17 Jul 2023 13:48:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 43921
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 Jul 2023 13:48:30 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230713/r20110914/client/ Frame 3E25 20 KB
9 KB 203ms
82ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230713/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a39315ea3815262f3c844b9c50e4fb52bc77561504c65b29abdd1fc0488db912

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 17 Jul 2023 13:48:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 43921
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8291
x-xss-protection: 0
server: cafe
etag: 17061476539903440100
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 Jul 2023 13:48:30 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 2584 6 KB
1 KB 149ms
80ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7031645305449270&output=html&h=280&slotname=1232758454&adk=3628107873&adf=3250638448&pi=t.ma~as.1232758454&w=336&lmt=1689645630&rafmt=12&format=336x280&url=https%3A%2F%2Fwww.balatarin.com%2Fusers%2Fcouponplay&hl=en&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1689645630256&bpp=1&bdt=591&idt=168&shv=r20230713&mjsv=m202307120102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=690798676680&frm=20&pv=1&ga_vid=1577338946.1689645630&ga_sid=1689645630&ga_hid=613334155&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=254&ady=603&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759876%2C44759927%2C31075849%2C31076162%2C44788441&oid=2&pvsid=1771731691192469&tmod=1016944441&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CeE%7C&abl=NS&pfx=0&fu=256&bc=31&ifi=2&uci=a!2&fsb=1&xpc=TEIxlerjTw&p=https%3A//www.balatarin.com&dtd=173

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9a4eb2c9445287c34cb0a9ed5cc673460362483f0855bc91f8230dfa46a955e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 18 Jul 2023 02:00:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 18 Jul 2023 01:52:31 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 18 Jul 2023 02:00:31 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230713/r20110914/client/ Frame 2584 2 KB
926 B 194ms
126ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230713/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 17 Jul 2023 13:50:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 43782
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 865
x-xss-protection: 0
server: cafe
etag: 5051423035144352294
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 Jul 2023 13:50:49 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230713/r20110914/ Frame 2584 23 KB
9 KB 115ms
83ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230713/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2fbcc1508834534cff9d947b309e68956bac07a7a4e0d6bf84e1f4d308b307a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 17 Jul 2023 13:48:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 43921
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9071
x-xss-protection: 0
server: cafe
etag: 17378926570389699705
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 Jul 2023 13:48:30 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230713/r20110914/client/ Frame 2584 3 KB
1 KB 155ms
124ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230713/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 17 Jul 2023 13:48:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 43921
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 Jul 2023 13:48:30 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230713/r20110914/client/ Frame 2584 20 KB
8 KB 150ms
83ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230713/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a39315ea3815262f3c844b9c50e4fb52bc77561504c65b29abdd1fc0488db912

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 17 Jul 2023 13:48:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 43921
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8291
x-xss-protection: 0
server: cafe
etag: 17061476539903440100
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 31 Jul 2023 13:48:30 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2584 179 KB
56 KB 62ms
60ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

deb428f7b8dc8e920a46777cd7f0d271923623abedb2e7bdf397a3f76fc2f43a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 18 Jul 2023 02:00:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57311
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1689594152080714"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 18 Jul 2023 02:00:31 GMT

GET
H2 200 db0cdd5d6449829815370f69ba3f47bd.js Show response
www.gstatic.com/mysidia/ Frame 2584 33 KB
14 KB 203ms
40ms Script
text/javascript 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/db0cdd5d6449829815370f69ba3f47bd.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

099588faedf07d2076acea7c3ad9730a09eaff20a82ebb2da69c0f1d3caff599

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 14 Jul 2023 17:24:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 290174
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14165
x-xss-protection: 0
last-modified: Fri, 14 Jul 2023 17:15:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 12 Oct 2023 17:24:17 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/809621915681769741/ Frame 3E25 20 KB
20 KB 180ms
127ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/809621915681769741/14763004658117789537?w=400&h=209

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

04571231dc4e198513c3f15e48477d137d4ef3d877e373c90df3ea98f3e415b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 17 Jul 2023 21:22:40 GMT
x-content-type-options: nosniff
age: 16671
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20317
x-xss-protection: 0
last-modified: Sat, 03 Jun 2023 23:19:51 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 16 Jul 2024 21:22:40 GMT

GET
DATA 200
OK truncated
/ Frame 3E25 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 3E25 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c1d407d011f25ff32f910f634d5af89ae4d7ad2570b2f323304bf4d3731b8e29

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3E25 179 KB
56 KB 109ms
109ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

deb428f7b8dc8e920a46777cd7f0d271923623abedb2e7bdf397a3f76fc2f43a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 18 Jul 2023 02:00:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57311
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1689594152080714"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 18 Jul 2023 02:00:31 GMT

GET
H2 200 db0cdd5d6449829815370f69ba3f47bd.js Show response
www.gstatic.com/mysidia/ Frame 3E25 33 KB
14 KB 217ms
56ms Script
text/javascript 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/db0cdd5d6449829815370f69ba3f47bd.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

099588faedf07d2076acea7c3ad9730a09eaff20a82ebb2da69c0f1d3caff599

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 14 Jul 2023 17:24:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 290174
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14165
x-xss-protection: 0
last-modified: Fri, 14 Jul 2023 17:15:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 12 Oct 2023 17:24:17 GMT

GET
H2 200 2076313506083323656
tpc.googlesyndication.com/simgad/4882322900282578464/ Frame 2584 35 KB
35 KB 162ms
148ms Image
image/jpeg 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/4882322900282578464/2076313506083323656

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de53aff512a3169f13b8d81fa166b00b88eb68160929675d5b29d6ecb1b5747a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 17 Jul 2023 04:19:08 GMT
x-content-type-options: nosniff
age: 78083
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35507
x-xss-protection: 0
last-modified: Sat, 08 Jul 2023 09:38:50 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 16 Jul 2024 04:19:08 GMT

GET
DATA 200
OK truncated
/ Frame 2584 218 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 96fe1bbd72f9031502d23e41809326a3b47709df45281c0aac9aa4640ba644d8

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 2584 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8cfabc2c3ebaeea211bcbd8234071f4e39cf1aac4d3a5ec7fa1cae9032e2285e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 3E25 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5f6b0c1662378b4bac6f530dfc7c373a8dd6487df5844d78f046ce7053c7221b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 2584 15 KB
16 KB 127ms
39ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 15 Jul 2023 03:30:27 GMT
x-content-type-options: nosniff
age: 253804
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 14 Jul 2024 03:30:27 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 2584 15 KB
16 KB 137ms
49ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 15 Jul 2023 17:04:15 GMT
x-content-type-options: nosniff
age: 204976
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 14 Jul 2024 17:04:15 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 2584 15 KB
15 KB 170ms
84ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 15 Jul 2023 15:24:53 GMT
x-content-type-options: nosniff
age: 210938
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15740
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 14 Jul 2024 15:24:53 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 2584 0
23 B 85ms
85ms Image
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=ClbxYPvK1ZMKIHfi678EP0vy62Amoj_vWcc_32Za9EWQQASCIzuQRYJWCgICUB6AB6f31zwPIAQmoAwHIA8sEqgSTAk_Qtg5QOxvL-2WNjMwNZeE0QR7mMWlW0mvMDT0nriHmJ3PtUFg1ImUzYD9fA3tk8SVRCVXMTrRX2VT-AYwkbs1t3u4mYJH4y6wb-0SusJWE_tRuWPDZqzA1yV19MWW_3rE72Ej8MwkRV_F1eM7soKDsFA6zGiO28QNBTbYEdBsk0coDx6eohhTTFxHO9lRpwz7Nc8KPMXn1kDpXye0SP5bX-44HtiJZPiRzYMHcgAILUTvLdwgQrt3u41nUGiPQwO8_yo-e1ZWAkL6tzgGMEQgcyy_fi6cnWcvenBgSQquiQayVUkWozm0Qc5eDxXov8fkyv2SYAKiHBOI32cu67j5yblLPoUutx8GU9YdCXiZQ-prEwAT8g-fZswSSBQQIBBgBkgUECAUYBKAGLoAHwK-KuASoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBBDPhgfSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6gAoByAsBuBPkA9gTDIgUAdAVAYAXAbIXHAoaCAASFHB1Yi03MDMxNjQ1MzA1NDQ5MjcwGAA&sigh=iAYAtnPzF5o&uach_m=[UACH]&cid=CAQSGwBpAlJWcC8jcQiz7vLyrku0yhNK0xiHrAQ4OBgB&template_id=484&cbvp=2&vis=1

Requested by

Host: www.balatarin.com
URL: https://www.balatarin.com/users/couponplay

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7031645305449270&output=html&h=280&slotname=1232758454&adk=3628107873&adf=3250638448&pi=t.ma~as.1232758454&w=336&lmt=1689645630&rafmt=12&format=336x280&url=https%3A%2F%2Fwww.balatarin.com%2Fusers%2Fcouponplay&hl=en&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1689645630256&bpp=1&bdt=591&idt=168&shv=r20230713&mjsv=m202307120102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=690798676680&frm=20&pv=1&ga_vid=1577338946.1689645630&ga_sid=1689645630&ga_hid=613334155&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=254&ady=603&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759876%2C44759927%2C31075849%2C31076162%2C44788441&oid=2&pvsid=1771731691192469&tmod=1016944441&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CeE%7C&abl=NS&pfx=0&fu=256&bc=31&ifi=2&uci=a!2&fsb=1&xpc=TEIxlerjTw&p=https%3A//www.balatarin.com&dtd=173
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 18 Jul 2023 02:00:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 18 Jul 2023 02:00:31 GMT

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame 3E25 33 KB
33 KB 169ms
99ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 19:09:17 GMT
x-content-type-options: nosniff
age: 543074
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34108
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:35:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Jul 2024 19:09:17 GMT

GET
H3 200 79Hy1jOkYXTpKXqlcd2FYXx1C4-H0WpSd41bxBCbcBc.js Show response
pagead2.googlesyndication.com/bg/ Frame 03B3 37 KB
14 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/79Hy1jOkYXTpKXqlcd2FYXx1C4-H0WpSd41bxBCbcBc.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

efd1f2d633a46174e9297aa571dd85617c750b8f87d16a52778d5bc4109b7017

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 13 Jul 2023 14:25:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 387288
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14507
x-xss-protection: 0
last-modified: Mon, 03 Jul 2023 10:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 12 Jul 2024 14:25:43 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 3E25 0
19 B 86ms
85ms Image
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Ce-R3PvK1ZJDxHJPTgAeCkJrgBsHa9tVxiZX_3dERhaqi7rU-EAEgiM7kEWChAqAB1aiauALIAQmoAwHIA8sEqgSgAk_QGloVomQ_8HcO6UsSH6bEbjCarNjf3KNclaazOZP6v1xdrfMReHuDOcUH_jqspx3RxuqynZh2A5q_nO9U0Y2pKnP0d3Wo1gaez70Ma-6Sffeay_xp4fKEyDO-qv5W5PQA3FLHy_mkWR5F7McAvsnZQcodhwZAWI5R3dsLFLfzgSXUr0K9gvEBTst5g-Esb8g_U9ft4nKkuWGF3xOnaF5Bc6HyyjGM3aAA_ha-7QPgo_0PcXVi9M7OI8WK4Sjme154p_aIIA2xQ0fGunOBiutZ-ISVaZZHRKC8jnCgqEBBqsKd_rTbsAR_xoTy6FZ7i-SBMh08i9v6S4hZRojYx25aJCVeIMp6M6xbdb5RW4A0iIMBa24Y1VIwEqXG-JdyvsAE4L3itbQEoAYugAeT1-XHAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcDEMph0ggUCIBhEAEYHzICigI6AoBASL39wTqACgHICwHYEwPQFQGYFgGAFwGyFxwKGggAEhRwdWItNzAzMTY0NTMwNTQ0OTI3MBgA&sigh=WJdDnyQuA68&uach_m=[UACH]&cid=CAQSGwBpAlJW9GqNZkbVYsLJRvEY5myvHZkdPBhOZxgB&template_id=5000&cbvp=2&vis=1

Requested by

Host: www.balatarin.com
URL: https://www.balatarin.com/users/couponplay

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7031645305449270&output=html&h=280&slotname=9543430451&adk=17676442&adf=2032819628&pi=t.ma~as.9543430451&w=779&fwrn=4&fwrnh=100&lmt=1689645630&rafmt=1&format=779x280&url=https%3A%2F%2Fwww.balatarin.com%2Fusers%2Fcouponplay&hl=en&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1689645630257&bpp=1&bdt=592&idt=175&shv=r20230713&mjsv=m202307120102&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C336x280&nras=1&correlator=690798676680&frm=20&pv=1&ga_vid=1577338946.1689645630&ga_sid=1689645630&ga_hid=613334155&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=605&ady=125&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759837%2C44759876%2C44759927%2C31075849%2C31076162%2C44788441&oid=2&pvsid=1771731691192469&tmod=1016944441&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=o%7Co%7CEe%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=yDeSTRWFBZ&p=https%3A//www.balatarin.com&dtd=180
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 18 Jul 2023 02:00:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
12 KB 148ms
63ms XHR
application/json 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230713&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1e6a1c03c34c22fef52d06d2906b5af4ca42ab7305e903d1d1569f04923bb167

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.balatarin.com/users/couponplay
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 18 Jul 2023 02:00:31 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11944
x-xss-protection: 0

GET
H3 200 79Hy1jOkYXTpKXqlcd2FYXx1C4-H0WpSd41bxBCbcBc.js Show response
pagead2.googlesyndication.com/bg/ Frame A26B 37 KB
14 KB 41ms
40ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/79Hy1jOkYXTpKXqlcd2FYXx1C4-H0WpSd41bxBCbcBc.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

efd1f2d633a46174e9297aa571dd85617c750b8f87d16a52778d5bc4109b7017

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 13 Jul 2023 14:25:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 387288
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14507
x-xss-protection: 0
last-modified: Mon, 03 Jul 2023 10:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 12 Jul 2024 14:25:43 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 51ms
50ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.balatarin.com/users/couponplay
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 18 Jul 2023 02:00:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 18 Jul 2023 02:00:31 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame AC04 13 KB
5 KB 42ms
40ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.balatarin.com/users/couponplay
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 15922
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 17 Jul 2023 21:35:10 GMT
expires: Tue, 16 Jul 2024 21:35:10 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame BB20 783 B
1 KB 146ms
53ms Document
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

967901a978ddc3e12ac7cc56b4399098177d4d69af43a75f868941879e4695ae

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-whzUbJM_R1_ZoB46PWQW2Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.balatarin.com/users/couponplay
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 515
content-security-policy: script-src 'report-sample' 'nonce-whzUbJM_R1_ZoB46PWQW2Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 18 Jul 2023 02:00:32 GMT
expires: Tue, 18 Jul 2023 02:00:32 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 79Hy1jOkYXTpKXqlcd2FYXx1C4-H0WpSd41bxBCbcBc.js Show response
pagead2.googlesyndication.com/bg/ Frame AC04 37 KB
14 KB 46ms
41ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/79Hy1jOkYXTpKXqlcd2FYXx1C4-H0WpSd41bxBCbcBc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

efd1f2d633a46174e9297aa571dd85617c750b8f87d16a52778d5bc4109b7017

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 13 Jul 2023 14:25:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 387289
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14507
x-xss-protection: 0
last-modified: Mon, 03 Jul 2023 10:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 12 Jul 2024 14:25:43 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame BB20 0
0 75ms
73ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230713&jk=1771731691192469&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame AC04 0
10 B 40ms
40ms Image
text/plain 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?rcfN5g
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 18 Jul 2023 02:00:32 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 2584 42 B
64 B 77ms
76ms Fetch
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstyfT4dpaCGRn6TV8UICvID-2q1heK4R0QLsc2i9PO8iNt3nSJ9DfQjj9JySvOnoIJUQmjwc0VlAyUCjsDjdl8368kMRGr6nIl6QrePR00PJ582fSN2dYJ6fSWEUYvoKO_6thMCMC8cijc9&sai=AMfl-YRJc35hnMZcCw75LV4X312r36L_D7ro9Py9S_PohqM6Gis_QiofJq9wjukBGTRaOXwvHacA3QUpsbxS&sig=Cg0ArKJSzDTR0Mn7gCOcEAE&cid=CAQSGwBpAlJWcC8jcQiz7vLyrku0yhNK0xiHrAQ4OBgB&id=lidar2&mcvt=1000&p=0,0,280,336&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230717&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=3628107873&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1689645630430&rpt=1133&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 18 Jul 2023 02:00:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 79ms
78ms Image
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230713&jk=1771731691192469&bg=!LS6lLnrNAAa3SiIRl0o7ADkAdvg8WncPiFCNhEpZSkDf6aIVPfcl4-Y4Oikk2IX-TRmdHeTyjcAcEFAjsdFHfcNKp5H8jmXPE94CAAAAeVIAAAANaAEHCgAgt4Cie3AlNjwqqciM1K7QlEdJybtB8NZnhNF-1sLlLtmZArQZc1fa5fDEIF8B-RlpHsl5mU8USJvPiHoq7rUCSjY_Y1FJOQAjnmDpVPPBjrrR1RqkqxFyDdKSBTJI5k6pMs2slWE1RueqLntsJu1FXGPitMmTpFmv1tQBCQVnih7J6Nuv6T6d7lD9VAUq_UkEmZsICBcOQv3k2xg8tpKIIwvqfZPQXiSW-KSIHEyNhyMHif2uhSRzyuyjryyCNgR9DuNjIlLPss9Q97gwnardak8xZY5HRX6KTSZAmtQVzoQMiY3R5ogJ-e-HfGUtNkPMiBJzGzrnkVNGBJL2wqd5mwpNOGCqDu-5lNbDzbfxUy6AvVaFGYnfc6xt3riW5hYGlG6l-UQRacWPmQRoS3uWrvWGkBy_eSVY5nswnCHh6uQChphfIm-VruQSK0wrcKkCOtCFBxZDLcwnSFUNBzVpLLD5oKEQFYLXPYrYf2SZoplKeBZNfdcKwxUvksIk_LtqslbjGnXquivdHAkDx3Qd53AZoNf1MtjyBbJKxZr2WB8CxLJ-976gRo9kY32oSfBi_dLBIs6bPtH0NFkyY2_Mxf12nppHQMBfvoxPBeAc4Cioax7QzZAqsuXUZv2PCmdHjQI6ASRnvPlYs6ARVR2vUPTH1AXX18z3x-L7zu54nMizubO6nzrtdj6neu8DbXP6hlCK5mhPM5gn_xtuUQt6LxSps8jLHnSkfV48yYtPQKFZ4VXCT1HSmW7wMKL14N6Mg_rYK4fgIEmpO_B1uLx0LRW_iIcmt4ZHrgecyPk6ZI6zid5dIWwkNolDi98gycSh34T9BJqu_IyPbBY5nFKaBdKXFuiY4Rv1iuzC-5g84aGLmL66TvEGWArLjo9Mi2UAppxRvVRh9OaQyeT-8xZ0sjA9f9QmZyb-Xqo1Fqqv3Macur5cJzxDH15ODViQuAFJsAIGxsQQnw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.balatarin.com/users/couponplay
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 3E25 42 B
64 B 78ms
77ms Fetch
image/gif 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssItthzKlEynJjlQVGzqUrhC_BXyih_lHoWyWJhcByKUrD6LTXF6haFzGbkXRF7CIkzfG8uhX_7n5p5WmrjomE90_ZunNaGHjLAz14uD_DodDTpC4C3zy_-3cRNh8FRTJNhQ1yWZKWcAfjByCd4IQ_GDG07C9hU3OY2xFkPo_NOeTf_VBArGHL9UIZQeVNZzUqs0pGjmYyxc_uZSJWD9S-sUeGBE-e0eKdmoPwJfUAsS2dZPQZbKdBzljObdgazpM2UfftNHWJ24hxdSX4z2d-4295BEY_QPlH-3lBHQd7wICLn0y7oq34bcDfKMLfsecRT1rSZBOK-WntGHC1-CRq2JudnG_Qr-CeNsmyxZZTD3N7gnMSEY2zMtBR_EhGfIhwd7ZbkNnUEMWaIwk8Y9c8KKH0958Bkv1Iysdm8bB5_0NqaiYlVUsdtU89GyHxyZ7xXKN7AU5Ha_tZefAwbrQX_o6HgZQOYQy9IIbmflyCPxkIxUI2JksAsnKDrg6vSVkjbfCoXCVuHVXPvCZtM6DeOHmiYBYLEuK8jviRLj7VTzDUuk46NAXxUHdwzUsP0njris3XQ1MS8oEOYOqPPjEeSofFMXs3qG6Hzsgzp7Yg_zcJV-wST-md01OXJ8R30JmiuYtnl9bGl9r5lk0qguED5HMNd4yG0v8OCRZxPrdMjAXaBF7zgxifq3YEdIIfMQKsJNcSNMZJotSBVZ9kJ7iFhz0_iV1OfVK4lKcA6FPVyIehGwKdQeIFPFCQc94U7EbERI9XpNZQDEZTHW0wNMQ_adwy1M0S9QkLdd567O2jpgpQg-Cn8kjDDsdQn3HZ2qGEbauhpCdWCGdtkUbe5sfnPXXVh_Ii0mUWF_DGK9kKqD95V3gvPTmODoblkVOU0LHCCzGu_OEymBjjeyX5zl5RObSsLpLntL6WB4udbthbBCGxbj6734_9dCENOeP0ot-IkmIo288n4rIE6EeRSskSdkEk2HfrMgZACH9Sz7TcBLHcKLesVqmT7TqnIZnP2pnhhE_yNUVN9fPqDtxRZgPybB2nW_-S8l24mSaZKio54iQ-odR0OkFcpWfEZJloN&sai=AMfl-YSNq_WpytZCQeOyBjaUylQDO4F5SAaJopCBPDGzhCge3IUhN7hHdbuW707a2V-I_aypr1uqQxXZsxPoLb4JvZSrcFGsG6zzfQ&sig=Cg0ArKJSzL0bER7lC_0VEAE&cid=CAQSGwBpAlJW9GqNZkbVYsLJRvEY5myvHZkdPBhOZxgB&id=lidar2&mcvt=1000&p=0,0,280,779&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230717&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=17676442&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1689645630439&rpt=1344&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 18 Jul 2023 02:00:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
54 B 49ms
48ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-8X79LBSGX3&gtm=45je37c0&_p=613334155&cid=1577338946.1689645630&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEA&ngs=1&_s=2&sid=1689645630&sct=1&seg=0&dl=https%3A%2F%2Fwww.balatarin.com%2Fusers%2Fcouponplay&dt=%D8%A8%D8%A7%D9%84%D8%A7%D8%AA%D8%B1%DB%8C%D9%86%3A%20%D9%84%DB%8C%D9%86%DA%A9%E2%80%8C%D9%87%D8%A7%DB%8C%20couponplay%20(%D9%81%D8%B1%D8%B3%D8%AA%D8%A7%D8%AF%D9%87)&en=scroll&epn.percent_scrolled=90&_et=16
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-8X79LBSGX3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.balatarin.com/users/couponplay
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 18 Jul 2023 02:00:35 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.balatarin.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

72 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.balatarin.com/users	1969-12-31 23:59:59	Name: geo Value: 0
www.balatarin.com/	1969-12-31 23:59:59	Name: _balat_session_new Value: qKdZk9NpCx4a%2Fr5oI3dNRH2ZJCJ2Y5cfVGIpbwHPq3HPRIcJzh%2B1bEgjl4i5KIVf7Xj%2F12RBrGkClrnQoQt211kNezVX7bZqVghzRzcc90RjnKJFYZjLk3rnlL%2BJMZhyImgGiiNlVAgV1y65HoTf9m1XbMy2kr%2B0%2FlNv09S8dQinXlFF7%2Bv6Jbpc3VK9WozwAXPwIihDOa0IejIpo8yS12bZql7BCCDHhTDNdWcCIIbVK4UilCBGBIgxwHZbCIhpb6SCKUfqcpJxkldbQbF%2FHPS%2BH%2FdNIAGZ%2Fy2XO678LL6%2B5p89ccLJ7aHDFnmpyZX5brE%3D--ybeMoPxAh7INAqK2--i2S8fVO%2B9tHnQqJ%2B6hsbug%3D%3D
.balatarin.com/	1970-01-20 22:56:45	Name: _ga Value: GA1.1.1577338946.1689645630
.balatarin.com/	1970-01-20 22:56:45	Name: _ga_8X79LBSGX3 Value: GS1.1.1689645630.1.0.1689645630.0.0.0
.balatarin.com/	1970-01-20 22:42:21	Name: __gads Value: ID=dd99318d4a16eac3-2292a32e30de0055:T=1689645630:RT=1689645630:S=ALNI_Mb4Q6MgeJ8wXMtszPMLQQ2mqH3GXQ
.balatarin.com/	1970-01-20 22:42:21	Name: __gpi Value: UID=00000c3ebdf4a221:T=1689645630:RT=1689645630:S=ALNI_Ma2kjuXJQ2N-HLvenV1CAArgI2XIA
.doubleclick.net/	1970-01-20 22:42:21	Name: IDE Value: AHWqTUmnsyEC3odJbO0Qh1Mu_IRADSahOYyK-g0XbBaFMdrmqUM9EZVczgP59YpPiSk

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31556952; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
ajax.googleapis.com
assets.balatarin.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
pagead2.googlesyndication.com
partner.googleadservices.com
region1.google-analytics.com
s3.amazonaws.com
securepubads.g.doubleclick.net
tpc.googlesyndication.com
www.balatarin.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
z-na.amazon-adsystem.com
107.178.241.59
143.204.94.19
18.66.97.60
2001:4860:4802:34::36
2a00:1450:4001:808::2002
2a00:1450:4001:808::2003
2a00:1450:4001:809::200a
2a00:1450:4001:813::2003
2a00:1450:4001:827::2002
2a00:1450:4001:828::2002
2a00:1450:4001:829::200a
2a00:1450:4001:82a::2001
2a00:1450:4001:82f::2002
2a00:1450:4001:831::2004
2a00:1450:4001:831::2008
52.217.204.232
04571231dc4e198513c3f15e48477d137d4ef3d877e373c90df3ea98f3e415b1
099588faedf07d2076acea7c3ad9730a09eaff20a82ebb2da69c0f1d3caff599
18e7a53e3b3abd7ac0242719f7f62cb56b8efe7065091585b8ad22cbc2b8c41c
1e6a1c03c34c22fef52d06d2906b5af4ca42ab7305e903d1d1569f04923bb167
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2fbcc1508834534cff9d947b309e68956bac07a7a4e0d6bf84e1f4d308b307a3
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280
44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e
45110b7736d40b3c5425c89370ad298cc6e8a146a2aa6ed6f861c0d208f4fd99
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
59adc632e7b6f20a828cd60713b518e10d07793033dd608a5d40abc971331c59
59ecc5ef7c9726a2850cfb1e2687e6cfe6f45da88d04c122fff409e61e36960f
5b1979a4ecb584da673a08d6a737a10d87ae84aa6f5c2d18ab97da15c7462f11
5f6b0c1662378b4bac6f530dfc7c373a8dd6487df5844d78f046ce7053c7221b
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
6ea9abbbd1c09dca9c54694b3a1d2dda791b8cdc571f2f932dddd6694462f67c
7633db93bffbe5d998163e92c1799de01d98ded7bb2c86faa059686e4f0fc73e
869f4dd1d1aa9cf0d897ca661233d8c4d4b345fabcdfbed83278ab536bcb61fb
8cfabc2c3ebaeea211bcbd8234071f4e39cf1aac4d3a5ec7fa1cae9032e2285e
967901a978ddc3e12ac7cc56b4399098177d4d69af43a75f868941879e4695ae
96fe1bbd72f9031502d23e41809326a3b47709df45281c0aac9aa4640ba644d8
98124e63745c06b709ad75c56035ef3a2672cef50bed26f381cfa67519f6d867
9a4eb2c9445287c34cb0a9ed5cc673460362483f0855bc91f8230dfa46a955e1
9b9db2210e40b1eab93eb8ef36575eba30c20fb68e0dbb315ade1c43c6eb859e
a39315ea3815262f3c844b9c50e4fb52bc77561504c65b29abdd1fc0488db912
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a4b02f46623d77ef13e18f3277b9821f34437dfb9c11844f7bfd4153875abf20
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
b4328b807345e27f16502a0881e39e36c1495906101cfc548728562912145f39
c1d407d011f25ff32f910f634d5af89ae4d7ad2570b2f323304bf4d3731b8e29
c3feea69069e9ae3a6ac897a67de37d1c05e860d1ad13f6788d465b3707d63be
c6042222156b5e26db18d7a25025e4b71e9c1d3d4cf90793e4030154b2dea1f5
d3ac09c851d3eb0c52dcbe4bbd51d686e3c18b3c3760c4377cdc08d26bfb2f32
ddf8ed50c8e98fd5487859d7b60442e342e76496191eaecca316ffdffa437a5d
de53aff512a3169f13b8d81fa166b00b88eb68160929675d5b29d6ecb1b5747a
deb428f7b8dc8e920a46777cd7f0d271923623abedb2e7bdf397a3f76fc2f43a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efd1f2d633a46174e9297aa571dd85617c750b8f87d16a52778d5bc4109b7017
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
feb7ef4e9620f57bfd7a2a87179c3310db2ea0eeec076fb1a28dbef3f45cc5b5

www.balatarin.com Open in urlscan Pro 107.178.241.59 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

58 Requests

100 %HTTPS

75 %IPv6

12 Domains

18 Subdomains

17 IPs

2 Countries

1099 kBTransfer

2931 kBSize

7 Cookies

7 Outgoing links

Redirected requests

58 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.balatarin.com Open in urlscan Pro
107.178.241.59 Public Scan

Screenshot
Live screenshot

Full Image

58
Requests

100 %
HTTPS

75 %
IPv6

12
Domains

18
Subdomains

17
IPs

2
Countries

1099 kB
Transfer

2931 kB
Size

7
Cookies

58 HTTP transactions
5 data transactions