dubaitickets.papermoonkids.com Open in urlscan Pro
85.159.66.62 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://dubaitickets.papermoonkids.com/
Submission Tags: @phish_report
Submission: On July 13 via api (July 13th 2024, 12:00:47 am UTC) from FI — Scanned from FI

Summary HTTP 71 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 24 IPs in 7 countries across 39 domains to perform 71 HTTP transactions. The main IP is 85.159.66.62, located in Turkey and belongs to CIZGI, TR. The main domain is dubaitickets.papermoonkids.com.

This is the only time dubaitickets.papermoonkids.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	85.159.66.62 85.159.66.62	34619 (CIZGI) (CIZGI)
7	89.19.5.50 89.19.5.50	34619 (CIZGI) (CIZGI)
4	216.58.206.72 216.58.206.72	15169 (GOOGLE) (GOOGLE)
3	142.250.186.142 142.250.186.142	15169 (GOOGLE) (GOOGLE)
2	157.240.253.1 157.240.253.1	32934 (FACEBOOK) (FACEBOOK)
2	151.101.129.44 151.101.129.44	54113 (FASTLY) (FASTLY)
3	204.79.197.237 204.79.197.237	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	104.17.111.223 104.17.111.223	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	178.250.1.13 178.250.1.13	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2.17.177.117 2.17.177.117	16625 (AKAMAI-AS) (AKAMAI-AS)
1	156.146.33.14 156.146.33.14	60068 (CDN77 _) (CDN77 _)
7	141.226.228.48 141.226.228.48	200478 (TABOOLA-AS) (TABOOLA-AS)
1	157.240.252.35 157.240.252.35	32934 (FACEBOOK) (FACEBOOK)
1 4	185.184.8.90 185.184.8.90	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
1	178.250.1.11 178.250.1.11	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	81.88.57.79 81.88.57.79	39729 (REGISTER-AS) (REGISTER-AS)
2	178.250.1.9 178.250.1.9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	172.217.16.130 172.217.16.130	15169 (GOOGLE) (GOOGLE)
1	35.214.149.91 35.214.149.91	15169 (GOOGLE) (GOOGLE)
2 2	37.252.171.21 37.252.171.21	29990 (ASN-APPNEX) (ASN-APPNEX)
1	149.202.238.104 149.202.238.104	16276 (OVH) (OVH)
1	185.255.84.152 185.255.84.152	200271 (IGUANE-) (IGUANE-)
1 2	172.64.151.101 172.64.151.101	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	141.95.98.64 141.95.98.64	16276 (OVH) (OVH)
71	24

2 85.159.66.62 (Turkey)

ASN34619 (CIZGI, TR)
PTR: 85-159-66-62.cizgi.net.tr

dubaitickets.papermoonkids.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 89.19.5.50 (Turkey)

ASN34619 (CIZGI, TR)
PTR: www.natro.com

www.natro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 216.58.206.72 (United States)

ASN15169 (GOOGLE, US)
PTR: mil07s08-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.186.142 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.253.1 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-fra5.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.129.44 (San Francisco, United States)

ASN54113 (FASTLY, US)

cdn.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 204.79.197.237 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.17.111.223 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.1.13 (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

dynamic.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.17.177.117 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-17-177-117.deploy.static.akamaitechnologies.com

chimpstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 156.146.33.14 (Frankfurt am Main, Germany)

ASN60068 (CDN77 _, GB)
PTR: 413474573.fra.cdn77.com

tags.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 141.226.228.48 (Netherlands)

ASN200478 (TABOOLA-AS, IL)

trc-events.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync-t1.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 157.240.252.35 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-01-fra3.facebook.com

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.184.8.90 (Amsterdam, Netherlands) 1 redirects

ASN204995 (RTB-HOUSE-AMS, CY)
PTR: ip-185-184-8-90.rtbhouse.net

ams.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.1.11 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 81.88.57.79 (Italy)

ASN39729 (REGISTER-AS, IT)

srv.isy-teamblue.services	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.1.9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

sslwidget.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.16.130 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s06-in-f130.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.214.149.91 (Groningen, Netherlands)

ASN15169 (GOOGLE, US)
PTR: 91.149.214.35.bc.googleusercontent.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.252.171.21 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 149.202.238.104 (France)

ASN16276 (OVH, FR)
PTR: ip104.ip-149-202-238.eu

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.255.84.152 (France)

ASN200271 (IGUANE-, FR)

visitor.omnitagjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.64.151.101 (San Francisco, United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

r.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.95.98.64 (France)

ASN16276 (OVH, FR)
PTR: ns3216658.ip-141-95-98.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	taboola.com cdn.taboola.com — Cisco Umbrella Rank: 794 trc.taboola.com — Cisco Umbrella Rank: 721 trc-events.taboola.com — Cisco Umbrella Rank: 2069 sync-t1.taboola.com — Cisco Umbrella Rank: 1683	24 KB
7	natro.com www.natro.com	167 KB
5	creativecdn.com 1 redirects tags.creativecdn.com — Cisco Umbrella Rank: 6113 ams.creativecdn.com — Cisco Umbrella Rank: 12133	4 KB
5	criteo.com 1 redirects dynamic.criteo.com — Cisco Umbrella Rank: 3481 gum.criteo.com — Cisco Umbrella Rank: 460 sslwidget.criteo.com — Cisco Umbrella Rank: 1961 dis.criteo.com — Cisco Umbrella Rank: 700	27 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 72	394 KB
3	onesignal.com cdn.onesignal.com — Cisco Umbrella Rank: 4795 onesignal.com — Cisco Umbrella Rank: 1596	74 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 326	15 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 67	87 KB
2	casalemedia.com 1 redirects r.casalemedia.com — Cisco Umbrella Rank: 1831	1 KB
2	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 265	2 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 191	72 KB
2	papermoonkids.com dubaitickets.papermoonkids.com	15 KB
1	id5-sync.com id5-sync.com — Cisco Umbrella Rank: 577	1 KB
1	omnitagjs.com visitor.omnitagjs.com — Cisco Umbrella Rank: 824	342 B
1	smartadserver.com rtb-csync.smartadserver.com — Cisco Umbrella Rank: 699	163 B
1	bidswitch.net x.bidswitch.net — Cisco Umbrella Rank: 383	235 B
1	doubleclick.net cm.g.doubleclick.net — Cisco Umbrella Rank: 264	409 B
1	isy-teamblue.services srv.isy-teamblue.services — Cisco Umbrella Rank: 810094	14 KB
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 116	269 B
1	chimpstatic.com chimpstatic.com — Cisco Umbrella Rank: 6453	511 B
0	motu-teamblue.services Failed srv.motu-teamblue.services Failed
0	1rx.io Failed sync.1rx.io Failed
0	adform.net Failed c1.adform.net Failed
0	emxdgt.com Failed e1.emxdgt.com Failed
0	yieldmo.com Failed sync-criteo.ads.yieldmo.com Failed
0	yieldlab.net Failed ad.yieldlab.net Failed
0	3lift.com Failed eb2.3lift.com Failed
0	tremorhub.com Failed criteo-partners.tremorhub.com Failed
0	teads.tv Failed criteo-sync.teads.tv Failed
0	sharethrough.com Failed match.sharethrough.com Failed
0	rubiconproject.com Failed pixel.rubiconproject.com Failed
0	pubmatic.com Failed simage2.pubmatic.com Failed
0	outbrain.com Failed sync.outbrain.com Failed
0	postrelease.com Failed jadserve.postrelease.com Failed
0	mediavine.com Failed exchange.mediavine.com Failed
0	media.net Failed contextual.media.net Failed
0	ivitrack.com Failed matching.ivitrack.com Failed
0	360yield.com Failed ad.360yield.com Failed
0	demdex.net Failed dpm.demdex.net Failed
71	39

	Domain	Requested by
7	www.natro.com	dubaitickets.papermoonkids.com
6	trc-events.taboola.com	cdn.taboola.com
4	ams.creativecdn.com	1 redirects dubaitickets.papermoonkids.com
4	www.googletagmanager.com	dubaitickets.papermoonkids.com www.googletagmanager.com
3	bat.bing.com	www.googletagmanager.com bat.bing.com dubaitickets.papermoonkids.com
3	www.google-analytics.com	dubaitickets.papermoonkids.com www.google-analytics.com
2	r.casalemedia.com	1 redirects
2	ib.adnxs.com	2 redirects
2	dynamic.criteo.com	1 redirects dubaitickets.papermoonkids.com
2	cdn.onesignal.com	www.googletagmanager.com cdn.onesignal.com
2	connect.facebook.net	www.googletagmanager.com connect.facebook.net
2	dubaitickets.papermoonkids.com
1	id5-sync.com
1	visitor.omnitagjs.com
1	sync-t1.taboola.com
1	rtb-csync.smartadserver.com
1	dis.criteo.com
1	x.bidswitch.net
1	cm.g.doubleclick.net
1	sslwidget.criteo.com	dynamic.criteo.com
1	srv.isy-teamblue.services	www.googletagmanager.com
1	gum.criteo.com	dynamic.criteo.com
1	www.facebook.com	dubaitickets.papermoonkids.com
1	onesignal.com	cdn.onesignal.com
1	trc.taboola.com	cdn.taboola.com
1	tags.creativecdn.com	dubaitickets.papermoonkids.com
1	chimpstatic.com	dubaitickets.papermoonkids.com
1	cdn.taboola.com	www.googletagmanager.com
0	srv.motu-teamblue.services Failed	srv.isy-teamblue.services
0	sync.1rx.io Failed
0	c1.adform.net Failed
0	e1.emxdgt.com Failed
0	sync-criteo.ads.yieldmo.com Failed
0	ad.yieldlab.net Failed
0	eb2.3lift.com Failed
0	criteo-partners.tremorhub.com Failed
0	criteo-sync.teads.tv Failed
0	match.sharethrough.com Failed
0	pixel.rubiconproject.com Failed
0	simage2.pubmatic.com Failed
0	sync.outbrain.com Failed
0	jadserve.postrelease.com Failed
0	exchange.mediavine.com Failed
0	contextual.media.net Failed
0	matching.ivitrack.com Failed
0	ad.360yield.com Failed
0	dpm.demdex.net Failed
71	47

This site contains links to these domains. Also see Links.

Domain
www.natro.com

Subject Issuer	Validity	Valid
www.natro.com Sectigo RSA Extended Validation Secure Server CA	`2024-05-02` - `2025-06-01`	a year	crt.sh
*.google-analytics.com WR2	`2024-06-24` - `2024-09-16`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-04-21` - `2024-07-20`	3 months	crt.sh
*.taboola.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-23` - `2024-11-22`	a year	crt.sh
www.bing.com Microsoft Azure RSA TLS Issuing CA 04	`2024-06-19` - `2024-12-16`	6 months	crt.sh
onesignal.com GTS CA 1P5	`2024-05-31` - `2024-08-29`	3 months	crt.sh
wildcardsan.us15.list-manage.com DigiCert TLS RSA SHA256 2020 CA1	`2024-06-28` - `2025-06-28`	a year	crt.sh
1589314308.rsc.cdn77.org R3	`2024-05-29` - `2024-08-27`	3 months	crt.sh
*.creativecdn.com RapidSSL TLS RSA CA G1	`2024-04-05` - `2025-04-30`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-06-18` - `2024-09-17`	3 months	crt.sh
*.isy-teamblue.services Sectigo RSA Domain Validation Secure Server CA	`2023-10-18` - `2024-10-17`	a year	crt.sh
*.g.doubleclick.net WR2	`2024-06-24` - `2024-09-16`	3 months	crt.sh
*.bidswitch.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-05-15` - `2024-08-07`	3 months	crt.sh
*.smartadserver.com DigiCert Global G3 TLS ECC SHA384 2020 CA1	`2024-01-17` - `2025-01-16`	a year	crt.sh
omnitagjs.com Sectigo RSA Domain Validation Secure Server CA	`2024-07-02` - `2025-08-01`	a year	crt.sh
*.id5-sync.com E6	`2024-07-01` - `2024-09-29`	3 months	crt.sh

This page contains 3 frames:

Primary Page: http://dubaitickets.papermoonkids.com/
Frame ID: CBADB8AD780FA48CE1F7CC1C111EA547
Requests: 38 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?topUrl=dubaitickets.papermoonkids.com&origin=onetag
Frame ID: E41A11AAE07DD39D9428AA6E73824E60
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&CriteoUserId=k-_z1K5E5bTl8FVpl04SppPfQIiZxQiRzqNTlxuw&google_cm&google_hm=ay1fejFLNUU1YlRsOEZWcGwwNFNwcFBmUUlpWnhRaVJ6cU5UbHh1dw
Frame ID: DE217F18D913C16CE51B670DDEB0602A
Requests: 27 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Türkiye’nin Lider Domain & Hosting Markası | Natro

Page URL History Show full URLs

http://dubaitickets.papermoonkids.com/ HTTP 307
https://dubaitickets.papermoonkids.com/ HTTP 307
http://dubaitickets.papermoonkids.com/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

MailChimp (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

chimpstatic\.com/mcjs-connected

OneSignal (Marketing automation) Expand

Overall confidence: 100%
Detected patterns

cdn\.onesignal\.com

Page Statistics

71
Requests

59 %
HTTPS

0 %
IPv6

39
Domains

47
Subdomains

24
IPs

7
Countries

894 kB
Transfer

2687 kB
Size

24
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.natro.com/domain-sorgulama/com-tr-domain-kayit

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://dubaitickets.papermoonkids.com/ HTTP 307
https://dubaitickets.papermoonkids.com/ HTTP 307
http://dubaitickets.papermoonkids.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 8

http://www.google-analytics.com/analytics.js HTTP 307
https://www.google-analytics.com/analytics.js

Request Chain 10

http://www.google-analytics.com/plugins/ua/ec.js HTTP 307
https://www.google-analytics.com/plugins/ua/ec.js

Request Chain 18

http://dynamic.criteo.com/js/ld/ld.js?a=50489 HTTP 302
https://dynamic.criteo.com/js/ld/ld.js?a=50489

Request Chain 33

https://ams.creativecdn.com/tags/v2?type=json HTTP 307
https://ams.creativecdn.com/tags/v2?type=json&tc=1

Request Chain 42

https://ib.adnxs.com/getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fappnexus%2Fcookiematch.aspx%3Fappnxsid%3D%24UID HTTP 302
https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=7339257236270232200

Request Chain 46

https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-UKSIo05bTl8FVpl04SppPfQIiZxUko0Kves8Tw HTTP 302
https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-UKSIo05bTl8FVpl04SppPfQIiZxUko0Kves8Tw&C=1

Request Chain 47

https://gum.criteo.com/sync?c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40 HTTP 302
https://dpm.demdex.net/ibs:dpid=28645&dpuuid=AFHAApV9dnLJlxAHnBaWVLVZXGVHgsgf

71 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
dubaitickets.papermoonkids.com/
Redirect Chain

http://dubaitickets.papermoonkids.com/
https://dubaitickets.papermoonkids.com/
http://dubaitickets.papermoonkids.com/

9 KB
9 KB

1408ms
1408ms

Document
text/html

85.159.66.62
CIZGI

General

Check archive.org

Show headers Download Go to

Full URL: http://dubaitickets.papermoonkids.com/
Protocol: HTTP/1.1
Server: 85.159.66.62 , Turkey, ASN34619 (CIZGI, TR),
Reverse DNS: 85-159-66-62.cizgi.net.tr
Software: nginx/1.14.1 /
Resource Hash: f344e8f5a46cf3bb48025bee537c2c535deef9aa6b71dcfef26cbcccd12dbdc4

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: text/html; charset=utf-8
Date: Sat, 13 Jul 2024 00:00:23 GMT
Server: nginx/1.14.1
Transfer-Encoding: chunked
X-Rate-Limit-Limit: 5s
X-Rate-Limit-Remaining: 4
X-Rate-Limit-Reset: 2024-07-13T00:00:28.7488669Z

Redirect headers

Location: http://dubaitickets.papermoonkids.com/
Non-Authoritative-Reason: HttpsUpgrades

GET
H/1.1 200
OK bootstrap.min.css
www.natro.com/ResourceFiles/v1/plugins/bootstrap-3.3.7/css/ 118 KB
22 KB 1439ms
481ms Stylesheet
text/css 89.19.5.50
CIZGI

General

Check archive.org

Show headers Download Go to

Full URL

https://www.natro.com/ResourceFiles/v1/plugins/bootstrap-3.3.7/css/bootstrap.min.css

Requested by

Host: dubaitickets.papermoonkids.com
URL: http://dubaitickets.papermoonkids.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

89.19.5.50 , Turkey, ASN34619 (CIZGI, TR),

Reverse DNS

www.natro.com

Software

Resource Hash

0ebeff2dd2d1036cfc4675dec27ba5f2e917839330473b45bbb766bb1cbe6320

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://dubaitickets.papermoonkids.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Strict-Transport-Security: max-age=63072000;
Date: Sat, 13 Jul 2024 00:00:25 GMT
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Transfer-Encoding: chunked
X-XSS-Protection: 1; mode=block
Cteonnt-Length: 121224
Last-Modified: Tue, 25 May 2021 10:37:12 GMT
ETag: "af8df4eb5151d71:0"
Expect-CT: max-age=30,report-uri="https://www.natro.com/report-collect/ct/data/"
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: private
Feature-Policy: camera 'self'; geolocation 'self'; microphone 'self'; payment 'none'; usb 'none';
Accept-Ranges: bytes

GET
H/1.1 200
OK bootstrap-toggle.min.css
www.natro.com/ResourceFiles/v1/plugins/bootstrap-3.3.7/css/ 1 KB
1 KB 1152ms
196ms Stylesheet
text/css 89.19.5.50
CIZGI

General

Check archive.org

Show headers Download Go to

Full URL

https://www.natro.com/ResourceFiles/v1/plugins/bootstrap-3.3.7/css/bootstrap-toggle.min.css

Requested by

Host: dubaitickets.papermoonkids.com
URL: http://dubaitickets.papermoonkids.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

89.19.5.50 , Turkey, ASN34619 (CIZGI, TR),

Reverse DNS

www.natro.com

Software

Resource Hash

301fa576aa3c1c609d261af6a5f132ba374488ff44088b619803996caf12ea57

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://dubaitickets.papermoonkids.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Strict-Transport-Security: max-age=63072000;
Date: Sat, 13 Jul 2024 00:00:25 GMT
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Length: 439
X-XSS-Protection: 1; mode=block
Cteonnt-Length: 1182
Last-Modified: Mon, 10 Feb 2020 15:26:15 GMT
ETag: "5f62ee6e26e0d51:0"
Expect-CT: max-age=30,report-uri="https://www.natro.com/report-collect/ct/data/"
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: private
Feature-Policy: camera 'self'; geolocation 'self'; microphone 'self'; payment 'none'; usb 'none';
Accept-Ranges: bytes

GET
H/1.1 200
OK jquery.fancybox.min.css
www.natro.com/ResourceFiles/v1/plugins/jquery-fancybox/ 64 KB
40 KB 1326ms
369ms Stylesheet
text/css 89.19.5.50
CIZGI

General

Check archive.org

Show headers Download Go to

Full URL

https://www.natro.com/ResourceFiles/v1/plugins/jquery-fancybox/jquery.fancybox.min.css

Requested by

Host: dubaitickets.papermoonkids.com
URL: http://dubaitickets.papermoonkids.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

89.19.5.50 , Turkey, ASN34619 (CIZGI, TR),

Reverse DNS

www.natro.com

Software

Resource Hash

929077a45497d5ebdc382c45c5f839e0448c8aa3892e804ebb1ebff4a13d6c54

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://dubaitickets.papermoonkids.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Strict-Transport-Security: max-age=63072000;
Date: Sat, 13 Jul 2024 00:00:25 GMT
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Transfer-Encoding: chunked
X-XSS-Protection: 1; mode=block
Cteonnt-Length: 65055
Last-Modified: Mon, 10 Feb 2020 15:24:02 GMT
ETag: "5cd98c1f26e0d51:0"
Expect-CT: max-age=30,report-uri="https://www.natro.com/report-collect/ct/data/"
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: private
Feature-Policy: camera 'self'; geolocation 'self'; microphone 'self'; payment 'none'; usb 'none';
Accept-Ranges: bytes

GET
H/1.1 200
OK font-awesome.min.css
www.natro.com/ResourceFiles/v1/css/ 30 KB
8 KB 1152ms
195ms Stylesheet
text/css 89.19.5.50
CIZGI

General

Check archive.org

Show headers Download Go to

Full URL

https://www.natro.com/ResourceFiles/v1/css/font-awesome.min.css

Requested by

Host: dubaitickets.papermoonkids.com
URL: http://dubaitickets.papermoonkids.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

89.19.5.50 , Turkey, ASN34619 (CIZGI, TR),

Reverse DNS

www.natro.com

Software

Resource Hash

4ef45603673a97569bce9393d60f0e28e7fc4ceac5c14290a0b765d9b5d8d4b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://dubaitickets.papermoonkids.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Strict-Transport-Security: max-age=63072000;
Date: Sat, 13 Jul 2024 00:00:25 GMT
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Content-Length: 7325
X-XSS-Protection: 1; mode=block
Cteonnt-Length: 31023
Last-Modified: Tue, 25 May 2021 10:33:40 GMT
ETag: "363fc66d5151d71:0"
Expect-CT: max-age=30,report-uri="https://www.natro.com/report-collect/ct/data/"
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: private
Feature-Policy: camera 'self'; geolocation 'self'; microphone 'self'; payment 'none'; usb 'none';
Accept-Ranges: bytes

GET
H/1.1 200
OK bundle_header1.css
www.natro.com/ResourceFiles/v1/bundle/css/ 191 KB
39 KB 1446ms
490ms Stylesheet
text/css 89.19.5.50
CIZGI

General

Check archive.org

Show headers Download Go to

Full URL

https://www.natro.com/ResourceFiles/v1/bundle/css/bundle_header1.css?ver=99fa2324-0b89-5394-4362-019569131911

Requested by

Host: dubaitickets.papermoonkids.com
URL: http://dubaitickets.papermoonkids.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

89.19.5.50 , Turkey, ASN34619 (CIZGI, TR),

Reverse DNS

www.natro.com

Software

Resource Hash

1990692e5cc2706b8293a46ecbe9392160d8ce06a8e605471f79ec6545d11971

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://dubaitickets.papermoonkids.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Strict-Transport-Security: max-age=63072000;
Date: Sat, 13 Jul 2024 00:00:25 GMT
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Transfer-Encoding: chunked
X-XSS-Protection: 1; mode=block
Cteonnt-Length: 195089
Last-Modified: Wed, 16 Feb 2022 09:23:34 GMT
ETag: "78e8edde1623d81:0"
Expect-CT: max-age=30,report-uri="https://www.natro.com/report-collect/ct/data/"
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: private
Feature-Policy: camera 'self'; geolocation 'self'; microphone 'self'; payment 'none'; usb 'none';
Accept-Ranges: bytes

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 240 KB
85 KB 2729ms
1292ms Script
application/javascript 216.58.206.72
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-1064986870

Requested by

Host: dubaitickets.papermoonkids.com
URL: http://dubaitickets.papermoonkids.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.72 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s08-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

403733d3264cab8fa25910144ba0a4bd43d3fe6b3abafb97ef1311090a00eb68

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: http://dubaitickets.papermoonkids.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 13 Jul 2024 00:00:28 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 87038
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 13 Jul 2024 00:00:28 GMT

GET
H/1.1 200
OK logo_natro.com.png
www.natro.com/ResourceFiles/v1/images/header/ 3 KB
3 KB 416ms
415ms Image
image/png 89.19.5.50
CIZGI

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.natro.com/ResourceFiles/v1/images/header/logo_natro.com.png

Requested by

Host: dubaitickets.papermoonkids.com
URL: http://dubaitickets.papermoonkids.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

89.19.5.50 , Turkey, ASN34619 (CIZGI, TR),

Reverse DNS

www.natro.com

Software

Resource Hash

49339d2dfb3d62104a8863b56e31cb5d8dbea54185e189b9ed031697712265d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://dubaitickets.papermoonkids.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Strict-Transport-Security: max-age=63072000;
Date: Sat, 13 Jul 2024 00:00:25 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 24 Jan 2017 13:44:38 GMT
ETag: "0a76014876d21:0"
Expect-CT: max-age=30,report-uri="https://www.natro.com/report-collect/ct/data/"
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Access-Control-Allow-Origin: *
Feature-Policy: camera 'self'; geolocation 'self'; microphone 'self'; payment 'none'; usb 'none';
Accept-Ranges: bytes
Content-Length: 2734
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK 700x150.png
www.natro.com/ResourceFiles/v1/images/expired-domain/ 53 KB
54 KB 1677ms
1677ms Image
image/png 89.19.5.50
CIZGI

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.natro.com/ResourceFiles/v1/images/expired-domain/700x150.png

Requested by

Host: dubaitickets.papermoonkids.com
URL: http://dubaitickets.papermoonkids.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

89.19.5.50 , Turkey, ASN34619 (CIZGI, TR),

Reverse DNS

www.natro.com

Software

Resource Hash

5f92f594b21ca88b9c24fa8aba1dc5dd583fe94dc12b823bc05ddf8efaf06713

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://dubaitickets.papermoonkids.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Strict-Transport-Security: max-age=63072000;
Date: Sat, 13 Jul 2024 00:00:25 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 25 Apr 2024 13:34:55 GMT
ETag: "36434c5c1597da1:0"
Expect-CT: max-age=30,report-uri="https://www.natro.com/report-collect/ct/data/"
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Access-Control-Allow-Origin: *
Feature-Policy: camera 'self'; geolocation 'self'; microphone 'self'; payment 'none'; usb 'none';
Accept-Ranges: bytes
Content-Length: 54217
X-XSS-Protection: 1; mode=block

GET
H2

200

analytics.js Show response
www.google-analytics.com/
Redirect Chain

http://www.google-analytics.com/analytics.js
https://www.google-analytics.com/analytics.js

52 KB
21 KB

2628ms
1223ms

Script
text/javascript

142.250.186.142
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: dubaitickets.papermoonkids.com
URL: http://dubaitickets.papermoonkids.com/

Protocol

Server

142.250.186.142 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://dubaitickets.papermoonkids.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 12 Jul 2024 22:29:07 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 5481
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Sat, 13 Jul 2024 00:29:07 GMT

Redirect headers

Location: https://www.google-analytics.com/analytics.js
Non-Authoritative-Reason: HSTS
Cross-Origin-Resource-Policy: Cross-Origin

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 335 KB
105 KB 4506ms
3076ms Script
application/javascript 216.58.206.72
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-P4KC6PC

Requested by

Host: dubaitickets.papermoonkids.com
URL: http://dubaitickets.papermoonkids.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.72 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s08-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

6a13044e96fde5d99b9879ddb583ceb24be49fed08cea5e0bea6892fbad5f40c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: http://dubaitickets.papermoonkids.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 13 Jul 2024 00:00:28 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 107582
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 13 Jul 2024 00:00:28 GMT

GET
H2

200

ec.js Show response
www.google-analytics.com/plugins/ua/
Redirect Chain

http://www.google-analytics.com/plugins/ua/ec.js
https://www.google-analytics.com/plugins/ua/ec.js

3 KB
1 KB

294ms
294ms

Script
text/javascript

142.250.186.142
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/ec.js

Requested by

Host: dubaitickets.papermoonkids.com
URL: http://dubaitickets.papermoonkids.com/

Protocol

Server

142.250.186.142 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f14.1e100.net

Software

sffe /

Resource Hash

058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://dubaitickets.papermoonkids.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Fri, 12 Jul 2024 23:52:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 463
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1129
x-xss-protection: 0
last-modified: Tue, 27 Jun 2023 17:28:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sat, 13 Jul 2024 00:52:47 GMT

Redirect headers

Location: https://www.google-analytics.com/plugins/ua/ec.js
Non-Authoritative-Reason: HSTS
Cross-Origin-Resource-Policy: Cross-Origin

GET
H2 200 js Show response
www.google-analytics.com/gtm/ 178 KB
65 KB 655ms
654ms Script
application/javascript 142.250.186.142
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=GTM-K36338Q&cid=724075009.1720828830

Requested by

Host: www.google-analytics.com
URL: http://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.142 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f14.1e100.net

Software

Google Tag Manager /

Resource Hash

2dd9346bbd91387ccdac48c7949884c7e74132ff40b982ff90edc9cfcced6bab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: http://dubaitickets.papermoonkids.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 13 Jul 2024 00:00:30 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 66154
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 13 Jul 2024 00:00:30 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 300 KB
101 KB 145ms
144ms Script
application/javascript 216.58.206.72
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-6F29RTKSQ1&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P4KC6PC

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.72 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s08-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

22faf486389e0998644a9608725cf3d0d7472604c19b069fd001d3eb52b8392e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: http://dubaitickets.papermoonkids.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 13 Jul 2024 00:00:32 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 103597
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 13 Jul 2024 00:00:32 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 307 KB
102 KB 2122ms
2121ms Script
application/javascript 216.58.206.72
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-5L6PF9V986&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P4KC6PC

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.72 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s08-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

88d13c0b0c2f30f42f6470966ddc3717647be5d10e4a2ced9c9aa8c23eedafc1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: http://dubaitickets.papermoonkids.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 13 Jul 2024 00:00:32 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 103947
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 13 Jul 2024 00:00:32 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 223 KB
60 KB 3698ms
1254ms Script
application/x-javascript 157.240.253.1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P4KC6PC

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.253.1 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-fra5.fbcdn.net

Software

Resource Hash

c4832b19dd5406ac0855426096610e532861e94c65819651ada45299002455de

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: http://dubaitickets.papermoonkids.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Sat, 13 Jul 2024 00:00:34 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 58653
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=43, rtx=0, c=14, mss=1392, tbw=2779, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma: public
x-fb-debug: 6i9Om59QR9Nv+yavpJfNus1pDqSNRq4bEnVRlwfI7W2ruBfXtC14+YR4kFEyu72lgxCXYc8MD/QvajV3V1cazw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 tfa.js Show response
cdn.taboola.com/libtrc/unip/1515898/ 70 KB
22 KB 2125ms
1678ms Script
application/javascript 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.taboola.com/libtrc/unip/1515898/tfa.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P4KC6PC
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1e50c5105f83e90e8e1bf401b8942127114ed1b681f96704504815ac8805c229

Request headers

Referer: http://dubaitickets.papermoonkids.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id: SMKTzcZ5h7UxXUZcHAX.vt82PZ4R4mRp
content-encoding: gzip
via: 1.1 varnish
date: Sat, 13 Jul 2024 00:00:32 GMT
x-amz-request-id: 2NKZ9YB3FCVZ49MT
age: 0
x-amz-server-side-encryption: AES256
x-cache: HIT
x-amz-replication-status: COMPLETED
content-length: 21717
x-amz-id-2: Yu9Yo2iJ73RXsWfFW5hNi+g2mRZREOVFDpK6trScXZsHoGWclmvkpMo+LjEPnpvolinDjzkSb6Q=
x-served-by: cache-hel1410024-HEL
last-modified: Sun, 07 Jul 2024 12:12:26 GMT
server: AmazonS3
x-timer: S1720828833.591654,VS0,VE210
etag: "f0628911c4fc58013cc4bb9c34458efa"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
abp: 15
access-control-allow-origin: *
cache-control: private,max-age=14401
accept-ranges: bytes
x-cache-hits: 0

GET
H2 200 bat.js Show response
bat.bing.com/ 48 KB
14 KB 4959ms
1822ms Script
application/javascript 204.79.197.237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P4KC6PC

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

204.79.197.237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

b14f93366112e862d6032df772a33da61005b427a7f5a37dfc0a665b0e226b49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: http://dubaitickets.papermoonkids.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Sat, 13 Jul 2024 00:00:34 GMT
last-modified: Fri, 12 Jul 2024 05:17:54 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 07D9ACDF8D75408AACF240490419E9FB Ref B: STOEDGE0912 Ref C: 2024-07-13T00:00:35Z
etag: "0ed40d91ad4da1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 14176

GET
H2 200 OneSignalSDK.js Show response
cdn.onesignal.com/sdks/ 9 KB
3 KB 3401ms
973ms Script
application/javascript 104.17.111.223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.onesignal.com/sdks/OneSignalSDK.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P4KC6PC

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.111.223 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4191d89ec03bce5dc273716075335e31851031184b0fff0ab9fc900a8442019f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

Referer: http://dubaitickets.papermoonkids.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 13 Jul 2024 00:00:34 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains
age: 3114
etag: W/"a87c48d211877c49b878679b2e3cdab8"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 8a24fe582dcb4c7e-HEL
access-control-allow-headers: OneSignal-Subscription-Id
alt-svc: h3=":443"; ma=86400
expires: Tue, 16 Jul 2024 00:00:34 GMT

GET
H2

200

ld.js Show response
dynamic.criteo.com/js/ld/
Redirect Chain

http://dynamic.criteo.com/js/ld/ld.js?a=50489
https://dynamic.criteo.com/js/ld/ld.js?a=50489

50 KB
21 KB

6900ms
1119ms

Script
application/javascript

178.250.1.13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://dynamic.criteo.com/js/ld/ld.js?a=50489

Requested by

Host: dubaitickets.papermoonkids.com
URL: http://dubaitickets.papermoonkids.com/

Protocol

Server

178.250.1.13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

95bc3288f334c3e630b700a3e932ced55881a4a2b800e22c9fd4b5f73969acfc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: http://dubaitickets.papermoonkids.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 13 Jul 2024 00:00:40 GMT
content-encoding: br
strict-transport-security: max-age=31536000; preload;
server: Kestrel
vary: Origin, Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public,max-age=10800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *

Redirect headers

location: https://dynamic.criteo.com/js/ld/ld.js?a=50489
cache-control: no-cache
content-length: 0

GET
H/1.1 200
OK f3b1cff520b974100600a92b9.js Show response
chimpstatic.com/mcjs-connected/js/users/ef9aed3c33d7f990407e268e5/ 50 B
511 B 2129ms
1215ms Script
application/javascript 2.17.177.117
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://chimpstatic.com/mcjs-connected/js/users/ef9aed3c33d7f990407e268e5/f3b1cff520b974100600a92b9.js
Requested by: Host: dubaitickets.papermoonkids.com
URL: http://dubaitickets.papermoonkids.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2.17.177.117 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-17-177-117.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: f6e4f5edb3194334a199f0bf80b38d92a0b7388330fbce94c8c0fb2f852c171f

Request headers

Referer: http://dubaitickets.papermoonkids.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Sat, 13 Jul 2024 00:00:34 GMT
Last-Modified: Wed, 18 Mar 2020 15:28:07 GMT
Server: AmazonS3
x-amz-request-id: PPB95V55SG4RM776
ETag: "104d46a3208b40e8ded389332f5a78a3"
Content-Type: application/javascript
Cache-Control: max-age=1052
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 50
x-amz-id-2: o69yGtHz2M8231pPpAWMicjXdPJc0FtA0LO6HomKnzQp6Z2T8J0IVE8XoHE7T8lnVtz4mpRLiMY=
Expires: Sat, 13 Jul 2024 00:18:06 GMT

GET
H2 200 lz4l6Qh4IjV0syDs20L8.js Show response
tags.creativecdn.com/ 4 KB
2 KB 6182ms
355ms Script
application/javascript 156.146.33.14
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.creativecdn.com/lz4l6Qh4IjV0syDs20L8.js
Requested by: Host: dubaitickets.papermoonkids.com
URL: http://dubaitickets.papermoonkids.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 156.146.33.14 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS: 413474573.fra.cdn77.com
Software: CDN77-Turbo /
Resource Hash: a18ebd731b20d7404e2eed45ad15a0e9068ec7c4eb6d95da6727c086e366227d

Request headers

Referer: http://dubaitickets.papermoonkids.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Sat, 13 Jul 2024 00:00:40 GMT
content-encoding: gzip
x-accel-date-max: 1716822994
x-guploader-uploadid: ABPtcPrj5_8jGMxXkhdCTOg3n7kkYGq39UgYY0VTqChm9HvxSuQu3Ywfh6kHjFp2w4BCb457jQOFnx2AiQ
x-77-cache: HIT
x-cache: REVALIDATED
x-goog-storage-class: STANDARD
x-guploader-response-body-transformations: gunzipped
x-goog-metageneration: 4
x-goog-stored-content-encoding: gzip
x-age: 2853
x-accel-date: 1720825987
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-77-nzt: EgwBnJIhDQG2JQsAAAwBJRPCMQH3VQkAAA
x-accel-expires: @1720832214
x-77-age: 2853
last-modified: Mon, 30 Jan 2023 13:51:17 GMT
server: CDN77-Turbo
etag: W/"7dd71e4b922b44d4a1b639cea2047fcd"
x-77-nzt-ray: 0d1fa518294346c8a8c39166c8c22c1a
vary: Accept-Encoding
x-goog-generation: 1675086677850694
content-type: application/javascript
x-goog-hash: crc32c=U/iOdA==, md5=fdceS5IrRNShtjnOogR/zQ==
cache-control: public, max-age=3600
warning: 214 UploadServer gunzipped
x-goog-stored-content-length: 1741
expires: Mon, 27 May 2024 15:36:45 GMT

GET
H2 200 json Show response
trc.taboola.com/1515898/trc/3/ 2 KB
2 KB 1015ms
1008ms Script
application/javascript 151.101.129.44
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://trc.taboola.com/1515898/trc/3/json?tim=1720828834728&data=%7B%22id%22%3A996%2C%22ii%22%3A%22%2Fdomain-expired-page.asp%22%2C%22it%22%3A%22video%22%2C%22sd%22%3Anull%2C%22ui%22%3Anull%2C%22vi%22%3A1720828834718%2C%22cv%22%3A%2220240707-12-RELEASE%22%2C%22uiv%22%3A%22default%22%2C%22u%22%3A%22https%3A%2F%2Fwww.natro.com%2Fdomain-expired-page.asp%22%2C%22e%22%3Anull%2C%22cb%22%3A%22TFASC.trkCallback%22%2C%22qs%22%3A%22%22%2C%22r%22%3A%5B%7B%22li%22%3A%22rbox-tracking%22%2C%22s%22%3A0%2C%22uim%22%3A%22rbox-tracking%3Apub%3Dnatrohosting-turkey-sc%3Aabp%3D0%22%2C%22uip%22%3A%22rbox-tracking%22%2C%22orig_uip%22%3A%22rbox-tracking%22%7D%5D%2C%22mpvd%22%3A%7B%22en%22%3A%22page_view%22%2C%22tim%22%3A1720828834726%2C%22ref%22%3Anull%2C%22item-url%22%3A%22http%3A%2F%2Fdubaitickets.papermoonkids.com%2F%22%2C%22tos%22%3A2%2C%22ssd%22%3A1%2C%22scd%22%3A0%2C%22supv%22%3Atrue%7D%7D&pubit=i
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1515898/tfa.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.129.44 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: f5553d3903603a92b0cb85f464da1f3f2aca6d8df4634b407e5018e5715fd5b4

Request headers

Referer: http://dubaitickets.papermoonkids.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-vcl-time-ms: 95
date: Sat, 13 Jul 2024 00:00:34 GMT
content-encoding: gzip
via: 1.1 varnish
cpu: 0.10275000000000001
x-fastly-to-nlb-rtt: 87729
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
x-service-version: v1
x-served-by: cache-hel1410024-HEL
x-log-content-encoding: gzip
server: nginx
x-timer: S1720828835.773713,VS0,VE95
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H2 200 OneSignalPageSDKES6.js Show response
cdn.onesignal.com/sdks/ 284 KB
68 KB 4755ms
4754ms Script
application/javascript 104.17.111.223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151605

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.111.223 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ebe0f94ca53bc5f7d865f89aec5b0315bca03ace6942d6c1c76d94d5b59d419a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

Referer: http://dubaitickets.papermoonkids.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 13 Jul 2024 00:00:35 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains
age: 3109
etag: W/"e3be409ac3c100e2a5d3f264ec260551"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 8a24fe5e9fff4c7e-HEL
access-control-allow-headers: OneSignal-Subscription-Id
alt-svc: h3=":443"; ma=86400
expires: Tue, 16 Jul 2024 00:00:35 GMT

GET
H2 204 unip Show response
trc-events.taboola.com/1515898/log/3/ 0
256 B 834ms
228ms XHR
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://trc-events.taboola.com/1515898/log/3/unip?en=pre_d_eng_tb&tos=1552&scd=0&ssd=1&est=1720828834724&ver=36&isls=true&src=i&invt=1500&msa=0&rv=1&tim=1720828836277&vi=1720828834718&ri=1b6f8233dec0e3dfc290a864ce56e95e&ref=null&cv=20240707-12-RELEASE&item-url=http%3A%2F%2Fdubaitickets.papermoonkids.com%2F
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1515898/tfa.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://dubaitickets.papermoonkids.com/
Attribution-Reporting-Eligible: trigger
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: http://dubaitickets.papermoonkids.com
pragma: no-cache
date: Sat, 13 Jul 2024 00:00:41 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

OPTIONS
H2 200 unip
trc-events.taboola.com/1515898/log/3/ Frame 0
0 4294ms
219ms Preflight 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://trc-events.taboola.com/1515898/log/3/unip?en=pre_d_eng_tb&tos=1552&scd=0&ssd=1&est=1720828834724&ver=36&isls=true&src=i&invt=1500&msa=0&rv=1&tim=1720828836277&vi=1720828834718&ri=1b6f8233dec0e3dfc290a864ce56e95e&ref=null&cv=20240707-12-RELEASE&item-url=http%3A%2F%2Fdubaitickets.papermoonkids.com%2F
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: http://dubaitickets.papermoonkids.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-origin: http://dubaitickets.papermoonkids.com
allow: GET, HEAD, POST, TRACE, OPTIONS
content-length: 0
date: Sat, 13 Jul 2024 00:00:40 GMT
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
server: nginx

GET
H2 200 878593825489697 Show response
connect.facebook.net/signals/config/ 60 KB
13 KB 3056ms
3055ms Script
application/x-javascript 157.240.253.1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/878593825489697?v=2.9.161&r=stable&domain=dubaitickets.papermoonkids.com&hme=e67e7d148043b3a377ad0eb1c82669792a67ba5e3bb5734b69e611ae38f939ca&ex_m=68%2C115%2C102%2C106%2C59%2C3%2C95%2C67%2C15%2C92%2C85%2C49%2C52%2C163%2C166%2C178%2C174%2C175%2C177%2C28%2C96%2C51%2C74%2C176%2C158%2C161%2C171%2C172%2C179%2C124%2C39%2C33%2C136%2C14%2C48%2C184%2C183%2C126%2C17%2C38%2C1%2C41%2C63%2C64%2C65%2C69%2C89%2C16%2C13%2C91%2C88%2C87%2C103%2C50%2C105%2C37%2C104%2C29%2C25%2C159%2C162%2C133%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C55%2C60%2C62%2C72%2C97%2C26%2C73%2C8%2C7%2C77%2C46%2C20%2C99%2C98%2C100%2C93%2C9%2C19%2C18%2C82%2C54%2C80%2C32%2C71%2C0%2C90%2C31%2C79%2C84%2C45%2C44%2C83%2C36%2C4%2C86%2C78%2C42%2C34%2C81%2C2%2C35%2C61%2C40%2C101%2C43%2C76%2C66%2C107%2C58%2C57%2C30%2C94%2C56%2C53%2C47%2C75%2C70%2C23%2C108

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.253.1 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-fra5.fbcdn.net

Software

Resource Hash

2a101da6d892222f9b6fa3499e42cf531c819f4ad9177d48c417edefc9c119a7

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: http://dubaitickets.papermoonkids.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Sat, 13 Jul 2024 00:00:38 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: GOOD; q=0.7, rtt=54, rtx=0, c=62, mss=1392, tbw=64169, tp=-1, tpl=-1, uplat=831, ullat=0
pragma: public
x-fb-debug: LUB1JlW83gIPCt57tPCuQbe+6lMbwPIR0ZbLFdrEORMkY9VWTne9+E5fr1YZds0aeQqnGVW/y023Q1Bd5jSMRg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 187104494.js Show response
bat.bing.com/p/action/ 335 B
401 B 2919ms
2918ms Script
application/javascript 204.79.197.237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/187104494.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

204.79.197.237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e34b6183bbc1c26a52b550dedb710ba0b80b84585c873937d88dc8739090b71a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: http://dubaitickets.papermoonkids.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
date: Sat, 13 Jul 2024 00:00:36 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 37B0501689384873ACF86D8C18D3C7FE Ref B: STOEDGE0912 Ref C: 2024-07-13T00:00:37Z
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
cache-control: private,max-age=1800

GET
H2 204 0
bat.bing.com/action/ 0
284 B 178ms
176ms Image
text/plain 204.79.197.237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=187104494&tm=gtm002&Ver=2&mid=f30126d0-36c7-4104-a861-447142fa6287&sid=efd686a040aa11efa9ac891ecbec2593&vid=efd6a92040aa11efb0a72be9c35f7028&vids=1&msclkid=N&pi=918639831&lg=fi-FI&sw=1600&sh=1200&sc=24&tl=T%C3%BCrkiye%E2%80%99nin%20Lider%20Domain%20%26%20Hosting%20Markas%C4%B1%20%7C%20Natro&p=http%3A%2F%2Fdubaitickets.papermoonkids.com%2F&r=&lt=6527&evt=pageLoad&sv=1&cdb=AQAA&rn=480877

Requested by

Host: dubaitickets.papermoonkids.com
URL: http://dubaitickets.papermoonkids.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

204.79.197.237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: http://dubaitickets.papermoonkids.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Sat, 13 Jul 2024 00:00:39 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 168AAFE69A6147F9A11600227D92BC5D Ref B: STOEDGE0912 Ref C: 2024-07-13T00:00:40Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 unip Show response
trc-events.taboola.com/1515898/log/3/ 0
255 B 834ms
229ms XHR
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://trc-events.taboola.com/1515898/log/3/unip?en=pre_d_eng_tb&tos=4554&scd=0&ssd=1&est=1720828834724&ver=36&isls=true&src=i&invt=3000&msa=0&rv=1&tim=1720828839279&vi=1720828834718&ri=1b6f8233dec0e3dfc290a864ce56e95e&ref=null&cv=20240707-12-RELEASE&item-url=http%3A%2F%2Fdubaitickets.papermoonkids.com%2F
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1515898/tfa.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://dubaitickets.papermoonkids.com/
Attribution-Reporting-Eligible: trigger
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: http://dubaitickets.papermoonkids.com
pragma: no-cache
date: Sat, 13 Jul 2024 00:00:41 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

OPTIONS
H2 200 unip
trc-events.taboola.com/1515898/log/3/ Frame 0
0 1293ms
219ms Preflight 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://trc-events.taboola.com/1515898/log/3/unip?en=pre_d_eng_tb&tos=4554&scd=0&ssd=1&est=1720828834724&ver=36&isls=true&src=i&invt=3000&msa=0&rv=1&tim=1720828839279&vi=1720828834718&ri=1b6f8233dec0e3dfc290a864ce56e95e&ref=null&cv=20240707-12-RELEASE&item-url=http%3A%2F%2Fdubaitickets.papermoonkids.com%2F
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: http://dubaitickets.papermoonkids.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-origin: http://dubaitickets.papermoonkids.com
allow: GET, HEAD, POST, TRACE, OPTIONS
content-length: 0
date: Sat, 13 Jul 2024 00:00:40 GMT
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
server: nginx

GET
H2 200 web Show response
onesignal.com/api/v1/sync/e2e641db-4302-4e8b-9152-5c15e85bf94e/ 5 KB
2 KB 181ms
167ms Script
text/javascript 104.17.111.223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onesignal.com/api/v1/sync/e2e641db-4302-4e8b-9152-5c15e85bf94e/web?callback=__jp0

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151605

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.111.223 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

632b9b240994cde6851a2001f07fb5e5cde6195e6c8ae6789d6623cc2c6311f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://dubaitickets.papermoonkids.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 13 Jul 2024 00:00:40 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
x-permitted-cross-domain-policies: none
strict-transport-security: max-age=15552000; includeSubDomains
cf-polished: origSize=4661
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
x-request-id: 99e49524-efca-4862-bc5e-0ad73c0378d3
x-runtime: 0.026267
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
etag: W/"84a11a8a66d5e2994ba39ccb9cda3146"
x-download-options: noopen
vary: Origin, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600
cf-ray: 8a24fe7ddc3f4c7e-HEL
access-control-allow-headers: SDK-Version
expires: Sat, 13 Jul 2024 01:00:40 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
269 B 953ms
290ms Image
text/plain 157.240.252.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=878593825489697&ev=PageView&dl=http%3A%2F%2Fdubaitickets.papermoonkids.com%2F&rl=&if=false&ts=1720828840537&sw=1600&sh=1200&v=2.9.161&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=4126&fbp=fb.1.1720828840536.364963501502647596&ler=empty&cdl=API_unavailable&it=1720828837279&coo=false&tm=1&rqm=GET

Requested by

Host: dubaitickets.papermoonkids.com
URL: http://dubaitickets.papermoonkids.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.252.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-fra3.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: http://dubaitickets.papermoonkids.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality: GOOD; q=0.7, rtt=51, rtx=0, c=10, mss=1392, tbw=2783, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Sat, 13 Jul 2024 00:00:41 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 0
0

POST
H2

204

v2 Show response
ams.creativecdn.com/tags/
Redirect Chain

https://ams.creativecdn.com/tags/v2?type=json
https://ams.creativecdn.com/tags/v2?type=json&tc=1

0
183 B

311ms
309ms

Fetch

185.184.8.90
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://ams.creativecdn.com/tags/v2?type=json&tc=1
Requested by: Host: dubaitickets.papermoonkids.com
URL: http://dubaitickets.papermoonkids.com/
Protocol: H2
Server: 185.184.8.90 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, CY),
Reverse DNS: ip-185-184-8-90.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://dubaitickets.papermoonkids.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: http://dubaitickets.papermoonkids.com
access-control-allow-credentials: true
vary: Origin
access-control-max-age: 3600
access-control-allow-methods: GET, POST, OPTIONS

Redirect headers

pragma: no-cache
date: Sat, 13 Jul 2024 00:00:41 GMT, Sat, 13 Jul 2024 00:00:41 GMT
access-control-max-age: 3600
vary: Origin
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
access-control-allow-origin: http://dubaitickets.papermoonkids.com
access-control-allow-methods: GET, POST
location: https://ams.creativecdn.com/tags/v2?type=json&tc=1
access-control-allow-credentials: true
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT, Thu, 01 Jan 1970 00:00:00 GMT

OPTIONS
H2 200 v2
ams.creativecdn.com/tags/ Frame 0
0 641ms
155ms Preflight 185.184.8.90
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://ams.creativecdn.com/tags/v2?type=json
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.90 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, CY),
Reverse DNS: ip-185-184-8-90.rtbhouse.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: http://dubaitickets.papermoonkids.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET, POST
access-control-allow-origin: http://dubaitickets.papermoonkids.com
access-control-max-age: 3600
content-length: 0
date: Sat, 13 Jul 2024 00:00:41 GMT
vary: Origin

GET
H2 200 syncframe
gum.criteo.com/ Frame E41A 0
0 937ms
304ms Document
text/html 178.250.1.11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?topUrl=dubaitickets.papermoonkids.com&origin=onetag

Requested by

Host: dynamic.criteo.com
URL: http://dynamic.criteo.com/js/ld/ld.js?a=50489

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: http://dubaitickets.papermoonkids.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sat, 13 Jul 2024 00:00:41 GMT
server: Kestrel
server-processing-duration-in-ticks: 290837
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
x-robots-tag: noindex

OPTIONS
H2 200 v2
ams.creativecdn.com/tags/ Frame 0
0 124ms
123ms Preflight 185.184.8.90
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://ams.creativecdn.com/tags/v2?type=json&tc=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.90 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, CY),
Reverse DNS: ip-185-184-8-90.rtbhouse.net
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: http://dubaitickets.papermoonkids.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET, POST
access-control-allow-origin: http://dubaitickets.papermoonkids.com
access-control-max-age: 3600
content-length: 0
date: Sat, 13 Jul 2024 00:00:42 GMT
vary: Origin

GET
H/1.1 200
OK skeletor.js Show response
srv.isy-teamblue.services/js/ 31 KB
14 KB 1095ms
473ms Script
application/javascript 81.88.57.79
REGISTER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://srv.isy-teamblue.services/js/skeletor.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P4KC6PC
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 81.88.57.79 , Italy, ASN39729 (REGISTER-AS, IT),
Reverse DNS
Software: /
Resource Hash: 343786bbfc299290abf8ae1714c93e79237b1fad54d7d8085c01fd9ca28e4e2d

Request headers

Referer: http://dubaitickets.papermoonkids.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 13 Jul 2024 00:00:43 GMT
Content-Encoding: gzip
Last-Modified: Thu, 04 Jul 2024 14:12:46 GMT
ETag: W/"6686adde-7d1e"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: no-cache, no-store, must-revalidate, proxy-revalidate
Expires: Fri, 12 Jul 2024 00:00:43 GMT

GET
H/1.1 200
OK favicon.ico
dubaitickets.papermoonkids.com/ 5 KB
6 KB 430ms
423ms Other
image/x-icon 85.159.66.62
CIZGI

General

Check archive.org

Show headers Download Go to

Full URL: http://dubaitickets.papermoonkids.com/favicon.ico
Protocol: HTTP/1.1
Server: 85.159.66.62 , Turkey, ASN34619 (CIZGI, TR),
Reverse DNS: 85-159-66-62.cizgi.net.tr
Software: nginx/1.14.1 /
Resource Hash: 26dc5ff4bfb9213291735808465e156d4a4691135f3815e3613761243e1f69c3

Request headers

Referer: http://dubaitickets.papermoonkids.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Sat, 13 Jul 2024 00:00:42 GMT
Last-Modified: Thu, 13 Oct 2022 18:04:50 GMT
Server: nginx/1.14.1
Accept-Ranges: bytes
ETag: "1d8df2e4960d836"
Content-Length: 5430
Content-Type: image/x-icon

GET
H2 200 event Show response
sslwidget.criteo.com/ 10 KB
5 KB 830ms
465ms Script
application/x-javascript 178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://sslwidget.criteo.com/event?a=50489&v=5.26.1&otl=1&p0=e%3Dce%26m%3D%255B%255D&p1=e%3Dexd%26z%3D%26site_type%3Dd&p2=e%3Dvh%26tms%3Dgtm-ee-1.1.0&p3=e%3Ddis&adce=1&bundle=KYvR1F9JWWhzMFNJTTdNWWhHNTk2RkRDb3A0RktDZWUlMkJtZXBZRHhIN2c0cWNxWFZjJTJGa2syaWpwN05rNlVsV20lMkI0TWRrMVVmd3B2OTRBY1cyZllEbkZTck1CZk9YT1l5VW0xbmJGJTJGaURiVDRtVGcwcWswSGU3bzViNmtNSVpVSGlWcW9PSzJNM1liUDhpeGo0Q0dVNWMzMTNLaHpMRndpTmpyNGJTY3BpQlpwckJPNCUzRA&sc=%7B%22fbp%22%3A%22fb.1.1720828840536.364963501502647596%22%7D&tld=papermoonkids.com&dy=1&fu=http%253A%252F%252Fdubaitickets.papermoonkids.com%252F&ceid=82e0f9a8-22dd-487a-9f36-0bd57774b71d

Requested by

Host: dynamic.criteo.com
URL: http://dynamic.criteo.com/js/ld/ld.js?a=50489

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

b59bc8d15f4d4049424ef7cd6aa8b7e5bebafe8372767b8d1dc27c21279fc712

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: http://dubaitickets.papermoonkids.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jul 2024 00:00:42 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
server: Kestrel
content-type: application/x-javascript
access-control-allow-origin: *
p3p: NON DSP COR CURa PSA PSD OUR BUS NAV STA
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 7766381
timing-allow-origin: *
expires: 0

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame DE21 170 B
409 B 779ms
362ms Image
image/png 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&CriteoUserId=k-_z1K5E5bTl8FVpl04SppPfQIiZxQiRzqNTlxuw&google_cm&google_hm=ay1fejFLNUU1YlRsOEZWcGwwNFNwcFBmUUlpWnhRaVJ6cU5UbHh1dw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jul 2024 00:00:44 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK sync
x.bidswitch.net/ Frame DE21 43 B
235 B 1009ms
352ms Image
image/gif 35.214.149.91
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?dsp_id=46&user_id=k-z6dSRk5bTl8FVpl04SppPfQIiZzO_yhKZvmfeA&expires=30
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 35.214.149.91 Groningen, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS: 91.149.214.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Sat, 13 Jul 2024 00:00:44 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2

200

cookiematch.aspx
dis.criteo.com/dis/rtb/appnexus/ Frame DE21
Redirect Chain

https://ib.adnxs.com/getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fappnexus%2Fcookiematch.aspx%3Fappnxsid%3D%24UID
https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=7339257236270232200

43 B
370 B

118ms
116ms

Image
image/gif

178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=7339257236270232200

Protocol

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jul 2024 00:00:44 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 3046294
timing-allow-origin: *
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 13 Jul 2024 00:00:44 GMT
an-x-request-uuid: d1a50c59-dc61-42a8-9c1e-bf72e4f61365
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=7339257236270232200
x-proxy-origin: 178.75.182.48; 178.75.182.48; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK /
rtb-csync.smartadserver.com/redir/ Frame DE21 43 B
163 B 1009ms
345ms Image
image/gif 149.202.238.104
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb-csync.smartadserver.com/redir/?partnerid=79&partneruserid=k-wsjsSU5bTl8FVpl04SppPfQIiZxhFIl__CY7Rg
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 149.202.238.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ip104.ip-149-202-238.eu
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 13 Jul 2024 00:00:43 GMT
transfer-encoding: chunked
content-type: image/gif

GET
H2 200 /
sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/ Frame DE21 0
98 B 159ms
142ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=k-Snx95k5bTl8FVpl04SppPfQIiZwLGWh-xL_cbw
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 13 Jul 2024 00:00:43 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 41875

GET
H2 200 sync
visitor.omnitagjs.com/visitor/ Frame DE21 49 B
342 B 891ms
351ms Image
image/gif 185.255.84.152
IGUANE-

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://visitor.omnitagjs.com/visitor/sync?uid=732efe97317e6352de4c1caf24b5064b&name=CRITEO&visitor=k-Ut6Jsk5bTl8FVpl04SppPfQIiZwkprDZsHLSZQ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.255.84.152 , France, ASN200271 (IGUANE-, FR),

Reverse DNS

Software

ayl-lb-fra02 /

Resource Hash

d1371feb0512d700cf724b05a588ce79f8d8dfbb0991ae5f45ecd3ab08983a38

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jul 2024 00:00:44 GMT
x-content-type-options: nosniff
server: ayl-lb-fra02
vary: Accept-Encoding
p3p: CP="CAO PSA OUR"
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
x-envoy-upstream-service-time: 2
content-length: 49
expires: 0

GET
H2

200

rum
r.casalemedia.com/ Frame DE21
Redirect Chain

https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-UKSIo05bTl8FVpl04SppPfQIiZxUko0Kves8Tw
https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-UKSIo05bTl8FVpl04SppPfQIiZxUko0Kves8Tw&C=1

43 B
326 B

229ms
226ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-UKSIo05bTl8FVpl04SppPfQIiZxUko0Kves8Tw&C=1
Protocol: H2
Server: 172.64.151.101 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Jul 2024 00:00:44 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tbs%2Bt7OJmNyu9TYF4RwozCSULuspLDCKHMp8eFQLkMGgXjwIcvqRQAWxor1Z3h7KNG91blYO%2BD15wD9Puq%2Brj3e4nDAjbv9vUUhcqJNKX957r9J1GTBmfQl%2FWP6RGeJA8ajo"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8a24fe95aeeed906-HEL
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 13 Jul 2024 00:00:44 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q%2BFu6bhFW9Zs%2FWkUe%2B%2B7FFHjaFiDLxU7gVrQVXtZ2LR%2BNjLDCU7g%2FVwPb1frVcTlOHJZCIjDyUw0Jc4pvXqxpnMcucKAQLaxLoj5i0kExImpFUWf8vdJCHFtEfhR01bKYGpE"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: /rum?cm_dsp_id=20&external_user_id=k-UKSIo05bTl8FVpl04SppPfQIiZxUko0Kves8Tw&C=1
cache-control: no-cache
cf-ray: 8a24fe938e0ed906-HEL
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: 0

GET

ibs:dpid=28645&dpuuid=AFHAApV9dnLJlxAHnBaWVLVZXGVHgsgf
dpm.demdex.net/ Frame DE21
Redirect Chain

https://gum.criteo.com/sync?c=8&r=1&a=1&u=https%3A%2F%2Fdpm.demdex.net%2Fibs%3Adpid%3D28645%26dpuuid%3D%40USERID%40
https://dpm.demdex.net/ibs:dpid=28645&dpuuid=AFHAApV9dnLJlxAHnBaWVLVZXGVHgsgf

0
0

GET
H2 200 9.gif
id5-sync.com/s/966/ Frame DE21 43 B
1 KB 849ms
345ms Image
image/gif 141.95.98.64
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/s/966/9.gif?puid=k-mMW5Gk5bTl8FVpl04SppPfQIiZw-Ex8XtuSedw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.95.98.64 , France, ASN16276 (OVH, FR),

Reverse DNS

ns3216658.ip-141-95-98.eu

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-type: image/gif;charset=UTF-8
date: Sat, 13 Jul 2024 00:00:44 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
p3p: CP="CAO PSA OUR"

GET match
ad.360yield.com/ Frame DE21 0
0

GET sync
matching.ivitrack.com/ Frame DE21 0
0

GET cksync.php
contextual.media.net/ Frame DE21 0
0

GET push
exchange.mediavine.com/usersync/ Frame DE21 0
0

GET 1017
jadserve.postrelease.com/suid/ Frame DE21 0
0

GET cookie-sync
sync.outbrain.com/ Frame DE21 0
0

GET Pug
simage2.pubmatic.com/AdServer/ Frame DE21 0
0

GET tap.php
pixel.rubiconproject.com/ Frame DE21 0
0

GET v1
match.sharethrough.com/sync/ Frame DE21 0
0

GET um
criteo-sync.teads.tv/ Frame DE21 0
0

GET sync
criteo-partners.tremorhub.com/ Frame DE21 0
0

GET xuid
eb2.3lift.com/ Frame DE21 0
0

GET m
ad.yieldlab.net/ Frame DE21 0
0

GET sync
sync-criteo.ads.yieldmo.com/ Frame DE21 0
0

GET put
e1.emxdgt.com/ Frame DE21 0
0

GET match
c1.adform.net/serving/cookie/ Frame DE21 0
0

GET k-RDm49k5bTl8FVpl04SppPfQIiZz1wKH-6nfqhQ
sync.1rx.io/usersync/criteodsp/ Frame DE21 0
0

GET he-man_all.min.js
srv.motu-teamblue.services/js/ 0
0

GET setuid
ib.adnxs.com/ Frame DE21 0
0

GET
H2 204 unip Show response
trc-events.taboola.com/1515898/log/3/ 0
255 B 161ms
160ms XHR
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://trc-events.taboola.com/1515898/log/3/unip?en=pre_d_eng_tb&tos=10555&scd=0&ssd=1&est=1720828834724&ver=36&isls=true&src=i&invt=6000&msa=0&rv=1&tim=1720828845280&vi=1720828834718&ri=1b6f8233dec0e3dfc290a864ce56e95e&ref=null&cv=20240707-12-RELEASE&item-url=http%3A%2F%2Fdubaitickets.papermoonkids.com%2F
Requested by: Host: cdn.taboola.com
URL: https://cdn.taboola.com/libtrc/unip/1515898/tfa.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://dubaitickets.papermoonkids.com/
Attribution-Reporting-Eligible: trigger
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: http://dubaitickets.papermoonkids.com
pragma: no-cache
date: Sat, 13 Jul 2024 00:00:45 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"

OPTIONS
H2 200 unip
trc-events.taboola.com/1515898/log/3/ Frame 0
0 151ms
150ms Preflight 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://trc-events.taboola.com/1515898/log/3/unip?en=pre_d_eng_tb&tos=10555&scd=0&ssd=1&est=1720828834724&ver=36&isls=true&src=i&invt=6000&msa=0&rv=1&tim=1720828845280&vi=1720828834718&ri=1b6f8233dec0e3dfc290a864ce56e95e&ref=null&cv=20240707-12-RELEASE&item-url=http%3A%2F%2Fdubaitickets.papermoonkids.com%2F
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: http://dubaitickets.papermoonkids.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-origin: http://dubaitickets.papermoonkids.com
allow: GET, HEAD, POST, TRACE, OPTIONS
content-length: 0
date: Sat, 13 Jul 2024 00:00:45 GMT
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
server: nginx

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.facebook.com
URL: https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=878593825489697&ev=PageView&dl=http%3A%2F%2Fdubaitickets.papermoonkids.com%2F&rl=&if=false&ts=1720828840537&sw=1600&sh=1200&v=2.9.161&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=4126&fbp=fb.1.1720828840536.364963501502647596&ler=empty&cdl=API_unavailable&it=1720828837279&coo=false&tm=1&rqm=FGET

Domain: dpm.demdex.net
URL: https://dpm.demdex.net/ibs:dpid=28645&dpuuid=AFHAApV9dnLJlxAHnBaWVLVZXGVHgsgf

Domain: ad.360yield.com
URL: https://ad.360yield.com/match?publisher_dsp_id=38&external_user_id=k-GzJOsE5bTl8FVpl04SppPfQIiZyywRj9WkD2pw

Domain: matching.ivitrack.com
URL: https://matching.ivitrack.com/sync?realm=criteo&uid=k-7kY1BE5bTl8FVpl04SppPfQIiZxhCX6hMZ_Y2w

Domain: contextual.media.net
URL: https://contextual.media.net/cksync.php?cs=3&type=crt&ovsid=k-OMZWoE5bTl8FVpl04SppPfQIiZxGEe-2jATwVA

Domain: exchange.mediavine.com
URL: https://exchange.mediavine.com/usersync/push?partner=criteo&partnerId=k-bHsuFk5bTl8FVpl04SppPfQIiZxKOTn6EsSD-Q

Domain: jadserve.postrelease.com
URL: https://jadserve.postrelease.com/suid/1017?vk=k-pQ8HUU5bTl8FVpl04SppPfQIiZzw54vbxEELOg

Domain: sync.outbrain.com
URL: https://sync.outbrain.com/cookie-sync?p=criteo&uid=k--a9gC05bTl8FVpl04SppPfQIiZwu-JduG5K1Xg&initiator=partner

Domain: simage2.pubmatic.com
URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:k-t1PQDE5bTl8FVpl04SppPfQIiZx3ZFVzZ9xIzQ

Domain: pixel.rubiconproject.com
URL: https://pixel.rubiconproject.com/tap.php?v=6434&nid=2149&put=k-5MSP6E5bTl8FVpl04SppPfQIiZwvavUhlL7J_A&expires=30

Domain: match.sharethrough.com
URL: https://match.sharethrough.com/sync/v1?source_id=7658cb1d77a660882b48db06&source_user_id=k-h3SDqE5bTl8FVpl04SppPfQIiZyJ4Ipt6cx4rg

Domain: criteo-sync.teads.tv
URL: https://criteo-sync.teads.tv/um?eid=80&uid=k-BqJsm05bTl8FVpl04SppPfQIiZw3zBgLWwQYiQ

Domain: criteo-partners.tremorhub.com
URL: https://criteo-partners.tremorhub.com/sync?UICR=k-BqdoCU5bTl8FVpl04SppPfQIiZxtrYLe79VfHQ

Domain: eb2.3lift.com
URL: https://eb2.3lift.com/xuid?mid=2711&xuid=k-drODaU5bTl8FVpl04SppPfQIiZyqDqjQvqABLw&dongle=013b

Domain: ad.yieldlab.net
URL: https://ad.yieldlab.net/m?dt_id=8664&ext_id=k-trvDEE5bTl8FVpl04SppPfQIiZzyUzkFg2Wo3Q

Domain: sync-criteo.ads.yieldmo.com
URL: https://sync-criteo.ads.yieldmo.com/sync?id=k-E89jgE5bTl8FVpl04SppPfQIiZygGfcBSMCckA&pn_id=criteo&ext=1

Domain: e1.emxdgt.com
URL: https://e1.emxdgt.com/put?d=d53&uid=k-AWtHgk5bTl8FVpl04SppPfQIiZwPu6BphGRUqA

Domain: c1.adform.net
URL: https://c1.adform.net/serving/cookie/match?party=10015&cid=k-C2v6Xk5bTl8FVpl04SppPfQIiZwitKfLtHH5Ew

Domain: sync.1rx.io
URL: https://sync.1rx.io/usersync/criteodsp/k-RDm49k5bTl8FVpl04SppPfQIiZz1wKH-6nfqhQ

Domain: srv.motu-teamblue.services
URL: http://srv.motu-teamblue.services/js/he-man_all.min.js?v=2.1.43&ma=ma_enabled

Domain: ib.adnxs.com
URL: https://ib.adnxs.com/setuid?entity=52&code=k-KAtDfk5bTl8FVpl04SppPfQIiZxtu2kIevlC8g

Verdicts & Comments Add Verdict or Comment

48 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

24 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.papermoonkids.com/	1970-01-21 07:36:28	Name: _ga Value: GA1.2.724075009.1720828830
.papermoonkids.com/	1970-01-20 22:01:55	Name: _gid Value: GA1.2.1661856290.1720828830
.papermoonkids.com/	1970-01-21 00:10:04	Name: _gcl_au Value: 1.1.27330694.1720828832
.onesignal.com/	1970-01-20 22:00:30	Name: __cf_bm Value: Cm7GZVf1.wkcomHfUvSFGk0FHDDlbs06IzjGbwg464g-1720828834-1.0.1.1-4jcHSVS3SAgzqS81eqpdO9SkvAZlVOQjY53TGJl27YT_c6SsiZqk_kURZlnAjUmeIqQw5N2vLUl12oKTwFdCgQ
.papermoonkids.com/	1970-01-20 22:01:55	Name: _uetsid Value: efd686a040aa11efa9ac891ecbec2593
.papermoonkids.com/	1970-01-21 07:22:04	Name: _uetvid Value: efd6a92040aa11efb0a72be9c35f7028
.papermoonkids.com/	1970-01-21 00:10:04	Name: _fbp Value: fb.1.1720828840536.364963501502647596
dubaitickets.papermoonkids.com/	1970-01-21 06:46:15	Name: __rtbh.uid Value: %7B%22eventType%22%3A%22uid%22%2C%22id%22%3A%22undefined%22%7D
dubaitickets.papermoonkids.com/	1970-01-21 06:46:15	Name: __rtbh.lid Value: %7B%22eventType%22%3A%22lid%22%2C%22id%22%3A%225FskJS0NUTpu479Wp7lU%22%7D
.bing.com/	1970-01-21 07:22:04	Name: MUID Value: 35AD43F198E26C44066F574A99CA6D6A
.creativecdn.com/	1970-01-21 06:46:04	Name: g Value: cLOVAJTfZF9qJmF0b00u_1720828841879
.creativecdn.com/	1970-01-21 06:46:04	Name: c Value: cLOVAJTfZF9qJmF0b00u_lz4l6Qh4IjV0syDs20L8_1720828841879
.creativecdn.com/	1970-01-21 06:46:04	Name: ts Value: 1720828841
.criteo.com/	1970-01-21 07:22:04	Name: uid Value: e2d8efa7-ee16-4bfb-8676-9db17362511a
.criteo.com/	1970-01-21 07:22:04	Name: receive-cookie-deprecation Value: 1
.papermoonkids.com/	1970-01-21 07:29:52	Name: cto_bundle Value: KYvR1F9JWWhzMFNJTTdNWWhHNTk2RkRDb3A0RktDZWUlMkJtZXBZRHhIN2c0cWNxWFZjJTJGa2syaWpwN05rNlVsV20lMkI0TWRrMVVmd3B2OTRBY1cyZllEbkZTck1CZk9YT1l5VW0xbmJGJTJGaURiVDRtVGcwcWswSGU3bzViNmtNSVpVSGlWcW9PSzJNM1liUDhpeGo0Q0dVNWMzMTNLaHpMRndpTmpyNGJTY3BpQlpwckJPNCUzRA
.casalemedia.com/	1970-01-21 06:46:04	Name: CMID Value: ZpHDrLmqPusAAAw8ACJSBQAA
.casalemedia.com/	1970-01-21 00:10:04	Name: CMPS Value: 4553
.casalemedia.com/	1970-01-21 00:10:04	Name: CMPRO Value: 4553
.adnxs.com/	1970-01-21 00:10:04	Name: XANDR_PANID Value: 5Pwylvif6ezlfZnZiLFL5N6sPx2CpZJJ0MfhbiXBpuquAq8faT_IIpr-0Qa4KjDo85zvQUgGIo6FOoI2mKrCFX8WbLeqV9vUhxcPLGk0yaM.
.adnxs.com/	1970-01-21 07:36:28	Name: receive-cookie-deprecation Value: 1
.adnxs.com/	1970-01-21 00:10:04	Name: uuid2 Value: 7339257236270232200
.omnitagjs.com/	1970-01-20 22:43:40	Name: ayl_visitor Value: 18eb1945fb7cb6f8f15fe3b99c138737
.criteo.com/	1970-01-21 07:22:04	Name: cto_bundle Value: D1G0Ml9PclJxMUUlMkZNYmh1UCUyQjJuUHcxd1lnRUh1OG9MNmdXS09sdGp0ZWtIeG9aZ1ZoRFRFWFdVS0tpSTV1UXBJcUtoSg

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://sslwidget.criteo.com/event?a=50489&v=5.26.1&otl=1&p0=e%3Dce%26m%3D%255B%255D&p1=e%3Dexd%26z%3D%26site_type%3Dd&p2=e%3Dvh%26tms%3Dgtm-ee-1.1.0&p3=e%3Ddis&adce=1&bundle=KYvR1F9JWWhzMFNJTTdNWWhHNTk2RkRDb3A0RktDZWUlMkJtZXBZRHhIN2c0cWNxWFZjJTJGa2syaWpwN05rNlVsV20lMkI0TWRrMVVmd3B2OTRBY1cyZllEbkZTck1CZk9YT1l5VW0xbmJGJTJGaURiVDRtVGcwcWswSGU3bzViNmtNSVpVSGlWcW9PSzJNM1liUDhpeGo0Q0dVNWMzMTNLaHpMRndpTmpyNGJTY3BpQlpwckJPNCUzRA&sc=%7B%22fbp%22%3A%22fb.1.1720828840536.364963501502647596%22%7D&tld=papermoonkids.com&dy=1&fu=http%253A%252F%252Fdubaitickets.papermoonkids.com%252F&ceid=82e0f9a8-22dd-487a-9f36-0bd57774b71d Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.360yield.com
ad.yieldlab.net
ams.creativecdn.com
bat.bing.com
c1.adform.net
cdn.onesignal.com
cdn.taboola.com
chimpstatic.com
cm.g.doubleclick.net
connect.facebook.net
contextual.media.net
criteo-partners.tremorhub.com
criteo-sync.teads.tv
dis.criteo.com
dpm.demdex.net
dubaitickets.papermoonkids.com
dynamic.criteo.com
e1.emxdgt.com
eb2.3lift.com
exchange.mediavine.com
gum.criteo.com
ib.adnxs.com
id5-sync.com
jadserve.postrelease.com
match.sharethrough.com
matching.ivitrack.com
onesignal.com
pixel.rubiconproject.com
r.casalemedia.com
rtb-csync.smartadserver.com
simage2.pubmatic.com
srv.isy-teamblue.services
srv.motu-teamblue.services
sslwidget.criteo.com
sync-criteo.ads.yieldmo.com
sync-t1.taboola.com
sync.1rx.io
sync.outbrain.com
tags.creativecdn.com
trc-events.taboola.com
trc.taboola.com
visitor.omnitagjs.com
www.facebook.com
www.google-analytics.com
www.googletagmanager.com
www.natro.com
x.bidswitch.net
ad.360yield.com
ad.yieldlab.net
c1.adform.net
contextual.media.net
criteo-partners.tremorhub.com
criteo-sync.teads.tv
dpm.demdex.net
e1.emxdgt.com
eb2.3lift.com
exchange.mediavine.com
ib.adnxs.com
jadserve.postrelease.com
match.sharethrough.com
matching.ivitrack.com
pixel.rubiconproject.com
simage2.pubmatic.com
srv.motu-teamblue.services
sync-criteo.ads.yieldmo.com
sync.1rx.io
sync.outbrain.com
www.facebook.com
104.17.111.223
141.226.228.48
141.95.98.64
142.250.186.142
149.202.238.104
151.101.129.44
156.146.33.14
157.240.252.35
157.240.253.1
172.217.16.130
172.64.151.101
178.250.1.11
178.250.1.13
178.250.1.9
185.184.8.90
185.255.84.152
2.17.177.117
204.79.197.237
216.58.206.72
35.214.149.91
37.252.171.21
81.88.57.79
85.159.66.62
89.19.5.50
058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0ebeff2dd2d1036cfc4675dec27ba5f2e917839330473b45bbb766bb1cbe6320
1990692e5cc2706b8293a46ecbe9392160d8ce06a8e605471f79ec6545d11971
1e50c5105f83e90e8e1bf401b8942127114ed1b681f96704504815ac8805c229
22faf486389e0998644a9608725cf3d0d7472604c19b069fd001d3eb52b8392e
26dc5ff4bfb9213291735808465e156d4a4691135f3815e3613761243e1f69c3
2a101da6d892222f9b6fa3499e42cf531c819f4ad9177d48c417edefc9c119a7
2dd9346bbd91387ccdac48c7949884c7e74132ff40b982ff90edc9cfcced6bab
301fa576aa3c1c609d261af6a5f132ba374488ff44088b619803996caf12ea57
343786bbfc299290abf8ae1714c93e79237b1fad54d7d8085c01fd9ca28e4e2d
403733d3264cab8fa25910144ba0a4bd43d3fe6b3abafb97ef1311090a00eb68
4191d89ec03bce5dc273716075335e31851031184b0fff0ab9fc900a8442019f
49339d2dfb3d62104a8863b56e31cb5d8dbea54185e189b9ed031697712265d5
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4ef45603673a97569bce9393d60f0e28e7fc4ceac5c14290a0b765d9b5d8d4b4
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5f92f594b21ca88b9c24fa8aba1dc5dd583fe94dc12b823bc05ddf8efaf06713
632b9b240994cde6851a2001f07fb5e5cde6195e6c8ae6789d6623cc2c6311f0
6a13044e96fde5d99b9879ddb583ceb24be49fed08cea5e0bea6892fbad5f40c
88d13c0b0c2f30f42f6470966ddc3717647be5d10e4a2ced9c9aa8c23eedafc1
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
929077a45497d5ebdc382c45c5f839e0448c8aa3892e804ebb1ebff4a13d6c54
95bc3288f334c3e630b700a3e932ced55881a4a2b800e22c9fd4b5f73969acfc
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a18ebd731b20d7404e2eed45ad15a0e9068ec7c4eb6d95da6727c086e366227d
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b14f93366112e862d6032df772a33da61005b427a7f5a37dfc0a665b0e226b49
b59bc8d15f4d4049424ef7cd6aa8b7e5bebafe8372767b8d1dc27c21279fc712
c4832b19dd5406ac0855426096610e532861e94c65819651ada45299002455de
d1371feb0512d700cf724b05a588ce79f8d8dfbb0991ae5f45ecd3ab08983a38
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e34b6183bbc1c26a52b550dedb710ba0b80b84585c873937d88dc8739090b71a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ebe0f94ca53bc5f7d865f89aec5b0315bca03ace6942d6c1c76d94d5b59d419a
f344e8f5a46cf3bb48025bee537c2c535deef9aa6b71dcfef26cbcccd12dbdc4
f5553d3903603a92b0cb85f464da1f3f2aca6d8df4634b407e5018e5715fd5b4
f6e4f5edb3194334a199f0bf80b38d92a0b7388330fbce94c8c0fb2f852c171f

dubaitickets.papermoonkids.com Open in urlscan Pro 85.159.66.62 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

71 Requests

59 %HTTPS

0 %IPv6

39 Domains

47 Subdomains

24 IPs

7 Countries

894 kBTransfer

2687 kBSize

24 Cookies

1 Outgoing links

Page URL History

Redirected requests

71 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

dubaitickets.papermoonkids.com Open in urlscan Pro
85.159.66.62 Public Scan

Screenshot
Live screenshot

Full Image

71
Requests

59 %
HTTPS

0 %
IPv6

39
Domains

47
Subdomains

24
IPs

7
Countries

894 kB
Transfer

2687 kB
Size

24
Cookies

71 HTTP transactions
0 data transactions