urlscan.io logo urlscan.io
SecurityTrails logo

promotions.voodoodreams.com Open in urlscan Pro
2606:4700:10::6814:7c  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://ip214.ip-51-68-203.eu/1C02024jp6r0g7r-4i2paiq9109t3c7ba2i00001
Effective URL: https://promotions.voodoodreams.com/bookofdead/de/?programme=aff&source=netrefer&btag=654577_F440CE4A3A1F46E899432000F622BF02&Dynami...
Submission: On February 03 via manual from AT
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 10 IPs in 4 countries across 14 domains to perform 22 HTTP transactions. The main IP is 2606:4700:10::6814:7c, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is promotions.voodoodreams.com.
TLS certificate: Issued by Thawte RSA CA 2018 on March 13th 2018. Valid for: 2 years.
This is the only time promotions.voodoodreams.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2 51.68.203.214 16276 (OVH)
1 207.99.98.155 8001 (NET-ACCES...)
2 2 35.204.107.25 15169 (GOOGLE)
2 2 52.213.126.145 16509 (AMAZON-02)
1 1 146.177.40.248 15395 (RACKSPACE...)
2 2606:4700:10:... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
12 37.157.2.238 198622 (ADFORM)
1 54.230.93.131 16509 (AMAZON-02)
1 37.157.2.236 198622 (ADFORM)
1 54.230.93.110 16509 (AMAZON-02)
1 34.251.205.156 16509 (AMAZON-02)
1 2 2a00:1450:400... 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
22 10
2    51.68.203.214 (United Kingdom)

ASN16276 (OVH, FR)
PTR: ip214.ip-51-68-203.eu
ip214.ip-51-68-203.eu
1    207.99.98.155 (Willow Grove, United States)

ASN8001 (NET-ACCESS-CORP - Net Access Corporation, US)
ringfoot.com
2    35.204.107.25 (Ann Arbor, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 25.107.204.35.bc.googleusercontent.com
iamtrk2.com
lltrk01.com
2    52.213.126.145 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-213-126-145.eu-west-1.compute.amazonaws.com
tracking.ibxlink.com
1    146.177.40.248 (United Kingdom)

ASN15395 (RACKSPACE-LON, GB)
ads.suprnation.com
2    2606:4700:10::6814:7c (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
promotions.voodoodreams.com
1    2a00:1450:4001:806::2008 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
www.googletagmanager.com
12    37.157.2.238 (Denmark)

ASN198622 (ADFORM, DK)
track.adform.net
1    54.230.93.131 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-54-230-93-131.fra2.r.cloudfront.net
tag.widespace.com
1    37.157.2.236 (Denmark)

ASN198622 (ADFORM, DK)
a1.adform.net
1    54.230.93.110 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-54-230-93-110.fra2.r.cloudfront.net
engine.widespace.com
1    34.251.205.156 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-34-251-205-156.eu-west-1.compute.amazonaws.com
userbeacon.widespace.com
2    2a00:1450:4001:825::200e (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
www.google-analytics.com
1    2a00:1450:400c:c0a::9b (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
stats.g.doubleclick.net
1    2a00:1450:4001:820::2004 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
www.google.com
1    2a00:1450:4001:81c::2003 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
www.google.de
Domain Requested by
12 track.adform.net www.googletagmanager.com
ringfoot.com
track.adform.net
a1.adform.net
promotions.voodoodreams.com
2 www.google-analytics.com 1 redirects www.googletagmanager.com
2 promotions.voodoodreams.com ringfoot.com
promotions.voodoodreams.com
2 tracking.ibxlink.com 2 redirects
2 ip214.ip-51-68-203.eu 2 redirects
1 www.google.de
1 www.google.com 1 redirects
1 stats.g.doubleclick.net 1 redirects
1 userbeacon.widespace.com promotions.voodoodreams.com
1 engine.widespace.com promotions.voodoodreams.com
1 a1.adform.net ringfoot.com
1 tag.widespace.com www.googletagmanager.com
1 www.googletagmanager.com promotions.voodoodreams.com
1 ads.suprnation.com 1 redirects
1 lltrk01.com 1 redirects
1 iamtrk2.com 1 redirects
1 ringfoot.com
22 17

This site contains links to these domains. Also see Links.

Domain
www.voodoodreams.com
Subject Issuer Validity Valid
ringfoot.com
COMODO RSA Domain Validation Secure Server CA		 2018-10-08 -
2019-10-08		 a year crt.sh
*.voodoodreams.com
Thawte RSA CA 2018		 2018-03-13 -
2020-05-11		 2 years crt.sh
*.google-analytics.com
Google Internet Authority G3		 2019-01-15 -
2019-04-09		 3 months crt.sh
track.adform.net
DigiCert SHA2 Secure Server CA		 2018-02-02 -
2019-10-02		 2 years crt.sh
*.widespace.com
Go Daddy Secure Certificate Authority - G2		 2018-04-24 -
2020-04-24		 2 years crt.sh
www.google.de
Google Internet Authority G3		 2019-01-15 -
2019-04-09		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://promotions.voodoodreams.com/bookofdead/de/?programme=aff&source=netrefer&btag=654577_F440CE4A3A1F46E899432000F622BF02&DynamicID=102d15852dc8357ad1e0726002075e
Frame ID: 17FE22084CA856C31837ABA05258CEAA
Requests: 21 HTTP requests in this frame

Frame: https://track.adform.net/serving/container/?pm=912701&lid=40592943&ctype=0&media=0&PageName=promotions.voodoodreams.com%2fbookofdead%2fde%2f&rnd=1967919093&cpref=&loc=https%3a%2f%2fpromotions.voodoodreams.com%2fbookofdead%2fde%2f%3fprogramme%3daff%26source%3dnetrefer%26btag%3d654577_F440CE4A3A1F46E899432000F622BF02%26DynamicID%3d102d15852dc8357ad1e0726002075e
Frame ID: 5465BA164E65BC642A55785D63EEBE58
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://ip214.ip-51-68-203.eu/1C02024jp6r0g7r-4i2paiq9109t3c7ba2i00001 HTTP 302
    http://ip214.ip-51-68-203.eu/rdg.html?ln=1r0g7r-syb5c55f318e8919_vl_topvl_sqk.4i2pai3c7ba2i.C0000r1099aq9... HTTP 302
    https://ringfoot.com/17629c23b99c330b000/degrrhh_sq5c55f318e8ffe/ybsq%7CL2SvoTH=%7C1hs7a%7Cr0g7r%... Page URL
  2. https://iamtrk2.com/?a=557&oc=8889&c=25990&m=3&s1=degrrhh_sq5c55f318e8ffe&s3=818935665 HTTP 302
    https://lltrk01.com/?a=557&oc=8889&c=25990&m=3&s1=degrrhh_sq5c55f318e8ffe&s3=818935665&ckmguid=b... HTTP 302
    http://tracking.ibxlink.com/aff_c?offer_id=1385&aff_id=4965&url_id=8399&aff_sub2=109360478&aff_sub3=557 HTTP 302
    http://tracking.ibxlink.com/aff_r?offer_id=1385&aff_id=4965&url=https%3A%2F%2Fads.suprnation.com%2Fredir... HTTP 302
    https://ads.suprnation.com/redirect.aspx?pid=6532&bid=1753&DynamicID=102d15852dc8357ad1e0726002075e HTTP 301
    https://promotions.voodoodreams.com/bookofdead/de/?programme=aff&source=netrefer&btag=654577_F440CE4A3A1F46E8994... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
  • env /^gaGlobal$/i
Overall confidence: 100%
Detected patterns
  • html /googletagmanager\.com\/ns\.html[^>]+><\/iframe>/i
  • env /^google_tag_manager$/i

Page Statistics

22
Requests

100 %
HTTPS

38 %
IPv6

14
Domains

17
Subdomains

10
IPs

4
Countries

656 kB
Transfer

971 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://ip214.ip-51-68-203.eu/1C02024jp6r0g7r-4i2paiq9109t3c7ba2i00001 HTTP 302
    http://ip214.ip-51-68-203.eu/rdg.html?ln=1r0g7r-syb5c55f318e8919_vl_topvl_sqk.4i2pai3c7ba2i.C0000r1099aq9109t_xn1034.1hs7a HTTP 302
    https://ringfoot.com/17629c23b99c330b000/degrrhh_sq5c55f318e8ffe/ybsq%7CL2SvoTH=%7C1hs7a%7Cr0g7r%7C3c7ba2i%7C34021%7C0000r1099a%7CC%7CoKW0K2yhqTIl%7CPC%7C2stohma/p3yvAJZ1AJLmZGuyBQxkBI92oS90o3O2oS9mpJf= Page URL
  2. https://iamtrk2.com/?a=557&oc=8889&c=25990&m=3&s1=degrrhh_sq5c55f318e8ffe&s3=818935665 HTTP 302
    https://lltrk01.com/?a=557&oc=8889&c=25990&m=3&s1=degrrhh_sq5c55f318e8ffe&s3=818935665&ckmguid=ba49ad95-5a3a-4d99-8d49-fe8582a10d38 HTTP 302
    http://tracking.ibxlink.com/aff_c?offer_id=1385&aff_id=4965&url_id=8399&aff_sub2=109360478&aff_sub3=557 HTTP 302
    http://tracking.ibxlink.com/aff_r?offer_id=1385&aff_id=4965&url=https%3A%2F%2Fads.suprnation.com%2Fredirect.aspx%3Fpid%3D6532%26bid%3D1753%26DynamicID%3D102d15852dc8357ad1e0726002075e&urlauth=489134320803712656300145654768 HTTP 302
    https://ads.suprnation.com/redirect.aspx?pid=6532&bid=1753&DynamicID=102d15852dc8357ad1e0726002075e HTTP 301
    https://promotions.voodoodreams.com/bookofdead/de/?programme=aff&source=netrefer&btag=654577_F440CE4A3A1F46E899432000F622BF02&DynamicID=102d15852dc8357ad1e0726002075e Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://ip214.ip-51-68-203.eu/1C02024jp6r0g7r-4i2paiq9109t3c7ba2i00001 HTTP 302
  • http://ip214.ip-51-68-203.eu/rdg.html?ln=1r0g7r-syb5c55f318e8919_vl_topvl_sqk.4i2pai3c7ba2i.C0000r1099aq9109t_xn1034.1hs7a HTTP 302
  • https://ringfoot.com/17629c23b99c330b000/degrrhh_sq5c55f318e8ffe/ybsq%7CL2SvoTH=%7C1hs7a%7Cr0g7r%7C3c7ba2i%7C34021%7C0000r1099a%7CC%7CoKW0K2yhqTIl%7CPC%7C2stohma/p3yvAJZ1AJLmZGuyBQxkBI92oS90o3O2oS9mpJf=
Request Chain 20
  • https://www.google-analytics.com/r/collect?v=1&_v=j73&a=703391638&t=pageview&_s=1&dl=https%3A%2F%2Fpromotions.voodoodreams.com%2Fbookofdead%2Fde%2F%3Fprogramme%3Daff%26source%3Dnetrefer%26btag%3D654577_F440CE4A3A1F46E899432000F622BF02%26DynamicID%3D102d15852dc8357ad1e0726002075e&ul=en-us&de=windows-1252&dt=VoodooDreams%20Casino&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAAAB~&jid=1944123652&gjid=781252841&cid=813348858.1549200254&tid=UA-71968518-2&_gid=1387222808.1549200254&_r=1&gtm=2wg1d1TLMNPH&z=511489257 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-71968518-2&cid=813348858.1549200254&jid=1944123652&_gid=1387222808.1549200254&gjid=781252841&_v=j73&z=511489257 HTTP 302
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-71968518-2&cid=813348858.1549200254&jid=1944123652&_v=j73&z=511489257 HTTP 302
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-71968518-2&cid=813348858.1549200254&jid=1944123652&_v=j73&z=511489257&slf_rd=1&random=3806476707

22 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Cookie set p3yvAJZ1AJLmZGuyBQxkBI92oS90o3O2oS9mpJf=
ringfoot.com/17629c23b99c330b000/degrrhh_sq5c55f318e8ffe/ybsq%7CL2SvoTH=%7C1hs7a%7Cr0g7r%7C3c7ba2i%7C34021%7C0000r1099a%7CC%7CoKW0K2yhqTIl%7CPC%7C2stohma/
Redirect Chain
  • http://ip214.ip-51-68-203.eu/1C02024jp6r0g7r-4i2paiq9109t3c7ba2i00001
  • http://ip214.ip-51-68-203.eu/rdg.html?ln=1r0g7r-syb5c55f318e8919_vl_topvl_sqk.4i2pai3c7ba2i.C0000r1099aq9109t_xn1034.1hs7a
  • https://ringfoot.com/17629c23b99c330b000/degrrhh_sq5c55f318e8ffe/ybsq%7CL2SvoTH=%7C1hs7a%7Cr0g7r%7C3c7ba2i%7C34021%7C0000r1099a%7CC%7CoKW0K2yhqTIl%7CPC%7C2stohma/p3yvAJZ1AJLmZGuyBQxkBI92oS90o3O2oS9...
149 B
429 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ringfoot.com/17629c23b99c330b000/degrrhh_sq5c55f318e8ffe/ybsq%7CL2SvoTH=%7C1hs7a%7Cr0g7r%7C3c7ba2i%7C34021%7C0000r1099a%7CC%7CoKW0K2yhqTIl%7CPC%7C2stohma/p3yvAJZ1AJLmZGuyBQxkBI92oS90o3O2oS9mpJf=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
207.99.98.155 Willow Grove, United States, ASN8001 (NET-ACCESS-CORP - Net Access Corporation, US),
Reverse DNS
Software
Apache /
Resource Hash
afd579ae2f64e3fe6f3838d26fd900e49584f8069d9ebc78c8008b95eb1e7df4

Request headers

Host
ringfoot.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 03 Feb 2019 13:24:12 GMT
Server
Apache
Set-Cookie
uid13166=818935665-20190203082412-fbdf3a85df88fd24e4ed9e83c4d1a210-; expires=Tue, 05-Mar-2019 13:24:12 GMT; path=/
Content-Length
149
Connection
close
Content-Type
text/html; charset=UTF-8

Redirect headers

Date
Sun, 03 Feb 2019 13:24:14 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.2.17
Location
https://ringfoot.com/17629c23b99c330b000/degrrhh_sq5c55f318e8ffe/ybsq|L2SvoTH=|1hs7a|r0g7r|3c7ba2i|34021|0000r1099a|C|oKW0K2yhqTIl|PC|2stohma/p3yvAJZ1AJLmZGuyBQxkBI92oS90o3O2oS9mpJf=
Content-Length
0
Connection
close
Content-Type
text/html; charset=UTF-8
Primary Request /
promotions.voodoodreams.com/bookofdead/de/
Redirect Chain
  • https://iamtrk2.com/?a=557&oc=8889&c=25990&m=3&s1=degrrhh_sq5c55f318e8ffe&s3=818935665
  • https://lltrk01.com/?a=557&oc=8889&c=25990&m=3&s1=degrrhh_sq5c55f318e8ffe&s3=818935665&ckmguid=ba49ad95-5a3a-4d99-8d49-fe8582a10d38
  • http://tracking.ibxlink.com/aff_c?offer_id=1385&aff_id=4965&url_id=8399&aff_sub2=109360478&aff_sub3=557
  • http://tracking.ibxlink.com/aff_r?offer_id=1385&aff_id=4965&url=https%3A%2F%2Fads.suprnation.com%2Fredirect.aspx%3Fpid%3D6532%26bid%3D1753%26DynamicID%3D102d15852dc8357ad1e0726002075e&urlauth=48913...
  • https://ads.suprnation.com/redirect.aspx?pid=6532&bid=1753&DynamicID=102d15852dc8357ad1e0726002075e
  • https://promotions.voodoodreams.com/bookofdead/de/?programme=aff&source=netrefer&btag=654577_F440CE4A3A1F46E899432000F622BF02&DynamicID=102d15852dc8357ad1e0726002075e
2 KB
1015 B 		Document
General
Check archive.org
Download Go to
Full URL
https://promotions.voodoodreams.com/bookofdead/de/?programme=aff&source=netrefer&btag=654577_F440CE4A3A1F46E899432000F622BF02&DynamicID=102d15852dc8357ad1e0726002075e
Requested by
Host: ringfoot.com
URL: https://ringfoot.com/17629c23b99c330b000/degrrhh_sq5c55f318e8ffe/ybsq%7CL2SvoTH=%7C1hs7a%7Cr0g7r%7C3c7ba2i%7C34021%7C0000r1099a%7CC%7CoKW0K2yhqTIl%7CPC%7C2stohma/p3yvAJZ1AJLmZGuyBQxkBI92oS90o3O2oS9mpJf=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700:10::6814:7c , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
ed5b0535b11c87661abd263e4b91cbd9309dfcd935c808bfc612484257b39635

Request headers

:method
GET
:authority
promotions.voodoodreams.com
:scheme
https
:path
/bookofdead/de/?programme=aff&source=netrefer&btag=654577_F440CE4A3A1F46E899432000F622BF02&DynamicID=102d15852dc8357ad1e0726002075e
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status
200
date
Sun, 03 Feb 2019 13:24:13 GMT
content-type
text/html
set-cookie
__cfduid=d139cfc70daf3364d562630726b3169981549200253; expires=Mon, 03-Feb-20 13:24:13 GMT; path=/; domain=.voodoodreams.com; HttpOnly
last-modified
Mon, 09 Apr 2018 12:57:05 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
4a3537707d29c297-FRA
content-encoding
br

Redirect headers

Cache-Control
private,no-cache, no-store
Pragma
no-cache
Content-Type
text/html
Location
https://promotions.voodoodreams.com/bookofdead/de/?programme=aff&source=netrefer&btag=654577_F440CE4A3A1F46E899432000F622BF02&DynamicID=102d15852dc8357ad1e0726002075e
Server
Microsoft-IIS/10.0
P3P
CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
X-AspNet-Version
4.0.30319
Set-Cookie
NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a6532%2c%22BID%22%3a1753%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1549200253438)%5c%2f%22%2c%22CookieTag%22%3a%221753653220207022581C2019231324%22%7d%5d; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/ NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2214239802%7c1%22%7d%5d; expires=Tue, 03-Feb-3018 13:24:13 GMT; path=/
Request-Context
appId=cid-v1:42ca6b97-b564-4b23-b218-51b9f4f71628
X-Powered-By
ASP.NET
Date
Sun, 03 Feb 2019 13:24:12 GMT
Connection
close
Content-Length
0
gtm.js
www.googletagmanager.com/ 		159 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-TLMNPH
Requested by
Host: promotions.voodoodreams.com
URL: https://promotions.voodoodreams.com/bookofdead/de/?programme=aff&source=netrefer&btag=654577_F440CE4A3A1F46E899432000F622BF02&DynamicID=102d15852dc8357ad1e0726002075e
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:806::2008 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Google Tag Manager (scaffolding) /
Resource Hash
685182f5135724d079f9793db6882583e5d44a857ae959251a1cd712673f4a51
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://promotions.voodoodreams.com/bookofdead/de/?programme=aff&source=netrefer&btag=654577_F440CE4A3A1F46E899432000F622BF02&DynamicID=102d15852dc8357ad1e0726002075e
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 03 Feb 2019 13:24:13 GMT
content-encoding
br
alt-svc
quic=":443"; ma=2592000; v="44,43,39"
server
Google Tag Manager (scaffolding)
access-control-allow-origin
http://www.googletagmanager.com
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
status
200
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
content-length
32470
x-xss-protection
1; mode=block
expires
Sun, 03 Feb 2019 13:24:13 GMT
bg.jpg
promotions.voodoodreams.com/bookofdead/de/img/ 		483 KB
484 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://promotions.voodoodreams.com/bookofdead/de/img/bg.jpg
Requested by
Host: promotions.voodoodreams.com
URL: https://promotions.voodoodreams.com/bookofdead/de/?programme=aff&source=netrefer&btag=654577_F440CE4A3A1F46E899432000F622BF02&DynamicID=102d15852dc8357ad1e0726002075e
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700:10::6814:7c , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
3af5896b4931086189aa64d37cde2257bface5c8f4348caf7064a947b35c657f

Request headers

:path
/bookofdead/de/img/bg.jpg
pragma
no-cache
cookie
__cfduid=d139cfc70daf3364d562630726b3169981549200253
accept-encoding
gzip, deflate, br
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
image/webp,image/apng,image/*,*/*;q=0.8
cache-control
no-cache
:authority
promotions.voodoodreams.com
referer
https://promotions.voodoodreams.com/bookofdead/de/?programme=aff&source=netrefer&btag=654577_F440CE4A3A1F46E899432000F622BF02&DynamicID=102d15852dc8357ad1e0726002075e
:scheme
https
:method
GET
Referer
https://promotions.voodoodreams.com/bookofdead/de/?programme=aff&source=netrefer&btag=654577_F440CE4A3A1F46E899432000F622BF02&DynamicID=102d15852dc8357ad1e0726002075e
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 03 Feb 2019 13:24:13 GMT
cf-cache-status
HIT
last-modified
Thu, 22 Mar 2018 07:33:16 GMT
server
cloudflare
etag
"5ab35c3c-78bd3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
status
200
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
4a353770feaac297-FRA
content-length
494547
expires
Sun, 03 Feb 2019 17:24:13 GMT
/
track.adform.net/Serving/Cookie/ 		73 B
449 B 		Script
General
Check archive.org
Download Go to
Full URL
https://track.adform.net/Serving/Cookie/?adfaction=getjs;adfcookname=uid
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TLMNPH
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.238 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
5d9e8cfd13ab9f3cb184ee716c93c4c007837b001ab17f762269a64b2d8958cc

Request headers

Referer
https://promotions.voodoodreams.com/bookofdead/de/?programme=aff&source=netrefer&btag=654577_F440CE4A3A1F46E899432000F622BF02&DynamicID=102d15852dc8357ad1e0726002075e
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 03 Feb 2019 13:24:13 GMT
content-encoding
gzip
server
nginx
access-control-allow-origin
*
vary
Accept-Encoding
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
status
200
cache-control
no-cache, no-store, must-revalidate, no-transform
content-type
text/javascript; charset=utf-8
content-length
180
expires
-1
/
track.adform.net/serving/scripts/trackpoint/async/ 		76 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://track.adform.net/serving/scripts/trackpoint/async/
Requested by
Host: ringfoot.com
URL: https://ringfoot.com/17629c23b99c330b000/degrrhh_sq5c55f318e8ffe/ybsq%7CL2SvoTH=%7C1hs7a%7Cr0g7r%7C3c7ba2i%7C34021%7C0000r1099a%7CC%7CoKW0K2yhqTIl%7CPC%7C2stohma/p3yvAJZ1AJLmZGuyBQxkBI92oS90o3O2oS9mpJf=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.238 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
a631e8098179b4b6feaca08bce747cb8b3c53450c3fe30eead2c3f23dd288265

Request headers

Referer
https://promotions.voodoodreams.com/bookofdead/de/?programme=aff&source=netrefer&btag=654577_F440CE4A3A1F46E899432000F622BF02&DynamicID=102d15852dc8357ad1e0726002075e
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 03 Feb 2019 13:24:13 GMT
content-encoding
gzip
server
nginx
access-control-allow-origin
*
vary
Accept-Encoding
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
status
200
cache-control
public, max-age=604800
content-type
text/javascript; charset=utf-8
content-length
30712
expires
Sun, 10 Feb 2019 13:24:13 GMT
tag.js
tag.widespace.com/t/ 		698 B
1021 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.widespace.com/t/tag.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TLMNPH
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.230.93.131 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-54-230-93-131.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ec5faa3f77c5e7ff0b43a16d8ac93f6c3a6ed1d742479250dab671071d8f9cda

Request headers

Referer
https://promotions.voodoodreams.com/bookofdead/de/?programme=aff&source=netrefer&btag=654577_F440CE4A3A1F46E899432000F622BF02&DynamicID=102d15852dc8357ad1e0726002075e
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 01 Feb 2019 20:53:11 GMT
via
1.1 412049da39a44d4e9af054ecc17534dd.cloudfront.net (CloudFront)
last-modified
Thu, 31 Aug 2017 15:17:19 GMT
server
AmazonS3
age
145862
etag
"ceb450facd0ce4be2b5624bcc5affcba"
x-cache
Hit from cloudfront
content-type
text/javascript
status
200
cache-control
public, max-age=259200
content-length
698
x-amz-cf-id
uFcCld9yVmuSx0VTxT_I1qgPCk_MjGRZ5uzv8Ato3mrgSmnhNvQakg==
/
track.adform.net/serving/scripts/trackpoint/ 		75 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://track.adform.net/serving/scripts/trackpoint/
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TLMNPH
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.238 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
3a5e31041a150633c40b8f381a3dca1c6a7767da325f2efd3abbe1dba797fc5e

Request headers

Referer
https://promotions.voodoodreams.com/bookofdead/de/?programme=aff&source=netrefer&btag=654577_F440CE4A3A1F46E899432000F622BF02&DynamicID=102d15852dc8357ad1e0726002075e
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 03 Feb 2019 13:24:13 GMT
content-encoding
gzip
server
nginx
access-control-allow-origin
*
vary
Accept-Encoding
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
status
200
cache-control
public, max-age=604800
content-type
text/javascript; charset=utf-8
content-length
30313
expires
Sun, 10 Feb 2019 13:24:13 GMT
/
a1.adform.net/serving/scripts/trackpoint/async/ 		76 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a1.adform.net/serving/scripts/trackpoint/async/
Requested by
Host: ringfoot.com
URL: https://ringfoot.com/17629c23b99c330b000/degrrhh_sq5c55f318e8ffe/ybsq%7CL2SvoTH=%7C1hs7a%7Cr0g7r%7C3c7ba2i%7C34021%7C0000r1099a%7CC%7CoKW0K2yhqTIl%7CPC%7C2stohma/p3yvAJZ1AJLmZGuyBQxkBI92oS90o3O2oS9mpJf=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.236 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
f71949eb5abb767c30181fee3c683cf75a45e2a6f9573c0f6bccea82927a46b4

Request headers

Referer
https://promotions.voodoodreams.com/bookofdead/de/?programme=aff&source=netrefer&btag=654577_F440CE4A3A1F46E899432000F622BF02&DynamicID=102d15852dc8357ad1e0726002075e
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 03 Feb 2019 13:24:13 GMT
content-encoding
gzip
server
nginx
access-control-allow-origin
*
vary
Accept-Encoding
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
status
200
cache-control
public, max-age=604800
content-type
text/javascript; charset=utf-8
content-length
30712
expires
Sun, 10 Feb 2019 13:24:13 GMT
/
track.adform.net/Serving/TrackPoint/ 		18 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://track.adform.net/Serving/TrackPoint/?pm=912701&ADFdivider=%7C&ord=23948879777&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fpromotions.voodoodreams.com%2Fbookofdead%2Fde%2F%3Fprogramme%3Daff%26source%3Dnetrefer%26btag%3D654577_F440CE
Requested by
Host: track.adform.net
URL: https://track.adform.net/serving/scripts/trackpoint/async/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.238 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
bb03d0e10220c4b0946064a69e3ed998bfc77e07c5eaaac3352243a08290b9cd

Request headers

Referer
https://promotions.voodoodreams.com/bookofdead/de/?programme=aff&source=netrefer&btag=654577_F440CE4A3A1F46E899432000F622BF02&DynamicID=102d15852dc8357ad1e0726002075e
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 03 Feb 2019 13:24:13 GMT
content-encoding
gzip
server
nginx
access-control-allow-origin
*
vary
Accept-Encoding
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
text/javascript; charset=utf-8
content-length
8632
expires
-1
/
track.adform.net/Serving/TrackPoint/ 		18 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://track.adform.net/Serving/TrackPoint/?pm=1562758&ADFdivider=%7C&ord=324716389766&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fpromotions.voodoodreams.com%2Fbookofdead%2Fde%2F%3Fprogramme%3Daff%26source%3Dnetrefer%26btag%3D654577_F440CE
Requested by
Host: track.adform.net
URL: https://track.adform.net/serving/scripts/trackpoint/async/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.238 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
0e84e4eee8a5e955a214c03ac37ab39c847f65b7a0e95a26cdf25e361bfcee98

Request headers

Referer
https://promotions.voodoodreams.com/bookofdead/de/?programme=aff&source=netrefer&btag=654577_F440CE4A3A1F46E899432000F622BF02&DynamicID=102d15852dc8357ad1e0726002075e
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 03 Feb 2019 13:24:13 GMT
content-encoding
gzip
server
nginx
access-control-allow-origin
*
vary
Accept-Encoding
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
text/javascript; charset=utf-8
content-length
8635
expires
-1
/
track.adform.net/wpf/v2/7ta44j1c.lY5BNvcKyAdMUDFBpBeA0fUm7qKFz0Xnj3wMvsD7z5meTuCUMz_WMXdMYGzXJJIneGffLMC7EZ3QHPBirTYKUowRslzRQqwSM2VHqwodv.numypZHgfLMC7AeLd7FmrpwoNN5uQ4s5uQ1szHVyVxFAk.rpwoNJ9z4oYY... 		780 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://track.adform.net/wpf/v2/7ta44j1c.lY5BNvcKyAdMUDFBpBeA0fUm7qKFz0Xnj3wMvsD7z5meTuCUMz_WMXdMYGzXJJIneGffLMC7EZ3QHPBirTYKUowRslzRQqwSM2VHqwodv.numypZHgfLMC7AeLd7FmrpwoNN5uQ4s5uQ1szHVyVxFAk.rpwoNJ9z4oYYLzZGgeWy24bT8sjrkRGyC_JxoPyjzA1j4Hj5Yz3ccbbJYMLgiPFU77qZoOSix5ezdstlYysrhsui6._htdIq0bp_xf7_OLgiPFMtrs1OeyjaY2FrYelVqZgtpiDBv65RrnAJnbJlpMpwoNSUC56MnGWpwoNHHACVZXnN9NEOHpGZxcJrN.S9RdPQSzOy_Aw7UTlf_01kKHoNvdASWWGmI_3Dqvmjp0U_IvqCSFQ_01kKJA237lY5BSmxGY5BNBtQT.clYIT3SvgMJgJ0Nc1lF4XVA4.L9.gJ.elF1VLf4.9dPgJ2MnGmRgJ2MnGmRgJ.c4elF1VLf4.ATjV.2KE/serving/trackpoint/?pm=912701&ADFdivider=%7c&ord=23948879777&Set1=en-US%7cen-US%7c1600x1200%7c24&ADFtpmode=2&loc=https%3a%2f%2fpromotions.voodoodreams.com%2fbookofdead%2fde%2f%3fprogramme%3daff%26source%3dnetrefer%26btag%3d654577_F440CE&catdt=0
Requested by
Host: a1.adform.net
URL: https://a1.adform.net/serving/scripts/trackpoint/async/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.238 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
ebb453adc4e86bf8f2ebb4269714b999e5056696458ef2a859250258ac0c7087

Request headers

Referer
https://promotions.voodoodreams.com/bookofdead/de/?programme=aff&source=netrefer&btag=654577_F440CE4A3A1F46E899432000F622BF02&DynamicID=102d15852dc8357ad1e0726002075e
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 03 Feb 2019 13:24:13 GMT
content-encoding
gzip
server
nginx
access-control-allow-origin
*
vary
Accept-Encoding
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
text/javascript; charset=utf-8
content-length
624
expires
-1
/
track.adform.net/wpf/v2/.ta44j1c.lY5BNvcKyAdMUDFBpBeA0fUm7qKFz0Xnj3wMvsD7z5meTuCUMz_WMXdMYGzXJJIneGffLMC7EZ3QHPBirTYKUowRslzRQqwSM2VHqwodv.numypZHgfLMC7AeLd7FmrpwoNN5uQ4s5uQ1szHVyVxFAk.rpwoNJ9z4oYY... 		142 B
613 B 		Script
General
Check archive.org
Download Go to
Full URL
https://track.adform.net/wpf/v2/.ta44j1c.lY5BNvcKyAdMUDFBpBeA0fUm7qKFz0Xnj3wMvsD7z5meTuCUMz_WMXdMYGzXJJIneGffLMC7EZ3QHPBirTYKUowRslzRQqwSM2VHqwodv.numypZHgfLMC7AeLd7FmrpwoNN5uQ4s5uQ1szHVyVxFAk.rpwoNJ9z4oYYLzZGgeWy24bT8sjrkRGyC_JxoPyjzA1j4Hj5Yz3ccbbJYMLgiPFU77qZoOSix5ezdstlYysrhsui6._htdIq0bp_xf7_OLgiPFMtrs1OeyjaY2FrYelVqZgtpiDBv65RrnAJnbJlpMpwoNSUC56MnGWpwoNHHACVZXnN9NEOHpGZxXmrN.S9RdPQSzOy_Aw7UTlf_01kKHoNvVikkct8mX6QStMuVjmdxv5icCmVWN9e4WX3NlY5DtTclY5B5Rhj.JNldj1DxqAeL9.gJ0Nc1lF4XVA4.L9.KNc0FAKXV4JhL90ftctDL90ftctDL9.J1pNc0FAKXV4jMk.0DM/serving/trackpoint/?pm=1562758&ADFdivider=%7c&ord=324716389766&Set1=en-US%7cen-US%7c1600x1200%7c24&ADFtpmode=2&loc=https%3a%2f%2fpromotions.voodoodreams.com%2fbookofdead%2fde%2f%3fprogramme%3daff%26source%3dnetrefer%26btag%3d654577_F440CE&catdt=0
Requested by
Host: a1.adform.net
URL: https://a1.adform.net/serving/scripts/trackpoint/async/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.238 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
0d2e34011586bfe43c2879eacce2701afc5643b8d6cf26db39a07b7f81d5ce28

Request headers

Referer
https://promotions.voodoodreams.com/bookofdead/de/?programme=aff&source=netrefer&btag=654577_F440CE4A3A1F46E899432000F622BF02&DynamicID=102d15852dc8357ad1e0726002075e
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 03 Feb 2019 13:24:13 GMT
content-encoding
gzip
server
nginx
access-control-allow-origin
*
vary
Accept-Encoding
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
text/javascript; charset=utf-8
content-length
210
expires
-1
wid.gif
engine.widespace.com/map/engine/ 		45 B
422 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://engine.widespace.com/map/engine/wid.gif
Requested by
Host: promotions.voodoodreams.com
URL: https://promotions.voodoodreams.com/bookofdead/de/?programme=aff&source=netrefer&btag=654577_F440CE4A3A1F46E899432000F622BF02&DynamicID=102d15852dc8357ad1e0726002075e
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.230.93.110 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-54-230-93-110.fra2.r.cloudfront.net
Software
nginx/1.12.2 /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Request headers

Referer
https://promotions.voodoodreams.com/bookofdead/de/?programme=aff&source=netrefer&btag=654577_F440CE4A3A1F46E899432000F622BF02&DynamicID=102d15852dc8357ad1e0726002075e
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 03 Feb 2019 13:24:14 GMT
via
1.1 8391f131e4acb30724947dab1f8592a5.cloudfront.net (CloudFront)
server
nginx/1.12.2
x-cache
Miss from cloudfront
content-type
image/gif
status
200
cache-control
public, max-age=86400
content-length
45
x-amz-cf-id
s4rWblUd5c_RjQLz33_IHyCfnY5Uh7gEw9ySIb5AKbL0ilq_U4wvvw==
/
track.adform.net/Serving/TrackPoint/ 		18 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://track.adform.net/Serving/TrackPoint/?pm=571454&ADFPageName=vddenyc_V&ADFdivider=%7C&ord=753659318170&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fpromotions.voodoodreams.com%2Fbookofdead%2Fde%2F%3Fprogramme%3Daff%26source%3Dnetrefer%26btag%3D654577_F440CE
Requested by
Host: track.adform.net
URL: https://track.adform.net/serving/scripts/trackpoint/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.238 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
d598a28d9043db27c94eb1bf2708d82c8b8797d405851b3d14eeb53407bec688

Request headers

Referer
https://promotions.voodoodreams.com/bookofdead/de/?programme=aff&source=netrefer&btag=654577_F440CE4A3A1F46E899432000F622BF02&DynamicID=102d15852dc8357ad1e0726002075e
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 03 Feb 2019 13:24:13 GMT
content-encoding
gzip
server
nginx
access-control-allow-origin
*
vary
Accept-Encoding
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
text/javascript; charset=utf-8
content-length
8646
expires
-1
/
track.adform.net/serving/container/ Frame 5465 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://track.adform.net/serving/container/?pm=912701&lid=40592943&ctype=0&media=0&PageName=promotions.voodoodreams.com%2fbookofdead%2fde%2f&rnd=1967919093&cpref=&loc=https%3a%2f%2fpromotions.voodoodreams.com%2fbookofdead%2fde%2f%3fprogramme%3daff%26source%3dnetrefer%26btag%3d654577_F440CE4A3A1F46E899432000F622BF02%26DynamicID%3d102d15852dc8357ad1e0726002075e
Requested by
Host: track.adform.net
URL: https://track.adform.net/serving/scripts/trackpoint/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.238 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

:method
GET
:authority
track.adform.net
:scheme
https
:path
/serving/container/?pm=912701&lid=40592943&ctype=0&media=0&PageName=promotions.voodoodreams.com%2fbookofdead%2fde%2f&rnd=1967919093&cpref=&loc=https%3a%2f%2fpromotions.voodoodreams.com%2fbookofdead%2fde%2f%3fprogramme%3daff%26source%3dnetrefer%26btag%3d654577_F440CE4A3A1F46E899432000F622BF02%26DynamicID%3d102d15852dc8357ad1e0726002075e
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://promotions.voodoodreams.com/bookofdead/de/?programme=aff&source=netrefer&btag=654577_F440CE4A3A1F46E899432000F622BF02&DynamicID=102d15852dc8357ad1e0726002075e
accept-encoding
gzip, deflate, br
cookie
cid=-5750631979060554420,0,0,0,0; uid=-5750631979060554420
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://promotions.voodoodreams.com/bookofdead/de/?programme=aff&source=netrefer&btag=654577_F440CE4A3A1F46E899432000F622BF02&DynamicID=102d15852dc8357ad1e0726002075e

Response headers

status
200
server
nginx
date
Sun, 03 Feb 2019 13:24:13 GMT
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
content-encoding
gzip
expires
-1
vary
Accept-Encoding
access-control-allow-origin
*
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
/
track.adform.net/Serving/TrackPoint/ 		35 B
392 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.adform.net/Serving/TrackPoint/?pm=912686&ADFPageName=Global%20VD%20SE%20RT%20TP&ADFdivider=|
Requested by
Host: promotions.voodoodreams.com
URL: https://promotions.voodoodreams.com/bookofdead/de/?programme=aff&source=netrefer&btag=654577_F440CE4A3A1F46E899432000F622BF02&DynamicID=102d15852dc8357ad1e0726002075e
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.238 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

Referer
https://promotions.voodoodreams.com/bookofdead/de/?programme=aff&source=netrefer&btag=654577_F440CE4A3A1F46E899432000F622BF02&DynamicID=102d15852dc8357ad1e0726002075e
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 03 Feb 2019 13:24:13 GMT
server
nginx
access-control-allow-origin
*
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
expires
-1
/
track.adform.net/wpf/v2/.ta44j1c.lY5BNvcKyAdMUDFBpBeA0fUm7qKFz0Xnj3wMvsD7z5meTuCUMz_WMXdMYGzXJJIneGffLMC7EZ3QHPBirTYKUowRslzRQqwSM2VHqwodv.numypZHgfLMC7AeLd7FmrpwoNN5uQ4s5uQ1szHVyVxFAk.rpwoNJ9z4oYY... 		109 B
588 B 		Script
General
Check archive.org
Download Go to
Full URL
https://track.adform.net/wpf/v2/.ta44j1c.lY5BNvcKyAdMUDFBpBeA0fUm7qKFz0Xnj3wMvsD7z5meTuCUMz_WMXdMYGzXJJIneGffLMC7EZ3QHPBirTYKUowRslzRQqwSM2VHqwodv.numypZHgfLMC7AeLd7FmrpwoNN5uQ4s5uQ1szHVyVxFAk.rpwoNJ9z4oYYLzZGgeWy24bT8sjrkRGyC_JxoPyjzA1j4Hj5Yz3ccbbJYMLgiPFU77qZoOSix5ezdstlYysrhsui6._htdIq0bp_xf7_OLgiPFMtrs1OeyjaY2FrYelVqZgtpiDBv65RrnAJnbJlpMpwoNSUC56MnGWpwoNHHACVZXnN9NEOHpGZxidfg.D_DJhCizgzH_y3EjNpmVWN9dPBSorNNJRZtG2hiwfxFMtJyxYMJ5tFFg4K1kl1BNlY6RjJNlY52DLrV9BNorW6Tv4pA4.L9.gJ0Nc1lF4XVA4.9gJ.c4elF1eLf4.pwoRbA4.pwoRbA4.90PgJ.c4elF1rfs.CN8/serving/trackpoint/?pm=571454&ADFPageName=vddenyc_V&ADFdivider=%7c&ord=753659318170&Set1=en-US%7cen-US%7c1600x1200%7c24&ADFtpmode=2&loc=https%3a%2f%2fpromotions.voodoodreams.com%2fbookofdead%2fde%2f%3fprogramme%3daff%26source%3dnetrefer%26btag%3d654577_F440CE&catdt=0
Requested by
Host: track.adform.net
URL: https://track.adform.net/serving/scripts/trackpoint/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.238 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
cfb3d07f356fa68a8dfecb6d9655193bb0f6a6ba68ed69bddb71530eaa7e48b1

Request headers

Referer
https://promotions.voodoodreams.com/bookofdead/de/?programme=aff&source=netrefer&btag=654577_F440CE4A3A1F46E899432000F622BF02&DynamicID=102d15852dc8357ad1e0726002075e
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 03 Feb 2019 13:24:13 GMT
content-encoding
gzip
server
nginx
access-control-allow-origin
*
vary
Accept-Encoding
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
text/javascript; charset=utf-8
content-length
185
expires
-1
tags
userbeacon.widespace.com/userbeacon/v1/ 		37 B
210 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://userbeacon.widespace.com/userbeacon/v1/tags?data=%7B%22beaconUUIDs%22%3A%5B%22a127a20c-943f-4214-9109-a17c0ce0224d%22%5D%7D&v=1549200253921
Requested by
Host: promotions.voodoodreams.com
URL: https://promotions.voodoodreams.com/bookofdead/de/?programme=aff&source=netrefer&btag=654577_F440CE4A3A1F46E899432000F622BF02&DynamicID=102d15852dc8357ad1e0726002075e
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.251.205.156 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-34-251-205-156.eu-west-1.compute.amazonaws.com
Software
nginx/1.10.2 / Undertow 1
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer
https://promotions.voodoodreams.com/bookofdead/de/?programme=aff&source=netrefer&btag=654577_F440CE4A3A1F46E899432000F622BF02&DynamicID=102d15852dc8357ad1e0726002075e
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 03 Feb 2019 13:24:14 GMT
Server
nginx/1.10.2
Connection
keep-alive
X-Powered-By
Undertow 1
Content-Length
37
Content-Type
image/gif
analytics.js
www.google-analytics.com/ 		43 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TLMNPH
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:825::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://promotions.voodoodreams.com/bookofdead/de/?programme=aff&source=netrefer&btag=654577_F440CE4A3A1F46E899432000F622BF02&DynamicID=102d15852dc8357ad1e0726002075e
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 16 Jan 2019 20:01:45 GMT
server
Golfe2
age
5707
date
Sun, 03 Feb 2019 11:49:07 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="44,43,39"
content-length
17543
expires
Sun, 03 Feb 2019 13:49:07 GMT
/
track.adform.net/Serving/Cookie/ 		93 B
470 B 		Script
General
Check archive.org
Download Go to
Full URL
https://track.adform.net/Serving/Cookie/?adfaction=getjs;adfcookname=uid
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TLMNPH
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.238 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
a3faef6956dadef3c0abe30df17f6c6eb06539c63452a2c009c6145f62b8c721

Request headers

Referer
https://promotions.voodoodreams.com/bookofdead/de/?programme=aff&source=netrefer&btag=654577_F440CE4A3A1F46E899432000F622BF02&DynamicID=102d15852dc8357ad1e0726002075e
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 03 Feb 2019 13:24:14 GMT
content-encoding
gzip
server
nginx
access-control-allow-origin
*
vary
Accept-Encoding
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
status
200
cache-control
no-cache, no-store, must-revalidate, no-transform
content-type
text/javascript; charset=utf-8
content-length
202
expires
-1
ga-audiences
www.google.de/ads/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j73&a=703391638&t=pageview&_s=1&dl=https%3A%2F%2Fpromotions.voodoodreams.com%2Fbookofdead%2Fde%2F%3Fprogramme%3Daff%26source%3Dnetrefer%26btag%3D65...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-71968518-2&cid=813348858.1549200254&jid=1944123652&_gid=1387222808.1549200254&gjid=781252841&_v=j73&z=511489257
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-71968518-2&cid=813348858.1549200254&jid=1944123652&_v=j73&z=511489257
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-71968518-2&cid=813348858.1549200254&jid=1944123652&_v=j73&z=511489257&slf_rd=1&random=3806476707
42 B
109 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-71968518-2&cid=813348858.1549200254&jid=1944123652&_v=j73&z=511489257&slf_rd=1&random=3806476707
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:81c::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://promotions.voodoodreams.com/bookofdead/de/?programme=aff&source=netrefer&btag=654577_F440CE4A3A1F46E899432000F622BF02&DynamicID=102d15852dc8357ad1e0726002075e
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 03 Feb 2019 13:24:14 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="44,43,39"
content-length
42
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Sun, 03 Feb 2019 13:24:14 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
location
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-71968518-2&cid=813348858.1549200254&jid=1944123652&_v=j73&z=511489257&slf_rd=1&random=3806476707
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
cache-control
no-cache, no-store, must-revalidate
content-type
text/html; charset=UTF-8
alt-svc
quic=":443"; ma=2592000; v="44,43,39"
content-length
0
x-xss-protection
1; mode=block
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask object| dataLayer function| GetUrlValue object| google_tag_manager object| _adftrack object| Adform object| KJUR object| adf object| fortyone object| wisp string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData

4 Cookies

Domain/Path Name / Value
.adform.net/ Name: uid
Value: -5750631979060554490
track.adform.net/ Name: cid
Value: -5750631979060554490,0,0,0,0
.adform.net/ Name: _fbp
Value: fb.1.1549200254152.501489892
.voodoodreams.com/ Name: __cfduid
Value: d139cfc70daf3364d562630726b3169981549200253

2 Console Messages

Source Level URL
Text
console-api log (Line 1)
Message:
Error fetching clientId
console-api log (Line 1)
Message:
Error fetching clientId

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a1.adform.net
ads.suprnation.com
engine.widespace.com
iamtrk2.com
ip214.ip-51-68-203.eu
lltrk01.com
promotions.voodoodreams.com
ringfoot.com
stats.g.doubleclick.net
tag.widespace.com
track.adform.net
tracking.ibxlink.com
userbeacon.widespace.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
146.177.40.248
207.99.98.155
2606:4700:10::6814:7c
2a00:1450:4001:806::2008
2a00:1450:4001:81c::2003
2a00:1450:4001:820::2004
2a00:1450:4001:825::200e
2a00:1450:400c:c0a::9b
34.251.205.156
35.204.107.25
37.157.2.236
37.157.2.238
51.68.203.214
52.213.126.145
54.230.93.110
54.230.93.131
0d2e34011586bfe43c2879eacce2701afc5643b8d6cf26db39a07b7f81d5ce28
0e84e4eee8a5e955a214c03ac37ab39c847f65b7a0e95a26cdf25e361bfcee98
3a5e31041a150633c40b8f381a3dca1c6a7767da325f2efd3abbe1dba797fc5e
3af5896b4931086189aa64d37cde2257bface5c8f4348caf7064a947b35c657f
3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22
5d9e8cfd13ab9f3cb184ee716c93c4c007837b001ab17f762269a64b2d8958cc
685182f5135724d079f9793db6882583e5d44a857ae959251a1cd712673f4a51
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
a3faef6956dadef3c0abe30df17f6c6eb06539c63452a2c009c6145f62b8c721
a631e8098179b4b6feaca08bce747cb8b3c53450c3fe30eead2c3f23dd288265
afd579ae2f64e3fe6f3838d26fd900e49584f8069d9ebc78c8008b95eb1e7df4
bb03d0e10220c4b0946064a69e3ed998bfc77e07c5eaaac3352243a08290b9cd
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
cfb3d07f356fa68a8dfecb6d9655193bb0f6a6ba68ed69bddb71530eaa7e48b1
d598a28d9043db27c94eb1bf2708d82c8b8797d405851b3d14eeb53407bec688
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
ebb453adc4e86bf8f2ebb4269714b999e5056696458ef2a859250258ac0c7087
ec5faa3f77c5e7ff0b43a16d8ac93f6c3a6ed1d742479250dab671071d8f9cda
ed5b0535b11c87661abd263e4b91cbd9309dfcd935c808bfc612484257b39635
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f71949eb5abb767c30181fee3c683cf75a45e2a6f9573c0f6bccea82927a46b4