urlscan.io logo urlscan.io
SecurityTrails logo

promo.iredirect.net Open in urlscan Pro
66.212.229.139  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://hair.showmesmile.es/?NzQ5MzM4ODI9MTk2NzcmMjY0OTEyNj0zOTMmMzc9Y2xpY2smdTE1d2VrPTgmbGlkPTM3MTE1
Effective URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Submission: On April 10 via api from BE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 10 IPs in 4 countries across 15 domains to perform 38 HTTP transactions. The main IP is 66.212.229.139, located in United States and belongs to CL-1379-14537, US. The main domain is promo.iredirect.net.
TLS certificate: Issued by GoGetSSL RSA DV CA on February 16th 2020. Valid for: 2 years.
This is the only time promo.iredirect.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 108.61.12.76 20473 (AS-CHOOPA)
1 1 146.71.76.123 47869 (NETROUTIN...)
1 2 107.172.7.100 36352 (AS-COLOCR...)
1 78.142.29.109 201133 (VERDINA)
1 1 216.189.40.128 6921 (ARACHNITEC)
1 2 154.16.205.185 20278 (NEXEON)
1 1 66.212.229.144 14537 (CL-1379-1...)
1 6 66.212.229.139 14537 (CL-1379-1...)
4 2606:4700::68... 13335 (CLOUDFLAR...)
21 66.212.229.189 14537 (CL-1379-1...)
1 3 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 66.212.229.188 14537 (CL-1379-1...)
38 10
1    108.61.12.76 (Matawan, United States)

ASN20473 (AS-CHOOPA, US)
PTR: 108.61.12.76.choopa.com
hair.showmesmile.es
1    146.71.76.123 (United States)

ASN47869 (NETROUTING-AS, NL)
zharewardss.com
2    107.172.7.100 (Buffalo, United States)

ASN36352 (AS-COLOCROSSING, US)
PTR: 107-172-7-100-host.colocrossing.com
qalkawell.com
1    78.142.29.109 (Bulgaria)

ASN201133 (VERDINA, BZ)
laudypauty.com
1    216.189.40.128 (United States)

ASN6921 (ARACHNITEC, US)
m1o6.newestlinks.company
2    154.16.205.185 (Los Angeles, United States)

ASN20278 (NEXEON, US)
efadfre.jwihbq.live
1    66.212.229.144 (United States)

ASN14537 (CL-1379-14537, US)
click.cr-brands.net
6    66.212.229.139 (United States)

ASN14537 (CL-1379-14537, US)
promo.iredirect.net
4    2606:4700::6810:5514 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.jsdelivr.net
21    66.212.229.189 (United States)

ASN14537 (CL-1379-14537, US)
cdn.iredirect.net
www.zxcdn.com
img.iredirect.net
3    2a00:1450:4001:817::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2a00:1450:4001:81d::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2a00:1450:400c:c00::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    2a00:1450:4001:809::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:4001:825::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
1    66.212.229.188 (United States)

ASN14537 (CL-1379-14537, US)
api.iredirect.net
Domain Requested by
9 img.iredirect.net promo.iredirect.net
8 cdn.iredirect.net promo.iredirect.net
6 promo.iredirect.net 1 redirects efadfre.jwihbq.live
promo.iredirect.net
cdn.jsdelivr.net
4 www.zxcdn.com promo.iredirect.net
4 cdn.jsdelivr.net promo.iredirect.net
3 www.google-analytics.com 1 redirects promo.iredirect.net
2 efadfre.jwihbq.live 1 redirects laudypauty.com
2 qalkawell.com 1 redirects
1 api.iredirect.net cdn.jsdelivr.net
1 www.google.de promo.iredirect.net
1 www.google.com 1 redirects
1 stats.g.doubleclick.net 1 redirects
1 www.googletagmanager.com promo.iredirect.net
1 click.cr-brands.net 1 redirects
1 m1o6.newestlinks.company 1 redirects
1 laudypauty.com qalkawell.com
1 zharewardss.com 1 redirects
1 hair.showmesmile.es 1 redirects
38 18

This site contains links to these domains. Also see Links.

Domain
www.zodiaccasino.com
Subject Issuer Validity Valid
qalkawell.com
Let's Encrypt Authority X3		 2020-04-08 -
2020-07-07		 3 months crt.sh
www.laudypauty.com
Go Daddy Secure Certificate Authority - G2		 2019-04-30 -
2020-06-28		 a year crt.sh
jwihbq.live
Let's Encrypt Authority X3		 2020-03-11 -
2020-06-09		 3 months crt.sh
*.iredirect.net
GoGetSSL RSA DV CA		 2020-02-16 -
2022-02-28		 2 years crt.sh
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2		 2020-04-06 -
2020-10-09		 6 months crt.sh
*.zxcdn.com
GoGetSSL RSA DV CA		 2019-08-30 -
2021-09-05		 2 years crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-03-24 -
2020-06-16		 3 months crt.sh
www.google.de
GTS CA 1O1		 2020-03-24 -
2020-06-16		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Frame ID: 9410581B7B518F59696DDDC03699FE39
Requests: 38 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://hair.showmesmile.es/?NzQ5MzM4ODI9MTk2NzcmMjY0OTEyNj0zOTMmMzc9Y2xpY2smdTE1d2VrPTgmbGlkPTM3MTE1 HTTP 302
    http://zharewardss.com/r/2f0bec7b-45eb-4030-bfb8-0d7a64700e60//393_108.61.12.76_37_185.216.34.172/7... HTTP 302
    https://qalkawell.com/r/29e028de-409a-4a78-8317-2efe4b5cb991//393_108.61.12.76_37_185.216.34.172/7... Page URL
  2. https://qalkawell.com/r2/29e028de-409a-4a78-8317-2efe4b5cb991//393_108.61.12.76_37_185.216.34.172/... HTTP 302
    https://laudypauty.com/fff0852e2b321b3800/100/81a7ab70-7e94-4f24-9c64-cc14f1db8e98 Page URL
  3. https://m1o6.newestlinks.company/?s1=898152017&s2=472125&kw=472125 HTTP 302
    https://efadfre.jwihbq.live/?sov=6fa9cf923ea&hid=eogoimmumukiiekemu&&cntrl=00000&pid=10044&redid=75393&g... Page URL
  4. https://efadfre.jwihbq.live/ITS458nodepositAT.html?sov=6fa9cf923ea&cntrl=00000&pid=10044&redid=75393&gsi... HTTP 302
    https://click.cr-brands.net/affiliate/referral.asp?site=rea&url=pop/de/zc/11&seg=52055&lid=215864&aff_id... HTTP 301
    https://promo.iredirect.net/referral.asp?aff_id=5359_52055_23482_4408_57_347_3-75393|6fa9cf923ea|971252d... HTTP 301
    https://promo.iredirect.net/rea/pop/de/zc/11/?v=0 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Overall confidence: 100%
Detected patterns
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
  • script /jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • script /jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?/i

Page Statistics

38
Requests

100 %
HTTPS

38 %
IPv6

15
Domains

18
Subdomains

10
IPs

4
Countries

623 kB
Transfer

1094 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://hair.showmesmile.es/?NzQ5MzM4ODI9MTk2NzcmMjY0OTEyNj0zOTMmMzc9Y2xpY2smdTE1d2VrPTgmbGlkPTM3MTE1 HTTP 302
    http://zharewardss.com/r/2f0bec7b-45eb-4030-bfb8-0d7a64700e60//393_108.61.12.76_37_185.216.34.172/74933882_2649126_37115/ HTTP 302
    https://qalkawell.com/r/29e028de-409a-4a78-8317-2efe4b5cb991//393_108.61.12.76_37_185.216.34.172/74933882_2649126_37115//?fctr=1&ptid=08eb7587-47ae-47f9-bb90-82ba16770f24 Page URL
  2. https://qalkawell.com/r2/29e028de-409a-4a78-8317-2efe4b5cb991//393_108.61.12.76_37_185.216.34.172/74933882_2649126_37115/81a7ab70-7e94-4f24-9c64-cc14f1db8e98/?fctr=1&ptid=08eb7587-47ae-47f9-bb90-82ba16770f24&fctr=1 HTTP 302
    https://laudypauty.com/fff0852e2b321b3800/100/81a7ab70-7e94-4f24-9c64-cc14f1db8e98 Page URL
  3. https://m1o6.newestlinks.company/?s1=898152017&s2=472125&kw=472125 HTTP 302
    https://efadfre.jwihbq.live/?sov=6fa9cf923ea&hid=eogoimmumukiiekemu&&cntrl=00000&pid=10044&redid=75393&gsid=488&campaign_id=1228&p_id=10044&id=XNSX.898152017%3A%3A472125-r75393-t488&impid=96b347a6-7b65-11ea-aaef-12c26be3c49e Page URL
  4. https://efadfre.jwihbq.live/ITS458nodepositAT.html?sov=6fa9cf923ea&cntrl=00000&pid=10044&redid=75393&gsid=488&campaign_id=1228&p_id=10044&id=XNSX.898152017%3A%3A472125-r75393-t488&impid=96b347a6-7b65-11ea-aaef-12c26be3c49e&tov=683383 HTTP 302
    https://click.cr-brands.net/affiliate/referral.asp?site=rea&url=pop/de/zc/11&seg=52055&lid=215864&aff_id=5359_52055_23482_4408_57_347_3-75393|6fa9cf923ea|971252d2-7b65-11ea-b5f0-5eaadaa35394| HTTP 301
    https://promo.iredirect.net/referral.asp?aff_id=5359_52055_23482_4408_57_347_3-75393|6fa9cf923ea|971252d2-7b65-11ea-b5f0-5eaadaa35394|&pop_up=1&url=/rea/pop/de/zc/11&seg=52055&lid=215864 HTTP 301
    https://promo.iredirect.net/rea/pop/de/zc/11/?v=0 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://hair.showmesmile.es/?NzQ5MzM4ODI9MTk2NzcmMjY0OTEyNj0zOTMmMzc9Y2xpY2smdTE1d2VrPTgmbGlkPTM3MTE1 HTTP 302
  • http://zharewardss.com/r/2f0bec7b-45eb-4030-bfb8-0d7a64700e60//393_108.61.12.76_37_185.216.34.172/74933882_2649126_37115/ HTTP 302
  • https://qalkawell.com/r/29e028de-409a-4a78-8317-2efe4b5cb991//393_108.61.12.76_37_185.216.34.172/74933882_2649126_37115//?fctr=1&ptid=08eb7587-47ae-47f9-bb90-82ba16770f24
Request Chain 1
  • https://qalkawell.com/r2/29e028de-409a-4a78-8317-2efe4b5cb991//393_108.61.12.76_37_185.216.34.172/74933882_2649126_37115/81a7ab70-7e94-4f24-9c64-cc14f1db8e98/?fctr=1&ptid=08eb7587-47ae-47f9-bb90-82ba16770f24&fctr=1 HTTP 302
  • https://laudypauty.com/fff0852e2b321b3800/100/81a7ab70-7e94-4f24-9c64-cc14f1db8e98
Request Chain 2
  • https://m1o6.newestlinks.company/?s1=898152017&s2=472125&kw=472125 HTTP 302
  • https://efadfre.jwihbq.live/?sov=6fa9cf923ea&hid=eogoimmumukiiekemu&&cntrl=00000&pid=10044&redid=75393&gsid=488&campaign_id=1228&p_id=10044&id=XNSX.898152017%3A%3A472125-r75393-t488&impid=96b347a6-7b65-11ea-aaef-12c26be3c49e
Request Chain 34
  • https://www.google-analytics.com/r/collect?v=1&_v=j81&a=2055229726&t=pageview&_s=1&dl=https%3A%2F%2Fpromo.iredirect.net%2Frea%2Fpop%2Fde%2Fzc%2F11%2F%3Fv%3D0&dr=https%253A%252F%252Fefadfre.jwihbq.live%252F&ul=en-us&de=UTF-8&dt=Zodiac%20Casino!&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABC~&jid=1186635584&gjid=1851265188&cid=1778362467.1586548687&tid=UA-85618867-1&_gid=484109653.1586548687&_r=1&cd9=351&cd34=de&cd83=ouEuwKs4rH4OYYTvecyzJJKK5%2B1rDz2siGxf5qHy3v0%3D&cd85=5359_52055_23482_4408_57_347_3-75393%7C6fa9cf923ea%7C971252d2-7b65-11ea-b5f0-5eaadaa35394%7C&cd89=wizfulladdress_https&cd90=pop_zc_11_0&cd91=wizfulladdress&cd124=catch_zc&cd125=1&cd126=11&cd127=0&cd128=ZC&cd129=&cd130=&cd131=EMPTY&z=545341607 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-85618867-1&cid=1778362467.1586548687&jid=1186635584&_gid=484109653.1586548687&gjid=1851265188&_v=j81&z=545341607 HTTP 302
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-85618867-1&cid=1778362467.1586548687&jid=1186635584&_v=j81&z=545341607 HTTP 302
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-85618867-1&cid=1778362467.1586548687&jid=1186635584&_v=j81&z=545341607&slf_rd=1&random=290098998

38 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
qalkawell.com/r/29e028de-409a-4a78-8317-2efe4b5cb991//393_108.61.12.76_37_185.216.34.172/74933882_2649126_37115//
Redirect Chain
  • http://hair.showmesmile.es/?NzQ5MzM4ODI9MTk2NzcmMjY0OTEyNj0zOTMmMzc9Y2xpY2smdTE1d2VrPTgmbGlkPTM3MTE1
  • http://zharewardss.com/r/2f0bec7b-45eb-4030-bfb8-0d7a64700e60//393_108.61.12.76_37_185.216.34.172/74933882_2649126_37115/
  • https://qalkawell.com/r/29e028de-409a-4a78-8317-2efe4b5cb991//393_108.61.12.76_37_185.216.34.172/74933882_2649126_37115//?fctr=1&ptid=08eb7587-47ae-47f9-bb90-82ba16770f24
784 B
920 B 		Document
General
Check archive.org
Download Go to
Full URL
https://qalkawell.com/r/29e028de-409a-4a78-8317-2efe4b5cb991//393_108.61.12.76_37_185.216.34.172/74933882_2649126_37115//?fctr=1&ptid=08eb7587-47ae-47f9-bb90-82ba16770f24
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
107.172.7.100 Buffalo, United States, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS
107-172-7-100-host.colocrossing.com
Software
nginx /
Resource Hash
0b04e332c13056395cf9da25ffbbddfceb4e75cb91f5c31327be8aabc3fe6d21

Request headers

Host
qalkawell.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Server
nginx
Date
Fri, 10 Apr 2020 19:58:01 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
set-cookie
8e4d8882-511a-4735-b38f-b657767e925e=81a7ab70-7e94-4f24-9c64-cc14f1db8e98; Version=1; Expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; Domain=qalkawell.com; Path=/ 8e4d8882-511a-4735-b38f-b657767e925e-check=81a7ab70-7e94-4f24-9c64-cc14f1db8e98; Version=1; Expires=Fri, 10-Apr-2020 20:08:01 GMT; Max-Age=600; Domain=qalkawell.com; Path=/
Cache-Control
no-cache
Expires
Fri, 10 Apr 2020 19:58:01 GMT
Content-Encoding
gzip

Redirect headers

Server
nginx
Date
Fri, 10 Apr 2020 19:58:00 GMT
Content-Length
193
Connection
keep-alive
Location
https://qalkawell.com/r/29e028de-409a-4a78-8317-2efe4b5cb991//393_108.61.12.76_37_185.216.34.172/74933882_2649126_37115//?fctr=1&ptid=08eb7587-47ae-47f9-bb90-82ba16770f24
Cache-Control
no-cache
Expires
Fri, 10 Apr 2020 19:58:00 GMT
Cookie set 81a7ab70-7e94-4f24-9c64-cc14f1db8e98
laudypauty.com/fff0852e2b321b3800/100/
Redirect Chain
  • https://qalkawell.com/r2/29e028de-409a-4a78-8317-2efe4b5cb991//393_108.61.12.76_37_185.216.34.172/74933882_2649126_37115/81a7ab70-7e94-4f24-9c64-cc14f1db8e98/?fctr=1&ptid=08eb7587-47ae-47f9-bb90-82...
  • https://laudypauty.com/fff0852e2b321b3800/100/81a7ab70-7e94-4f24-9c64-cc14f1db8e98
129 B
382 B 		Document
General
Check archive.org
Download Go to
Full URL
https://laudypauty.com/fff0852e2b321b3800/100/81a7ab70-7e94-4f24-9c64-cc14f1db8e98
Requested by
Host: qalkawell.com
URL: https://qalkawell.com/r/29e028de-409a-4a78-8317-2efe4b5cb991//393_108.61.12.76_37_185.216.34.172/74933882_2649126_37115//?fctr=1&ptid=08eb7587-47ae-47f9-bb90-82ba16770f24
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
78.142.29.109 , Bulgaria, ASN201133 (VERDINA, BZ),
Reverse DNS
Software
Apache /
Resource Hash
1c01f13c1f0ce68e191dba14e43ef9ee200592e8e19652003f919928e6ed9240

Request headers

Host
laudypauty.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Referer
https://qalkawell.com/r/29e028de-409a-4a78-8317-2efe4b5cb991//393_108.61.12.76_37_185.216.34.172/74933882_2649126_37115//?fctr=1&ptid=08eb7587-47ae-47f9-bb90-82ba16770f24
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document
Referer
https://qalkawell.com/r/29e028de-409a-4a78-8317-2efe4b5cb991//393_108.61.12.76_37_185.216.34.172/74933882_2649126_37115//?fctr=1&ptid=08eb7587-47ae-47f9-bb90-82ba16770f24

Response headers

Date
Fri, 10 Apr 2020 19:58:02 GMT
Content-Type
text/html; charset=UTF-8
Content-Length
129
Server
Apache
Set-Cookie
uid3546=898152017-20200410145802-d7fbf5f46bf47d86452532b502097749-; domain=; path=/; SameSite=None; Secure

Redirect headers

Server
nginx
Date
Fri, 10 Apr 2020 19:58:01 GMT
Content-Length
105
Connection
keep-alive
set-cookie
8e4d8882-511a-4735-b38f-b657767e925e=81a7ab70-7e94-4f24-9c64-cc14f1db8e98; Version=1; Expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; Domain=qalkawell.com; Path=/
Location
https://laudypauty.com/fff0852e2b321b3800/100/81a7ab70-7e94-4f24-9c64-cc14f1db8e98
Cache-Control
no-cache
Expires
Fri, 10 Apr 2020 19:58:01 GMT
Cookie set /
efadfre.jwihbq.live/
Redirect Chain
  • https://m1o6.newestlinks.company/?s1=898152017&s2=472125&kw=472125
  • https://efadfre.jwihbq.live/?sov=6fa9cf923ea&hid=eogoimmumukiiekemu&&cntrl=00000&pid=10044&redid=75393&gsid=488&campaign_id=1228&p_id=10044&id=XNSX.898152017%3A%3A472125-r75393-t488&impid=96b347a6-...
1 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://efadfre.jwihbq.live/?sov=6fa9cf923ea&hid=eogoimmumukiiekemu&&cntrl=00000&pid=10044&redid=75393&gsid=488&campaign_id=1228&p_id=10044&id=XNSX.898152017%3A%3A472125-r75393-t488&impid=96b347a6-7b65-11ea-aaef-12c26be3c49e
Requested by
Host: laudypauty.com
URL: https://laudypauty.com/fff0852e2b321b3800/100/81a7ab70-7e94-4f24-9c64-cc14f1db8e98
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
154.16.205.185 Los Angeles, United States, ASN20278 (NEXEON, US),
Reverse DNS
Software
/
Resource Hash
850b2c2935a3875b2bc17af756bb0ba72f406354e0b5866334facaf3e1706414

Request headers

Host
efadfre.jwihbq.live
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Referer
https://laudypauty.com/fff0852e2b321b3800/100/81a7ab70-7e94-4f24-9c64-cc14f1db8e98
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document
Referer
https://laudypauty.com/fff0852e2b321b3800/100/81a7ab70-7e94-4f24-9c64-cc14f1db8e98

Response headers

Date
Fri, 10 Apr 2020 19:58:04 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie
ci_session=7BHy3fyRqlILiIOMiZTlaV%2FpfUD2RsX%2FpsGSXjsLC5wLYyMgQKbwtP01pkyxiQMTuqkV1m1W0mhKrPmXTIh9RUC8YzIGsS%2F8Cc6dzqylWK5ix86q3CKMI%2BBBfJ%2Fv2a0H1yD1Vocm4uqAgc3FzZTHlxFLV6jsAJVBRhuPAdVYBSS64f7Uxmde2CBss6HzkcvMqbSk2Ci87SQcDFO65eUvpfhbfFqiKnzlVwQEJgGTybRDbCGi803AA9LpKVjN0IjQ%2BRJEwZTRXs3eSI89zF0ze3obTr6s8549NqGeOjAZuUTDv%2Bl84yenrgfioFiRPeUbGAv2Pjy%2FwUsr4q9nlOpzjg83szeG6mH1MMal9Rvnv7P0KCmlnCqlFwKxD%2F2fCSO%2BTw8k1q57QpidBVE6JOE3OgsmRIMUu1QPHtzmB7EhYLszyi1U4oNmp8PupUh3T92rOadyrA6bqN1i1zZs%2BrE8bw%3D%3D; expires=Sat, 11-Apr-2020 19:58:04 GMT; Max-Age=86400; path=/; domain=.efadfre.jwihbq.live click_id_96b347a6-7b65-11ea-aaef-12c26be3c49e=971252d2-7b65-11ea-b5f0-5eaadaa35394 id=XNSX.898152017%3A%3A472125-r75393-t488; expires=Sat, 11-Apr-2020 19:59:44 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live SITE_ID=6fa9cf923ea; expires=Sat, 11-Apr-2020 19:59:44 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live sov=6fa9cf923ea; expires=Sat, 11-Apr-2020 19:59:44 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live tov=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.efadfre.jwihbq.live mov=noprelanders.mini; expires=Sat, 11-Apr-2020 19:59:44 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live redid=75393; expires=Sat, 11-Apr-2020 19:59:44 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live campaign_id=1228; expires=Sat, 11-Apr-2020 19:59:44 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live gsid=488; expires=Sat, 11-Apr-2020 19:59:44 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live pid=10044; expires=Sat, 11-Apr-2020 19:59:44 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live ref=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.efadfre.jwihbq.live impid=96b347a6-7b65-11ea-aaef-12c26be3c49e; expires=Sat, 11-Apr-2020 19:59:44 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live URI=sov%3D6fa9cf923ea%26hid%3Deogoimmumukiiekemu%26%26cntrl%3D00000%26pid%3D10044%26redid%3D75393%26gsid%3D488%26campaign_id%3D1228%26p_id%3D10044%26id%3DXNSX.898152017%253A%253A472125-r75393-t488%26impid%3D96b347a6-7b65-11ea-aaef-12c26be3c49e; expires=Sat, 11-Apr-2020 19:59:44 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live templateid=3988; expires=Sat, 11-Apr-2020 19:59:44 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live path=redirect; expires=Sat, 11-Apr-2020 19:59:44 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live version=683383; expires=Sat, 11-Apr-2020 19:59:44 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live tags[3988][expand_enable]=-1; expires=Sat, 11-Apr-2020 19:59:44 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live tags[3988][alert_enable]=0; expires=Sat, 11-Apr-2020 19:59:44 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live tags[3988][audio_enable]=0; expires=Sat, 11-Apr-2020 19:59:44 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live tags[3988][pop_enable]=0; expires=Sat, 11-Apr-2020 19:59:44 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live tags[683383][expand_enable]=-1; expires=Sat, 11-Apr-2020 19:59:44 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live tags[683383][alert_enable]=0; expires=Sat, 11-Apr-2020 19:59:44 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live tags[683383][audio_enable]=0; expires=Sat, 11-Apr-2020 19:59:44 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live tags[683383][pop_enable]=0; expires=Sat, 11-Apr-2020 19:59:44 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live content=683383; expires=Sat, 11-Apr-2020 19:59:44 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live token=70def0672a2837bfb94315e07fd8588b; expires=Sat, 11-Apr-2020 19:59:44 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live rpm=84; expires=Sat, 11-Apr-2020 19:59:44 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live log_6fa9cf923ea=1; expires=Sat, 11-Apr-2020 19:59:44 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live token=70def0672a2837bfb94315e07fd8588b; expires=Sat, 11-Apr-2020 19:59:44 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live rpm=84; expires=Sat, 11-Apr-2020 19:59:44 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live payload=393deecec095d8045b16d2ccbead5c3d635c36c9c08bc50ef1a9ae7e1b7b40fdf99ffedd13269d8f6e03605dc7e91494415a5427881815138226360dd96caf573a172d3dbfbe57ea10da50eef8c08d445c0f7617c01e123a03e7fd4b9f84429a2558ee22a484da1ac2b15a633a6c3e9ce53eb4cbfe22534f372eeceb237ffc99025b6b7526991b68286fdf9bfcada97bff5480ccb1c190a378f0fc7dbbb7a0761faca6d5c685594958bdece267738f48372ec6bd09961f4be49f073f284f4f5411bf530876177ed69409b8dd81f248f6c9bf17b7ec8b838e73c56dcff84b2d05f311eb65e65c20f45daa7b5ce08458bba2f908ec3f6d6ce1f9c38470fad429839f857858131a78926a5a28e35bd2fecd0245e8cea93aa9691d3eae74a4e7d9ba5f602036dd8a446f156644160c0967afeee3809ae32bb3cd380a37f425eacb9326ffa48fe399db3d5ff1be13660adac3a66b57f2a1da9c547d31478cb4fa47092cb746501e0f1461369b86d1aa79ccaa4b5868ec5b376fa04aef51525ab4122af0426228a9fdadd9c24fb761bd8356f8cf2f9cba6c461f4efab7acb2f3ef8e22043e496af970c03f1799ad26b880ceed27a4ed5e2b708f5b589090778cefb6c891605666398663efdf5edd7b19704fb3926a23866e4bc789b0b5707f51286412a799559169431b5927f37d805bac8742a0abe25e988a31d0d40b074911f40d7806338d1801f27655f8e8c671d33561b0a10d15269d2b43be19a85455b68613ed39669d525309d6316de8b6e69f5ad66b0fe11547f333a9db0838fd9cc06291a3c0d3dfa759c917892d571b403e86f8651479c576ed26ec02535ef6152e4e168b669f642824c27ac6d2c1ca5c300c9b8ec461a7f7bcf5bf493193d2655b3f65f62af885be198b320e5c71e1bc2fbe873f8b002f1ddd9a687b3dca5e4de7bdc0729914cac52fbb128453ed5b7a1c3faef473515aff4bcd3fbe4948f825f4866ac378e423f2587a16c81fb7205cb4ffe87f6828a2eb0ab44db9130fa195299f6fb3505fe7d2794b31dbc49c6d85c730fc255ab5e2507c26b8a6bce79910530517cb30782eafa6d2017dfffead6ed8b5f147abb18e7e29d01a0410788dd6dae6d54024b2bacbac66aff5d609abfb32c3ca57e8a8ce36fb78a21886f00cf8347e5f3284a37ea4514a5783fa03f499b7994a3378d0afb841e4212722dbe43e0b596737122c15f2d9bf4dff05a6055c9017852b13f72a46630e69e5086d4f7f1402ce0d684e0f660b7fb45a42098c51d93a09039628693c8dad96280b340aea9b7f1c57d7a9cce558c1bddc23895ba1ebc2b846d0bfbe320f426d873c7d82edf0ba451471c00b32f49d663efa04317a3efdec8752872266aee66c795b317ed5f3300aacd191a3b26d5314091106850f0dd499f34eac6ac22200682c03598a59c3a79781fec6d9668cc93f72eb6412121c4f2ac7f239bd8149376811fd0d7cf66f7e33589f9ef6582a775c2ebc91d4bec7f0cffa862fef1b44b783094cf34ef01871602a3d3992ede4dded1e0c734ca80663cb472456f62800fd7cf52cabbd5a7dbf01fdc28f4493d6e84ff3c0b3baf111ed55d48a975e46bf5748e52d629b77c6d7de82f7b8370f3f686b70d8cd131e7a3563bacd030c6909898f35c17bae2c84ca4e579926a71c855dab16d1; expires=Sat, 11-Apr-2020 19:59:44 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live payloadIV=e5238945bea45ba843b506db5d897a55; expires=Sat, 11-Apr-2020 19:59:44 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live init_ev=0; expires=Sat, 11-Apr-2020 19:59:44 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live id=XNSX.898152017%3A%3A472125-r75393-t488; expires=Sat, 11-Apr-2020 19:59:44 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live SITE_ID=6fa9cf923ea; expires=Sat, 11-Apr-2020 19:59:44 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live sov=6fa9cf923ea; expires=Sat, 11-Apr-2020 19:59:44 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live tov=683383; expires=Sat, 11-Apr-2020 19:59:44 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live mov=noprelanders.mini; expires=Sat, 11-Apr-2020 19:59:44 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live redid=75393; expires=Sat, 11-Apr-2020 19:59:44 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live campaign_id=1228; expires=Sat, 11-Apr-2020 19:59:44 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live gsid=488; expires=Sat, 11-Apr-2020 19:59:44 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live pid=10044; expires=Sat, 11-Apr-2020 19:59:44 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live ref=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.efadfre.jwihbq.live impid=96b347a6-7b65-11ea-aaef-12c26be3c49e; expires=Sat, 11-Apr-2020 19:59:44 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live tags[3988][iframe_enable]=0; expires=Sat, 11-Apr-2020 19:59:44 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live mini-backend=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
X-Source
Mini
X-Rot
683383
X-Sov
6fa9cf923ea
Expires
Mon, 01 Jan 2001 00:00:00 GMT
Cache-Control
no-cache
Pragma
no-cache
Content-Encoding
gzip

Redirect headers

Date
Fri, 10 Apr 2020 19:58:03 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
X-ImpID
96b347a6-7b65-11ea-aaef-12c26be3c49e
Location
https://efadfre.jwihbq.live/?sov=6fa9cf923ea&hid=eogoimmumukiiekemu&&cntrl=00000&pid=10044&redid=75393&gsid=488&campaign_id=1228&p_id=10044&id=XNSX.898152017%3A%3A472125-r75393-t488&impid=96b347a6-7b65-11ea-aaef-12c26be3c49e
Set-Cookie
redir-backend=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Primary Request /
promo.iredirect.net/rea/pop/de/zc/11/
Redirect Chain
  • https://efadfre.jwihbq.live/ITS458nodepositAT.html?sov=6fa9cf923ea&cntrl=00000&pid=10044&redid=75393&gsid=488&campaign_id=1228&p_id=10044&id=XNSX.898152017%3A%3A472125-r75393-t488&impid=96b347a6-7b...
  • https://click.cr-brands.net/affiliate/referral.asp?site=rea&url=pop/de/zc/11&seg=52055&lid=215864&aff_id=5359_52055_23482_4408_57_347_3-75393|6fa9cf923ea|971252d2-7b65-11ea-b5f0-5eaadaa35394|
  • https://promo.iredirect.net/referral.asp?aff_id=5359_52055_23482_4408_57_347_3-75393|6fa9cf923ea|971252d2-7b65-11ea-b5f0-5eaadaa35394|&pop_up=1&url=/rea/pop/de/zc/11&seg=52055&lid=215864
  • https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
47 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Requested by
Host: efadfre.jwihbq.live
URL: https://efadfre.jwihbq.live/?sov=6fa9cf923ea&hid=eogoimmumukiiekemu&&cntrl=00000&pid=10044&redid=75393&gsid=488&campaign_id=1228&p_id=10044&id=XNSX.898152017%3A%3A472125-r75393-t488&impid=96b347a6-7b65-11ea-aaef-12c26be3c49e
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.139 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
b288412c7a1e8b47c76fa7a7758b31124c270b468f4fd563640ae42ebec9b7a8

Request headers

:method
GET
:authority
promo.iredirect.net
:scheme
https
:path
/rea/pop/de/zc/11/?v=0
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
document
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://efadfre.jwihbq.live/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
ASPSESSIONIDAGDRRAAC=BCGNBBODKKCGPFINODGLOIKI
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document
Referer
https://efadfre.jwihbq.live/?sov=6fa9cf923ea&hid=eogoimmumukiiekemu&&cntrl=00000&pid=10044&redid=75393&gsid=488&campaign_id=1228&p_id=10044&id=XNSX.898152017%3A%3A472125-r75393-t488&impid=96b347a6-7b65-11ea-aaef-12c26be3c49e

Response headers

status
200
cache-control
no-store
content-type
text/html; Charset=UTF-8
content-encoding
gzip
expires
Sat, 15 May 1999 18:00:00 GMT
vary
Accept-Encoding
server
Microsoft-IIS/10.0
x-nid
W01
p3p
CP="CAO PSA OUR"
referrer-policy
origin
date
Fri, 10 Apr 2020 19:58:06 GMT
content-length
17693

Redirect headers

status
301
cache-control
no-store
content-type
text/html
expires
Sat, 15 May 1999 18:00:00 GMT
location
/rea/pop/de/zc/11/?v=0
server
Microsoft-IIS/10.0
set-cookie
ASPSESSIONIDAGDRRAAC=BCGNBBODKKCGPFINODGLOIKI; secure; path=/
x-nid
W01
p3p
CP="CAO PSA OUR"
referrer-policy
origin
date
Fri, 10 Apr 2020 19:58:05 GMT
content-length
0
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@3.4.1/dist/css/ 		119 KB
18 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/bootstrap@3.4.1/dist/css/bootstrap.min.css
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6d92dfc1700fd38cd130ad818e23bc8aef697f815b2ea5face2b5dfad22f2e11
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Fri, 10 Apr 2020 19:58:06 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
22507819
cf-ray
581f0a6b4d90c290-FRA
x-cache
HIT, HIT
status
200
vary
Accept-Encoding
x-served-by
cache-ams21050-AMS, cache-hhn4075-HHN
server
cloudflare
etag
W/"1da71-sJcv3M6C/Vg9TCzMPy4990BKGdA"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
bootstrap-theme.min.css
cdn.jsdelivr.net/npm/bootstrap@3.4.1/dist/css/ 		23 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/bootstrap@3.4.1/dist/css/bootstrap-theme.min.css
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f2e1cc227d6bbb4192e4a3becdfed971c7fc530d76200e43add11c98cb962c53
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Fri, 10 Apr 2020 19:58:06 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
5484898
cf-ray
581f0a6b4d92c290-FRA
x-cache
HIT, HIT
status
200
vary
Accept-Encoding
x-served-by
cache-ams21041-AMS, cache-fra19161-FRA
server
cloudflare
etag
W/"5b73-vu4OCA6m3MjAZhtmwbqgjkX07LY"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
style.css
promo.iredirect.net/rea/pop/de/zc/11/inc/ 		32 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://promo.iredirect.net/rea/pop/de/zc/11/inc/style.css
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.139 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
abc1b0b6c410426a469ec1cde57334e1031b31b617cdd9a667e62e0e9897865b

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Fri, 10 Apr 2020 19:58:06 GMT
content-encoding
gzip
referrer-policy
origin
last-modified
Thu, 01 Aug 2019 01:41:06 GMT
server
Microsoft-IIS/10.0
etag
"ce4e42fa48d51:0"
vary
Accept-Encoding
p3p
CP="CAO PSA OUR"
status
200
x-nid
W01
accept-ranges
bytes
content-type
text/css
content-length
7478
jquery.min.js
cdn.jsdelivr.net/npm/jquery@1.11.3/dist/ 		94 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/jquery@1.11.3/dist/jquery.min.js
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 10 Apr 2020 19:58:06 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
23301373
cf-ray
581f0a6b4d95c290-FRA
x-cache
HIT, HIT
status
200
vary
Accept-Encoding
x-served-by
cache-ams21023-AMS, cache-fra19170-FRA
server
cloudflare
etag
W/"176f8-N7HbiLV0OPEHKo68dVnJCcnTpoI"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
jquery-migrate.min.js
cdn.jsdelivr.net/npm/jquery-migrate@1.4.1/dist/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/jquery-migrate@1.4.1/dist/jquery-migrate.min.js
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 10 Apr 2020 19:58:06 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
22507512
cf-ray
581f0a6b4d96c290-FRA
x-cache
HIT, HIT
status
200
vary
Accept-Encoding
x-served-by
cache-ams21024-AMS, cache-hhn4077-HHN
server
cloudflare
etag
W/"2748-kFMq/21BIZVCVM3wSZTYNPfsFps"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
common.js
promo.iredirect.net/rea/shared/ 		83 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://promo.iredirect.net/rea/shared/common.js?1926-19
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.139 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
95a51b45012475148696a670a111438bff2064a280631833dd74ebf843333e4b

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 10 Apr 2020 19:58:06 GMT
content-encoding
gzip
referrer-policy
origin
last-modified
Tue, 19 Nov 2019 00:28:46 GMT
server
Microsoft-IIS/10.0
etag
"07384e709ed51:0"
vary
Accept-Encoding
p3p
CP="CAO PSA OUR"
status
200
x-nid
W01
accept-ranges
bytes
content-type
application/javascript
content-length
21995
vjs-chat.js
cdn.iredirect.net/webcdn/js/ 		703 B
564 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.iredirect.net/webcdn/js/vjs-chat.js?1561-19
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
395248fa2a0de2257903418d5cf5c40d36a9e2ec04a5c5f3d9f8ca9b67ef7028

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 10 Apr 2020 19:58:06 GMT
content-encoding
gzip
last-modified
Tue, 29 Aug 2017 01:40:54 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"0d74bda6720d31:0"
vary
Accept-Encoding
p3p
CP="CAO PSA OUR"
status
200
x-nid
W01
cache-control
must-revalidate, public, max-age=1800
accept-ranges
bytes
content-type
application/javascript
content-length
481
shared.css
cdn.iredirect.net/webcdn/css/rea/ 		15 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.iredirect.net/webcdn/css/rea/shared.css
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
46a30932fe2b5b10ef1ff0e4bad9b3f9718ba949cab17035c83e28e8ea5223dc

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Fri, 10 Apr 2020 19:58:06 GMT
content-encoding
gzip
last-modified
Thu, 19 Sep 2019 00:24:51 GMT
server
Microsoft-IIS/10.0
etag
"808bc3a6806ed51:0"
vary
Accept-Encoding
p3p
CP="CAO PSA OUR"
status
200
x-nid
W01
cache-control
must-revalidate, public, max-age=300
accept-ranges
bytes
content-type
text/css
content-length
3346
modal.js
cdn.iredirect.net/webcdn/js/rea/shared/ 		10 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.iredirect.net/webcdn/js/rea/shared/modal.js
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
adcccfba49ae4b6b9af5d7edd20673be39b35826d3e816a6969c333585169bb9

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 10 Apr 2020 19:58:06 GMT
content-encoding
gzip
last-modified
Thu, 24 Aug 2017 03:46:10 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"0ad1d868b1cd31:0"
vary
Accept-Encoding
p3p
CP="CAO PSA OUR"
status
200
x-nid
W01
cache-control
must-revalidate, public, max-age=1800
accept-ranges
bytes
content-type
application/javascript
content-length
2686
cookieConsentCr-1.0.min.js
www.zxcdn.com/webcdn/js/cookieConsentCr/ 		37 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zxcdn.com/webcdn/js/cookieConsentCr/cookieConsentCr-1.0.min.js
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
723c2c65627d7ae37004903917b0f8b36b2ef61a7d39884d4e2547f32d717711

Request headers

Referer
https://promo.iredirect.net/
Origin
https://promo.iredirect.net
Sec-Fetch-Dest
script
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 10 Apr 2020 19:58:06 GMT
content-encoding
gzip
last-modified
Wed, 08 Apr 2020 04:27:26 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"0cba915edd61:0"
vary
Accept-Encoding
p3p
CP="CAO PSA OUR"
status
200
x-nid
W01
cache-control
must-revalidate, public, max-age=1800
accept-ranges
bytes
content-type
application/javascript
content-length
13135
script.js
promo.iredirect.net/rea/pop/de/zc/11/inc/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://promo.iredirect.net/rea/pop/de/zc/11/inc/script.js
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.139 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
660bb4e1bd2883018e1f82e461a1917db6b70e92ec7f44465ae9b9c5faa4eb9a

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 10 Apr 2020 19:58:06 GMT
content-encoding
gzip
referrer-policy
origin
last-modified
Thu, 01 Aug 2019 01:41:05 GMT
server
Microsoft-IIS/10.0
etag
"93973b2fa48d51:0"
vary
Accept-Encoding
p3p
CP="CAO PSA OUR"
status
200
x-nid
W01
accept-ranges
bytes
content-type
application/javascript
content-length
1096
zc9-logo.fs8.png
img.iredirect.net/webcdn/img/rea/pop/en/zc/10/ 		21 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.iredirect.net/webcdn/img/rea/pop/en/zc/10/zc9-logo.fs8.png
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
a3576fe83dbecce68c9aa707c89c9b42a4fafbde660b99853b40ec4fdfe00b74

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 10 Apr 2020 19:58:06 GMT
last-modified
Mon, 24 Jun 2019 06:09:57 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"4a46b072532ad51:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W01
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
21148
spacer.gif
cdn.iredirect.net/webcdn/img/rea/shared/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.iredirect.net/webcdn/img/rea/shared/spacer.gif
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
bc1949a92d0ed97011d62ecc757ac52524e92d35a8d36d96b1702f31cfbc9051

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 10 Apr 2020 19:58:06 GMT
last-modified
Mon, 27 Jun 2016 06:48:58 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"069d1fa3fd0d11:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W01
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
image/gif
content-length
1095
analytics.js
www.google-analytics.com/ 		44 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:817::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 06 Feb 2020 00:21:02 GMT
server
Golfe2
age
4772
date
Fri, 10 Apr 2020 18:38:35 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
18174
expires
Fri, 10 Apr 2020 20:38:35 GMT
gtm.js
www.googletagmanager.com/ 		135 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-T5DCX9V
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
01f0487d6519ca523c9a85357320891721fd88fde761ace3eb7ce2510c3f29ae
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 10 Apr 2020 19:58:07 GMT
content-encoding
br
status
200
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
32872
x-xss-protection
0
last-modified
Fri, 10 Apr 2020 18:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 10 Apr 2020 19:58:07 GMT
zc9-city-header.png
img.iredirect.net/webcdn/img/rea/pop/en/zc/10/ 		45 KB
46 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.iredirect.net/webcdn/img/rea/pop/en/zc/10/zc9-city-header.png
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
412690ea5f60c2dbc2c8a9e324b7b6b9aea20529d2ad3e4a09345bd913646e20

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 10 Apr 2020 19:58:06 GMT
last-modified
Mon, 24 Jun 2019 06:09:55 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"2973de71532ad51:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W01
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
46554
zc9-city-rays-header.jpg
img.iredirect.net/webcdn/img/rea/pop/en/zc/10/ 		53 KB
53 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.iredirect.net/webcdn/img/rea/pop/en/zc/10/zc9-city-rays-header.jpg
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
b114412634c3e617a18796b2671b9214c2934de1082630ae63e7bce36a4caa20

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 10 Apr 2020 19:58:06 GMT
last-modified
Mon, 24 Jun 2019 06:09:56 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"3599472532ad51:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W01
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
image/jpeg
content-length
54009
zc9-jackpot-sprite-exact.fs8.png
img.iredirect.net/webcdn/img/rea/pop/en/zc/10/ 		73 KB
73 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.iredirect.net/webcdn/img/rea/pop/en/zc/10/zc9-jackpot-sprite-exact.fs8.png
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
57b93b7039974ad8584ecdb0792f5904d06763994ff02b6ee96e66158fb08baa

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 10 Apr 2020 19:58:06 GMT
last-modified
Tue, 25 Jun 2019 00:50:52 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"7fbfda9f02ad51:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W01
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
74310
zc9-bottom-rays.jpg
img.iredirect.net/webcdn/img/rea/pop/en/zc/10/ 		83 KB
84 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.iredirect.net/webcdn/img/rea/pop/en/zc/10/zc9-bottom-rays.jpg
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
cfd504f6d9e4819d57c12cce0bc59d5ec5bd7b0e08ae255b43970befe5812718

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 10 Apr 2020 19:58:06 GMT
last-modified
Mon, 24 Jun 2019 06:09:54 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"4b481171532ad51:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W01
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
image/jpeg
content-length
85420
zc9-box-rays.fs8.png
img.iredirect.net/webcdn/img/rea/pop/en/zc/10/ 		22 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.iredirect.net/webcdn/img/rea/pop/en/zc/10/zc9-box-rays.fs8.png
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
68340ef36f1dcd11e5ee27a9600efe21a78a6b55a477a673f202b665e15bccc4

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 10 Apr 2020 19:58:06 GMT
last-modified
Mon, 24 Jun 2019 06:09:54 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"51ac3271532ad51:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W01
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
22097
zc9-arrow-sprite.png
img.iredirect.net/webcdn/img/rea/pop/en/zc/10/ 		636 B
718 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.iredirect.net/webcdn/img/rea/pop/en/zc/10/zc9-arrow-sprite.png
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
71b58c0c45fcfe0b94f750b8df4e1824367a69ed41c275102bc7eee9f7973af2

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 10 Apr 2020 19:58:06 GMT
last-modified
Mon, 24 Jun 2019 06:09:52 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"b925fa6f532ad51:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W01
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
636
subset-SourceSansPro-SemiBold.woff
www.zxcdn.com/webCDN/fonts/SourceSansPro/latin/ 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.zxcdn.com/webCDN/fonts/SourceSansPro/latin/subset-SourceSansPro-SemiBold.woff
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
cfe13f1f30e1849d1e4416a1b895057bf219a004c6aa14d95d452045d75243b8

Request headers

Referer
https://promo.iredirect.net/
Origin
https://promo.iredirect.net
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 10 Apr 2020 19:58:07 GMT
last-modified
Tue, 31 Oct 2017 01:50:42 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"0c5cba8ea51d31:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W01
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
font/x-woff
content-length
20796
zc9-arrow-sprite_2x.png
img.iredirect.net/webcdn/img/rea/pop/en/zc/10/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.iredirect.net/webcdn/img/rea/pop/en/zc/10/zc9-arrow-sprite_2x.png
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
ec77491fe828f2ac155ad88ef165b056a10b4897903692b654125194c6b89b04

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 10 Apr 2020 19:58:06 GMT
last-modified
Mon, 24 Jun 2019 06:09:53 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"8ad28670532ad51:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W01
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
1335
zc9-trust-logos-sprite-DE_2x.png
img.iredirect.net/webcdn/img/rea/pop/de/zc/10/ 		32 KB
32 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.iredirect.net/webcdn/img/rea/pop/de/zc/10/zc9-trust-logos-sprite-DE_2x.png
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
26ee26a0bea2b72a713be876dcf6b96f3090dfbf6053a186974a6130f3f8ef63

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 10 Apr 2020 19:58:06 GMT
last-modified
Thu, 25 Jul 2019 00:46:19 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"d84a9b5f8242d51:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W01
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
32892
norton.jpg
cdn.iredirect.net/webcdn/img/rea/shared/secimages/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.iredirect.net/webcdn/img/rea/shared/secimages/norton.jpg
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
7c54bb703a5f1ec08cb572c46325709e73726d6175a4d8ac29272f64910200ae

Request headers

Referer
https://cdn.iredirect.net/webcdn/css/rea/shared.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 10 Apr 2020 19:58:07 GMT
last-modified
Mon, 27 Jun 2016 06:46:26 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"0d38a03fd0d11:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W01
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
image/jpeg
content-length
2651
mcafee.jpg
cdn.iredirect.net/webcdn/img/rea/shared/secimages/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.iredirect.net/webcdn/img/rea/shared/secimages/mcafee.jpg
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
263daceea364e196b1120703f0debb9d0fdd4bfd579c3b78d8d03bbe222d1274

Request headers

Referer
https://cdn.iredirect.net/webcdn/css/rea/shared.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 10 Apr 2020 19:58:07 GMT
last-modified
Mon, 27 Jun 2016 06:46:26 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"0d38a03fd0d11:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W01
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
image/jpeg
content-length
2877
secure-de.jpg
cdn.iredirect.net/webcdn/img/rea/shared/secimages/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.iredirect.net/webcdn/img/rea/shared/secimages/secure-de.jpg
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
59a39b60dbe3a3b2d8e44d1452cc3382ce19c8a17ae48bc2e6aa1344762845a6

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 10 Apr 2020 19:58:07 GMT
last-modified
Mon, 27 Jun 2016 06:46:28 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"03a69a13fd0d11:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W01
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
image/jpeg
content-length
2734
footer-icons.fs8.png
cdn.iredirect.net/webCDN/img/Shared/ 		34 KB
34 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.iredirect.net/webCDN/img/Shared/footer-icons.fs8.png
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
b3788275845d14f2bcbb96d2b9907013be727afa12ae7b8ddd943dcbeddaebab

Request headers

Referer
https://cdn.iredirect.net/webcdn/css/rea/shared.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 10 Apr 2020 19:58:07 GMT
last-modified
Mon, 09 Sep 2019 23:44:17 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"24628f7e6867d51:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W01
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
35186
subset-SourceSansPro-Bold.woff
www.zxcdn.com/webCDN/fonts/SourceSansPro/latin/ 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.zxcdn.com/webCDN/fonts/SourceSansPro/latin/subset-SourceSansPro-Bold.woff
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
219a43f2fc226522d0eabee2072d36e3fd99e7ade96afaacf351c22aa46a962f

Request headers

Referer
https://promo.iredirect.net/
Origin
https://promo.iredirect.net
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 10 Apr 2020 19:58:07 GMT
last-modified
Tue, 31 Oct 2017 01:49:50 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"033cd89ea51d31:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W01
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
font/x-woff
content-length
20532
subset-SourceSansPro-Regular.woff
www.zxcdn.com/webCDN/fonts/SourceSansPro/latin/ 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.zxcdn.com/webCDN/fonts/SourceSansPro/latin/subset-SourceSansPro-Regular.woff
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
ecc1175b7df845d911061dc62cd06fae098dbb4479fcae6ba221bf30b3212d97

Request headers

Referer
https://promo.iredirect.net/
Origin
https://promo.iredirect.net
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 10 Apr 2020 19:58:07 GMT
last-modified
Tue, 31 Oct 2017 01:50:36 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"03e38a5ea51d31:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W01
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
font/x-woff
content-length
20860
jackpots.js
promo.iredirect.net/rea/shared/ 		3 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://promo.iredirect.net/rea/shared/jackpots.js?_=1586548686837
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/jquery@1.11.3/dist/jquery.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.139 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
226585cf28f848482fd57559cf7017ef36a1fbfc7499341d705c87da937a6c54

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://promo.iredirect.net/
Sec-Fetch-Dest
empty
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 10 Apr 2020 19:58:07 GMT
content-encoding
gzip
referrer-policy
origin
last-modified
Mon, 19 Aug 2019 00:57:08 GMT
server
Microsoft-IIS/10.0
etag
"0a8062956d51:0"
vary
Accept-Encoding
p3p
CP="CAO PSA OUR"
status
200
x-nid
W01
accept-ranges
bytes
content-type
application/javascript
content-length
1136
ga-audiences
www.google.de/ads/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j81&a=2055229726&t=pageview&_s=1&dl=https%3A%2F%2Fpromo.iredirect.net%2Frea%2Fpop%2Fde%2Fzc%2F11%2F%3Fv%3D0&dr=https%253A%252F%252Fefadfre.jwihbq.l...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-85618867-1&cid=1778362467.1586548687&jid=1186635584&_gid=484109653.1586548687&gjid=1851265188&_v=j81&z=545341607
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-85618867-1&cid=1778362467.1586548687&jid=1186635584&_v=j81&z=545341607
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-85618867-1&cid=1778362467.1586548687&jid=1186635584&_v=j81&z=545341607&slf_rd=1&random=290098998
42 B
109 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-85618867-1&cid=1778362467.1586548687&jid=1186635584&_v=j81&z=545341607&slf_rd=1&random=290098998
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 10 Apr 2020 19:58:07 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 10 Apr 2020 19:58:07 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
location
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-85618867-1&cid=1778362467.1586548687&jid=1186635584&_v=j81&z=545341607&slf_rd=1&random=290098998
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
cache-control
no-cache, no-store, must-revalidate
content-type
text/html; charset=UTF-8
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
110 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j81&a=2055229726&t=event&ni=1&_s=2&dl=https%3A%2F%2Fpromo.iredirect.net%2Frea%2Fpop%2Fde%2Fzc%2F11%2F%3Fv%3D0&dr=https%253A%252F%252Fefadfre.jwihbq.live%252F&ul=en-us&de=UTF-8&dt=Zodiac%20Casino!&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=REA%20Page&ea=Load%20Success&el=rea%2Fpop%2Fde%2Fzc%2F11&_u=YEBAAEABC~&jid=&gjid=&cid=1778362467.1586548687&tid=UA-85618867-1&_gid=484109653.1586548687&cd9=351&cd34=de&cd83=ouEuwKs4rH4OYYTvecyzJJKK5%2B1rDz2siGxf5qHy3v0%3D&cd85=5359_52055_23482_4408_57_347_3-75393%7C6fa9cf923ea%7C971252d2-7b65-11ea-b5f0-5eaadaa35394%7C&cd89=wizfulladdress_https&cd90=pop_zc_11_0&cd91=wizfulladdress&cd124=catch_zc&cd125=1&cd126=11&cd127=0&cd128=ZC&cd129=&cd130=&cd131=EMPTY&z=853742010
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:817::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
no-cache
date
Sat, 18 Jan 2020 01:35:02 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
7237385
content-type
image/gif
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
cache-control
no-cache, no-store, must-revalidate
access-control-allow-origin
*
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
/
api.iredirect.net/ApiMgs.svc/GetProgressivesByCultureName/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.iredirect.net/ApiMgs.svc/GetProgressivesByCultureName/?cultureName=de_EUR&callback=jQuery111307105696244627508_1586548686838&_=1586548686839
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/jquery@1.11.3/dist/jquery.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.188 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
/
Resource Hash
ab906bddff3d7003be48e2e72ecbc276652ba20efdc34f9de867ffd43b9bffc2

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

pragma
no-cache
date
Fri, 10 Apr 2020 19:58:07 GMT
content-encoding
gzip
vary
Accept-Encoding
content-type
application/x-javascript
status
200
x-nid
W01
cache-control
no-cache
content-length
980
expires
-1

Verdicts & Comments Add Verdict or Comment

54 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate string| thisLang string| thisSiteCode string| thisBrand string| thisCategory string| thisSplashCode string| thisVariation string| thisPath function| $ function| jQuery function| cross_domain_storage function| wopen function| checkCaptchaResponse number| d string| v number| formWS boolean| isCaptchaValidated object| respond boolean| priorEngage string| currency object| thisAffID string| siteTotalGames string| mobilesiteTotalGames string| decimalSeparator string| groupSeparator string| positivePattern string| decimalDigits string| isGDPR number| xit object| CookieConsentCr object| cookieconsent string| btag5 string| btag1 string| btag3 string| thisReferer string| __galab object| _loadGADATA function| isGoogleAnalyticsLoaded function| logGAEvent string| GoogleAnalyticsObject function| __gaTracker number| counter number| count function| timer object| dataLayer object| fm object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| google_tag_manager boolean| blMatch undefined| jQuery111307105696244627508_1586548686838

4 Cookies

Domain/Path Name / Value
.iredirect.net/ Name: _gat
Value: 1
.iredirect.net/ Name: _gid
Value: GA1.2.484109653.1586548687
.iredirect.net/ Name: _ga
Value: GA1.2.1778362467.1586548687
promo.iredirect.net/ Name: ASPSESSIONIDAGDRRAAC
Value: BCGNBBODKKCGPFINODGLOIKI

2 Console Messages

Source Level URL
Text
console-api log URL: https://cdn.jsdelivr.net/npm/jquery-migrate@1.4.1/dist/jquery-migrate.min.js(Line 2)
Message:
JQMIGRATE: Migrate is installed, version 1.4.1
console-api log URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0(Line 132)
Message:
Load Success

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.iredirect.net
cdn.iredirect.net
cdn.jsdelivr.net
click.cr-brands.net
efadfre.jwihbq.live
hair.showmesmile.es
img.iredirect.net
laudypauty.com
m1o6.newestlinks.company
promo.iredirect.net
qalkawell.com
stats.g.doubleclick.net
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.zxcdn.com
zharewardss.com
107.172.7.100
108.61.12.76
146.71.76.123
154.16.205.185
216.189.40.128
2606:4700::6810:5514
2a00:1450:4001:809::2004
2a00:1450:4001:817::200e
2a00:1450:4001:81d::2008
2a00:1450:4001:825::2003
2a00:1450:400c:c00::9c
66.212.229.139
66.212.229.144
66.212.229.188
66.212.229.189
78.142.29.109
01f0487d6519ca523c9a85357320891721fd88fde761ace3eb7ce2510c3f29ae
0b04e332c13056395cf9da25ffbbddfceb4e75cb91f5c31327be8aabc3fe6d21
1c01f13c1f0ce68e191dba14e43ef9ee200592e8e19652003f919928e6ed9240
219a43f2fc226522d0eabee2072d36e3fd99e7ade96afaacf351c22aa46a962f
226585cf28f848482fd57559cf7017ef36a1fbfc7499341d705c87da937a6c54
263daceea364e196b1120703f0debb9d0fdd4bfd579c3b78d8d03bbe222d1274
26ee26a0bea2b72a713be876dcf6b96f3090dfbf6053a186974a6130f3f8ef63
395248fa2a0de2257903418d5cf5c40d36a9e2ec04a5c5f3d9f8ca9b67ef7028
412690ea5f60c2dbc2c8a9e324b7b6b9aea20529d2ad3e4a09345bd913646e20
46a30932fe2b5b10ef1ff0e4bad9b3f9718ba949cab17035c83e28e8ea5223dc
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
57b93b7039974ad8584ecdb0792f5904d06763994ff02b6ee96e66158fb08baa
59a39b60dbe3a3b2d8e44d1452cc3382ce19c8a17ae48bc2e6aa1344762845a6
660bb4e1bd2883018e1f82e461a1917db6b70e92ec7f44465ae9b9c5faa4eb9a
68340ef36f1dcd11e5ee27a9600efe21a78a6b55a477a673f202b665e15bccc4
6d92dfc1700fd38cd130ad818e23bc8aef697f815b2ea5face2b5dfad22f2e11
71b58c0c45fcfe0b94f750b8df4e1824367a69ed41c275102bc7eee9f7973af2
723c2c65627d7ae37004903917b0f8b36b2ef61a7d39884d4e2547f32d717711
7c54bb703a5f1ec08cb572c46325709e73726d6175a4d8ac29272f64910200ae
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
850b2c2935a3875b2bc17af756bb0ba72f406354e0b5866334facaf3e1706414
95a51b45012475148696a670a111438bff2064a280631833dd74ebf843333e4b
a3576fe83dbecce68c9aa707c89c9b42a4fafbde660b99853b40ec4fdfe00b74
ab906bddff3d7003be48e2e72ecbc276652ba20efdc34f9de867ffd43b9bffc2
abc1b0b6c410426a469ec1cde57334e1031b31b617cdd9a667e62e0e9897865b
adcccfba49ae4b6b9af5d7edd20673be39b35826d3e816a6969c333585169bb9
aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947
b114412634c3e617a18796b2671b9214c2934de1082630ae63e7bce36a4caa20
b288412c7a1e8b47c76fa7a7758b31124c270b468f4fd563640ae42ebec9b7a8
b3788275845d14f2bcbb96d2b9907013be727afa12ae7b8ddd943dcbeddaebab
bc1949a92d0ed97011d62ecc757ac52524e92d35a8d36d96b1702f31cfbc9051
cfd504f6d9e4819d57c12cce0bc59d5ec5bd7b0e08ae255b43970befe5812718
cfe13f1f30e1849d1e4416a1b895057bf219a004c6aa14d95d452045d75243b8
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
ec77491fe828f2ac155ad88ef165b056a10b4897903692b654125194c6b89b04
ecc1175b7df845d911061dc62cd06fae098dbb4479fcae6ba221bf30b3212d97
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2e1cc227d6bbb4192e4a3becdfed971c7fc530d76200e43add11c98cb962c53