Submitted URL: http://mens-superhealth.com/5409fh16915799id7095uk22464oj1487cw1984rr
Effective URL: http://carblck.com/r/1267784a-3ca4-4ada-a081-40e910dbfdec/54/5409/16915799
Submission: On June 12 via api from BE

Summary

This website contacted 11 IPs in 7 countries across 15 domains to perform 50 HTTP transactions.
The main IP is 65.98.48.235, located in United States and belongs to FORTRESSITX - FortressITX, US. The main domain is carblck.com.
This is the first time this domain was scanned on urlscan.io!

Verdict: Unknown

Domain & IP information

IP Address AS Autonomous System
1 1 51.15.190.107 12876 (AS12876)
2 4 65.98.48.235 25653 (FORTRESSITX)
1 95.140.40.88 43711 (SZERVERNE...)
1 1 193.56.28.211 197226 (SPRINT-SDC)
1 2 154.16.205.144 20278 (NEXEON)
1 1 66.212.229.144 14537 (CL-1379-1...)
1 9 66.212.229.139 14537 (CL-1379-1...)
2 2a04:4e42::621 54113 (FASTLY)
30 66.212.229.189 14537 (CL-1379-1...)
1 205.185.208.52 20446 (HIGHWINDS3)
1 3 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 66.212.229.188 14537 (CL-1379-1...)
50 11
Domain
Subdomains
Transfer
34 iredirect.net
3 MB
6 zxcdn.com
43 KB
4 carblck.com
3 KB
3 google-analytics.com
18 KB
2 jsdelivr.net
37 KB
2 ekwvzi.live
13 KB
1 google.de
109 B
1 google.com
180 B
1 doubleclick.net
161 B
1 googletagmanager.com
28 KB
1 jquery.com
3 KB
1 cr-brands.net
433 B
1 safesslredir.company
476 B
1 laudypauty.com
351 B
1 mens-superhealth.com
348 B
50 15
Domain Requested by
23 cdn.iredirect.net promo.iredirect.net
cdn.jsdelivr.net
9 promo.iredirect.net 1 redirects vfc4.ekwvzi.live
promo.iredirect.net
cdn.jsdelivr.net
5 cdn.zxcdn.com promo.iredirect.net
4 carblck.com 2 redirects carblck.com
3 www.google-analytics.com 1 redirects promo.iredirect.net
2 img.iredirect.net promo.iredirect.net
2 cdn.jsdelivr.net promo.iredirect.net
2 vfc4.ekwvzi.live 1 redirects laudypauty.com
1 api.zxcdn.com cdn.jsdelivr.net
1 www.google.de promo.iredirect.net
1 www.google.com 1 redirects
1 stats.g.doubleclick.net 1 redirects
1 www.googletagmanager.com promo.iredirect.net
1 code.jquery.com promo.iredirect.net
1 click.cr-brands.net 1 redirects
1 m1o6.safesslredir.company 1 redirects
1 laudypauty.com carblck.com
1 mens-superhealth.com 1 redirects
50 18
Subject / Issuer Validity Valid
carblck.com
Let's Encrypt Authority X3
2019-04-23 -
2019-07-22
3 months
www.laudypauty.com
Go Daddy Secure Certificate Authority - G2
2018-04-29 -
2019-06-28
a year
*.ekwvzi.live
Let's Encrypt Authority X3
2019-05-29 -
2019-08-27
3 months
*.iredirect.net
COMODO RSA Domain Validation Secure Server CA
2018-03-01 -
2020-02-29
2 years
f3.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3
2019-05-29 -
2020-04-23
a year
*.zxcdn.com
COMODO ECC Domain Validation Secure Server CA
2017-08-30 -
2019-09-06
2 years
jquery.org
COMODO RSA Domain Validation Secure Server CA
2018-10-17 -
2020-10-16
2 years
*.google-analytics.com
Google Internet Authority G3
2019-05-21 -
2019-08-13
3 months
www.google.de
Google Internet Authority G3
2019-05-21 -
2019-08-13
3 months

Screenshot


Detected technologies

Web
Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Web
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
  • env /^gaGlobal$/i

Web
Overall confidence: 100%
Detected patterns
  • env /^google_tag_manager$/i

Web
Overall confidence: 100%
Detected patterns
  • script /jquery.*\.js/i
  • env /^jQuery$/i


Stats

0
Requests

0
Ad-blocked

0
Malicious

0 %
HTTPS

0 %
IPv6

0
Domains

0
Subdomains

0
IPs

0
Countries

0 kB
Transfer

0 kB
Size

0
Cookies

50 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
16915799
/r/1267784a-3ca4-4ada-a081-40e910dbfdec/54/5409
Redirect Chain
  • http://mens-superhealth.com/5409fh16915799id7095uk22464oj1487cw1984rr
  • http://carblck.com/r/1267784a-3ca4-4ada-a081-40e910dbfdec/54/5409/16915799
691 B
855 B
Document
General
Full URL
http://carblck.com/r/1267784a-3ca4-4ada-a081-40e910dbfdec/54/5409/16915799
Protocol
HTTP/1.1
Server
65.98.48.235 , United States, ASN25653 (FORTRESSITX - FortressITX, US),
Reverse DNS
Software
nginx /
Resource Hash
bcba8391c340b6a22512502555b320f586486f17c0154458399d476f3d484206

Request headers

Host
carblck.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Server
nginx
Date
Wed, 12 Jun 2019 15:38:32 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
set-cookie
5ce095db-e084-41df-9146-4541d794da47=81e1383a-b289-41ee-9b52-58a2e56a0893; Version=1; Expires=Thu, 13-Jun-2019 15:38:32 GMT; Max-Age=86400; Domain=carblck.com; Path=/ 5ce095db-e084-41df-9146-4541d794da47-check=81e1383a-b289-41ee-9b52-58a2e56a0893; Version=1; Expires=Wed, 12-Jun-2019 15:48:32 GMT; Max-Age=600; Domain=carblck.com; Path=/
Cache-Control
no-cache
Expires
Wed, 12 Jun 2019 15:38:32 GMT
Content-Encoding
gzip

Redirect headers

Date
Wed, 12 Jun 2019 15:38:30 GMT
Server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
X-Powered-By
PHP/5.4.16
location
http://carblck.com/r/1267784a-3ca4-4ada-a081-40e910dbfdec/54/5409/16915799
Content-Length
0
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
?fctr=1&ptid=81e1383a-b289-41ee-9b52-58a2e56a0893
/r/29e028de-409a-4a78-8317-2efe4b5cb991/54/5409/16915799/
Redirect Chain
  • https://carblck.com/r2/1267784a-3ca4-4ada-a081-40e910dbfdec/54/5409/16915799/81e1383a-b289-41ee-9b52-58a2e56a0893/?fctr=0
  • https://carblck.com/r/29e028de-409a-4a78-8317-2efe4b5cb991/54/5409/16915799//?fctr=1&ptid=81e1383a-b289-41ee-9b52-58a2e56a0893
843 B
952 B
Document
General
Full URL
https://carblck.com/r/29e028de-409a-4a78-8317-2efe4b5cb991/54/5409/16915799//?fctr=1&ptid=81e1383a-b289-41ee-9b52-58a2e56a0893
Requested by
Host: carblck.com
URL: http://carblck.com/r/1267784a-3ca4-4ada-a081-40e910dbfdec/54/5409/16915799
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
65.98.48.235 , United States, ASN25653 (FORTRESSITX - FortressITX, US),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Host
carblck.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer
http://carblck.com/r/1267784a-3ca4-4ada-a081-40e910dbfdec/54/5409/16915799
Accept-Encoding
gzip, deflate, br
Cookie
5ce095db-e084-41df-9146-4541d794da47=81e1383a-b289-41ee-9b52-58a2e56a0893; 5ce095db-e084-41df-9146-4541d794da47-check=81e1383a-b289-41ee-9b52-58a2e56a0893
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://carblck.com/r/1267784a-3ca4-4ada-a081-40e910dbfdec/54/5409/16915799

Response headers

Server
nginx
Date
Wed, 12 Jun 2019 15:38:33 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
set-cookie
8e4d8882-511a-4735-b38f-b657767e925e=51edac01-edf7-4429-8666-879ae12cfc5e; Version=1; Expires=Fri, 12-Jul-2019 15:38:33 GMT; Max-Age=2592000; Domain=carblck.com; Path=/ 8e4d8882-511a-4735-b38f-b657767e925e-check=51edac01-edf7-4429-8666-879ae12cfc5e; Version=1; Expires=Wed, 12-Jun-2019 15:48:33 GMT; Max-Age=600; Domain=carblck.com; Path=/
Cache-Control
no-cache
Expires
Wed, 12 Jun 2019 15:38:33 GMT
Content-Encoding
gzip

Redirect headers

Server
nginx
Date
Wed, 12 Jun 2019 15:38:33 GMT
Content-Length
149
Connection
keep-alive
Location
https://carblck.com/r/29e028de-409a-4a78-8317-2efe4b5cb991/54/5409/16915799//?fctr=1&ptid=81e1383a-b289-41ee-9b52-58a2e56a0893
Cache-Control
no-cache
Expires
Wed, 12 Jun 2019 15:38:33 GMT
Cookie set 51edac01-edf7-4429-8666-879ae12cfc5e
laudypauty.com/fff0852e2b321b3800/100
Redirect Chain
  • https://carblck.com/r2/29e028de-409a-4a78-8317-2efe4b5cb991/54/5409/16915799/51edac01-edf7-4429-8666-879ae12cfc5e/?fctr=1&ptid=81e1383a-b289-41ee-9b52-58a2e56a0893&red_param_1=http%3A%2F%2Fcarblck....
  • https://laudypauty.com/fff0852e2b321b3800/100/51edac01-edf7-4429-8666-879ae12cfc5e
130 B
351 B
Document
General
Full URL
https://laudypauty.com/fff0852e2b321b3800/100/51edac01-edf7-4429-8666-879ae12cfc5e
Requested by
Host: carblck.com
URL: https://carblck.com/r/29e028de-409a-4a78-8317-2efe4b5cb991/54/5409/16915799//?fctr=1&ptid=81e1383a-b289-41ee-9b52-58a2e56a0893
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.140.40.88 , Hungary, ASN43711 (SZERVERNET-HU-AS, HU),
Reverse DNS
95-140-40-88.szervernet.hu
Software
Apache /
Resource Hash

Request headers

Host
laudypauty.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer
https://carblck.com/r/29e028de-409a-4a78-8317-2efe4b5cb991/54/5409/16915799//?fctr=1&ptid=81e1383a-b289-41ee-9b52-58a2e56a0893
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://carblck.com/r/29e028de-409a-4a78-8317-2efe4b5cb991/54/5409/16915799//?fctr=1&ptid=81e1383a-b289-41ee-9b52-58a2e56a0893

Response headers

Date
Wed, 12 Jun 2019 15:38:34 GMT
Content-Type
text/html; charset=UTF-8
Content-Length
130
Server
Apache
Set-Cookie
uid3546=832015685-20190612103834-d7fbf5f46bf47d86452532b502097749-; path=/

Redirect headers

Server
nginx
Date
Wed, 12 Jun 2019 15:38:33 GMT
Content-Length
105
Connection
keep-alive
set-cookie
8e4d8882-511a-4735-b38f-b657767e925e=51edac01-edf7-4429-8666-879ae12cfc5e; Version=1; Expires=Fri, 12-Jul-2019 15:38:33 GMT; Max-Age=2592000; Domain=carblck.com; Path=/
Location
https://laudypauty.com/fff0852e2b321b3800/100/51edac01-edf7-4429-8666-879ae12cfc5e
Cache-Control
no-cache
Expires
Wed, 12 Jun 2019 15:38:33 GMT
Cookie set ?sov=350726539&hid=djfhlvhrfnfndp&&cntrl=00000&pid=10044&redid=75393&gsid=488&campaign_id=1228&p_id=10044&id=XNSX.832015685%3A%3A472125-r75393-t488&impid=23afee0c-8d28-11e9-ac13-4e4e3e1c4387
vfc4.ekwvzi.live
Redirect Chain
  • https://m1o6.safesslredir.company/?s1=832015685&s2=472125&kw=472125
  • https://vfc4.ekwvzi.live/?sov=350726539&hid=djfhlvhrfnfndp&&cntrl=00000&pid=10044&redid=75393&gsid=488&campaign_id=1228&p_id=10044&id=XNSX.832015685%3A%3A472125-r75393-t488&impid=23afee0c-8d28-11e9...
1 KB
9 KB
Document
General
Full URL
https://vfc4.ekwvzi.live/?sov=350726539&hid=djfhlvhrfnfndp&&cntrl=00000&pid=10044&redid=75393&gsid=488&campaign_id=1228&p_id=10044&id=XNSX.832015685%3A%3A472125-r75393-t488&impid=23afee0c-8d28-11e9-ac13-4e4e3e1c4387
Requested by
Host: laudypauty.com
URL: https://laudypauty.com/fff0852e2b321b3800/100/51edac01-edf7-4429-8666-879ae12cfc5e
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
154.16.205.144 Los Angeles, United States, ASN20278 (NEXEON - Nexeon Technologies, Inc., US),
Reverse DNS
Software
/
Resource Hash
fc0fa9d151b169a5637209e4ef64115dd098f62ee273dd11cfa34cd5dbb5d877

Request headers

Host
vfc4.ekwvzi.live
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer
https://laudypauty.com/fff0852e2b321b3800/100/51edac01-edf7-4429-8666-879ae12cfc5e
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://laudypauty.com/fff0852e2b321b3800/100/51edac01-edf7-4429-8666-879ae12cfc5e

Response headers

Date
Wed, 12 Jun 2019 15:38:35 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie
ci_session=3OjZX4Cfrbg02eMDibOQyaS9aAtNP431fXhFlisng0DU90fohSBmHUP0IWjnoyA9CUZrp%2BvOsDLLTMO2JX1KglHPneX77WcdWDnoXUAM4OMN9njVhtsQpeuvcF0rwQqGteElHI9y5uiCI7rbqlIREqzrBi9JM%2FucE0YJU2oDRFga7tLfPCoZbRTCM13WAJGPWVAB8WGA0s%2Fq5x77%2B%2FHgKR9%2FBf%2FhGWqqpiyrh6F5jzOavoGYY5H9FnHGOTKu82wvnBZ%2BHvyG3qbXQxGGrumNvheA8v8q1sXQkouDXyhjr0CYzg%2BfOjyhZBaGx74YmZJFbKCm4fL1dRkl6R6VGhYhBZ4rmekUe%2Bw1kf5v4rMSUQqLIw6qFixqs9VTDY9QUxj96Lw2WelD%2F21PjuJWQtP%2FehG0vKnxJTQGp9gyVBBuaLntgsZIqceOLfgyCfR8WZoHkZopADv0pgASaMRwRtGtUw%3D%3D; expires=Thu, 13-Jun-2019 15:38:35 GMT; Max-Age=86400; path=/; domain=.vfc4.ekwvzi.live click_id_23afee0c-8d28-11e9-ac13-4e4e3e1c4387=2412cef0-8d28-11e9-b486-6680a44dfd16 id=XNSX.832015685%3A%3A472125-r75393-t488; expires=Thu, 13-Jun-2019 15:40:15 GMT; Max-Age=86500; path=/; domain=.vfc4.ekwvzi.live SITE_ID=350726539; expires=Thu, 13-Jun-2019 15:40:15 GMT; Max-Age=86500; path=/; domain=.vfc4.ekwvzi.live sov=350726539; expires=Thu, 13-Jun-2019 15:40:15 GMT; Max-Age=86500; path=/; domain=.vfc4.ekwvzi.live tov=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.vfc4.ekwvzi.live mov=noprelanders.mini; expires=Thu, 13-Jun-2019 15:40:15 GMT; Max-Age=86500; path=/; domain=.vfc4.ekwvzi.live redid=75393; expires=Thu, 13-Jun-2019 15:40:15 GMT; Max-Age=86500; path=/; domain=.vfc4.ekwvzi.live campaign_id=1228; expires=Thu, 13-Jun-2019 15:40:15 GMT; Max-Age=86500; path=/; domain=.vfc4.ekwvzi.live gsid=488; expires=Thu, 13-Jun-2019 15:40:15 GMT; Max-Age=86500; path=/; domain=.vfc4.ekwvzi.live pid=10044; expires=Thu, 13-Jun-2019 15:40:15 GMT; Max-Age=86500; path=/; domain=.vfc4.ekwvzi.live ref=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.vfc4.ekwvzi.live impid=23afee0c-8d28-11e9-ac13-4e4e3e1c4387; expires=Thu, 13-Jun-2019 15:40:15 GMT; Max-Age=86500; path=/; domain=.vfc4.ekwvzi.live URI=sov%3D350726539%26hid%3Ddjfhlvhrfnfndp%26%26cntrl%3D00000%26pid%3D10044%26redid%3D75393%26gsid%3D488%26campaign_id%3D1228%26p_id%3D10044%26id%3DXNSX.832015685%253A%253A472125-r75393-t488%26impid%3D23afee0c-8d28-11e9-ac13-4e4e3e1c4387; expires=Thu, 13-Jun-2019 15:40:15 GMT; Max-Age=86500; path=/; domain=.vfc4.ekwvzi.live templateid=3329; expires=Thu, 13-Jun-2019 15:40:15 GMT; Max-Age=86500; path=/; domain=.vfc4.ekwvzi.live path=redirect; expires=Thu, 13-Jun-2019 15:40:15 GMT; Max-Age=86500; path=/; domain=.vfc4.ekwvzi.live version=680782; expires=Thu, 13-Jun-2019 15:40:15 GMT; Max-Age=86500; path=/; domain=.vfc4.ekwvzi.live tags[3329][expand_enable]=-1; expires=Thu, 13-Jun-2019 15:40:15 GMT; Max-Age=86500; path=/; domain=.vfc4.ekwvzi.live tags[3329][alert_enable]=0; expires=Thu, 13-Jun-2019 15:40:15 GMT; Max-Age=86500; path=/; domain=.vfc4.ekwvzi.live tags[3329][audio_enable]=0; expires=Thu, 13-Jun-2019 15:40:15 GMT; Max-Age=86500; path=/; domain=.vfc4.ekwvzi.live tags[3329][pop_enable]=0; expires=Thu, 13-Jun-2019 15:40:15 GMT; Max-Age=86500; path=/; domain=.vfc4.ekwvzi.live tags[680782][expand_enable]=-1; expires=Thu, 13-Jun-2019 15:40:15 GMT; Max-Age=86500; path=/; domain=.vfc4.ekwvzi.live tags[680782][alert_enable]=0; expires=Thu, 13-Jun-2019 15:40:15 GMT; Max-Age=86500; path=/; domain=.vfc4.ekwvzi.live tags[680782][audio_enable]=0; expires=Thu, 13-Jun-2019 15:40:15 GMT; Max-Age=86500; path=/; domain=.vfc4.ekwvzi.live tags[680782][pop_enable]=0; expires=Thu, 13-Jun-2019 15:40:15 GMT; Max-Age=86500; path=/; domain=.vfc4.ekwvzi.live content=680782; expires=Thu, 13-Jun-2019 15:40:15 GMT; Max-Age=86500; path=/; domain=.vfc4.ekwvzi.live token=fcd039be87409dd268148084079e1b47; expires=Thu, 13-Jun-2019 15:40:15 GMT; Max-Age=86500; path=/; domain=.vfc4.ekwvzi.live rpm=19; expires=Thu, 13-Jun-2019 15:40:15 GMT; Max-Age=86500; path=/; domain=.vfc4.ekwvzi.live log_350726539=1; expires=Thu, 13-Jun-2019 15:40:15 GMT; Max-Age=86500; path=/; domain=.vfc4.ekwvzi.live token=fcd039be87409dd268148084079e1b47; expires=Thu, 13-Jun-2019 15:40:15 GMT; Max-Age=86500; path=/; domain=.vfc4.ekwvzi.live rpm=19; expires=Thu, 13-Jun-2019 15:40:15 GMT; Max-Age=86500; path=/; domain=.vfc4.ekwvzi.live payload=49ea6c386ab12a0bbd7425e4e92cb74f7827ee9162a5cb66ddf0ba27e1fb644a697bf67c9fc0d2230b7b231dd2dbdee9732d54e7e273fb9952ae66c5bd79dcf9ea66cce88cd01217f002b563a18b3595e9d914b18dfee10aebcbb84eb1409408e28c73711148f7985c3cb764d649a2f9b2422636a69cef23b39a46d6bea7a5664e33b0ddf3ff419551a7c342be1c6664db5537be49fd9112f5fd1c6d5c3a4dce9ad7d3d653a2eadd8c62c2fcea27d49fe982eb5237128e018d7b90a9eddab4859038dcd5e96216525cff60b98017055aa287b2bb3d9c6920bff8e10dfbca6a09b1ad5ab021065f6427cd360ed7932edf66d1322a804167c0a2ae3ad67f953c3f858c224c0ab2245e25627d0fc64d97908bd670b6630fe149ec3cf2c2815a4f684b4c9cc56c861fd5b891bbaf95c44198538b7bf025f7aaa644d0b43cdba70c1f23d74a269bc00ce8a2cfcd194627e4e2906d79e0cb3661be895b0d43c6f1128a5dbd3af8c94bb76eaa640e0f80ca25315cbda680a1a4d4153cb1e92f3cd6560a59bdb30d407356ac056d99ffb7c1372333bfcc87ee8b9635842fa2fa9dfb9429f6cc68c51f371d276ac361b3c11bafc95c668f604cb1c631befbd2792ed84ba3dd4d2191625ce906825534a41650a30e6447e326b0b6ae15a679f9a998e129b805d291cbfe87644bcba75b9c7f5baed7b3e692fcd6dc9a7563d46e8b90de57a64d99dafa94ada0eedc4412a07de7c94bcc769899867498343710400663be473b2b16df323ab171711469a16e3746bab9d380a805927e90f2c2df40f2cfe7a3375ffda551b4fb1966eea97ca973b6d417da7c093e98c63dd188bb0b0187fa4a91ccd15e4e8bb4b8b21c1430436be975959108c32373554047aa6a30aa0f46c6ac58c8c120f8096f82e802548424d972e1d8ba381c8b71a422336f70de11b584fec31715af8e7fd1db735737fde10e21b99a8f212bd1f20f30b84a97f588eacadf2e1fcceee4684d268fbcb79be437535748c9b2fef017fb43e0635decba3d5d09d3eff14cee123888c9830607a211951d105b6157db52afdf12f016e8fe7d3005c75e7d941086630c6115bd39fca196cf31e0a4991adb6219465fb79671a550e34df1989606c8acb0e99eaf8dff0d321dbb0ab0d42c858ec05df87081d42c3d715e3e677bcd51ab6f5e7e7bb090538e4742e04b932b465c45cf43b922598d4edcfdc759bb43c0f9395fe99c172a8b49671c5abba99ae168c8166674454a1838f4921f3f155e0fe8d9ea56b0a31978e5c4f4cd65fd3dab03f5cb9b2eb8e07300e006e002c1c8450f7a852c6d6f1533d4484915472327c17efc93e4e89b01cc61672f9c29a73039eff0b087aae2715ce9a6aa3e5f01d45b4a9220110a79e80c70d1677542633b07ee18deeb32c9afde436e7b9114a6da84c5e6aacdfe874d35278a03ecdbe89d9c08ddcc942daca0a9159ff0779cd883846fdc22aa9b81bf9befcab9c564641f885510d22574476d8d311fcbfa27fc46f31dcf8fa2698614e33201cb30b9b2437ed93167432edd716a3e76a6ac86ebea0f493d530015a937af4a944d6ba5a5cdd532e67cf96fc579d103482fe82a684e825fa3b43f681891fff04bcca684b63b66b5b0e61da90f9faee30fb4d04d18fc8b440355cf2856a31307bba1213d253e; expires=Thu, 13-Jun-2019 15:40:15 GMT; Max-Age=86500; path=/; domain=.vfc4.ekwvzi.live payloadIV=8cd1865cb2bf9b0c69b9b8f212031746; expires=Thu, 13-Jun-2019 15:40:15 GMT; Max-Age=86500; path=/; domain=.vfc4.ekwvzi.live init_ev=0; expires=Thu, 13-Jun-2019 15:40:15 GMT; Max-Age=86500; path=/; domain=.vfc4.ekwvzi.live id=XNSX.832015685%3A%3A472125-r75393-t488; expires=Thu, 13-Jun-2019 15:40:15 GMT; Max-Age=86500; path=/; domain=.vfc4.ekwvzi.live SITE_ID=350726539; expires=Thu, 13-Jun-2019 15:40:15 GMT; Max-Age=86500; path=/; domain=.vfc4.ekwvzi.live sov=350726539; expires=Thu, 13-Jun-2019 15:40:15 GMT; Max-Age=86500; path=/; domain=.vfc4.ekwvzi.live tov=680782; expires=Thu, 13-Jun-2019 15:40:15 GMT; Max-Age=86500; path=/; domain=.vfc4.ekwvzi.live mov=noprelanders.mini; expires=Thu, 13-Jun-2019 15:40:15 GMT; Max-Age=86500; path=/; domain=.vfc4.ekwvzi.live redid=75393; expires=Thu, 13-Jun-2019 15:40:15 GMT; Max-Age=86500; path=/; domain=.vfc4.ekwvzi.live campaign_id=1228; expires=Thu, 13-Jun-2019 15:40:15 GMT; Max-Age=86500; path=/; domain=.vfc4.ekwvzi.live gsid=488; expires=Thu, 13-Jun-2019 15:40:15 GMT; Max-Age=86500; path=/; domain=.vfc4.ekwvzi.live pid=10044; expires=Thu, 13-Jun-2019 15:40:15 GMT; Max-Age=86500; path=/; domain=.vfc4.ekwvzi.live ref=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.vfc4.ekwvzi.live impid=23afee0c-8d28-11e9-ac13-4e4e3e1c4387; expires=Thu, 13-Jun-2019 15:40:15 GMT; Max-Age=86500; path=/; domain=.vfc4.ekwvzi.live tags[3329][iframe_enable]=0; expires=Thu, 13-Jun-2019 15:40:15 GMT; Max-Age=86500; path=/; domain=.vfc4.ekwvzi.live mini-backend=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
X-Source
Mini
X-Rot
680782
X-Sov
350726539
Expires
Mon, 01 Jan 2001 00:00:00 GMT
Cache-Control
no-cache
Pragma
no-cache
Content-Encoding
gzip

Redirect headers

Date
Wed, 12 Jun 2019 15:38:34 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
X-ImpID
23afee0c-8d28-11e9-ac13-4e4e3e1c4387
Location
https://vfc4.ekwvzi.live/?sov=350726539&hid=djfhlvhrfnfndp&&cntrl=00000&pid=10044&redid=75393&gsid=488&campaign_id=1228&p_id=10044&id=XNSX.832015685%3A%3A472125-r75393-t488&impid=23afee0c-8d28-11e9-ac13-4e4e3e1c4387
Set-Cookie
redir-backend=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Adblocked /
promo.iredirect.net/rea/pop/de/cos/1
Redirect Chain
  • https://vfc4.ekwvzi.live/ITS458yukon25plusDE.html?sov=350726539&cntrl=00000&pid=10044&redid=75393&gsid=488&campaign_id=1228&p_id=10044&id=XNSX.832015685%3A%3A472125-r75393-t488&impid=23afee0c-8d28-...
  • https://click.cr-brands.net/affiliate/referral.asp?site=rea&url=pop/de/cos/1&v=2&seg=49266&lid=215864&aff_id=5359_49266_22173_4408_57_23634_3-75393|350726539|2412cef0-8d28-11e9-b486-6680a44dfd16|24...
  • https://promo.iredirect.net/referral.asp?aff_id=5359_49266_22173_4408_57_23634_3-75393|350726539|2412cef0-8d28-11e9-b486-6680a44dfd16|2412cef0-8d28-11e9-b486-6680a44dfd16|&pop_up=1&url=/rea/pop/de/...
  • https://promo.iredirect.net/rea/pop/de/cos/1/
104 KB
41 KB
Document
General
Full URL
https://promo.iredirect.net/rea/pop/de/cos/1/
Requested by
Host: vfc4.ekwvzi.live
URL: https://vfc4.ekwvzi.live/?sov=350726539&hid=djfhlvhrfnfndp&&cntrl=00000&pid=10044&redid=75393&gsid=488&campaign_id=1228&p_id=10044&id=XNSX.832015685%3A%3A472125-r75393-t488&impid=23afee0c-8d28-11e9-ac13-4e4e3e1c4387
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.139 , United States, ASN14537 (CL-1379-14537 - Continent 8 LLC, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
6773b3d89718ebd17e3bc134b87d4cd734a706d15bf82a16e8262be015e6a373
Blocked
Source: easylist, Type: ads (This would have been blocked)

Request headers

:method
GET
:authority
promo.iredirect.net
:scheme
https
:path
/rea/pop/de/cos/1/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer
https://vfc4.ekwvzi.live/
accept-encoding
gzip, deflate, br
cookie
ASPSESSIONIDCWCSTADB=MAEBGPAANELNCMKNDNAGIJDN
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://vfc4.ekwvzi.live/

Response headers

status
200
cache-control
no-store
content-type
text/html; Charset=UTF-8
content-encoding
gzip
expires
Sat, 15 May 1999 18:00:00 GMT
vary
Accept-Encoding
server
Microsoft-IIS/10.0
x-nid
W03
p3p
CP="CAO PSA OUR"
referrer-policy
origin
date
Wed, 12 Jun 2019 15:38:37 GMT
content-length
41397

Redirect headers

status
301
cache-control
no-store
content-type
text/html
expires
Sat, 15 May 1999 18:00:00 GMT
location
/rea/pop/de/cos/1/
server
Microsoft-IIS/10.0
set-cookie
ASPSESSIONIDCWCSTADB=MAEBGPAANELNCMKNDNAGIJDN; secure; path=/
x-nid
W03
p3p
CP="CAO PSA OUR"
referrer-policy
origin
date
Wed, 12 Jun 2019 15:38:37 GMT
content-length
0
Adblocked style.css
promo.iredirect.net/rea/pop/de/cos/1/inc
43 KB
10 KB
Stylesheet
General
Full URL
https://promo.iredirect.net/rea/pop/de/cos/1/inc/style.css
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/cos/1/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.139 , United States, ASN14537 (CL-1379-14537 - Continent 8 LLC, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
e80d3c9a194df8fea536c2885e52da61fb3229bff70d29541fd9edabe8974f9b
Blocked
Source: easylist, Type: ads (This would have been blocked)

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 12 Jun 2019 15:38:38 GMT
content-encoding
gzip
referrer-policy
origin
last-modified
Fri, 12 Apr 2019 00:24:53 GMT
server
Microsoft-IIS/10.0
etag
"8d3f26c6f0d41:0"
vary
Accept-Encoding
p3p
CP="CAO PSA OUR"
status
200
x-nid
W03
accept-ranges
bytes
content-type
text/css
content-length
9795
Verified jquery.min.js
cdn.jsdelivr.net/npm/jquery@1.11.3/dist
94 KB
33 KB
Script
General
Full URL
https://cdn.jsdelivr.net/npm/jquery@1.11.3/dist/jquery.min.js
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/cos/1/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42::621 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947
Verified resource
flat-ui/2.3.0/js/vendor/jquery.min.js at cdnjs.com, project flat-ui
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-cache
HIT, HIT
status
200
date
Wed, 12 Jun 2019 15:38:38 GMT
content-length
33342
x-served-by
cache-ams21023-AMS, cache-fra19160-FRA
etag
W/"176f8-N7HbiLV0OPEHKo68dVnJCcnTpoI"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
Verified jquery-migrate.min.js
cdn.jsdelivr.net/npm/jquery-migrate@1.4.1/dist
10 KB
4 KB
Script
General
Full URL
https://cdn.jsdelivr.net/npm/jquery-migrate@1.4.1/dist/jquery-migrate.min.js
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/cos/1/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42::621 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
Verified resource
jquery-migrate/1.4.1/jquery-migrate.min.js at cdnjs.com, project jquery-migrate
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-cache
HIT, HIT
status
200
date
Wed, 12 Jun 2019 15:38:38 GMT
content-length
4014
x-served-by
cache-ams21024-AMS, cache-fra19160-FRA
etag
W/"2748-kFMq/21BIZVCVM3wSZTYNPfsFps"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
Adblocked common.js?1623-15
promo.iredirect.net/rea/shared
83 KB
22 KB
Script
General
Full URL
https://promo.iredirect.net/rea/shared/common.js?1623-15
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/cos/1/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.139 , United States, ASN14537 (CL-1379-14537 - Continent 8 LLC, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
7f04427e198b626a2e07b3f34eb3951d43af997ac4bd5aafacf3cfcebf683d34
Blocked
Source: easylist, Type: ads (This would have been blocked)

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 12 Jun 2019 15:38:38 GMT
content-encoding
gzip
referrer-policy
origin
last-modified
Fri, 22 Mar 2019 06:11:12 GMT
server
Microsoft-IIS/10.0
etag
"0c06fc76e0d41:0"
vary
Accept-Encoding
p3p
CP="CAO PSA OUR"
status
200
x-nid
W03
accept-ranges
bytes
content-type
application/javascript
content-length
22057
vjs-chat.js?1258-15
cdn.iredirect.net/webcdn/js
703 B
564 B
Script
General
Full URL
https://cdn.iredirect.net/webcdn/js/vjs-chat.js?1258-15
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/cos/1/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537 - Continent 8 LLC, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
395248fa2a0de2257903418d5cf5c40d36a9e2ec04a5c5f3d9f8ca9b67ef7028

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 12 Jun 2019 15:38:38 GMT
content-encoding
gzip
last-modified
Tue, 29 Aug 2017 01:40:54 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"0d74bda6720d31:0"
vary
Accept-Encoding
p3p
CP="CAO PSA OUR"
status
200
x-nid
W03
cache-control
must-revalidate, public, max-age=1800
accept-ranges
bytes
content-type
application/javascript
content-length
481
shared.css
cdn.iredirect.net/webcdn/css/rea
15 KB
3 KB
Stylesheet
General
Full URL
https://cdn.iredirect.net/webcdn/css/rea/shared.css
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/cos/1/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537 - Continent 8 LLC, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
f91da1ed13eea40a9f415c77d9ba31b3ead2912055194d0cae1620d02d78be5c

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 12 Jun 2019 15:38:38 GMT
content-encoding
gzip
last-modified
Thu, 06 Dec 2018 01:26:34 GMT
server
Microsoft-IIS/10.0
etag
"0415eb928dd41:0"
vary
Accept-Encoding
p3p
CP="CAO PSA OUR"
status
200
x-nid
W03
cache-control
must-revalidate, public, max-age=300
accept-ranges
bytes
content-type
text/css
content-length
3344
modal.js
cdn.iredirect.net/webcdn/js/rea/shared
10 KB
3 KB
Script
General
Full URL
https://cdn.iredirect.net/webcdn/js/rea/shared/modal.js
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/cos/1/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537 - Continent 8 LLC, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
adcccfba49ae4b6b9af5d7edd20673be39b35826d3e816a6969c333585169bb9

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 12 Jun 2019 15:38:38 GMT
content-encoding
gzip
last-modified
Thu, 24 Aug 2017 03:46:10 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"0ad1d868b1cd31:0"
vary
Accept-Encoding
p3p
CP="CAO PSA OUR"
status
200
x-nid
W03
cache-control
must-revalidate, public, max-age=1800
accept-ranges
bytes
content-type
application/javascript
content-length
2686
cookieConsentCr.min.js?1258-15
cdn.iredirect.net/webcdn/js
35 KB
12 KB
Script
General
Full URL
https://cdn.iredirect.net/webcdn/js/cookieConsentCr.min.js?1258-15
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/cos/1/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537 - Continent 8 LLC, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
78060cb1b910e5c758b7c3d2817679577f278e20f36c231abf8751b154d5ad65

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 12 Jun 2019 15:38:38 GMT
content-encoding
gzip
last-modified
Tue, 11 Dec 2018 21:49:52 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"00d729b91d41:0"
vary
Accept-Encoding
p3p
CP="CAO PSA OUR"
status
200
x-nid
W03
cache-control
must-revalidate, public, max-age=1800
accept-ranges
bytes
content-type
application/javascript
content-length
12355
Adblocked slick.css
promo.iredirect.net/rea/pop/en/cos/1/inc/slick
2 KB
835 B
Stylesheet
General
Full URL
https://promo.iredirect.net/rea/pop/en/cos/1/inc/slick/slick.css
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/cos/1/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.139 , United States, ASN14537 (CL-1379-14537 - Continent 8 LLC, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5
Blocked
Source: easylist, Type: ads (This would have been blocked)

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 12 Jun 2019 15:38:38 GMT
content-encoding
gzip
referrer-policy
origin
last-modified
Fri, 19 Jan 2018 02:59:50 GMT
server
Microsoft-IIS/10.0
etag
"fa3cb092d190d31:0"
vary
Accept-Encoding
p3p
CP="CAO PSA OUR"
status
200
x-nid
W03
accept-ranges
bytes
content-type
text/css
content-length
745
Verified Adblocked slick-theme.css
promo.iredirect.net/rea/pop/en/cos/1/inc/slick
3 KB
953 B
Stylesheet
General
Full URL
https://promo.iredirect.net/rea/pop/en/cos/1/inc/slick/slick-theme.css
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/cos/1/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.139 , United States, ASN14537 (CL-1379-14537 - Continent 8 LLC, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
7adaf08052c6a6a0f8a0d0055b4f191fd07389fe41c972b69573472b2ecb406a
Verified resource
slick-carousel/1.6.0/slick-theme.css at cdnjs.com, project slick-carousel
Blocked
Source: easylist, Type: ads (This would have been blocked)

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 12 Jun 2019 15:38:38 GMT
content-encoding
gzip
referrer-policy
origin
last-modified
Fri, 19 Jan 2018 02:59:49 GMT
server
Microsoft-IIS/10.0
etag
"80c0a591d190d31:0"
vary
Accept-Encoding
p3p
CP="CAO PSA OUR"
status
200
x-nid
W03
accept-ranges
bytes
content-type
text/css
content-length
870
Verified spacer.gif
img.iredirect.net/webCDN/img/shared
43 B
236 B
Image
General
Full URL
https://img.iredirect.net/webCDN/img/shared/spacer.gif
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/cos/1/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537 - Continent 8 LLC, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Verified resource
ckeditor/4.2/plugins/fakeobjects/images/spacer.gif at cdnjs.com, project ckeditor

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 12 Jun 2019 15:38:38 GMT
last-modified
Mon, 18 Jun 2012 08:15:06 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"021f3772a4dcd1:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W03
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
image/gif
content-length
43
spacer.gif
cdn.zxcdn.com/webcdn/img/rea/shared
1 KB
1 KB
Image
General
Full URL
https://cdn.zxcdn.com/webcdn/img/rea/shared/spacer.gif
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/cos/1/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537 - Continent 8 LLC, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
bc1949a92d0ed97011d62ecc757ac52524e92d35a8d36d96b1702f31cfbc9051

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 12 Jun 2019 15:38:38 GMT
last-modified
Mon, 27 Jun 2016 06:48:58 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"069d1fa3fd0d11:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W03
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
image/gif
content-length
1095
jquery-migrate-1.2.1.min.js
code.jquery.com
7 KB
3 KB
Script
General
Full URL
https://code.jquery.com/jquery-migrate-1.2.1.min.js
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/cos/1/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
205.185.208.52 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
vip052.ssl.hwcdn.net
Software
nginx /
Resource Hash
1e67d8dbcca1f6fd94e077c85c2fb40fa1c2756c99238daa8da882144260a68d

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 12 Jun 2019 15:38:38 GMT
Content-Encoding
gzip
Last-Modified
Fri, 24 Oct 2014 00:16:08 GMT
Server
nginx
ETag
W/"54499a48-1c1f"
Vary
Accept-Encoding
X-HW
1560353918.dop085.lo4.shc,1560353918.dop085.lo4.t,1560353918.cds067.lo4.c
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=315360000, public
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
3063
Adblocked slick.min.js
promo.iredirect.net/rea/pop/en/cos/1/inc/slick
42 KB
10 KB
Script
General
Full URL
https://promo.iredirect.net/rea/pop/en/cos/1/inc/slick/slick.min.js
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/cos/1/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.139 , United States, ASN14537 (CL-1379-14537 - Continent 8 LLC, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740
Blocked
Source: easylist, Type: ads (This would have been blocked)

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 12 Jun 2019 15:38:38 GMT
content-encoding
gzip
referrer-policy
origin
last-modified
Fri, 19 Jan 2018 02:59:53 GMT
server
Microsoft-IIS/10.0
etag
"801a894d190d31:0"
vary
Accept-Encoding
p3p
CP="CAO PSA OUR"
status
200
x-nid
W03
accept-ranges
bytes
content-type
application/javascript
content-length
10401
Adblocked analytics.js
www.google-analytics.com
43 KB
17 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/cos/1/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8f88cb7a1cd4134f5d616b9fca90b9069fa16c162b7ae66ba1b500c490b41dd2
Blocked
Source: easylist, Type: privacy (This would have been blocked)
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 21 May 2019 23:53:44 GMT
server
Golfe2
age
363
date
Wed, 12 Jun 2019 15:32:35 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
17595
expires
Wed, 12 Jun 2019 17:32:35 GMT
Adblocked gtm.js?id=GTM-T5DCX9V
www.googletagmanager.com
115 KB
28 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-T5DCX9V
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/cos/1/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
0b9cbf7055cb8c946da57368559de9aa7e49afc1f14f62d6ef4571872be1aea7
Blocked
Source: easylist, Type: privacy (This would have been blocked)
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 12 Jun 2019 15:38:38 GMT
content-encoding
br
last-modified
Tue, 11 Jun 2019 17:47:43 GMT
server
Google Tag Manager
access-control-allow-origin
http://www.googletagmanager.com
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
status
200
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
content-length
28607
x-xss-protection
0
expires
Wed, 12 Jun 2019 15:38:38 GMT
COS_Logo_2x.fs8.png
cdn.iredirect.net/webCDN/img/COS
50 KB
50 KB
Image
General
Full URL
https://cdn.iredirect.net/webCDN/img/COS/COS_Logo_2x.fs8.png
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/cos/1/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537 - Continent 8 LLC, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
8539bcc762428650a59be971f9fd5ad5437e9a44d453e8c930026f30075f784d

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 12 Jun 2019 15:38:38 GMT
last-modified
Mon, 04 Dec 2017 04:40:02 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"03dacf2b96cd31:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W03
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
50917
rea-cosmo-main-bg_2x.jpg
cdn.iredirect.net/webCDN/img/REA/pop/en/cos/1
215 KB
215 KB
Image
General
Full URL
https://cdn.iredirect.net/webCDN/img/REA/pop/en/cos/1/rea-cosmo-main-bg_2x.jpg
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/cos/1/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537 - Continent 8 LLC, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
d6abd1be6575bb3f08ccc7b60a590db97a936260e76b7bcd5dab8ebeae5cd3b7

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 12 Jun 2019 15:38:38 GMT
last-modified
Mon, 15 Jan 2018 06:15:42 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"03b5445c88dd31:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W03
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
image/jpeg
content-length
219664
rea-cosmo-arrow_2x.fs8.png
cdn.iredirect.net/webCDN/img/REA/pop/en/cos/1
6 KB
6 KB
Image
General
Full URL
https://cdn.iredirect.net/webCDN/img/REA/pop/en/cos/1/rea-cosmo-arrow_2x.fs8.png
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/cos/1/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537 - Continent 8 LLC, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
ccfd427c3e03f6312b2f3afca94dd40627686cf3ccbbf90e74e7babc971a7a60

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 12 Jun 2019 15:38:38 GMT
last-modified
Thu, 18 Jan 2018 22:04:24 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"064b94ca890d31:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W03
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
5905
rea-pop-cosmo-jackpot_2x.fs8.png
cdn.iredirect.net/webCDN/img/REA/pop/en/cos/1
141 KB
141 KB
Image
General
Full URL
https://cdn.iredirect.net/webCDN/img/REA/pop/en/cos/1/rea-pop-cosmo-jackpot_2x.fs8.png
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/cos/1/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537 - Continent 8 LLC, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
eb446ef8d93ea926ae8dad8f69d1a478a7b9060a2d648f3fabd94a6dc87c8bd0

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 12 Jun 2019 15:38:38 GMT
last-modified
Tue, 16 Jan 2018 01:28:38 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"0277055698ed31:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W03
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
144495
rea-pop-cosmo-coins_2x.fs8.png
cdn.iredirect.net/webCDN/img/REA/pop/en/cos/1
42 KB
42 KB
Image
General
Full URL
https://cdn.iredirect.net/webCDN/img/REA/pop/en/cos/1/rea-pop-cosmo-coins_2x.fs8.png
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/cos/1/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537 - Continent 8 LLC, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
c56fe93045f66491a0e8d56b5f5c3dc37aaa740d0d6226e9b8beff2f959f4e25

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 12 Jun 2019 15:38:38 GMT
last-modified
Mon, 15 Jan 2018 06:15:38 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"0e1f142c88dd31:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W03
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
43332
CCC_Golden-ICE-jpot-spriteA.fs8.png
img.iredirect.net/webcdn/img/rea/pop/en/ccc/4
23 KB
23 KB
Image
General
Full URL
https://img.iredirect.net/webcdn/img/rea/pop/en/ccc/4/CCC_Golden-ICE-jpot-spriteA.fs8.png
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/cos/1/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537 - Continent 8 LLC, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
95a99b94a94d22903fe5ec49736037e6094afd5fa96a8171366c492d32beb26e

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 12 Jun 2019 15:38:38 GMT
last-modified
Fri, 09 Sep 2016 03:41:48 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"0e6c8174cad21:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W03
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
23573
rea-pop-cosmo-winners-bg_2x.fs8.png
cdn.iredirect.net/webCDN/img/REA/pop/en/cos/1
601 KB
602 KB
Image
General
Full URL
https://cdn.iredirect.net/webCDN/img/REA/pop/en/cos/1/rea-pop-cosmo-winners-bg_2x.fs8.png
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/cos/1/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537 - Continent 8 LLC, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
c2a8617d84f4081d573b74738564cd8f1f5b3149aeaaef29d90b41b0f9ca621c

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 12 Jun 2019 15:38:38 GMT
last-modified
Mon, 15 Jan 2018 06:15:36 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"0b4c041c88dd31:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W03
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
615610
rea-cosmo-glow_2x.fs8.png
cdn.iredirect.net/webCDN/img/REA/pop/en/cos/1
153 KB
153 KB
Image
General
Full URL
https://cdn.iredirect.net/webCDN/img/REA/pop/en/cos/1/rea-cosmo-glow_2x.fs8.png
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/cos/1/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537 - Continent 8 LLC, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
9dace7b643ec037293c1ce8e021f1813faaa636ce1a1728e3543fb599a9314d8

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 12 Jun 2019 15:38:38 GMT
last-modified
Mon, 15 Jan 2018 06:15:40 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"0e2344c88dd31:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W03
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
156621
Home_Winners-Left_2x.fs8.png
cdn.iredirect.net/webCDN/img/COS
211 KB
212 KB
Image
General
Full URL
https://cdn.iredirect.net/webCDN/img/COS/Home_Winners-Left_2x.fs8.png
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/cos/1/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537 - Continent 8 LLC, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
e1b56e2b83eda26c98fa47d99bccf1632348a4f94e2461b13d08de086130ed71

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 12 Jun 2019 15:38:38 GMT
last-modified
Fri, 12 Jan 2018 00:32:36 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"0aae0d73c8bd31:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W03
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
216513
Home_Winners-Right_2x.fs8.png
cdn.iredirect.net/webCDN/img/COS
235 KB
235 KB
Image
General
Full URL
https://cdn.iredirect.net/webCDN/img/COS/Home_Winners-Right_2x.fs8.png
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/cos/1/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537 - Continent 8 LLC, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
f6c42c54902dab7fef54e33dc4281ab2afe3c771d2931ae05d79bed33e51414c

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 12 Jun 2019 15:38:38 GMT
last-modified
Mon, 04 Dec 2017 04:40:02 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"03dacf2b96cd31:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W03
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
240790
rea-cosmo-chips-left_2x.fs8.png
cdn.iredirect.net/webCDN/img/REA/pop/en/cos/1
54 KB
54 KB
Image
General
Full URL
https://cdn.iredirect.net/webCDN/img/REA/pop/en/cos/1/rea-cosmo-chips-left_2x.fs8.png
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/cos/1/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537 - Continent 8 LLC, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
27212ad263974166bef49756d99bb41b5218832c023ac8fc83810087c0bdfdd0

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 12 Jun 2019 15:38:38 GMT
last-modified
Mon, 15 Jan 2018 06:15:32 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"05a5e3fc88dd31:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W03
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
54975
rea-cosmo-chips-right_2x.fs8.png
cdn.iredirect.net/webCDN/img/REA/pop/en/cos/1
37 KB
37 KB
Image
General
Full URL
https://cdn.iredirect.net/webCDN/img/REA/pop/en/cos/1/rea-cosmo-chips-right_2x.fs8.png
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/cos/1/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537 - Continent 8 LLC, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
44669e67b0112f2ea5c77b2bae3ed0051b74a59af3d468b276ce31ceb30cd762

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 12 Jun 2019 15:38:39 GMT
last-modified
Mon, 15 Jan 2018 06:15:32 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"05a5e3fc88dd31:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W03
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
37630
rea-pop-cosmo-points_2x.fs8.png
cdn.iredirect.net/webCDN/img/REA/pop/en/cos/1
277 KB
277 KB
Image
General
Full URL
https://cdn.iredirect.net/webCDN/img/REA/pop/en/cos/1/rea-pop-cosmo-points_2x.fs8.png
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/cos/1/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537 - Continent 8 LLC, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
cb6701973c82e6407b2992ad1cbf1320c99497317aa628d3e6b05ecda9f2adc0

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 12 Jun 2019 15:38:39 GMT
last-modified
Mon, 15 Jan 2018 06:15:30 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"02d2d3ec88dd31:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W03
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
283306
rea-pop-cosmo-icons_2x.fs8.png
cdn.iredirect.net/webCDN/img/REA/pop/en/cos/1
13 KB
13 KB
Image
General
Full URL
https://cdn.iredirect.net/webCDN/img/REA/pop/en/cos/1/rea-pop-cosmo-icons_2x.fs8.png
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/cos/1/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537 - Continent 8 LLC, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
ff45daa7fe6d1cfaaaf09beec6faaee8eea968b916f66733ffe36c425c4b38d8

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 12 Jun 2019 15:38:39 GMT
last-modified
Mon, 15 Jan 2018 06:15:28 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"00fc3cc88dd31:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W03
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
13361
rea-cosmo-mega-moolah_2x.fs8.png
cdn.iredirect.net/webCDN/img/REA/pop/en/cos/1
287 KB
287 KB
Image
General
Full URL
https://cdn.iredirect.net/webCDN/img/REA/pop/en/cos/1/rea-cosmo-mega-moolah_2x.fs8.png
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/cos/1/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537 - Continent 8 LLC, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
f1e97059ff9de3566088b55db618dde61be88a270e1db3fc5d96ddb8f33a7fd6

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 12 Jun 2019 15:38:39 GMT
last-modified
Mon, 15 Jan 2018 06:15:26 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"0d3ca3bc88dd31:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W03
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
293965
rea-cosmo-thunderstruck-ii.fs8.png
cdn.iredirect.net/webCDN/img/REA/pop/en/cos/1
165 KB
165 KB
Image
General
Full URL
https://cdn.iredirect.net/webCDN/img/REA/pop/en/cos/1/rea-cosmo-thunderstruck-ii.fs8.png
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/cos/1/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537 - Continent 8 LLC, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
19ba63d951dc6f2618cbc44c0f795951505a04f9fc956208a5fa6bd53dc883fd

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 12 Jun 2019 15:38:39 GMT
last-modified
Mon, 15 Jan 2018 06:15:46 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"095b647c88dd31:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W03
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
169150
rea-cosmo-immoral-bromance.fs8.png
cdn.iredirect.net/webCDN/img/REA/pop/en/cos/1
152 KB
152 KB
Image
General
Full URL
https://cdn.iredirect.net/webCDN/img/REA/pop/en/cos/1/rea-cosmo-immoral-bromance.fs8.png
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/cos/1/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537 - Continent 8 LLC, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
d31a04c41933c91617ca009151f0073f0a906ea27d14f5577c563576d7fe3992

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 12 Jun 2019 15:38:39 GMT
last-modified
Mon, 15 Jan 2018 06:15:48 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"0c2e748c88dd31:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W03
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
155553
rea-cosmo-avalon-ii.fs8.png
cdn.iredirect.net/webCDN/img/REA/pop/en/cos/1
140 KB
140 KB
Image
General
Full URL
https://cdn.iredirect.net/webCDN/img/REA/pop/en/cos/1/rea-cosmo-avalon-ii.fs8.png
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/cos/1/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537 - Continent 8 LLC, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
d7edbc413d89bf05666d3e6622160ff785f31dd0a77cf138101e1e770c909750

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 12 Jun 2019 15:38:39 GMT
last-modified
Mon, 15 Jan 2018 06:15:48 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"0c2e748c88dd31:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W03
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
143691
rea-cosmo-millionaires-club.fs8.png
cdn.iredirect.net/webCDN/img/REA/pop/en/cos/1
95 KB
95 KB
Image
General
Full URL
https://cdn.iredirect.net/webCDN/img/REA/pop/en/cos/1/rea-cosmo-millionaires-club.fs8.png
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/cos/1/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537 - Continent 8 LLC, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
6fc0cffeb439af51016e9b793f0011e99d24b4293949a4cd8c29ef0379058162

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 12 Jun 2019 15:38:39 GMT
last-modified
Mon, 15 Jan 2018 06:15:44 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"0688546c88dd31:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W03
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
97348
norton.jpg
cdn.zxcdn.com/webcdn/img/rea/shared/secimages
3 KB
3 KB
Image
General
Full URL
https://cdn.zxcdn.com/webcdn/img/rea/shared/secimages/norton.jpg
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/cos/1/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537 - Continent 8 LLC, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
7c54bb703a5f1ec08cb572c46325709e73726d6175a4d8ac29272f64910200ae

Request headers

Referer
https://cdn.iredirect.net/webcdn/css/rea/shared.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 12 Jun 2019 15:38:38 GMT
last-modified
Mon, 27 Jun 2016 06:46:26 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"0d38a03fd0d11:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W03
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
image/jpeg
content-length
2651
mcafee.jpg
cdn.zxcdn.com/webcdn/img/rea/shared/secimages
3 KB
3 KB
Image
General
Full URL
https://cdn.zxcdn.com/webcdn/img/rea/shared/secimages/mcafee.jpg
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/cos/1/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537 - Continent 8 LLC, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
263daceea364e196b1120703f0debb9d0fdd4bfd579c3b78d8d03bbe222d1274

Request headers

Referer
https://cdn.iredirect.net/webcdn/css/rea/shared.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 12 Jun 2019 15:38:38 GMT
last-modified
Mon, 27 Jun 2016 06:46:26 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"0d38a03fd0d11:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W03
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
image/jpeg
content-length
2877
secure-de.jpg
cdn.zxcdn.com/webcdn/img/rea/shared/secimages
3 KB
3 KB
Image
General
Full URL
https://cdn.zxcdn.com/webcdn/img/rea/shared/secimages/secure-de.jpg
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/cos/1/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537 - Continent 8 LLC, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
59a39b60dbe3a3b2d8e44d1452cc3382ce19c8a17ae48bc2e6aa1344762845a6

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 12 Jun 2019 15:38:38 GMT
last-modified
Mon, 27 Jun 2016 06:46:28 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"03a69a13fd0d11:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W03
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
image/jpeg
content-length
2734
footer-icons.fs8.png
cdn.zxcdn.com/webCDN/img/Shared
32 KB
32 KB
Image
General
Full URL
https://cdn.zxcdn.com/webCDN/img/Shared/footer-icons.fs8.png
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/cos/1/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537 - Continent 8 LLC, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
4c7cd5e07cc6ee4eb8857f7d224c56c439509bdfd74cbd21133447af07dec333

Request headers

Referer
https://cdn.iredirect.net/webcdn/css/rea/shared.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 12 Jun 2019 15:38:38 GMT
last-modified
Fri, 10 May 2019 04:17:48 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"bffc3b53e76d51:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W03
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
33111
ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-85618867-1&cid=1082626715.1560353919&jid=1811712427&_v=j76&z=1747957380&slf_rd=1&random=603706096
www.google.de/ads
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j76&a=2035139552&t=pageview&_s=1&dl=https%3A%2F%2Fpromo.iredirect.net%2Frea%2Fpop%2Fde%2Fcos%2F1%2F&dr=https%253A%252F%252Fvfc4.ekwvzi.live%252F&ul...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-85618867-1&cid=1082626715.1560353919&jid=1811712427&_gid=1236693180.1560353919&gjid=1764009718&_v=j76&z=1747957380
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-85618867-1&cid=1082626715.1560353919&jid=1811712427&_v=j76&z=1747957380
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-85618867-1&cid=1082626715.1560353919&jid=1811712427&_v=j76&z=1747957380&slf_rd=1&random=603706096
42 B
109 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-85618867-1&cid=1082626715.1560353919&jid=1811712427&_v=j76&z=1747957380&slf_rd=1&random=603706096
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/cos/1/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 12 Jun 2019 15:38:38 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 12 Jun 2019 15:38:38 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
location
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-85618867-1&cid=1082626715.1560353919&jid=1811712427&_v=j76&z=1747957380&slf_rd=1&random=603706096
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
cache-control
no-cache, no-store, must-revalidate
content-type
text/html; charset=UTF-8
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Adblocked collect?v=1&_v=j76&a=2035139552&t=event&ni=1&_s=2&dl=https%3A%2F%2Fpromo.iredirect.net%2Frea%2Fpop%2Fde%2Fcos%2F1%2F&dr=https%253A%252F%252Fvfc4.ekwvzi.live%252F&ul=en-us&de=UTF-8&dt=Cosmo%20Casino...
www.google-analytics.com
35 B
109 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j76&a=2035139552&t=event&ni=1&_s=2&dl=https%3A%2F%2Fpromo.iredirect.net%2Frea%2Fpop%2Fde%2Fcos%2F1%2F&dr=https%253A%252F%252Fvfc4.ekwvzi.live%252F&ul=en-us&de=UTF-8&dt=Cosmo%20Casino!&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&ec=REA%20Page&ea=Load%20Success&el=rea%2Fpop%2Fde%2Fcos%2F1&_u=YEBAAEABC~&jid=&gjid=&cid=1082626715.1560353919&tid=UA-85618867-1&_gid=1236693180.1560353919&cd9=23635&cd34=de&cd83=geQRV7yo6UGUmx6JfkiR4O%2BxmfZmD7Hu9cYE8gapFCE%3D&cd85=5359_49266_22173_4408_57_23634_3-75393%7C350726539%7C2412cef0-8d28-11e9-b486-6680a44dfd16%7C2412cef0-8d28-11e9-b486-6680a44dfd16%7C&cd89=wizfulladdress_https&cd90=pop_cos_1_2&cd91=wizfulladdress&cd124=catch_cos&cd125=1&cd126=1&cd127=2&cd128=COS&cd129=&cd130=&cd131=EMPTY&z=688761109
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/cos/1/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Blocked
Source: easylist, Type: privacy (This would have been blocked)
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 02 Jun 2019 12:29:06 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
875372
content-type
image/gif
status
200
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
cache-control
no-cache, no-store, must-revalidate
access-control-allow-origin
*
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
ProgressiveJackpotTicker.min.js?_=1560353918273
cdn.iredirect.net/webcdn/js
2 KB
1 KB
Script
General
Full URL
https://cdn.iredirect.net/webcdn/js/ProgressiveJackpotTicker.min.js?_=1560353918273
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/jquery@1.11.3/dist/jquery.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537 - Continent 8 LLC, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
155d2d0315dae7ca135de8db6ca1d8da3580b1f3851f034f8a60a0fd23f014b5

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 12 Jun 2019 15:38:39 GMT
content-encoding
gzip
last-modified
Wed, 07 Jun 2017 02:03:26 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"06bdd3f32dfd21:0"
vary
Accept-Encoding
p3p
CP="CAO PSA OUR"
status
200
x-nid
W03
cache-control
must-revalidate, public, max-age=1800
accept-ranges
bytes
content-type
application/javascript
content-length
1215
Verified Adblocked slick.woff
promo.iredirect.net/rea/pop/en/cos/1/inc/slick/fonts
1 KB
1 KB
Font
General
Full URL
https://promo.iredirect.net/rea/pop/en/cos/1/inc/slick/fonts/slick.woff
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/jquery@1.11.3/dist/jquery.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.139 , United States, ASN14537 (CL-1379-14537 - Continent 8 LLC, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
26726bac4060abb1226e6ceebc1336e84930fe7a7af1b3895a109d067f5b5dcc
Verified resource
slick-carousel/1.3.7/fonts/slick.woff at cdnjs.com, project slick-carousel
Blocked
Source: easylist, Type: ads (This would have been blocked)

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://promo.iredirect.net/
Origin
https://promo.iredirect.net

Response headers

date
Wed, 12 Jun 2019 15:38:38 GMT
referrer-policy
origin
last-modified
Fri, 19 Jan 2018 02:59:58 GMT
server
Microsoft-IIS/10.0
etag
"e9cf4e97d190d31:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W03
accept-ranges
bytes
content-type
font/x-woff
content-length
1380
Verified Adblocked ajax-loader.gif
promo.iredirect.net/rea/pop/en/cos/1/inc/slick
4 KB
4 KB
Image
General
Full URL
https://promo.iredirect.net/rea/pop/en/cos/1/inc/slick/ajax-loader.gif
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/jquery@1.11.3/dist/jquery.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.139 , United States, ASN14537 (CL-1379-14537 - Continent 8 LLC, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
e7b44c86b050fca766a96ddac2d0932af0126da6f2305280342d909168dcce6b
Verified resource
slick-carousel/1.3.7/ajax-loader.gif at cdnjs.com, project slick-carousel
Blocked
Source: easylist, Type: ads (This would have been blocked)

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 12 Jun 2019 15:38:38 GMT
referrer-policy
origin
last-modified
Fri, 19 Jan 2018 02:59:48 GMT
server
Microsoft-IIS/10.0
etag
"4c245491d190d31:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W03
accept-ranges
bytes
content-type
image/gif
content-length
4178
?cultureName=de_EUR&callback=jQuery111305853068846010183_1560353918274&_=1560353918275
api.zxcdn.com/ApiMgs.svc/GetProgressivesByCultureName
3 KB
1 KB
Script
General
Full URL
https://api.zxcdn.com/ApiMgs.svc/GetProgressivesByCultureName/?cultureName=de_EUR&callback=jQuery111305853068846010183_1560353918274&_=1560353918275
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/jquery@1.11.3/dist/jquery.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
66.212.229.188 , United States, ASN14537 (CL-1379-14537 - Continent 8 LLC, US),
Reverse DNS
Software
/
Resource Hash
5674384abceb68f18eb14aa9a0719edda57ec7cd307ca174a1555be73ecc2145

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 12 Jun 2019 15:38:39 GMT
content-encoding
gzip
vary
Accept-Encoding
content-type
application/x-javascript
status
200
x-nid
W03
cache-control
no-cache
content-length
999
expires
-1

Redirect requests

There were HTTP redirects (301, 302) for the following requests:

Request 0
  • http://mens-superhealth.com/5409fh16915799id7095uk22464oj1487cw1984rr
  • http://carblck.com/r/1267784a-3ca4-4ada-a081-40e910dbfdec/54/5409/16915799
Request 1
  • https://carblck.com/r2/1267784a-3ca4-4ada-a081-40e910dbfdec/54/5409/16915799/81e1383a-b289-41ee-9b52-58a2e56a0893/?fctr=0
  • https://carblck.com/r/29e028de-409a-4a78-8317-2efe4b5cb991/54/5409/16915799//?fctr=1&ptid=81e1383a-b289-41ee-9b52-58a2e56a0893
Request 2
  • https://carblck.com/r2/29e028de-409a-4a78-8317-2efe4b5cb991/54/5409/16915799/51edac01-edf7-4429-8666-879ae12cfc5e/?fctr=1&ptid=81e1383a-b289-41ee-9b52-58a2e56a0893&red_param_1=http%3A%2F%2Fcarblck....
  • https://laudypauty.com/fff0852e2b321b3800/100/51edac01-edf7-4429-8666-879ae12cfc5e
Request 3
  • https://m1o6.safesslredir.company/?s1=832015685&s2=472125&kw=472125
  • https://vfc4.ekwvzi.live/?sov=350726539&hid=djfhlvhrfnfndp&&cntrl=00000&pid=10044&redid=75393&gsid=488&campaign_id=1228&p_id=10044&id=XNSX.832015685%3A%3A472125-r75393-t488&impid=23afee0c-8d28-11e9...
Request 4
  • https://vfc4.ekwvzi.live/ITS458yukon25plusDE.html?sov=350726539&cntrl=00000&pid=10044&redid=75393&gsid=488&campaign_id=1228&p_id=10044&id=XNSX.832015685%3A%3A472125-r75393-t488&impid=23afee0c-8d28-...
  • https://click.cr-brands.net/affiliate/referral.asp?site=rea&url=pop/de/cos/1&v=2&seg=49266&lid=215864&aff_id=5359_49266_22173_4408_57_23634_3-75393|350726539|2412cef0-8d28-11e9-b486-6680a44dfd16|24...
  • https://promo.iredirect.net/referral.asp?aff_id=5359_49266_22173_4408_57_23634_3-75393|350726539|2412cef0-8d28-11e9-b486-6680a44dfd16|2412cef0-8d28-11e9-b486-6680a44dfd16|&pop_up=1&url=/rea/pop/de/...
  • https://promo.iredirect.net/rea/pop/de/cos/1/
Request 44
  • https://www.google-analytics.com/r/collect?v=1&_v=j76&a=2035139552&t=pageview&_s=1&dl=https%3A%2F%2Fpromo.iredirect.net%2Frea%2Fpop%2Fde%2Fcos%2F1%2F&dr=https%253A%252F%252Fvfc4.ekwvzi.live%252F&ul...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-85618867-1&cid=1082626715.1560353919&jid=1811712427&_gid=1236693180.1560353919&gjid=1764009718&_v=j76&z=1747957380
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-85618867-1&cid=1082626715.1560353919&jid=1811712427&_v=j76&z=1747957380
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-85618867-1&cid=1082626715.1560353919&jid=1811712427&_v=j76&z=1747957380&slf_rd=1&random=603706096

52 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask string| thisLang string| thisSiteCode string| thisBrand string| thisCategory string| thisVariation string| thisPath function| $ function| jQuery function| cross_domain_storage function| wopen function| checkCaptchaResponse number| d string| v number| formWS boolean| isCaptchaValidated object| respond boolean| priorEngage string| currency object| thisAffID string| siteTotalGames string| mobilesiteTotalGames string| decimalSeparator string| groupSeparator string| positivePattern string| decimalDigits string| isGDPR number| xit object| CookieConsentCr object| cookieconsent string| btag5 string| btag1 string| btag3 string| thisReferer string| __galab object| _loadGADATA function| isGoogleAnalyticsLoaded function| logGAEvent string| GoogleAnalyticsObject function| __gaTracker object| dataLayer object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| google_tag_manager boolean| blMatch object| jQuery111305853068846010183 object| fm undefined| jQuery111305853068846010183_1560353918274

4 Cookies

Domain/Path Name / Value
.iredirect.net/ Name: _gat
Value: 1
.iredirect.net/ Name: _gid
Value: GA1.2.1236693180.1560353919
.iredirect.net/ Name: _ga
Value: GA1.2.1082626715.1560353919
promo.iredirect.net/ Name: ASPSESSIONIDCWCSTADB
Value: MAEBGPAANELNCMKNDNAGIJDN

2 Console Messages

Source Level URL
Text
console-api log URL: https://cdn.jsdelivr.net/npm/jquery-migrate@1.4.1/dist/jquery-migrate.min.js, Line 2, Column552
Message:
JQMIGRATE: Migrate is installed, version 1.4.1
console-api log URL: https://promo.iredirect.net/rea/pop/de/cos/1/, Line 126, Column50
Message:
Load Success

Indicators of compromise (IoCs)

This is a term in the security industry to describe indicators around an attack. This includes IPs, hashes, domains, etc.

api.zxcdn.com
carblck.com
cdn.iredirect.net
cdn.jsdelivr.net
cdn.zxcdn.com
click.cr-brands.net
code.jquery.com
img.iredirect.net
laudypauty.com
m1o6.safesslredir.company
mens-superhealth.com
promo.iredirect.net
stats.g.doubleclick.net
vfc4.ekwvzi.live
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com


154.16.205.144
193.56.28.211
205.185.208.52
2a00:1450:4001:806::2003
2a00:1450:4001:806::2004
2a00:1450:4001:81b::2008
2a00:1450:4001:81f::200e
2a00:1450:400c:c0c::9a
2a04:4e42::621
51.15.190.107
65.98.48.235
66.212.229.139
66.212.229.144
66.212.229.188
66.212.229.189
95.140.40.88

0b9cbf7055cb8c946da57368559de9aa7e49afc1f14f62d6ef4571872be1aea7
0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740
155d2d0315dae7ca135de8db6ca1d8da3580b1f3851f034f8a60a0fd23f014b5
19ba63d951dc6f2618cbc44c0f795951505a04f9fc956208a5fa6bd53dc883fd
1e67d8dbcca1f6fd94e077c85c2fb40fa1c2756c99238daa8da882144260a68d
263daceea364e196b1120703f0debb9d0fdd4bfd579c3b78d8d03bbe222d1274
26726bac4060abb1226e6ceebc1336e84930fe7a7af1b3895a109d067f5b5dcc
27212ad263974166bef49756d99bb41b5218832c023ac8fc83810087c0bdfdd0
395248fa2a0de2257903418d5cf5c40d36a9e2ec04a5c5f3d9f8ca9b67ef7028
44669e67b0112f2ea5c77b2bae3ed0051b74a59af3d468b276ce31ceb30cd762
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
4c7cd5e07cc6ee4eb8857f7d224c56c439509bdfd74cbd21133447af07dec333
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5674384abceb68f18eb14aa9a0719edda57ec7cd307ca174a1555be73ecc2145
59a39b60dbe3a3b2d8e44d1452cc3382ce19c8a17ae48bc2e6aa1344762845a6
6773b3d89718ebd17e3bc134b87d4cd734a706d15bf82a16e8262be015e6a373
6fc0cffeb439af51016e9b793f0011e99d24b4293949a4cd8c29ef0379058162
78060cb1b910e5c758b7c3d2817679577f278e20f36c231abf8751b154d5ad65
7adaf08052c6a6a0f8a0d0055b4f191fd07389fe41c972b69573472b2ecb406a
7c54bb703a5f1ec08cb572c46325709e73726d6175a4d8ac29272f64910200ae
7f04427e198b626a2e07b3f34eb3951d43af997ac4bd5aafacf3cfcebf683d34
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8539bcc762428650a59be971f9fd5ad5437e9a44d453e8c930026f30075f784d
8f88cb7a1cd4134f5d616b9fca90b9069fa16c162b7ae66ba1b500c490b41dd2
95a99b94a94d22903fe5ec49736037e6094afd5fa96a8171366c492d32beb26e
9dace7b643ec037293c1ce8e021f1813faaa636ce1a1728e3543fb599a9314d8
adcccfba49ae4b6b9af5d7edd20673be39b35826d3e816a6969c333585169bb9
aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947
bc1949a92d0ed97011d62ecc757ac52524e92d35a8d36d96b1702f31cfbc9051
bcba8391c340b6a22512502555b320f586486f17c0154458399d476f3d484206
c2a8617d84f4081d573b74738564cd8f1f5b3149aeaaef29d90b41b0f9ca621c
c56fe93045f66491a0e8d56b5f5c3dc37aaa740d0d6226e9b8beff2f959f4e25
cb6701973c82e6407b2992ad1cbf1320c99497317aa628d3e6b05ecda9f2adc0
ccfd427c3e03f6312b2f3afca94dd40627686cf3ccbbf90e74e7babc971a7a60
d31a04c41933c91617ca009151f0073f0a906ea27d14f5577c563576d7fe3992
d6abd1be6575bb3f08ccc7b60a590db97a936260e76b7bcd5dab8ebeae5cd3b7
d7edbc413d89bf05666d3e6622160ff785f31dd0a77cf138101e1e770c909750
de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5
e1b56e2b83eda26c98fa47d99bccf1632348a4f94e2461b13d08de086130ed71
e7b44c86b050fca766a96ddac2d0932af0126da6f2305280342d909168dcce6b
e80d3c9a194df8fea536c2885e52da61fb3229bff70d29541fd9edabe8974f9b
eb446ef8d93ea926ae8dad8f69d1a478a7b9060a2d648f3fabd94a6dc87c8bd0
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1e97059ff9de3566088b55db618dde61be88a270e1db3fc5d96ddb8f33a7fd6
f6c42c54902dab7fef54e33dc4281ab2afe3c771d2931ae05d79bed33e51414c
f91da1ed13eea40a9f415c77d9ba31b3ead2912055194d0cae1620d02d78be5c
fc0fa9d151b169a5637209e4ef64115dd098f62ee273dd11cfa34cd5dbb5d877
ff45daa7fe6d1cfaaaf09beec6faaee8eea968b916f66733ffe36c425c4b38d8