urlscan.io logo urlscan.io
SecurityTrails logo

derm.bestshopping-voucher.com Open in urlscan Pro
168.119.31.202  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://storage.googleapis.com/12545454q54sdqds/sejdsdskdj/sdfnksdnfksdfnkqsjdf/oirjfeoirfjoisfdjsiodfjlsdf/redi.html#c28631ohu...
Effective URL: https://derm.bestshopping-voucher.com/campaign_409.html?coyoteAffiliTokenId=38572320&aps=___&
Submission: On November 04 via api from BE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 13 IPs in 5 countries across 13 domains to perform 23 HTTP transactions. The main IP is 168.119.31.202, located in Germany and belongs to HETZNER-AS, DE. The main domain is derm.bestshopping-voucher.com.
TLS certificate: Issued by R3 on November 4th 2021. Valid for: 3 months.
This is the only time derm.bestshopping-voucher.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2a00:1450:400... 15169 (GOOGLE)
1 2 159.253.45.53 51559 (NETINTERN...)
2 2 34.91.99.156 15169 (GOOGLE)
1 1 99.80.191.246 16509 (AMAZON-02)
1 3 168.119.31.202 24940 (HETZNER-AS)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
4 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
3 2606:4700::68... 13335 (CLOUDFLAR...)
2 2606:4700:303... 13335 (CLOUDFLAR...)
3 2606:4700:303... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
23 13
1    2a00:1450:4001:80f::2010 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
storage.googleapis.com
2    159.253.45.53 (Turkey)

ASN51559 (NETINTERNET Netinternet Bilisim Teknolojileri AS, TR)
PTR: brinwgo.com
brinwgo.com
2    34.91.99.156 (Groningen, Netherlands)

ASN15169 (GOOGLE, US)
PTR: 156.99.91.34.bc.googleusercontent.com
questeron.com
sastoby.com
1    99.80.191.246 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-99-80-191-246.eu-west-1.compute.amazonaws.com
tracking.trkkadsm.com
3    168.119.31.202 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: s1.golead.de
campaign.golead.de
derm.bestshopping-voucher.com
2    2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com
1    2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
1    2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)
stackpath.bootstrapcdn.com
4    2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2606:4700::6812:1734 (United States)

ASN13335 (CLOUDFLARENET, US)
kit.fontawesome.com
3    2606:4700::6812:e234 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.onesignal.com
onesignal.com
2    2606:4700:3036::ac43:b4eb (United States)

ASN13335 (CLOUDFLARENET, US)
api.ydgdghehe.com
3    2606:4700:3030::6815:5183 (United States)

ASN13335 (CLOUDFLARENET, US)
ka-f.fontawesome.com
1    2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
Domain Requested by
4 fonts.googleapis.com derm.bestshopping-voucher.com
3 ka-f.fontawesome.com kit.fontawesome.com
2 api.ydgdghehe.com derm.bestshopping-voucher.com
api.ydgdghehe.com
2 cdn.onesignal.com derm.bestshopping-voucher.com
cdn.onesignal.com
2 maxcdn.bootstrapcdn.com derm.bestshopping-voucher.com
2 derm.bestshopping-voucher.com brinwgo.com
derm.bestshopping-voucher.com
2 brinwgo.com 1 redirects storage.googleapis.com
1 onesignal.com cdn.onesignal.com
1 fonts.gstatic.com fonts.googleapis.com
1 kit.fontawesome.com derm.bestshopping-voucher.com
1 stackpath.bootstrapcdn.com derm.bestshopping-voucher.com
1 cdnjs.cloudflare.com derm.bestshopping-voucher.com
1 ajax.googleapis.com derm.bestshopping-voucher.com
1 campaign.golead.de 1 redirects
1 tracking.trkkadsm.com 1 redirects
1 sastoby.com 1 redirects
1 questeron.com 1 redirects
1 storage.googleapis.com
23 18
Subject Issuer Validity Valid
*.storage.googleapis.com
GTS CA 1C3		 2021-10-18 -
2022-01-10		 3 months crt.sh
deac.bestshopping-voucher.com
R3		 2021-11-04 -
2022-02-02		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-03-01 -
2022-02-28		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2021-10-18 -
2022-01-10		 3 months crt.sh
*.fontawesome.com
DigiCert TLS RSA SHA256 2020 CA1		 2020-11-13 -
2021-12-14		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2021-10-04 -
2021-12-27		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://derm.bestshopping-voucher.com/campaign_409.html?coyoteAffiliTokenId=38572320&aps=___&
Frame ID: C3FC804753D40592E4D74D78804B43B9
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

ROSSMANN 500€ GUTSCHEIN

Page URL History Show full URLs

  1. https://storage.googleapis.com/12545454q54sdqds/sejdsdskdj/sdfnksdnfksdfnkqsjdf/oirjfeoirfjoisfdjsiodfjlsdf... Page URL
  2. http://brinwgo.com/rd/c28631ohupL18375452tdNz85800Jzk1357HTDY156 Page URL
  3. http://brinwgo.com/track/c28631ohupL18375452tdNz85800Jzk1357HTDY156 HTTP 302
    https://questeron.com/?a=3533&oc=11289&c=32972&m=3&s1=15&s2=156-28631&s3=18375452-85800-1357 HTTP 302
    https://sastoby.com/?a=3533&oc=11289&c=32972&m=3&s1=15&s2=156-28631&s3=18375452-85800-1357&ckmgu... HTTP 302
    https://tracking.trkkadsm.com/aff_c?offer_id=110&aff_id=1010&aff_sub=3533&aff_sub2=220378932 HTTP 302
    https://campaign.golead.de/derm,bestshopping,voucher,com_112.html?idPartner=43&idCampaignAd=0&subId=101... HTTP 302
    https://derm.bestshopping-voucher.com/campaign_409.html?coyoteAffiliTokenId=38572320&aps=___& Page URL

Page Statistics

23
Requests

96 %
HTTPS

73 %
IPv6

13
Domains

18
Subdomains

13
IPs

5
Countries

480 kB
Transfer

1060 kB
Size

10
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://storage.googleapis.com/12545454q54sdqds/sejdsdskdj/sdfnksdnfksdfnkqsjdf/oirjfeoirfjoisfdjsiodfjlsdf/redi.html Page URL
  2. http://brinwgo.com/rd/c28631ohupL18375452tdNz85800Jzk1357HTDY156 Page URL
  3. http://brinwgo.com/track/c28631ohupL18375452tdNz85800Jzk1357HTDY156 HTTP 302
    https://questeron.com/?a=3533&oc=11289&c=32972&m=3&s1=15&s2=156-28631&s3=18375452-85800-1357 HTTP 302
    https://sastoby.com/?a=3533&oc=11289&c=32972&m=3&s1=15&s2=156-28631&s3=18375452-85800-1357&ckmguid=450e9d9a-1db1-4f0e-b1a9-8d464cd05eca HTTP 302
    https://tracking.trkkadsm.com/aff_c?offer_id=110&aff_id=1010&aff_sub=3533&aff_sub2=220378932 HTTP 302
    https://campaign.golead.de/derm,bestshopping,voucher,com_112.html?idPartner=43&idCampaignAd=0&subId=1010-3533&subIdentifier=1029e2fd68ce52037a37cc2cf4c22b&aps=___ HTTP 302
    https://derm.bestshopping-voucher.com/campaign_409.html?coyoteAffiliTokenId=38572320&aps=___& Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

23 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
redi.html
storage.googleapis.com/12545454q54sdqds/sejdsdskdj/sdfnksdnfksdfnkqsjdf/oirjfeoirfjoisfdjsiodfjlsdf/ 		372 B
955 B 		Document
General
Check archive.org
Download Go to
Full URL
https://storage.googleapis.com/12545454q54sdqds/sejdsdskdj/sdfnksdnfksdfnkqsjdf/oirjfeoirfjoisfdjsiodfjlsdf/redi.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

x-guploader-uploadid
ADPycds_NSHxlEkPodvF2oY8dL0OV1D7y143jZMuq8KxEDw7N4nurXEgJkpwasHMnfXyESd4ulBCcBvUitbm6GIUBsRmnHjPZA
expires
Thu, 04 Nov 2021 22:04:55 GMT
date
Thu, 04 Nov 2021 21:04:55 GMT
last-modified
Mon, 20 Sep 2021 15:03:22 GMT
etag
"665dab346fbced4ffb2376ba453b199c"
x-goog-generation
1632150202346566
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
372
content-type
text/html
x-goog-hash
crc32c=49ibLQ== md5=Zl2rNG+87U/7I3a6RTsZnA==
x-goog-storage-class
NEARLINE
accept-ranges
bytes
content-length
372
server
UploadServer
age
2569
cache-control
public, max-age=3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
c28631ohupL18375452tdNz85800Jzk1357HTDY156
brinwgo.com/rd/ 		235 B
352 B 		Document
General
Check archive.org
Download Go to
Full URL
http://brinwgo.com/rd/c28631ohupL18375452tdNz85800Jzk1357HTDY156
Requested by
Host: storage.googleapis.com
URL: https://storage.googleapis.com/12545454q54sdqds/sejdsdskdj/sdfnksdnfksdfnkqsjdf/oirjfeoirfjoisfdjsiodfjlsdf/redi.html
Protocol
HTTP/1.1
Server
159.253.45.53 , Turkey, ASN51559 (NETINTERNET Netinternet Bilisim Teknolojileri AS, TR),
Reverse DNS
brinwgo.com
Software
/
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Content-Type
text/html; charset=utf-8
Date
Thu, 04 Nov 2021 21:47:44 GMT
Content-Length
235
Primary Request campaign_409.html
derm.bestshopping-voucher.com/
Redirect Chain
  • http://brinwgo.com/track/c28631ohupL18375452tdNz85800Jzk1357HTDY156
  • https://questeron.com/?a=3533&oc=11289&c=32972&m=3&s1=15&s2=156-28631&s3=18375452-85800-1357
  • https://sastoby.com/?a=3533&oc=11289&c=32972&m=3&s1=15&s2=156-28631&s3=18375452-85800-1357&ckmguid=450e9d9a-1db1-4f0e-b1a9-8d464cd05eca
  • https://tracking.trkkadsm.com/aff_c?offer_id=110&aff_id=1010&aff_sub=3533&aff_sub2=220378932
  • https://campaign.golead.de/derm,bestshopping,voucher,com_112.html?idPartner=43&idCampaignAd=0&subId=1010-3533&subIdentifier=1029e2fd68ce52037a37cc2cf4c22b&aps=___
  • https://derm.bestshopping-voucher.com/campaign_409.html?coyoteAffiliTokenId=38572320&aps=___&
79 KB
23 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://derm.bestshopping-voucher.com/campaign_409.html?coyoteAffiliTokenId=38572320&aps=___&
Requested by
Host: brinwgo.com
URL: http://brinwgo.com/rd/c28631ohupL18375452tdNz85800Jzk1357HTDY156
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
168.119.31.202 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
s1.golead.de
Software
Apache/2.4.41 (Ubuntu) /
Resource Hash
26f0472209928aa0464456be7c3d3a37463d8d921df1d7ce600755dfa4f45983

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
http://brinwgo.com/rd/c28631ohupL18375452tdNz85800Jzk1357HTDY156

Response headers

Date
Thu, 04 Nov 2021 21:47:45 GMT
Server
Apache/2.4.41 (Ubuntu)
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
22580
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8

Redirect headers

Date
Thu, 04 Nov 2021 21:47:45 GMT
Server
Apache/2.4.41 (Ubuntu)
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
Location
https://derm.bestshopping-voucher.com/campaign_409.html?coyoteAffiliTokenId=38572320&aps=___&
Content-Length
2
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/ 		118 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
Requested by
Host: derm.bestshopping-voucher.com
URL: https://derm.bestshopping-voucher.com/campaign_409.html?coyoteAffiliTokenId=38572320&aps=___&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://derm.bestshopping-voucher.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Thu, 04 Nov 2021 21:47:45 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
632, 617, 617, 617
age
6753075
cdn-cachedat
2021-06-08 21:21:23
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:03:59 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
1b5bc4b6cfb38ae4760033b230decc40
cf-ray
6a910ae87ad23750-MXP
cdn-requestcountrycode
EG
cdn-status
200
cdn-requestpullsuccess
True
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.12.4/ 		95 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
Requested by
Host: derm.bestshopping-voucher.com
URL: https://derm.bestshopping-voucher.com/campaign_409.html?coyoteAffiliTokenId=38572320&aps=___&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://derm.bestshopping-voucher.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Tue, 02 Nov 2021 20:16:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
178292
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
33951
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="hosted-libraries-pushers"
expires
Wed, 02 Nov 2022 20:16:13 GMT
jquery.cookie.min.js
cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.0/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.0/jquery.cookie.min.js
Requested by
Host: derm.bestshopping-voucher.com
URL: https://derm.bestshopping-voucher.com/campaign_409.html?coyoteAffiliTokenId=38572320&aps=___&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a63ad5db399cbf133df4954868d069a0438e0f43082a25b09bd884deb1fe77c3
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://derm.bestshopping-voucher.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Thu, 04 Nov 2021 21:47:45 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
665608
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
579
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:11:45 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ec1-4f3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qu3CiJ5G7XbYQVR1KWYIWFEb4YpZxOhbgMOw7QTGg0pQHiZik8MZ%2BV0e7Dk35GhT3nWt6nRoIx84QER0hlCM%2FKSU1oSpdhT7vHjMi1j81GNWweZMGd6vI5TiBQbcgTahAAoazPKHQDY%2F2gSPF5HrxdYD"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6a910ae84e3e0ebb-FRA
expires
Tue, 25 Oct 2022 21:47:45 GMT
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/ 		36 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js
Requested by
Host: derm.bestshopping-voucher.com
URL: https://derm.bestshopping-voucher.com/campaign_409.html?coyoteAffiliTokenId=38572320&aps=___&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://derm.bestshopping-voucher.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Thu, 04 Nov 2021 21:47:45 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
752, 617, 617, 617, 617, 617, 617, 617, 617, 617
age
6747245
cdn-cachedat
2021-08-02 15:29:35
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:00 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
a809d8824c97646676d59c5f9e3e6bf6
cf-ray
6a910ae87ad43750-MXP
cdn-requestcountrycode
EG
cdn-status
200
cdn-requestpullsuccess
True
font-awesome.min.css
stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/ 		30 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Requested by
Host: derm.bestshopping-voucher.com
URL: https://derm.bestshopping-voucher.com/campaign_409.html?coyoteAffiliTokenId=38572320&aps=___&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://derm.bestshopping-voucher.com/
Origin
https://derm.bestshopping-voucher.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Thu, 04 Nov 2021 21:47:45 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
723, 617, 617
age
16902935
cdn-cachedat
2021-04-23 08:25:31
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:55 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
223975070d20385764b50f62a6dcdeed
cf-ray
6a910ae84b2e1f3d-FRA
cdn-requestcountrycode
DE
cdn-requestpullsuccess
True
css
fonts.googleapis.com/ 		393 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Patua+One&display=swap
Requested by
Host: derm.bestshopping-voucher.com
URL: https://derm.bestshopping-voucher.com/campaign_409.html?coyoteAffiliTokenId=38572320&aps=___&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
aa6e190e557a624bd9edf759d197f0638bb7cd852ac5716ddeb3d4e9260e73e9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://derm.bestshopping-voucher.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 04 Nov 2021 21:46:20 GMT
server
ESF
date
Thu, 04 Nov 2021 21:47:45 GMT
x-frame-options
SAMEORIGIN
report-to
{"group":"AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"}]}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only
same-origin; report-to="AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"
expires
Thu, 04 Nov 2021 21:47:45 GMT
css
fonts.googleapis.com/ 		10 KB
820 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:100,300,400,500,700
Requested by
Host: derm.bestshopping-voucher.com
URL: https://derm.bestshopping-voucher.com/campaign_409.html?coyoteAffiliTokenId=38572320&aps=___&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
815846e7cca442002a71db30ad90bf436632f8d5f646ab5fd116b7cedfbddc2d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://derm.bestshopping-voucher.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 04 Nov 2021 21:47:45 GMT
server
ESF
date
Thu, 04 Nov 2021 21:47:45 GMT
x-frame-options
SAMEORIGIN
report-to
{"group":"AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"}]}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only
same-origin; report-to="AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"
expires
Thu, 04 Nov 2021 21:47:45 GMT
7b09c35fb3.js
kit.fontawesome.com/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://kit.fontawesome.com/7b09c35fb3.js
Requested by
Host: derm.bestshopping-voucher.com
URL: https://derm.bestshopping-voucher.com/campaign_409.html?coyoteAffiliTokenId=38572320&aps=___&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
69cbcc484eac686e19b3224662be885609edfea8c70fa8c1cd2f31381b96f729
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload

Request headers

Referer
https://derm.bestshopping-voucher.com/
Origin
https://derm.bestshopping-voucher.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Thu, 04 Nov 2021 21:47:45 GMT
content-encoding
gzip
cf-cache-status
MISS
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
origin, accept-encoding, access-control-request-headers, access-control-request-method
access-control-allow-methods
GET, OPTIONS
content-type
text/javascript
access-control-allow-origin
*
access-control-max-age
3000
cache-control
max-age=60, public, must-revalidate
strict-transport-security
max-age=31536000; preload
cf-ray
6a910ae88bd70f7e-MXP
access-control-allow-headers
accept, accept-langauge, content-language, content-type, fa-kit-token
x-request-id
FrR2JOJAPwF2M6oXq4Li
css
fonts.googleapis.com/ 		8 KB
842 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:400,400i,700,700i
Requested by
Host: derm.bestshopping-voucher.com
URL: https://derm.bestshopping-voucher.com/campaign_409.html?coyoteAffiliTokenId=38572320&aps=___&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
d9d622b86d8469f47f57cc198a2a6e6b8a60196f9ad80fdece59a8a9b7e5d963
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://derm.bestshopping-voucher.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 04 Nov 2021 21:08:00 GMT
server
ESF
date
Thu, 04 Nov 2021 21:47:45 GMT
x-frame-options
SAMEORIGIN
report-to
{"group":"AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"}]}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only
same-origin; report-to="AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"
expires
Thu, 04 Nov 2021 21:47:45 GMT
css2
fonts.googleapis.com/ 		3 KB
710 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Open+Sans:wght@700&display=swap
Requested by
Host: derm.bestshopping-voucher.com
URL: https://derm.bestshopping-voucher.com/campaign_409.html?coyoteAffiliTokenId=38572320&aps=___&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
11e54c820599ba4e09c6e7ecc8e8dcafa634bc55e0cb530622e9d835ffadc680
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://derm.bestshopping-voucher.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 04 Nov 2021 20:38:32 GMT
server
ESF
date
Thu, 04 Nov 2021 21:47:45 GMT
x-frame-options
SAMEORIGIN
report-to
{"group":"AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"}]}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only
same-origin; report-to="AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"
expires
Thu, 04 Nov 2021 21:47:45 GMT
OneSignalSDK.js
cdn.onesignal.com/sdks/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.onesignal.com/sdks/OneSignalSDK.js
Requested by
Host: derm.bestshopping-voucher.com
URL: https://derm.bestshopping-voucher.com/campaign_409.html?coyoteAffiliTokenId=38572320&aps=___&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:e234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa081436fdbf78060847f4dbd6cc95f88a435c2f995e03aedf16cae94bb48762

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://derm.bestshopping-voucher.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Thu, 04 Nov 2021 21:47:45 GMT
content-encoding
br
cf-cache-status
HIT
server
cloudflare
age
735
etag
W/"d24a6d0ec1286eeadae131b33275a983"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=259200
cf-ray
6a910ae89d4f3756-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires
Sun, 07 Nov 2021 21:47:45 GMT
auto-push.min.js
api.ydgdghehe.com/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.ydgdghehe.com/auto-push.min.js
Requested by
Host: derm.bestshopping-voucher.com
URL: https://derm.bestshopping-voucher.com/campaign_409.html?coyoteAffiliTokenId=38572320&aps=___&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:b4eb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
032814cf4be1a49b079a1c3c0aceda71a8aecb63c4a4a65d01e0a632b4b2a476

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://derm.bestshopping-voucher.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Thu, 04 Nov 2021 21:47:45 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3094
x-powered-by
ASP.NET
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 31 Mar 2021 05:17:11 GMT
server
cloudflare
etag
W/"8065551aed25d71:0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8BHk7%2Fe%2BwrRPoYn6Fan38fYSWbonKyuCwnVuAaFSQsqoeaZYPfInIl1u6bLiZRsRuwYxZr132ru6LrcuOPdCqzFV%2BFpGLHOkkaIdwLfqVpw5LrpmFyCbUirdfWgSOQTlQdpukIkRwgiXIxvVxMseyg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
6a910ae869041f11-FRA
header,rossmann,gutschein.jpg
derm.bestshopping-voucher.com/media/adresseManager/microSiteImg/409/ 		236 KB
236 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://derm.bestshopping-voucher.com/media/adresseManager/microSiteImg/409/header,rossmann,gutschein.jpg
Requested by
Host: derm.bestshopping-voucher.com
URL: https://derm.bestshopping-voucher.com/campaign_409.html?coyoteAffiliTokenId=38572320&aps=___&
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
168.119.31.202 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
s1.golead.de
Software
Apache/2.4.41 (Ubuntu) /
Resource Hash
23fb60c97b873abc82f871ef03ccf18b7af02b9ea3bd9c5ef2d621b25958ea4e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://derm.bestshopping-voucher.com/campaign_409.html?coyoteAffiliTokenId=38572320&aps=___&
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Thu, 04 Nov 2021 21:47:45 GMT
Last-Modified
Wed, 10 Feb 2021 08:47:14 GMT
Server
Apache/2.4.41 (Ubuntu)
ETag
"3b05e-5baf7731a8e85"
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
241758
free.min.css
ka-f.fontawesome.com/releases/v5.15.4/css/ 		59 KB
13 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=7b09c35fb3
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/7b09c35fb3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:5183 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fc5128dfdcdfa0c3a9967a6d2f19399d7bf1aaae6ad7571b96b03915a1f30dda

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://derm.bestshopping-voucher.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Thu, 04 Nov 2021 21:47:45 GMT
via
1.1 e86025dac63232624d2273c5fd256ce4.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1487445
x-cache
Hit from cloudfront
access-control-allow-methods
GET
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 04 Aug 2021 18:53:09 GMT
server
cloudflare
etag
W/"a12ec7ebe75a4d59a5dd6b79e2ba2e16"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BZFkkHEs%2FO3MPkoTCr2zASXl7Ba6QSCE4pUHSfkDMjU2DOjE%2Bt7rXm8hhrf9gdVgeDwTKbvvIZ82RGmQYIQlxZfBbh4y2hZw2E3fcNTnPj9Dtrn%2FjWwPI9WmLnLZ8DwRWxfh22QxxlgH6Tz%2FAwLI%2B%2F60BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31556926
x-amz-cf-pop
FRA2-C1
cf-ray
6a910ae93c644315-FRA
access-control-allow-headers
fa-kit-token
x-amz-cf-id
vprzeV4m9uopYFRHokxqYvrsgX524sTFquAUzLXSeyVilitSxNRm_A==
free-v4-shims.min.css
ka-f.fontawesome.com/releases/v5.15.4/css/ 		26 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=7b09c35fb3
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/7b09c35fb3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:5183 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6dea47458a4cd7cd7312cc780a53c62e0c8b3ccc8d0b13c1ac0ea6e3dfcecea8

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://derm.bestshopping-voucher.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Thu, 04 Nov 2021 21:47:45 GMT
via
1.1 c7f7b4cf7fd5efe64bac95586db3f62b.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1487605
x-cache
Hit from cloudfront
access-control-allow-methods
GET
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 04 Aug 2021 18:53:09 GMT
server
cloudflare
etag
W/"76f34b71fc9fb641507ff6a822cc07f5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pi41uIupVHwgrY5JQPiTk4ytwSeAGPnRAK6xHrbqM0av7dklyAmNlvEGRk84b5dF4GAaWuuz3kefruE9QwmGmeqz09xjexEv%2BMZnKgyXDbJh6pnWeRqL%2BrAkSlNeqx0Cle9bp0wmLoiQvE%2BpyELZae%2BzjA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31556926
x-amz-cf-pop
FRA2-C1
cf-ray
6a910ae93c674315-FRA
access-control-allow-headers
fa-kit-token
x-amz-cf-id
gYKbE87AU5T9IMGnMWU_JZSRn365pSF5OaCId0MlZrCZOm76tISUvw==
free-v4-font-face.min.css
ka-f.fontawesome.com/releases/v5.15.4/css/ 		3 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-font-face.min.css?token=7b09c35fb3
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/7b09c35fb3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:5183 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7f8b63bff49fba3c5bae30f4eb39f2fd6d088fbe9d7292bdf37b0ef4a1ec68d6

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://derm.bestshopping-voucher.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Thu, 04 Nov 2021 21:47:45 GMT
via
1.1 0f538ee832e1105649039b38ce89e883.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1487605
x-cache
Hit from cloudfront
access-control-allow-methods
GET
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 04 Aug 2021 18:53:09 GMT
server
cloudflare
etag
W/"f2e0b2680d9b0bcb6e0039c4424e5a59"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5Jr%2B0mGyh5PlftDsjnZBFSU9AAzL%2Bd8C%2BTRbZ%2B34%2BhEh4RpObnXH8dVmKqGdt1vaC9HHnh3tKXIYf3EhFG%2B51c2uxeC2P6rm9PRMqTmn%2FpcZ%2B3BCr%2FppQthZ5QzTJ7SL0QcjBptwvO%2FZg0vd8a7E7hr23A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31556926
x-amz-cf-pop
FRA2-C1
cf-ray
6a910ae93c664315-FRA
access-control-allow-headers
fa-kit-token
x-amz-cf-id
o-0Utw1uUWr0S0E4A1EmlJU3S-P-qIpxJLQXbHHyJYK89lEsmwXBuQ==
OneSignalPageSDKES6.js
cdn.onesignal.com/sdks/ 		284 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151509
Requested by
Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:e234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a0be76c911338a04a147d23494fe0bba1e96cb78a4c6efce737b072466c8a346

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://derm.bestshopping-voucher.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Thu, 04 Nov 2021 21:47:45 GMT
content-encoding
br
cf-cache-status
HIT
server
cloudflare
age
687
etag
W/"f5b476c39d3850a1e9c745df927a7adc"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=259200
cf-ray
6a910ae92eab3756-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires
Sun, 07 Nov 2021 21:47:45 GMT
76dba26f-1495-41f6-997f-3a603d8a3be4
api.ydgdghehe.com/rest/v1/p-apps/get-id/ 		130 B
768 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.ydgdghehe.com/rest/v1/p-apps/get-id/76dba26f-1495-41f6-997f-3a603d8a3be4?url=https://derm.bestshopping-voucher.com
Requested by
Host: api.ydgdghehe.com
URL: https://api.ydgdghehe.com/auto-push.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:b4eb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
512b7535d55480eb4fae06e2b1d687b8164fdd65ef3c1a27573b7558e08cc5d5

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://derm.bestshopping-voucher.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Thu, 04 Nov 2021 21:47:45 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
pragma
no-cache
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QBy2BGdx4EWZhR%2BXzMk1NnFYEGbAJmZlRyfdSvhd5VhtZ6DXG6IEGsYCz8Cl1CFbzaUtscQGqefdV5p7CT7602ukvuHr%2BIFBbJ%2FvGPFZMDALYGT4ev5wPaYA8vdyqUWYj067cuAJFnGXQs49WiIjwA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
cache-control
no-cache
cf-ray
6a910ae92b014ab5-FRA
expires
-1
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v27/ 		44 KB
44 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v27/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:100,300,400,500,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://derm.bestshopping-voucher.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Thu, 04 Nov 2021 16:21:35 GMT
x-content-type-options
nosniff
age
19570
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
44656
x-xss-protection
0
last-modified
Thu, 28 Oct 2021 00:30:43 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Fri, 04 Nov 2022 16:21:35 GMT
web
onesignal.com/api/v1/sync/381f5b6d-0b59-4903-a72d-0d36f1e2de18/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://onesignal.com/api/v1/sync/381f5b6d-0b59-4903-a72d-0d36f1e2de18/web?callback=__jp0
Requested by
Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151509
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:e234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7c9967c0e58dcb329cd4df6b7589d1681ac12fecc2c61cffd94d195b76111e19
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://derm.bestshopping-voucher.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Thu, 04 Nov 2021 21:47:45 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
status
200 OK
x-envoy-upstream-service-time
37
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
954b51ba-899d-42ed-83aa-1897faa0f6de
x-runtime
0.035337
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"7c9967c0e58dcb329cd4df6b7589d168"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=3600
cf-ray
6a910ae9c82b3756-MXP
access-control-allow-headers
SDK-Version
expires
Thu, 04 Nov 2021 22:47:45 GMT

Verdicts & Comments Add Verdict or Comment

23 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler function| $ function| jQuery object| jQuery112400028990174750354036 object| FontAwesomeKitConfig number| timeoutHandle function| countdown function| setCookie function| getCookie function| OneSignal object| _at function| InitializePush function| myDomain function| getLocation function| CheckImageAndReplace function| httpGetAsync function| getUrlVars function| getUrlParam number| __oneSignalSdkLoadCount function| __jp0

10 Cookies

Domain/Path Name / Value
.sastoby.com/ Name: som
Value: pvBLLWHscARJ3ouCgjx9IkcDlgLJVHE+DzGzPDM7OepykdPymq9sKA==
.sastoby.com/ Name: tfl
Value: 3NeCMN0AZDShd9tmO5TJIkcDlgLJVHE+DzGzPDM7OepykdPymq9sKA==
.sastoby.com/ Name: c11263
Value: pvBLLWHscAT2LcBjAAiAPaselbACzoygXPTLbefsbcrQt9aXeTN9RQ==
tracking.trkkadsm.com/ Name: enc_aff_session_110
Value: ENC03245090cf17f81dfe1c4f4c3ffb83019d50f0f5b674723adea6409ff27710cd454404c9c86c8757c36a5243b3178b0eaa6c5c9153bffc4d63854190fa5237e955d175fcf9c86b21fc9d772afff59d975cd5cf6e2dad5c27862813aaa636c89aecc12e9569aa281c87c002dbb9bd71b460243dda76267cecd4c8a32dd9abc52f71b5d9e4863ee64042bcfda35535046808f34bb1402fdd51ca0cb08d2a17c76e2314e6aee5
tracking.trkkadsm.com/ Name: ho_mob
Value: eyJtb2JpbGVfZGV2aWNlX29zIjoiRGVza3RvcCIsIm1vYmlsZV9vc192ZXJzaW9uIjoiMCIsIm1vYmlsZV9kZXZpY2VfbW9kZWwiOiJDaHJvbWUiLCJtb2JpbGVfZGV2aWNlX2JyYW5kIjoiR29vZ2xlIiwibW9iaWxlX2Jyb3dzZXIiOiJDaHJvbWUgRGVza3RvcCIsIm1vYmlsZV9icm93c2VyX3ZlcnNpb24iOiI5NS4wIiwibW9iaWxlX2NhcnJpZXIiOiI/IiwidXNlcl9hZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyBYNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIExpa2UgR2Vja28pIENocm9tZS85NS4wLjQ2MzguNTQgU2FmYXJpLzUzNy4zNiIsImFjY2VwdF9sYW5ndWFnZSI6ImRlLURFLGRlO3E9MC45IiwiY29ubmVjdGlvbl9zcGVlZCI6ImJyb2FkYmFuZCJ9
campaign.golead.de/ Name: PHPSESSID
Value: tmeilsdimfr77596uqu4g57utr
.golead.de/ Name: coyoteTrackingCookie_112
Value: 38572320
.golead.de/ Name: coyoteSimpleTrackingCookie
Value: 38572320
derm.bestshopping-voucher.com/ Name: PHPSESSID
Value: 0i6ane8lgeu51vrp4ak1jn7b64
derm.bestshopping-voucher.com/ Name: coyoteAffiliTokenId409
Value: 38572320

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
api.ydgdghehe.com
brinwgo.com
campaign.golead.de
cdn.onesignal.com
cdnjs.cloudflare.com
derm.bestshopping-voucher.com
fonts.googleapis.com
fonts.gstatic.com
ka-f.fontawesome.com
kit.fontawesome.com
maxcdn.bootstrapcdn.com
onesignal.com
questeron.com
sastoby.com
stackpath.bootstrapcdn.com
storage.googleapis.com
tracking.trkkadsm.com
159.253.45.53
168.119.31.202
2606:4700:3030::6815:5183
2606:4700:3036::ac43:b4eb
2606:4700::6810:125e
2606:4700::6812:1734
2606:4700::6812:acf
2606:4700::6812:bcf
2606:4700::6812:e234
2a00:1450:4001:809::2003
2a00:1450:4001:80f::2010
2a00:1450:4001:812::200a
2a00:1450:4001:830::200a
34.91.99.156
99.80.191.246
032814cf4be1a49b079a1c3c0aceda71a8aecb63c4a4a65d01e0a632b4b2a476
11e54c820599ba4e09c6e7ecc8e8dcafa634bc55e0cb530622e9d835ffadc680
23fb60c97b873abc82f871ef03ccf18b7af02b9ea3bd9c5ef2d621b25958ea4e
26f0472209928aa0464456be7c3d3a37463d8d921df1d7ce600755dfa4f45983
512b7535d55480eb4fae06e2b1d687b8164fdd65ef3c1a27573b7558e08cc5d5
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
69cbcc484eac686e19b3224662be885609edfea8c70fa8c1cd2f31381b96f729
6dea47458a4cd7cd7312cc780a53c62e0c8b3ccc8d0b13c1ac0ea6e3dfcecea8
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7c9967c0e58dcb329cd4df6b7589d1681ac12fecc2c61cffd94d195b76111e19
7f8b63bff49fba3c5bae30f4eb39f2fd6d088fbe9d7292bdf37b0ef4a1ec68d6
815846e7cca442002a71db30ad90bf436632f8d5f646ab5fd116b7cedfbddc2d
88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96
a0be76c911338a04a147d23494fe0bba1e96cb78a4c6efce737b072466c8a346
a63ad5db399cbf133df4954868d069a0438e0f43082a25b09bd884deb1fe77c3
aa081436fdbf78060847f4dbd6cc95f88a435c2f995e03aedf16cae94bb48762
aa6e190e557a624bd9edf759d197f0638bb7cd852ac5716ddeb3d4e9260e73e9
d9d622b86d8469f47f57cc198a2a6e6b8a60196f9ad80fdece59a8a9b7e5d963
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c
fc5128dfdcdfa0c3a9967a6d2f19399d7bf1aaae6ad7571b96b03915a1f30dda