urlscan.io logo urlscan.io
SecurityTrails logo

belohnungclub.com Open in urlscan Pro
91.224.58.42  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://dalton.org.ductapefx.com/636/9-20-2020/FZf8pUZ43A1T9mQN8KRDxDHB6j53SZX1ZTnrJzUL5Fsv4czup3rb/in
Effective URL: https://belohnungclub.com/de/2/mmarkt25.html?TTT=y7q%2fGKhe%2bti6vidJjnx9%2bQrI3q0%2f6DBRvQJDRoz7h5U%3d-iKdTxJWKz6o%3d&s1=...
Submission: On September 21 via api from BE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 5 countries across 8 domains to perform 18 HTTP transactions. The main IP is 91.224.58.42, located in Czech Republic and belongs to GRANSY Gransy s.r.o. http://gransy.com, CZ. The main domain is belohnungclub.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on September 6th 2020. Valid for: 3 months.
This is the only time belohnungclub.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 85.202.203.64 58057 (SECUREBIT...)
4 104.227.171.150 55286 (SERVER-MANIA)
2 2a00:1450:400... 15169 (GOOGLE)
2 2606:4700:303... 13335 (CLOUDFLAR...)
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 2 185.183.90.234 206943 (EANCENTER)
8 91.224.58.42 60592 (GRANSY Gr...)
1 2001:4de0:ac1... 20446 (HIGHWINDS3)
18 7
1    85.202.203.64 (Rwanda)

ASN58057 (SECUREBIT Securebit Autonomous System, CH)
dalton.org.ductapefx.com
4    104.227.171.150 (Cleveland, United States)

ASN55286 (SERVER-MANIA, CA)
greatpromobase.com
2    2a00:1450:4001:809::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    2606:4700:3033::6812:2f84 (United States)

ASN13335 (CLOUDFLARENET, US)
offer-notavailable.com
1    2606:4700:3032::681b:905f (United States)

ASN13335 (CLOUDFLARENET, US)
rapid-cdn.com
2    185.183.90.234 (Germany)

ASN206943 (EANCENTER, DE)
go.feturnst.com
8    91.224.58.42 (Czech Republic)

ASN60592 (GRANSY Gransy s.r.o. http://gransy.com, CZ)
belohnungclub.com
1    2001:4de0:ac19::1:b:2a (Netherlands)

ASN20446 (HIGHWINDS3, US)
maxcdn.bootstrapcdn.com
Domain Requested by
8 belohnungclub.com go.feturnst.com
belohnungclub.com
4 greatpromobase.com greatpromobase.com
2 go.feturnst.com 1 redirects offer-notavailable.com
2 offer-notavailable.com greatpromobase.com
offer-notavailable.com
2 www.googletagmanager.com greatpromobase.com
1 maxcdn.bootstrapcdn.com belohnungclub.com
1 rapid-cdn.com 1 redirects
1 dalton.org.ductapefx.com 1 redirects
18 8

This site contains links to these domains. Also see Links.

Domain
c.ratrck.com
Subject Issuer Validity Valid
*.google-analytics.com
GTS CA 1O1		 2020-08-26 -
2020-11-18		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2020-07-16 -
2021-07-16		 a year crt.sh
belohnungclub.com
Let's Encrypt Authority X3		 2020-09-06 -
2020-12-05		 3 months crt.sh
*.bootstrapcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2019-09-14 -
2020-10-13		 a year crt.sh

This page contains 1 frames:

Primary Page: https://belohnungclub.com/de/2/mmarkt25.html?TTT=y7q%2fGKhe%2bti6vidJjnx9%2bQrI3q0%2f6DBRvQJDRoz7h5U%3d-iKdTxJWKz6o%3d&s1=ts464-internationalemail-general&s3=1600679084.36-109977769-48875
Frame ID: 549F4DFF9D7D8BDA10641CB5A55235DD
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://dalton.org.ductapefx.com/636/9-20-2020/FZf8pUZ43A1T9mQN8KRDxDHB6j53SZX1ZTnrJzUL5Fsv4czup3rb/in HTTP 302
    http://greatpromobase.com/a48f3ce6cc38f9efdca88f1232d85f6f4/?sid1=&sid2=&sid3=&sid4= Page URL
  2. http://greatpromobase.com/a48f3ce6cc38f9efdca88f1232d85f6f4/?newcid=4740&sid1=&sid2=&sid3=&sid4=&dev_c... Page URL
  3. https://offer-notavailable.com/bettercontent/?utm_source=202474&utm_medium= Page URL
  4. http://rapid-cdn.com/?flux_fts=ioxtixzzcotllizozxeiclzclcqzllcaqxxzi74b5b&pubid=202474&vert=&cid= HTTP 307
    http://go.feturnst.com/ts464-internationalemail-general?flux_txid=475075720557923304&flux_hid=10367... Page URL
  5. http://go.feturnst.com/match-1686/48875/109977769/1600679084/mf_672b3a90-5d05-4156-aa99-45740a3c710... HTTP 302
    https://belohnungclub.com/de/2/mmarkt25.html?TTT=y7q%2fGKhe%2bti6vidJjnx9%2bQrI3q0%2f6DBRvQJDRoz7h5U%3... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

18
Requests

72 %
HTTPS

50 %
IPv6

8
Domains

8
Subdomains

7
IPs

5
Countries

402 kB
Transfer

532 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://dalton.org.ductapefx.com/636/9-20-2020/FZf8pUZ43A1T9mQN8KRDxDHB6j53SZX1ZTnrJzUL5Fsv4czup3rb/in HTTP 302
    http://greatpromobase.com/a48f3ce6cc38f9efdca88f1232d85f6f4/?sid1=&sid2=&sid3=&sid4= Page URL
  2. http://greatpromobase.com/a48f3ce6cc38f9efdca88f1232d85f6f4/?newcid=4740&sid1=&sid2=&sid3=&sid4=&dev_click= Page URL
  3. https://offer-notavailable.com/bettercontent/?utm_source=202474&utm_medium= Page URL
  4. http://rapid-cdn.com/?flux_fts=ioxtixzzcotllizozxeiclzclcqzllcaqxxzi74b5b&pubid=202474&vert=&cid= HTTP 307
    http://go.feturnst.com/ts464-internationalemail-general?flux_txid=475075720557923304&flux_hid=1036748921222341665 Page URL
  5. http://go.feturnst.com/match-1686/48875/109977769/1600679084/mf_672b3a90-5d05-4156-aa99-45740a3c710d/dHM0NjQtaW50ZXJuYXRpb25hbGVtYWlsLWdlbmVyYWw=/?flux_txid=475075720557923304&flux_hid=1036748921222341665 HTTP 302
    https://belohnungclub.com/de/2/mmarkt25.html?TTT=y7q%2fGKhe%2bti6vidJjnx9%2bQrI3q0%2f6DBRvQJDRoz7h5U%3d-iKdTxJWKz6o%3d&s1=ts464-internationalemail-general&s3=1600679084.36-109977769-48875 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://dalton.org.ductapefx.com/636/9-20-2020/FZf8pUZ43A1T9mQN8KRDxDHB6j53SZX1ZTnrJzUL5Fsv4czup3rb/in HTTP 302
  • http://greatpromobase.com/a48f3ce6cc38f9efdca88f1232d85f6f4/?sid1=&sid2=&sid3=&sid4=
Request Chain 8
  • http://rapid-cdn.com/?flux_fts=ioxtixzzcotllizozxeiclzclcqzllcaqxxzi74b5b&pubid=202474&vert=&cid= HTTP 307
  • http://go.feturnst.com/ts464-internationalemail-general?flux_txid=475075720557923304&flux_hid=1036748921222341665

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
greatpromobase.com/a48f3ce6cc38f9efdca88f1232d85f6f4/
Redirect Chain
  • http://dalton.org.ductapefx.com/636/9-20-2020/FZf8pUZ43A1T9mQN8KRDxDHB6j53SZX1ZTnrJzUL5Fsv4czup3rb/in
  • http://greatpromobase.com/a48f3ce6cc38f9efdca88f1232d85f6f4/?sid1=&sid2=&sid3=&sid4=
5 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://greatpromobase.com/a48f3ce6cc38f9efdca88f1232d85f6f4/?sid1=&sid2=&sid3=&sid4=
Protocol
HTTP/1.1
Server
104.227.171.150 Cleveland, United States, ASN55286 (SERVER-MANIA, CA),
Reverse DNS
Software
nginx /
Resource Hash
5e7e5690c35dfd99def1ad64e5cbf33439b29ff1aeb6b0a1d06c1f2b8ae7bd0a

Request headers

Host
greatpromobase.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server
nginx
Date
Mon, 21 Sep 2020 09:15:09 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive

Redirect headers

Date
Mon, 21 Sep 2020 09:04:39 GMT
Server
Apache/2.4.6 (CentOS) PHP/7.1.33
X-Powered-By
PHP/7.1.33
Location
http://greatpromobase.com/a48f3ce6cc38f9efdca88f1232d85f6f4/?sid1=&sid2=&sid3=&sid4=
Content-Length
0
Connection
close
Content-Type
text/html; charset=UTF-8
gtm.js
www.googletagmanager.com/ 		63 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-NXNQ2LW
Requested by
Host: greatpromobase.com
URL: http://greatpromobase.com/a48f3ce6cc38f9efdca88f1232d85f6f4/?sid1=&sid2=&sid3=&sid4=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
87943928053e9250afc50a880aafae528e958c57b6ba0dbe57a085dd5c2a56a9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
http://greatpromobase.com/a48f3ce6cc38f9efdca88f1232d85f6f4/?sid1=&sid2=&sid3=&sid4=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 21 Sep 2020 09:04:39 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
status
200
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
25535
x-xss-protection
0
expires
Mon, 21 Sep 2020 09:04:39 GMT
index.php
greatpromobase.com/ 		231 B
405 B 		XHR
General
Check archive.org
Download Go to
Full URL
http://greatpromobase.com/index.php
Requested by
Host: greatpromobase.com
URL: http://greatpromobase.com/a48f3ce6cc38f9efdca88f1232d85f6f4/?sid1=&sid2=&sid3=&sid4=
Protocol
HTTP/1.1
Server
104.227.171.150 Cleveland, United States, ASN55286 (SERVER-MANIA, CA),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Referer
http://greatpromobase.com/a48f3ce6cc38f9efdca88f1232d85f6f4/?sid1=&sid2=&sid3=&sid4=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

Date
Mon, 21 Sep 2020 09:15:10 GMT
Server
nginx
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
/
greatpromobase.com/a48f3ce6cc38f9efdca88f1232d85f6f4/ 		5 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://greatpromobase.com/a48f3ce6cc38f9efdca88f1232d85f6f4/?newcid=4740&sid1=&sid2=&sid3=&sid4=&dev_click=
Requested by
Host: greatpromobase.com
URL: http://greatpromobase.com/a48f3ce6cc38f9efdca88f1232d85f6f4/?sid1=&sid2=&sid3=&sid4=
Protocol
HTTP/1.1
Server
104.227.171.150 Cleveland, United States, ASN55286 (SERVER-MANIA, CA),
Reverse DNS
Software
nginx /
Resource Hash
3587323b062a7d0f266e7cb4948a20dc802536c161f941181b5d602db25e5424

Request headers

Host
greatpromobase.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://greatpromobase.com/a48f3ce6cc38f9efdca88f1232d85f6f4/?sid1=&sid2=&sid3=&sid4=
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Cookie
clkcheck25588=7584f262b9cbabcd0bb2d87983e7b6ab_202474
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
http://greatpromobase.com/a48f3ce6cc38f9efdca88f1232d85f6f4/?sid1=&sid2=&sid3=&sid4=

Response headers

Server
nginx
Date
Mon, 21 Sep 2020 09:15:10 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
gtm.js
www.googletagmanager.com/ 		63 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-NXNQ2LW
Requested by
Host: greatpromobase.com
URL: http://greatpromobase.com/a48f3ce6cc38f9efdca88f1232d85f6f4/?newcid=4740&sid1=&sid2=&sid3=&sid4=&dev_click=
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
87943928053e9250afc50a880aafae528e958c57b6ba0dbe57a085dd5c2a56a9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
http://greatpromobase.com/a48f3ce6cc38f9efdca88f1232d85f6f4/?newcid=4740&sid1=&sid2=&sid3=&sid4=&dev_click=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 21 Sep 2020 09:04:40 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
status
200
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
25535
x-xss-protection
0
expires
Mon, 21 Sep 2020 09:04:40 GMT
index.php
greatpromobase.com/ 		198 B
372 B 		XHR
General
Check archive.org
Download Go to
Full URL
http://greatpromobase.com/index.php
Requested by
Host: greatpromobase.com
URL: http://greatpromobase.com/a48f3ce6cc38f9efdca88f1232d85f6f4/?newcid=4740&sid1=&sid2=&sid3=&sid4=&dev_click=
Protocol
HTTP/1.1
Server
104.227.171.150 Cleveland, United States, ASN55286 (SERVER-MANIA, CA),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Referer
http://greatpromobase.com/a48f3ce6cc38f9efdca88f1232d85f6f4/?newcid=4740&sid1=&sid2=&sid3=&sid4=&dev_click=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

Date
Mon, 21 Sep 2020 09:15:10 GMT
Server
nginx
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
/
offer-notavailable.com/bettercontent/ 		3 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://offer-notavailable.com/bettercontent/?utm_source=202474&utm_medium=
Requested by
Host: greatpromobase.com
URL: http://greatpromobase.com/a48f3ce6cc38f9efdca88f1232d85f6f4/?newcid=4740&sid1=&sid2=&sid3=&sid4=&dev_click=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::6812:2f84 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c7a3887f7409b78d95d96e06d39282deef239c64a35e0daae77d0e0136a18974

Request headers

:method
GET
:authority
offer-notavailable.com
:scheme
https
:path
/bettercontent/?utm_source=202474&utm_medium=
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
http://greatpromobase.com/a48f3ce6cc38f9efdca88f1232d85f6f4/?newcid=4740&sid1=&sid2=&sid3=&sid4=&dev_click=
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
http://greatpromobase.com/a48f3ce6cc38f9efdca88f1232d85f6f4/?newcid=4740&sid1=&sid2=&sid3=&sid4=&dev_click=

Response headers

status
200
date
Mon, 21 Sep 2020 09:04:40 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=d48f3bba6a48b98f90ae3744fd83144531600679080; expires=Wed, 21-Oct-20 09:04:40 GMT; path=/; domain=.offer-notavailable.com; HttpOnly; SameSite=Lax; Secure
cf-cache-status
DYNAMIC
cf-request-id
0551818a9000000eb7953ab200000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
5d629ebdbcec0eb7-FRA
content-encoding
br
desktop.png
offer-notavailable.com/bettercontent/images/ 		92 KB
92 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offer-notavailable.com/bettercontent/images/desktop.png
Requested by
Host: offer-notavailable.com
URL: https://offer-notavailable.com/bettercontent/?utm_source=202474&utm_medium=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::6812:2f84 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eaa36f72eb72b3aff2db9f718a8dd759386c865beb007d21521c120d4a1c1864

Request headers

Referer
https://offer-notavailable.com/bettercontent/?utm_source=202474&utm_medium=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 21 Sep 2020 09:04:40 GMT
cf-cache-status
HIT
age
187544
status
200
content-length
94237
cf-request-id
0551818be200000eb7953bd200000001
last-modified
Wed, 06 Nov 2019 23:26:55 GMT
server
cloudflare
etag
"5dc356bf-1701d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
5d629ebfd95c0eb7-FRA
expires
Mon, 19 Oct 2020 04:58:56 GMT
ts464-internationalemail-general
go.feturnst.com/
Redirect Chain
  • http://rapid-cdn.com/?flux_fts=ioxtixzzcotllizozxeiclzclcqzllcaqxxzi74b5b&pubid=202474&vert=&cid=
  • http://go.feturnst.com/ts464-internationalemail-general?flux_txid=475075720557923304&flux_hid=1036748921222341665
494 B
561 B 		Document
General
Check archive.org
Download Go to
Full URL
http://go.feturnst.com/ts464-internationalemail-general?flux_txid=475075720557923304&flux_hid=1036748921222341665
Requested by
Host: offer-notavailable.com
URL: https://offer-notavailable.com/bettercontent/?utm_source=202474&utm_medium=
Protocol
HTTP/1.1
Server
185.183.90.234 , Germany, ASN206943 (EANCENTER, DE),
Reverse DNS
Software
nginx/1.14.2 /
Resource Hash
7ba2fb52012a315cb7f79989d72ee57e5e78eca2caccb36e6c443d77b4e10a64

Request headers

Host
go.feturnst.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://offer-notavailable.com/bettercontent/?utm_source=202474&utm_medium=

Response headers

Server
nginx/1.14.2
Date
Mon, 21 Sep 2020 09:04:44 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
close
Content-Encoding
gzip

Redirect headers

Date
Mon, 21 Sep 2020 09:04:44 GMT
Content-Type
text/html; charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
__cfduid=d6dc48994a1b93711cf6cabc1c11db5321600679083; expires=Wed, 21-Oct-20 09:04:43 GMT; path=/; domain=.rapid-cdn.com; HttpOnly; SameSite=Lax PHPSESSID=bb98b9f955aeb369c2f3a94d4a4e655e; expires=Mon, 28-Sep-2020 09:04:44 GMT; Max-Age=604800; path=/; secure; SameSite=None csid3=bb98b9f955aeb369c2f3a94d4a4e655e; expires=Tue, 21-Sep-2021 09:04:44 GMT; Max-Age=31536000; path=/; secure; SameSite=None PHPSESSID=bb98b9f955aeb369c2f3a94d4a4e655e; expires=Tue, 22-Sep-2020 09:04:44 GMT; Max-Age=86400; path=/; secure; SameSite=None
X-Powered-By
PHP/7.3.14
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
X-Robots-Tag
noindex, noarchive, nofollow
P3P
CP="This is not a P3P policy"
Location
http://go.feturnst.com/ts464-internationalemail-general?flux_txid=475075720557923304&flux_hid=1036748921222341665
CF-Cache-Status
DYNAMIC
cf-request-id
05518197c0000016e6cd3d3200000001
Server
cloudflare
CF-RAY
5d629ed2cb2a16e6-FRA
Primary Request mmarkt25.html
belohnungclub.com/de/2/
Redirect Chain
  • http://go.feturnst.com/match-1686/48875/109977769/1600679084/mf_672b3a90-5d05-4156-aa99-45740a3c710d/dHM0NjQtaW50ZXJuYXRpb25hbGVtYWlsLWdlbmVyYWw=/?flux_txid=475075720557923304&flux_hid=103674892122...
  • https://belohnungclub.com/de/2/mmarkt25.html?TTT=y7q%2fGKhe%2bti6vidJjnx9%2bQrI3q0%2f6DBRvQJDRoz7h5U%3d-iKdTxJWKz6o%3d&s1=ts464-internationalemail-general&s3=1600679084.36-109977769-48875
56 KB
35 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://belohnungclub.com/de/2/mmarkt25.html?TTT=y7q%2fGKhe%2bti6vidJjnx9%2bQrI3q0%2f6DBRvQJDRoz7h5U%3d-iKdTxJWKz6o%3d&s1=ts464-internationalemail-general&s3=1600679084.36-109977769-48875
Requested by
Host: go.feturnst.com
URL: http://go.feturnst.com/ts464-internationalemail-general?flux_txid=475075720557923304&flux_hid=1036748921222341665
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.224.58.42 , Czech Republic, ASN60592 (GRANSY Gransy s.r.o. http://gransy.com, CZ),
Reverse DNS
Software
nginx/1.10.3 /
Resource Hash
f11448607cd95fad1f5ddfb7855a13daf079e16280c24a9aa1790835c261e970

Request headers

Host
belohnungclub.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
document
Referer
http://go.feturnst.com/ts464-internationalemail-general?flux_txid=475075720557923304&flux_hid=1036748921222341665
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
http://go.feturnst.com/ts464-internationalemail-general?flux_txid=475075720557923304&flux_hid=1036748921222341665

Response headers

Server
nginx/1.10.3
Date
Mon, 21 Sep 2020 09:04:44 GMT
Content-Type
text/html
Last-Modified
Mon, 04 May 2020 16:52:20 GMT
Transfer-Encoding
chunked
Connection
close
ETag
W/"5eb04844-e0d0"
Content-Encoding
gzip

Redirect headers

Server
nginx/1.14.2
Date
Mon, 21 Sep 2020 09:04:44 GMT
Transfer-Encoding
chunked
Connection
close
Location
https://belohnungclub.com/de/2/mmarkt25.html?TTT=y7q%2fGKhe%2bti6vidJjnx9%2bQrI3q0%2f6DBRvQJDRoz7h5U%3d-iKdTxJWKz6o%3d&s1=ts464-internationalemail-general&s3=1600679084.36-109977769-48875
style.css
belohnungclub.com/de/2/ 		29 KB
29 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://belohnungclub.com/de/2/style.css
Requested by
Host: belohnungclub.com
URL: https://belohnungclub.com/de/2/mmarkt25.html?TTT=y7q%2fGKhe%2bti6vidJjnx9%2bQrI3q0%2f6DBRvQJDRoz7h5U%3d-iKdTxJWKz6o%3d&s1=ts464-internationalemail-general&s3=1600679084.36-109977769-48875
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.224.58.42 , Czech Republic, ASN60592 (GRANSY Gransy s.r.o. http://gransy.com, CZ),
Reverse DNS
Software
nginx/1.10.3 /
Resource Hash
569568a9d75bbb4db8ba3200351ed12d6da9e79bac25ff58453336568e7028ac

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 21 Sep 2020 09:04:44 GMT
Last-Modified
Mon, 04 May 2020 13:03:30 GMT
Server
nginx/1.10.3
ETag
"5eb012a2-7352"
Content-Type
text/css
Connection
close
Accept-Ranges
bytes
Content-Length
29522
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/ 		30 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Requested by
Host: belohnungclub.com
URL: https://belohnungclub.com/de/2/mmarkt25.html?TTT=y7q%2fGKhe%2bti6vidJjnx9%2bQrI3q0%2f6DBRvQJDRoz7h5U%3d-iKdTxJWKz6o%3d&s1=ts464-internationalemail-general&s3=1600679084.36-109977769-48875
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac19::1:b:2a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
/
Resource Hash
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 21 Sep 2020 09:04:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 12 Dec 2018 18:35:20 GMT
status
200
etag
"1544639720"
vary
Accept-Encoding
x-cache
HIT
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
7050
commm.png
belohnungclub.com/de/2/images/ 		152 KB
152 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://belohnungclub.com/de/2/images/commm.png
Requested by
Host: belohnungclub.com
URL: https://belohnungclub.com/de/2/mmarkt25.html?TTT=y7q%2fGKhe%2bti6vidJjnx9%2bQrI3q0%2f6DBRvQJDRoz7h5U%3d-iKdTxJWKz6o%3d&s1=ts464-internationalemail-general&s3=1600679084.36-109977769-48875
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.224.58.42 , Czech Republic, ASN60592 (GRANSY Gransy s.r.o. http://gransy.com, CZ),
Reverse DNS
Software
nginx/1.10.3 /
Resource Hash
d28ac8ef11fc10d33876ce62b22a4c44fc0de4452db6b68861c0f7da71b41c30

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 21 Sep 2020 09:04:44 GMT
Last-Modified
Mon, 04 May 2020 14:58:08 GMT
Server
nginx/1.10.3
ETag
"5eb02d80-260f7"
Content-Type
image/png
Connection
close
Accept-Ranges
bytes
Content-Length
155895
mediamarkt25.png
belohnungclub.com/de/2/images/ 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://belohnungclub.com/de/2/images/mediamarkt25.png
Requested by
Host: belohnungclub.com
URL: https://belohnungclub.com/de/2/mmarkt25.html?TTT=y7q%2fGKhe%2bti6vidJjnx9%2bQrI3q0%2f6DBRvQJDRoz7h5U%3d-iKdTxJWKz6o%3d&s1=ts464-internationalemail-general&s3=1600679084.36-109977769-48875
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.224.58.42 , Czech Republic, ASN60592 (GRANSY Gransy s.r.o. http://gransy.com, CZ),
Reverse DNS
Software
nginx/1.10.3 /
Resource Hash
bbf64aa05a8af7335b4674bf392f159d968dc49947a85db73d0713651e16d032

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 21 Sep 2020 09:04:44 GMT
Last-Modified
Mon, 04 May 2020 15:07:26 GMT
Server
nginx/1.10.3
ETag
"5eb02fae-40ee"
Content-Type
image/png
Connection
close
Accept-Ranges
bytes
Content-Length
16622
lil.min.js
belohnungclub.com/de/2/ 		5 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://belohnungclub.com/de/2/lil.min.js
Requested by
Host: belohnungclub.com
URL: https://belohnungclub.com/de/2/mmarkt25.html?TTT=y7q%2fGKhe%2bti6vidJjnx9%2bQrI3q0%2f6DBRvQJDRoz7h5U%3d-iKdTxJWKz6o%3d&s1=ts464-internationalemail-general&s3=1600679084.36-109977769-48875
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.224.58.42 , Czech Republic, ASN60592 (GRANSY Gransy s.r.o. http://gransy.com, CZ),
Reverse DNS
Software
nginx/1.10.3 /
Resource Hash
6c073c51ab4422a98d5da931e35ed17c131e1756c5b7d80ce7928d6988886cc5

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 21 Sep 2020 09:04:44 GMT
Last-Modified
Mon, 18 Nov 2019 22:56:38 GMT
Server
nginx/1.10.3
ETag
"5dd321a6-1231"
Content-Type
application/javascript
Connection
close
Accept-Ranges
bytes
Content-Length
4657
menu_2x.png
belohnungclub.com/de/2/ 		267 B
500 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://belohnungclub.com/de/2/menu_2x.png
Requested by
Host: belohnungclub.com
URL: https://belohnungclub.com/de/2/style.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.224.58.42 , Czech Republic, ASN60592 (GRANSY Gransy s.r.o. http://gransy.com, CZ),
Reverse DNS
Software
nginx/1.10.3 /
Resource Hash
b0266b4c1034b37b109cbc4a78ca5f849ef193ce26a35cdbf18b7ce3ad95eea6

Request headers

Referer
https://belohnungclub.com/de/2/style.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 21 Sep 2020 09:04:44 GMT
Last-Modified
Wed, 22 Apr 2020 13:27:45 GMT
Server
nginx/1.10.3
ETag
"5ea04651-10b"
Content-Type
image/png
Connection
close
Accept-Ranges
bytes
Content-Length
267
notify_2x.png
belohnungclub.com/de/2/ 		405 B
638 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://belohnungclub.com/de/2/notify_2x.png
Requested by
Host: belohnungclub.com
URL: https://belohnungclub.com/de/2/style.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.224.58.42 , Czech Republic, ASN60592 (GRANSY Gransy s.r.o. http://gransy.com, CZ),
Reverse DNS
Software
nginx/1.10.3 /
Resource Hash
510881c76fea796bd043cbd874009caa2ec2b61e82ca6ff362503d049f58b9c7

Request headers

Referer
https://belohnungclub.com/de/2/style.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 21 Sep 2020 09:04:44 GMT
Last-Modified
Wed, 22 Apr 2020 13:27:55 GMT
Server
nginx/1.10.3
ETag
"5ea0465b-195"
Content-Type
image/png
Connection
close
Accept-Ranges
bytes
Content-Length
405
truncated
/ 		220 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9e79a749ac5f41341fdff11f64845580207490915f72b09ec320e0db0fea224a

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		6 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b2307af4775b329c51863f4c9da08cab32a793cde44fe781e000c5edb7a557dd

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a2fa4d52bfbb58c1aa83f65223abdad6fffaf281d4d103c5a34765485600702f

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
opt.js
belohnungclub.com/de/2/ 		366 B
612 B 		Script
General
Check archive.org
Download Go to
Full URL
https://belohnungclub.com/de/2/opt.js
Requested by
Host: belohnungclub.com
URL: https://belohnungclub.com/de/2/mmarkt25.html?TTT=y7q%2fGKhe%2bti6vidJjnx9%2bQrI3q0%2f6DBRvQJDRoz7h5U%3d-iKdTxJWKz6o%3d&s1=ts464-internationalemail-general&s3=1600679084.36-109977769-48875
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.224.58.42 , Czech Republic, ASN60592 (GRANSY Gransy s.r.o. http://gransy.com, CZ),
Reverse DNS
Software
nginx/1.10.3 /
Resource Hash
7b6a3f1bdb237249c9a0c0a003516192e16c5498b86bbe96940658ceb2096fc3

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 21 Sep 2020 09:04:44 GMT
Last-Modified
Fri, 07 Feb 2020 17:46:50 GMT
Server
nginx/1.10.3
ETag
"5e3da28a-16e"
Content-Type
application/javascript
Connection
close
Accept-Ranges
bytes
Content-Length
366

Verdicts & Comments Add Verdict or Comment

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes function| date function| startTimer number| vibr function| hidemodal01 function| hidemodal02 number| counter number| count object| boxes object| lil function| __cta function| __shout string| tu string| queryString object| outputOrigUrl undefined| outputOrigQuery string| sep string| currentUrl object| anchors object| __opt object| ___opt

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

belohnungclub.com
dalton.org.ductapefx.com
go.feturnst.com
greatpromobase.com
maxcdn.bootstrapcdn.com
offer-notavailable.com
rapid-cdn.com
www.googletagmanager.com
104.227.171.150
185.183.90.234
2001:4de0:ac19::1:b:2a
2606:4700:3032::681b:905f
2606:4700:3033::6812:2f84
2a00:1450:4001:809::2008
85.202.203.64
91.224.58.42
3587323b062a7d0f266e7cb4948a20dc802536c161f941181b5d602db25e5424
510881c76fea796bd043cbd874009caa2ec2b61e82ca6ff362503d049f58b9c7
569568a9d75bbb4db8ba3200351ed12d6da9e79bac25ff58453336568e7028ac
5e7e5690c35dfd99def1ad64e5cbf33439b29ff1aeb6b0a1d06c1f2b8ae7bd0a
6c073c51ab4422a98d5da931e35ed17c131e1756c5b7d80ce7928d6988886cc5
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7b6a3f1bdb237249c9a0c0a003516192e16c5498b86bbe96940658ceb2096fc3
7ba2fb52012a315cb7f79989d72ee57e5e78eca2caccb36e6c443d77b4e10a64
87943928053e9250afc50a880aafae528e958c57b6ba0dbe57a085dd5c2a56a9
9e79a749ac5f41341fdff11f64845580207490915f72b09ec320e0db0fea224a
a2fa4d52bfbb58c1aa83f65223abdad6fffaf281d4d103c5a34765485600702f
b0266b4c1034b37b109cbc4a78ca5f849ef193ce26a35cdbf18b7ce3ad95eea6
b2307af4775b329c51863f4c9da08cab32a793cde44fe781e000c5edb7a557dd
bbf64aa05a8af7335b4674bf392f159d968dc49947a85db73d0713651e16d032
c7a3887f7409b78d95d96e06d39282deef239c64a35e0daae77d0e0136a18974
d28ac8ef11fc10d33876ce62b22a4c44fc0de4452db6b68861c0f7da71b41c30
eaa36f72eb72b3aff2db9f718a8dd759386c865beb007d21521c120d4a1c1864
f11448607cd95fad1f5ddfb7855a13daf079e16280c24a9aa1790835c261e970