urlscan.io logo urlscan.io
SecurityTrails logo

promotions.duelz.com Open in urlscan Pro
2a06:98c1:3121::15  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://activity.trk.diqtrk.com/click/?sid=00ab0c0ppkxomamxwitxw2w&linkid=1&link=http://srcplc.com/urls/duelzca/?subid1=QDUCA231197
Effective URL: https://promotions.duelz.com/ca/welcome-offer/?programme=aff&source=netrefer&btag=655893_18F3E0162D4C48E0AC2883DB809FCD76
Submission: On November 24 via manual from IN — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 2 countries across 8 domains to perform 14 HTTP transactions. The main IP is 2a06:98c1:3121::15, located in United States and belongs to CLOUDFLARENET, US. The main domain is promotions.duelz.com.
TLS certificate: Issued by Thawte RSA CA 2018 on March 20th 2020. Valid for: 2 years.
This is the only time promotions.duelz.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 143.204.98.36 16509 (AMAZON-02)
1 167.172.102.94 14061 (DIGITALOC...)
1 1 2a02:26f0:170... 20940 (AKAMAI-ASN1)
3 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
3 2a03:2880:f02... 32934 (FACEBOOK)
5 2a03:2880:f12... 32934 (FACEBOOK)
14 6
1    143.204.98.36 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-36.fra50.r.cloudfront.net
activity.trk.diqtrk.com
1    167.172.102.94 (Frankfurt am Main, Germany)

ASN14061 (DIGITALOCEAN-ASN, US)
srcplc.com
1    2a02:26f0:1700:5::5f65:1b48 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
nvd.suprnation.com
3    2a06:98c1:3121::15 (United States)

ASN13335 (CLOUDFLARENET, US)
promotions.duelz.com
1    2606:4700::6810:5e41 (United States)

ASN13335 (CLOUDFLARENET, US)
static.cloudflareinsights.com
1    2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
3    2a03:2880:f02d:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
5    2a03:2880:f12d:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
Domain Requested by
5 www.facebook.com promotions.duelz.com
3 connect.facebook.net srcplc.com
connect.facebook.net
3 promotions.duelz.com promotions.duelz.com
static.cloudflareinsights.com
1 www.googletagmanager.com promotions.duelz.com
1 static.cloudflareinsights.com promotions.duelz.com
1 nvd.suprnation.com 1 redirects
1 srcplc.com
1 activity.trk.diqtrk.com 1 redirects
14 8

This site contains links to these domains. Also see Links.

Domain
www.duelz.com
Subject Issuer Validity Valid
*.duelz.com
Thawte RSA CA 2018		 2020-03-20 -
2022-04-01		 2 years crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-06-11 -
2022-06-10		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2021-09-02 -
2021-12-01		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://promotions.duelz.com/ca/welcome-offer/?programme=aff&source=netrefer&btag=655893_18F3E0162D4C48E0AC2883DB809FCD76
Frame ID: 77D1A6AB4634327508F91CDED6196C77
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Duelz Casino

Page URL History Show full URLs

  1. https://activity.trk.diqtrk.com/click/?sid=00ab0c0ppkxomamxwitxw2w&linkid=1&link=http://srcplc.com/urls/duel... HTTP 302
    http://srcplc.com/urls/duelzca/?subid1=QDUCA231197 Page URL
  2. https://nvd.suprnation.com/redirect.aspx?pid=21644&bid=2399 HTTP 301
    https://promotions.duelz.com/ca/welcome-offer/?programme=aff&source=netrefer&btag=655893_18F3E0162D4C48E0... Page URL

Page Statistics

14
Requests

93 %
HTTPS

75 %
IPv6

8
Domains

8
Subdomains

6
IPs

2
Countries

649 kB
Transfer

1299 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://activity.trk.diqtrk.com/click/?sid=00ab0c0ppkxomamxwitxw2w&linkid=1&link=http://srcplc.com/urls/duelzca/?subid1=QDUCA231197 HTTP 302
    http://srcplc.com/urls/duelzca/?subid1=QDUCA231197 Page URL
  2. https://nvd.suprnation.com/redirect.aspx?pid=21644&bid=2399 HTTP 301
    https://promotions.duelz.com/ca/welcome-offer/?programme=aff&source=netrefer&btag=655893_18F3E0162D4C48E0AC2883DB809FCD76 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://activity.trk.diqtrk.com/click/?sid=00ab0c0ppkxomamxwitxw2w&linkid=1&link=http://srcplc.com/urls/duelzca/?subid1=QDUCA231197 HTTP 302
  • http://srcplc.com/urls/duelzca/?subid1=QDUCA231197

14 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
srcplc.com/urls/duelzca/
Redirect Chain
  • https://activity.trk.diqtrk.com/click/?sid=00ab0c0ppkxomamxwitxw2w&linkid=1&link=http://srcplc.com/urls/duelzca/?subid1=QDUCA231197
  • http://srcplc.com/urls/duelzca/?subid1=QDUCA231197
331 B
612 B 		Document
General
Check archive.org
Download Go to
Full URL
http://srcplc.com/urls/duelzca/?subid1=QDUCA231197
Protocol
HTTP/1.1
Server
167.172.102.94 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Date
Wed, 24 Nov 2021 01:01:57 GMT
Server
Apache/2.4.29 (Ubuntu)
Link
<http://srcplc.com/wp-json/>; rel="https://api.w.org/" <http://srcplc.com/?p=707>; rel=shortlink
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
249
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8

Redirect headers

content-length
0
location
http://srcplc.com/urls/duelzca/?subid1=QDUCA231197
date
Wed, 24 Nov 2021 01:01:57 GMT
x-amzn-requestid
ef84d7b3-896e-44d0-8b1f-69fbdbabaee2
strict-transport-security
max-age=2592000
x-amz-apigw-id
JSNI5FuGoAMF57g=
cache-control
no-store,no-cache
x-amzn-trace-id
Root=1-619d8f05-50336f16386d7cab7513c2b7;Sampled=0
pragma
no-cache
x-cache
Miss from cloudfront
via
1.1 cdb2dba3874dd4d7b53213b8c63a0997.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
n3N2Ss3Ys01DyXtk7ljMX2wygkcop9Yib_y017Up4Akj8zEeZMPyfQ==
Primary Request /
promotions.duelz.com/ca/welcome-offer/
Redirect Chain
  • https://nvd.suprnation.com/redirect.aspx?pid=21644&bid=2399
  • https://promotions.duelz.com/ca/welcome-offer/?programme=aff&source=netrefer&btag=655893_18F3E0162D4C48E0AC2883DB809FCD76
3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://promotions.duelz.com/ca/welcome-offer/?programme=aff&source=netrefer&btag=655893_18F3E0162D4C48E0AC2883DB809FCD76
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b32b1404547777507f8667643a74d89edce449eb7583c80ceabd4dce3bf58a45
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
http://srcplc.com/urls/duelzca/?subid1=QDUCA231197

Response headers

date
Wed, 24 Nov 2021 01:01:58 GMT
content-type
text/html
last-modified
Tue, 23 Feb 2021 13:26:48 GMT
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=05FeFlIg1raPi8%2BBsfMGxoie3%2BU0Oj0YPlqPkmPRwU%2FTnyLtKyaONOXfpFcbAwGxLLS35ucwLMclF3lTE59dDV2jtYVsTsMbTOV7Ogpq%2BJNnJlW0%2F7rQAnka0eUkf4cL8eUUFBJQKvgIJx4aqGSouGhtbQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0; includeSubDomains; preload
server
cloudflare
cf-ray
6b2eb58698d8d6cd-FRA
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

Redirect headers

content-type
text/html
content-length
0
location
https://promotions.duelz.com/ca/welcome-offer/?programme=aff&source=netrefer&btag=655893_18F3E0162D4C48E0AC2883DB809FCD76
p3p
CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
x-aspnet-version
4.0.30319
request-context
appId=cid-v1:7b1bd175-669c-4817-96f4-9fd37be5aa50
expires
Wed, 24 Nov 2021 01:01:58 GMT
cache-control
max-age=0, no-cache, no-store
pragma
no-cache
date
Wed, 24 Nov 2021 01:01:58 GMT
server-timing
cdn-cache; desc=MISS edge; dur=10 origin; dur=57
v64f9daad31f64f81be21cbef6184a5e31634941392597
static.cloudflareinsights.com/beacon.min.js/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.cloudflareinsights.com/beacon.min.js/v64f9daad31f64f81be21cbef6184a5e31634941392597
Requested by
Host: promotions.duelz.com
URL: https://promotions.duelz.com/ca/welcome-offer/?programme=aff&source=netrefer&btag=655893_18F3E0162D4C48E0AC2883DB809FCD76
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5e41 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5bf0a170ae91f1bb8d0c94381a74ab8b85f938bf31bf18a9c8e3b835250d3be6

Request headers

Referer
https://promotions.duelz.com/
Origin
https://promotions.duelz.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 01:01:58 GMT
content-encoding
gzip
last-modified
Fri, 22 Oct 2021 22:23:12 GMT
server
cloudflare
etag
W/2021.10.0
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
cf-ray
6b2eb5872989d70d-FRA
gtm.js
www.googletagmanager.com/ 		184 KB
50 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-5D8KSVW
Requested by
Host: promotions.duelz.com
URL: https://promotions.duelz.com/ca/welcome-offer/?programme=aff&source=netrefer&btag=655893_18F3E0162D4C48E0AC2883DB809FCD76
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
03607f7699cde829c9e1ed2de1e5f92b8211775ebc2259a701cd13554de49b77
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://promotions.duelz.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 01:01:58 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
50292
x-xss-protection
0
last-modified
Wed, 24 Nov 2021 00:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 24 Nov 2021 01:01:58 GMT
bg.jpg
promotions.duelz.com/ca/welcome-offer/img/ 		390 KB
390 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://promotions.duelz.com/ca/welcome-offer/img/bg.jpg
Requested by
Host: promotions.duelz.com
URL: https://promotions.duelz.com/ca/welcome-offer/?programme=aff&source=netrefer&btag=655893_18F3E0162D4C48E0AC2883DB809FCD76
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b05bb35bbff63d287a8fe3d1996945d22132edd05b3d513704183828d7351988
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://promotions.duelz.com/ca/welcome-offer/?programme=aff&source=netrefer&btag=655893_18F3E0162D4C48E0AC2883DB809FCD76
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 01:01:58 GMT
vary
Accept-Encoding
cf-cache-status
REVALIDATED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
398924
last-modified
Tue, 23 Feb 2021 13:27:06 GMT
server
cloudflare
etag
"603502aa-6164c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r0KihGvRv2AK0zsNBfaLGUlEjAHCPioPb9nMBuetcv9JlZ8VCtZcypdLFdKxM8tC6iLk7k0ZAfNThChIxSyChE1QyAn4vcTRuVqj0mM0LZlocUihvOVS%2BfG9%2FTh0t0tW5zdakGZeO6DRvbl9fSKP2s3odA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=3600
accept-ranges
bytes
cf-ray
6b2eb5870907d6cd-FRA
cf-bgj
h2pri
fbevents.js
connect.facebook.net/en_US/ 		98 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: srcplc.com
URL: http://srcplc.com/urls/duelzca/?subid1=QDUCA231197
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://promotions.duelz.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
25965
x-xss-protection
0
pragma
public
x-fb-debug
bB6ryr/mcJyJub3bWcLmFiFKc6NX4JqJdODeaTO8DiDRRWAlvRX7BRXgRFQmjIomde6+ydwrvTUqukebSm7MKQ==
x-fb-trip-id
917726464
x-frame-options
DENY
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
date
Wed, 24 Nov 2021 01:01:58 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
expires
Sat, 01 Jan 2000 00:00:00 GMT
324153348167989
connect.facebook.net/signals/config/ 		305 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/324153348167989?v=2.9.48&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
c3e1224ae0f28ce7f16efbb0c97535711987abf4e5c30f481263a2fc37eda063
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://promotions.duelz.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
x-xss-protection
0
pragma
public
x-fb-debug
pMmEqFB/jk0QKSGPDmJUz4k7UK2W4M69uSAHtJCrQcuCQ5UL25ypvBhDlIY6OzsoKrsdkPy4rGJbm+PSaw+eCg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 24 Nov 2021 01:01:58 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
4096901657006898
connect.facebook.net/signals/config/ 		305 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/4096901657006898?v=2.9.48&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
eeff02ad9dabe5f8a7cefe08e43bee00712a737878be33a9f45f97bd4e0c067c
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://promotions.duelz.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
x-xss-protection
0
pragma
public
x-fb-debug
iIBk7lXoHq1/q5a5l/vkUvfWpbZV6Raf9GrFIZnkCL4gVZYs4UjM4C7r7wXcJw5Vc3odvKPj2NDY3q5WAA2q7A==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Wed, 24 Nov 2021 01:01:58 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/ 		44 B
295 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=324153348167989&ev=PageView&dl=https%3A%2F%2Fpromotions.duelz.com%2Fca%2Fwelcome-offer%2F%3Fprogramme%3Daff%26source%3Dnetrefer%26btag%3D655893_18F3E0162D4C48E0AC2883DB809FCD76&rl=http%3A%2F%2Fsrcplc.com%2F&if=false&ts=1637715718446&sw=1600&sh=1200&v=2.9.48&r=stable&ec=0&o=30&fbp=fb.1.1637715718444.1391404413&it=1637715718356&coo=false&exp=p0&rqm=GET
Requested by
Host: promotions.duelz.com
URL: https://promotions.duelz.com/ca/welcome-offer/?programme=aff&source=netrefer&btag=655893_18F3E0162D4C48E0AC2883DB809FCD76
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://promotions.duelz.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 01:01:58 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
44
expires
Wed, 24 Nov 2021 01:01:58 GMT
/
www.facebook.com/tr/ 		44 B
101 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=324153348167989&ev=ViewContent&dl=https%3A%2F%2Fpromotions.duelz.com%2Fca%2Fwelcome-offer%2F%3Fprogramme%3Daff%26source%3Dnetrefer%26btag%3D655893_18F3E0162D4C48E0AC2883DB809FCD76&rl=http%3A%2F%2Fsrcplc.com%2F&if=false&ts=1637715718450&sw=1600&sh=1200&v=2.9.48&r=stable&ec=1&o=30&fbp=fb.1.1637715718444.1391404413&it=1637715718356&coo=false&exp=p0&rqm=GET
Requested by
Host: promotions.duelz.com
URL: https://promotions.duelz.com/ca/welcome-offer/?programme=aff&source=netrefer&btag=655893_18F3E0162D4C48E0AC2883DB809FCD76
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://promotions.duelz.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 01:01:58 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
44
expires
Wed, 24 Nov 2021 01:01:58 GMT
/
www.facebook.com/tr/ 		44 B
90 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=4096901657006898&ev=PageView&dl=https%3A%2F%2Fpromotions.duelz.com%2Fca%2Fwelcome-offer%2F%3Fprogramme%3Daff%26source%3Dnetrefer%26btag%3D655893_18F3E0162D4C48E0AC2883DB809FCD76&rl=http%3A%2F%2Fsrcplc.com%2F&if=false&ts=1637715718516&sw=1600&sh=1200&v=2.9.48&r=stable&ec=0&o=30&fbp=fb.1.1637715718444.1391404413&it=1637715718356&coo=false&exp=p0&rqm=GET
Requested by
Host: promotions.duelz.com
URL: https://promotions.duelz.com/ca/welcome-offer/?programme=aff&source=netrefer&btag=655893_18F3E0162D4C48E0AC2883DB809FCD76
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://promotions.duelz.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 01:01:58 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
expires
Wed, 24 Nov 2021 01:01:58 GMT
rum
promotions.duelz.com/cdn-cgi/ 		0
205 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://promotions.duelz.com/cdn-cgi/rum?
Requested by
Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v64f9daad31f64f81be21cbef6184a5e31634941392597
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::15 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://promotions.duelz.com/ca/welcome-offer/?programme=aff&source=netrefer&btag=655893_18F3E0162D4C48E0AC2883DB809FCD76
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
content-type
application/json

Response headers

date
Wed, 24 Nov 2021 01:01:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cloudflare
x-frame-options
DENY
access-control-allow-methods
POST,OPTIONS
content-type
text/plain
access-control-allow-origin
https://promotions.duelz.com
access-control-max-age
86400
access-control-allow-credentials
true
cf-ray
6b2eb588de7005d4-FRA
vary
Origin
/
www.facebook.com/tr/ 		44 B
88 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=324153348167989&ev=Microdata&dl=https%3A%2F%2Fpromotions.duelz.com%2Fca%2Fwelcome-offer%2F%3Fprogramme%3Daff%26source%3Dnetrefer%26btag%3D655893_18F3E0162D4C48E0AC2883DB809FCD76&rl=http%3A%2F%2Fsrcplc.com%2F&if=false&ts=1637715719949&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Duelz%20Casino%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.48&r=stable&ec=2&o=30&fbp=fb.1.1637715718444.1391404413&it=1637715718356&coo=false&es=automatic&tm=3&exp=p0&rqm=GET
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://promotions.duelz.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 01:01:59 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
expires
Wed, 24 Nov 2021 01:01:59 GMT
/
www.facebook.com/tr/ 		44 B
88 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=4096901657006898&ev=Microdata&dl=https%3A%2F%2Fpromotions.duelz.com%2Fca%2Fwelcome-offer%2F%3Fprogramme%3Daff%26source%3Dnetrefer%26btag%3D655893_18F3E0162D4C48E0AC2883DB809FCD76&rl=http%3A%2F%2Fsrcplc.com%2F&if=false&ts=1637715720017&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Duelz%20Casino%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.48&r=stable&ec=1&o=30&fbp=fb.1.1637715718444.1391404413&it=1637715718356&coo=false&es=automatic&tm=3&exp=p0&rqm=GET
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://promotions.duelz.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 24 Nov 2021 01:02:00 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
expires
Wed, 24 Nov 2021 01:02:00 GMT

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler object| dataLayer function| GetUrlValue object| google_tag_manager object| google_tag_data function| fbq function| _fbq object| __cfBeacon

4 Cookies

Domain/Path Name / Value
.suprnation.com/ Name: NetRefer_CookieUniTrack_C
Value: %5b%7b%22PID%22%3a21644%2c%22BID%22%3a2399%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1637715718117)%5c%2f%22%2c%22CookieTag%22%3a%222399216441%3a%3a53%3a8002%3a051%3a8f4%3a10a2C2021112411%22%7d%5d
.suprnation.com/ Name: NetReferSPS
Value: %5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2231659530%7c1%22%7d%5d
.duelz.com/ Name: _gcl_au
Value: 1.1.824966590.1637715718
.duelz.com/ Name: _fbp
Value: fb.1.1637715718444.1391404413