urlscan.io logo urlscan.io
SecurityTrails logo

promo.iredirect.net Open in urlscan Pro
66.212.229.139  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://showmesmile.es/?MTA5NDY5NjEzPTE5Njc3JjI2NTIzODU9MzkzJjM3PWNsaWNrJnUxNXdlaT04JmxpZD0zNzExNQ==
Effective URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Submission: On April 10 via api from BE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 10 IPs in 4 countries across 15 domains to perform 38 HTTP transactions. The main IP is 66.212.229.139, located in United States and belongs to CL-1379-14537, US. The main domain is promo.iredirect.net.
TLS certificate: Issued by GoGetSSL RSA DV CA on February 16th 2020. Valid for: 2 years.
This is the only time promo.iredirect.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 108.61.12.74 20473 (AS-CHOOPA)
1 1 31.220.54.15 47583 (AS-HOSTINGER)
1 2 104.161.32.89 53755 (IOFLOOD)
1 78.142.29.109 201133 (VERDINA)
1 1 216.189.40.128 6921 (ARACHNITEC)
1 2 154.16.205.185 20278 (NEXEON)
1 1 66.212.229.144 14537 (CL-1379-1...)
1 6 66.212.229.139 14537 (CL-1379-1...)
4 2606:4700::68... 13335 (CLOUDFLAR...)
21 66.212.229.189 14537 (CL-1379-1...)
1 3 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 66.212.229.188 14537 (CL-1379-1...)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
38 10
1    108.61.12.74 (Matawan, United States)

ASN20473 (AS-CHOOPA, US)
PTR: 108.61.12.74.choopa.com
showmesmile.es
1    31.220.54.15 (United States)

ASN47583 (AS-HOSTINGER, LT)
zharewardss.com
2    104.161.32.89 (Phoenix, United States)

ASN53755 (IOFLOOD, US)
PTR: amails.qiuqiuda.cn
qalkawell.com
1    78.142.29.109 (Bulgaria)

ASN201133 (VERDINA, BZ)
laudypauty.com
1    216.189.40.128 (United States)

ASN6921 (ARACHNITEC, US)
m1o6.newestlinks.company
2    154.16.205.185 (Los Angeles, United States)

ASN20278 (NEXEON, US)
efadfre.jwihbq.live
1    66.212.229.144 (United States)

ASN14537 (CL-1379-14537, US)
click.cr-brands.net
6    66.212.229.139 (United States)

ASN14537 (CL-1379-14537, US)
promo.iredirect.net
4    2606:4700::6810:5714 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.jsdelivr.net
21    66.212.229.189 (United States)

ASN14537 (CL-1379-14537, US)
cdn.iredirect.net
www.zxcdn.com
img.iredirect.net
3    2a00:1450:4001:81c::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2a00:1450:4001:81d::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    66.212.229.188 (United States)

ASN14537 (CL-1379-14537, US)
api.iredirect.net
1    2a00:1450:400c:c00::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    2a00:1450:4001:808::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
Domain Requested by
9 img.iredirect.net promo.iredirect.net
8 cdn.iredirect.net promo.iredirect.net
6 promo.iredirect.net 1 redirects efadfre.jwihbq.live
promo.iredirect.net
cdn.jsdelivr.net
4 www.zxcdn.com promo.iredirect.net
4 cdn.jsdelivr.net promo.iredirect.net
3 www.google-analytics.com 1 redirects promo.iredirect.net
2 efadfre.jwihbq.live 1 redirects laudypauty.com
2 qalkawell.com 1 redirects
1 www.google.de promo.iredirect.net
1 www.google.com 1 redirects
1 stats.g.doubleclick.net 1 redirects
1 api.iredirect.net cdn.jsdelivr.net
1 www.googletagmanager.com promo.iredirect.net
1 click.cr-brands.net 1 redirects
1 m1o6.newestlinks.company 1 redirects
1 laudypauty.com qalkawell.com
1 zharewardss.com 1 redirects
1 showmesmile.es 1 redirects
38 18

This site contains links to these domains. Also see Links.

Domain
www.zodiaccasino.com
Subject Issuer Validity Valid
qalkawell.com
Let's Encrypt Authority X3		 2020-04-08 -
2020-07-07		 3 months crt.sh
www.laudypauty.com
Go Daddy Secure Certificate Authority - G2		 2019-04-30 -
2020-06-28		 a year crt.sh
jwihbq.live
Let's Encrypt Authority X3		 2020-03-11 -
2020-06-09		 3 months crt.sh
*.iredirect.net
GoGetSSL RSA DV CA		 2020-02-16 -
2022-02-28		 2 years crt.sh
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2		 2020-04-06 -
2020-10-09		 6 months crt.sh
*.zxcdn.com
GoGetSSL RSA DV CA		 2019-08-30 -
2021-09-05		 2 years crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-03-24 -
2020-06-16		 3 months crt.sh
www.google.de
GTS CA 1O1		 2020-03-24 -
2020-06-16		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Frame ID: E2AD61B3D40B06EF483ED10F2EAE731D
Requests: 38 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://showmesmile.es/?MTA5NDY5NjEzPTE5Njc3JjI2NTIzODU9MzkzJjM3PWNsaWNrJnUxNXdlaT04JmxpZD0zNzExNQ== HTTP 302
    http://zharewardss.com/r/2f0bec7b-45eb-4030-bfb8-0d7a64700e60//393_108.61.12.74_37_185.216.34.99/10... HTTP 302
    https://qalkawell.com/r/29e028de-409a-4a78-8317-2efe4b5cb991//393_108.61.12.74_37_185.216.34.99/10... Page URL
  2. https://qalkawell.com/r2/29e028de-409a-4a78-8317-2efe4b5cb991//393_108.61.12.74_37_185.216.34.99/1... HTTP 302
    https://laudypauty.com/fff0852e2b321b3800/100/f7d4cd2a-f38f-4b96-9733-e3b0c787a992 Page URL
  3. https://m1o6.newestlinks.company/?s1=897924130&s2=472125&kw=472125 HTTP 302
    https://efadfre.jwihbq.live/?sov=6fa9cf923ea&hid=gqmqokokmqqqmgow&&cntrl=00000&pid=10044&redid=75393&gsi... Page URL
  4. https://efadfre.jwihbq.live/ITS458nodepositAT.html?sov=6fa9cf923ea&cntrl=00000&pid=10044&redid=75393&gsi... HTTP 302
    https://click.cr-brands.net/affiliate/referral.asp?site=rea&url=pop/de/zc/11&seg=52055&lid=215864&aff_id... HTTP 301
    https://promo.iredirect.net/referral.asp?aff_id=5359_52055_23482_4408_57_347_3-75393|6fa9cf923ea|f6bc733... HTTP 301
    https://promo.iredirect.net/rea/pop/de/zc/11/?v=0 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Overall confidence: 100%
Detected patterns
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
  • script /jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • script /jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?/i

Page Statistics

38
Requests

100 %
HTTPS

38 %
IPv6

15
Domains

18
Subdomains

10
IPs

4
Countries

624 kB
Transfer

1094 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://showmesmile.es/?MTA5NDY5NjEzPTE5Njc3JjI2NTIzODU9MzkzJjM3PWNsaWNrJnUxNXdlaT04JmxpZD0zNzExNQ== HTTP 302
    http://zharewardss.com/r/2f0bec7b-45eb-4030-bfb8-0d7a64700e60//393_108.61.12.74_37_185.216.34.99/109469613_2652385_37115/ HTTP 302
    https://qalkawell.com/r/29e028de-409a-4a78-8317-2efe4b5cb991//393_108.61.12.74_37_185.216.34.99/109469613_2652385_37115//?fctr=1&ptid=3e6a40ea-5d29-4aff-bdfd-d53efef7b833 Page URL
  2. https://qalkawell.com/r2/29e028de-409a-4a78-8317-2efe4b5cb991//393_108.61.12.74_37_185.216.34.99/109469613_2652385_37115/f7d4cd2a-f38f-4b96-9733-e3b0c787a992/?fctr=1&ptid=3e6a40ea-5d29-4aff-bdfd-d53efef7b833&fctr=1 HTTP 302
    https://laudypauty.com/fff0852e2b321b3800/100/f7d4cd2a-f38f-4b96-9733-e3b0c787a992 Page URL
  3. https://m1o6.newestlinks.company/?s1=897924130&s2=472125&kw=472125 HTTP 302
    https://efadfre.jwihbq.live/?sov=6fa9cf923ea&hid=gqmqokokmqqqmgow&&cntrl=00000&pid=10044&redid=75393&gsid=488&campaign_id=1228&p_id=10044&id=XNSX.897924130%3A%3A472125-r75393-t488&impid=f3240a18-7b18-11ea-8936-12c26be3c49e Page URL
  4. https://efadfre.jwihbq.live/ITS458nodepositAT.html?sov=6fa9cf923ea&cntrl=00000&pid=10044&redid=75393&gsid=488&campaign_id=1228&p_id=10044&id=XNSX.897924130%3A%3A472125-r75393-t488&impid=f3240a18-7b18-11ea-8936-12c26be3c49e&tov=683383 HTTP 302
    https://click.cr-brands.net/affiliate/referral.asp?site=rea&url=pop/de/zc/11&seg=52055&lid=215864&aff_id=5359_52055_23482_4408_57_347_3-75393|6fa9cf923ea|f6bc7336-7b18-11ea-8ed5-56d124b294d6| HTTP 301
    https://promo.iredirect.net/referral.asp?aff_id=5359_52055_23482_4408_57_347_3-75393|6fa9cf923ea|f6bc7336-7b18-11ea-8ed5-56d124b294d6|&pop_up=1&url=/rea/pop/de/zc/11&seg=52055&lid=215864 HTTP 301
    https://promo.iredirect.net/rea/pop/de/zc/11/?v=0 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://showmesmile.es/?MTA5NDY5NjEzPTE5Njc3JjI2NTIzODU9MzkzJjM3PWNsaWNrJnUxNXdlaT04JmxpZD0zNzExNQ== HTTP 302
  • http://zharewardss.com/r/2f0bec7b-45eb-4030-bfb8-0d7a64700e60//393_108.61.12.74_37_185.216.34.99/109469613_2652385_37115/ HTTP 302
  • https://qalkawell.com/r/29e028de-409a-4a78-8317-2efe4b5cb991//393_108.61.12.74_37_185.216.34.99/109469613_2652385_37115//?fctr=1&ptid=3e6a40ea-5d29-4aff-bdfd-d53efef7b833
Request Chain 1
  • https://qalkawell.com/r2/29e028de-409a-4a78-8317-2efe4b5cb991//393_108.61.12.74_37_185.216.34.99/109469613_2652385_37115/f7d4cd2a-f38f-4b96-9733-e3b0c787a992/?fctr=1&ptid=3e6a40ea-5d29-4aff-bdfd-d53efef7b833&fctr=1 HTTP 302
  • https://laudypauty.com/fff0852e2b321b3800/100/f7d4cd2a-f38f-4b96-9733-e3b0c787a992
Request Chain 2
  • https://m1o6.newestlinks.company/?s1=897924130&s2=472125&kw=472125 HTTP 302
  • https://efadfre.jwihbq.live/?sov=6fa9cf923ea&hid=gqmqokokmqqqmgow&&cntrl=00000&pid=10044&redid=75393&gsid=488&campaign_id=1228&p_id=10044&id=XNSX.897924130%3A%3A472125-r75393-t488&impid=f3240a18-7b18-11ea-8936-12c26be3c49e
Request Chain 35
  • https://www.google-analytics.com/r/collect?v=1&_v=j81&a=745689303&t=pageview&_s=1&dl=https%3A%2F%2Fpromo.iredirect.net%2Frea%2Fpop%2Fde%2Fzc%2F11%2F%3Fv%3D0&dr=https%253A%252F%252Fefadfre.jwihbq.live%252F&ul=en-us&de=UTF-8&dt=Zodiac%20Casino!&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABC~&jid=1930522140&gjid=639690482&cid=478562347.1586515776&tid=UA-85618867-1&_gid=1530309755.1586515776&_r=1&cd9=351&cd34=de&cd83=ouEuwKs4rH4OYYTvecyzJGiyoax4GpfrK4h88xNjsnM%3D&cd85=5359_52055_23482_4408_57_347_3-75393%7C6fa9cf923ea%7Cf6bc7336-7b18-11ea-8ed5-56d124b294d6%7C&cd89=wizfulladdress_https&cd90=pop_zc_11_0&cd91=wizfulladdress&cd124=catch_zc&cd125=1&cd126=11&cd127=0&cd128=ZC&cd129=&cd130=&cd131=EMPTY&z=568523265 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-85618867-1&cid=478562347.1586515776&jid=1930522140&_gid=1530309755.1586515776&gjid=639690482&_v=j81&z=568523265 HTTP 302
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-85618867-1&cid=478562347.1586515776&jid=1930522140&_v=j81&z=568523265 HTTP 302
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-85618867-1&cid=478562347.1586515776&jid=1930522140&_v=j81&z=568523265&slf_rd=1&random=2601682263

38 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
qalkawell.com/r/29e028de-409a-4a78-8317-2efe4b5cb991//393_108.61.12.74_37_185.216.34.99/109469613_2652385_37115//
Redirect Chain
  • http://showmesmile.es/?MTA5NDY5NjEzPTE5Njc3JjI2NTIzODU9MzkzJjM3PWNsaWNrJnUxNXdlaT04JmxpZD0zNzExNQ==
  • http://zharewardss.com/r/2f0bec7b-45eb-4030-bfb8-0d7a64700e60//393_108.61.12.74_37_185.216.34.99/109469613_2652385_37115/
  • https://qalkawell.com/r/29e028de-409a-4a78-8317-2efe4b5cb991//393_108.61.12.74_37_185.216.34.99/109469613_2652385_37115//?fctr=1&ptid=3e6a40ea-5d29-4aff-bdfd-d53efef7b833
784 B
921 B 		Document
General
Check archive.org
Download Go to
Full URL
https://qalkawell.com/r/29e028de-409a-4a78-8317-2efe4b5cb991//393_108.61.12.74_37_185.216.34.99/109469613_2652385_37115//?fctr=1&ptid=3e6a40ea-5d29-4aff-bdfd-d53efef7b833
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
104.161.32.89 Phoenix, United States, ASN53755 (IOFLOOD, US),
Reverse DNS
amails.qiuqiuda.cn
Software
nginx /
Resource Hash

Request headers

Host
qalkawell.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Server
nginx
Date
Fri, 10 Apr 2020 10:49:20 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
set-cookie
8e4d8882-511a-4735-b38f-b657767e925e=f7d4cd2a-f38f-4b96-9733-e3b0c787a992; Version=1; Expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; Domain=qalkawell.com; Path=/ 8e4d8882-511a-4735-b38f-b657767e925e-check=f7d4cd2a-f38f-4b96-9733-e3b0c787a992; Version=1; Expires=Fri, 10-Apr-2020 10:59:20 GMT; Max-Age=600; Domain=qalkawell.com; Path=/
Cache-Control
no-cache
Expires
Fri, 10 Apr 2020 10:49:20 GMT
Content-Encoding
gzip

Redirect headers

Server
nginx
Date
Fri, 10 Apr 2020 10:49:19 GMT
Content-Length
193
Connection
keep-alive
Location
https://qalkawell.com/r/29e028de-409a-4a78-8317-2efe4b5cb991//393_108.61.12.74_37_185.216.34.99/109469613_2652385_37115//?fctr=1&ptid=3e6a40ea-5d29-4aff-bdfd-d53efef7b833
Cache-Control
no-cache
Expires
Fri, 10 Apr 2020 10:49:19 GMT
Cookie set f7d4cd2a-f38f-4b96-9733-e3b0c787a992
laudypauty.com/fff0852e2b321b3800/100/
Redirect Chain
  • https://qalkawell.com/r2/29e028de-409a-4a78-8317-2efe4b5cb991//393_108.61.12.74_37_185.216.34.99/109469613_2652385_37115/f7d4cd2a-f38f-4b96-9733-e3b0c787a992/?fctr=1&ptid=3e6a40ea-5d29-4aff-bdfd-d5...
  • https://laudypauty.com/fff0852e2b321b3800/100/f7d4cd2a-f38f-4b96-9733-e3b0c787a992
129 B
382 B 		Document
General
Check archive.org
Download Go to
Full URL
https://laudypauty.com/fff0852e2b321b3800/100/f7d4cd2a-f38f-4b96-9733-e3b0c787a992
Requested by
Host: qalkawell.com
URL: https://qalkawell.com/r/29e028de-409a-4a78-8317-2efe4b5cb991//393_108.61.12.74_37_185.216.34.99/109469613_2652385_37115//?fctr=1&ptid=3e6a40ea-5d29-4aff-bdfd-d53efef7b833
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
78.142.29.109 , Bulgaria, ASN201133 (VERDINA, BZ),
Reverse DNS
Software
Apache /
Resource Hash

Request headers

Host
laudypauty.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Referer
https://qalkawell.com/r/29e028de-409a-4a78-8317-2efe4b5cb991//393_108.61.12.74_37_185.216.34.99/109469613_2652385_37115//?fctr=1&ptid=3e6a40ea-5d29-4aff-bdfd-d53efef7b833
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document
Referer
https://qalkawell.com/r/29e028de-409a-4a78-8317-2efe4b5cb991//393_108.61.12.74_37_185.216.34.99/109469613_2652385_37115//?fctr=1&ptid=3e6a40ea-5d29-4aff-bdfd-d53efef7b833

Response headers

Date
Fri, 10 Apr 2020 10:49:21 GMT
Content-Type
text/html; charset=UTF-8
Content-Length
129
Server
Apache
Set-Cookie
uid3546=897924130-20200410054921-d7fbf5f46bf47d86452532b502097749-; domain=; path=/; SameSite=None; Secure

Redirect headers

Server
nginx
Date
Fri, 10 Apr 2020 10:49:20 GMT
Content-Length
105
Connection
keep-alive
set-cookie
8e4d8882-511a-4735-b38f-b657767e925e=f7d4cd2a-f38f-4b96-9733-e3b0c787a992; Version=1; Expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; Domain=qalkawell.com; Path=/
Location
https://laudypauty.com/fff0852e2b321b3800/100/f7d4cd2a-f38f-4b96-9733-e3b0c787a992
Cache-Control
no-cache
Expires
Fri, 10 Apr 2020 10:49:20 GMT
Cookie set /
efadfre.jwihbq.live/
Redirect Chain
  • https://m1o6.newestlinks.company/?s1=897924130&s2=472125&kw=472125
  • https://efadfre.jwihbq.live/?sov=6fa9cf923ea&hid=gqmqokokmqqqmgow&&cntrl=00000&pid=10044&redid=75393&gsid=488&campaign_id=1228&p_id=10044&id=XNSX.897924130%3A%3A472125-r75393-t488&impid=f3240a18-7b...
1 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://efadfre.jwihbq.live/?sov=6fa9cf923ea&hid=gqmqokokmqqqmgow&&cntrl=00000&pid=10044&redid=75393&gsid=488&campaign_id=1228&p_id=10044&id=XNSX.897924130%3A%3A472125-r75393-t488&impid=f3240a18-7b18-11ea-8936-12c26be3c49e
Requested by
Host: laudypauty.com
URL: https://laudypauty.com/fff0852e2b321b3800/100/f7d4cd2a-f38f-4b96-9733-e3b0c787a992
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
154.16.205.185 Los Angeles, United States, ASN20278 (NEXEON, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Host
efadfre.jwihbq.live
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Referer
https://laudypauty.com/fff0852e2b321b3800/100/f7d4cd2a-f38f-4b96-9733-e3b0c787a992
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document
Referer
https://laudypauty.com/fff0852e2b321b3800/100/f7d4cd2a-f38f-4b96-9733-e3b0c787a992

Response headers

Date
Fri, 10 Apr 2020 10:49:33 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie
ci_session=ge46upyzdrgu2CI%2FMRFAHj7FvLGi3Ty7PBuRJ8fagtEoysp0RWsZCPsZbljG9edCW5hoc%2F9oKcaVz6vKf4%2BJsDQCOAxxzdfC7uU25%2FIa5HZ7A6%2BKIvec40dS0PXHRgsaWQ7bUhxgDPgDKhzBzk%2FUFGBXoIsz3yH8T6M7Gt7Ge81ens3IqvvvfuR%2F2a%2FTetSL%2FL%2Be5xRhK2QHKA%2Fq%2BFhRpBoXerOVbR8bgk%2FimK8U%2Fpropo9gMAcSIvwyEPNiPP0fDTxuNCU4Ifz5Qf07%2Bk0LgdIQ%2BpppZcmBkB9vcQOrtyfUs39vzZUTHnRT2n16b7Q01kjDM79sHisSWQQNu%2BozjHX5OnNJ3inyWfM%2FI0GcpSCRKzKBKEiDZVIC1mPRQgn8kkj5oaoXPDWxiEYMh82U1a9umPnoxjK7E81VH3Vjfzjgr5%2BTTVXaW%2B6CMBokSACcw7NIYn27xX76yZd8HT3UzA%3D%3D; expires=Sat, 11-Apr-2020 10:49:33 GMT; Max-Age=86400; path=/; domain=.efadfre.jwihbq.live click_id_f3240a18-7b18-11ea-8936-12c26be3c49e=f6bc7336-7b18-11ea-8ed5-56d124b294d6 id=XNSX.897924130%3A%3A472125-r75393-t488; expires=Sat, 11-Apr-2020 10:51:13 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live SITE_ID=6fa9cf923ea; expires=Sat, 11-Apr-2020 10:51:13 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live sov=6fa9cf923ea; expires=Sat, 11-Apr-2020 10:51:13 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live tov=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.efadfre.jwihbq.live mov=noprelanders.mini; expires=Sat, 11-Apr-2020 10:51:13 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live redid=75393; expires=Sat, 11-Apr-2020 10:51:13 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live campaign_id=1228; expires=Sat, 11-Apr-2020 10:51:13 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live gsid=488; expires=Sat, 11-Apr-2020 10:51:13 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live pid=10044; expires=Sat, 11-Apr-2020 10:51:13 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live ref=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.efadfre.jwihbq.live impid=f3240a18-7b18-11ea-8936-12c26be3c49e; expires=Sat, 11-Apr-2020 10:51:13 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live URI=sov%3D6fa9cf923ea%26hid%3Dgqmqokokmqqqmgow%26%26cntrl%3D00000%26pid%3D10044%26redid%3D75393%26gsid%3D488%26campaign_id%3D1228%26p_id%3D10044%26id%3DXNSX.897924130%253A%253A472125-r75393-t488%26impid%3Df3240a18-7b18-11ea-8936-12c26be3c49e; expires=Sat, 11-Apr-2020 10:51:13 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live templateid=3988; expires=Sat, 11-Apr-2020 10:51:13 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live path=redirect; expires=Sat, 11-Apr-2020 10:51:13 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live version=683383; expires=Sat, 11-Apr-2020 10:51:13 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live tags[3988][expand_enable]=-1; expires=Sat, 11-Apr-2020 10:51:13 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live tags[3988][alert_enable]=0; expires=Sat, 11-Apr-2020 10:51:13 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live tags[3988][audio_enable]=0; expires=Sat, 11-Apr-2020 10:51:13 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live tags[3988][pop_enable]=0; expires=Sat, 11-Apr-2020 10:51:13 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live tags[683383][expand_enable]=-1; expires=Sat, 11-Apr-2020 10:51:13 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live tags[683383][alert_enable]=0; expires=Sat, 11-Apr-2020 10:51:13 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live tags[683383][audio_enable]=0; expires=Sat, 11-Apr-2020 10:51:13 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live tags[683383][pop_enable]=0; expires=Sat, 11-Apr-2020 10:51:13 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live content=683383; expires=Sat, 11-Apr-2020 10:51:13 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live token=d56b01cac1f77f8c7c0b2e1ab485c152; expires=Sat, 11-Apr-2020 10:51:13 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live rpm=18; expires=Sat, 11-Apr-2020 10:51:13 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live log_6fa9cf923ea=1; expires=Sat, 11-Apr-2020 10:51:13 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live token=d56b01cac1f77f8c7c0b2e1ab485c152; expires=Sat, 11-Apr-2020 10:51:13 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live rpm=18; expires=Sat, 11-Apr-2020 10:51:13 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live payload=a03b8bfb6699ea41657847315b22e9dd8c587d2e4f401126b9b977506e23272a8c99f17f6002b0c9dbc50a0b307e6dff4b486f6ab40cc7dbff9ce92d2c4cc0311fafabd96fc9dda639f6a4ad2dcc4cc03b6dc0edcc5987b8c762203073c8db2ec28c42db07a1f2ae32dd1fb1b54509651a3458564fb2e73613a62165447b741d758fedb100e0f23f3c8501ea966c3b1bb16cf40f01fd3520e77269b541ad343c620487879ef99f70e6b01cc0a84bd0c899151b068047c53be8cfe9df772e44648c57dd95e64673d0568a9ae77982196c2eb7c2b7611df324867e82f24dc22d26d7495d65faebe8983b3ae011cbd33139404236b46698f21f914abca3c2bca86d6e0f54fc31891f7e2d37bf6395a0287edfed4f6a3bcfe568d08c7567e04e4c1fa325147eef873e24b76b0e22487922b8fc004aeb2ebd4c9c20235077314eaa41691f44ee065bc17e76834bf3417fbb7e22c05c6cd4b6a0af179bfb0b4fb7687b7ac2ae35e57ac49815118d4c86841208a8bc1599c4b5830d15b6e6514476be0991f7e0d43fa4f7165d6b6fdbc4339018d7f28358e7c99b2e3ab84001c9e334bdfb46ad336491f4d3aa7509196e9942cdfd36314d0761b47db22bb4020575dfba65385e602fa196a29852594afd66d816c6f4f7117a8ea4929d3d0997b0939784ef99074bcaf26e8f4968d03127da41eb5e082ae86c2b6abfd6b103f3bbc6ee551b8a0a09ac9b234fb11d171b63ba8c5bcb4fa6d65146a3e66e744fceb0997d9f41c4fae7ab18034c25563c042576b54c6fbd3a11dddbd294abdbfb9af1b07b10f6ef00bddee67df2f4e85a0d5cbc82f6fa09d848dedeca7ea7c3290272cd8d721faa43e8afcf3fd3a089086e646d42011aee163d4181ff2d56f19adf849a9f650e1baeaa2c958ae570d37e4535795ddb4d9226209908c7c450b20b4b62b9d1f91eba8d3e34faa116b41a5add453002c95edbda739d07ed621c84bcbcb0ae9dfcd5bf87eabd0b90db7b0b2aa58b07944f3b8b90aa0056f61480809061813988cedcd1455f6da1b4d657e007976a72d8d212f49c9d375ebec900e4cac7762a510d1bc4920754a92d25b43bff82b69591ace3b01e2b634104b110ec8fe9e2ed34678bff90ec1c89ce109324bca315a89d7db702164f13795cd2adc81da5fc5866fed6c8a396fd4a898cfe45002b39007527dbd851f5bc60a5686f53d927a6380dcde0ed0b6d592f484e78a619828c9e14e3bc9f511dece5c1437ea379ed54b2e5e2f059b0aeb5a971c92ed321c5c02d379ce5f242bd5839ad3d72e3d8e9d48a991ca17e9c14579953cdf09669a53816711dad312e4959cbae79527fbd9f9ae1a31984a189391afb310c1f255058f1847ffec99d372db81ca7fb7f09fc4a198e485f4a3e843f416ce1f22f8060871b6fc9667abc53004cc1b68aa85d71f55f2965c2e7cf20a51612e4f88462d5797a3c2080a9c37884a491b605ee7942b047ebbfa0bbab3ca5349c34273929ab6f12ec1db08a3be554f2458010d7e4819c400d1da90fba983a90ad00ce52695358574db5d14f901b739f43be6d370ba1eb2bad282ad59f6f0f02dfd858ab8e7b7b178b844872df9938d185fc6bf10392d7d7318e0e3c601e9288a8dabf45a87a0bc41635b9c17c75463eeae626e960c3ec1186690e1fc9c70a8b; expires=Sat, 11-Apr-2020 10:51:13 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live payloadIV=045209373b77ad4a3cfdebc36d078666; expires=Sat, 11-Apr-2020 10:51:13 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live init_ev=0; expires=Sat, 11-Apr-2020 10:51:13 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live id=XNSX.897924130%3A%3A472125-r75393-t488; expires=Sat, 11-Apr-2020 10:51:13 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live SITE_ID=6fa9cf923ea; expires=Sat, 11-Apr-2020 10:51:13 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live sov=6fa9cf923ea; expires=Sat, 11-Apr-2020 10:51:13 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live tov=683383; expires=Sat, 11-Apr-2020 10:51:13 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live mov=noprelanders.mini; expires=Sat, 11-Apr-2020 10:51:13 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live redid=75393; expires=Sat, 11-Apr-2020 10:51:13 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live campaign_id=1228; expires=Sat, 11-Apr-2020 10:51:13 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live gsid=488; expires=Sat, 11-Apr-2020 10:51:13 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live pid=10044; expires=Sat, 11-Apr-2020 10:51:13 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live ref=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.efadfre.jwihbq.live impid=f3240a18-7b18-11ea-8936-12c26be3c49e; expires=Sat, 11-Apr-2020 10:51:13 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live tags[3988][iframe_enable]=0; expires=Sat, 11-Apr-2020 10:51:13 GMT; Max-Age=86500; path=/; domain=.efadfre.jwihbq.live mini-backend=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
X-Source
Mini
X-Rot
683383
X-Sov
6fa9cf923ea
Expires
Mon, 01 Jan 2001 00:00:00 GMT
Cache-Control
no-cache
Pragma
no-cache
Content-Encoding
gzip

Redirect headers

Date
Fri, 10 Apr 2020 10:49:27 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
X-ImpID
f3240a18-7b18-11ea-8936-12c26be3c49e
Location
https://efadfre.jwihbq.live/?sov=6fa9cf923ea&hid=gqmqokokmqqqmgow&&cntrl=00000&pid=10044&redid=75393&gsid=488&campaign_id=1228&p_id=10044&id=XNSX.897924130%3A%3A472125-r75393-t488&impid=f3240a18-7b18-11ea-8936-12c26be3c49e
Set-Cookie
redir-backend=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Primary Request /
promo.iredirect.net/rea/pop/de/zc/11/
Redirect Chain
  • https://efadfre.jwihbq.live/ITS458nodepositAT.html?sov=6fa9cf923ea&cntrl=00000&pid=10044&redid=75393&gsid=488&campaign_id=1228&p_id=10044&id=XNSX.897924130%3A%3A472125-r75393-t488&impid=f3240a18-7b...
  • https://click.cr-brands.net/affiliate/referral.asp?site=rea&url=pop/de/zc/11&seg=52055&lid=215864&aff_id=5359_52055_23482_4408_57_347_3-75393|6fa9cf923ea|f6bc7336-7b18-11ea-8ed5-56d124b294d6|
  • https://promo.iredirect.net/referral.asp?aff_id=5359_52055_23482_4408_57_347_3-75393|6fa9cf923ea|f6bc7336-7b18-11ea-8ed5-56d124b294d6|&pop_up=1&url=/rea/pop/de/zc/11&seg=52055&lid=215864
  • https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
47 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Requested by
Host: efadfre.jwihbq.live
URL: https://efadfre.jwihbq.live/?sov=6fa9cf923ea&hid=gqmqokokmqqqmgow&&cntrl=00000&pid=10044&redid=75393&gsid=488&campaign_id=1228&p_id=10044&id=XNSX.897924130%3A%3A472125-r75393-t488&impid=f3240a18-7b18-11ea-8936-12c26be3c49e
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.139 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
a06d5037418de2010ecb64beb26c897dc1b222ec951f1d92375020494fd09917

Request headers

:method
GET
:authority
promo.iredirect.net
:scheme
https
:path
/rea/pop/de/zc/11/?v=0
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
document
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://efadfre.jwihbq.live/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
ASPSESSIONIDSESAQBAA=EAKEEINDDIBKKIAGEKKOAJDD
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document
Referer
https://efadfre.jwihbq.live/?sov=6fa9cf923ea&hid=gqmqokokmqqqmgow&&cntrl=00000&pid=10044&redid=75393&gsid=488&campaign_id=1228&p_id=10044&id=XNSX.897924130%3A%3A472125-r75393-t488&impid=f3240a18-7b18-11ea-8936-12c26be3c49e

Response headers

status
200
cache-control
no-store
content-type
text/html; Charset=UTF-8
content-encoding
gzip
expires
Sat, 15 May 1999 18:00:00 GMT
vary
Accept-Encoding
server
Microsoft-IIS/10.0
x-nid
W02
p3p
CP="CAO PSA OUR"
referrer-policy
origin
date
Fri, 10 Apr 2020 10:49:35 GMT
content-length
17698

Redirect headers

status
301
cache-control
no-store
content-type
text/html
expires
Sat, 15 May 1999 18:00:00 GMT
location
/rea/pop/de/zc/11/?v=0
server
Microsoft-IIS/10.0
set-cookie
ASPSESSIONIDSESAQBAA=EAKEEINDDIBKKIAGEKKOAJDD; secure; path=/
x-nid
W02
p3p
CP="CAO PSA OUR"
referrer-policy
origin
date
Fri, 10 Apr 2020 10:49:34 GMT
content-length
0
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@3.4.1/dist/css/ 		119 KB
18 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/bootstrap@3.4.1/dist/css/bootstrap.min.css
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6d92dfc1700fd38cd130ad818e23bc8aef697f815b2ea5face2b5dfad22f2e11
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Fri, 10 Apr 2020 10:49:35 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
22474908
cf-ray
581be6eb8eba2488-FRA
x-cache
HIT, HIT
status
200
vary
Accept-Encoding
x-served-by
cache-ams21050-AMS, cache-hhn4075-HHN
server
cloudflare
etag
W/"1da71-sJcv3M6C/Vg9TCzMPy4990BKGdA"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
bootstrap-theme.min.css
cdn.jsdelivr.net/npm/bootstrap@3.4.1/dist/css/ 		23 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/bootstrap@3.4.1/dist/css/bootstrap-theme.min.css
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f2e1cc227d6bbb4192e4a3becdfed971c7fc530d76200e43add11c98cb962c53
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Fri, 10 Apr 2020 10:49:35 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
5451987
cf-ray
581be6eb8ebc2488-FRA
x-cache
HIT, HIT
status
200
vary
Accept-Encoding
x-served-by
cache-ams21041-AMS, cache-fra19161-FRA
server
cloudflare
etag
W/"5b73-vu4OCA6m3MjAZhtmwbqgjkX07LY"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
style.css
promo.iredirect.net/rea/pop/de/zc/11/inc/ 		32 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://promo.iredirect.net/rea/pop/de/zc/11/inc/style.css
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.139 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
abc1b0b6c410426a469ec1cde57334e1031b31b617cdd9a667e62e0e9897865b

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Fri, 10 Apr 2020 10:49:35 GMT
content-encoding
gzip
referrer-policy
origin
last-modified
Thu, 01 Aug 2019 01:41:06 GMT
server
Microsoft-IIS/10.0
etag
"ce4e42fa48d51:0"
vary
Accept-Encoding
p3p
CP="CAO PSA OUR"
status
200
x-nid
W02
accept-ranges
bytes
content-type
text/css
content-length
7478
jquery.min.js
cdn.jsdelivr.net/npm/jquery@1.11.3/dist/ 		94 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/jquery@1.11.3/dist/jquery.min.js
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 10 Apr 2020 10:49:35 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
23268462
cf-ray
581be6eb8ebf2488-FRA
x-cache
HIT, HIT
status
200
vary
Accept-Encoding
x-served-by
cache-ams21023-AMS, cache-fra19170-FRA
server
cloudflare
etag
W/"176f8-N7HbiLV0OPEHKo68dVnJCcnTpoI"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
jquery-migrate.min.js
cdn.jsdelivr.net/npm/jquery-migrate@1.4.1/dist/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/jquery-migrate@1.4.1/dist/jquery-migrate.min.js
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 10 Apr 2020 10:49:35 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
22474601
cf-ray
581be6eb8ebd2488-FRA
x-cache
HIT, HIT
status
200
vary
Accept-Encoding
x-served-by
cache-ams21024-AMS, cache-hhn4077-HHN
server
cloudflare
etag
W/"2748-kFMq/21BIZVCVM3wSZTYNPfsFps"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
common.js
promo.iredirect.net/rea/shared/ 		83 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://promo.iredirect.net/rea/shared/common.js?1926-10
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.139 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
95a51b45012475148696a670a111438bff2064a280631833dd74ebf843333e4b

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 10 Apr 2020 10:49:35 GMT
content-encoding
gzip
referrer-policy
origin
last-modified
Tue, 19 Nov 2019 00:28:46 GMT
server
Microsoft-IIS/10.0
etag
"07384e709ed51:0"
vary
Accept-Encoding
p3p
CP="CAO PSA OUR"
status
200
x-nid
W02
accept-ranges
bytes
content-type
application/javascript
content-length
21995
vjs-chat.js
cdn.iredirect.net/webcdn/js/ 		703 B
564 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.iredirect.net/webcdn/js/vjs-chat.js?1561-10
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
395248fa2a0de2257903418d5cf5c40d36a9e2ec04a5c5f3d9f8ca9b67ef7028

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 10 Apr 2020 10:49:35 GMT
content-encoding
gzip
last-modified
Tue, 29 Aug 2017 01:40:54 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"0d74bda6720d31:0"
vary
Accept-Encoding
p3p
CP="CAO PSA OUR"
status
200
x-nid
W02
cache-control
must-revalidate, public, max-age=1800
accept-ranges
bytes
content-type
application/javascript
content-length
481
shared.css
cdn.iredirect.net/webcdn/css/rea/ 		15 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.iredirect.net/webcdn/css/rea/shared.css
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
46a30932fe2b5b10ef1ff0e4bad9b3f9718ba949cab17035c83e28e8ea5223dc

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Fri, 10 Apr 2020 10:49:35 GMT
content-encoding
gzip
last-modified
Thu, 19 Sep 2019 00:24:51 GMT
server
Microsoft-IIS/10.0
etag
"808bc3a6806ed51:0"
vary
Accept-Encoding
p3p
CP="CAO PSA OUR"
status
200
x-nid
W02
cache-control
must-revalidate, public, max-age=300
accept-ranges
bytes
content-type
text/css
content-length
3346
modal.js
cdn.iredirect.net/webcdn/js/rea/shared/ 		10 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.iredirect.net/webcdn/js/rea/shared/modal.js
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
adcccfba49ae4b6b9af5d7edd20673be39b35826d3e816a6969c333585169bb9

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 10 Apr 2020 10:49:35 GMT
content-encoding
gzip
last-modified
Thu, 24 Aug 2017 03:46:10 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"0ad1d868b1cd31:0"
vary
Accept-Encoding
p3p
CP="CAO PSA OUR"
status
200
x-nid
W02
cache-control
must-revalidate, public, max-age=1800
accept-ranges
bytes
content-type
application/javascript
content-length
2686
cookieConsentCr-1.0.min.js
www.zxcdn.com/webcdn/js/cookieConsentCr/ 		37 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.zxcdn.com/webcdn/js/cookieConsentCr/cookieConsentCr-1.0.min.js
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
723c2c65627d7ae37004903917b0f8b36b2ef61a7d39884d4e2547f32d717711

Request headers

Referer
https://promo.iredirect.net/
Origin
https://promo.iredirect.net
Sec-Fetch-Dest
script
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 10 Apr 2020 10:49:35 GMT
content-encoding
gzip
last-modified
Wed, 08 Apr 2020 04:27:26 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"0cba915edd61:0"
vary
Accept-Encoding
p3p
CP="CAO PSA OUR"
status
200
x-nid
W02
cache-control
must-revalidate, public, max-age=1800
accept-ranges
bytes
content-type
application/javascript
content-length
13135
script.js
promo.iredirect.net/rea/pop/de/zc/11/inc/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://promo.iredirect.net/rea/pop/de/zc/11/inc/script.js
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.139 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
660bb4e1bd2883018e1f82e461a1917db6b70e92ec7f44465ae9b9c5faa4eb9a

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 10 Apr 2020 10:49:35 GMT
content-encoding
gzip
referrer-policy
origin
last-modified
Thu, 01 Aug 2019 01:41:05 GMT
server
Microsoft-IIS/10.0
etag
"93973b2fa48d51:0"
vary
Accept-Encoding
p3p
CP="CAO PSA OUR"
status
200
x-nid
W02
accept-ranges
bytes
content-type
application/javascript
content-length
1096
zc9-logo.fs8.png
img.iredirect.net/webcdn/img/rea/pop/en/zc/10/ 		21 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.iredirect.net/webcdn/img/rea/pop/en/zc/10/zc9-logo.fs8.png
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
a3576fe83dbecce68c9aa707c89c9b42a4fafbde660b99853b40ec4fdfe00b74

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 10 Apr 2020 10:49:35 GMT
last-modified
Mon, 24 Jun 2019 06:09:57 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"4a46b072532ad51:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W02
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
21148
spacer.gif
cdn.iredirect.net/webcdn/img/rea/shared/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.iredirect.net/webcdn/img/rea/shared/spacer.gif
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
bc1949a92d0ed97011d62ecc757ac52524e92d35a8d36d96b1702f31cfbc9051

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 10 Apr 2020 10:49:35 GMT
last-modified
Mon, 27 Jun 2016 06:48:58 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"069d1fa3fd0d11:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W02
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
image/gif
content-length
1095
analytics.js
www.google-analytics.com/ 		44 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 06 Feb 2020 00:21:02 GMT
server
Golfe2
age
6793
date
Fri, 10 Apr 2020 08:56:22 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
18174
expires
Fri, 10 Apr 2020 10:56:22 GMT
gtm.js
www.googletagmanager.com/ 		135 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-T5DCX9V
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
01f0487d6519ca523c9a85357320891721fd88fde761ace3eb7ce2510c3f29ae
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 10 Apr 2020 10:49:35 GMT
content-encoding
br
status
200
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
32872
x-xss-protection
0
last-modified
Fri, 10 Apr 2020 09:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 10 Apr 2020 10:49:35 GMT
zc9-city-header.png
img.iredirect.net/webcdn/img/rea/pop/en/zc/10/ 		45 KB
46 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.iredirect.net/webcdn/img/rea/pop/en/zc/10/zc9-city-header.png
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
412690ea5f60c2dbc2c8a9e324b7b6b9aea20529d2ad3e4a09345bd913646e20

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 10 Apr 2020 10:49:35 GMT
last-modified
Mon, 24 Jun 2019 06:09:55 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"2973de71532ad51:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W02
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
46554
zc9-city-rays-header.jpg
img.iredirect.net/webcdn/img/rea/pop/en/zc/10/ 		53 KB
53 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.iredirect.net/webcdn/img/rea/pop/en/zc/10/zc9-city-rays-header.jpg
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
b114412634c3e617a18796b2671b9214c2934de1082630ae63e7bce36a4caa20

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 10 Apr 2020 10:49:35 GMT
last-modified
Mon, 24 Jun 2019 06:09:56 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"3599472532ad51:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W02
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
image/jpeg
content-length
54009
zc9-jackpot-sprite-exact.fs8.png
img.iredirect.net/webcdn/img/rea/pop/en/zc/10/ 		73 KB
73 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.iredirect.net/webcdn/img/rea/pop/en/zc/10/zc9-jackpot-sprite-exact.fs8.png
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
57b93b7039974ad8584ecdb0792f5904d06763994ff02b6ee96e66158fb08baa

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 10 Apr 2020 10:49:35 GMT
last-modified
Tue, 25 Jun 2019 00:50:52 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"7fbfda9f02ad51:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W02
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
74310
zc9-bottom-rays.jpg
img.iredirect.net/webcdn/img/rea/pop/en/zc/10/ 		83 KB
84 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.iredirect.net/webcdn/img/rea/pop/en/zc/10/zc9-bottom-rays.jpg
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
cfd504f6d9e4819d57c12cce0bc59d5ec5bd7b0e08ae255b43970befe5812718

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 10 Apr 2020 10:49:35 GMT
last-modified
Mon, 24 Jun 2019 06:09:54 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"4b481171532ad51:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W02
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
image/jpeg
content-length
85420
zc9-box-rays.fs8.png
img.iredirect.net/webcdn/img/rea/pop/en/zc/10/ 		22 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.iredirect.net/webcdn/img/rea/pop/en/zc/10/zc9-box-rays.fs8.png
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
68340ef36f1dcd11e5ee27a9600efe21a78a6b55a477a673f202b665e15bccc4

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 10 Apr 2020 10:49:35 GMT
last-modified
Mon, 24 Jun 2019 06:09:54 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"51ac3271532ad51:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W02
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
22097
zc9-arrow-sprite.png
img.iredirect.net/webcdn/img/rea/pop/en/zc/10/ 		636 B
718 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.iredirect.net/webcdn/img/rea/pop/en/zc/10/zc9-arrow-sprite.png
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
71b58c0c45fcfe0b94f750b8df4e1824367a69ed41c275102bc7eee9f7973af2

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 10 Apr 2020 10:49:35 GMT
last-modified
Mon, 24 Jun 2019 06:09:52 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"b925fa6f532ad51:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W02
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
636
subset-SourceSansPro-SemiBold.woff
www.zxcdn.com/webCDN/fonts/SourceSansPro/latin/ 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.zxcdn.com/webCDN/fonts/SourceSansPro/latin/subset-SourceSansPro-SemiBold.woff
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
cfe13f1f30e1849d1e4416a1b895057bf219a004c6aa14d95d452045d75243b8

Request headers

Referer
https://promo.iredirect.net/
Origin
https://promo.iredirect.net
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 10 Apr 2020 10:49:35 GMT
last-modified
Tue, 31 Oct 2017 01:50:42 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"0c5cba8ea51d31:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W02
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
font/x-woff
content-length
20796
zc9-arrow-sprite_2x.png
img.iredirect.net/webcdn/img/rea/pop/en/zc/10/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.iredirect.net/webcdn/img/rea/pop/en/zc/10/zc9-arrow-sprite_2x.png
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
ec77491fe828f2ac155ad88ef165b056a10b4897903692b654125194c6b89b04

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 10 Apr 2020 10:49:35 GMT
last-modified
Mon, 24 Jun 2019 06:09:53 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"8ad28670532ad51:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W02
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
1335
zc9-trust-logos-sprite-DE_2x.png
img.iredirect.net/webcdn/img/rea/pop/de/zc/10/ 		32 KB
32 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.iredirect.net/webcdn/img/rea/pop/de/zc/10/zc9-trust-logos-sprite-DE_2x.png
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
26ee26a0bea2b72a713be876dcf6b96f3090dfbf6053a186974a6130f3f8ef63

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 10 Apr 2020 10:49:35 GMT
last-modified
Thu, 25 Jul 2019 00:46:19 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"d84a9b5f8242d51:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W02
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
32892
norton.jpg
cdn.iredirect.net/webcdn/img/rea/shared/secimages/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.iredirect.net/webcdn/img/rea/shared/secimages/norton.jpg
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
7c54bb703a5f1ec08cb572c46325709e73726d6175a4d8ac29272f64910200ae

Request headers

Referer
https://cdn.iredirect.net/webcdn/css/rea/shared.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 10 Apr 2020 10:49:35 GMT
last-modified
Mon, 27 Jun 2016 06:46:26 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"0d38a03fd0d11:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W02
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
image/jpeg
content-length
2651
mcafee.jpg
cdn.iredirect.net/webcdn/img/rea/shared/secimages/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.iredirect.net/webcdn/img/rea/shared/secimages/mcafee.jpg
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
263daceea364e196b1120703f0debb9d0fdd4bfd579c3b78d8d03bbe222d1274

Request headers

Referer
https://cdn.iredirect.net/webcdn/css/rea/shared.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 10 Apr 2020 10:49:35 GMT
last-modified
Mon, 27 Jun 2016 06:46:26 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"0d38a03fd0d11:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W02
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
image/jpeg
content-length
2877
secure-de.jpg
cdn.iredirect.net/webcdn/img/rea/shared/secimages/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.iredirect.net/webcdn/img/rea/shared/secimages/secure-de.jpg
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
59a39b60dbe3a3b2d8e44d1452cc3382ce19c8a17ae48bc2e6aa1344762845a6

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 10 Apr 2020 10:49:35 GMT
last-modified
Mon, 27 Jun 2016 06:46:28 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"03a69a13fd0d11:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W02
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
image/jpeg
content-length
2734
footer-icons.fs8.png
cdn.iredirect.net/webCDN/img/Shared/ 		34 KB
34 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.iredirect.net/webCDN/img/Shared/footer-icons.fs8.png
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
b3788275845d14f2bcbb96d2b9907013be727afa12ae7b8ddd943dcbeddaebab

Request headers

Referer
https://cdn.iredirect.net/webcdn/css/rea/shared.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 10 Apr 2020 10:49:35 GMT
last-modified
Mon, 09 Sep 2019 23:44:17 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"24628f7e6867d51:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W02
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
image/png
content-length
35186
subset-SourceSansPro-Bold.woff
www.zxcdn.com/webCDN/fonts/SourceSansPro/latin/ 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.zxcdn.com/webCDN/fonts/SourceSansPro/latin/subset-SourceSansPro-Bold.woff
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
219a43f2fc226522d0eabee2072d36e3fd99e7ade96afaacf351c22aa46a962f

Request headers

Referer
https://promo.iredirect.net/
Origin
https://promo.iredirect.net
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 10 Apr 2020 10:49:35 GMT
last-modified
Tue, 31 Oct 2017 01:49:50 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"033cd89ea51d31:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W02
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
font/x-woff
content-length
20532
subset-SourceSansPro-Regular.woff
www.zxcdn.com/webCDN/fonts/SourceSansPro/latin/ 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.zxcdn.com/webCDN/fonts/SourceSansPro/latin/subset-SourceSansPro-Regular.woff
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.189 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
ecc1175b7df845d911061dc62cd06fae098dbb4479fcae6ba221bf30b3212d97

Request headers

Referer
https://promo.iredirect.net/
Origin
https://promo.iredirect.net
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 10 Apr 2020 10:49:35 GMT
last-modified
Tue, 31 Oct 2017 01:50:36 GMT
server
Microsoft-IIS/10.0
access-control-allow-origin
*
etag
"03e38a5ea51d31:0"
p3p
CP="CAO PSA OUR"
status
200
x-nid
W02
cache-control
must-revalidate, public, max-age=604800
accept-ranges
bytes
content-type
font/x-woff
content-length
20860
jackpots.js
promo.iredirect.net/rea/shared/ 		3 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://promo.iredirect.net/rea/shared/jackpots.js?_=1586515775415
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/jquery@1.11.3/dist/jquery.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.139 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
226585cf28f848482fd57559cf7017ef36a1fbfc7499341d705c87da937a6c54

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://promo.iredirect.net/
Sec-Fetch-Dest
empty
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 10 Apr 2020 10:49:35 GMT
content-encoding
gzip
referrer-policy
origin
last-modified
Mon, 19 Aug 2019 00:57:08 GMT
server
Microsoft-IIS/10.0
etag
"0a8062956d51:0"
vary
Accept-Encoding
p3p
CP="CAO PSA OUR"
status
200
x-nid
W02
accept-ranges
bytes
content-type
application/javascript
content-length
1136
/
api.iredirect.net/ApiMgs.svc/GetProgressivesByCultureName/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.iredirect.net/ApiMgs.svc/GetProgressivesByCultureName/?cultureName=de_EUR&callback=jQuery1113041249391904728805_1586515775416&_=1586515775417
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/jquery@1.11.3/dist/jquery.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.212.229.188 , United States, ASN14537 (CL-1379-14537, US),
Reverse DNS
Software
/
Resource Hash
55928f2e2041946f180faa9028877c05f4115c0be4651ba9d33f0e3b0200a882

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

pragma
no-cache
date
Fri, 10 Apr 2020 10:49:36 GMT
content-encoding
gzip
vary
Accept-Encoding
content-type
application/x-javascript
status
200
x-nid
W02
cache-control
no-cache
content-length
995
expires
-1
ga-audiences
www.google.de/ads/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j81&a=745689303&t=pageview&_s=1&dl=https%3A%2F%2Fpromo.iredirect.net%2Frea%2Fpop%2Fde%2Fzc%2F11%2F%3Fv%3D0&dr=https%253A%252F%252Fefadfre.jwihbq.li...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-85618867-1&cid=478562347.1586515776&jid=1930522140&_gid=1530309755.1586515776&gjid=639690482&_v=j81&z=568523265
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-85618867-1&cid=478562347.1586515776&jid=1930522140&_v=j81&z=568523265
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-85618867-1&cid=478562347.1586515776&jid=1930522140&_v=j81&z=568523265&slf_rd=1&random=2601682263
42 B
109 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-85618867-1&cid=478562347.1586515776&jid=1930522140&_v=j81&z=568523265&slf_rd=1&random=2601682263
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 10 Apr 2020 10:49:36 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 10 Apr 2020 10:49:36 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
location
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-85618867-1&cid=478562347.1586515776&jid=1930522140&_v=j81&z=568523265&slf_rd=1&random=2601682263
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
cache-control
no-cache, no-store, must-revalidate
content-type
text/html; charset=UTF-8
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
101 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j81&a=745689303&t=event&ni=1&_s=2&dl=https%3A%2F%2Fpromo.iredirect.net%2Frea%2Fpop%2Fde%2Fzc%2F11%2F%3Fv%3D0&dr=https%253A%252F%252Fefadfre.jwihbq.live%252F&ul=en-us&de=UTF-8&dt=Zodiac%20Casino!&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=REA%20Page&ea=Load%20Success&el=rea%2Fpop%2Fde%2Fzc%2F11&_u=YEBAAEABC~&jid=&gjid=&cid=478562347.1586515776&tid=UA-85618867-1&_gid=1530309755.1586515776&cd9=351&cd34=de&cd83=ouEuwKs4rH4OYYTvecyzJGiyoax4GpfrK4h88xNjsnM%3D&cd85=5359_52055_23482_4408_57_347_3-75393%7C6fa9cf923ea%7Cf6bc7336-7b18-11ea-8ed5-56d124b294d6%7C&cd89=wizfulladdress_https&cd90=pop_zc_11_0&cd91=wizfulladdress&cd124=catch_zc&cd125=1&cd126=11&cd127=0&cd128=ZC&cd129=&cd130=&cd131=EMPTY&z=1373264101
Requested by
Host: promo.iredirect.net
URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://promo.iredirect.net/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
no-cache
date
Sat, 04 Apr 2020 15:24:31 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
501905
content-type
image/gif
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
cache-control
no-cache, no-store, must-revalidate
access-control-allow-origin
*
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

54 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate string| thisLang string| thisSiteCode string| thisBrand string| thisCategory string| thisSplashCode string| thisVariation string| thisPath function| $ function| jQuery function| cross_domain_storage function| wopen function| checkCaptchaResponse number| d string| v number| formWS boolean| isCaptchaValidated object| respond boolean| priorEngage string| currency object| thisAffID string| siteTotalGames string| mobilesiteTotalGames string| decimalSeparator string| groupSeparator string| positivePattern string| decimalDigits string| isGDPR number| xit object| CookieConsentCr object| cookieconsent string| btag5 string| btag1 string| btag3 string| thisReferer string| __galab object| _loadGADATA function| isGoogleAnalyticsLoaded function| logGAEvent string| GoogleAnalyticsObject function| __gaTracker number| counter number| count function| timer object| dataLayer object| fm undefined| jQuery1113041249391904728805_1586515775416 object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| google_tag_manager boolean| blMatch

0 Cookies

2 Console Messages

Source Level URL
Text
console-api log URL: https://cdn.jsdelivr.net/npm/jquery-migrate@1.4.1/dist/jquery-migrate.min.js(Line 2)
Message:
JQMIGRATE: Migrate is installed, version 1.4.1
console-api log URL: https://promo.iredirect.net/rea/pop/de/zc/11/?v=0(Line 132)
Message:
Load Success

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.iredirect.net
cdn.iredirect.net
cdn.jsdelivr.net
click.cr-brands.net
efadfre.jwihbq.live
img.iredirect.net
laudypauty.com
m1o6.newestlinks.company
promo.iredirect.net
qalkawell.com
showmesmile.es
stats.g.doubleclick.net
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.zxcdn.com
zharewardss.com
104.161.32.89
108.61.12.74
154.16.205.185
216.189.40.128
2606:4700::6810:5714
2a00:1450:4001:808::2003
2a00:1450:4001:808::2004
2a00:1450:4001:81c::200e
2a00:1450:4001:81d::2008
2a00:1450:400c:c00::9c
31.220.54.15
66.212.229.139
66.212.229.144
66.212.229.188
66.212.229.189
78.142.29.109
01f0487d6519ca523c9a85357320891721fd88fde761ace3eb7ce2510c3f29ae
219a43f2fc226522d0eabee2072d36e3fd99e7ade96afaacf351c22aa46a962f
226585cf28f848482fd57559cf7017ef36a1fbfc7499341d705c87da937a6c54
263daceea364e196b1120703f0debb9d0fdd4bfd579c3b78d8d03bbe222d1274
26ee26a0bea2b72a713be876dcf6b96f3090dfbf6053a186974a6130f3f8ef63
395248fa2a0de2257903418d5cf5c40d36a9e2ec04a5c5f3d9f8ca9b67ef7028
412690ea5f60c2dbc2c8a9e324b7b6b9aea20529d2ad3e4a09345bd913646e20
46a30932fe2b5b10ef1ff0e4bad9b3f9718ba949cab17035c83e28e8ea5223dc
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
55928f2e2041946f180faa9028877c05f4115c0be4651ba9d33f0e3b0200a882
57b93b7039974ad8584ecdb0792f5904d06763994ff02b6ee96e66158fb08baa
59a39b60dbe3a3b2d8e44d1452cc3382ce19c8a17ae48bc2e6aa1344762845a6
660bb4e1bd2883018e1f82e461a1917db6b70e92ec7f44465ae9b9c5faa4eb9a
68340ef36f1dcd11e5ee27a9600efe21a78a6b55a477a673f202b665e15bccc4
6d92dfc1700fd38cd130ad818e23bc8aef697f815b2ea5face2b5dfad22f2e11
71b58c0c45fcfe0b94f750b8df4e1824367a69ed41c275102bc7eee9f7973af2
723c2c65627d7ae37004903917b0f8b36b2ef61a7d39884d4e2547f32d717711
7c54bb703a5f1ec08cb572c46325709e73726d6175a4d8ac29272f64910200ae
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
95a51b45012475148696a670a111438bff2064a280631833dd74ebf843333e4b
a06d5037418de2010ecb64beb26c897dc1b222ec951f1d92375020494fd09917
a3576fe83dbecce68c9aa707c89c9b42a4fafbde660b99853b40ec4fdfe00b74
abc1b0b6c410426a469ec1cde57334e1031b31b617cdd9a667e62e0e9897865b
adcccfba49ae4b6b9af5d7edd20673be39b35826d3e816a6969c333585169bb9
aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947
b114412634c3e617a18796b2671b9214c2934de1082630ae63e7bce36a4caa20
b3788275845d14f2bcbb96d2b9907013be727afa12ae7b8ddd943dcbeddaebab
bc1949a92d0ed97011d62ecc757ac52524e92d35a8d36d96b1702f31cfbc9051
cfd504f6d9e4819d57c12cce0bc59d5ec5bd7b0e08ae255b43970befe5812718
cfe13f1f30e1849d1e4416a1b895057bf219a004c6aa14d95d452045d75243b8
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
ec77491fe828f2ac155ad88ef165b056a10b4897903692b654125194c6b89b04
ecc1175b7df845d911061dc62cd06fae098dbb4479fcae6ba221bf30b3212d97
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2e1cc227d6bbb4192e4a3becdfed971c7fc530d76200e43add11c98cb962c53