epromotionplug.com Open in urlscan Pro
147.75.87.177 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://bit.ly/2QvDb8l
Effective URL:
https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT...
Submission: On July 01 via manual (July 1st 2021, 8:57:28 am UTC) from US

Summary HTTP 48 Redirects Behaviour Indicators

Summary

This website contacted 8 IPs in 3 countries across 10 domains to perform 48 HTTP transactions. The main IP is 147.75.87.177, located in Netherlands and belongs to PACKET, US. The main domain is epromotionplug.com.
TLS certificate: Issued by R3 on June 8th 2021. Valid for: 3 months.

This is the only time epromotionplug.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	67.199.248.10 67.199.248.10	396982 (GOOGLE-PR...) (GOOGLE-PRIVATE-CLOUD)
1 1	2606:4700:303... 2606:4700:3034::6815:20b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
21	147.75.87.177 147.75.87.177	54825 (PACKET) (PACKET)
3	2a00:1450:400... 2a00:1450:4001:802::200a	15169 (GOOGLE) (GOOGLE)
2	2001:4de0:ac1... 2001:4de0:ac18::1:a:3b	20446 (HIGHWINDS3) (HIGHWINDS3)
1 2	163.171.128.172 163.171.128.172	54994 (QUANTILNE...) (QUANTILNETWORKS)
11	147.75.87.121 147.75.87.121	54825 (PACKET) (PACKET)
8	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
1	152.199.19.160 152.199.19.160	15133 (EDGECAST) (EDGECAST)
1	2a00:1450:400... 2a00:1450:4001:828::2008	15169 (GOOGLE) (GOOGLE)
48	8

1 67.199.248.10 (United States) 1 redirects

ASN396982 (GOOGLE-PRIVATE-CLOUD, US)
PTR: bit.ly

bit.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3034::6815:20b0 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

malakicash.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 147.75.87.177 (Netherlands)

ASN54825 (PACKET, US)
PTR: pkt-ams-k3-shared-ingress3

epromotionplug.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4de0:ac18::1:a:3b (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 163.171.128.172 (Germany) 1 redirects

ASN54994 (QUANTILNETWORKS, US)

securechargevault.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
geoip.securechargevault.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 147.75.87.121 (Netherlands)

ASN54825 (PACKET, US)
PTR: pkt-ams-k3-shared-ingress2

tggsnglf.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 152.199.19.160 (United States)

ASN15133 (EDGECAST, US)

ajax.aspnetcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
21	epromotionplug.com epromotionplug.com	2 MB
11	tggsnglf.com tggsnglf.com	69 KB
8	gstatic.com fonts.gstatic.com	120 KB
3	googleapis.com fonts.googleapis.com	2 KB
2	securechargevault.com 1 redirects securechargevault.com geoip.securechargevault.com	1 KB
2	jquery.com code.jquery.com	60 KB
1	google-analytics.com ssl.google-analytics.com	17 KB
1	aspnetcdn.com ajax.aspnetcdn.com	12 KB
1	malakicash.com 1 redirects malakicash.com	812 B
1	bit.ly 1 redirects bit.ly	269 B
48	10

	Domain	Requested by
21	epromotionplug.com	epromotionplug.com code.jquery.com
11	tggsnglf.com	epromotionplug.com tggsnglf.com
8	fonts.gstatic.com	fonts.googleapis.com
3	fonts.googleapis.com	epromotionplug.com tggsnglf.com
2	code.jquery.com	epromotionplug.com tggsnglf.com
1	ssl.google-analytics.com	tggsnglf.com
1	ajax.aspnetcdn.com	tggsnglf.com
1	geoip.securechargevault.com	tggsnglf.com
1	securechargevault.com	1 redirects
1	malakicash.com	1 redirects
1	bit.ly	1 redirects
48	11

This site contains no links.

Subject Issuer	Validity	Valid
epromotionplug.com R3	`2021-06-08` - `2021-09-06`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-05-31` - `2021-08-23`	3 months	crt.sh
jquery.org Sectigo RSA Domain Validation Secure Server CA	`2020-10-06` - `2021-10-16`	a year	crt.sh
tggsnglf.com R3	`2021-06-20` - `2021-09-18`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-06-07` - `2021-08-30`	3 months	crt.sh
geoip.securechargevault.com AlphaSSL CA - SHA256 - G2	`2021-03-16` - `2022-04-17`	a year	crt.sh
*.vo.msecnd.net DigiCert SHA2 Secure Server CA	`2020-11-16` - `2021-11-10`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-05-31` - `2021-08-23`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
Frame ID: B0DB9079A4EEA322D50820060D5F6133
Requests: 27 HTTP requests in this frame

Frame: https://tggsnglf.com/dofadd/?SID=745310816e1a40533a7524e2e44886b1
Frame ID: D061F5E9F6B24FCAEF8211D1ECA2F423
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://bit.ly/2QvDb8l HTTP 301
https://malakicash.com/api/links/go/10/34/NEPT63KG HTTP 302
https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agen... Page URL

Detected technologies

Varnish (Cache Tools) Expand

Overall confidence: 100%
Detected patterns

headers via /varnish(?: $Varnish\/([\d.]+)$)?/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

48
Requests

100 %
HTTPS

50 %
IPv6

10
Domains

11
Subdomains

8
IPs

3
Countries

1974 kB
Transfer

11708 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://bit.ly/2QvDb8l HTTP 301
https://malakicash.com/api/links/go/10/34/NEPT63KG HTTP 302
https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 14

https://securechargevault.com/process/?c=408bca&m=2&dofid=p36%3Ao1490%3AaNSC2M%3Ab301a937c%3Ac&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957 HTTP 302
https://tggsnglf.com/dofadd/?c=408bca&m=2&dofid=p36%3Ao1490%3AaNSC2M%3Ab301a937c%3Ac&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957&dof_click_id=X7I8b2z8V0D6u890A9D4zeJcu3gcq3z2W

48 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
epromotionplug.com/campaigns/rcs/rnd5zx/
Redirect Chain

https://bit.ly/2QvDb8l
https://malakicash.com/api/links/go/10/34/NEPT63KG
https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957

6 KB
2 KB

421ms
230ms

Document
text/html

147.75.87.177
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.87.177 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress3
Software: /
Resource Hash: c0290a95770f09cb1d2c8198a57782f7e97f0bae3687603fb63ea5c80a914877

Request headers

:method: GET
:authority: epromotionplug.com
:scheme: https
:path: /campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Jul 2021 08:57:07 GMT
content-type: text/html; charset=UTF-8
x-cache-status: NOTCACHED
x-zen-fury: 4a2e3df7c296873372b4b3e796a235119e9dfdb0
cache-control: no-store
x-cdn: Served-By-Zenedge
content-encoding: gzip
vary: Accept-Encoding
x-varnish: 1775774
age: 0
via: 1.1 varnish (Varnish/6.3)
section-io-cache: Miss
accept-ranges: bytes
section-io-id: 1bdbbdc1500904ef431510acfbf72f3d

Redirect headers

date: Thu, 01 Jul 2021 08:57:07 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
location: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
access-control-allow-origin: *
access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
cf-cache-status: DYNAMIC
cf-request-id: 0b02e250fb0000c29a67812000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=jnjn9FiOdhhQhrOoTjgBnTtS9WjGqvuqTNmCSb%2BJZeN7DDcXhvji9vLXszM4mQU9Afkr7C6lwyl6GqaiQiIUmpLvIqyx6%2FXu040OLeuNRevk9EJLnGvgydjk2emDGQ1DnXPSWwzjp%2Bg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 667e6cc7feb7c29a-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H2 200 css
fonts.googleapis.com/ 4 KB
700 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,700

Requested by

Host: epromotionplug.com
URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e989496e5e0c5836493a83b5c083d32a4d19f54378eeda80c8a0e35ee72d3231

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://epromotionplug.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 01 Jul 2021 08:54:04 GMT
server: ESF
date: Thu, 01 Jul 2021 08:57:07 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 01 Jul 2021 08:57:07 GMT

GET
H2 200 css
fonts.googleapis.com/ 993 B
481 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Marck+Script

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

cb5ba5d7942837d78bb9eabccbef5d31f39e58a5dd4c9bd55af383166d41dc25

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://epromotionplug.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 01 Jul 2021 08:49:09 GMT
server: ESF
date: Thu, 01 Jul 2021 08:57:07 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 01 Jul 2021 08:57:07 GMT

GET
H2 200 light.min.css
epromotionplug.com/campaigns/rcs/rnd5zx/css/ 618 B
603 B 240ms
240ms Stylesheet
text/css 147.75.87.177
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/css/light.min.css
Requested by: Host: epromotionplug.com
URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.87.177 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress3
Software: /
Resource Hash: 97a4a3a1fe760e09b2d46feb83d5add3a0e426b62c655c1f12a861c90e2e738d

Request headers

:path: /campaigns/rcs/rnd5zx/css/light.min.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: epromotionplug.com
referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-zen-fury: cfbceb34bcb69ef692cfa41be6bf80868dd373f5
date: Thu, 01 Jul 2021 08:57:07 GMT
content-encoding: gzip
last-modified: Thu, 11 Jul 2019 20:07:00 GMT
x-cdn: Served-By-Zenedge
age: 0
etag: W/"5d2796e4-26a"
x-cache-status: NOTCACHED
vary: Accept-Encoding
content-type: text/css
via: 1.1 varnish (Varnish/6.3)
x-varnish: 1972706
accept-ranges: bytes
section-io-id: 319b0fe24d10bc52b1285ea603a56bec
section-io-cache: Miss

GET
H2 200 fontawesome.min.css
epromotionplug.com/campaigns/rcs/rnd5zx/css/ 76 KB
19 KB 225ms
224ms Stylesheet
text/css 147.75.87.177
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/css/fontawesome.min.css
Requested by: Host: epromotionplug.com
URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.87.177 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress3
Software: /
Resource Hash: 77d4443c370fb7376f3c5d0bff46a5c38d9f6933c66a7d6dd20c6ad0d97a9a03

Request headers

:path: /campaigns/rcs/rnd5zx/css/fontawesome.min.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: epromotionplug.com
referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-zen-fury: cfbceb34bcb69ef692cfa41be6bf80868dd373f5
date: Thu, 01 Jul 2021 08:57:07 GMT
content-encoding: gzip
last-modified: Thu, 11 Jul 2019 20:07:00 GMT
x-cdn: Served-By-Zenedge
age: 0
etag: W/"5d2796e4-130a4"
x-cache-status: NOTCACHED
vary: Accept-Encoding
content-type: text/css
via: 1.1 varnish (Varnish/6.3)
x-varnish: 2071020
accept-ranges: bytes
section-io-id: 3a701633ee79a3a5751e9e4ba4af534b
section-io-cache: Miss

GET
H2 200 spanel.css
epromotionplug.com/campaigns/rcs/rnd5zx/css/ 7 KB
2 KB 313ms
312ms Stylesheet
text/css 147.75.87.177
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/css/spanel.css
Requested by: Host: epromotionplug.com
URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.87.177 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress3
Software: /
Resource Hash: a46b9aa8737c1a07dac3c35d05944522e5d1ddcde0143a204a89b37161b7d6e7

Request headers

:path: /campaigns/rcs/rnd5zx/css/spanel.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: epromotionplug.com
referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-zen-fury: 4a2e3df7c296873372b4b3e796a235119e9dfdb0
date: Thu, 01 Jul 2021 08:57:07 GMT
content-encoding: gzip
last-modified: Thu, 11 Jul 2019 20:07:00 GMT
x-cdn: Served-By-Zenedge
age: 0
etag: W/"5d2796e4-1df9"
x-cache-status: NOTCACHED
vary: Accept-Encoding
content-type: text/css
via: 1.1 varnish (Varnish/6.3)
x-varnish: 1254673
accept-ranges: bytes
section-io-id: 0d8a3b9ceb3b12ee086c023e5ec6c84e
section-io-cache: Miss

GET
H2 200 main.css
epromotionplug.com/campaigns/rcs/rnd5zx/css/ 13 KB
4 KB 375ms
374ms Stylesheet
text/css 147.75.87.177
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/css/main.css?v=135
Requested by: Host: epromotionplug.com
URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.87.177 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress3
Software: /
Resource Hash: 321b0da46f9edd43f0965f69aca44aa2aa4dd364ff86af7d2ddd30ea4944f7a4

Request headers

:path: /campaigns/rcs/rnd5zx/css/main.css?v=135
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: epromotionplug.com
referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-zen-fury: 4a2e3df7c296873372b4b3e796a235119e9dfdb0
date: Thu, 01 Jul 2021 08:57:07 GMT
content-encoding: gzip
last-modified: Mon, 19 Aug 2019 13:44:25 GMT
x-cdn: Served-By-Zenedge
age: 0
etag: W/"5d5aa7b9-345c"
x-cache-status: NOTCACHED
vary: Accept-Encoding
content-type: text/css
via: 1.1 varnish (Varnish/6.3)
x-varnish: 1775776
accept-ranges: bytes
section-io-id: a9281048923fa2b9f6674f922afffdba
section-io-cache: Miss

GET
H2 200 logo.png
epromotionplug.com/campaigns/rcs/rnd5zx/img/ 6 KB
7 KB 406ms
405ms Image
image/png 147.75.87.177
PACKET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/img/logo.png
Requested by: Host: epromotionplug.com
URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.87.177 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress3
Software: /
Resource Hash: 545c797899e7a3fdc2b01623d11bf907262d34b0f032b554dc376f60963943f0

Request headers

:path: /campaigns/rcs/rnd5zx/img/logo.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: epromotionplug.com
referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-zen-fury: 4a2e3df7c296873372b4b3e796a235119e9dfdb0
date: Thu, 01 Jul 2021 08:57:07 GMT
via: 1.1 varnish (Varnish/6.3)
last-modified: Thu, 11 Jul 2019 20:07:00 GMT
x-cdn: Served-By-Zenedge
age: 0
etag: "5d2796e4-19c0"
x-cache-status: NOTCACHED
content-type: image/png
x-varnish: 1316886
content-length: 6592
accept-ranges: bytes
section-io-id: a260cdc4d6e05326369eaaa291daa8e8
section-io-cache: Miss

GET
H2 200 SexyViv.jpg
epromotionplug.com/campaigns/rcs/rnd5zx/media/SexyViv/ 1 MB
1 MB 1036ms
1035ms Image
image/jpeg 147.75.87.177
PACKET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/media/SexyViv/SexyViv.jpg
Requested by: Host: epromotionplug.com
URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.87.177 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress3
Software: /
Resource Hash: c98a04075691c3aefa15e83a2975f3d90c6100647883619dcdf529a970466987

Request headers

:path: /campaigns/rcs/rnd5zx/media/SexyViv/SexyViv.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: epromotionplug.com
referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-zen-fury: 4a2e3df7c296873372b4b3e796a235119e9dfdb0
date: Thu, 01 Jul 2021 08:57:08 GMT
via: 1.1 varnish (Varnish/6.3)
last-modified: Thu, 11 Jul 2019 20:06:48 GMT
x-cdn: Served-By-Zenedge
age: 0
etag: "5d2796d8-163214"
x-cache-status: NOTCACHED
content-type: image/jpeg
x-varnish: 1873472
content-length: 1454612
accept-ranges: bytes
section-io-id: 2ee90f4a176e3c7fdd21dd3b6b230ff7
section-io-cache: Miss

GET
H2 200 jquery-3.3.1.min.js Show response
code.jquery.com/ 85 KB
30 KB 27ms
11ms Script
application/javascript 2001:4de0:ac18::1:a:3b
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.3.1.min.js
Requested by: Host: epromotionplug.com
URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:3b , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Request headers

Origin: https://epromotionplug.com
Referer: https://epromotionplug.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Jul 2021 08:57:07 GMT
content-encoding: gzip
last-modified: Sat, 20 Jan 2018 17:26:44 GMT
server: nginx
etag: W/"5a637bd4-1538f"
vary: Accept-Encoding
x-hw: 1625129827.dop216.fr8.t,1625129827.cds227.fr8.hc,1625129827.cds002.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30288

GET
H2 200 iframeResizer.min.js Show response
epromotionplug.com/common/js/iframeResizer/ 12 KB
5 KB 207ms
206ms Script
application/javascript 147.75.87.177
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://epromotionplug.com/common/js/iframeResizer/iframeResizer.min.js
Requested by: Host: epromotionplug.com
URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.87.177 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress3
Software: /
Resource Hash: 35a59efb7049b51b061c5b4a00d2cb1a648a047a3406d55e500f3d6349052d33

Request headers

:path: /common/js/iframeResizer/iframeResizer.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: epromotionplug.com
referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-zen-fury: 4a2e3df7c296873372b4b3e796a235119e9dfdb0
date: Thu, 01 Jul 2021 08:57:07 GMT
content-encoding: gzip
last-modified: Thu, 04 Jan 2018 18:22:20 GMT
x-cdn: Served-By-Zenedge
age: 0
etag: W/"5a4e70dc-2e17"
x-cache-status: NOTCACHED
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish (Varnish/6.3)
x-varnish: 1708287
accept-ranges: bytes
section-io-id: 9bc97cae9bda01dfd011af4b301c44ff
section-io-cache: Miss

GET
H2 200 variables.js Show response
epromotionplug.com/campaigns/rcs/rnd5zx/js/ 2 KB
1016 B 270ms
269ms Script
application/javascript 147.75.87.177
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/js/variables.js
Requested by: Host: epromotionplug.com
URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.87.177 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress3
Software: /
Resource Hash: d3946169ae3c2ab0b919a4057e0a0a358cca07183925b867ce730bbeb0cf1707

Request headers

:path: /campaigns/rcs/rnd5zx/js/variables.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: epromotionplug.com
referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-zen-fury: 4a2e3df7c296873372b4b3e796a235119e9dfdb0
date: Thu, 01 Jul 2021 08:57:07 GMT
content-encoding: gzip
last-modified: Thu, 11 Jul 2019 20:07:00 GMT
x-cdn: Served-By-Zenedge
age: 0
etag: W/"5d2796e4-629"
x-cache-status: NOTCACHED
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish (Varnish/6.3)
x-varnish: 143935
accept-ranges: bytes
section-io-id: 7907405278596a18ea0985af55bf23b9
section-io-cache: Miss

GET
H2 200 chat.js Show response
epromotionplug.com/campaigns/rcs/rnd5zx/js/ 4 KB
2 KB 247ms
246ms Script
application/javascript 147.75.87.177
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/js/chat.js
Requested by: Host: epromotionplug.com
URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.87.177 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress3
Software: /
Resource Hash: f14bc4ff737a100f391746ce15553cdc50a969c60f999b94390df12755d0695e

Request headers

:path: /campaigns/rcs/rnd5zx/js/chat.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: epromotionplug.com
referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-zen-fury: 4a2e3df7c296873372b4b3e796a235119e9dfdb0
date: Thu, 01 Jul 2021 08:57:07 GMT
content-encoding: gzip
last-modified: Thu, 11 Jul 2019 20:06:47 GMT
x-cdn: Served-By-Zenedge
age: 0
etag: W/"5d2796d7-105e"
x-cache-status: NOTCACHED
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish (Varnish/6.3)
x-varnish: 605221
accept-ranges: bytes
section-io-id: 8c78890113937fee6ad4885316b46417
section-io-cache: Miss

GET
H2 200 main.js Show response
epromotionplug.com/campaigns/rcs/rnd5zx/js/ 5 KB
2 KB 272ms
271ms Script
application/javascript 147.75.87.177
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/js/main.js
Requested by: Host: epromotionplug.com
URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.87.177 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress3
Software: /
Resource Hash: f81b7897f905bbc093aed72a45e364290299a1c81e4b50e216a14f9832ff01cb

Request headers

:path: /campaigns/rcs/rnd5zx/js/main.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: epromotionplug.com
referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-zen-fury: cfbceb34bcb69ef692cfa41be6bf80868dd373f5
date: Thu, 01 Jul 2021 08:57:07 GMT
content-encoding: gzip
last-modified: Thu, 11 Jul 2019 20:06:47 GMT
x-cdn: Served-By-Zenedge
age: 0
etag: W/"5d2796d7-13af"
x-cache-status: NOTCACHED
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish (Varnish/6.3)
x-varnish: 307826
accept-ranges: bytes
section-io-id: 5cb29cdca0b229cdeb8c800c69f6c690
section-io-cache: Miss

GET
H2 200 f.js Show response
epromotionplug.com/__zenedge/assets/ 22 KB
8 KB 46ms
45ms Script
application/javascript 147.75.87.177
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://epromotionplug.com/__zenedge/assets/f.js?v=1541158593
Requested by: Host: epromotionplug.com
URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.87.177 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress3
Software: /
Resource Hash: 64ef86f970680e7322c71974fe2e9bd9a1da71f4d02578a60d9d883ceebb5af0

Request headers

:path: /__zenedge/assets/f.js?v=1541158593
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: epromotionplug.com
referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-zen-fury: 4a2e3df7c296873372b4b3e796a235119e9dfdb0
date: Thu, 01 Jul 2021 08:57:07 GMT
content-encoding: gzip
section-io-cache-id: fbd70f8b8ab866c367b115b6d1e4352e
last-modified: Fri, 02 Nov 2018 11:37:21 GMT
age: 9015
etag: W/"5bdc36f1-59e1"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish (Varnish/6.3)
x-varnish: 1056656 1083342
content-length: 7741
accept-ranges: bytes
section-io-id: 2ca209c319bf4ade26403e7e2d9253ea
section-io-cache: Hit

GET
H2

200

/ Show response
tggsnglf.com/dofadd/ Frame D061
Redirect Chain

https://securechargevault.com/process/?c=408bca&m=2&dofid=p36%3Ao1490%3AaNSC2M%3Ab301a937c%3Ac&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
https://tggsnglf.com/dofadd/?c=408bca&m=2&dofid=p36%3Ao1490%3AaNSC2M%3Ab301a937c%3Ac&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957&dof_click_id=X7I8b2z8V0D6u890A9D4zeJcu3gcq3z2W

432 B
787 B

437ms
262ms

Document
text/html

147.75.87.121
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://tggsnglf.com/dofadd/?c=408bca&m=2&dofid=p36%3Ao1490%3AaNSC2M%3Ab301a937c%3Ac&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957&dof_click_id=X7I8b2z8V0D6u890A9D4zeJcu3gcq3z2W
Requested by: Host: epromotionplug.com
URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.87.121 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress2
Software: /
Resource Hash: 243296f277e614f530c41f79c099d9cb0f5f332b8b1730f423eaa55a451faace

Request headers

:method: GET
:authority: tggsnglf.com
:scheme: https
:path: /dofadd/?c=408bca&m=2&dofid=p36%3Ao1490%3AaNSC2M%3Ab301a937c%3Ac&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957&dof_click_id=X7I8b2z8V0D6u890A9D4zeJcu3gcq3z2W
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://epromotionplug.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://epromotionplug.com/

Response headers

date: Thu, 01 Jul 2021 08:57:08 GMT
content-type: text/html; charset=UTF-8
x-cache-status: NOTCACHED
x-zen-fury: 4a2e3df7c296873372b4b3e796a235119e9dfdb0
cache-control: no-store
pragma: no-cache
set-cookie: PHPSESSID=745310816e1a40533a7524e2e44886b1; path=/; secure; SameSite=None
expires: 0
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
x-cdn: Served-By-Zenedge
content-encoding: gzip
vary: Accept-Encoding
x-varnish: 1513585
age: 0
via: 1.1 varnish (Varnish/6.3)
section-io-cache: Miss
accept-ranges: bytes
section-io-id: 76bcdb7330d9434b3f1c511a0dc625a6

Redirect headers

date: Thu, 01 Jul 2021 08:57:07 GMT
content-type: text/html; charset=UTF-8
x-cache-status: NOTCACHED
x-zen-fury: b1c66bbd4bdd4722e775cc3f9b8e00c01ca19e7d
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=47fdffb7fdac63bb0fe55addda486f91; path=/; secure; SameSite=None
location: https://tggsnglf.com/dofadd/?c=408bca&m=2&dofid=p36%3Ao1490%3AaNSC2M%3Ab301a937c%3Ac&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957&dof_click_id=X7I8b2z8V0D6u890A9D4zeJcu3gcq3z2W
expires: 0
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
server: ZENEDGE
x-cdn: Served-By-Zenedge
x-via: 1.1 PSdgflkfFRA1ox201:7 (Cdn Cache Server V2.0), 1.1 PSdgflkfFRA1eq94:13 (Cdn Cache Server V2.0)
x-ws-request-id: 60dd8363_localhost_20535-48518

GET
H2 206 stream.php
epromotionplug.com/campaigns/rcs/rnd5zx/streamsrv/ 9 MB
0 1760ms
1760ms Media
video/mp4 147.75.87.177
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/streamsrv/stream.php?sf=%media/SexyViv/SexyViv-0.mp4
Requested by: Host: epromotionplug.com
URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.87.177 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress3
Software: /
Resource Hash

Request headers

:path: /campaigns/rcs/rnd5zx/streamsrv/stream.php?sf=%media/SexyViv/SexyViv-0.mp4
pragma: no-cache
accept-encoding: identity;q=1, *;q=0
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: video
:authority: epromotionplug.com
referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
:scheme: https
sec-fetch-site: same-origin
range: bytes=0-
:method: GET
Referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

date: Thu, 01 Jul 2021 08:57:09 GMT
via: 1.1 varnish (Varnish/6.3)
x-cdn: Served-By-Zenedge
age: 0
x-cache-status: NOTCACHED
Content-Range: bytes 0-53801673/53801674
section-io-cache: Miss
Content-Length: 53801674
x-zen-fury: 4a2e3df7c296873372b4b3e796a235119e9dfdb0
last-modified: Fri, 12 Jul 2019 18:05:43 GMT
x-varnish: 990582
cache-control: max-age=2592000, public
section-io-id: 883e53f3e41cac2aceb3371e85ff19cc
accept-ranges: bytes
content-type: video/mp4
expires: Sat, 31 Jul 2021 08:57:08 GMT

GET
H2 200 icon.png
epromotionplug.com/campaigns/rcs/rnd5zx/img/ 20 KB
20 KB 252ms
251ms Image
image/png 147.75.87.177
PACKET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/img/icon.png
Requested by: Host: epromotionplug.com
URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/css/main.css?v=135
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.87.177 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress3
Software: /
Resource Hash: 6ed6c8a7629a4d65d52b64fe89b4aba45b2d633902e3bc87a043cb2768a6363a

Request headers

:path: /campaigns/rcs/rnd5zx/img/icon.png
pragma: no-cache
cookie: __zjc6877=5105495872
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: epromotionplug.com
referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/css/main.css?v=135
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/css/main.css?v=135
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-zen-fury: 4a2e3df7c296873372b4b3e796a235119e9dfdb0
date: Thu, 01 Jul 2021 08:57:08 GMT
via: 1.1 varnish (Varnish/6.3)
last-modified: Thu, 11 Jul 2019 20:07:00 GMT
x-cdn: Served-By-Zenedge
age: 0
etag: "5d2796e4-4e4d"
x-cache-status: NOTCACHED
content-type: image/png
x-varnish: 1316889
content-length: 20045
accept-ranges: bytes
section-io-id: 1acea39d0defdddebb2a68b6a5a2c074
section-io-cache: Miss

GET
H2 200 bg.jpg
epromotionplug.com/campaigns/rcs/rnd5zx/img/ 38 KB
38 KB 233ms
232ms Image
image/jpeg 147.75.87.177
PACKET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/img/bg.jpg
Requested by: Host: epromotionplug.com
URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/css/main.css?v=135
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.87.177 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress3
Software: /
Resource Hash: 141ae18f6ca65c688d36f7c268dceb883ff097ac7250db740fb3d4fcac0036bb

Request headers

:path: /campaigns/rcs/rnd5zx/img/bg.jpg
pragma: no-cache
cookie: __zjc6877=5105495872
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: epromotionplug.com
referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/css/main.css?v=135
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/css/main.css?v=135
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-zen-fury: cfbceb34bcb69ef692cfa41be6bf80868dd373f5
date: Thu, 01 Jul 2021 08:57:08 GMT
via: 1.1 varnish (Varnish/6.3)
last-modified: Thu, 11 Jul 2019 20:06:47 GMT
x-cdn: Served-By-Zenedge
age: 0
etag: "5d2796d7-97ab"
x-cache-status: NOTCACHED
content-type: image/jpeg
x-varnish: 1219603
content-length: 38827
accept-ranges: bytes
section-io-id: eb86dd0ac4890ebcebbbbcfe26faf0fa
section-io-cache: Miss

GET
H2 200 fa-light-300.woff2
epromotionplug.com/campaigns/rcs/rnd5zx/webfonts/ 153 KB
154 KB 804ms
803ms Font
application/octet-stream 147.75.87.177
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/webfonts/fa-light-300.woff2
Requested by: Host: epromotionplug.com
URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/css/light.min.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.87.177 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress3
Software: /
Resource Hash: 558c1708821688922a35f8105bc9b840a73ae02165d0016746c71741ab48128d

Request headers

sec-fetch-mode: cors
origin: https://epromotionplug.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: font
cookie: __zjc6877=5105495872
:path: /campaigns/rcs/rnd5zx/webfonts/fa-light-300.woff2
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: epromotionplug.com
referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/css/light.min.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://epromotionplug.com
Referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/css/light.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-zen-fury: 4a2e3df7c296873372b4b3e796a235119e9dfdb0
date: Thu, 01 Jul 2021 08:57:08 GMT
via: 1.1 varnish (Varnish/6.3)
last-modified: Thu, 11 Jul 2019 20:06:50 GMT
x-cdn: Served-By-Zenedge
age: 0
etag: "5d2796da-26588"
x-cache-status: NOTCACHED
content-type: application/octet-stream
x-varnish: 1283929
content-length: 157064
accept-ranges: bytes
section-io-id: 3c901810309221c84aff760b6ddf684e
section-io-cache: Miss

GET
H2 200 mem5YaGs126MiZpBA-UN7rgOUuhp.woff2
fonts.gstatic.com/s/opensans/v20/ 15 KB
15 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v20/mem5YaGs126MiZpBA-UN7rgOUuhp.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c73575543a5c99018f842960f9882edaa0918965ea856e91de9717a0d58d3f1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://epromotionplug.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 16:31:16 GMT
x-content-type-options: nosniff
age: 145551
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15112
x-xss-protection: 0
last-modified: Tue, 18 May 2021 21:21:50 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 29 Jun 2022 16:31:16 GMT

GET
H2 200 nwpTtK2oNgBA3Or78gapdwuyyCg_.woff2
fonts.gstatic.com/s/marckscript/v11/ 13 KB
13 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/marckscript/v11/nwpTtK2oNgBA3Or78gapdwuyyCg_.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Marck+Script

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f4aa95c3a5140129e2c93e1ca4d2876afc646aff9eb561c565bb1c4ab79504d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://epromotionplug.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 08:11:49 GMT
x-content-type-options: nosniff
age: 89118
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13412
x-xss-protection: 0
last-modified: Tue, 01 Sep 2020 05:22:12 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 30 Jun 2022 08:11:49 GMT

GET
H2 200 mem5YaGs126MiZpBA-UN_r8OUuhp.woff2
fonts.gstatic.com/s/opensans/v20/ 15 KB
15 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v20/mem5YaGs126MiZpBA-UN_r8OUuhp.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9f7216d2f53a731d9749077c22e15cfb38bcdc40806511ccf736f440c7569d64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://epromotionplug.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 10:05:12 GMT
x-content-type-options: nosniff
age: 82315
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14992
x-xss-protection: 0
last-modified: Tue, 18 May 2021 21:21:24 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 30 Jun 2022 10:05:12 GMT

GET
H2 200 names.txt Show response
epromotionplug.com/campaigns/rcs/rnd5zx/ 2 KB
2 KB 268ms
268ms XHR
text/plain 147.75.87.177
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/names.txt
Requested by: Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.3.1.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.87.177 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress3
Software: /
Resource Hash: 3a281897c45d5e17c7261e8676e5ea15bc02005fe456fb05d4797452ee577cd5

Request headers

sec-fetch-mode: cors
accept-encoding: gzip, deflate, br
accept-language: en-US
x-requested-with: XMLHttpRequest
sec-fetch-dest: empty
cookie: __zjc6877=5105495872
:path: /campaigns/rcs/rnd5zx/names.txt
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: epromotionplug.com
referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: */*
Referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-zen-fury: 4a2e3df7c296873372b4b3e796a235119e9dfdb0
date: Thu, 01 Jul 2021 08:57:08 GMT
content-encoding: gzip
last-modified: Thu, 11 Jul 2019 20:07:03 GMT
x-cdn: Served-By-Zenedge
age: 0
etag: W/"5d2796e7-8ba"
x-cache-status: NOTCACHED
vary: Accept-Encoding
content-type: text/plain
via: 1.1 varnish (Varnish/6.3)
x-varnish: 2200483
accept-ranges: bytes
section-io-id: d31316302b4038e87197825bdfbe71d4
section-io-cache: Miss

GET
H2 200 comments.txt Show response
epromotionplug.com/campaigns/rcs/rnd5zx/ 5 KB
2 KB 274ms
273ms XHR
text/plain 147.75.87.177
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/comments.txt
Requested by: Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.3.1.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.87.177 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress3
Software: /
Resource Hash: 724967557286a715aa79a85141bfb335b0e1c2fda76ad13fae359bfa34ffada8

Request headers

sec-fetch-mode: cors
accept-encoding: gzip, deflate, br
accept-language: en-US
x-requested-with: XMLHttpRequest
sec-fetch-dest: empty
cookie: __zjc6877=5105495872
:path: /campaigns/rcs/rnd5zx/comments.txt
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: epromotionplug.com
referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: */*
Referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Jul 2021 08:57:08 GMT
content-encoding: gzip
x-cdn: Served-By-Zenedge
age: 0
x-cache-status: NOTCACHED
section-io-cache: Miss
content-length: 2108
x-zen-fury: 4a2e3df7c296873372b4b3e796a235119e9dfdb0
last-modified: Thu, 11 Jul 2019 20:07:00 GMT
etag: W/"5d2796e4-1299"
vary: Accept-Encoding
x-varnish: 1644276
via: 1.1 varnish (Varnish/6.3)
section-io-id: c441bfdbe3bb6dc8ad61f2eed21a3662
accept-ranges: bytes
content-type: text/plain

GET
H2 200 replies.txt Show response
epromotionplug.com/campaigns/rcs/rnd5zx/ 838 B
833 B 216ms
216ms XHR
text/plain 147.75.87.177
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/replies.txt
Requested by: Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.3.1.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.87.177 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress3
Software: /
Resource Hash: 2a206f67a44f37a51087d49b6199d637490245f6e9b9fdf92a38c87451f152ca

Request headers

sec-fetch-mode: cors
accept-encoding: gzip, deflate, br
accept-language: en-US
x-requested-with: XMLHttpRequest
sec-fetch-dest: empty
cookie: __zjc6877=5105495872
:path: /campaigns/rcs/rnd5zx/replies.txt
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: epromotionplug.com
referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: */*
Referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-zen-fury: cfbceb34bcb69ef692cfa41be6bf80868dd373f5
date: Thu, 01 Jul 2021 08:57:08 GMT
content-encoding: gzip
last-modified: Thu, 11 Jul 2019 20:07:03 GMT
x-cdn: Served-By-Zenedge
age: 0
etag: W/"5d2796e7-346"
x-cache-status: NOTCACHED
vary: Accept-Encoding
content-type: text/plain
via: 1.1 varnish (Varnish/6.3)
x-varnish: 1972708
accept-ranges: bytes
section-io-id: 90421698efa0d0ccbb15371f380b5adf
section-io-cache: Miss

GET
H2 200 colors.txt Show response
epromotionplug.com/campaigns/rcs/rnd5zx/ 463 B
624 B 303ms
303ms XHR
text/plain 147.75.87.177
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/colors.txt
Requested by: Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.3.1.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.87.177 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress3
Software: /
Resource Hash: b12bb41877bcf74cc3e99c2f1bfd77629f8d8b2ab0af630a8255cb08eac26dcb

Request headers

sec-fetch-mode: cors
accept-encoding: gzip, deflate, br
accept-language: en-US
x-requested-with: XMLHttpRequest
sec-fetch-dest: empty
cookie: __zjc6877=5105495872
:path: /campaigns/rcs/rnd5zx/colors.txt
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: epromotionplug.com
referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: */*
Referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-zen-fury: 4a2e3df7c296873372b4b3e796a235119e9dfdb0
date: Thu, 01 Jul 2021 08:57:08 GMT
content-encoding: gzip
last-modified: Thu, 11 Jul 2019 20:06:47 GMT
x-cdn: Served-By-Zenedge
age: 0
etag: W/"5d2796d7-1cf"
x-cache-status: NOTCACHED
vary: Accept-Encoding
content-type: text/plain
via: 1.1 varnish (Varnish/6.3)
x-varnish: 1708290
accept-ranges: bytes
section-io-id: 600fe9d335d9c49959cb3681f3091030
section-io-cache: Miss

GET
H2 200 f.js Show response
tggsnglf.com/__zenedge/assets/ Frame D061 22 KB
8 KB 34ms
33ms Script
application/javascript 147.75.87.121
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://tggsnglf.com/__zenedge/assets/f.js?v=1541158593
Requested by: Host: tggsnglf.com
URL: https://tggsnglf.com/dofadd/?c=408bca&m=2&dofid=p36%3Ao1490%3AaNSC2M%3Ab301a937c%3Ac&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957&dof_click_id=X7I8b2z8V0D6u890A9D4zeJcu3gcq3z2W
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.87.121 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress2
Software: /
Resource Hash: 64ef86f970680e7322c71974fe2e9bd9a1da71f4d02578a60d9d883ceebb5af0

Request headers

Referer: https://tggsnglf.com/dofadd/?c=408bca&m=2&dofid=p36%3Ao1490%3AaNSC2M%3Ab301a937c%3Ac&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957&dof_click_id=X7I8b2z8V0D6u890A9D4zeJcu3gcq3z2W
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-zen-fury: e6552adecfd170d366481a1300b7b9f2581c1337
date: Thu, 01 Jul 2021 08:57:08 GMT
content-encoding: gzip
section-io-cache-id: f65e1834fdbe515514628ebc1dfb2be5
last-modified: Fri, 02 Nov 2018 11:37:21 GMT
age: 11564
etag: W/"5bdc36f1-59e1"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish (Varnish/6.3)
x-varnish: 373026 425987
content-length: 7741
accept-ranges: bytes
section-io-id: 5e07c00ca2fdf11bc3f20b5183accd36
section-io-cache: Hit

GET
H2 200 / Show response
tggsnglf.com/dofadd/ Frame D061 11 KB
4 KB 410ms
410ms Document
text/html 147.75.87.121
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://tggsnglf.com/dofadd/?SID=745310816e1a40533a7524e2e44886b1
Requested by: Host: epromotionplug.com
URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.87.121 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress2
Software: /
Resource Hash: 11dcdfe625c39f56956a056f7cea6efe29d4f2983d4705eaef06757171124685

Request headers

:method: GET
:authority: tggsnglf.com
:scheme: https
:path: /dofadd/?SID=745310816e1a40533a7524e2e44886b1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://tggsnglf.com/dofadd/?c=408bca&m=2&dofid=p36%3Ao1490%3AaNSC2M%3Ab301a937c%3Ac&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957&dof_click_id=X7I8b2z8V0D6u890A9D4zeJcu3gcq3z2W
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: PHPSESSID=745310816e1a40533a7524e2e44886b1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tggsnglf.com/dofadd/?c=408bca&m=2&dofid=p36%3Ao1490%3AaNSC2M%3Ab301a937c%3Ac&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957&dof_click_id=X7I8b2z8V0D6u890A9D4zeJcu3gcq3z2W

Response headers

date: Thu, 01 Jul 2021 08:57:08 GMT
content-type: text/html; charset=UTF-8
x-cache-status: NOTCACHED
x-zen-fury: cfbceb34bcb69ef692cfa41be6bf80868dd373f5
cache-control: no-store
pragma: no-cache
set-cookie: PHPSESSID=745310816e1a40533a7524e2e44886b1; path=/; secure; SameSite=None
expires: 0
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
x-cdn: Served-By-Zenedge
content-encoding: gzip
vary: Accept-Encoding
x-varnish: 1091085
age: 0
via: 1.1 varnish (Varnish/6.3)
section-io-cache: Miss
accept-ranges: bytes
section-io-id: 170eb2ebd7cb4b4f0dbf16bc0fed51ad

GET
H2 200 / Show response
geoip.securechargevault.com/ Frame D061 396 B
540 B 335ms
198ms Script
application/javascript 163.171.128.172
QUANTILNETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: https://geoip.securechargevault.com/?v=1
Requested by: Host: tggsnglf.com
URL: https://tggsnglf.com/dofadd/?SID=745310816e1a40533a7524e2e44886b1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 163.171.128.172 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software: ZENEDGE /
Resource Hash: e700ded2400554da5e78ce9019a5ee70361d13123f6e97e9593ac075cb384002

Request headers

Referer: https://tggsnglf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Jul 2021 08:57:09 GMT
content-encoding: gzip
server: ZENEDGE
x-cache-status: NOTCACHED
x-ws-request-id: 60dd8364_localhost_20615-40838
x-via: 1.1 PSdgflkfFRA1bc200:14 (Cdn Cache Server V2.0), 1.1 PSdgflkfFRA1dm92:9 (Cdn Cache Server V2.0)
cache-control: no-cache, no-store, must-revalidate
x-zen-fury: b1c66bbd4bdd4722e775cc3f9b8e00c01ca19e7d
content-type: application/javascript
x-cdn: Served-By-Zenedge
expires: 0

GET
H2 200 cleanstep3drk.css
tggsnglf.com/common_tpls/compact/css/ Frame D061 141 KB
28 KB 36ms
35ms Stylesheet
text/css 147.75.87.121
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://tggsnglf.com/common_tpls/compact/css/cleanstep3drk.css
Requested by: Host: tggsnglf.com
URL: https://tggsnglf.com/dofadd/?SID=745310816e1a40533a7524e2e44886b1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.87.121 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress2
Software: /
Resource Hash: b3ad2a56bba5e9d30a226802b7a5c9d9ce7919c69e9608f34aaccf8c5914a64d

Request headers

Referer: https://tggsnglf.com/dofadd/?SID=745310816e1a40533a7524e2e44886b1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Jul 2021 08:57:08 GMT
content-encoding: gzip
section-io-cache-id: f168fba1d7e7f9f84d302ae6acad76e1
x-cdn: Served-By-Zenedge
age: 10515
x-cache-status: NOTCACHED
section-io-cache: Hit
content-length: 28195
x-zen-fury: e6552adecfd170d366481a1300b7b9f2581c1337
last-modified: Tue, 16 Jun 2020 16:45:05 GMT
etag: W/"5ee8f711-233ed"
vary: Accept-Encoding
x-varnish: 1091090 328711
via: 1.1 varnish (Varnish/6.3)
section-io-id: 176aa4b9e334944f17d130428ba2028f
accept-ranges: bytes
content-type: text/css

GET
H2 200 jquery-3.4.1.min.js Show response
code.jquery.com/ Frame D061 86 KB
30 KB 9ms
9ms Script
application/javascript 2001:4de0:ac18::1:a:3b
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.4.1.min.js
Requested by: Host: tggsnglf.com
URL: https://tggsnglf.com/dofadd/?SID=745310816e1a40533a7524e2e44886b1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:3b , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Request headers

Origin: https://tggsnglf.com
Referer: https://tggsnglf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Jul 2021 08:57:08 GMT
content-encoding: gzip
last-modified: Wed, 01 May 2019 21:14:27 GMT
server: nginx
etag: W/"5cca0c33-15851"
vary: Accept-Encoding
x-hw: 1625129828.dop216.fr8.t,1625129828.cds227.fr8.hc,1625129828.cds236.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30638

GET
H2 200 bootstrap.min.js Show response
ajax.aspnetcdn.com/ajax/bootstrap/3.3.2/ Frame D061 35 KB
12 KB 119ms
31ms Script
application/javascript 152.199.19.160
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.aspnetcdn.com/ajax/bootstrap/3.3.2/bootstrap.min.js

Requested by

Host: tggsnglf.com
URL: https://tggsnglf.com/dofadd/?SID=745310816e1a40533a7524e2e44886b1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.160 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/8FEA) /

Resource Hash

c8eeec83fe8bf655eeeda291466d268770436dde4e3e40416a85d05d3893e892

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Origin: https://tggsnglf.com
Referer: https://tggsnglf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Jul 2021 08:57:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 23613458
x-cache: HIT
content-length: 12247
x-xss-protection: 1; mode=block
last-modified: Mon, 31 Oct 2016 23:09:58 GMT
server: ECAcc (frc/8FEA)
etag: "194598e6cb33d21:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 form_support.js Show response
tggsnglf.com/common_tpls/js/ Frame D061 977 B
920 B 33ms
33ms Script
application/javascript 147.75.87.121
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://tggsnglf.com/common_tpls/js/form_support.js?v=1516308712
Requested by: Host: tggsnglf.com
URL: https://tggsnglf.com/dofadd/?SID=745310816e1a40533a7524e2e44886b1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.87.121 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress2
Software: /
Resource Hash: f2648f83e8bb78db15ffc5d01dcbc53fb6b8c585dcfabbb88bd0471b8399ca00

Request headers

Referer: https://tggsnglf.com/dofadd/?SID=745310816e1a40533a7524e2e44886b1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Jul 2021 08:57:08 GMT
content-encoding: gzip
section-io-cache-id: 35b8d274b4034df0cac8c6ec9ee1a91f
x-cdn: Served-By-Zenedge
age: 11307
x-cache-status: NOTCACHED
section-io-cache: Hit
content-length: 525
x-zen-fury: e6552adecfd170d366481a1300b7b9f2581c1337
last-modified: Tue, 19 Jan 2021 00:12:19 GMT
etag: W/"600623e3-3d1"
vary: Accept-Encoding
x-varnish: 1283932 295083
via: 1.1 varnish (Varnish/6.3)
section-io-id: 09701acc613832d58068bd69e78138dc
accept-ranges: bytes
content-type: application/javascript

GET
H2 200 validate_form_v2.js Show response
tggsnglf.com/common_tpls/js/ Frame D061 22 KB
6 KB 35ms
35ms Script
application/javascript 147.75.87.121
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://tggsnglf.com/common_tpls/js/validate_form_v2.js?jsv=19
Requested by: Host: tggsnglf.com
URL: https://tggsnglf.com/dofadd/?SID=745310816e1a40533a7524e2e44886b1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.87.121 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress2
Software: /
Resource Hash: 89109976a77ff6d4ff74c9f567e92111929d38d7910a7bc1122fd444956c4bba

Request headers

Referer: https://tggsnglf.com/dofadd/?SID=745310816e1a40533a7524e2e44886b1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Jul 2021 08:57:08 GMT
content-encoding: gzip
section-io-cache-id: 0a72accdd183320cb0b4bbce006b58f7
x-cdn: Served-By-Zenedge
age: 11564
x-cache-status: NOTCACHED
section-io-cache: Hit
content-length: 5688
x-zen-fury: 4a2e3df7c296873372b4b3e796a235119e9dfdb0
last-modified: Wed, 23 Jun 2021 19:01:43 GMT
etag: W/"60d38517-58f5"
vary: Accept-Encoding
x-varnish: 1254676 458766
via: 1.1 varnish (Varnish/6.3)
section-io-id: 10d6c55436643717e1a2a90823eec24b
accept-ranges: bytes
content-type: application/javascript

GET
H2 200 ajax-loader.gif
tggsnglf.com/common_tpls/images/ Frame D061 3 KB
3 KB 207ms
207ms Image
image/gif 147.75.87.121
PACKET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tggsnglf.com/common_tpls/images/ajax-loader.gif
Requested by: Host: tggsnglf.com
URL: https://tggsnglf.com/dofadd/?SID=745310816e1a40533a7524e2e44886b1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.87.121 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress2
Software: /
Resource Hash: fd29b3b084cf11160bfc4e99d98a261f2b36bff29113b07367c5204563c5d355

Request headers

Referer: https://tggsnglf.com/dofadd/?SID=745310816e1a40533a7524e2e44886b1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-zen-fury: 4a2e3df7c296873372b4b3e796a235119e9dfdb0
date: Thu, 01 Jul 2021 08:57:08 GMT
via: 1.1 varnish (Varnish/6.3)
section-io-cache-id: 001da028c47ca291324cf475a2fc994a
last-modified: Tue, 16 Jun 2020 16:45:10 GMT
x-cdn: Served-By-Zenedge
age: 11565
etag: "5ee8f716-c88"
x-cache-status: NOTCACHED
content-type: image/gif
x-varnish: 1091092 131121
content-length: 3208
accept-ranges: bytes
section-io-id: 4b5fe4acbb2f0d8fc80ad10cba9f566d
section-io-cache: Hit

GET
H2 200 profile-dark.png
tggsnglf.com/common_tpls/compact/img/cleanstep3drk/ Frame D061 4 KB
5 KB 34ms
33ms Image
image/png 147.75.87.121
PACKET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tggsnglf.com/common_tpls/compact/img/cleanstep3drk/profile-dark.png
Requested by: Host: tggsnglf.com
URL: https://tggsnglf.com/dofadd/?SID=745310816e1a40533a7524e2e44886b1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.87.121 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress2
Software: /
Resource Hash: 5a4757a50705c2c402436e915eff3e4f63345d041d52c7177661ef14eb9d3d88

Request headers

Referer: https://tggsnglf.com/dofadd/?SID=745310816e1a40533a7524e2e44886b1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-zen-fury: e6552adecfd170d366481a1300b7b9f2581c1337
date: Thu, 01 Jul 2021 08:57:09 GMT
via: 1.1 varnish (Varnish/6.3)
section-io-cache-id: 916e24b341ed257db1cc766682587f72
last-modified: Tue, 16 Jun 2020 16:45:06 GMT
x-cdn: Served-By-Zenedge
age: 10515
etag: "5ee8f712-11cb"
x-cache-status: NOTCACHED
content-type: image/png
x-varnish: 1283937 263814
content-length: 4555
accept-ranges: bytes
section-io-id: 64115d2b0af4ee3d64fa55bd452d2253
section-io-cache: Hit

GET
H2 200 iframeResizer.contentWindow.min.js Show response
tggsnglf.com/common_tpls/js/ Frame D061 13 KB
5 KB 34ms
34ms Script
application/javascript 147.75.87.121
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://tggsnglf.com/common_tpls/js/iframeResizer.contentWindow.min.js
Requested by: Host: tggsnglf.com
URL: https://tggsnglf.com/dofadd/?SID=745310816e1a40533a7524e2e44886b1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.87.121 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress2
Software: /
Resource Hash: 7d5f5d0fe842536e512b4ca0cac0b48a66577ea091f3a6840365ff6124be034b

Request headers

Referer: https://tggsnglf.com/dofadd/?SID=745310816e1a40533a7524e2e44886b1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Jul 2021 08:57:08 GMT
content-encoding: gzip
section-io-cache-id: 032a7e787f7867adcb4bc7a564df46ba
x-cdn: Served-By-Zenedge
age: 11565
x-cache-status: NOTCACHED
section-io-cache: Hit
content-length: 5094
x-zen-fury: 4a2e3df7c296873372b4b3e796a235119e9dfdb0
last-modified: Tue, 16 Jun 2020 16:45:10 GMT
etag: W/"5ee8f716-3445"
vary: Accept-Encoding
x-varnish: 1708304 360453
via: 1.1 varnish (Varnish/6.3)
section-io-id: e9ad16dfa7b12a00e3497fb6e0b5947d
accept-ranges: bytes
content-type: application/javascript

GET
H2 200 f.js Show response
tggsnglf.com/__zenedge/assets/ Frame D061 22 KB
8 KB 34ms
34ms Script
application/javascript 147.75.87.121
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://tggsnglf.com/__zenedge/assets/f.js?v=1541158593
Requested by: Host: tggsnglf.com
URL: https://tggsnglf.com/dofadd/?SID=745310816e1a40533a7524e2e44886b1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.87.121 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress2
Software: /
Resource Hash: 64ef86f970680e7322c71974fe2e9bd9a1da71f4d02578a60d9d883ceebb5af0

Request headers

Referer: https://tggsnglf.com/dofadd/?SID=745310816e1a40533a7524e2e44886b1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-zen-fury: e6552adecfd170d366481a1300b7b9f2581c1337
date: Thu, 01 Jul 2021 08:57:09 GMT
content-encoding: gzip
section-io-cache-id: a88df259b6a830c66f609bcfe2252750
last-modified: Fri, 02 Nov 2018 11:37:21 GMT
age: 11307
etag: W/"5bdc36f1-59e1"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish (Varnish/6.3)
x-varnish: 1254682 426510
content-length: 7741
accept-ranges: bytes
section-io-id: c1d427f80a88951e0208f090df76c6b8
section-io-cache: Hit

GET
H2 200 css
fonts.googleapis.com/ Frame D061 11 KB
870 B 14ms
14ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300,400,500,700,900&display=swap

Requested by

Host: tggsnglf.com
URL: https://tggsnglf.com/common_tpls/compact/css/cleanstep3drk.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

93419375ace457303adcb19b0d23de96b1da646564073ce6935795b4458f9670

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://tggsnglf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 01 Jul 2021 08:41:57 GMT
server: ESF
date: Thu, 01 Jul 2021 08:57:09 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 01 Jul 2021 08:57:09 GMT

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ Frame D061 45 KB
17 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: tggsnglf.com
URL: https://tggsnglf.com/dofadd/?SID=745310816e1a40533a7524e2e44886b1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://tggsnglf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Jun 2021 17:36:57 GMT
server: Golfe2
age: 2324
date: Thu, 01 Jul 2021 08:18:25 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17168
expires: Thu, 01 Jul 2021 10:18:25 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame D061 16 KB
16 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://tggsnglf.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 17:22:06 GMT
x-content-type-options: nosniff
age: 142503
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:39 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 29 Jun 2022 17:22:06 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ Frame D061 15 KB
15 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://tggsnglf.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 10:48:51 GMT
x-content-type-options: nosniff
age: 79698
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:35 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 30 Jun 2022 10:48:51 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame D061 15 KB
15 KB 8ms
6ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://tggsnglf.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 07:58:29 GMT
x-content-type-options: nosniff
age: 89920
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15732
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:39 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 30 Jun 2022 07:58:29 GMT

GET
H2 200 KFOlCnqEu92Fr1MmYUtfBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame D061 15 KB
15 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmYUtfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0e868ca932480407e63d27e8e868cb1514581142928b9be15ec9039bf5fe348f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://tggsnglf.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 10:52:05 GMT
x-content-type-options: nosniff
age: 165904
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15724
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:50 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 29 Jun 2022 10:52:05 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame D061 15 KB
16 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://tggsnglf.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 22:51:50 GMT
x-content-type-options: nosniff
age: 122719
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:46 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 29 Jun 2022 22:51:50 GMT

POST
H2 200 f Show response
tggsnglf.com/__zenedge/ Frame D061 25 B
273 B 188ms
187ms XHR
image/png 147.75.87.121
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://tggsnglf.com/__zenedge/f
Requested by: Host: tggsnglf.com
URL: https://tggsnglf.com/__zenedge/assets/f.js?v=1541158593
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.87.121 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress2
Software: /
Resource Hash: 905cfd18d8a2167f26f7b434370397a5ba426278b47b7e53e0bab4fb52707db4

Request headers

Referer: https://tggsnglf.com/dofadd/?SID=745310816e1a40533a7524e2e44886b1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: application/json

Response headers

x-zen-fury: 4a2e3df7c296873372b4b3e796a235119e9dfdb0
date: Thu, 01 Jul 2021 08:57:09 GMT
via: 1.1 varnish (Varnish/6.3)
content-type: image/png
x-cdn: Served-By-Zenedge
age: 0
accept-ranges: bytes
x-varnish: 1708305
cache-control: no-store
section-io-id: 5251a9981b9d130c4b3bed4d45608499
section-io-cache: Miss
content-length: 25

POST
H2 200 f Show response
epromotionplug.com/__zenedge/ 25 B
273 B 555ms
554ms XHR
image/png 147.75.87.177
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://epromotionplug.com/__zenedge/f
Requested by: Host: epromotionplug.com
URL: https://epromotionplug.com/__zenedge/assets/f.js?v=1541158593
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.87.177 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress3
Software: /
Resource Hash: 905cfd18d8a2167f26f7b434370397a5ba426278b47b7e53e0bab4fb52707db4

Request headers

sec-fetch-mode: cors
origin: https://epromotionplug.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
content-length: 1276
:path: /__zenedge/f
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json
accept: */*
cache-control: no-cache
:authority: epromotionplug.com
referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639957
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: application/json

Response headers

x-zen-fury: cfbceb34bcb69ef692cfa41be6bf80868dd373f5
date: Thu, 01 Jul 2021 08:57:10 GMT
via: 1.1 varnish (Varnish/6.3)
content-type: image/png
x-cdn: Served-By-Zenedge
age: 0
accept-ranges: bytes
x-varnish: 1254167
cache-control: no-store
section-io-id: 2e95e4bc4f6895301cf41bb80a4db296
section-io-cache: Miss
content-length: 25

Verdicts & Comments Add Verdict or Comment

57 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			tggsnglf.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 745310816e1a40533a7524e2e44886b1

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/js/main.js(Line 125) Message: sizeUP! - desktop

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.aspnetcdn.com
bit.ly
code.jquery.com
epromotionplug.com
fonts.googleapis.com
fonts.gstatic.com
geoip.securechargevault.com
malakicash.com
securechargevault.com
ssl.google-analytics.com
tggsnglf.com
147.75.87.121
147.75.87.177
152.199.19.160
163.171.128.172
2001:4de0:ac18::1:a:3b
2606:4700:3034::6815:20b0
2a00:1450:4001:802::200a
2a00:1450:4001:827::2003
2a00:1450:4001:828::2008
67.199.248.10
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
0e868ca932480407e63d27e8e868cb1514581142928b9be15ec9039bf5fe348f
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
11dcdfe625c39f56956a056f7cea6efe29d4f2983d4705eaef06757171124685
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
141ae18f6ca65c688d36f7c268dceb883ff097ac7250db740fb3d4fcac0036bb
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
243296f277e614f530c41f79c099d9cb0f5f332b8b1730f423eaa55a451faace
2a206f67a44f37a51087d49b6199d637490245f6e9b9fdf92a38c87451f152ca
321b0da46f9edd43f0965f69aca44aa2aa4dd364ff86af7d2ddd30ea4944f7a4
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
35a59efb7049b51b061c5b4a00d2cb1a648a047a3406d55e500f3d6349052d33
3a281897c45d5e17c7261e8676e5ea15bc02005fe456fb05d4797452ee577cd5
545c797899e7a3fdc2b01623d11bf907262d34b0f032b554dc376f60963943f0
558c1708821688922a35f8105bc9b840a73ae02165d0016746c71741ab48128d
5a4757a50705c2c402436e915eff3e4f63345d041d52c7177661ef14eb9d3d88
64ef86f970680e7322c71974fe2e9bd9a1da71f4d02578a60d9d883ceebb5af0
6ed6c8a7629a4d65d52b64fe89b4aba45b2d633902e3bc87a043cb2768a6363a
724967557286a715aa79a85141bfb335b0e1c2fda76ad13fae359bfa34ffada8
77d4443c370fb7376f3c5d0bff46a5c38d9f6933c66a7d6dd20c6ad0d97a9a03
7d5f5d0fe842536e512b4ca0cac0b48a66577ea091f3a6840365ff6124be034b
89109976a77ff6d4ff74c9f567e92111929d38d7910a7bc1122fd444956c4bba
905cfd18d8a2167f26f7b434370397a5ba426278b47b7e53e0bab4fb52707db4
93419375ace457303adcb19b0d23de96b1da646564073ce6935795b4458f9670
97a4a3a1fe760e09b2d46feb83d5add3a0e426b62c655c1f12a861c90e2e738d
9f7216d2f53a731d9749077c22e15cfb38bcdc40806511ccf736f440c7569d64
a46b9aa8737c1a07dac3c35d05944522e5d1ddcde0143a204a89b37161b7d6e7
b12bb41877bcf74cc3e99c2f1bfd77629f8d8b2ab0af630a8255cb08eac26dcb
b3ad2a56bba5e9d30a226802b7a5c9d9ce7919c69e9608f34aaccf8c5914a64d
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
c0290a95770f09cb1d2c8198a57782f7e97f0bae3687603fb63ea5c80a914877
c73575543a5c99018f842960f9882edaa0918965ea856e91de9717a0d58d3f1c
c8eeec83fe8bf655eeeda291466d268770436dde4e3e40416a85d05d3893e892
c98a04075691c3aefa15e83a2975f3d90c6100647883619dcdf529a970466987
cb5ba5d7942837d78bb9eabccbef5d31f39e58a5dd4c9bd55af383166d41dc25
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
d3946169ae3c2ab0b919a4057e0a0a358cca07183925b867ce730bbeb0cf1707
e700ded2400554da5e78ce9019a5ee70361d13123f6e97e9593ac075cb384002
e989496e5e0c5836493a83b5c083d32a4d19f54378eeda80c8a0e35ee72d3231
f14bc4ff737a100f391746ce15553cdc50a969c60f999b94390df12755d0695e
f2648f83e8bb78db15ffc5d01dcbc53fb6b8c585dcfabbb88bd0471b8399ca00
f4aa95c3a5140129e2c93e1ca4d2876afc646aff9eb561c565bb1c4ab79504d7
f81b7897f905bbc093aed72a45e364290299a1c81e4b50e216a14f9832ff01cb
fd29b3b084cf11160bfc4e99d98a261f2b36bff29113b07367c5204563c5d355

epromotionplug.com Open in urlscan Pro 147.75.87.177 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

48 Requests

100 %HTTPS

50 %IPv6

10 Domains

11 Subdomains

8 IPs

3 Countries

1974 kBTransfer

11708 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

48 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

epromotionplug.com Open in urlscan Pro
147.75.87.177 Public Scan

Screenshot
Live screenshot

Full Image

48
Requests

100 %
HTTPS

50 %
IPv6

10
Domains

11
Subdomains

8
IPs

3
Countries

1974 kB
Transfer

11708 kB
Size

1
Cookies

48 HTTP transactions
0 data transactions