urlscan.io logo urlscan.io
SecurityTrails logo

119613loading.giveawy.click Open in urlscan Pro
2a06:98c1:3120::3  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://redirecting5.eu/p/C2GZ/tJsl/ZRJc
Effective URL: https://119613loading.giveawy.click/de-de/?domain=mtc.a60seftrk.click&cep=GlIXkMw8XuVuAzwkDdTE_lEsAa9okYz47gfCy2JoEtQSoBVlhEL_Hrz8BS...
Submission: On May 14 via manual from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 13 IPs in 6 countries across 13 domains to perform 23 HTTP transactions. The main IP is 2a06:98c1:3120::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is 119613loading.giveawy.click.
TLS certificate: Issued by GTS CA 1P5 on April 6th 2023. Valid for: 3 months.
This is the only time 119613loading.giveawy.click was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
3 2606:4700:303... 13335 (CLOUDFLAR...)
3 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 3 51.68.85.158 16276 (OVH)
1 1 34.90.46.36 396982 (GOOGLE-CL...)
1 6 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
3 67.212.184.146 32475 (SINGLEHOP...)
1 2 18.195.23.231 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 54.39.128.117 16276 (OVH)
23 13
3    2606:4700:3035::6815:436b (United States)

ASN13335 (CLOUDFLARENET, US)
redirecting5.eu
3    2a00:1450:4001:812::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2a00:1450:400c:c07::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
3    51.68.85.158 (France)

ASN16276 (OVH, FR)
www.onemortrk.pics
1    34.90.46.36 (Groningen, Netherlands)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 36.46.90.34.bc.googleusercontent.com
admoustache.media-412.com
6    2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)
yeah.achelous.mobi
119613loading.giveawy.click
1    2606:4700:3030::6815:4a8d (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.addlnk.com
1    2606:4700::6810:3965 (United States)

ASN13335 (CLOUDFLARENET, US)
static.cloudflareinsights.com
3    67.212.184.146 (United States)

ASN32475 (SINGLEHOP-LLC, US)
PTR: server04.com-2.mobi
rezi.turetou.com
2    18.195.23.231 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-23-231.eu-central-1.compute.amazonaws.com
mtc.a60seftrk.click
1    2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
1    2606:4700:10::6816:4fe (United States)

ASN13335 (CLOUDFLARENET, US)
s10.histats.com
1    54.39.128.117 (Beauharnois, Canada)

ASN16276 (OVH, FR)
PTR: ns561935.ip-54-39-128.net
s4.histats.com
Apex Domain
Subdomains		 Transfer
4 giveawy.click
119613loading.giveawy.click
5 KB
3 turetou.com
rezi.turetou.com
7 KB
3 onemortrk.pics
www.onemortrk.pics
5 KB
3 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 39
21 KB
3 redirecting5.eu
redirecting5.eu
48 KB
2 histats.com
s10.histats.com — Cisco Umbrella Rank: 15911
s4.histats.com — Cisco Umbrella Rank: 13074
5 KB
2 a60seftrk.click
mtc.a60seftrk.click
2 KB
2 achelous.mobi
yeah.achelous.mobi — Cisco Umbrella Rank: 370220
2 KB
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 385
85 KB
1 cloudflareinsights.com
static.cloudflareinsights.com — Cisco Umbrella Rank: 1018
7 KB
1 addlnk.com
cdn.addlnk.com — Cisco Umbrella Rank: 418929
1 KB
1 media-412.com
admoustache.media-412.com — Cisco Umbrella Rank: 365931
271 B
1 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 91
347 B
23 13
Domain Requested by
4 119613loading.giveawy.click 1 redirects rezi.turetou.com
119613loading.giveawy.click
3 rezi.turetou.com yeah.achelous.mobi
rezi.turetou.com
3 www.onemortrk.pics 2 redirects redirecting5.eu
3 www.google-analytics.com redirecting5.eu
www.google-analytics.com
3 redirecting5.eu redirecting5.eu
2 mtc.a60seftrk.click 1 redirects 119613loading.giveawy.click
2 yeah.achelous.mobi www.onemortrk.pics
static.cloudflareinsights.com
1 s4.histats.com s10.histats.com
1 s10.histats.com 119613loading.giveawy.click
1 ajax.googleapis.com 119613loading.giveawy.click
1 static.cloudflareinsights.com yeah.achelous.mobi
1 cdn.addlnk.com yeah.achelous.mobi
1 admoustache.media-412.com 1 redirects
1 stats.g.doubleclick.net www.google-analytics.com
23 14

This site contains links to these domains. Also see Links.

Domain
mtc.a60seftrk.click
Subject Issuer Validity Valid
redirecting5.eu
GTS CA 1P5		 2023-05-05 -
2023-08-03		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-04-24 -
2023-07-17		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-04-24 -
2023-07-17		 3 months crt.sh
www.onemortrk.pics
R3		 2023-03-15 -
2023-06-13		 3 months crt.sh
achelous.mobi
GTS CA 1P5		 2023-04-16 -
2023-07-15		 3 months crt.sh
addlnk.com
GTS CA 1P5		 2023-04-15 -
2023-07-14		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-04-10 -
2024-04-09		 a year crt.sh
rezi.turetou.com
R3		 2023-04-17 -
2023-07-16		 3 months crt.sh
*.giveawy.click
GTS CA 1P5		 2023-04-06 -
2023-07-05		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-04-24 -
2023-07-17		 3 months crt.sh
mtc.a60seftrk.click
R3		 2023-05-09 -
2023-08-07		 3 months crt.sh
histats.com
R3		 2023-03-15 -
2023-06-13		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://119613loading.giveawy.click/de-de/?domain=mtc.a60seftrk.click&cep=GlIXkMw8XuVuAzwkDdTE_lEsAa9okYz47gfCy2JoEtQSoBVlhEL_Hrz8BSpY-Cn0Vl2HGWomBjy0XyXLzCa88YQ38ClURxqJktl8S7cUrxg-DMEHMuc9I-FC0ippqBdUSK5injXjz3UnZlHuk6-DIlC416JKH56jBu56NAZwxBHoMrIfbPKTdiKQz1GBt89X8-dPQlE_cPu-Kxsxxgr-JlsM0i_MAgKRLr4lCbRNii-ziblQVQJ66mVC5IWR1iVwyOW0-4gniZ9JC637UVNHJHcrXVDZJB1m-l44QzTiL79fnL48Coqq--6UkBG5X8qBmLKgIcDFJpkhB2_UuVyq61-BeNxN7kl5RhpzVYjTCZ9r6jB_03PPT24VfBp0cIXvXFSWY-Epr57ifMnSNrAjhMvUojJKgZsjWhhEmmbaqSYQVtJPhq6FxG2573ViWzMu0_ejQ6xTIk0d31XZ4VsEhECIfJQG4fA6LQiU_Ced7aTskOJTWBiNuaHih0NBDNu3Mq8DHhu9OMalrStlfHXp5cpPBNIaIGN-xZIJTfTLu8_BdiN7O2Ayjwl9ZG1h62uUPuC0D6i9STI34pqx6SBYViuZt7RJdiN1dvbwsvMyeQk&lptoken=16ba841d07e357713155&pid=13260-58e4d543-00e7196d&creative_id=%5B%5Bcreative_id%5D%5D&cid=M7233042457707937818&partner_ID=13260&pushid=%5B%5Bpushid%5D%5D&subscription_freshness=%5B%5Bsubscription_freshness%5D%5D&subid=M7233042457707937818&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2f5f6f3f3f3f3f3e8efe8edeaebefe9e074
Frame ID: 40DB323D7066F3C8DA8CC3BE32D672D2
Requests: 24 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Laden

Page URL History Show full URLs

  1. https://redirecting5.eu/p/C2GZ/tJsl/ZRJc Page URL
  2. https://www.onemortrk.pics/?sl=5580325-f91d8&tag=mlClick-5KtjDAu7&website=637673 Page URL
  3. https://www.onemortrk.pics/?sl=5580325-f91d8&tag=mlClick-5KtjDAu7&website=637673&eyeg=2e0507348a600fc2f... HTTP 302
    https://www.onemortrk.pics/?sl=5580325-f91d8&tag=mlClick-5KtjDAu7&website=637673&eyeg=3&eyer=0.31842661... HTTP 302
    https://admoustache.media-412.com/sl?id=63ef5a2a8dec34873b6049c7&pid=503&sub1=33000eea685408cd5e936cdc8598a78f... HTTP 302
    https://yeah.achelous.mobi/rc/a91581ead4?affclick=6460edca36d2470001dd4380&pubid=503 Page URL
  4. https://rezi.turetou.com/?utm_medium=a2cfa69ba839c785a0b2d69b87f85a6e6ca0d8bb&utm_campaign=mainstream... Page URL
  5. https://rezi.turetou.com/?utm_term=7233042457707937818&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949... Page URL
  6. https://rezi.turetou.com/proc.php?7ddbd3aeda7cbeaf865c216bc5c2e1e337fcb87f Page URL
  7. https://mtc.a60seftrk.click/0afb7170-3567-4e55-914f-3d23dd820aac?pid=13260-58e4d543-00e7196d&creative_id... HTTP 302
    https://119613loading.giveawy.click/?domain=mtc.a60seftrk.click&cep=GlIXkMw8XuVuAzwkDdTE_lEsAa9okYz47gfCy2JoEtQS... HTTP 302
    https://119613loading.giveawy.click/de-de/?domain=mtc.a60seftrk.click&cep=GlIXkMw8XuVuAzwkDdTE_lEsAa9okYz47gfCy2... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • static\.cloudflareinsights\.com/beacon(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • [^a-z]mtc.*\.js
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

23
Requests

96 %
HTTPS

62 %
IPv6

13
Domains

14
Subdomains

13
IPs

6
Countries

185 kB
Transfer

312 kB
Size

18
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://redirecting5.eu/p/C2GZ/tJsl/ZRJc Page URL
  2. https://www.onemortrk.pics/?sl=5580325-f91d8&tag=mlClick-5KtjDAu7&website=637673 Page URL
  3. https://www.onemortrk.pics/?sl=5580325-f91d8&tag=mlClick-5KtjDAu7&website=637673&eyeg=2e0507348a600fc2fb6dc5e402e5fc59&eyer=0.3184266111620442&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=redirecting5.eu HTTP 302
    https://www.onemortrk.pics/?sl=5580325-f91d8&tag=mlClick-5KtjDAu7&website=637673&eyeg=3&eyer=0.3184266111620442&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=redirecting5.eu HTTP 302
    https://admoustache.media-412.com/sl?id=63ef5a2a8dec34873b6049c7&pid=503&sub1=33000eea685408cd5e936cdc8598a78f87e0a0514-202305-flb*5580325-f91d8*mlClick-5KtjDAu7*sl_5580325-f91d8*cc30e5dbbc6c6451cf9077539b2bc3afabf26ea7*637673* HTTP 302
    https://yeah.achelous.mobi/rc/a91581ead4?affclick=6460edca36d2470001dd4380&pubid=503 Page URL
  4. https://rezi.turetou.com/?utm_medium=a2cfa69ba839c785a0b2d69b87f85a6e6ca0d8bb&utm_campaign=mainstream_redirect&1=a210515d&cid=pubf48066af5e7c4c6c9c1786c993d9a916&2=503 Page URL
  5. https://rezi.turetou.com/?utm_term=7233042457707937818&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2f5f6f3f3f3f3f3e8efe8edeaebefe9e074 Page URL
  6. https://rezi.turetou.com/proc.php?7ddbd3aeda7cbeaf865c216bc5c2e1e337fcb87f Page URL
  7. https://mtc.a60seftrk.click/0afb7170-3567-4e55-914f-3d23dd820aac?pid=13260-58e4d543-00e7196d&creative_id=[[creative_id]]&cid=M7233042457707937818&partner_ID=13260&pushid=[[pushid]]&subscription_freshness=[[subscription_freshness]]&subid=M7233042457707937818&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2f5f6f3f3f3f3f3e8efe8edeaebefe9e074 HTTP 302
    https://119613loading.giveawy.click/?domain=mtc.a60seftrk.click&cep=GlIXkMw8XuVuAzwkDdTE_lEsAa9okYz47gfCy2JoEtQSoBVlhEL_Hrz8BSpY-Cn0Vl2HGWomBjy0XyXLzCa88YQ38ClURxqJktl8S7cUrxg-DMEHMuc9I-FC0ippqBdUSK5injXjz3UnZlHuk6-DIlC416JKH56jBu56NAZwxBHoMrIfbPKTdiKQz1GBt89X8-dPQlE_cPu-Kxsxxgr-JlsM0i_MAgKRLr4lCbRNii-ziblQVQJ66mVC5IWR1iVwyOW0-4gniZ9JC637UVNHJHcrXVDZJB1m-l44QzTiL79fnL48Coqq--6UkBG5X8qBmLKgIcDFJpkhB2_UuVyq61-BeNxN7kl5RhpzVYjTCZ9r6jB_03PPT24VfBp0cIXvXFSWY-Epr57ifMnSNrAjhMvUojJKgZsjWhhEmmbaqSYQVtJPhq6FxG2573ViWzMu0_ejQ6xTIk0d31XZ4VsEhECIfJQG4fA6LQiU_Ced7aTskOJTWBiNuaHih0NBDNu3Mq8DHhu9OMalrStlfHXp5cpPBNIaIGN-xZIJTfTLu8_BdiN7O2Ayjwl9ZG1h62uUPuC0D6i9STI34pqx6SBYViuZt7RJdiN1dvbwsvMyeQk&lptoken=16ba841d07e357713155&pid=13260-58e4d543-00e7196d&creative_id=%5B%5Bcreative_id%5D%5D&cid=M7233042457707937818&partner_ID=13260&pushid=%5B%5Bpushid%5D%5D&subscription_freshness=%5B%5Bsubscription_freshness%5D%5D&subid=M7233042457707937818&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2f5f6f3f3f3f3f3e8efe8edeaebefe9e074 HTTP 302
    https://119613loading.giveawy.click/de-de/?domain=mtc.a60seftrk.click&cep=GlIXkMw8XuVuAzwkDdTE_lEsAa9okYz47gfCy2JoEtQSoBVlhEL_Hrz8BSpY-Cn0Vl2HGWomBjy0XyXLzCa88YQ38ClURxqJktl8S7cUrxg-DMEHMuc9I-FC0ippqBdUSK5injXjz3UnZlHuk6-DIlC416JKH56jBu56NAZwxBHoMrIfbPKTdiKQz1GBt89X8-dPQlE_cPu-Kxsxxgr-JlsM0i_MAgKRLr4lCbRNii-ziblQVQJ66mVC5IWR1iVwyOW0-4gniZ9JC637UVNHJHcrXVDZJB1m-l44QzTiL79fnL48Coqq--6UkBG5X8qBmLKgIcDFJpkhB2_UuVyq61-BeNxN7kl5RhpzVYjTCZ9r6jB_03PPT24VfBp0cIXvXFSWY-Epr57ifMnSNrAjhMvUojJKgZsjWhhEmmbaqSYQVtJPhq6FxG2573ViWzMu0_ejQ6xTIk0d31XZ4VsEhECIfJQG4fA6LQiU_Ced7aTskOJTWBiNuaHih0NBDNu3Mq8DHhu9OMalrStlfHXp5cpPBNIaIGN-xZIJTfTLu8_BdiN7O2Ayjwl9ZG1h62uUPuC0D6i9STI34pqx6SBYViuZt7RJdiN1dvbwsvMyeQk&lptoken=16ba841d07e357713155&pid=13260-58e4d543-00e7196d&creative_id=%5B%5Bcreative_id%5D%5D&cid=M7233042457707937818&partner_ID=13260&pushid=%5B%5Bpushid%5D%5D&subscription_freshness=%5B%5Bsubscription_freshness%5D%5D&subid=M7233042457707937818&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2f5f6f3f3f3f3f3e8efe8edeaebefe9e074 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 9
  • https://www.onemortrk.pics/?sl=5580325-f91d8&tag=mlClick-5KtjDAu7&website=637673&eyeg=2e0507348a600fc2fb6dc5e402e5fc59&eyer=0.3184266111620442&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=redirecting5.eu HTTP 302
  • https://www.onemortrk.pics/?sl=5580325-f91d8&tag=mlClick-5KtjDAu7&website=637673&eyeg=3&eyer=0.3184266111620442&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=redirecting5.eu HTTP 302
  • https://admoustache.media-412.com/sl?id=63ef5a2a8dec34873b6049c7&pid=503&sub1=33000eea685408cd5e936cdc8598a78f87e0a0514-202305-flb*5580325-f91d8*mlClick-5KtjDAu7*sl_5580325-f91d8*cc30e5dbbc6c6451cf9077539b2bc3afabf26ea7*637673* HTTP 302
  • https://yeah.achelous.mobi/rc/a91581ead4?affclick=6460edca36d2470001dd4380&pubid=503

23 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
ZRJc
redirecting5.eu/p/C2GZ/tJsl/ 		49 KB
36 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://redirecting5.eu/p/C2GZ/tJsl/ZRJc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::6815:436b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
31b864e3d6110e1051c6f997f8f37c5ec13c795a07dcb91b45b6690af45ad170

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-cache, no-store, private
cf-cache-status
DYNAMIC
cf-ray
7c73c5c9df1639c8-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sun, 14 May 2023 14:18:49 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fo%2Fln38cXEFW6vu7CWHwBCrl%2BzmLb%2FP%2B%2FxOj02hinJdbp7FF%2BaZsgBvTo%2FVUURTa5nXa6PltM84y%2FHvYuCAGpLOGSagby%2FdBQ110rrXF9nwMnYLkgDCXCC%2F322GfIZTRhYfr1%2BUGqW2wWZNK6W4%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-robots-tag
noindex, nofollow
envoirment.js
redirecting5.eu/js/ 		32 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://redirecting5.eu/js/envoirment.js?id=a535a99b3fccb8f0756e
Requested by
Host: redirecting5.eu
URL: https://redirecting5.eu/p/C2GZ/tJsl/ZRJc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::6815:436b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a2360f05aaa5110f0891046d08ab93ee8bfd6249debd8d8c1d173eac2dd5e172

Request headers

device-memory
8
Referer
https://redirecting5.eu/p/C2GZ/tJsl/ZRJc
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Sun, 14 May 2023 14:18:49 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 10 May 2022 11:24:44 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
3
etag
W/"627a4b7c-8078"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m6kZMrT5T%2FA%2Bl3JqgLMcZOdanl01zjPSQJpPHtPxdKlgCI%2FX%2Bn7y2OsysRKNQYU2gLI%2B8H3YQtTDF6iDRHY1NYgJYLoKEjr4goBTL5wQSjeE3clHjok2Eg6Zngkdv7vRDz2pX7XxZpcGk6dmbbc%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
7c73c5cbb8f439c8-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
truncated
/ 		35 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3c6de59ac3d3af5a933097175b25928d4540b04d1d233f34f5668ddfd1d8e640

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type
image/png
analytics.js
www.google-analytics.com/ 		51 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: redirecting5.eu
URL: https://redirecting5.eu/p/C2GZ/tJsl/ZRJc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://redirecting5.eu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Sun, 14 May 2023 12:35:39 GMT
last-modified
Mon, 17 Apr 2023 22:36:01 GMT
server
Golfe2
age
6190
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20737
expires
Sun, 14 May 2023 14:35:39 GMT
collect
www.google-analytics.com/j/ 		4 B
210 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j100&a=1764064940&t=pageview&_s=1&dl=https%3A%2F%2Fredirecting5.eu%2Fp%2FC2GZ%2FtJsl%2FZRJc&ul=en-us&de=UTF-8&dt=redirecting5.eu&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=1701684242&gjid=429641515&cid=940422101.1684073930&tid=UA-110090096-2&_gid=124844941.1684073930&_r=1&_slc=1&z=1963403603
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://redirecting5.eu/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sun, 14 May 2023 14:18:49 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://redirecting5.eu
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
112 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/collect
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://redirecting5.eu/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Sun, 14 May 2023 14:18:49 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
https://redirecting5.eu
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
finger
redirecting5.eu/ 		20 B
511 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://redirecting5.eu/finger
Requested by
Host: redirecting5.eu
URL: https://redirecting5.eu/js/envoirment.js?id=a535a99b3fccb8f0756e
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:436b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

device-memory
8
Referer
https://redirecting5.eu/p/C2GZ/tJsl/ZRJc
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type
application/json

Response headers

date
Sun, 14 May 2023 14:18:49 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CIdcnZ%2BGDvfW2iA4Y5GFP%2BM%2BACvdIXJXtCnV1uIIZKkefTlyevC2aJS%2Bb2imlx0RFyYsEF%2FcA1sE4zskcIGuVkPIuww%2FHNphStmwkC%2FQG9%2Fj3L6wnK3MxYB5Smau9gkLne5WbJd%2BbdRJfczuD5s%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json
cache-control
no-cache, private
cf-ray
7c73c5ccc85e30e7-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
collect
stats.g.doubleclick.net/j/ 		1 B
347 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j100&tid=UA-110090096-2&cid=940422101.1684073930&jid=1701684242&gjid=429641515&_gid=124844941.1684073930&_u=IEBAAEAAAAAAACAAI~&z=625385651
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c07::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://redirecting5.eu/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Sun, 14 May 2023 14:18:49 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://redirecting5.eu
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.onemortrk.pics/ 		4 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.onemortrk.pics/?sl=5580325-f91d8&tag=mlClick-5KtjDAu7&website=637673
Requested by
Host: redirecting5.eu
URL: https://redirecting5.eu/js/envoirment.js?id=a535a99b3fccb8f0756e
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
51.68.85.158 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://redirecting5.eu/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-CH
Sec-CH-UA-Platform-Version
Cache-Control
no-transform
Connection
keep-alive
Content-Type
text/html
Date
Sun, 14 May 2023 14:18:50 GMT
Transfer-Encoding
chunked
a91581ead4
yeah.achelous.mobi/rc/
Redirect Chain
  • https://www.onemortrk.pics/?sl=5580325-f91d8&tag=mlClick-5KtjDAu7&website=637673&eyeg=2e0507348a600fc2fb6dc5e402e5fc59&eyer=0.3184266111620442&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=redirecting5.eu
  • https://www.onemortrk.pics/?sl=5580325-f91d8&tag=mlClick-5KtjDAu7&website=637673&eyeg=3&eyer=0.3184266111620442&eyei=0&eyew=1600&eyeh=1200&eyetd=210&eyef=redirecting5.eu
  • https://admoustache.media-412.com/sl?id=63ef5a2a8dec34873b6049c7&pid=503&sub1=33000eea685408cd5e936cdc8598a78f87e0a0514-202305-flb*5580325-f91d8*mlClick-5KtjDAu7*sl_5580325-f91d8*cc30e5dbbc6c6451cf...
  • https://yeah.achelous.mobi/rc/a91581ead4?affclick=6460edca36d2470001dd4380&pubid=503
2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://yeah.achelous.mobi/rc/a91581ead4?affclick=6460edca36d2470001dd4380&pubid=503
Requested by
Host: www.onemortrk.pics
URL: https://www.onemortrk.pics/?sl=5580325-f91d8&tag=mlClick-5KtjDAu7&website=637673
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
207353c647e9c53fa13dc3d58d8d79dc7a4f72b0f66115cde5151c4f63cf08ca

Request headers

Referer
https://www.onemortrk.pics/?sl=5580325-f91d8&tag=mlClick-5KtjDAu7&website=637673
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7c73c5d209371957-FRA
content-encoding
br
content-language
en-us
content-type
text/html; charset=utf-8
date
Sun, 14 May 2023 14:18:50 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Sv8cdcn8JDcJyNWLSuRkjipgIeTKbf%2BEQR6HRX0jTQLNgSbVjaeg7ITRcwGRPvc2JN05oNLXpBG5jMfTc2z7Z47kxySqR8B12tSZUlwgNK7JlOJyZstjh%2F1sk7nIJHbEUJrK3inS6fiSVkE4wjzVFgc%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding, Accept-Language, Cookie

Redirect headers

access-control-allow-origin
*
content-length
0
date
Sun, 14 May 2023 14:18:50 GMT
location
https://yeah.achelous.mobi/rc/a91581ead4?affclick=6460edca36d2470001dd4380&pubid=503
referer
referrer-policy
no-referrer
server
nginx
x-adjust-use-original-forwarded-for
1
redirect.css
cdn.addlnk.com/ 		1 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.addlnk.com/redirect.css
Requested by
Host: yeah.achelous.mobi
URL: https://yeah.achelous.mobi/rc/a91581ead4?affclick=6460edca36d2470001dd4380&pubid=503
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:4a8d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Sun, 14 May 2023 14:18:50 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
KPYPMKR87WVDDR5G
age
6467
cf-polished
origSize=1680
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
sdyeyOjO4qADE8twISrwU7928cky8WpEvqOoYxcGfmLM5QiMKH15++pL4Vm7UxnFSSwxMSTIZIo=
cf-bgj
minify
last-modified
Wed, 13 Mar 2019 00:03:12 GMT
server
cloudflare
etag
W/"3ae56d32551602b41f9046c14d1cfde2"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0331%2B0BbL5jYSmbYVXKmq4RCjLz7VrJLgu8g4HBE0GGvbvfDdNnE349qtQyFc1tToWFxqJJ8%2BFy3MQUXahfm3UA%2FVPUPZv9X%2FKEXoejAe%2Fm4sBbLMnLfJsTMok%2BRrkc1KwYV8XOCMDYq25jTJA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cf-ray
7c73c5d349635be5-FRA
v52afc6f149f6479b8c77fa569edb01181681764108816
static.cloudflareinsights.com/beacon.min.js/ 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.cloudflareinsights.com/beacon.min.js/v52afc6f149f6479b8c77fa569edb01181681764108816
Requested by
Host: yeah.achelous.mobi
URL: https://yeah.achelous.mobi/rc/a91581ead4?affclick=6460edca36d2470001dd4380&pubid=503
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:3965 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
13a548e040a1ec08f77911fed1d559b95e5daae0ee227e632140e003c7268e7b

Request headers

Referer
Origin
https://yeah.achelous.mobi
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Sun, 14 May 2023 14:18:50 GMT
content-encoding
gzip
last-modified
Mon, 17 Apr 2023 20:41:48 GMT
server
cloudflare
etag
W/2023.4.2
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
cf-ray
7c73c5d34af8366c-FRA
rum
yeah.achelous.mobi/cdn-cgi/ 		0
184 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://yeah.achelous.mobi/cdn-cgi/rum?
Requested by
Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v52afc6f149f6479b8c77fa569edb01181681764108816
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
content-type
application/json

Response headers

date
Sun, 14 May 2023 14:18:50 GMT
x-content-type-options
nosniff
server
cloudflare
vary
Origin
access-control-max-age
86400
access-control-allow-methods
POST,OPTIONS
access-control-allow-origin
https://yeah.achelous.mobi
x-frame-options
DENY
access-control-allow-credentials
true
cf-ray
7c73c5d3eb411957-FRA
/
rezi.turetou.com/ 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://rezi.turetou.com/?utm_medium=a2cfa69ba839c785a0b2d69b87f85a6e6ca0d8bb&utm_campaign=mainstream_redirect&1=a210515d&cid=pubf48066af5e7c4c6c9c1786c993d9a916&2=503
Requested by
Host: yeah.achelous.mobi
URL: https://yeah.achelous.mobi/rc/a91581ead4?affclick=6460edca36d2470001dd4380&pubid=503
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.212.184.146 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx / PHP/8.2.0
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate, max-age=0
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Sun, 14 May 2023 14:18:51 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://rezi.turetou.com/?utm_term=7233042457707937818&ver=4viyaptcjo
pragma
no-cache
server
nginx
vary
Accept-Encoding
x-powered-by
PHP/8.2.0
rum
yeah.achelous.mobi/cdn-cgi/ 		0
0
/
rezi.turetou.com/ 		8 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://rezi.turetou.com/?utm_term=7233042457707937818&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2f5f6f3f3f3f3f3e8efe8edeaebefe9e074
Requested by
Host: rezi.turetou.com
URL: https://rezi.turetou.com/?utm_medium=a2cfa69ba839c785a0b2d69b87f85a6e6ca0d8bb&utm_campaign=mainstream_redirect&1=a210515d&cid=pubf48066af5e7c4c6c9c1786c993d9a916&2=503
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.212.184.146 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx / PHP/8.2.0
Resource Hash
38620240d91052c56bdcc786490eefd93f83582d7ceda0e391a4e780ee7f0536
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains

Request headers

Referer
https://rezi.turetou.com/?utm_medium=a2cfa69ba839c785a0b2d69b87f85a6e6ca0d8bb&utm_campaign=mainstream_redirect&1=a210515d&cid=pubf48066af5e7c4c6c9c1786c993d9a916&2=503
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate, max-age=0
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Sun, 14 May 2023 14:18:51 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000; includeSubdomains
vary
Accept-Encoding
x-powered-by
PHP/8.2.0
proc.php
rezi.turetou.com/ 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://rezi.turetou.com/proc.php?7ddbd3aeda7cbeaf865c216bc5c2e1e337fcb87f
Requested by
Host: rezi.turetou.com
URL: https://rezi.turetou.com/?utm_term=7233042457707937818&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2f5f6f3f3f3f3f3e8efe8edeaebefe9e074
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.212.184.146 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx / PHP/8.2.0
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains

Request headers

Referer
https://rezi.turetou.com/?utm_term=7233042457707937818&ver=4viyaptcjo&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2f5f6f3f3f3f3f3e8efe8edeaebefe9e074
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate, max-age=0
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Sun, 14 May 2023 14:18:51 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://mtc.a60seftrk.click/0afb7170-3567-4e55-914f-3d23dd820aac?pid=13260-58e4d543-00e7196d&creative_id=[[creative_id]]&cid=M7233042457707937818&partner_ID=13260&pushid=[[pushid]]&subscription_freshness=[[subscription_freshness]]&subid=M7233042457707937818
pragma
no-cache
server
nginx
strict-transport-security
max-age=31536000; includeSubdomains
vary
Accept-Encoding
x-powered-by
PHP/8.2.0
Primary Request /
119613loading.giveawy.click/de-de/
Redirect Chain
  • https://mtc.a60seftrk.click/0afb7170-3567-4e55-914f-3d23dd820aac?pid=13260-58e4d543-00e7196d&creative_id=[[creative_id]]&cid=M7233042457707937818&partner_ID=13260&pushid=[[pushid]]&subscription_fre...
  • https://119613loading.giveawy.click/?domain=mtc.a60seftrk.click&cep=GlIXkMw8XuVuAzwkDdTE_lEsAa9okYz47gfCy2JoEtQSoBVlhEL_Hrz8BSpY-Cn0Vl2HGWomBjy0XyXLzCa88YQ38ClURxqJktl8S7cUrxg-DMEHMuc9I-FC0ippqBdUS...
  • https://119613loading.giveawy.click/de-de/?domain=mtc.a60seftrk.click&cep=GlIXkMw8XuVuAzwkDdTE_lEsAa9okYz47gfCy2JoEtQSoBVlhEL_Hrz8BSpY-Cn0Vl2HGWomBjy0XyXLzCa88YQ38ClURxqJktl8S7cUrxg-DMEHMuc9I-FC0ip...
2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://119613loading.giveawy.click/de-de/?domain=mtc.a60seftrk.click&cep=GlIXkMw8XuVuAzwkDdTE_lEsAa9okYz47gfCy2JoEtQSoBVlhEL_Hrz8BSpY-Cn0Vl2HGWomBjy0XyXLzCa88YQ38ClURxqJktl8S7cUrxg-DMEHMuc9I-FC0ippqBdUSK5injXjz3UnZlHuk6-DIlC416JKH56jBu56NAZwxBHoMrIfbPKTdiKQz1GBt89X8-dPQlE_cPu-Kxsxxgr-JlsM0i_MAgKRLr4lCbRNii-ziblQVQJ66mVC5IWR1iVwyOW0-4gniZ9JC637UVNHJHcrXVDZJB1m-l44QzTiL79fnL48Coqq--6UkBG5X8qBmLKgIcDFJpkhB2_UuVyq61-BeNxN7kl5RhpzVYjTCZ9r6jB_03PPT24VfBp0cIXvXFSWY-Epr57ifMnSNrAjhMvUojJKgZsjWhhEmmbaqSYQVtJPhq6FxG2573ViWzMu0_ejQ6xTIk0d31XZ4VsEhECIfJQG4fA6LQiU_Ced7aTskOJTWBiNuaHih0NBDNu3Mq8DHhu9OMalrStlfHXp5cpPBNIaIGN-xZIJTfTLu8_BdiN7O2Ayjwl9ZG1h62uUPuC0D6i9STI34pqx6SBYViuZt7RJdiN1dvbwsvMyeQk&lptoken=16ba841d07e357713155&pid=13260-58e4d543-00e7196d&creative_id=%5B%5Bcreative_id%5D%5D&cid=M7233042457707937818&partner_ID=13260&pushid=%5B%5Bpushid%5D%5D&subscription_freshness=%5B%5Bsubscription_freshness%5D%5D&subid=M7233042457707937818&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2f5f6f3f3f3f3f3e8efe8edeaebefe9e074
Requested by
Host: rezi.turetou.com
URL: https://rezi.turetou.com/proc.php?7ddbd3aeda7cbeaf865c216bc5c2e1e337fcb87f
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.3.33
Resource Hash
2d5a196f3fca5f242980b19e96623b46b83833b79a65843e871b4ab26de4cb4c

Request headers

Referer
https://rezi.turetou.com/proc.php?7ddbd3aeda7cbeaf865c216bc5c2e1e337fcb87f
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7c73c5da5fc93631-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sun, 14 May 2023 14:18:51 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
no-referrer
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yNsS%2F1HVRFD9IF7Nb3MBMAKDfLoOpIPcUI2SP5JWhF0LiGGyiVXmW2wVZ12eaF2pLEZrGiW6PG8Sqi8w%2FgWLtDGG9827gyuX6yk8dzyxTONBxwa0BYIyXpg%2B0DQghQa%2BrJvjqomYklY4nCDa7kIYX6Y45gbzl0i2PZs%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/7.3.33

Redirect headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7c73c5d9ff5e3631-FRA
content-type
text/html; charset=UTF-8
date
Sun, 14 May 2023 14:18:51 GMT
location
https://119613loading.giveawy.click/de-de/?domain=mtc.a60seftrk.click&cep=GlIXkMw8XuVuAzwkDdTE_lEsAa9okYz47gfCy2JoEtQSoBVlhEL_Hrz8BSpY-Cn0Vl2HGWomBjy0XyXLzCa88YQ38ClURxqJktl8S7cUrxg-DMEHMuc9I-FC0ippqBdUSK5injXjz3UnZlHuk6-DIlC416JKH56jBu56NAZwxBHoMrIfbPKTdiKQz1GBt89X8-dPQlE_cPu-Kxsxxgr-JlsM0i_MAgKRLr4lCbRNii-ziblQVQJ66mVC5IWR1iVwyOW0-4gniZ9JC637UVNHJHcrXVDZJB1m-l44QzTiL79fnL48Coqq--6UkBG5X8qBmLKgIcDFJpkhB2_UuVyq61-BeNxN7kl5RhpzVYjTCZ9r6jB_03PPT24VfBp0cIXvXFSWY-Epr57ifMnSNrAjhMvUojJKgZsjWhhEmmbaqSYQVtJPhq6FxG2573ViWzMu0_ejQ6xTIk0d31XZ4VsEhECIfJQG4fA6LQiU_Ced7aTskOJTWBiNuaHih0NBDNu3Mq8DHhu9OMalrStlfHXp5cpPBNIaIGN-xZIJTfTLu8_BdiN7O2Ayjwl9ZG1h62uUPuC0D6i9STI34pqx6SBYViuZt7RJdiN1dvbwsvMyeQk&lptoken=16ba841d07e357713155&pid=13260-58e4d543-00e7196d&creative_id=%5B%5Bcreative_id%5D%5D&cid=M7233042457707937818&partner_ID=13260&pushid=%5B%5Bpushid%5D%5D&subscription_freshness=%5B%5Bsubscription_freshness%5D%5D&subid=M7233042457707937818&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2f5f6f3f3f3f3f3e8efe8edeaebefe9e074
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ao9J41elCDhXeorohOFHcwvzgEzIhnSoX9XAeq%2Bkd9gI8A%2Fg2cZ8cSxUBJ6D3zvF6ZOHBHxG471Aw%2Fr61nMeuqp5GlSZvaTxfF1gdAuwxblc3aY0lTl3kuF8C993MSvIl%2FjmBCpg8toJXAcviooRxiKbvD%2FIKdX4Q4I%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/7.3.33
style.css
119613loading.giveawy.click/de-de/assets/css/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://119613loading.giveawy.click/de-de/assets/css/style.css
Requested by
Host: 119613loading.giveawy.click
URL: https://119613loading.giveawy.click/de-de/?domain=mtc.a60seftrk.click&cep=GlIXkMw8XuVuAzwkDdTE_lEsAa9okYz47gfCy2JoEtQSoBVlhEL_Hrz8BSpY-Cn0Vl2HGWomBjy0XyXLzCa88YQ38ClURxqJktl8S7cUrxg-DMEHMuc9I-FC0ippqBdUSK5injXjz3UnZlHuk6-DIlC416JKH56jBu56NAZwxBHoMrIfbPKTdiKQz1GBt89X8-dPQlE_cPu-Kxsxxgr-JlsM0i_MAgKRLr4lCbRNii-ziblQVQJ66mVC5IWR1iVwyOW0-4gniZ9JC637UVNHJHcrXVDZJB1m-l44QzTiL79fnL48Coqq--6UkBG5X8qBmLKgIcDFJpkhB2_UuVyq61-BeNxN7kl5RhpzVYjTCZ9r6jB_03PPT24VfBp0cIXvXFSWY-Epr57ifMnSNrAjhMvUojJKgZsjWhhEmmbaqSYQVtJPhq6FxG2573ViWzMu0_ejQ6xTIk0d31XZ4VsEhECIfJQG4fA6LQiU_Ced7aTskOJTWBiNuaHih0NBDNu3Mq8DHhu9OMalrStlfHXp5cpPBNIaIGN-xZIJTfTLu8_BdiN7O2Ayjwl9ZG1h62uUPuC0D6i9STI34pqx6SBYViuZt7RJdiN1dvbwsvMyeQk&lptoken=16ba841d07e357713155&pid=13260-58e4d543-00e7196d&creative_id=%5B%5Bcreative_id%5D%5D&cid=M7233042457707937818&partner_ID=13260&pushid=%5B%5Bpushid%5D%5D&subscription_freshness=%5B%5Bsubscription_freshness%5D%5D&subid=M7233042457707937818&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2f5f6f3f3f3f3f3e8efe8edeaebefe9e074
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a8a980567df89367fd442c3e0597b0f560ae059114a8b0dd5ac234d8d6383d57

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Sun, 14 May 2023 14:18:51 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3397
cf-polished
origSize=3927
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj
minify
last-modified
Mon, 20 Feb 2023 09:36:23 GMT
server
cloudflare
etag
W/"f57-5f51e65781dce"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c6blFxVGiGCw30qDcWolphdf9Kdwkzp2aM6rt34ItLYczHjWyTYsP%2BXAQ9JrmP1G%2BNEcIrmkcJIrkOln8suaaYr3ZzpLStN4jHG9XbPwu%2FXRfNUgO2zIJr%2BXhjtu0W9d0pkkwK1roN6tsRuw%2Bw64zraKP7jCrXDI7ZQ%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
7c73c5daaaaa5c44-FRA
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.2.1/ 		85 KB
85 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
Requested by
Host: 119613loading.giveawy.click
URL: https://119613loading.giveawy.click/de-de/?domain=mtc.a60seftrk.click&cep=GlIXkMw8XuVuAzwkDdTE_lEsAa9okYz47gfCy2JoEtQSoBVlhEL_Hrz8BSpY-Cn0Vl2HGWomBjy0XyXLzCa88YQ38ClURxqJktl8S7cUrxg-DMEHMuc9I-FC0ippqBdUSK5injXjz3UnZlHuk6-DIlC416JKH56jBu56NAZwxBHoMrIfbPKTdiKQz1GBt89X8-dPQlE_cPu-Kxsxxgr-JlsM0i_MAgKRLr4lCbRNii-ziblQVQJ66mVC5IWR1iVwyOW0-4gniZ9JC637UVNHJHcrXVDZJB1m-l44QzTiL79fnL48Coqq--6UkBG5X8qBmLKgIcDFJpkhB2_UuVyq61-BeNxN7kl5RhpzVYjTCZ9r6jB_03PPT24VfBp0cIXvXFSWY-Epr57ifMnSNrAjhMvUojJKgZsjWhhEmmbaqSYQVtJPhq6FxG2573ViWzMu0_ejQ6xTIk0d31XZ4VsEhECIfJQG4fA6LQiU_Ced7aTskOJTWBiNuaHih0NBDNu3Mq8DHhu9OMalrStlfHXp5cpPBNIaIGN-xZIJTfTLu8_BdiN7O2Ayjwl9ZG1h62uUPuC0D6i9STI34pqx6SBYViuZt7RJdiN1dvbwsvMyeQk&lptoken=16ba841d07e357713155&pid=13260-58e4d543-00e7196d&creative_id=%5B%5Bcreative_id%5D%5D&cid=M7233042457707937818&partner_ID=13260&pushid=%5B%5Bpushid%5D%5D&subscription_freshness=%5B%5Bsubscription_freshness%5D%5D&subid=M7233042457707937818&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2f5f6f3f3f3f3f3e8efe8edeaebefe9e074
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Thu, 11 May 2023 11:34:03 GMT
x-content-type-options
nosniff
age
269088
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
86659
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 10 May 2024 11:34:03 GMT
custom.min.js
119613loading.giveawy.click/de-de/assets/js/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://119613loading.giveawy.click/de-de/assets/js/custom.min.js
Requested by
Host: 119613loading.giveawy.click
URL: https://119613loading.giveawy.click/de-de/?domain=mtc.a60seftrk.click&cep=GlIXkMw8XuVuAzwkDdTE_lEsAa9okYz47gfCy2JoEtQSoBVlhEL_Hrz8BSpY-Cn0Vl2HGWomBjy0XyXLzCa88YQ38ClURxqJktl8S7cUrxg-DMEHMuc9I-FC0ippqBdUSK5injXjz3UnZlHuk6-DIlC416JKH56jBu56NAZwxBHoMrIfbPKTdiKQz1GBt89X8-dPQlE_cPu-Kxsxxgr-JlsM0i_MAgKRLr4lCbRNii-ziblQVQJ66mVC5IWR1iVwyOW0-4gniZ9JC637UVNHJHcrXVDZJB1m-l44QzTiL79fnL48Coqq--6UkBG5X8qBmLKgIcDFJpkhB2_UuVyq61-BeNxN7kl5RhpzVYjTCZ9r6jB_03PPT24VfBp0cIXvXFSWY-Epr57ifMnSNrAjhMvUojJKgZsjWhhEmmbaqSYQVtJPhq6FxG2573ViWzMu0_ejQ6xTIk0d31XZ4VsEhECIfJQG4fA6LQiU_Ced7aTskOJTWBiNuaHih0NBDNu3Mq8DHhu9OMalrStlfHXp5cpPBNIaIGN-xZIJTfTLu8_BdiN7O2Ayjwl9ZG1h62uUPuC0D6i9STI34pqx6SBYViuZt7RJdiN1dvbwsvMyeQk&lptoken=16ba841d07e357713155&pid=13260-58e4d543-00e7196d&creative_id=%5B%5Bcreative_id%5D%5D&cid=M7233042457707937818&partner_ID=13260&pushid=%5B%5Bpushid%5D%5D&subscription_freshness=%5B%5Bsubscription_freshness%5D%5D&subid=M7233042457707937818&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2f5f6f3f3f3f3f3e8efe8edeaebefe9e074
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.3.33
Resource Hash
f9b8171f9f3ca928be11698b6599d56bbd2035b5bd583f75df6f26972bb5ca6c

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Sun, 14 May 2023 14:18:51 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sun, 14 May 2023 14:00:15 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
1116
x-powered-by
PHP/7.3.33
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aoMiSMhB8gRNBiqtWeR7uzvO%2F9JsUnGb7s8IZ73fdcRzPm1em1kc3617hxdiEIYWEJRcLLyOHidAh%2FQk1T1uCgXbd1pxulDvWSTuIhqFiHTsoPNC6lyRI5yxJ8lKPex1dUl3ltEhCEiNJsjOXcy6ydSx6WxU4fQ9mkQ%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
cache-control
max-age=14400
cf-ray
7c73c5daaaab5c44-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
hp
mtc.a60seftrk.click/ 		382 B
519 B 		Script
General
Check archive.org
Download Go to
Full URL
https://mtc.a60seftrk.click/hp
Requested by
Host: 119613loading.giveawy.click
URL: https://119613loading.giveawy.click/de-de/assets/js/custom.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.195.23.231 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-23-231.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 14 May 2023 14:18:52 GMT
cache-control
no-store, no-cache, pre-check=0, post-check=0
server
nginx
expires
Thu, 01 Jan 1970 00:00:00 GMT
js15_as.js
s10.histats.com/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s10.histats.com/js15_as.js
Requested by
Host: 119613loading.giveawy.click
URL: https://119613loading.giveawy.click/de-de/?domain=mtc.a60seftrk.click&cep=GlIXkMw8XuVuAzwkDdTE_lEsAa9okYz47gfCy2JoEtQSoBVlhEL_Hrz8BSpY-Cn0Vl2HGWomBjy0XyXLzCa88YQ38ClURxqJktl8S7cUrxg-DMEHMuc9I-FC0ippqBdUSK5injXjz3UnZlHuk6-DIlC416JKH56jBu56NAZwxBHoMrIfbPKTdiKQz1GBt89X8-dPQlE_cPu-Kxsxxgr-JlsM0i_MAgKRLr4lCbRNii-ziblQVQJ66mVC5IWR1iVwyOW0-4gniZ9JC637UVNHJHcrXVDZJB1m-l44QzTiL79fnL48Coqq--6UkBG5X8qBmLKgIcDFJpkhB2_UuVyq61-BeNxN7kl5RhpzVYjTCZ9r6jB_03PPT24VfBp0cIXvXFSWY-Epr57ifMnSNrAjhMvUojJKgZsjWhhEmmbaqSYQVtJPhq6FxG2573ViWzMu0_ejQ6xTIk0d31XZ4VsEhECIfJQG4fA6LQiU_Ced7aTskOJTWBiNuaHih0NBDNu3Mq8DHhu9OMalrStlfHXp5cpPBNIaIGN-xZIJTfTLu8_BdiN7O2Ayjwl9ZG1h62uUPuC0D6i9STI34pqx6SBYViuZt7RJdiN1dvbwsvMyeQk&lptoken=16ba841d07e357713155&pid=13260-58e4d543-00e7196d&creative_id=%5B%5Bcreative_id%5D%5D&cid=M7233042457707937818&partner_ID=13260&pushid=%5B%5Bpushid%5D%5D&subscription_freshness=%5B%5Bsubscription_freshness%5D%5D&subid=M7233042457707937818&utm_content=fdc2c69a9cafac9c949390a197959495ba88b8ccbecabcbd83858081b6868685ba8bb889be8f8cbc828380ede7e9e0f6f9fae8fcb3efeef4fff2e2e896a694d285848f858bcfa58381cde0d3d2e7d6d1fafbf88d8c8a99fdf2c2f0c0c0c7c4f5fbf9f8f9cecfcccdc2f5f6f3f3f3f3f3e8efe8edeaebefe9e074
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4fe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date
Sun, 14 May 2023 14:18:52 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 16 Apr 2020 10:44:16 GMT
server
cloudflare
age
5059
etag
W/"5e983700-2cb0"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400
cf-ray
7c73c5db6c03365f-FRA
0.php
s4.histats.com/stats/ 		52 B
186 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s4.histats.com/stats/0.php?4735387&@f16&@g1&@h1&@i1&@j1684073932104&@k0&@l1&@mLaden&@n0&@ohttps%3A%2F%2Frezi.turetou.com%2F&@q0&@r0&@s0&@ten-US&@u1600&@b1:77098940&@b3:1684073932&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2F119613loading.giveawy.click%2Fde-de%2F%3Fdomain%3Dmtc.a60seftrk.click%26cep%3DGlIXkMw8XuVuAzwkDdTE_lEsAa9okYz47gfCy2JoEtQSoBVlhEL_Hrz8BSpY-Cn0Vl2HGWomBjy0XyXLzCa88YQ38ClURxqJktl8S7cUrxg-DMEHMuc9I-FC0ippqBdUSK5injXjz3UnZlHuk6-DIlC416JKH56jBu56NAZwxBHoMrIfbPKTdiKQz1GBt89X8-dPQlE_cPu-Kxsxxgr-JlsM0i_MAgKRLr4lCbRNii-ziblQVQJ66mVC5IWR1iVwyOW0-4gniZ9JC637UVNHJHcrXVDZJB1m-l44QzTiL79fnL48Coqq--6UkBG5X8qBmLKgIcDFJpkhB2_UuVyq61-BeNxN7kl5RhpzVYjTCZ9r6jB_03PPT24VfBp0cIXvXFSWY-Epr57ifMnSNrAjhMvUojJKgZsjWhhEmmbaqS&@w
Requested by
Host: s10.histats.com
URL: https://s10.histats.com/js15_as.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.39.128.117 Beauharnois, Canada, ASN16276 (OVH, FR),
Reverse DNS
ns561935.ip-54-39-128.net
Software
/
Resource Hash
06a8b9e114de58b2701bc55a284cab90b68735b8f124e121be9dc89ce84924b5

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date
Sun, 14 May 2023 14:18:52 GMT
Connection
close
Content-Length
52
Content-Type
text/html;charset=UTF-8

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
yeah.achelous.mobi
URL
https://yeah.achelous.mobi/cdn-cgi/rum?

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless function| move function| $ function| jQuery function| getURLParameter function| go string| AFKClickUrl object| _Hasync object| container object| link function| chfh function| chfh2 string| _HST_cntval object| Histats object| _HistatsCounterGraphics_0_setValues

18 Cookies

Domain/Path Name / Value
redirecting5.eu/ Name: ab86779afaa51e47dadd00830d4bacef
Value: ab86779afaa51e47dadd00830d4bacef
.redirecting5.eu/ Name: _ga
Value: GA1.2.940422101.1684073930
.redirecting5.eu/ Name: _gid
Value: GA1.2.124844941.1684073930
.redirecting5.eu/ Name: _gat
Value: 1
admoustache.media-412.com/ Name: afclick
Value: 6460edca36d2470001dd4380
yeah.achelous.mobi/ Name: AWSALB
Value: VEmWtd7wXojS7xbyz2/OVNejcBmsKpmBuwDBSqxWPdIxwVnGEaLiqlafNMMS8x2neGgYb1dnriB58R2PmhNSK4fTo6KAAd4Lcy+HzQg9/J/udbPCfNpBHfWEx5i2
rezi.turetou.com/ Name: u
Value: 04a3434079110271fa9dc62ee5ba6ddf
rezi.turetou.com/ Name: split
Value: a
.mtc.a60seftrk.click/ Name: 0afb7170-3567-4e55-914f-3d23dd820aac-v4
Value: NN9svdaBXSVY4_Fe_yxJrHF-qiLxarSiftr700TWYt8
.mtc.a60seftrk.click/ Name: cep-v4
Value: K21kfHOL-ikdPW09S20o-K3uSlhFJg-_CGvx6egezaRv7V8-q3l1MzvCGtdUHRAlBB6kMvqWYrQ5aLVO-0uuXXRZvLleddWQAcJ5waTOL-JMDouk-wIhjwVp6HXQljaGKiD76m1xayNekCxMgRhl6GVl4y4mlhRlyyGBe3j_Lj18kKIJyV-eYJeuSCYnwEke8m3fwnsafQevjpY8Poq89NCbKuPUHqRMocSQaAmm7ZMEgcQf_a-PwT_lVK76S9lDAT0mM3wYcdmYjQCRMJFPQ5wFkiEvJUKBJMb4wfWfQHvoVglwDXm-JjWCSl8hI27eakHIrQMQMOCAc5JVxdZb4_wCS3mMJ7LwlOeXXfD8DrhLFq3EYW-iLRiWbFZs-qNBVzmovFhiBfn16THNTgNEb2qGOyWqvritWuILSfvSKI8VyITtYPFUFqeaLz6foMG6JgEpDK89Ex6swXpGpph6rKBpR0HxgVSYM7cP_S1Y03FAOEWd7hL6oLfr0k25PzDVw_T0gpjN2Ra6AtHnIpFt_JQiD15YC0vIvB7YdLakhVROl1sGyBX215Xb6sk9QCpIQ-iqugviialtPR7RBfDur7TCcnJ9JSw1dvwcL-Ugpuo
119613loading.giveawy.click/ Name: HstCfa4735387
Value: 1684073932104
119613loading.giveawy.click/ Name: HstCla4735387
Value: 1684073932104
119613loading.giveawy.click/ Name: HstCmu4735387
Value: 1684073932104
119613loading.giveawy.click/ Name: HstPn4735387
Value: 1
119613loading.giveawy.click/ Name: HstPt4735387
Value: 1
119613loading.giveawy.click/ Name: HstCnv4735387
Value: 1
119613loading.giveawy.click/ Name: HstCns4735387
Value: 1
119613loading.giveawy.click/ Name: c_ref_4735387
Value: https%3A%2F%2Frezi.turetou.com%2F

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

119613loading.giveawy.click
admoustache.media-412.com
ajax.googleapis.com
cdn.addlnk.com
mtc.a60seftrk.click
redirecting5.eu
rezi.turetou.com
s10.histats.com
s4.histats.com
static.cloudflareinsights.com
stats.g.doubleclick.net
www.google-analytics.com
www.onemortrk.pics
yeah.achelous.mobi
yeah.achelous.mobi
18.195.23.231
2606:4700:10::6816:4fe
2606:4700:3030::6815:4a8d
2606:4700:3035::6815:436b
2606:4700::6810:3965
2a00:1450:4001:812::200e
2a00:1450:4001:82b::200a
2a00:1450:400c:c07::9b
2a06:98c1:3120::3
34.90.46.36
51.68.85.158
54.39.128.117
67.212.184.146
06a8b9e114de58b2701bc55a284cab90b68735b8f124e121be9dc89ce84924b5
13a548e040a1ec08f77911fed1d559b95e5daae0ee227e632140e003c7268e7b
1d685538334a6762f8c278c2274cb62dfdc47c59ba5968562dddf4f96d808aee
207353c647e9c53fa13dc3d58d8d79dc7a4f72b0f66115cde5151c4f63cf08ca
2d5a196f3fca5f242980b19e96623b46b83833b79a65843e871b4ab26de4cb4c
2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede
31b864e3d6110e1051c6f997f8f37c5ec13c795a07dcb91b45b6690af45ad170
38620240d91052c56bdcc786490eefd93f83582d7ceda0e391a4e780ee7f0536
3c6de59ac3d3af5a933097175b25928d4540b04d1d233f34f5668ddfd1d8e640
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
a2360f05aaa5110f0891046d08ab93ee8bfd6249debd8d8c1d173eac2dd5e172
a8a980567df89367fd442c3e0597b0f560ae059114a8b0dd5ac234d8d6383d57
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
f9b8171f9f3ca928be11698b6599d56bbd2035b5bd583f75df6f26972bb5ca6c