urlscan.io logo urlscan.io
SecurityTrails logo

www.info-reifefrauen.com Open in urlscan Pro
2606:4700:4400::6812:27d7  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://tracking.sayhitosamantha.com/tracking/click?d=LdT8bX4yDpuVkhjcM4x2R0xPxFRcZb8OV8jyJi9Wm1RpJLlYvWQNqS3_uJCrlqtdEm-9939TUFTUFss...
Effective URL: https://www.info-reifefrauen.com/landing/shx8000?subPublisher=popunder:47&zone=popunder:47&adformat=push&auctionid=63570cd790f90-...
Submission: On October 24 via manual from US — Scanned from FR
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 4 countries across 8 domains to perform 15 HTTP transactions. The main IP is 2606:4700:4400::6812:27d7, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.info-reifefrauen.com.
TLS certificate: Issued by E1 on September 13th 2022. Valid for: 3 months.
This is the only time www.info-reifefrauen.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 164.132.95.123 16276 (OVH)
1 1 142.93.114.237 14061 (DIGITALOC...)
1 1 34.107.223.80 396982 (GOOGLE-CL...)
2 2 52.48.70.71 16509 (AMAZON-02)
1 2606:4700:440... 13335 (CLOUDFLAR...)
7 2606:4700:440... 13335 (CLOUDFLAR...)
6 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
15 4
1    164.132.95.123 (France)

ASN16276 (OVH, FR)
PTR: ip123.ip-164-132-95.eu
tracking.sayhitosamantha.com
1    142.93.114.237 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
alwaysbeemailing.com
1    34.107.223.80 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 80.223.107.34.bc.googleusercontent.com
www.xn3j2k.com
2    52.48.70.71 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-48-70-71.eu-west-1.compute.amazonaws.com
eu-adsrv.rtbsuperhub.com
1    2606:4700:4400::6812:27d7 (United States)

ASN13335 (CLOUDFLARENET, US)
www.info-reifefrauen.com
7    2606:4700:4400::6812:2785 (United States)

ASN13335 (CLOUDFLARENET, US)
lpmedia.servefilesonly.com
6    2606:4700::6812:e134 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.onesignal.com
onesignal.com
img.onesignal.com
1    2a00:1450:4001:809::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
Apex Domain
Subdomains		 Transfer
7 servefilesonly.com
lpmedia.servefilesonly.com — Cisco Umbrella Rank: 183835
1 MB
6 onesignal.com
cdn.onesignal.com — Cisco Umbrella Rank: 3463
onesignal.com — Cisco Umbrella Rank: 1191
img.onesignal.com — Cisco Umbrella Rank: 6986
90 KB
2 rtbsuperhub.com
eu-adsrv.rtbsuperhub.com — Cisco Umbrella Rank: 57856
1 KB
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 306
85 KB
1 info-reifefrauen.com
www.info-reifefrauen.com
4 KB
1 xn3j2k.com
www.xn3j2k.com
404 B
1 alwaysbeemailing.com
alwaysbeemailing.com
407 B
1 sayhitosamantha.com
tracking.sayhitosamantha.com
681 B
15 8
Domain Requested by
7 lpmedia.servefilesonly.com www.info-reifefrauen.com
3 onesignal.com cdn.onesignal.com
2 cdn.onesignal.com www.info-reifefrauen.com
cdn.onesignal.com
2 eu-adsrv.rtbsuperhub.com 2 redirects
1 img.onesignal.com
1 ajax.googleapis.com www.info-reifefrauen.com
1 www.info-reifefrauen.com
1 www.xn3j2k.com 1 redirects
1 alwaysbeemailing.com 1 redirects
1 tracking.sayhitosamantha.com 1 redirects
15 10

This site contains no links.

Subject Issuer Validity Valid
*.info-reifefrauen.com
E1		 2022-09-13 -
2022-12-12		 3 months crt.sh
*.servefilesonly.com
E1		 2022-10-22 -
2023-01-20		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-06-03 -
2023-06-02		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2022-09-26 -
2022-12-19		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.info-reifefrauen.com/landing/shx8000?subPublisher=popunder:47&zone=popunder:47&adformat=push&auctionid=63570cd790f90-354295&uniqueid=f1fa764c129881e88c3a8a0ce78c9dea&name=4259_push_fra_desktop_FilthyAds_Funnel&newservice=true&cmsid=landing--shx8000--landing--mc6105&tpcampid=9523f9b1-0984-49cb-aa2d-c51de874b777&imp_tagid=4259_push_fra_desktop_FilthyAds_Funnel&uid=TP-63570cd790ebd9.17489314&campaign_lp=1:landing--shx8000--landing--mc6105&product=fetooweb&zz=true&nextPage=/landing/mc6105&ur-api-fetch-hitid=true
Frame ID: 0F935E700B87836AA06EDE9FAB6FBC45
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

info-reifefrauen.com

Page URL History Show full URLs

  1. http://tracking.sayhitosamantha.com/tracking/click?d=LdT8bX4yDpuVkhjcM4x2R0xPxFRcZb8OV8jyJi9Wm1RpJLlYvWQNqS3_uJC... HTTP 302
    https://alwaysbeemailing.com/campaigns/bw2016m1x18c5/track-url/tf309q9czs48e/26d3606414501082fc2f7bdc7824... HTTP 301
    https://www.xn3j2k.com/cmp/25QN58/25D7F3/?source_id=msp&sub1=bw2016m1x18c5&sub2=sayhitosamantha&sub... HTTP 302
    https://eu-adsrv.rtbsuperhub.com/ir/?placement=8ba6f30d-635a-4292-ac16-504de8d18b50&subPublisher=47 HTTP 302
    https://eu-adsrv.rtbsuperhub.com/click/?subPublisher=popunder:47&zone=popunder:47&adformat=push&auctionid=635... HTTP 302
    https://www.info-reifefrauen.com/landing/shx8000?subPublisher=popunder:47&zone=popunder:47&adformat=push&auct... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • cdn\.onesignal\.com
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

15
Requests

100 %
HTTPS

50 %
IPv6

8
Domains

10
Subdomains

4
IPs

4
Countries

1393 kB
Transfer

1710 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://tracking.sayhitosamantha.com/tracking/click?d=LdT8bX4yDpuVkhjcM4x2R0xPxFRcZb8OV8jyJi9Wm1RpJLlYvWQNqS3_uJCrlqtdEm-9939TUFTUFssvJR7qB-o1O1RKnG56F5OT0uXOx7F1FFPeYAwhHzpRaqOw2-yjm3TVir7-niCCjJbXnF550AxpEoXCYEk5e1-aKMQ25_-3G79DRRAyGD5hDdnBAXOMVK4Y7ZIEI9UaOwO4kVFwMeWOonfnoEwUF5GIlygNHQ863N3Mny9gdlSvDBFgCroeHA2 HTTP 302
    https://alwaysbeemailing.com/campaigns/bw2016m1x18c5/track-url/tf309q9czs48e/26d3606414501082fc2f7bdc7824fc10d2c557cd HTTP 301
    https://www.xn3j2k.com/cmp/25QN58/25D7F3/?source_id=msp&sub1=bw2016m1x18c5&sub2=sayhitosamantha&sub3=griffinjade8@gmail.com&sub4=abe HTTP 302
    https://eu-adsrv.rtbsuperhub.com/ir/?placement=8ba6f30d-635a-4292-ac16-504de8d18b50&subPublisher=47 HTTP 302
    https://eu-adsrv.rtbsuperhub.com/click/?subPublisher=popunder:47&zone=popunder:47&adformat=push&auctionid=63570cd790f90-354295&uniqueid=f1fa764c129881e88c3a8a0ce78c9dea&name=4259_push_fra_desktop_FilthyAds_Funnel&newservice=true&cmsid=landing--shx8000--landing--mc6105&tpcampid=9523f9b1-0984-49cb-aa2d-c51de874b777&imp_tagid=4259_push_fra_desktop_FilthyAds_Funnel&uid=TP-63570cd790ebd9.17489314&campaign_lp=1:landing--shx8000--landing--mc6105&product=fetooweb HTTP 302
    https://www.info-reifefrauen.com/landing/shx8000?subPublisher=popunder:47&zone=popunder:47&adformat=push&auctionid=63570cd790f90-354295&uniqueid=f1fa764c129881e88c3a8a0ce78c9dea&name=4259_push_fra_desktop_FilthyAds_Funnel&newservice=true&cmsid=landing--shx8000--landing--mc6105&tpcampid=9523f9b1-0984-49cb-aa2d-c51de874b777&imp_tagid=4259_push_fra_desktop_FilthyAds_Funnel&uid=TP-63570cd790ebd9.17489314&campaign_lp=1:landing--shx8000--landing--mc6105&product=fetooweb&zz=true&nextPage=/landing/mc6105&ur-api-fetch-hitid=true Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request shx8000
www.info-reifefrauen.com/landing/
Redirect Chain
  • http://tracking.sayhitosamantha.com/tracking/click?d=LdT8bX4yDpuVkhjcM4x2R0xPxFRcZb8OV8jyJi9Wm1RpJLlYvWQNqS3_uJCrlqtdEm-9939TUFTUFssvJR7qB-o1O1RKnG56F5OT0uXOx7F1FFPeYAwhHzpRaqOw2-yjm3TVir7-niCCjJbX...
  • https://alwaysbeemailing.com/campaigns/bw2016m1x18c5/track-url/tf309q9czs48e/26d3606414501082fc2f7bdc7824fc10d2c557cd
  • https://www.xn3j2k.com/cmp/25QN58/25D7F3/?source_id=msp&sub1=bw2016m1x18c5&sub2=sayhitosamantha&sub3=griffinjade8@gmail.com&sub4=abe
  • https://eu-adsrv.rtbsuperhub.com/ir/?placement=8ba6f30d-635a-4292-ac16-504de8d18b50&subPublisher=47
  • https://eu-adsrv.rtbsuperhub.com/click/?subPublisher=popunder:47&zone=popunder:47&adformat=push&auctionid=63570cd790f90-354295&uniqueid=f1fa764c129881e88c3a8a0ce78c9dea&name=4259_push_fra_desktop_F...
  • https://www.info-reifefrauen.com/landing/shx8000?subPublisher=popunder:47&zone=popunder:47&adformat=push&auctionid=63570cd790f90-354295&uniqueid=f1fa764c129881e88c3a8a0ce78c9dea&name=4259_push_fra_...
12 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.info-reifefrauen.com/landing/shx8000?subPublisher=popunder:47&zone=popunder:47&adformat=push&auctionid=63570cd790f90-354295&uniqueid=f1fa764c129881e88c3a8a0ce78c9dea&name=4259_push_fra_desktop_FilthyAds_Funnel&newservice=true&cmsid=landing--shx8000--landing--mc6105&tpcampid=9523f9b1-0984-49cb-aa2d-c51de874b777&imp_tagid=4259_push_fra_desktop_FilthyAds_Funnel&uid=TP-63570cd790ebd9.17489314&campaign_lp=1:landing--shx8000--landing--mc6105&product=fetooweb&zz=true&nextPage=/landing/mc6105&ur-api-fetch-hitid=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:27d7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4529d445e31e4da09a50b3b5f6256e450772ecdae928c391435ac89524e8969d

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

access-control-allow-headers
X-Requested-With, Content-Type, Accept, Origin, Authorization
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS, HEAD
access-control-allow-origin
*
cache-control
max-age=0, private, must-revalidate no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-cache-status
DYNAMIC
cf-ray
75f607e42ee5f868-CDG
content-encoding
br
content-type
text/html; charset=UTF-8
date
Mon, 24 Oct 2022 22:08:23 GMT
pragma
no-cache
server
cloudflare
vary
Accept-Encoding

Redirect headers

Connection
keep-alive
Content-Length
0
Content-Type
text/html; charset=UTF-8
Date
Mon, 24 Oct 2022 22:08:23 GMT
Location
https://www.info-reifefrauen.com/landing/shx8000?subPublisher=popunder:47&zone=popunder:47&adformat=push&auctionid=63570cd790f90-354295&uniqueid=f1fa764c129881e88c3a8a0ce78c9dea&name=4259_push_fra_desktop_FilthyAds_Funnel&newservice=true&cmsid=landing--shx8000--landing--mc6105&tpcampid=9523f9b1-0984-49cb-aa2d-c51de874b777&imp_tagid=4259_push_fra_desktop_FilthyAds_Funnel&uid=TP-63570cd790ebd9.17489314&campaign_lp=1:landing--shx8000--landing--mc6105&product=fetooweb&zz=true&nextPage=/landing/mc6105&ur-api-fetch-hitid=true
Server
nginx/1.20.0
style.css
lpmedia.servefilesonly.com/style/mb/mlp88/ 		4 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://lpmedia.servefilesonly.com/style/mb/mlp88/style.css
Requested by
Host: www.info-reifefrauen.com
URL: https://www.info-reifefrauen.com/landing/shx8000?subPublisher=popunder:47&zone=popunder:47&adformat=push&auctionid=63570cd790f90-354295&uniqueid=f1fa764c129881e88c3a8a0ce78c9dea&name=4259_push_fra_desktop_FilthyAds_Funnel&newservice=true&cmsid=landing--shx8000--landing--mc6105&tpcampid=9523f9b1-0984-49cb-aa2d-c51de874b777&imp_tagid=4259_push_fra_desktop_FilthyAds_Funnel&uid=TP-63570cd790ebd9.17489314&campaign_lp=1:landing--shx8000--landing--mc6105&product=fetooweb&zz=true&nextPage=/landing/mc6105&ur-api-fetch-hitid=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2785 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3fd07a0ea5369253ba76769db3d35d8dac7f3fc32d957bc8a9ca7e23ae989ba5

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://www.info-reifefrauen.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Mon, 24 Oct 2022 22:08:23 GMT
content-encoding
gzip
cf-cache-status
HIT
cf-bgj
minify
last-modified
Mon, 24 Oct 2022 08:22:33 GMT
server
cloudflare
age
15299
cf-polished
origSize=4882
etag
W/"63564b49-1312"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=43200
cf-ray
75f607e5783fd3a3-CDG
expires
Tue, 25 Oct 2022 10:08:23 GMT
vegas.min.css
lpmedia.servefilesonly.com/style/mb/mlp88/ 		9 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://lpmedia.servefilesonly.com/style/mb/mlp88/vegas.min.css
Requested by
Host: www.info-reifefrauen.com
URL: https://www.info-reifefrauen.com/landing/shx8000?subPublisher=popunder:47&zone=popunder:47&adformat=push&auctionid=63570cd790f90-354295&uniqueid=f1fa764c129881e88c3a8a0ce78c9dea&name=4259_push_fra_desktop_FilthyAds_Funnel&newservice=true&cmsid=landing--shx8000--landing--mc6105&tpcampid=9523f9b1-0984-49cb-aa2d-c51de874b777&imp_tagid=4259_push_fra_desktop_FilthyAds_Funnel&uid=TP-63570cd790ebd9.17489314&campaign_lp=1:landing--shx8000--landing--mc6105&product=fetooweb&zz=true&nextPage=/landing/mc6105&ur-api-fetch-hitid=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2785 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6c4ce7fffb10a410f05c76b535c449d11aee36719d7b2a090fce99c87c0af5ba

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://www.info-reifefrauen.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Mon, 24 Oct 2022 22:08:23 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Mon, 24 Oct 2022 08:22:33 GMT
server
cloudflare
age
15299
etag
W/"63564b49-2541"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=43200
cf-ray
75f607e57843d3a3-CDG
expires
Tue, 25 Oct 2022 10:08:23 GMT
OneSignalSDK.js
cdn.onesignal.com/sdks/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.onesignal.com/sdks/OneSignalSDK.js
Requested by
Host: www.info-reifefrauen.com
URL: https://www.info-reifefrauen.com/landing/shx8000?subPublisher=popunder:47&zone=popunder:47&adformat=push&auctionid=63570cd790f90-354295&uniqueid=f1fa764c129881e88c3a8a0ce78c9dea&name=4259_push_fra_desktop_FilthyAds_Funnel&newservice=true&cmsid=landing--shx8000--landing--mc6105&tpcampid=9523f9b1-0984-49cb-aa2d-c51de874b777&imp_tagid=4259_push_fra_desktop_FilthyAds_Funnel&uid=TP-63570cd790ebd9.17489314&campaign_lp=1:landing--shx8000--landing--mc6105&product=fetooweb&zz=true&nextPage=/landing/mc6105&ur-api-fetch-hitid=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:e134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d12c6745eca14e06d4dea70f4c2bd875769b349770d04300477ab18d0db005d4
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://www.info-reifefrauen.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Mon, 24 Oct 2022 22:08:24 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
server
cloudflare
strict-transport-security
max-age=15552000; includeSubDomains
age
2693
etag
W/"ae63ef8ff03da61fffaa7f165729897a"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=259200
cf-ray
75f607e5f8a1d550-CDG
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Thu, 27 Oct 2022 22:08:23 GMT
jessie.gif
lpmedia.servefilesonly.com/img/mb/mlp88/ 		955 KB
957 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lpmedia.servefilesonly.com/img/mb/mlp88/jessie.gif
Requested by
Host: www.info-reifefrauen.com
URL: https://www.info-reifefrauen.com/landing/shx8000?subPublisher=popunder:47&zone=popunder:47&adformat=push&auctionid=63570cd790f90-354295&uniqueid=f1fa764c129881e88c3a8a0ce78c9dea&name=4259_push_fra_desktop_FilthyAds_Funnel&newservice=true&cmsid=landing--shx8000--landing--mc6105&tpcampid=9523f9b1-0984-49cb-aa2d-c51de874b777&imp_tagid=4259_push_fra_desktop_FilthyAds_Funnel&uid=TP-63570cd790ebd9.17489314&campaign_lp=1:landing--shx8000--landing--mc6105&product=fetooweb&zz=true&nextPage=/landing/mc6105&ur-api-fetch-hitid=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2785 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
460dc647b59421d057dc7422977bbee6d33b7c7b2f8d11a60a79dca9a4ffcecc

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://www.info-reifefrauen.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Mon, 24 Oct 2022 22:08:24 GMT
cf-cache-status
MISS
last-modified
Mon, 24 Oct 2022 08:22:00 GMT
server
cloudflare
etag
"63564b28-eed70"
vary
Accept-Encoding
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=43200
accept-ranges
bytes
cf-ray
75f607e59874d3a3-CDG
content-length
978288
expires
Tue, 25 Oct 2022 10:08:24 GMT
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.1.1/ 		85 KB
85 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js
Requested by
Host: www.info-reifefrauen.com
URL: https://www.info-reifefrauen.com/landing/shx8000?subPublisher=popunder:47&zone=popunder:47&adformat=push&auctionid=63570cd790f90-354295&uniqueid=f1fa764c129881e88c3a8a0ce78c9dea&name=4259_push_fra_desktop_FilthyAds_Funnel&newservice=true&cmsid=landing--shx8000--landing--mc6105&tpcampid=9523f9b1-0984-49cb-aa2d-c51de874b777&imp_tagid=4259_push_fra_desktop_FilthyAds_Funnel&uid=TP-63570cd790ebd9.17489314&campaign_lp=1:landing--shx8000--landing--mc6105&product=fetooweb&zz=true&nextPage=/landing/mc6105&ur-api-fetch-hitid=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://www.info-reifefrauen.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Sat, 22 Oct 2022 10:14:18 GMT
x-content-type-options
nosniff
age
215646
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
86709
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 22 Oct 2023 10:14:18 GMT
vegas.min.js
lpmedia.servefilesonly.com/js/mb/mlp88/ 		10 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lpmedia.servefilesonly.com/js/mb/mlp88/vegas.min.js
Requested by
Host: www.info-reifefrauen.com
URL: https://www.info-reifefrauen.com/landing/shx8000?subPublisher=popunder:47&zone=popunder:47&adformat=push&auctionid=63570cd790f90-354295&uniqueid=f1fa764c129881e88c3a8a0ce78c9dea&name=4259_push_fra_desktop_FilthyAds_Funnel&newservice=true&cmsid=landing--shx8000--landing--mc6105&tpcampid=9523f9b1-0984-49cb-aa2d-c51de874b777&imp_tagid=4259_push_fra_desktop_FilthyAds_Funnel&uid=TP-63570cd790ebd9.17489314&campaign_lp=1:landing--shx8000--landing--mc6105&product=fetooweb&zz=true&nextPage=/landing/mc6105&ur-api-fetch-hitid=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2785 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f429d68fdbafa7014fe049bcae44fdec1e4cdd61c9de788b79c1b0bb57999188

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://www.info-reifefrauen.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Mon, 24 Oct 2022 22:08:23 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Mon, 24 Oct 2022 08:22:01 GMT
server
cloudflare
age
15299
etag
W/"63564b29-26ba"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=43200
cf-ray
75f607e5986fd3a3-CDG
expires
Tue, 25 Oct 2022 10:08:23 GMT
app.js
lpmedia.servefilesonly.com/js/mb/mlp88/ 		2 KB
799 B 		Script
General
Check archive.org
Download Go to
Full URL
https://lpmedia.servefilesonly.com/js/mb/mlp88/app.js
Requested by
Host: www.info-reifefrauen.com
URL: https://www.info-reifefrauen.com/landing/shx8000?subPublisher=popunder:47&zone=popunder:47&adformat=push&auctionid=63570cd790f90-354295&uniqueid=f1fa764c129881e88c3a8a0ce78c9dea&name=4259_push_fra_desktop_FilthyAds_Funnel&newservice=true&cmsid=landing--shx8000--landing--mc6105&tpcampid=9523f9b1-0984-49cb-aa2d-c51de874b777&imp_tagid=4259_push_fra_desktop_FilthyAds_Funnel&uid=TP-63570cd790ebd9.17489314&campaign_lp=1:landing--shx8000--landing--mc6105&product=fetooweb&zz=true&nextPage=/landing/mc6105&ur-api-fetch-hitid=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2785 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dd4f6b30c3c8089efac8dd8422165aa2b507e33ca1c42b6e3a4b43990cf10816

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://www.info-reifefrauen.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Mon, 24 Oct 2022 22:08:23 GMT
content-encoding
gzip
cf-cache-status
HIT
cf-bgj
minify
last-modified
Mon, 24 Oct 2022 08:22:01 GMT
server
cloudflare
age
15299
cf-polished
origSize=3026
etag
W/"63564b29-bd2"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=43200
cf-ray
75f607e59870d3a3-CDG
expires
Tue, 25 Oct 2022 10:08:23 GMT
OneSignalPageSDKES6.js
cdn.onesignal.com/sdks/ 		283 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151514
Requested by
Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:e134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
843114448aaeeda7e8caa0cf76d61e0c63b8bffccd34517483363fdb15cdc80c
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://www.info-reifefrauen.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Mon, 24 Oct 2022 22:08:24 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
server
cloudflare
strict-transport-security
max-age=15552000; includeSubDomains
age
2693
etag
W/"2f96824aee4bf927e734cc519e3e726d"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=259200
cf-ray
75f607e6295fd550-CDG
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Thu, 27 Oct 2022 22:08:24 GMT
web
onesignal.com/api/v1/sync/97188015-92b6-430d-a204-f2d196d0d112/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://onesignal.com/api/v1/sync/97188015-92b6-430d-a204-f2d196d0d112/web?callback=__jp0
Requested by
Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151514
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:e134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
64b9277721075226bb3df9636abd0afe702c2af06a8d1a9ab5a0a59de308573d
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://www.info-reifefrauen.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Mon, 24 Oct 2022 22:08:24 GMT
via
1.1 google
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=15552000; includeSubDomains
age
2994
cf-polished
origSize=3382
status
200 OK
x-envoy-upstream-service-time
32
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
dd7bc0a8-fbb4-41e1-ba04-0e218122e722
x-runtime
0.030517
referrer-policy
strict-origin-when-cross-origin
cf-bgj
minify
server
cloudflare
etag
W/"5429d2cb162be6fe3086cb30e64a9241"
x-download-options
noopen
vary
Origin, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=3600
cf-ray
75f607e6aa1ed550-CDG
access-control-allow-headers
SDK-Version
expires
Mon, 24 Oct 2022 23:08:24 GMT
bg_03.jpg
lpmedia.servefilesonly.com/img/mb/mlp88/ 		96 KB
96 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lpmedia.servefilesonly.com/img/mb/mlp88/bg_03.jpg
Requested by
Host: www.info-reifefrauen.com
URL: https://www.info-reifefrauen.com/landing/shx8000?subPublisher=popunder:47&zone=popunder:47&adformat=push&auctionid=63570cd790f90-354295&uniqueid=f1fa764c129881e88c3a8a0ce78c9dea&name=4259_push_fra_desktop_FilthyAds_Funnel&newservice=true&cmsid=landing--shx8000--landing--mc6105&tpcampid=9523f9b1-0984-49cb-aa2d-c51de874b777&imp_tagid=4259_push_fra_desktop_FilthyAds_Funnel&uid=TP-63570cd790ebd9.17489314&campaign_lp=1:landing--shx8000--landing--mc6105&product=fetooweb&zz=true&nextPage=/landing/mc6105&ur-api-fetch-hitid=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2785 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b5b76ae9c77aa8a1ef591c0767b467d98568d274852ce6e1e4969d588cfd7ddb

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://www.info-reifefrauen.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Mon, 24 Oct 2022 22:08:24 GMT
cf-cache-status
MISS
last-modified
Mon, 24 Oct 2022 08:22:00 GMT
server
cloudflare
etag
"63564b28-17f29"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=43200
accept-ranges
bytes
cf-ray
75f607e6b9c8d3a3-CDG
content-length
98089
expires
Tue, 25 Oct 2022 10:08:24 GMT
OneSignalSDKStyles.css
onesignal.com/sdks/ 		82 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://onesignal.com/sdks/OneSignalSDKStyles.css?v=2
Requested by
Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151514
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:e134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
db7e0b393e175f19922fefbdcaa2866fca209c521d01cc834ae06cbf8d0f91b7
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://www.info-reifefrauen.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Mon, 24 Oct 2022 22:08:24 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
server
cloudflare
strict-transport-security
max-age=15552000; includeSubDomains
age
2692
etag
W/"4e9aaefffd5f8ae7dc83361aa2294190"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=2592000
cf-ray
75f607e70ef8d245-CDG
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Wed, 23 Nov 2022 22:08:24 GMT
icon
onesignal.com/api/v1/apps/97188015-92b6-430d-a204-f2d196d0d112/ 		184 B
608 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://onesignal.com/api/v1/apps/97188015-92b6-430d-a204-f2d196d0d112/icon
Requested by
Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151514
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:e134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
18d06995f0012ed36a174e2fad844f3fece04d0750a4b39b6ff297c825f9ce27
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://www.info-reifefrauen.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Mon, 24 Oct 2022 22:08:24 GMT
via
1.1 google
x-content-type-options
nosniff
cf-cache-status
REVALIDATED
content-encoding
br
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=15552000; includeSubDomains
status
200 OK
x-envoy-upstream-service-time
12
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
6e470d85-1aea-40df-8757-13dc249f61b1
x-runtime
0.010186
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"18d06995f0012ed36a174e2fad844f3f"
x-download-options
noopen
vary
Origin, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=0, private, must-revalidate
cf-ray
75f607e76e91d3a7-CDG
access-control-allow-headers
SDK-Version
77d2e837-0c56-447d-af55-15cdcae78efc
img.onesignal.com/permanent/ 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.onesignal.com/permanent/77d2e837-0c56-447d-af55-15cdcae78efc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:e134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b26626897e533b99491a5f69051350ea0fe8e5ff6b808197b06e7aaeeb41393c
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://www.info-reifefrauen.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Mon, 24 Oct 2022 22:08:24 GMT
x-amz-meta-cache-control
public, maxage=604800
cf-cache-status
HIT
strict-transport-security
max-age=15552000; includeSubDomains
x-amz-request-id
2M5VQ9JF7ZMGT3ZB
age
2968
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
7471
x-amz-id-2
uYaKBRtZ6uQJiCGXZ3ak7PHVBgQmJGtRy2vkLIqfXcsE2QVbkHtjggfCREYOzfbZvY43Ct1YyuE=
last-modified
Mon, 23 Aug 2021 20:45:03 GMT
server
cloudflare
etag
"4ca372a09b7a2528ece9018ca438bb2b"
vary
Accept-Encoding
cache-control
public, max-age=2678400
accept-ranges
bytes
cf-ray
75f607e7dc99d550-CDG
expires
Thu, 24 Nov 2022 22:08:24 GMT
bg_02.jpg
lpmedia.servefilesonly.com/img/mb/mlp88/ 		154 KB
154 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lpmedia.servefilesonly.com/img/mb/mlp88/bg_02.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2785 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0a5012da49313d5066784240f2c52bebd14d02feeb92e3c517f9d5f01558b774

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://www.info-reifefrauen.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Mon, 24 Oct 2022 22:08:27 GMT
cf-cache-status
MISS
last-modified
Mon, 24 Oct 2022 08:22:00 GMT
server
cloudflare
etag
"63564b28-26627"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=43200
accept-ranges
bytes
cf-ray
75f607fdeca9d3a3-CDG
content-length
157223
expires
Tue, 25 Oct 2022 10:08:27 GMT

Verdicts & Comments Add Verdict or Comment

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| OneSignal function| $ function| jQuery function| loadingText function| populateLinks number| __oneSignalSdkLoadCount function| __jp0

6 Cookies

Domain/Path Name / Value
eu-adsrv.rtbsuperhub.com/ir Name: srtbid
Value: TP-63570cd790ebd9.17489314
www.xn3j2k.com/ Name: uniqueClick_25D7F3
Value: bce1c674-eedd-4e79-a3f4-1a11da347869:1666649303
www.xn3j2k.com/ Name: transaction_id
Value: c0d90ea410e44a5ca90e38655064c5a3
www.info-reifefrauen.com/ Name: PHPSESSID
Value: rjl96nng5ienf6tkqil235i5qu
.info-reifefrauen.com/ Name: __cf_bm
Value: nRUw0u1ef4sPj.M34AX8ya07TzBJnxZ86oC5Wn5mO_g-1666649303-0-AVQt8FZ+9DpLuPAi+DXXneoWEki8CacZXsLaG1pvuHRDlSKdMUYqVKWe+BWSCtRt0xP9XiEnokPvvyQXPnOhAOg=
.servefilesonly.com/ Name: __cf_bm
Value: 6hhxZzyhWQ6YveS3Xo8DH4S6kjhChoLN9wYQ0C5gJ1w-1666649303-0-AZlhJ1x5Yqffvz3sim8b1FwCkFBfnym/MdHTMX/hHRcm6VFXeRz8EFDlUtbhZHaPJPGILub6PVlVZkFQQsr0EY8=

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
alwaysbeemailing.com
cdn.onesignal.com
eu-adsrv.rtbsuperhub.com
img.onesignal.com
lpmedia.servefilesonly.com
onesignal.com
tracking.sayhitosamantha.com
www.info-reifefrauen.com
www.xn3j2k.com
142.93.114.237
164.132.95.123
2606:4700:4400::6812:2785
2606:4700:4400::6812:27d7
2606:4700::6812:e134
2a00:1450:4001:809::200a
34.107.223.80
52.48.70.71
0a5012da49313d5066784240f2c52bebd14d02feeb92e3c517f9d5f01558b774
18d06995f0012ed36a174e2fad844f3fece04d0750a4b39b6ff297c825f9ce27
3fd07a0ea5369253ba76769db3d35d8dac7f3fc32d957bc8a9ca7e23ae989ba5
4529d445e31e4da09a50b3b5f6256e450772ecdae928c391435ac89524e8969d
460dc647b59421d057dc7422977bbee6d33b7c7b2f8d11a60a79dca9a4ffcecc
64b9277721075226bb3df9636abd0afe702c2af06a8d1a9ab5a0a59de308573d
6c4ce7fffb10a410f05c76b535c449d11aee36719d7b2a090fce99c87c0af5ba
843114448aaeeda7e8caa0cf76d61e0c63b8bffccd34517483363fdb15cdc80c
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
b26626897e533b99491a5f69051350ea0fe8e5ff6b808197b06e7aaeeb41393c
b5b76ae9c77aa8a1ef591c0767b467d98568d274852ce6e1e4969d588cfd7ddb
d12c6745eca14e06d4dea70f4c2bd875769b349770d04300477ab18d0db005d4
db7e0b393e175f19922fefbdcaa2866fca209c521d01cc834ae06cbf8d0f91b7
dd4f6b30c3c8089efac8dd8422165aa2b507e33ca1c42b6e3a4b43990cf10816
f429d68fdbafa7014fe049bcae44fdec1e4cdd61c9de788b79c1b0bb57999188