niepokonani.eu Open in urlscan Pro
104.18.35.244 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://niepokonani.eu/porno-free/lesbianthreesome.php
Submission: On June 04 via automatic, source openphish (June 4th 2018, 11:19:24 pm UTC)

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 8 IPs in 3 countries across 9 domains to perform 16 HTTP transactions. The main IP is 104.18.35.244, located in San Francisco, United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is niepokonani.eu.

This is the only time niepokonani.eu was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 3	104.18.35.244 104.18.35.244	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	172.217.21.234 172.217.21.234	15169 (GOOGLE) (GOOGLE - Google LLC)
10 10	172.104.145.13 172.104.145.13	63949 (LINODE-AP...) (LINODE-AP Linode)
6 6	146.177.40.248 146.177.40.248	15395 (RACKSPACE...) (RACKSPACE-LON)
6	185.59.220.28 185.59.220.28	60068 (CDN77) (CDN77)
8 8	104.18.34.244 104.18.34.244	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
4 4	104.28.6.42 104.28.6.42	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
4 8	104.20.42.65 104.20.42.65	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	173.199.152.188 173.199.152.188	32244 (LIQUIDWEB) (LIQUIDWEB - Liquid Web)
1	207.58.159.2 207.58.159.2	25847 (SERVINT) (SERVINT - ServInt)
1	192.0.73.2 192.0.73.2	2635 (AUTOMATTIC) (AUTOMATTIC - Automattic)
1	216.58.205.238 216.58.205.238	15169 (GOOGLE) (GOOGLE - Google LLC)
16	8

3 104.18.35.244 (San Francisco, United States) 2 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

niepokonani.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.21.234 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s13-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 172.104.145.13 (Absecon, United States) 10 redirects

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: li1661-13.members.linode.com

172.104.145.13	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 146.177.40.248 (United Kingdom) 6 redirects

ASN15395 (RACKSPACE-LON, GB)

ads.ovocasino.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 185.59.220.28 (Frankfurt, Germany)

ASN60068 (CDN77, GB)
PTR: frankfurt-20.cdn77.com

partner.ovocasino.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 104.18.34.244 (San Francisco, United States) 8 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

niepokonani.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.28.6.42 (San Francisco, United States) 4 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

record.wildaffiliates.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 104.20.42.65 (San Francisco, United States) 4 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

www.wunderino.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
landing.wunderino.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 173.199.152.188 (Lansing, United States)

ASN32244 (LIQUIDWEB - Liquid Web, L.L.C, US)

nudelesbianteen.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 207.58.159.2 (Reston, United States)

ASN25847 (SERVINT - ServInt, US)
PTR: sexycomic.com

www.viewpornstars.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.73.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC - Automattic, Inc, US)

1.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.205.238 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s24-in-f14.1e100.net

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	ovocasino.com 6 redirects ads.ovocasino.com partner.ovocasino.com	22 KB
11	niepokonani.eu 10 redirects niepokonani.eu	9 KB
8	wunderino.com 4 redirects www.wunderino.com landing.wunderino.com	31 KB
4	wildaffiliates.com 4 redirects record.wildaffiliates.com	3 KB
1	youtube.com www.youtube.com
1	gravatar.com 1.gravatar.com	2 KB
1	viewpornstars.com www.viewpornstars.com	236 KB
1	nudelesbianteen.com nudelesbianteen.com	88 KB
1	googleapis.com fonts.googleapis.com	614 B
16	9

	Domain	Requested by
11	niepokonani.eu	10 redirects
6	partner.ovocasino.com	niepokonani.eu
6	ads.ovocasino.com	6 redirects
4	landing.wunderino.com	niepokonani.eu
4	www.wunderino.com	4 redirects
4	record.wildaffiliates.com	4 redirects
1	www.youtube.com	niepokonani.eu
1	1.gravatar.com	niepokonani.eu
1	www.viewpornstars.com	niepokonani.eu
1	nudelesbianteen.com	niepokonani.eu
1	fonts.googleapis.com	niepokonani.eu
16	11

This site contains no links.

Subject Issuer	Validity	Valid
1011471616.rsc.cdn77.org Let's Encrypt Authority X3	`2018-05-29` - `2018-08-27`	3 months	crt.sh
www.wunderino.com COMODO RSA Extended Validation Secure Server CA	`2018-01-10` - `2020-04-09`	2 years	crt.sh
*.google.com Google Internet Authority G3	`2018-05-15` - `2018-08-07`	3 months	crt.sh

This page contains 2 frames:

Primary Page: http://niepokonani.eu/porno-free/lesbianthreesome.php
Frame ID: F88556BDB69DE5D88CB9B0E164C8BC58
Requests: 15 HTTP requests in this frame

Frame: https://www.youtube.com/embed/V56av6Nn6dk
Frame ID: 32BCF86E660B651680D168F00A31B3F0
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+wp-(?:content|includes)/i
script /\/wp-includes\//i
meta generator /WordPress( [\d.]+)?/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i
html /<link rel=["']stylesheet["'] [^>]+wp-(?:content|includes)/i
script /\/wp-includes\//i
meta generator /WordPress( [\d.]+)?/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /cloudflare/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js/i

Page Statistics

16
Requests

69 %
HTTPS

0 %
IPv6

9
Domains

11
Subdomains

8
IPs

3
Countries

380 kB
Transfer

407 kB
Size

5
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

http://niepokonani.eu/wp-content/themes/meistermag/style.css?ver=1.2 HTTP 302
http://172.104.145.13:18001/in/pandora/ HTTP 302
http://ads.ovocasino.com/redirect.aspx?pid=1786324&bid=3401 HTTP 301
https://partner.ovocasino.com/LP-2018/ramses-book-rhfp/DE/index.html?btag=656344_3081A06CD98447AB853175EAE478D3D0&pid=1786324

Request Chain 2

http://niepokonani.eu/wp-includes/js/jquery/jquery.js?ver=1.12.4 HTTP 302
http://172.104.145.13:18001/in/pandora/ HTTP 302
http://record.wildaffiliates.com/_3laYOKgZiOvKto_EPcZApGNd7ZgqdRLk/1/ HTTP 301
https://www.wunderino.com/de/?token=N_E9mwBMFDetglWAyKbhR2Nd7ZgqdRLk HTTP 302
https://landing.wunderino.com/?token=N_E9mwBMFDetglWAyKbhR2Nd7ZgqdRLk

Request Chain 3

http://niepokonani.eu/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1 HTTP 302
http://172.104.145.13:18001/in/pandora/ HTTP 302
http://record.wildaffiliates.com/_3laYOKgZiOvKto_EPcZApGNd7ZgqdRLk/1/ HTTP 301
https://www.wunderino.com/de/?token=N_E9mwBMFDeL5SmYeMYOdGNd7ZgqdRLk HTTP 302
https://landing.wunderino.com/?token=N_E9mwBMFDeL5SmYeMYOdGNd7ZgqdRLk

Request Chain 4

http://niepokonani.eu/wp-includes/js/wp-emoji-release.min.js?ver=4.8.1 HTTP 302
http://172.104.145.13:18001/in/pandora/ HTTP 302
http://record.wildaffiliates.com/_3laYOKgZiOvKto_EPcZApGNd7ZgqdRLk/1/ HTTP 301
https://www.wunderino.com/de/?token=N_E9mwBMFDe4mD5GVdbbQWNd7ZgqdRLk HTTP 302
https://landing.wunderino.com/?token=N_E9mwBMFDe4mD5GVdbbQWNd7ZgqdRLk

Request Chain 8

http://niepokonani.eu/wp-content/themes/meistermag/includes/js_files/supersubs.js?ver=0.3b HTTP 302
http://172.104.145.13:18001/in/pandora/ HTTP 302
http://ads.ovocasino.com/redirect.aspx?pid=1786324&bid=3401 HTTP 301
https://partner.ovocasino.com/LP-2018/ramses-book-rhfp/DE/index.html?btag=656344_A0CC89A0E6DF45C390123FAED454A18E&pid=1786324

Request Chain 9

http://niepokonani.eu/wp-content/themes/meistermag/includes/js_files/tagdiv-detect-script.js?ver=1.2 HTTP 302
http://172.104.145.13:18001/in/pandora/ HTTP 302
http://ads.ovocasino.com/redirect.aspx?pid=1786324&bid=3401 HTTP 301
https://partner.ovocasino.com/LP-2018/ramses-book-rhfp/DE/index.html?btag=656344_20AD7602203D45F89D9412E33AF76B6C&pid=1786324

Request Chain 10

http://niepokonani.eu/wp-content/themes/meistermag/includes/js_files/tagdiv-menu-script.js?ver=1.2 HTTP 302
http://172.104.145.13:18001/in/pandora/ HTTP 302
http://record.wildaffiliates.com/_3laYOKgZiOvKto_EPcZApGNd7ZgqdRLk/1/ HTTP 301
https://www.wunderino.com/de/?token=N_E9mwBMFDcdPCBjAuW-emNd7ZgqdRLk HTTP 302
https://landing.wunderino.com/?token=N_E9mwBMFDcdPCBjAuW-emNd7ZgqdRLk

Request Chain 11

http://niepokonani.eu/wp-content/themes/meistermag/includes/js_files/tagdiv-mobile-menu-handler.js?ver=1.2 HTTP 302
http://172.104.145.13:18001/in/pandora/ HTTP 302
http://ads.ovocasino.com/redirect.aspx?pid=1786324&bid=3401 HTTP 301
https://partner.ovocasino.com/LP-2018/ramses-book-rhfp/DE/index.html?btag=656344_F41E3183AE5E42CFB54B67059FA278E1&pid=1786324

Request Chain 12

http://niepokonani.eu/wp-content/themes/meistermag/includes/js_files/tagdiv-search-script.js?ver=1.2 HTTP 302
http://172.104.145.13:18001/in/pandora/ HTTP 302
http://ads.ovocasino.com/redirect.aspx?pid=1786324&bid=3401 HTTP 301
https://partner.ovocasino.com/LP-2018/ramses-book-rhfp/DE/index.html?btag=656344_31BAE8B7FB54479FB671F2BBE339B336&pid=1786324

Request Chain 13

http://niepokonani.eu/wp-includes/js/wp-embed.min.js?ver=4.8.1 HTTP 302
http://172.104.145.13:18001/in/pandora/ HTTP 302
http://ads.ovocasino.com/redirect.aspx?pid=1786324&bid=3401 HTTP 301
https://partner.ovocasino.com/LP-2018/ramses-book-rhfp/DE/index.html?btag=656344_532905D7A7EB4D709422B4BF73667DF9&pid=1786324

16 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set lesbianthreesome.php Show response
niepokonani.eu/porno-free/ 21 KB
6 KB 25ms
20ms Document
text/html 104.18.35.244
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: http://niepokonani.eu/porno-free/lesbianthreesome.php
Protocol: HTTP/1.1
Server: 104.18.35.244 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0754615af58f4089b0cd4b57508178981b61279e65e2d256438491fc2e11fed6

Request headers

Host: niepokonani.eu
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: F88556BDB69DE5D88CB9B0E164C8BC58

Response headers

Date: Mon, 04 Jun 2018 23:19:12 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=da973fb23919c0298b75a2629333742271528154352; expires=Tue, 04-Jun-19 23:19:12 GMT; path=/; domain=.niepokonani.eu; HttpOnly
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 425e1f7c368897bc-FRA
Content-Encoding: gzip

GET
S 200 css
fonts.googleapis.com/ 3 KB
614 B 17ms
16ms Stylesheet
text/css 172.217.21.234
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Work+Sans%3A400%2C500%2C600%2C700%7CSource+Sans+Pro%3A400%2C400italic%2C600%2C600italic%2C700%7CRoboto%3A400%2C500&subset=latin%2Clatin-ext

Requested by

Host: niepokonani.eu
URL: http://niepokonani.eu/porno-free/lesbianthreesome.php

Protocol

SPDY

Server

172.217.21.234 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s13-in-f10.1e100.net

Software

ESF /

Resource Hash

1c86ccb957ffacddeb99945423a05645ba7c3ed68be63255e6a62c3eb2e812c0

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://niepokonani.eu/porno-free/lesbianthreesome.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date: Mon, 04 Jun 2018 23:19:12 GMT
content-encoding: gzip
server: ESF
status: 200
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="43,42,41,39,35"
x-xss-protection: 1; mode=block
expires: Mon, 04 Jun 2018 23:19:12 GMT

GET
H2

200

index.html
partner.ovocasino.com/LP-2018/ramses-book-rhfp/DE/
Redirect Chain

http://niepokonani.eu/wp-content/themes/meistermag/style.css?ver=1.2
http://172.104.145.13:18001/in/pandora/
http://ads.ovocasino.com/redirect.aspx?pid=1786324&bid=3401
https://partner.ovocasino.com/LP-2018/ramses-book-rhfp/DE/index.html?btag=656344_3081A06CD98447AB853175EAE478D3D0&pid=1786324

10 KB
3 KB

6ms
6ms

Stylesheet
text/html

185.59.220.28
CDN77

General

Check archive.org

Show headers Download Go to

Full URL: https://partner.ovocasino.com/LP-2018/ramses-book-rhfp/DE/index.html?btag=656344_3081A06CD98447AB853175EAE478D3D0&pid=1786324
Requested by: Host: niepokonani.eu
URL: http://niepokonani.eu/porno-free/lesbianthreesome.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.59.220.28 Frankfurt, Germany, ASN60068 (CDN77, GB),
Reverse DNS: frankfurt-20.cdn77.com
Software: CDN77-Turbo /
Resource Hash: 6ca9dab1161ffaf34680211613899fcd3feec68f39cb7d84a9ff85f19eda87d2

Request headers

:path: /LP-2018/ramses-book-rhfp/DE/index.html?btag=656344_3081A06CD98447AB853175EAE478D3D0&pid=1786324
pragma: no-cache
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: partner.ovocasino.com
referer: http://niepokonani.eu/porno-free/lesbianthreesome.php
:scheme: https
:method: GET
Referer: http://niepokonani.eu/porno-free/lesbianthreesome.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date: Mon, 04 Jun 2018 23:19:12 GMT
content-encoding: gzip
last-modified: Mon, 26 Mar 2018 14:06:58 GMT
server: CDN77-Turbo
x-edge-location: frankfurtDE
etag: W/"5ab8fe82-2716"
status: 200
x-cache: HIT
content-type: text/html
access-control-allow-origin: *
x-edge-ip: 185.59.220.20
x-age: 882732

Redirect headers

Pragma: no-cache
Date: Mon, 04 Jun 2018 23:19:11 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
Location: https://partner.ovocasino.com/LP-2018/ramses-book-rhfp/DE/index.html?btag=656344_3081A06CD98447AB853175EAE478D3D0&pid=1786324
Set-Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a1786324%2c%22BID%22%3a3401%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1528154352109)%5c%2f%22%2c%22CookieTag%22%3a%223401178632445254152841C201865019%22%7d%5d; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/ NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%221259289777%7c1%22%7d%5d; expires=Wed, 04-Jun-3017 23:19:12 GMT; path=/
Cache-Control: private,no-cache, no-store
Connection: close
Content-Type: text/html
Content-Length: 0
Request-Context: appId=cid-v1:42ca6b97-b564-4b23-b218-51b9f4f71628

GET
H2

200

/ Show response
landing.wunderino.com/
Redirect Chain

http://niepokonani.eu/wp-includes/js/jquery/jquery.js?ver=1.12.4
http://172.104.145.13:18001/in/pandora/
http://record.wildaffiliates.com/_3laYOKgZiOvKto_EPcZApGNd7ZgqdRLk/1/
https://www.wunderino.com/de/?token=N_E9mwBMFDetglWAyKbhR2Nd7ZgqdRLk
https://landing.wunderino.com/?token=N_E9mwBMFDetglWAyKbhR2Nd7ZgqdRLk

0
8 KB

88ms
88ms

Script
text/html

104.20.42.65
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://landing.wunderino.com/?token=N_E9mwBMFDetglWAyKbhR2Nd7ZgqdRLk
Requested by: Host: niepokonani.eu
URL: http://niepokonani.eu/porno-free/lesbianthreesome.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.20.42.65 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /?token=N_E9mwBMFDetglWAyKbhR2Nd7ZgqdRLk
pragma: no-cache
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept: */*
cache-control: no-cache
:authority: landing.wunderino.com
referer: http://niepokonani.eu/porno-free/lesbianthreesome.php
:scheme: https
:method: GET
Referer: http://niepokonani.eu/porno-free/lesbianthreesome.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date: Mon, 04 Jun 2018 23:19:12 GMT
content-encoding: gzip
cf-cache-status: MISS
last-modified: Wed, 23 May 2018 08:24:58 GMT
server: cloudflare
etag: W/"5b05255a-4b1b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html
status: 200
cache-control: public, max-age=7200
set-cookie: __cfduid=df9bf7cf756f36b917f6d163347bd56e91528154352; expires=Tue, 04-Jun-19 23:19:12 GMT; path=/; domain=.wunderino.com; HttpOnly
cf-ray: 425e1f7dcb3d6481-FRA
expires: Tue, 05 Jun 2018 01:19:12 GMT

Redirect headers

date: Mon, 04 Jun 2018 23:19:12 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status: 302
location: https://landing.wunderino.com/?token=N_E9mwBMFDetglWAyKbhR2Nd7ZgqdRLk
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 425e1f7d9b2c6481-FRA
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H2

200

/ Show response
landing.wunderino.com/
Redirect Chain

http://niepokonani.eu/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
http://172.104.145.13:18001/in/pandora/
http://record.wildaffiliates.com/_3laYOKgZiOvKto_EPcZApGNd7ZgqdRLk/1/
https://www.wunderino.com/de/?token=N_E9mwBMFDeL5SmYeMYOdGNd7ZgqdRLk
https://landing.wunderino.com/?token=N_E9mwBMFDeL5SmYeMYOdGNd7ZgqdRLk

0
8 KB

48ms
48ms

Script
text/html

104.20.42.65
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://landing.wunderino.com/?token=N_E9mwBMFDeL5SmYeMYOdGNd7ZgqdRLk
Requested by: Host: niepokonani.eu
URL: http://niepokonani.eu/porno-free/lesbianthreesome.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.20.42.65 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /?token=N_E9mwBMFDeL5SmYeMYOdGNd7ZgqdRLk
pragma: no-cache
cookie: __cfduid=df9bf7cf756f36b917f6d163347bd56e91528154352
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept: */*
cache-control: no-cache
:authority: landing.wunderino.com
referer: http://niepokonani.eu/porno-free/lesbianthreesome.php
:scheme: https
:method: GET
Referer: http://niepokonani.eu/porno-free/lesbianthreesome.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date: Mon, 04 Jun 2018 23:19:12 GMT
content-encoding: gzip
cf-cache-status: MISS
last-modified: Wed, 23 May 2018 08:25:00 GMT
server: cloudflare
etag: W/"5b05255c-4b1b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html
status: 200
cache-control: public, max-age=7200
cf-ray: 425e1f7f5bff6481-FRA
expires: Tue, 05 Jun 2018 01:19:12 GMT

Redirect headers

date: Mon, 04 Jun 2018 23:19:12 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status: 302
location: https://landing.wunderino.com/?token=N_E9mwBMFDeL5SmYeMYOdGNd7ZgqdRLk
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 425e1f7f4bf16481-FRA
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H2

200

/ Show response
landing.wunderino.com/
Redirect Chain

http://niepokonani.eu/wp-includes/js/wp-emoji-release.min.js?ver=4.8.1
http://172.104.145.13:18001/in/pandora/
http://record.wildaffiliates.com/_3laYOKgZiOvKto_EPcZApGNd7ZgqdRLk/1/
https://www.wunderino.com/de/?token=N_E9mwBMFDe4mD5GVdbbQWNd7ZgqdRLk
https://landing.wunderino.com/?token=N_E9mwBMFDe4mD5GVdbbQWNd7ZgqdRLk

0
8 KB

97ms
97ms

Script
text/html

104.20.42.65
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://landing.wunderino.com/?token=N_E9mwBMFDe4mD5GVdbbQWNd7ZgqdRLk
Requested by: Host: niepokonani.eu
URL: http://niepokonani.eu/porno-free/lesbianthreesome.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.20.42.65 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /?token=N_E9mwBMFDe4mD5GVdbbQWNd7ZgqdRLk
pragma: no-cache
cookie: __cfduid=df9bf7cf756f36b917f6d163347bd56e91528154352
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept: */*
cache-control: no-cache
:authority: landing.wunderino.com
referer: http://niepokonani.eu/porno-free/lesbianthreesome.php
:scheme: https
:method: GET
Referer: http://niepokonani.eu/porno-free/lesbianthreesome.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date: Mon, 04 Jun 2018 23:19:12 GMT
content-encoding: gzip
cf-cache-status: MISS
last-modified: Wed, 23 May 2018 08:24:58 GMT
server: cloudflare
etag: W/"5b05255a-4b1b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html
status: 200
cache-control: public, max-age=7200
cf-ray: 425e1f812cd36481-FRA
expires: Tue, 05 Jun 2018 01:19:12 GMT

Redirect headers

date: Mon, 04 Jun 2018 23:19:12 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status: 302
location: https://landing.wunderino.com/?token=N_E9mwBMFDe4mD5GVdbbQWNd7ZgqdRLk
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 425e1f811ccd6481-FRA
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H/1.1 200
OK nubilefims3bestfriends12.jpg
nudelesbianteen.com/wp-content/uploads/2012/10/ 88 KB
88 KB 379ms
118ms Image
image/jpeg 173.199.152.188
Liquid Web

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://nudelesbianteen.com/wp-content/uploads/2012/10/nubilefims3bestfriends12.jpg
Requested by: Host: niepokonani.eu
URL: http://niepokonani.eu/porno-free/lesbianthreesome.php
Protocol: HTTP/1.1
Server: 173.199.152.188 Lansing, United States, ASN32244 (LIQUIDWEB - Liquid Web, L.L.C, US),
Reverse DNS
Software: Apache /
Resource Hash: 73494c179a5a72ee2be5b7a357b587f68ddee6bd7ea057cb3ae8bf8c22b510b4

Request headers

Referer: http://niepokonani.eu/porno-free/lesbianthreesome.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date: Mon, 04 Jun 2018 23:19:10 GMT
Last-Modified: Tue, 25 Jul 2017 06:13:18 GMT
Server: Apache
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=2, max=500
Content-Length: 89605

GET
H/1.1 200
OK 8viewpornstars_p4964s.jpg
www.viewpornstars.com/samples/ 236 KB
236 KB 335ms
106ms Image
image/jpeg 207.58.159.2
ServInt

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.viewpornstars.com/samples/8viewpornstars_p4964s.jpg
Requested by: Host: niepokonani.eu
URL: http://niepokonani.eu/porno-free/lesbianthreesome.php
Protocol: HTTP/1.1
Server: 207.58.159.2 Reston, United States, ASN25847 (SERVINT - ServInt, US),
Reverse DNS: sexycomic.com
Software: Apache/1.3.27 (Unix) /
Resource Hash: 3039d0b5a965e1630fe73e3b6e9387c10251b3109ab18528d8200a134985b65a

Request headers

Referer: http://niepokonani.eu/porno-free/lesbianthreesome.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date: Mon, 04 Jun 2018 23:19:12 GMT
Last-Modified: Mon, 04 Aug 2008 17:22:23 GMT
Server: Apache/1.3.27 (Unix)
ETag: "184f26f-3b067-48973acf"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=1, max=100
Content-Length: 241767

GET
H/1.1 200
OK 1cb1c39857f5eef49897f849251861a9
1.gravatar.com/avatar/ 1 KB
2 KB 12ms
6ms Image
image/jpeg 192.0.73.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://1.gravatar.com/avatar/1cb1c39857f5eef49897f849251861a9?s=96&d=mm&r=g
Requested by: Host: niepokonani.eu
URL: http://niepokonani.eu/porno-free/lesbianthreesome.php
Protocol: HTTP/1.1
Server: 192.0.73.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software: nginx /
Resource Hash: 148b35f5e5d3dd37d6fc44caa577d6b478b0a62bb1200439d1f77e21f9c88c64

Request headers

Referer: http://niepokonani.eu/porno-free/lesbianthreesome.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

X-nc: HIT fra 3
Date: Mon, 04 Jun 2018 23:19:12 GMT
Last-Modified: Wed, 11 Jan 1984 08:00:00 GMT
Server: nginx
Source-Age: 130479
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Cache-Control: max-age=300
Content-Disposition: inline; filename="1cb1c39857f5eef49897f849251861a9.png"
Connection: keep-alive
Accept-Ranges: bytes
Link: <https://www.gravatar.com/avatar/1cb1c39857f5eef49897f849251861a9?s=96&d=mm&r=g>; rel="canonical"
Content-Length: 1528
Expires: Mon, 04 Jun 2018 23:24:12 GMT

GET
H2

200

index.html Show response
partner.ovocasino.com/LP-2018/ramses-book-rhfp/DE/
Redirect Chain

http://niepokonani.eu/wp-content/themes/meistermag/includes/js_files/supersubs.js?ver=0.3b
http://172.104.145.13:18001/in/pandora/
http://ads.ovocasino.com/redirect.aspx?pid=1786324&bid=3401
https://partner.ovocasino.com/LP-2018/ramses-book-rhfp/DE/index.html?btag=656344_A0CC89A0E6DF45C390123FAED454A18E&pid=1786324

10 KB
3 KB

6ms
6ms

Script
text/html

185.59.220.28
CDN77

General

Check archive.org

Show headers Download Go to

Full URL: https://partner.ovocasino.com/LP-2018/ramses-book-rhfp/DE/index.html?btag=656344_A0CC89A0E6DF45C390123FAED454A18E&pid=1786324
Requested by: Host: niepokonani.eu
URL: http://niepokonani.eu/porno-free/lesbianthreesome.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.59.220.28 Frankfurt, Germany, ASN60068 (CDN77, GB),
Reverse DNS: frankfurt-20.cdn77.com
Software: CDN77-Turbo /
Resource Hash: 6ca9dab1161ffaf34680211613899fcd3feec68f39cb7d84a9ff85f19eda87d2

Request headers

:path: /LP-2018/ramses-book-rhfp/DE/index.html?btag=656344_A0CC89A0E6DF45C390123FAED454A18E&pid=1786324
pragma: no-cache
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept: */*
cache-control: no-cache
:authority: partner.ovocasino.com
referer: http://niepokonani.eu/porno-free/lesbianthreesome.php
:scheme: https
:method: GET
Referer: http://niepokonani.eu/porno-free/lesbianthreesome.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date: Mon, 04 Jun 2018 23:19:12 GMT
content-encoding: gzip
last-modified: Mon, 26 Mar 2018 14:06:58 GMT
server: CDN77-Turbo
x-edge-location: frankfurtDE
etag: W/"5ab8fe82-2716"
status: 200
x-cache: HIT
content-type: text/html
access-control-allow-origin: *
x-edge-ip: 185.59.220.20
x-age: 882732

Redirect headers

Pragma: no-cache
Date: Mon, 04 Jun 2018 23:19:12 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
Location: https://partner.ovocasino.com/LP-2018/ramses-book-rhfp/DE/index.html?btag=656344_A0CC89A0E6DF45C390123FAED454A18E&pid=1786324
Set-Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a1786324%2c%22BID%22%3a3401%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1528154352109)%5c%2f%22%2c%22CookieTag%22%3a%223401178632445254152841C201865019%22%7d%5d; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/ NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%221259289778%7c2%22%7d%5d; expires=Wed, 04-Jun-3017 23:19:12 GMT; path=/
Cache-Control: private,no-cache, no-store
Connection: close
Content-Type: text/html
Content-Length: 0
Request-Context: appId=cid-v1:42ca6b97-b564-4b23-b218-51b9f4f71628

GET
H2

200

index.html Show response
partner.ovocasino.com/LP-2018/ramses-book-rhfp/DE/
Redirect Chain

http://niepokonani.eu/wp-content/themes/meistermag/includes/js_files/tagdiv-detect-script.js?ver=1.2
http://172.104.145.13:18001/in/pandora/
http://ads.ovocasino.com/redirect.aspx?pid=1786324&bid=3401
https://partner.ovocasino.com/LP-2018/ramses-book-rhfp/DE/index.html?btag=656344_20AD7602203D45F89D9412E33AF76B6C&pid=1786324

10 KB
3 KB

7ms
7ms

Script
text/html

185.59.220.28
CDN77

General

Check archive.org

Show headers Download Go to

Full URL: https://partner.ovocasino.com/LP-2018/ramses-book-rhfp/DE/index.html?btag=656344_20AD7602203D45F89D9412E33AF76B6C&pid=1786324
Requested by: Host: niepokonani.eu
URL: http://niepokonani.eu/porno-free/lesbianthreesome.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.59.220.28 Frankfurt, Germany, ASN60068 (CDN77, GB),
Reverse DNS: frankfurt-20.cdn77.com
Software: CDN77-Turbo /
Resource Hash: 6ca9dab1161ffaf34680211613899fcd3feec68f39cb7d84a9ff85f19eda87d2

Request headers

:path: /LP-2018/ramses-book-rhfp/DE/index.html?btag=656344_20AD7602203D45F89D9412E33AF76B6C&pid=1786324
pragma: no-cache
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept: */*
cache-control: no-cache
:authority: partner.ovocasino.com
referer: http://niepokonani.eu/porno-free/lesbianthreesome.php
:scheme: https
:method: GET
Referer: http://niepokonani.eu/porno-free/lesbianthreesome.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date: Mon, 04 Jun 2018 23:19:12 GMT
content-encoding: gzip
last-modified: Mon, 26 Mar 2018 14:06:58 GMT
server: CDN77-Turbo
x-edge-location: frankfurtDE
etag: W/"5ab8fe82-2716"
status: 200
x-cache: HIT
content-type: text/html
access-control-allow-origin: *
x-edge-ip: 185.59.220.20
x-age: 882732

Redirect headers

Pragma: no-cache
Date: Mon, 04 Jun 2018 23:19:12 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
Location: https://partner.ovocasino.com/LP-2018/ramses-book-rhfp/DE/index.html?btag=656344_20AD7602203D45F89D9412E33AF76B6C&pid=1786324
Set-Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a1786324%2c%22BID%22%3a3401%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1528154352109)%5c%2f%22%2c%22CookieTag%22%3a%223401178632445254152841C201865019%22%7d%5d; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/ NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%221259289779%7c3%22%7d%5d; expires=Wed, 04-Jun-3017 23:19:12 GMT; path=/
Cache-Control: private,no-cache, no-store
Connection: close
Content-Type: text/html
Content-Length: 0
Request-Context: appId=cid-v1:42ca6b97-b564-4b23-b218-51b9f4f71628

GET
H2

200

/ Show response
landing.wunderino.com/
Redirect Chain

http://niepokonani.eu/wp-content/themes/meistermag/includes/js_files/tagdiv-menu-script.js?ver=1.2
http://172.104.145.13:18001/in/pandora/
http://record.wildaffiliates.com/_3laYOKgZiOvKto_EPcZApGNd7ZgqdRLk/1/
https://www.wunderino.com/de/?token=N_E9mwBMFDcdPCBjAuW-emNd7ZgqdRLk
https://landing.wunderino.com/?token=N_E9mwBMFDcdPCBjAuW-emNd7ZgqdRLk

0
8 KB

94ms
94ms

Script
text/html

104.20.42.65
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://landing.wunderino.com/?token=N_E9mwBMFDcdPCBjAuW-emNd7ZgqdRLk
Requested by: Host: niepokonani.eu
URL: http://niepokonani.eu/porno-free/lesbianthreesome.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.20.42.65 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:path: /?token=N_E9mwBMFDcdPCBjAuW-emNd7ZgqdRLk
pragma: no-cache
cookie: __cfduid=df9bf7cf756f36b917f6d163347bd56e91528154352
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept: */*
cache-control: no-cache
:authority: landing.wunderino.com
referer: http://niepokonani.eu/porno-free/lesbianthreesome.php
:scheme: https
:method: GET
Referer: http://niepokonani.eu/porno-free/lesbianthreesome.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date: Mon, 04 Jun 2018 23:19:12 GMT
content-encoding: gzip
cf-cache-status: MISS
last-modified: Wed, 23 May 2018 08:24:58 GMT
server: cloudflare
etag: W/"5b05255a-4b1b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html
status: 200
cache-control: public, max-age=7200
cf-ray: 425e1f803c746481-FRA
expires: Tue, 05 Jun 2018 01:19:12 GMT

Redirect headers

date: Mon, 04 Jun 2018 23:19:12 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status: 302
location: https://landing.wunderino.com/?token=N_E9mwBMFDcdPCBjAuW-emNd7ZgqdRLk
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray: 425e1f802c666481-FRA
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H2

200

index.html Show response
partner.ovocasino.com/LP-2018/ramses-book-rhfp/DE/
Redirect Chain

http://niepokonani.eu/wp-content/themes/meistermag/includes/js_files/tagdiv-mobile-menu-handler.js?ver=1.2
http://172.104.145.13:18001/in/pandora/
http://ads.ovocasino.com/redirect.aspx?pid=1786324&bid=3401
https://partner.ovocasino.com/LP-2018/ramses-book-rhfp/DE/index.html?btag=656344_F41E3183AE5E42CFB54B67059FA278E1&pid=1786324

10 KB
3 KB

6ms
6ms

Script
text/html

185.59.220.28
CDN77

General

Check archive.org

Show headers Download Go to

Full URL: https://partner.ovocasino.com/LP-2018/ramses-book-rhfp/DE/index.html?btag=656344_F41E3183AE5E42CFB54B67059FA278E1&pid=1786324
Requested by: Host: niepokonani.eu
URL: http://niepokonani.eu/porno-free/lesbianthreesome.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.59.220.28 Frankfurt, Germany, ASN60068 (CDN77, GB),
Reverse DNS: frankfurt-20.cdn77.com
Software: CDN77-Turbo /
Resource Hash: 6ca9dab1161ffaf34680211613899fcd3feec68f39cb7d84a9ff85f19eda87d2

Request headers

:path: /LP-2018/ramses-book-rhfp/DE/index.html?btag=656344_F41E3183AE5E42CFB54B67059FA278E1&pid=1786324
pragma: no-cache
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept: */*
cache-control: no-cache
:authority: partner.ovocasino.com
referer: http://niepokonani.eu/porno-free/lesbianthreesome.php
:scheme: https
:method: GET
Referer: http://niepokonani.eu/porno-free/lesbianthreesome.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date: Mon, 04 Jun 2018 23:19:12 GMT
content-encoding: gzip
last-modified: Mon, 26 Mar 2018 14:06:58 GMT
server: CDN77-Turbo
x-edge-location: frankfurtDE
etag: W/"5ab8fe82-2716"
status: 200
x-cache: HIT
content-type: text/html
access-control-allow-origin: *
x-edge-ip: 185.59.220.20
x-age: 882732

Redirect headers

Pragma: no-cache
Date: Mon, 04 Jun 2018 23:19:11 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
Location: https://partner.ovocasino.com/LP-2018/ramses-book-rhfp/DE/index.html?btag=656344_F41E3183AE5E42CFB54B67059FA278E1&pid=1786324
Set-Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a1786324%2c%22BID%22%3a3401%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1528154352109)%5c%2f%22%2c%22CookieTag%22%3a%223401178632445254152841C201865019%22%7d%5d; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/ NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%221259289781%7c4%22%7d%5d; expires=Wed, 04-Jun-3017 23:19:12 GMT; path=/
Cache-Control: private,no-cache, no-store
Connection: close
Content-Type: text/html
Content-Length: 0
Request-Context: appId=cid-v1:42ca6b97-b564-4b23-b218-51b9f4f71628

GET
H2

200

index.html Show response
partner.ovocasino.com/LP-2018/ramses-book-rhfp/DE/
Redirect Chain

http://niepokonani.eu/wp-content/themes/meistermag/includes/js_files/tagdiv-search-script.js?ver=1.2
http://172.104.145.13:18001/in/pandora/
http://ads.ovocasino.com/redirect.aspx?pid=1786324&bid=3401
https://partner.ovocasino.com/LP-2018/ramses-book-rhfp/DE/index.html?btag=656344_31BAE8B7FB54479FB671F2BBE339B336&pid=1786324

10 KB
3 KB

8ms
8ms

Script
text/html

185.59.220.28
CDN77

General

Check archive.org

Show headers Download Go to

Full URL: https://partner.ovocasino.com/LP-2018/ramses-book-rhfp/DE/index.html?btag=656344_31BAE8B7FB54479FB671F2BBE339B336&pid=1786324
Requested by: Host: niepokonani.eu
URL: http://niepokonani.eu/porno-free/lesbianthreesome.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.59.220.28 Frankfurt, Germany, ASN60068 (CDN77, GB),
Reverse DNS: frankfurt-20.cdn77.com
Software: CDN77-Turbo /
Resource Hash: 6ca9dab1161ffaf34680211613899fcd3feec68f39cb7d84a9ff85f19eda87d2

Request headers

:path: /LP-2018/ramses-book-rhfp/DE/index.html?btag=656344_31BAE8B7FB54479FB671F2BBE339B336&pid=1786324
pragma: no-cache
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept: */*
cache-control: no-cache
:authority: partner.ovocasino.com
referer: http://niepokonani.eu/porno-free/lesbianthreesome.php
:scheme: https
:method: GET
Referer: http://niepokonani.eu/porno-free/lesbianthreesome.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date: Mon, 04 Jun 2018 23:19:12 GMT
content-encoding: gzip
last-modified: Mon, 26 Mar 2018 14:06:58 GMT
server: CDN77-Turbo
x-edge-location: frankfurtDE
etag: W/"5ab8fe82-2716"
status: 200
x-cache: HIT
content-type: text/html
access-control-allow-origin: *
x-edge-ip: 185.59.220.20
x-age: 882732

Redirect headers

Pragma: no-cache
Date: Mon, 04 Jun 2018 23:19:12 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
Location: https://partner.ovocasino.com/LP-2018/ramses-book-rhfp/DE/index.html?btag=656344_31BAE8B7FB54479FB671F2BBE339B336&pid=1786324
Set-Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a1786324%2c%22BID%22%3a3401%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1528154352109)%5c%2f%22%2c%22CookieTag%22%3a%223401178632445254152841C201865019%22%7d%5d; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/ NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%221259289782%7c4%22%7d%5d; expires=Wed, 04-Jun-3017 23:19:12 GMT; path=/
Cache-Control: private,no-cache, no-store
Connection: close
Content-Type: text/html
Content-Length: 0
Request-Context: appId=cid-v1:42ca6b97-b564-4b23-b218-51b9f4f71628

GET
H2

200

index.html Show response
partner.ovocasino.com/LP-2018/ramses-book-rhfp/DE/
Redirect Chain

http://niepokonani.eu/wp-includes/js/wp-embed.min.js?ver=4.8.1
http://172.104.145.13:18001/in/pandora/
http://ads.ovocasino.com/redirect.aspx?pid=1786324&bid=3401
https://partner.ovocasino.com/LP-2018/ramses-book-rhfp/DE/index.html?btag=656344_532905D7A7EB4D709422B4BF73667DF9&pid=1786324

10 KB
3 KB

6ms
6ms

Script
text/html

185.59.220.28
CDN77

General

Check archive.org

Show headers Download Go to

Full URL: https://partner.ovocasino.com/LP-2018/ramses-book-rhfp/DE/index.html?btag=656344_532905D7A7EB4D709422B4BF73667DF9&pid=1786324
Requested by: Host: niepokonani.eu
URL: http://niepokonani.eu/porno-free/lesbianthreesome.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.59.220.28 Frankfurt, Germany, ASN60068 (CDN77, GB),
Reverse DNS: frankfurt-20.cdn77.com
Software: CDN77-Turbo /
Resource Hash: 6ca9dab1161ffaf34680211613899fcd3feec68f39cb7d84a9ff85f19eda87d2

Request headers

:path: /LP-2018/ramses-book-rhfp/DE/index.html?btag=656344_532905D7A7EB4D709422B4BF73667DF9&pid=1786324
pragma: no-cache
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept: */*
cache-control: no-cache
:authority: partner.ovocasino.com
referer: http://niepokonani.eu/porno-free/lesbianthreesome.php
:scheme: https
:method: GET
Referer: http://niepokonani.eu/porno-free/lesbianthreesome.php
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date: Mon, 04 Jun 2018 23:19:12 GMT
content-encoding: gzip
last-modified: Mon, 26 Mar 2018 14:06:58 GMT
server: CDN77-Turbo
x-edge-location: frankfurtDE
etag: W/"5ab8fe82-2716"
status: 200
x-cache: HIT
content-type: text/html
access-control-allow-origin: *
x-edge-ip: 185.59.220.20
x-age: 882732

Redirect headers

Pragma: no-cache
Date: Mon, 04 Jun 2018 23:19:12 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
Location: https://partner.ovocasino.com/LP-2018/ramses-book-rhfp/DE/index.html?btag=656344_532905D7A7EB4D709422B4BF73667DF9&pid=1786324
Set-Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a1786324%2c%22BID%22%3a3401%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1528154352109)%5c%2f%22%2c%22CookieTag%22%3a%223401178632445254152841C201865019%22%7d%5d; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/ NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%221259289780%7c4%22%7d%5d; expires=Wed, 04-Jun-3017 23:19:12 GMT; path=/
Cache-Control: private,no-cache, no-store
Connection: close
Content-Type: text/html
Content-Length: 0
Request-Context: appId=cid-v1:42ca6b97-b564-4b23-b218-51b9f4f71628

GET
H2 200 V56av6Nn6dk
www.youtube.com/embed/ Frame 32BC 0
0 57ms
56ms Document
text/html 216.58.205.238
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/V56av6Nn6dk

Requested by

Host: niepokonani.eu
URL: http://niepokonani.eu/porno-free/lesbianthreesome.php

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

216.58.205.238 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra15s24-in-f14.1e100.net

Software

YouTube Frontend Proxy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block; report=https://www.google.com/appserve/security-bugs/log/youtube

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /embed/V56av6Nn6dk
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer: http://niepokonani.eu/porno-free/lesbianthreesome.php
accept-encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: F88556BDB69DE5D88CB9B0E164C8BC58
Referer: http://niepokonani.eu/porno-free/lesbianthreesome.php

Response headers

status: 200
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block; report=https://www.google.com/appserve/security-bugs/log/youtube
expires: Tue, 27 Apr 1971 19:44:06 EST
cache-control: no-cache
content-type: text/html; charset=utf-8
content-encoding: gzip
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
x-content-type-options: nosniff
date: Mon, 04 Jun 2018 23:19:12 GMT
server: YouTube Frontend Proxy
set-cookie: VISITOR_INFO1_LIVE=fQScJllLG4k; path=/; domain=.youtube.com; expires=Sat, 01-Dec-2018 23:19:12 GMT; httponly VISITOR_INFO1_LIVE=fQScJllLG4k; path=/; domain=.youtube.com; expires=Sat, 01-Dec-2018 23:19:12 GMT; httponly GPS=1; path=/; domain=.youtube.com; expires=Mon, 04-Jun-2018 23:49:12 GMT PREF=f1=50000000; path=/; domain=.youtube.com; expires=Sun, 03-Feb-2019 11:12:12 GMT YSC=ZFNrUIhNJQM; path=/; domain=.youtube.com; httponly
alt-svc: quic=":443"; ma=2592000; v="43,42,41,39,35"

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| _wpemojiSettings object| tagdivScreenReaderText

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.youtube.com/	1970-01-18 22:19:52	Name: PREF Value: f1=50000000
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: ZFNrUIhNJQM
.youtube.com/	1970-01-18 16:29:16	Name: GPS Value: 1
.youtube.com/	1970-01-18 20:48:26	Name: VISITOR_INFO1_LIVE Value: fQScJllLG4k
.niepokonani.eu/	1970-01-19 01:14:50	Name: __cfduid Value: da973fb23919c0298b75a2629333742271528154352

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1.gravatar.com
ads.ovocasino.com
fonts.googleapis.com
landing.wunderino.com
niepokonani.eu
nudelesbianteen.com
partner.ovocasino.com
record.wildaffiliates.com
www.viewpornstars.com
www.wunderino.com
www.youtube.com
104.18.34.244
104.18.35.244
104.20.42.65
104.28.6.42
146.177.40.248
172.104.145.13
172.217.21.234
173.199.152.188
185.59.220.28
192.0.73.2
207.58.159.2
216.58.205.238
0754615af58f4089b0cd4b57508178981b61279e65e2d256438491fc2e11fed6
148b35f5e5d3dd37d6fc44caa577d6b478b0a62bb1200439d1f77e21f9c88c64
1c86ccb957ffacddeb99945423a05645ba7c3ed68be63255e6a62c3eb2e812c0
3039d0b5a965e1630fe73e3b6e9387c10251b3109ab18528d8200a134985b65a
6ca9dab1161ffaf34680211613899fcd3feec68f39cb7d84a9ff85f19eda87d2
73494c179a5a72ee2be5b7a357b587f68ddee6bd7ea057cb3ae8bf8c22b510b4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

niepokonani.eu Open in urlscan Pro 104.18.35.244 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

16 Requests

69 %HTTPS

0 %IPv6

9 Domains

11 Subdomains

8 IPs

3 Countries

380 kBTransfer

407 kBSize

5 Cookies

0 Outgoing links

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

5 Cookies

Indicators

niepokonani.eu Open in urlscan Pro
104.18.35.244 Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

69 %
HTTPS

0 %
IPv6

9
Domains

11
Subdomains

8
IPs

3
Countries

380 kB
Transfer

407 kB
Size

5
Cookies

16 HTTP transactions
0 data transactions