epromotionplug.com Open in urlscan Pro
147.75.87.237 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://bit.ly/2QvDb8l
Effective URL:
https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT...
Submission: On July 01 via manual (July 1st 2021, 8:58:04 am UTC) from US

Summary HTTP 48 Redirects Behaviour Indicators

Summary

This website contacted 9 IPs in 3 countries across 10 domains to perform 48 HTTP transactions. The main IP is 147.75.87.237, located in Netherlands and belongs to PACKET, US. The main domain is epromotionplug.com.
TLS certificate: Issued by R3 on June 8th 2021. Valid for: 3 months.

This is the only time epromotionplug.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	67.199.248.10 67.199.248.10	396982 (GOOGLE-PR...) (GOOGLE-PRIVATE-CLOUD)
1 1	2606:4700:303... 2606:4700:3034::6815:20b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
21	147.75.87.237 147.75.87.237	54825 (PACKET) (PACKET)
3	2a00:1450:400... 2a00:1450:4001:802::200a	15169 (GOOGLE) (GOOGLE)
2	2001:4de0:ac1... 2001:4de0:ac18::1:a:3b	20446 (HIGHWINDS3) (HIGHWINDS3)
1 2	163.171.128.172 163.171.128.172	54994 (QUANTILNE...) (QUANTILNETWORKS)
11	147.75.86.225 147.75.86.225	54825 (PACKET) (PACKET)
3	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
1	152.199.19.160 152.199.19.160	15133 (EDGECAST) (EDGECAST)
1	2a00:1450:400... 2a00:1450:4001:82a::2008	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
48	9

1 67.199.248.10 (United States) 1 redirects

ASN396982 (GOOGLE-PRIVATE-CLOUD, US)
PTR: bit.ly

bit.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3034::6815:20b0 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

malakicash.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 147.75.87.237 (Netherlands)

ASN54825 (PACKET, US)
PTR: pkt-ams-k3-shared-ingress5

epromotionplug.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4de0:ac18::1:a:3b (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 163.171.128.172 (Germany) 1 redirects

ASN54994 (QUANTILNETWORKS, US)

securechargevault.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
geoip.securechargevault.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 147.75.86.225 (Netherlands)

ASN54825 (PACKET, US)
PTR: pkt-ams-k3-shared-ingress4

tggsnglf.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 152.199.19.160 (United States)

ASN15133 (EDGECAST, US)

ajax.aspnetcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
21	epromotionplug.com epromotionplug.com	2 MB
11	tggsnglf.com tggsnglf.com	70 KB
8	gstatic.com fonts.gstatic.com	120 KB
3	googleapis.com fonts.googleapis.com	2 KB
2	securechargevault.com 1 redirects securechargevault.com geoip.securechargevault.com	1 KB
2	jquery.com code.jquery.com	60 KB
1	google-analytics.com ssl.google-analytics.com	17 KB
1	aspnetcdn.com ajax.aspnetcdn.com	12 KB
1	malakicash.com 1 redirects malakicash.com	814 B
1	bit.ly 1 redirects bit.ly	269 B
48	10

	Domain	Requested by
21	epromotionplug.com	epromotionplug.com code.jquery.com
11	tggsnglf.com	epromotionplug.com tggsnglf.com
8	fonts.gstatic.com	fonts.googleapis.com
3	fonts.googleapis.com	epromotionplug.com tggsnglf.com
2	code.jquery.com	epromotionplug.com tggsnglf.com
1	ssl.google-analytics.com	tggsnglf.com
1	ajax.aspnetcdn.com	tggsnglf.com
1	geoip.securechargevault.com	tggsnglf.com
1	securechargevault.com	1 redirects
1	malakicash.com	1 redirects
1	bit.ly	1 redirects
48	11

This site contains no links.

Subject Issuer	Validity	Valid
epromotionplug.com R3	`2021-06-08` - `2021-09-06`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-05-31` - `2021-08-23`	3 months	crt.sh
jquery.org Sectigo RSA Domain Validation Secure Server CA	`2020-10-06` - `2021-10-16`	a year	crt.sh
tggsnglf.com R3	`2021-06-20` - `2021-09-18`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-06-07` - `2021-08-30`	3 months	crt.sh
geoip.securechargevault.com AlphaSSL CA - SHA256 - G2	`2021-03-16` - `2022-04-17`	a year	crt.sh
*.vo.msecnd.net DigiCert SHA2 Secure Server CA	`2020-11-16` - `2021-11-10`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-05-31` - `2021-08-23`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
Frame ID: 4F7664FBE1E2BA53AD45C73BF136C052
Requests: 27 HTTP requests in this frame

Frame: https://tggsnglf.com/dofadd/?SID=dc25e29e4c945818f2e9921376ee6f3e
Frame ID: C3DE8306F549DF33F5410B8FC86C6673
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://bit.ly/2QvDb8l HTTP 301
https://malakicash.com/api/links/go/10/34/NEPT63KG HTTP 302
https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agen... Page URL

Detected technologies

Varnish (Cache Tools) Expand

Overall confidence: 100%
Detected patterns

headers via /varnish(?: $Varnish\/([\d.]+)$)?/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

48
Requests

100 %
HTTPS

55 %
IPv6

10
Domains

11
Subdomains

9
IPs

3
Countries

1974 kB
Transfer

11381 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://bit.ly/2QvDb8l HTTP 301
https://malakicash.com/api/links/go/10/34/NEPT63KG HTTP 302
https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 14

https://securechargevault.com/process/?c=408bca&m=2&dofid=p36%3Ao1490%3AaNSC2M%3Ab301a937c%3Ac&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958 HTTP 302
https://tggsnglf.com/dofadd/?c=408bca&m=2&dofid=p36%3Ao1490%3AaNSC2M%3Ab301a937c%3Ac&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958&dof_click_id=U788Y2x8U0L6c8j0I984Uedcl3qcy3A2o

48 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
epromotionplug.com/campaigns/rcs/rnd5zx/
Redirect Chain

https://bit.ly/2QvDb8l
https://malakicash.com/api/links/go/10/34/NEPT63KG
https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958

6 KB
2 KB

291ms
227ms

Document
text/html

147.75.87.237
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.87.237 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress5
Software: /
Resource Hash: 68dd090c45e87f85992a729500e71e17b1bd9a7594f84d6adfd1adb1ad84d5c9

Request headers

:method: GET
:authority: epromotionplug.com
:scheme: https
:path: /campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Jul 2021 08:57:45 GMT
content-type: text/html; charset=UTF-8
x-cache-status: NOTCACHED
x-zen-fury: cfbceb34bcb69ef692cfa41be6bf80868dd373f5
cache-control: no-store
x-cdn: Served-By-Zenedge
content-encoding: gzip
vary: Accept-Encoding
x-varnish: 565762
age: 0
via: 1.1 varnish (Varnish/6.3)
section-io-cache: Miss
accept-ranges: bytes
section-io-id: 963295bb1a30848d1bc858c99222c77c

Redirect headers

date: Thu, 01 Jul 2021 08:57:44 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
location: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
access-control-allow-origin: *
access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
cf-cache-status: DYNAMIC
cf-request-id: 0b02e2e54900004e2c9e079000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=knRt5GiHF0Anylt3nKGGIkvvkg7P1MhlsVvNy4Oyi%2FX1U7XkueCz5lxKNBEHhNYa%2FzbfbHBvfliy0kemOC7bDK4HsOf%2B1N7BiaC%2B%2BTP65yjPuCDBQpRiS3UgtSe3XCGRduqQp8TaAKo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 667e6db5496f4e2c-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H2 200 css
fonts.googleapis.com/ 4 KB
700 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,700

Requested by

Host: epromotionplug.com
URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e989496e5e0c5836493a83b5c083d32a4d19f54378eeda80c8a0e35ee72d3231

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://epromotionplug.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 01 Jul 2021 06:58:49 GMT
server: ESF
date: Thu, 01 Jul 2021 08:57:45 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 01 Jul 2021 08:57:45 GMT

GET
H2 200 css
fonts.googleapis.com/ 993 B
481 B 19ms
18ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Marck+Script

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

cb5ba5d7942837d78bb9eabccbef5d31f39e58a5dd4c9bd55af383166d41dc25

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://epromotionplug.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 01 Jul 2021 06:58:27 GMT
server: ESF
date: Thu, 01 Jul 2021 08:57:45 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 01 Jul 2021 08:57:45 GMT

GET
H2 200 light.min.css
epromotionplug.com/campaigns/rcs/rnd5zx/css/ 618 B
653 B 29ms
28ms Stylesheet
text/css 147.75.87.237
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/css/light.min.css
Requested by: Host: epromotionplug.com
URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.87.237 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress5
Software: /
Resource Hash: 97a4a3a1fe760e09b2d46feb83d5add3a0e426b62c655c1f12a861c90e2e738d

Request headers

:path: /campaigns/rcs/rnd5zx/css/light.min.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: epromotionplug.com
referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Jul 2021 08:57:45 GMT
content-encoding: gzip
section-io-cache-id: 319b0fe24d10bc52b1285ea603a56bec
x-cdn: Served-By-Zenedge
age: 37
x-cache-status: NOTCACHED
section-io-cache: Hit
content-length: 270
x-zen-fury: cfbceb34bcb69ef692cfa41be6bf80868dd373f5
last-modified: Thu, 11 Jul 2019 20:07:00 GMT
etag: W/"5d2796e4-26a"
vary: Accept-Encoding
x-varnish: 403548 1972707
via: 1.1 varnish (Varnish/6.3)
section-io-id: cab7f10a9d39eee41bf568b308d6c7df
accept-ranges: bytes
content-type: text/css

GET
H2 200 fontawesome.min.css
epromotionplug.com/campaigns/rcs/rnd5zx/css/ 76 KB
19 KB 455ms
454ms Stylesheet
text/css 147.75.87.237
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/css/fontawesome.min.css
Requested by: Host: epromotionplug.com
URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.87.237 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress5
Software: /
Resource Hash: 77d4443c370fb7376f3c5d0bff46a5c38d9f6933c66a7d6dd20c6ad0d97a9a03

Request headers

:path: /campaigns/rcs/rnd5zx/css/fontawesome.min.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: epromotionplug.com
referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-zen-fury: 34794c5ddb9b04f7113fd9ea8bc8dbfb839019cb
date: Thu, 01 Jul 2021 08:57:45 GMT
content-encoding: gzip
last-modified: Thu, 11 Jul 2019 20:06:47 GMT
x-cdn: Served-By-Zenedge
age: 0
etag: W/"5d2796d7-130a4"
x-cache-status: NOTCACHED
vary: Accept-Encoding
content-type: text/css
via: 1.1 varnish (Varnish/6.3)
x-varnish: 565767
accept-ranges: bytes
section-io-id: ca95b982de011924a16e7860c3ef5edf
section-io-cache: Miss

GET
H2 200 spanel.css
epromotionplug.com/campaigns/rcs/rnd5zx/css/ 7 KB
2 KB 29ms
28ms Stylesheet
text/css 147.75.87.237
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/css/spanel.css
Requested by: Host: epromotionplug.com
URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.87.237 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress5
Software: /
Resource Hash: a46b9aa8737c1a07dac3c35d05944522e5d1ddcde0143a204a89b37161b7d6e7

Request headers

:path: /campaigns/rcs/rnd5zx/css/spanel.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: epromotionplug.com
referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Jul 2021 08:57:45 GMT
content-encoding: gzip
section-io-cache-id: 0d8a3b9ceb3b12ee086c023e5ec6c84e
x-cdn: Served-By-Zenedge
age: 37
x-cache-status: NOTCACHED
section-io-cache: Hit
content-length: 1441
x-zen-fury: 4a2e3df7c296873372b4b3e796a235119e9dfdb0
last-modified: Thu, 11 Jul 2019 20:07:00 GMT
etag: W/"5d2796e4-1df9"
vary: Accept-Encoding
x-varnish: 1284037 1254674
via: 1.1 varnish (Varnish/6.3)
section-io-id: b1d5cb940194e971f7cbc36bf4fa7b53
accept-ranges: bytes
content-type: text/css

GET
H2 200 main.css
epromotionplug.com/campaigns/rcs/rnd5zx/css/ 13 KB
4 KB 214ms
214ms Stylesheet
text/css 147.75.87.237
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/css/main.css?v=135
Requested by: Host: epromotionplug.com
URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.87.237 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress5
Software: /
Resource Hash: 321b0da46f9edd43f0965f69aca44aa2aa4dd364ff86af7d2ddd30ea4944f7a4

Request headers

:path: /campaigns/rcs/rnd5zx/css/main.css?v=135
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: epromotionplug.com
referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-zen-fury: 34794c5ddb9b04f7113fd9ea8bc8dbfb839019cb
date: Thu, 01 Jul 2021 08:57:45 GMT
content-encoding: gzip
last-modified: Mon, 19 Aug 2019 13:44:25 GMT
x-cdn: Served-By-Zenedge
age: 0
etag: W/"5d5aa7b9-345c"
x-cache-status: NOTCACHED
vary: Accept-Encoding
content-type: text/css
via: 1.1 varnish (Varnish/6.3)
x-varnish: 1549452
accept-ranges: bytes
section-io-id: 9e9670f4b1add49b2f07444ac5207177
section-io-cache: Miss

GET
H2 200 logo.png
epromotionplug.com/campaigns/rcs/rnd5zx/img/ 6 KB
7 KB 32ms
31ms Image
image/png 147.75.87.237
PACKET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/img/logo.png
Requested by: Host: epromotionplug.com
URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.87.237 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress5
Software: /
Resource Hash: 545c797899e7a3fdc2b01623d11bf907262d34b0f032b554dc376f60963943f0

Request headers

:path: /campaigns/rcs/rnd5zx/img/logo.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: epromotionplug.com
referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-zen-fury: 4a2e3df7c296873372b4b3e796a235119e9dfdb0
date: Thu, 01 Jul 2021 08:57:45 GMT
via: 1.1 varnish (Varnish/6.3)
section-io-cache-id: a260cdc4d6e05326369eaaa291daa8e8
last-modified: Thu, 11 Jul 2019 20:07:00 GMT
x-cdn: Served-By-Zenedge
age: 37
etag: "5d2796e4-19c0"
x-cache-status: NOTCACHED
content-type: image/png
x-varnish: 1481293 1316887
content-length: 6592
accept-ranges: bytes
section-io-id: eaba6da801dffb73edef86dbb1ff0e6c
section-io-cache: Hit

GET
H2 200 SexyViv.jpg
epromotionplug.com/campaigns/rcs/rnd5zx/media/SexyViv/ 1 MB
1 MB 40ms
39ms Image
image/jpeg 147.75.87.237
PACKET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/media/SexyViv/SexyViv.jpg
Requested by: Host: epromotionplug.com
URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.87.237 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress5
Software: /
Resource Hash: c98a04075691c3aefa15e83a2975f3d90c6100647883619dcdf529a970466987

Request headers

:path: /campaigns/rcs/rnd5zx/media/SexyViv/SexyViv.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: epromotionplug.com
referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-zen-fury: 4a2e3df7c296873372b4b3e796a235119e9dfdb0
date: Thu, 01 Jul 2021 08:57:45 GMT
via: 1.1 varnish (Varnish/6.3)
section-io-cache-id: 2ee90f4a176e3c7fdd21dd3b6b230ff7
last-modified: Thu, 11 Jul 2019 20:06:48 GMT
x-cdn: Served-By-Zenedge
age: 37
etag: "5d2796d8-163214"
x-cache-status: NOTCACHED
content-type: image/jpeg
x-varnish: 1028549 1873473
content-length: 1454612
accept-ranges: bytes
section-io-id: 32c5e8ce0fcb2dcfbeb425d228c42fda
section-io-cache: Hit

GET
H2 200 jquery-3.3.1.min.js Show response
code.jquery.com/ 85 KB
30 KB 30ms
15ms Script
application/javascript 2001:4de0:ac18::1:a:3b
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.3.1.min.js
Requested by: Host: epromotionplug.com
URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:3b , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Request headers

Origin: https://epromotionplug.com
Referer: https://epromotionplug.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Jul 2021 08:57:45 GMT
content-encoding: gzip
last-modified: Sat, 20 Jan 2018 17:26:44 GMT
server: nginx
etag: W/"5a637bd4-1538f"
vary: Accept-Encoding
x-hw: 1625129865.dop232.fr8.t,1625129865.cds216.fr8.hc,1625129865.cds002.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30288

GET
H2 200 iframeResizer.min.js Show response
epromotionplug.com/common/js/iframeResizer/ 12 KB
5 KB 244ms
242ms Script
application/javascript 147.75.87.237
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://epromotionplug.com/common/js/iframeResizer/iframeResizer.min.js
Requested by: Host: epromotionplug.com
URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.87.237 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress5
Software: /
Resource Hash: 35a59efb7049b51b061c5b4a00d2cb1a648a047a3406d55e500f3d6349052d33

Request headers

:path: /common/js/iframeResizer/iframeResizer.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: epromotionplug.com
referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-zen-fury: cfbceb34bcb69ef692cfa41be6bf80868dd373f5
date: Thu, 01 Jul 2021 08:57:45 GMT
content-encoding: gzip
last-modified: Thu, 04 Jan 2018 18:22:16 GMT
x-cdn: Served-By-Zenedge
age: 0
etag: W/"5a4e70d8-2e17"
x-cache-status: NOTCACHED
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish (Varnish/6.3)
x-varnish: 1284038
accept-ranges: bytes
section-io-id: e498dfe64c749cf0f6b4b9d75b253e80
section-io-cache: Miss

GET
H2 200 variables.js Show response
epromotionplug.com/campaigns/rcs/rnd5zx/js/ 2 KB
1007 B 240ms
239ms Script
application/javascript 147.75.87.237
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/js/variables.js
Requested by: Host: epromotionplug.com
URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.87.237 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress5
Software: /
Resource Hash: d3946169ae3c2ab0b919a4057e0a0a358cca07183925b867ce730bbeb0cf1707

Request headers

:path: /campaigns/rcs/rnd5zx/js/variables.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: epromotionplug.com
referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-zen-fury: 34794c5ddb9b04f7113fd9ea8bc8dbfb839019cb
date: Thu, 01 Jul 2021 08:57:45 GMT
content-encoding: gzip
last-modified: Thu, 11 Jul 2019 20:07:00 GMT
x-cdn: Served-By-Zenedge
age: 0
etag: W/"5d2796e4-629"
x-cache-status: NOTCACHED
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish (Varnish/6.3)
x-varnish: 830687
accept-ranges: bytes
section-io-id: a1a7e0c719ade61d60f5734aa99db8f2
section-io-cache: Miss

GET
H2 200 chat.js Show response
epromotionplug.com/campaigns/rcs/rnd5zx/js/ 4 KB
2 KB 30ms
29ms Script
application/javascript 147.75.87.237
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/js/chat.js
Requested by: Host: epromotionplug.com
URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.87.237 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress5
Software: /
Resource Hash: f14bc4ff737a100f391746ce15553cdc50a969c60f999b94390df12755d0695e

Request headers

:path: /campaigns/rcs/rnd5zx/js/chat.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: epromotionplug.com
referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Jul 2021 08:57:45 GMT
content-encoding: gzip
section-io-cache-id: 8c78890113937fee6ad4885316b46417
x-cdn: Served-By-Zenedge
age: 37
x-cache-status: NOTCACHED
section-io-cache: Hit
content-length: 1657
x-zen-fury: 4a2e3df7c296873372b4b3e796a235119e9dfdb0
last-modified: Thu, 11 Jul 2019 20:06:47 GMT
etag: W/"5d2796d7-105e"
vary: Accept-Encoding
x-varnish: 403549 605222
via: 1.1 varnish (Varnish/6.3)
section-io-id: 80ceace3027e080117384e320dd1db67
accept-ranges: bytes
content-type: application/javascript

GET
H2 200 main.js Show response
epromotionplug.com/campaigns/rcs/rnd5zx/js/ 5 KB
2 KB 213ms
212ms Script
application/javascript 147.75.87.237
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/js/main.js
Requested by: Host: epromotionplug.com
URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.87.237 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress5
Software: /
Resource Hash: f81b7897f905bbc093aed72a45e364290299a1c81e4b50e216a14f9832ff01cb

Request headers

:path: /campaigns/rcs/rnd5zx/js/main.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: epromotionplug.com
referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-zen-fury: cfbceb34bcb69ef692cfa41be6bf80868dd373f5
date: Thu, 01 Jul 2021 08:57:45 GMT
content-encoding: gzip
last-modified: Thu, 11 Jul 2019 20:06:47 GMT
x-cdn: Served-By-Zenedge
age: 0
etag: W/"5d2796d7-13af"
x-cache-status: NOTCACHED
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish (Varnish/6.3)
x-varnish: 110796
accept-ranges: bytes
section-io-id: b6c769562409c2992c42c8f2526d6731
section-io-cache: Miss

GET
H2 200 f.js Show response
epromotionplug.com/__zenedge/assets/ 22 KB
8 KB 67ms
66ms Script
application/javascript 147.75.87.237
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://epromotionplug.com/__zenedge/assets/f.js?v=1541158593
Requested by: Host: epromotionplug.com
URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.87.237 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress5
Software: /
Resource Hash: 64ef86f970680e7322c71974fe2e9bd9a1da71f4d02578a60d9d883ceebb5af0

Request headers

:path: /__zenedge/assets/f.js?v=1541158593
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: epromotionplug.com
referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-zen-fury: 4a2e3df7c296873372b4b3e796a235119e9dfdb0
date: Thu, 01 Jul 2021 08:57:45 GMT
content-encoding: gzip
section-io-cache-id: fbd70f8b8ab866c367b115b6d1e4352e
last-modified: Fri, 02 Nov 2018 11:37:21 GMT
age: 9052
etag: W/"5bdc36f1-59e1"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish (Varnish/6.3)
x-varnish: 1481294 1083342
content-length: 7741
accept-ranges: bytes
section-io-id: 1409e46db7feea0ea9e084abd253211c
section-io-cache: Hit

GET
H2

200

/ Show response
tggsnglf.com/dofadd/ Frame C3DE
Redirect Chain

https://securechargevault.com/process/?c=408bca&m=2&dofid=p36%3Ao1490%3AaNSC2M%3Ab301a937c%3Ac&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
https://tggsnglf.com/dofadd/?c=408bca&m=2&dofid=p36%3Ao1490%3AaNSC2M%3Ab301a937c%3Ac&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958&dof_click_id=U788Y2x8U0L6c8j0I984Uedcl3qcy3A2o

609 B
916 B

394ms
267ms

Document
text/html

147.75.86.225
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://tggsnglf.com/dofadd/?c=408bca&m=2&dofid=p36%3Ao1490%3AaNSC2M%3Ab301a937c%3Ac&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958&dof_click_id=U788Y2x8U0L6c8j0I984Uedcl3qcy3A2o
Requested by: Host: epromotionplug.com
URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.86.225 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress4
Software: /
Resource Hash: 4ebe6bd7e5b9d35ac840373843676e36035925b503f3d0d333ef00ac8405cef8

Request headers

:method: GET
:authority: tggsnglf.com
:scheme: https
:path: /dofadd/?c=408bca&m=2&dofid=p36%3Ao1490%3AaNSC2M%3Ab301a937c%3Ac&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958&dof_click_id=U788Y2x8U0L6c8j0I984Uedcl3qcy3A2o
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://epromotionplug.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://epromotionplug.com/

Response headers

date: Thu, 01 Jul 2021 08:57:45 GMT
content-type: text/html; charset=UTF-8
x-cache-status: NOTCACHED
x-zen-fury: cfbceb34bcb69ef692cfa41be6bf80868dd373f5
cache-control: no-store
pragma: no-cache
set-cookie: PHPSESSID=dc25e29e4c945818f2e9921376ee6f3e; path=/; secure; SameSite=None
expires: 0
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
x-cdn: Served-By-Zenedge
content-encoding: gzip
vary: Accept-Encoding
x-varnish: 403553
age: 0
via: 1.1 varnish (Varnish/6.3)
section-io-cache: Miss
accept-ranges: bytes
section-io-id: 2ee669b51bbe92455ba0cd5bf80772fc

Redirect headers

date: Thu, 01 Jul 2021 08:57:45 GMT
content-type: text/html; charset=UTF-8
x-cache-status: NOTCACHED
x-zen-fury: b1c66bbd4bdd4722e775cc3f9b8e00c01ca19e7d
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=834aa062767631c619bcc99cfb66bc84; path=/; secure; SameSite=None
location: https://tggsnglf.com/dofadd/?c=408bca&m=2&dofid=p36%3Ao1490%3AaNSC2M%3Ab301a937c%3Ac&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958&dof_click_id=U788Y2x8U0L6c8j0I984Uedcl3qcy3A2o
expires: 0
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
server: ZENEDGE
x-cdn: Served-By-Zenedge
x-via: 1.1 PSdgflkfFRA1ox201:7 (Cdn Cache Server V2.0), 1.1 PSdgflkfFRA1eq94:13 (Cdn Cache Server V2.0)
x-ws-request-id: 60dd8389_PSdgflkfFRA1bc9_20756-22206

GET
H2 206 stream.php
epromotionplug.com/campaigns/rcs/rnd5zx/streamsrv/ 9 MB
0 1510ms
1509ms Media
video/mp4 147.75.87.237
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/streamsrv/stream.php?sf=%media/SexyViv/SexyViv-0.mp4
Requested by: Host: epromotionplug.com
URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.87.237 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress5
Software: /
Resource Hash

Request headers

:path: /campaigns/rcs/rnd5zx/streamsrv/stream.php?sf=%media/SexyViv/SexyViv-0.mp4
pragma: no-cache
accept-encoding: identity;q=1, *;q=0
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: video
:authority: epromotionplug.com
referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
:scheme: https
sec-fetch-site: same-origin
range: bytes=0-
:method: GET
Referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

date: Thu, 01 Jul 2021 08:57:46 GMT
via: 1.1 varnish (Varnish/6.3)
x-cdn: Served-By-Zenedge
age: 0
x-cache-status: NOTCACHED
Content-Range: bytes 0-53801673/53801674
section-io-cache: Miss
Content-Length: 53801674
x-zen-fury: 34794c5ddb9b04f7113fd9ea8bc8dbfb839019cb
last-modified: Fri, 12 Jul 2019 18:05:35 GMT
x-varnish: 1028550
cache-control: max-age=2592000, public
section-io-id: 5f4c37c17d3d654201f72bbbdcfb6252
accept-ranges: bytes
content-type: video/mp4
expires: Sat, 31 Jul 2021 08:58:40 GMT

GET
H2 200 icon.png
epromotionplug.com/campaigns/rcs/rnd5zx/img/ 20 KB
20 KB 29ms
28ms Image
image/png 147.75.87.237
PACKET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/img/icon.png
Requested by: Host: epromotionplug.com
URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/css/main.css?v=135
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.87.237 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress5
Software: /
Resource Hash: 6ed6c8a7629a4d65d52b64fe89b4aba45b2d633902e3bc87a043cb2768a6363a

Request headers

:path: /campaigns/rcs/rnd5zx/img/icon.png
pragma: no-cache
cookie: __zjc9289=5105496010
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: epromotionplug.com
referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/css/main.css?v=135
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/css/main.css?v=135
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-zen-fury: 4a2e3df7c296873372b4b3e796a235119e9dfdb0
date: Thu, 01 Jul 2021 08:57:45 GMT
via: 1.1 varnish (Varnish/6.3)
section-io-cache-id: 1acea39d0defdddebb2a68b6a5a2c074
last-modified: Thu, 11 Jul 2019 20:07:00 GMT
x-cdn: Served-By-Zenedge
age: 37
etag: "5d2796e4-4e4d"
x-cache-status: NOTCACHED
content-type: image/png
x-varnish: 1284042 1316890
content-length: 20045
accept-ranges: bytes
section-io-id: b0028bc27c8aed149b7fbf21211dc421
section-io-cache: Hit

GET
H2 200 bg.jpg
epromotionplug.com/campaigns/rcs/rnd5zx/img/ 38 KB
38 KB 380ms
380ms Image
image/jpeg 147.75.87.237
PACKET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/img/bg.jpg
Requested by: Host: epromotionplug.com
URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/css/main.css?v=135
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.87.237 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress5
Software: /
Resource Hash: 141ae18f6ca65c688d36f7c268dceb883ff097ac7250db740fb3d4fcac0036bb

Request headers

:path: /campaigns/rcs/rnd5zx/img/bg.jpg
pragma: no-cache
cookie: __zjc9289=5105496010
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: epromotionplug.com
referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/css/main.css?v=135
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/css/main.css?v=135
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-zen-fury: cfbceb34bcb69ef692cfa41be6bf80868dd373f5
date: Thu, 01 Jul 2021 08:57:46 GMT
via: 1.1 varnish (Varnish/6.3)
last-modified: Thu, 11 Jul 2019 20:06:47 GMT
x-cdn: Served-By-Zenedge
age: 0
etag: "5d2796d7-97ab"
x-cache-status: NOTCACHED
content-type: image/jpeg
x-varnish: 1610658
content-length: 38827
accept-ranges: bytes
section-io-id: 313e7bac041b398b9b31b9461354b33b
section-io-cache: Miss

GET
H2 200 fa-light-300.woff2
epromotionplug.com/campaigns/rcs/rnd5zx/webfonts/ 153 KB
154 KB 736ms
735ms Font
application/octet-stream 147.75.87.237
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/webfonts/fa-light-300.woff2
Requested by: Host: epromotionplug.com
URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/css/light.min.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.87.237 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress5
Software: /
Resource Hash: 558c1708821688922a35f8105bc9b840a73ae02165d0016746c71741ab48128d

Request headers

sec-fetch-mode: cors
origin: https://epromotionplug.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: font
cookie: __zjc9289=5105496010
:path: /campaigns/rcs/rnd5zx/webfonts/fa-light-300.woff2
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: epromotionplug.com
referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/css/light.min.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://epromotionplug.com
Referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/css/light.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-zen-fury: cfbceb34bcb69ef692cfa41be6bf80868dd373f5
date: Thu, 01 Jul 2021 08:57:46 GMT
via: 1.1 varnish (Varnish/6.3)
last-modified: Thu, 11 Jul 2019 20:07:03 GMT
x-cdn: Served-By-Zenedge
age: 0
etag: "5d2796e7-26588"
x-cache-status: NOTCACHED
content-type: application/octet-stream
x-varnish: 1284043
content-length: 157064
accept-ranges: bytes
section-io-id: 011742c3589c4b1f77eb224c1f980855
section-io-cache: Miss

GET
H2 200 mem5YaGs126MiZpBA-UN7rgOUuhp.woff2
fonts.gstatic.com/s/opensans/v20/ 15 KB
15 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v20/mem5YaGs126MiZpBA-UN7rgOUuhp.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c73575543a5c99018f842960f9882edaa0918965ea856e91de9717a0d58d3f1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://epromotionplug.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 16:31:16 GMT
x-content-type-options: nosniff
age: 145589
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15112
x-xss-protection: 0
last-modified: Tue, 18 May 2021 21:21:50 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 29 Jun 2022 16:31:16 GMT

GET
H2 200 nwpTtK2oNgBA3Or78gapdwuyyCg_.woff2
fonts.gstatic.com/s/marckscript/v11/ 13 KB
13 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/marckscript/v11/nwpTtK2oNgBA3Or78gapdwuyyCg_.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Marck+Script

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f4aa95c3a5140129e2c93e1ca4d2876afc646aff9eb561c565bb1c4ab79504d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://epromotionplug.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 08:11:49 GMT
x-content-type-options: nosniff
age: 89156
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13412
x-xss-protection: 0
last-modified: Tue, 01 Sep 2020 05:22:12 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 30 Jun 2022 08:11:49 GMT

GET
H2 200 mem5YaGs126MiZpBA-UN_r8OUuhp.woff2
fonts.gstatic.com/s/opensans/v20/ 15 KB
15 KB 9ms
8ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v20/mem5YaGs126MiZpBA-UN_r8OUuhp.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9f7216d2f53a731d9749077c22e15cfb38bcdc40806511ccf736f440c7569d64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://epromotionplug.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 10:05:12 GMT
x-content-type-options: nosniff
age: 82353
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14992
x-xss-protection: 0
last-modified: Tue, 18 May 2021 21:21:24 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 30 Jun 2022 10:05:12 GMT

GET
H2 200 names.txt Show response
epromotionplug.com/campaigns/rcs/rnd5zx/ 2 KB
2 KB 307ms
306ms XHR
text/plain 147.75.87.237
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/names.txt
Requested by: Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.3.1.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.87.237 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress5
Software: /
Resource Hash: 3a281897c45d5e17c7261e8676e5ea15bc02005fe456fb05d4797452ee577cd5

Request headers

sec-fetch-mode: cors
accept-encoding: gzip, deflate, br
accept-language: en-US
x-requested-with: XMLHttpRequest
sec-fetch-dest: empty
cookie: __zjc9289=5105496010
:path: /campaigns/rcs/rnd5zx/names.txt
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: epromotionplug.com
referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: */*
Referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-zen-fury: cfbceb34bcb69ef692cfa41be6bf80868dd373f5
date: Thu, 01 Jul 2021 08:57:45 GMT
content-encoding: gzip
last-modified: Thu, 11 Jul 2019 20:06:50 GMT
x-cdn: Served-By-Zenedge
age: 0
etag: W/"5d2796da-8ba"
x-cache-status: NOTCACHED
vary: Accept-Encoding
content-type: text/plain
via: 1.1 varnish (Varnish/6.3)
x-varnish: 830692
accept-ranges: bytes
section-io-id: f253a76f74a43cb6e9c894c3fb7a3769
section-io-cache: Miss

GET
H2 200 comments.txt Show response
epromotionplug.com/campaigns/rcs/rnd5zx/ 5 KB
2 KB 262ms
261ms XHR
text/plain 147.75.87.237
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/comments.txt
Requested by: Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.3.1.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.87.237 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress5
Software: /
Resource Hash: 724967557286a715aa79a85141bfb335b0e1c2fda76ad13fae359bfa34ffada8

Request headers

sec-fetch-mode: cors
accept-encoding: gzip, deflate, br
accept-language: en-US
x-requested-with: XMLHttpRequest
sec-fetch-dest: empty
cookie: __zjc9289=5105496010
:path: /campaigns/rcs/rnd5zx/comments.txt
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: epromotionplug.com
referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: */*
Referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-zen-fury: cfbceb34bcb69ef692cfa41be6bf80868dd373f5
date: Thu, 01 Jul 2021 08:57:45 GMT
content-encoding: gzip
last-modified: Thu, 11 Jul 2019 20:06:47 GMT
x-cdn: Served-By-Zenedge
age: 0
etag: W/"5d2796d7-1299"
x-cache-status: NOTCACHED
vary: Accept-Encoding
content-type: text/plain
via: 1.1 varnish (Varnish/6.3)
x-varnish: 144032
accept-ranges: bytes
section-io-id: 51095be09afe66fd6eeb910bd90623e2
section-io-cache: Miss

GET
H2 200 replies.txt Show response
epromotionplug.com/campaigns/rcs/rnd5zx/ 838 B
833 B 239ms
238ms XHR
text/plain 147.75.87.237
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/replies.txt
Requested by: Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.3.1.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.87.237 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress5
Software: /
Resource Hash: 2a206f67a44f37a51087d49b6199d637490245f6e9b9fdf92a38c87451f152ca

Request headers

sec-fetch-mode: cors
accept-encoding: gzip, deflate, br
accept-language: en-US
x-requested-with: XMLHttpRequest
sec-fetch-dest: empty
cookie: __zjc9289=5105496010
:path: /campaigns/rcs/rnd5zx/replies.txt
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: epromotionplug.com
referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: */*
Referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-zen-fury: 34794c5ddb9b04f7113fd9ea8bc8dbfb839019cb
date: Thu, 01 Jul 2021 08:57:45 GMT
content-encoding: gzip
last-modified: Thu, 11 Jul 2019 20:07:03 GMT
x-cdn: Served-By-Zenedge
age: 0
etag: W/"5d2796e7-346"
x-cache-status: NOTCACHED
vary: Accept-Encoding
content-type: text/plain
via: 1.1 varnish (Varnish/6.3)
x-varnish: 2103244
accept-ranges: bytes
section-io-id: ff9df8a497999904f882832f0696fac1
section-io-cache: Miss

GET
H2 200 colors.txt Show response
epromotionplug.com/campaigns/rcs/rnd5zx/ 463 B
615 B 200ms
200ms XHR
text/plain 147.75.87.237
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/colors.txt
Requested by: Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.3.1.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.87.237 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress5
Software: /
Resource Hash: b12bb41877bcf74cc3e99c2f1bfd77629f8d8b2ab0af630a8255cb08eac26dcb

Request headers

sec-fetch-mode: cors
accept-encoding: gzip, deflate, br
accept-language: en-US
x-requested-with: XMLHttpRequest
sec-fetch-dest: empty
cookie: __zjc9289=5105496010
:path: /campaigns/rcs/rnd5zx/colors.txt
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: epromotionplug.com
referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept: */*
Referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-zen-fury: 34794c5ddb9b04f7113fd9ea8bc8dbfb839019cb
date: Thu, 01 Jul 2021 08:57:45 GMT
content-encoding: gzip
last-modified: Thu, 11 Jul 2019 20:06:47 GMT
x-cdn: Served-By-Zenedge
age: 0
etag: W/"5d2796d7-1cf"
x-cache-status: NOTCACHED
vary: Accept-Encoding
content-type: text/plain
via: 1.1 varnish (Varnish/6.3)
x-varnish: 1513620
accept-ranges: bytes
section-io-id: 3921a347cf0c19ae7e33dd55b4693d30
section-io-cache: Miss

GET
H2 200 f.js Show response
tggsnglf.com/__zenedge/assets/ Frame C3DE 22 KB
8 KB 34ms
34ms Script
application/javascript 147.75.86.225
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://tggsnglf.com/__zenedge/assets/f.js?v=1541158593
Requested by: Host: tggsnglf.com
URL: https://tggsnglf.com/dofadd/?c=408bca&m=2&dofid=p36%3Ao1490%3AaNSC2M%3Ab301a937c%3Ac&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958&dof_click_id=U788Y2x8U0L6c8j0I984Uedcl3qcy3A2o
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.86.225 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress4
Software: /
Resource Hash: 64ef86f970680e7322c71974fe2e9bd9a1da71f4d02578a60d9d883ceebb5af0

Request headers

Referer: https://tggsnglf.com/dofadd/?c=408bca&m=2&dofid=p36%3Ao1490%3AaNSC2M%3Ab301a937c%3Ac&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958&dof_click_id=U788Y2x8U0L6c8j0I984Uedcl3qcy3A2o
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-zen-fury: e6552adecfd170d366481a1300b7b9f2581c1337
date: Thu, 01 Jul 2021 08:57:45 GMT
content-encoding: gzip
section-io-cache-id: a88df259b6a830c66f609bcfe2252750
last-modified: Fri, 02 Nov 2018 11:37:21 GMT
age: 11344
etag: W/"5bdc36f1-59e1"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish (Varnish/6.3)
x-varnish: 1481298 426510
content-length: 7741
accept-ranges: bytes
section-io-id: a63d073b2688a6a264852f17317582cd
section-io-cache: Hit

GET
H2 200 / Show response
tggsnglf.com/dofadd/ Frame C3DE 11 KB
4 KB 453ms
453ms Document
text/html 147.75.86.225
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://tggsnglf.com/dofadd/?SID=dc25e29e4c945818f2e9921376ee6f3e
Requested by: Host: epromotionplug.com
URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.86.225 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress4
Software: /
Resource Hash: 13968553d655e694925a780e426db159907d05ce45f81370a58cf8ff9306bab9

Request headers

:method: GET
:authority: tggsnglf.com
:scheme: https
:path: /dofadd/?SID=dc25e29e4c945818f2e9921376ee6f3e
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://tggsnglf.com/dofadd/?c=408bca&m=2&dofid=p36%3Ao1490%3AaNSC2M%3Ab301a937c%3Ac&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958&dof_click_id=U788Y2x8U0L6c8j0I984Uedcl3qcy3A2o
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: PHPSESSID=dc25e29e4c945818f2e9921376ee6f3e
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://tggsnglf.com/dofadd/?c=408bca&m=2&dofid=p36%3Ao1490%3AaNSC2M%3Ab301a937c%3Ac&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958&dof_click_id=U788Y2x8U0L6c8j0I984Uedcl3qcy3A2o

Response headers

date: Thu, 01 Jul 2021 08:57:46 GMT
content-type: text/html; charset=UTF-8
x-cache-status: NOTCACHED
x-zen-fury: 34794c5ddb9b04f7113fd9ea8bc8dbfb839019cb
cache-control: no-store
pragma: no-cache
set-cookie: PHPSESSID=dc25e29e4c945818f2e9921376ee6f3e; path=/; secure; SameSite=None
expires: 0
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
x-cdn: Served-By-Zenedge
content-encoding: gzip
vary: Accept-Encoding
x-varnish: 403557
age: 0
via: 1.1 varnish (Varnish/6.3)
section-io-cache: Miss
accept-ranges: bytes
section-io-id: 53b482ba802e6196d576ccaf38aa52cf

GET
H2 200 / Show response
geoip.securechargevault.com/ Frame C3DE 386 B
536 B 314ms
199ms Script
application/javascript 163.171.128.172
QUANTILNETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: https://geoip.securechargevault.com/?v=1
Requested by: Host: tggsnglf.com
URL: https://tggsnglf.com/dofadd/?SID=dc25e29e4c945818f2e9921376ee6f3e
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 163.171.128.172 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software: ZENEDGE /
Resource Hash: 272ef3de48c07cf1ecd464eb2fab3c12466e537e044c097b96f0c0fa40cdab8f

Request headers

Referer: https://tggsnglf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 01 Jul 2021 08:57:46 GMT
content-encoding: gzip
server: ZENEDGE
x-cache-status: NOTCACHED
x-ws-request-id: 60dd838a_PSdgflkfFRA1bc9_21035-31756
x-via: 1.1 PSdgflkfFRA1bc200:14 (Cdn Cache Server V2.0), 1.1 PSdgflkfFRA1dm92:9 (Cdn Cache Server V2.0)
cache-control: no-cache, no-store, must-revalidate
x-zen-fury: b1c66bbd4bdd4722e775cc3f9b8e00c01ca19e7d
content-type: application/javascript
x-cdn: Served-By-Zenedge
expires: 0

GET
H2 200 cleanstep3drk.css
tggsnglf.com/common_tpls/compact/css/ Frame C3DE 141 KB
28 KB 44ms
42ms Stylesheet
text/css 147.75.86.225
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://tggsnglf.com/common_tpls/compact/css/cleanstep3drk.css
Requested by: Host: tggsnglf.com
URL: https://tggsnglf.com/dofadd/?SID=dc25e29e4c945818f2e9921376ee6f3e
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.86.225 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress4
Software: /
Resource Hash: b3ad2a56bba5e9d30a226802b7a5c9d9ce7919c69e9608f34aaccf8c5914a64d

Request headers

Referer: https://tggsnglf.com/dofadd/?SID=dc25e29e4c945818f2e9921376ee6f3e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Jul 2021 08:57:46 GMT
content-encoding: gzip
section-io-cache-id: 206ed0da2f04c0e8640d54b7f1ebb4e3
x-cdn: Served-By-Zenedge
age: 5905
x-cache-status: NOTCACHED
section-io-cache: Hit
content-length: 28195
x-zen-fury: 4a2e3df7c296873372b4b3e796a235119e9dfdb0
last-modified: Tue, 16 Jun 2020 16:45:05 GMT
etag: W/"5ee8f711-233ed"
vary: Accept-Encoding
x-varnish: 1481305 136876
via: 1.1 varnish (Varnish/6.3)
section-io-id: 6786c8c7f796e04cdf43819c21838004
accept-ranges: bytes
content-type: text/css

GET
H2 200 jquery-3.4.1.min.js Show response
code.jquery.com/ Frame C3DE 86 KB
30 KB 10ms
8ms Script
application/javascript 2001:4de0:ac18::1:a:3b
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.4.1.min.js
Requested by: Host: tggsnglf.com
URL: https://tggsnglf.com/dofadd/?SID=dc25e29e4c945818f2e9921376ee6f3e
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:3b , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Request headers

Origin: https://tggsnglf.com
Referer: https://tggsnglf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Jul 2021 08:57:46 GMT
content-encoding: gzip
last-modified: Wed, 01 May 2019 21:14:27 GMT
server: nginx
etag: W/"5cca0c33-15851"
vary: Accept-Encoding
x-hw: 1625129866.dop232.fr8.t,1625129866.cds216.fr8.hc,1625129866.cds236.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30638

GET
H2 200 bootstrap.min.js Show response
ajax.aspnetcdn.com/ajax/bootstrap/3.3.2/ Frame C3DE 35 KB
12 KB 105ms
26ms Script
application/javascript 152.199.19.160
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.aspnetcdn.com/ajax/bootstrap/3.3.2/bootstrap.min.js

Requested by

Host: tggsnglf.com
URL: https://tggsnglf.com/dofadd/?SID=dc25e29e4c945818f2e9921376ee6f3e

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.160 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (lha/8D7D) /

Resource Hash

c8eeec83fe8bf655eeeda291466d268770436dde4e3e40416a85d05d3893e892

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Origin: https://tggsnglf.com
Referer: https://tggsnglf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Jul 2021 08:57:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2703552
x-cache: HIT
content-length: 12247
x-xss-protection: 1; mode=block
last-modified: Mon, 31 Oct 2016 23:09:58 GMT
server: ECAcc (lha/8D7D)
etag: "194598e6cb33d21:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 form_support.js Show response
tggsnglf.com/common_tpls/js/ Frame C3DE 977 B
921 B 40ms
39ms Script
application/javascript 147.75.86.225
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://tggsnglf.com/common_tpls/js/form_support.js?v=1516308712
Requested by: Host: tggsnglf.com
URL: https://tggsnglf.com/dofadd/?SID=dc25e29e4c945818f2e9921376ee6f3e
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.86.225 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress4
Software: /
Resource Hash: f2648f83e8bb78db15ffc5d01dcbc53fb6b8c585dcfabbb88bd0471b8399ca00

Request headers

Referer: https://tggsnglf.com/dofadd/?SID=dc25e29e4c945818f2e9921376ee6f3e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Jul 2021 08:57:46 GMT
content-encoding: gzip
section-io-cache-id: 012388f3d996f0f0eb92cac3fe4c908d
x-cdn: Served-By-Zenedge
age: 11602
x-cache-status: NOTCACHED
section-io-cache: Hit
content-length: 525
x-zen-fury: 4a2e3df7c296873372b4b3e796a235119e9dfdb0
last-modified: Tue, 19 Jan 2021 00:12:19 GMT
etag: W/"600623e3-3d1"
vary: Accept-Encoding
x-varnish: 1708358 393230
via: 1.1 varnish (Varnish/6.3)
section-io-id: 9f33c2eadbf4527b1f845d596023a407
accept-ranges: bytes
content-type: application/javascript

GET
H2 200 validate_form_v2.js Show response
tggsnglf.com/common_tpls/js/ Frame C3DE 22 KB
6 KB 41ms
40ms Script
application/javascript 147.75.86.225
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://tggsnglf.com/common_tpls/js/validate_form_v2.js?jsv=19
Requested by: Host: tggsnglf.com
URL: https://tggsnglf.com/dofadd/?SID=dc25e29e4c945818f2e9921376ee6f3e
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.86.225 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress4
Software: /
Resource Hash: 89109976a77ff6d4ff74c9f567e92111929d38d7910a7bc1122fd444956c4bba

Request headers

Referer: https://tggsnglf.com/dofadd/?SID=dc25e29e4c945818f2e9921376ee6f3e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Jul 2021 08:57:46 GMT
content-encoding: gzip
section-io-cache-id: 0a72accdd183320cb0b4bbce006b58f7
x-cdn: Served-By-Zenedge
age: 11602
x-cache-status: NOTCACHED
section-io-cache: Hit
content-length: 5688
x-zen-fury: 4a2e3df7c296873372b4b3e796a235119e9dfdb0
last-modified: Wed, 23 Jun 2021 19:01:43 GMT
etag: W/"60d38517-58f5"
vary: Accept-Encoding
x-varnish: 1610663 458766
via: 1.1 varnish (Varnish/6.3)
section-io-id: 25102a8d85e87bde59fbcaa68c1eb3ec
accept-ranges: bytes
content-type: application/javascript

GET
H2 200 ajax-loader.gif
tggsnglf.com/common_tpls/images/ Frame C3DE 3 KB
3 KB 34ms
34ms Image
image/gif 147.75.86.225
PACKET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tggsnglf.com/common_tpls/images/ajax-loader.gif
Requested by: Host: tggsnglf.com
URL: https://tggsnglf.com/dofadd/?SID=dc25e29e4c945818f2e9921376ee6f3e
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.86.225 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress4
Software: /
Resource Hash: fd29b3b084cf11160bfc4e99d98a261f2b36bff29113b07367c5204563c5d355

Request headers

Referer: https://tggsnglf.com/dofadd/?SID=dc25e29e4c945818f2e9921376ee6f3e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-zen-fury: 4a2e3df7c296873372b4b3e796a235119e9dfdb0
date: Thu, 01 Jul 2021 08:57:46 GMT
via: 1.1 varnish (Varnish/6.3)
section-io-cache-id: 001da028c47ca291324cf475a2fc994a
last-modified: Tue, 16 Jun 2020 16:45:10 GMT
x-cdn: Served-By-Zenedge
age: 11602
etag: "5ee8f716-c88"
x-cache-status: NOTCACHED
content-type: image/gif
x-varnish: 12202 131121
content-length: 3208
accept-ranges: bytes
section-io-id: e7fbca2c4b9120bd730a14c9a16ce421
section-io-cache: Hit

GET
H2 200 profile-dark.png
tggsnglf.com/common_tpls/compact/img/cleanstep3drk/ Frame C3DE 4 KB
5 KB 35ms
35ms Image
image/png 147.75.86.225
PACKET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tggsnglf.com/common_tpls/compact/img/cleanstep3drk/profile-dark.png
Requested by: Host: tggsnglf.com
URL: https://tggsnglf.com/dofadd/?SID=dc25e29e4c945818f2e9921376ee6f3e
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.86.225 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress4
Software: /
Resource Hash: 5a4757a50705c2c402436e915eff3e4f63345d041d52c7177661ef14eb9d3d88

Request headers

Referer: https://tggsnglf.com/dofadd/?SID=dc25e29e4c945818f2e9921376ee6f3e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-zen-fury: e6552adecfd170d366481a1300b7b9f2581c1337
date: Thu, 01 Jul 2021 08:57:46 GMT
via: 1.1 varnish (Varnish/6.3)
section-io-cache-id: 916e24b341ed257db1cc766682587f72
last-modified: Tue, 16 Jun 2020 16:45:06 GMT
x-cdn: Served-By-Zenedge
age: 10553
etag: "5ee8f712-11cb"
x-cache-status: NOTCACHED
content-type: image/png
x-varnish: 2071119 263814
content-length: 4555
accept-ranges: bytes
section-io-id: d7aa7fc25c5a35e38e89b48b70031f05
section-io-cache: Hit

GET
H2 200 iframeResizer.contentWindow.min.js Show response
tggsnglf.com/common_tpls/js/ Frame C3DE 13 KB
5 KB 34ms
34ms Script
application/javascript 147.75.86.225
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://tggsnglf.com/common_tpls/js/iframeResizer.contentWindow.min.js
Requested by: Host: tggsnglf.com
URL: https://tggsnglf.com/dofadd/?SID=dc25e29e4c945818f2e9921376ee6f3e
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.86.225 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress4
Software: /
Resource Hash: 7d5f5d0fe842536e512b4ca0cac0b48a66577ea091f3a6840365ff6124be034b

Request headers

Referer: https://tggsnglf.com/dofadd/?SID=dc25e29e4c945818f2e9921376ee6f3e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 01 Jul 2021 08:57:46 GMT
content-encoding: gzip
section-io-cache-id: 032a7e787f7867adcb4bc7a564df46ba
x-cdn: Served-By-Zenedge
age: 11602
x-cache-status: NOTCACHED
section-io-cache: Hit
content-length: 5094
x-zen-fury: 4a2e3df7c296873372b4b3e796a235119e9dfdb0
last-modified: Tue, 16 Jun 2020 16:45:10 GMT
etag: W/"5ee8f716-3445"
vary: Accept-Encoding
x-varnish: 1708359 360453
via: 1.1 varnish (Varnish/6.3)
section-io-id: f5495a8f0554c9e66d64ac9a1de6e870
accept-ranges: bytes
content-type: application/javascript

GET
H2 200 f.js Show response
tggsnglf.com/__zenedge/assets/ Frame C3DE 22 KB
8 KB 35ms
35ms Script
application/javascript 147.75.86.225
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://tggsnglf.com/__zenedge/assets/f.js?v=1541158593
Requested by: Host: tggsnglf.com
URL: https://tggsnglf.com/dofadd/?SID=dc25e29e4c945818f2e9921376ee6f3e
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.86.225 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress4
Software: /
Resource Hash: 64ef86f970680e7322c71974fe2e9bd9a1da71f4d02578a60d9d883ceebb5af0

Request headers

Referer: https://tggsnglf.com/dofadd/?SID=dc25e29e4c945818f2e9921376ee6f3e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-zen-fury: e6552adecfd170d366481a1300b7b9f2581c1337
date: Thu, 01 Jul 2021 08:57:46 GMT
content-encoding: gzip
section-io-cache-id: a88df259b6a830c66f609bcfe2252750
last-modified: Fri, 02 Nov 2018 11:37:21 GMT
age: 11345
etag: W/"5bdc36f1-59e1"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish (Varnish/6.3)
x-varnish: 1549456 426510
content-length: 7741
accept-ranges: bytes
section-io-id: fa82c5871348fa760cae62017cfa3cdd
section-io-cache: Hit

GET
H3-29 200 css
fonts.googleapis.com/ Frame C3DE 11 KB
774 B 24ms
23ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:300,400,500,700,900&display=swap

Requested by

Host: tggsnglf.com
URL: https://tggsnglf.com/common_tpls/compact/css/cleanstep3drk.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

93419375ace457303adcb19b0d23de96b1da646564073ce6935795b4458f9670

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://tggsnglf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 01 Jul 2021 08:44:31 GMT
server: ESF
date: Thu, 01 Jul 2021 08:57:46 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 01 Jul 2021 08:57:46 GMT

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ Frame C3DE 45 KB
17 KB 27ms
5ms Script
text/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: tggsnglf.com
URL: https://tggsnglf.com/dofadd/?SID=dc25e29e4c945818f2e9921376ee6f3e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://tggsnglf.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 09 Jun 2021 17:36:57 GMT
server: Golfe2
age: 2361
date: Thu, 01 Jul 2021 08:18:25 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17168
expires: Thu, 01 Jul 2021 10:18:25 GMT

GET
H3-29 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame C3DE 16 KB
16 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700,900&display=swap

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://tggsnglf.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 17:22:06 GMT
x-content-type-options: nosniff
age: 142540
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:39 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 29 Jun 2022 17:22:06 GMT

GET
H3-29 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ Frame C3DE 15 KB
15 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700,900&display=swap

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://tggsnglf.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 10:48:51 GMT
x-content-type-options: nosniff
age: 79735
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:35 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 30 Jun 2022 10:48:51 GMT

GET
H3-29 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame C3DE 15 KB
15 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700,900&display=swap

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://tggsnglf.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 30 Jun 2021 07:58:29 GMT
x-content-type-options: nosniff
age: 89957
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15732
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:39 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 30 Jun 2022 07:58:29 GMT

GET
H3-29 200 KFOlCnqEu92Fr1MmYUtfBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame C3DE 15 KB
15 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmYUtfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700,900&display=swap

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0e868ca932480407e63d27e8e868cb1514581142928b9be15ec9039bf5fe348f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://tggsnglf.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 10:52:05 GMT
x-content-type-options: nosniff
age: 165941
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15724
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:50 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 29 Jun 2022 10:52:05 GMT

GET
H3-29 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame C3DE 15 KB
15 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:300,400,500,700,900&display=swap

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://tggsnglf.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 29 Jun 2021 22:51:50 GMT
x-content-type-options: nosniff
age: 122756
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:46 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 29 Jun 2022 22:51:50 GMT

POST
H2 200 f Show response
tggsnglf.com/__zenedge/ Frame C3DE 25 B
273 B 201ms
201ms XHR
image/png 147.75.86.225
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://tggsnglf.com/__zenedge/f
Requested by: Host: tggsnglf.com
URL: https://tggsnglf.com/__zenedge/assets/f.js?v=1541158593
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.86.225 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress4
Software: /
Resource Hash: 905cfd18d8a2167f26f7b434370397a5ba426278b47b7e53e0bab4fb52707db4

Request headers

Referer: https://tggsnglf.com/dofadd/?SID=dc25e29e4c945818f2e9921376ee6f3e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: application/json

Response headers

x-zen-fury: 34794c5ddb9b04f7113fd9ea8bc8dbfb839019cb
date: Thu, 01 Jul 2021 08:57:47 GMT
via: 1.1 varnish (Varnish/6.3)
content-type: image/png
x-cdn: Served-By-Zenedge
age: 0
accept-ranges: bytes
x-varnish: 2071129
cache-control: no-store
section-io-id: 1392c298fddb3a29d50e7bdd4958b183
section-io-cache: Miss
content-length: 25

POST
H2 200 f Show response
epromotionplug.com/__zenedge/ 25 B
273 B 217ms
217ms XHR
image/png 147.75.87.237
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://epromotionplug.com/__zenedge/f
Requested by: Host: epromotionplug.com
URL: https://epromotionplug.com/__zenedge/assets/f.js?v=1541158593
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.87.237 , Netherlands, ASN54825 (PACKET, US),
Reverse DNS: pkt-ams-k3-shared-ingress5
Software: /
Resource Hash: 905cfd18d8a2167f26f7b434370397a5ba426278b47b7e53e0bab4fb52707db4

Request headers

sec-fetch-mode: cors
origin: https://epromotionplug.com
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
cookie: __zjc9289=5105496010
content-length: 1276
:path: /__zenedge/f
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/json
accept: */*
cache-control: no-cache
:authority: epromotionplug.com
referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://epromotionplug.com/campaigns/rcs/rnd5zx/?c=408bca&m=2&dofid=p36:o1490:aNSC2M:b301a937c:c&x_agent=NEPT63KG&chan=NEPT63KG&x_agent=NEPT63KG&chan=NEPT63KG&x_clickid=4639958
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-type: application/json

Response headers

x-zen-fury: cfbceb34bcb69ef692cfa41be6bf80868dd373f5
date: Thu, 01 Jul 2021 08:57:47 GMT
via: 1.1 varnish (Varnish/6.3)
content-type: image/png
x-cdn: Served-By-Zenedge
age: 0
accept-ranges: bytes
x-varnish: 1091233
cache-control: no-store
section-io-id: 9e097e4323d438dbd63e82d57fcc0ea2
section-io-cache: Miss
content-length: 25

Verdicts & Comments Add Verdict or Comment

57 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			tggsnglf.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: dc25e29e4c945818f2e9921376ee6f3e
			epromotionplug.com/	1970-01-19 19:25:29	Name: __zjc9289 Value: 5105496010

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://epromotionplug.com/campaigns/rcs/rnd5zx/js/main.js(Line 125) Message: sizeUP! - desktop

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.aspnetcdn.com
bit.ly
code.jquery.com
epromotionplug.com
fonts.googleapis.com
fonts.gstatic.com
geoip.securechargevault.com
malakicash.com
securechargevault.com
ssl.google-analytics.com
tggsnglf.com
147.75.86.225
147.75.87.237
152.199.19.160
163.171.128.172
2001:4de0:ac18::1:a:3b
2606:4700:3034::6815:20b0
2a00:1450:4001:802::200a
2a00:1450:4001:827::2003
2a00:1450:4001:82a::2008
2a00:1450:4001:831::2003
67.199.248.10
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
0e868ca932480407e63d27e8e868cb1514581142928b9be15ec9039bf5fe348f
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
13968553d655e694925a780e426db159907d05ce45f81370a58cf8ff9306bab9
141ae18f6ca65c688d36f7c268dceb883ff097ac7250db740fb3d4fcac0036bb
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
272ef3de48c07cf1ecd464eb2fab3c12466e537e044c097b96f0c0fa40cdab8f
2a206f67a44f37a51087d49b6199d637490245f6e9b9fdf92a38c87451f152ca
321b0da46f9edd43f0965f69aca44aa2aa4dd364ff86af7d2ddd30ea4944f7a4
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
35a59efb7049b51b061c5b4a00d2cb1a648a047a3406d55e500f3d6349052d33
3a281897c45d5e17c7261e8676e5ea15bc02005fe456fb05d4797452ee577cd5
4ebe6bd7e5b9d35ac840373843676e36035925b503f3d0d333ef00ac8405cef8
545c797899e7a3fdc2b01623d11bf907262d34b0f032b554dc376f60963943f0
558c1708821688922a35f8105bc9b840a73ae02165d0016746c71741ab48128d
5a4757a50705c2c402436e915eff3e4f63345d041d52c7177661ef14eb9d3d88
64ef86f970680e7322c71974fe2e9bd9a1da71f4d02578a60d9d883ceebb5af0
68dd090c45e87f85992a729500e71e17b1bd9a7594f84d6adfd1adb1ad84d5c9
6ed6c8a7629a4d65d52b64fe89b4aba45b2d633902e3bc87a043cb2768a6363a
724967557286a715aa79a85141bfb335b0e1c2fda76ad13fae359bfa34ffada8
77d4443c370fb7376f3c5d0bff46a5c38d9f6933c66a7d6dd20c6ad0d97a9a03
7d5f5d0fe842536e512b4ca0cac0b48a66577ea091f3a6840365ff6124be034b
89109976a77ff6d4ff74c9f567e92111929d38d7910a7bc1122fd444956c4bba
905cfd18d8a2167f26f7b434370397a5ba426278b47b7e53e0bab4fb52707db4
93419375ace457303adcb19b0d23de96b1da646564073ce6935795b4458f9670
97a4a3a1fe760e09b2d46feb83d5add3a0e426b62c655c1f12a861c90e2e738d
9f7216d2f53a731d9749077c22e15cfb38bcdc40806511ccf736f440c7569d64
a46b9aa8737c1a07dac3c35d05944522e5d1ddcde0143a204a89b37161b7d6e7
b12bb41877bcf74cc3e99c2f1bfd77629f8d8b2ab0af630a8255cb08eac26dcb
b3ad2a56bba5e9d30a226802b7a5c9d9ce7919c69e9608f34aaccf8c5914a64d
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
c73575543a5c99018f842960f9882edaa0918965ea856e91de9717a0d58d3f1c
c8eeec83fe8bf655eeeda291466d268770436dde4e3e40416a85d05d3893e892
c98a04075691c3aefa15e83a2975f3d90c6100647883619dcdf529a970466987
cb5ba5d7942837d78bb9eabccbef5d31f39e58a5dd4c9bd55af383166d41dc25
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
d3946169ae3c2ab0b919a4057e0a0a358cca07183925b867ce730bbeb0cf1707
e989496e5e0c5836493a83b5c083d32a4d19f54378eeda80c8a0e35ee72d3231
f14bc4ff737a100f391746ce15553cdc50a969c60f999b94390df12755d0695e
f2648f83e8bb78db15ffc5d01dcbc53fb6b8c585dcfabbb88bd0471b8399ca00
f4aa95c3a5140129e2c93e1ca4d2876afc646aff9eb561c565bb1c4ab79504d7
f81b7897f905bbc093aed72a45e364290299a1c81e4b50e216a14f9832ff01cb
fd29b3b084cf11160bfc4e99d98a261f2b36bff29113b07367c5204563c5d355

epromotionplug.com Open in urlscan Pro 147.75.87.237 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

48 Requests

100 %HTTPS

55 %IPv6

10 Domains

11 Subdomains

9 IPs

3 Countries

1974 kBTransfer

11381 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

48 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

epromotionplug.com Open in urlscan Pro
147.75.87.237 Public Scan

Screenshot
Live screenshot

Full Image

48
Requests

100 %
HTTPS

55 %
IPv6

10
Domains

11
Subdomains

9
IPs

3
Countries

1974 kB
Transfer

11381 kB
Size

2
Cookies

48 HTTP transactions
0 data transactions