Submitted URL: http://kolhoz.online/click.php?lp=1&uclick=ktx9wh
Effective URL: http://www.critch-comedy.de/cxp/200-euro-gratis/
Submission: On June 09 via manual from SG

Summary

This website contacted 12 IPs in 4 countries across 16 domains to perform 16 HTTP transactions. The main IP is 78.46.10.196, located in Germany and belongs to HETZNER-AS, DE. The main domain is www.critch-comedy.de.
This is the only time www.critch-comedy.de was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 178.128.251.211 14061 (DIGITALOC...)
1 1 2a05:d018:483... 16509 (AMAZON-02)
1 2 2a05:d018:483... 16509 (AMAZON-02)
1 2a05:d018:483... 16509 (AMAZON-02)
1 205.147.93.131 393676 (ZENEDGE)
1 104.25.185.102 13335 (CLOUDFLAR...)
1 2 151.80.221.9 16276 (OVH)
1 1 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2 52.72.229.161 14618 (AMAZON-AES)
1 2 95.211.229.245 60781 (LEASEWEB-...)
2 2 78.46.155.195 24940 (HETZNER-AS)
3 78.46.10.196 24940 (HETZNER-AS)
1 2a00:1450:400... 15169 (GOOGLE)
2 4 104.244.42.197 13414 (TWITTER)
1 1 2606:4700:10:... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
16 12
Domain Requested by
4 t.co 2 redirects www.critch-comedy.de
2 www.google-analytics.com www.googletagmanager.com
www.critch-comedy.de
2 www.critch-comedy.de syndication.exdynsrv.com
www.critch-comedy.de
2 www1.lustich.de 2 redirects
2 syndication.exdynsrv.com 1 redirects ps.popcash.net
2 ps.popcash.net 1 redirects core.royalads.net
2 core.royalads.net 1 redirects botudeso.com
2 securessl-smart.com 1 redirects
1 dirtyads.de www.critch-comedy.de
1 tinyurl.com 1 redirects
1 www.googletagmanager.com www.critch-comedy.de
1 popcash.net 1 redirects
1 botudeso.com polimerk.com
1 polimerk.com gdmconvtrck.com
1 gdmconvtrck.com securessl-smart.com
1 cd-down.com 1 redirects
1 kolhoz.online 1 redirects
16 17

This site contains no links.

Subject Issuer Validity Valid

1970-01-01 -
1970-01-01
a few seconds crt.sh
ssl375931.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2
2019-05-21 -
2019-11-27
6 months crt.sh
*.royalads.net
Sectigo RSA Domain Validation Secure Server CA
2019-05-19 -
2020-08-16
a year crt.sh
exdynsrv.com
Let's Encrypt Authority X3
2019-04-29 -
2019-07-28
3 months crt.sh
*.google-analytics.com
Google Internet Authority G3
2019-05-21 -
2019-08-13
3 months crt.sh
t.co
DigiCert SHA2 High Assurance Server CA
2019-03-07 -
2020-03-07
a year crt.sh

This page contains 4 frames:

Primary Page: http://www.critch-comedy.de/cxp/200-euro-gratis/
Frame ID: 3920DE292B1E7DEEC1122C8E11A7F89B
Requests: 13 HTTP requests in this frame

Frame: https://t.co/HXFJWCUIIe
Frame ID: 20CFE2371E85CD9C2EA1BC5139F929BF
Requests: 1 HTTP requests in this frame

Frame: https://t.co/x9tizX9PKq
Frame ID: 8EC9C8FEB6C72CD8743E37E1283027AC
Requests: 1 HTTP requests in this frame

Frame: http://dirtyads.de/ip-ad/
Frame ID: 88A099679699CC86079D327DE0525B80
Requests: 1 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://kolhoz.online/click.php?lp=1&uclick=ktx9wh HTTP 302
    https://cd-down.com/?a=82979&c=196448&s2=4bc2aktx9whacc&s3=2292544907497707&s4=KR_ACC316(2_1)_CO... HTTP 302
    http://securessl-smart.com/?a=82979&c=145009&oc=48335&sr=t&so=64776&sc=10500141&rc=24_80817&s2=4bc2aktx... Page URL
  2. http://securessl-smart.com/?a=82979&c=145009&oc=48335&sr=t&so=64776&sc=10500141&rc=24_80817&s2=4bc2aktx... HTTP 302
    http://polimerk.com/15w53/sV8D/v1sT/5xdF9znIvAf9LzXSJfWSnetzOKPsa0HjqgtZ2ZFNPIxNpUNBgpKy?tVY=MM_... Page URL
  3. https://botudeso.com/auction?info=imoSvZ5PR%252Fw0i9YbG5K28DCAYz2UzxKJ%252FEFx9GREqveaY5QhhvL3uoj... Page URL
  4. https://core.royalads.net/click/?pub=c8e1e96b-6832-4c6a-b06b-83f93492d89f Page URL
  5. http://core.royalads.net/go/?pub=c8e1e96b-6832-4c6a-b06b-83f93492d89f&ref=https%3A%2F%2Fbotudeso.com%... HTTP 302
    http://popcash.net/world/go/79141/465699 HTTP 301
    http://ps.popcash.net/go/79141/465699 Page URL
  6. http://ps.popcash.net/ad/ad?p=79141&w=465699&t=0296886a9a20bfcd&r=aHR0cHMlM0ElMkYlMkZjb3JlLnJveWFs... HTTP 303
    https://syndication.exdynsrv.com/splash.php?idzone=3207855&sub=465699&type=8 Page URL
  7. https://syndication.exdynsrv.com/splash.php?idzone=3207855&sub=465699&type=8&p=http%3A%2F%2Fps.popcash.net%2F... HTTP 302
    http://www1.lustich.de/link HTTP 301
    http://www1.lustich.de/link/ HTTP 302
    http://www.critch-comedy.de/cxp/200-euro-gratis/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
  • env /^gaGlobal$/i

Overall confidence: 100%
Detected patterns
  • env /^google_tag_manager$/i

Page Statistics

16
Requests

50 %
HTTPS

44 %
IPv6

16
Domains

17
Subdomains

12
IPs

4
Countries

53 kB
Transfer

124 kB
Size

13
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://kolhoz.online/click.php?lp=1&uclick=ktx9wh HTTP 302
    https://cd-down.com/?a=82979&c=196448&s2=4bc2aktx9whacc&s3=2292544907497707&s4=KR_ACC316(2_1)_CONV2_23+_50$_1_%D0%BA%D0%BE%D1%80%D0%BE%D0%B1%D0%BA%D0%B8_1 HTTP 302
    http://securessl-smart.com/?a=82979&c=145009&oc=48335&sr=t&so=64776&sc=10500141&rc=24_80817&s2=4bc2aktx9whacc&s3=2292544907497707&s4=KR_ACC316(2_1)_CONV2_23%20_50$_1_:%3E@%3E1:8_1&vt=1560095139055&h=4382a31e18cd23e601c67a12efab5209fab96ebd&req=https%3A%2F%2Fcd-down.com%2F%3Fa%3D82979%26c%3D196448%26s2%3D4bc2aktx9whacc%26s3%3D2292544907497707%26s4%3DKR_ACC316%282_1%29_CONV2_23%2B_50%24_1_%25D0%25BA%25D0%25BE%25D1%2580%25D0%25BE%25D0%25B1%25D0%25BA%25D0%25B8_1 Page URL
  2. http://securessl-smart.com/?a=82979&c=145009&oc=48335&sr=t&so=64776&sc=10500141&rc=24_80817&s2=4bc2aktx9whacc&s3=2292544907497707&s4=KR_ACC316(2_1)_CONV2_23%20_50$_1_:%3E@%3E1:8_1&vt=1560095139143&h=0b0e5960f975b9dc6c6cc920bd9f7266096e1840&req=https%3A%2F%2Fcd-down.com%2F%3Fa%3D82979%26c%3D196448%26s2%3D4bc2aktx9whacc%26s3%3D2292544907497707%26s4%3DKR_ACC316%282_1%29_CONV2_23+_50%24_1_%D0%BA%D0%BE%D1%80%D0%BE%D0%B1%D0%BA%D0%B8_1&us=d55cff583a9141b9ab10048715fc7c98 HTTP 302
    http://polimerk.com/15w53/sV8D/v1sT/5xdF9znIvAf9LzXSJfWSnetzOKPsa0HjqgtZ2ZFNPIxNpUNBgpKy?tVY=MM_MS_WW_New&af=82979&rrr=0e26e451e9f047fcab2829380268613b995f Page URL
  3. https://botudeso.com/auction?info=imoSvZ5PR%252Fw0i9YbG5K28DCAYz2UzxKJ%252FEFx9GREqveaY5QhhvL3uojiMht379pVIRs8yTusMdyY%252FEfsuyLverWdEoVbeqgnMS52fxher40%253D&sid=Ow0UQnUnJ9Bbjvt21pAW8xTks7Ax8uUQJj7NkxFl12o8FvoTUMYCAIaDvuBJqmMo&id=2 Page URL
  4. https://core.royalads.net/click/?pub=c8e1e96b-6832-4c6a-b06b-83f93492d89f Page URL
  5. http://core.royalads.net/go/?pub=c8e1e96b-6832-4c6a-b06b-83f93492d89f&ref=https%3A%2F%2Fbotudeso.com%2F&scrw=1600&scrh=1200&nlc=b041TnYR5nz7FSPs&ven=&ver=&iif=0 HTTP 302
    http://popcash.net/world/go/79141/465699 HTTP 301
    http://ps.popcash.net/go/79141/465699 Page URL
  6. http://ps.popcash.net/ad/ad?p=79141&w=465699&t=0296886a9a20bfcd&r=aHR0cHMlM0ElMkYlMkZjb3JlLnJveWFsYWRzLm5ldCUyRg==&vw=1600&vh=1200 HTTP 303
    https://syndication.exdynsrv.com/splash.php?idzone=3207855&sub=465699&type=8 Page URL
  7. https://syndication.exdynsrv.com/splash.php?idzone=3207855&sub=465699&type=8&p=http%3A%2F%2Fps.popcash.net%2Fgo%2F79141%2F465699&tested=1&check=de3d24614cdf5d27266380cb34fc1a9f&screen_resolution=1600x1200&container_resolution=1600x1200&iframe=0 HTTP 302
    http://www1.lustich.de/link HTTP 301
    http://www1.lustich.de/link/ HTTP 302
    http://www.critch-comedy.de/cxp/200-euro-gratis/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://kolhoz.online/click.php?lp=1&uclick=ktx9wh HTTP 302
  • https://cd-down.com/?a=82979&c=196448&s2=4bc2aktx9whacc&s3=2292544907497707&s4=KR_ACC316(2_1)_CONV2_23+_50$_1_%D0%BA%D0%BE%D1%80%D0%BE%D0%B1%D0%BA%D0%B8_1 HTTP 302
  • http://securessl-smart.com/?a=82979&c=145009&oc=48335&sr=t&so=64776&sc=10500141&rc=24_80817&s2=4bc2aktx9whacc&s3=2292544907497707&s4=KR_ACC316(2_1)_CONV2_23%20_50$_1_:%3E@%3E1:8_1&vt=1560095139055&h=4382a31e18cd23e601c67a12efab5209fab96ebd&req=https%3A%2F%2Fcd-down.com%2F%3Fa%3D82979%26c%3D196448%26s2%3D4bc2aktx9whacc%26s3%3D2292544907497707%26s4%3DKR_ACC316%282_1%29_CONV2_23%2B_50%24_1_%25D0%25BA%25D0%25BE%25D1%2580%25D0%25BE%25D0%25B1%25D0%25BA%25D0%25B8_1
Request Chain 2
  • http://securessl-smart.com/?a=82979&c=145009&oc=48335&sr=t&so=64776&sc=10500141&rc=24_80817&s2=4bc2aktx9whacc&s3=2292544907497707&s4=KR_ACC316(2_1)_CONV2_23%20_50$_1_:%3E@%3E1:8_1&vt=1560095139143&h=0b0e5960f975b9dc6c6cc920bd9f7266096e1840&req=https%3A%2F%2Fcd-down.com%2F%3Fa%3D82979%26c%3D196448%26s2%3D4bc2aktx9whacc%26s3%3D2292544907497707%26s4%3DKR_ACC316%282_1%29_CONV2_23+_50%24_1_%D0%BA%D0%BE%D1%80%D0%BE%D0%B1%D0%BA%D0%B8_1&us=d55cff583a9141b9ab10048715fc7c98 HTTP 302
  • http://polimerk.com/15w53/sV8D/v1sT/5xdF9znIvAf9LzXSJfWSnetzOKPsa0HjqgtZ2ZFNPIxNpUNBgpKy?tVY=MM_MS_WW_New&af=82979&rrr=0e26e451e9f047fcab2829380268613b995f
Request Chain 6
  • http://core.royalads.net/go/?pub=c8e1e96b-6832-4c6a-b06b-83f93492d89f&ref=https%3A%2F%2Fbotudeso.com%2F&scrw=1600&scrh=1200&nlc=b041TnYR5nz7FSPs&ven=&ver=&iif=0 HTTP 302
  • http://popcash.net/world/go/79141/465699 HTTP 301
  • http://ps.popcash.net/go/79141/465699
Request Chain 7
  • http://ps.popcash.net/ad/ad?p=79141&w=465699&t=0296886a9a20bfcd&r=aHR0cHMlM0ElMkYlMkZjb3JlLnJveWFsYWRzLm5ldCUyRg==&vw=1600&vh=1200 HTTP 303
  • https://syndication.exdynsrv.com/splash.php?idzone=3207855&sub=465699&type=8
Request Chain 10
  • http://t.co/HXFJWCUIIe HTTP 301
  • https://t.co/HXFJWCUIIe
Request Chain 11
  • http://t.co/x9tizX9PKq HTTP 301
  • https://t.co/x9tizX9PKq
Request Chain 12
  • http://tinyurl.com/y5psyqtv HTTP 301
  • http://dirtyads.de/ip-ad/

16 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
securessl-smart.com/
Redirect Chain
  • http://kolhoz.online/click.php?lp=1&uclick=ktx9wh
  • https://cd-down.com/?a=82979&c=196448&s2=4bc2aktx9whacc&s3=2292544907497707&s4=KR_ACC316(2_1)_CONV2_23+_50$_1_%D0%BA%D0%BE%D1%80%D0%BE%D0%B1%D0%BA%D0%B8_1
  • http://securessl-smart.com/?a=82979&c=145009&oc=48335&sr=t&so=64776&sc=10500141&rc=24_80817&s2=4bc2aktx9whacc&s3=2292544907497707&s4=KR_ACC316(2_1)_CONV2_23%20_50$_1_:%3E@%3E1:8_1&vt=1560095139055&...
2 KB
1 KB
Document
General
Full URL
http://securessl-smart.com/?a=82979&c=145009&oc=48335&sr=t&so=64776&sc=10500141&rc=24_80817&s2=4bc2aktx9whacc&s3=2292544907497707&s4=KR_ACC316(2_1)_CONV2_23%20_50$_1_:%3E@%3E1:8_1&vt=1560095139055&h=4382a31e18cd23e601c67a12efab5209fab96ebd&req=https%3A%2F%2Fcd-down.com%2F%3Fa%3D82979%26c%3D196448%26s2%3D4bc2aktx9whacc%26s3%3D2292544907497707%26s4%3DKR_ACC316%282_1%29_CONV2_23%2B_50%24_1_%25D0%25BA%25D0%25BE%25D1%2580%25D0%25BE%25D0%25B1%25D0%25BA%25D0%25B8_1
Protocol
HTTP/1.1
Server
2a05:d018:483:6110:910e:48ff:2bc6:3ece Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software
nginx /
Resource Hash
6b3eab55905c060c231646a98202f6f329db7c6ef57ec352d3b31b753043ccdc

Request headers

Host
securessl-smart.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 09 Jun 2019 15:45:39 GMT
Content-Type
text/html;charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
Server
nginx
Vary
Accept-Encoding
Cache-Control
no-cache, must-revalidate
Pragma
no-cache
Expires
Sat, 1 May 2020 12:00:00 GMT
Content-Encoding
gzip

Redirect headers

status
302
date
Sun, 09 Jun 2019 15:45:39 GMT
content-type
text/html;charset=ISO-8859-1
location
http://securessl-smart.com?a=82979&c=145009&oc=48335&sr=t&so=64776&sc=10500141&rc=24_80817&s2=4bc2aktx9whacc&s3=2292544907497707&s4=KR_ACC316(2_1)_CONV2_23 _50$_1_:>@>1:8_1&vt=1560095139055&h=4382a31e18cd23e601c67a12efab5209fab96ebd&req=https%3A%2F%2Fcd-down.com%2F%3Fa%3D82979%26c%3D196448%26s2%3D4bc2aktx9whacc%26s3%3D2292544907497707%26s4%3DKR_ACC316%282_1%29_CONV2_23%2B_50%24_1_%25D0%25BA%25D0%25BE%25D1%2580%25D0%25BE%25D0%25B1%25D0%25BA%25D0%25B8_1
server
nginx
content-language
en-US
trck
gdmconvtrck.com/
1 KB
1 KB
Script
General
Full URL
http://gdmconvtrck.com/trck
Requested by
Host: securessl-smart.com
URL: http://securessl-smart.com/?a=82979&c=145009&oc=48335&sr=t&so=64776&sc=10500141&rc=24_80817&s2=4bc2aktx9whacc&s3=2292544907497707&s4=KR_ACC316(2_1)_CONV2_23%20_50$_1_:%3E@%3E1:8_1&vt=1560095139055&h=4382a31e18cd23e601c67a12efab5209fab96ebd&req=https%3A%2F%2Fcd-down.com%2F%3Fa%3D82979%26c%3D196448%26s2%3D4bc2aktx9whacc%26s3%3D2292544907497707%26s4%3DKR_ACC316%282_1%29_CONV2_23%2B_50%24_1_%25D0%25BA%25D0%25BE%25D1%2580%25D0%25BE%25D0%25B1%25D0%25BA%25D0%25B8_1
Protocol
HTTP/1.1
Security
, ,
Server
2a05:d018:483:6130:5cc5:c974:7f81:d960 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Referer
http://securessl-smart.com/?a=82979&c=145009&oc=48335&sr=t&so=64776&sc=10500141&rc=24_80817&s2=4bc2aktx9whacc&s3=2292544907497707&s4=KR_ACC316(2_1)_CONV2_23%20_50$_1_:%3E@%3E1:8_1&vt=1560095139055&h=4382a31e18cd23e601c67a12efab5209fab96ebd&req=https%3A%2F%2Fcd-down.com%2F%3Fa%3D82979%26c%3D196448%26s2%3D4bc2aktx9whacc%26s3%3D2292544907497707%26s4%3DKR_ACC316%282_1%29_CONV2_23%2B_50%24_1_%25D0%25BA%25D0%25BE%25D1%2580%25D0%25BE%25D0%25B1%25D0%25BA%25D0%25B8_1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Sun, 09 Jun 2019 15:45:39 GMT
Content-Encoding
gzip
Server
nginx
Vary
Accept-Encoding
Content-Type
text/javascript;charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache, must-revalidate
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Sat, 1 May 2020 12:00:00 GMT
Cookie set 5xdF9znIvAf9LzXSJfWSnetzOKPsa0HjqgtZ2ZFNPIxNpUNBgpKy
polimerk.com/15w53/sV8D/v1sT/
Redirect Chain
  • http://securessl-smart.com/?a=82979&c=145009&oc=48335&sr=t&so=64776&sc=10500141&rc=24_80817&s2=4bc2aktx9whacc&s3=2292544907497707&s4=KR_ACC316(2_1)_CONV2_23%20_50$_1_:%3E@%3E1:8_1&vt=1560095139143&...
  • http://polimerk.com/15w53/sV8D/v1sT/5xdF9znIvAf9LzXSJfWSnetzOKPsa0HjqgtZ2ZFNPIxNpUNBgpKy?tVY=MM_MS_WW_New&af=82979&rrr=0e26e451e9f047fcab2829380268613b995f
6 KB
4 KB
Document
General
Full URL
http://polimerk.com/15w53/sV8D/v1sT/5xdF9znIvAf9LzXSJfWSnetzOKPsa0HjqgtZ2ZFNPIxNpUNBgpKy?tVY=MM_MS_WW_New&af=82979&rrr=0e26e451e9f047fcab2829380268613b995f
Requested by
Host: gdmconvtrck.com
URL: http://gdmconvtrck.com/trck
Protocol
HTTP/1.1
Server
205.147.93.131 , United States, ASN393676 (ZENEDGE - Oracle Corporation, US),
Reverse DNS
Software
ZENEDGE /
Resource Hash
ea8590f93a59398bc579c6d93bb342b1c1b201150b8435c6dd13c659d1fc1645

Request headers

Host
polimerk.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer
http://securessl-smart.com/?a=82979&c=145009&oc=48335&sr=t&so=64776&sc=10500141&rc=24_80817&s2=4bc2aktx9whacc&s3=2292544907497707&s4=KR_ACC316(2_1)_CONV2_23%20_50$_1_:%3E@%3E1:8_1&vt=1560095139055&h=4382a31e18cd23e601c67a12efab5209fab96ebd&req=https%3A%2F%2Fcd-down.com%2F%3Fa%3D82979%26c%3D196448%26s2%3D4bc2aktx9whacc%26s3%3D2292544907497707%26s4%3DKR_ACC316%282_1%29_CONV2_23%2B_50%24_1_%25D0%25BA%25D0%25BE%25D1%2580%25D0%25BE%25D0%25B1%25D0%25BA%25D0%25B8_1
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://securessl-smart.com/?a=82979&c=145009&oc=48335&sr=t&so=64776&sc=10500141&rc=24_80817&s2=4bc2aktx9whacc&s3=2292544907497707&s4=KR_ACC316(2_1)_CONV2_23%20_50$_1_:%3E@%3E1:8_1&vt=1560095139055&h=4382a31e18cd23e601c67a12efab5209fab96ebd&req=https%3A%2F%2Fcd-down.com%2F%3Fa%3D82979%26c%3D196448%26s2%3D4bc2aktx9whacc%26s3%3D2292544907497707%26s4%3DKR_ACC316%282_1%29_CONV2_23%2B_50%24_1_%25D0%25BA%25D0%25BE%25D1%2580%25D0%25BE%25D0%25B1%25D0%25BA%25D0%25B8_1

Response headers

Date
Sun, 09 Jun 2019 15:45:39 GMT
Content-Type
text/html;charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding Accept-Encoding
Cache-Control
no-store, no-cache, must-revalidate, no-transform, max-age=0, post-check=0, pre-check=0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
Set-Cookie
DLECYFGXT1JDy68n0qBW6ZoYvKG3hmFYctfVt%2BnVzM8%3D=6fb54829773333dcd938f02a53b97993_1560095139.3589; domain=polimerk.com; path=/; expires=Wed, 06-Jun-2029 15:45:39 UTC IvzH1Nc%2FMn3AhesCvjdkv07oSeab5zLGT8BmAUNdjkM%3D=1560095139.362; domain=polimerk.com; path=/; expires=Wed, 06-Jun-2029 15:45:39 UTC B04gqyr4yLmq9nWbIHz4kqhPepdZrW4W7JFAxrLIu80%3D=WHlvZ1RKeTY5eW1UQkpKSmh1Sjl3ZWJxV2ZWTktLVU1FSVRIMmt2WlZGQ0tuOE1FZHMrQzN3VjdnQkc4dVFsQQ%3D%3D; domain=polimerk.com; path=/; expires=Wed, 06-Jun-2029 15:45:39 UTC 6fb54829773333dcd938f02a53b97993_1560095139.3589_ck=MzhEZ044WllxeTNrQ0VUajhpc0lud0MvL05RZENtQS9NQVRuK3dhdkJNUmtYdCtEZ29peTNLU3duaUJtYjVVcTI2K2VjczU5Z1QvQzNjMC9lckR5WDFpbXN0MHlxdHhNd2JSUzhiV3ZhZkltdmZtN0pGZ0RXczEyMWZITXpjYkxJTnRtNFNzbWxOTTJhYlk4T055VWhtQWRMbEx3YlNIaTNtNXhrTVFnOFgra0dlV0UwNXUwOVpsL0xMZlNFdUJGZWRFSDVRcWViamgyMGxwdklUMk8veXRXUGplcy9uUDR0ODNGQU5aQTN4c1VvR3JrVjhqVUxwVU5iRzBvZlZMVkpTM0wxUVFOTkppd09JM20yUFRSUkxuQVg5SmtkMmRIR2JSbURON1h3T0k4NjFsUk5FYnUyMXZIR2pGR01xa0VwNjVSWHJhSXA0NGJHNVRhZjZEQ29wRDhOSFFOS2srOVNWeTBwZWpVbWNEMGpaWHFSZWlydXg0eU9HWEU1bTZNbmo2Z2RrR2pjNEdNcUIyTHU3NzRFTEJvTGxJLzl4OUh0VHljNWJBVUpWd3M4ZEpVVVBFMlUxaWFvTlI5QTJrd0x6UzVuWjJacnduM1pWa3I1Mnc1aWl5VUZkSW1iQUl2b3ZwVy92SmYzS05sK0VIVzF0djZRSU0rdXJqRUNJeTNWVzk2dyt5NEd3d3hPcGdYbE9xNEJpSGMzSVBHeFlXVndJdkM5bVFOUXlLY2J3cHhpTTJGYzRTQnJPaENQa1l6eEhZVGxCb1hDcHI3SmpSNDJ4UUR0ZFFMVlI4UFRrWTlVQ0YyOWZVSUcyTk9rb0xPSXlDWXBobGVVeVR2V2ZpN013Snh0U2djR1lWdmJFd1crR1FOTWVhaHlGYS9hYllCbmE5TXczVTFVZEhrU0t2dUxyNFNWdm9pUXF4eS9rbndGaEpLbERwcTBkd1VkN2d6dE0vOGpxS21WRkNKNnBsUVdZWmtsZm1nQjVQeDV3dVMxcWJ2Z0lISWJETXJzQ2tr; domain=polimerk.com; path=/; expires=Wed, 06-Jun-2029 15:45:39 UTC yNqbr7cghl6g4kLHWT2eFPplv9Z%2Bwz6%2BtyUAzvwJBiE%3D=UWordExtOTJNdzR1MWlKejkwZlhuSTVGajRRaHYxYVpneXVoblBQamptdmJHQzNnQm1wQzI4eFlCMTZGWmhqNldWQmhSUWVqcEJSRW5hSTZhdUFHWTZZQkxYeFQzRWRGYTV1dStPdjVUN3c9; domain=polimerk.com; path=/; expires=Sun, 09-Jun-2019 16:50:39 UTC SERVERID=sfc21; path=/
X-Zen-Fury
f434b8dc161b27c24c5edd6aca8a03c9cff75752
Server
ZENEDGE
X-Cache-Status
NOTCACHED
Content-Encoding
gzip

Redirect headers

Date
Sun, 09 Jun 2019 15:45:39 GMT
Content-Type
text/html;charset=ISO-8859-1
Transfer-Encoding
chunked
Connection
keep-alive
Server
nginx
Set-Cookie
gdm_click_adv_freq_v1_1_001=fh7lWQYPOD5HnY5N8r1ep7+3XF5/pGMLnZaQp83uASYmpt+SXpho3uvA/oB3yskt; Expires=Sat, 07-Sep-2019 15:45:39 GMT gdm_sid_v1_3_001=o3XzBWEQgIip+ynW1N9vVdMpQCBe2PRwCi88ZAC2io0INEUReMaGVXobc4jDRD1sNKqBgErLeLqQLIPQbMD8cIsEHpiGAN1E1MI23hVcT34xIeGcUHLeIdYVEufNzunqNVFVDF+nO/Zyy4zyET70QBLO6Tu/zxofVU09RSSgkN3VW6BSF45pZiG72KXr9++iY/YUeUaOE06wrlvfXRkiVVtK9DctZNxyvyl6TOpGS0fFm3m0cJYKMFJx+hFsAuAGR/7cXth+9b0NegLMfau5c/frrMAp/kJxQ04vy+ECWt/3rGiNO3yW+zZwdgZBqKXGICkT/x8nI2YT8tNNP/cFWPTIgEU/yQxU0U9yq2S2MLKL17sx6tLoZuJP2KtqI2NYMyj01Oz9K5HBf25n34PwvHIOSde9ozbbqyHShWjwrQy1FIo07C6qKm2aTLEOH72ZaGhuGKtorUY3MFeWmnykcREi7XSvjHAjicgcI5vcbGfp28msjGBvBpdA/lX+/lcu7o1ddMjRfrW7DhFg2gKbt2yi1vY3qFOu/w8937iX7A+A6ynAlOkFdBs1iPKSVfRZv+MK87s5zFrL5R1ylR7zWY2fFKkhy5EqWeJ/+onQEWyijqXgEYObqWDFxbcw2U3Aucxtvt5ESVcnp5vkNqip/gm5hxjLJvtfFloRzcGVP2iAqaUErizsTBY2FVWqz6Ho0OcvsWzmSILT8xTJpS7NbcBPjWAi5EKqGHRtAaHt9enhjbyW8tyXTGl5sdIQX2cGIrLh1yrY9XMGnBI7bTdnMejla68lEFElPzJ142/eF15UZxIQW5KeyNrgZBVCmVHKpAKbOw4ZVFlq+atu0iymb8dY21WJCPBBZx85Ol+kfKgFsKjrZBhBzzAJLwBY/z4FvNnn4od9tzqo2b01hg7CDd/mbPTpcLQPtPhe/6WH+/WX8CmeNujP1xWcQRvQysUSbIRx6Ly3rua1OZzT+q2SsCd2B3Sr+JP18/y28ISoxChvoCDIVvUdQktf5cFJX6P6OULOcj8F/FEmGOqpK+uBt+hvkyTVfSt+0J0tAuoV8JxRskvnjmavns6sdwVEAgZh8iEIWQiWPn8CQylo+F+EVFuzh7xMbfa8vzp1UqRDQPjcZJAvp0Hq+CMipmr4ntD9/RYFNiJ4CTtgdGKaLbi4iBJJsiAEmSuz2/+3qrjUe2mJ7HaWr8rpKvQueirFF3BWMterB5D39GsdRnuVoPF6+EF4dv8sMObC9k1lRd/GXJRtJgU6Yl8hOyTYi7JbKgSctOQ7i5TiCjrmY19srZSbNcCUYRTo5ndEc4/OhoIv93ksk+gyqp91qR1vMWg3fFxZ5s8wQNBdwOK0fXCUVZRMWNjLC8+MK0KAADQWAPKFMBo18l/rsoQ0ts1PlL6f2gMF3RRnqfRrVsgtFsG0ddhvTJVAPj+jQdKdoM//bkzHaAl0Fc9FBSGCFIpE3YTdUmvVfp8AVv5qfw2zVplkErl7f9z/jhT46ezYxTxYUOkhKlUKQ1MKRz9Nuqa48WeFrxgV1OsnkpRxASOoOIEWRiaPw0DPSfo98G/6nHRVAvJlRfw59Qi2vOqDpK2mva4Xe/bCqfBG+tjh2UCqZ9OsfsTU58Fof4tKrxGRhDFGmSmuiOdGSo2EF2n7G57+zGTox/s64PCW4+Upc8mXvWSYCnbvgw==; Expires=Sat, 07-Sep-2019 15:45:39 GMT gdm_suid_v1_1_001=aShTYdIugTxvAUNnQ9szTlSzk8nCnFo0JDUmE5k0NL8ySwwU2yWfxT9rB5Jz28MM; Expires=Sat, 07-Sep-2019 15:45:39 GMT gdm_click_freq_v1_1_001=pGcyBACDCiM3UMt1otEmDTPacovFLanPHT4oPWh8cjh/uhKz6ciK/7Ky677GVKn2; Expires=Sat, 07-Sep-2019 15:45:39 GMT gdm_uid_v1_1_001=aShTYdIugTxvAUNnQ9szTlSzk8nCnFo0JDUmE5k0NL8ySwwU2yWfxT9rB5Jz28MM; Expires=Sat, 07-Sep-2019 15:45:39 GMT
Location
http://polimerk.com/15w53/sV8D/v1sT/5xdF9znIvAf9LzXSJfWSnetzOKPsa0HjqgtZ2ZFNPIxNpUNBgpKy?tVY=MM_MS_WW_New&af=82979&rrr=0e26e451e9f047fcab2829380268613b995f
Content-Language
en-US
auction
botudeso.com/
0
0

auction
botudeso.com/
3 KB
1 KB
Document
General
Full URL
https://botudeso.com/auction?info=imoSvZ5PR%252Fw0i9YbG5K28DCAYz2UzxKJ%252FEFx9GREqveaY5QhhvL3uojiMht379pVIRs8yTusMdyY%252FEfsuyLverWdEoVbeqgnMS52fxher40%253D&sid=Ow0UQnUnJ9Bbjvt21pAW8xTks7Ax8uUQJj7NkxFl12o8FvoTUMYCAIaDvuBJqmMo&id=2
Requested by
Host: polimerk.com
URL: http://polimerk.com/15w53/sV8D/v1sT/5xdF9znIvAf9LzXSJfWSnetzOKPsa0HjqgtZ2ZFNPIxNpUNBgpKy?tVY=MM_MS_WW_New&af=82979&rrr=0e26e451e9f047fcab2829380268613b995f
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.25.185.102 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
3db74843e87eca0635e355967cecbe5d32c930207698710eb7afc88f089f69f1

Request headers

:method
GET
:authority
botudeso.com
:scheme
https
:path
/auction?info=imoSvZ5PR%252Fw0i9YbG5K28DCAYz2UzxKJ%252FEFx9GREqveaY5QhhvL3uojiMht379pVIRs8yTusMdyY%252FEfsuyLverWdEoVbeqgnMS52fxher40%253D&sid=Ow0UQnUnJ9Bbjvt21pAW8xTks7Ax8uUQJj7NkxFl12o8FvoTUMYCAIaDvuBJqmMo&id=2
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer
http://polimerk.com/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://polimerk.com/

Response headers

status
200
date
Sun, 09 Jun 2019 15:45:40 GMT
content-type
text/html;charset=ISO-8859-1
set-cookie
__cfduid=dac196188e2a551effea659ef1df6f2931560095139; expires=Mon, 08-Jun-20 15:45:39 GMT; path=/; domain=.botudeso.com; HttpOnly
cache-control
no-store, no-cache
vary
Accept-Encoding
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
4e443bdfadfc9d36-AMS
content-encoding
br
Cookie set /
core.royalads.net/click/
803 B
741 B
Document
General
Full URL
https://core.royalads.net/click/?pub=c8e1e96b-6832-4c6a-b06b-83f93492d89f
Requested by
Host: botudeso.com
URL: https://botudeso.com/auction?info=imoSvZ5PR%252Fw0i9YbG5K28DCAYz2UzxKJ%252FEFx9GREqveaY5QhhvL3uojiMht379pVIRs8yTusMdyY%252FEfsuyLverWdEoVbeqgnMS52fxher40%253D&sid=Ow0UQnUnJ9Bbjvt21pAW8xTks7Ax8uUQJj7NkxFl12o8FvoTUMYCAIaDvuBJqmMo&id=2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.80.221.9 , Netherlands, ASN16276 (OVH, FR),
Reverse DNS
core.royalads.net
Software
nginx /
Resource Hash
988782dc67b87df55a6ce198309d69366354a9f6b85599db70f342e29dac2237

Request headers

Host
core.royalads.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer
https://botudeso.com/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://botudeso.com/

Response headers

Server
nginx
Date
Sun, 09 Jun 2019 15:45:40 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
Cache-Control
no-cache
Set-Cookie
cflag=014;Domain=core.royalads.net;Path=/
Content-Encoding
gzip
465699
ps.popcash.net/go/79141/
Redirect Chain
  • http://core.royalads.net/go/?pub=c8e1e96b-6832-4c6a-b06b-83f93492d89f&ref=https%3A%2F%2Fbotudeso.com%2F&scrw=1600&scrh=1200&nlc=b041TnYR5nz7FSPs&ven=&ver=&iif=0
  • http://popcash.net/world/go/79141/465699
  • http://ps.popcash.net/go/79141/465699
473 B
523 B
Document
General
Full URL
http://ps.popcash.net/go/79141/465699
Requested by
Host: core.royalads.net
URL: https://core.royalads.net/click/?pub=c8e1e96b-6832-4c6a-b06b-83f93492d89f
Protocol
HTTP/1.1
Server
52.72.229.161 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-72-229-161.compute-1.amazonaws.com
Software
nginx /
Resource Hash

Request headers

Host
ps.popcash.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer
https://core.royalads.net/
Accept-Encoding
gzip, deflate
Cookie
__cfduid=d37cca6919d736e6223249a61834af93b1560095140
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://core.royalads.net/

Response headers

Date
Sun, 09 Jun 2019 15:45:40 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
Server
nginx
Vary
Accept-Encoding
Content-Encoding
gzip

Redirect headers

Date
Sun, 09 Jun 2019 15:45:40 GMT
Content-Type
text/html
Content-Length
162
Connection
keep-alive
Set-Cookie
__cfduid=d37cca6919d736e6223249a61834af93b1560095140; expires=Mon, 08-Jun-20 15:45:40 GMT; path=/; domain=.popcash.net; HttpOnly
Location
http://ps.popcash.net/go/79141/465699
Server
cloudflare
CF-RAY
4e443be2991fd6b9-FRA
Cookie set splash.php
syndication.exdynsrv.com/
Redirect Chain
  • http://ps.popcash.net/ad/ad?p=79141&w=465699&t=0296886a9a20bfcd&r=aHR0cHMlM0ElMkYlMkZjb3JlLnJveWFsYWRzLm5ldCUyRg==&vw=1600&vh=1200
  • https://syndication.exdynsrv.com/splash.php?idzone=3207855&sub=465699&type=8
1 KB
941 B
Document
General
Full URL
https://syndication.exdynsrv.com/splash.php?idzone=3207855&sub=465699&type=8
Requested by
Host: ps.popcash.net
URL: http://ps.popcash.net/go/79141/465699
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
95.211.229.245 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash
22f5797589008fb8c984e3a422eb21bcd29999b741ab31248a85e600fa4df0f2

Request headers

Host
syndication.exdynsrv.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer
http://ps.popcash.net/go/79141/465699
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://ps.popcash.net/go/79141/465699

Response headers

Server
nginx
Date
Sun, 09 Jun 2019 15:45:40 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
__uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%225cfd29a4b166f7.993072201976636738%22%3B%7D; expires=Tue, 08-Jun-2021 15:45:40 GMT; Max-Age=63072000; domain=exdynsrv.com
Content-Encoding
gzip

Redirect headers

Date
Sun, 09 Jun 2019 15:45:40 GMT
Content-Type
text/html; charset=utf-8
Content-Length
111
Connection
keep-alive
Server
nginx
Location
https://syndication.exdynsrv.com/splash.php?idzone=3207855&sub=465699&type=8
Primary Request /
www.critch-comedy.de/cxp/200-euro-gratis/
Redirect Chain
  • https://syndication.exdynsrv.com/splash.php?idzone=3207855&sub=465699&type=8&p=http%3A%2F%2Fps.popcash.net%2Fgo%2F79141%2F465699&tested=1&check=de3d24614cdf5d27266380cb34fc1a9f&screen_resolution=16...
  • http://www1.lustich.de/link
  • http://www1.lustich.de/link/
  • http://www.critch-comedy.de/cxp/200-euro-gratis/
1 KB
1 KB
Document
General
Full URL
http://www.critch-comedy.de/cxp/200-euro-gratis/
Requested by
Host: syndication.exdynsrv.com
URL: https://syndication.exdynsrv.com/splash.php?idzone=3207855&sub=465699&type=8
Protocol
HTTP/1.1
Server
78.46.10.196 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
dedi1996.your-server.de
Software
Apache /
Resource Hash
ca61e9f547a3af71d2243d5efd0d3fbe694af2e78ad91bf79cc012776c280d59

Request headers

Host
www.critch-comedy.de
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 09 Jun 2019 15:45:40 GMT
Server
Apache
Access-Control-Allow-Methods
GET, POST, PUT, DELETE
Access-Control-Allow-Headers
Authorization
Upgrade
h2c
Connection
Upgrade, Keep-Alive
Last-Modified
Sat, 06 Apr 2019 17:05:13 GMT
ETag
"55d-585df9b534e09-gzip"
Accept-Ranges
bytes
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
780
Keep-Alive
timeout=15, max=100
Content-Type
text/html

Redirect headers

Date
Sun, 09 Jun 2019 15:45:40 GMT
Server
Apache
Location
http://www.critch-comedy.de/cxp/200-euro-gratis/
Content-Length
0
Keep-Alive
timeout=15, max=99
Connection
Keep-Alive
Content-Type
text/html; charset=utf-8
showads.js
www.critch-comedy.de/cxp/200-euro-gratis/
21 B
400 B
Script
General
Full URL
http://www.critch-comedy.de/cxp/200-euro-gratis/showads.js
Requested by
Host: www.critch-comedy.de
URL: http://www.critch-comedy.de/cxp/200-euro-gratis/
Protocol
HTTP/1.1
Security
, ,
Server
78.46.10.196 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
dedi1996.your-server.de
Software
Apache /
Resource Hash
abd9155ac0fe0e62fdb9e2c1c333357cd33107972a57eff5224b0f3d0d2df316

Request headers

Referer
http://www.critch-comedy.de/cxp/200-euro-gratis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Sun, 09 Jun 2019 15:45:40 GMT
Last-Modified
Wed, 27 Mar 2019 14:12:07 GMT
Server
Apache
ETag
"15-5851405d534cb"
Access-Control-Allow-Methods
GET, POST, PUT, DELETE
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Access-Control-Allow-Headers
Authorization
Content-Length
21
Keep-Alive
timeout=15, max=99
js
www.googletagmanager.com/gtag/
64 KB
25 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-117671757-2
Requested by
Host: www.critch-comedy.de
URL: http://www.critch-comedy.de/cxp/200-euro-gratis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Google Tag Manager (scaffolding) /
Resource Hash
c2e42d95b764d4efbb250f3aa09407b0d969616609f9e3c68b7e7892fffe8ea9
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
http://www.critch-comedy.de/cxp/200-euro-gratis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sun, 09 Jun 2019 15:45:40 GMT
content-encoding
br
last-modified
Fri, 07 Jun 2019 06:09:29 GMT
server
Google Tag Manager (scaffolding)
access-control-allow-origin
http://www.googletagmanager.com
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
status
200
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
content-length
25372
x-xss-protection
0
expires
Sun, 09 Jun 2019 15:45:40 GMT
HXFJWCUIIe
t.co/ Frame 20CF
Redirect Chain
  • http://t.co/HXFJWCUIIe
  • https://t.co/HXFJWCUIIe
0
0
Document
General
Full URL
https://t.co/HXFJWCUIIe
Requested by
Host: www.critch-comedy.de
URL: http://www.critch-comedy.de/cxp/200-euro-gratis/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.42.197 , United States, ASN13414 (TWITTER - Twitter Inc., US),
Reverse DNS
Software
tsa_f /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Xss-Protection 1; mode=block; report=https://twitter.com/i/xss_report

Request headers

:method
GET
:authority
t.co
:scheme
https
:path
/HXFJWCUIIe
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer
http://www.critch-comedy.de/cxp/200-euro-gratis/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://www.critch-comedy.de/cxp/200-euro-gratis/

Response headers

status
200
cache-control
private,max-age=300
content-encoding
gzip
content-length
215
content-type
text/html; charset=utf-8
date
Sun, 09 Jun 2019 15:45:41 GMT
expires
Sun, 09 Jun 2019 15:50:41 GMT
server
tsa_f
set-cookie
muc=4d103040-4d8d-448b-bad1-2de3529d0372; Max-Age=63072000; Expires=Tue, 8 Jun 2021 15:45:41 GMT; Domain=t.co
strict-transport-security
max-age=0
vary
Origin
x-connection-hash
1e38cff7e39cb90672eec3e1d5a7bba8
x-response-time
123
x-xss-protection
1; mode=block; report=https://twitter.com/i/xss_report

Redirect headers

content-length
0
date
Sun, 09 Jun 2019 15:45:41 GMT
location
https://t.co/HXFJWCUIIe
server
tsa_f
x-connection-hash
ca3e362d4b3e2135e7a147eb70d0edc0
x-response-time
113
x9tizX9PKq
t.co/ Frame 8EC9
Redirect Chain
  • http://t.co/x9tizX9PKq
  • https://t.co/x9tizX9PKq
0
0
Document
General
Full URL
https://t.co/x9tizX9PKq
Requested by
Host: www.critch-comedy.de
URL: http://www.critch-comedy.de/cxp/200-euro-gratis/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.42.197 , United States, ASN13414 (TWITTER - Twitter Inc., US),
Reverse DNS
Software
tsa_f /
Resource Hash
Security Headers
Name Value
Content-Security-Policy referrer always;
Strict-Transport-Security max-age=0
X-Xss-Protection 1; mode=block; report=https://twitter.com/i/xss_report

Request headers

:method
GET
:authority
t.co
:scheme
https
:path
/x9tizX9PKq
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer
http://www.critch-comedy.de/cxp/200-euro-gratis/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://www.critch-comedy.de/cxp/200-euro-gratis/

Response headers

status
200
cache-control
private,max-age=300
content-encoding
gzip
content-length
186
content-security-policy
referrer always;
content-type
text/html; charset=utf-8
date
Sun, 09 Jun 2019 15:45:41 GMT
expires
Sun, 09 Jun 2019 15:50:41 GMT
referrer-policy
unsafe-url
server
tsa_f
set-cookie
muc=452efad7-7b27-44df-a8cc-5127acc71a47; Max-Age=63072000; Expires=Tue, 8 Jun 2021 15:45:41 GMT; Domain=t.co
strict-transport-security
max-age=0
vary
Origin
x-connection-hash
1e38cff7e39cb90672eec3e1d5a7bba8
x-response-time
109
x-xss-protection
1; mode=block; report=https://twitter.com/i/xss_report

Redirect headers

content-length
0
date
Sun, 09 Jun 2019 15:45:41 GMT
location
https://t.co/x9tizX9PKq
server
tsa_f
x-connection-hash
c640d9c3dbe8c58bf1acd69bd8dffab3
x-response-time
107
/
dirtyads.de/ip-ad/ Frame 88A0
Redirect Chain
  • http://tinyurl.com/y5psyqtv
  • http://dirtyads.de/ip-ad/
0
0
Document
General
Full URL
http://dirtyads.de/ip-ad/
Requested by
Host: www.critch-comedy.de
URL: http://www.critch-comedy.de/cxp/200-euro-gratis/
Protocol
HTTP/1.1
Server
78.46.10.196 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
dedi1996.your-server.de
Software
Apache /
Resource Hash

Request headers

Host
dirtyads.de
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer
http://www.critch-comedy.de/cxp/200-euro-gratis/
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://www.critch-comedy.de/cxp/200-euro-gratis/

Response headers

Date
Sun, 09 Jun 2019 15:45:41 GMT
Server
Apache
Upgrade
h2c
Connection
Upgrade, Keep-Alive
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
204
Keep-Alive
timeout=15, max=100
Content-Type
text/html; charset=utf-8

Redirect headers

Date
Sun, 09 Jun 2019 15:45:41 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
__cfduid=dadf0bf8d63d099eb3df82668b726f7f31560095140; expires=Mon, 08-Jun-20 15:45:40 GMT; path=/; domain=.tinyurl.com; HttpOnly tinyUUID=cfd29a93d5ba000000000000; expires=Mon, 08-Jun-2020 15:45:40 GMT; Max-Age=31536000; path=/; domain=.tinyurl.com
Location
http://dirtyads.de/ip-ad/
X-tiny
cache 0.0097968578338623
Server
cloudflare
CF-RAY
4e443be6ee899ace-FRA
analytics.js
www.google-analytics.com/
43 KB
17 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-117671757-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8f88cb7a1cd4134f5d616b9fca90b9069fa16c162b7ae66ba1b500c490b41dd2
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
http://www.critch-comedy.de/cxp/200-euro-gratis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 21 May 2019 23:53:44 GMT
server
Golfe2
age
785
date
Sun, 09 Jun 2019 15:32:35 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
17595
expires
Sun, 09 Jun 2019 17:32:35 GMT
collect
www.google-analytics.com/r/
35 B
102 B
Image
General
Full URL
https://www.google-analytics.com/r/collect?v=1&_v=j76&aip=1&a=1042059853&t=pageview&_s=1&dl=http%3A%2F%2Fwww.critch-comedy.de%2Fcxp%2F200-euro-gratis%2F&ul=en-us&de=UTF-8&dt=200%20Euro%20gratis%20-%20Critch%20Bonus&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUAB~&jid=1440234389&gjid=173672899&cid=831559853.1560095141&tid=UA-117671757-2&_gid=689279033.1560095141&_r=1&gtm=2ou5t2&z=1055633510
Requested by
Host: www.critch-comedy.de
URL: http://www.critch-comedy.de/cxp/200-euro-gratis/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://www.critch-comedy.de/cxp/200-euro-gratis/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 09 Jun 2019 15:45:40 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
access-control-allow-origin
*
content-type
image/gif
status
200
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="46,44,43,39"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
botudeso.com
URL
https://botudeso.com/auction?info=imoSvZ5PR%252Fw0i9YbG5K28DCAYz2UzxKJ%252FEFx9GREqveaY5QhhvL3uojiMht379pVIRs8yTusMdyY%252FEfsuyLverWdEoVbeqgnMS52fxher40%253D&sid=Ow0UQnUnJ9Bbjvt21pAW8xTks7Ax8uUQJj7NkxFl12o8FvoTUMYCAIaDvuBJqmMo&id=2&

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask boolean| canRunAds function| gtag object| dataLayer undefined| leave object| google_tag_manager string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData

13 Cookies

Domain/Path Name / Value
.777.com/ Name: _gid
Value: GA1.2.584956219.1560095142
.777.com/ Name: TS018f6ba4
Value: 01681f908e7b5162955ef6a640940845c9636e87de87eb5ef8b57bda3e8b398d1b7d523d785733f02246aa378342497cfed2f4b9f5433670c0d0c72bffbc2f56ce64c3c74d46dd16855bca9dd4313c3d0e6789e83c9b663d5afc3da280997ba4f9537b86d3
.777.com/ Name: _gcl_au
Value: 1.1.413305219.1560095143
de.777.com/ Name: TS01835a0d
Value: 01681f908ec363f96e415c2c38a223780012832c5ce37fdf222c52834e7126922dbd359cddc8b10679520835282ac4ad8a7493c54b
.777.com/ Name: _fbp
Value: fb.1.1560095142345.1572801841
.777.com/ Name: _ga
Value: GA1.2.231311253.1560095142
.de.777.com/ Name: _gat_UA-377967-8
Value: 1
.doubleclick.net/ Name: IDE
Value: AHWqTUm6Vve0XSJyVea9O5RKRjD3fS0x5k-dJFPPtZP8hinCpnF20QIFlbPbN_-A
.777.com/ Name: uid
Value: UA-377967-8__80803936303522
.de.777.com/ Name: _ga
Value: GA1.3.231311253.1560095142
.de.777.com/ Name: _gid
Value: GA1.3.584956219.1560095142
.777.com/ Name: ASP.NET_SessionId
Value: ojbiwngol3wknlvaboyrl1qg
.777.com/ Name: 888Cookie
Value: Srv=EB-10&OSR=485698&RefType=Unknown&Referrer=https://t.co/x9tizX9PKq&orig-lp=http://de.777.com/&last-referrer=https://t.co/x9tizX9PKq&Lang=de