urlscan.io logo urlscan.io
SecurityTrails logo

www.soccerjumbotv1.me Open in urlscan Pro
2606:4700:3036::6815:1416  Public Scan

Go To Rescan Add Verdict Report
URL: http://www.soccerjumbotv1.me/ads1.htm
Submission Tags: falconsandbox
Submission: On January 28 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 13 IPs in 3 countries across 14 domains to perform 17 HTTP transactions. The main IP is 2606:4700:3036::6815:1416, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.soccerjumbotv1.me.
This is the only time www.soccerjumbotv1.me was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2606:4700:303... 13335 (CLOUDFLAR...)
2 35.201.126.110 15169 (GOOGLE)
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 2 18.64.79.61 16509 (AMAZON-02)
1 2 95.211.229.247 60781 (LEASEWEB-...)
1 2 2a01:4f8:d0a:... 24940 (HETZNER-AS)
1 2a00:1450:400... 15169 (GOOGLE)
1 104.244.42.133 13414 (TWITTER)
1 1 46.4.122.114 24940 (HETZNER-AS)
2 2 45.9.188.155 47583 (AS-HOSTINGER)
1 2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2 2a02:cb40:200... 20546 (SOPRADO-ANY)
1 62.104.23.121 5430 (FREENETDE...)
17 13
1    2606:4700:3036::6815:1416 (United States)

ASN13335 (CLOUDFLARENET, US)
www.soccerjumbotv1.me
2    35.201.126.110 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 110.126.201.35.bc.googleusercontent.com
www.adexchangeguru.com
1    2606:4700:3036::ac43:b54c (United States)

ASN13335 (CLOUDFLARENET, US)
www.dailydeports.pw
2    18.64.79.61 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-64-79-61.txl50.r.cloudfront.net
witalfieldt.com
2    95.211.229.247 (Rotterdam, Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
s.optnx.com
2    2a01:4f8:d0a:3238::2 (Germany)

ASN24940 (HETZNER-AS, DE)
deskpush.mobileadvertise.de
1    2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    104.244.42.133 (United States)

ASN13414 (TWITTER, US)
t.co
1    46.4.122.114 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: ip342.srv-sxm-srv-1139071.de
admakler.de
2    45.9.188.155 (Netherlands)

ASN47583 (AS-HOSTINGER, CY)
PTR: cp.clckreceiver.com
clckreceiver.com
2    2606:4700::6813:a960 (United States)

ASN13335 (CLOUDFLARENET, US)
r.srvtrck.com
1    2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    2a02:cb40:200::242 (Germany)

ASN20546 (SOPRADO-ANY, DE)
t.adcell.com
1    62.104.23.121 (Germany)

ASN5430 (FREENETDE freenet Datenkommunikations GmbH, DE)
PTR: www.auto.freenet.de
www.freenet.de
Apex Domain
Subdomains		 Transfer
2 adcell.com
t.adcell.com — Cisco Umbrella Rank: 43637
4 KB
2 srvtrck.com
r.srvtrck.com — Cisco Umbrella Rank: 50036
1 KB
2 clckreceiver.com
clckreceiver.com — Cisco Umbrella Rank: 772916
719 B
2 mobileadvertise.de
deskpush.mobileadvertise.de
973 B
2 optnx.com
s.optnx.com — Cisco Umbrella Rank: 19842
2 KB
2 witalfieldt.com
witalfieldt.com — Cisco Umbrella Rank: 957392
1 KB
2 adexchangeguru.com
www.adexchangeguru.com
3 KB
1 freenet.de
www.freenet.de — Cisco Umbrella Rank: 238509
1 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 42
20 KB
1 admakler.de
admakler.de
542 B
1 t.co
t.co — Cisco Umbrella Rank: 487
615 B
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 78
36 KB
1 dailydeports.pw
www.dailydeports.pw
1 KB
1 soccerjumbotv1.me
www.soccerjumbotv1.me
1 KB
17 14
Domain Requested by
2 t.adcell.com 1 redirects r.srvtrck.com
t.adcell.com
2 r.srvtrck.com 1 redirects t.co
2 clckreceiver.com 2 redirects
2 deskpush.mobileadvertise.de 1 redirects s.optnx.com
2 s.optnx.com 1 redirects www.dailydeports.pw
2 witalfieldt.com 1 redirects www.dailydeports.pw
2 www.adexchangeguru.com www.soccerjumbotv1.me
www.adexchangeguru.com
1 www.freenet.de www.dailydeports.pw
1 www.google-analytics.com www.googletagmanager.com
1 admakler.de 1 redirects
1 t.co deskpush.mobileadvertise.de
1 www.googletagmanager.com deskpush.mobileadvertise.de
1 www.dailydeports.pw www.soccerjumbotv1.me
1 www.soccerjumbotv1.me
17 14

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-06-11 -
2022-06-10		 a year crt.sh
optnx.com
R3		 2022-01-07 -
2022-04-07		 3 months crt.sh
witalfieldt.com
Amazon		 2021-07-09 -
2022-08-07		 a year crt.sh
deskpush.mobileadvertise.de
R3		 2022-01-03 -
2022-04-03		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-12-27 -
2022-03-21		 3 months crt.sh
t.co
DigiCert TLS RSA SHA256 2020 CA1		 2022-01-06 -
2023-01-05		 a year crt.sh
*.srvtrck.com
Go Daddy Secure Certificate Authority - G2		 2021-12-23 -
2023-01-24		 a year crt.sh
adcell.com
Certum Domain Validation CA SHA2		 2021-09-20 -
2022-09-20		 a year crt.sh
*.freenet.de
Sectigo RSA Domain Validation Secure Server CA		 2021-08-30 -
2022-09-25		 a year crt.sh

This page contains 6 frames:

Primary Page: http://www.soccerjumbotv1.me/ads1.htm
Frame ID: 3639AB8DBE72F55DFBE137420448113C
Requests: 2 HTTP requests in this frame

Frame: http://www.adexchangeguru.com/ad/display.php?stamat=m%257CK6YjE29jaQdH8AH0dEdHP3xP.f71%252CZMkKdRAQlkuDbgTABrav5MDi1T9go7e9QTrLUN4N3rX1VJqzDAJU_Jv7Rxle6JsFR75eW-kk7u23CNRHEo7OLubhbEgf8HA3yx6ucdc1W_-iY6hfG6YP8X2NC31SQdYS&cbur=0.015838919195275247&cbtitle=&cbiframe=0&cbWidth=1600&cbHeight=1200&cbdescription=&cbkeywords=&cbref=
Frame ID: DC3724241E65A5B225183B94F30518FF
Requests: 1 HTTP requests in this frame

Frame: https://www.dailydeports.pw/sj.html
Frame ID: CECE14231781E417C2887DAE96E35E63
Requests: 1 HTTP requests in this frame

Frame: https://www.freenet.de/unterhaltung/promis/steffi-graftochter-zeigt-sich-bauchfrei-im-schnee-fntdt_8693942_4729180.html?utm_source=paid&utm_medium=referral&utm_campaign=newsaggregator
Frame ID: B00D7B9AE6D3873A432148D48B06DFCB
Requests: 5 HTTP requests in this frame

Frame: https://witalfieldt.com/redirect?tid=698678&&ref=[URI_ENCODED_REFERER]
Frame ID: F638E146BD0A27CB785A72313315E434
Requests: 1 HTTP requests in this frame

Frame: https://t.adcell.com/p/click?promoId=135284&slotId=47322&param0=https%3A%2F%2Fraumweltenheiss.de&subId=v0304000121245cf728acf55347c6ac946e7413f09eef&referer=&fp=fe196dbbe96b0224767b7a1075995589
Frame ID: A26A10F3D87FBFCDCBD2689AADBF15B9
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

17
Requests

59 %
HTTPS

50 %
IPv6

14
Domains

14
Subdomains

13
IPs

3
Countries

68 kB
Transfer

167 kB
Size

4
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3
  • https://witalfieldt.com/redirect?tid=698580&&ref=[URI_ENCODED_REFERER] HTTP 302
  • https://s.optnx.com/cimp.php?data=TVRZME16TTROVFkxTm53Mk5UTTBNVGd6WVRnMFpUazFaV0psTkdFMU16bGxNV1F6TW1KaU5XVmlaZy0tfGh0dHBzOi8vZGVza3B1c2gubW9iaWxlYWR2ZXJ0aXNlLmRlL2ZyZWVuZXR8aHR0cHN8MTg1LjIxMy4xNTUuMTY1fERFVXw1MnxhZG1hdmVuLmNvbXw1MjYxOTB8NDMwNjc1fDgyODk2M3wzNjYyODUzfDUxMXw0MDYxNjQwfDQzOTE0MjE4fDQwfDJ8MHwwfDE1Mzk3fDY5ODU4MHw1Ny44ODIxODY2OTk2Mzh8NzV8VVNEfEVVUnwxLjEzMjN8MS4xMzIzfDIyfHwxfERFVXx8MTAwfDR8MXx8MmRkYWM0OWNlNWQwZjExNDlkZWEyZTJkZGEwNDE5M2Z8NDgxMTBlZGJkMjlmYzY5MDdhMzE1MGVlMWRhMjI2MDV8MXwwfGRhaWx5ZGVwb3J0cy5wd3wwfDB8MHwwfDF8MHxleGNoYW5nZV9saW5rfDB8MHwyOTA1MzMwfC0xfDB8MjkyNTUzM3xob3N0aW5nfHZwbnwxfDE0NDB8fDB8MHwwfDk3fDB8MHwxfDB8fDh8MXxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvOTcuMC40NjkyLjcxIFNhZmFyaS81MzcuMzZ8T0t8YjMxMzc2MmFkODU1NzE2MzAzMWEyZWVhYTY4OTliM2U-
Request Chain 5
  • https://s.optnx.com/cimp.php?data=TVRZME16TTROVFkxTm53Mk5UTTBNVGd6WVRnMFpUazFaV0psTkdFMU16bGxNV1F6TW1KaU5XVmlaZy0tfGh0dHBzOi8vZGVza3B1c2gubW9iaWxlYWR2ZXJ0aXNlLmRlL2ZyZWVuZXR8aHR0cHN8MTg1LjIxMy4xNTUuMTY1fERFVXw1MnxhZG1hdmVuLmNvbXw1MjYxOTB8NDMwNjc1fDgyODk2M3wzNjYyODUzfDUxMXw0MDYxNjQwfDQzOTE0MjE4fDQwfDJ8MHwwfDE1Mzk3fDY5ODU4MHw1Ny44ODIxODY2OTk2Mzh8NzV8VVNEfEVVUnwxLjEzMjN8MS4xMzIzfDIyfHwxfERFVXx8MTAwfDR8MXx8MmRkYWM0OWNlNWQwZjExNDlkZWEyZTJkZGEwNDE5M2Z8NDgxMTBlZGJkMjlmYzY5MDdhMzE1MGVlMWRhMjI2MDV8MXwwfGRhaWx5ZGVwb3J0cy5wd3wwfDB8MHwwfDF8MHxleGNoYW5nZV9saW5rfDB8MHwyOTA1MzMwfC0xfDB8MjkyNTUzM3xob3N0aW5nfHZwbnwxfDE0NDB8fDB8MHwwfDk3fDB8MHwxfDB8fDh8MXxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvOTcuMC40NjkyLjcxIFNhZmFyaS81MzcuMzZ8T0t8YjMxMzc2MmFkODU1NzE2MzAzMWEyZWVhYTY4OTliM2U-&p=https%3A%2F%2Fwww.dailydeports.pw%2F&tested=1&check=81212483a0ca2e0fea07a55247de9b4a&screen_resolution=1600x1200&container_resolution=1x8&iframe=1 HTTP 302
  • https://deskpush.mobileadvertise.de/freenet?exffir=eyJjIjoiODEyMTI0ODNhMGNhMmUwZmVhMDdhNTUyNDdkZTliNGEiLCJ0IjoiMSIsInNyIjoiMTYwMHgxMjAwIiwiY3IiOiIxeDgiLCJpIjoiMSJ9 HTTP 301
  • https://deskpush.mobileadvertise.de/freenet/?exffir=eyJjIjoiODEyMTI0ODNhMGNhMmUwZmVhMDdhNTUyNDdkZTliNGEiLCJ0IjoiMSIsInNyIjoiMTYwMHgxMjAwIiwiY3IiOiIxeDgiLCJpIjoiMSJ9
Request Chain 8
  • https://admakler.de/?camp=step HTTP 302
  • https://clckreceiver.com/de/if_cl?t=direct&s=6661&c=0.0005&pub=2222&sub=2222 HTTP 302
  • https://clckreceiver.com/de/co?key=c3ZydHJrOmNsaWNrOmRhdGE6ZGU6MTY0MzM4NTY1NzpWMVpERTAwNzE2NDMzODU2NTczMjE5UjY1ODA5OQ%253D%253D&fp=d41ed18098c563d896486e025e135c4f HTTP 302
  • https://r.srvtrck.com/v1/redirect?url=https%3A%2F%2Fraumweltenheiss.de&api_key=526ce45b25e1f6dcb86f05e8f2c94e64&site_id=cdfb4b7aab414f289dfa2d45805d36e1&type=url&source=clckreceiver.com&yk_tag=V1ZDE00716433856573219R658099 HTTP 302
  • https://r.srvtrck.com/v2/go?t=ftep0%3A3%2F4.ed4ecl6c7m3p5cci8k7pco4o1d1105483%26vldtbds4e3.2spernmt%3Detmpa%25FA%252F%2523rsutwhl0eahai%26s2d7%26%3DuIIo%3Ds0402030%3D2I2m5rf%3F2calf%2F5%2F4oc.al9c6a7t1%2Ffs9teh&e=1&ai=11efbd6c067c4ba6bbae5302117b4e05&sct=0&ct=1643385657458&cu=5cf728acf55347c6ac946e7413f09eef&ykuid=df2fdc4422b54a83a487e73d7762e713&sc=1&cs=c3348ed4e5bad8bb66962ba083541f93
Request Chain 10
  • https://t.adcell.com/p/click?promoId=135284&slotId=47322&param0=https%3A%2F%2Fraumweltenheiss.de&subId=v0304000121245cf728acf55347c6ac946e7413f09eef HTTP 302
  • https://t.adcell.com/forward?promoId=135284&slotId=47322&param0=https%3A%2F%2Fraumweltenheiss.de&subId=v0304000121245cf728acf55347c6ac946e7413f09eef&referer=

17 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request ads1.htm
www.soccerjumbotv1.me/ 		808 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://www.soccerjumbotv1.me/ads1.htm
Protocol
HTTP/1.1
Server
2606:4700:3036::6815:1416 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
20e7bcc54a94149e59e497c1847b1ca931a218b573cb415f1503d0b30916e167

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Date
Fri, 28 Jan 2022 16:00:55 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
last-modified
Sat, 16 Mar 2019 23:03:00 GMT
CF-Cache-Status
DYNAMIC
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8x1GAVLUL48JE1Hduh1SALTvBNaMMynKeI2PQBoTij2KB6dMoVk6K%2FyWDuGA%2BOluXJq2lEMhKzARQifDYYAO3MbbHn9Z6f85x7cyp8IntEagn5lSnPjPrC5J28aDCuVBaNb4dXxLES92o6lWwyF7omAEWrI%3D"}],"group":"cf-nel","max_age":604800}
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server
cloudflare
CF-RAY
6d4b6fbc4dfb9010-FRA
Content-Encoding
gzip
display.php
www.adexchangeguru.com/a/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://www.adexchangeguru.com/a/display.php?r=1848595
Requested by
Host: www.soccerjumbotv1.me
URL: http://www.soccerjumbotv1.me/ads1.htm
Protocol
HTTP/1.1
Server
35.201.126.110 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
110.126.201.35.bc.googleusercontent.com
Software
openresty /
Resource Hash
cf3a4c5ba4f23f64d3cf744b24d0da35e9b6d5c62042a732ab266d00c9e978b6

Request headers

Referer
http://www.soccerjumbotv1.me/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Access-Control-Allow-Origin
*
Date
Fri, 28 Jan 2022 16:00:56 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
Server
openresty
Via
1.1 google
Content-Type
application/javascript; charset=utf-8
display.php
www.adexchangeguru.com/ad/ Frame DC37 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
http://www.adexchangeguru.com/ad/display.php?stamat=m%257CK6YjE29jaQdH8AH0dEdHP3xP.f71%252CZMkKdRAQlkuDbgTABrav5MDi1T9go7e9QTrLUN4N3rX1VJqzDAJU_Jv7Rxle6JsFR75eW-kk7u23CNRHEo7OLubhbEgf8HA3yx6ucdc1W_-iY6hfG6YP8X2NC31SQdYS&cbur=0.015838919195275247&cbtitle=&cbiframe=0&cbWidth=1600&cbHeight=1200&cbdescription=&cbkeywords=&cbref=
Requested by
Host: www.adexchangeguru.com
URL: http://www.adexchangeguru.com/a/display.php?r=1848595
Protocol
HTTP/1.1
Server
35.201.126.110 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
110.126.201.35.bc.googleusercontent.com
Software
openresty /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
http://www.soccerjumbotv1.me/

Response headers

Server
openresty
Date
Fri, 28 Jan 2022 16:00:56 GMT
Access-Control-Allow-Origin
*
Via
1.1 google
sj.html
www.dailydeports.pw/ Frame CECE 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.dailydeports.pw/sj.html
Requested by
Host: www.soccerjumbotv1.me
URL: http://www.soccerjumbotv1.me/ads1.htm
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:b54c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7897e6c5ef53a79624d29204b978a03bb150f6141518643d09f7ac9c7665a08a

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
http://www.soccerjumbotv1.me/

Response headers

date
Fri, 28 Jan 2022 16:00:56 GMT
content-type
text/html
last-modified
Fri, 22 Oct 2021 21:04:05 GMT
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5GOOy9X9vfjBvEp5dlAJMK%2BdrlREv6jXpP%2FRvPIezlJaPRd9V4qtGozmZa1DTwSAHlJdAR5bT1f%2BaW2kBt5GiVkbEqc9CdWc1WJaKo7L8VTnYxU1CFUKMBfVCM4W5Kjgy3r%2BxeVff6KtvPgT8dVyBay5"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
6d4b6fbf0ceb9180-FRA
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cimp.php
s.optnx.com/ Frame B00D
Redirect Chain
  • https://witalfieldt.com/redirect?tid=698580&&ref=[URI_ENCODED_REFERER]
  • https://s.optnx.com/cimp.php?data=TVRZME16TTROVFkxTm53Mk5UTTBNVGd6WVRnMFpUazFaV0psTkdFMU16bGxNV1F6TW1KaU5XVmlaZy0tfGh0dHBzOi8vZGVza3B1c2gubW9iaWxlYWR2ZXJ0aXNlLmRlL2ZyZWVuZXR8aHR0cHN8MTg1LjIxMy4xNTU...
3 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.optnx.com/cimp.php?data=TVRZME16TTROVFkxTm53Mk5UTTBNVGd6WVRnMFpUazFaV0psTkdFMU16bGxNV1F6TW1KaU5XVmlaZy0tfGh0dHBzOi8vZGVza3B1c2gubW9iaWxlYWR2ZXJ0aXNlLmRlL2ZyZWVuZXR8aHR0cHN8MTg1LjIxMy4xNTUuMTY1fERFVXw1MnxhZG1hdmVuLmNvbXw1MjYxOTB8NDMwNjc1fDgyODk2M3wzNjYyODUzfDUxMXw0MDYxNjQwfDQzOTE0MjE4fDQwfDJ8MHwwfDE1Mzk3fDY5ODU4MHw1Ny44ODIxODY2OTk2Mzh8NzV8VVNEfEVVUnwxLjEzMjN8MS4xMzIzfDIyfHwxfERFVXx8MTAwfDR8MXx8MmRkYWM0OWNlNWQwZjExNDlkZWEyZTJkZGEwNDE5M2Z8NDgxMTBlZGJkMjlmYzY5MDdhMzE1MGVlMWRhMjI2MDV8MXwwfGRhaWx5ZGVwb3J0cy5wd3wwfDB8MHwwfDF8MHxleGNoYW5nZV9saW5rfDB8MHwyOTA1MzMwfC0xfDB8MjkyNTUzM3xob3N0aW5nfHZwbnwxfDE0NDB8fDB8MHwwfDk3fDB8MHwxfDB8fDh8MXxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvOTcuMC40NjkyLjcxIFNhZmFyaS81MzcuMzZ8T0t8YjMxMzc2MmFkODU1NzE2MzAzMWEyZWVhYTY4OTliM2U-
Requested by
Host: www.dailydeports.pw
URL: https://www.dailydeports.pw/sj.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
95.211.229.247 Rotterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash
c0b625a17dd9b416a75593b7345333261ec54315470ecc3073b8299c9f7ea64e

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailydeports.pw/

Response headers

Server
nginx
Date
Fri, 28 Jan 2022 16:00:56 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Content-Encoding
gzip

Redirect headers

content-type
text/plain
content-length
0
location
https://s.optnx.com/cimp.php?data=TVRZME16TTROVFkxTm53Mk5UTTBNVGd6WVRnMFpUazFaV0psTkdFMU16bGxNV1F6TW1KaU5XVmlaZy0tfGh0dHBzOi8vZGVza3B1c2gubW9iaWxlYWR2ZXJ0aXNlLmRlL2ZyZWVuZXR8aHR0cHN8MTg1LjIxMy4xNTUuMTY1fERFVXw1MnxhZG1hdmVuLmNvbXw1MjYxOTB8NDMwNjc1fDgyODk2M3wzNjYyODUzfDUxMXw0MDYxNjQwfDQzOTE0MjE4fDQwfDJ8MHwwfDE1Mzk3fDY5ODU4MHw1Ny44ODIxODY2OTk2Mzh8NzV8VVNEfEVVUnwxLjEzMjN8MS4xMzIzfDIyfHwxfERFVXx8MTAwfDR8MXx8MmRkYWM0OWNlNWQwZjExNDlkZWEyZTJkZGEwNDE5M2Z8NDgxMTBlZGJkMjlmYzY5MDdhMzE1MGVlMWRhMjI2MDV8MXwwfGRhaWx5ZGVwb3J0cy5wd3wwfDB8MHwwfDF8MHxleGNoYW5nZV9saW5rfDB8MHwyOTA1MzMwfC0xfDB8MjkyNTUzM3xob3N0aW5nfHZwbnwxfDE0NDB8fDB8MHwwfDk3fDB8MHwxfDB8fDh8MXxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvOTcuMC40NjkyLjcxIFNhZmFyaS81MzcuMzZ8T0t8YjMxMzc2MmFkODU1NzE2MzAzMWEyZWVhYTY4OTliM2U-
date
Fri, 28 Jan 2022 16:00:56 GMT
server
openresty/1.17.8.2
cache-control
no-store, no-cache, must-revalidate, no-transform
pragma
no-cache
p3p
CP="NID DSP ALL COR"
accept-ch
DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache
Miss from cloudfront
via
1.1 bfeb5de1b362acd366f42059fc9dbbbc.cloudfront.net (CloudFront)
x-amz-cf-pop
TXL50-P2
x-amz-cf-id
MdR-phfnmUloNtEX6g3rPMHOEGVn9f38cbzxBqnltjsAovMjCMNKmg==
redirect
witalfieldt.com/ Frame F638 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://witalfieldt.com/redirect?tid=698678&&ref=[URI_ENCODED_REFERER]
Requested by
Host: www.dailydeports.pw
URL: https://www.dailydeports.pw/sj.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.64.79.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-64-79-61.txl50.r.cloudfront.net
Software
openresty/1.17.8.2 /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.dailydeports.pw/

Response headers

date
Fri, 28 Jan 2022 16:00:56 GMT
server
openresty/1.17.8.2
cache-control
no-store, no-cache, must-revalidate, no-transform
pragma
no-cache
p3p
CP="NID DSP ALL COR"
accept-ch
DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache
Miss from cloudfront
via
1.1 bfeb5de1b362acd366f42059fc9dbbbc.cloudfront.net (CloudFront)
x-amz-cf-pop
TXL50-P2
x-amz-cf-id
sQz0FYHuF7RnZsRq_ke2ypXEAF75A1xf6JjAmTEbwVOwbwoeKJMZpw==
/
deskpush.mobileadvertise.de/freenet/ Frame B00D
Redirect Chain
  • https://s.optnx.com/cimp.php?data=TVRZME16TTROVFkxTm53Mk5UTTBNVGd6WVRnMFpUazFaV0psTkdFMU16bGxNV1F6TW1KaU5XVmlaZy0tfGh0dHBzOi8vZGVza3B1c2gubW9iaWxlYWR2ZXJ0aXNlLmRlL2ZyZWVuZXR8aHR0cHN8MTg1LjIxMy4xNTU...
  • https://deskpush.mobileadvertise.de/freenet?exffir=eyJjIjoiODEyMTI0ODNhMGNhMmUwZmVhMDdhNTUyNDdkZTliNGEiLCJ0IjoiMSIsInNyIjoiMTYwMHgxMjAwIiwiY3IiOiIxeDgiLCJpIjoiMSJ9
  • https://deskpush.mobileadvertise.de/freenet/?exffir=eyJjIjoiODEyMTI0ODNhMGNhMmUwZmVhMDdhNTUyNDdkZTliNGEiLCJ0IjoiMSIsInNyIjoiMTYwMHgxMjAwIiwiY3IiOiIxeDgiLCJpIjoiMSJ9
1 KB
764 B 		Document
General
Check archive.org
Download Go to
Full URL
https://deskpush.mobileadvertise.de/freenet/?exffir=eyJjIjoiODEyMTI0ODNhMGNhMmUwZmVhMDdhNTUyNDdkZTliNGEiLCJ0IjoiMSIsInNyIjoiMTYwMHgxMjAwIiwiY3IiOiIxeDgiLCJpIjoiMSJ9
Requested by
Host: s.optnx.com
URL: https://s.optnx.com/cimp.php?data=TVRZME16TTROVFkxTm53Mk5UTTBNVGd6WVRnMFpUazFaV0psTkdFMU16bGxNV1F6TW1KaU5XVmlaZy0tfGh0dHBzOi8vZGVza3B1c2gubW9iaWxlYWR2ZXJ0aXNlLmRlL2ZyZWVuZXR8aHR0cHN8MTg1LjIxMy4xNTUuMTY1fERFVXw1MnxhZG1hdmVuLmNvbXw1MjYxOTB8NDMwNjc1fDgyODk2M3wzNjYyODUzfDUxMXw0MDYxNjQwfDQzOTE0MjE4fDQwfDJ8MHwwfDE1Mzk3fDY5ODU4MHw1Ny44ODIxODY2OTk2Mzh8NzV8VVNEfEVVUnwxLjEzMjN8MS4xMzIzfDIyfHwxfERFVXx8MTAwfDR8MXx8MmRkYWM0OWNlNWQwZjExNDlkZWEyZTJkZGEwNDE5M2Z8NDgxMTBlZGJkMjlmYzY5MDdhMzE1MGVlMWRhMjI2MDV8MXwwfGRhaWx5ZGVwb3J0cy5wd3wwfDB8MHwwfDF8MHxleGNoYW5nZV9saW5rfDB8MHwyOTA1MzMwfC0xfDB8MjkyNTUzM3xob3N0aW5nfHZwbnwxfDE0NDB8fDB8MHwwfDk3fDB8MHwxfDB8fDh8MXxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvOTcuMC40NjkyLjcxIFNhZmFyaS81MzcuMzZ8T0t8YjMxMzc2MmFkODU1NzE2MzAzMWEyZWVhYTY4OTliM2U-
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
2a01:4f8:d0a:3238::2 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software
Apache /
Resource Hash
366819b2d3402ceeb9e3b2cc1f53f660582cf4368052d05f6809762a70b5d651

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://s.optnx.com/cimp.php?data=TVRZME16TTROVFkxTm53Mk5UTTBNVGd6WVRnMFpUazFaV0psTkdFMU16bGxNV1F6TW1KaU5XVmlaZy0tfGh0dHBzOi8vZGVza3B1c2gubW9iaWxlYWR2ZXJ0aXNlLmRlL2ZyZWVuZXR8aHR0cHN8MTg1LjIxMy4xNTUuMTY1fERFVXw1MnxhZG1hdmVuLmNvbXw1MjYxOTB8NDMwNjc1fDgyODk2M3wzNjYyODUzfDUxMXw0MDYxNjQwfDQzOTE0MjE4fDQwfDJ8MHwwfDE1Mzk3fDY5ODU4MHw1Ny44ODIxODY2OTk2Mzh8NzV8VVNEfEVVUnwxLjEzMjN8MS4xMzIzfDIyfHwxfERFVXx8MTAwfDR8MXx8MmRkYWM0OWNlNWQwZjExNDlkZWEyZTJkZGEwNDE5M2Z8NDgxMTBlZGJkMjlmYzY5MDdhMzE1MGVlMWRhMjI2MDV8MXwwfGRhaWx5ZGVwb3J0cy5wd3wwfDB8MHwwfDF8MHxleGNoYW5nZV9saW5rfDB8MHwyOTA1MzMwfC0xfDB8MjkyNTUzM3xob3N0aW5nfHZwbnwxfDE0NDB8fDB8MHwwfDk3fDB8MHwxfDB8fDh8MXxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvOTcuMC40NjkyLjcxIFNhZmFyaS81MzcuMzZ8T0t8YjMxMzc2MmFkODU1NzE2MzAzMWEyZWVhYTY4OTliM2U-

Response headers

date
Fri, 28 Jan 2022 16:00:57 GMT
server
Apache
vary
Accept-Encoding
content-encoding
gzip
content-length
700
content-type
text/html; charset=utf-8

Redirect headers

date
Fri, 28 Jan 2022 16:00:57 GMT
server
Apache
location
https://deskpush.mobileadvertise.de/freenet/?exffir=eyJjIjoiODEyMTI0ODNhMGNhMmUwZmVhMDdhNTUyNDdkZTliNGEiLCJ0IjoiMSIsInNyIjoiMTYwMHgxMjAwIiwiY3IiOiIxeDgiLCJpIjoiMSJ9
content-length
450
content-type
text/html; charset=iso-8859-1
js
www.googletagmanager.com/gtag/ Frame B00D 		90 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-141373724-2
Requested by
Host: deskpush.mobileadvertise.de
URL: https://deskpush.mobileadvertise.de/freenet/?exffir=eyJjIjoiODEyMTI0ODNhMGNhMmUwZmVhMDdhNTUyNDdkZTliNGEiLCJ0IjoiMSIsInNyIjoiMTYwMHgxMjAwIiwiY3IiOiIxeDgiLCJpIjoiMSJ9
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
3975cf6b3657106105bbc007b03d99847ba3b8700e6ea570da11101a2cf58bb7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Fri, 28 Jan 2022 16:00:57 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36113
x-xss-protection
0
last-modified
Fri, 28 Jan 2022 15:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 28 Jan 2022 16:00:57 GMT
IRfNBdriS5
t.co/ Frame A26A 		245 B
615 B 		Document
General
Check archive.org
Download Go to
Full URL
https://t.co/IRfNBdriS5
Requested by
Host: deskpush.mobileadvertise.de
URL: https://deskpush.mobileadvertise.de/freenet/?exffir=eyJjIjoiODEyMTI0ODNhMGNhMmUwZmVhMDdhNTUyNDdkZTliNGEiLCJ0IjoiMSIsInNyIjoiMTYwMHgxMjAwIiwiY3IiOiIxeDgiLCJpIjoiMSJ9
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.133 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
afa88ba5246c5d537b7a43f88de58819f739845b99b02d74caaf3485d50122a9
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

date
Fri, 28 Jan 2022 16:00:56 GMT
vary
Origin
server
tsa_o
expires
Fri, 28 Jan 2022 16:05:57 GMT
content-type
text/html; charset=utf-8
cache-control
private,max-age=300
content-length
175
content-encoding
gzip
x-xss-protection
0
strict-transport-security
max-age=0
x-response-time
119
x-connection-hash
dd700191bc2398c4995fe0b4453727bba264d349cdaa7ff4af22afc40c5491e1
go
r.srvtrck.com/v2/ Frame A26A
Redirect Chain
  • https://admakler.de/?camp=step
  • https://clckreceiver.com/de/if_cl?t=direct&s=6661&c=0.0005&pub=2222&sub=2222
  • https://clckreceiver.com/de/co?key=c3ZydHJrOmNsaWNrOmRhdGE6ZGU6MTY0MzM4NTY1NzpWMVpERTAwNzE2NDMzODU2NTczMjE5UjY1ODA5OQ%253D%253D&fp=d41ed18098c563d896486e025e135c4f
  • https://r.srvtrck.com/v1/redirect?url=https%3A%2F%2Fraumweltenheiss.de&api_key=526ce45b25e1f6dcb86f05e8f2c94e64&site_id=cdfb4b7aab414f289dfa2d45805d36e1&type=url&source=clckreceiver.com&yk_tag=V1ZD...
  • https://r.srvtrck.com/v2/go?t=ftep0%3A3%2F4.ed4ecl6c7m3p5cci8k7pco4o1d1105483%26vldtbds4e3.2spernmt%3Detmpa%25FA%252F%2523rsutwhl0eahai%26s2d7%26%3DuIIo%3Ds0402030%3D2I2m5rf%3F2calf%2F5%2F4oc.al9c6...
1 KB
623 B 		Document
General
Check archive.org
Download Go to
Full URL
https://r.srvtrck.com/v2/go?t=ftep0%3A3%2F4.ed4ecl6c7m3p5cci8k7pco4o1d1105483%26vldtbds4e3.2spernmt%3Detmpa%25FA%252F%2523rsutwhl0eahai%26s2d7%26%3DuIIo%3Ds0402030%3D2I2m5rf%3F2calf%2F5%2F4oc.al9c6a7t1%2Ffs9teh&e=1&ai=11efbd6c067c4ba6bbae5302117b4e05&sct=0&ct=1643385657458&cu=5cf728acf55347c6ac946e7413f09eef&ykuid=df2fdc4422b54a83a487e73d7762e713&sc=1&cs=c3348ed4e5bad8bb66962ba083541f93
Requested by
Host: t.co
URL: https://t.co/IRfNBdriS5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:a960 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
87ac06c0c5662c411d7093cf2ba97516187e6baec3cee5872ef933deeb60a526

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://t.co/IRfNBdriS5

Response headers

date
Fri, 28 Jan 2022 16:00:57 GMT
content-type
text/html;charset=UTF-8
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
6d4b6fc7290e92c9-FRA
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

date
Fri, 28 Jan 2022 16:00:57 GMT
content-length
0
p3p
CP="CAO PSA OUR"
location
/v2/go?t=ftep0%3A3%2F4.ed4ecl6c7m3p5cci8k7pco4o1d1105483%26vldtbds4e3.2spernmt%3Detmpa%25FA%252F%2523rsutwhl0eahai%26s2d7%26%3DuIIo%3Ds0402030%3D2I2m5rf%3F2calf%2F5%2F4oc.al9c6a7t1%2Ffs9teh&e=1&ai=11efbd6c067c4ba6bbae5302117b4e05&sct=0&ct=1643385657458&cu=5cf728acf55347c6ac946e7413f09eef&ykuid=df2fdc4422b54a83a487e73d7762e713&sc=1&cs=c3348ed4e5bad8bb66962ba083541f93
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
6d4b6fc6bf7d92c9-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
analytics.js
www.google-analytics.com/ Frame B00D 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-141373724-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
1563
date
Fri, 28 Jan 2022 15:34:54 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Fri, 28 Jan 2022 17:34:54 GMT
forward
t.adcell.com/ Frame A26A
Redirect Chain
  • https://t.adcell.com/p/click?promoId=135284&slotId=47322&param0=https%3A%2F%2Fraumweltenheiss.de&subId=v0304000121245cf728acf55347c6ac946e7413f09eef
  • https://t.adcell.com/forward?promoId=135284&slotId=47322&param0=https%3A%2F%2Fraumweltenheiss.de&subId=v0304000121245cf728acf55347c6ac946e7413f09eef&referer=
12 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://t.adcell.com/forward?promoId=135284&slotId=47322&param0=https%3A%2F%2Fraumweltenheiss.de&subId=v0304000121245cf728acf55347c6ac946e7413f09eef&referer=
Requested by
Host: r.srvtrck.com
URL: https://r.srvtrck.com/v2/go?t=ftep0%3A3%2F4.ed4ecl6c7m3p5cci8k7pco4o1d1105483%26vldtbds4e3.2spernmt%3Detmpa%25FA%252F%2523rsutwhl0eahai%26s2d7%26%3DuIIo%3Ds0402030%3D2I2m5rf%3F2calf%2F5%2F4oc.al9c6a7t1%2Ffs9teh&e=1&ai=11efbd6c067c4ba6bbae5302117b4e05&sct=0&ct=1643385657458&cu=5cf728acf55347c6ac946e7413f09eef&ykuid=df2fdc4422b54a83a487e73d7762e713&sc=1&cs=c3348ed4e5bad8bb66962ba083541f93
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a02:cb40:200::242 , Germany, ASN20546 (SOPRADO-ANY, DE),
Reverse DNS
Software
myracloud /
Resource Hash
2073fe295b655d6474f4fa9f10928905142fe6d4b7e241370734117a79f78e90
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://r.srvtrck.com/v2/go?t=ftep0%3A3%2F4.ed4ecl6c7m3p5cci8k7pco4o1d1105483%26vldtbds4e3.2spernmt%3Detmpa%25FA%252F%2523rsutwhl0eahai%26s2d7%26%3DuIIo%3Ds0402030%3D2I2m5rf%3F2calf%2F5%2F4oc.al9c6a7t1%2Ffs9teh&e=1&ai=11efbd6c067c4ba6bbae5302117b4e05&sct=0&ct=1643385657458&cu=5cf728acf55347c6ac946e7413f09eef&ykuid=df2fdc4422b54a83a487e73d7762e713&sc=1&cs=c3348ed4e5bad8bb66962ba083541f93

Response headers

server
myracloud
date
Fri, 28 Jan 2022 16:00:57 GMT
content-type
text/html; charset=utf-8
content-length
3806
vary
accept-encoding
content-encoding
gzip
strict-transport-security
max-age=15768000
expires
Fri, 28 Jan 2022 16:00:57 GMT
cache-control
max-age=0
etag
"myra-fe258eca"

Redirect headers

server
myracloud
date
Fri, 28 Jan 2022 16:00:57 GMT
content-type
text/html
content-length
0
location
https://t.adcell.com/forward?promoId=135284&slotId=47322&param0=https%3A%2F%2Fraumweltenheiss.de&subId=v0304000121245cf728acf55347c6ac946e7413f09eef&referer=
strict-transport-security
max-age=15768000
expires
Fri, 28 Jan 2022 16:00:57 GMT
cache-control
max-age=0
steffi-graftochter-zeigt-sich-bauchfrei-im-schnee-fntdt_8693942_4729180.html
www.freenet.de/unterhaltung/promis/ Frame B00D 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.freenet.de/unterhaltung/promis/steffi-graftochter-zeigt-sich-bauchfrei-im-schnee-fntdt_8693942_4729180.html?utm_source=paid&utm_medium=referral&utm_campaign=newsaggregator
Requested by
Host: www.dailydeports.pw
URL: https://www.dailydeports.pw/sj.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
62.104.23.121 , Germany, ASN5430 (FREENETDE freenet Datenkommunikations GmbH, DE),
Reverse DNS
www.auto.freenet.de
Software
nginx /
Resource Hash
Security Headers
Name Value
Content-Security-Policy font-src 'self' tls.freenet.de https://fonts.gstatic.com code.freent.de; img-src * data:; frame-ancestors *.freenet.de; object-src 'self';
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

server
nginx
date
Fri, 28 Jan 2022 16:00:57 GMT
content-type
text/html;charset=UTF-8
content-length
433914
x-xss-protection
1; mode=block
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
content-security-policy
font-src 'self' tls.freenet.de https://fonts.gstatic.com code.freent.de; img-src * data:; frame-ancestors *.freenet.de; object-src 'self';
vary
Origin
cache-control
max-age=300
grace
none
accept-ranges
bytes
strict-transport-security
max-age=63072000
click
t.adcell.com/p/ Frame A26A 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
t.adcell.com
URL
https://t.adcell.com/p/click?promoId=135284&slotId=47322&param0=https%3A%2F%2Fraumweltenheiss.de&subId=v0304000121245cf728acf55347c6ac946e7413f09eef&referer=&fp=fe196dbbe96b0224767b7a1075995589

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 function| inIframe function| checkDocumentBody function| documentAsyncWriteElementFromHtml function| ReopenUrlBuilder object| browser object| builder string| url string| content string| str

4 Cookies

Domain/Path Name / Value
.optnx.com/ Name: __uvt
Value: a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2261f41338e61247.171582291979434267%22%3B%7D
.optnx.com/ Name: c-tag
Value: %7B%22tag-link%22%3A%22v3%7C%7CDEU%7C3662853%7C43914218%7C0%7C%7C511%7C52%7C2%7C40%7C0%7C0%7C0%7C15397%7C2905330%7C2925533%7C0%7C0%7C5%7C4240%7C0%7C0%7C1%7C0%7C0%7C1%7C61f41338e61247.171582291979434267%7C48110edbd29fc6907a3150ee1da22605%7C698580%7Cdailydeports.pw%7C1600x1200%7C%7C0%7C0%7C0%7C97%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
.t.co/ Name: muc
Value: 9ea97d40-2229-4b1a-b32c-c64e0010e470
.t.co/ Name: muc_ads
Value: 9ea97d40-2229-4b1a-b32c-c64e0010e470

6 Console Messages

Source Level URL
Text
javascript warning URL: http://www.soccerjumbotv1.me/ads1.htm(Line 4)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, http://www.adexchangeguru.com/a/display.php?r=1848595, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: http://www.soccerjumbotv1.me/ads1.htm(Line 4)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, http://www.adexchangeguru.com/a/display.php?r=1848595, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
security error URL: https://www.dailydeports.pw/sj.html(Line 60)
Message:
Mixed Content: The page at 'https://www.dailydeports.pw/sj.html' was loaded over HTTPS, but requested an insecure frame 'http://witalfieldt.com/redirect?tid=698580&&ref=[URI_ENCODED_REFERER]'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://www.dailydeports.pw/sj.html(Line 61)
Message:
Mixed Content: The page at 'https://www.dailydeports.pw/sj.html' was loaded over HTTPS, but requested an insecure frame 'http://witalfieldt.com/redirect?tid=698678&&ref=[URI_ENCODED_REFERER]'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://deskpush.mobileadvertise.de/freenet/?exffir=eyJjIjoiODEyMTI0ODNhMGNhMmUwZmVhMDdhNTUyNDdkZTliNGEiLCJ0IjoiMSIsInNyIjoiMTYwMHgxMjAwIiwiY3IiOiIxeDgiLCJpIjoiMSJ9(Line 32)
Message:
Blocked opening 'https://bit.ly/33FYi1r' in a new window because the request was made in a sandboxed frame whose 'allow-popups' permission is not set.
security error
Message:
Refused to frame 'https://www.freenet.de/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors *.freenet.de".