urlscan.io logo urlscan.io
SecurityTrails logo

suche.guenstiger.de Open in urlscan Pro
2606:4700::6812:18c3  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://paramountplhs.com/
Effective URL: https://suche.guenstiger.de/norob/ClickTracker.jsp?ds=p&tag=21621026522&origin=yieldkit_nextag_traffic&p=362644&clickSource=...
Submission: On March 03 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 2 countries across 6 domains to perform 12 HTTP transactions. The main IP is 2606:4700::6812:18c3, located in United States and belongs to CLOUDFLARENET, US. The main domain is suche.guenstiger.de. The Cisco Umbrella rank of the primary domain is 609249.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on September 14th 2021. Valid for: a year.
This is the only time suche.guenstiger.de was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 45.79.19.196 63949 (LINODE-AP...)
2 54.92.150.221 14618 (AMAZON-AES)
1 52.218.122.56 16509 (AMAZON-02)
1 1 52.4.225.105 14618 (AMAZON-AES)
1 2 2606:4700::68... 13335 (CLOUDFLAR...)
5 2606:4700::68... 13335 (CLOUDFLAR...)
12 6
2    45.79.19.196 (Richardson, United States)

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: li1118-196.members.linode.com
paramountplhs.com
2    54.92.150.221 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-92-150-221.compute-1.amazonaws.com
denise.v4.byetnc.com
1    52.218.122.56 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: s3-eu-west-1.amazonaws.com
s3-eu-west-1.amazonaws.com
1    52.4.225.105 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-4-225-105.compute-1.amazonaws.com
api.apptap.com
2    2606:4700::6813:a960 (United States)

ASN13335 (CLOUDFLARENET, US)
r.srvtrck.com
5    2606:4700::6812:18c3 (United States)

ASN13335 (CLOUDFLARENET, US)
suche.guenstiger.de
Apex Domain
Subdomains		 Transfer
5 guenstiger.de
suche.guenstiger.de — Cisco Umbrella Rank: 609249
245 KB
2 srvtrck.com
r.srvtrck.com — Cisco Umbrella Rank: 42069
1 KB
2 byetnc.com
denise.v4.byetnc.com Failed
4 KB
2 paramountplhs.com
paramountplhs.com
8 KB
1 apptap.com
api.apptap.com — Cisco Umbrella Rank: 214850
729 B
1 amazonaws.com
s3-eu-west-1.amazonaws.com
7 KB
12 6
Domain Requested by
5 suche.guenstiger.de r.srvtrck.com
suche.guenstiger.de
2 r.srvtrck.com 1 redirects denise.v4.byetnc.com
2 denise.v4.byetnc.com paramountplhs.com
denise.v4.byetnc.com
2 paramountplhs.com paramountplhs.com
1 api.apptap.com 1 redirects
1 s3-eu-west-1.amazonaws.com denise.v4.byetnc.com
12 6

This site contains no links.

Subject Issuer Validity Valid
byetnc.com
Amazon		 2022-02-17 -
2023-03-18		 a year crt.sh
*.s3-eu-west-1.amazonaws.com
Amazon		 2021-12-17 -
2022-12-07		 a year crt.sh
*.srvtrck.com
Go Daddy Secure Certificate Authority - G2		 2021-12-23 -
2023-01-24		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-09-14 -
2022-09-13		 a year crt.sh

This page contains 1 frames:

Primary Page: https://suche.guenstiger.de/norob/ClickTracker.jsp?ds=p&tag=21621026522&origin=yieldkit_nextag_traffic&p=362644&clickSource=v030400013090be7c5f9316994da88a6bc963238650ae
Frame ID: AB6595F6FDDD4B589D53D4F17B34E69F
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Guenstiger.de - Der große Preisvergleich im Internet

Page URL History Show full URLs

  1. http://paramountplhs.com/ Page URL
  2. https://denise.v4.byetnc.com/api/user/01ba36e7416be98b17934f7b2abb70688e027313e6.r?tk=eyJhbGciOiJIUzI1NiI... Page URL
  3. https://api.apptap.com/link/buy/android/tile.steinehelden/e1?clinkID=xKX18YO8juhqakGN-fMKU_fzWfJ4Pi... HTTP 302
    https://r.srvtrck.com/v1/redirect?api_key=7f492f7e98f9f621f520ab0fb797464f&yk_tag=NJTVI52WOFVXKURV... HTTP 302
    https://r.srvtrck.com/v2/go?t=et0p6%3A3%2F3u9hb.au8ndt9g6r3df%2Fcoeo0%2F0l1c0T4a3kvrejrpodk%3Di%26... Page URL
  4. https://suche.guenstiger.de/norob/ClickTracker.jsp?ds=p&tag=21621026522&origin=yieldkit_nextag_traffic&p... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • tracker\.js

Page Statistics

12
Requests

75 %
HTTPS

33 %
IPv6

6
Domains

6
Subdomains

6
IPs

2
Countries

264 kB
Transfer

453 kB
Size

8
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://paramountplhs.com/ Page URL
  2. https://denise.v4.byetnc.com/api/user/01ba36e7416be98b17934f7b2abb70688e027313e6.r?tk=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwdWIiOiI1MjQyY2JiYjk3NzUzZTYxODBhOTRiNmMiLCJ0cyI6IjAzMDMxODMwIiwiZCI6InBhcmFtb3VudHBsaHMuY29tIn0.isoPeMsnf5-I5Pn7KKtd8Q-V0zxk_cwUaYa1v-3gqAM Page URL
  3. https://api.apptap.com/link/buy/android/tile.steinehelden/e1?clinkID=xKX18YO8juhqakGN-fMKU_fzWfJ4Pimck4AEjrVAeNWR-enJ3ibnOBkbL6hjO3T42oQkIQPf&pubID=nKyjr9D70bZGbkXQz-Q6Sff8&siteID=gvqpqdE&placementID=6069486feef7cf601d429b5a&trackingID=01ba36e7416be98b17934f7b2abb70688e027313e6.r.1646332252.be5284ee292d2f520923630be2c2f0b2&pub.keyword=entertainment&loc.country=DE&cost.cpc=0.0415 HTTP 302
    https://r.srvtrck.com/v1/redirect?api_key=7f492f7e98f9f621f520ab0fb797464f&yk_tag=NJTVI52WOFVXKURVM5JFUX2CKBDXKSSIGRTTUZRRIVGWY4ZQ_ORUWYZJOON2GK2LOMVUGK3DEMVXB6ODFNN2WSMLHPF5GC5TGGRZUO3DIKZTWKNCBD5AVI2RXON3GQ4ZQHE4GY6LJOVXDQ3DOOB4GOYRSMZ3DA_4e125356957b450889a5d4c5b18156e9&site_id=4e125356957b450889a5d4c5b18156e9&source=&type=url&url=https%3A%2F%2Fsteinehelden.de%2F HTTP 302
    https://r.srvtrck.com/v2/go?t=et0p6%3A3%2F3u9hb.au8ndt9g6r3df%2Fcoeo0%2F0l1c0T4a3kvrejrpodk%3Di%26ca4%3D6162%3D0%266i2f%26rr_ganxynetdkil_ie%3Dtigitoa2f5c2p136224g%26tlpcsS%3Fusc.%3De0c0r0k0i3C9bbr7n5e9.1e9i4sae8g6ecc6s2%2F8s5tah&e=1&ai=b5229627abb04e76aa8649ee851db2b7&sct=0&ct=1646332255363&cu=be7c5f9316994da88a6bc963238650ae&ykuid=87693cebbf304befa6bd6703a86da200&sc=1&cs=6c06c799fa949008b3c23537fab7cc67 Page URL
  4. https://suche.guenstiger.de/norob/ClickTracker.jsp?ds=p&tag=21621026522&origin=yieldkit_nextag_traffic&p=362644&clickSource=v030400013090be7c5f9316994da88a6bc963238650ae Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6
  • https://api.apptap.com/link/buy/android/tile.steinehelden/e1?clinkID=xKX18YO8juhqakGN-fMKU_fzWfJ4Pimck4AEjrVAeNWR-enJ3ibnOBkbL6hjO3T42oQkIQPf&pubID=nKyjr9D70bZGbkXQz-Q6Sff8&siteID=gvqpqdE&placementID=6069486feef7cf601d429b5a&trackingID=01ba36e7416be98b17934f7b2abb70688e027313e6.r.1646332252.be5284ee292d2f520923630be2c2f0b2&pub.keyword=entertainment&loc.country=DE&cost.cpc=0.0415 HTTP 302
  • https://r.srvtrck.com/v1/redirect?api_key=7f492f7e98f9f621f520ab0fb797464f&yk_tag=NJTVI52WOFVXKURVM5JFUX2CKBDXKSSIGRTTUZRRIVGWY4ZQ_ORUWYZJOON2GK2LOMVUGK3DEMVXB6ODFNN2WSMLHPF5GC5TGGRZUO3DIKZTWKNCBD5AVI2RXON3GQ4ZQHE4GY6LJOVXDQ3DOOB4GOYRSMZ3DA_4e125356957b450889a5d4c5b18156e9&site_id=4e125356957b450889a5d4c5b18156e9&source=&type=url&url=https%3A%2F%2Fsteinehelden.de%2F HTTP 302
  • https://r.srvtrck.com/v2/go?t=et0p6%3A3%2F3u9hb.au8ndt9g6r3df%2Fcoeo0%2F0l1c0T4a3kvrejrpodk%3Di%26ca4%3D6162%3D0%266i2f%26rr_ganxynetdkil_ie%3Dtigitoa2f5c2p136224g%26tlpcsS%3Fusc.%3De0c0r0k0i3C9bbr7n5e9.1e9i4sae8g6ecc6s2%2F8s5tah&e=1&ai=b5229627abb04e76aa8649ee851db2b7&sct=0&ct=1646332255363&cu=be7c5f9316994da88a6bc963238650ae&ykuid=87693cebbf304befa6bd6703a86da200&sc=1&cs=6c06c799fa949008b3c23537fab7cc67

12 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
paramountplhs.com/ 		7 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://paramountplhs.com/
Protocol
HTTP/1.1
Server
45.79.19.196 Richardson, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
li1118-196.members.linode.com
Software
openresty/1.13.6.1 /
Resource Hash
3d80e8a27eb7818e55e334a1c317ea1b3328b1d53561c7c05ef82d447d384da5

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Server
openresty/1.13.6.1
Date
Thu, 03 Mar 2022 18:30:51 GMT
Content-Type
text/html; charset=utf-8
Content-Length
7175
Connection
close
Vary
Accept-Language
Content-Language
de
0
paramountplhs.com/mtm/async/.eJxdjMsOwiAQRf-FZcXSxI3a9FvMFKdAwkuYVhLjv0utLnR37rkz98HmZNiZCcYZJJUrVko4YcK0BR0yXTw4rDFCAhdmT9Hq3Mrg1jcpMVItCQsJTc5yiNEaCWSCF2U1u_Jvne1vQ9eeuHGgUMBipg_ecYxfG73ijWjep8ef... 		266 B
566 B 		Fetch
General
Check archive.org
Download Go to
Full URL
http://paramountplhs.com/mtm/async/.eJxdjMsOwiAQRf-FZcXSxI3a9FvMFKdAwkuYVhLjv0utLnR37rkz98HmZNiZCcYZJJUrVko4YcK0BR0yXTw4rDFCAhdmT9Hq3Mrg1jcpMVItCQsJTc5yiNEaCWSCF2U1u_Jvne1vQ9eeuHGgUMBipg_ecYxfG73ijWjep8efgWyUx-sei9TgFfbLMB62RfZ8AflzSNI:1nPqDz:-qjgK3l63caKclqjCebmAGthmsg/1/0
Requested by
Host: paramountplhs.com
URL: http://paramountplhs.com/
Protocol
HTTP/1.1
Server
45.79.19.196 Richardson, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
li1118-196.members.linode.com
Software
openresty/1.13.6.1 /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
http://paramountplhs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Thu, 03 Mar 2022 18:30:52 GMT
Server
openresty/1.13.6.1
Connection
close
Content-Type
text/html; charset=utf-8
Content-Length
266
Vary
Accept-Language
Content-Language
de
01ba36e7416be98b17934f7b2abb70688e027313e6.r
denise.v4.byetnc.com/api/user/ 		0
0
01ba36e7416be98b17934f7b2abb70688e027313e6.r
denise.v4.byetnc.com/api/user/ 		3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://denise.v4.byetnc.com/api/user/01ba36e7416be98b17934f7b2abb70688e027313e6.r?tk=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwdWIiOiI1MjQyY2JiYjk3NzUzZTYxODBhOTRiNmMiLCJ0cyI6IjAzMDMxODMwIiwiZCI6InBhcmFtb3VudHBsaHMuY29tIn0.isoPeMsnf5-I5Pn7KKtd8Q-V0zxk_cwUaYa1v-3gqAM
Requested by
Host: paramountplhs.com
URL: http://paramountplhs.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.92.150.221 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-92-150-221.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
http://paramountplhs.com/

Response headers

date
Thu, 03 Mar 2022 18:30:53 GMT
content-type
text/html; charset=utf-8
content-length
2836
p3p
CP="CUR NOI NID STA STP"
x-robots-tag
noindex, nofollow
accept-ch
UA,UA-Full-Version,UA-Platform,UA-Arch,UA-Model,UA-Mobile,Width,Viewport-Width,Downlink,DPR,Save-Data
ajax-loader.gif
s3-eu-west-1.amazonaws.com/pxgif/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s3-eu-west-1.amazonaws.com/pxgif/ajax-loader.gif
Requested by
Host: denise.v4.byetnc.com
URL: https://denise.v4.byetnc.com/api/user/01ba36e7416be98b17934f7b2abb70688e027313e6.r?tk=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwdWIiOiI1MjQyY2JiYjk3NzUzZTYxODBhOTRiNmMiLCJ0cyI6IjAzMDMxODMwIiwiZCI6InBhcmFtb3VudHBsaHMuY29tIn0.isoPeMsnf5-I5Pn7KKtd8Q-V0zxk_cwUaYa1v-3gqAM
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.218.122.56 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-eu-west-1.amazonaws.com
Software
AmazonS3 /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Thu, 03 Mar 2022 18:30:54 GMT
Last-Modified
Fri, 12 Aug 2016 15:23:54 GMT
Server
AmazonS3
x-amz-request-id
01851YR77T9QC0VE
ETag
"dc5b98ed1c3c7959cdcb76113e7442cd"
Content-Type
image/gif
Accept-Ranges
bytes
Content-Length
6820
x-amz-id-2
6sN7l/+4Vk2eVjyrQ+QgNw4csor1MsMvERLLjOHVZ9oYkH5Qj9vMxfZG5w9gX3dX1D4NmOx8Hpw=
01ba36e7416be98b17934f7b2abb70688e027313e6.r
denise.v4.byetnc.com/api/product/ 		381 B
532 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://denise.v4.byetnc.com/api/product/01ba36e7416be98b17934f7b2abb70688e027313e6.r?confirm=ccc9cb39e8916a4ab5bf2abd3b92a672&size=1920000&noframe=1&tnc_ref=http%3A%2F%2Fparamountplhs.com%2F&reftaken=feed&refEqual=true&jsa=false&hastouch=false
Requested by
Host: denise.v4.byetnc.com
URL: https://denise.v4.byetnc.com/api/user/01ba36e7416be98b17934f7b2abb70688e027313e6.r?tk=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwdWIiOiI1MjQyY2JiYjk3NzUzZTYxODBhOTRiNmMiLCJ0cyI6IjAzMDMxODMwIiwiZCI6InBhcmFtb3VudHBsaHMuY29tIn0.isoPeMsnf5-I5Pn7KKtd8Q-V0zxk_cwUaYa1v-3gqAM
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.92.150.221 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-92-150-221.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 03 Mar 2022 18:30:53 GMT
referrer-policy
no-referrer
p3p
CP="CUR NOI NID STA STP"
x-robots-tag
noindex, nofollow
content-length
381
content-type
text/html; charset=utf-8
go
r.srvtrck.com/v2/
Redirect Chain
  • https://api.apptap.com/link/buy/android/tile.steinehelden/e1?clinkID=xKX18YO8juhqakGN-fMKU_fzWfJ4Pimck4AEjrVAeNWR-enJ3ibnOBkbL6hjO3T42oQkIQPf&pubID=nKyjr9D70bZGbkXQz-Q6Sff8&siteID=gvqpqdE&placement...
  • https://r.srvtrck.com/v1/redirect?api_key=7f492f7e98f9f621f520ab0fb797464f&yk_tag=NJTVI52WOFVXKURVM5JFUX2CKBDXKSSIGRTTUZRRIVGWY4ZQ_ORUWYZJOON2GK2LOMVUGK3DEMVXB6ODFNN2WSMLHPF5GC5TGGRZUO3DIKZTWKNCBD5...
  • https://r.srvtrck.com/v2/go?t=et0p6%3A3%2F3u9hb.au8ndt9g6r3df%2Fcoeo0%2F0l1c0T4a3kvrejrpodk%3Di%26ca4%3D6162%3D0%266i2f%26rr_ganxynetdkil_ie%3Dtigitoa2f5c2p136224g%26tlpcsS%3Fusc.%3De0c0r0k0i3C9bbr...
2 KB
630 B 		Document
General
Check archive.org
Download Go to
Full URL
https://r.srvtrck.com/v2/go?t=et0p6%3A3%2F3u9hb.au8ndt9g6r3df%2Fcoeo0%2F0l1c0T4a3kvrejrpodk%3Di%26ca4%3D6162%3D0%266i2f%26rr_ganxynetdkil_ie%3Dtigitoa2f5c2p136224g%26tlpcsS%3Fusc.%3De0c0r0k0i3C9bbr7n5e9.1e9i4sae8g6ecc6s2%2F8s5tah&e=1&ai=b5229627abb04e76aa8649ee851db2b7&sct=0&ct=1646332255363&cu=be7c5f9316994da88a6bc963238650ae&ykuid=87693cebbf304befa6bd6703a86da200&sc=1&cs=6c06c799fa949008b3c23537fab7cc67
Requested by
Host: denise.v4.byetnc.com
URL: https://denise.v4.byetnc.com/api/user/01ba36e7416be98b17934f7b2abb70688e027313e6.r?tk=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwdWIiOiI1MjQyY2JiYjk3NzUzZTYxODBhOTRiNmMiLCJ0cyI6IjAzMDMxODMwIiwiZCI6InBhcmFtb3VudHBsaHMuY29tIn0.isoPeMsnf5-I5Pn7KKtd8Q-V0zxk_cwUaYa1v-3gqAM
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:a960 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a60ac1d6250558b5644d8d618e7f3c2edccc53a6e86e3d329b15c10d19c3e4ab

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://denise.v4.byetnc.com/api/user/01ba36e7416be98b17934f7b2abb70688e027313e6.r?tk=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwdWIiOiI1MjQyY2JiYjk3NzUzZTYxODBhOTRiNmMiLCJ0cyI6IjAzMDMxODMwIiwiZCI6InBhcmFtb3VudHBsaHMuY29tIn0.isoPeMsnf5-I5Pn7KKtd8Q-V0zxk_cwUaYa1v-3gqAM

Response headers

date
Thu, 03 Mar 2022 18:30:55 GMT
content-type
text/html;charset=UTF-8
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
6e6472344d4b59e3-MXP
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

date
Thu, 03 Mar 2022 18:30:55 GMT
content-length
0
p3p
CP="CAO PSA OUR"
location
/v2/go?t=et0p6%3A3%2F3u9hb.au8ndt9g6r3df%2Fcoeo0%2F0l1c0T4a3kvrejrpodk%3Di%26ca4%3D6162%3D0%266i2f%26rr_ganxynetdkil_ie%3Dtigitoa2f5c2p136224g%26tlpcsS%3Fusc.%3De0c0r0k0i3C9bbr7n5e9.1e9i4sae8g6ecc6s2%2F8s5tah&e=1&ai=b5229627abb04e76aa8649ee851db2b7&sct=0&ct=1646332255363&cu=be7c5f9316994da88a6bc963238650ae&ykuid=87693cebbf304befa6bd6703a86da200&sc=1&cs=6c06c799fa949008b3c23537fab7cc67
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
6e6472310ba459e3-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
Primary Request ClickTracker.jsp
suche.guenstiger.de/norob/ 		171 KB
172 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://suche.guenstiger.de/norob/ClickTracker.jsp?ds=p&tag=21621026522&origin=yieldkit_nextag_traffic&p=362644&clickSource=v030400013090be7c5f9316994da88a6bc963238650ae
Requested by
Host: r.srvtrck.com
URL: https://r.srvtrck.com/v2/go?t=et0p6%3A3%2F3u9hb.au8ndt9g6r3df%2Fcoeo0%2F0l1c0T4a3kvrejrpodk%3Di%26ca4%3D6162%3D0%266i2f%26rr_ganxynetdkil_ie%3Dtigitoa2f5c2p136224g%26tlpcsS%3Fusc.%3De0c0r0k0i3C9bbr7n5e9.1e9i4sae8g6ecc6s2%2F8s5tah&e=1&ai=b5229627abb04e76aa8649ee851db2b7&sct=0&ct=1646332255363&cu=be7c5f9316994da88a6bc963238650ae&ykuid=87693cebbf304befa6bd6703a86da200&sc=1&cs=6c06c799fa949008b3c23537fab7cc67
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:18c3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e6bb585f9fba0427cb516377e4649ac3a692e77e6da6c7fa31942d76e8426848
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://r.srvtrck.com/

Response headers

date
Thu, 03 Mar 2022 18:30:55 GMT
content-type
text/html; charset=UTF-8
x-frame-options
SAMEORIGIN
permissions-policy
accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
cache-control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires
Thu, 01 Jan 1970 00:00:01 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
server
cloudflare
cf-ray
6e6472352f5c0e12-MXP
truncated
/ 		9 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8f4d68883424d8bcf3c15f6ec7c665694b214ff04f1cb6a570da843c517d363c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		111 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
98b4c724b0cc41e5106fc4d32b48bcce768085d277853c7aadbc2acc81ac4b59

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type
image/gif
v1
suche.guenstiger.de/cdn-cgi/challenge-platform/h/g/orchestrate/jsch/ 		43 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://suche.guenstiger.de/cdn-cgi/challenge-platform/h/g/orchestrate/jsch/v1?ray=6e6472352f5c0e12
Requested by
Host: suche.guenstiger.de
URL: https://suche.guenstiger.de/norob/ClickTracker.jsp?ds=p&tag=21621026522&origin=yieldkit_nextag_traffic&p=362644&clickSource=v030400013090be7c5f9316994da88a6bc963238650ae
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:18c3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
82b998e9472c8ba41d48b5c165427dcdf5f06170f853b1817a90920491aa93a1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://suche.guenstiger.de/norob/ClickTracker.jsp?ds=p&tag=21621026522&origin=yieldkit_nextag_traffic&p=362644&clickSource=v030400013090be7c5f9316994da88a6bc963238650ae&__cf_chl_rt_tk=dkbHhHJXIpOOxNz.qgc0TCTKJoetrRMhuCI8mmaNz_M-1646332255-0-gaNycGzNCFE
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 03 Mar 2022 18:30:55 GMT
content-encoding
br
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=0, must-revalidate
cf-ray
6e647235e9060e12-MXP
transparent.gif
suche.guenstiger.de/cdn-cgi/images/trace/jschal/js/ 		42 B
219 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://suche.guenstiger.de/cdn-cgi/images/trace/jschal/js/transparent.gif?ray=6e6472352f5c0e12
Requested by
Host: suche.guenstiger.de
URL: https://suche.guenstiger.de/norob/ClickTracker.jsp?ds=p&tag=21621026522&origin=yieldkit_nextag_traffic&p=362644&clickSource=v030400013090be7c5f9316994da88a6bc963238650ae&__cf_chl_rt_tk=dkbHhHJXIpOOxNz.qgc0TCTKJoetrRMhuCI8mmaNz_M-1646332255-0-gaNycGzNCFE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:18c3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://suche.guenstiger.de/norob/ClickTracker.jsp?ds=p&tag=21621026522&origin=yieldkit_nextag_traffic&p=362644&clickSource=v030400013090be7c5f9316994da88a6bc963238650ae&__cf_chl_rt_tk=dkbHhHJXIpOOxNz.qgc0TCTKJoetrRMhuCI8mmaNz_M-1646332255-0-gaNycGzNCFE
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 03 Mar 2022 18:30:55 GMT
x-content-type-options
nosniff
last-modified
Mon, 28 Feb 2022 17:08:35 GMT
server
cloudflare
etag
"621d0193-2a"
x-frame-options
DENY
content-type
image/gif
cache-control
max-age=7200, public
accept-ranges
bytes
cf-ray
6e647235e9080e12-MXP
vary
Accept-Encoding
content-length
42
expires
Thu, 03 Mar 2022 20:30:55 GMT
a8529d1bd397e75
suche.guenstiger.de/cdn-cgi/challenge-platform/h/g/flow/ov1/0.9653418251487366:1646330984:66d75986fc09a7bb6d815918b8d617e5d18417304d49372e2420392e98aa5c43/6e6472352f5c0e12/ 		101 KB
58 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://suche.guenstiger.de/cdn-cgi/challenge-platform/h/g/flow/ov1/0.9653418251487366:1646330984:66d75986fc09a7bb6d815918b8d617e5d18417304d49372e2420392e98aa5c43/6e6472352f5c0e12/a8529d1bd397e75
Requested by
Host: suche.guenstiger.de
URL: https://suche.guenstiger.de/cdn-cgi/challenge-platform/h/g/orchestrate/jsch/v1?ray=6e6472352f5c0e12
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:18c3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a053ad5ddc05ec5774d2b476123c2eb24785b08edb73c2d94f67d381971f21de

Request headers

Referer
https://suche.guenstiger.de/norob/ClickTracker.jsp?ds=p&tag=21621026522&origin=yieldkit_nextag_traffic&p=362644&clickSource=v030400013090be7c5f9316994da88a6bc963238650ae
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
CF-Challenge
a8529d1bd397e75
Content-type
application/x-www-form-urlencoded

Response headers

date
Thu, 03 Mar 2022 18:30:55 GMT
content-encoding
br
cf_chl_gen
OBfHEZLEMkmNfXLRN8hC8OtcnNI1t3vJARpr81wZv2owJHvVbM9b/tOgyp7iniL8MSXh5n/1IvLuT4tJURX1dgSySxtxtDYENT9W6MFEaKaq7rU7EvvrjtFUnYowIcgJ/zhdY0vwKDFXCqQ8IfwoQWljeRbk4uzhjxQsMozBtZoQxIc+xcFP3svH+i68kqlyuUuOZRtDSxY64lY+NR1XYyiBl0Qlr3lw3LSvedxO85go6mrglRBWxmEp0zNSBJWZst2uCwYcmUmlQFFn06qweZrlzQLi/57T359IitFKELJb9qCW+oWXhbrtkF7vmCwuS67pnbhxjdW5HrRkg+jKqOfBHv8gz3bRsnIPKMB0szo=$AILwrr2oj8NoYKMkRBoX8A==
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/plain;charset=UTF-8
cf-ray
6e6472371b590e12-MXP
a843bffd209d7f4-1646332255870
suche.guenstiger.de/cdn-cgi/challenge-platform/h/g/img/6e6472352f5c0e12/246a3e6a/ 		61 B
147 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://suche.guenstiger.de/cdn-cgi/challenge-platform/h/g/img/6e6472352f5c0e12/246a3e6a/a843bffd209d7f4-1646332255870
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:18c3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://suche.guenstiger.de/norob/ClickTracker.jsp?ds=p&tag=21621026522&origin=yieldkit_nextag_traffic&p=362644&clickSource=v030400013090be7c5f9316994da88a6bc963238650ae
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 03 Mar 2022 18:30:56 GMT
server
cloudflare
cf-ray
6e647238ff640e12-MXP
content-length
61
vary
Accept-Encoding
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
image/png

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
denise.v4.byetnc.com
URL
https://denise.v4.byetnc.com/api/user/01ba36e7416be98b17934f7b2abb70688e027313e6.r?tk=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwdWIiOiI1MjQyY2JiYjk3NzUzZTYxODBhOTRiNmMiLCJ0cyI6IjAzMDMxODMwIiwiZCI6InBhcmFtb3VudHBsaHMuY29tIn0.isoPeMsnf5-I5Pn7KKtd8Q-V0zxk_cwUaYa1v-3gqAM

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored object| _cf_chl_opt function| _cf_chl_enter boolean| _cf_chl_done_ran function| _cf_chl_done function| SHA256 function| sendRequest function| _cf_atob object| _cf_chl_ctx

8 Cookies

Domain/Path Name / Value
paramountplhs.com/ Name: mtm_delivered
Value: ""
denise.v4.byetnc.com/ Name: checkme
Value: ccc9cb39e8916a4ab5bf2abd3b92a672b789
.apptap.com/ Name: apt
Value: 4879a2b0eddd46fab4ad099417fb53a6
.apptap.com/ Name: fv
Value: 1
.srvtrck.com/ Name: ykuid
Value: 87693cebbf304befa6bd6703a86da200
.guenstiger.de/ Name: __cf_bm
Value: Tgds14jEMkAwcXWG9khuk8OtEalbLkgU6_JbNlQJM3g-1646332255-0-AcmH5KfR3ICl94Isbb+aukkhE1fb9Z4EtAl4p+HboQBj3Sh93GMtg6ENJJjvL6IiLZJK3yssHj9sVcjmzvO1UcM=
suche.guenstiger.de/ Name: cf_chl_2
Value: a8529d1bd397e75
suche.guenstiger.de/ Name: cf_chl_prog
Value: e

2 Console Messages

Source Level URL
Text
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'interest-cohort'.
network error URL: https://suche.guenstiger.de/norob/ClickTracker.jsp?ds=p&tag=21621026522&origin=yieldkit_nextag_traffic&p=362644&clickSource=v030400013090be7c5f9316994da88a6bc963238650ae
Message:
Failed to load resource: the server responded with a status of 503 ()