urlscan.io logo urlscan.io
SecurityTrails logo

empirelayer.club Open in urlscan Pro
2600:9000:2490:9600:12:cfc2:6840:93a1  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://queitho.com/client?camp=s3&aff_id=2&aff_sub=28743&source=28743&aff_sub2=&click_id=33_28743_9949_e3ed06f4dbd2...
Effective URL: https://empirelayer.club/tds/interlayer/eb/s/c93b24225690327454fbfc934dd4945e?__t=1722946841883&__l=3600&__c=d54c8589f697...
Submission: On August 06 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 5 domains to perform 11 HTTP transactions. The main IP is 2600:9000:2490:9600:12:cfc2:6840:93a1, located in United States and belongs to AMAZON-02, US. The main domain is empirelayer.club. The Cisco Umbrella rank of the primary domain is 582607.
TLS certificate: Issued by Amazon RSA 2048 M03 on November 2nd 2023. Valid for: a year.
This is the only time empirelayer.club was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
5 172.67.169.237 13335 (CLOUDFLAR...)
1 188.114.96.3 13335 (CLOUDFLAR...)
1 1 2600:9000:211... 16509 (AMAZON-02)
2 2600:9000:249... 16509 (AMAZON-02)
1 2600:9000:211... 16509 (AMAZON-02)
11 5
5    172.67.169.237 (United States)

ASN13335 (CLOUDFLARENET, US)
queitho.com
1    188.114.96.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)
oacenom.com
1    2600:9000:211e:4a00:3:600f:9b40:93a1 (United States)

ASN16509 (AMAZON-02, US)
lookingfordating.com
2    2600:9000:2490:9600:12:cfc2:6840:93a1 (United States)

ASN16509 (AMAZON-02, US)
empirelayer.club
1    2600:9000:211e:0:3:600f:9b40:93a1 (United States)

ASN16509 (AMAZON-02, US)
lookingfordating.com
Apex Domain
Subdomains		 Transfer
5 queitho.com
queitho.com — Cisco Umbrella Rank: 857192
9 KB
2 empirelayer.club
empirelayer.club — Cisco Umbrella Rank: 582607
2 KB
2 lookingfordating.com
lookingfordating.com
2 KB
1 oacenom.com
oacenom.com — Cisco Umbrella Rank: 801779
1 KB
0 bestlovepartner.life Failed
bestlovepartner.life Failed
11 5
Domain Requested by
5 queitho.com queitho.com
2 empirelayer.club queitho.com
lookingfordating.com
2 lookingfordating.com 1 redirects empirelayer.club
1 oacenom.com queitho.com
0 bestlovepartner.life Failed lookingfordating.com
11 5

This site contains no links.

Subject Issuer Validity Valid
queitho.com
WE1		 2024-07-09 -
2024-10-07		 3 months crt.sh
oacenom.com
WE1		 2024-06-28 -
2024-09-26		 3 months crt.sh
empirelayer.club
Amazon RSA 2048 M03		 2023-11-02 -
2024-11-30		 a year crt.sh
lookingfordating.com
Amazon RSA 2048 M02		 2023-11-02 -
2024-11-30		 a year crt.sh

This page contains 1 frames:

Frame: https://bestlovepartner.life/?u=ttgk60a&o=z7crvh9&t=TB_DE_1601&cid=wqd5e12sgh04uk83jg97ekcc
Frame ID: 577FD54FB9D1B070DE3D980A3AC1366F
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

bestlovepartner.life

Page URL History Show full URLs

  1. https://queitho.com/client?camp=s3&aff_id=2&aff_sub=28743&source=28743&aff_sub2=&click_id=33_287... Page URL
  2. https://lookingfordating.com/tds/ae?tdsId=s5428sto_r&tds_campaign=s5428sto&s1=ps&utm_source=int&utm_sub=o... HTTP 302
    https://empirelayer.club/tds/interlayer/eb/s/c93b24225690327454fbfc934dd4945e?__t=1722946841883&__l=3... Page URL

Page Statistics

11
Requests

82 %
HTTPS

60 %
IPv6

5
Domains

5
Subdomains

5
IPs

2
Countries

13 kB
Transfer

19 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://queitho.com/client?camp=s3&aff_id=2&aff_sub=28743&source=28743&aff_sub2=&click_id=33_28743_9949_e3ed06f4dbd2f0658602db383be74f11 Page URL
  2. https://lookingfordating.com/tds/ae?tdsId=s5428sto_r&tds_campaign=s5428sto&s1=ps&utm_source=int&utm_sub=opnfnl&affid=e1f18e7f&subid=px1024&subid2=Mjg3NDNfcHgxMDI0&clickid=78fa8869-03b3-49e5-ada2-a580fb9a1e66 HTTP 302
    https://empirelayer.club/tds/interlayer/eb/s/c93b24225690327454fbfc934dd4945e?__t=1722946841883&__l=3600&__c=d54c8589f69705b7673902797f848dbec7e064bd&__u= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 8
  • https://adthorized.go2affise.com/click?offer_id=4108&pid=1601&sub1=sml_e1f18e7f_px1024&sub3=d54c8589f69705b7673902797f848dbec7e064bd&tds_cid=d54c8589f69705b7673902797f848dbec7e064bd HTTP 302
  • https://bl.adkzmol.com/506f6a04-c7d8-4cd0-9173-ff0239f2dd4a?affid=&source=&pid=1601&sub1=1601_sml_e1f18e7f_px1024&offerid=4108&sub3=d54c8589f69705b7673902797f848dbec7e064bd HTTP 307
  • https://bl.adkzmol.com/506f6a04-c7d8-4cd0-9173-ff0239f2dd4a/2?affid=&source=&pid=1601&sub1=1601_sml_e1f18e7f_px1024&offerid=4108&sub3=d54c8589f69705b7673902797f848dbec7e064bd HTTP 302
  • https://bestlovepartner.life/?u=ttgk60a&o=z7crvh9&t=TB_DE_1601&cid=wqd5e12sgh04uk83jg97ekcc

11 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
client
queitho.com/ 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://queitho.com/client?camp=s3&aff_id=2&aff_sub=28743&source=28743&aff_sub2=&click_id=33_28743_9949_e3ed06f4dbd2f0658602db383be74f11
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.169.237 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
57757256406f549a71d0af6270e41d9bfe42a04e63c06cb0809768f1fb35fb3f
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://oacenom.com https://openfpcdn.io/fingerprintjs/v4; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://oacenom.com https://openfpcdn.io/fingerprintjs/v4
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

accept-ch
Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc
h3=":443"; ma=86400
cache-control
no-store no-store, no-cache
cf-cache-status
DYNAMIC
cf-ray
8aeefb7d7a605c8c-FRA
content-encoding
br
content-security-policy
default-src 'self' https://oacenom.com https://openfpcdn.io/fingerprintjs/v4; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://oacenom.com https://openfpcdn.io/fingerprintjs/v4
content-type
text/html; charset=utf-8
critical-ch
Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-origin
date
Tue, 06 Aug 2024 12:20:41 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
origin-agent-cluster
?1
referrer-policy
no-referrer
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IP2RqOCBOMNlXM7e0zUDD9NB2rGnQmPccKByoc1BMV1VjFdFtE0QeV732rspFg3z8r6aGIWwD70SkGjcBE5xLhglDOJmkUIRHsl5q8exEBAs9FXjhPouvf8OI%2B%2FJqg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=15552000; includeSubDomains
vary
Accept-Encoding Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-xss-protection
0
ckset
oacenom.com/ 		117 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://oacenom.com/ckset
Requested by
Host: queitho.com
URL: https://queitho.com/client?camp=s3&aff_id=2&aff_sub=28743&source=28743&aff_sub2=&click_id=33_28743_9949_e3ed06f4dbd2f0658602db383be74f11
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b6e7697d811d85afbb5afeaa1a2d863850f509f81ee1a84ed98888ce370e921d
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 06 Aug 2024 12:20:41 GMT
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-dns-prefetch-control
off
cross-origin-resource-policy
same-origin
alt-svc
h3=":443"; ma=86400
content-length
117
x-xss-protection
0
referrer-policy
no-referrer
server
cloudflare
cross-origin-opener-policy
same-origin
etag
W/"75-5c+0Sr7u0Sf54coPn6SvTwPXE/w"
x-download-options
noopen
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rTzFUzfvcK4DlWez1ksB0QO5A8QBERmYCrdxiVQVVXeBwRi3DW7IhFgj1sM6WFDMIQ0EM0gncN2OfkOZIcT7ivM4HeY1%2FwX26zkTpDGdJrkJAh8rvLRBHvcHi5Alow%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=utf-8
access-control-allow-origin
https://queitho.com
origin-agent-cluster
?1
access-control-allow-credentials
true
cf-ray
8aeefb7e3b67bb4f-FRA
favicon.ico
queitho.com/ 		146 B
510 B 		Other
General
Check archive.org
Download Go to
Full URL
https://queitho.com/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.169.237 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 06 Aug 2024 12:20:41 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
10
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0vsTVaggAQNL9XZ%2BYdt29xCXSylZrumdKg4sS10QJCxj9M%2FBpG7EYCWa0exG2ikxUcDyDX6uITGzEqhWXfvwkjPPibzQIygSdG34EIqjeyGkOJwpOgArkShQtoLuDA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html
cache-control
max-age=14400
cf-ray
8aeefb7e0afe5c8c-FRA
alt-svc
h3=":443"; ma=86400
visit
queitho.com/ 		695 B
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://queitho.com/visit?aff_id=2&aff_sub=28743&aff_sub2=&click_id=33_28743_9949_e3ed06f4dbd2f0658602db383be74f11&source=28743&ttype=direct&camp=s3&bstep=&sid=&efcn=custom-unknown&cntp=custom-unknown&sch=&scw=&vph=&vpw=&lt=
Requested by
Host: queitho.com
URL: https://queitho.com/client?camp=s3&aff_id=2&aff_sub=28743&source=28743&aff_sub2=&click_id=33_28743_9949_e3ed06f4dbd2f0658602db383be74f11
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.169.237 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7c126b9f580202f33b80de6c24b65f86d165b3e7b24f595a47c9296d79105b34
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

date
Tue, 06 Aug 2024 12:20:41 GMT
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-dns-prefetch-control
off
cross-origin-resource-policy
same-origin
alt-svc
h3=":443"; ma=86400
content-length
695
x-xss-protection
0
referrer-policy
no-referrer
server
cloudflare
cross-origin-opener-policy
same-origin
etag
W/"2b7-VzPvm77frnWMQrkKy6epG8RvMjM"
x-download-options
noopen
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4kgLkIivD%2B%2BTm8k9wErw4dLm%2FJhZ9YsRnR3JSbEscjmOm7NwS9W4PUjsJnl%2BLT5ALKks67FYlzgElQzwmrHaPFpSz5j3y6Ux1GWXk3rrmd70U2RJcpLfgB7A12rbeQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=utf-8
origin-agent-cluster
?1
cache-control
no-store, no-store, no-cache
cf-ray
8aeefb7e8ba25c8c-FRA
fl
queitho.com/ 		1 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://queitho.com/fl?aff_id=2&aff_sub=28743&aff_sub2=&click_id=33_28743_9949_e3ed06f4dbd2f0658602db383be74f11&source=28743&ttype=px&camp=f140&sl_cid=78fa8869-03b3-49e5-ada2-a580fb9a1e66_d1703de7d5f5571a27cb21c3196d6df6&bstep=&sid=s3&efcn=4g&cntp=custom-unknown&sch=1200&scw=1600&vph=1200&vpw=1600&ref=&lt=
Requested by
Host: queitho.com
URL: https://queitho.com/client?camp=s3&aff_id=2&aff_sub=28743&source=28743&aff_sub2=&click_id=33_28743_9949_e3ed06f4dbd2f0658602db383be74f11
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.169.237 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8fcc90b87ee5567d007e2504d5c921d108df0a7f430df0fdbe2d376d0339d0f0
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

date
Tue, 06 Aug 2024 12:20:41 GMT
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-dns-prefetch-control
off
cross-origin-resource-policy
same-origin
alt-svc
h3=":443"; ma=86400
content-length
1132
x-xss-protection
0
referrer-policy
no-referrer
server
cloudflare
cross-origin-opener-policy
same-origin
etag
W/"46c-kvVU+qx7BY7bxZVDUALF4Q9fEMw"
x-download-options
noopen
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hdmCOWGIZ1ddFag11lGtGDh3uCJegCY0%2BKvxExTm0V1%2F4qIUAAodkBJphcMxQFvCr79DGRXcHWAlHiZWe30h743lw6NKOjo%2F%2B57%2F01bYmCRx0y5YgFhApOt4spbScg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=utf-8
origin-agent-cluster
?1
cache-control
no-store, no-store, no-cache
cf-ray
8aeefb7f4caf5c8c-FRA
ofp
queitho.com/ 		232 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://queitho.com/ofp?aff_id=2&aff_sub=28743&aff_sub2=&click_id=33_28743_9949_e3ed06f4dbd2f0658602db383be74f11&source=28743&ttype=px&camp=f140&sl_cid=78fa8869-03b3-49e5-ada2-a580fb9a1e66_d1703de7d5f5571a27cb21c3196d6df6&bstep=0&sid=s3&ofp_id=111&efcn=4g&cntp=custom-unknown&sch=1200&scw=1600&vph=1200&vpw=1600&ref=&lt=0
Requested by
Host: queitho.com
URL: https://queitho.com/client?camp=s3&aff_id=2&aff_sub=28743&source=28743&aff_sub2=&click_id=33_28743_9949_e3ed06f4dbd2f0658602db383be74f11
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.169.237 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

date
Tue, 06 Aug 2024 12:20:41 GMT
content-security-policy
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
cf-cache-status
DYNAMIC
x-permitted-cross-domain-policies
none
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-dns-prefetch-control
off
cross-origin-resource-policy
same-origin
alt-svc
h3=":443"; ma=86400
content-length
232
x-xss-protection
0
referrer-policy
no-referrer
server
cloudflare
cross-origin-opener-policy
same-origin
etag
W/"e8-uLNF3WHI9vkjN9/zebPQ6Puc4xI"
x-download-options
noopen
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iYZZzbq6v5kV%2FeX5LiT1XBYIPuqZNrK29ukmY55Sy5%2BO4w4Tg%2BsXETaHmrlomDf0b%2FmohttKo6najMAZidqYLRVgsRwFlOFrfLSg0C74Lt%2BUWU08o2H%2B%2FeMA7onsKw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=utf-8
origin-agent-cluster
?1
cache-control
no-store, no-store, no-cache
cf-ray
8aeefb801db45c8c-FRA
Primary Request c93b24225690327454fbfc934dd4945e
empirelayer.club/tds/interlayer/eb/s/
Redirect Chain
  • https://lookingfordating.com/tds/ae?tdsId=s5428sto_r&tds_campaign=s5428sto&s1=ps&utm_source=int&utm_sub=opnfnl&affid=e1f18e7f&subid=px1024&subid2=Mjg3NDNfcHgxMDI0&clickid=78fa8869-03b3-49e5-ada2-a5...
  • https://empirelayer.club/tds/interlayer/eb/s/c93b24225690327454fbfc934dd4945e?__t=1722946841883&__l=3600&__c=d54c8589f69705b7673902797f848dbec7e064bd&__u=
1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://empirelayer.club/tds/interlayer/eb/s/c93b24225690327454fbfc934dd4945e?__t=1722946841883&__l=3600&__c=d54c8589f69705b7673902797f848dbec7e064bd&__u=
Requested by
Host: queitho.com
URL: https://queitho.com/client?camp=s3&aff_id=2&aff_sub=28743&source=28743&aff_sub2=&click_id=33_28743_9949_e3ed06f4dbd2f0658602db383be74f11
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:9600:12:cfc2:6840:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
bb0851c79e020ef6acc4074dbb3261ae749db7c3982d1bcbde4da58b7c8e43ce

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA-Wow64, Sec-CH-UA
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
content-encoding
gzip
content-type
text/html
date
Tue, 06 Aug 2024 12:20:41 GMT
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
nginx
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 b26b931354407da013ac53d2c1c55034.cloudfront.net (CloudFront)
x-amz-cf-id
58Ka5vvBFmhecLk4jqQk0_9bX9eQ3_DDGxyLkBP6tRgX-UwFjrONXQ==
x-amz-cf-pop
FRA56-P6
x-cache
Miss from cloudfront

Redirect headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA-Wow64, Sec-CH-UA
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
date
Tue, 06 Aug 2024 12:20:41 GMT
location
https://empirelayer.club/tds/interlayer/eb/s/c93b24225690327454fbfc934dd4945e?__t=1722946841883&__l=3600&__c=d54c8589f69705b7673902797f848dbec7e064bd&__u=
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
nginx
timing-allow-origin
*
via
1.1 3acba66e95e31977aee0842f44a6f08e.cloudfront.net (CloudFront)
x-amz-cf-id
gf4qLmPmO3vRUvUThL6ell82i8qDyxyTGpUb0IQ2YjHxJDDSZoqJUQ==
x-amz-cf-pop
FRA56-C2
x-cache
Miss from cloudfront
index.js
lookingfordating.com/lp-external/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lookingfordating.com/lp-external/index.js
Requested by
Host: empirelayer.club
URL: https://empirelayer.club/tds/interlayer/eb/s/c93b24225690327454fbfc934dd4945e?__t=1722946841883&__l=3600&__c=d54c8589f69705b7673902797f848dbec7e064bd&__u=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211e:0:3:600f:9b40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
73e2c7224792905f76c1de153d5b8f09657e8edcdfd7832470cbca45446360a4

Request headers

Referer
https://empirelayer.club/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 06 Aug 2024 12:20:42 GMT
content-encoding
gzip
via
1.1 34435958fa6d40b77fd22fa1c1f56176.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C2
x-cache
Miss from cloudfront
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 24 Jul 2024 13:56:00 GMT
server
nginx
etag
W/"8b7-190e5070180"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=3600
accept-ranges
bytes
timing-allow-origin
*
x-robots-tag
noindex
x-amz-cf-id
LfLQJCm7SDx2FdVWDgn-sQ6aUHUAUXuqvBnhmp3gYTuFgylc1PSV4Q==
interlayer
empirelayer.club/tds/ 		0
501 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://empirelayer.club/tds/interlayer?handler=ExternalBackofferEvent&urlIn=https%3A%2F%2Fempirelayer.club%2Ftds%2Finterlayer%2Feb%2Fs%2Fc93b24225690327454fbfc934dd4945e%3F__t%3D1722946841883%26__l%3D3600%26__c%3Dd54c8589f69705b7673902797f848dbec7e064bd%26__u%3D&urlOut=https%3A%2F%2Fadthorized.go2affise.com%2Fclick%3Foffer_id%3D4108%26pid%3D1601%26sub1%3Dsml_e1f18e7f_px1024%26sub3%3Dd54c8589f69705b7673902797f848dbec7e064bd%26tds_cid%3Dd54c8589f69705b7673902797f848dbec7e064bd&altQs=utm_campaign%3De1f18e7f%26utm_source%3Dint%26utm_content%3Dpx1024%26data2%3D78fa8869-03b3-49e5-ada2-a580fb9a1e66%26s1%3Dps%26s3%3DMjg3NDNfcHgxMDI0%26tds_campaign%3Db7637pos%26tds_id%3Db7637pos_lp_a_1628517150489_seniorsexmatch%26tds_oid%3Da61bb7ee%26tds_cid%3Dd54c8589f69705b7673902797f848dbec7e064bd%26tds_ac_id%3Ds5428sto%26tds_host%3Dlookingfordating.com%26tds_path%3D%252Ftds%252Fae%26dci%3Daec4e5a67781c210795e8dafe475fd7fde3a56a1%26tds_ps%3Da&tdsCid=d54c8589f69705b7673902797f848dbec7e064bd&reason=beacon&visitsCount=1&ts=1722946842064
Requested by
Host: lookingfordating.com
URL: https://lookingfordating.com/lp-external/index.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2490:9600:12:cfc2:6840:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Referer
https://empirelayer.club/tds/interlayer/eb/s/c93b24225690327454fbfc934dd4945e?__t=1722946841883&__l=3600&__c=d54c8589f69705b7673902797f848dbec7e064bd&__u=
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 06 Aug 2024 12:20:42 GMT
via
1.1 b26b931354407da013ac53d2c1c55034.cloudfront.net (CloudFront)
server
nginx
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA-Wow64, Sec-CH-UA
x-amz-cf-pop
FRA56-P6
x-cache
Miss from cloudfront
p3p
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
timing-allow-origin
*
alt-svc
h3=":443"; ma=86400
x-amz-cf-id
iXRqWV1GhWWRbLlyJgVWXYv4HKpRzbxQL09kuhJDWgHPWGh15Wzkng==
/
bestlovepartner.life/
Redirect Chain
  • https://adthorized.go2affise.com/click?offer_id=4108&pid=1601&sub1=sml_e1f18e7f_px1024&sub3=d54c8589f69705b7673902797f848dbec7e064bd&tds_cid=d54c8589f69705b7673902797f848dbec7e064bd
  • https://bl.adkzmol.com/506f6a04-c7d8-4cd0-9173-ff0239f2dd4a?affid=&source=&pid=1601&sub1=1601_sml_e1f18e7f_px1024&offerid=4108&sub3=d54c8589f69705b7673902797f848dbec7e064bd
  • https://bl.adkzmol.com/506f6a04-c7d8-4cd0-9173-ff0239f2dd4a/2?affid=&source=&pid=1601&sub1=1601_sml_e1f18e7f_px1024&offerid=4108&sub3=d54c8589f69705b7673902797f848dbec7e064bd
  • https://bestlovepartner.life/?u=ttgk60a&o=z7crvh9&t=TB_DE_1601&cid=wqd5e12sgh04uk83jg97ekcc
0
0
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
04d05978fdb111358073ab0524e5c1fafc0826615c206987618416b8bd8a4747

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		5 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e4222715b556e7d99622c83e620d2f8e090047e56adb07923047f95828d561f2

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		155 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7808605ddd1f0eaa454aa444293d2f0260943e51e53838fca46506e6a69fe521

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
/
bestlovepartner.life/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
bestlovepartner.life
URL
https://bestlovepartner.life/?u=ttgk60a&o=z7crvh9&t=TB_DE_1601&cid=wqd5e12sgh04uk83jg97ekcc
Domain
bestlovepartner.life
URL
https://bestlovepartner.life/?u=ttgk60a&o=z7crvh9&t=TB_DE_1601&cid=wqd5e12sgh04uk83jg97ekcc

Verdicts & Comments Add Verdict or Comment

49 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| onResize function| setupMobileNav function| assert function| CollisionBox function| Runner function| GeneratedSoundFx function| announcePhrase function| getA11yString function| getRandomNum function| vibrate function| createCanvas function| decodeBase64ToArrayBuffer function| getTimeStamp function| GameOverPanel function| checkForCollision function| createAdjustedCollisionBox function| drawCollisionBoxes function| boxCompare function| Obstacle function| Trex function| DistanceMeter function| Cloud function| BackgroundEl function| NightMode function| HorizonLine function| Horizon function| toggleHelpBox function| diagnoseErrors function| portalSignin function| updateForDnsProbe function| updateIconClass function| reloadButtonClick function| downloadButtonClick function| detailsButtonClick function| setAutoFetchState function| savePageLaterClick function| cancelSavePageClick function| toggleErrorInformationPopup function| launchDownloadsPage function| toggleOfflineContentListVisibility function| onDocumentLoadOrUpdate function| onDocumentLoad function| jstGetTemplate function| JsEvalContext function| jstProcess object| loadTimeDataRaw object| certificateErrorPageController object| errorPageController object| supervisedUserErrorPageController

7 Cookies

Domain/Path Name / Value
.queitho.com/ Name: browserLanguage
Value: de
.queitho.com/ Name: userId
Value: 5464f9b6-702e-4e5d-a459-e291d3a30728_fd9fb3ef30994fc8f7280cc4e5009c71
.oacenom.com/ Name: mastidencook
Value: 01e6644a-d0ac-4b1f-bf28-79731df2495b_8e079a0463f005f29b4a48aabc267d1d
.lookingfordating.com/ Name: dci
Value: aec4e5a67781c210795e8dafe475fd7fde3a56a1
lookingfordating.com/ Name: dm
Value: fe450dd0d1dadc615429144d33241f42
.bl.adkzmol.com/ Name: 506f6a04-c7d8-4cd0-9173-ff0239f2dd4a-v4
Value: flaVqylrheFbVzmP7jVUHaCT-H0oaxpSfLXvfR-c4eE
.bl.adkzmol.com/ Name: voluum-cid-v4
Value: %7B%22cid%22%3A%22wqd5e12sgh04uk83jg97ekcc%22%2C%22caid%22%3A%22506f6a04-c7d8-4cd0-9173-ff0239f2dd4a%22%7D

1 Console Messages

Source Level URL
Text
network error URL: https://queitho.com/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' https://oacenom.com https://openfpcdn.io/fingerprintjs/v4; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://oacenom.com https://openfpcdn.io/fingerprintjs/v4
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0