urlscan.io logo urlscan.io
SecurityTrails logo

der-mann.info Open in urlscan Pro
172.67.150.174  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://u-5556.onetouch20.com/api/rtb-pops/go?id=276899665671&sig=7ab96c6646c0611f41beea5d94c439&u=aHR0cHM6Ly92Ni53bnQtczBtZS1...
Effective URL: https://der-mann.info/r/naughty/49062?count=10&declCount=10&fullScreenMode=disabled&utm_source=pops
Submission: On September 14 via api from LU — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 6 domains to perform 12 HTTP transactions. The main IP is 172.67.150.174, located in United States and belongs to CLOUDFLARENET, US. The main domain is der-mann.info.
TLS certificate: Issued by WE1 on September 2nd 2024. Valid for: 3 months.
This is the only time der-mann.info was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 172.67.174.132 13335 (CLOUDFLAR...)
2 2 172.67.135.34 13335 (CLOUDFLAR...)
1 1 188.114.97.3 13335 (CLOUDFLAR...)
1 1 188.114.96.3 13335 (CLOUDFLAR...)
9 172.67.150.174 13335 (CLOUDFLAR...)
1 4 172.67.139.74 13335 (CLOUDFLAR...)
12 2
1    172.67.174.132 (United States)

ASN13335 (CLOUDFLARENET, US)
u-5556.onetouch20.com
2    172.67.135.34 (United States)

ASN13335 (CLOUDFLARENET, US)
auto-bg.info
1    188.114.97.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)
trovare.info
1    188.114.96.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)
bghm.info
9    172.67.150.174 (United States)

ASN13335 (CLOUDFLARENET, US)
der-mann.info
4    172.67.139.74 (United States)

ASN13335 (CLOUDFLARENET, US)
burningapril.info
Apex Domain
Subdomains		 Transfer
9 der-mann.info
der-mann.info
89 KB
4 burningapril.info
burningapril.info — Cisco Umbrella Rank: 138194
1 KB
2 auto-bg.info
auto-bg.info — Cisco Umbrella Rank: 611471
2 KB
1 bghm.info
bghm.info
795 B
1 trovare.info
trovare.info — Cisco Umbrella Rank: 66629
673 B
1 onetouch20.com
u-5556.onetouch20.com
663 B
12 6
Domain Requested by
9 der-mann.info der-mann.info
4 burningapril.info 1 redirects
2 auto-bg.info 2 redirects
1 bghm.info 1 redirects
1 trovare.info 1 redirects
1 u-5556.onetouch20.com 1 redirects
12 6

This site contains no links.

Subject Issuer Validity Valid
der-mann.info
WE1		 2024-09-02 -
2024-12-01		 3 months crt.sh
burningapril.info
WE1		 2024-08-03 -
2024-11-01		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://der-mann.info/r/naughty/49062?count=10&declCount=10&fullScreenMode=disabled&utm_source=pops
Frame ID: 567413BFEA03482037D4941D103997E9
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Um auf die Website zuzugreifen, klicken Sie auf "Zulassen"

Page URL History Show full URLs

  1. http://u-5556.onetouch20.com/api/rtb-pops/go?id=276899665671&sig=7ab96c6646c0611f41beea5d94c439&u=aHR0cHM... HTTP 307
    https://u-5556.onetouch20.com/api/rtb-pops/go?id=276899665671&sig=7ab96c6646c0611f41beea5d94c439&u=aHR0cHM... HTTP 302
    https://auto-bg.info/dvzMy91L?sub_id_1=pops&sub_id_2=ni&sub_id_2=ni&sub_id_3={click_age} HTTP 302
    https://trovare.info/pop-go/54343?utm_source=&sub1=1d572rd4ls7qjm&sub2= HTTP 302
    https://auto-bg.info/yX5n98X9?source=54343&sub_id_1=pops&sub_id_2={reason}&sub_id_3={click_age} HTTP 302
    https://bghm.info/rs/49062?count=10&declCount=10&fullScreenMode=disabled&utm_source=pops HTTP 302
    https://der-mann.info/r/naughty/49062?count=10&declCount=10&fullScreenMode=disabled&utm_source=pops Page URL

Page Statistics

12
Requests

92 %
HTTPS

0 %
IPv6

6
Domains

6
Subdomains

2
IPs

2
Countries

90 kB
Transfer

174 kB
Size

9
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://u-5556.onetouch20.com/api/rtb-pops/go?id=276899665671&sig=7ab96c6646c0611f41beea5d94c439&u=aHR0cHM6Ly92Ni53bnQtczBtZS1wdXNoLmNvbS9yLzhhb3gxRU1sMnZaUExhdlE1ZVV2aEZXZlA2M3A3MW9seVFDY2Y2ZEJOLUE1aTZGekZuQVVScnhzYm9LTGdZejl6MXp0OTlUdFltaGlvNzh0d1YxalJuWEE1OXNwVDk4bmxqeEJna3BFaHQ2Nm42aUJHVHZsTHlwdWlaY0pKcUhEejhLcXFwZTZRbGpVZWNObm5CZXptTjVRV0V2dXlwM25LYmZPb00zOUFsVWd1Y1F0UjZxd25mSk5JZjhhYjIyYkFVbEZ6S1Q0TlcybmZ0TVNPbGlqX2FoUmFUd2wtTVV4VHJaYUxXRWhoZlp6b05YRkc4bk11eUI1Qm90S201NExpdWhJbUNWYXY2STdOUWVCS0pDWmRnY2IwWVNMQzdSUzhycFpvazdkQkRkV3JSTVNNQkUyQmM1NmJXRjVydm9HVGtjZVhWaldVNVJqdGk5TExFb1FNZmZmN3R1cW15aEE2NlZEbnVnRlNNM1c2X1kyMThCVmdKTmlXMEEwdDkxekxlX05ab3k4Y2dMSDBqcDZtcV8wcU1RSmFIVm5NZ3VOcVE4NjBPemdlM0FXMWtzWEJOVC1VQVJPZzRUWmRRYWdQQ3RQRkpTUEhadHFvY1JSMzZzNi1idEdrMDk3emQ4bmJ2UGxHbkhoNTluOU5Wb09oeDdaRE9nQ2FpUkJrdWlrZmlONzRGdDY4aXB1Qk1IOGFvRmtaQzdQYklKZ1hnYUdCN1NEMHNDUVBjWjVnM3df&redirect=js HTTP 307
    https://u-5556.onetouch20.com/api/rtb-pops/go?id=276899665671&sig=7ab96c6646c0611f41beea5d94c439&u=aHR0cHM6Ly92Ni53bnQtczBtZS1wdXNoLmNvbS9yLzhhb3gxRU1sMnZaUExhdlE1ZVV2aEZXZlA2M3A3MW9seVFDY2Y2ZEJOLUE1aTZGekZuQVVScnhzYm9LTGdZejl6MXp0OTlUdFltaGlvNzh0d1YxalJuWEE1OXNwVDk4bmxqeEJna3BFaHQ2Nm42aUJHVHZsTHlwdWlaY0pKcUhEejhLcXFwZTZRbGpVZWNObm5CZXptTjVRV0V2dXlwM25LYmZPb00zOUFsVWd1Y1F0UjZxd25mSk5JZjhhYjIyYkFVbEZ6S1Q0TlcybmZ0TVNPbGlqX2FoUmFUd2wtTVV4VHJaYUxXRWhoZlp6b05YRkc4bk11eUI1Qm90S201NExpdWhJbUNWYXY2STdOUWVCS0pDWmRnY2IwWVNMQzdSUzhycFpvazdkQkRkV3JSTVNNQkUyQmM1NmJXRjVydm9HVGtjZVhWaldVNVJqdGk5TExFb1FNZmZmN3R1cW15aEE2NlZEbnVnRlNNM1c2X1kyMThCVmdKTmlXMEEwdDkxekxlX05ab3k4Y2dMSDBqcDZtcV8wcU1RSmFIVm5NZ3VOcVE4NjBPemdlM0FXMWtzWEJOVC1VQVJPZzRUWmRRYWdQQ3RQRkpTUEhadHFvY1JSMzZzNi1idEdrMDk3emQ4bmJ2UGxHbkhoNTluOU5Wb09oeDdaRE9nQ2FpUkJrdWlrZmlONzRGdDY4aXB1Qk1IOGFvRmtaQzdQYklKZ1hnYUdCN1NEMHNDUVBjWjVnM3df&redirect=js HTTP 302
    https://auto-bg.info/dvzMy91L?sub_id_1=pops&sub_id_2=ni&sub_id_2=ni&sub_id_3={click_age} HTTP 302
    https://trovare.info/pop-go/54343?utm_source=&sub1=1d572rd4ls7qjm&sub2= HTTP 302
    https://auto-bg.info/yX5n98X9?source=54343&sub_id_1=pops&sub_id_2={reason}&sub_id_3={click_age} HTTP 302
    https://bghm.info/rs/49062?count=10&declCount=10&fullScreenMode=disabled&utm_source=pops HTTP 302
    https://der-mann.info/r/naughty/49062?count=10&declCount=10&fullScreenMode=disabled&utm_source=pops Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 8
  • https://burningapril.info/api/subscription/detect HTTP 307
  • https://burningapril.info/api/subscription/detect?srv=2

12 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 49062
der-mann.info/r/naughty/
Redirect Chain
  • http://u-5556.onetouch20.com/api/rtb-pops/go?id=276899665671&sig=7ab96c6646c0611f41beea5d94c439&u=aHR0cHM6Ly92Ni53bnQtczBtZS1wdXNoLmNvbS9yLzhhb3gxRU1sMnZaUExhdlE1ZVV2aEZXZlA2M3A3MW9seVFDY2Y2ZEJOLUE...
  • https://u-5556.onetouch20.com/api/rtb-pops/go?id=276899665671&sig=7ab96c6646c0611f41beea5d94c439&u=aHR0cHM6Ly92Ni53bnQtczBtZS1wdXNoLmNvbS9yLzhhb3gxRU1sMnZaUExhdlE1ZVV2aEZXZlA2M3A3MW9seVFDY2Y2ZEJOLU...
  • https://auto-bg.info/dvzMy91L?sub_id_1=pops&sub_id_2=ni&sub_id_2=ni&sub_id_3={click_age}
  • https://trovare.info/pop-go/54343?utm_source=&sub1=1d572rd4ls7qjm&sub2=
  • https://auto-bg.info/yX5n98X9?source=54343&sub_id_1=pops&sub_id_2={reason}&sub_id_3={click_age}
  • https://bghm.info/rs/49062?count=10&declCount=10&fullScreenMode=disabled&utm_source=pops
  • https://der-mann.info/r/naughty/49062?count=10&declCount=10&fullScreenMode=disabled&utm_source=pops
3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://der-mann.info/r/naughty/49062?count=10&declCount=10&fullScreenMode=disabled&utm_source=pops
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.150.174 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4f7c8dafdda3d278e5a0c14b2e80ea1aed93dfb3601b8456b77943a454957e6a
Security Headers
Name Value
Strict-Transport-Security max-age=7776000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
8c2e5ffecf4dbb50-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sat, 14 Sep 2024 06:38:35 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vKFzgFKHzg9YUKkYcc2aIWuSRHYfA%2Bwq2JumBOWkThJsCUiJqWtpmWjPjqR3Ve13TKDBkCfj4i%2Bfe8CpbywwyFudKlOACCak3OOP6aIUFcl0a%2F6jJquqxP2QSMPRUrH2"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=7776000; includeSubDomains

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
8c2e5ffe4bbb8fe8-FRA
content-type
text/html; charset=UTF-8
date
Sat, 14 Sep 2024 06:38:35 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
location
https://der-mann.info/r/naughty/49062?count=10&declCount=10&fullScreenMode=disabled&utm_source=pops
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rUcB0MwEh7K9jc66%2FbufcbTTzny3o7rj%2B94oz36Gt1273Csn5SuU4ry0g2EoDx4cUF0%2BuAgQYhIMfvdm8gPcaMF5VNhLf97g5QL8OsPo2YDPxwg0RB0LhbsxE3k%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=7776000; includeSubDomains
style.css
der-mann.info/media/landings/naughty/css/ 		6 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://der-mann.info/media/landings/naughty/css/style.css?b=42
Requested by
Host: der-mann.info
URL: https://der-mann.info/r/naughty/49062?count=10&declCount=10&fullScreenMode=disabled&utm_source=pops
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.150.174 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a4f91d6a952414509cc15557d547ae87766326005db05610d40a168b9933d20c

Request headers

Referer
https://der-mann.info/r/naughty/49062?count=10&declCount=10&fullScreenMode=disabled&utm_source=pops
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

date
Sat, 14 Sep 2024 06:38:35 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 04 Jan 2023 23:57:45 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
2243
etag
W/"63b61279-1664"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c%2Fpss69bPfrZNAt7JT14bCFtPj7MBiPX3rXmJOZeXiXDHk4eNoKxzEhEuw9o8gK641Ir%2BZlonyjp97TPJriVeAUVCb1yw4SJbwiy3T0Edsm%2FkS3ZICT9yykte9%2B1leKT"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
8c2e5fff2f8cbb50-FRA
alt-svc
h3=":443"; ma=86400
push-wrap.js
der-mann.info/script/ 		71 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://der-mann.info/script/push-wrap.js?b=61
Requested by
Host: der-mann.info
URL: https://der-mann.info/r/naughty/49062?count=10&declCount=10&fullScreenMode=disabled&utm_source=pops
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.150.174 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc2b15ee4cc8981b6c87d995982bd91b599bfd35a3f670b0520beab8003499ed
Security Headers
Name Value
Strict-Transport-Security max-age=7776000; includeSubDomains

Request headers

Referer
https://der-mann.info/r/naughty/49062?count=10&declCount=10&fullScreenMode=disabled&utm_source=pops
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

date
Sat, 14 Sep 2024 06:38:35 GMT
strict-transport-security
max-age=7776000; includeSubDomains
content-encoding
br
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-disposition
inline; filename="push-wrap.js"
alt-svc
h3=":443"; ma=86400
pragma
public
last-modified
Sat, 14 Sep 2024 06:30:00 GMT
server
cloudflare
etag
W/"FZwW49F+8SvOlt3jhQxChXD7nkQ"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sQDfRwANHdc%2FGhiicBSMWiHrVnOmMJpnmYtggx9jsKrav4yvDfOEL9gSI7huJiHHkuWT2nc8p2fiKQcCMULmovK4CZoHRl3NKm49bf%2FMog6yv8a%2BOp93%2FAcaDTY%2FZOsz"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=3600
cf-ray
8c2e5fff2f8dbb50-FRA
expires
Sat, 14 Sep 2024 07:38:35 GMT
block.js
der-mann.info/ 		142 B
536 B 		Script
General
Check archive.org
Download Go to
Full URL
https://der-mann.info/block.js?b=42
Requested by
Host: der-mann.info
URL: https://der-mann.info/r/naughty/49062?count=10&declCount=10&fullScreenMode=disabled&utm_source=pops
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.150.174 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
47b8e33e29528d52649a476908377defe05da7bdfb68a708eea2e18aac42ab1e

Request headers

Referer
https://der-mann.info/r/naughty/49062?count=10&declCount=10&fullScreenMode=disabled&utm_source=pops
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

date
Sat, 14 Sep 2024 06:38:35 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 04 Jan 2023 23:57:45 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
5975
etag
W/"63b61279-8e"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3vinzvL6QjCjercX50vx3PInrkQgvlC25Z5%2Bj7jtgIVGnicAff%2FQ5tcQm3HFq4eQJ0J%2BViH8mcQofgejMRQFl33HNG9rGRilEXSfLvowF3lhkIPk1cev5Tv5GG2O7tSy"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
8c2e5fff2f8ebb50-FRA
alt-svc
h3=":443"; ma=86400
index.js
der-mann.info/media/landings/naughty/js/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://der-mann.info/media/landings/naughty/js/index.js?b=42
Requested by
Host: der-mann.info
URL: https://der-mann.info/r/naughty/49062?count=10&declCount=10&fullScreenMode=disabled&utm_source=pops
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.150.174 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f1e034fca1ff2822f82cbd51960969fc6448545205f430814ad02833f5edc485

Request headers

Referer
https://der-mann.info/r/naughty/49062?count=10&declCount=10&fullScreenMode=disabled&utm_source=pops
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

date
Sat, 14 Sep 2024 06:38:35 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 04 Jan 2023 23:57:45 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
2243
etag
W/"63b61279-1800"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lUP%2F0OJCXWs%2FIAnnJDSY9Yh895iKf0uExbVSjCQ%2FUWfS1OA5B2ZWDu%2FTFulNqFxfZQfOy1H%2BUPbkSA3Abl54eSO8mTB3An2iF4GscgJTfNhmNcHi6CdcqcrqSeKzYInC"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
8c2e5fff2f90bb50-FRA
alt-svc
h3=":443"; ma=86400
push.js
der-mann.info/script/ 		23 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://der-mann.info/script/push.js?b=61
Requested by
Host: der-mann.info
URL: https://der-mann.info/script/push-wrap.js?b=61
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.150.174 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2543a3d57d775606c2985e4996981b4b16aea5d64e0dd0fb6d70f3ae75e2b0a3
Security Headers
Name Value
Strict-Transport-Security max-age=7776000; includeSubDomains

Request headers

Referer
https://der-mann.info/r/naughty/49062?count=10&declCount=10&fullScreenMode=disabled&utm_source=pops
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

date
Sat, 14 Sep 2024 06:38:35 GMT
strict-transport-security
max-age=7776000; includeSubDomains
content-encoding
br
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-disposition
inline; filename="push.js"
alt-svc
h3=":443"; ma=86400
pragma
public
last-modified
Sat, 14 Sep 2024 06:30:00 GMT
server
cloudflare
etag
W/"RneI7pQkfqt/buThgo4YKlGxo+M"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xHA41metowQOLO2sNda4JtCZsrkZA8m39y8cGaVVEknOCSQ9%2FMQo1JkLc9q7lxISSB%2BnuMC6ljKUeYkJKy6igKwMgrnZWkbedx12rKChsRRzEfeuNMZPE3Ksazx0dPCI"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=3600
cf-ray
8c2e5fff9fd2bb50-FRA
expires
Sat, 14 Sep 2024 07:38:35 GMT
slide1.jpg
der-mann.info/media/landings/naughty/images/ 		55 KB
55 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://der-mann.info/media/landings/naughty/images/slide1.jpg?b=12
Requested by
Host: der-mann.info
URL: https://der-mann.info/r/naughty/49062?count=10&declCount=10&fullScreenMode=disabled&utm_source=pops
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.150.174 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1ec8fa7196c32d39e4cd6e343a3223be510bb8b3d74095a5b1a87a7300b79ef0

Request headers

Referer
https://der-mann.info/r/naughty/49062?count=10&declCount=10&fullScreenMode=disabled&utm_source=pops
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

date
Sat, 14 Sep 2024 06:38:35 GMT
cf-cache-status
HIT
last-modified
Wed, 04 Jan 2023 23:57:45 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
2243
etag
"63b61279-dbb4"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PAyeeGuUs6Ozw87jZHVLEoBkXTMrUmARSRH8Xnx9Zw%2FfNbHUYnFZ7z9lGjkHSqFQ4IddhhL8j1%2Fn8ojqzQwTJI%2BNwVXQFUvKNq0A%2BGTDwKw8nHTa7I%2FxA5wO7Uf2GHTs"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
8c2e5fffafd7bb50-FRA
alt-svc
h3=":443"; ma=86400
content-length
56244
arrow.png
der-mann.info/media/landings/naughty/images/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://der-mann.info/media/landings/naughty/images/arrow.png
Requested by
Host: der-mann.info
URL: https://der-mann.info/media/landings/naughty/css/style.css?b=42
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.150.174 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d83902954f037dfd3a83f3b3b0516f60f1dfc0c909d06603bb555caecbcd34a6

Request headers

Referer
https://der-mann.info/media/landings/naughty/css/style.css?b=42
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

date
Sat, 14 Sep 2024 06:38:35 GMT
cf-cache-status
MISS
last-modified
Wed, 04 Jan 2023 23:57:45 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"63b61279-168f"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s9a8wk0W%2FcgXJTIuhfLZDGp37XJWWZWep88jzKe%2B6o9BojwHofdnB6G9auRRJnRtuNXtVDbzlPv3dTLzzUXmnp1vY2hppHdRgCEuYRVt42eDBiNtPTQ8UzSPD6%2BC3S%2FT"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
8c2e5fffafd8bb50-FRA
alt-svc
h3=":443"; ma=86400
content-length
5775
favicon.ico
der-mann.info/media/landings/ 		4 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://der-mann.info/media/landings/favicon.ico?b=12
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.150.174 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aba03bde056d15a14bcfa41a0a73bd3f9dcf329c42bfa593fef8de629a7f9e52

Request headers

Referer
https://der-mann.info/r/naughty/49062?count=10&declCount=10&fullScreenMode=disabled&utm_source=pops
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

date
Sat, 14 Sep 2024 06:38:35 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 04 Jan 2023 23:57:45 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
6084
etag
W/"63b61279-10be"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BY6DvU5U2Lnmtz2lRHJ1jZaBhJT%2Fl87XGH4KDnw1QeLvQxWmp8%2FmEoWYVXKKsev%2BMv1BD8cLsozdViEFOHnlbj5wLcZb86kMQXcoOo66zI4%2BH%2BkFDIdxG1WqrpY3ces9"}],"group":"cf-nel","max_age":604800}
content-type
image/x-icon
cache-control
max-age=14400
cf-ray
8c2e5fffe808bb50-FRA
alt-svc
h3=":443"; ma=86400
detect
burningapril.info/api/subscription/
Redirect Chain
  • https://burningapril.info/api/subscription/detect
  • https://burningapril.info/api/subscription/detect?srv=2
91 B
860 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://burningapril.info/api/subscription/detect?srv=2
Protocol
H3
Server
172.67.139.74 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3d00e627b7992828e4d9aefe54a4a57d78891b70ffad5db026603b96d9e7965f

Request headers

Referer
https://der-mann.info/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

date
Sat, 14 Sep 2024 06:38:35 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
-: Origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Swq71awAMDyxLWVp10GzrUW45dDqZeeaIFKEavVjucCDDMgTYDPx4R16LRId1kOFbbg8ak909tLoWYNDVsEwgwQ%2FuwNDFjEdI0h3yzjd5%2Bcvf68M69%2FEfCcrdXsFbn%2FZPuh%2Fcg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://der-mann.info
access-control-expose-headers
*
access-control-allow-credentials
true
cf-ray
8c2e60010af59bd4-FRA
access-control-allow-headers
Content-type

Redirect headers

date
Sat, 14 Sep 2024 06:38:35 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
-: Origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KiceXURsa97gxL%2B2IxOhbIpepnz0xLqFNyp%2BQqASTe1J8hKCB4E0kdiqj2FPMxu%2F3DBBcrAmDRoosdUbouvMATyDZ40uh%2Bw1EcvSGtXS8NB84SgYTlaGE6TMRYBZvvaC21fmhw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=UTF-8
location
https://burningapril.info/api/subscription/detect?srv=2
access-control-allow-origin
https://der-mann.info
access-control-expose-headers
*
access-control-allow-credentials
true
cf-ray
8c2e60009aae9bd4-FRA
access-control-allow-headers
Content-type
detect
burningapril.info/api/subscription/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://burningapril.info/api/subscription/detect
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.139.74 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://der-mann.info
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-type
access-control-allow-origin
https://der-mann.info
access-control-expose-headers
*
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8c2e60005bc14d43-FRA
content-encoding
br
content-type
application/json; charset=UTF-8
date
Sat, 14 Sep 2024 06:38:35 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ivcimguZ6uT5OHCA8oQjcP6lUbvu4Bmjxubdsm62qFZE%2Bw1K58JH8%2ByY3ebbQs2lwjW1xUiVTXynR743DyrddxfoGmaoQ674C0qwO%2FGE%2BQ2w4FA1fbSpHlR6mSO0jrOHi%2BI6VA%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
-: Origin
detect
burningapril.info/api/subscription/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://burningapril.info/api/subscription/detect?srv=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.139.74 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://der-mann.info
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.62 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-type
access-control-allow-origin
https://der-mann.info
access-control-expose-headers
*
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8c2e6000dc3e4d43-FRA
content-encoding
br
content-type
application/json; charset=UTF-8
date
Sat, 14 Sep 2024 06:38:35 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RRGIa5j%2BwtfYV4OwHx0jw3FhY%2BrJVYPz78gLJn05tc%2F83Tw18v7CeOW9IqW46zlLOegGL3xnznNrO%2BCIUkh%2BJYbWAxiXGrXsD9qTJ%2FrQoHLkMA2mq3Jjk2eHh7DYTffjxtd8%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
-: Origin

Verdicts & Comments Add Verdict or Comment

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| PushKaWrapper object| obj object| slider object| sliderItems function| nextSlide function| makeFullScreen object| url string| fullScreenMode object| browser function| addClass function| removeClass function| toggleClass function| hasClass function| detect function| detectOS function| getNodeVersion function| parseUserAgent function| getBrowserRules function| getOperatingSystemRules function| buildRules function| PushKa

9 Cookies

Domain/Path Name / Value
auto-bg.info/ Name: _token
Value: uuid_1d572rd4ls7qjm_1d572rd4ls7qjm66e52f6adfc679.31716818
auto-bg.info/ Name: _subid
Value: 1d572rd4ls7qjp
auto-bg.info/ Name: bc730
Value: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjMxNzBcIjoxNzI2Mjk1OTE0LFwiNzEyNVwiOjE3MjYyOTU5MTV9LFwiY2FtcGFpZ25zXCI6e1wiNTExXCI6MTcyNjI5NTkxNCxcIjUxMFwiOjE3MjYyOTU5MTV9LFwidGltZVwiOjE3MjYyOTU5MTR9In0.j0Gu9DXztSkhm3p-GzNwCbzC8acnFZzzjdoWi7nWqxI
bghm.info/ Name: PHPSESSID
Value: 3t3p19960j63hv7q08a1neo953
bghm.info/ Name: pushca-unq
Value: 6288567d9e4e4c7b209a6dd42d3eae36a%3A2%3A%7Bi%3A0%3Bs%3A10%3A%22pushca-unq%22%3Bi%3A1%3Bs%3A3%3A%22yes%22%3B%7D
der-mann.info/ Name: PHPSESSID
Value: kdoa0pjp6503ennm0nvdf2op9h
der-mann.info/ Name: _csrf
Value: 8930b0fcdc9c5ae4ae83890a88234077a%3A2%3A%7Bi%3A0%3Bs%3A5%3A%22_csrf%22%3Bi%3A1%3Bs%3A32%3A%22Kt-hioq0wQ6Fx6tDXZneIMTLZ2x0DEyt%22%3B%7D
burningapril.info/ Name: push-ca-uid
Value: 517ca5ad089a29d3cdae5fe683f87710a%3A2%3A%7Bi%3A0%3Bs%3A11%3A%22push-ca-uid%22%3Bi%3A1%3Bs%3A12%3A%22327803157385%22%3B%7D
burningapril.info/ Name: push-ca-srv
Value: 8e841d077465f4e50692c17c1ecff0c0a%3A2%3A%7Bi%3A0%3Bs%3A11%3A%22push-ca-srv%22%3Bi%3A1%3Bs%3A1%3A%222%22%3B%7D

1 Console Messages

Source Level URL
Text
other error URL: https://der-mann.info/r/naughty/49062?count=10&declCount=10&fullScreenMode=disabled&utm_source=pops
Message:
Chrome currently does not support the Push API in incognito mode (https://crbug.com/401439). There is deliberately no way to feature-detect this, since incognito mode needs to be undetectable by websites.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=7776000; includeSubDomains