Submitted URL: https://confirmationcenterz.com/redirect?target=BASE64aHR0cHM6Ly9mcnVpdGZ1bGNha2UuY29tLz9hPTEwMTU0NCZjPTEzMDUyMSZzMT1mOTM5NWIxMy...
Effective URL: https://campaign.royalvod.com/us/c06lud6/3/01.php
Submission: On January 10 via manual from US — Scanned from DE

Summary

This website contacted 19 IPs in 5 countries across 19 domains to perform 38 HTTP transactions. The main IP is 2606:4700:3034::ac43:953b, located in United States and belongs to CLOUDFLARENET, US. The main domain is campaign.royalvod.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on April 17th 2022. Valid for: a year.
This is the only time campaign.royalvod.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 18.195.174.160 16509 (AMAZON-02)
1 1 15.197.255.173 16509 (AMAZON-02)
1 1 157.90.33.241 24940 (HETZNER-AS)
1 1 66.254.106.253 29789 (REFLECTED)
4 2606:4700:303... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
10 66.254.122.18 29789 (REFLECTED)
1 2a00:1450:400... 15169 (GOOGLE)
3 2a06:98c1:312... 13335 (CLOUDFLAR...)
3 2a06:98c1:312... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
2 34.96.102.137 396982 (GOOGLE-CL...)
2 20.50.64.3 8075 (MICROSOFT...)
2 2a00:1450:400... 15169 (GOOGLE)
1 2001:4860:480... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 104.19.145.54 13335 (CLOUDFLAR...)
38 19
Apex Domain
Subdomains
Transfer
10 x1cdn.com
cdn.x1cdn.com — Cisco Umbrella Rank: 347480
408 KB
4 royalvod.com
campaign.royalvod.com
9 KB
3 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 103
region1.google-analytics.com — Cisco Umbrella Rank: 2124
20 KB
3 webendpoint.com
analytics.webendpoint.com
2 KB
3 pushstar.xyz
pushstar.xyz
5 KB
2 mmapiws.com
d-ipv6.mmapiws.com — Cisco Umbrella Rank: 23914
d-ipv4.mmapiws.com — Cisco Umbrella Rank: 147714
539 B
2 pushserve.xyz
pushserve.xyz — Cisco Umbrella Rank: 270494
2 KB
2 visualwebsiteoptimizer.com
dev.visualwebsiteoptimizer.com — Cisco Umbrella Rank: 5573
2 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 123
128 KB
1 google.de
www.google.de — Cisco Umbrella Rank: 3658
501 B
1 google.com
www.google.com — Cisco Umbrella Rank: 16
501 B
1 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 179
446 B
1 maxmind.com
device.maxmind.com — Cisco Umbrella Rank: 41405
7 KB
1 googleoptimize.com
www.googleoptimize.com — Cisco Umbrella Rank: 1311
44 KB
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 488
25 KB
1 qllinks.com
qllinks.com
633 B
1 trkmobidea.com
www.trkmobidea.com
279 B
1 fruitfulcake.com
fruitfulcake.com
619 B
1 confirmationcenterz.com
confirmationcenterz.com
722 B
38 19
Domain Requested by
10 cdn.x1cdn.com campaign.royalvod.com
4 campaign.royalvod.com confirmationcenterz.com
campaign.royalvod.com
3 analytics.webendpoint.com campaign.royalvod.com
analytics.webendpoint.com
3 pushstar.xyz campaign.royalvod.com
pushstar.xyz
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 pushserve.xyz pushstar.xyz
2 dev.visualwebsiteoptimizer.com campaign.royalvod.com
2 www.googletagmanager.com campaign.royalvod.com
www.googletagmanager.com
1 d-ipv4.mmapiws.com device.maxmind.com
1 www.google.de
1 www.google.com
1 d-ipv6.mmapiws.com device.maxmind.com
1 stats.g.doubleclick.net www.google-analytics.com
1 device.maxmind.com campaign.royalvod.com
1 region1.google-analytics.com www.googletagmanager.com
1 www.googleoptimize.com campaign.royalvod.com
1 cdn.jsdelivr.net campaign.royalvod.com
1 qllinks.com 1 redirects
1 www.trkmobidea.com 1 redirects
1 fruitfulcake.com 1 redirects
1 confirmationcenterz.com
38 21

This site contains links to these domains. Also see Links.

Domain
royalvod.com
Subject Issuer Validity Valid
confirmationcenterz.com
R3
2022-12-23 -
2023-03-23
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2022-04-17 -
2023-04-17
a year crt.sh
x1cdn.com
R3
2022-12-24 -
2023-03-24
3 months crt.sh
*.google-analytics.com
GTS CA 1C3
2022-11-28 -
2023-02-20
3 months crt.sh
*.visualwebsiteoptimizer.com
Starfield Secure Certificate Authority - G2
2022-07-04 -
2023-08-05
a year crt.sh
pushserve.xyz
Sectigo RSA Domain Validation Secure Server CA
2022-08-01 -
2023-08-01
a year crt.sh
*.maxmind.com
Sectigo RSA Domain Validation Secure Server CA
2022-10-19 -
2023-10-19
a year crt.sh
*.g.doubleclick.net
GTS CA 1C3
2022-11-28 -
2023-02-20
3 months crt.sh
www.google.com
GTS CA 1C3
2022-12-12 -
2023-03-06
3 months crt.sh
www.google.de
GTS CA 1C3
2022-11-28 -
2023-02-20
3 months crt.sh

This page contains 1 frames:

Primary Page: https://campaign.royalvod.com/us/c06lud6/3/01.php
Frame ID: E2ACC341B7FCA82CE2D88B5C72BB2225
Requests: 37 HTTP requests in this frame

Screenshot

Page Title

Proceed

Page URL History Show full URLs

  1. https://confirmationcenterz.com/redirect?target=BASE64aHR0cHM6Ly9mcnVpdGZ1bGNha2UuY29tLz9hPTEwMTU0NCZjPTEzMD... Page URL
  2. https://fruitfulcake.com/?a=101544&c=130521&s1=f9395b13-eb8e-48d1-9c07-4bed5604e87c&s2=d2ifkqk3m87tna... HTTP 302
    https://www.trkmobidea.com/click?offer_id=491&pub_id=5&pub_sub_id=101544&pub_click_id=pt9535948cb0c2413... HTTP 302
    https://qllinks.com/click?c=eyJhIjoyMTA2MiwibyI6Njg2LCJwIjoyNiwibHAiOjg4NiwiYyI6e319&clickid=BKI... HTTP 302
    https://campaign.royalvod.com/us/c06lud6/3/?tracker=5_101544_&clickid=BKIWpCEAAAGFnPn5NwAAAesAAAAFAAAAAAAA... Page URL
  3. https://campaign.royalvod.com/us/c06lud6/3/01.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • <link [^>]+(?:/([\d.]+)/)?animate\.(?:min\.)?css

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • googleoptimize\.com/optimize\.js

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
  • //cdn\.jsdelivr\.net/

Page Statistics

38
Requests

100 %
HTTPS

62 %
IPv6

19
Domains

21
Subdomains

19
IPs

5
Countries

654 kB
Transfer

1142 kB
Size

20
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://confirmationcenterz.com/redirect?target=BASE64aHR0cHM6Ly9mcnVpdGZ1bGNha2UuY29tLz9hPTEwMTU0NCZjPTEzMDUyMSZzMT1mOTM5NWIxMy1lYjhlLTQ4ZDEtOWMwNy00YmVkNTYwNGU4N2MmczI9ZDJpZmtxazNtODd0bmFxbDI5ajNwMDUw&ts=1673375783417&hash=rCBlD4Wln8epM5oj0GTQwazfQkaFUrPn5Oh6hKu_Hm8&rm=DJ Page URL
  2. https://fruitfulcake.com/?a=101544&c=130521&s1=f9395b13-eb8e-48d1-9c07-4bed5604e87c&s2=d2ifkqk3m87tnaql29j3p050 HTTP 302
    https://www.trkmobidea.com/click?offer_id=491&pub_id=5&pub_sub_id=101544&pub_click_id=pt9535948cb0c24133a76f9c795abe20de HTTP 302
    https://qllinks.com/click?c=eyJhIjoyMTA2MiwibyI6Njg2LCJwIjoyNiwibHAiOjg4NiwiYyI6e319&clickid=BKIWpCEAAAGFnPn5NwAAAesAAAAFAAAAAAAAAAAy&tracker=5_101544_&s1=&s3= HTTP 302
    https://campaign.royalvod.com/us/c06lud6/3/?tracker=5_101544_&clickid=BKIWpCEAAAGFnPn5NwAAAesAAAAFAAAAAAAAAAAy&c=eyJhIjoyMTA2MiwibyI6Njg2LCJzbyI6MTQ0OCwicCI6NTgsImxwIjo4ODYsImMiOnt9fSAg Page URL
  3. https://campaign.royalvod.com/us/c06lud6/3/01.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • https://fruitfulcake.com/?a=101544&c=130521&s1=f9395b13-eb8e-48d1-9c07-4bed5604e87c&s2=d2ifkqk3m87tnaql29j3p050 HTTP 302
  • https://www.trkmobidea.com/click?offer_id=491&pub_id=5&pub_sub_id=101544&pub_click_id=pt9535948cb0c24133a76f9c795abe20de HTTP 302
  • https://qllinks.com/click?c=eyJhIjoyMTA2MiwibyI6Njg2LCJwIjoyNiwibHAiOjg4NiwiYyI6e319&clickid=BKIWpCEAAAGFnPn5NwAAAesAAAAFAAAAAAAAAAAy&tracker=5_101544_&s1=&s3= HTTP 302
  • https://campaign.royalvod.com/us/c06lud6/3/?tracker=5_101544_&clickid=BKIWpCEAAAGFnPn5NwAAAesAAAAFAAAAAAAAAAAy&c=eyJhIjoyMTA2MiwibyI6Njg2LCJzbyI6MTQ0OCwicCI6NTgsImxwIjo4ODYsImMiOnt9fSAg

38 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
redirect
confirmationcenterz.com/
560 B
722 B
Document
General
Full URL
https://confirmationcenterz.com/redirect?target=BASE64aHR0cHM6Ly9mcnVpdGZ1bGNha2UuY29tLz9hPTEwMTU0NCZjPTEzMDUyMSZzMT1mOTM5NWIxMy1lYjhlLTQ4ZDEtOWMwNy00YmVkNTYwNGU4N2MmczI9ZDJpZmtxazNtODd0bmFxbDI5ajNwMDUw&ts=1673375783417&hash=rCBlD4Wln8epM5oj0GTQwazfQkaFUrPn5Oh6hKu_Hm8&rm=DJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.195.174.160 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-174-160.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
b2f143b1def29a73cada2878eb36be9ae2a3289aa2272d62c35b1ea335a2129a

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, pre-check=0, post-check=0
content-length
560
content-type
text/html;charset=UTF-8
date
Tue, 10 Jan 2023 18:38:25 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
pragma
no-cache
server
nginx
/
campaign.royalvod.com/us/c06lud6/3/
Redirect Chain
  • https://fruitfulcake.com/?a=101544&c=130521&s1=f9395b13-eb8e-48d1-9c07-4bed5604e87c&s2=d2ifkqk3m87tnaql29j3p050
  • https://www.trkmobidea.com/click?offer_id=491&pub_id=5&pub_sub_id=101544&pub_click_id=pt9535948cb0c24133a76f9c795abe20de
  • https://qllinks.com/click?c=eyJhIjoyMTA2MiwibyI6Njg2LCJwIjoyNiwibHAiOjg4NiwiYyI6e319&clickid=BKIWpCEAAAGFnPn5NwAAAesAAAAFAAAAAAAAAAAy&tracker=5_101544_&s1=&s3=
  • https://campaign.royalvod.com/us/c06lud6/3/?tracker=5_101544_&clickid=BKIWpCEAAAGFnPn5NwAAAesAAAAFAAAAAAAAAAAy&c=eyJhIjoyMTA2MiwibyI6Njg2LCJzbyI6MTQ0OCwicCI6NTgsImxwIjo4ODYsImMiOnt9fSAg
591 B
1 KB
Document
General
Full URL
https://campaign.royalvod.com/us/c06lud6/3/?tracker=5_101544_&clickid=BKIWpCEAAAGFnPn5NwAAAesAAAAFAAAAAAAAAAAy&c=eyJhIjoyMTA2MiwibyI6Njg2LCJzbyI6MTQ0OCwicCI6NTgsImxwIjo4ODYsImMiOnt9fSAg
Requested by
Host: confirmationcenterz.com
URL: https://confirmationcenterz.com/redirect?target=BASE64aHR0cHM6Ly9mcnVpdGZ1bGNha2UuY29tLz9hPTEwMTU0NCZjPTEzMDUyMSZzMT1mOTM5NWIxMy1lYjhlLTQ4ZDEtOWMwNy00YmVkNTYwNGU4N2MmczI9ZDJpZmtxazNtODd0bmFxbDI5ajNwMDUw&ts=1673375783417&hash=rCBlD4Wln8epM5oj0GTQwazfQkaFUrPn5Oh6hKu_Hm8&rm=DJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::ac43:953b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/5.6.40-29+0~20200514.35+debian9~1.gbpcc49a4
Resource Hash

Request headers

Referer
https://confirmationcenterz.com/redirect?target=BASE64aHR0cHM6Ly9mcnVpdGZ1bGNha2UuY29tLz9hPTEwMTU0NCZjPTEzMDUyMSZzMT1mOTM5NWIxMy1lYjhlLTQ4ZDEtOWMwNy00YmVkNTYwNGU4N2MmczI9ZDJpZmtxazNtODd0bmFxbDI5ajNwMDUw&ts=1673375783417&hash=rCBlD4Wln8epM5oj0GTQwazfQkaFUrPn5Oh6hKu_Hm8&rm=DJ
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7877879df9849bec-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Tue, 10 Jan 2023 18:38:27 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QZzhknysvC7suF32DsIQ%2FNu16SZya0qNljj7kY8FD%2F9RXr9klyRYa0%2BWOJ3JyrjMFYcfE8lpZON0iXLsATtGcyYphRaE8oHwnfs1daPYV%2BG4Bi%2FmEAjmEd9WvTwuObKoJmNponJdXj%2FOjlvyjaR77KZaQyc%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/5.6.40-29+0~20200514.35+debian9~1.gbpcc49a4

Redirect headers

content-length
0
date
Tue, 10 Jan 2023 18:38:27 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://campaign.royalvod.com/us/c06lud6/3/?tracker=5_101544_&clickid=BKIWpCEAAAGFnPn5NwAAAesAAAAFAAAAAAAAAAAy&c=eyJhIjoyMTA2MiwibyI6Njg2LCJzbyI6MTQ0OCwicCI6NTgsImxwIjo4ODYsImMiOnt9fSAg
server
nginx
x-frame-options
DENY
Primary Request 01.php
campaign.royalvod.com/us/c06lud6/3/
13 KB
5 KB
Document
General
Full URL
https://campaign.royalvod.com/us/c06lud6/3/01.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::ac43:953b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/5.6.40-29+0~20200514.35+debian9~1.gbpcc49a4
Resource Hash
0ed78030f369a2044b6b62d01e3004c70a072611459589742d3f5cf4373ea286

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://campaign.royalvod.com
Referer
https://campaign.royalvod.com/us/c06lud6/3/?tracker=5_101544_&clickid=BKIWpCEAAAGFnPn5NwAAAesAAAAFAAAAAAAAAAAy&c=eyJhIjoyMTA2MiwibyI6Njg2LCJzbyI6MTQ0OCwicCI6NTgsImxwIjo4ODYsImMiOnt9fSAg
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7877879fbd689bec-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Tue, 10 Jan 2023 18:38:27 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o4B%2Fe%2BbLHxvtz1WESjlzOZ8bszNTKwqVf4OOvC0ws7lC6XmHfb9ghGKoOI%2FtZ0%2BpD5zelRD7r6hfBL5s5iOQ4uFgS2lb23UJ7WW7nBTZ6ttjUAmC%2FotYFysP55YCBeSJWn82g0c1bwJ8%2Bn4lQZE52EP%2FZ18%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/5.6.40-29+0~20200514.35+debian9~1.gbpcc49a4
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/
160 KB
25 KB
Stylesheet
General
Full URL
https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css
Requested by
Host: campaign.royalvod.com
URL: https://campaign.royalvod.com/us/c06lud6/3/01.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
62f74b1cf824a89f03554c638e719594c309b4d8a627a758928c0516fa7890ab
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://campaign.royalvod.com/
Origin
https://campaign.royalvod.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 10 Jan 2023 18:38:28 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
1591115
x-jsd-version
5.1.3
content-encoding
br
x-cache
HIT, MISS
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra19134-FRA, cache-itm18849-ITM
x-jsd-version-type
version
server
cloudflare
etag
W/"28021-7Ba9Gb9K6bwuIzasQJpQO7varK0"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tCn8zikwxX4g2qHBpuRgaSgyEOAgJb38YjyAnTFJIjtakvPo9ZQ4W7Padh0rehcv8cr96WwSprcRuBULODdcQJiAlsb1C79juhojl5%2FsS%2Bmv7V81BEVYvwGmLggRkdjxvkbZV%2FNxzwdCYJ1EUK0%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cf-ray
787787a1f9a62bc2-FRA
main.css
cdn.x1cdn.com/vod/css/
0
312 B
Stylesheet
General
Full URL
https://cdn.x1cdn.com/vod/css/main.css
Requested by
Host: campaign.royalvod.com
URL: https://campaign.royalvod.com/us/c06lud6/3/01.php
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
66.254.122.18 , United States, ASN29789 (REFLECTED, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://campaign.royalvod.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 10 Jan 2023 18:38:28 GMT
last-modified
Thu, 06 Jan 2022 12:15:54 GMT
etag
"25e423a31-0-5d4e8d4f6d280"
vary
Accept-Encoding
access-control-allow-methods
GET,HEAD,OPTIONS
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=10490654
x-cdn-diag
fra1-11037-3-44709-m-1-0-200-0.196--;11014-42-30037----0-0-200
accept-ranges
bytes
content-length
0
expires
Fri, 12 May 2023 04:42:42 GMT
animate.min.css
cdn.x1cdn.com/vod/css/
57 KB
57 KB
Stylesheet
General
Full URL
https://cdn.x1cdn.com/vod/css/animate.min.css
Requested by
Host: campaign.royalvod.com
URL: https://campaign.royalvod.com/us/c06lud6/3/01.php
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
66.254.122.18 , United States, ASN29789 (REFLECTED, US),
Reverse DNS
Software
/
Resource Hash
220b12c5dcb405684b22aa4a7ab6ff7eaa5d6c3c91814f0c69d281d5b3755d69

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://campaign.royalvod.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 10 Jan 2023 18:38:28 GMT
last-modified
Thu, 06 Jan 2022 12:15:54 GMT
etag
"25c92c504-e28d-5d4e8d4f6d280"
vary
Accept-Encoding
access-control-allow-methods
GET,HEAD,OPTIONS
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=10444874
x-cdn-diag
fra1-11037-1-44558-h-0-0---;11014-36-30037----0-0-1
accept-ranges
bytes
content-length
57997
expires
Sat, 15 Apr 2023 05:07:56 GMT
custom.css
cdn.x1cdn.com/vod/css/
0
312 B
Stylesheet
General
Full URL
https://cdn.x1cdn.com/vod/css/custom.css
Requested by
Host: campaign.royalvod.com
URL: https://campaign.royalvod.com/us/c06lud6/3/01.php
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
66.254.122.18 , United States, ASN29789 (REFLECTED, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://campaign.royalvod.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 10 Jan 2023 18:38:28 GMT
last-modified
Thu, 06 Jan 2022 12:15:54 GMT
etag
"25e423a30-0-5d4e8d4f6d280"
vary
Accept-Encoding
access-control-allow-methods
GET,HEAD,OPTIONS
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=10490654
x-cdn-diag
fra1-11014-1-29563-m-1-0-200-0.204--;11014-42-30037----0-0-201
accept-ranges
bytes
content-length
0
expires
Fri, 12 May 2023 04:42:42 GMT
style.css
cdn.x1cdn.com/vod/css/
8 KB
9 KB
Stylesheet
General
Full URL
https://cdn.x1cdn.com/vod/css/style.css
Requested by
Host: campaign.royalvod.com
URL: https://campaign.royalvod.com/us/c06lud6/3/01.php
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
66.254.122.18 , United States, ASN29789 (REFLECTED, US),
Reverse DNS
Software
/
Resource Hash
b57469fea83d7a075fbb8a74703acc382c82b20ef0ba7c80852768705fde1634

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://campaign.royalvod.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 10 Jan 2023 18:38:28 GMT
last-modified
Thu, 06 Jan 2022 12:15:55 GMT
etag
"25e423a32-2121-5d4e8d50614c0"
vary
Accept-Encoding
access-control-allow-methods
GET,HEAD,OPTIONS
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=10418427
x-cdn-diag
fra1-11015-2-4853-h-0-0---;11014-36-30037----0-0-1
accept-ranges
bytes
content-length
8481
expires
Wed, 22 Feb 2023 21:42:17 GMT
optimize.js
www.googleoptimize.com/
110 KB
44 KB
Script
General
Full URL
https://www.googleoptimize.com/optimize.js?id=OPT-N6K8RG5
Requested by
Host: campaign.royalvod.com
URL: https://campaign.royalvod.com/us/c06lud6/3/01.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
6522b35eb5492483442b55261e9df0ee89b857a73a1d4cff249af4455edce00f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://campaign.royalvod.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 10 Jan 2023 18:38:28 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
44144
x-xss-protection
0
last-modified
Tue, 10 Jan 2023 18:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 10 Jan 2023 18:38:28 GMT
dataLayer.js
campaign.royalvod.com/
2 KB
1 KB
Script
General
Full URL
https://campaign.royalvod.com/dataLayer.js
Requested by
Host: campaign.royalvod.com
URL: https://campaign.royalvod.com/us/c06lud6/3/01.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:953b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9c4500facb2adcf749f33daf852fd17a4f39f23b5462a6125ca369f9a8b5d551

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://campaign.royalvod.com/us/c06lud6/3/01.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 10 Jan 2023 18:38:28 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Thu, 02 Jun 2022 09:32:18 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"629883a2-861"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xEQTag3OvH%2Byh%2BrDtB10jvp29R6bHyzCyQANUPXQMMAEAh5udQTjOiyg%2F8iqVbwpFUECafwDvty1QrIKO4OZoMPN%2FG%2Bon03snJQGZY30QvUotgUDWHPt9bYFQDL7kzQAQUPV%2FwsZnnKu4sj1CrATcPFGEZ8%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
787787a1896468ec-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
ace-push.js
pushstar.xyz/
13 KB
5 KB
Script
General
Full URL
https://pushstar.xyz/ace-push.js
Requested by
Host: campaign.royalvod.com
URL: https://campaign.royalvod.com/us/c06lud6/3/01.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
149476ac2535eb87b112c0aaeca8c89dd7f363368b9a8eca3dfe772a79aaa6fe

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://campaign.royalvod.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 10 Jan 2023 18:38:29 GMT
content-encoding
br
cf-cache-status
BYPASS
last-modified
Thu, 08 Dec 2022 12:50:04 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"1d90b039793d2a2"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3v69hy80DlhCpCaNzkV5vURhCNrgTqLij0W5zk8PJS69mlN9%2FTia9FmDGZiNucdxAACa72iQGP4Q%2Fg6cSILl5VZikD2jCe7FLm3lmRJqRQvK1ShTYDuJLAvc05IVbVwryc5Axi%2BWpyQsoag%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cf-ray
787787a729df5c20-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
logo.png
cdn.x1cdn.com/vod/images/
4 KB
5 KB
Image
General
Full URL
https://cdn.x1cdn.com/vod/images/logo.png
Requested by
Host: campaign.royalvod.com
URL: https://campaign.royalvod.com/us/c06lud6/3/01.php
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
66.254.122.18 , United States, ASN29789 (REFLECTED, US),
Reverse DNS
Software
/
Resource Hash
2a62a61435578e7fbc7544f1cf2b2c45568078de558e8fbc8265e8c6e49aebc0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://campaign.royalvod.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 10 Jan 2023 18:38:28 GMT
last-modified
Thu, 06 Jan 2022 12:16:00 GMT
etag
"25e423a36-1136-5d4e8d5526000"
access-control-allow-methods
GET,HEAD,OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=10795780
x-cdn-diag
fra1-11028-1-42457-h-0-0---;11014-41-30037----0-0-1
accept-ranges
bytes
content-length
4406
expires
Thu, 30 Mar 2023 17:56:59 GMT
us-flag.png
cdn.x1cdn.com/vod/images/
4 KB
4 KB
Image
General
Full URL
https://cdn.x1cdn.com/vod/images/us-flag.png
Requested by
Host: campaign.royalvod.com
URL: https://campaign.royalvod.com/us/c06lud6/3/01.php
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
66.254.122.18 , United States, ASN29789 (REFLECTED, US),
Reverse DNS
Software
/
Resource Hash
2d1bef872851eff0b8f19d536103cf0b6431534ac1cbaebe1f9138f12eac7f8a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://campaign.royalvod.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 10 Jan 2023 18:38:28 GMT
last-modified
Thu, 06 Jan 2022 12:15:59 GMT
etag
"25e423a35-e7b-5d4e8d5431dc0"
access-control-allow-methods
GET,HEAD,OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=10586263
x-cdn-diag
fra1-11014-3-29803-h-0-0---;11014-41-30037----0-0-1
accept-ranges
bytes
content-length
3707
expires
Sat, 22 Apr 2023 17:20:27 GMT
cc-logos.png
cdn.x1cdn.com/vod/images/
5 KB
5 KB
Image
General
Full URL
https://cdn.x1cdn.com/vod/images/cc-logos.png
Requested by
Host: campaign.royalvod.com
URL: https://campaign.royalvod.com/us/c06lud6/3/01.php
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
66.254.122.18 , United States, ASN29789 (REFLECTED, US),
Reverse DNS
Software
/
Resource Hash
f836db9815459128a9455e2a117b0eee42a8b4a0ed1c2fb4337088c1864f6686

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://campaign.royalvod.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 10 Jan 2023 18:38:28 GMT
last-modified
Thu, 06 Jan 2022 12:15:59 GMT
etag
"25e423a34-13bf-5d4e8d5431dc0"
access-control-allow-methods
GET,HEAD,OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=10532241
x-cdn-diag
fra1-11028-1-42457-h-0-0---;11014-41-30037----0-0-1
accept-ranges
bytes
content-length
5055
expires
Fri, 07 Apr 2023 07:02:26 GMT
email-decode.min.js
campaign.royalvod.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/
1 KB
1 KB
Script
General
Full URL
https://campaign.royalvod.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: campaign.royalvod.com
URL: https://campaign.royalvod.com/us/c06lud6/3/01.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:953b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://campaign.royalvod.com/us/c06lud6/3/01.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 10 Jan 2023 18:38:28 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 05 Jan 2023 11:26:13 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"63b6b3d5-4d7"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XHz1e88C9jW6co%2B5XEItiOxsFOUCD%2F3MH%2F1lGSCGdw8Zb2YPHlt9gC2ZR57QJ89LdKIJ4hWvstGeCKNehQ%2F9FCjnEdjTI1p%2FTjL1AY8fTULldCk2Q09UgRe5ZJCGHmvu760tvKzhoWJeJqsA%2Fl8WGeoO5dk%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
x-frame-options
DENY
cache-control
max-age=172800, public
cf-ray
787787a67c7568ec-FRA
expires
Thu, 12 Jan 2023 18:38:28 GMT
jquery-3.1.1.min.js
cdn.x1cdn.com/vod/js/
85 KB
85 KB
Script
General
Full URL
https://cdn.x1cdn.com/vod/js/jquery-3.1.1.min.js
Requested by
Host: campaign.royalvod.com
URL: https://campaign.royalvod.com/us/c06lud6/3/01.php
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
66.254.122.18 , United States, ASN29789 (REFLECTED, US),
Reverse DNS
Software
/
Resource Hash
d30b6114fb9496ae46b2a8cdf59379c8ffdb957534bd1dd73e626c7c61c7e67d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://campaign.royalvod.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 10 Jan 2023 18:38:28 GMT
last-modified
Thu, 06 Jan 2022 12:16:08 GMT
etag
"25e423a40-1538f-5d4e8d5cc7200"
vary
Accept-Encoding
access-control-allow-methods
GET,HEAD,OPTIONS
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=10404118
x-cdn-diag
fra1-11015-1-4729-h-0-0---;11014-41-30037----0-0-1
accept-ranges
bytes
content-length
86927
expires
Sun, 19 Mar 2023 11:04:29 GMT
jquery.ui.min.js
cdn.x1cdn.com/vod/js/
234 KB
235 KB
Script
General
Full URL
https://cdn.x1cdn.com/vod/js/jquery.ui.min.js
Requested by
Host: campaign.royalvod.com
URL: https://campaign.royalvod.com/us/c06lud6/3/01.php
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
66.254.122.18 , United States, ASN29789 (REFLECTED, US),
Reverse DNS
Software
/
Resource Hash
b99cb3f5a0978988ae8d179c872a10ef306036cf74189a0cd6f7821e26b1df3c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://campaign.royalvod.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 10 Jan 2023 18:38:28 GMT
last-modified
Thu, 06 Jan 2022 12:16:08 GMT
etag
"25e423a3f-3a7d8-5d4e8d5cc7200"
vary
Accept-Encoding
access-control-allow-methods
GET,HEAD,OPTIONS
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=10795780
x-cdn-diag
fra1-11028-1-42457-h-0-0---;11014-41-30037----0-0-2
accept-ranges
bytes
content-length
239576
expires
Thu, 30 Mar 2023 17:56:59 GMT
wow.min.js
cdn.x1cdn.com/vod/js/
8 KB
8 KB
Script
General
Full URL
https://cdn.x1cdn.com/vod/js/wow.min.js
Requested by
Host: campaign.royalvod.com
URL: https://campaign.royalvod.com/us/c06lud6/3/01.php
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
66.254.122.18 , United States, ASN29789 (REFLECTED, US),
Reverse DNS
Software
/
Resource Hash
3162b6468674133d7b6c903e4b8a06f7faf51216d1e7f8b3edc8f326b1bfe461

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://campaign.royalvod.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 10 Jan 2023 18:38:28 GMT
last-modified
Thu, 06 Jan 2022 12:16:05 GMT
etag
"25c92c506-1ff7-5d4e8d59eab40"
vary
Accept-Encoding
access-control-allow-methods
GET,HEAD,OPTIONS
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=10716355
x-cdn-diag
fra1-11014-3-29804-h-0-0---;11014-41-30037----0-0-1
accept-ranges
bytes
content-length
8183
expires
Thu, 23 Mar 2023 16:53:54 GMT
a.js
analytics.webendpoint.com/
2 KB
1 KB
Script
General
Full URL
https://analytics.webendpoint.com/a.js
Requested by
Host: campaign.royalvod.com
URL: https://campaign.royalvod.com/us/c06lud6/3/01.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
380f75087c29f2b7abb9e5350755e4a41cc7ce8281f88afd55d3ab8eee74bffb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://campaign.royalvod.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 10 Jan 2023 18:38:29 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Thu, 02 Jun 2022 14:16:39 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"6298c647-6e0"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kNuoK%2BhWWqfkgunZDg4RFJdkmxMoYPHFBVXBMYHCAw6ba8lYBVumdGy7nu504I8YhPbml6Qd%2FOYCK6lySwJIOTetfRaKH5WD03u61BeoxGddMZyPT%2FQeCX%2BAvluD2FcQRJjr1oFc1uRPx5dEinDGqtkNOfIlHDOv"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400, stale-while-revalidate=30
cf-ray
787787a73e299bc5-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
gtm.js
www.googletagmanager.com/
140 KB
51 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-5QPSFS7
Requested by
Host: campaign.royalvod.com
URL: https://campaign.royalvod.com/us/c06lud6/3/01.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:802::2008 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
66bc20bb42270f65a68feb5b5b1749152588e3487c93e3c1e1e5062afce576ae
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://campaign.royalvod.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 10 Jan 2023 18:38:29 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
51962
x-xss-protection
0
last-modified
Tue, 10 Jan 2023 18:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 10 Jan 2023 18:38:29 GMT
j.php
dev.visualwebsiteoptimizer.com/
3 KB
1 KB
Script
General
Full URL
https://dev.visualwebsiteoptimizer.com/j.php?a=603655&u=https%3A%2F%2Fcampaign.royalvod.com%2Fus%2Fc06lud6%2F3%2F01.php&f=1&r=0.4371146469302145
Requested by
Host: campaign.royalvod.com
URL: https://campaign.royalvod.com/us/c06lud6/3/01.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gfra1 /
Resource Hash
1bdd94c4c8515b2a5dc7a40e09c97777a0da574c20c2dd3a01c49ca56a398918

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://campaign.royalvod.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 10 Jan 2023 18:38:28 GMT
content-encoding
gzip
via
1.1 google
server
gfra1
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=0, no-cache, must-revalidate
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
truncated
/
5 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
06e16999ed5bfa8f6396c7982bc3510a07190d32ecf308f5094637a92d96668a

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type
image/svg+xml
v.gif
dev.visualwebsiteoptimizer.com/
35 B
52 B
Image
General
Full URL
https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=603655&d=campaign.royalvod.com&u=D056B68B49F1E07C94190605B3A5F4338&h=0d81b7a9f3e7afcaa1b9a094d50af8b5&t=false&r=0.3504726858953251
Requested by
Host: campaign.royalvod.com
URL: https://campaign.royalvod.com/us/c06lud6/3/01.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
137.102.96.34.bc.googleusercontent.com
Software
gnv3c /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://campaign.royalvod.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 10 Jan 2023 18:38:29 GMT
via
1.1 google
x-content-type-options
nosniff
server
gnv3c
content-type
image/gif
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 10 Jan 2005 00:00:01 GMT
visit
pushserve.xyz/api/v1/
1 KB
2 KB
Fetch
General
Full URL
https://pushserve.xyz/api/v1/visit
Requested by
Host: pushstar.xyz
URL: https://pushstar.xyz/ace-push.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.50.64.3 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Kestrel /
Resource Hash
a97d95f52b9cc09808a58bd3d1fdd8086f4b449378b2a5ea06a74cb7d5adbef3

Request headers

Referer
https://campaign.royalvod.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-type
application/json

Response headers

access-control-allow-origin
*
date
Tue, 10 Jan 2023 18:38:28 GMT
server
Kestrel
content-length
1411
content-type
application/json; charset=utf-8
visit
pushserve.xyz/api/v1/
0
0
Preflight
General
Full URL
https://pushserve.xyz/api/v1/visit
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.50.64.3 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://campaign.royalvod.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-origin
*
content-length
0
date
Tue, 10 Jan 2023 18:38:28 GMT
analytics.js
www.google-analytics.com/
49 KB
20 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5QPSFS7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:807::200e , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://campaign.royalvod.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Tue, 10 Jan 2023 18:21:55 GMT
last-modified
Tue, 27 Sep 2022 22:01:05 GMT
server
Golfe2
age
994
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20039
expires
Tue, 10 Jan 2023 20:21:55 GMT
js
www.googletagmanager.com/gtag/
220 KB
77 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-5R9TLQELDR&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5QPSFS7
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:802::2008 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
cb6a105974584b5076519fe8ee94d0e399026407d9df0a17425220afe45fde9c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://campaign.royalvod.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 10 Jan 2023 18:38:29 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
78593
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Tue, 10 Jan 2023 18:38:29 GMT
load
analytics.webendpoint.com/collect/
2 B
480 B
XHR
General
Full URL
https://analytics.webendpoint.com/collect/load?{%22clickid%22:%22BKIWpCEAAAGFnPn5NwAAAesAAAAFAAAAAAAAAAAy%22,%22c%22:%22eyJhIjoyMTA2MiwibyI6Njg2LCJzbyI6MTQ0OCwicCI6NTgsImxwIjo4ODYsImMiOnt9fSAg%22,%22tracker%22:%225_101544_%22,%22loc%22:%22https%3A%2F%2Fcampaign.royalvod.com%2Fus%2Fc06lud6%2F3%2F01.php%22}
Requested by
Host: analytics.webendpoint.com
URL: https://analytics.webendpoint.com/a.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer
https://campaign.royalvod.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-type
text/plain

Response headers

date
Tue, 10 Jan 2023 18:38:29 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3vh3sOzmvqCEnFqeZUCOFuqnLsvjr3VmF3eix8ShRnJxosg%2B%2FN5xrujkaYAUva%2BVCRpUY80I1U1l1r5859pTt1dIctH24IauIx7gpssVI10LfAkXeC8teiIQWuU%2FVCRSRiv2vuco1UTqwTkQxuq9%2FRYxjcjOhe%2FE"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream
access-control-allow-origin
*
cf-ray
787787a90e3d9b8f-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
2
collect
www.google-analytics.com/j/
2 B
22 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j98&a=1310490850&t=pageview&_s=1&dl=https%3A%2F%2Fcampaign.royalvod.com%2Fus%2Fc06lud6%2F3%2F01.php&ul=en-us&de=UTF-8&dt=Proceed&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACAAI~&jid=602950193&gjid=1476412011&cid=1122854503.1673375909&tid=UA-224062114-1&_gid=2112692936.1673375909&_r=1&gtm=2wg1905QPSFS7&cd1=%2Fus%2Fc06lud6%2F3%2F01.php&cd2=royalvod.com&z=449785894
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:807::200e , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://campaign.royalvod.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 10 Jan 2023 18:38:29 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://campaign.royalvod.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
region1.google-analytics.com/g/
0
342 B
Ping
General
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-5R9TLQELDR&gtm=2oe190&_p=1310490850&cid=1122854503.1673375909&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1673375909&sct=1&seg=0&dl=https%3A%2F%2Fcampaign.royalvod.com%2Fus%2Fc06lud6%2F3%2F01.php&dr=https%3A%2F%2Fcampaign.royalvod.com%2Fus%2Fc06lud6%2F3%2F%3Ftracker%3D5_101544_%26clickid%3DBKIWpCEAAAGFnPn5NwAAAesAAAAFAAAAAAAAAAAy%26c%3DeyJhIjoyMTA2MiwibyI6Njg2LCJzbyI6MTQ0OCwicCI6NTgsImxwIjo4ODYsImMiOnt9fSAg&dt=Proceed&en=page_view&_fv=1&_ss=1&ep.path_clean=%2Fus%2Fc06lud6%2F3%2F01.php&ep.domain_name=royalvod.com&ep.click_id=BKIWpCEAAAGFnPn5NwAAAesAAAAFAAAAAAAAAAAy&ep.partner_id=21062&ep.offert_id=686&ep.source_id=&ep.subsource_id=&ep.landingpage_id=886&ep.tracker_id=value&ep.domain=campaign.royalvod.com&ep.url=https%3A%2F%2Fcampaign.royalvod.com%2Fus%2Fc06lud6%2F3%2F01.php
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5R9TLQELDR&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://campaign.royalvod.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 10 Jan 2023 18:38:29 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://campaign.royalvod.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
device.js
device.maxmind.com/js/
16 KB
7 KB
Script
General
Full URL
https://device.maxmind.com/js/device.js
Requested by
Host: campaign.royalvod.com
URL: https://campaign.royalvod.com/us/c06lud6/3/01.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:262f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
abae7f7058595f4f22636b7d6a8eefc755035b650578e88e8503b1b72747ad83

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://campaign.royalvod.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date
Tue, 10 Jan 2023 18:38:29 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Mon, 09 Jan 2023 18:37:05 GMT
server
cloudflare
age
18608
etag
W/"63bc5ed1-3f18"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=43200
cf-ray
787787aadc972bd9-FRA
expires
Wed, 11 Jan 2023 06:38:29 GMT
performance
analytics.webendpoint.com/collect/
2 B
441 B
XHR
General
Full URL
https://analytics.webendpoint.com/collect/performance?{%22clickid%22:%22BKIWpCEAAAGFnPn5NwAAAesAAAAFAAAAAAAAAAAy%22,%22c%22:%22eyJhIjoyMTA2MiwibyI6Njg2LCJzbyI6MTQ0OCwicCI6NTgsImxwIjo4ODYsImMiOnt9fSAg%22,%22tracker%22:%225_101544_%22,%22loc%22:%22https%3A%2F%2Fcampaign.royalvod.com%2Fus%2Fc06lud6%2F3%2F01.php%22,%22data%22:{%22name%22:%22https://campaign.royalvod.com/us/c06lud6/3/01.php%22,%22entryType%22:%22navigation%22,%22startTime%22:0,%22duration%22:0,%22initiatorType%22:%22navigation%22,%22nextHopProtocol%22:%22h2%22,%22renderBlockingStatus%22:%22blocking%22,%22workerStart%22:0,%22redirectStart%22:0,%22redirectEnd%22:0,%22fetchStart%22:0.2999992370605469,%22domainLookupStart%22:0.2999992370605469,%22domainLookupEnd%22:0.2999992370605469,%22connectStart%22:0.2999992370605469,%22connectEnd%22:0.2999992370605469,%22secureConnectionStart%22:0.2999992370605469,%22requestStart%22:1.6000003814697266,%22responseStart%22:180.70000076293945,%22responseEnd%22:181.79999923706055,%22transferSize%22:5333,%22encodedBodySize%22:5033,%22decodedBodySize%22:13522,%22serverTiming%22:[],%22unloadEventStart%22:286.6000003814697,%22unloadEventEnd%22:286.6000003814697,%22domInteractive%22:1233.7000007629395,%22domContentLoadedEventStart%22:1357.2999992370605,%22domContentLoadedEventEnd%22:1361.6000003814697,%22domComplete%22:1692.6000003814697,%22loadEventStart%22:1692.7000007629395,%22loadEventEnd%22:0,%22type%22:%22navigate%22,%22redirectCount%22:0,%22activationStart%22:0}}
Requested by
Host: analytics.webendpoint.com
URL: https://analytics.webendpoint.com/a.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer
https://campaign.royalvod.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-type
text/plain

Response headers

date
Tue, 10 Jan 2023 18:38:29 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9JV1EOD0oy952jIaiYRV2u7G729Kufu%2FoMzDZ6PTrjfm1a3H5vQZCIpYF9VAAvWH64qoWZ29RXnsjrgQ7WcId84GUnDUYmgPHz4mHUCh0DSX8OLa1jvL4q0LimAAoVIHuILFoeHAA5%2B8r1dWawmj0VdkHMf%2BPVKu"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream
access-control-allow-origin
*
cf-ray
787787aa48e39b8f-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
2
collect
stats.g.doubleclick.net/j/
4 B
446 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-224062114-1&cid=1122854503.1673375909&jid=602950193&gjid=1476412011&_gid=2112692936.1673375909&_u=YEBAAEAAAAAAACAAI~&z=1666214192
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://campaign.royalvod.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Tue, 10 Jan 2023 18:38:29 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://campaign.royalvod.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
ant_squire
d-ipv6.mmapiws.com/
92 B
270 B
XHR
General
Full URL
https://d-ipv6.mmapiws.com/ant_squire
Requested by
Host: device.maxmind.com
URL: https://device.maxmind.com/js/device.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1129 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dd38458e47158e867c970b3d02cdfaa15a17ae8fac313909f108610f717d5fce
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://campaign.royalvod.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Tue, 10 Jan 2023 18:38:29 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
cf-cache-status
DYNAMIC
server
cloudflare
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
cf-ray
787787ac48cc9bc2-FRA
ga-audiences
www.google.com/ads/
42 B
501 B
Image
General
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-224062114-1&cid=1122854503.1673375909&jid=602950193&_u=YEBAAEAAAAAAACAAI~&z=1984611225
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:806::2004 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://campaign.royalvod.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 10 Jan 2023 18:38:29 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
42 B
501 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-224062114-1&cid=1122854503.1673375909&jid=602950193&_u=YEBAAEAAAAAAACAAI~&z=1984611225
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://campaign.royalvod.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 10 Jan 2023 18:38:29 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
log-client-error
pushstar.xyz/api/v1/visit/
0
0
Fetch
General
Full URL
https://pushstar.xyz/api/v1/visit/log-client-error
Requested by
Host: pushstar.xyz
URL: https://pushstar.xyz/ace-push.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://campaign.royalvod.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-type
application/json

Response headers

date
Tue, 10 Jan 2023 18:38:30 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BHtAHBRQGfQIMlabKyt0SlClJl3xmUFrJ1GDHEMwUSnVvAEGmb%2BXUhCmHnQEqi1Wf8srFRJ6RUtyDnMJqYAKJFIxJ9HIhNqufK4RTkyAJPoxUviyxH0x7SBmHFpxRDOuSWgal6%2FI6yZuvqQ%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
cf-ray
787787add96690d4-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
log-client-error
pushstar.xyz/api/v1/visit/
0
0
Preflight
General
Full URL
https://pushstar.xyz/api/v1/visit/log-client-error
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://campaign.royalvod.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
787787acaef590d4-FRA
content-length
0
date
Tue, 10 Jan 2023 18:38:30 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GatezMNo%2Byxno7C%2FiIgAm12uHwc9yoJfM4f%2FdTtXd69DayhLtxXI2wrDY8RhZ%2B35HRMawbVCcyitDSIizEPEnbztgPq9y86U14s9D0hC1%2FTdsQh%2BDUXy4nkrX54XfmCmF0Kdate9CGVob9E%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
ant_squire
d-ipv4.mmapiws.com/
90 B
269 B
XHR
General
Full URL
https://d-ipv4.mmapiws.com/ant_squire
Requested by
Host: device.maxmind.com
URL: https://device.maxmind.com/js/device.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.145.54 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
be9a973f14fab41751a19a148e09c70435f0fac579af7b07bfd8b10e8a163328
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://campaign.royalvod.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Tue, 10 Jan 2023 18:38:30 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
cf-cache-status
DYNAMIC
server
cloudflare
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
cf-ray
787787adbc359bd0-FRA

Verdicts & Comments Add Verdict or Comment

30 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange object| dataLayer object| google_tag_manager object| google_optimize object| dataLayerHelpers number| settings_timer number| _vwo_settings_timer object| _vwo_code function| $ function| jQuery function| WOW string| maxmind_user_id object| el undefined| b number| _vwo_j_e string| _vwo_mt string| _vwo_tm object| vwo_iehack_queue function| initializeAcePush function| setBaseUrl function| getLocation function| registerServiceWorker object| google_tag_data string| GoogleAnalyticsObject function| ga object| gaplugins object| gaGlobal object| gaData function| onYouTubeIframeAPIReady object| __mmapiws

20 Cookies

Domain/Path Name / Value
campaign.royalvod.com/us/c06lud6/3 Name: tracker
Value: 5_101544_
campaign.royalvod.com/us/c06lud6/3 Name: clickid
Value: BKIWpCEAAAGFnPn5NwAAAesAAAAFAAAAAAAAAAAy
campaign.royalvod.com/us/c06lud6/3 Name: c
Value: eyJhIjoyMTA2MiwibyI6Njg2LCJzbyI6MTQ0OCwicCI6NTgsImxwIjo4ODYsImMiOnt9fSAg
.fruitfulcake.com/ Name: pt30
Value: 2ba5ed285473453e92d042e75158e906
.fruitfulcake.com/ Name: ptc
Value: 2ba5ed285473453e92d042e75158e906
.fruitfulcake.com/ Name: ptbs
Value: 2ba5ed285473453e92d042e75158e906
.fruitfulcake.com/ Name: ptr
Value: pt9535948cb0c24133a76f9c795abe20de
qllinks.com/ Name: _uuid
Value: 57097119-acaa-490e-8933-07216e18704a
qllinks.com/ Name: so_686
Value: 1448
qllinks.com/ Name: 48c95ff4e7aa98a6ec6b0ad23a8a560c
Value: true
qllinks.com/ Name: RNLBSERVERID
Value: ded464
campaign.royalvod.com/ Name: RNLBSERVERID
Value: ded879
.campaign.royalvod.com/ Name: _vwo_uuid_v2
Value: D056B68B49F1E07C94190605B3A5F4338|0d81b7a9f3e7afcaa1b9a094d50af8b5
.pushstar.xyz/ Name: TiPMix
Value: 12.916991706145742
.pushstar.xyz/ Name: x-ms-routing-name
Value: self
.royalvod.com/ Name: _gid
Value: GA1.2.2112692936.1673375909
.royalvod.com/ Name: _gat_UA-224062114-1
Value: 1
.royalvod.com/ Name: _ga_5R9TLQELDR
Value: GS1.1.1673375909.1.0.1673375909.0.0.0
.royalvod.com/ Name: _ga
Value: GA1.1.1122854503.1673375909
.royalvod.com/ Name: __mmapiwsid
Value: 5d713483-beb7-42dc-a636-fb2c9fb261a0:f7801580d1cadc428c42784c28e1a84deff65a7e

1 Console Messages

Source Level URL
Text
other error URL: https://campaign.royalvod.com/us/c06lud6/3/01.php
Message:
Chrome currently does not support the Push API in incognito mode (https://crbug.com/401439). There is deliberately no way to feature-detect this, since incognito mode needs to be undetectable by websites.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.webendpoint.com
campaign.royalvod.com
cdn.jsdelivr.net
cdn.x1cdn.com
confirmationcenterz.com
d-ipv4.mmapiws.com
d-ipv6.mmapiws.com
dev.visualwebsiteoptimizer.com
device.maxmind.com
fruitfulcake.com
pushserve.xyz
pushstar.xyz
qllinks.com
region1.google-analytics.com
stats.g.doubleclick.net
www.google-analytics.com
www.google.com
www.google.de
www.googleoptimize.com
www.googletagmanager.com
www.trkmobidea.com
104.19.145.54
15.197.255.173
157.90.33.241
18.195.174.160
20.50.64.3
2001:4860:4802:32::36
2606:4700:3034::ac43:953b
2606:4700::6810:262f
2606:4700::6810:5714
2606:4700::6812:1129
2a00:1450:4001:800::2003
2a00:1450:4001:812::200e
2a00:1450:400c:c00::9b
2a00:1450:400d:802::2008
2a00:1450:400d:806::2004
2a00:1450:400d:807::200e
2a06:98c1:3120::3
2a06:98c1:3121::3
34.96.102.137
66.254.106.253
66.254.122.18
06e16999ed5bfa8f6396c7982bc3510a07190d32ecf308f5094637a92d96668a
0ed78030f369a2044b6b62d01e3004c70a072611459589742d3f5cf4373ea286
149476ac2535eb87b112c0aaeca8c89dd7f363368b9a8eca3dfe772a79aaa6fe
1bdd94c4c8515b2a5dc7a40e09c97777a0da574c20c2dd3a01c49ca56a398918
220b12c5dcb405684b22aa4a7ab6ff7eaa5d6c3c91814f0c69d281d5b3755d69
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2a62a61435578e7fbc7544f1cf2b2c45568078de558e8fbc8265e8c6e49aebc0
2d1bef872851eff0b8f19d536103cf0b6431534ac1cbaebe1f9138f12eac7f8a
3162b6468674133d7b6c903e4b8a06f7faf51216d1e7f8b3edc8f326b1bfe461
380f75087c29f2b7abb9e5350755e4a41cc7ce8281f88afd55d3ab8eee74bffb
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
62f74b1cf824a89f03554c638e719594c309b4d8a627a758928c0516fa7890ab
6522b35eb5492483442b55261e9df0ee89b857a73a1d4cff249af4455edce00f
66bc20bb42270f65a68feb5b5b1749152588e3487c93e3c1e1e5062afce576ae
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
9c4500facb2adcf749f33daf852fd17a4f39f23b5462a6125ca369f9a8b5d551
a97d95f52b9cc09808a58bd3d1fdd8086f4b449378b2a5ea06a74cb7d5adbef3
abae7f7058595f4f22636b7d6a8eefc755035b650578e88e8503b1b72747ad83
b2f143b1def29a73cada2878eb36be9ae2a3289aa2272d62c35b1ea335a2129a
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
b57469fea83d7a075fbb8a74703acc382c82b20ef0ba7c80852768705fde1634
b99cb3f5a0978988ae8d179c872a10ef306036cf74189a0cd6f7821e26b1df3c
be9a973f14fab41751a19a148e09c70435f0fac579af7b07bfd8b10e8a163328
cb6a105974584b5076519fe8ee94d0e399026407d9df0a17425220afe45fde9c
d30b6114fb9496ae46b2a8cdf59379c8ffdb957534bd1dd73e626c7c61c7e67d
dd38458e47158e867c970b3d02cdfaa15a17ae8fac313909f108610f717d5fce
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f836db9815459128a9455e2a117b0eee42a8b4a0ed1c2fb4337088c1864f6686