urlscan.io logo urlscan.io
SecurityTrails logo

privatelink.de Open in urlscan Pro
159.69.100.79  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://domeleco.top/redirect?tid=878333
Effective URL: http://privatelink.de/?https://www.freenet.de/unterhaltung/promis/sarah-lombardi-urlaubsgruesse-im-bikini_7861514_4729...
Submission: On December 28 via manual from IT
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 12 IPs in 4 countries across 10 domains to perform 24 HTTP transactions. The main IP is 159.69.100.79, located in Germany and belongs to HETZNER-AS, DE. The main domain is privatelink.de.
This is the only time privatelink.de was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 65.9.68.13 16509 (AMAZON-02)
1 2 95.211.229.247 60781 (LEASEWEB-...)
1 4 78.46.10.196 24940 (HETZNER-AS)
1 2 84.19.167.171 31103 (KEYWEB-AS)
1 2a00:1450:400... 15169 (GOOGLE)
1 99.86.3.99 16509 (AMAZON-02)
4 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
4 162.252.214.5 53334 (TUT-AS)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 185.200.118.90 9009 (M247)
1 1 67.199.248.11 396982 (GOOGLE-PR...)
3 159.69.100.79 24940 (HETZNER-AS)
24 12
1    65.9.68.13 (Seattle, United States)

ASN16509 (AMAZON-02, US)
domeleco.top
2    95.211.229.247 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
s.optnx.com
4    78.46.10.196 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: dedi1996.your-server.de
mobileadvertise.de
2    84.19.167.171 (Germany)

ASN31103 (KEYWEB-AS, DE)
PTR: h-84.19.167.171.keyweb.de
redirect.critched.de
1    2a00:1450:4001:808::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    99.86.3.99 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-3-99.fra6.r.cloudfront.net
certify-js.alexametrics.com
4    2606:4700::6811:a6ba (United States)

ASN13335 (CLOUDFLARENET, US)
c.adsco.re
6.adsco.re
1    2a00:1450:4001:809::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
4    162.252.214.5 (United States)

ASN53334 (TUT-AS, US)
adsco.re
1    2606:4700::6811:a7ba (United States)

ASN13335 (CLOUDFLARENET, US)
6.adsco.re
1    185.200.118.90 (London, United Kingdom)

ASN9009 (M247, GB)
PTR: adscore.com
hvt0odedgoqu.l.adsco.re
1    67.199.248.11 (United States)

ASN396982 (GOOGLE-PRIVATE-CLOUD, US)
PTR: bit.ly
bit.ly
3    159.69.100.79 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.79.100.69.159.clients.your-server.de
privatelink.de
Domain Requested by
4 adsco.re c.adsco.re
4 mobileadvertise.de 1 redirects s.optnx.com
mobileadvertise.de
redirect.critched.de
3 privatelink.de c.adsco.re
privatelink.de
3 6.adsco.re c.adsco.re
2 c.adsco.re redirect.critched.de
c.adsco.re
2 redirect.critched.de 1 redirects mobileadvertise.de
2 s.optnx.com 1 redirects
1 bit.ly 1 redirects
1 hvt0odedgoqu.l.adsco.re c.adsco.re
1 www.google-analytics.com www.googletagmanager.com
1 certify-js.alexametrics.com redirect.critched.de
1 www.googletagmanager.com redirect.critched.de
1 domeleco.top 1 redirects
0 hvt0odedgoqu.s.adsco.re Failed c.adsco.re
0 hvt0odedgoqu.n.adsco.re Failed c.adsco.re
0 certify.alexametrics.com Failed
24 16

This site contains links to these domains. Also see Links.

Domain
www.freenet.de
Subject Issuer Validity Valid
optnx.com
Let's Encrypt Authority X3		 2020-10-26 -
2021-01-24		 3 months crt.sh
mobileadvertise.de
Encryption Everywhere DV TLS CA - G1		 2020-04-26 -
2021-04-27		 a year crt.sh
redirect.critched.de
Sectigo RSA Domain Validation Secure Server CA		 2020-12-16 -
2022-01-16		 a year crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-11-10 -
2021-02-02		 3 months crt.sh
certify-js.alexametrics.com
Amazon		 2020-07-12 -
2021-08-12		 a year crt.sh
*.adsco.re
Sectigo RSA Organization Validation Secure Server CA		 2020-09-15 -
2021-09-26		 a year crt.sh
*.l.adsco.re
Sectigo RSA Domain Validation Secure Server CA		 2020-07-14 -
2022-07-14		 2 years crt.sh

This page contains 1 frames:

Primary Page: http://privatelink.de/?https://www.freenet.de/unterhaltung/promis/sarah-lombardi-urlaubsgruesse-im-bikini_7861514_4729180.html%3Futm_source%3Dpaid%26utm_medium%3Dreferral%26utm_campaign%3Dnewsaggregator
Frame ID: C9A56F126B92E56491F4CEB840AD4C3F
Requests: 25 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://domeleco.top/redirect?tid=878333 HTTP 302
    https://s.optnx.com/cimp.php?data=TVRZd09URTBNalF4TUh4aE1qZzNNemN6WTJVMVpEQXdaV1JrTldOallqTTBNak... Page URL
  2. https://s.optnx.com/cimp.php?data=TVRZd09URTBNalF4TUh4aE1qZzNNemN6WTJVMVpEQXdaV1JrTldOallqTTBNak... HTTP 302
    https://mobileadvertise.de/link/fn2?exffir=eyJjIjoiNDgwOTg3ZTJiNTkxZmY2NGRmNDQ4MWVhOTE4NDk0NTUiLCJ0Ijoi... HTTP 301
    https://mobileadvertise.de/link/fn2/?exffir=eyJjIjoiNDgwOTg3ZTJiNTkxZmY2NGRmNDQ4MWVhOTE4NDk0NTUiLCJ0Ijo... Page URL
  3. https://redirect.critched.de/fn2 HTTP 301
    https://redirect.critched.de/fn2/ Page URL
  4. https://c.adsco.re/d Page URL
  5. https://bit.ly/2FpDpvH HTTP 301
    http://privatelink.de/?https://www.freenet.de/unterhaltung/promis/sarah-lombardi-urlaubsgruesse-im... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

24
Requests

75 %
HTTPS

31 %
IPv6

10
Domains

16
Subdomains

12
IPs

4
Countries

198 kB
Transfer

332 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://domeleco.top/redirect?tid=878333 HTTP 302
    https://s.optnx.com/cimp.php?data=TVRZd09URTBNalF4TUh4aE1qZzNNemN6WTJVMVpEQXdaV1JrTldOallqTTBNak14TWpsbE1XSTVOUS0tfGh0dHBzOi8vbW9iaWxlYWR2ZXJ0aXNlLmRlL2xpbmsvZm4yfGh0dHBzfDg5LjI0OS42NC4xNzF8REVVfDQxfGFkLW1hdmVuLmNvbXw1MjYxOTB8NDMwNjc1fDgxNTQzMXwzNTcwNzc3fDUxMXw0MDYxNjQwfDQzOTE0MjE4fDE2fDJ8MHwwfDc0MXw4NzgzMzN8MTA2LjIzNjY5OTk1MDg5fDc1fFVTRHxFVVJ8MS4yMjE4fDEuMjIxOHwyMnx8MXxERVV8fDEwMHw0fDF8fDQ1MzE5OTVlM2ZhNGEyMTdmOTk5ZjUyZTZkOTNmOTY2fGQ0MWQ4Y2Q5OGYwMGIyMDRlOTgwMDk5OGVjZjg0MjdlfDB8Mnx8MHwwfDB8MC4yNnwxfDB8ZXhjaGFuZ2VfbGlua3w3MWZmNTRlYmRkYjFlMDkwZmJmMTczZDk2ZTIzNDJjOHwwfDB8MHwyOTUwMTU3fC0xfDB8Mjk1MDE1OXxob3N0aW5nfHZwbnwxfDE0NDB8fDJ8MHwwfDgzfDB8MHxPS3xkOTljM2UyMTkxMmI5MTUzZTljNGI4ZmEyNDAyZGUwZg-- Page URL
  2. https://s.optnx.com/cimp.php?data=TVRZd09URTBNalF4TUh4aE1qZzNNemN6WTJVMVpEQXdaV1JrTldOallqTTBNak14TWpsbE1XSTVOUS0tfGh0dHBzOi8vbW9iaWxlYWR2ZXJ0aXNlLmRlL2xpbmsvZm4yfGh0dHBzfDg5LjI0OS42NC4xNzF8REVVfDQxfGFkLW1hdmVuLmNvbXw1MjYxOTB8NDMwNjc1fDgxNTQzMXwzNTcwNzc3fDUxMXw0MDYxNjQwfDQzOTE0MjE4fDE2fDJ8MHwwfDc0MXw4NzgzMzN8MTA2LjIzNjY5OTk1MDg5fDc1fFVTRHxFVVJ8MS4yMjE4fDEuMjIxOHwyMnx8MXxERVV8fDEwMHw0fDF8fDQ1MzE5OTVlM2ZhNGEyMTdmOTk5ZjUyZTZkOTNmOTY2fGQ0MWQ4Y2Q5OGYwMGIyMDRlOTgwMDk5OGVjZjg0MjdlfDB8Mnx8MHwwfDB8MC4yNnwxfDB8ZXhjaGFuZ2VfbGlua3w3MWZmNTRlYmRkYjFlMDkwZmJmMTczZDk2ZTIzNDJjOHwwfDB8MHwyOTUwMTU3fC0xfDB8Mjk1MDE1OXxob3N0aW5nfHZwbnwxfDE0NDB8fDJ8MHwwfDgzfDB8MHxPS3xkOTljM2UyMTkxMmI5MTUzZTljNGI4ZmEyNDAyZGUwZg--&p=https%3A%2F%2Fad-maven.com&tested=1&check=480987e2b591ff64df4481ea91849455&screen_resolution=1600x1200&container_resolution=1600x1200&iframe=0 HTTP 302
    https://mobileadvertise.de/link/fn2?exffir=eyJjIjoiNDgwOTg3ZTJiNTkxZmY2NGRmNDQ4MWVhOTE4NDk0NTUiLCJ0IjoiMSIsInNyIjoiMTYwMHgxMjAwIiwiY3IiOiIxNjAweDEyMDAiLCJpIjoiMCIsImNkIjowfQ-- HTTP 301
    https://mobileadvertise.de/link/fn2/?exffir=eyJjIjoiNDgwOTg3ZTJiNTkxZmY2NGRmNDQ4MWVhOTE4NDk0NTUiLCJ0IjoiMSIsInNyIjoiMTYwMHgxMjAwIiwiY3IiOiIxNjAweDEyMDAiLCJpIjoiMCIsImNkIjowfQ-- Page URL
  3. https://redirect.critched.de/fn2 HTTP 301
    https://redirect.critched.de/fn2/ Page URL
  4. https://c.adsco.re/d Page URL
  5. https://bit.ly/2FpDpvH HTTP 301
    http://privatelink.de/?https://www.freenet.de/unterhaltung/promis/sarah-lombardi-urlaubsgruesse-im-bikini_7861514_4729180.html%3Futm_source%3Dpaid%26utm_medium%3Dreferral%26utm_campaign%3Dnewsaggregator Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://domeleco.top/redirect?tid=878333 HTTP 302
  • https://s.optnx.com/cimp.php?data=TVRZd09URTBNalF4TUh4aE1qZzNNemN6WTJVMVpEQXdaV1JrTldOallqTTBNak14TWpsbE1XSTVOUS0tfGh0dHBzOi8vbW9iaWxlYWR2ZXJ0aXNlLmRlL2xpbmsvZm4yfGh0dHBzfDg5LjI0OS42NC4xNzF8REVVfDQxfGFkLW1hdmVuLmNvbXw1MjYxOTB8NDMwNjc1fDgxNTQzMXwzNTcwNzc3fDUxMXw0MDYxNjQwfDQzOTE0MjE4fDE2fDJ8MHwwfDc0MXw4NzgzMzN8MTA2LjIzNjY5OTk1MDg5fDc1fFVTRHxFVVJ8MS4yMjE4fDEuMjIxOHwyMnx8MXxERVV8fDEwMHw0fDF8fDQ1MzE5OTVlM2ZhNGEyMTdmOTk5ZjUyZTZkOTNmOTY2fGQ0MWQ4Y2Q5OGYwMGIyMDRlOTgwMDk5OGVjZjg0MjdlfDB8Mnx8MHwwfDB8MC4yNnwxfDB8ZXhjaGFuZ2VfbGlua3w3MWZmNTRlYmRkYjFlMDkwZmJmMTczZDk2ZTIzNDJjOHwwfDB8MHwyOTUwMTU3fC0xfDB8Mjk1MDE1OXxob3N0aW5nfHZwbnwxfDE0NDB8fDJ8MHwwfDgzfDB8MHxPS3xkOTljM2UyMTkxMmI5MTUzZTljNGI4ZmEyNDAyZGUwZg--
Request Chain 1
  • https://s.optnx.com/cimp.php?data=TVRZd09URTBNalF4TUh4aE1qZzNNemN6WTJVMVpEQXdaV1JrTldOallqTTBNak14TWpsbE1XSTVOUS0tfGh0dHBzOi8vbW9iaWxlYWR2ZXJ0aXNlLmRlL2xpbmsvZm4yfGh0dHBzfDg5LjI0OS42NC4xNzF8REVVfDQxfGFkLW1hdmVuLmNvbXw1MjYxOTB8NDMwNjc1fDgxNTQzMXwzNTcwNzc3fDUxMXw0MDYxNjQwfDQzOTE0MjE4fDE2fDJ8MHwwfDc0MXw4NzgzMzN8MTA2LjIzNjY5OTk1MDg5fDc1fFVTRHxFVVJ8MS4yMjE4fDEuMjIxOHwyMnx8MXxERVV8fDEwMHw0fDF8fDQ1MzE5OTVlM2ZhNGEyMTdmOTk5ZjUyZTZkOTNmOTY2fGQ0MWQ4Y2Q5OGYwMGIyMDRlOTgwMDk5OGVjZjg0MjdlfDB8Mnx8MHwwfDB8MC4yNnwxfDB8ZXhjaGFuZ2VfbGlua3w3MWZmNTRlYmRkYjFlMDkwZmJmMTczZDk2ZTIzNDJjOHwwfDB8MHwyOTUwMTU3fC0xfDB8Mjk1MDE1OXxob3N0aW5nfHZwbnwxfDE0NDB8fDJ8MHwwfDgzfDB8MHxPS3xkOTljM2UyMTkxMmI5MTUzZTljNGI4ZmEyNDAyZGUwZg--&p=https%3A%2F%2Fad-maven.com&tested=1&check=480987e2b591ff64df4481ea91849455&screen_resolution=1600x1200&container_resolution=1600x1200&iframe=0 HTTP 302
  • https://mobileadvertise.de/link/fn2?exffir=eyJjIjoiNDgwOTg3ZTJiNTkxZmY2NGRmNDQ4MWVhOTE4NDk0NTUiLCJ0IjoiMSIsInNyIjoiMTYwMHgxMjAwIiwiY3IiOiIxNjAweDEyMDAiLCJpIjoiMCIsImNkIjowfQ-- HTTP 301
  • https://mobileadvertise.de/link/fn2/?exffir=eyJjIjoiNDgwOTg3ZTJiNTkxZmY2NGRmNDQ4MWVhOTE4NDk0NTUiLCJ0IjoiMSIsInNyIjoiMTYwMHgxMjAwIiwiY3IiOiIxNjAweDEyMDAiLCJpIjoiMCIsImNkIjowfQ--
Request Chain 3
  • https://redirect.critched.de/fn2 HTTP 301
  • https://redirect.critched.de/fn2/

24 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Cookie set cimp.php
s.optnx.com/
Redirect Chain
  • http://domeleco.top/redirect?tid=878333
  • https://s.optnx.com/cimp.php?data=TVRZd09URTBNalF4TUh4aE1qZzNNemN6WTJVMVpEQXdaV1JrTldOallqTTBNak14TWpsbE1XSTVOUS0tfGh0dHBzOi8vbW9iaWxlYWR2ZXJ0aXNlLmRlL2xpbmsvZm4yfGh0dHBzfDg5LjI0OS42NC4xNzF8REVVfDQ...
3 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.optnx.com/cimp.php?data=TVRZd09URTBNalF4TUh4aE1qZzNNemN6WTJVMVpEQXdaV1JrTldOallqTTBNak14TWpsbE1XSTVOUS0tfGh0dHBzOi8vbW9iaWxlYWR2ZXJ0aXNlLmRlL2xpbmsvZm4yfGh0dHBzfDg5LjI0OS42NC4xNzF8REVVfDQxfGFkLW1hdmVuLmNvbXw1MjYxOTB8NDMwNjc1fDgxNTQzMXwzNTcwNzc3fDUxMXw0MDYxNjQwfDQzOTE0MjE4fDE2fDJ8MHwwfDc0MXw4NzgzMzN8MTA2LjIzNjY5OTk1MDg5fDc1fFVTRHxFVVJ8MS4yMjE4fDEuMjIxOHwyMnx8MXxERVV8fDEwMHw0fDF8fDQ1MzE5OTVlM2ZhNGEyMTdmOTk5ZjUyZTZkOTNmOTY2fGQ0MWQ4Y2Q5OGYwMGIyMDRlOTgwMDk5OGVjZjg0MjdlfDB8Mnx8MHwwfDB8MC4yNnwxfDB8ZXhjaGFuZ2VfbGlua3w3MWZmNTRlYmRkYjFlMDkwZmJmMTczZDk2ZTIzNDJjOHwwfDB8MHwyOTUwMTU3fC0xfDB8Mjk1MDE1OXxob3N0aW5nfHZwbnwxfDE0NDB8fDJ8MHwwfDgzfDB8MHxPS3xkOTljM2UyMTkxMmI5MTUzZTljNGI4ZmEyNDAyZGUwZg--
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
95.211.229.247 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash
5b4af9cf1c6fb02a2b40dface35b0e342556e7095514c56d0ca4d54d7c536825

Request headers

Host
s.optnx.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server
nginx
Date
Mon, 28 Dec 2020 08:00:10 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
__uvt=a%3A1%3A%7Bi%3A0%3Bs%3A31%3A%225fe9908a896eb2.9834437381532294%22%3B%7D; expires=Wed, 28 Dec 2022 08:00:10 GMT; path=; domain=.optnx.com; Secure; SameSite=none
Content-Encoding
gzip

Redirect headers

Content-Type
text/plain
Content-Length
0
Connection
keep-alive
Date
Mon, 28 Dec 2020 08:00:10 GMT
Server
openresty/1.17.8.2
cache-control
no-store, no-cache, must-revalidate, no-transform
Pragma
no-cache
P3P
CP="NID DSP ALL COR"
set-cookie
csu=056acccc-1ce5-49b9-9f89-353c6cdbbe33
Set-Cookie
fv=rjgEpjw9rTnFrcEFqTa4rjnGqdwEvdw=; Expires=Tue, 28 Dec 2021 08:00:10 GMT; Max-Age=31536000; Domain=.domeleco.top; Path=/; Version=1
Location
https://s.optnx.com/cimp.php?data=TVRZd09URTBNalF4TUh4aE1qZzNNemN6WTJVMVpEQXdaV1JrTldOallqTTBNak14TWpsbE1XSTVOUS0tfGh0dHBzOi8vbW9iaWxlYWR2ZXJ0aXNlLmRlL2xpbmsvZm4yfGh0dHBzfDg5LjI0OS42NC4xNzF8REVVfDQxfGFkLW1hdmVuLmNvbXw1MjYxOTB8NDMwNjc1fDgxNTQzMXwzNTcwNzc3fDUxMXw0MDYxNjQwfDQzOTE0MjE4fDE2fDJ8MHwwfDc0MXw4NzgzMzN8MTA2LjIzNjY5OTk1MDg5fDc1fFVTRHxFVVJ8MS4yMjE4fDEuMjIxOHwyMnx8MXxERVV8fDEwMHw0fDF8fDQ1MzE5OTVlM2ZhNGEyMTdmOTk5ZjUyZTZkOTNmOTY2fGQ0MWQ4Y2Q5OGYwMGIyMDRlOTgwMDk5OGVjZjg0MjdlfDB8Mnx8MHwwfDB8MC4yNnwxfDB8ZXhjaGFuZ2VfbGlua3w3MWZmNTRlYmRkYjFlMDkwZmJmMTczZDk2ZTIzNDJjOHwwfDB8MHwyOTUwMTU3fC0xfDB8Mjk1MDE1OXxob3N0aW5nfHZwbnwxfDE0NDB8fDJ8MHwwfDgzfDB8MHxPS3xkOTljM2UyMTkxMmI5MTUzZTljNGI4ZmEyNDAyZGUwZg--
X-Cache
Miss from cloudfront
Via
1.1 36d9e1bd4f00d39c57a56679dc44e264.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA56-C1
X-Amz-Cf-Id
SYdGBp7kbnTRHm4Ca9ZLQsCxrWoswXF3vl9txrudFv-JGj5FMva26w==
/
mobileadvertise.de/link/fn2/
Redirect Chain
  • https://s.optnx.com/cimp.php?data=TVRZd09URTBNalF4TUh4aE1qZzNNemN6WTJVMVpEQXdaV1JrTldOallqTTBNak14TWpsbE1XSTVOUS0tfGh0dHBzOi8vbW9iaWxlYWR2ZXJ0aXNlLmRlL2xpbmsvZm4yfGh0dHBzfDg5LjI0OS42NC4xNzF8REVVfDQ...
  • https://mobileadvertise.de/link/fn2?exffir=eyJjIjoiNDgwOTg3ZTJiNTkxZmY2NGRmNDQ4MWVhOTE4NDk0NTUiLCJ0IjoiMSIsInNyIjoiMTYwMHgxMjAwIiwiY3IiOiIxNjAweDEyMDAiLCJpIjoiMCIsImNkIjowfQ--
  • https://mobileadvertise.de/link/fn2/?exffir=eyJjIjoiNDgwOTg3ZTJiNTkxZmY2NGRmNDQ4MWVhOTE4NDk0NTUiLCJ0IjoiMSIsInNyIjoiMTYwMHgxMjAwIiwiY3IiOiIxNjAweDEyMDAiLCJpIjoiMCIsImNkIjowfQ--
619 B
394 B 		Document
General
Check archive.org
Download Go to
Full URL
https://mobileadvertise.de/link/fn2/?exffir=eyJjIjoiNDgwOTg3ZTJiNTkxZmY2NGRmNDQ4MWVhOTE4NDk0NTUiLCJ0IjoiMSIsInNyIjoiMTYwMHgxMjAwIiwiY3IiOiIxNjAweDEyMDAiLCJpIjoiMCIsImNkIjowfQ--
Requested by
Host: s.optnx.com
URL: https://s.optnx.com/cimp.php?data=TVRZd09URTBNalF4TUh4aE1qZzNNemN6WTJVMVpEQXdaV1JrTldOallqTTBNak14TWpsbE1XSTVOUS0tfGh0dHBzOi8vbW9iaWxlYWR2ZXJ0aXNlLmRlL2xpbmsvZm4yfGh0dHBzfDg5LjI0OS42NC4xNzF8REVVfDQxfGFkLW1hdmVuLmNvbXw1MjYxOTB8NDMwNjc1fDgxNTQzMXwzNTcwNzc3fDUxMXw0MDYxNjQwfDQzOTE0MjE4fDE2fDJ8MHwwfDc0MXw4NzgzMzN8MTA2LjIzNjY5OTk1MDg5fDc1fFVTRHxFVVJ8MS4yMjE4fDEuMjIxOHwyMnx8MXxERVV8fDEwMHw0fDF8fDQ1MzE5OTVlM2ZhNGEyMTdmOTk5ZjUyZTZkOTNmOTY2fGQ0MWQ4Y2Q5OGYwMGIyMDRlOTgwMDk5OGVjZjg0MjdlfDB8Mnx8MHwwfDB8MC4yNnwxfDB8ZXhjaGFuZ2VfbGlua3w3MWZmNTRlYmRkYjFlMDkwZmJmMTczZDk2ZTIzNDJjOHwwfDB8MHwyOTUwMTU3fC0xfDB8Mjk1MDE1OXxob3N0aW5nfHZwbnwxfDE0NDB8fDJ8MHwwfDgzfDB8MHxPS3xkOTljM2UyMTkxMmI5MTUzZTljNGI4ZmEyNDAyZGUwZg--
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
78.46.10.196 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
dedi1996.your-server.de
Software
Apache /
Resource Hash
61d0580bd1e2906ec333d65a7e060ec8552f35e7d0a82384d07f88e891292ec9

Request headers

:method
GET
:authority
mobileadvertise.de
:scheme
https
:path
/link/fn2/?exffir=eyJjIjoiNDgwOTg3ZTJiNTkxZmY2NGRmNDQ4MWVhOTE4NDk0NTUiLCJ0IjoiMSIsInNyIjoiMTYwMHgxMjAwIiwiY3IiOiIxNjAweDEyMDAiLCJpIjoiMCIsImNkIjowfQ--
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://s.optnx.com/cimp.php?data=TVRZd09URTBNalF4TUh4aE1qZzNNemN6WTJVMVpEQXdaV1JrTldOallqTTBNak14TWpsbE1XSTVOUS0tfGh0dHBzOi8vbW9iaWxlYWR2ZXJ0aXNlLmRlL2xpbmsvZm4yfGh0dHBzfDg5LjI0OS42NC4xNzF8REVVfDQxfGFkLW1hdmVuLmNvbXw1MjYxOTB8NDMwNjc1fDgxNTQzMXwzNTcwNzc3fDUxMXw0MDYxNjQwfDQzOTE0MjE4fDE2fDJ8MHwwfDc0MXw4NzgzMzN8MTA2LjIzNjY5OTk1MDg5fDc1fFVTRHxFVVJ8MS4yMjE4fDEuMjIxOHwyMnx8MXxERVV8fDEwMHw0fDF8fDQ1MzE5OTVlM2ZhNGEyMTdmOTk5ZjUyZTZkOTNmOTY2fGQ0MWQ4Y2Q5OGYwMGIyMDRlOTgwMDk5OGVjZjg0MjdlfDB8Mnx8MHwwfDB8MC4yNnwxfDB8ZXhjaGFuZ2VfbGlua3w3MWZmNTRlYmRkYjFlMDkwZmJmMTczZDk2ZTIzNDJjOHwwfDB8MHwyOTUwMTU3fC0xfDB8Mjk1MDE1OXxob3N0aW5nfHZwbnwxfDE0NDB8fDJ8MHwwfDgzfDB8MHxPS3xkOTljM2UyMTkxMmI5MTUzZTljNGI4ZmEyNDAyZGUwZg--
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://s.optnx.com/cimp.php?data=TVRZd09URTBNalF4TUh4aE1qZzNNemN6WTJVMVpEQXdaV1JrTldOallqTTBNak14TWpsbE1XSTVOUS0tfGh0dHBzOi8vbW9iaWxlYWR2ZXJ0aXNlLmRlL2xpbmsvZm4yfGh0dHBzfDg5LjI0OS42NC4xNzF8REVVfDQxfGFkLW1hdmVuLmNvbXw1MjYxOTB8NDMwNjc1fDgxNTQzMXwzNTcwNzc3fDUxMXw0MDYxNjQwfDQzOTE0MjE4fDE2fDJ8MHwwfDc0MXw4NzgzMzN8MTA2LjIzNjY5OTk1MDg5fDc1fFVTRHxFVVJ8MS4yMjE4fDEuMjIxOHwyMnx8MXxERVV8fDEwMHw0fDF8fDQ1MzE5OTVlM2ZhNGEyMTdmOTk5ZjUyZTZkOTNmOTY2fGQ0MWQ4Y2Q5OGYwMGIyMDRlOTgwMDk5OGVjZjg0MjdlfDB8Mnx8MHwwfDB8MC4yNnwxfDB8ZXhjaGFuZ2VfbGlua3w3MWZmNTRlYmRkYjFlMDkwZmJmMTczZDk2ZTIzNDJjOHwwfDB8MHwyOTUwMTU3fC0xfDB8Mjk1MDE1OXxob3N0aW5nfHZwbnwxfDE0NDB8fDJ8MHwwfDgzfDB8MHxPS3xkOTljM2UyMTkxMmI5MTUzZTljNGI4ZmEyNDAyZGUwZg--

Response headers

date
Mon, 28 Dec 2020 08:00:10 GMT
server
Apache
vary
Accept-Encoding
content-encoding
gzip
content-length
329
content-type
text/html; charset=utf-8

Redirect headers

date
Mon, 28 Dec 2020 08:00:10 GMT
server
Apache
location
https://mobileadvertise.de/link/fn2/?exffir=eyJjIjoiNDgwOTg3ZTJiNTkxZmY2NGRmNDQ4MWVhOTE4NDk0NTUiLCJ0IjoiMSIsInNyIjoiMTYwMHgxMjAwIiwiY3IiOiIxNjAweDEyMDAiLCJpIjoiMCIsImNkIjowfQ--
content-length
453
content-type
text/html; charset=iso-8859-1
history-stealer.js
mobileadvertise.de/link/fn/ 		465 B
342 B 		Script
General
Check archive.org
Download Go to
Full URL
https://mobileadvertise.de/link/fn/history-stealer.js
Requested by
Host: mobileadvertise.de
URL: https://mobileadvertise.de/link/fn2/?exffir=eyJjIjoiNDgwOTg3ZTJiNTkxZmY2NGRmNDQ4MWVhOTE4NDk0NTUiLCJ0IjoiMSIsInNyIjoiMTYwMHgxMjAwIiwiY3IiOiIxNjAweDEyMDAiLCJpIjoiMCIsImNkIjowfQ--
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
78.46.10.196 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
dedi1996.your-server.de
Software
Apache /
Resource Hash
15c97bfbe884d851b580b9bbc22e2968958124cad5604e0b33c7d193817d6c9e

Request headers

Referer
https://mobileadvertise.de/link/fn2/?exffir=eyJjIjoiNDgwOTg3ZTJiNTkxZmY2NGRmNDQ4MWVhOTE4NDk0NTUiLCJ0IjoiMSIsInNyIjoiMTYwMHgxMjAwIiwiY3IiOiIxNjAweDEyMDAiLCJpIjoiMCIsImNkIjowfQ--
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 28 Dec 2020 08:00:10 GMT
content-encoding
gzip
last-modified
Wed, 02 Sep 2020 10:07:48 GMT
server
Apache
etag
"1d1-5ae51cec938aa-gzip"
vary
Accept-Encoding
content-type
application/javascript
accept-ranges
bytes
content-length
244
/
redirect.critched.de/fn2/
Redirect Chain
  • https://redirect.critched.de/fn2
  • https://redirect.critched.de/fn2/
2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://redirect.critched.de/fn2/
Requested by
Host: mobileadvertise.de
URL: https://mobileadvertise.de/link/fn2/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
84.19.167.171 , Germany, ASN31103 (KEYWEB-AS, DE),
Reverse DNS
h-84.19.167.171.keyweb.de
Software
Apache /
Resource Hash
710c45300215a0124acd93c5d0bff4fd98fbef52a6c6bdf0c4dcaad0a045acc3

Request headers

Host
redirect.critched.de
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
document
Referer
https://mobileadvertise.de/link/fn2/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://mobileadvertise.de/link/fn2/

Response headers

Date
Mon, 28 Dec 2020 08:00:10 GMT
Server
Apache
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
932
Keep-Alive
timeout=5, max=99
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8

Redirect headers

Date
Mon, 28 Dec 2020 08:00:10 GMT
Server
Apache
Location
https://redirect.critched.de/fn2/
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
197
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html; charset=iso-8859-1
js
www.googletagmanager.com/gtag/ 		96 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-92497406-1
Requested by
Host: redirect.critched.de
URL: https://redirect.critched.de/fn2/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://redirect.critched.de/fn2/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 28 Dec 2020 08:00:10 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38975
x-xss-protection
0
last-modified
Mon, 28 Dec 2020 06:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 28 Dec 2020 08:00:10 GMT
history-stealer.js
mobileadvertise.de/link/fn/ 		465 B
297 B 		Script
General
Check archive.org
Download Go to
Full URL
https://mobileadvertise.de/link/fn/history-stealer.js
Requested by
Host: redirect.critched.de
URL: https://redirect.critched.de/fn2/
Protocol
H2
Security
TLS 1.3, , CHACHA20_POLY1305
Server
78.46.10.196 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
dedi1996.your-server.de
Software
Apache /
Resource Hash
15c97bfbe884d851b580b9bbc22e2968958124cad5604e0b33c7d193817d6c9e

Request headers

Referer
https://redirect.critched.de/fn2/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 28 Dec 2020 08:00:10 GMT
content-encoding
gzip
last-modified
Wed, 02 Sep 2020 10:07:48 GMT
server
Apache
etag
"1d1-5ae51cec938aa-gzip"
vary
Accept-Encoding
content-type
application/javascript
accept-ranges
bytes
content-length
244
atrk.js
certify-js.alexametrics.com/ 		4 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://certify-js.alexametrics.com/atrk.js
Requested by
Host: redirect.critched.de
URL: https://redirect.critched.de/fn2/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
99.86.3.99 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-3-99.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash

Request headers

Referer
https://redirect.critched.de/fn2/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 29 Sep 2020 00:34:48 GMT
Via
1.1 c1fb60e38be5022a78e4b52bedded7c2.cloudfront.net (CloudFront)
Connection
keep-alive
Last-Modified
Sat, 16 Mar 2019 16:01:33 GMT
Server
AmazonS3
Age
7802723
ETag
"96c08723796affab377d9bb08d631cd0"
X-Cache
Hit from cloudfront
Content-Type
text/javascript
Cache-Control
max-age=26920000
X-Amz-Cf-Pop
FRA6-C1
Accept-Ranges
bytes
Content-Length
4264
X-Amz-Cf-Id
tqnVFV-AOOtPvYBMQ8DmaOWmRdhm__2dC2iY4BxaawWqfgCOwYeMEg==
d
c.adsco.re/ 		36 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://c.adsco.re/d
Requested by
Host: redirect.critched.de
URL: https://redirect.critched.de/fn2/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:a6ba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0d4b72097fc50b0bc69423e4cd5d46da22680db24ed83277bd5d97f298af9db8

Request headers

:method
GET
:authority
c.adsco.re
:scheme
https
:path
/d
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://redirect.critched.de/fn2/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://redirect.critched.de/fn2/

Response headers

date
Mon, 28 Dec 2020 08:00:10 GMT
content-type
text/html
cache-control
max-age=86400,public,immutable
expires
Sun, 27 Dec 2020 00:13:27 GMT
link
<//adsco.re/p>;rel=prefetch,<//6.adsco.re>;rel=prefetch
etag
W/"t12enodnDvCQbNMR3zyFGg=="
cf-cache-status
HIT
age
200803
cf-request-id
0749f5b6780000175a54bb9000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
server
cloudflare
cf-ray
6089bf03fbdc175a-FRA
content-encoding
br
analytics.js
www.google-analytics.com/ 		46 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-92497406-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://redirect.critched.de/fn2/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 23 Oct 2020 03:00:57 GMT
server
Golfe2
age
4203
date
Mon, 28 Dec 2020 06:50:07 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18817
expires
Mon, 28 Dec 2020 08:50:07 GMT
atrk.gif
certify.alexametrics.com/ 		0
0
p
adsco.re/ 		0
323 B 		Other
General
Check archive.org
Download Go to
Full URL
https://adsco.re/p
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
162.252.214.5 , United States, ASN53334 (TUT-AS, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://c.adsco.re/d
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 28 Dec 2020 08:00:10 GMT
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
AS-P-4
OK
Transfer-Encoding
chunked
AS-P-1
OK
Access-Control-Max-Age
2592000
Cache-Control
no-transform
Connection
keep-alive
AS-E
ND
AS-P-2
OK
AS-P-3
OK
/
6.adsco.re/ 		0
256 B 		Other
General
Check archive.org
Download Go to
Full URL
https://6.adsco.re/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:a6ba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://c.adsco.re/d
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 28 Dec 2020 08:00:10 GMT
content-encoding
br
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS
content-type
text/plain;charset=UTF-8
access-control-allow-origin
*
access-control-max-age
2592000
cache-control
no-store, max-age=0
cf-ray
6089bf041c2f175a-FRA
access-control-allow-headers
Content-Type
cf-request-id
0749f5b6920000175ae9b79000000001
p
adsco.re/ 		0
412 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://adsco.re/p
Requested by
Host: c.adsco.re
URL: https://c.adsco.re/d
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
162.252.214.5 , United States, ASN53334 (TUT-AS, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://c.adsco.re/d
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Mon, 28 Dec 2020 08:00:10 GMT
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
AS-P-4
OK
Transfer-Encoding
chunked
AS-P-1
OK
Access-Control-Allow-Origin
https://c.adsco.re
Access-Control-Max-Age
2592000
Cache-Control
no-transform
Access-Control-Allow-Credentials
true
Connection
keep-alive
AS-E
ND
AS-P-2
OK
AS-P-3
OK
/
6.adsco.re/ 		53 B
404 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://6.adsco.re/
Requested by
Host: c.adsco.re
URL: https://c.adsco.re/d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:a7ba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
131a638276d530de6eeac45664891bd4eb4721381b348168011eb86e38f8eff3

Request headers

Referer
https://c.adsco.re/d
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 28 Dec 2020 08:00:10 GMT
content-encoding
br
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS
content-type
text/plain;charset=UTF-8
access-control-allow-origin
https://c.adsco.re
access-control-max-age
2592000
cache-control
no-store, max-age=0
cf-ray
6089bf0449b7645b-FRA
access-control-allow-headers
Content-Type
cf-request-id
0749f5b6ae0000645b551b5000000001
/
hvt0odedgoqu.l.adsco.re/ 		0
464 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hvt0odedgoqu.l.adsco.re/
Requested by
Host: c.adsco.re
URL: https://c.adsco.re/d
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.200.118.90 London, United Kingdom, ASN9009 (M247, GB),
Reverse DNS
adscore.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://c.adsco.re/d
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 28 Dec 2020 08:00:10 GMT
Last-Modified
Tue, 31 Jul 2018 22:16:15 GMT
ETag
"5b60dfaf-0"
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
text/html
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Content-Length,Content-Range
Connection
close
Accept-Ranges
bytes
Access-Control-Allow-Headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Content-Length
0
/
hvt0odedgoqu.n.adsco.re/ 		0
0
/
hvt0odedgoqu.s.adsco.re/ 		0
0
d
c.adsco.re/ 		36 KB
12 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.adsco.re/d
Requested by
Host: c.adsco.re
URL: https://c.adsco.re/d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:a6ba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0d4b72097fc50b0bc69423e4cd5d46da22680db24ed83277bd5d97f298af9db8

Request headers

Referer
https://c.adsco.re/d
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 28 Dec 2020 08:00:10 GMT
content-encoding
br
cf-cache-status
HIT
server
cloudflare
age
200803
etag
W/"t12enodnDvCQbNMR3zyFGg=="
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/html
cache-control
max-age=86400,public,immutable
cf-ray
6089bf042c4c175a-FRA
link
<//adsco.re/p>;rel=prefetch,<//6.adsco.re>;rel=prefetch
cf-request-id
0749f5b69d0000175aef079000000001
expires
Sun, 27 Dec 2020 00:13:27 GMT
p
adsco.re/ 		0
323 B 		Other
General
Check archive.org
Download Go to
Full URL
https://adsco.re/p
Requested by
Host: c.adsco.re
URL: https://c.adsco.re/d
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
162.252.214.5 , United States, ASN53334 (TUT-AS, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://c.adsco.re/d
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 28 Dec 2020 08:00:11 GMT
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
AS-P-4
OK
Transfer-Encoding
chunked
AS-P-1
OK
Access-Control-Max-Age
2592000
Cache-Control
no-transform
Connection
keep-alive
AS-E
ND
AS-P-2
OK
AS-P-3
OK
/
6.adsco.re/ 		0
152 B 		Other
General
Check archive.org
Download Go to
Full URL
https://6.adsco.re/
Requested by
Host: c.adsco.re
URL: https://c.adsco.re/d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:a6ba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://c.adsco.re/d
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 28 Dec 2020 08:00:11 GMT
content-encoding
br
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD, OPTIONS
content-type
text/plain;charset=UTF-8
access-control-allow-origin
*
access-control-max-age
2592000
cache-control
no-store, max-age=0
cf-ray
6089bf050dc4175a-FRA
access-control-allow-headers
Content-Type
cf-request-id
0749f5b7240000175a341e7000000001
p
adsco.re/ 		259 B
773 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://adsco.re/p
Requested by
Host: c.adsco.re
URL: https://c.adsco.re/d
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
162.252.214.5 , United States, ASN53334 (TUT-AS, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://c.adsco.re/d
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

AS-P-G
OK
Date
Mon, 28 Dec 2020 08:00:11 GMT
AS-P-7
OK
AS-P-9
OK
AS-P-C
OK
Transfer-Encoding
chunked
AS-P-5
OK
AS-P-F
OK
Connection
keep-alive
Content-Encoding
gzip
AS-P-2
OK
AS-P-D
OK
AS-P-6
OK
AS-P-B
OK
AS-P-H
OK
AS-P-4
OK
AS-P-A
OK
Access-Control-Max-Age
2592000
AS-P-1
OK
Access-Control-Allow-Origin
https://c.adsco.re
Cache-Control
no-transform
Access-Control-Allow-Credentials
true
AS-P-8
OK
Content-Type
text/html; charset=UTF-8
AS-P-E
OK
AS-P-3
OK
Primary Request Cookie set /
privatelink.de/
Redirect Chain
  • https://bit.ly/2FpDpvH
  • http://privatelink.de/?https://www.freenet.de/unterhaltung/promis/sarah-lombardi-urlaubsgruesse-im-bikini_7861514_4729180.html%3Futm_source%3Dpaid%26utm_medium%3Dreferral%26utm_campaign%3Dnewsaggre...
5 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://privatelink.de/?https://www.freenet.de/unterhaltung/promis/sarah-lombardi-urlaubsgruesse-im-bikini_7861514_4729180.html%3Futm_source%3Dpaid%26utm_medium%3Dreferral%26utm_campaign%3Dnewsaggregator
Requested by
Host: c.adsco.re
URL: https://c.adsco.re/d
Protocol
HTTP/1.1
Server
159.69.100.79 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.79.100.69.159.clients.your-server.de
Software
Apache-Coyote/1.1 /
Resource Hash
14636059b3e57322641e762f94923a33f402f6a83be1978d803f655810289897

Request headers

Host
privatelink.de
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
https://c.adsco.re/d
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://c.adsco.re/d#Qh1RAAAAAAAAvd68J_lRNY6B5S9vpgqX6h2mQTo,,2,,https%3A%2F%2Fbit.ly%2F2FpDpvH

Response headers

Content-Language
en
Content-Length
5390
Content-Type
text/html;charset=UTF-8
Date
Mon, 28 Dec 2020 08:00:10 GMT
Referrer-Policy
no-referrer
Server
Apache-Coyote/1.1
Set-Cookie
JSESSIONID=D71CC62255BB686B6B7DA4AAE8EA00F5; Path=/; HttpOnly

Redirect headers

server
nginx
date
Mon, 28 Dec 2020 08:00:11 GMT
content-type
text/html; charset=utf-8
content-length
289
cache-control
private, max-age=90
content-security-policy
referrer always;
location
http://privatelink.de/?https://www.freenet.de/unterhaltung/promis/sarah-lombardi-urlaubsgruesse-im-bikini_7861514_4729180.html%3Futm_source%3Dpaid%26utm_medium%3Dreferral%26utm_campaign%3Dnewsaggregator
referrer-policy
unsafe-url
set-cookie
_bit=kbs80b-6ae83a11f31d81d630-009; Domain=bit.ly; Expires=Sat, 26 Jun 2021 08:00:11 GMT
via
1.1 google
alt-svc
clear
jquery.1.4.4.min.js
privatelink.de/js/ 		77 KB
77 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://privatelink.de/js/jquery.1.4.4.min.js
Requested by
Host: privatelink.de
URL: http://privatelink.de/?https://www.freenet.de/unterhaltung/promis/sarah-lombardi-urlaubsgruesse-im-bikini_7861514_4729180.html%3Futm_source%3Dpaid%26utm_medium%3Dreferral%26utm_campaign%3Dnewsaggregator
Protocol
HTTP/1.1
Server
159.69.100.79 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.79.100.69.159.clients.your-server.de
Software
Apache-Coyote/1.1 /
Resource Hash
517364f2d45162fb5037437b5b6cb953d00d9b2b3b79ba87d9fe57ea6ee6070c

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 28 Dec 2020 08:00:11 GMT
Last-Modified
Wed, 21 Oct 2020 13:50:48 GMT
Server
Apache-Coyote/1.1
Accept-Ranges
bytes
Etag
W/"78601-1603288248000"
Content-Length
78601
Content-Type
application/javascript
modernizr.js
privatelink.de/js/ 		24 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://privatelink.de/js/modernizr.js
Requested by
Host: privatelink.de
URL: http://privatelink.de/?https://www.freenet.de/unterhaltung/promis/sarah-lombardi-urlaubsgruesse-im-bikini_7861514_4729180.html%3Futm_source%3Dpaid%26utm_medium%3Dreferral%26utm_campaign%3Dnewsaggregator
Protocol
HTTP/1.1
Server
159.69.100.79 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.79.100.69.159.clients.your-server.de
Software
Apache-Coyote/1.1 /
Resource Hash
0084577d035e3a575209d9e5a64350b4f3c37728c7ce1ece494602c9869a0f08

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 28 Dec 2020 08:00:10 GMT
Last-Modified
Wed, 21 Oct 2020 13:50:48 GMT
Server
Apache-Coyote/1.1
Accept-Ranges
bytes
Etag
W/"24666-1603288248000"
Content-Length
24666
Content-Type
application/javascript
truncated
/ 		34 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/gif

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
certify.alexametrics.com
URL
https://certify.alexametrics.com/atrk.gif?frame_height=1200&frame_width=1600&iframe=0&title=&time=1609142410881&time_zone_offset=-60&screen_params=1600x1200x24&java_enabled=0&cookie_enabled=1&ref_url=https%3A%2F%2Fmobileadvertise.de%2Flink%2Ffn2%2F&host_url=https%3A%2F%2Fredirect.critched.de%2Ffn2%2F&random_number=11977183756&sess_cookie=4387dc7c176a85c9e8085e55395&sess_cookie_flag=1&user_cookie=4387dc7c176a85c9e8085e55395&user_cookie_flag=1&dynamic=true&domain=critched.de&account=mhbxo1IWx810mh&jsv=20130128&user_lang=en-US
Domain
hvt0odedgoqu.n.adsco.re
URL
https://hvt0odedgoqu.n.adsco.re/
Domain
hvt0odedgoqu.s.adsco.re
URL
https://hvt0odedgoqu.s.adsco.re/

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery object| html5 object| Modernizr function| yepnope

1 Cookies

Domain/Path Name / Value
privatelink.de/ Name: JSESSIONID
Value: D71CC62255BB686B6B7DA4AAE8EA00F5

1 Console Messages

Source Level URL
Text
console-api log URL: https://c.adsco.re/d(Line 20)
Message: