urlscan.io logo urlscan.io
SecurityTrails logo

derm.bestshopping-voucher.com Open in urlscan Pro
168.119.31.202  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://nextmillionaire.digital/rd/c7654vjUAM5617742awiJ32699qSG2190SHYv611/
Effective URL: https://derm.bestshopping-voucher.com/campaign_409.html?coyoteAffiliTokenId=40780089&aps=___&
Submission: On December 08 via api from IE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 12 IPs in 4 countries across 12 domains to perform 22 HTTP transactions. The main IP is 168.119.31.202, located in Germany and belongs to HETZNER-AS, DE. The main domain is derm.bestshopping-voucher.com.
TLS certificate: Issued by R3 on November 4th 2021. Valid for: 3 months.
This is the only time derm.bestshopping-voucher.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2 104.168.242.98 54290 (HOSTWINDS)
1 1 34.91.151.72 396982 (GOOGLE-PR...)
1 1 52.215.106.33 16509 (AMAZON-02)
1 3 168.119.31.202 24940 (HETZNER-AS)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
4 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
3 2606:4700::68... 13335 (CLOUDFLAR...)
2 2606:4700:303... 13335 (CLOUDFLAR...)
3 2606:4700:303... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
22 12
2    104.168.242.98 (United States)

ASN54290 (HOSTWINDS, US)
PTR: hwsrv-913876.hostwindsdns.com
nextmillionaire.digital
1    34.91.151.72 (Groningen, Netherlands)

ASN396982 (GOOGLE-PRIVATE-CLOUD, US)
PTR: 72.151.91.34.bc.googleusercontent.com
bluemarst.com
1    52.215.106.33 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-215-106-33.eu-west-1.compute.amazonaws.com
tracking.trkkadsm.com
3    168.119.31.202 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: s1.golead.de
campaign.golead.de
derm.bestshopping-voucher.com
2    2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com
1    2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
1    2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)
stackpath.bootstrapcdn.com
4    2a00:1450:4001:808::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2606:4700::6812:1734 (United States)

ASN13335 (CLOUDFLARENET, US)
kit.fontawesome.com
3    2606:4700::6812:e134 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.onesignal.com
onesignal.com
2    2606:4700:3030::6815:3ba2 (United States)

ASN13335 (CLOUDFLARENET, US)
api.ydgdghehe.com
3    2606:4700:3037::ac43:a12f (United States)

ASN13335 (CLOUDFLARENET, US)
ka-f.fontawesome.com
1    2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
Domain Requested by
4 fonts.googleapis.com derm.bestshopping-voucher.com
3 ka-f.fontawesome.com kit.fontawesome.com
2 api.ydgdghehe.com derm.bestshopping-voucher.com
api.ydgdghehe.com
2 cdn.onesignal.com derm.bestshopping-voucher.com
cdn.onesignal.com
2 maxcdn.bootstrapcdn.com derm.bestshopping-voucher.com
2 derm.bestshopping-voucher.com nextmillionaire.digital
derm.bestshopping-voucher.com
2 nextmillionaire.digital 1 redirects
1 onesignal.com cdn.onesignal.com
1 fonts.gstatic.com fonts.googleapis.com
1 kit.fontawesome.com derm.bestshopping-voucher.com
1 stackpath.bootstrapcdn.com derm.bestshopping-voucher.com
1 cdnjs.cloudflare.com derm.bestshopping-voucher.com
1 ajax.googleapis.com derm.bestshopping-voucher.com
1 campaign.golead.de 1 redirects
1 tracking.trkkadsm.com 1 redirects
1 bluemarst.com 1 redirects
22 16
Subject Issuer Validity Valid
deac.bestshopping-voucher.com
R3		 2021-11-04 -
2022-02-02		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-03-01 -
2022-02-28		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh
*.fontawesome.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-12-01 -
2023-01-01		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://derm.bestshopping-voucher.com/campaign_409.html?coyoteAffiliTokenId=40780089&aps=___&
Frame ID: AAE87E032C4BDA7BD8DF8BF9496A34C8
Requests: 22 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

ROSSMANN 500€ GUTSCHEIN

Page URL History Show full URLs

  1. http://nextmillionaire.digital/rd/c7654vjUAM5617742awiJ32699qSG2190SHYv611/ Page URL
  2. http://nextmillionaire.digital/track/c7654vjUAM5617742awiJ32699qSG2190SHYv611/ HTTP 302
    https://bluemarst.com/?a=4256&oc=11289&c=32972&m=3&s1=13&s2=611-7654&s3=5617742-32699-2190 HTTP 302
    https://tracking.trkkadsm.com/aff_c?offer_id=110&aff_id=1010&aff_sub=4256&aff_sub2=226075085 HTTP 302
    https://campaign.golead.de/derm,bestshopping,voucher,com_112.html?idPartner=43&idCampaignAd=0&subId=101... HTTP 302
    https://derm.bestshopping-voucher.com/campaign_409.html?coyoteAffiliTokenId=40780089&aps=___& Page URL

Page Statistics

22
Requests

95 %
HTTPS

71 %
IPv6

12
Domains

16
Subdomains

12
IPs

4
Countries

480 kB
Transfer

1059 kB
Size

10
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://nextmillionaire.digital/rd/c7654vjUAM5617742awiJ32699qSG2190SHYv611/ Page URL
  2. http://nextmillionaire.digital/track/c7654vjUAM5617742awiJ32699qSG2190SHYv611/ HTTP 302
    https://bluemarst.com/?a=4256&oc=11289&c=32972&m=3&s1=13&s2=611-7654&s3=5617742-32699-2190 HTTP 302
    https://tracking.trkkadsm.com/aff_c?offer_id=110&aff_id=1010&aff_sub=4256&aff_sub2=226075085 HTTP 302
    https://campaign.golead.de/derm,bestshopping,voucher,com_112.html?idPartner=43&idCampaignAd=0&subId=1010-4256&subIdentifier=10249a92771f5655f1a86af26bb26a&aps=___ HTTP 302
    https://derm.bestshopping-voucher.com/campaign_409.html?coyoteAffiliTokenId=40780089&aps=___& Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

22 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
nextmillionaire.digital/rd/c7654vjUAM5617742awiJ32699qSG2190SHYv611/ 		231 B
348 B 		Document
General
Check archive.org
Download Go to
Full URL
http://nextmillionaire.digital/rd/c7654vjUAM5617742awiJ32699qSG2190SHYv611/
Protocol
HTTP/1.1
Server
104.168.242.98 , United States, ASN54290 (HOSTWINDS, US),
Reverse DNS
hwsrv-913876.hostwindsdns.com
Software
/
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Content-Type
text/html; charset=utf-8
Date
Wed, 08 Dec 2021 21:22:59 GMT
Content-Length
231
Primary Request campaign_409.html
derm.bestshopping-voucher.com/
Redirect Chain
  • http://nextmillionaire.digital/track/c7654vjUAM5617742awiJ32699qSG2190SHYv611/
  • https://bluemarst.com/?a=4256&oc=11289&c=32972&m=3&s1=13&s2=611-7654&s3=5617742-32699-2190
  • https://tracking.trkkadsm.com/aff_c?offer_id=110&aff_id=1010&aff_sub=4256&aff_sub2=226075085
  • https://campaign.golead.de/derm,bestshopping,voucher,com_112.html?idPartner=43&idCampaignAd=0&subId=1010-4256&subIdentifier=10249a92771f5655f1a86af26bb26a&aps=___
  • https://derm.bestshopping-voucher.com/campaign_409.html?coyoteAffiliTokenId=40780089&aps=___&
79 KB
23 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://derm.bestshopping-voucher.com/campaign_409.html?coyoteAffiliTokenId=40780089&aps=___&
Requested by
Host: nextmillionaire.digital
URL: http://nextmillionaire.digital/rd/c7654vjUAM5617742awiJ32699qSG2190SHYv611/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
168.119.31.202 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
s1.golead.de
Software
Apache/2.4.41 (Ubuntu) /
Resource Hash
26f0472209928aa0464456be7c3d3a37463d8d921df1d7ce600755dfa4f45983

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
http://nextmillionaire.digital/rd/c7654vjUAM5617742awiJ32699qSG2190SHYv611/

Response headers

Date
Wed, 08 Dec 2021 21:23:00 GMT
Server
Apache/2.4.41 (Ubuntu)
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
22580
Keep-Alive
timeout=5, max=5000
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8

Redirect headers

Date
Wed, 08 Dec 2021 21:23:00 GMT
Server
Apache/2.4.41 (Ubuntu)
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
Location
https://derm.bestshopping-voucher.com/campaign_409.html?coyoteAffiliTokenId=40780089&aps=___&
Content-Length
2
Keep-Alive
timeout=5, max=5000
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/ 		118 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
Requested by
Host: derm.bestshopping-voucher.com
URL: https://derm.bestshopping-voucher.com/campaign_409.html?coyoteAffiliTokenId=40780089&aps=___&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://derm.bestshopping-voucher.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 08 Dec 2021 21:23:01 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
632, 617, 617, 617
age
9229799
cdn-cachedat
2021-06-08 21:21:23
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:03:59 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
203451c6c050184245ebe231729b4b5c
cf-ray
6ba90d6b3fc3702b-FRA
cdn-requestcountrycode
DE
cdn-status
200
cdn-requestpullsuccess
True
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.12.4/ 		95 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
Requested by
Host: derm.bestshopping-voucher.com
URL: https://derm.bestshopping-voucher.com/campaign_409.html?coyoteAffiliTokenId=40780089&aps=___&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://derm.bestshopping-voucher.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 08 Dec 2021 07:58:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
48267
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
33951
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 08 Dec 2022 07:58:34 GMT
jquery.cookie.min.js
cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.0/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.0/jquery.cookie.min.js
Requested by
Host: derm.bestshopping-voucher.com
URL: https://derm.bestshopping-voucher.com/campaign_409.html?coyoteAffiliTokenId=40780089&aps=___&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a63ad5db399cbf133df4954868d069a0438e0f43082a25b09bd884deb1fe77c3
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://derm.bestshopping-voucher.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 08 Dec 2021 21:23:01 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
520757
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
579
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:11:45 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ec1-4f3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x0eC0plJ5%2B9f4xFlUh10AJ00nIUl9pO3CH%2BKnITWc%2FbVCBniPl3b4x4Tw3sv9S6lruYWl0Pc2zHy1FcTiWqeENStEWtZf0hvyt0dYa5ZyULmqDzxK3ePW6peZgsAR1VmB8bGBpnu3gx%2B7Q%2Btkf9onrsK"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6ba90d6b39f042ee-FRA
expires
Mon, 28 Nov 2022 21:23:01 GMT
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/ 		36 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js
Requested by
Host: derm.bestshopping-voucher.com
URL: https://derm.bestshopping-voucher.com/campaign_409.html?coyoteAffiliTokenId=40780089&aps=___&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://derm.bestshopping-voucher.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 08 Dec 2021 21:23:01 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
722, 617
age
22551811
cdn-cachedat
2021-03-11 11:57:50
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:00 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
3033c5b7ea34684b20a8f4234fea378f
cf-ray
6ba90d6b3fc5702b-FRA
cdn-requestcountrycode
DE
cdn-requestpullsuccess
True
font-awesome.min.css
stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/ 		30 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Requested by
Host: derm.bestshopping-voucher.com
URL: https://derm.bestshopping-voucher.com/campaign_409.html?coyoteAffiliTokenId=40780089&aps=___&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://derm.bestshopping-voucher.com/
Origin
https://derm.bestshopping-voucher.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 08 Dec 2021 21:23:01 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
723, 617, 617
age
19839051
cdn-cachedat
2021-04-23 08:25:31
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:04:55 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
223975070d20385764b50f62a6dcdeed
cf-ray
6ba90d6b4ad22b1a-FRA
cdn-requestcountrycode
DE
cdn-requestpullsuccess
True
css
fonts.googleapis.com/ 		393 B
813 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Patua+One&display=swap
Requested by
Host: derm.bestshopping-voucher.com
URL: https://derm.bestshopping-voucher.com/campaign_409.html?coyoteAffiliTokenId=40780089&aps=___&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
aa6e190e557a624bd9edf759d197f0638bb7cd852ac5716ddeb3d4e9260e73e9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://derm.bestshopping-voucher.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 08 Dec 2021 21:23:01 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 08 Dec 2021 21:23:01 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 08 Dec 2021 21:23:01 GMT
css
fonts.googleapis.com/ 		10 KB
796 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:100,300,400,500,700
Requested by
Host: derm.bestshopping-voucher.com
URL: https://derm.bestshopping-voucher.com/campaign_409.html?coyoteAffiliTokenId=40780089&aps=___&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
815846e7cca442002a71db30ad90bf436632f8d5f646ab5fd116b7cedfbddc2d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://derm.bestshopping-voucher.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 08 Dec 2021 21:23:01 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 08 Dec 2021 21:23:01 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 08 Dec 2021 21:23:01 GMT
7b09c35fb3.js
kit.fontawesome.com/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://kit.fontawesome.com/7b09c35fb3.js
Requested by
Host: derm.bestshopping-voucher.com
URL: https://derm.bestshopping-voucher.com/campaign_409.html?coyoteAffiliTokenId=40780089&aps=___&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0dafd90e90002e03f349ec4bf9ec23be5aa9220e772a45339f1d35a13981523d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload

Request headers

Referer
https://derm.bestshopping-voucher.com/
Origin
https://derm.bestshopping-voucher.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 08 Dec 2021 21:23:01 GMT
content-encoding
gzip
vary
origin, accept-encoding, access-control-request-headers, access-control-request-method
cf-cache-status
HIT
age
43
strict-transport-security
max-age=31536000; preload
x-request-id
FrpJDbDReyzXZgEAYxPC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3000
access-control-allow-methods
GET, OPTIONS
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=60, public, must-revalidate
cf-ray
6ba90d6b4f3d5c9e-FRA
access-control-allow-headers
accept, accept-langauge, content-language, content-type, fa-kit-token
css
fonts.googleapis.com/ 		8 KB
841 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:400,400i,700,700i
Requested by
Host: derm.bestshopping-voucher.com
URL: https://derm.bestshopping-voucher.com/campaign_409.html?coyoteAffiliTokenId=40780089&aps=___&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
d9d622b86d8469f47f57cc198a2a6e6b8a60196f9ad80fdece59a8a9b7e5d963
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://derm.bestshopping-voucher.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 08 Dec 2021 19:36:59 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 08 Dec 2021 21:23:01 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 08 Dec 2021 21:23:01 GMT
css2
fonts.googleapis.com/ 		3 KB
709 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Open+Sans:wght@700&display=swap
Requested by
Host: derm.bestshopping-voucher.com
URL: https://derm.bestshopping-voucher.com/campaign_409.html?coyoteAffiliTokenId=40780089&aps=___&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
11e54c820599ba4e09c6e7ecc8e8dcafa634bc55e0cb530622e9d835ffadc680
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://derm.bestshopping-voucher.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 08 Dec 2021 19:37:50 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 08 Dec 2021 21:23:01 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 08 Dec 2021 21:23:01 GMT
OneSignalSDK.js
cdn.onesignal.com/sdks/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.onesignal.com/sdks/OneSignalSDK.js
Requested by
Host: derm.bestshopping-voucher.com
URL: https://derm.bestshopping-voucher.com/campaign_409.html?coyoteAffiliTokenId=40780089&aps=___&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:e134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
55b4a8ebd4ce4144242d6bb9d0ebb65a01b2759e67243ed5badc3ac96c6fd396

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://derm.bestshopping-voucher.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 08 Dec 2021 21:23:01 GMT
content-encoding
br
cf-cache-status
HIT
server
cloudflare
age
481
etag
W/"2d763adca2b6a93c45e5b76bff1f8c5d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=259200
cf-ray
6ba90d6b48555bfd-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires
Sat, 11 Dec 2021 21:23:01 GMT
auto-push.min.js
api.ydgdghehe.com/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.ydgdghehe.com/auto-push.min.js
Requested by
Host: derm.bestshopping-voucher.com
URL: https://derm.bestshopping-voucher.com/campaign_409.html?coyoteAffiliTokenId=40780089&aps=___&
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:3ba2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
032814cf4be1a49b079a1c3c0aceda71a8aecb63c4a4a65d01e0a632b4b2a476

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://derm.bestshopping-voucher.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 08 Dec 2021 21:23:01 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1487
x-powered-by
ASP.NET
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 31 Mar 2021 05:17:11 GMT
server
cloudflare
etag
W/"8065551aed25d71:0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UnYyfkozRnCt9CBaMhQ84pVytrd7zoXacE7Mo8sWcR6ZjOgf5813pyHGMl%2B5IAxd%2BX1rnHCZkEAemPA3oC40vfWFiyJaxVK17nEjXisPDIPLGbT74CFybTFBR5q3K1VHLFHHijzwhc4WB9vrk6v94Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=3600
cf-ray
6ba90d6b4c66695e-FRA
header,rossmann,gutschein.jpg
derm.bestshopping-voucher.com/media/adresseManager/microSiteImg/409/ 		236 KB
236 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://derm.bestshopping-voucher.com/media/adresseManager/microSiteImg/409/header,rossmann,gutschein.jpg
Requested by
Host: derm.bestshopping-voucher.com
URL: https://derm.bestshopping-voucher.com/campaign_409.html?coyoteAffiliTokenId=40780089&aps=___&
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
168.119.31.202 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
s1.golead.de
Software
Apache/2.4.41 (Ubuntu) /
Resource Hash
23fb60c97b873abc82f871ef03ccf18b7af02b9ea3bd9c5ef2d621b25958ea4e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://derm.bestshopping-voucher.com/campaign_409.html?coyoteAffiliTokenId=40780089&aps=___&
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Wed, 08 Dec 2021 21:23:01 GMT
Last-Modified
Wed, 10 Feb 2021 08:47:14 GMT
Server
Apache/2.4.41 (Ubuntu)
ETag
"3b05e-5baf7731a8e85"
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=4999
Content-Length
241758
free.min.css
ka-f.fontawesome.com/releases/v5.15.4/css/ 		59 KB
13 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=7b09c35fb3
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/7b09c35fb3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:a12f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fc5128dfdcdfa0c3a9967a6d2f19399d7bf1aaae6ad7571b96b03915a1f30dda

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://derm.bestshopping-voucher.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 08 Dec 2021 21:23:01 GMT
via
1.1 d3fdd96b3ada000b1a8c2d522534c125.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
2902198
x-cache
Hit from cloudfront
access-control-allow-methods
GET
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 04 Aug 2021 18:53:09 GMT
server
cloudflare
etag
W/"a12ec7ebe75a4d59a5dd6b79e2ba2e16"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E808bpRMkBHGg1007i988GtQ09nOYYdAzrQwmsNrwyiAL8sBntOscOBVWR3oqytRjqrZJvFNGuCsiiHunNzGJ11HwZOBpR5Gfz4HoGmWccC3ki9o30H%2B%2BGLWSjl%2BXzRtdgfJZw7fDcFog93b01KFmSZz1A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31556926
x-amz-cf-pop
AMS54-C1
cf-ray
6ba90d6c5b2f2be9-FRA
access-control-allow-headers
fa-kit-token
x-amz-cf-id
hofHV8Y5lHDCdmh7dtMlsiwI5iKCJFClyOLg68PZFYAfo1udREa1Qg==
free-v4-shims.min.css
ka-f.fontawesome.com/releases/v5.15.4/css/ 		26 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=7b09c35fb3
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/7b09c35fb3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:a12f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6dea47458a4cd7cd7312cc780a53c62e0c8b3ccc8d0b13c1ac0ea6e3dfcecea8

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://derm.bestshopping-voucher.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 08 Dec 2021 21:23:01 GMT
via
1.1 c7f7b4cf7fd5efe64bac95586db3f62b.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
4423721
x-cache
Hit from cloudfront
access-control-allow-methods
GET
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 04 Aug 2021 18:53:09 GMT
server
cloudflare
etag
W/"76f34b71fc9fb641507ff6a822cc07f5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KXQcgxZ3BTX1gV3LO3I1nHUOguW9Sx%2BlYp8gLn%2FAzFY4YB%2Bj649RbalnR5aJZOwUC7U2Z%2BRVFIqxGhAT259gCqjTvga8udzSlaSjwdylvRTCCxSTDCgzBdO7Qi81qs2Uf2RRPqhFhLPMYoO7AFe6M6nI6g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31556926
x-amz-cf-pop
FRA2-C1
cf-ray
6ba90d6c5b332be9-FRA
access-control-allow-headers
fa-kit-token
x-amz-cf-id
gYKbE87AU5T9IMGnMWU_JZSRn365pSF5OaCId0MlZrCZOm76tISUvw==
free-v4-font-face.min.css
ka-f.fontawesome.com/releases/v5.15.4/css/ 		3 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-font-face.min.css?token=7b09c35fb3
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/7b09c35fb3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:a12f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7f8b63bff49fba3c5bae30f4eb39f2fd6d088fbe9d7292bdf37b0ef4a1ec68d6

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://derm.bestshopping-voucher.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 08 Dec 2021 21:23:01 GMT
via
1.1 0f538ee832e1105649039b38ce89e883.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
4423721
x-cache
Hit from cloudfront
access-control-allow-methods
GET
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Wed, 04 Aug 2021 18:53:09 GMT
server
cloudflare
etag
W/"f2e0b2680d9b0bcb6e0039c4424e5a59"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RqGz%2FvAqGVaTxZ%2BieswxFblB0qtXJKYV%2FLPPMMQEUoh6tGKq5btw1iXrphN2cm4%2FfK4u49ARJ7L9Zcpby%2ByCYjA6%2BAQF9ASH6Q%2B4CUUxEWrjRlzG7MyT9QJTyQtTjnafa0KHT81XXASujfOyv%2BAKi6X8cA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31556926
x-amz-cf-pop
FRA2-C1
cf-ray
6ba90d6c5b352be9-FRA
access-control-allow-headers
fa-kit-token
x-amz-cf-id
o-0Utw1uUWr0S0E4A1EmlJU3S-P-qIpxJLQXbHHyJYK89lEsmwXBuQ==
OneSignalPageSDKES6.js
cdn.onesignal.com/sdks/ 		283 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151510
Requested by
Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:e134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ba83c227cde7d4c34fb514ccd483305e8dfef365e6b2b70a126f2d73adaa1691

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://derm.bestshopping-voucher.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 08 Dec 2021 21:23:01 GMT
content-encoding
br
cf-cache-status
HIT
server
cloudflare
age
3228
etag
W/"bac537a7eba0b66473f70a7a4bf837c4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=259200
cf-ray
6ba90d6c4ad65bfd-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires
Sat, 11 Dec 2021 21:23:01 GMT
76dba26f-1495-41f6-997f-3a603d8a3be4
api.ydgdghehe.com/rest/v1/p-apps/get-id/ 		129 B
774 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.ydgdghehe.com/rest/v1/p-apps/get-id/76dba26f-1495-41f6-997f-3a603d8a3be4?url=https://derm.bestshopping-voucher.com
Requested by
Host: api.ydgdghehe.com
URL: https://api.ydgdghehe.com/auto-push.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::6815:3ba2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
c6fe9600479bc3f996ff7e4af16b53bdfd193bf57826d1ff29ff2584bc448e9f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://derm.bestshopping-voucher.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 08 Dec 2021 21:23:01 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
pragma
no-cache
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cFYIa5xgo81v9zcaVzDnI029lbG82YWRJT2QW7eR2JYCXL0e8hr02BLjQ9LpWoU6xNLkbAapyBQS4xMUkxZfV4RYTj7%2BisFUj%2B2Qc6%2Bh4ABLD2LO%2B%2F%2Brps004UwLJaRiOWYlarAKtBqsCO%2F4u2oEaA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
cache-control
no-cache
cf-ray
6ba90d6c5fd04eb6-FRA
expires
-1
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v27/ 		44 KB
44 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v27/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:100,300,400,500,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://derm.bestshopping-voucher.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 08 Dec 2021 00:14:34 GMT
x-content-type-options
nosniff
age
76107
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
44656
x-xss-protection
0
last-modified
Thu, 28 Oct 2021 00:30:43 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 08 Dec 2022 00:14:34 GMT
web
onesignal.com/api/v1/sync/381f5b6d-0b59-4903-a72d-0d36f1e2de18/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://onesignal.com/api/v1/sync/381f5b6d-0b59-4903-a72d-0d36f1e2de18/web?callback=__jp0
Requested by
Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151510
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:e134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
41742e142c5692073a3589df43f3756efa12ec82a838a22a0940ed7d9aee1e73
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://derm.bestshopping-voucher.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Wed, 08 Dec 2021 21:23:01 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
447
cf-polished
origSize=3084
status
200 OK
x-envoy-upstream-service-time
24
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
f5fa0a4c-5d17-4c27-a858-afacb1b57574
x-runtime
0.022488
referrer-policy
strict-origin-when-cross-origin
cf-bgj
minify
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"46919da94116b9ef5bc62c5237aebdeb"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=3600
cf-ray
6ba90d6d5e275bfd-FRA
access-control-allow-headers
SDK-Version
expires
Wed, 08 Dec 2021 22:23:01 GMT

Verdicts & Comments Add Verdict or Comment

23 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler function| $ function| jQuery object| jQuery112408577648613796096 object| FontAwesomeKitConfig number| timeoutHandle function| countdown function| setCookie function| getCookie function| OneSignal object| _at function| InitializePush function| myDomain function| getLocation function| CheckImageAndReplace function| httpGetAsync function| getUrlVars function| getUrlParam number| __oneSignalSdkLoadCount function| __jp0

10 Cookies

Domain/Path Name / Value
.bluemarst.com/ Name: sfd
Value: S6lSh8vIJ6mb/mtUtOk4Oy/ARaU/O+0FbXmxfqJ9tA33MNwTFSZVKA==
.bluemarst.com/ Name: tib
Value: wZr4aOiUgsib/mtUtOk4Oy/ARaU/O+0FbXmxfqJ9tA33MNwTFSZVKA==
.bluemarst.com/ Name: c11263
Value: S6lSh8vIJ6l2F+BhBdwYoDMSfh0hihJJAWV0XmniQumY32VoOaPSaQ==
tracking.trkkadsm.com/ Name: enc_aff_session_110
Value: ENC03f978c9ee11ce8f7e277c12ce810de478d88dad39745536c11a06d4c569157bff84df679a3687f738289fc44681950299790be98055c4cfa97800f1ae87b0c3a5049083f7b5d93a9bcdc7e47009ff655e07d36c436d420a4c953fbcd5bd8a48e64502dedfb0ce207d1130db943bdf06bb4444e61f80f37744a61dea5e39acf7d2246d3a9e3fe7dce49f1ce5babfaba2c075ec2dfeabce4dd918f5265bc9965a7e31488654
tracking.trkkadsm.com/ Name: ho_mob
Value: eyJtb2JpbGVfZGV2aWNlX29zIjoiRGVza3RvcCIsIm1vYmlsZV9vc192ZXJzaW9uIjoiMCIsIm1vYmlsZV9kZXZpY2VfbW9kZWwiOiJDaHJvbWUiLCJtb2JpbGVfZGV2aWNlX2JyYW5kIjoiR29vZ2xlIiwibW9iaWxlX2Jyb3dzZXIiOiJDaHJvbWUgRGVza3RvcCIsIm1vYmlsZV9icm93c2VyX3ZlcnNpb24iOiI5Ni4wIiwibW9iaWxlX2NhcnJpZXIiOiI/IiwidXNlcl9hZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyBYNjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIExpa2UgR2Vja28pIENocm9tZS85Ni4wLjQ2NjQuNDUgU2FmYXJpLzUzNy4zNiIsImFjY2VwdF9sYW5ndWFnZSI6ImRlLURFLGRlO3E9MC45IiwiY29ubmVjdGlvbl9zcGVlZCI6ImJyb2FkYmFuZCJ9
campaign.golead.de/ Name: PHPSESSID
Value: i9mdemvke5pjmjbnp18fj4d8sg
.golead.de/ Name: coyoteTrackingCookie_112
Value: 40780089
.golead.de/ Name: coyoteSimpleTrackingCookie
Value: 40780089
derm.bestshopping-voucher.com/ Name: PHPSESSID
Value: ng8dlmqntokmp44no72ub8vvso
derm.bestshopping-voucher.com/ Name: coyoteAffiliTokenId409
Value: 40780089

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
api.ydgdghehe.com
bluemarst.com
campaign.golead.de
cdn.onesignal.com
cdnjs.cloudflare.com
derm.bestshopping-voucher.com
fonts.googleapis.com
fonts.gstatic.com
ka-f.fontawesome.com
kit.fontawesome.com
maxcdn.bootstrapcdn.com
nextmillionaire.digital
onesignal.com
stackpath.bootstrapcdn.com
tracking.trkkadsm.com
104.168.242.98
168.119.31.202
2606:4700:3030::6815:3ba2
2606:4700:3037::ac43:a12f
2606:4700::6810:125e
2606:4700::6812:1734
2606:4700::6812:acf
2606:4700::6812:bcf
2606:4700::6812:e134
2a00:1450:4001:808::200a
2a00:1450:4001:809::2003
2a00:1450:4001:810::200a
34.91.151.72
52.215.106.33
032814cf4be1a49b079a1c3c0aceda71a8aecb63c4a4a65d01e0a632b4b2a476
0dafd90e90002e03f349ec4bf9ec23be5aa9220e772a45339f1d35a13981523d
11e54c820599ba4e09c6e7ecc8e8dcafa634bc55e0cb530622e9d835ffadc680
23fb60c97b873abc82f871ef03ccf18b7af02b9ea3bd9c5ef2d621b25958ea4e
26f0472209928aa0464456be7c3d3a37463d8d921df1d7ce600755dfa4f45983
41742e142c5692073a3589df43f3756efa12ec82a838a22a0940ed7d9aee1e73
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
55b4a8ebd4ce4144242d6bb9d0ebb65a01b2759e67243ed5badc3ac96c6fd396
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
6dea47458a4cd7cd7312cc780a53c62e0c8b3ccc8d0b13c1ac0ea6e3dfcecea8
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7f8b63bff49fba3c5bae30f4eb39f2fd6d088fbe9d7292bdf37b0ef4a1ec68d6
815846e7cca442002a71db30ad90bf436632f8d5f646ab5fd116b7cedfbddc2d
88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96
a63ad5db399cbf133df4954868d069a0438e0f43082a25b09bd884deb1fe77c3
aa6e190e557a624bd9edf759d197f0638bb7cd852ac5716ddeb3d4e9260e73e9
ba83c227cde7d4c34fb514ccd483305e8dfef365e6b2b70a126f2d73adaa1691
c6fe9600479bc3f996ff7e4af16b53bdfd193bf57826d1ff29ff2584bc448e9f
d9d622b86d8469f47f57cc198a2a6e6b8a60196f9ad80fdece59a8a9b7e5d963
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c
fc5128dfdcdfa0c3a9967a6d2f19399d7bf1aaae6ad7571b96b03915a1f30dda