1xslot4.com Open in urlscan Pro
83.147.204.217 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://showtimeanythme.com/
Effective URL:
https://1xslot4.com/registration/?tag=d_610075m_8949c_
Submission: On January 27 via api (January 27th 2021, 1:08:54 pm UTC) from US

Summary HTTP 87 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 25 IPs in 9 countries across 26 domains to perform 87 HTTP transactions. The main IP is 83.147.204.217, located in Seychelles and belongs to SGHL1-AS, NL. The main domain is 1xslot4.com.
TLS certificate: Issued by R3 on December 23rd 2020. Valid for: 3 months.

This is the only time 1xslot4.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 2	81.17.18.198 81.17.18.198	51852 (PLI-AS) (PLI-AS)
1 2	209.15.13.136 209.15.13.136	13768 (COGECO-PEER1) (COGECO-PEER1)
2	54.84.27.165 54.84.27.165	14618 (AMAZON-AES) (AMAZON-AES)
1 1	173.239.53.32 173.239.53.32	27257 (WEBAIR-IN...) (WEBAIR-INTERNET)
1 1	2a03:b0c0:3:d... 2a03:b0c0:3:d0::ed2:4001	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
3	2606:4700:303... 2606:4700:3033::ac43:ad3a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	23.32.114.14 23.32.114.14	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 2	104.104.180.223 104.104.180.223	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	104.121.174.207 104.121.174.207	16625 (AKAMAI-AS) (AKAMAI-AS)
7	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:400c:c00::9a	15169 (GOOGLE) (GOOGLE)
2	5.188.178.40 5.188.178.40	209813 (FASTCONTENT) (FASTCONTENT)
1 2	5.189.217.35 5.189.217.35	209813 (FASTCONTENT) (FASTCONTENT)
1 2	185.50.248.98 185.50.248.98	209813 (FASTCONTENT) (FASTCONTENT)
1 3	67.212.184.146 67.212.184.146	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
1 2	95.211.26.199 95.211.26.199	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
2 2	45.135.120.33 45.135.120.33	56630 (MELBICOM-...) (MELBICOM-EU-AS Melbikomas UAB)
1 10	83.147.204.217 83.147.204.217	202492 (SGHL1-AS) (SGHL1-AS)
1	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
29	67.27.234.122 67.27.234.122	3356 (LEVEL3) (LEVEL3)
2	83.147.204.77 83.147.204.77	202492 (SGHL1-AS) (SGHL1-AS)
2	2a00:1450:400... 2a00:1450:4001:801::2008	15169 (GOOGLE) (GOOGLE)
2 8	2a02:6b8::1:119 2a02:6b8::1:119	13238 (YANDEX) (YANDEX)
2	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6810:2b48	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a00:1450:400... 2a00:1450:4001:828::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
87	25

2 81.17.18.198 (Switzerland) 1 redirects

ASN51852 (PLI-AS, PA)

showtimeanythme.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 209.15.13.136 (Canada) 1 redirects

ASN13768 (COGECO-PEER1, CA)

dprtb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.84.27.165 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-84-27-165.compute-1.amazonaws.com

alfik-fik.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 173.239.53.32 (Garden City, United States) 1 redirects

ASN27257 (WEBAIR-INTERNET, US)

clk.rtpdn12.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:b0c0:3:d0::ed2:4001 (Frankfurt am Main, Germany) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

clk.value.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:3033::ac43:ad3a (United States)

ASN13335 (CLOUDFLARENET, US)

mytracking.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.32.114.14 (Netherlands)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-32-114-14.deploy.static.akamaitechnologies.com

www.g2a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.104.180.223 (Netherlands) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-104-180-223.deploy.static.akamaitechnologies.com

s.click.aliexpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
best.aliexpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.121.174.207 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-121-174-207.deploy.static.akamaitechnologies.com

www.gearbest.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400c:c00::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 5.188.178.40 (Bucharest, Romania)

ASN209813 (FASTCONTENT, DE)

grand-prise-ishere4.life	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 5.189.217.35 (Bucharest, Romania) 1 redirects

ASN209813 (FASTCONTENT, DE)

feetwindyoung-9.live	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.50.248.98 (Haarlem, Netherlands) 1 redirects

ASN209813 (FASTCONTENT, DE)

universal-mobileapp-inventory.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 67.212.184.146 (Chicago, United States) 1 redirects

ASN32475 (SINGLEHOP-LLC, US)
PTR: server04.com-2.mobi

get.bestdeal2060.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 95.211.26.199 (Netherlands) 1 redirects

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

click4fun.icu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 45.135.120.33 (Germany) 2 redirects

ASN56630 (MELBICOM-EU-AS Melbikomas UAB, LT)

refpaqutiu.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 83.147.204.217 (Seychelles) 1 redirects

ASN202492 (SGHL1-AS, NL)

1xslot4.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 67.27.234.122 (United States)

ASN3356 (LEVEL3, US)

v2l.cdnsfree.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 83.147.204.77 (Seychelles)

ASN202492 (SGHL1-AS, NL)

rz.push-free.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:801::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a02:6b8::1:119 (Moscow, Russian Federation) 2 redirects

ASN13238 (YANDEX, RU)

mc.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:2b48 (United States)

ASN13335 (CLOUDFLARENET, US)

suphelper.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:828::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
29	cdnsfree.com v2l.cdnsfree.com	999 KB
10	1xslot4.com 1 redirects 1xslot4.com	324 KB
8	yandex.ru 2 redirects mc.yandex.ru	97 KB
7	google-analytics.com www.google-analytics.com	71 KB
5	google.com www.google.com	971 B
3	gstatic.com fonts.gstatic.com www.gstatic.com	151 KB
3	bestdeal2060.info 1 redirects get.bestdeal2060.info	4 KB
3	doubleclick.net stats.g.doubleclick.net	591 B
3	mytracking.pl mytracking.pl	13 KB
2	suphelper.com suphelper.com	44 KB
2	googletagmanager.com www.googletagmanager.com	72 KB
2	push-free.com rz.push-free.com	8 KB
2	refpaqutiu.top 2 redirects refpaqutiu.top	505 B
2	click4fun.icu 1 redirects click4fun.icu	2 KB
2	universal-mobileapp-inventory.net 1 redirects universal-mobileapp-inventory.net	927 B
2	feetwindyoung-9.live 1 redirects feetwindyoung-9.live	2 KB
2	grand-prise-ishere4.life grand-prise-ishere4.life	53 KB
2	aliexpress.com 1 redirects s.click.aliexpress.com best.aliexpress.com	2 KB
2	alfik-fik.com alfik-fik.com	3 KB
2	dprtb.com 1 redirects dprtb.com	3 KB
2	showtimeanythme.com 1 redirects showtimeanythme.com	1 KB
1	googleapis.com fonts.googleapis.com	1 KB
1	gearbest.com www.gearbest.com
1	g2a.com www.g2a.com
1	value.us 1 redirects clk.value.us	897 B
1	rtpdn12.com 1 redirects clk.rtpdn12.com	239 B
87	26

	Domain	Requested by
29	v2l.cdnsfree.com	1xslot4.com v2l.cdnsfree.com
10	1xslot4.com	1 redirects click4fun.icu 1xslot4.com v2l.cdnsfree.com
8	mc.yandex.ru	2 redirects v2l.cdnsfree.com 1xslot4.com mc.yandex.ru
7	www.google-analytics.com	mytracking.pl www.google-analytics.com www.googletagmanager.com
5	www.google.com	v2l.cdnsfree.com www.gstatic.com
3	get.bestdeal2060.info	1 redirects universal-mobileapp-inventory.net get.bestdeal2060.info
3	stats.g.doubleclick.net	www.google-analytics.com
3	mytracking.pl	alfik-fik.com mytracking.pl
2	suphelper.com	1xslot4.com suphelper.com
2	fonts.gstatic.com	fonts.googleapis.com
2	www.googletagmanager.com	v2l.cdnsfree.com
2	rz.push-free.com	1xslot4.com
2	refpaqutiu.top	2 redirects
2	click4fun.icu	1 redirects get.bestdeal2060.info
2	universal-mobileapp-inventory.net	1 redirects feetwindyoung-9.live
2	feetwindyoung-9.live	1 redirects grand-prise-ishere4.life
2	grand-prise-ishere4.life	mytracking.pl grand-prise-ishere4.life
2	alfik-fik.com	alfik-fik.com
2	dprtb.com	1 redirects showtimeanythme.com
2	showtimeanythme.com	1 redirects
1	www.gstatic.com	www.google.com
1	fonts.googleapis.com	1xslot4.com
1	www.gearbest.com	mytracking.pl
1	best.aliexpress.com	mytracking.pl
1	s.click.aliexpress.com	1 redirects
1	www.g2a.com	mytracking.pl
1	clk.value.us	1 redirects
1	clk.rtpdn12.com	1 redirects
87	28

This site contains links to these domains. Also see Links.

Domain
policies.google.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-12-29` - `2021-12-28`	a year	crt.sh
www.g2a.com DigiCert SHA2 Extended Validation Server CA	`2019-09-12` - `2021-10-11`	2 years	crt.sh
ru.aliexpress.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2020-12-01` - `2021-06-19`	7 months	crt.sh
*.gearbest.com DigiCert SHA2 Secure Server CA	`2020-04-13` - `2021-07-13`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2021-01-05` - `2021-03-30`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2021-01-05` - `2021-03-30`	3 months	crt.sh
grand-prise-ishere4.life R3	`2020-12-25` - `2021-03-25`	3 months	crt.sh
feetwindyoung-9.live R3	`2021-01-22` - `2021-04-22`	3 months	crt.sh
universal-mobileapp-inventory.net R3	`2021-01-16` - `2021-04-16`	3 months	crt.sh
get.bestdeal2060.info R3	`2020-12-28` - `2021-03-28`	3 months	crt.sh
click4fun.icu Let's Encrypt Authority X3	`2020-11-26` - `2021-02-24`	3 months	crt.sh
1xslot4.com R3	`2020-12-23` - `2021-03-23`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-01-05` - `2021-03-30`	3 months	crt.sh
*.cdnsfree.com Sectigo RSA Domain Validation Secure Server CA	`2020-07-23` - `2021-07-24`	a year	crt.sh
*.push-free.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-21` - `2022-04-22`	2 years	crt.sh
mc.yandex.ru Yandex CA	`2020-09-29` - `2021-03-11`	5 months	crt.sh
*.gstatic.com GTS CA 1O1	`2021-01-05` - `2021-03-30`	3 months	crt.sh
www.google.com GTS CA 1O1	`2021-01-05` - `2021-03-30`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-01-05` - `2021-03-30`	3 months	crt.sh

This page contains 10 frames:

Primary Page: https://1xslot4.com/registration/?tag=d_610075m_8949c_
Frame ID: F9E7DBE169732B1B5BFDA7B70F4DD541
Requests: 78 HTTP requests in this frame

Frame: https://www.g2a.com/n/reflink-381235804a
Frame ID: D3ED898D5822D55735CD4C10C5F6D0FB
Requests: 1 HTTP requests in this frame

Frame: https://best.aliexpress.com/?aff_fsk=_d6GDFTu&aff_platform=portals-promotion&sk=_d6GDFTu&aff_trace_key=f70c1dc392bb48fd86f1c1b01c5e4b45-1611752911987-09506-_d6GDFTu&terminal_id=c08ab869b01449d4bf571b3300c27701
Frame ID: 9BDC5EDE8383F6E3A583ABE9227D38EA
Requests: 1 HTTP requests in this frame

Frame: https://www.gearbest.com/?lkid=78540179
Frame ID: 08E72F7D4E91CBC1B04CE3B11EA1A2C1
Requests: 1 HTTP requests in this frame

Frame: https://grand-prise-ishere4.life/media/mainstream/load.html
Frame ID: B24D358181C5C6A090A728566B8FC0DD
Requests: 1 HTTP requests in this frame

Frame: https://suphelper.com/widget/?build=1610544109814&lang=en&langInited=true&opener=full
Frame ID: E22DA93AA7F9A2D0032871F90C4A87F8
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcHxwcUAAAAAIUazEuUGlfmc7IyjkUDFXwtd70t&co=aHR0cHM6Ly8xeHNsb3Q0LmNvbTo0NDM.&hl=en&v=-nejAZ5my6jV0Fbx9re8ChMK&theme=light&size=invisible&badge=inline&cb=zy7mz8q47ug
Frame ID: B9E8AFADB751ECAD3E5DE016EC702926
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcHxwcUAAAAAIUazEuUGlfmc7IyjkUDFXwtd70t&co=aHR0cHM6Ly8xeHNsb3Q0LmNvbTo0NDM.&hl=en&v=-nejAZ5my6jV0Fbx9re8ChMK&theme=light&size=invisible&badge=bottomright&cb=vvksv4ilq0ey
Frame ID: 3DC3750BCF4DC8AD496800EF5F80F515
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=-nejAZ5my6jV0Fbx9re8ChMK&k=6LcHxwcUAAAAAIUazEuUGlfmc7IyjkUDFXwtd70t&cb=nzy3gr4sj61k
Frame ID: 8162A355722D53E37D6171F3423BECB1
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=-nejAZ5my6jV0Fbx9re8ChMK&k=6LcHxwcUAAAAAIUazEuUGlfmc7IyjkUDFXwtd70t&cb=pz8yb6m20vfg
Frame ID: 0ECB325A9E1E810D095E8B86A18C125C
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://showtimeanythme.com/ Page URL
http://showtimeanythme.com/?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTYxMTc... HTTP 302
http://dprtb.com/click?data=UzlHaWJHaUROZXN1WFpMT0dLempSa2c3WE1KMXcwMjBtTWNhdzlqTVU4WnJjOHBfS... Page URL
http://dprtb.com/Redirect/ HTTP 302
http://alfik-fik.com/zcvisitor/bf92b9b4-60a0-11eb-bed2-0a2004881401/fa8076ca-64e7-4648-95fb-59f8b... Page URL
http://alfik-fik.com/zcredirect?visitid=bf92b9b4-60a0-11eb-bed2-0a2004881401&type=js&browserWidth... Page URL
http://clk.rtpdn12.com/click?i=ypfXjXknlQ0_0 HTTP 302
https://clk.value.us/15GcKI?subid1=9856458901&code=rlXUPxtX&source=ActRevocd&cost=0.011&external_... HTTP 302
https://mytracking.pl/p/eRNE/fHFs/F0Gi?ml_sub1=82a0e2481bb22ab34b92c1a337366ddd-9794-0127 Page URL
https://grand-prise-ishere4.life/?u=kcdweky&o=cawpazh&cid=mlClick-x8xtRKjF&t=48878 Page URL
https://feetwindyoung-9.live/0338843620/?u=kcdweky&o=cawpazh&cid=mlClick-x8xtRKjF&t=48878&f=1&sid=t3~gq0x... Page URL
https://feetwindyoung-9.live/web/?sid=t3~gq0xemor11frlp0eehtk3a1l HTTP 302
https://universal-mobileapp-inventory.net/?url=I4WHKFughjJnh4P2Hz2GP96qcIiCoSQowUDFCSSQxFC89YTitctorv7m%2frWU0uPm%2buu... HTTP 302
https://universal-mobileapp-inventory.net/away.php Page URL
https://get.bestdeal2060.info/?utm_medium=593d75f27d437562cfb360c43159d12cbeef5418&utm_campaign=m&cid=6b30... Page URL
https://get.bestdeal2060.info/?utm_term=6922426050584510505&clickverify=1&utm_content=e6c2c6dcd68fd49594fc... Page URL
https://get.bestdeal2060.info/proc.php?2bc76c172255ce94f85030cb41627939dc9cc22f HTTP 302
https://click4fun.icu/i/33153?cid=M6922426050584510505&var1=1314&var2=1314-5ecd6faz HTTP 302
https://click4fun.icu/h/Fdvxi6bMizRfzBaoKeJskUuSwSuWnCOsbuWeA2O16AJGOlFAAqm8dIto5kgJj8p95leVuiEZZP... Page URL
http://refpaqutiu.top/L?tag=d_610075m_8949c_&site=610075&ad=8949&r=registration HTTP 301
https://refpaqutiu.top/L?tag=d_610075m_8949c_&site=610075&ad=8949&r=registration HTTP 303
https://1xslot4.com/registration?tag=d_610075m_8949c_ HTTP 301
https://1xslot4.com/registration/?tag=d_610075m_8949c_ Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

87
Requests

94 %
HTTPS

41 %
IPv6

26
Domains

28
Subdomains

25
IPs

9
Countries

1844 kB
Transfer

4563 kB
Size

18
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://policies.google.com/privacy
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://policies.google.com/terms
Title: Terms of Service

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://showtimeanythme.com/ Page URL
http://showtimeanythme.com/?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTYxMTc2MDEwOCwiaWF0IjoxNjExNzUyOTA4LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIycGYxaGVwYzA0dDk3OTM2bTQwMGNka2kiLCJuYmYiOjE2MTE3NTI5MDgsInRzIjoxNjExNzUyOTA4ODIxMzg2fQ.bJ6-HPAkZxBJH4VmQCP0D4mIy1YWoxPouSpkIl53vm8&sid=bf75118a-60a0-11eb-8fc1-937ef8236d17 HTTP 302
http://dprtb.com/click?data=UzlHaWJHaUROZXN1WFpMT0dLempSa2c3WE1KMXcwMjBtTWNhdzlqTVU4WnJjOHBfSGlFbXM4M3NZNncxUDczVFNPYzRwOXdyWDV0a09mQm43ZGRyLUg2ZGZUYU5UdVYwVTZ2alp1aGlWeVFkUFpBQU9NTVJLQzJvb0M5ODZqMUd3QzVaT3d6ZmQ4M1ZINDJ5M2ZwRWJ3MW9FQXdLZlJhUWE3eW9oVEQxUGRNMQ2&id=2ecdf929-6f12-43bc-8900-665602ef4d35 Page URL
http://dprtb.com/Redirect/ HTTP 302
http://alfik-fik.com/zcvisitor/bf92b9b4-60a0-11eb-bed2-0a2004881401/fa8076ca-64e7-4648-95fb-59f8b6b1f6e1?campaignid=bfa81686-60a0-11eb-bed2-0a2004881401 Page URL
http://alfik-fik.com/zcredirect?visitid=bf92b9b4-60a0-11eb-bed2-0a2004881401&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false Page URL
http://clk.rtpdn12.com/click?i=ypfXjXknlQ0_0 HTTP 302
https://clk.value.us/15GcKI?subid1=9856458901&code=rlXUPxtX&source=ActRevocd&cost=0.011&external_id=7lsaVXUNt1E HTTP 302
https://mytracking.pl/p/eRNE/fHFs/F0Gi?ml_sub1=82a0e2481bb22ab34b92c1a337366ddd-9794-0127 Page URL
https://grand-prise-ishere4.life/?u=kcdweky&o=cawpazh&cid=mlClick-x8xtRKjF&t=48878 Page URL
https://feetwindyoung-9.live/0338843620/?u=kcdweky&o=cawpazh&cid=mlClick-x8xtRKjF&t=48878&f=1&sid=t3~gq0xemor11frlp0eehtk3a1l&fp=86XpLZXRZWWl610OlrlicKOprA57TsqKdAN3JqwZ8WaSJ%2BiO2lFxVyyMIwktI9oQstJSIPRmDHR3M55Crc3Jr3xzNIIKXxKnH2qKoYfbkYK5RbdlrwuJ8HC%2BNHM2B%2BCTo%2F4nojO%2BPPDQ31OUnpoL8ZqSYEZmB7pN31yTBxN1Q99PB5h8Xtne2ws5t%2FI%2FWiVbqfNTQzZNu3BZK7XmECS9MDOp6D%2BtVSi14Olq3MAxMBcHVz6%2BaM04jZ02EPdnGgUip85MUymyWFB%2BWikCc1rXYyFWhm7OD0PNGcwpqlu0nUDj8P%2BQf8kjyD4ArYsYk6MuyQtw11M%2Bnxfnl5ebuEBBm6BbhIRfI%2FDQ5wUgWGtXuICsiiGynXrOCfNRvmGij8cUg85hmaXnhylhUJ8Dwv2wSTQkal2wLs%2FhCv6KBP%2F2SxfKzV%2FDzpNeL67J8%2B%2BbNnJneEMFzv0U3doshS2jADAd157S1uFW6w322W6bWxXzdQm%2FmZM1bhpQoiu4L46jntJNFmEJmpAkpVxaOidpeVKzNN7rBYmOyQCbQpUUZTb%2BM0JMIhPdmfVOq6DA4RTs%2F%2B3%2BXNZUFiPJOJ0itKdGRCTZeW1GW0G%2FhkprpgOjDsI%2FOI372om8sCnxqt%2FsVyYzDt4F7nwSm2pu5zd617q2EM0OMgB7KfMnY2o9rO1zeGK2rnD%2FSEfM9NzkXxRY7BCjcuqFZXUyVOtHzQsB%2BkjTFzMGTFd5UQH8vXUieYENE917%2FeXE7VbaBSXxePjMq0N5uoYr8%2Fp53BP5TZ9sMKE6lRHplCIb0pTZOo5ptvU9%2Bn1Vyvv56RwvmnEmj6Q3JeeL%2Fpzix7ed5l%2Bqdjkjtlh%2FI6STaQnmLlJoCNfPtffFIqAXpRaR1yZeuNrTRSkkBXGMyWUgRnE%2F%2Fhhj4PC7jGT9uaPG00RyQloYBAnEWZT7lciHePRX2DJsPuBEQSs3nbDM6cAOOmRBpF%2BUG53TKz3pASnTSuAezBddArxzUSLURykQOrlh65dbo6Ljye1HjJ99bloKGfw4HmyZ3p%2B9RL22XvjwpDx%2FqA7qzfz6tQajYf0ua3q3%2FYMlR3G1VQJBXYH1ll%2BiaVbdtoqvuQQoHzuzc2Uetm7%2BfM2pWOR1qOaPa%2B0BgBWO%2FyaWMzG7OuIVGHXTrkk6KSHWnIIR2FLtWvA%2B6cNCFkCFuyP1apKmf4WjZEF9KQ%2F9BVXzdSm0pljt7qvfccSbc1NPe3f79hPeQtIAqTrrKUsUAyRV8Me5asyKn8gtC4%2BEFHWPCkOcG0LLAkgPjTeXdF7z28kizLdVqi7%2FurIez%2FZbvUvJ%2B4CdW4tcJTI7vIbtyvqFKkb8Pmc2OefwxaS6W%2B6m%2F6Vm4pPA8m41JPmvLHFtq60lSlT0bxOenElnA%2F5Wzirugs6EkAePTIxW5f9sOH%2B6It1iZPpeorZ13Lq7qQXT6hB63AlkXsd96GcRODc%3D Page URL
https://feetwindyoung-9.live/web/?sid=t3~gq0xemor11frlp0eehtk3a1l HTTP 302
https://universal-mobileapp-inventory.net/?url=I4WHKFughjJnh4P2Hz2GP96qcIiCoSQowUDFCSSQxFC89YTitctorv7m%2frWU0uPm%2buuGuWe7Xj%2bMH0ITObQA37gscBl9utevK2PscoOskN7Ckun6Vs2rDcP6yBc66Eagla228CxS%2bpDcsGwWF2eolwN6TuxIlfCRxd8iuWh1%2fuaPQvYL8Oze1I5g1ajnpgQ9 HTTP 302
https://universal-mobileapp-inventory.net/away.php Page URL
https://get.bestdeal2060.info/?utm_medium=593d75f27d437562cfb360c43159d12cbeef5418&utm_campaign=m&cid=6b30805e-96cf-4270-9a50-b9957626e02a&np=1 Page URL
https://get.bestdeal2060.info/?utm_term=6922426050584510505&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb5b081b78784b49a9b98f5fff1f8eef1f2e0f4bbe7e6fc878a9a90eedeecaa8d8c878d83c7ad8b99d5f8cbcaffcec9f2f3f085848291f5cafac8f8f8fffccdf3f1f0f1c6c7c45f Page URL
https://get.bestdeal2060.info/proc.php?2bc76c172255ce94f85030cb41627939dc9cc22f HTTP 302
https://click4fun.icu/i/33153?cid=M6922426050584510505&var1=1314&var2=1314-5ecd6faz HTTP 302
https://click4fun.icu/h/Fdvxi6bMizRfzBaoKeJskUuSwSuWnCOsbuWeA2O16AJGOlFAAqm8dIto5kgJj8p95leVuiEZZPfLDQNnOLWrHKC8PR8JlRHwHjr3Nx5F.Ti_ruKW.WqnS0X8oeVHhcKlSMN_xMnssvNGje9nNV079V2NJb9S0amZlz4HQerb4PWZBCyA079hB.Th0bvyBdI0bMC5rx8ZxduNEk.HTzQgiAqq.qqqq.qq Page URL
http://refpaqutiu.top/L?tag=d_610075m_8949c_&site=610075&ad=8949&r=registration HTTP 301
https://refpaqutiu.top/L?tag=d_610075m_8949c_&site=610075&ad=8949&r=registration HTTP 303
https://1xslot4.com/registration?tag=d_610075m_8949c_ HTTP 301
https://1xslot4.com/registration/?tag=d_610075m_8949c_ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

http://showtimeanythme.com/?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTYxMTc2MDEwOCwiaWF0IjoxNjExNzUyOTA4LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIycGYxaGVwYzA0dDk3OTM2bTQwMGNka2kiLCJuYmYiOjE2MTE3NTI5MDgsInRzIjoxNjExNzUyOTA4ODIxMzg2fQ.bJ6-HPAkZxBJH4VmQCP0D4mIy1YWoxPouSpkIl53vm8&sid=bf75118a-60a0-11eb-8fc1-937ef8236d17 HTTP 302
http://dprtb.com/click?data=UzlHaWJHaUROZXN1WFpMT0dLempSa2c3WE1KMXcwMjBtTWNhdzlqTVU4WnJjOHBfSGlFbXM4M3NZNncxUDczVFNPYzRwOXdyWDV0a09mQm43ZGRyLUg2ZGZUYU5UdVYwVTZ2alp1aGlWeVFkUFpBQU9NTVJLQzJvb0M5ODZqMUd3QzVaT3d6ZmQ4M1ZINDJ5M2ZwRWJ3MW9FQXdLZlJhUWE3eW9oVEQxUGRNMQ2&id=2ecdf929-6f12-43bc-8900-665602ef4d35

Request Chain 2

http://dprtb.com/Redirect/ HTTP 302
http://alfik-fik.com/zcvisitor/bf92b9b4-60a0-11eb-bed2-0a2004881401/fa8076ca-64e7-4648-95fb-59f8b6b1f6e1?campaignid=bfa81686-60a0-11eb-bed2-0a2004881401

Request Chain 4

http://clk.rtpdn12.com/click?i=ypfXjXknlQ0_0 HTTP 302
https://clk.value.us/15GcKI?subid1=9856458901&code=rlXUPxtX&source=ActRevocd&cost=0.011&external_id=7lsaVXUNt1E HTTP 302
https://mytracking.pl/p/eRNE/fHFs/F0Gi?ml_sub1=82a0e2481bb22ab34b92c1a337366ddd-9794-0127

Request Chain 7

https://s.click.aliexpress.com/e/_d6GDFTu HTTP 302
https://best.aliexpress.com/?aff_fsk=_d6GDFTu&aff_platform=portals-promotion&sk=_d6GDFTu&aff_trace_key=f70c1dc392bb48fd86f1c1b01c5e4b45-1611752911987-09506-_d6GDFTu&terminal_id=c08ab869b01449d4bf571b3300c27701

Request Chain 17

https://feetwindyoung-9.live/web/?sid=t3~gq0xemor11frlp0eehtk3a1l HTTP 302
https://universal-mobileapp-inventory.net/?url=I4WHKFughjJnh4P2Hz2GP96qcIiCoSQowUDFCSSQxFC89YTitctorv7m%2frWU0uPm%2buuGuWe7Xj%2bMH0ITObQA37gscBl9utevK2PscoOskN7Ckun6Vs2rDcP6yBc66Eagla228CxS%2bpDcsGwWF2eolwN6TuxIlfCRxd8iuWh1%2fuaPQvYL8Oze1I5g1ajnpgQ9 HTTP 302
https://universal-mobileapp-inventory.net/away.php

Request Chain 21

https://get.bestdeal2060.info/proc.php?2bc76c172255ce94f85030cb41627939dc9cc22f HTTP 302
https://click4fun.icu/i/33153?cid=M6922426050584510505&var1=1314&var2=1314-5ecd6faz HTTP 302
https://click4fun.icu/h/Fdvxi6bMizRfzBaoKeJskUuSwSuWnCOsbuWeA2O16AJGOlFAAqm8dIto5kgJj8p95leVuiEZZPfLDQNnOLWrHKC8PR8JlRHwHjr3Nx5F.Ti_ruKW.WqnS0X8oeVHhcKlSMN_xMnssvNGje9nNV079V2NJb9S0amZlz4HQerb4PWZBCyA079hB.Th0bvyBdI0bMC5rx8ZxduNEk.HTzQgiAqq.qqqq.qq

Request Chain 67

https://mc.yandex.ru/watch/44741782?wmode=7&page-url=https%3A%2F%2F1xslot4.com%2Fregistration%2F%3Ftag%3Dd_610075m_8949c_&charset=utf-8&browser-info=ti%3A10%3Ans%3A1611752913521%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1600x1200%3Az%3A60%3Ai%3A20210127140834%3Aet%3A1611752914%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Als%3A955656861328%3Arqn%3A1%3Arn%3A204222483%3Ahid%3A568985030%3Ads%3A0%2C0%2C162%2C7%2C206%2C0%2C0%2C363%2C6%2C%2C%2C%2C740%3Afp%3A615%3Awn%3A39412%3Ahl%3A50%3Agdpr%3A14%3Av%3A1988%3Awv%3A2%3Arqnl%3A1%3Ast%3A1611752914%3Au%3A16117529141064570980%3At%3ARegistration HTTP 302
https://mc.yandex.ru/watch/44741782/1?wmode=7&page-url=https%3A%2F%2F1xslot4.com%2Fregistration%2F%3Ftag%3Dd_610075m_8949c_&charset=utf-8&browser-info=ti%3A10%3Ans%3A1611752913521%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1600x1200%3Az%3A60%3Ai%3A20210127140834%3Aet%3A1611752914%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Als%3A955656861328%3Arqn%3A1%3Arn%3A204222483%3Ahid%3A568985030%3Ads%3A0%2C0%2C162%2C7%2C206%2C0%2C0%2C363%2C6%2C%2C%2C%2C740%3Afp%3A615%3Awn%3A39412%3Ahl%3A50%3Agdpr%3A14%3Av%3A1988%3Awv%3A2%3Arqnl%3A1%3Ast%3A1611752914%3Au%3A16117529141064570980%3At%3ARegistration

Request Chain 85

https://mc.yandex.ru/watch/44741782?page-url=https%3A%2F%2F1xslot4.com%2Fregistration%2F%3Ftag%3Dd_610075m_8949c_&charset=utf-8&force-urlencoded=1&browser-info=ti%3A1%3Adp%3A1%3Ans%3A1611752913521%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Aadb%3A2%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1600x1200%3Az%3A60%3Ai%3A20210127140849%3Aet%3A1611752929%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Aar%3A1%3Anb%3A1%3Acl%3A128%3Als%3A955656861328%3Arqn%3A2%3Arn%3A133185615%3Ahid%3A568985030%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C2714%2C2714%2C2%2C%3Agdpr%3A14%3Aeu%3A1%3Av%3A1988%3Awv%3A2%3Arqnl%3A1%3Ast%3A1611752929%3Au%3A16117529141064570980 HTTP 302
https://mc.yandex.ru/watch/44741782/1?page-url=https%3A%2F%2F1xslot4.com%2Fregistration%2F%3Ftag%3Dd_610075m_8949c_&charset=utf-8&force-urlencoded=1&browser-info=ti%3A1%3Adp%3A1%3Ans%3A1611752913521%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Aadb%3A2%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1600x1200%3Az%3A60%3Ai%3A20210127140849%3Aet%3A1611752929%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Aar%3A1%3Anb%3A1%3Acl%3A128%3Als%3A955656861328%3Arqn%3A2%3Arn%3A133185615%3Ahid%3A568985030%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C2714%2C2714%2C2%2C%3Agdpr%3A14%3Aeu%3A1%3Av%3A1988%3Awv%3A2%3Arqnl%3A1%3Ast%3A1611752929%3Au%3A16117529141064570980

87 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK / Show response
showtimeanythme.com/ 475 B
838 B 124ms
90ms Document
text/html 81.17.18.198
PLI-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://showtimeanythme.com/
Protocol: HTTP/1.1
Server: 81.17.18.198 , Switzerland, ASN51852 (PLI-AS, PA),
Reverse DNS
Software: nginx /
Resource Hash: 375473030384ee7e46306012983915222fe97868d77f71eff10cc58811c80412

Request headers

Host: showtimeanythme.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 475
content-type: text/html; charset=utf-8
date: Wed, 27 Jan 2021 13:08:28 GMT
server: nginx
set-cookie: sid=bf75118a-60a0-11eb-8fc1-937ef8236d17; path=/; domain=.showtimeanythme.com; expires=Mon, 14 Feb 2089 16:22:35 GMT; max-age=2147483647; HttpOnly

GET
H/1.1

200
OK

Cookie set click Show response
dprtb.com/
Redirect Chain

http://showtimeanythme.com/?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTYxMTc2MDEwOCwiaWF0IjoxNjExNzUyOTA4LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIycGYxaGVwYzA0dDk3OTM2bTQwM...
http://dprtb.com/click?data=UzlHaWJHaUROZXN1WFpMT0dLempSa2c3WE1KMXcwMjBtTWNhdzlqTVU4WnJjOHBfSGlFbXM4M3NZNncxUDczVFNPYzRwOXdyWDV0a09mQm43ZGRyLUg2ZGZUYU5UdVYwVTZ2alp1aGlWeVFkUFpBQU9NTVJLQzJvb0M5ODZqM...

5 KB
3 KB

217ms
210ms

Document
text/html

209.15.13.136
COGECO-PEER1

General

Check archive.org

Show headers Download Go to

Full URL: http://dprtb.com/click?data=UzlHaWJHaUROZXN1WFpMT0dLempSa2c3WE1KMXcwMjBtTWNhdzlqTVU4WnJjOHBfSGlFbXM4M3NZNncxUDczVFNPYzRwOXdyWDV0a09mQm43ZGRyLUg2ZGZUYU5UdVYwVTZ2alp1aGlWeVFkUFpBQU9NTVJLQzJvb0M5ODZqMUd3QzVaT3d6ZmQ4M1ZINDJ5M2ZwRWJ3MW9FQXdLZlJhUWE3eW9oVEQxUGRNMQ2&id=2ecdf929-6f12-43bc-8900-665602ef4d35
Requested by: Host: showtimeanythme.com
URL: http://showtimeanythme.com/
Protocol: HTTP/1.1
Server: 209.15.13.136 , Canada, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: Microsoft-IIS/8.5 /
Resource Hash: b820033b72a69164d7b7218324835f67f0385261325694b2a63c38abe7876724

Request headers

Host: dprtb.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://showtimeanythme.com/
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://showtimeanythme.com/

Response headers

Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Server: Microsoft-IIS/8.5
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
Set-Cookie: EaugQQjuMlbUBLz=EaugQQjuMlbUBLz; path=/
X-Server: web01
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type
Date: Wed, 27 Jan 2021 13:08:29 GMT
Content-Length: 2162

Redirect headers

cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Wed, 27 Jan 2021 13:08:29 GMT
location: http://dprtb.com/click?data=UzlHaWJHaUROZXN1WFpMT0dLempSa2c3WE1KMXcwMjBtTWNhdzlqTVU4WnJjOHBfSGlFbXM4M3NZNncxUDczVFNPYzRwOXdyWDV0a09mQm43ZGRyLUg2ZGZUYU5UdVYwVTZ2alp1aGlWeVFkUFpBQU9NTVJLQzJvb0M5ODZqMUd3QzVaT3d6ZmQ4M1ZINDJ5M2ZwRWJ3MW9FQXdLZlJhUWE3eW9oVEQxUGRNMQ2&id=2ecdf929-6f12-43bc-8900-665602ef4d35
server: nginx
set-cookie: sid=bf75118a-60a0-11eb-8fc1-937ef8236d17; path=/; domain=.showtimeanythme.com; expires=Mon, 14 Feb 2089 16:22:36 GMT; max-age=2147483647; HttpOnly

GET
H/1.1

200
OK

fa8076ca-64e7-4648-95fb-59f8b6b1f6e1 Show response
alfik-fik.com/zcvisitor/bf92b9b4-60a0-11eb-bed2-0a2004881401/
Redirect Chain

http://dprtb.com/Redirect/
http://alfik-fik.com/zcvisitor/bf92b9b4-60a0-11eb-bed2-0a2004881401/fa8076ca-64e7-4648-95fb-59f8b6b1f6e1?campaignid=bfa81686-60a0-11eb-bed2-0a2004881401

996 B
2 KB

208ms
201ms

Document
text/html

54.84.27.165
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

http://alfik-fik.com/zcvisitor/bf92b9b4-60a0-11eb-bed2-0a2004881401/fa8076ca-64e7-4648-95fb-59f8b6b1f6e1?campaignid=bfa81686-60a0-11eb-bed2-0a2004881401

Protocol

HTTP/1.1

Server

54.84.27.165 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-84-27-165.compute-1.amazonaws.com

Software

ZeroPark-Traffic /

Resource Hash

6e6ebd48333dc09a1ce25fe1011699a00ae87dd9bda1102499248e345c0865ba

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline'
X-Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline'

Request headers

Host: alfik-fik.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://dprtb.com/click?data=UzlHaWJHaUROZXN1WFpMT0dLempSa2c3WE1KMXcwMjBtTWNhdzlqTVU4WnJjOHBfSGlFbXM4M3NZNncxUDczVFNPYzRwOXdyWDV0a09mQm43ZGRyLUg2ZGZUYU5UdVYwVTZ2alp1aGlWeVFkUFpBQU9NTVJLQzJvb0M5ODZqMUd3QzVaT3d6ZmQ4M1ZINDJ5M2ZwRWJ3MW9FQXdLZlJhUWE3eW9oVEQxUGRNMQ2&id=2ecdf929-6f12-43bc-8900-665602ef4d35
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
Origin: http://dprtb.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://dprtb.com/click?data=UzlHaWJHaUROZXN1WFpMT0dLempSa2c3WE1KMXcwMjBtTWNhdzlqTVU4WnJjOHBfSGlFbXM4M3NZNncxUDczVFNPYzRwOXdyWDV0a09mQm43ZGRyLUg2ZGZUYU5UdVYwVTZ2alp1aGlWeVFkUFpBQU9NTVJLQzJvb0M5ODZqMUd3QzVaT3d6ZmQ4M1ZINDJ5M2ZwRWJ3MW9FQXdLZlJhUWE3eW9oVEQxUGRNMQ2&id=2ecdf929-6f12-43bc-8900-665602ef4d35

Response headers

Date: Wed, 27 Jan 2021 13:08:30 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Server: ZeroPark-Traffic

Redirect headers

Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://alfik-fik.com/zcvisitor/bf92b9b4-60a0-11eb-bed2-0a2004881401/fa8076ca-64e7-4648-95fb-59f8b6b1f6e1?campaignid=bfa81686-60a0-11eb-bed2-0a2004881401
Server: Microsoft-IIS/8.5
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
X-Server: web01
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type
Date: Wed, 27 Jan 2021 13:08:29 GMT
Content-Length: 269

GET
H/1.1 200
OK zcredirect Show response
alfik-fik.com/ 270 B
967 B 107ms
106ms Document
text/html 54.84.27.165
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

http://alfik-fik.com/zcredirect?visitid=bf92b9b4-60a0-11eb-bed2-0a2004881401&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false

Requested by

Host: alfik-fik.com
URL: http://alfik-fik.com/zcvisitor/bf92b9b4-60a0-11eb-bed2-0a2004881401/fa8076ca-64e7-4648-95fb-59f8b6b1f6e1?campaignid=bfa81686-60a0-11eb-bed2-0a2004881401

Protocol

HTTP/1.1

Server

54.84.27.165 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-84-27-165.compute-1.amazonaws.com

Software

ZeroPark-Traffic /

Resource Hash

4bbad6fa87f5b6b1413661ad22a57633cccbbb04032a199a5a7c7d54a7f86033

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline'
X-Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline'

Request headers

Host: alfik-fik.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://alfik-fik.com/zcvisitor/bf92b9b4-60a0-11eb-bed2-0a2004881401/fa8076ca-64e7-4648-95fb-59f8b6b1f6e1?campaignid=bfa81686-60a0-11eb-bed2-0a2004881401
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://alfik-fik.com/zcvisitor/bf92b9b4-60a0-11eb-bed2-0a2004881401/fa8076ca-64e7-4648-95fb-59f8b6b1f6e1?campaignid=bfa81686-60a0-11eb-bed2-0a2004881401

Response headers

Date: Wed, 27 Jan 2021 13:08:30 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
redirected: JS
Server: ZeroPark-Traffic

GET
H2

200

F0Gi Show response
mytracking.pl/p/eRNE/fHFs/
Redirect Chain

http://clk.rtpdn12.com/click?i=ypfXjXknlQ0_0
https://clk.value.us/15GcKI?subid1=9856458901&code=rlXUPxtX&source=ActRevocd&cost=0.011&external_id=7lsaVXUNt1E
https://mytracking.pl/p/eRNE/fHFs/F0Gi?ml_sub1=82a0e2481bb22ab34b92c1a337366ddd-9794-0127

2 KB
1 KB

671ms
631ms

Document
text/html

2606:4700:3033::ac43:ad3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mytracking.pl/p/eRNE/fHFs/F0Gi?ml_sub1=82a0e2481bb22ab34b92c1a337366ddd-9794-0127
Requested by: Host: alfik-fik.com
URL: http://alfik-fik.com/zcredirect?visitid=bf92b9b4-60a0-11eb-bed2-0a2004881401&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:ad3a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bac10d6808cd41591acc9aeb453d0b12cb1858cd96ae9da02b2dbc3859bccdef

Request headers

:method: GET
:authority: mytracking.pl
:scheme: https
:path: /p/eRNE/fHFs/F0Gi?ml_sub1=82a0e2481bb22ab34b92c1a337366ddd-9794-0127
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: http://alfik-fik.com/zcredirect?visitid=bf92b9b4-60a0-11eb-bed2-0a2004881401&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://alfik-fik.com/zcredirect?visitid=bf92b9b4-60a0-11eb-bed2-0a2004881401&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false

Response headers

date: Wed, 27 Jan 2021 13:08:31 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=df0c230c37749e14e73ec69a18683201e1611752911; expires=Fri, 26-Feb-21 13:08:31 GMT; path=/; domain=.mytracking.pl; HttpOnly; SameSite=Lax; Secure 71ff54ebddb1e090fbf173d96e2342c8=71ff54ebddb1e090fbf173d96e2342c8; expires=Thu, 27-Jan-2022 13:08:31 GMT; Max-Age=31536000; path=/; httponly
vary: Accept-Encoding
cache-control: no-cache, no-store, private
x-robots-tag: noindex, nofollow
cf-cache-status: DYNAMIC
cf-request-id: 07e58ec9c800002c4e422d6000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=OcVZxrUdFWzt3w5SCiaOTkJ6gfWnFfgBsjzhfwrpgp%2BnFGtXst66G4uO8JrcKD2pFNuHr7oVHeo6eFCUcP54ZbbL0xBiLvdNFII0JbWxI3%2BHwKzoj9MIPPrl"}],"max_age":604800}
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
cf-ray: 6182b3efa9102c4e-FRA
content-encoding: br

Redirect headers

Server: nginx/1.19.5
Date: Wed, 27 Jan 2021 13:08:31 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 222
Connection: keep-alive
X-Powered-By: Express
Set-Cookie: 15GcKIo=20210127131611753650061; domain=.clk.value.us; path=/;expires=Thu, 28 Jan 2021 13:08:31 GMT; httpOnly=true;SameSite=None; Secure; _pc_lc_id=15GcKI; domain=.clk.value.us; path=/;expires=Thu, 28 Jan 2021 13:08:31 GMT; httpOnly=true;SameSite=None; Secure; peerclickcid=82a0e2481bb22ab34b92c1a337366ddd-9794-0127; domain=.clk.value.us; path=/;expires=Wed, 27 Jan 2021 17:08:31 GMT; httpOnly=true;SameSite=None; Secure; _norg=1; domain=.clk.value.us; path=/;expires=Wed, 27 Jan 2021 17:08:31 GMT; httpOnly=true;SameSite=None; Secure;
Location: https://mytracking.pl/p/eRNE/fHFs/F0Gi?ml_sub1=82a0e2481bb22ab34b92c1a337366ddd-9794-0127
Vary: Accept

GET
H2 200 03032020.min.js Show response
mytracking.pl/js/ 32 KB
11 KB 15ms
15ms Script
application/javascript 2606:4700:3033::ac43:ad3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mytracking.pl/js/03032020.min.js
Requested by: Host: mytracking.pl
URL: https://mytracking.pl/p/eRNE/fHFs/F0Gi?ml_sub1=82a0e2481bb22ab34b92c1a337366ddd-9794-0127
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:ad3a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4a0dd05cafdce90b48c1b89ae4d86f1120a0fdc7a9e929edb1ebe0404f663dad

Request headers

Device-Memory: 8
Referer: https://mytracking.pl/p/eRNE/fHFs/F0Gi?ml_sub1=82a0e2481bb22ab34b92c1a337366ddd-9794-0127
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:08:31 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 03 Mar 2020 10:38:17 GMT
server: cloudflare
age: 6536
etag: W/"5e5e3399-813d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=bcrELdSt8KXfoAQJV2WY7FrNFOIUJOIk4p8TMrQNLwW0M0HkybUhCD0kBsXtbViteZTO79%2BIqZDgmbsV88aPMCRHo2ouF%2BFECzpJTnoscTnvn5aHtCnnjcNl"}],"max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"max_age":604800,"report_to":"cf-nel"}
cf-ray: 6182b3f3ac082c4e-FRA
cf-request-id: 07e58ecc4a00002c4e07bb9000000001

GET
H2 200 reflink-381235804a
www.g2a.com/n/ Frame D3ED 0
0 84ms
32ms Document
text/html 23.32.114.14
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.g2a.com/n/reflink-381235804a

Requested by

Host: mytracking.pl
URL: https://mytracking.pl/p/eRNE/fHFs/F0Gi?ml_sub1=82a0e2481bb22ab34b92c1a337366ddd-9794-0127

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.32.114.14 , Netherlands, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-32-114-14.deploy.static.akamaitechnologies.com

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Frame-Options	DENY

Request headers

:method: GET
:authority: www.g2a.com
:scheme: https
:path: /n/reflink-381235804a
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://mytracking.pl/p/eRNE/fHFs/F0Gi?ml_sub1=82a0e2481bb22ab34b92c1a337366ddd-9794-0127
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://mytracking.pl/p/eRNE/fHFs/F0Gi?ml_sub1=82a0e2481bb22ab34b92c1a337366ddd-9794-0127

Response headers

content-type: text/html; charset=utf-8
vary: Accept-Encoding
content-security-policy: frame-ancestors 'none'
request-id: |52483df0-861e-4613-8121-ce57c33d9957.
x-frame-options: DENY
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
x-akamai-transformed: 9 1019 0 pmb=mTOE,3
date: Wed, 27 Jan 2021 13:08:32 GMT
content-length: 1305
set-cookie: ak_bmsc=B13215FB1DD568A09348D58F4CAD0E3754358C872D1B0000D06511606E10817D~plvxsddlz5unzvh7NG093bTLAkjxcG4iIP2yW35UQqY/wij4hfvBAkgNUwGnIZy5Gp+w9MFsv2xIYt9rjm2q5CyEXvah7h/w5G7QXR7fS4RXZgMxaLDYLU7SIa/StTcEljrr2vzGKzkL63BEJ5/BA65yQrBsOC42JKFzWAgL5XZeUrKLK/QnLUOKFqQ19shiYx5kJHdD1cV1xcc9jGMNnUUP9uMxhjj80Euipbn5iT2aw=; expires=Wed, 27 Jan 2021 15:08:32 GMT; max-age=7200; path=/; domain=.g2a.com; HttpOnly bm_mi=080BE46981224E45636322ADFE6A156F~83woOwX9545Sy1Kop9SX2TpqwM+yRhC2LWe6/nUkgRzFeB8jEJkCoqMTbc4EKcD0odrzJelVJ1xSe2ptj8Od3hm++4KXOwwt6ZCnp0QiaGJGL0ziVTG4bFdf79U8EmTuYcRnRLW2upbIYryQVn4y9W/BuWqvFunY+i/s/59VS1v2b/J9g796uyVn9CTDRAJ/2Vi21CtlWlKnYZON+kRIOVBut/y4i5HDrTO4nLxkiKwxYOe5EGahwH+n5tQi/b5t; Domain=.g2a.com; Path=/; Max-Age=0; HttpOnly bm_sz=A32E1EA784ED3E8F6B386770D3DD9A38~YAAQh4w1VCv4DT53AQAAmLT1QwrFfFnP9WdMhxsdea43++cpWBFHaHp2WHM+dPobQ+1kkAH/i6scPhflfEkmYMPErcC/EqQ3n4N9jy2W8tVvZElM6u23zJsVWyC3HBDglHmmmLpqvDhkklucqoVUPfs0ZXBkhAWRjQCUlGEJXtYQgtDdof1lD8mFrdQx; Domain=.g2a.com; Path=/; Expires=Wed, 27 Jan 2021 17:08:32 GMT; Max-Age=14400; HttpOnly _abck=8EFEA7F25BB1A38D2C0633FA2962A78A~-1~YAAQh4w1VCz4DT53AQAAmLT1QwWAFMeGv/+NwYqwbydtZ/+PzszpWDMdW7l2Zg6fh6I5V9Cf5fHypXsYXds2CJc0ToCJwMelT1fa6c9/9Cn76MFQamOjsn8ZO8Eqxn4fKCrmgxDXN7pTyZINmhS4hId5J8Cqh7yiLdxvUDR1ZmndgNUc/J51G7+GV8zPZeazLc0VDiNgE4aqpPEPtx8XGNV9Fquw/GajLHdveoIgmDW6e0GDnI99//Vx0qvX5Y/D34tZ1OqtQjpZ8RBSe7Kjt4ZQ3f4nDyxzvxEhl4oGY2ZKS27Zy+ce~-1~-1~-1; Domain=.g2a.com; Path=/; Expires=Thu, 27 Jan 2022 13:08:32 GMT; Max-Age=31536000; Secure

GET
H2

200

/
best.aliexpress.com/ Frame 9BDC
Redirect Chain

https://s.click.aliexpress.com/e/_d6GDFTu
https://best.aliexpress.com/?aff_fsk=_d6GDFTu&aff_platform=portals-promotion&sk=_d6GDFTu&aff_trace_key=f70c1dc392bb48fd86f1c1b01c5e4b45-1611752911987-09506-_d6GDFTu&terminal_id=c08ab869b01449d4bf57...

0
0

14ms
12ms

Document
text/html

104.104.180.223
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://best.aliexpress.com/?aff_fsk=_d6GDFTu&aff_platform=portals-promotion&sk=_d6GDFTu&aff_trace_key=f70c1dc392bb48fd86f1c1b01c5e4b45-1611752911987-09506-_d6GDFTu&terminal_id=c08ab869b01449d4bf571b3300c27701

Requested by

Host: mytracking.pl
URL: https://mytracking.pl/p/eRNE/fHFs/F0Gi?ml_sub1=82a0e2481bb22ab34b92c1a337366ddd-9794-0127

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

104.104.180.223 , Netherlands, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a104-104-180-223.deploy.static.akamaitechnologies.com

Software

Tengine/Aserver /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: best.aliexpress.com
:scheme: https
:path: /?aff_fsk=_d6GDFTu&aff_platform=portals-promotion&sk=_d6GDFTu&aff_trace_key=f70c1dc392bb48fd86f1c1b01c5e4b45-1611752911987-09506-_d6GDFTu&terminal_id=c08ab869b01449d4bf571b3300c27701
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://mytracking.pl/p/eRNE/fHFs/F0Gi?ml_sub1=82a0e2481bb22ab34b92c1a337366ddd-9794-0127
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: xman_us_f=x_l=0&x_as_i=%7B%22aeuCID%22%3A%22f70c1dc392bb48fd86f1c1b01c5e4b45-1611752911987-09506-_d6GDFTu%22%2C%22affiliateKey%22%3A%22_d6GDFTu%22%2C%22channel%22%3A%22AFFILIATE%22%2C%22cn%22%3A%2210008100042%22%2C%22cv%22%3A%221%22%2C%22isCookieCache%22%3A%22N%22%2C%22ms%22%3A%221%22%2C%22pid%22%3A%222081345757%22%2C%22tagtime%22%3A1611752911987%7D&acs_rt=c08ab869b01449d4bf571b3300c27701; acs_usuc_t=x_csrf=12fy7tyfw1w1o&acs_rt=c08ab869b01449d4bf571b3300c27701; aeu_cid=f70c1dc392bb48fd86f1c1b01c5e4b45-1611752911987-09506-_d6GDFTu; xman_t=e5cYOlne0SGM9pULABYL6CmQyX6lEsbpSpH9OEb1aWNH6DfqFAXYRNL5/FhgXWcL; xman_f=9vhUgcXsSDjeJhhx0tY25SifNknERWJ+ktWz7bm+DkVPerqF3TnZt8FRsKa4edmmIitgI5PwUSXPrlRdzPWrspTqytkSOa8qoIDi0vBlhPzt3rsBSDyd8A==; af_ss_a=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://mytracking.pl/p/eRNE/fHFs/F0Gi?ml_sub1=82a0e2481bb22ab34b92c1a337366ddd-9794-0127

Response headers

content-type: text/html;charset=UTF-8
vary: Accept-Encoding
p3p: CP="CAO PSA OUR"
x-application-context: ae-traffic-affiliateweb-f:prod,de:7001
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000 ; includeSubDomains max-age=31536000
content-language: de-DE
content-encoding: gzip
server: Tengine/Aserver
eagleeye-traceid: 2100bddd16117527881163041e6b2b
timing-allow-origin: *
content-length: 6760
date: Wed, 27 Jan 2021 13:08:32 GMT
set-cookie: aep_usuc_f=site=deu&b_locale=de_DE; Expires=Sat, 25 Jan 2031 13:08:32 GMT; Path=/; Domain=.aliexpress.com e_id=pt30; Expires=Sat, 25 Jan 2031 13:08:32 GMT; Path=/; Domain=.aliexpress.com

Redirect headers

content-length: 0
x-application-context: global-traffic-holmes-f:production:7001
p3p: CP="CAO PSA OUR"
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
strict-transport-security: max-age=31536000 ; includeSubDomains max-age=31536000
location: https://best.aliexpress.com/?aff_fsk=_d6GDFTu&aff_platform=portals-promotion&sk=_d6GDFTu&aff_trace_key=f70c1dc392bb48fd86f1c1b01c5e4b45-1611752911987-09506-_d6GDFTu&terminal_id=c08ab869b01449d4bf571b3300c27701
content-language: en-US
server: Tengine/Aserver
eagleeye-traceid: 0b0a0ac216117529119803649ea004
timing-allow-origin: *
date: Wed, 27 Jan 2021 13:08:31 GMT
set-cookie: xman_us_f=x_l=0&x_as_i=%7B%22aeuCID%22%3A%22f70c1dc392bb48fd86f1c1b01c5e4b45-1611752911987-09506-_d6GDFTu%22%2C%22affiliateKey%22%3A%22_d6GDFTu%22%2C%22channel%22%3A%22AFFILIATE%22%2C%22cn%22%3A%2210008100042%22%2C%22cv%22%3A%221%22%2C%22isCookieCache%22%3A%22N%22%2C%22ms%22%3A%221%22%2C%22pid%22%3A%222081345757%22%2C%22tagtime%22%3A1611752911987%7D&acs_rt=c08ab869b01449d4bf571b3300c27701; Domain=.aliexpress.com; Expires=Mon, 14-Feb-2089 16:22:38 GMT; Path=/; Secure; SameSite=None acs_usuc_t=x_csrf=12fy7tyfw1w1o&acs_rt=c08ab869b01449d4bf571b3300c27701; Domain=.aliexpress.com; Path=/; Secure; SameSite=None aeu_cid=f70c1dc392bb48fd86f1c1b01c5e4b45-1611752911987-09506-_d6GDFTu; Domain=.aliexpress.com; Expires=Mon, 14-Feb-2089 16:22:38 GMT; Path=/; Secure; SameSite=None xman_t=e5cYOlne0SGM9pULABYL6CmQyX6lEsbpSpH9OEb1aWNH6DfqFAXYRNL5/FhgXWcL; Domain=.aliexpress.com; Expires=Tue, 27-Apr-2021 13:08:31 GMT; Path=/; Secure; SameSite=None; HttpOnly xman_f=9vhUgcXsSDjeJhhx0tY25SifNknERWJ+ktWz7bm+DkVPerqF3TnZt8FRsKa4edmmIitgI5PwUSXPrlRdzPWrspTqytkSOa8qoIDi0vBlhPzt3rsBSDyd8A==; Domain=.aliexpress.com; Expires=Mon, 14-Feb-2089 16:22:38 GMT; Path=/; Secure; SameSite=None; HttpOnly traffic_se_co=%7B%7D; Max-Age=2147483647; Expires=Mon, 14-Feb-2089 16:22:38 GMT; Domain=aliexpress.com; Path=/ af_ss_a=1; Path=/; Domain=.aliexpress.com; Max-Age=2147483647; Secure; SameSite=None af_ss_b=1; Path=/; Domain=.aliexpress.com; Max-Age=2147483647; SameSite=Lax
x-akamai-fwd-auth-sha: 91C315C1052CC9AF6BFCA84C3310043CA600547C4BE84A0F9AEE721F481CFEAE
x-akamai-fwd-auth-data: 1746327287, 2.17.122.231, 1611752911, 37.120.217.220
x-akamai-fwd-auth-sign: GGDH2UUJbNUbegHBcC80+BEBpi9hMj9wTgCgu8KZYUS0oLH8uiJK5+Z/WQBcutFiQyHRAz/GRePFEsQHvFluh6bsGcJ8lSt4WHAFOP2EKms=

GET
H2 200 /
www.gearbest.com/ Frame 08E7 0
0 70ms
22ms Document
text/html 104.121.174.207
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gearbest.com/?lkid=78540179
Requested by: Host: mytracking.pl
URL: https://mytracking.pl/p/eRNE/fHFs/F0Gi?ml_sub1=82a0e2481bb22ab34b92c1a337366ddd-9794-0127
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.121.174.207 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-121-174-207.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

:method: GET
:authority: www.gearbest.com
:scheme: https
:path: /?lkid=78540179
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://mytracking.pl/p/eRNE/fHFs/F0Gi?ml_sub1=82a0e2481bb22ab34b92c1a337366ddd-9794-0127
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://mytracking.pl/p/eRNE/fHFs/F0Gi?ml_sub1=82a0e2481bb22ab34b92c1a337366ddd-9794-0127

Response headers

content-type: text/html; charset=utf-8
x-amz-id-2: KCKEuAtiCAMp5onESzAVcjHV7d+XGfflpPOjSVHGrQYGAkUbLLGgCtnZg3wB2AX0HOMM3Aq3Azw=
x-amz-request-id: D967771425E6BE30
last-modified: Wed, 27 Jan 2021 13:00:52 GMT
etag: W/"1eae825e82c87960cfb7e7c531f09103"
access-control-allow-origin: *
access-control-allow-methods: GET, POST
ng-cache: HIT
content-encoding: gzip
content-length: 30953
cache-control: max-age=60
expires: Wed, 27 Jan 2021 13:09:32 GMT
date: Wed, 27 Jan 2021 13:08:32 GMT
vary: Accept-Encoding User-Agent
set-cookie: AKAM_CLIENTID=0541d5a095829bfe03a4501cb3b849bf; expires=Mon, 31-Dec-2038 23:59:59 GMT; path=/; domain=.gearbest.com AKA_A2=A; expires=Wed, 27-Jan-2021 14:08:32 GMT; path=/; domain=gearbest.com; secure; HttpOnly

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 46 KB
19 KB 26ms
6ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: mytracking.pl
URL: https://mytracking.pl/p/eRNE/fHFs/F0Gi?ml_sub1=82a0e2481bb22ab34b92c1a337366ddd-9794-0127

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://mytracking.pl/p/eRNE/fHFs/F0Gi?ml_sub1=82a0e2481bb22ab34b92c1a337366ddd-9794-0127
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 23 Oct 2020 03:00:57 GMT
server: Golfe2
age: 2532
date: Wed, 27 Jan 2021 12:26:19 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18817
expires: Wed, 27 Jan 2021 14:26:19 GMT

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 4 B
37 B 49ms
13ms XHR
text/plain 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j87&a=365593513&t=pageview&_s=1&dl=https%3A%2F%2Fmytracking.pl%2Fp%2FeRNE%2FfHFs%2FF0Gi%3Fml_sub1%3D82a0e2481bb22ab34b92c1a337366ddd-9794-0127&dr=http%3A%2F%2Falfik-fik.com%2Fzcredirect%3Fvisitid%3Dbf92b9b4-60a0-11eb-bed2-0a2004881401%26type%3Djs%26browserWidth%3D1600%26browserHeight%3D1200%26iframeDetected%3Dfalse&ul=en-us&de=UTF-8&dt=mytracking.pl&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=491751498&gjid=1490203040&cid=1660701507.1611752912&tid=UA-110090096-2&_gid=595711739.1611752912&_r=1&_slc=1&z=576032682

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://mytracking.pl/p/eRNE/fHFs/F0Gi?ml_sub1=82a0e2481bb22ab34b92c1a337366ddd-9794-0127
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 27 Jan 2021 13:08:32 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://mytracking.pl
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-Q050 200 collect
www.google-analytics.com/ 35 B
421 B 47ms
13ms Other
image/gif 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/collect

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://mytracking.pl/p/eRNE/fHFs/F0Gi?ml_sub1=82a0e2481bb22ab34b92c1a337366ddd-9794-0127
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 27 Jan 2021 13:08:32 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: https://mytracking.pl
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 finger
mytracking.pl/ 20 B
348 B 60ms
60ms XHR
application/json 2606:4700:3033::ac43:ad3a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mytracking.pl/finger
Requested by: Host: mytracking.pl
URL: https://mytracking.pl/js/03032020.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:ad3a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Device-Memory: 8
Referer: https://mytracking.pl/p/eRNE/fHFs/F0Gi?ml_sub1=82a0e2481bb22ab34b92c1a337366ddd-9794-0127
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 27 Jan 2021 13:08:32 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=d6kR%2Bkb3i5cUMv6xzRYHLJB%2B%2BRfarytwwifVQrymk0npXX90yFr3PRl3pYugP2xH6o0suaaMti5fT5wA3swlhRlFsl7Zluzm2AJwlAbI7FjdNlCWibObMVRg"}],"max_age":604800}
content-type: application/json
cache-control: no-cache, private
cf-ray: 6182b3f5992b2c4e-FRA
cf-request-id: 07e58ecd8000002c4e42341000000001

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
442 B 40ms
14ms XHR
text/plain 2a00:1450:400c:c00::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j87&tid=UA-110090096-2&cid=1660701507.1611752912&jid=491751498&gjid=1490203040&_gid=595711739.1611752912&_u=IEBAAEAAAAAAAC~&z=101386119

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://mytracking.pl/p/eRNE/fHFs/F0Gi?ml_sub1=82a0e2481bb22ab34b92c1a337366ddd-9794-0127
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 27 Jan 2021 13:08:32 GMT
content-type: text/plain
access-control-allow-origin: https://mytracking.pl
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK / Show response
grand-prise-ishere4.life/ 52 KB
53 KB 114ms
63ms Document
text/html 5.188.178.40
FASTCONTENT

General

Check archive.org

Show headers Download Go to

Full URL: https://grand-prise-ishere4.life/?u=kcdweky&o=cawpazh&cid=mlClick-x8xtRKjF&t=48878
Requested by: Host: mytracking.pl
URL: https://mytracking.pl/js/03032020.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 5.188.178.40 Bucharest, Romania, ASN209813 (FASTCONTENT, DE),
Reverse DNS
Software: nginx / ASP.NET
Resource Hash: 4f46eb4dc1a36ca827e94ad48b7bd37fa1bb9fb82a668c5eecb5c1a7b84f5789

Request headers

Host: grand-prise-ishere4.life
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
Referer: https://mytracking.pl/p/eRNE/fHFs/F0Gi?ml_sub1=82a0e2481bb22ab34b92c1a337366ddd-9794-0127
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://mytracking.pl/p/eRNE/fHFs/F0Gi?ml_sub1=82a0e2481bb22ab34b92c1a337366ddd-9794-0127

Response headers

Server: nginx
Date: Wed, 27 Jan 2021 13:08:32 GMT
Content-Type: text/html
Content-Length: 53419
Connection: keep-alive
cache-control: private
set-cookie: sid=t3~gq0xemor11frlp0eehtk3a1l; path=/ sid=t3~gq0xemor11frlp0eehtk3a1l; path=/ p1=https://feetwindyoung-9.live/0338843620/; path=/ s1=i7pu0i84war3xrxu; path=/
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
Cache-Control: no-transform

GET
H/1.1 200
OK load.html Show response
grand-prise-ishere4.life/media/mainstream/ Frame B24D 39 B
297 B 46ms
18ms Document
text/html 5.188.178.40
FASTCONTENT

General

Check archive.org

Show headers Download Go to

Full URL: https://grand-prise-ishere4.life/media/mainstream/load.html
Requested by: Host: grand-prise-ishere4.life
URL: https://grand-prise-ishere4.life/?u=kcdweky&o=cawpazh&cid=mlClick-x8xtRKjF&t=48878
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 5.188.178.40 Bucharest, Romania, ASN209813 (FASTCONTENT, DE),
Reverse DNS
Software: nginx /
Resource Hash: a7fe83ec64bb23eb28090598db3d166ed98e52e39d1afbbfd74c579553f93e4e

Request headers

Host: grand-prise-ishere4.life
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://grand-prise-ishere4.life/?u=kcdweky&o=cawpazh&cid=mlClick-x8xtRKjF&t=48878
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: sid=t3~gq0xemor11frlp0eehtk3a1l; p1=https://feetwindyoung-9.live/0338843620/; s1=i7pu0i84war3xrxu
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://grand-prise-ishere4.life/?u=kcdweky&o=cawpazh&cid=mlClick-x8xtRKjF&t=48878

Response headers

Server: nginx
Date: Wed, 27 Jan 2021 13:08:32 GMT
Content-Type: text/html
Content-Length: 39
Connection: keep-alive
Last-Modified: Fri, 25 Dec 2020 23:53:00 GMT
ETag: "5fe67b5c-27"
Cache-Control: no-transform
Accept-Ranges: bytes

GET
H/1.1 200
OK / Show response
feetwindyoung-9.live/0338843620/ 909 B
1 KB 112ms
73ms Document
text/html 5.189.217.35
FASTCONTENT

General

Check archive.org

Show headers Download Go to

Full URL: https://feetwindyoung-9.live/0338843620/?u=kcdweky&o=cawpazh&cid=mlClick-x8xtRKjF&t=48878&f=1&sid=t3~gq0xemor11frlp0eehtk3a1l&fp=86XpLZXRZWWl610OlrlicKOprA57TsqKdAN3JqwZ8WaSJ%2BiO2lFxVyyMIwktI9oQstJSIPRmDHR3M55Crc3Jr3xzNIIKXxKnH2qKoYfbkYK5RbdlrwuJ8HC%2BNHM2B%2BCTo%2F4nojO%2BPPDQ31OUnpoL8ZqSYEZmB7pN31yTBxN1Q99PB5h8Xtne2ws5t%2FI%2FWiVbqfNTQzZNu3BZK7XmECS9MDOp6D%2BtVSi14Olq3MAxMBcHVz6%2BaM04jZ02EPdnGgUip85MUymyWFB%2BWikCc1rXYyFWhm7OD0PNGcwpqlu0nUDj8P%2BQf8kjyD4ArYsYk6MuyQtw11M%2Bnxfnl5ebuEBBm6BbhIRfI%2FDQ5wUgWGtXuICsiiGynXrOCfNRvmGij8cUg85hmaXnhylhUJ8Dwv2wSTQkal2wLs%2FhCv6KBP%2F2SxfKzV%2FDzpNeL67J8%2B%2BbNnJneEMFzv0U3doshS2jADAd157S1uFW6w322W6bWxXzdQm%2FmZM1bhpQoiu4L46jntJNFmEJmpAkpVxaOidpeVKzNN7rBYmOyQCbQpUUZTb%2BM0JMIhPdmfVOq6DA4RTs%2F%2B3%2BXNZUFiPJOJ0itKdGRCTZeW1GW0G%2FhkprpgOjDsI%2FOI372om8sCnxqt%2FsVyYzDt4F7nwSm2pu5zd617q2EM0OMgB7KfMnY2o9rO1zeGK2rnD%2FSEfM9NzkXxRY7BCjcuqFZXUyVOtHzQsB%2BkjTFzMGTFd5UQH8vXUieYENE917%2FeXE7VbaBSXxePjMq0N5uoYr8%2Fp53BP5TZ9sMKE6lRHplCIb0pTZOo5ptvU9%2Bn1Vyvv56RwvmnEmj6Q3JeeL%2Fpzix7ed5l%2Bqdjkjtlh%2FI6STaQnmLlJoCNfPtffFIqAXpRaR1yZeuNrTRSkkBXGMyWUgRnE%2F%2Fhhj4PC7jGT9uaPG00RyQloYBAnEWZT7lciHePRX2DJsPuBEQSs3nbDM6cAOOmRBpF%2BUG53TKz3pASnTSuAezBddArxzUSLURykQOrlh65dbo6Ljye1HjJ99bloKGfw4HmyZ3p%2B9RL22XvjwpDx%2FqA7qzfz6tQajYf0ua3q3%2FYMlR3G1VQJBXYH1ll%2BiaVbdtoqvuQQoHzuzc2Uetm7%2BfM2pWOR1qOaPa%2B0BgBWO%2FyaWMzG7OuIVGHXTrkk6KSHWnIIR2FLtWvA%2B6cNCFkCFuyP1apKmf4WjZEF9KQ%2F9BVXzdSm0pljt7qvfccSbc1NPe3f79hPeQtIAqTrrKUsUAyRV8Me5asyKn8gtC4%2BEFHWPCkOcG0LLAkgPjTeXdF7z28kizLdVqi7%2FurIez%2FZbvUvJ%2B4CdW4tcJTI7vIbtyvqFKkb8Pmc2OefwxaS6W%2B6m%2F6Vm4pPA8m41JPmvLHFtq60lSlT0bxOenElnA%2F5Wzirugs6EkAePTIxW5f9sOH%2B6It1iZPpeorZ13Lq7qQXT6hB63AlkXsd96GcRODc%3D
Requested by: Host: grand-prise-ishere4.life
URL: https://grand-prise-ishere4.life/?u=kcdweky&o=cawpazh&cid=mlClick-x8xtRKjF&t=48878
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 5.189.217.35 Bucharest, Romania, ASN209813 (FASTCONTENT, DE),
Reverse DNS
Software: nginx / ASP.NET
Resource Hash: b60ff90317622a770085f05a2be3d6ab7f0728bedc309f1d30c425d823c04609

Request headers

Host: feetwindyoung-9.live
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
Referer: https://grand-prise-ishere4.life/?u=kcdweky&o=cawpazh&cid=mlClick-x8xtRKjF&t=48878
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://grand-prise-ishere4.life/?u=kcdweky&o=cawpazh&cid=mlClick-x8xtRKjF&t=48878

Response headers

Server: nginx
Date: Wed, 27 Jan 2021 13:08:32 GMT
Content-Type: text/html
Content-Length: 909
Connection: keep-alive
cache-control: private
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
Cache-Control: no-transform

GET
H/1.1

200
OK

away.php Show response
universal-mobileapp-inventory.net/
Redirect Chain

https://feetwindyoung-9.live/web/?sid=t3~gq0xemor11frlp0eehtk3a1l
https://universal-mobileapp-inventory.net/?url=I4WHKFughjJnh4P2Hz2GP96qcIiCoSQowUDFCSSQxFC89YTitctorv7m%2frWU0uPm%2buuGuWe7Xj%2bMH0ITObQA37gscBl9utevK2PscoOskN7Ckun6Vs2rDcP6yBc66Eagla228CxS%2bpDcsG...
https://universal-mobileapp-inventory.net/away.php

344 B
572 B

20ms
19ms

Document
text/html

185.50.248.98
FASTCONTENT

General

Check archive.org

Show headers Download Go to

Full URL: https://universal-mobileapp-inventory.net/away.php
Requested by: Host: feetwindyoung-9.live
URL: https://feetwindyoung-9.live/0338843620/?u=kcdweky&o=cawpazh&cid=mlClick-x8xtRKjF&t=48878&f=1&sid=t3~gq0xemor11frlp0eehtk3a1l&fp=86XpLZXRZWWl610OlrlicKOprA57TsqKdAN3JqwZ8WaSJ%2BiO2lFxVyyMIwktI9oQstJSIPRmDHR3M55Crc3Jr3xzNIIKXxKnH2qKoYfbkYK5RbdlrwuJ8HC%2BNHM2B%2BCTo%2F4nojO%2BPPDQ31OUnpoL8ZqSYEZmB7pN31yTBxN1Q99PB5h8Xtne2ws5t%2FI%2FWiVbqfNTQzZNu3BZK7XmECS9MDOp6D%2BtVSi14Olq3MAxMBcHVz6%2BaM04jZ02EPdnGgUip85MUymyWFB%2BWikCc1rXYyFWhm7OD0PNGcwpqlu0nUDj8P%2BQf8kjyD4ArYsYk6MuyQtw11M%2Bnxfnl5ebuEBBm6BbhIRfI%2FDQ5wUgWGtXuICsiiGynXrOCfNRvmGij8cUg85hmaXnhylhUJ8Dwv2wSTQkal2wLs%2FhCv6KBP%2F2SxfKzV%2FDzpNeL67J8%2B%2BbNnJneEMFzv0U3doshS2jADAd157S1uFW6w322W6bWxXzdQm%2FmZM1bhpQoiu4L46jntJNFmEJmpAkpVxaOidpeVKzNN7rBYmOyQCbQpUUZTb%2BM0JMIhPdmfVOq6DA4RTs%2F%2B3%2BXNZUFiPJOJ0itKdGRCTZeW1GW0G%2FhkprpgOjDsI%2FOI372om8sCnxqt%2FsVyYzDt4F7nwSm2pu5zd617q2EM0OMgB7KfMnY2o9rO1zeGK2rnD%2FSEfM9NzkXxRY7BCjcuqFZXUyVOtHzQsB%2BkjTFzMGTFd5UQH8vXUieYENE917%2FeXE7VbaBSXxePjMq0N5uoYr8%2Fp53BP5TZ9sMKE6lRHplCIb0pTZOo5ptvU9%2Bn1Vyvv56RwvmnEmj6Q3JeeL%2Fpzix7ed5l%2Bqdjkjtlh%2FI6STaQnmLlJoCNfPtffFIqAXpRaR1yZeuNrTRSkkBXGMyWUgRnE%2F%2Fhhj4PC7jGT9uaPG00RyQloYBAnEWZT7lciHePRX2DJsPuBEQSs3nbDM6cAOOmRBpF%2BUG53TKz3pASnTSuAezBddArxzUSLURykQOrlh65dbo6Ljye1HjJ99bloKGfw4HmyZ3p%2B9RL22XvjwpDx%2FqA7qzfz6tQajYf0ua3q3%2FYMlR3G1VQJBXYH1ll%2BiaVbdtoqvuQQoHzuzc2Uetm7%2BfM2pWOR1qOaPa%2B0BgBWO%2FyaWMzG7OuIVGHXTrkk6KSHWnIIR2FLtWvA%2B6cNCFkCFuyP1apKmf4WjZEF9KQ%2F9BVXzdSm0pljt7qvfccSbc1NPe3f79hPeQtIAqTrrKUsUAyRV8Me5asyKn8gtC4%2BEFHWPCkOcG0LLAkgPjTeXdF7z28kizLdVqi7%2FurIez%2FZbvUvJ%2B4CdW4tcJTI7vIbtyvqFKkb8Pmc2OefwxaS6W%2B6m%2F6Vm4pPA8m41JPmvLHFtq60lSlT0bxOenElnA%2F5Wzirugs6EkAePTIxW5f9sOH%2B6It1iZPpeorZ13Lq7qQXT6hB63AlkXsd96GcRODc%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 185.50.248.98 Haarlem, Netherlands, ASN209813 (FASTCONTENT, DE),
Reverse DNS
Software: nginx /
Resource Hash: 432cafa32617193c1d4e40d08298c51e68f2a047252fc5e22a295d35f5f767f1

Request headers

Host: universal-mobileapp-inventory.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
Referer: https://feetwindyoung-9.live/0338843620/?u=kcdweky&o=cawpazh&cid=mlClick-x8xtRKjF&t=48878&f=1&sid=t3~gq0xemor11frlp0eehtk3a1l&fp=86XpLZXRZWWl610OlrlicKOprA57TsqKdAN3JqwZ8WaSJ%2BiO2lFxVyyMIwktI9oQstJSIPRmDHR3M55Crc3Jr3xzNIIKXxKnH2qKoYfbkYK5RbdlrwuJ8HC%2BNHM2B%2BCTo%2F4nojO%2BPPDQ31OUnpoL8ZqSYEZmB7pN31yTBxN1Q99PB5h8Xtne2ws5t%2FI%2FWiVbqfNTQzZNu3BZK7XmECS9MDOp6D%2BtVSi14Olq3MAxMBcHVz6%2BaM04jZ02EPdnGgUip85MUymyWFB%2BWikCc1rXYyFWhm7OD0PNGcwpqlu0nUDj8P%2BQf8kjyD4ArYsYk6MuyQtw11M%2Bnxfnl5ebuEBBm6BbhIRfI%2FDQ5wUgWGtXuICsiiGynXrOCfNRvmGij8cUg85hmaXnhylhUJ8Dwv2wSTQkal2wLs%2FhCv6KBP%2F2SxfKzV%2FDzpNeL67J8%2B%2BbNnJneEMFzv0U3doshS2jADAd157S1uFW6w322W6bWxXzdQm%2FmZM1bhpQoiu4L46jntJNFmEJmpAkpVxaOidpeVKzNN7rBYmOyQCbQpUUZTb%2BM0JMIhPdmfVOq6DA4RTs%2F%2B3%2BXNZUFiPJOJ0itKdGRCTZeW1GW0G%2FhkprpgOjDsI%2FOI372om8sCnxqt%2FsVyYzDt4F7nwSm2pu5zd617q2EM0OMgB7KfMnY2o9rO1zeGK2rnD%2FSEfM9NzkXxRY7BCjcuqFZXUyVOtHzQsB%2BkjTFzMGTFd5UQH8vXUieYENE917%2FeXE7VbaBSXxePjMq0N5uoYr8%2Fp53BP5TZ9sMKE6lRHplCIb0pTZOo5ptvU9%2Bn1Vyvv56RwvmnEmj6Q3JeeL%2Fpzix7ed5l%2Bqdjkjtlh%2FI6STaQnmLlJoCNfPtffFIqAXpRaR1yZeuNrTRSkkBXGMyWUgRnE%2F%2Fhhj4PC7jGT9uaPG00RyQloYBAnEWZT7lciHePRX2DJsPuBEQSs3nbDM6cAOOmRBpF%2BUG53TKz3pASnTSuAezBddArxzUSLURykQOrlh65dbo6Ljye1HjJ99bloKGfw4HmyZ3p%2B9RL22XvjwpDx%2FqA7qzfz6tQajYf0ua3q3%2FYMlR3G1VQJBXYH1ll%2BiaVbdtoqvuQQoHzuzc2Uetm7%2BfM2pWOR1qOaPa%2B0BgBWO%2FyaWMzG7OuIVGHXTrkk6KSHWnIIR2FLtWvA%2B6cNCFkCFuyP1apKmf4WjZEF9KQ%2F9BVXzdSm0pljt7qvfccSbc1NPe3f79hPeQtIAqTrrKUsUAyRV8Me5asyKn8gtC4%2BEFHWPCkOcG0LLAkgPjTeXdF7z28kizLdVqi7%2FurIez%2FZbvUvJ%2B4CdW4tcJTI7vIbtyvqFKkb8Pmc2OefwxaS6W%2B6m%2F6Vm4pPA8m41JPmvLHFtq60lSlT0bxOenElnA%2F5Wzirugs6EkAePTIxW5f9sOH%2B6It1iZPpeorZ13Lq7qQXT6hB63AlkXsd96GcRODc%3D
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: PHPSESSID=8q8g847qig23oqgvs8jhlcate2
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://feetwindyoung-9.live/0338843620/?u=kcdweky&o=cawpazh&cid=mlClick-x8xtRKjF&t=48878&f=1&sid=t3~gq0xemor11frlp0eehtk3a1l&fp=86XpLZXRZWWl610OlrlicKOprA57TsqKdAN3JqwZ8WaSJ%2BiO2lFxVyyMIwktI9oQstJSIPRmDHR3M55Crc3Jr3xzNIIKXxKnH2qKoYfbkYK5RbdlrwuJ8HC%2BNHM2B%2BCTo%2F4nojO%2BPPDQ31OUnpoL8ZqSYEZmB7pN31yTBxN1Q99PB5h8Xtne2ws5t%2FI%2FWiVbqfNTQzZNu3BZK7XmECS9MDOp6D%2BtVSi14Olq3MAxMBcHVz6%2BaM04jZ02EPdnGgUip85MUymyWFB%2BWikCc1rXYyFWhm7OD0PNGcwpqlu0nUDj8P%2BQf8kjyD4ArYsYk6MuyQtw11M%2Bnxfnl5ebuEBBm6BbhIRfI%2FDQ5wUgWGtXuICsiiGynXrOCfNRvmGij8cUg85hmaXnhylhUJ8Dwv2wSTQkal2wLs%2FhCv6KBP%2F2SxfKzV%2FDzpNeL67J8%2B%2BbNnJneEMFzv0U3doshS2jADAd157S1uFW6w322W6bWxXzdQm%2FmZM1bhpQoiu4L46jntJNFmEJmpAkpVxaOidpeVKzNN7rBYmOyQCbQpUUZTb%2BM0JMIhPdmfVOq6DA4RTs%2F%2B3%2BXNZUFiPJOJ0itKdGRCTZeW1GW0G%2FhkprpgOjDsI%2FOI372om8sCnxqt%2FsVyYzDt4F7nwSm2pu5zd617q2EM0OMgB7KfMnY2o9rO1zeGK2rnD%2FSEfM9NzkXxRY7BCjcuqFZXUyVOtHzQsB%2BkjTFzMGTFd5UQH8vXUieYENE917%2FeXE7VbaBSXxePjMq0N5uoYr8%2Fp53BP5TZ9sMKE6lRHplCIb0pTZOo5ptvU9%2Bn1Vyvv56RwvmnEmj6Q3JeeL%2Fpzix7ed5l%2Bqdjkjtlh%2FI6STaQnmLlJoCNfPtffFIqAXpRaR1yZeuNrTRSkkBXGMyWUgRnE%2F%2Fhhj4PC7jGT9uaPG00RyQloYBAnEWZT7lciHePRX2DJsPuBEQSs3nbDM6cAOOmRBpF%2BUG53TKz3pASnTSuAezBddArxzUSLURykQOrlh65dbo6Ljye1HjJ99bloKGfw4HmyZ3p%2B9RL22XvjwpDx%2FqA7qzfz6tQajYf0ua3q3%2FYMlR3G1VQJBXYH1ll%2BiaVbdtoqvuQQoHzuzc2Uetm7%2BfM2pWOR1qOaPa%2B0BgBWO%2FyaWMzG7OuIVGHXTrkk6KSHWnIIR2FLtWvA%2B6cNCFkCFuyP1apKmf4WjZEF9KQ%2F9BVXzdSm0pljt7qvfccSbc1NPe3f79hPeQtIAqTrrKUsUAyRV8Me5asyKn8gtC4%2BEFHWPCkOcG0LLAkgPjTeXdF7z28kizLdVqi7%2FurIez%2FZbvUvJ%2B4CdW4tcJTI7vIbtyvqFKkb8Pmc2OefwxaS6W%2B6m%2F6Vm4pPA8m41JPmvLHFtq60lSlT0bxOenElnA%2F5Wzirugs6EkAePTIxW5f9sOH%2B6It1iZPpeorZ13Lq7qQXT6hB63AlkXsd96GcRODc%3D

Response headers

Server: nginx
Date: Wed, 27 Jan 2021 13:08:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Encoding: gzip

Redirect headers

Server: nginx
Date: Wed, 27 Jan 2021 13:08:32 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=8q8g847qig23oqgvs8jhlcate2; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: /away.php

GET
H2 200 / Show response
get.bestdeal2060.info/ 3 KB
2 KB 328ms
108ms Document
text/html 67.212.184.146
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://get.bestdeal2060.info/?utm_medium=593d75f27d437562cfb360c43159d12cbeef5418&utm_campaign=m&cid=6b30805e-96cf-4270-9a50-b9957626e02a&np=1

Requested by

Host: universal-mobileapp-inventory.net
URL: https://universal-mobileapp-inventory.net/away.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

67.212.184.146 Chicago, United States, ASN32475 (SINGLEHOP-LLC, US),

Reverse DNS

server04.com-2.mobi

Software

nginx / PHP/7.4.10

Resource Hash

522e7fd607c1658af694ab1bf8d7a522a798ba1805536dc2680252bf0424c955

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;

Request headers

:method: GET
:authority: get.bestdeal2060.info
:scheme: https
:path: /?utm_medium=593d75f27d437562cfb360c43159d12cbeef5418&utm_campaign=m&cid=6b30805e-96cf-4270-9a50-b9957626e02a&np=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

server: nginx
date: Wed, 27 Jan 2021 13:08:33 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.10
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
set-cookie: u=d4e44e2c1bc0529ccaa57ca71747bd74; expires=Thu, 27-Jan-2022 13:08:33 GMT; Max-Age=31536000; path=/
strict-transport-security: max-age=31536000; includeSubdomains;
content-encoding: gzip

GET
H2 200 / Show response
get.bestdeal2060.info/ 6 KB
2 KB 115ms
114ms Document
text/html 67.212.184.146
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://get.bestdeal2060.info/?utm_term=6922426050584510505&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb5b081b78784b49a9b98f5fff1f8eef1f2e0f4bbe7e6fc878a9a90eedeecaa8d8c878d83c7ad8b99d5f8cbcaffcec9f2f3f085848291f5cafac8f8f8fffccdf3f1f0f1c6c7c45f

Requested by

Host: get.bestdeal2060.info
URL: https://get.bestdeal2060.info/?utm_medium=593d75f27d437562cfb360c43159d12cbeef5418&utm_campaign=m&cid=6b30805e-96cf-4270-9a50-b9957626e02a&np=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

67.212.184.146 Chicago, United States, ASN32475 (SINGLEHOP-LLC, US),

Reverse DNS

server04.com-2.mobi

Software

nginx / PHP/7.4.10

Resource Hash

592c03a9486c97323c4aeb6d7d84a7ab4d6dbd910352e5c4a96b30b203c052da

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;

Request headers

:method: GET
:authority: get.bestdeal2060.info
:scheme: https
:path: /?utm_term=6922426050584510505&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb5b081b78784b49a9b98f5fff1f8eef1f2e0f4bbe7e6fc878a9a90eedeecaa8d8c878d83c7ad8b99d5f8cbcaffcec9f2f3f085848291f5cafac8f8f8fffccdf3f1f0f1c6c7c45f
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://get.bestdeal2060.info/?utm_medium=593d75f27d437562cfb360c43159d12cbeef5418&utm_campaign=m&cid=6b30805e-96cf-4270-9a50-b9957626e02a&np=1
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: u=d4e44e2c1bc0529ccaa57ca71747bd74
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://get.bestdeal2060.info/?utm_medium=593d75f27d437562cfb360c43159d12cbeef5418&utm_campaign=m&cid=6b30805e-96cf-4270-9a50-b9957626e02a&np=1

Response headers

server: nginx
date: Wed, 27 Jan 2021 13:08:33 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.10
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubdomains;
content-encoding: gzip

GET proc.php
get.bestdeal2060.info/ 0
0

GET
H/1.1

200
OK

Fdvxi6bMizRfzBaoKeJskUuSwSuWnCOsbuWeA2O16AJGOlFAAqm8dIto5kgJj8p95leVuiEZZPfLDQNnOLWrHKC8PR8JlRHwHjr3Nx5F.Ti_ruKW.WqnS0X8oeVHhcKlSMN_xMnssvNGje9nNV079V2NJb9S0amZlz4HQerb4PWZBCyA079hB.Th0bvyBdI0bMC5r... Show response
click4fun.icu/h/
Redirect Chain

https://get.bestdeal2060.info/proc.php?2bc76c172255ce94f85030cb41627939dc9cc22f
https://click4fun.icu/i/33153?cid=M6922426050584510505&var1=1314&var2=1314-5ecd6faz
https://click4fun.icu/h/Fdvxi6bMizRfzBaoKeJskUuSwSuWnCOsbuWeA2O16AJGOlFAAqm8dIto5kgJj8p95leVuiEZZPfLDQNnOLWrHKC8PR8JlRHwHjr3Nx5F.Ti_ruKW.WqnS0X8oeVHhcKlSMN_xMnssvNGje9nNV079V2NJb9S0amZlz4HQerb4PWZB...

872 B
663 B

14ms
13ms

Document
text/html

95.211.26.199
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://click4fun.icu/h/Fdvxi6bMizRfzBaoKeJskUuSwSuWnCOsbuWeA2O16AJGOlFAAqm8dIto5kgJj8p95leVuiEZZPfLDQNnOLWrHKC8PR8JlRHwHjr3Nx5F.Ti_ruKW.WqnS0X8oeVHhcKlSMN_xMnssvNGje9nNV079V2NJb9S0amZlz4HQerb4PWZBCyA079hB.Th0bvyBdI0bMC5rx8ZxduNEk.HTzQgiAqq.qqqq.qq
Requested by: Host: get.bestdeal2060.info
URL: https://get.bestdeal2060.info/?utm_term=6922426050584510505&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb5b081b78784b49a9b98f5fff1f8eef1f2e0f4bbe7e6fc878a9a90eedeecaa8d8c878d83c7ad8b99d5f8cbcaffcec9f2f3f085848291f5cafac8f8f8fffccdf3f1f0f1c6c7c45f
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_CBC
Server: 95.211.26.199 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx /
Resource Hash: 81e995d490fc898e506f09053469707daf069bccb8372785a76760ff933b79a1

Request headers

Host: click4fun.icu
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
Referer: https://get.bestdeal2060.info/?utm_term=6922426050584510505&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb5b081b78784b49a9b98f5fff1f8eef1f2e0f4bbe7e6fc878a9a90eedeecaa8d8c878d83c7ad8b99d5f8cbcaffcec9f2f3f085848291f5cafac8f8f8fffccdf3f1f0f1c6c7c45f
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: TRK_TRG=eJxjYGBgEmEXZMosEOQzNtczNDLQMzI01zMyMhBkTk%2FNF2QK8hfkLkpNz8zPi0%2FOT0llEORMziyphLKZM4sLBMWDU5NLi1IVXBJLEhWCK4tLUnOLFYKDfAT58lJL4osLUlNTwMp5BTkyi%2BMLivIrKtkYAd%2FdIXQ%3D; TRK_TRU2=eJxjYGBgEuEQZC5NNBVUMDdMSzM1SU1KSUkyTDWwNEhLSjM0N06xNEs1MjYxSrYQZE0qSsxL4RVkzc1PSc3hFeRKKsovL04tis9MYWMU5IfxylKLijPz83gcQg4wgIAga34xSAm7IBeQAZdVcV8nUvXQQ5A7JbUsMzk1vqSyIJWNEQAB7ymP; trk_cpa_pixel=c23e8dc0-60a0-11eb-bab8-59599850fb62
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://get.bestdeal2060.info/?utm_term=6922426050584510505&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb5b081b78784b49a9b98f5fff1f8eef1f2e0f4bbe7e6fc878a9a90eedeecaa8d8c878d83c7ad8b99d5f8cbcaffcec9f2f3f085848291f5cafac8f8f8fffccdf3f1f0f1c6c7c45f#

Response headers

Server: nginx
Date: Wed, 27 Jan 2021 13:08:33 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Content-Encoding: gzip
Vary: Accept-Encoding

Redirect headers

Server: nginx
Date: Wed, 27 Jan 2021 13:08:33 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Set-Cookie: TRK_TRG=eJxjYGBgEmEXZMosEOQzNtczNDLQMzI01zMyMhBkTk%2FNF2QK8hfkLkpNz8zPi0%2FOT0llEORMziyphLKZM4sLBMWDU5NLi1IVXBJLEhWCK4tLUnOLFYKDfAT58lJL4osLUlNTwMp5BTkyi%2BMLivIrKtkYAd%2FdIXQ%3D; expires=Thu, 28-Jan-2021 13:08:33 GMT; Max-Age=86400; path=/ TRK_TRU2=eJxjYGBgEuEQZC5NNBVUMDdMSzM1SU1KSUkyTDWwNEhLSjM0N06xNEs1MjYxSrYQZE0qSsxL4RVkzc1PSc3hFeRKKsovL04tis9MYWMU5IfxylKLijPz83gcQg4wgIAga34xSAm7IBeQAZdVcV8nUvXQQ5A7JbUsMzk1vqSyIJWNEQAB7ymP; expires=Thu, 28-Jan-2021 13:08:33 GMT; Max-Age=86400; path=/ trk_cpa_pixel=c23e8dc0-60a0-11eb-bab8-59599850fb62; expires=Sun, 28-Mar-2021 13:08:33 GMT; Max-Age=5184000; path=/
Location: https://click4fun.icu/h/Fdvxi6bMizRfzBaoKeJskUuSwSuWnCOsbuWeA2O16AJGOlFAAqm8dIto5kgJj8p95leVuiEZZPfLDQNnOLWrHKC8PR8JlRHwHjr3Nx5F.Ti_ruKW.WqnS0X8oeVHhcKlSMN_xMnssvNGje9nNV079V2NJb9S0amZlz4HQerb4PWZBCyA079hB.Th0bvyBdI0bMC5rx8ZxduNEk.HTzQgiAqq.qqqq.qq
Content-Encoding: gzip
Vary: Accept-Encoding

GET
H2

200

Primary Request / Show response
1xslot4.com/registration/
Redirect Chain

http://refpaqutiu.top/L?tag=d_610075m_8949c_&site=610075&ad=8949&r=registration
https://refpaqutiu.top/L?tag=d_610075m_8949c_&site=610075&ad=8949&r=registration
https://1xslot4.com/registration?tag=d_610075m_8949c_
https://1xslot4.com/registration/?tag=d_610075m_8949c_

127 KB
48 KB

162ms
162ms

Document
text/html

83.147.204.217
SGHL1-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://1xslot4.com/registration/?tag=d_610075m_8949c_

Requested by

Host: click4fun.icu
URL: https://click4fun.icu/h/Fdvxi6bMizRfzBaoKeJskUuSwSuWnCOsbuWeA2O16AJGOlFAAqm8dIto5kgJj8p95leVuiEZZPfLDQNnOLWrHKC8PR8JlRHwHjr3Nx5F.Ti_ruKW.WqnS0X8oeVHhcKlSMN_xMnssvNGje9nNV079V2NJb9S0amZlz4HQerb4PWZBCyA079hB.Th0bvyBdI0bMC5rx8ZxduNEk.HTzQgiAqq.qqqq.qq

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

83.147.204.217 , Seychelles, ASN202492 (SGHL1-AS, NL),

Reverse DNS

Software

nginx /

Resource Hash

ad0fa40d47db3d4a811834e22c89b7874db071e81354e7a341b255992639bacd

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN

Request headers

:method: GET
:authority: 1xslot4.com
:scheme: https
:path: /registration/?tag=d_610075m_8949c_
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: SESSION=fa218a0e708437dd27e52a0583857ec5; lng=en; flaglng=en; dnb=1; _glhf=1611770689; auid=U5PM2WARZdFaDYPyAw2MAg==
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://click4fun.icu/h/Fdvxi6bMizRfzBaoKeJskUuSwSuWnCOsbuWeA2O16AJGOlFAAqm8dIto5kgJj8p95leVuiEZZPfLDQNnOLWrHKC8PR8JlRHwHjr3Nx5F.Ti_ruKW.WqnS0X8oeVHhcKlSMN_xMnssvNGje9nNV079V2NJb9S0amZlz4HQerb4PWZBCyA079hB.Th0bvyBdI0bMC5rx8ZxduNEk.HTzQgiAqq.qqqq.qq

Response headers

server: nginx
date: Wed, 27 Jan 2021 13:08:33 GMT
content-type: text/html; charset=utf-8
content-length: 48410
x-frame-options: SAMEORIGIN
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: lng=en; expires=Fri, 26-Feb-2021 13:08:33 GMT; Max-Age=2592000; path=/ flaglng=en; expires=Fri, 26-Feb-2021 13:08:33 GMT; Max-Age=2592000; path=/ _glhf=1611770689; expires=Wed, 27-Jan-2021 14:08:33 GMT; Max-Age=3600; path=/ disallow_sport=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; HttpOnly visit=1-53932a52897a935dcf815015f5a4d3f4; path=/; HttpOnly referral_values=%7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_610075m_8949c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%2C%22ref_partner_id%22%3Anull%2C%22bw_%22%3Anull%7D%7D; expires=Sun, 28-Mar-2021 13:08:33 GMT; Max-Age=5184000; path=/; HttpOnly reflinkid=d_610075m_8949c_; expires=Wed, 27-Jan-2021 14:08:33 GMT; Max-Age=3600; path=/; HttpOnly
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=63072000; includeSubDomains; preload

Redirect headers

server: nginx
date: Wed, 27 Jan 2021 13:08:33 GMT
content-type: text/html; charset=utf-8
content-length: 0
x-frame-options: SAMEORIGIN
set-cookie: SESSION=fa218a0e708437dd27e52a0583857ec5; path=/; secure; HttpOnly; SameSite=Lax lng=en; expires=Fri, 26-Feb-2021 13:08:33 GMT; Max-Age=2592000; path=/ flaglng=en; expires=Fri, 26-Feb-2021 13:08:33 GMT; Max-Age=2592000; path=/ dnb=1; expires=Wed, 27-Jan-2021 14:08:33 GMT; Max-Age=3600; path=/ _glhf=1611770689; expires=Wed, 27-Jan-2021 14:08:33 GMT; Max-Age=3600; path=/ auid=U5PM2WARZdFaDYPyAw2MAg==; expires=Thu, 27-Jan-22 13:08:33 GMT; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
location: /registration/?tag=d_610075m_8949c_
strict-transport-security: max-age=63072000; includeSubDomains; preload

GET
H2 200 css
fonts.googleapis.com/ 14 KB
1 KB 15ms
15ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:Roboto:300,300i,400,400i,500,500i,700,700i&subset=cyrillic-ext,latin-ext

Requested by

Host: 1xslot4.com
URL: https://1xslot4.com/registration/?tag=d_610075m_8949c_

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8269488e31ceafd9af41286b49000779d6a639f66ed7f57d9dc976245a2ad7bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 27 Jan 2021 13:01:07 GMT
server: ESF
date: Wed, 27 Jan 2021 13:08:33 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 27 Jan 2021 13:08:33 GMT

GET
H2 200 jquery.min.js Show response
v2l.cdnsfree.com/vendor/jquery/dist/ 84 KB
34 KB 60ms
35ms Script
application/javascript 67.27.234.122
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://v2l.cdnsfree.com/vendor/jquery/dist/jquery.min.js
Requested by: Host: 1xslot4.com
URL: https://1xslot4.com/registration/?tag=d_610075m_8949c_
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.234.122 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx /
Resource Hash: 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Request headers

Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:08:33 GMT
content-encoding: gzip
last-modified: Fri, 20 May 2016 17:24:43 GMT
server: nginx
age: 3343
etag: W/"573f485b-14e4a"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
content-length: 34834
expires: Wed, 27 Jan 2021 13:13:00 GMT

GET
H2 200 dictionary_2e54457ecc61395f308f12db77264498.js Show response
v2l.cdnsfree.com/genfiles/web-app-v2/dictionary/prod/main/en/ 40 KB
17 KB 41ms
15ms Script
application/javascript 67.27.234.122
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://v2l.cdnsfree.com/genfiles/web-app-v2/dictionary/prod/main/en/dictionary_2e54457ecc61395f308f12db77264498.js
Requested by: Host: 1xslot4.com
URL: https://1xslot4.com/registration/?tag=d_610075m_8949c_
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.234.122 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx /
Resource Hash: a5e872f01c525daf3aee6fdd95835e72eecf6a7094d0027f1b27a72c6cf0709d

Request headers

Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:08:33 GMT
content-encoding: gzip
last-modified: Wed, 27 Jan 2021 09:54:03 GMT
server: nginx
age: 11669
etag: W/"2e54457ecc61395f308f12db77264498"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=86400
x-rgw-object-type: Normal
accept-ranges: bytes
content-length: 17457
expires: Thu, 28 Jan 2021 09:54:06 GMT

GET
H2 200 main.a1d3cbcfefe13bddc0198223750814f6.css
v2l.cdnsfree.com/styles/css/registration/partners/xcasino/ 94 KB
16 KB 54ms
29ms Stylesheet
text/css 67.27.234.122
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://v2l.cdnsfree.com/styles/css/registration/partners/xcasino/main.a1d3cbcfefe13bddc0198223750814f6.css
Requested by: Host: 1xslot4.com
URL: https://1xslot4.com/registration/?tag=d_610075m_8949c_
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.234.122 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx /
Resource Hash: 49c4973d5c5f1fd2e00bc461a184241ccb6b93433576fa3ee1c6b851ce4c1814

Request headers

Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:08:33 GMT
content-encoding: gzip
last-modified: Thu, 24 Dec 2020 12:16:44 GMT
server: nginx
age: 783695
etag: W/"5fe486ac-17882"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 16092
expires: Mon, 22 Feb 2021 12:24:09 GMT

GET
H2 200 main.3d1dcd58d9a970c4e1760a1fa08187ee.css
v2l.cdnsfree.com/styles/css/c-bottom-msg/ 2 KB
941 B 33ms
8ms Stylesheet
text/css 67.27.234.122
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://v2l.cdnsfree.com/styles/css/c-bottom-msg/main.3d1dcd58d9a970c4e1760a1fa08187ee.css
Requested by: Host: 1xslot4.com
URL: https://1xslot4.com/registration/?tag=d_610075m_8949c_
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.234.122 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx /
Resource Hash: c314484ddc606ad232b879518bdae64b20387c4d21bccf9eec3c2972a0ce6089

Request headers

Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:08:33 GMT
content-encoding: gzip
last-modified: Wed, 11 Mar 2020 14:29:14 GMT
server: nginx
age: 101955
etag: W/"5e68f5ba-713"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 682
expires: Thu, 25 Feb 2021 08:49:18 GMT

GET
H2 200 main.1ca24414f0a074fcd12a14f0d900ebfd.css
v2l.cdnsfree.com/styles/css/arctic-modal/partners/xcasino/ 5 KB
2 KB 34ms
9ms Stylesheet
text/css 67.27.234.122
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://v2l.cdnsfree.com/styles/css/arctic-modal/partners/xcasino/main.1ca24414f0a074fcd12a14f0d900ebfd.css
Requested by: Host: 1xslot4.com
URL: https://1xslot4.com/registration/?tag=d_610075m_8949c_
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.234.122 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx /
Resource Hash: dcdf87dd63632d4e03c5dce2746baecfbf9631fdd49952c29891baffbdda3ccf

Request headers

Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:08:33 GMT
content-encoding: gzip
last-modified: Fri, 13 Nov 2020 08:49:21 GMT
server: nginx
age: 1311279
etag: W/"5fae4891-14cf"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 1784
expires: Thu, 11 Feb 2021 08:53:54 GMT

GET
H2 200 webpack_vue.8ee225986bca33a47ba1.css
v2l.cdnsfree.com/bundle/app/Default/Desktop/ 11 KB
11 KB 33ms
8ms Stylesheet
text/css 67.27.234.122
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://v2l.cdnsfree.com/bundle/app/Default/Desktop/webpack_vue.8ee225986bca33a47ba1.css
Requested by: Host: 1xslot4.com
URL: https://1xslot4.com/registration/?tag=d_610075m_8949c_
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.234.122 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx /
Resource Hash: 52ad69eeed151c569a041ecb2f4e0be841ab9a8cd88e0e636a32cc89ac0bb493

Request headers

Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:08:33 GMT
last-modified: Thu, 31 Dec 2020 11:17:25 GMT
server: nginx
age: 2016481
etag: "5fedb345-2ae1"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 10977
expires: Wed, 03 Feb 2021 08:22:04 GMT

GET
H2 200 main.5474d8d2074eaca33687c927690e014a.css
v2l.cdnsfree.com/styles/css/information/partners/xcasino/ 10 KB
2 KB 33ms
9ms Stylesheet
text/css 67.27.234.122
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://v2l.cdnsfree.com/styles/css/information/partners/xcasino/main.5474d8d2074eaca33687c927690e014a.css
Requested by: Host: 1xslot4.com
URL: https://1xslot4.com/registration/?tag=d_610075m_8949c_
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.234.122 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx /
Resource Hash: 161ae7d6dca16bb15ec12301f5550bd7b9ee70f09cb4697b924d36db6aed620b

Request headers

Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:08:33 GMT
content-encoding: gzip
last-modified: Thu, 19 Nov 2020 14:42:51 GMT
server: nginx
age: 734933
etag: W/"5fb6846b-263c"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 2287
expires: Thu, 18 Feb 2021 00:59:40 GMT

GET
H2 200 main.faccc9f7f642ac454cbe85b5bb5c61ee.css
v2l.cdnsfree.com/styles/css/xcasino-new/ 211 KB
40 KB 53ms
28ms Stylesheet
text/css 67.27.234.122
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://v2l.cdnsfree.com/styles/css/xcasino-new/main.faccc9f7f642ac454cbe85b5bb5c61ee.css
Requested by: Host: 1xslot4.com
URL: https://1xslot4.com/registration/?tag=d_610075m_8949c_
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.234.122 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx /
Resource Hash: 01e5b8109bf84ca9cce93406a23ad8172df443ef82c54444f6f84775b98b09a9

Request headers

Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:08:33 GMT
content-encoding: gzip
last-modified: Sat, 16 Jan 2021 07:49:57 GMT
server: nginx
age: 969354
etag: W/"60029aa5-34d96"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 40306
expires: Mon, 15 Feb 2021 07:52:40 GMT

GET
H2 200 vendor.99b70252133452f9ba5f.js Show response
v2l.cdnsfree.com/bundle/library/ 388 KB
134 KB 54ms
30ms Script
application/javascript 67.27.234.122
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://v2l.cdnsfree.com/bundle/library/vendor.99b70252133452f9ba5f.js
Requested by: Host: 1xslot4.com
URL: https://1xslot4.com/registration/?tag=d_610075m_8949c_
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.234.122 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx /
Resource Hash: ed8ba357e9a0660af0db2482b20c3936929aae2fe59f89b25bb8537277e3547c

Request headers

Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:08:33 GMT
content-encoding: gzip
last-modified: Wed, 20 Jan 2021 11:58:01 GMT
server: nginx
age: 8281
etag: W/"60081ac9-60f78"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=2592000
expires: Fri, 26 Feb 2021 10:50:32 GMT

GET
H2 200 polyfill.279ce2cd9841fd39cfd5.bundle.js Show response
v2l.cdnsfree.com/bundle/app/Default/Desktop/ 83 KB
32 KB 54ms
30ms Script
application/javascript 67.27.234.122
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://v2l.cdnsfree.com/bundle/app/Default/Desktop/polyfill.279ce2cd9841fd39cfd5.bundle.js
Requested by: Host: 1xslot4.com
URL: https://1xslot4.com/registration/?tag=d_610075m_8949c_
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.234.122 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx /
Resource Hash: 1041d06660805b0b847e7a2cc6fd02db90e26cf29302468c5e35daba9947e7a7

Request headers

Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:08:33 GMT
content-encoding: gzip
last-modified: Wed, 27 Jan 2021 07:49:47 GMT
server: nginx
age: 18937
etag: W/"60111b1b-14a26"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 32116
expires: Fri, 26 Feb 2021 07:52:56 GMT

GET
H2 200 webpack_vue.0a043dbb28064ab98b2e.bundle.js Show response
v2l.cdnsfree.com/bundle/app/Default/Desktop/ 488 KB
152 KB 33ms
9ms Script
application/javascript 67.27.234.122
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://v2l.cdnsfree.com/bundle/app/Default/Desktop/webpack_vue.0a043dbb28064ab98b2e.bundle.js
Requested by: Host: 1xslot4.com
URL: https://1xslot4.com/registration/?tag=d_610075m_8949c_
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.234.122 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx /
Resource Hash: 3a9f563acac8a3576d30a9ffec829ae64d6b2e1d2b0ea1c98ef22d3f0142f17e

Request headers

Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:08:33 GMT
content-encoding: gzip
last-modified: Wed, 27 Jan 2021 07:49:47 GMT
server: nginx
age: 18937
etag: W/"60111b1b-7a107"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 155510
expires: Fri, 26 Feb 2021 07:52:56 GMT

GET
H2 200 73f31bc9257f07912a40afba6e7fdcb8.png
1xslot4.com/genfiles/cms/pg/61/images/ 8 KB
9 KB 46ms
44ms Image
image/png 83.147.204.217
SGHL1-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1xslot4.com/genfiles/cms/pg/61/images/73f31bc9257f07912a40afba6e7fdcb8.png

Requested by

Host: 1xslot4.com
URL: https://1xslot4.com/registration/?tag=d_610075m_8949c_

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

83.147.204.217 , Seychelles, ASN202492 (SGHL1-AS, NL),

Reverse DNS

Software

nginx /

Resource Hash

61d322f6cc90a5818f3873e95b433d974b2399f05dc767fdc49ac3cfd1b95ab6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:08:34 GMT
last-modified: Wed, 30 Dec 2020 09:06:45 GMT
server: nginx
etag: "53908529b4aaff7f893887e922482dfb"
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=86400
x-rgw-object-type: Normal
accept-ranges: bytes
content-length: 8647
expires: Thu, 28 Jan 2021 13:08:34 GMT

GET
H2 200 pushfree_integrate.9a1f2b0e6801b7590698.css
rz.push-free.com/bundle/app/Default/Desktop/ 10 KB
3 KB 31ms
14ms Stylesheet
text/css 83.147.204.77
SGHL1-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://rz.push-free.com/bundle/app/Default/Desktop/pushfree_integrate.9a1f2b0e6801b7590698.css

Requested by

Host: 1xslot4.com
URL: https://1xslot4.com/registration/?tag=d_610075m_8949c_

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

83.147.204.77 , Seychelles, ASN202492 (SGHL1-AS, NL),

Reverse DNS

Software

nginx /

Resource Hash

88971183592efb1d6cc059da99bdf474e7a29b2f92944ee21b576729a72bcc90

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:08:34 GMT
content-encoding: br
last-modified: Wed, 27 Jan 2021 12:57:32 GMT
server: nginx
etag: W/"6011633c-28a6"
vary: Accept-Encoding
content-type: text/css
strict-transport-security: max-age=63072000; includeSubDomains; preload

GET
H2 200 font-awesome.min.css
v2l.cdnsfree.com/vendor/font-awesome/css/ 30 KB
8 KB 8ms
7ms Stylesheet
text/css 67.27.234.122
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://v2l.cdnsfree.com/vendor/font-awesome/css/font-awesome.min.css
Requested by: Host: 1xslot4.com
URL: https://1xslot4.com/registration/?tag=d_610075m_8949c_
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.234.122 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx /
Resource Hash: 799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Request headers

Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:08:33 GMT
content-encoding: gzip
last-modified: Mon, 24 Oct 2016 15:52:54 GMT
server: nginx
age: 3149
etag: W/"580e2e56-7918"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
content-length: 7949
expires: Wed, 27 Jan 2021 13:16:04 GMT

GET
H2 200 registration.f5de882a58674cb56b47.css
v2l.cdnsfree.com/bundle/app/Default/Desktop/ 2 KB
950 B 16ms
13ms Stylesheet
text/css 67.27.234.122
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://v2l.cdnsfree.com/bundle/app/Default/Desktop/registration.f5de882a58674cb56b47.css
Requested by: Host: 1xslot4.com
URL: https://1xslot4.com/registration/?tag=d_610075m_8949c_
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.234.122 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx /
Resource Hash: c9c6cbe4b0f47bdcf742c4c1e941d6af011878c63435025977e46da8010fe0ef

Request headers

Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:08:34 GMT
content-encoding: gzip
last-modified: Tue, 12 Jan 2021 15:38:51 GMT
server: nginx
age: 1234264
etag: W/"5ffdc28b-7ad"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=2592000
expires: Fri, 12 Feb 2021 06:17:30 GMT

GET
H2 200 counter.36ed4b81a8083ec7a18c1a9b74d37e41.js Show response
v2l.cdnsfree.com/default/min_js/ 1 KB
730 B 13ms
11ms Script
application/javascript 67.27.234.122
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://v2l.cdnsfree.com/default/min_js/counter.36ed4b81a8083ec7a18c1a9b74d37e41.js
Requested by: Host: 1xslot4.com
URL: https://1xslot4.com/registration/?tag=d_610075m_8949c_
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.234.122 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx /
Resource Hash: a5e431f5b00cfde399d2aa89d3bf1e4e9e5c2af19f26086b4ba130da9354627b

Request headers

Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:08:34 GMT
content-encoding: gzip
last-modified: Wed, 29 Jan 2020 11:10:32 GMT
server: nginx
age: 433
etag: W/"5e316828-445"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=600
accept-ranges: bytes
content-length: 457
expires: Wed, 27 Jan 2021 13:11:21 GMT

GET
H2 200 pushfree_integrate.f317feedfd43a20860c5.bundle.js Show response
rz.push-free.com/bundle/app/Default/Desktop/ 16 KB
5 KB 9ms
7ms Script
application/javascript 83.147.204.77
SGHL1-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://rz.push-free.com/bundle/app/Default/Desktop/pushfree_integrate.f317feedfd43a20860c5.bundle.js

Requested by

Host: 1xslot4.com
URL: https://1xslot4.com/registration/?tag=d_610075m_8949c_

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

83.147.204.77 , Seychelles, ASN202492 (SGHL1-AS, NL),

Reverse DNS

Software

nginx /

Resource Hash

cbc474104268ba6b55c1ed4fcb94dcafa73bdf63c416421ff1c5725fe7cac82b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:08:34 GMT
content-encoding: br
last-modified: Wed, 27 Jan 2021 12:57:32 GMT
server: nginx
etag: W/"6011633c-4019"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
strict-transport-security: max-age=63072000; includeSubDomains; preload

GET
H2 200 cdnChecker.84013d6bce29ee4778be.bundle.js Show response
1xslot4.com/bundle/app/Default/Desktop/ 3 KB
2 KB 9ms
7ms Script
application/javascript 83.147.204.217
SGHL1-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://1xslot4.com/bundle/app/Default/Desktop/cdnChecker.84013d6bce29ee4778be.bundle.js

Requested by

Host: 1xslot4.com
URL: https://1xslot4.com/registration/?tag=d_610075m_8949c_

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

83.147.204.217 , Seychelles, ASN202492 (SGHL1-AS, NL),

Reverse DNS

Software

nginx /

Resource Hash

de8c66a380d5353a78c305a2ac2e9b8f68312cc1aa25178095c11d9bf3798642

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:08:34 GMT
content-encoding: br
last-modified: Wed, 27 Jan 2021 12:57:32 GMT
server: nginx
etag: W/"6011633c-c93"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=2592000
strict-transport-security: max-age=63072000; includeSubDomains; preload
expires: Fri, 26 Feb 2021 13:08:34 GMT

GET
H2 200 registration_common.7769b4e39a61be9203ab.bundle.js Show response
v2l.cdnsfree.com/bundle/app/Default/Desktop/ 187 KB
66 KB 11ms
9ms Script
application/javascript 67.27.234.122
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://v2l.cdnsfree.com/bundle/app/Default/Desktop/registration_common.7769b4e39a61be9203ab.bundle.js
Requested by: Host: 1xslot4.com
URL: https://1xslot4.com/registration/?tag=d_610075m_8949c_
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.234.122 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx /
Resource Hash: 39f35de4befc850b8eaabb73844edd3e18d1caa5907a865fe8aee5dda4ffd148

Request headers

Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:08:34 GMT
content-encoding: gzip
last-modified: Wed, 27 Jan 2021 12:57:32 GMT
server: nginx
age: 471
etag: W/"6011633c-2ed00"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 67477
expires: Fri, 26 Feb 2021 13:00:43 GMT

GET
H2 200 connection_alert.a8d9a3ee2396f48fe63f.bundle.js Show response
v2l.cdnsfree.com/bundle/app/Default/Desktop/ 176 KB
61 KB 11ms
9ms Script
application/javascript 67.27.234.122
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://v2l.cdnsfree.com/bundle/app/Default/Desktop/connection_alert.a8d9a3ee2396f48fe63f.bundle.js
Requested by: Host: 1xslot4.com
URL: https://1xslot4.com/registration/?tag=d_610075m_8949c_
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.234.122 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx /
Resource Hash: a88ea8107b8b09d19639765cc60db58f55c4c469c18a61893036d00acb3ed78e

Request headers

Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:08:34 GMT
content-encoding: gzip
last-modified: Wed, 27 Jan 2021 07:49:47 GMT
server: nginx
age: 18996
etag: W/"60111b1b-2bea5"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 62582
expires: Fri, 26 Feb 2021 07:51:58 GMT

GET
H2 200 video_token.5659fb87204e38276f7f.bundle.js Show response
v2l.cdnsfree.com/bundle/app/Default/Desktop/ 2 KB
1 KB 11ms
9ms Script
application/javascript 67.27.234.122
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://v2l.cdnsfree.com/bundle/app/Default/Desktop/video_token.5659fb87204e38276f7f.bundle.js
Requested by: Host: 1xslot4.com
URL: https://1xslot4.com/registration/?tag=d_610075m_8949c_
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.234.122 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx /
Resource Hash: ef6d04f682ed0858003991562755a388113c34c5615b39d7fc1d9122a83b8f66

Request headers

Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:08:34 GMT
content-encoding: gzip
last-modified: Wed, 27 Jan 2021 07:49:47 GMT
server: nginx
age: 18996
etag: W/"60111b1b-6f2"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 842
expires: Fri, 26 Feb 2021 07:51:58 GMT

GET
H2 200 registration.b2c9ee3977927359e3aa.bundle.js Show response
v2l.cdnsfree.com/bundle/app/Default/Desktop/ 519 KB
169 KB 16ms
14ms Script
application/javascript 67.27.234.122
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://v2l.cdnsfree.com/bundle/app/Default/Desktop/registration.b2c9ee3977927359e3aa.bundle.js
Requested by: Host: 1xslot4.com
URL: https://1xslot4.com/registration/?tag=d_610075m_8949c_
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.234.122 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx /
Resource Hash: 87dba98133dd16f549f991c31f4278ce72043a118df8baf1038bc4507c9513e7

Request headers

Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:08:34 GMT
content-encoding: gzip
last-modified: Wed, 27 Jan 2021 12:57:32 GMT
server: nginx
age: 461
etag: W/"6011633c-81a8f"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 172925
expires: Fri, 26 Feb 2021 13:01:09 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 98 KB
39 KB 22ms
20ms Script
application/javascript 2a00:1450:4001:801::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-153889425-1

Requested by

Host: v2l.cdnsfree.com
URL: https://v2l.cdnsfree.com/bundle/app/Default/Desktop/webpack_vue.0a043dbb28064ab98b2e.bundle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

45535aa9ff0fa281b5add54ecfc6e5c02a2f2773b44f642e0cb537a011452c14

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:08:34 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39651
x-xss-protection: 0
last-modified: Wed, 27 Jan 2021 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 27 Jan 2021 13:08:34 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 88 KB
33 KB 25ms
23ms Script
application/javascript 2a00:1450:4001:801::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WZP7LXF

Requested by

Host: v2l.cdnsfree.com
URL: https://v2l.cdnsfree.com/bundle/app/Default/Desktop/webpack_vue.0a043dbb28064ab98b2e.bundle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

529d07383350fac2f84e682dc906833b171cd3ad5f7dcc0f1950d69e7e0803fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:08:34 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33684
x-xss-protection: 0
last-modified: Wed, 27 Jan 2021 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 27 Jan 2021 13:08:34 GMT

GET
H2 200 tag.js Show response
mc.yandex.ru/metrika/ 369 KB
94 KB 131ms
43ms Script
application/javascript 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/metrika/tag.js

Requested by

Host: v2l.cdnsfree.com
URL: https://v2l.cdnsfree.com/bundle/app/Default/Desktop/webpack_vue.0a043dbb28064ab98b2e.bundle.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

92a8c052c24889d39ddee3617dad8f31b6f036451afefdad1334b0fcd4694794

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:08:34 GMT
content-encoding: br
last-modified: Tue, 26 Jan 2021 16:24:31 GMT
etag: "5fd23012-17727"
strict-transport-security: max-age=31536000
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
content-length: 96039
expires: Wed, 27 Jan 2021 14:08:34 GMT

GET
H2 200 icons.svg
1xslot4.com/default/img/registration/ 72 KB
26 KB 9ms
8ms Other
image/svg+xml 83.147.204.217
SGHL1-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://1xslot4.com/default/img/registration/icons.svg

Requested by

Host: 1xslot4.com
URL: https://1xslot4.com/registration/?tag=d_610075m_8949c_

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

83.147.204.217 , Seychelles, ASN202492 (SGHL1-AS, NL),

Reverse DNS

Software

nginx /

Resource Hash

061effeddf2209997d0ef8e4025563ae4e6341591b30f81b5ca0cdc62fbafa00

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:08:34 GMT
content-encoding: br
last-modified: Mon, 23 Nov 2020 10:49:32 GMT
server: nginx
etag: W/"5fbb93bc-11e35"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=2592000
strict-transport-security: max-age=63072000; includeSubDomains; preload
expires: Fri, 26 Feb 2021 13:08:34 GMT

GET
H2 200 bg.jpg
v2l.cdnsfree.com/default/img/xcasino-new/ 43 KB
43 KB 24ms
24ms Image
image/jpeg 67.27.234.122
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://v2l.cdnsfree.com/default/img/xcasino-new/bg.jpg
Requested by: Host: v2l.cdnsfree.com
URL: https://v2l.cdnsfree.com/styles/css/xcasino-new/main.faccc9f7f642ac454cbe85b5bb5c61ee.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.234.122 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx /
Resource Hash: bdd6550420d780532ad9333fb6bb2ba9f0d0e407aeac0ae568ba1d1d3d9b6400

Request headers

Referer: https://v2l.cdnsfree.com/styles/css/xcasino-new/main.faccc9f7f642ac454cbe85b5bb5c61ee.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:08:34 GMT
last-modified: Tue, 31 Mar 2020 08:19:23 GMT
server: nginx
age: 3344
etag: "5e82fd0b-acd3"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
content-length: 44243
expires: Wed, 27 Jan 2021 13:12:50 GMT

GET
H2 200 9794b8dae7db4088b8066db0713c5669.jpg
1xslot4.com/genfiles/cms/pg/61/images/ 233 KB
234 KB 82ms
82ms Image
image/jpg 83.147.204.217
SGHL1-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1xslot4.com/genfiles/cms/pg/61/images/9794b8dae7db4088b8066db0713c5669.jpg

Requested by

Host: 1xslot4.com
URL: https://1xslot4.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

83.147.204.217 , Seychelles, ASN202492 (SGHL1-AS, NL),

Reverse DNS

Software

nginx /

Resource Hash

702e87501d331b73cb056f28a2f3b0fa3887c7cebeeb1de899c027402846bc23

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://1xslot4.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:08:34 GMT
last-modified: Mon, 09 Sep 2019 11:52:50 GMT
server: nginx
etag: "227d38fb3e476c69957919a83f372e97"
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: image/jpg
cache-control: max-age=86400
x-rgw-object-type: Normal
accept-ranges: bytes
content-length: 238866
expires: Thu, 28 Jan 2021 13:08:34 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:Roboto:300,300i,400,400i,500,500i,700,700i&subset=cyrillic-ext,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://1xslot4.com
Referer: https://fonts.googleapis.com/css?family=Roboto:Roboto:300,300i,400,400i,500,500i,700,700i&subset=cyrillic-ext,latin-ext
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 05:54:34 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:50 GMT
server: sffe
age: 112440
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11016
x-xss-protection: 0
expires: Wed, 26 Jan 2022 05:54:34 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:Roboto:300,300i,400,400i,500,500i,700,700i&subset=cyrillic-ext,latin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://1xslot4.com
Referer: https://fonts.googleapis.com/css?family=Roboto:Roboto:300,300i,400,400i,500,500i,700,700i&subset=cyrillic-ext,latin-ext
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 26 Jan 2021 05:54:34 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:48 GMT
server: sffe
age: 112440
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11056
x-xss-protection: 0
expires: Wed, 26 Jan 2022 05:54:34 GMT

GET
H2 200 cdn_checker.png
v2l.cdnsfree.com/default/img/ 95 B
312 B 8ms
7ms Image
image/png 67.27.234.122
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://v2l.cdnsfree.com/default/img/cdn_checker.png
Requested by: Host: 1xslot4.com
URL: https://1xslot4.com/registration/?tag=d_610075m_8949c_
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.234.122 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx /
Resource Hash: cafbd551d674da240212f6c44988757a728b9dc8cbc2a6c8dcf53c0d9159c323

Request headers

Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:08:34 GMT
last-modified: Thu, 16 Jul 2020 14:39:09 GMT
server: nginx
age: 2161
etag: "5f10668d-5f"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
content-length: 95
expires: Wed, 27 Jan 2021 13:32:33 GMT

GET
H2 200 reg.fields.slot.115d9589e28b4d089753.chunk.js Show response
v2l.cdnsfree.com/bundle/app/Default/Desktop/ 2 KB
1 KB 9ms
9ms Script
application/javascript 67.27.234.122
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://v2l.cdnsfree.com/bundle/app/Default/Desktop/reg.fields.slot.115d9589e28b4d089753.chunk.js
Requested by: Host: v2l.cdnsfree.com
URL: https://v2l.cdnsfree.com/bundle/app/Default/Desktop/registration.b2c9ee3977927359e3aa.bundle.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.234.122 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx /
Resource Hash: a4810d85beafefc206354864aea5b880ea98214be139cbc4297002bc552443bc

Request headers

Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:08:34 GMT
content-encoding: gzip
last-modified: Wed, 27 Jan 2021 07:49:47 GMT
server: nginx
age: 18311
etag: W/"60111b1b-7a8"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 894
expires: Fri, 26 Feb 2021 08:03:23 GMT

GET
H2 200 pixels2.svg
1xslot4.com/default/img/icons/ 90 B
474 B 85ms
84ms Image
image/png 83.147.204.217
SGHL1-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1xslot4.com/default/img/icons/pixels2.svg?v=1611752914

Requested by

Host: 1xslot4.com
URL: https://1xslot4.com/registration/?tag=d_610075m_8949c_

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

83.147.204.217 , Seychelles, ASN202492 (SGHL1-AS, NL),

Reverse DNS

Software

nginx /

Resource Hash

a439dd8761d9fd4ff88e82e83200877703594491065880dbd4e59ddf4ce1b204

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Jan 2021 13:08:34 GMT
server: nginx
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: image/png
cache-control: max-age=86400
content-length: 90
expires: Thu, 28 Jan 2021 13:08:34 GMT

GET
H2 200 injector.js Show response
suphelper.com/widget/ 161 KB
44 KB 101ms
73ms Script
application/javascript 2606:4700::6810:2b48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://suphelper.com/widget/injector.js

Requested by

Host: 1xslot4.com
URL: https://1xslot4.com/registration/?tag=d_610075m_8949c_

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:2b48 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a61c32914258a616752b65b34e008fd6f300e23c3dfe4746cae6c145191ff98d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-eval' 'strict-dynamic' 'nonce-21f87a08-fd90-4256-b542-283f18db3089'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' https: data:; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' ws://localhost:8085 https://www.google-analytics.com https://stats.g.doubleclick.net https://mc.yandex.ru https://api.github.com http://192.168.208.23:11999 https://suphelper.com wss://suphelper.com .suphelper.com https://cons.insystem.su wss://cons.insystem.su .cons.insystem.su wss://chat.insystem.su https://chat.insystem.su *.chat.insystem.su; frame-src 'self' https://www.google.com https://www.google.com/recaptcha/; report-uri /widget/api/report-csp/
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'strict-dynamic' 'nonce-21f87a08-fd90-4256-b542-283f18db3089'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' https: data:; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' ws://localhost:8085 https://www.google-analytics.com https://stats.g.doubleclick.net https://mc.yandex.ru https://api.github.com http://192.168.208.23:11999 https://suphelper.com wss://suphelper.com *.suphelper.com https://cons.insystem.su wss://cons.insystem.su *.cons.insystem.su wss://chat.insystem.su https://chat.insystem.su *.chat.insystem.su; frame-src 'self' https://www.google.com https://www.google.com/recaptcha/; report-uri /widget/api/report-csp/
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 210
x-dns-prefetch-control: off
date: Wed, 27 Jan 2021 13:08:34 GMT
strict-transport-security: max-age=15552000; includeSubDomains
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Wed, 13 Jan 2021 13:22:16 GMT
server: cloudflare
etag: W/"2842f-176fbe93f40"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-download-options: noopen
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=300
cf-request-id: 07e58ed5710000635910bb1000000001
cf-ray: 6182b4024f9d6359-FRA

POST
H2 200 counter Show response
1xslot4.com/metric/ 16 B
430 B 50ms
49ms XHR
application/json 83.147.204.217
SGHL1-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://1xslot4.com/metric/counter

Requested by

Host: v2l.cdnsfree.com
URL: https://v2l.cdnsfree.com/bundle/library/vendor.99b70252133452f9ba5f.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

83.147.204.217 , Seychelles, ASN202492 (SGHL1-AS, NL),

Reverse DNS

Software

nginx /

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept: application/json, text/plain, */*
Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 27 Jan 2021 13:08:34 GMT
server: nginx
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/json; charset=utf-8
cache-control: no-store, no-cache, must-revalidate
content-length: 16
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 icon-warning.svg
v2l.cdnsfree.com/default/img/ 495 B
717 B 8ms
7ms Image
image/svg+xml 67.27.234.122
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://v2l.cdnsfree.com/default/img/icon-warning.svg
Requested by: Host: v2l.cdnsfree.com
URL: https://v2l.cdnsfree.com/styles/css/c-bottom-msg/main.3d1dcd58d9a970c4e1760a1fa08187ee.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.234.122 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx /
Resource Hash: a944dc4819940524ddc6bbae71b612cc4a93774802d435e863ac6b4353309c67

Request headers

Referer: https://v2l.cdnsfree.com/styles/css/c-bottom-msg/main.3d1dcd58d9a970c4e1760a1fa08187ee.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:08:34 GMT
last-modified: Tue, 31 Mar 2020 08:19:19 GMT
server: nginx
age: 583
etag: "5e82fd07-1ef"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
content-length: 495
expires: Wed, 27 Jan 2021 13:58:51 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 46 KB
18 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-153889425-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 23 Oct 2020 03:00:57 GMT
server: Golfe2
age: 2535
date: Wed, 27 Jan 2021 12:26:19 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18817
expires: Wed, 27 Jan 2021 14:26:19 GMT

GET
H2 200 56.32bc779e29df368ed0c2.chunk.js Show response
v2l.cdnsfree.com/bundle/app/Default/Desktop/ 134 KB
46 KB 12ms
12ms Script
application/javascript 67.27.234.122
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://v2l.cdnsfree.com/bundle/app/Default/Desktop/56.32bc779e29df368ed0c2.chunk.js
Requested by: Host: v2l.cdnsfree.com
URL: https://v2l.cdnsfree.com/bundle/app/Default/Desktop/registration.b2c9ee3977927359e3aa.bundle.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.234.122 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx /
Resource Hash: 9d37c6f279bd5cfc8173de666ee6e6078dfaca7a2901461aa16dc4b00c4670f9

Request headers

Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:08:34 GMT
content-encoding: gzip
last-modified: Fri, 22 Jan 2021 07:23:55 GMT
server: nginx
age: 452413
etag: W/"600a7d8b-2186c"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 46727
expires: Sun, 21 Feb 2021 07:31:22 GMT

GET
H2 200 81.8e8f890995b4816521eb.chunk.js Show response
v2l.cdnsfree.com/bundle/app/Default/Desktop/ 9 KB
3 KB 8ms
8ms Script
application/javascript 67.27.234.122
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://v2l.cdnsfree.com/bundle/app/Default/Desktop/81.8e8f890995b4816521eb.chunk.js
Requested by: Host: v2l.cdnsfree.com
URL: https://v2l.cdnsfree.com/bundle/app/Default/Desktop/registration.b2c9ee3977927359e3aa.bundle.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.234.122 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Footprint Distributor V6.1.1162 /
Resource Hash: 6a9a6ea1cbc1986054ed63a1b1230aa8432d7ab8db710027ecf45098418f71b6

Request headers

Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:08:34 GMT
content-encoding: gzip
last-modified: Wed, 27 Jan 2021 07:42:02 GMT
server: Footprint Distributor V6.1.1162
age: 19427
etag: W/"6011194a-24d8"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 3147
expires: Fri, 26 Feb 2021 07:48:59 GMT

GET
H2 200 reg.phone_input.085aa0379fab1f763b7b.chunk.js Show response
v2l.cdnsfree.com/bundle/app/Default/Desktop/ 1 KB
969 B 84ms
84ms Script
application/javascript 67.27.234.122
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://v2l.cdnsfree.com/bundle/app/Default/Desktop/reg.phone_input.085aa0379fab1f763b7b.chunk.js
Requested by: Host: v2l.cdnsfree.com
URL: https://v2l.cdnsfree.com/bundle/app/Default/Desktop/registration.b2c9ee3977927359e3aa.bundle.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.234.122 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Footprint Distributor V6.1.1162 /
Resource Hash: b875cb01692443997ca35afab3477168be69b392139c6eb7543e00784f52e82c

Request headers

Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:08:34 GMT
content-encoding: gzip
last-modified: Wed, 27 Jan 2021 07:49:47 GMT
server: Footprint Distributor V6.1.1162
age: 18925
etag: W/"60111b1b-4e7"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=60
accept-ranges: bytes
content-length: 677
expires: Wed, 27 Jan 2021 13:09:34 GMT

GET
H2 200 vendors~reg.slot_fields.041fcfedc0d2ca964c70.chunk.js Show response
v2l.cdnsfree.com/bundle/app/Default/Desktop/ 55 KB
17 KB 12ms
12ms Script
application/javascript 67.27.234.122
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://v2l.cdnsfree.com/bundle/app/Default/Desktop/vendors~reg.slot_fields.041fcfedc0d2ca964c70.chunk.js
Requested by: Host: v2l.cdnsfree.com
URL: https://v2l.cdnsfree.com/bundle/app/Default/Desktop/registration.b2c9ee3977927359e3aa.bundle.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.234.122 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx /
Resource Hash: 3fe46665e617abc2180a07fb4e644341545e1565d470afea40c961d9deed6b62

Request headers

Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:08:34 GMT
content-encoding: gzip
last-modified: Mon, 25 Jan 2021 12:52:01 GMT
server: nginx
age: 173565
etag: W/"600ebef1-da64"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=2592000
expires: Wed, 24 Feb 2021 12:55:49 GMT

GET
H2 200 reg.slot_fields.8869cf9935d2c087c594.chunk.js Show response
v2l.cdnsfree.com/bundle/app/Default/Desktop/ 8 KB
3 KB 10ms
10ms Script
application/javascript 67.27.234.122
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://v2l.cdnsfree.com/bundle/app/Default/Desktop/reg.slot_fields.8869cf9935d2c087c594.chunk.js
Requested by: Host: v2l.cdnsfree.com
URL: https://v2l.cdnsfree.com/bundle/app/Default/Desktop/registration.b2c9ee3977927359e3aa.bundle.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.234.122 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx /
Resource Hash: 9c9a7ca331f982bb24f8e13506c2af830f2c8a345d26a200ca121dac6ac79819

Request headers

Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:08:34 GMT
content-encoding: gzip
last-modified: Wed, 27 Jan 2021 07:49:47 GMT
server: nginx
age: 18915
etag: W/"60111b1b-2118"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 2964
expires: Fri, 26 Feb 2021 07:53:19 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 852 B
971 B 35ms
14ms Script
text/javascript 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=explicit&hl=en

Requested by

Host: v2l.cdnsfree.com
URL: https://v2l.cdnsfree.com/bundle/app/Default/Desktop/registration.b2c9ee3977927359e3aa.bundle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

88e3ff533e77938f8881b676a6166f4475eb0c107a992aecde9ab8e957e67388

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:08:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 554
x-xss-protection: 1; mode=block
expires: Wed, 27 Jan 2021 13:08:34 GMT

GET
H2 200 fontawesome-webfont.woff2
v2l.cdnsfree.com/vendor/font-awesome/fonts/ 75 KB
76 KB 35ms
13ms Font
font/woff2 67.27.234.122
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://v2l.cdnsfree.com/vendor/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by: Host: v2l.cdnsfree.com
URL: https://v2l.cdnsfree.com/vendor/font-awesome/css/font-awesome.min.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.234.122 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Origin: https://1xslot4.com
Referer: https://v2l.cdnsfree.com/vendor/font-awesome/css/font-awesome.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:08:34 GMT
last-modified: Mon, 24 Oct 2016 15:52:54 GMT
server: nginx
age: 3514
etag: "580e2e56-12d68"
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
content-length: 77160
expires: Wed, 27 Jan 2021 13:10:00 GMT

GET
H2

200

1 Show response
mc.yandex.ru/watch/44741782/
Redirect Chain

https://mc.yandex.ru/watch/44741782?wmode=7&page-url=https%3A%2F%2F1xslot4.com%2Fregistration%2F%3Ftag%3Dd_610075m_8949c_&charset=utf-8&browser-info=ti%3A10%3Ans%3A1611752913521%3As%3A1600x1200x24%...
https://mc.yandex.ru/watch/44741782/1?wmode=7&page-url=https%3A%2F%2F1xslot4.com%2Fregistration%2F%3Ftag%3Dd_610075m_8949c_&charset=utf-8&browser-info=ti%3A10%3Ans%3A1611752913521%3As%3A1600x1200x2...

221 B
302 B

49ms
49ms

XHR
application/json

2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/watch/44741782/1?wmode=7&page-url=https%3A%2F%2F1xslot4.com%2Fregistration%2F%3Ftag%3Dd_610075m_8949c_&charset=utf-8&browser-info=ti%3A10%3Ans%3A1611752913521%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1600x1200%3Az%3A60%3Ai%3A20210127140834%3Aet%3A1611752914%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Als%3A955656861328%3Arqn%3A1%3Arn%3A204222483%3Ahid%3A568985030%3Ads%3A0%2C0%2C162%2C7%2C206%2C0%2C0%2C363%2C6%2C%2C%2C%2C740%3Afp%3A615%3Awn%3A39412%3Ahl%3A50%3Agdpr%3A14%3Av%3A1988%3Awv%3A2%3Arqnl%3A1%3Ast%3A1611752914%3Au%3A16117529141064570980%3At%3ARegistration

Requested by

Host: 1xslot4.com
URL: https://1xslot4.com/registration/?tag=d_610075m_8949c_

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

09f072ff05bb42a1114562cbdcfde11865ea2c7db9540661b33b6ff71dfa4b47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Jan 2021 13:08:34 GMT
x-content-type-options: nosniff
last-modified: Wed, 27-Jan-2021 13:08:34 GMT
strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
access-control-allow-origin: https://1xslot4.com
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 221
x-xss-protection: 1; mode=block
expires: Wed, 27-Jan-2021 13:08:34 GMT

Redirect headers

pragma: no-cache
date: Wed, 27 Jan 2021 13:08:34 GMT
last-modified: Wed, 27-Jan-2021 13:08:34 GMT
location: /watch/44741782/1?wmode=7&page-url=https%3A%2F%2F1xslot4.com%2Fregistration%2F%3Ftag%3Dd_610075m_8949c_&charset=utf-8&browser-info=ti%3A10%3Ans%3A1611752913521%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1600x1200%3Az%3A60%3Ai%3A20210127140834%3Aet%3A1611752914%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Als%3A955656861328%3Arqn%3A1%3Arn%3A204222483%3Ahid%3A568985030%3Ads%3A0%2C0%2C162%2C7%2C206%2C0%2C0%2C363%2C6%2C%2C%2C%2C740%3Afp%3A615%3Awn%3A39412%3Ahl%3A50%3Agdpr%3A14%3Av%3A1988%3Awv%3A2%3Arqnl%3A1%3Ast%3A1611752914%3Au%3A16117529141064570980%3At%3ARegistration
strict-transport-security: max-age=31536000
access-control-allow-origin: https://1xslot4.com
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0
x-xss-protection: 1; mode=block
expires: Wed, 27-Jan-2021 13:08:34 GMT

GET
H3-Q050 200 js Show response
www.google-analytics.com/gtm/ 84 KB
33 KB 34ms
34ms Script
application/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=GTM-5R4MT54&t=gtag_UA_153889425_1&cid=937113548.1611752914

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e89ce16f9f4cb070ad8b4c94849d914ac1705ca7ecbbbed8715665a1819e5a4f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:08:34 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33907
x-xss-protection: 0
last-modified: Wed, 27 Jan 2021 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 27 Jan 2021 13:08:34 GMT

GET
H2 200 advert.gif
mc.yandex.ru/metrika/ 43 B
111 B 43ms
43ms Image
image/gif 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.ru/metrika/advert.gif

Requested by

Host: 1xslot4.com
URL: https://1xslot4.com/registration/?tag=d_610075m_8949c_

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:08:34 GMT
last-modified: Tue, 26 Jan 2021 16:24:31 GMT
etag: "600fcc0a-2b"
strict-transport-security: max-age=31536000
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
content-length: 43
expires: Wed, 27 Jan 2021 14:08:34 GMT

GET
H2 200 /
suphelper.com/widget/ Frame E22D 0
0 45ms
45ms Document
text/html 2606:4700::6810:2b48
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://suphelper.com/widget/?build=1610544109814&lang=en&langInited=true&opener=full

Requested by

Host: suphelper.com
URL: https://suphelper.com/widget/injector.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:2b48 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-eval' 'strict-dynamic' 'nonce-b10dd485-ff0c-4aad-a229-996926c02150'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' https: data:; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' ws://localhost:8085 https://www.google-analytics.com https://stats.g.doubleclick.net https://mc.yandex.ru https://api.github.com http://192.168.208.23:11999 https://suphelper.com wss://suphelper.com .suphelper.com https://cons.insystem.su wss://cons.insystem.su .cons.insystem.su wss://chat.insystem.su https://chat.insystem.su *.chat.insystem.su; frame-src 'self' https://www.google.com https://www.google.com/recaptcha/; report-uri /widget/api/report-csp/
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: suphelper.com
:scheme: https
:path: /widget/?build=1610544109814&lang=en&langInited=true&opener=full
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_

Response headers

date: Wed, 27 Jan 2021 13:08:34 GMT
content-type: text/html; charset=utf-8
set-cookie: __cfduid=dcd5ac818cb2cc88b0367ca944be886841611752914; expires=Fri, 26-Feb-21 13:08:34 GMT; path=/; domain=.suphelper.com; HttpOnly; SameSite=Lax; Secure
x-dns-prefetch-control: off
strict-transport-security: max-age=15552000; includeSubDomains
x-download-options: noopen
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'strict-dynamic' 'nonce-b10dd485-ff0c-4aad-a229-996926c02150'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' https: data:; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' ws://localhost:8085 https://www.google-analytics.com https://stats.g.doubleclick.net https://mc.yandex.ru https://api.github.com http://192.168.208.23:11999 https://suphelper.com wss://suphelper.com *.suphelper.com https://cons.insystem.su wss://cons.insystem.su *.cons.insystem.su wss://chat.insystem.su https://chat.insystem.su *.chat.insystem.su; frame-src 'self' https://www.google.com https://www.google.com/recaptcha/; report-uri /widget/api/report-csp/
cache-control: public, max-age=2592000
etag: W/"33b5-ZYhFwo1geGd9XlLsQoZPwSP+/Gg"
vary: Accept-Encoding
cf-cache-status: HIT
age: 1208492
cf-request-id: 07e58ed67000006359063df000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6182b403d8a76359-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/-nejAZ5my6jV0Fbx9re8ChMK/ 331 KB
130 KB 26ms
6ms Script
text/javascript 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/-nejAZ5my6jV0Fbx9re8ChMK/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=explicit&hl=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ded038181a2e72755fc4c0d57ec9e45725629888a038328e238ab07cdb8e8e11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://1xslot4.com
Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 12:41:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1637
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 132160
x-xss-protection: 0
last-modified: Mon, 25 Jan 2021 05:07:21 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 27 Jan 2022 12:41:17 GMT

GET
H2 200 getphonecountries Show response
1xslot4.com/user/ 12 KB
3 KB 97ms
96ms XHR
application/json 83.147.204.217
SGHL1-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://1xslot4.com/user/getphonecountries

Requested by

Host: v2l.cdnsfree.com
URL: https://v2l.cdnsfree.com/bundle/library/vendor.99b70252133452f9ba5f.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

83.147.204.217 , Seychelles, ASN202492 (SGHL1-AS, NL),

Reverse DNS

Software

nginx /

Resource Hash

7c676df1d8b54b1e1937d40af8550d103bfb5e4965beb5ccf8bf1e73b340b242

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept: application/json, text/plain, */*
Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Jan 2021 13:08:34 GMT
content-encoding: br
server: nginx
vary: Accept-Encoding
content-type: application/json; charset=utf-8
cache-control: no-store, no-cache, must-revalidate
strict-transport-security: max-age=63072000; includeSubDomains; preload
expires: Thu, 19 Nov 1981 08:52:00 GMT

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
42 B 15ms
15ms XHR
text/plain 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j87&a=1532970420&t=pageview&_s=1&dl=https%3A%2F%2F1xslot4.com%2Fregistration%2F%3Ftag%3Dd_610075m_8949c_&ul=en-us&de=UTF-8&dt=Registration&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=KGBAAUADQAAAAC~&jid=1022113295&gjid=1707209794&cid=937113548.1611752914&tid=UA-153889425-1&_gid=916498320.1611752914&_r=1&gtm=2ou1d0&z=1227558723

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 27 Jan 2021 13:08:34 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://1xslot4.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
25 B 14ms
14ms XHR
text/plain 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j87&a=1532970420&t=pageview&_s=1&dl=https%3A%2F%2F1xslot4.com%2Fregistration%2F%3Ftag%3Dd_610075m_8949c_&ul=en-us&de=UTF-8&dt=Registration&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDAAUADQAAAAC~&jid=1882998350&gjid=180264575&cid=937113548.1611752914&tid=UA-153889425-1&_gid=916498320.1611752914&_r=1&gtm=2wg1d0WZP7LXF&z=1694046519

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 27 Jan 2021 13:08:34 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://1xslot4.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
82 B 15ms
14ms XHR
text/plain 2a00:1450:400c:c00::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j87&tid=UA-153889425-1&cid=937113548.1611752914&jid=1022113295&gjid=1707209794&_gid=916498320.1611752914&_u=KGBAAUACQAAAAC~&z=308842390

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 27 Jan 2021 13:08:34 GMT
content-type: text/plain
access-control-allow-origin: https://1xslot4.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
67 B 14ms
14ms XHR
text/plain 2a00:1450:400c:c00::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j87&tid=UA-153889425-1&cid=937113548.1611752914&jid=1882998350&gjid=180264575&_gid=916498320.1611752914&_u=aGDAAUADQAAAAC~&z=219114223

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 27 Jan 2021 13:08:34 GMT
content-type: text/plain
access-control-allow-origin: https://1xslot4.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 anchor
www.google.com/recaptcha/api2/ Frame B9E8 0
0 46ms
31ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcHxwcUAAAAAIUazEuUGlfmc7IyjkUDFXwtd70t&co=aHR0cHM6Ly8xeHNsb3Q0LmNvbTo0NDM.&hl=en&v=-nejAZ5my6jV0Fbx9re8ChMK&theme=light&size=invisible&badge=inline&cb=zy7mz8q47ug

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/-nejAZ5my6jV0Fbx9re8ChMK/recaptcha__en.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-d2irAGtEmYRagnXJxgHKjg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/anchor?ar=1&k=6LcHxwcUAAAAAIUazEuUGlfmc7IyjkUDFXwtd70t&co=aHR0cHM6Ly8xeHNsb3Q0LmNvbTo0NDM.&hl=en&v=-nejAZ5my6jV0Fbx9re8ChMK&theme=light&size=invisible&badge=inline&cb=zy7mz8q47ug
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 27 Jan 2021 13:08:34 GMT
content-security-policy: script-src 'report-sample' 'nonce-d2irAGtEmYRagnXJxgHKjg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 11108
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 anchor
www.google.com/recaptcha/api2/ Frame 3DC3 0
0 46ms
34ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/-nejAZ5my6jV0Fbx9re8ChMK/recaptcha__en.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-b6Wycs9DWbLzWSUpMgoasg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/anchor?ar=1&k=6LcHxwcUAAAAAIUazEuUGlfmc7IyjkUDFXwtd70t&co=aHR0cHM6Ly8xeHNsb3Q0LmNvbTo0NDM.&hl=en&v=-nejAZ5my6jV0Fbx9re8ChMK&theme=light&size=invisible&badge=bottomright&cb=vvksv4ilq0ey
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 27 Jan 2021 13:08:34 GMT
content-security-policy: script-src 'report-sample' 'nonce-b6Wycs9DWbLzWSUpMgoasg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 11156
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 flags-sprite.png
v2l.cdnsfree.com/default/img/ 57 KB
58 KB 16ms
9ms Image
image/png 67.27.234.122
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://v2l.cdnsfree.com/default/img/flags-sprite.png
Requested by: Host: v2l.cdnsfree.com
URL: https://v2l.cdnsfree.com/styles/css/registration/partners/xcasino/main.a1d3cbcfefe13bddc0198223750814f6.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.27.234.122 , United States, ASN3356 (LEVEL3, US),
Reverse DNS
Software: nginx /
Resource Hash: bb015856985d54572de780dae275b2d2803a892409f7c9ccb80eb03facd42b1b

Request headers

Referer: https://v2l.cdnsfree.com/styles/css/registration/partners/xcasino/main.a1d3cbcfefe13bddc0198223750814f6.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 27 Jan 2021 13:08:34 GMT
last-modified: Thu, 01 Oct 2020 11:19:12 GMT
server: nginx
age: 2229
etag: "5f75bb30-e4eb"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
content-length: 58603
expires: Wed, 27 Jan 2021 13:31:25 GMT

GET
H3-Q050 200 bframe
www.google.com/recaptcha/api2/ Frame 8162 0
0 76ms
75ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=en&v=-nejAZ5my6jV0Fbx9re8ChMK&k=6LcHxwcUAAAAAIUazEuUGlfmc7IyjkUDFXwtd70t&cb=nzy3gr4sj61k

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/-nejAZ5my6jV0Fbx9re8ChMK/recaptcha__en.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-14OYa0p/8I5nVteTGtA0AA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/bframe?hl=en&v=-nejAZ5my6jV0Fbx9re8ChMK&k=6LcHxwcUAAAAAIUazEuUGlfmc7IyjkUDFXwtd70t&cb=nzy3gr4sj61k
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 27 Jan 2021 13:08:35 GMT
content-security-policy: script-src 'report-sample' 'nonce-14OYa0p/8I5nVteTGtA0AA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 1119
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 bframe
www.google.com/recaptcha/api2/ Frame 0ECB 0
0 75ms
74ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=en&v=-nejAZ5my6jV0Fbx9re8ChMK&k=6LcHxwcUAAAAAIUazEuUGlfmc7IyjkUDFXwtd70t&cb=pz8yb6m20vfg

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/-nejAZ5my6jV0Fbx9re8ChMK/recaptcha__en.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ItEa8GNN/hbwfGe27Jvi8Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/bframe?hl=en&v=-nejAZ5my6jV0Fbx9re8ChMK&k=6LcHxwcUAAAAAIUazEuUGlfmc7IyjkUDFXwtd70t&cb=pz8yb6m20vfg
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 27 Jan 2021 13:08:35 GMT
content-security-policy: script-src 'report-sample' 'nonce-ItEa8GNN/hbwfGe27Jvi8Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 1121
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 counter Show response
1xslot4.com/metric/ 16 B
430 B 57ms
57ms XHR
application/json 83.147.204.217
SGHL1-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://1xslot4.com/metric/counter

Requested by

Host: v2l.cdnsfree.com
URL: https://v2l.cdnsfree.com/bundle/library/vendor.99b70252133452f9ba5f.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

83.147.204.217 , Seychelles, ASN202492 (SGHL1-AS, NL),

Reverse DNS

Software

nginx /

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept: application/json, text/plain, */*
Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

pragma: no-cache
date: Wed, 27 Jan 2021 13:08:36 GMT
server: nginx
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/json; charset=utf-8
cache-control: no-store, no-cache, must-revalidate
content-length: 16
expires: Thu, 19 Nov 1981 08:52:00 GMT

POST
H2 200 44741782 Show response
mc.yandex.ru/webvisor/ 43 B
73 B 341ms
46ms XHR
image/gif 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/webvisor/44741782?wmode=0&rn=26160810&page-url=https%3A%2F%2F1xslot4.com%2Fregistration%2F%3Ftag%3Dd_610075m_8949c_&wv-type=3&wv-hit=568985030&wv-part=1&browser-info=ti%3A8%3Aet%3A1611752915%3Aw%3A1600x1200%3Av%3A1988%3Az%3A60%3Ai%3A20210127140834%3Abt%3A1%3Ast%3A1611752917%3Au%3A16117529141064570980

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 27 Jan 2021 13:08:37 GMT
last-modified: Wed, 27-Jan-2021 13:08:37 GMT
strict-transport-security: max-age=31536000
content-type: image/gif
access-control-allow-origin: https://1xslot4.com
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Wed, 27-Jan-2021 13:08:37 GMT

POST
H2 200 44741782 Show response
mc.yandex.ru/webvisor/ 43 B
145 B 78ms
45ms XHR
image/gif 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/webvisor/44741782?wmode=0&rn=266964148&page-url=https%3A%2F%2F1xslot4.com%2Fregistration%2F%3Ftag%3Dd_610075m_8949c_&wv-type=5&wv-hit=568985030&wv-part=1&browser-info=ti%3A8%3Aet%3A1611752915%3Aw%3A1600x1200%3Av%3A1988%3Az%3A60%3Ai%3A20210127140834%3Ast%3A1611752917%3Au%3A16117529141064570980

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 27 Jan 2021 13:08:37 GMT
last-modified: Wed, 27-Jan-2021 13:08:37 GMT
strict-transport-security: max-age=31536000
content-type: image/gif
access-control-allow-origin: https://1xslot4.com
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Wed, 27-Jan-2021 13:08:37 GMT

GET
H2

200

1
mc.yandex.ru/watch/44741782/
Redirect Chain

https://mc.yandex.ru/watch/44741782?page-url=https%3A%2F%2F1xslot4.com%2Fregistration%2F%3Ftag%3Dd_610075m_8949c_&charset=utf-8&force-urlencoded=1&browser-info=ti%3A1%3Adp%3A1%3Ans%3A1611752913521%...
https://mc.yandex.ru/watch/44741782/1?page-url=https%3A%2F%2F1xslot4.com%2Fregistration%2F%3Ftag%3Dd_610075m_8949c_&charset=utf-8&force-urlencoded=1&browser-info=ti%3A1%3Adp%3A1%3Ans%3A161175291352...

43 B
71 B

50ms
50ms

Other
image/gif

2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/watch/44741782/1?page-url=https%3A%2F%2F1xslot4.com%2Fregistration%2F%3Ftag%3Dd_610075m_8949c_&charset=utf-8&force-urlencoded=1&browser-info=ti%3A1%3Adp%3A1%3Ans%3A1611752913521%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Aadb%3A2%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1600x1200%3Az%3A60%3Ai%3A20210127140849%3Aet%3A1611752929%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Aar%3A1%3Anb%3A1%3Acl%3A128%3Als%3A955656861328%3Arqn%3A2%3Arn%3A133185615%3Ahid%3A568985030%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C2714%2C2714%2C2%2C%3Agdpr%3A14%3Aeu%3A1%3Av%3A1988%3Awv%3A2%3Arqnl%3A1%3Ast%3A1611752929%3Au%3A16117529141064570980

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://1xslot4.com/registration/?tag=d_610075m_8949c_
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 27 Jan 2021 13:08:49 GMT
last-modified: Wed, 27-Jan-2021 13:08:49 GMT
strict-transport-security: max-age=31536000
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-length: 43
x-xss-protection: 1; mode=block
expires: Wed, 27-Jan-2021 13:08:49 GMT

Redirect headers

pragma: no-cache
date: Wed, 27 Jan 2021 13:08:49 GMT
last-modified: Wed, 27-Jan-2021 13:08:49 GMT
location: /watch/44741782/1?page-url=https%3A%2F%2F1xslot4.com%2Fregistration%2F%3Ftag%3Dd_610075m_8949c_&charset=utf-8&force-urlencoded=1&browser-info=ti%3A1%3Adp%3A1%3Ans%3A1611752913521%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Aadb%3A2%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1600x1200%3Az%3A60%3Ai%3A20210127140849%3Aet%3A1611752929%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Aar%3A1%3Anb%3A1%3Acl%3A128%3Als%3A955656861328%3Arqn%3A2%3Arn%3A133185615%3Ahid%3A568985030%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C2714%2C2714%2C2%2C%3Agdpr%3A14%3Aeu%3A1%3Av%3A1988%3Awv%3A2%3Arqnl%3A1%3Ast%3A1611752929%3Au%3A16117529141064570980
strict-transport-security: max-age=31536000
access-control-allow-origin: https://1xslot4.com
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0
x-xss-protection: 1; mode=block
expires: Wed, 27-Jan-2021 13:08:49 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: get.bestdeal2060.info
URL: https://get.bestdeal2060.info/proc.php?2bc76c172255ce94f85030cb41627939dc9cc22f

Verdicts & Comments Add Verdict or Comment

125 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

18 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
1xslot4.com/	1970-01-23 07:21:25	Name: sh.session_be98639c Value: 2c43926a-e99a-466b-bbe3-d6756842cb00
.1xslot4.com/	1970-01-19 15:43:44	Name: _ym_isad Value: 2
.1xslot4.com/	1970-01-19 15:43:59	Name: _gid Value: GA1.2.916498320.1611752914
.1xslot4.com/	1970-01-20 09:13:44	Name: _ga Value: GA1.2.937113548.1611752914
.1xslot4.com/	1970-01-20 00:28:08	Name: _ym_d Value: 1611752914
1xslot4.com/	1970-01-19 17:08:56	Name: referral_values Value: %7B%22type%22%3A%22reflinkid%22%2C%22val%22%3A%22d_610075m_8949c_%22%2C%22additional%22%3A%7B%22name_tag%22%3A%22tag%22%2C%22ref_partner_id%22%3Anull%2C%22bw_%22%3Anull%7D%7D
1xslot4.com/	1969-12-31 23:59:59	Name: visit Value: 1-53932a52897a935dcf815015f5a4d3f4
.1xslot4.com/	1970-01-20 00:28:08	Name: _ym_uid Value: 16117529141064570980
.1xslot4.com/	1970-01-19 15:42:32	Name: _gat_gtag_UA_153889425_1 Value: 1
1xslot4.com/	1970-01-19 15:42:36	Name: reflinkid Value: d_610075m_8949c_
1xslot4.com/	1970-01-20 00:28:08	Name: auid Value: U5PM2WARZdFaDYPyAw2MAg==
1xslot4.com/	1970-01-19 16:25:44	Name: flaglng Value: en
1xslot4.com/	1969-12-31 23:59:59	Name: SESSION Value: fa218a0e708437dd27e52a0583857ec5
.1xslot4.com/	1970-01-19 15:42:34	Name: _ym_visorc_44741782 Value: w
1xslot4.com/	1970-01-19 15:42:36	Name: dnb Value: 1
1xslot4.com/	1970-01-19 15:42:36	Name: _glhf Value: 1611770689
.1xslot4.com/	1970-01-19 15:42:32	Name: _gat_UA-153889425-1 Value: 1
1xslot4.com/	1970-01-19 16:25:44	Name: lng Value: en

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://grand-prise-ishere4.life/?u=kcdweky&o=cawpazh&cid=mlClick-x8xtRKjF&t=48878(Line 16) Message: From cookies:
console-api	debug	URL: https://grand-prise-ishere4.life/?u=kcdweky&o=cawpazh&cid=mlClick-x8xtRKjF&t=48878(Line 16) Message: spooky
console-api	log	URL: https://grand-prise-ishere4.life/?u=kcdweky&o=cawpazh&cid=mlClick-x8xtRKjF&t=48878(Line 16) Message: From cookies:
console-api	log	URL: https://grand-prise-ishere4.life/?u=kcdweky&o=cawpazh&cid=mlClick-x8xtRKjF&t=48878(Line 16) Message: From cookies:
console-api	log	URL: https://grand-prise-ishere4.life/?u=kcdweky&o=cawpazh&cid=mlClick-x8xtRKjF&t=48878(Line 16) Message: From cookies:
console-api	error	URL: https://rz.push-free.com/bundle/app/Default/Desktop/pushfree_integrate.f317feedfd43a20860c5.bundle.js(Line 1) Message: Error: Notifications not supported by browser

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1xslot4.com
alfik-fik.com
best.aliexpress.com
click4fun.icu
clk.rtpdn12.com
clk.value.us
dprtb.com
feetwindyoung-9.live
fonts.googleapis.com
fonts.gstatic.com
get.bestdeal2060.info
grand-prise-ishere4.life
mc.yandex.ru
mytracking.pl
refpaqutiu.top
rz.push-free.com
s.click.aliexpress.com
showtimeanythme.com
stats.g.doubleclick.net
suphelper.com
universal-mobileapp-inventory.net
v2l.cdnsfree.com
www.g2a.com
www.gearbest.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.gstatic.com
get.bestdeal2060.info
104.104.180.223
104.121.174.207
173.239.53.32
185.50.248.98
209.15.13.136
23.32.114.14
2606:4700:3033::ac43:ad3a
2606:4700::6810:2b48
2a00:1450:4001:801::2008
2a00:1450:4001:812::200a
2a00:1450:4001:827::200e
2a00:1450:4001:828::2004
2a00:1450:4001:82a::2003
2a00:1450:4001:82b::2003
2a00:1450:400c:c00::9a
2a02:6b8::1:119
2a03:b0c0:3:d0::ed2:4001
45.135.120.33
5.188.178.40
5.189.217.35
54.84.27.165
67.212.184.146
67.27.234.122
81.17.18.198
83.147.204.217
83.147.204.77
95.211.26.199
01e5b8109bf84ca9cce93406a23ad8172df443ef82c54444f6f84775b98b09a9
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
061effeddf2209997d0ef8e4025563ae4e6341591b30f81b5ca0cdc62fbafa00
09f072ff05bb42a1114562cbdcfde11865ea2c7db9540661b33b6ff71dfa4b47
1041d06660805b0b847e7a2cc6fd02db90e26cf29302468c5e35daba9947e7a7
161ae7d6dca16bb15ec12301f5550bd7b9ee70f09cb4697b924d36db6aed620b
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
375473030384ee7e46306012983915222fe97868d77f71eff10cc58811c80412
39f35de4befc850b8eaabb73844edd3e18d1caa5907a865fe8aee5dda4ffd148
3a9f563acac8a3576d30a9ffec829ae64d6b2e1d2b0ea1c98ef22d3f0142f17e
3fe46665e617abc2180a07fb4e644341545e1565d470afea40c961d9deed6b62
432cafa32617193c1d4e40d08298c51e68f2a047252fc5e22a295d35f5f767f1
45535aa9ff0fa281b5add54ecfc6e5c02a2f2773b44f642e0cb537a011452c14
49c4973d5c5f1fd2e00bc461a184241ccb6b93433576fa3ee1c6b851ce4c1814
4a0dd05cafdce90b48c1b89ae4d86f1120a0fdc7a9e929edb1ebe0404f663dad
4bbad6fa87f5b6b1413661ad22a57633cccbbb04032a199a5a7c7d54a7f86033
4f46eb4dc1a36ca827e94ad48b7bd37fa1bb9fb82a668c5eecb5c1a7b84f5789
522e7fd607c1658af694ab1bf8d7a522a798ba1805536dc2680252bf0424c955
529d07383350fac2f84e682dc906833b171cd3ad5f7dcc0f1950d69e7e0803fa
52ad69eeed151c569a041ecb2f4e0be841ab9a8cd88e0e636a32cc89ac0bb493
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
592c03a9486c97323c4aeb6d7d84a7ab4d6dbd910352e5c4a96b30b203c052da
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
61d322f6cc90a5818f3873e95b433d974b2399f05dc767fdc49ac3cfd1b95ab6
6a9a6ea1cbc1986054ed63a1b1230aa8432d7ab8db710027ecf45098418f71b6
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6e6ebd48333dc09a1ce25fe1011699a00ae87dd9bda1102499248e345c0865ba
702e87501d331b73cb056f28a2f3b0fa3887c7cebeeb1de899c027402846bc23
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7c676df1d8b54b1e1937d40af8550d103bfb5e4965beb5ccf8bf1e73b340b242
81e995d490fc898e506f09053469707daf069bccb8372785a76760ff933b79a1
8269488e31ceafd9af41286b49000779d6a639f66ed7f57d9dc976245a2ad7bc
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
87dba98133dd16f549f991c31f4278ce72043a118df8baf1038bc4507c9513e7
88971183592efb1d6cc059da99bdf474e7a29b2f92944ee21b576729a72bcc90
88e3ff533e77938f8881b676a6166f4475eb0c107a992aecde9ab8e957e67388
92a8c052c24889d39ddee3617dad8f31b6f036451afefdad1334b0fcd4694794
9c9a7ca331f982bb24f8e13506c2af830f2c8a345d26a200ca121dac6ac79819
9d37c6f279bd5cfc8173de666ee6e6078dfaca7a2901461aa16dc4b00c4670f9
a439dd8761d9fd4ff88e82e83200877703594491065880dbd4e59ddf4ce1b204
a4810d85beafefc206354864aea5b880ea98214be139cbc4297002bc552443bc
a5e431f5b00cfde399d2aa89d3bf1e4e9e5c2af19f26086b4ba130da9354627b
a5e872f01c525daf3aee6fdd95835e72eecf6a7094d0027f1b27a72c6cf0709d
a61c32914258a616752b65b34e008fd6f300e23c3dfe4746cae6c145191ff98d
a7fe83ec64bb23eb28090598db3d166ed98e52e39d1afbbfd74c579553f93e4e
a88ea8107b8b09d19639765cc60db58f55c4c469c18a61893036d00acb3ed78e
a944dc4819940524ddc6bbae71b612cc4a93774802d435e863ac6b4353309c67
ad0fa40d47db3d4a811834e22c89b7874db071e81354e7a341b255992639bacd
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b60ff90317622a770085f05a2be3d6ab7f0728bedc309f1d30c425d823c04609
b820033b72a69164d7b7218324835f67f0385261325694b2a63c38abe7876724
b875cb01692443997ca35afab3477168be69b392139c6eb7543e00784f52e82c
bac10d6808cd41591acc9aeb453d0b12cb1858cd96ae9da02b2dbc3859bccdef
bb015856985d54572de780dae275b2d2803a892409f7c9ccb80eb03facd42b1b
bdd6550420d780532ad9333fb6bb2ba9f0d0e407aeac0ae568ba1d1d3d9b6400
c314484ddc606ad232b879518bdae64b20387c4d21bccf9eec3c2972a0ce6089
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
c9c6cbe4b0f47bdcf742c4c1e941d6af011878c63435025977e46da8010fe0ef
cafbd551d674da240212f6c44988757a728b9dc8cbc2a6c8dcf53c0d9159c323
cbc474104268ba6b55c1ed4fcb94dcafa73bdf63c416421ff1c5725fe7cac82b
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
dcdf87dd63632d4e03c5dce2746baecfbf9631fdd49952c29891baffbdda3ccf
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de8c66a380d5353a78c305a2ac2e9b8f68312cc1aa25178095c11d9bf3798642
ded038181a2e72755fc4c0d57ec9e45725629888a038328e238ab07cdb8e8e11
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
e89ce16f9f4cb070ad8b4c94849d914ac1705ca7ecbbbed8715665a1819e5a4f
ed8ba357e9a0660af0db2482b20c3936929aae2fe59f89b25bb8537277e3547c
ef6d04f682ed0858003991562755a388113c34c5615b39d7fc1d9122a83b8f66

1xslot4.com Open in urlscan Pro 83.147.204.217 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

87 Requests

94 %HTTPS

41 %IPv6

26 Domains

28 Subdomains

25 IPs

9 Countries

1844 kBTransfer

4563 kBSize

18 Cookies

2 Outgoing links

Page URL History

Redirected requests

87 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

1xslot4.com Open in urlscan Pro
83.147.204.217 Public Scan

Screenshot
Live screenshot

Full Image

87
Requests

94 %
HTTPS

41 %
IPv6

26
Domains

28
Subdomains

25
IPs

9
Countries

1844 kB
Transfer

4563 kB
Size

18
Cookies

87 HTTP transactions
0 data transactions