urlscan.io logo urlscan.io
SecurityTrails logo

win1.gameshere.xyz Open in urlscan Pro
188.114.97.3  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://casinox1a.nbpspin.top/
Effective URL: https://win1.gameshere.xyz/?/ru/registration?partner=p15899p3287963pf8ba&apkpop=0&promo=243998&source=1f9f10f7663751afc6731...
Submission: On May 05 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 6 domains to perform 5 HTTP transactions. The main IP is 188.114.97.3, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is win1.gameshere.xyz.
TLS certificate: Issued by GTS CA 1P5 on April 13th 2024. Valid for: 3 months.
This is the only time win1.gameshere.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 1 31.133.223.181 50245 (SERVEREL-AS)
2 188.114.97.3 13335 (CLOUDFLAR...)
1 104.17.25.14 13335 (CLOUDFLAR...)
5 3
Apex Domain
Subdomains		 Transfer
2 gameshere.xyz
win1.gameshere.xyz
4 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 237
62 KB
1 sold2me.com
sold2me.com
262 B
1 nbpspin.top
casinox1a.nbpspin.top
573 B
0 casino-x1321.com Failed
casino-x1321.com Failed
0 casino-x.com Failed
casino-x.com Failed
5 6
Domain Requested by
2 win1.gameshere.xyz
1 cdnjs.cloudflare.com win1.gameshere.xyz
1 sold2me.com 1 redirects
1 casinox1a.nbpspin.top 1 redirects
0 casino-x1321.com Failed win1.gameshere.xyz
0 casino-x.com Failed win1.gameshere.xyz
5 6

This site contains no links.

Subject Issuer Validity Valid
gameshere.xyz
GTS CA 1P5		 2024-04-13 -
2024-07-12		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-07-03 -
2024-07-02		 a year crt.sh

This page contains 1 frames:

Primary Page: https://win1.gameshere.xyz/?/ru/registration?partner=p15899p3287963pf8ba&apkpop=0&promo=243998&source=1f9f10f7663751afc6731315826565
Frame ID: 32DEB64D2BEF8C60E13E2C5C80302350
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Loading...

Page URL History Show full URLs

  1. https://casinox1a.nbpspin.top/ HTTP 301
    https://sold2me.com/go/1f9f10f76f0e426b6da2e4242aaa9b3e365b64d1eb0a0b0b/?subid=casinox1a.nbpspin... HTTP 302
    https://win1.gameshere.xyz/?/ru/registration?partner=p15899p3287963pf8ba&apkpop=0&promo=243998&source=1... Page URL

Page Statistics

5
Requests

60 %
HTTPS

25 %
IPv6

6
Domains

6
Subdomains

3
IPs

3
Countries

66 kB
Transfer

292 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://casinox1a.nbpspin.top/ HTTP 301
    https://sold2me.com/go/1f9f10f76f0e426b6da2e4242aaa9b3e365b64d1eb0a0b0b/?subid=casinox1a.nbpspin.top HTTP 302
    https://win1.gameshere.xyz/?/ru/registration?partner=p15899p3287963pf8ba&apkpop=0&promo=243998&source=1f9f10f7663751afc6731315826565 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
win1.gameshere.xyz/
Redirect Chain
  • https://casinox1a.nbpspin.top/
  • https://sold2me.com/go/1f9f10f76f0e426b6da2e4242aaa9b3e365b64d1eb0a0b0b/?subid=casinox1a.nbpspin.top
  • https://win1.gameshere.xyz/?/ru/registration?partner=p15899p3287963pf8ba&apkpop=0&promo=243998&source=1f9f10f7663751afc6731315826565
8 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://win1.gameshere.xyz/?/ru/registration?partner=p15899p3287963pf8ba&apkpop=0&promo=243998&source=1f9f10f7663751afc6731315826565
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
78b0dcc94695f13dd997384216e7d1410ec4f6913fa895050773d3fdb03b9600

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
87efb62bc8028fef-FRA
content-encoding
br
content-type
text/html
date
Sun, 05 May 2024 09:30:24 GMT
last-modified
Mon, 29 Apr 2024 11:57:27 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CU0zy%2B30saE42s5MW4zVF4XkN99tYBSsvhewLlZWGItCdFr151P%2BGrgn862t1yJp4gLuB8cHlq%2FVGNgKv3%2B2h7tawuGi03Rc000ndTIVYoEhZuYL2XocMZ3%2Feuzi31bY3iwd"}],"group":"cf-nel","max_age":604800}
server
cloudflare

Redirect headers

content-type
text/html; charset=UTF-8
date
Sun, 05 May 2024 09:30:23 GMT
location
https://win1.gameshere.xyz/?/ru/registration?partner=p15899p3287963pf8ba&apkpop=0&promo=243998&source=1f9f10f7663751afc6731315826565
server
nginx
jsrsasign-all-min.js
cdnjs.cloudflare.com/ajax/libs/jsrsasign/6.2.2/ 		283 KB
62 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jsrsasign/6.2.2/jsrsasign-all-min.js
Requested by
Host: win1.gameshere.xyz
URL: https://win1.gameshere.xyz/?/ru/registration?partner=p15899p3287963pf8ba&apkpop=0&promo=243998&source=1f9f10f7663751afc6731315826565
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9b71baba57a2e71b44efcaa1a02d61f61456a57606e1096812221849b198e6dd
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://win1.gameshere.xyz/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 05 May 2024 09:30:24 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
223764
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
62327
last-modified
Mon, 04 May 2020 16:11:58 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ece-46ad7"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mA9FyhbU%2Bu5Dc8%2FmzPnYhpoX2beAEGtxY12rTlUHt6pbEKrigSl0TFIyBf9MlKgP9QrORkOIx5oQ46CQ3v2OPKSp18JkQrEQdGa3XUOWMwX7MeAZoVcKSegkPF5ndE5oIPQl7tVx"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
87efb62ceadf9b37-FRA
expires
Fri, 25 Apr 2025 09:30:24 GMT
/
casino-x.com/signature/ 		0
0
/
casino-x1321.com/signature/ 		0
0
favicon.ico
win1.gameshere.xyz/ 		1 KB
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://win1.gameshere.xyz/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ace888bd5809a6e7a558f24e5bde5ada3659fbf2dca8bcac34e17ef36cd10a71

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://win1.gameshere.xyz/?/ru/registration?partner=p15899p3287963pf8ba&apkpop=0&promo=243998&source=1f9f10f7663751afc6731315826565
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 05 May 2024 09:30:24 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Tue, 25 May 2021 13:52:38 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"60ad0126-47e"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N7EVVPyScY0kQ2FZcdlhnz03lDvN5ArbcRdULuZPLOn%2Fh9GKf0AjneSps6gOsjzYUBPgMws5%2FierP%2BoDvojbmGWa%2BgJd%2FKYuiz6CPo2%2FDOt3CHvjqnRKC4l1fM4cN5L8aXhX"}],"group":"cf-nel","max_age":604800}
content-type
image/x-icon
cache-control
max-age=14400
cf-ray
87efb62d798a8fef-FRA
alt-svc
h3=":443"; ma=86400

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
casino-x.com
URL
https://casino-x.com/signature/?x=1714901424223
Domain
casino-x1321.com
URL
https://casino-x1321.com/signature/?x=1714901424223

Verdicts & Comments Add Verdict or Comment

248 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| YAHOO object| CryptoJS string| b64map string| b64pad function| hex2b64 function| b64tohex function| b64toBA number| dbits number| canary boolean| j_lm function| BigInteger function| nbi function| am1 function| am2 function| am3 number| BI_FP string| BI_RM object| BI_RC number| rr number| vv function| int2char function| intAt function| bnpCopyTo function| bnpFromInt function| nbv function| bnpFromString function| bnpClamp function| bnToString function| bnNegate function| bnAbs function| bnCompareTo function| nbits function| bnBitLength function| bnpDLShiftTo function| bnpDRShiftTo function| bnpLShiftTo function| bnpRShiftTo function| bnpSubTo function| bnpMultiplyTo function| bnpSquareTo function| bnpDivRemTo function| bnMod function| Classic function| cConvert function| cRevert function| cReduce function| cMulTo function| cSqrTo function| bnpInvDigit function| Montgomery function| montConvert function| montRevert function| montReduce function| montSqrTo function| montMulTo function| bnpIsEven function| bnpExp function| bnModPowInt function| bnClone function| bnIntValue function| bnByteValue function| bnShortValue function| bnpChunkSize function| bnSigNum function| bnpToRadix function| bnpFromRadix function| bnpFromNumber function| bnToByteArray function| bnEquals function| bnMin function| bnMax function| bnpBitwiseTo function| op_and function| bnAnd function| op_or function| bnOr function| op_xor function| bnXor function| op_andnot function| bnAndNot function| bnNot function| bnShiftLeft function| bnShiftRight function| lbit function| bnGetLowestSetBit function| cbit function| bnBitCount function| bnTestBit function| bnpChangeBit function| bnSetBit function| bnClearBit function| bnFlipBit function| bnpAddTo function| bnAdd function| bnSubtract function| bnMultiply function| bnSquare function| bnDivide function| bnRemainder function| bnDivideAndRemainder function| bnpDMultiply function| bnpDAddOffset function| NullExp function| nNop function| nMulTo function| nSqrTo function| bnPow function| bnpMultiplyLowerTo function| bnpMultiplyUpperTo function| Barrett function| barrettConvert function| barrettRevert function| barrettReduce function| barrettSqrTo function| barrettMulTo function| bnModPow function| bnGCD function| bnpModInt function| bnModInverse object| lowprimes number| lplim function| bnIsProbablePrime function| bnpMillerRabin function| Arcfour function| ARC4init function| ARC4next function| prng_newstate number| rng_psize undefined| rng_state object| rng_pool number| rng_pptr function| rng_seed_int function| rng_seed_time number| t object| ua undefined| z function| rng_get_byte function| rng_get_bytes function| SecureRandom function| parseBigInt function| linebrk function| byte2Hex function| pkcs1pad2 function| oaep_mgf1_arr function| oaep_pad function| RSAKey function| RSASetPublic function| RSADoPublic function| RSAEncrypt function| RSAEncryptOAEP function| pkcs1unpad2 function| oaep_mgf1_str function| oaep_unpad function| RSASetPrivate function| RSASetPrivateEx function| RSAGenerate function| RSADoPrivate function| RSADecrypt function| RSADecryptOAEP function| ECFieldElementFp function| feFpEquals function| feFpToBigInteger function| feFpNegate function| feFpAdd function| feFpSubtract function| feFpMultiply function| feFpSquare function| feFpDivide function| ECPointFp function| pointFpGetX function| pointFpGetY function| pointFpEquals function| pointFpIsInfinity function| pointFpNegate function| pointFpAdd function| pointFpTwice function| pointFpMultiply function| pointFpMultiplyTwo function| ECCurveFp function| curveFpGetQ function| curveFpGetA function| curveFpGetB function| curveFpEquals function| curveFpGetInfinity function| curveFpFromBigInteger function| curveFpDecodePointHex function| jsonParse object| ASN1HEX object| KJUR function| Base64x function| stoBA function| BAtos function| BAtohex function| stohex function| stob64 function| stob64u function| b64utos function| b64tob64u function| b64utob64 function| hextob64u function| b64utohex function| utf8tob64u function| b64utoutf8 function| utf8tob64 function| b64toutf8 function| utf8tohex function| hextoutf8 function| hextorstr function| rstrtohex function| hextob64 function| hextob64nl function| b64nltohex function| hextoArrayBuffer function| ArrayBuffertohex function| uricmptohex function| hextouricmp function| encodeURIComponentAll function| newline_toUnix function| newline_toDos function| intarystrtohex function| strdiffidx object| PKCS5PKEY object| KEYUTIL function| _rsapem_pemToBase64 function| _rsapem_getPosArrayOfChildrenFromHex function| _rsapem_getHexValueArrayOfChildrenFromHex function| _rsapem_readPrivateKeyFromASN1HexString function| _rsapem_readPrivateKeyFromPEMString object| _RE_HEXDECONLY function| _rsasign_getHexPaddedDigestInfoForString function| _zeroPaddingOfSignature function| _rsasign_signString function| _rsasign_signWithMessageHash function| _rsasign_signStringWithSHA1 function| _rsasign_signStringWithSHA256 function| pss_mgf1_str function| _rsasign_signStringPSS function| _rsasign_signWithMessageHashPSS function| _rsasign_getDecryptSignatureBI function| _rsasign_getHexDigestInfoFromSig function| _rsasign_getAlgNameAndHashFromHexDisgestInfo function| _rsasign_verifySignatureWithArgs function| _rsasign_verifyHexSignatureForMessage function| _rsasign_verifyString function| _rsasign_verifyWithMessageHash function| _rsasign_verifyStringPSS function| _rsasign_verifyWithMessageHashPSS function| X509

1 Cookies

Domain/Path Name / Value
.sold2me.com/ Name: uid
Value: 1f9f10f7663751afc6731315826565

4 Console Messages

Source Level URL
Text
javascript error URL: https://win1.gameshere.xyz/?/ru/registration?partner=p15899p3287963pf8ba&apkpop=0&promo=243998&source=1f9f10f7663751afc6731315826565
Message:
Access to XMLHttpRequest at 'https://casino-x.com/signature/?x=1714901424223' from origin 'https://win1.gameshere.xyz' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://casino-x.com/signature/?x=1714901424223
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://win1.gameshere.xyz/?/ru/registration?partner=p15899p3287963pf8ba&apkpop=0&promo=243998&source=1f9f10f7663751afc6731315826565
Message:
Access to XMLHttpRequest at 'https://casino-x1321.com/signature/?x=1714901424223' from origin 'https://win1.gameshere.xyz' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://casino-x1321.com/signature/?x=1714901424223
Message:
Failed to load resource: net::ERR_FAILED