app-669917.galleon.mobi Open in urlscan Pro
2a06:98c1:3121::a  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request register Show response app-669917.galleon.mobi/	3 KB 2 KB	395ms 327ms	Document text/html	2a06:98c1:3121::a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://app-669917.galleon.mobi/register?code=2I0LV7 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8f096eb308f6c061bacaa411a6388ade39be0d0f95656fc649bd89ce9f538334 Security Headers Name Value Strict-Transport-Security max-age=86400; includeSubDomains X-Content-Type-Options nosniff Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cache-control private, no-store, no-cache, max-age=0, must-revalidate, proxy-revalidate cf-cache-status DYNAMIC cf-ray 70adcb3bbbde91ff-FRA content-encoding br content-type text/html date Fri, 13 May 2022 19:27:51 GMT expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" last-modified Thu, 28 Apr 2022 06:51:27 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rjTCKpelhqtWNMSEYpcJX1%2BY0NACEbLcd%2Bm5NgmUlz1d8GUCy436ghFT98nRMSSjJ8w7YGzazvXQc%2FyW9H%2BGBSYPGGMz8k2t%2F35MsscFKbutQXEfqw7%2F03gA%2B08e9XiuMvhGUENR42Y0ctxPI8G8DXB3UZ2xCg%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare strict-transport-security max-age=86400; includeSubDomains x-content-type-options nosniff
GET H2	200	sdk.js Show response connect.facebook.net/zh_CN/	3 KB 2 KB	25ms 8ms	Script application/x-javascript	2a03:2880:f01c:216:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/zh_CN/sdk.js Requested by Host: app-669917.galleon.mobi URL: https://app-669917.galleon.mobi/register?code=2I0LV7 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash b711ff1d66ae64bbe80bc647737ddc47a0dee71ef7b02a427d613113ef8470c8 Security Headers Name Value Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY Request headers Referer https://app-669917.galleon.mobi/ Origin https://app-669917.galleon.mobi accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers strict-transport-security max-age=31536000; preload; includeSubDomains content-encoding gzip x-content-type-options nosniff content-md5 HbAC1Jy30ZfXC2X2uYTikw== document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400,h3-29=":443"; ma=86400 content-length 1688 x-fb-rlafr 0 x-fb-debug OsyxRHNBR6FmqVToRmP8RNUZdzp2CDAJe0/dxdmogweDrFY+6ssuiV4Xqi0GyXhj3Lj8OmocMb+cfeIUJ8cXjQ== x-fb-trip-id 686109401 x-fb-content-md5 7482e3620c4d75d3c0109bc94d40fbbc x-frame-options DENY date Fri, 13 May 2022 19:27:51 GMT vary Accept-Encoding content-type application/x-javascript; charset=utf-8 access-control-allow-origin * access-control-expose-headers X-FB-Content-MD5 cache-control public,max-age=1200,stale-while-revalidate=3600 etag "322619a0375ae014fb3dabc2695c8781" timing-allow-origin * priority u=3,i expires Fri, 13 May 2022 19:30:03 GMT
GET H2	200	api:client.js Show response apis.google.com/js/	14 KB 6 KB	40ms 16ms	Script text/javascript	2a00:1450:4001:80f::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://apis.google.com/js/api:client.js Requested by Host: app-669917.galleon.mobi URL: https://app-669917.galleon.mobi/register?code=2I0LV7 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash f351bf72961f59f69d6b2f626da1fc76a4e0eef71258e55e259bf61c88eb3a6d Security Headers Name Value Content-Security-Policy require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://app-669917.galleon.mobi/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers content-security-policy require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 5544 x-xss-protection 0 server sffe cross-origin-opener-policy same-origin; report-to="gapi-team" date Fri, 13 May 2022 19:27:52 GMT vary Accept-Encoding report-to {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]} content-type text/javascript access-control-allow-origin * cache-control private, max-age=1800, stale-while-revalidate=1800 etag "bd7d21773a00baac" accept-ranges bytes timing-allow-origin * expires Fri, 13 May 2022 19:27:52 GMT
GET H2	200	traceinstall.js Show response ai.1122pro.com/v2/	4 KB 2 KB	74ms 9ms	Script text/plain	101.33.11.48 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL https://ai.1122pro.com/v2/traceinstall.js?app_key=app001 Requested by Host: app-669917.galleon.mobi URL: https://app-669917.galleon.mobi/register?code=2I0LV7 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 101.33.11.48 Frankfurt am Main, Germany, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software NWS_Oversea_AP / Resource Hash 32deeb2218d25ca73b466aed5ca7a945e0ee3dca44c4e84ac31b3d4971757c87 Security Headers Name Value Strict-Transport-Security max-age=36000;includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://app-669917.galleon.mobi/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers date Fri, 13 May 2022 19:27:52 GMT content-encoding gzip vary accept-encoding x-cache-lookup Hit From Disktank3 Gz, Hit From Inner Cluster content-length 1702 last-modified Fri, 13 May 2022 08:50:00 GMT server NWS_Oversea_AP strict-transport-security max-age=36000;includeSubDomains access-control-allow-methods * content-type javascript access-control-allow-origin * cache-control max-age=600 access-control-allow-credentials * x-daa-tunnel hop_count=1 x-nws-log-uuid c64774ea-39ef-4e4e-9e33-3a7a7f1da158 access-control-allow-headers * expires Fri, 13 May 2022 19:37:51 GMT
GET H2	200	app.c87ea641.js Show response app-669917.galleon.mobi/js/	1 MB 354 KB	340ms 339ms	Script application/javascript	2a06:98c1:3121::a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://app-669917.galleon.mobi/js/app.c87ea641.js Requested by Host: app-669917.galleon.mobi URL: https://app-669917.galleon.mobi/register?code=2I0LV7 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 41b8393b7d2aa3129bdc4be08af80104316f697da246e6792dd079632e0c8327 Security Headers Name Value Strict-Transport-Security max-age=86400; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://app-669917.galleon.mobi/register?code=2I0LV7 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers date Fri, 13 May 2022 19:27:52 GMT content-encoding br x-content-type-options nosniff cf-cache-status REVALIDATED nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-polished origSize=1199171 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 last-modified Thu, 28 Apr 2022 06:51:27 GMT server cloudflare etag W/"626a396f-124c43" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=86400; includeSubDomains report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RgNM59VVNZhFpRPVBi6NSnMxJvnWbrmeE1S8MOKyE%2BPb5RL4%2B0a9gfXCTCmsgnoW%2FfuBvS3f7K40pzGHGLQW%2F0tHUczMoHmxUXcqOxmW%2FySZjq8FjM93pmxxzf1uzVKNjFE7y%2BCGahExoT%2F0tGSkygGsviTSGw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript vary Accept-Encoding cache-control max-age=14400 cf-ray 70adcb3ddeb891ff-FRA cf-bgj minify
GET H3	200	sdk.js Show response connect.facebook.net/zh_CN/	291 KB 83 KB	19ms 10ms	Script application/x-javascript	2a03:2880:f01c:216:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/zh_CN/sdk.js?hash=630d742b21ed8c48432aad6c87051226 Requested by Host: connect.facebook.net URL: https://connect.facebook.net/zh_CN/sdk.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 5e6b7d88f27960e6f833e75432e2fc020716493486a8de28001d9de1d37b3e61 Security Headers Name Value Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY Request headers Referer https://app-669917.galleon.mobi/ Origin https://app-669917.galleon.mobi accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers strict-transport-security max-age=31536000; preload; includeSubDomains content-encoding gzip x-content-type-options nosniff content-md5 uHxYIUBnaFCMrWf7u5gsTw== document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400,h3-29=":443"; ma=86400 content-length 85371 x-fb-rlafr 0 x-fb-debug 424mZDfXazwU3S/YAZjEqibVTHJIVQD5UNpELaPZ5WaPK4rXZJczCI7YNZq+4HZQCFCz7Fm2ZWEU33bbgVLMhA== x-fb-content-md5 5da04eb3d0796ce54b65070bc700d915 x-frame-options DENY date Fri, 13 May 2022 19:27:52 GMT vary Accept-Encoding content-type application/x-javascript; charset=utf-8 access-control-allow-origin * access-control-expose-headers X-FB-Content-MD5 cache-control public,max-age=31536000,stale-while-revalidate=3600,immutable etag "05a94e7afba62e3223400db01d890c3a" timing-allow-origin * priority u=3,i expires Sat, 13 May 2023 18:30:05 GMT
GET H3	200	cb=gapi.loaded_0 Show response apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.xpRpP2dSg9Q.O/m=client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9dZuaTDdeBSZM_cuQEqPNJoPpOvA/	313 KB 106 KB	27ms 9ms	Script text/javascript	2a00:1450:4001:80f::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.xpRpP2dSg9Q.O/m=client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9dZuaTDdeBSZM_cuQEqPNJoPpOvA/cb=gapi.loaded_0?le=scs Requested by Host: apis.google.com URL: https://apis.google.com/js/api:client.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 2e5d4be918200081673a10df00301d8f01706f51d1947bf78e98e8b5bbea2f01 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://app-669917.galleon.mobi/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers date Fri, 13 May 2022 17:49:13 GMT content-encoding gzip x-content-type-options nosniff age 5919 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 108245 x-xss-protection 0 last-modified Mon, 21 Mar 2022 15:20:15 GMT server sffe cross-origin-opener-policy same-origin; report-to="social-frontend-mpm-access" vary Accept-Encoding report-to {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]} content-type text/javascript; charset=UTF-8 cache-control public, max-age=31536000 accept-ranges bytes expires Sat, 13 May 2023 17:49:13 GMT
GET H3	200	chunk-42f59980.cc8689d4.js app-669917.galleon.mobi/js/	0 394 KB	353ms 352ms	Other application/javascript	2a06:98c1:3121::a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://app-669917.galleon.mobi/js/chunk-42f59980.cc8689d4.js Requested by Host: app-669917.galleon.mobi URL: https://app-669917.galleon.mobi/register?code=2I0LV7 Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=86400; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://app-669917.galleon.mobi/register?code=2I0LV7 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers date Fri, 13 May 2022 19:27:52 GMT content-encoding br x-content-type-options nosniff cf-cache-status REVALIDATED nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-polished origSize=1618001 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 last-modified Thu, 28 Apr 2022 06:51:27 GMT server cloudflare etag W/"626a396f-18b051" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=86400; includeSubDomains report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fY2CDVoXaJpPUpT1GSXxfXV9onwqrEY4jaotVc%2BVYju1n4SdJTYRCDviHkpv5fJyPBSvfHjNoNmaIzJu1hYyLXAckXVpe6IpUjWCbW8u02DzmIeqwqdpgN%2F2nc%2F6zPXPKnqyYZuZrhMUaIGU8Butugxa0LSQ%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript vary Accept-Encoding cache-control max-age=14400 cf-ray 70adcb3e8c1d6993-FRA cf-bgj minify
GET H2	200	/ www.facebook.com/tr/	44 B 297 B	30ms 9ms	Image image/gif	2a03:2880:f11c:8083:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=314209393956081&ev=fb_page_view&dl=https%3A%2F%2Fapp-669917.galleon.mobi%2Fregister%3Fcode%3D2I0LV7&rl=&if=false&ts=1652470072110&sw=1600&sh=1200&at= Requested by Host: app-669917.galleon.mobi URL: https://app-669917.galleon.mobi/register?code=2I0LV7 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://app-669917.galleon.mobi/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers date Fri, 13 May 2022 19:27:52 GMT last-modified Fri, 21 Dec 2012 00:00:01 GMT server proxygen-bolt strict-transport-security max-age=31536000; includeSubDomains content-type image/gif cache-control no-cache, must-revalidate, max-age=0 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 44 expires Fri, 13 May 2022 19:27:52 GMT
GET H3	200	chunk-42f59980.cc8689d4.js Show response app-669917.galleon.mobi/js/	2 MB 394 KB	68ms 68ms	Script application/javascript	2a06:98c1:3121::a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://app-669917.galleon.mobi/js/chunk-42f59980.cc8689d4.js Requested by Host: app-669917.galleon.mobi URL: https://app-669917.galleon.mobi/js/app.c87ea641.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 3c0a7fe659c953b88f53e9e9129c7886e1551ae227c35df5039650eef3947ce4 Security Headers Name Value Strict-Transport-Security max-age=86400; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://app-669917.galleon.mobi/register?code=2I0LV7 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers date Fri, 13 May 2022 19:27:52 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 0 cf-polished origSize=1618001 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 last-modified Thu, 28 Apr 2022 06:51:27 GMT server cloudflare etag W/"626a396f-18b051" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=86400; includeSubDomains report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W1uDpKgNnZoa62JDxri3nbwQbB4z%2FfhRlnuanzv%2FoQjTAq26qdatzVouRSb6TjX%2FHTBjIm4RqUNqYBMMhOioC0NslkHgLuaiM%2Fa%2Bt09G2CIHNpS%2BxQNikxzkbZjGDWzk2qnJL17v0SFISx8LQGH932FJJ9VHmA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript vary Accept-Encoding cache-control max-age=14400 cf-ray 70adcb409f836993-FRA cf-bgj minify
OPTIONS H2	204	listCsConfig 05ad102600450ad3.galleon.mobi/hall/	0 0	429ms 333ms	Preflight	2a06:98c1:3120::a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://05ad102600450ad3.galleon.mobi/hall/listCsConfig Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=86400; includeSubDomains X-Content-Type-Options nosniff Request headers Accept */* Access-Control-Request-Headers content-type Access-Control-Request-Method POST Origin https://app-669917.galleon.mobi Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers Token,Content-Type,Tz access-control-allow-methods GET,POST,PUT,PATCH,DELETE,OPTIONS access-control-allow-origin * access-control-expose-headers access-control-max-age 1728000 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cache-control max-age=0, private, must-revalidate cf-cache-status DYNAMIC cf-ray 70adcb42591790dc-FRA date Fri, 13 May 2022 19:27:53 GMT expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f%2BgBCSs5%2F9uA8HP%2BVbjy2DLUY9NAP3dZJaLGS5jdm1Ta1KG5JxEh2N6iM9YHPh4pmW5shLmZ2FD6GEpl9j6GMyj35YQirGWnAtme1pH1WEZtJPe27TvvwUDSTXqPXigZXIQG27mMJ9Fdqum8%2BrBHxYmrRIGVjDLFHUelWg%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare strict-transport-security max-age=86400; includeSubDomains x-content-type-options nosniff x-request-id Fu7AxrOaFLRV7GkBH5ZN
GET H3	200	bj.549ec8f5.png app-669917.galleon.mobi/img/	148 KB 148 KB	343ms 343ms	Image image/png	2a06:98c1:3121::a CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://app-669917.galleon.mobi/img/bj.549ec8f5.png Requested by Host: app-669917.galleon.mobi URL: https://app-669917.galleon.mobi/register?code=2I0LV7 Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f04093687936d52b9fcc2f48735a0749f045f20203f8b773a3715c51ebc6b96f Security Headers Name Value Strict-Transport-Security max-age=86400; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://app-669917.galleon.mobi/register?code=2I0LV7 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers date Fri, 13 May 2022 19:27:52 GMT x-content-type-options nosniff cf-cache-status REVALIDATED nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 151334 last-modified Thu, 28 Apr 2022 06:51:27 GMT server cloudflare etag "626a396f-24f26" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=86400; includeSubDomains report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HLnzDdva9qYmlFBP7PzF625mdt57J4naFB7lLxYdem92wbm1o%2F6t3MxeCZfNDl6hq28OYcTP68o3RF7Dhls4%2BGEQA4YlUe77HSOIOhQeZQEYDQWuajGt0fIE9N0S0ADkT7nxBN5TT3ySmPcXn1yuTWAoHLeFGA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png vary Accept-Encoding cache-control max-age=14400 accept-ranges bytes cf-ray 70adcb41a9446993-FRA
GET H3	200	btn_kefu.c1eb10cf.png app-669917.galleon.mobi/img/	10 KB 10 KB	341ms 341ms	Image image/png	2a06:98c1:3121::a CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://app-669917.galleon.mobi/img/btn_kefu.c1eb10cf.png Requested by Host: app-669917.galleon.mobi URL: https://app-669917.galleon.mobi/register?code=2I0LV7 Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e6e90567e4d399d0efef332bdd3f818f0778bd5f22fd79b2e9e0f2a6f33a4a9e Security Headers Name Value Strict-Transport-Security max-age=86400; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://app-669917.galleon.mobi/register?code=2I0LV7 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers date Fri, 13 May 2022 19:27:52 GMT x-content-type-options nosniff cf-cache-status REVALIDATED nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 10070 last-modified Thu, 28 Apr 2022 06:51:27 GMT server cloudflare etag "626a396f-2756" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=86400; includeSubDomains report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0N0Xdsjm1nO18uQLiWuihrE9MkSHu0OSGAUbuMXE2U4UchIHKF6UJKN%2FwV3yrIRzsCr4GnMeNPoAIxiLwpnjcwuPIfDEFCgwbX9Fxb7B68y5PsFUEhmBUyyCplly0lWwE8LZXJqBzuJP25dRRdmeapQXkW2abw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png vary Accept-Encoding cache-control max-age=14400 accept-ranges bytes cf-ray 70adcb41a9466993-FRA
GET DATA	200 OK	truncated /	24 KB 24 KB		Font font/ttf
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash f578161682663132ec65b870e0ecb969d7dbe1eee9b8c4dff140e749e5a8ed7e Request headers Referer Origin https://app-669917.galleon.mobi accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers Content-Type font/ttf
POST H2	200	fingerprint Show response ai.1122pro.com/v1/	40 B 336 B	473ms 448ms	XHR application/json	101.33.11.48 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL https://ai.1122pro.com/v1/fingerprint?app_key=app001 Requested by Host: ai.1122pro.com URL: https://ai.1122pro.com/v2/traceinstall.js?app_key=app001 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 101.33.11.48 Frankfurt am Main, Germany, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software nginx/1.20.1 / Resource Hash 47e952df48941af403a87d20e5b2645084fd13b5ed4923f9985ef4ed0b9e45cc Security Headers Name Value Strict-Transport-Security max-age=36000;includeSubDomains Request headers Referer https://app-669917.galleon.mobi/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers date Fri, 13 May 2022 19:27:53 GMT server nginx/1.20.1 strict-transport-security max-age=36000;includeSubDomains access-control-allow-methods * content-type application/json access-control-allow-origin * cache-control no-cache access-control-allow-credentials * x-daa-tunnel hop_count=1 x-nws-log-uuid cfd545f6-917f-47c3-8a28-8647f3fc36b6 access-control-allow-headers * content-length 40
GET H3	200	login.6e73be56.png app-669917.galleon.mobi/img/	19 KB 20 KB	354ms 354ms	Image image/png	2a06:98c1:3121::a CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://app-669917.galleon.mobi/img/login.6e73be56.png Requested by Host: app-669917.galleon.mobi URL: https://app-669917.galleon.mobi/register?code=2I0LV7 Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b34abb67997758047d53815e3f7c476a73703e8d4273170a4a3e3fac9703cd18 Security Headers Name Value Strict-Transport-Security max-age=86400; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://app-669917.galleon.mobi/register?code=2I0LV7 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers date Fri, 13 May 2022 19:27:52 GMT x-content-type-options nosniff cf-cache-status REVALIDATED nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 19839 last-modified Thu, 28 Apr 2022 06:51:27 GMT server cloudflare etag "626a396f-4d7f" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=86400; includeSubDomains report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=by%2B3b%2FXD86Z4LLZQp12eEFAQpbTOnJjhzbYkhFLDPyxTo0Jbb6OeDQThTUzyHfhb3iM3X5%2BxTLr9HjCxIXq4PjlvYtRNFxCUx%2BwoH6vlJj2%2BNNAkHE4Qz6RYylfSMK%2B1ZXx7HjjAxBjh2DRAkxUoWxIdZy6hWg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png vary Accept-Encoding cache-control max-age=14400 accept-ranges bytes cf-ray 70adcb41b97b6993-FRA
POST H3	200	listCsConfig Show response 05ad102600450ad3.galleon.mobi/hall/	245 B 861 B	366ms 347ms	XHR application/json	2a06:98c1:3120::a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://05ad102600450ad3.galleon.mobi/hall/listCsConfig Requested by Host: app-669917.galleon.mobi URL: https://app-669917.galleon.mobi/js/app.c87ea641.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f18e338071314f120b386d90b78cfc8c721ee37ba9bb58ab9dd5c26f2ff878c1 Security Headers Name Value Strict-Transport-Security max-age=86400; includeSubDomains X-Content-Type-Options nosniff Request headers Accept application/json, text/plain, */* Referer https://app-669917.galleon.mobi/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Content-Type application/json Response headers date Fri, 13 May 2022 19:27:53 GMT content-encoding br x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 x-request-id Fu7AxskZyijHyOIBH5cN server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=86400; includeSubDomains report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0xLKR6iY1U3iu6pxHNPipWpW00rtW9BhO5fQId8iu02cy2Qs47bgwGHV9gjxOQ20eCFf6e84uccUYcFvke8nqa%2BGvgP0T8nnQSBvW626x9DogO3og6I5rq0I6icEYXntcSaDH19UFej66z4RXM%2BCr2G1QBr6Z%2BLkVVkzCQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/json; charset=utf-8 access-control-allow-origin * access-control-expose-headers cache-control max-age=0, private, must-revalidate access-control-allow-credentials true cf-ray 70adcb448fac9000-FRA
POST H2	200	captcha Show response 05ad102600450ad3.galleon.mobi/hall/	23 KB 2 KB	437ms 341ms	XHR application/json	2a06:98c1:3120::a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://05ad102600450ad3.galleon.mobi/hall/captcha Requested by Host: app-669917.galleon.mobi URL: https://app-669917.galleon.mobi/js/app.c87ea641.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 44adc53cd81b60ec6c927c0b0001b3e1faca5f0199673d21bc952e4a37b3d44f Security Headers Name Value Strict-Transport-Security max-age=86400; includeSubDomains X-Content-Type-Options nosniff Request headers Accept application/json, text/plain, */* Referer https://app-669917.galleon.mobi/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers date Fri, 13 May 2022 19:27:53 GMT content-encoding br x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 x-request-id Fu7AxrPsYx_WXc0BH5aN server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=86400; includeSubDomains report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k%2BoSmQ7bB%2BNPY0r86PkHbu5IsbW2flAJ9fwgyYpmN35M4LQZq5ikOIN2R8Y%2FGqH%2FZNH4XEZfVEIhNzeRZCZxK2QMkfuMC5CZSmnyKaSpj0GtFADQoaiCc1KawCNVb5vkqxH2dcgLbFa611n4zXoRTzn53ecs45gWN%2Bl%2BCg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/json; charset=utf-8 access-control-allow-origin * access-control-expose-headers cache-control max-age=0, private, must-revalidate access-control-allow-credentials true cf-ray 70adcb42591990dc-FRA
GET DATA	200 OK	truncated /	17 KB 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 5e6dfeb9e64bf335ee2503cc0fe7cbd7be0514b547139f76f2080b7155b3a45a Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers Content-Type image/gif

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails object| FB object| gapi object| ___jsl function| TraceInstall object| osapi object| gadgets object| iframer object| __gapi_jstiming__ object| shindig function| ToolbarApi object| iframes function| IframeBase function| Iframe function| IframeProxy function| IframeWindow object| googleapis object| webpackJsonp number| _vueCountryIntl_count

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=86400; includeSubDomains
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

05ad102600450ad3.galleon.mobi
ai.1122pro.com
apis.google.com
app-669917.galleon.mobi
connect.facebook.net
www.facebook.com
101.33.11.48
2a00:1450:4001:80f::200e
2a03:2880:f01c:216:face:b00c:0:3
2a03:2880:f11c:8083:face:b00c:0:25de
2a06:98c1:3120::a
2a06:98c1:3121::a
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
2e5d4be918200081673a10df00301d8f01706f51d1947bf78e98e8b5bbea2f01
32deeb2218d25ca73b466aed5ca7a945e0ee3dca44c4e84ac31b3d4971757c87
3c0a7fe659c953b88f53e9e9129c7886e1551ae227c35df5039650eef3947ce4
41b8393b7d2aa3129bdc4be08af80104316f697da246e6792dd079632e0c8327
44adc53cd81b60ec6c927c0b0001b3e1faca5f0199673d21bc952e4a37b3d44f
47e952df48941af403a87d20e5b2645084fd13b5ed4923f9985ef4ed0b9e45cc
5e6b7d88f27960e6f833e75432e2fc020716493486a8de28001d9de1d37b3e61
5e6dfeb9e64bf335ee2503cc0fe7cbd7be0514b547139f76f2080b7155b3a45a
8f096eb308f6c061bacaa411a6388ade39be0d0f95656fc649bd89ce9f538334
b34abb67997758047d53815e3f7c476a73703e8d4273170a4a3e3fac9703cd18
b711ff1d66ae64bbe80bc647737ddc47a0dee71ef7b02a427d613113ef8470c8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6e90567e4d399d0efef332bdd3f818f0778bd5f22fd79b2e9e0f2a6f33a4a9e
f04093687936d52b9fcc2f48735a0749f045f20203f8b773a3715c51ebc6b96f
f18e338071314f120b386d90b78cfc8c721ee37ba9bb58ab9dd5c26f2ff878c1
f351bf72961f59f69d6b2f626da1fc76a4e0eef71258e55e259bf61c88eb3a6d
f578161682663132ec65b870e0ecb969d7dbe1eee9b8c4dff140e749e5a8ed7e