app-669917.galleon.mobi Open in urlscan Pro
2a06:98c1:3120::a  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request register Show response app-669917.galleon.mobi/	3 KB 2 KB	624ms 339ms	Document text/html	2a06:98c1:3120::a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://app-669917.galleon.mobi/register?code=2I06M9 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8f096eb308f6c061bacaa411a6388ade39be0d0f95656fc649bd89ce9f538334 Security Headers Name Value Strict-Transport-Security max-age=86400; includeSubDomains X-Content-Type-Options nosniff Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cache-control private, no-store, no-cache, max-age=0, must-revalidate, proxy-revalidate cf-cache-status DYNAMIC cf-ray 70b84830fd415995-MXP content-encoding br content-type text/html date Sun, 15 May 2022 02:00:47 GMT expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" last-modified Thu, 28 Apr 2022 06:51:27 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fxI1P7sohGVxr%2FLACh3aviaKy9B4oAiogu8lTQXW8bTyUB5yV%2F23jERYt%2FYIAIHs4nIKyyJS%2FomDunGhKZLXXiqCtQ1GFjT9%2F9ixwfSJNE%2FbmCMyE%2BYQe3kbKIdxVGu1nNyTRHNUO3ETd0eb6maFCILJNw0U%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare strict-transport-security max-age=86400; includeSubDomains x-content-type-options nosniff
GET H2	200	sdk.js Show response connect.facebook.net/zh_CN/	3 KB 2 KB	23ms 7ms	Script application/x-javascript	2a03:2880:f01c:8012:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/zh_CN/sdk.js Requested by Host: app-669917.galleon.mobi URL: https://app-669917.galleon.mobi/register?code=2I06M9 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 7bcf4d72cc627b6dd0d185e53ab56a0111e664798112ea0abbb0d629ae64c17f Security Headers Name Value Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY Request headers Referer https://app-669917.galleon.mobi/ Origin https://app-669917.galleon.mobi accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers strict-transport-security max-age=31536000; preload; includeSubDomains content-encoding gzip x-content-type-options nosniff content-md5 cYEzkC2oUuQUzghHMk8CfQ== document-policy force-load-at-top cross-origin-resource-policy cross-origin expires Sun, 15 May 2022 02:18:31 GMT alt-svc h3=":443"; ma=86400,h3-29=":443"; ma=86400 content-length 1686 x-fb-rlafr 0 x-fb-debug oPOWnjw0AWCDqqyQ/c5OgqTtAXQhhLa+hgQ/t7mRUPobCYPdyPS+8ETnioJCAET54SuoehuMGMHNEVqWDMQuOA== x-fb-trip-id 686109401 x-fb-content-md5 f234d2ca70031e4b2293b03679a5e13a cross-origin-opener-policy same-origin-allow-popups cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" date Sun, 15 May 2022 02:00:47 GMT x-frame-options DENY report-to {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"} content-type application/x-javascript; charset=utf-8 access-control-allow-origin * vary Accept-Encoding cache-control public,max-age=1200,stale-while-revalidate=3600 etag "eca3f1ce72a7ca24874aaa598741738e" timing-allow-origin * priority u=3,i access-control-expose-headers X-FB-Content-MD5
GET H2	200	api:client.js Show response apis.google.com/js/	14 KB 6 KB	42ms 15ms	Script text/javascript	2a00:1450:4001:808::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://apis.google.com/js/api:client.js Requested by Host: app-669917.galleon.mobi URL: https://app-669917.galleon.mobi/register?code=2I06M9 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash f351bf72961f59f69d6b2f626da1fc76a4e0eef71258e55e259bf61c88eb3a6d Security Headers Name Value Content-Security-Policy require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://app-669917.galleon.mobi/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers content-security-policy require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 5544 x-xss-protection 0 server sffe cross-origin-opener-policy same-origin; report-to="gapi-team" date Sun, 15 May 2022 02:00:47 GMT vary Accept-Encoding report-to {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]} content-type text/javascript access-control-allow-origin * cache-control private, max-age=1800, stale-while-revalidate=1800 etag "bd7d21773a00baac" accept-ranges bytes timing-allow-origin * expires Sun, 15 May 2022 02:00:47 GMT
GET H2	200	traceinstall.js Show response ai.1122pro.com/v2/	4 KB 2 KB	231ms 7ms	Script text/plain	101.33.11.88 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL https://ai.1122pro.com/v2/traceinstall.js?app_key=app001 Requested by Host: app-669917.galleon.mobi URL: https://app-669917.galleon.mobi/register?code=2I06M9 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 101.33.11.88 Frankfurt am Main, Germany, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software NWS_Oversea_AP / Resource Hash 32deeb2218d25ca73b466aed5ca7a945e0ee3dca44c4e84ac31b3d4971757c87 Security Headers Name Value Strict-Transport-Security max-age=36000;includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://app-669917.galleon.mobi/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers date Sun, 15 May 2022 02:00:48 GMT content-encoding gzip vary accept-encoding x-cache-lookup Hit From Disktank3 Gz content-length 1702 last-modified Sat, 14 May 2022 19:00:00 GMT server NWS_Oversea_AP strict-transport-security max-age=36000;includeSubDomains access-control-allow-methods * content-type javascript access-control-allow-origin * cache-control max-age=600 access-control-allow-credentials * x-nws-log-uuid 706d62bd-a990-46c2-a295-c6bcd5238942 access-control-allow-headers * expires Sun, 15 May 2022 02:10:47 GMT
GET H2	200	app.c87ea641.js Show response app-669917.galleon.mobi/js/	1 MB 354 KB	1109ms 1109ms	Script application/javascript	2a06:98c1:3120::a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://app-669917.galleon.mobi/js/app.c87ea641.js Requested by Host: app-669917.galleon.mobi URL: https://app-669917.galleon.mobi/register?code=2I06M9 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 980f6519e55cbd969c50092e0306c9c7a1602478051286cc105273340c1c061f Security Headers Name Value Strict-Transport-Security max-age=86400; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://app-669917.galleon.mobi/register?code=2I06M9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers date Sun, 15 May 2022 02:00:48 GMT content-encoding br x-content-type-options nosniff cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 last-modified Thu, 28 Apr 2022 06:51:27 GMT server cloudflare etag W/"626a396f-124c43" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=86400; includeSubDomains report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=32PMq2%2B3jAnVqhNZw0DDfM0%2BZL0gMzq5WQPQ7Iy8msnKsFTE8IAnw3VvxbkSHsP74AzWLYJlKb9pdTmAiWG4Aw9vDGOFoWsoYD1BH7bis5IYTxuy4YGe%2F0ysiQOkBluEEaemElyj1STnEfEL0yh123Wm7FZGpA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript vary Accept-Encoding cache-control max-age=14400 cf-ray 70b848336fe05995-MXP
GET H3	200	sdk.js Show response connect.facebook.net/zh_CN/	291 KB 83 KB	18ms 9ms	Script application/x-javascript	2a03:2880:f01c:8012:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/zh_CN/sdk.js?hash=ca14f18dfa52cc238e45c3ccf7d9552d Requested by Host: connect.facebook.net URL: https://connect.facebook.net/zh_CN/sdk.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash e5018e71828c2b8494d8d750ca8312d37e05b4ca9de060c76d72c86a5c8ad472 Security Headers Name Value Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY Request headers Referer https://app-669917.galleon.mobi/ Origin https://app-669917.galleon.mobi accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers strict-transport-security max-age=31536000; preload; includeSubDomains content-encoding gzip x-content-type-options nosniff content-md5 6JrovIuXlwWl8Ud/BRbE+Q== document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400,h3-29=":443"; ma=86400 content-length 85370 x-fb-rlafr 0 x-fb-debug c/OZGL//SwFONMl6URCjvd6UMFiFM16PhmkikS1B38rGL6oV2qRB6Tl/yThFlXc0Bov0caQI8xOB6JbV6sCQQw== x-fb-content-md5 7300f0989a0e6a855d60ca56729ee657 x-frame-options DENY date Sun, 15 May 2022 02:00:48 GMT vary Accept-Encoding content-type application/x-javascript; charset=utf-8 access-control-allow-origin * access-control-expose-headers X-FB-Content-MD5 cache-control public,max-age=31536000,stale-while-revalidate=3600,immutable etag "fadc92a704b89aa4ea396effef422b50" timing-allow-origin * priority u=3,i expires Mon, 15 May 2023 01:23:33 GMT
GET H3	200	cb=gapi.loaded_0 Show response apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.xpRpP2dSg9Q.O/m=client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9dZuaTDdeBSZM_cuQEqPNJoPpOvA/	313 KB 106 KB	25ms 8ms	Script text/javascript	2a00:1450:4001:808::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.xpRpP2dSg9Q.O/m=client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9dZuaTDdeBSZM_cuQEqPNJoPpOvA/cb=gapi.loaded_0?le=scs Requested by Host: apis.google.com URL: https://apis.google.com/js/api:client.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 2e5d4be918200081673a10df00301d8f01706f51d1947bf78e98e8b5bbea2f01 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers accept-language de-DE,de;q=0.9 Referer https://app-669917.galleon.mobi/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers date Wed, 11 May 2022 15:04:21 GMT content-encoding gzip x-content-type-options nosniff age 298587 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 108245 x-xss-protection 0 last-modified Mon, 21 Mar 2022 15:20:15 GMT server sffe cross-origin-opener-policy same-origin; report-to="social-frontend-mpm-access" vary Accept-Encoding report-to {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]} content-type text/javascript; charset=UTF-8 cache-control public, max-age=31536000 accept-ranges bytes expires Thu, 11 May 2023 15:04:21 GMT
GET H3	200	chunk-42f59980.cc8689d4.js app-669917.galleon.mobi/js/	0 394 KB	1105ms 1105ms	Other application/javascript	2a06:98c1:3120::a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://app-669917.galleon.mobi/js/chunk-42f59980.cc8689d4.js Requested by Host: app-669917.galleon.mobi URL: https://app-669917.galleon.mobi/register?code=2I06M9 Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=86400; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://app-669917.galleon.mobi/register?code=2I06M9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers date Sun, 15 May 2022 02:00:49 GMT content-encoding br x-content-type-options nosniff cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 last-modified Thu, 28 Apr 2022 06:51:27 GMT server cloudflare etag W/"626a396f-18b051" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=86400; includeSubDomains report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IKi7G5bHC8W1bNXa%2BCeiqTx8gs%2BQwJSKmOY7Y7kg%2BnndJxg%2B6IMqXhiB0egjFAVc9UYYlpYEUx9vPoWhvRMgGNTpjQyIvQ3nHS25fCW5f4QRjhk6A1mykLBOOy1D1ZPbZIAd2ZTHyObE6FeM6Jektwf7j8jNpQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript vary Accept-Encoding cache-control max-age=14400 cf-ray 70b848351cbc3763-MXP
GET H2	200	/ www.facebook.com/tr/	44 B 409 B	22ms 7ms	Image image/gif	2a03:2880:f11c:8183:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=314209393956081&ev=fb_page_view&dl=https%3A%2F%2Fapp-669917.galleon.mobi%2Fregister%3Fcode%3D2I06M9&rl=&if=false&ts=1652580048183&sw=1600&sh=1200&at= Requested by Host: app-669917.galleon.mobi URL: https://app-669917.galleon.mobi/register?code=2I06M9 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://app-669917.galleon.mobi/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers date Sun, 15 May 2022 02:00:48 GMT last-modified Fri, 21 Dec 2012 00:00:01 GMT server proxygen-bolt strict-transport-security max-age=31536000; includeSubDomains content-type image/gif cache-control no-cache, must-revalidate, max-age=0 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 44 expires Sun, 15 May 2022 02:00:48 GMT
GET H3	200	chunk-42f59980.cc8689d4.js Show response app-669917.galleon.mobi/js/	2 MB 394 KB	34ms 32ms	Script application/javascript	2a06:98c1:3120::a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://app-669917.galleon.mobi/js/chunk-42f59980.cc8689d4.js Requested by Host: app-669917.galleon.mobi URL: https://app-669917.galleon.mobi/js/app.c87ea641.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ee9e09ec50792da9c88df610b412232145025171727c697192fc45cce671b2c8 Security Headers Name Value Strict-Transport-Security max-age=86400; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://app-669917.galleon.mobi/register?code=2I06M9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers date Sun, 15 May 2022 02:00:49 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 1 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 last-modified Thu, 28 Apr 2022 06:51:27 GMT server cloudflare etag W/"626a396f-18b051" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=86400; includeSubDomains report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SyCMR7sV%2BmPkE%2B%2B5HbpOTNS9n%2B0ufOzPchMhzczY6pN6Q8BJR7aY2js1gnMRY5DxNed1Rvdt5oEmt2tAQzHEpjF3utOZkGvLRlQrfdmLrz%2FVjrjhdhbBwwa6ze3hohDI8HbOYEA%2By%2F4%2B5Z2nXtOV8ksphwy89Q%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript vary Accept-Encoding cache-control max-age=14400 cf-ray 70b8483ca9ee3763-MXP
GET H3	200	bj.549ec8f5.png app-669917.galleon.mobi/img/	148 KB 148 KB	637ms 635ms	Image image/png	2a06:98c1:3120::a CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://app-669917.galleon.mobi/img/bj.549ec8f5.png Requested by Host: app-669917.galleon.mobi URL: https://app-669917.galleon.mobi/register?code=2I06M9 Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f04093687936d52b9fcc2f48735a0749f045f20203f8b773a3715c51ebc6b96f Security Headers Name Value Strict-Transport-Security max-age=86400; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://app-669917.galleon.mobi/register?code=2I06M9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers date Sun, 15 May 2022 02:00:50 GMT x-content-type-options nosniff cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 151334 last-modified Thu, 28 Apr 2022 06:51:27 GMT server cloudflare etag "626a396f-24f26" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=86400; includeSubDomains report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kKCMe5h5oZG%2BrOhphyQEbDQ%2FdRBgIcraee6j2NBjXR01Tg6VUmIvOO7zdsLbcATHwZntG5b%2FkIPICGqGcB%2FS2MGB2s3aek4a4nVZ9UrqmicnJi4voN%2FyDp%2FuCPjbjN7tVyW5ogthzzfnWb9PrQihSBGDbZaR6w%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png vary Accept-Encoding cache-control max-age=14400 accept-ranges bytes cf-ray 70b8483e2ae43763-MXP
GET H3	200	btn_kefu.c1eb10cf.png app-669917.galleon.mobi/img/	10 KB 10 KB	349ms 348ms	Image image/png	2a06:98c1:3120::a CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://app-669917.galleon.mobi/img/btn_kefu.c1eb10cf.png Requested by Host: app-669917.galleon.mobi URL: https://app-669917.galleon.mobi/register?code=2I06M9 Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e6e90567e4d399d0efef332bdd3f818f0778bd5f22fd79b2e9e0f2a6f33a4a9e Security Headers Name Value Strict-Transport-Security max-age=86400; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://app-669917.galleon.mobi/register?code=2I06M9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers date Sun, 15 May 2022 02:00:49 GMT x-content-type-options nosniff cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 10070 last-modified Thu, 28 Apr 2022 06:51:27 GMT server cloudflare etag "626a396f-2756" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=86400; includeSubDomains report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WiC%2B5%2F10WDJI63UPy3nuyKLOTspBDgmN3LLT44mB0%2BGtiqB0Xj80QE0xGCEe3iuLr6YuY5y6TbkHC6zcwtWOmNHHrnFfsM5a0Lv7th1w%2BX41mM9YStWpdTyUVXbFPbYUqvyCi%2FBEFScaiEi6tC%2BWHnrUWGv8Zw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png vary Accept-Encoding cache-control max-age=14400 accept-ranges bytes cf-ray 70b8483e2ae53763-MXP
GET DATA	200 OK	truncated /	24 KB 24 KB		Font font/ttf
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash f578161682663132ec65b870e0ecb969d7dbe1eee9b8c4dff140e749e5a8ed7e Request headers Referer Origin https://app-669917.galleon.mobi accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers Content-Type font/ttf
POST H2	200	fingerprint Show response ai.1122pro.com/v1/	40 B 335 B	482ms 455ms	XHR application/json	101.33.11.88 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL https://ai.1122pro.com/v1/fingerprint?app_key=app001 Requested by Host: ai.1122pro.com URL: https://ai.1122pro.com/v2/traceinstall.js?app_key=app001 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 101.33.11.88 Frankfurt am Main, Germany, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software nginx/1.20.1 / Resource Hash 47e952df48941af403a87d20e5b2645084fd13b5ed4923f9985ef4ed0b9e45cc Security Headers Name Value Strict-Transport-Security max-age=36000;includeSubDomains Request headers Referer https://app-669917.galleon.mobi/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers date Sun, 15 May 2022 02:00:50 GMT server nginx/1.20.1 strict-transport-security max-age=36000;includeSubDomains access-control-allow-methods * content-type application/json access-control-allow-origin * cache-control no-cache access-control-allow-credentials * x-daa-tunnel hop_count=1 x-nws-log-uuid 3a8d946a-f733-41f8-a2fe-0c5a8c35bfc6 access-control-allow-headers * content-length 40
GET H3	200	login.6e73be56.png app-669917.galleon.mobi/img/	19 KB 20 KB	485ms 482ms	Image image/png	2a06:98c1:3120::a CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://app-669917.galleon.mobi/img/login.6e73be56.png Requested by Host: app-669917.galleon.mobi URL: https://app-669917.galleon.mobi/register?code=2I06M9 Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b34abb67997758047d53815e3f7c476a73703e8d4273170a4a3e3fac9703cd18 Security Headers Name Value Strict-Transport-Security max-age=86400; includeSubDomains X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://app-669917.galleon.mobi/register?code=2I06M9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers date Sun, 15 May 2022 02:00:50 GMT x-content-type-options nosniff cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 19839 last-modified Thu, 28 Apr 2022 06:51:27 GMT server cloudflare etag "626a396f-4d7f" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=86400; includeSubDomains report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ERbaGQ3x4WYx6va3p0Xn8GlnIjuKU7hOsNXLWFFIt3CdmFnhtBALQOtRlYUKI9WoyZFjTPjh3dPCwSid66tD1B6oqyrPxgTH458wG7cW5NOmQQETYTDFLy011IhLSyuiUrgO69GrGs3CL4qpQCt%2FiwfLs5961A%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png vary Accept-Encoding cache-control max-age=14400 accept-ranges bytes cf-ray 70b8483e7b1a3763-MXP
POST H3	200	listCsConfig Show response 05ad102600450ad3.galleon.mobi/hall/	245 B 861 B	376ms 336ms	XHR application/json	2a06:98c1:3121::a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://05ad102600450ad3.galleon.mobi/hall/listCsConfig Requested by Host: app-669917.galleon.mobi URL: https://app-669917.galleon.mobi/js/app.c87ea641.js Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f18e338071314f120b386d90b78cfc8c721ee37ba9bb58ab9dd5c26f2ff878c1 Security Headers Name Value Strict-Transport-Security max-age=86400; includeSubDomains X-Content-Type-Options nosniff Request headers Accept application/json, text/plain, */* Referer https://app-669917.galleon.mobi/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Content-Type application/json Response headers date Sun, 15 May 2022 02:00:50 GMT content-encoding br x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 x-request-id Fu8kzMfVXDaCwJwAsfsK server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=86400; includeSubDomains report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FebWf8Hwe5Qlwk5aXE1Yqw7gXTCDnOonekj4%2BR6cushiPW6aGOZR51oRjO6GvqY8KeTZs9irUu8cs4JG3EOnXrQhDjgooD3wfwWnCGLcjjqmnAL1b3SbHOxmL7poXBc83dyRByjA9VITIuSTXDR8n3dQmcxOcl9kY7gxZw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/json; charset=utf-8 access-control-allow-origin * access-control-expose-headers cache-control max-age=0, private, must-revalidate access-control-allow-credentials true cf-ray 70b848405d780e1a-MXP
POST H2	200	captcha Show response 05ad102600450ad3.galleon.mobi/hall/	23 KB 2 KB	423ms 338ms	XHR application/json	2a06:98c1:3121::a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://05ad102600450ad3.galleon.mobi/hall/captcha Requested by Host: app-669917.galleon.mobi URL: https://app-669917.galleon.mobi/js/app.c87ea641.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash b5b6da8bc090911ea41c32d4ad36dfd9697cf05ec2cdadbf7b70a6366e558803 Security Headers Name Value Strict-Transport-Security max-age=86400; includeSubDomains X-Content-Type-Options nosniff Request headers Accept application/json, text/plain, */* Referer https://app-669917.galleon.mobi/ Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers date Sun, 15 May 2022 02:00:50 GMT content-encoding br x-content-type-options nosniff cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 x-request-id Fu8kzLqSOtj3DiAAsfqK server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=86400; includeSubDomains report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AkSTWU9Px1wdTdxLfIPZ9QiswYl7VvTxmeb%2FRrvSlGbeNihfY%2Fp5rdpd7QGSC3t%2Fpp9Q75%2FjIAlP92RPYGXzTk24Ye9OhHprjD1vucm1Uarh%2Fl7v83l2acQmabyBzbrA5PBlJ4fhH3E8EXEZux8QX0hxS1IUO6w2toe3xg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/json; charset=utf-8 access-control-allow-origin * access-control-expose-headers cache-control max-age=0, private, must-revalidate access-control-allow-credentials true cf-ray 70b8483ef868839c-MXP
OPTIONS H2	204	listCsConfig 05ad102600450ad3.galleon.mobi/hall/	0 0	267ms 182ms	Preflight	2a06:98c1:3121::a CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://05ad102600450ad3.galleon.mobi/hall/listCsConfig Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3121::a , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=86400; includeSubDomains X-Content-Type-Options nosniff Request headers Accept */* Access-Control-Request-Headers content-type Access-Control-Request-Method POST Origin https://app-669917.galleon.mobi Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers Token,Content-Type,Tz access-control-allow-methods GET,POST,PUT,PATCH,DELETE,OPTIONS access-control-allow-origin * access-control-expose-headers access-control-max-age 1728000 alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cache-control max-age=0, private, must-revalidate cf-cache-status DYNAMIC cf-ray 70b8483ef865839c-MXP date Sun, 15 May 2022 02:00:49 GMT expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GAN8dhP%2B72Y1bTDfYnbPKPyJW4PXov5BVUTqMh6qNFdUX6BPiA1%2BwtEHvyy50ukJP1ThLWHDcu6Z%2Fc87VRzgThZhD9HpUUxokDqt9JaV66Huxv6pzgF9Y3cRbRDn4tXm%2F10sfSB42mi20mqpPnWtKfKc1x5hTUKB%2B%2FlQvQ%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare strict-transport-security max-age=86400; includeSubDomains x-content-type-options nosniff x-request-id Fu8kzLFqEmoWqeYAsfpK
GET DATA	200 OK	truncated /	17 KB 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 13b5fdec1cb1110f076a2bc5af0d951f22a49437924a73e2225a380d95be9232 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers Content-Type image/gif

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails object| FB object| gapi object| ___jsl function| TraceInstall object| osapi object| gadgets object| iframer object| __gapi_jstiming__ object| shindig function| ToolbarApi object| iframes function| IframeBase function| Iframe function| IframeProxy function| IframeWindow object| googleapis object| webpackJsonp number| _vueCountryIntl_count

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.facebook.com/	1970-01-20 05:12:36	Name: fr Value: 0xlfCMnC2lM5bfaOa..BigF7Q...1.0.BigF7Q.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=86400; includeSubDomains
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

05ad102600450ad3.galleon.mobi
ai.1122pro.com
apis.google.com
app-669917.galleon.mobi
connect.facebook.net
www.facebook.com
101.33.11.88
2a00:1450:4001:808::200e
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a06:98c1:3120::a
2a06:98c1:3121::a
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
13b5fdec1cb1110f076a2bc5af0d951f22a49437924a73e2225a380d95be9232
2e5d4be918200081673a10df00301d8f01706f51d1947bf78e98e8b5bbea2f01
32deeb2218d25ca73b466aed5ca7a945e0ee3dca44c4e84ac31b3d4971757c87
47e952df48941af403a87d20e5b2645084fd13b5ed4923f9985ef4ed0b9e45cc
7bcf4d72cc627b6dd0d185e53ab56a0111e664798112ea0abbb0d629ae64c17f
8f096eb308f6c061bacaa411a6388ade39be0d0f95656fc649bd89ce9f538334
980f6519e55cbd969c50092e0306c9c7a1602478051286cc105273340c1c061f
b34abb67997758047d53815e3f7c476a73703e8d4273170a4a3e3fac9703cd18
b5b6da8bc090911ea41c32d4ad36dfd9697cf05ec2cdadbf7b70a6366e558803
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5018e71828c2b8494d8d750ca8312d37e05b4ca9de060c76d72c86a5c8ad472
e6e90567e4d399d0efef332bdd3f818f0778bd5f22fd79b2e9e0f2a6f33a4a9e
ee9e09ec50792da9c88df610b412232145025171727c697192fc45cce671b2c8
f04093687936d52b9fcc2f48735a0749f045f20203f8b773a3715c51ebc6b96f
f18e338071314f120b386d90b78cfc8c721ee37ba9bb58ab9dd5c26f2ff878c1
f351bf72961f59f69d6b2f626da1fc76a4e0eef71258e55e259bf61c88eb3a6d
f578161682663132ec65b870e0ecb969d7dbe1eee9b8c4dff140e749e5a8ed7e