urlscan.io logo urlscan.io
SecurityTrails logo

multikingdom2.xyz Open in urlscan Pro
2606:4700:3037::681b:b1f2  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://xml.ezmob.com/redirect?feed=224387&auth=LP1iFm&url=http://www.cpm-ad.com&subid=
Effective URL: https://multikingdom2.xyz/
Submission: On March 02 via api from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 14 IPs in 3 countries across 18 domains to perform 34 HTTP transactions. The main IP is 2606:4700:3037::681b:b1f2, located in United States and belongs to CLOUDFLARENET, US. The main domain is multikingdom2.xyz.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on February 25th 2020. Valid for: 7 months.
This is the only time multikingdom2.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 198.134.116.18 27257 (WEBAIR-IN...)
5 46.101.188.42 14061 (DIGITALOC...)
3 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
2 2606:4700:303... 13335 (CLOUDFLAR...)
3 2a00:1450:400... 15169 (GOOGLE)
1 151.139.128.10 20446 (HIGHWINDS3)
1 95.100.197.13 16625 (AKAMAI-AS)
1 54.93.81.132 16509 (AMAZON-02)
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 1 198.134.116.30 27257 (WEBAIR-IN...)
1 1 2606:4700:e4:... 13335 (CLOUDFLAR...)
1 2606:4700:303... 13335 (CLOUDFLAR...)
8 2606:4700:e0:... 13335 (CLOUDFLAR...)
2 88.99.60.149 24940 (HETZNER-AS)
2 2 2606:4700:303... 13335 (CLOUDFLAR...)
2 2606:4700:e6:... 13335 (CLOUDFLAR...)
34 14
1    198.134.116.18 (Garden City, United States)

ASN27257 (WEBAIR-INTERNET, US)
xml.ezmob.com
5    46.101.188.42 (Frankfurt am Main, Germany)

ASN14061 (DIGITALOCEAN-ASN, US)
ama.push4free.com
offerbeast.com
3    2606:4700::6811:4004 (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    2a00:1450:4001:81b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    2606:4700:3035::681b:aa38 (United States)

ASN13335 (CLOUDFLARENET, US)
tag.top10appzz.com
3    2a00:1450:4001:816::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    151.139.128.10 (Dallas, United States)

ASN20446 (HIGHWINDS3, US)
static.ezmob.com
1    95.100.197.13 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a95-100-197-13.deploy.static.akamaitechnologies.com
f17832198f8877049d1d-833aeee095d4d52d40a812a8cd7b7120.ssl.cf5.rackcdn.com
1    54.93.81.132 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-93-81-132.eu-central-1.compute.amazonaws.com
cpi-offers.com
1    2606:4700:3037::681b:ab38 (United States)

ASN13335 (CLOUDFLARENET, US)
api.top10appzz.com
1    198.134.116.30 (Garden City, United States)

ASN27257 (WEBAIR-INTERNET, US)
go.coralsands.xyz
1    2606:4700:e4::ac40:a710 (United States)

ASN13335 (CLOUDFLARENET, US)
flypiggs.com
1    2606:4700:3037::681b:b1f2 (United States)

ASN13335 (CLOUDFLARENET, US)
multikingdom2.xyz
8    2606:4700:e0::ac40:6b0e (United States)

ASN13335 (CLOUDFLARENET, US)
thewonder.xyz
2    88.99.60.149 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.88-99-60-149.clients.your-server.de
22073.recycling.io
2    2606:4700:3030::6812:27f9 (United States)

ASN13335 (CLOUDFLARENET, US)
rentw.work
2    2606:4700:e6::ac40:c722 (United States)

ASN13335 (CLOUDFLARENET, US)
pcgmer.com
Domain Requested by
8 thewonder.xyz multikingdom2.xyz
3 www.google-analytics.com www.googletagmanager.com
ama.push4free.com
3 offerbeast.com ama.push4free.com
3 cdnjs.cloudflare.com ama.push4free.com
2 pcgmer.com multikingdom2.xyz
2 rentw.work 2 redirects
2 22073.recycling.io multikingdom2.xyz
2 tag.top10appzz.com ama.push4free.com
2 ama.push4free.com ama.push4free.com
1 multikingdom2.xyz ama.push4free.com
1 flypiggs.com 1 redirects
1 go.coralsands.xyz 1 redirects
1 api.top10appzz.com tag.top10appzz.com
1 cpi-offers.com tag.top10appzz.com
1 f17832198f8877049d1d-833aeee095d4d52d40a812a8cd7b7120.ssl.cf5.rackcdn.com ama.push4free.com
1 static.ezmob.com ama.push4free.com
1 www.googletagmanager.com ama.push4free.com
1 xml.ezmob.com 1 redirects
0 api.ezmob.com Failed static.ezmob.com
0 reorget.com Failed tag.top10appzz.com
0 audiancedesign.com Failed tag.top10appzz.com
34 21

This site contains no links.

Subject Issuer Validity Valid
ama.push4free.com
Let's Encrypt Authority X3		 2020-01-09 -
2020-04-08		 3 months crt.sh
cloudflare.com
CloudFlare Inc ECC CA-2		 2020-01-07 -
2020-10-09		 9 months crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-02-12 -
2020-05-06		 3 months crt.sh
offerbeast.com
Let's Encrypt Authority X3		 2020-01-09 -
2020-04-08		 3 months crt.sh
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2		 2020-01-31 -
2020-10-09		 8 months crt.sh
*.ezmob.com
AlphaSSL CA - SHA256 - G2		 2019-02-25 -
2021-02-25		 2 years crt.sh
*.ssl.cf5.rackcdn.com
DigiCert SHA2 Secure Server CA		 2019-01-12 -
2020-04-12		 a year crt.sh
cpi-offers.com
Amazon		 2019-12-23 -
2021-01-23		 a year crt.sh
*.recycling.io
Sectigo RSA Domain Validation Secure Server CA		 2019-04-05 -
2021-04-04		 2 years crt.sh

This page contains 16 frames:

Primary Page: https://multikingdom2.xyz/
Frame ID: CBBE32F349FC4AF79BBDB8546D324B28
Requests: 21 HTTP requests in this frame

Frame: https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=821&cid={clickid}&sid={pid}&udid=&name=&info=BoostAds2&blockTime=0
Frame ID: 4A071503E2F30D22F4420925793F9D13
Requests: 1 HTTP requests in this frame

Frame: https://audiancedesign.com/talg/nr?publisher={pid}_{sub2}&domain={sub3}&idfa={sub4}&dsp=sl_ad&camp_id=sl_ifr_ad&source=iguazu&dis_campaign_id=zone80719&bundle_id={sub4}&f_click={clickid}
Frame ID: EF821C2E9002F0585B26554B8FBA75C5
Requests: 1 HTTP requests in this frame

Frame: https://reorget.com/c/87ae1e5b-a905-345d-9f34-2ed34ec3ca4a?clickid={clickid}&sub2={sub2}
Frame ID: 7E37A7640B80BE516F53AF26B38A30B8
Requests: 1 HTTP requests in this frame

Frame: https://thewonder.xyz/l/26687265e54deb0e1494
Frame ID: 8843505424F9BB96D403A4CA34245833
Requests: 1 HTTP requests in this frame

Frame: https://thewonder.xyz/l/26687295e54ded6a3edc
Frame ID: F4F5A410852C8249DB29921CCD968603
Requests: 1 HTTP requests in this frame

Frame: https://thewonder.xyz/l/26687305e54def35be55
Frame ID: 24EB42487C50E71AB525B36F915B7AC6
Requests: 1 HTTP requests in this frame

Frame: https://thewonder.xyz/l/26687255e54de6f62a14
Frame ID: 78133EB5FBC72C5FA944449C25859C95
Requests: 1 HTTP requests in this frame

Frame: https://22073.recycling.io/click?offer_id=63865&pub_id=22073&pub_click_id=1
Frame ID: 8C6DFAB7144BA33B26C4E6837D511A75
Requests: 1 HTTP requests in this frame

Frame: https://pcgmer.com/rc/6cd61cec5a?affclick=791580555_zzfn_116&pubid=MAwVCgdlNhQKCREzAUI6KF8rTiI_
Frame ID: ED08141A245889A2307F33F3C4AE2ED7
Requests: 1 HTTP requests in this frame

Frame: https://thewonder.xyz/l/26687265e54deb0e1494
Frame ID: 37D5BEA31A148B06EEC11EBAFBD5A44E
Requests: 1 HTTP requests in this frame

Frame: https://thewonder.xyz/l/26687295e54ded6a3edc
Frame ID: A14B4131A640B426F43E81546D8960F7
Requests: 1 HTTP requests in this frame

Frame: https://thewonder.xyz/l/26687305e54def35be55
Frame ID: 10892E0F6E7BED86DAB8CF8C9FCF8CD3
Requests: 1 HTTP requests in this frame

Frame: https://thewonder.xyz/l/26687255e54de6f62a14
Frame ID: F2A33BD59FE9C721252B869F0812373D
Requests: 1 HTTP requests in this frame

Frame: https://22073.recycling.io/click?offer_id=63865&pub_id=22073&pub_click_id=1
Frame ID: 8F92CF202F421ED357C491078CB1CF75
Requests: 1 HTTP requests in this frame

Frame: https://pcgmer.com/rc/6cd61cec5a?affclick=791580555_yehf_70&pubid=MAwVCgdlNhQKCREzAUI6KF8rTiI_
Frame ID: 8129C2010A85F1B0110605782B23C572
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://xml.ezmob.com/redirect?feed=224387&auth=LP1iFm&url=http://www.cpm-ad.com&subid= HTTP 302
    https://ama.push4free.com/ Page URL
  2. http://go.coralsands.xyz/redirect?feed=214504&auth=ebuQy0&url=https%3A%2F%2Fama.push4free.com&subid=ama HTTP 302
    https://flypiggs.com/l/25971275db80462c937d?sub=1234567890&source=214504&sub2=ak HTTP 302
    https://multikingdom2.xyz/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

34
Requests

91 %
HTTPS

59 %
IPv6

18
Domains

21
Subdomains

14
IPs

3
Countries

441 kB
Transfer

859 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://xml.ezmob.com/redirect?feed=224387&auth=LP1iFm&url=http://www.cpm-ad.com&subid= HTTP 302
    https://ama.push4free.com/ Page URL
  2. http://go.coralsands.xyz/redirect?feed=214504&auth=ebuQy0&url=https%3A%2F%2Fama.push4free.com&subid=ama HTTP 302
    https://flypiggs.com/l/25971275db80462c937d?sub=1234567890&source=214504&sub2=ak HTTP 302
    https://multikingdom2.xyz/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://xml.ezmob.com/redirect?feed=224387&auth=LP1iFm&url=http://www.cpm-ad.com&subid= HTTP 302
  • https://ama.push4free.com/
Request Chain 28
  • https://rentw.work/impression/7c1990a2-bb6d-4263-8c25-fcea980604ef HTTP 302
  • https://pcgmer.com/rc/6cd61cec5a?affclick=791580555_zzfn_116&pubid=MAwVCgdlNhQKCREzAUI6KF8rTiI_
Request Chain 34
  • https://rentw.work/impression/7c1990a2-bb6d-4263-8c25-fcea980604ef HTTP 302
  • https://pcgmer.com/rc/6cd61cec5a?affclick=791580555_yehf_70&pubid=MAwVCgdlNhQKCREzAUI6KF8rTiI_

34 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
ama.push4free.com/
Redirect Chain
  • http://xml.ezmob.com/redirect?feed=224387&auth=LP1iFm&url=http://www.cpm-ad.com&subid=
  • https://ama.push4free.com/
12 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ama.push4free.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
46.101.188.42 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
bf2dbb7a446c2e6def2a0e006e9c81673771799562c871a9628f901abf80ef97

Request headers

:method
GET
:authority
ama.push4free.com
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
server
nginx
date
Mon, 02 Mar 2020 14:58:34 GMT
content-type
text/html
last-modified
Thu, 23 Jan 2020 10:23:20 GMT
vary
Accept-Encoding
etag
W/"5e297418-3098"
content-encoding
gzip

Redirect headers

Location
https://ama.push4free.com/
Connection
keep-alive
Content-Length
0
bootstrap.min.css
cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.3.1/css/ 		152 KB
21 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.3.1/css/bootstrap.min.css
Requested by
Host: ama.push4free.com
URL: https://ama.push4free.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:4004 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://ama.push4free.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Mon, 02 Mar 2020 14:58:35 GMT
content-encoding
br
cf-cache-status
HIT
age
27795042
cf-ray
56dbfa08ea1c9710-FRA
status
200
strict-transport-security
max-age=15780000; includeSubDomains
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
last-modified
Fri, 15 Feb 2019 18:45:50 GMT
server
cloudflare
etag
W/"5c6708de-2606e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
expires
Sat, 20 Feb 2021 14:58:35 GMT
cache-control
public, max-age=30672000
timing-allow-origin
*
served-in-seconds
0.081
styles.min.css
ama.push4free.com/assets/css/ 		6 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ama.push4free.com/assets/css/styles.min.css
Requested by
Host: ama.push4free.com
URL: https://ama.push4free.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
46.101.188.42 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
c30c1fb704e33069858894b1d21a392575b2ab2a6677c4f8580582d225579d8b

Request headers

Referer
https://ama.push4free.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Mon, 02 Mar 2020 14:58:35 GMT
content-encoding
gzip
last-modified
Sun, 21 Apr 2019 14:17:07 GMT
server
nginx
etag
W/"5cbc7b63-197a"
vary
Accept-Encoding
content-type
text/css
status
200
js
www.googletagmanager.com/gtag/ 		75 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-137385503-7
Requested by
Host: ama.push4free.com
URL: https://ama.push4free.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
78d647cee5df70dd51f656eb8d04aef5a9e04051e8e1e81e6e535fff58b735a5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://ama.push4free.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Mon, 02 Mar 2020 14:58:35 GMT
content-encoding
br
status
200
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
28626
x-xss-protection
0
last-modified
Mon, 02 Mar 2020 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
http://www.googletagmanager.com
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 02 Mar 2020 14:58:35 GMT
left-top-arrow.gif
offerbeast.com/assets/img/ 		118 KB
118 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offerbeast.com/assets/img/left-top-arrow.gif
Requested by
Host: ama.push4free.com
URL: https://ama.push4free.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
46.101.188.42 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
00dd0eda259c07dcc8d34e51e1d14db772ff0a5cc191b25e0356faeea5041202
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Referer
https://ama.push4free.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 02 Mar 2020 14:58:35 GMT
last-modified
Sun, 21 Apr 2019 14:17:09 GMT
server
nginx
etag
"5cbc7b65-1d8d8"
strict-transport-security
max-age=15768000
content-type
image/gif
status
200
accept-ranges
bytes
content-length
121048
arrows.gif
offerbeast.com/assets/img/ 		92 KB
92 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offerbeast.com/assets/img/arrows.gif
Requested by
Host: ama.push4free.com
URL: https://ama.push4free.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
46.101.188.42 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
fc12e3ab4283f3213bdc8ffe2e88c7aa1778ad203c83b358828a1f3eba844823
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Referer
https://ama.push4free.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Mon, 02 Mar 2020 14:58:35 GMT
last-modified
Sun, 21 Apr 2019 14:17:10 GMT
server
nginx
etag
"5cbc7b66-170af"
strict-transport-security
max-age=15768000
content-type
image/gif
status
200
accept-ranges
bytes
content-length
94383
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/ 		85 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js
Requested by
Host: ama.push4free.com
URL: https://ama.push4free.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:4004 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://ama.push4free.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Mon, 02 Mar 2020 14:58:35 GMT
content-encoding
br
cf-cache-status
HIT
age
10832547
content-security-policy-report-only
default-src https: data: wss: 'unsafe-eval' 'unsafe-inline'; report-uri https://cdnjs.cloudflare.com/cdn-cgi/beacon/csp?req_id=56dbfa08ea219710
status
200
strict-transport-security
max-age=15780000; includeSubDomains
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
cf-ray
56dbfa08ea219710-FRA
last-modified
Thu, 17 May 2018 09:21:00 GMT
server
cloudflare
etag
W/"5afd497c-1538f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
expires
Sat, 20 Feb 2021 14:58:35 GMT
cache-control
public, max-age=30672000
timing-allow-origin
*
served-in-seconds
0.003
bootstrap.bundle.min.js
cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.3.1/js/ 		77 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.3.1/js/bootstrap.bundle.min.js
Requested by
Host: ama.push4free.com
URL: https://ama.push4free.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:4004 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7f3145c87d3570154f633975e8a4f8d30aa38603edaba145501e9c90ddbe186c
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://ama.push4free.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Mon, 02 Mar 2020 14:58:35 GMT
content-encoding
br
cf-cache-status
HIT
age
25187857
cf-ray
56dbfa092a609710-FRA
status
200
strict-transport-security
max-age=15780000; includeSubDomains
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
last-modified
Fri, 15 Feb 2019 18:45:53 GMT
server
cloudflare
etag
W/"5c6708e1-1332b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
expires
Sat, 20 Feb 2021 14:58:35 GMT
cache-control
public, max-age=30672000
timing-allow-origin
*
served-in-seconds
0.002
script.min.js
offerbeast.com/assets/js/ 		699 B
517 B 		Script
General
Check archive.org
Download Go to
Full URL
https://offerbeast.com/assets/js/script.min.js
Requested by
Host: ama.push4free.com
URL: https://ama.push4free.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
46.101.188.42 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx /
Resource Hash
c26737318186f6f84b608d3b0f19e5476df72b19513eac4c3f41ed892214e6f5
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Referer
https://ama.push4free.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Mon, 02 Mar 2020 14:58:35 GMT
content-encoding
gzip
last-modified
Sun, 21 Apr 2019 14:17:07 GMT
server
nginx
etag
W/"5cbc7b63-2bb"
vary
Accept-Encoding
content-type
application/javascript
status
200
strict-transport-security
max-age=15768000
1.chunk.js
tag.top10appzz.com/static/js/ 		116 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.top10appzz.com/static/js/1.chunk.js
Requested by
Host: ama.push4free.com
URL: https://ama.push4free.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::681b:aa38 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b573f440985ab96acf92a208bf57f7fd04a4399b6946f4c56319eb66b4d1f31a

Request headers

Referer
https://ama.push4free.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Mon, 02 Mar 2020 14:58:35 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 11 Nov 2019 11:14:11 GMT
server
cloudflare
age
65797
etag
W/"1dc80e82bdd648551a8c2cb7535640ad"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=1800
cf-ray
56dbfa094a9e2484-FRA
x-amz-request-id
55DE8CB90E75E91F
x-amz-id-2
exiPtQnSYXpCg5BnOsV05JH4Jri+fdvZGjGlJ5JAwzQu741GtepRViaUYzUMluzy75zHcTwKwYE=
main.js
tag.top10appzz.com/static/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.top10appzz.com/static/js/main.js
Requested by
Host: ama.push4free.com
URL: https://ama.push4free.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::681b:aa38 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e4fb84971b9f8595ccca91867197ca9a4236f2da5f93f9c35e226a45f01055f9

Request headers

Referer
https://ama.push4free.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Mon, 02 Mar 2020 14:58:35 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 11 Nov 2019 11:14:10 GMT
server
cloudflare
age
65797
etag
W/"71e63a43ded31625e4bb053885f11e14"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=1800
cf-ray
56dbfa094aa12484-FRA
x-amz-request-id
77740C8D554C4EC2
x-amz-id-2
n/g7eD6x70zkFsgq9nezsBzGq3omNxjRPoLXe1L10byX6H46RgMRPvi8ESszveAXm54sTsM4OHo=
analytics.js
www.google-analytics.com/ 		44 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-137385503-7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://ama.push4free.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 06 Feb 2020 00:21:02 GMT
server
Golfe2
age
3984
date
Mon, 02 Mar 2020 13:52:11 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
18174
expires
Mon, 02 Mar 2020 15:52:11 GMT
adkwebpush.js
static.ezmob.com/webpush/scripts/v1.1/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.ezmob.com/webpush/scripts/v1.1/adkwebpush.js
Requested by
Host: ama.push4free.com
URL: https://ama.push4free.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.139.128.10 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
0b2032ba4de0f6b71e12413b7d44759a5d5565e0b404a603c0f734f5ad1dfc5d

Request headers

Referer
https://ama.push4free.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Mon, 02 Mar 2020 14:58:35 GMT
content-encoding
gzip
last-modified
Tue, 11 Feb 2020 09:53:02 GMT
server
nginx
access-control-allow-origin
*
etag
"5e42797e-289c"
x-hw
1583161115.cds002.wa1.hn,1583161115.cds011.wa1.c
content-type
application/javascript
status
200
cache-control
max-age=86400
accept-ranges
bytes
content-length
3760
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		715 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
video.mp4
f17832198f8877049d1d-833aeee095d4d52d40a812a8cd7b7120.ssl.cf5.rackcdn.com/ 		63 KB
64 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://f17832198f8877049d1d-833aeee095d4d52d40a812a8cd7b7120.ssl.cf5.rackcdn.com/video.mp4
Requested by
Host: ama.push4free.com
URL: https://ama.push4free.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.100.197.13 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-100-197-13.deploy.static.akamaitechnologies.com
Software
/
Resource Hash

Request headers

Referer
https://ama.push4free.com/
Sec-Fetch-Dest
video
Accept-Encoding
identity;q=1, *;q=0
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Range
bytes=0-

Response headers

Date
Mon, 02 Mar 2020 14:58:35 GMT
Origin
https://mycloud.rackspace.com
Last-Modified
Sat, 30 Mar 2019 14:16:45 GMT
X-Trans-Id
txd03741c86f68491589fa0-005e4264aaiad3
ETag
0601369f595744ba70b8d96816fd9b63
Content-Type
video/mp4
Content-Range
bytes 0-64663/64664
X-Timestamp
1553955404.41650
Cache-Control
public, max-age=251460
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
64664
Expires
Thu, 05 Mar 2020 12:49:35 GMT
collect
www.google-analytics.com/r/ 		35 B
101 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/r/collect?v=1&_v=j81&a=2069669695&t=pageview&_s=1&dl=https%3A%2F%2Fama.push4free.com%2F&ul=en-us&de=UTF-8&dt=Free%20Movies&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUAB~&jid=1888062822&gjid=1518583458&cid=1834329040.1583161115&tid=UA-137385503-7&_gid=907456695.1583161115&_r=1&gtm=2ou2j0&z=2073060347
Requested by
Host: ama.push4free.com
URL: https://ama.push4free.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://ama.push4free.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
no-cache
date
Mon, 02 Mar 2020 14:58:35 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
access-control-allow-origin
*
content-type
image/gif
status
200
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
fantastic.html
cpi-offers.com/ Frame 4A07 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cpi-offers.com/fantastic.html?size=0&red=0&ids=&lastid=&apid=821&cid={clickid}&sid={pid}&udid=&name=&info=BoostAds2&blockTime=0
Requested by
Host: tag.top10appzz.com
URL: https://tag.top10appzz.com/static/js/1.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.93.81.132 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-93-81-132.eu-central-1.compute.amazonaws.com
Software
nginx/1.14.1 / Express
Resource Hash

Request headers

:method
GET
:authority
cpi-offers.com
:scheme
https
:path
/fantastic.html?size=0&red=0&ids=&lastid=&apid=821&cid={clickid}&sid={pid}&udid=&name=&info=BoostAds2&blockTime=0
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://ama.push4free.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://ama.push4free.com/

Response headers

status
200
date
Mon, 02 Mar 2020 14:58:35 GMT
content-type
text/html; charset=utf-8
server
nginx/1.14.1
x-powered-by
Express
access-control-allow-origin
*
etag
W/"291-eVmNSR7fW8tu31XK/xfk9hlBous"
content-encoding
gzip
nr
audiancedesign.com/talg/ Frame EF82 		0
0
87ae1e5b-a905-345d-9f34-2ed34ec3ca4a
reorget.com/c/ Frame 7E37 		0
0
/
api.top10appzz.com/offers/ 		2 B
544 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.top10appzz.com/offers/?params=1&pid=162&token=a33096ed1b2417cef4c183be967b2f9f
Requested by
Host: tag.top10appzz.com
URL: https://tag.top10appzz.com/static/js/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::681b:ab38 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://ama.push4free.com/
Origin
https://ama.push4free.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 02 Mar 2020 14:58:35 GMT
cf-cache-status
DYNAMIC
server
cloudflare
etag
W/"2-l9Fw4VUO7kr8CvBlt4zaMCqXZ0w"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status
404
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cf-ray
56dbfa09cc33c303-FRA
content-length
2
Primary Request /
multikingdom2.xyz/
Redirect Chain
  • http://go.coralsands.xyz/redirect?feed=214504&auth=ebuQy0&url=https%3A%2F%2Fama.push4free.com&subid=ama
  • https://flypiggs.com/l/25971275db80462c937d?sub=1234567890&source=214504&sub2=ak
  • https://multikingdom2.xyz/
855 B
778 B 		Document
General
Check archive.org
Download Go to
Full URL
https://multikingdom2.xyz/
Requested by
Host: ama.push4free.com
URL: https://ama.push4free.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::681b:b1f2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ae5e99a508efc783d3f7cfc026726cf2e86c6740c148ee071e28dd28593638c1

Request headers

:method
GET
:authority
multikingdom2.xyz
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Mon, 02 Mar 2020 14:58:35 GMT
content-type
text/html
set-cookie
__cfduid=ddd2935b04bb8168fc217bd615e24e16e1583161115; expires=Wed, 01-Apr-20 14:58:35 GMT; path=/; domain=.multikingdom2.xyz; HttpOnly; SameSite=Lax
last-modified
Sun, 01 Mar 2020 14:49:30 GMT
cache-control
max-age=14400
cf-cache-status
HIT
age
478
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
server
cloudflare
cf-ray
56dbfa0c1f693260-FRA
content-encoding
br

Redirect headers

status
302
date
Mon, 02 Mar 2020 14:58:35 GMT
content-length
0
set-cookie
__cfduid=dfe158c82b9462ce06dc1fbd7c0a673cc1583161115; expires=Wed, 01-Apr-20 14:58:35 GMT; path=/; domain=.flypiggs.com; HttpOnly; SameSite=Lax
cache-control
no-cache
location
https://multikingdom2.xyz
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
56dbfa0b892f9748-FRA
telemetry2
api.ezmob.com/ 		0
0
collect
www.google-analytics.com/ 		35 B
100 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j81&a=2069669695&t=event&_s=2&dl=https%3A%2F%2Fama.push4free.com%2F&ul=en-us&de=UTF-8&dt=Free%20Movies&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Redirected&ea=unsupported&el=any%20visitor&_u=KEBAAUAB~&jid=&gjid=&cid=1834329040.1583161115&tid=UA-137385503-7&_gid=907456695.1583161115&gtm=2ou2j0&z=272278060
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://ama.push4free.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
no-cache
date
Wed, 22 Jan 2020 05:59:38 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
3488337
content-type
image/gif
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
no-cache, no-store, must-revalidate
access-control-allow-origin
*
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
26687265e54deb0e1494
thewonder.xyz/l/ Frame 8843 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://thewonder.xyz/l/26687265e54deb0e1494
Requested by
Host: multikingdom2.xyz
URL: https://multikingdom2.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e0::ac40:6b0e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

:method
GET
:authority
thewonder.xyz
:scheme
https
:path
/l/26687265e54deb0e1494
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://multikingdom2.xyz/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://multikingdom2.xyz/

Response headers

status
200
date
Mon, 02 Mar 2020 14:58:35 GMT
content-type
text/html
set-cookie
__cfduid=d6b6104e7c94f03c777c5070f9ffe32aa1583161115; expires=Wed, 01-Apr-20 14:58:35 GMT; path=/; domain=.thewonder.xyz; HttpOnly; SameSite=Lax
last-modified
Tue, 20 Aug 2019 14:18:26 GMT
expires
Thu, 31 Dec 2037 23:55:55 GMT
cache-control
max-age=315360000
cf-cache-status
HIT
age
536714
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
server
cloudflare
cf-ray
56dbfa0caf966467-FRA
content-encoding
br
26687295e54ded6a3edc
thewonder.xyz/l/ Frame F4F5 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://thewonder.xyz/l/26687295e54ded6a3edc
Requested by
Host: multikingdom2.xyz
URL: https://multikingdom2.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e0::ac40:6b0e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

:method
GET
:authority
thewonder.xyz
:scheme
https
:path
/l/26687295e54ded6a3edc
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://multikingdom2.xyz/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://multikingdom2.xyz/

Response headers

status
200
date
Mon, 02 Mar 2020 14:58:35 GMT
content-type
text/html
set-cookie
__cfduid=d6b6104e7c94f03c777c5070f9ffe32aa1583161115; expires=Wed, 01-Apr-20 14:58:35 GMT; path=/; domain=.thewonder.xyz; HttpOnly; SameSite=Lax
last-modified
Tue, 20 Aug 2019 14:25:14 GMT
expires
Thu, 31 Dec 2037 23:55:55 GMT
cache-control
max-age=315360000
cf-cache-status
HIT
age
536713
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
server
cloudflare
cf-ray
56dbfa0caf976467-FRA
content-encoding
br
26687305e54def35be55
thewonder.xyz/l/ Frame 24EB 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://thewonder.xyz/l/26687305e54def35be55
Requested by
Host: multikingdom2.xyz
URL: https://multikingdom2.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e0::ac40:6b0e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

:method
GET
:authority
thewonder.xyz
:scheme
https
:path
/l/26687305e54def35be55
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://multikingdom2.xyz/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://multikingdom2.xyz/

Response headers

status
200
date
Mon, 02 Mar 2020 14:58:35 GMT
content-type
text/html
set-cookie
__cfduid=d6b6104e7c94f03c777c5070f9ffe32aa1583161115; expires=Wed, 01-Apr-20 14:58:35 GMT; path=/; domain=.thewonder.xyz; HttpOnly; SameSite=Lax
last-modified
Tue, 20 Aug 2019 14:18:26 GMT
expires
Thu, 31 Dec 2037 23:55:55 GMT
cache-control
max-age=315360000
cf-cache-status
HIT
age
536714
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
server
cloudflare
cf-ray
56dbfa0caf986467-FRA
content-encoding
br
26687255e54de6f62a14
thewonder.xyz/l/ Frame 7813 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://thewonder.xyz/l/26687255e54de6f62a14
Requested by
Host: multikingdom2.xyz
URL: https://multikingdom2.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e0::ac40:6b0e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

:method
GET
:authority
thewonder.xyz
:scheme
https
:path
/l/26687255e54de6f62a14
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://multikingdom2.xyz/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://multikingdom2.xyz/

Response headers

status
200
date
Mon, 02 Mar 2020 14:58:35 GMT
content-type
text/html
set-cookie
__cfduid=d6b6104e7c94f03c777c5070f9ffe32aa1583161115; expires=Wed, 01-Apr-20 14:58:35 GMT; path=/; domain=.thewonder.xyz; HttpOnly; SameSite=Lax
last-modified
Tue, 20 Aug 2019 14:18:26 GMT
expires
Thu, 31 Dec 2037 23:55:55 GMT
cache-control
max-age=315360000
cf-cache-status
HIT
age
536714
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
server
cloudflare
cf-ray
56dbfa0caf996467-FRA
content-encoding
br
click
22073.recycling.io/ Frame 8C6D 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://22073.recycling.io/click?offer_id=63865&pub_id=22073&pub_click_id=1
Requested by
Host: multikingdom2.xyz
URL: https://multikingdom2.xyz/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
88.99.60.149 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.88-99-60-149.clients.your-server.de
Software
/
Resource Hash

Request headers

Host
22073.recycling.io
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Referer
https://multikingdom2.xyz/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://multikingdom2.xyz/

Response headers

Content-Type
text/html
content-length
396
6cd61cec5a
pcgmer.com/rc/ Frame ED08
Redirect Chain
  • https://rentw.work/impression/7c1990a2-bb6d-4263-8c25-fcea980604ef
  • https://pcgmer.com/rc/6cd61cec5a?affclick=791580555_zzfn_116&pubid=MAwVCgdlNhQKCREzAUI6KF8rTiI_
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://pcgmer.com/rc/6cd61cec5a?affclick=791580555_zzfn_116&pubid=MAwVCgdlNhQKCREzAUI6KF8rTiI_
Requested by
Host: multikingdom2.xyz
URL: https://multikingdom2.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e6::ac40:c722 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

:method
GET
:authority
pcgmer.com
:scheme
https
:path
/rc/6cd61cec5a?affclick=791580555_zzfn_116&pubid=MAwVCgdlNhQKCREzAUI6KF8rTiI_
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://multikingdom2.xyz/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://multikingdom2.xyz/

Response headers

status
403
date
Mon, 02 Mar 2020 14:58:35 GMT
content-type
text/html; charset=UTF-8
cf-chl-bypass
1
set-cookie
__cfduid=d3b282b52eb20251e5ea177817bc463861583161115; expires=Wed, 01-Apr-20 14:58:35 GMT; path=/; domain=.pcgmer.com; HttpOnly; SameSite=Lax
cache-control
no-cache
x-frame-options
SAMEORIGIN
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
server
cloudflare
cf-ray
56dbfa0e3a44d6b9-FRA
content-encoding
br

Redirect headers

status
302
date
Mon, 02 Mar 2020 14:58:35 GMT
content-type
text/html; charset=utf-8
set-cookie
__cfduid=d469f702ebc1957c507bd98451db55f331583161115; expires=Wed, 01-Apr-20 14:58:35 GMT; path=/; domain=.rentw.work; HttpOnly; SameSite=Lax SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
x-powered-by
Express
access-control-allow-origin
undefined
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Access-Control-Allow-Credentials,Cookie,x-session-id
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
access-control-allow-credentials
true
location
https://pcgmer.com/rc/6cd61cec5a?affclick=791580555_zzfn_116&pubid=MAwVCgdlNhQKCREzAUI6KF8rTiI_
vary
Accept
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
56dbfa0cb8d4323c-FRA
26687265e54deb0e1494
thewonder.xyz/l/ Frame 37D5 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://thewonder.xyz/l/26687265e54deb0e1494
Requested by
Host: multikingdom2.xyz
URL: https://multikingdom2.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e0::ac40:6b0e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

:method
GET
:authority
thewonder.xyz
:scheme
https
:path
/l/26687265e54deb0e1494
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://multikingdom2.xyz/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://multikingdom2.xyz/

Response headers

status
200
date
Mon, 02 Mar 2020 14:58:35 GMT
content-type
text/html
set-cookie
__cfduid=d6b6104e7c94f03c777c5070f9ffe32aa1583161115; expires=Wed, 01-Apr-20 14:58:35 GMT; path=/; domain=.thewonder.xyz; HttpOnly; SameSite=Lax
last-modified
Tue, 20 Aug 2019 14:18:26 GMT
expires
Thu, 31 Dec 2037 23:55:55 GMT
cache-control
max-age=315360000
cf-cache-status
HIT
age
536714
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
server
cloudflare
cf-ray
56dbfa0caf9b6467-FRA
content-encoding
br
26687295e54ded6a3edc
thewonder.xyz/l/ Frame A14B 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://thewonder.xyz/l/26687295e54ded6a3edc
Requested by
Host: multikingdom2.xyz
URL: https://multikingdom2.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e0::ac40:6b0e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

:method
GET
:authority
thewonder.xyz
:scheme
https
:path
/l/26687295e54ded6a3edc
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://multikingdom2.xyz/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://multikingdom2.xyz/

Response headers

status
200
date
Mon, 02 Mar 2020 14:58:35 GMT
content-type
text/html
set-cookie
__cfduid=d6b6104e7c94f03c777c5070f9ffe32aa1583161115; expires=Wed, 01-Apr-20 14:58:35 GMT; path=/; domain=.thewonder.xyz; HttpOnly; SameSite=Lax
last-modified
Tue, 20 Aug 2019 14:25:14 GMT
expires
Thu, 31 Dec 2037 23:55:55 GMT
cache-control
max-age=315360000
cf-cache-status
HIT
age
536713
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
server
cloudflare
cf-ray
56dbfa0caf9f6467-FRA
content-encoding
br
26687305e54def35be55
thewonder.xyz/l/ Frame 1089 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://thewonder.xyz/l/26687305e54def35be55
Requested by
Host: multikingdom2.xyz
URL: https://multikingdom2.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e0::ac40:6b0e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

:method
GET
:authority
thewonder.xyz
:scheme
https
:path
/l/26687305e54def35be55
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://multikingdom2.xyz/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://multikingdom2.xyz/

Response headers

status
200
date
Mon, 02 Mar 2020 14:58:35 GMT
content-type
text/html
set-cookie
__cfduid=d6b6104e7c94f03c777c5070f9ffe32aa1583161115; expires=Wed, 01-Apr-20 14:58:35 GMT; path=/; domain=.thewonder.xyz; HttpOnly; SameSite=Lax
last-modified
Tue, 20 Aug 2019 14:18:26 GMT
expires
Thu, 31 Dec 2037 23:55:55 GMT
cache-control
max-age=315360000
cf-cache-status
HIT
age
536714
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
server
cloudflare
cf-ray
56dbfa0caf9d6467-FRA
content-encoding
br
26687255e54de6f62a14
thewonder.xyz/l/ Frame F2A3 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://thewonder.xyz/l/26687255e54de6f62a14
Requested by
Host: multikingdom2.xyz
URL: https://multikingdom2.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e0::ac40:6b0e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

:method
GET
:authority
thewonder.xyz
:scheme
https
:path
/l/26687255e54de6f62a14
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://multikingdom2.xyz/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://multikingdom2.xyz/

Response headers

status
200
date
Mon, 02 Mar 2020 14:58:35 GMT
content-type
text/html
set-cookie
__cfduid=d6b6104e7c94f03c777c5070f9ffe32aa1583161115; expires=Wed, 01-Apr-20 14:58:35 GMT; path=/; domain=.thewonder.xyz; HttpOnly; SameSite=Lax
last-modified
Tue, 20 Aug 2019 14:18:26 GMT
expires
Thu, 31 Dec 2037 23:55:55 GMT
cache-control
max-age=315360000
cf-cache-status
HIT
age
536714
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
server
cloudflare
cf-ray
56dbfa0caf9a6467-FRA
content-encoding
br
click
22073.recycling.io/ Frame 8F92 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://22073.recycling.io/click?offer_id=63865&pub_id=22073&pub_click_id=1
Requested by
Host: multikingdom2.xyz
URL: https://multikingdom2.xyz/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
88.99.60.149 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.88-99-60-149.clients.your-server.de
Software
/
Resource Hash

Request headers

Host
22073.recycling.io
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Referer
https://multikingdom2.xyz/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://multikingdom2.xyz/

Response headers

content-length
0
6cd61cec5a
pcgmer.com/rc/ Frame 8129
Redirect Chain
  • https://rentw.work/impression/7c1990a2-bb6d-4263-8c25-fcea980604ef
  • https://pcgmer.com/rc/6cd61cec5a?affclick=791580555_yehf_70&pubid=MAwVCgdlNhQKCREzAUI6KF8rTiI_
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://pcgmer.com/rc/6cd61cec5a?affclick=791580555_yehf_70&pubid=MAwVCgdlNhQKCREzAUI6KF8rTiI_
Requested by
Host: multikingdom2.xyz
URL: https://multikingdom2.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e6::ac40:c722 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

:method
GET
:authority
pcgmer.com
:scheme
https
:path
/rc/6cd61cec5a?affclick=791580555_yehf_70&pubid=MAwVCgdlNhQKCREzAUI6KF8rTiI_
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
referer
https://multikingdom2.xyz/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://multikingdom2.xyz/

Response headers

status
403
date
Mon, 02 Mar 2020 14:58:35 GMT
content-type
text/html; charset=UTF-8
cf-chl-bypass
1
set-cookie
__cfduid=d3b282b52eb20251e5ea177817bc463861583161115; expires=Wed, 01-Apr-20 14:58:35 GMT; path=/; domain=.pcgmer.com; HttpOnly; SameSite=Lax
cache-control
no-cache
x-frame-options
SAMEORIGIN
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
server
cloudflare
cf-ray
56dbfa0dd927d6b9-FRA
content-encoding
br

Redirect headers

status
302
date
Mon, 02 Mar 2020 14:58:35 GMT
content-type
text/html; charset=utf-8
set-cookie
__cfduid=d469f702ebc1957c507bd98451db55f331583161115; expires=Wed, 01-Apr-20 14:58:35 GMT; path=/; domain=.rentw.work; HttpOnly; SameSite=Lax SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
x-powered-by
Express
access-control-allow-origin
undefined
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Access-Control-Allow-Credentials,Cookie,x-session-id
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
access-control-allow-credentials
true
location
https://pcgmer.com/rc/6cd61cec5a?affclick=791580555_yehf_70&pubid=MAwVCgdlNhQKCREzAUI6KF8rTiI_
vary
Accept
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
56dbfa0cb8d8323c-FRA

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
audiancedesign.com
URL
https://audiancedesign.com/talg/nr?publisher={pid}_{sub2}&domain={sub3}&idfa={sub4}&dsp=sl_ad&camp_id=sl_ifr_ad&source=iguazu&dis_campaign_id=zone80719&bundle_id={sub4}&f_click={clickid}
Domain
reorget.com
URL
https://reorget.com/c/87ae1e5b-a905-345d-9f34-2ed34ec3ca4a?clickid={clickid}&sub2={sub2}
Domain
api.ezmob.com
URL
https://api.ezmob.com/telemetry2?v=1.1.6&dm=ama.push4free.com&chid=62

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate string| prefix string| prize_url function| goto

1 Cookies

Domain/Path Name / Value
.multikingdom2.xyz/ Name: __cfduid
Value: ddd2935b04bb8168fc217bd615e24e16e1583161115

2 Console Messages

Source Level URL
Text
console-api warning URL: https://static.ezmob.com/webpush/scripts/v1.1/adkwebpush.js(Line 4)
Message:
AdKernel Push Loader: Message push isn't supported on this browser
console-api log URL: https://tag.top10appzz.com/static/js/main.js(Line 1)
Message:
Error: Can not get offers

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

22073.recycling.io
ama.push4free.com
api.ezmob.com
api.top10appzz.com
audiancedesign.com
cdnjs.cloudflare.com
cpi-offers.com
f17832198f8877049d1d-833aeee095d4d52d40a812a8cd7b7120.ssl.cf5.rackcdn.com
flypiggs.com
go.coralsands.xyz
multikingdom2.xyz
offerbeast.com
pcgmer.com
rentw.work
reorget.com
static.ezmob.com
tag.top10appzz.com
thewonder.xyz
www.google-analytics.com
www.googletagmanager.com
xml.ezmob.com
api.ezmob.com
audiancedesign.com
reorget.com
151.139.128.10
198.134.116.18
198.134.116.30
2606:4700:3030::6812:27f9
2606:4700:3035::681b:aa38
2606:4700:3037::681b:ab38
2606:4700:3037::681b:b1f2
2606:4700::6811:4004
2606:4700:e0::ac40:6b0e
2606:4700:e4::ac40:a710
2606:4700:e6::ac40:c722
2a00:1450:4001:816::200e
2a00:1450:4001:81b::2008
46.101.188.42
54.93.81.132
88.99.60.149
95.100.197.13
00dd0eda259c07dcc8d34e51e1d14db772ff0a5cc191b25e0356faeea5041202
0b2032ba4de0f6b71e12413b7d44759a5d5565e0b404a603c0f734f5ad1dfc5d
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
5a3f1dd74233f605e511f1b5b244bedf85ac88ba264caf4d6401bc7ec2017dcd
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36
78d647cee5df70dd51f656eb8d04aef5a9e04051e8e1e81e6e535fff58b735a5
7f3145c87d3570154f633975e8a4f8d30aa38603edaba145501e9c90ddbe186c
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
9d02d662da8a47fb5fb610b545007507b6017028043dbb63cd09ec897d3b9627
ae5e99a508efc783d3f7cfc026726cf2e86c6740c148ee071e28dd28593638c1
b573f440985ab96acf92a208bf57f7fd04a4399b6946f4c56319eb66b4d1f31a
bf2dbb7a446c2e6def2a0e006e9c81673771799562c871a9628f901abf80ef97
c26737318186f6f84b608d3b0f19e5476df72b19513eac4c3f41ed892214e6f5
c30c1fb704e33069858894b1d21a392575b2ab2a6677c4f8580582d225579d8b
e4fb84971b9f8595ccca91867197ca9a4236f2da5f93f9c35e226a45f01055f9
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
fc12e3ab4283f3213bdc8ffe2e88c7aa1778ad203c83b358828a1f3eba844823