urlscan.io logo urlscan.io
SecurityTrails logo

message.liveplayingnow.com Open in urlscan Pro
2606:4700:3032::ac43:dacc  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://speedflow.io/adult/?a=rr
Effective URL: https://message.liveplayingnow.com/js2/o/nw/nn_champions_n/index.html
Submission Tags: demotag1 demotag2 Search All
Submission: On November 08 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 20 IPs in 5 countries across 20 domains to perform 27 HTTP transactions. The main IP is 2606:4700:3032::ac43:dacc, located in United States and belongs to CLOUDFLARENET, US. The main domain is message.liveplayingnow.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on October 26th 2020. Valid for: a year.
This is the only time message.liveplayingnow.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 198.54.116.135 22612 (NAMECHEAP...)
1 2001:4de0:ac1... 20446 (HIGHWINDS3)
1 95.211.229.246 60781 (LEASEWEB-...)
1 162.213.255.36 22612 (NAMECHEAP...)
1 4 107.170.39.103 14061 (DIGITALOC...)
1 35.190.72.161 15169 (GOOGLE)
1 2a04:4e42:1b:... 54113 (FASTLY)
1 172.67.173.168 13335 (CLOUDFLAR...)
1 151.101.14.110 54113 (FASTLY)
2 212.32.250.1 60781 (LEASEWEB-...)
1 3 198.143.165.220 32475 (SINGLEHOP...)
1 1 212.7.204.100 60781 (LEASEWEB-...)
1 116.202.159.171 24940 (HETZNER-AS)
4 2606:4700:303... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 94.130.239.212 24940 (HETZNER-AS)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 94.130.33.169 24940 (HETZNER-AS)
27 20
1    198.54.116.135 (Los Angeles, United States)

ASN22612 (NAMECHEAP-NET, US)
PTR: server193-5.web-hosting.com
speedflow.io
1    2001:4de0:ac19::1:b:3a (Netherlands)

ASN20446 (HIGHWINDS3, US)
a.realsrv.com
1    95.211.229.246 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
syndication.realsrv.com
1    162.213.255.36 (Los Angeles, United States)

ASN22612 (NAMECHEAP-NET, US)
PTR: server145-4.web-hosting.com
manyhit.com
4    107.170.39.103 (New York, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
traffdaq.com
1    35.190.72.161 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 161.72.190.35.bc.googleusercontent.com
c.securepaths.com
1    2a04:4e42:1b::621 (Ascension Island)

ASN54113 (FASTLY, US)
cdn.jsdelivr.net
1    172.67.173.168 (United States)

ASN13335 (CLOUDFLARENET, US)
viral481.com
1    151.101.14.110 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
js-agent.newrelic.com
2    212.32.250.1 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
go.secureclickers.com
yo.wackotracko.com
3    198.143.165.220 (Chicago, United States)

ASN32475 (SINGLEHOP-LLC, US)
PTR: server04.com-2.mobi
safe.w0pt0p.online
1    212.7.204.100 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
rdtrck2.com
1    116.202.159.171 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.171.159.202.116.clients.your-server.de
4507510.catchtheclick.com
4    2606:4700:3032::ac43:dacc (United States)

ASN13335 (CLOUDFLARENET, US)
message.liveplayingnow.com
1    2a00:1450:4001:81a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    94.130.239.212 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.212.239.130.94.clients.your-server.de
specializedlink.com
1    2a00:1450:4001:801::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2a00:1450:4001:821::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2a00:1450:400c:c00::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    94.130.33.169 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.169.33.130.94.clients.your-server.de
bonga.readnewmessage.com
Domain Requested by
4 message.liveplayingnow.com 4507510.catchtheclick.com
message.liveplayingnow.com
4 traffdaq.com 1 redirects speedflow.io
traffdaq.com
3 safe.w0pt0p.online 1 redirects safe.w0pt0p.online
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
1 bonga.readnewmessage.com message.liveplayingnow.com
1 stats.g.doubleclick.net www.google-analytics.com
1 specializedlink.com message.liveplayingnow.com
1 www.googletagmanager.com message.liveplayingnow.com
1 4507510.catchtheclick.com safe.w0pt0p.online
1 rdtrck2.com 1 redirects
1 yo.wackotracko.com
1 go.secureclickers.com
1 js-agent.newrelic.com viral481.com
1 viral481.com traffdaq.com
1 cdn.jsdelivr.net traffdaq.com
1 c.securepaths.com traffdaq.com
1 manyhit.com speedflow.io
1 syndication.realsrv.com a.realsrv.com
1 a.realsrv.com speedflow.io
1 speedflow.io
0 bam-cell.nr-data.net Failed js-agent.newrelic.com
27 21

This site contains no links.

Subject Issuer Validity Valid
realsrv.com
Let's Encrypt Authority X3		 2020-10-26 -
2021-01-24		 3 months crt.sh
traffdaq.com
Let's Encrypt Authority X3		 2020-10-31 -
2021-01-29		 3 months crt.sh
*.securepaths.com
Let's Encrypt Authority X3		 2020-09-22 -
2020-12-21		 3 months crt.sh
f3.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3		 2020-10-26 -
2021-04-17		 6 months crt.sh
f4.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3		 2020-10-23 -
2021-05-07		 6 months crt.sh
itsokto.linktolinkyourlink.com
Sectigo RSA Domain Validation Secure Server CA		 2020-03-12 -
2021-03-13		 a year crt.sh
safe.w0pt0p.online
Let's Encrypt Authority X3		 2020-09-01 -
2020-11-30		 3 months crt.sh
*.catchtheclick.com
Let's Encrypt Authority X3		 2020-08-14 -
2020-11-12		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2020-10-26 -
2021-10-25		 a year crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-10-20 -
2021-01-12		 3 months crt.sh
specializedlink.com
Let's Encrypt Authority X3		 2020-10-15 -
2021-01-13		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1O1		 2020-10-20 -
2021-01-12		 3 months crt.sh
bonga.readnewmessage.com
Let's Encrypt Authority X3		 2020-09-15 -
2020-12-14		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://message.liveplayingnow.com/js2/o/nw/nn_champions_n/index.html
Frame ID: 9845502C84BA277DE33575A42A130BF1
Requests: 25 HTTP requests in this frame

Frame: http://syndication.realsrv.com/ads-iframe-display.php?idzone=4053336&type=900x250&p=http%3A//speedflow.io/adult/%3Fa%3Drr&dt=1604812689569&sub=&tags=&screen_resolution=1600x1200&el=%22
Frame ID: D286317524E488E203DA6F47739E9E7D
Requests: 1 HTTP requests in this frame

Frame: http://manyhit.com/autosurf_if.php?user=speedflow
Frame ID: 32B6DA9BED67D7DEB18D6E7578019CA7
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://speedflow.io/adult/?a=rr Page URL
  2. http://traffdaq.com/delivery/dl/47382?category=general HTTP 301
    https://traffdaq.com/delivery/dl/47382?category=general Page URL
  3. https://traffdaq.com/delivery/directlink/47382?hash=eyJpdiI6Im1DYmFtZzFaSm10OEt4WlFyemlcLzhnPT0iL... Page URL
  4. http://viral481.com/srv.html?id=56067&pub=882009 Page URL
  5. https://go.secureclickers.com/click?pid=94&offer_id=8855&sub2=94_882009&sub1=882009-787990417 Page URL
  6. https://yo.wackotracko.com/sl?id=59ce054ca1e3c53000000001&pid=2&sub1=882009-787990417&sub2=94&sub3=94_8... Page URL
  7. https://safe.w0pt0p.online/?utm_medium=87671f8c08ef26a74e7462a6173ac3de0a8f8639&utm_campaign=redirectpo... Page URL
  8. https://safe.w0pt0p.online/?utm_term=6892618032657465773&clickverify=1&utm_content=e6c2c6dcd68fd49594fc... Page URL
  9. https://safe.w0pt0p.online/proc.php?3360b87899e62c1229a54dd926bf969e170a7439 HTTP 302
    https://rdtrck2.com/5f6cc697a49037000154e4b7?sub1=4525&sub2=4525-5541b6d1&ref_id=M68926180326574... HTTP 302
    https://4507510.catchtheclick.com/?mob=dNg0yM7orh7w7FmfddpVRg08_HhpbNIqq7K27UEKILMDFVVz1-Uh0cA0IvAKYdcGHKZePq2... Page URL
  10. https://message.liveplayingnow.com/js2/o/nw/nn_champions_n/index.html Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

27
Requests

81 %
HTTPS

35 %
IPv6

20
Domains

21
Subdomains

20
IPs

5
Countries

142 kB
Transfer

297 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://speedflow.io/adult/?a=rr Page URL
  2. http://traffdaq.com/delivery/dl/47382?category=general HTTP 301
    https://traffdaq.com/delivery/dl/47382?category=general Page URL
  3. https://traffdaq.com/delivery/directlink/47382?hash=eyJpdiI6Im1DYmFtZzFaSm10OEt4WlFyemlcLzhnPT0iLCJ2YWx1ZSI6Iis0TTJSU1cwUnZVWkFFaEIyaEppTXlGN2hES2RFUDQ3SHJmSmZtXC9FRW9MZXNSYmVnN2FhMHhxOUhUSjF5YXNtTURnRFNrakE5bFVEbjZCVElFWmFMZ1pmYVNRUlR3MHduXC9valozc21EdWFvYzhzNm1iUlNJVHpoMm1KUmZzcCtGbjJcL0FwZlEyZVwvMmRNZDhjRG9ySVVjTXZrclp1MFN5VTVUNXdtR1ZIcXlueFpldEtlbEZyOVwvbHhpQWJNOGJpdERoeVMzbFpoQlRtNjMzUFM0SlVBczVBalhWXC9qREFtanczNzJnVHN1VmQxeGoxQzc0b08wOWtNY1JxM2xoaXNpNllGQnNQVElTdFF0V1hyVzFOZnlja1wvdnJZeEJhd1d4QXptT2RLb1FVTjg1MnVxaDFBd1Y0Z1RIYk1pRDBaeCIsIm1hYyI6IjM4N2E5YTgyZDRiY2VmYWEyMTA1YmM2MWFiNTUzM2M4MzgzNDA3M2NiMTBiMTEyMDEzMzIzNjk4MWMyODk1ZDcifQ%3D%3D&fp=66abd220fd1aeed21a48c2d9b60f0bf8 Page URL
  4. http://viral481.com/srv.html?id=56067&pub=882009 Page URL
  5. https://go.secureclickers.com/click?pid=94&offer_id=8855&sub2=94_882009&sub1=882009-787990417 Page URL
  6. https://yo.wackotracko.com/sl?id=59ce054ca1e3c53000000001&pid=2&sub1=882009-787990417&sub2=94&sub3=94_882009&sub4=8855&sub5=NL&sub6=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F83.0.4103.61+Safari%2F537.36 Page URL
  7. https://safe.w0pt0p.online/?utm_medium=87671f8c08ef26a74e7462a6173ac3de0a8f8639&utm_campaign=redirectpool&1=94&cid=5fa77f95d968450001d51a8e Page URL
  8. https://safe.w0pt0p.online/?utm_term=6892618032657465773&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb5b081b68784b49a9b98f5fff1f8eef1f2e0f4bbe7e6fc878a9a90eedeecaa8d8c878d83c7ad8b99d5f8cbcaffcec9f2f3f085848291f5cafac8f8f8fffccdf3f1f0f1c6c7c45e Page URL
  9. https://safe.w0pt0p.online/proc.php?3360b87899e62c1229a54dd926bf969e170a7439 HTTP 302
    https://rdtrck2.com/5f6cc697a49037000154e4b7?sub1=4525&sub2=4525-5541b6d1&ref_id=M6892618032657465773 HTTP 302
    https://4507510.catchtheclick.com/?mob=dNg0yM7orh7w7FmfddpVRg08_HhpbNIqq7K27UEKILMDFVVz1-Uh0cA0IvAKYdcGHKZePq2lYxzxgBIkrpMzTg&clickid=5fa77f963bc0b80001d7ad4d Page URL
  10. https://message.liveplayingnow.com/js2/o/nw/nn_champions_n/index.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4
  • http://traffdaq.com/delivery/dl/47382?category=general HTTP 301
  • https://traffdaq.com/delivery/dl/47382?category=general
Request Chain 16
  • https://safe.w0pt0p.online/proc.php?3360b87899e62c1229a54dd926bf969e170a7439 HTTP 302
  • https://rdtrck2.com/5f6cc697a49037000154e4b7?sub1=4525&sub2=4525-5541b6d1&ref_id=M6892618032657465773 HTTP 302
  • https://4507510.catchtheclick.com/?mob=dNg0yM7orh7w7FmfddpVRg08_HhpbNIqq7K27UEKILMDFVVz1-Uh0cA0IvAKYdcGHKZePq2lYxzxgBIkrpMzTg&clickid=5fa77f963bc0b80001d7ad4d

27 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
speedflow.io/adult/ 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://speedflow.io/adult/?a=rr
Protocol
HTTP/1.1
Server
198.54.116.135 Los Angeles, United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
server193-5.web-hosting.com
Software
Apache / PHP/7.1.33
Resource Hash
f0304f634f030209d91d76f627b9e80311740c1c224cafaf3e6f137e0b753538

Request headers

Host
speedflow.io
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
referer
http://speedflow.io/adult/a=rr

Response headers

date
Sun, 08 Nov 2020 05:18:09 GMT
server
Apache
x-powered-by
PHP/7.1.33
set-cookie
visits_todaya=1; expires=Sun, 08-Nov-2020 22:59:00 GMT; Max-Age=63651; path=/ time_start=1604812689.0975; expires=Sun, 08-Nov-2020 22:59:00 GMT; Max-Age=63651; path=/ ip=185.212.171.75 mobile=0 country=++ visits_todayi=0; expires=Sun, 08-Nov-2020 22:59:00 GMT; Max-Age=63651; path=/
accept-ranges
none
vary
Accept-Encoding
content-encoding
gzip
content-length
543
content-type
text/html; charset=UTF-8
ads.js
a.realsrv.com/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.realsrv.com/ads.js
Requested by
Host: speedflow.io
URL: http://speedflow.io/adult/?a=rr
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2001:4de0:ac19::1:b:3a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
/
Resource Hash
d3f814d49049b29143de2fccdbd97d0a1f0739e2554c482684c7c906b535ea43

Request headers

Referer
http://speedflow.io/adult/a=rr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 08 Nov 2020 05:18:09 GMT
Content-Encoding
gzip
X-HW
1604812689.dop231.fr8.shc,1604812689.dop231.fr8.t,1604812689.cds129.fr8.c
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=10800
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
928
Cookie set ads-iframe-display.php
syndication.realsrv.com/ Frame D286 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
http://syndication.realsrv.com/ads-iframe-display.php?idzone=4053336&type=900x250&p=http%3A//speedflow.io/adult/%3Fa%3Drr&dt=1604812689569&sub=&tags=&screen_resolution=1600x1200&el=%22
Requested by
Host: a.realsrv.com
URL: https://a.realsrv.com/ads.js
Protocol
HTTP/1.1
Server
95.211.229.246 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Host
syndication.realsrv.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://speedflow.io/
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
referer
http://speedflow.io/adult/a=rr
Referer
http://speedflow.io/

Response headers

Server
nginx
Date
Sun, 08 Nov 2020 05:18:09 GMT
Content-Type
text/html; charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control
no-cache, must-revalidate
Pragma
no-cache
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie
__uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%225fa77f9191af23.793358081978915272%22%3B%7D; expires=Tue, 08 Nov 2022 05:18:09 GMT; path=; domain=.realsrv.com;
Content-Encoding
gzip
autosurf_if.php
manyhit.com/ Frame 32B6 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
http://manyhit.com/autosurf_if.php?user=speedflow
Requested by
Host: speedflow.io
URL: http://speedflow.io/adult/?a=rr
Protocol
HTTP/1.1
Server
162.213.255.36 Los Angeles, United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
server145-4.web-hosting.com
Software
Apache / PHP/5.4.45
Resource Hash

Request headers

Host
manyhit.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://speedflow.io/
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
referer
http://speedflow.io/adult/a=rr
Referer
http://speedflow.io/

Response headers

date
Sun, 08 Nov 2020 05:18:09 GMT
server
Apache
x-powered-by
PHP/5.4.45
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma
no-cache
set-cookie
PHPSESSID=76ba04782ef447122482b9a5c7870a4b; path=/
vary
Accept-Encoding
content-encoding
gzip
content-length
1307
content-type
text/html
47382
traffdaq.com/delivery/dl/
Redirect Chain
  • http://traffdaq.com/delivery/dl/47382?category=general
  • https://traffdaq.com/delivery/dl/47382?category=general
3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://traffdaq.com/delivery/dl/47382?category=general
Requested by
Host: speedflow.io
URL: http://speedflow.io/adult/?a=rr
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.170.39.103 New York, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.16.1 (Ubuntu) /
Resource Hash
20e7bbb7406ea2dbd67739356693b1e2610b01348b8c8ff418e8e25ecebc8fa5

Request headers

Host
traffdaq.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
document
Referer
http://speedflow.io/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
referer
http://speedflow.io/adult/a=rr
Referer
http://speedflow.io/adult/?a=rr

Response headers

Server
nginx/1.16.1 (Ubuntu)
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
close
Cache-Control
no-cache
Date
Sun, 08 Nov 2020 05:18:10 GMT
Content-Encoding
gzip

Redirect headers

Content-length
0
Location
https://traffdaq.com/delivery/dl/47382?category=general
Connection
close
eyJpdiI6ImFLbzcydENFV0t4enV2c0laelBGUnc9PSIsInZhbHVlIjoiMVZJeWlENE5CNUdxT1wvV1VFVytcLzBJblBXS1dRWHpER2dlRVVUVzhtaGtjYUJoSlYxMjFlZWtBckRkNzNWbHhycHJ3MDFzc01TZFB0UUJBd0FEXC9WQkE9PSIsIm1hYyI6ImI1OWM3Y...
traffdaq.com/users/track/ 		0
862 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://traffdaq.com/users/track/eyJpdiI6ImFLbzcydENFV0t4enV2c0laelBGUnc9PSIsInZhbHVlIjoiMVZJeWlENE5CNUdxT1wvV1VFVytcLzBJblBXS1dRWHpER2dlRVVUVzhtaGtjYUJoSlYxMjFlZWtBckRkNzNWbHhycHJ3MDFzc01TZFB0UUJBd0FEXC9WQkE9PSIsIm1hYyI6ImI1OWM3YWU4ZDA0MjE4YTVhOTBiZGEyZGQxYTFlM2UxYzhjZTA4NTdlYWJmODM5NDkyZDE1NDFmZDJmZWJjMDcifQ%3D%3D
Requested by
Host: traffdaq.com
URL: https://traffdaq.com/delivery/dl/47382?category=general
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.170.39.103 New York, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.16.1 (Ubuntu) /
Resource Hash

Request headers

Referer
http://speedflow.io/adult/a=rr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 08 Nov 2020 05:18:10 GMT
Cache-Control
no-cache
Server
nginx/1.16.1 (Ubuntu)
Connection
close
Content-Length
0
Content-Type
text/html; charset=UTF-8
implement.js
c.securepaths.com/js/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://c.securepaths.com/js/implement.js?org=FziBhN0qA1aE5tBQrQLl&s=5fa77f91f3065&p=TDQ47382&a=47382&cmp=47382&rd=http%3A%2F%2Fspeedflow.io%2F&rt=click&sl=0&stId=0&ty=l
Requested by
Host: traffdaq.com
URL: https://traffdaq.com/delivery/dl/47382?category=general
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.72.161 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
161.72.190.35.bc.googleusercontent.com
Software
/
Resource Hash
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
http://speedflow.io/adult/a=rr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 08 Nov 2020 05:18:10 GMT
via
1.1 google
status
401
content-type
application/javascript
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
x-xss-protection
0
expires
0
fingerprint2.min.js
cdn.jsdelivr.net/fingerprintjs2/1.4.0/ 		33 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/fingerprintjs2/1.4.0/fingerprint2.min.js
Requested by
Host: traffdaq.com
URL: https://traffdaq.com/delivery/dl/47382?category=general
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::621 , Ascension Island, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
4ef071f26a6a95d20498fa67e78856aebf65e9e06d46046604acac1ac3e87033
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
http://speedflow.io/adult/a=rr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
age
896678
x-cache
HIT, HIT
status
200
cross-origin-resource-policy
cross-origin
content-length
10191
etag
W/"83f3-ijg3WuTgKQH1Hch06eHdIajrA24"
x-served-by
cache-fra19149-FRA, cache-hhn4061-HHN
date
Sun, 08 Nov 2020 05:18:10 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
47382
traffdaq.com/delivery/directlink/ 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://traffdaq.com/delivery/directlink/47382?hash=eyJpdiI6Im1DYmFtZzFaSm10OEt4WlFyemlcLzhnPT0iLCJ2YWx1ZSI6Iis0TTJSU1cwUnZVWkFFaEIyaEppTXlGN2hES2RFUDQ3SHJmSmZtXC9FRW9MZXNSYmVnN2FhMHhxOUhUSjF5YXNtTURnRFNrakE5bFVEbjZCVElFWmFMZ1pmYVNRUlR3MHduXC9valozc21EdWFvYzhzNm1iUlNJVHpoMm1KUmZzcCtGbjJcL0FwZlEyZVwvMmRNZDhjRG9ySVVjTXZrclp1MFN5VTVUNXdtR1ZIcXlueFpldEtlbEZyOVwvbHhpQWJNOGJpdERoeVMzbFpoQlRtNjMzUFM0SlVBczVBalhWXC9qREFtanczNzJnVHN1VmQxeGoxQzc0b08wOWtNY1JxM2xoaXNpNllGQnNQVElTdFF0V1hyVzFOZnlja1wvdnJZeEJhd1d4QXptT2RLb1FVTjg1MnVxaDFBd1Y0Z1RIYk1pRDBaeCIsIm1hYyI6IjM4N2E5YTgyZDRiY2VmYWEyMTA1YmM2MWFiNTUzM2M4MzgzNDA3M2NiMTBiMTEyMDEzMzIzNjk4MWMyODk1ZDcifQ%3D%3D&fp=66abd220fd1aeed21a48c2d9b60f0bf8
Requested by
Host: traffdaq.com
URL: https://traffdaq.com/delivery/dl/47382?category=general
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.170.39.103 New York, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.16.1 (Ubuntu) /
Resource Hash
7e0889ce1e92165e09027869e550e54a646b567ce50a213b79e7dca49e9845dc

Request headers

Host
traffdaq.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
same-origin
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
document
Referer
https://traffdaq.com/delivery/dl/47382?category=general
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
tdqct=1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
referer
http://speedflow.io/adult/a=rr
Referer
https://traffdaq.com/delivery/dl/47382?category=general

Response headers

Server
nginx/1.16.1 (Ubuntu)
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
close
Cache-Control
no-cache
Date
Sun, 08 Nov 2020 05:18:12 GMT
Content-Encoding
gzip
Cookie set srv.html
viral481.com/ 		19 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://viral481.com/srv.html?id=56067&pub=882009
Requested by
Host: traffdaq.com
URL: https://traffdaq.com/delivery/directlink/47382?hash=eyJpdiI6Im1DYmFtZzFaSm10OEt4WlFyemlcLzhnPT0iLCJ2YWx1ZSI6Iis0TTJSU1cwUnZVWkFFaEIyaEppTXlGN2hES2RFUDQ3SHJmSmZtXC9FRW9MZXNSYmVnN2FhMHhxOUhUSjF5YXNtTURnRFNrakE5bFVEbjZCVElFWmFMZ1pmYVNRUlR3MHduXC9valozc21EdWFvYzhzNm1iUlNJVHpoMm1KUmZzcCtGbjJcL0FwZlEyZVwvMmRNZDhjRG9ySVVjTXZrclp1MFN5VTVUNXdtR1ZIcXlueFpldEtlbEZyOVwvbHhpQWJNOGJpdERoeVMzbFpoQlRtNjMzUFM0SlVBczVBalhWXC9qREFtanczNzJnVHN1VmQxeGoxQzc0b08wOWtNY1JxM2xoaXNpNllGQnNQVElTdFF0V1hyVzFOZnlja1wvdnJZeEJhd1d4QXptT2RLb1FVTjg1MnVxaDFBd1Y0Z1RIYk1pRDBaeCIsIm1hYyI6IjM4N2E5YTgyZDRiY2VmYWEyMTA1YmM2MWFiNTUzM2M4MzgzNDA3M2NiMTBiMTEyMDEzMzIzNjk4MWMyODk1ZDcifQ%3D%3D&fp=66abd220fd1aeed21a48c2d9b60f0bf8
Protocol
HTTP/1.1
Server
172.67.173.168 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
038504421a3018a7511e1396d299155bafcb1c0a2317f84360ec964399928793
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Host
viral481.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
referer
http://speedflow.io/adult/a=rr

Response headers

Date
Sun, 08 Nov 2020 05:18:13 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
__cfduid=d14b763ac2dfaaa227dd2b385f5b091861604812692; expires=Tue, 08-Dec-20 05:18:12 GMT; path=/; domain=.viral481.com; HttpOnly; SameSite=Lax PHPSESSID=zpy1QcHS5qJ-5ru-JrpkQz8qp97UQahwZ0HQ9q2pU9D2fr7IusBjrKyh_l43QFhP; path=/; HttpOnly SERVERID=web2; path=/
X-Frame-Options
SAMEORIGIN
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma
no-cache
X-XSS-Protection
1; mode=block
Vary
Accept-Encoding
CF-Cache-Status
DYNAMIC
cf-request-id
0647e375770000bddc198c8000000001
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=T9AFfBr6u1R6Q8G9ED7%2BQ%2FNYBcblqLvrF4eLX7Y88qiR1s8BFlGl4qhrpphskflDnrjRh4ysUIt%2FEy0tdrBIJ8z6X7UvC4872mMWptA%3D"}],"group":"cf-nel","max_age":604800}
NEL
{"report_to":"cf-nel","max_age":604800}
Server
cloudflare
CF-RAY
5eecd5025972bddc-AMS
Content-Encoding
gzip
nr-1184.min.js
js-agent.newrelic.com/ 		27 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-agent.newrelic.com/nr-1184.min.js
Requested by
Host: viral481.com
URL: http://viral481.com/srv.html?id=56067&pub=882009
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.14.110 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash

Request headers

Referer
http://speedflow.io/adult/a=rr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 08 Nov 2020 05:18:13 GMT
content-encoding
gzip
x-amz-request-id
56EA6FC207045B4A
x-cache
HIT
status
200
content-length
10624
x-amz-id-2
uuJq8l4/GQY+JgvDjzOrYyBmMFeI+giKQUxO070uUoDDC3xFCWuCaTfbc4ynBcc3qgltYSdwh7A=
x-served-by
cache-fra19171-FRA
last-modified
Mon, 28 Sep 2020 16:34:45 GMT
server
AmazonS3
x-timer
S1604812693.351029,VS0,VE0
etag
"3d7f312be60d08a2568e311e4762f3af"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 varnish
cache-control
public, max-age=7200, stale-if-error=604800
accept-ranges
bytes
x-cache-hits
3794
click
go.secureclickers.com/ 		389 B
401 B 		Document
General
Check archive.org
Download Go to
Full URL
https://go.secureclickers.com/click?pid=94&offer_id=8855&sub2=94_882009&sub1=882009-787990417
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
212.32.250.1 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash
38aa0cb986bf768562982db6b43df9978d75675e110a700707e27b051591e27f

Request headers

:method
GET
:authority
go.secureclickers.com
:scheme
https
:path
/click?pid=94&offer_id=8855&sub2=94_882009&sub1=882009-787990417
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
http://viral481.com/srv.html?id=56067&pub=882009
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
referer
http://speedflow.io/adult/a=rr
Referer
http://viral481.com/srv.html?id=56067&pub=882009

Response headers

status
200
server
nginx
date
Sun, 08 Nov 2020 05:18:13 GMT
content-type
text/html; charset=utf-8
content-encoding
gzip
62915533ca
bam-cell.nr-data.net/1/ 		0
0
sl
yo.wackotracko.com/ 		256 B
388 B 		Document
General
Check archive.org
Download Go to
Full URL
https://yo.wackotracko.com/sl?id=59ce054ca1e3c53000000001&pid=2&sub1=882009-787990417&sub2=94&sub3=94_882009&sub4=8855&sub5=NL&sub6=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F83.0.4103.61+Safari%2F537.36
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
212.32.250.1 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash
68196ded8064e22490cfce270e85a4fe3f2597fae1867ab151d2a51c4c963814

Request headers

:method
GET
:authority
yo.wackotracko.com
:scheme
https
:path
/sl?id=59ce054ca1e3c53000000001&pid=2&sub1=882009-787990417&sub2=94&sub3=94_882009&sub4=8855&sub5=NL&sub6=Mozilla%2F5.0+%28Macintosh%3B+Intel+Mac+OS+X+10_14_5%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F83.0.4103.61+Safari%2F537.36
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
referer
http://speedflow.io/adult/a=rr

Response headers

status
200
server
nginx
date
Sun, 08 Nov 2020 05:18:13 GMT
content-type
text/html; charset=utf-8
set-cookie
afclick=5fa77f95d968450001d51a8e; Expires=Mon, 08 Nov 2021 05:18:13 GMT; Secure; SameSite=None
content-encoding
gzip
/
safe.w0pt0p.online/ 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://safe.w0pt0p.online/?utm_medium=87671f8c08ef26a74e7462a6173ac3de0a8f8639&utm_campaign=redirectpool&1=94&cid=5fa77f95d968450001d51a8e
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.143.165.220 Chicago, United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx / PHP/7.4.10
Resource Hash
55a9eabf4e824cd89b7b61ef817125453da63dc2ff60141d7d761b3709b5d140
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;

Request headers

:method
GET
:authority
safe.w0pt0p.online
:scheme
https
:path
/?utm_medium=87671f8c08ef26a74e7462a6173ac3de0a8f8639&utm_campaign=redirectpool&1=94&cid=5fa77f95d968450001d51a8e
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
referer
http://speedflow.io/adult/a=rr

Response headers

status
200
server
nginx
date
Sun, 08 Nov 2020 05:18:13 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
x-powered-by
PHP/7.4.10
cache-control
no-store, no-cache, must-revalidate, max-age=0
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
set-cookie
u=8dabed1b8a164867b8aafc2de857ac16; expires=Mon, 08-Nov-2021 05:18:13 GMT; Max-Age=31536000; path=/
strict-transport-security
max-age=31536000; includeSubdomains;
content-encoding
gzip
/
safe.w0pt0p.online/ 		9 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://safe.w0pt0p.online/?utm_term=6892618032657465773&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb5b081b68784b49a9b98f5fff1f8eef1f2e0f4bbe7e6fc878a9a90eedeecaa8d8c878d83c7ad8b99d5f8cbcaffcec9f2f3f085848291f5cafac8f8f8fffccdf3f1f0f1c6c7c45e
Requested by
Host: safe.w0pt0p.online
URL: https://safe.w0pt0p.online/?utm_medium=87671f8c08ef26a74e7462a6173ac3de0a8f8639&utm_campaign=redirectpool&1=94&cid=5fa77f95d968450001d51a8e
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.143.165.220 Chicago, United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx / PHP/7.4.10
Resource Hash
1b4518e2989abe53ac6d7e491e24e9fed1548341eb9ee52acf1197379fc0b294
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;

Request headers

:method
GET
:authority
safe.w0pt0p.online
:scheme
https
:path
/?utm_term=6892618032657465773&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb5b081b68784b49a9b98f5fff1f8eef1f2e0f4bbe7e6fc878a9a90eedeecaa8d8c878d83c7ad8b99d5f8cbcaffcec9f2f3f085848291f5cafac8f8f8fffccdf3f1f0f1c6c7c45e
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://safe.w0pt0p.online/?utm_medium=87671f8c08ef26a74e7462a6173ac3de0a8f8639&utm_campaign=redirectpool&1=94&cid=5fa77f95d968450001d51a8e
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
u=8dabed1b8a164867b8aafc2de857ac16
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
referer
http://speedflow.io/adult/a=rr
Referer
https://safe.w0pt0p.online/?utm_medium=87671f8c08ef26a74e7462a6173ac3de0a8f8639&utm_campaign=redirectpool&1=94&cid=5fa77f95d968450001d51a8e

Response headers

status
200
server
nginx
date
Sun, 08 Nov 2020 05:18:13 GMT
content-type
text/html; charset=utf-8
vary
Accept-Encoding
x-powered-by
PHP/7.4.10
cache-control
no-store, no-cache, must-revalidate, max-age=0
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
strict-transport-security
max-age=31536000; includeSubdomains;
content-encoding
gzip
/
4507510.catchtheclick.com/
Redirect Chain
  • https://safe.w0pt0p.online/proc.php?3360b87899e62c1229a54dd926bf969e170a7439
  • https://rdtrck2.com/5f6cc697a49037000154e4b7?sub1=4525&sub2=4525-5541b6d1&ref_id=M6892618032657465773
  • https://4507510.catchtheclick.com/?mob=dNg0yM7orh7w7FmfddpVRg08_HhpbNIqq7K27UEKILMDFVVz1-Uh0cA0IvAKYdcGHKZePq2lYxzxgBIkrpMzTg&clickid=5fa77f963bc0b80001d7ad4d
4 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://4507510.catchtheclick.com/?mob=dNg0yM7orh7w7FmfddpVRg08_HhpbNIqq7K27UEKILMDFVVz1-Uh0cA0IvAKYdcGHKZePq2lYxzxgBIkrpMzTg&clickid=5fa77f963bc0b80001d7ad4d
Requested by
Host: safe.w0pt0p.online
URL: https://safe.w0pt0p.online/?utm_term=6892618032657465773&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb5b081b68784b49a9b98f5fff1f8eef1f2e0f4bbe7e6fc878a9a90eedeecaa8d8c878d83c7ad8b99d5f8cbcaffcec9f2f3f085848291f5cafac8f8f8fffccdf3f1f0f1c6c7c45e
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
116.202.159.171 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.171.159.202.116.clients.your-server.de
Software
nginx/1.16.1 (Ubuntu) /
Resource Hash
4e2e56ee80b08ecf65038f0a4522f8d0e19d076e20efa69cec9396c3e17753fe

Request headers

Host
4507510.catchtheclick.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
document
Referer
https://safe.w0pt0p.online/?utm_term=6892618032657465773&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb5b081b68784b49a9b98f5fff1f8eef1f2e0f4bbe7e6fc878a9a90eedeecaa8d8c878d83c7ad8b99d5f8cbcaffcec9f2f3f085848291f5cafac8f8f8fffccdf3f1f0f1c6c7c45e
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
referer
http://speedflow.io/adult/a=rr
Referer
https://safe.w0pt0p.online/?utm_term=6892618032657465773&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb5b081b68784b49a9b98f5fff1f8eef1f2e0f4bbe7e6fc878a9a90eedeecaa8d8c878d83c7ad8b99d5f8cbcaffcec9f2f3f085848291f5cafac8f8f8fffccdf3f1f0f1c6c7c45e#

Response headers

Server
nginx/1.16.1 (Ubuntu)
Date
Sun, 08 Nov 2020 05:18:14 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Content-Encoding
gzip

Redirect headers

Server
nginx
Date
Sun, 08 Nov 2020 05:18:14 GMT
Content-Type
text/html; charset=utf-8
Content-Length
185
Connection
keep-alive
Location
https://4507510.catchtheclick.com/?mob=dNg0yM7orh7w7FmfddpVRg08_HhpbNIqq7K27UEKILMDFVVz1-Uh0cA0IvAKYdcGHKZePq2lYxzxgBIkrpMzTg&clickid=5fa77f963bc0b80001d7ad4d
Set-Cookie
redhash=NWZhNzdmOTYzYmMwYjgwMDAxZDdhZDRkfDB8NWY2Y2M2OTdhNDkwMzcwMDAxNTRlNGI3fHwyZWQ0MjE3Yi1lYWU1LTRhNmUtOWM3OS0wZjA1NWYwN2Q1ZTZ8MTYwNDgxMjY5NA==; Path=/; Domain=rdtrck2.com; Expires=Mon, 08 Nov 2021 05:18:14 GMT; SameSite=None; Secure
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers
Content-Length,Content-Range
Primary Request index.html
message.liveplayingnow.com/js2/o/nw/nn_champions_n/ 		8 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://message.liveplayingnow.com/js2/o/nw/nn_champions_n/index.html
Requested by
Host: 4507510.catchtheclick.com
URL: https://4507510.catchtheclick.com/?mob=dNg0yM7orh7w7FmfddpVRg08_HhpbNIqq7K27UEKILMDFVVz1-Uh0cA0IvAKYdcGHKZePq2lYxzxgBIkrpMzTg&clickid=5fa77f963bc0b80001d7ad4d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::ac43:dacc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f83ce2834e776ceed645ec2c17a644490ea6eb9497c745ace5ef8e5201c84c37

Request headers

:method
GET
:authority
message.liveplayingnow.com
:scheme
https
:path
/js2/o/nw/nn_champions_n/index.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://4507510.catchtheclick.com/?mob=dNg0yM7orh7w7FmfddpVRg08_HhpbNIqq7K27UEKILMDFVVz1-Uh0cA0IvAKYdcGHKZePq2lYxzxgBIkrpMzTg&clickid=5fa77f963bc0b80001d7ad4d
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
referer
http://speedflow.io/adult/a=rr
Referer
https://4507510.catchtheclick.com/?mob=dNg0yM7orh7w7FmfddpVRg08_HhpbNIqq7K27UEKILMDFVVz1-Uh0cA0IvAKYdcGHKZePq2lYxzxgBIkrpMzTg&clickid=5fa77f963bc0b80001d7ad4d

Response headers

status
200
date
Sun, 08 Nov 2020 05:18:14 GMT
content-type
text/html
set-cookie
__cfduid=df6df17619e4b177b8cbaf600b876c0c31604812694; expires=Tue, 08-Dec-20 05:18:14 GMT; path=/; domain=.liveplayingnow.com; HttpOnly; SameSite=Lax
last-modified
Fri, 09 Oct 2020 15:49:32 GMT
vary
Accept-Encoding
expires
Mon, 08 Nov 2021 05:18:14 GMT
cache-control
max-age=31536000
cf-cache-status
DYNAMIC
cf-request-id
0647e37b7c000064eb2204b000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=RvKkpjLuAtnsxC5hfrFoQJfVCHwSUhbE88SrPJCNo55QNhpnPY1n%2FTbjugAsMaomGFzo7WqGi1QOYt3GFiX1QUqjLzTgiO8Va8t%2BPoyvVUHRWdg%2FBS9DUWECVT%2BYhu8rIC30llayrQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
5eecd50bf8bd64eb-FRA
content-encoding
br
inc.js
message.liveplayingnow.com/js2/o/nw/nn_champions_n/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://message.liveplayingnow.com/js2/o/nw/nn_champions_n/inc.js
Requested by
Host: message.liveplayingnow.com
URL: https://message.liveplayingnow.com/js2/o/nw/nn_champions_n/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::ac43:dacc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7b0e918a3d688da85e02214245b1197723b97c293af11ac67e9ca0a82f48333d

Request headers

Referer
http://speedflow.io/adult/a=rr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 08 Nov 2020 05:18:14 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
925642
cf-polished
origSize=13002
status
200
cf-request-id
0647e37ba9000064eb07822000000001
last-modified
Mon, 26 Oct 2020 12:46:00 GMT
server
cloudflare
etag
W/"5f96c508-32ca"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=XyzF0U700IziC3ZUrm8qKkH%2F0b9HUdA6r7BoO4NUuBDDuPM7vLkGDrv3GVR1URIVbf8%2FOtbDgqDPs65FIwA9wnzp8W2j8ZlDtR0wXsjjhGidzBB4SyI4P3FEztQa5Ic8OnikUV47KQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
expires
Thu, 28 Oct 2021 12:10:52 GMT
cache-control
max-age=31536000
cf-ray
5eecd50c48cc64eb-FRA
cf-bgj
minify
warning.png
message.liveplayingnow.com/js2/o/nw/nn_champions_n/imgs/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://message.liveplayingnow.com/js2/o/nw/nn_champions_n/imgs/warning.png
Requested by
Host: message.liveplayingnow.com
URL: https://message.liveplayingnow.com/js2/o/nw/nn_champions_n/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::ac43:dacc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b6ab13a0b83b383454496eb435ba062a85720494d1eb8ae0b47403ce2828b1e4

Request headers

Referer
http://speedflow.io/adult/a=rr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 08 Nov 2020 05:18:14 GMT
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
336490
status
200
content-length
6816
cf-request-id
0647e37bad000064eb07823000000001
last-modified
Thu, 21 May 2020 16:38:53 GMT
server
cloudflare
etag
"5ec6ae9d-1aa0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=779afTmcEQNhs29mLJeRtt72KlaxKxciw1WoVFMIk4Bl9OCWdpz47%2Bh3I6%2FeLanJejBKwnx2RQ%2BdIMKTn%2B4UnPq%2Bh9wOZbisj06Sa7AoCdeqWg3fW%2FwjFnfLH4w5qOisAF%2BJcWE6zg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
5eecd50c48cd64eb-FRA
expires
Thu, 04 Nov 2021 07:50:04 GMT
3.jpeg
message.liveplayingnow.com/js2/o/nw/nn_champions_n/imgs/ 		31 KB
31 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://message.liveplayingnow.com/js2/o/nw/nn_champions_n/imgs/3.jpeg
Requested by
Host: message.liveplayingnow.com
URL: https://message.liveplayingnow.com/js2/o/nw/nn_champions_n/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::ac43:dacc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
59b2084b73a17e4c5d978b2ca48ecbf69db4a52e0a6a888e68a02cda70c13240

Request headers

Referer
http://speedflow.io/adult/a=rr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 08 Nov 2020 05:18:14 GMT
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
261869
status
200
content-length
31502
cf-request-id
0647e37bc1000064eb06061000000001
last-modified
Thu, 21 May 2020 16:38:53 GMT
server
cloudflare
etag
"5ec6ae9d-7b0e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=4uDXZRTaC0wh4bDNaAipsgJ6sSHRDwmm8ay5sXzu1OL9hI2M8kWnMjK3iK17CLH2N6e8Kod%2FRDFpbTwf2hym2cT%2BPwx%2BmiPEnFUMWnpIT6yTKRfb9J3C%2F0S6M2BrLybnF1SRziLFdA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
5eecd50c68d464eb-FRA
expires
Fri, 05 Nov 2021 04:33:45 GMT
js
www.googletagmanager.com/gtag/ 		95 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-117424918-2
Requested by
Host: message.liveplayingnow.com
URL: https://message.liveplayingnow.com/js2/o/nw/nn_champions_n/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
4afb6bfe25cb0923a0470f559a2de625bbb472cc9f979a2cebe79918f774dfde
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
http://speedflow.io/adult/a=rr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 08 Nov 2020 05:18:14 GMT
content-encoding
br
vary
Accept-Encoding
status
200
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38327
x-xss-protection
0
last-modified
Sun, 08 Nov 2020 03:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sun, 08 Nov 2020 05:18:14 GMT
c.php
specializedlink.com/ 		0
525 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://specializedlink.com/c.php
Requested by
Host: message.liveplayingnow.com
URL: https://message.liveplayingnow.com/js2/o/nw/nn_champions_n/inc.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
94.130.239.212 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.212.239.130.94.clients.your-server.de
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://speedflow.io/adult/a=rr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 08 Nov 2020 05:18:14 GMT
Server
nginx/1.14.0 (Ubuntu)
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
application/octet-stream, text/html
Access-Control-Allow-Origin
https://message.liveplayingnow.com
Access-Control-Expose-Headers
Content-Length,Content-Range
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Content-Length
0
analytics.js
www.google-analytics.com/ 		46 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-117424918-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
http://speedflow.io/adult/a=rr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 23 Oct 2020 03:00:57 GMT
server
Golfe2
age
146
date
Sun, 08 Nov 2020 05:15:48 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18817
expires
Sun, 08 Nov 2020 07:15:48 GMT
collect
www.google-analytics.com/j/ 		2 B
74 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j87&a=1074442664&t=pageview&_s=1&dl=https%3A%2F%2Fmessage.liveplayingnow.com%2Fjs2%2Fo%2Fnw%2Fnn_champions_n%2Findex.html&dr=https%3A%2F%2F4507510.catchtheclick.com%2F%3Fmob%3DdNg0yM7orh7w7FmfddpVRg08_HhpbNIqq7K27UEKILMDFVVz1-Uh0cA0IvAKYdcGHKZePq2lYxzxgBIkrpMzTg%26clickid%3D5fa77f963bc0b80001d7ad4d&ul=en-us&de=UTF-8&dt=Video&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUABAAAAAC~&jid=175192632&gjid=695908806&cid=1286134087.1604812695&tid=UA-117424918-2&_gid=1488942896.1604812695&_r=1&gtm=2ouas1&z=1527050804
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:821::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://speedflow.io/adult/a=rr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sun, 08 Nov 2020 05:18:14 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
200
content-type
text/plain
access-control-allow-origin
https://message.liveplayingnow.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		1 B
93 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j87&tid=UA-117424918-2&cid=1286134087.1604812695&jid=175192632&gjid=695908806&_gid=1488942896.1604812695&_u=IEBAAUAAAAAAAC~&z=408928374
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
http://speedflow.io/adult/a=rr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Sun, 08 Nov 2020 05:18:14 GMT
status
200
content-type
text/plain
access-control-allow-origin
https://message.liveplayingnow.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
c.php
bonga.readnewmessage.com/ 		0
525 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://bonga.readnewmessage.com/c.php
Requested by
Host: message.liveplayingnow.com
URL: https://message.liveplayingnow.com/js2/o/nw/nn_champions_n/inc.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
94.130.33.169 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.169.33.130.94.clients.your-server.de
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://speedflow.io/adult/a=rr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 08 Nov 2020 05:18:14 GMT
Server
nginx/1.14.0 (Ubuntu)
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
application/octet-stream, text/html
Access-Control-Allow-Origin
https://message.liveplayingnow.com
Access-Control-Expose-Headers
Content-Length,Content-Range
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Content-Length
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
bam-cell.nr-data.net
URL
https://bam-cell.nr-data.net/1/62915533ca?a=14035018&v=1184.ab39b52&to=blEHMktWXkQABkRQDFcbMBRQGF9RBwBCFxNRRA%3D%3D&rst=545&ck=1&ref=http://viral481.com/srv.html&ap=110&be=505&fe=514&dc=511&perf=%7B%22timing%22:%7B%22of%22:1604812692825,%22n%22:0,%22f%22:1,%22dn%22:2,%22dne%22:8,%22c%22:8,%22ce%22:20,%22rq%22:21,%22rp%22:466,%22rpe%22:469,%22dl%22:476,%22di%22:511,%22ds%22:511,%22de%22:511,%22dc%22:513,%22l%22:513,%22le%22:515%7D,%22navigation%22:%7B%7D%7D&fp=531&fcp=531&at=QhYERANMTUo%3D&jsonp=NREUM.setToken

Verdicts & Comments Add Verdict or Comment

40 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes number| ggl_acct function| getpub string| maind function| getParameterByName function| getCookie object| MegaPush undefined| cinfo function| timeoutfn function| mfun object| idbKeyval function| gtag object| dataLayer string| dom_host string| href object| all_rs string| link object| domainarr function| setCookie number| jjj function| new_rand function| isPrivateMode number| count function| trackOutboundLink string| next function| fine number| mg object| body function| FullScreen string| domain object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| gaplugins object| gaGlobal object| gaData

2 Cookies

Domain/Path Name / Value
.liveplayingnow.com/ Name: jjj
Value: 1
.liveplayingnow.com/ Name: __cfduid
Value: df6df17619e4b177b8cbaf600b876c0c31604812694

3 Console Messages

Source Level URL
Text
console-api log URL: https://message.liveplayingnow.com/js2/o/nw/nn_champions_n/inc.js(Line 17)
Message:
console-api log URL: https://message.liveplayingnow.com/js2/o/nw/nn_champions_n/inc.js(Line 18)
Message:
undefined
console-api log URL: https://message.liveplayingnow.com/js2/o/nw/nn_champions_n/inc.js(Line 18)
Message:
new c 30x6639x15435fa77f9651cb0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

4507510.catchtheclick.com
a.realsrv.com
bam-cell.nr-data.net
bonga.readnewmessage.com
c.securepaths.com
cdn.jsdelivr.net
go.secureclickers.com
js-agent.newrelic.com
manyhit.com
message.liveplayingnow.com
rdtrck2.com
safe.w0pt0p.online
specializedlink.com
speedflow.io
stats.g.doubleclick.net
syndication.realsrv.com
traffdaq.com
viral481.com
www.google-analytics.com
www.googletagmanager.com
yo.wackotracko.com
bam-cell.nr-data.net
107.170.39.103
116.202.159.171
151.101.14.110
162.213.255.36
172.67.173.168
198.143.165.220
198.54.116.135
2001:4de0:ac19::1:b:3a
212.32.250.1
212.7.204.100
2606:4700:3032::ac43:dacc
2a00:1450:4001:801::200e
2a00:1450:4001:81a::2008
2a00:1450:4001:821::200e
2a00:1450:400c:c00::9c
2a04:4e42:1b::621
35.190.72.161
94.130.239.212
94.130.33.169
95.211.229.246
038504421a3018a7511e1396d299155bafcb1c0a2317f84360ec964399928793
1b4518e2989abe53ac6d7e491e24e9fed1548341eb9ee52acf1197379fc0b294
20e7bbb7406ea2dbd67739356693b1e2610b01348b8c8ff418e8e25ecebc8fa5
38aa0cb986bf768562982db6b43df9978d75675e110a700707e27b051591e27f
4afb6bfe25cb0923a0470f559a2de625bbb472cc9f979a2cebe79918f774dfde
4e2e56ee80b08ecf65038f0a4522f8d0e19d076e20efa69cec9396c3e17753fe
4ef071f26a6a95d20498fa67e78856aebf65e9e06d46046604acac1ac3e87033
55a9eabf4e824cd89b7b61ef817125453da63dc2ff60141d7d761b3709b5d140
59b2084b73a17e4c5d978b2ca48ecbf69db4a52e0a6a888e68a02cda70c13240
68196ded8064e22490cfce270e85a4fe3f2597fae1867ab151d2a51c4c963814
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
7b0e918a3d688da85e02214245b1197723b97c293af11ac67e9ca0a82f48333d
7e0889ce1e92165e09027869e550e54a646b567ce50a213b79e7dca49e9845dc
b6ab13a0b83b383454496eb435ba062a85720494d1eb8ae0b47403ce2828b1e4
d3f814d49049b29143de2fccdbd97d0a1f0739e2554c482684c7c906b535ea43
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
f0304f634f030209d91d76f627b9e80311740c1c224cafaf3e6f137e0b753538
f83ce2834e776ceed645ec2c17a644490ea6eb9497c745ace5ef8e5201c84c37