urlscan.io logo urlscan.io
SecurityTrails logo

pay2win.cc Open in urlscan Pro
2606:4700:20::ac43:485b  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://pay2win.cc/
Effective URL: https://pay2win.cc/
Submission: On November 11 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 3 countries across 6 domains to perform 24 HTTP transactions. The main IP is 2606:4700:20::ac43:485b, located in United States and belongs to CLOUDFLARENET, US. The main domain is pay2win.cc.
TLS certificate: Issued by E6 on October 4th 2024. Valid for: 3 months.
This is the only time pay2win.cc was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
3 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
8 172.66.41.45 13335 (CLOUDFLAR...)
9 104.18.3.36 13335 (CLOUDFLAR...)
1 172.67.72.91 13335 (CLOUDFLAR...)
1 172.217.16.195 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
24 7
3    2606:4700:20::ac43:485b (United States)

ASN13335 (CLOUDFLARENET, US)
pay2win.cc
1    2a00:1450:4001:803::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
8    172.66.41.45 (United States)

ASN13335 (CLOUDFLARENET, US)
stores-api.billgang.com
t-api.billgang.com
9    104.18.3.36 (None, )

ASN13335 (CLOUDFLARENET, US)
imagedelivery.net
1    172.67.72.91 (United States)

ASN13335 (CLOUDFLARENET, US)
pay2win.cc
1    172.217.16.195 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s65-in-f3.1e100.net
fonts.gstatic.com
1    2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.youtube.com
Apex Domain
Subdomains		 Transfer
9 imagedelivery.net
imagedelivery.net — Cisco Umbrella Rank: 14543
122 KB
8 billgang.com
stores-api.billgang.com
t-api.billgang.com
12 KB
4 pay2win.cc
pay2win.cc
272 KB
1 youtube.com
www.youtube.com — Cisco Umbrella Rank: 77
1 gstatic.com
fonts.gstatic.com
76 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 30
988 B
24 6
Domain Requested by
9 imagedelivery.net
4 t-api.billgang.com pay2win.cc
4 stores-api.billgang.com pay2win.cc
4 pay2win.cc pay2win.cc
1 www.youtube.com pay2win.cc
1 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com pay2win.cc
24 7

This site contains links to these domains. Also see Links.

Domain
discord.gg
Subject Issuer Validity Valid
pay2win.cc
E6		 2024-10-04 -
2025-01-02		 3 months crt.sh
upload.video.google.com
WR2		 2024-10-07 -
2024-12-30		 3 months crt.sh
billgang.com
WE1		 2024-11-01 -
2025-01-30		 3 months crt.sh
imagedelivery.net
E5		 2024-11-04 -
2025-02-02		 3 months crt.sh
*.gstatic.com
WR2		 2024-10-07 -
2024-12-30		 3 months crt.sh
*.google.com
WR2		 2024-10-07 -
2024-12-30		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://pay2win.cc/
Frame ID: 6F56B782478F28BF7F63597B8A8C83AE
Requests: 22 HTTP requests in this frame

Frame: https://www.youtube.com/embed/x90_LRoVDEo
Frame ID: BAEBE06766DF1F5751401525DED22CD8
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Home — pay2win

Page URL History Show full URLs

  1. http://pay2win.cc/ HTTP 307
    https://pay2win.cc/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

24
Requests

100 %
HTTPS

43 %
IPv6

6
Domains

7
Subdomains

7
IPs

3
Countries

483 kB
Transfer

1152 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://pay2win.cc/ HTTP 307
    https://pay2win.cc/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

24 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
pay2win.cc/
Redirect Chain
  • http://pay2win.cc/
  • https://pay2win.cc/
1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://pay2win.cc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:485b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6e6bcbab279e17981b0bb33659f36c01fd602949117f44eb0b333306840af535

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8e11fada0c8a91fb-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Mon, 11 Nov 2024 23:14:40 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FZEPYD9%2FDTrSHngYFydJP2vjlM3%2FfmGGqOr15S81DgVc9J089yXbV8SYaMCdlgNPTNJIuXZsOm%2BOxP%2F8y096%2BZFiQTu95HP44G7jXS0CkCix4krr%2BAkqKw3n%2BtzbL4Q8uz7Bz69lYag%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=TCP&rtt=43144&sent=7&recv=11&lost=0&retrans=0&sent_bytes=4169&recv_bytes=2277&delivery_rate=86879&cwnd=253&unsent_bytes=0&cid=67a1b48582c06a4e&ts=100&x=0"

Redirect headers

Location
https://pay2win.cc/
Non-Authoritative-Reason
HttpsUpgrades
css2
fonts.googleapis.com/ 		1 KB
988 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Bricolage+Grotesque:opsz,wght@12..96,200..800&display=swap
Requested by
Host: pay2win.cc
URL: https://pay2win.cc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
0dd6fa7897249327e3545cf52c9b26e358a53f248cc3b22b2c016b8caa235386
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://pay2win.cc/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Mon, 11 Nov 2024 23:14:40 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 11 Nov 2024 23:14:40 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Mon, 11 Nov 2024 23:12:31 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
index-IqSqh1nE.js
pay2win.cc/assets/ 		859 KB
254 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pay2win.cc/assets/index-IqSqh1nE.js
Requested by
Host: pay2win.cc
URL: https://pay2win.cc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:485b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6607dd55acabe239ff6f02126541dbd75470127629ee262023aaaff8da421547

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://pay2win.cc
Referer
https://pay2win.cc/

Response headers

cache-control
max-age=31536000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-cache-status
HIT
age
177473
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iAl5FCJ2PoZCgzG2N3xg62rgnd%2Fs4r8KYeECNStAQCXsr3rB%2Fvk6FRDEc9%2BbNVkc1bQTMYc6Wuwb0z90VQMWfglxdMnGomQvwVfdyMYAvhAvsewpbjSBHPmtosM%2BmXtEoBamC3IHMEw%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8e11fadabcb691fb-FRA
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=TCP&rtt=43065&sent=23&recv=14&lost=0&retrans=0&sent_bytes=14980&recv_bytes=2509&delivery_rate=122030&cwnd=257&unsent_bytes=0&cid=67a1b48582c06a4e&ts=179&x=0"
date
Mon, 11 Nov 2024 23:14:40 GMT
content-type
application/javascript
last-modified
Sat, 09 Nov 2024 21:56:47 GMT
vary
Accept-Encoding
server
cloudflare
index-N3ZQOVZ9.css
pay2win.cc/assets/ 		52 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://pay2win.cc/assets/index-N3ZQOVZ9.css
Requested by
Host: pay2win.cc
URL: https://pay2win.cc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:485b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9810c351429c2b828386aa7f12d319e9218d907426d673a774d633eb36aa80f5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://pay2win.cc
Referer
https://pay2win.cc/

Response headers

cache-control
max-age=31536000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-cache-status
HIT
age
177473
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tdX2VstnrzwxZCeSB41YzOPEKF4awWRMQC383Zfhu%2BHmN3SyoVBBYXu2i8D1oc2zffDYvcJ1HqZ1QYVNVnbrznVQXwglQAgt7b6W7rAWdYx5IWZN1V5oXPn4cK5wQ28MBo6RcFuIiyM%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8e11fadabcb591fb-FRA
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=TCP&rtt=43065&sent=12&recv=14&lost=0&retrans=0&sent_bytes=5390&recv_bytes=2509&delivery_rate=122030&cwnd=257&unsent_bytes=0&cid=67a1b48582c06a4e&ts=169&x=0"
date
Mon, 11 Nov 2024 23:14:40 GMT
content-type
text/css
last-modified
Sat, 09 Nov 2024 21:56:47 GMT
vary
Accept-Encoding
server
cloudflare
general
stores-api.billgang.com/shops/pay2win.cc/ 		433 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://stores-api.billgang.com/shops/pay2win.cc/general
Requested by
Host: pay2win.cc
URL: https://pay2win.cc/assets/index-IqSqh1nE.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.66.41.45 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
30f3e74a2176f0e764bbdb297f308ab2e764b3a3f39c4ec10604fde082a91c68

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://pay2win.cc/

Response headers

access-control-max-age
864000
content-encoding
br
cf-cache-status
HIT
age
184186
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6mqD2Gfz15QiL8RvCR5gW5NH41F1%2BDtF2ypgCy1EyQjbXF7AkzAVvAqB2XBwC5CB9%2ByNbp18ZoJLoUe%2FI1mf79ceQFAetGFvaN5V8ry1oWhOk2TZ1jQ3oe6csNgImzMVIhH5XfUXelGF"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
*
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=44964&sent=11&recv=9&lost=0&retrans=0&sent_bytes=4256&recv_bytes=4655&delivery_rate=73867&cwnd=12000&unsent_bytes=0&cid=5515b9ef2fd4a039&ts=81&x=1", cfHdrFlush;dur=0
date
Mon, 11 Nov 2024 23:14:40 GMT
content-type
application/json; charset=utf-8
last-modified
Sat, 09 Nov 2024 04:43:08 GMT
vary
Accept-Encoding
access-control-allow-headers
*
cache-control
no-store
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
speculation-rules
"/cdn-cgi/speculation"
x-response-time-ms
3
cf-ray
8e11fadc7f45e512-TXL
access-control-allow-origin
*
server
cloudflare
settings
stores-api.billgang.com/shops/pay2win.cc/ 		2 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://stores-api.billgang.com/shops/pay2win.cc/settings
Requested by
Host: pay2win.cc
URL: https://pay2win.cc/assets/index-IqSqh1nE.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.66.41.45 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d4670978092d37c6240a04e96722e3c77bba104e689add369406cc09639f9258

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://pay2win.cc/

Response headers

access-control-max-age
864000
content-encoding
br
cf-cache-status
HIT
age
184186
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AVIs7SLlE2%2Fy7ofSYV%2B2gO%2Fuv0LLWtr7Rs%2BKa%2FK9us33WNZYs4M3cxNivNnVkljqzW7o2mnwXPhm7qrVjbNqL7ibuKn%2FiTTZLUmc9U4lauYrgDk4Cc%2Fr3E5%2Bh7EV%2BNlQ8RUJ9BWGRYYh"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
*
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=44964&sent=12&recv=9&lost=0&retrans=0&sent_bytes=5314&recv_bytes=4655&delivery_rate=73867&cwnd=12000&unsent_bytes=0&cid=5515b9ef2fd4a039&ts=84&x=1", cfHdrFlush;dur=0
date
Mon, 11 Nov 2024 23:14:40 GMT
content-type
application/json; charset=utf-8
last-modified
Mon, 14 Oct 2024 20:20:36 GMT
vary
Accept-Encoding
access-control-allow-headers
*
cache-control
no-store
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
speculation-rules
"/cdn-cgi/speculation"
x-response-time-ms
3
cf-ray
8e11fadc7f44e512-TXL
access-control-allow-origin
*
server
cloudflare
w=100
imagedelivery.net/A5gbiev6F8AaBvp6M146Kw/7fec0087-9e74-461f-b523-62f95057ae00/ 		2 KB
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://imagedelivery.net/A5gbiev6F8AaBvp6M146Kw/7fec0087-9e74-461f-b523-62f95057ae00/w=100
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.3.36 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
50c60e6a2dc8fe9b03078acae7f9b6a8b25f3fd7e7204d298d9fcaeb4fb379eb
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://pay2win.cc/

Response headers

cf-cache-status
HIT
etag
"cfjFXpKtZekASzJuxAMPpCre1mNEWuYOetQxiZZywEDQ"
cf-bgj
imgq:85,h2pri
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Mon, 11 Nov 2024 23:14:40 GMT
content-type
image/avif
vary
Accept, Accept-Encoding
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
cache-control
public,max-age=172800,stale-while-revalidate=7200
cf-images
internal=ok/- q=0 n=21+26 c=3+22 v=2024.10.6 l=2341 f=false
cf-ray
8e11fadc78d3e513-TXL
accept-ranges
bytes
access-control-allow-origin
*
content-length
2341
server
cloudflare
iconSprite.svg
pay2win.cc/ 		21 KB
8 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://pay2win.cc/iconSprite.svg
Requested by
Host: pay2win.cc
URL: https://pay2win.cc/assets/index-IqSqh1nE.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.72.91 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f94547f911fafb348945a99d496d0c0a030b21d689ca9bffa8a1767359c039bf

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://pay2win.cc/

Response headers

server
cloudflare
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-cache-status
MISS
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JrdSxXBG8VSZhUpiDiWB8hrRoqcShFQHmWHkTxh23jvKA2Fa5tltR9kgFGRwAMZslIk9Dre0WmXxEbHdyyMcUWsgx2xvzj%2FinXKEjs4mzBCew9qzNofhzlsmu9Q%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8e11fadd0a98e531-TXL
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=40029&sent=13&recv=10&lost=0&retrans=0&sent_bytes=4186&recv_bytes=4438&delivery_rate=430&cwnd=12000&unsent_bytes=0&cid=8912bd17469474c2&ts=444&x=1", cfExtPri, cfHdrFlush;dur=0
date
Mon, 11 Nov 2024 23:14:40 GMT
content-type
image/svg+xml
last-modified
Mon, 11 Nov 2024 23:14:40 GMT
vary
Accept-Encoding
priority
u=3,i
%2F
stores-api.billgang.com/shops/pay2win.cc/ 		10 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://stores-api.billgang.com/shops/pay2win.cc/%2F
Requested by
Host: pay2win.cc
URL: https://pay2win.cc/assets/index-IqSqh1nE.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.66.41.45 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2d5d7c5e5923d39f89707880ee8763312213c6da055fb194648da519dbff1020

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://pay2win.cc/

Response headers

access-control-max-age
864000
content-encoding
br
cf-cache-status
HIT
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1sI5yL5ZJBzu%2FlrdmO1j07yGCP2FWBr1eNVRn16MPL2iHDX%2FKfcEz0ARCuwI0ZC3l1yhZ9lgfo6gf0Bc37BP44Eck10SS%2B2LGzoUTqbg1thq1hI4emq4PaPB6K2XAiP%2BKegOYWy%2FeMTA"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
*
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=51697&sent=18&recv=15&lost=0&retrans=0&sent_bytes=7066&recv_bytes=5477&delivery_rate=42345&cwnd=12000&unsent_bytes=0&cid=5515b9ef2fd4a039&ts=179&x=1", cfHdrFlush;dur=0
date
Mon, 11 Nov 2024 23:14:40 GMT
content-type
application/json; charset=utf-8
last-modified
Mon, 11 Nov 2024 17:46:15 GMT
vary
Accept-Encoding
access-control-allow-headers
*
cache-control
no-store
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
speculation-rules
"/cdn-cgi/speculation"
x-response-time-ms
4
cf-ray
8e11fadd18e6e512-TXL
access-control-allow-origin
*
server
cloudflare
%2F
stores-api.billgang.com/shops/pay2win.cc/ 		10 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://stores-api.billgang.com/shops/pay2win.cc/%2F
Requested by
Host: pay2win.cc
URL: https://pay2win.cc/assets/index-IqSqh1nE.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.66.41.45 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2d5d7c5e5923d39f89707880ee8763312213c6da055fb194648da519dbff1020

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://pay2win.cc/

Response headers

access-control-max-age
864000
content-encoding
br
cf-cache-status
HIT
age
0
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WKKSIXI8sofWQg1K9BwLItPqx%2Bb28kVj7mj93SYVB8VkwqPsnvVhgULJP8u89aIykem9LMwC1jdFXCoCJfPX0h7vzmLgVZNCBihCgfCjnloPuj2K2cWToPqjZIBK8K5zU2lHZRG44%2BCD"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
*
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=59314&sent=24&recv=18&lost=0&retrans=0&sent_bytes=11192&recv_bytes=5882&delivery_rate=55180&cwnd=12000&unsent_bytes=0&cid=5515b9ef2fd4a039&ts=236&x=1", cfHdrFlush;dur=0
date
Mon, 11 Nov 2024 23:14:40 GMT
content-type
application/json; charset=utf-8
last-modified
Mon, 11 Nov 2024 17:46:15 GMT
vary
Accept-Encoding
access-control-allow-headers
*
cache-control
no-store
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
speculation-rules
"/cdn-cgi/speculation"
x-response-time-ms
4
cf-ray
8e11fadd8a26e512-TXL
access-control-allow-origin
*
server
cloudflare
p
t-api.billgang.com/ae0ed146-0bc5-496b-a946-a79cf2995e19/t/ 		54 B
677 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://t-api.billgang.com/ae0ed146-0bc5-496b-a946-a79cf2995e19/t/p
Requested by
Host: pay2win.cc
URL: https://pay2win.cc/assets/index-IqSqh1nE.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.66.41.45 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f209266afe86f5d965f9dbe43263147414acacd540fc605a4832ea5779de660f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://pay2win.cc/

Response headers

access-control-max-age
864000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DwtlmnmGm2RPQOInOhuPEahE2GEcrrcojev7nynAEFs88GloaoGOMvzR8p88EPgcGIWM5CAFAPSarq6a88Hcdwp9bwrql%2Bp068p8sMaPcs2ZFFlXIcjIcu6oCIzlflNvgXzB0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
*
cf-ray
8e11fadd2924e512-TXL
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=58220&sent=30&recv=21&lost=0&retrans=0&sent_bytes=15313&recv_bytes=6011&delivery_rate=73667&cwnd=12000&unsent_bytes=0&cid=5515b9ef2fd4a039&ts=358&x=1", cfHdrFlush;dur=0
date
Mon, 11 Nov 2024 23:14:41 GMT
content-type
application/json; charset=utf-8
vary
Accept-Encoding
server
cloudflare
access-control-allow-headers
*
3y9K6as8bTXq_nANBjzKo3IeZx8z6up5BeSl9D4dj_x9PpZBMlGIInE.woff2
fonts.gstatic.com/s/bricolagegrotesque/v7/ 		76 KB
76 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/bricolagegrotesque/v7/3y9K6as8bTXq_nANBjzKo3IeZx8z6up5BeSl9D4dj_x9PpZBMlGIInE.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Bricolage+Grotesque:opsz,wght@12..96,200..800&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.16.195 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s65-in-f3.1e100.net
Software
sffe /
Resource Hash
922afb64cfc75d74678063d3f796e694c9bac74a443d93a58ded1e808c339bf3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://pay2win.cc
Referer
https://fonts.googleapis.com/

Response headers

age
459382
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Thu, 06 Nov 2025 15:38:18 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 06 Nov 2024 15:38:18 GMT
last-modified
Mon, 29 Jul 2024 22:36:30 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
77420
x-xss-protection
0
server
sffe
w=1920
imagedelivery.net/A5gbiev6F8AaBvp6M146Kw/fee34350-1597-4e0c-3248-c17183374c00/ 		35 KB
36 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imagedelivery.net/A5gbiev6F8AaBvp6M146Kw/fee34350-1597-4e0c-3248-c17183374c00/w=1920
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.3.36 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
beb532916159c2948358017aeafb66de2af6119fc27a9e82a2e6f20069adc389
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://pay2win.cc/

Response headers

cf-cache-status
HIT
etag
"cfetrlGLavR9vUur1ilvad7ssep_fOabiIY6DV23sxDQ"
cf-bgj
imgq:85,h2pri
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Mon, 11 Nov 2024 23:14:40 GMT
content-type
image/avif
vary
Accept, Accept-Encoding
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
cache-control
public,max-age=172800,stale-while-revalidate=7200
cf-images
internal=ok/- q=0 n=1013+126 c=0+0 v=2024.10.6 l=36121 f=false
cf-ray
8e11fadd2a60e513-TXL
accept-ranges
bytes
access-control-allow-origin
*
content-length
36121
server
cloudflare
w=500
imagedelivery.net/A5gbiev6F8AaBvp6M146Kw/7fec0087-9e74-461f-b523-62f95057ae00/ 		13 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imagedelivery.net/A5gbiev6F8AaBvp6M146Kw/7fec0087-9e74-461f-b523-62f95057ae00/w=500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.3.36 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9e4a2a5eecd168ef543fbb90e26aefd03a9109cf8fe129a79f3370aef4e8a4c2
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://pay2win.cc/

Response headers

cf-cache-status
HIT
etag
"cfjFXpKtZekASzJuxAMPpCre1mhi8yaH7pEf2-gNpVDQ"
cf-bgj
imgq:85,h2pri
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Mon, 11 Nov 2024 23:14:40 GMT
content-type
image/avif
vary
Accept, Accept-Encoding
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
cache-control
public,max-age=172800,stale-while-revalidate=7200
cf-images
internal=ok/- q=0 n=42+206 c=0+0 v=2024.10.6 l=13613 f=false
cf-ray
8e11fadd2a64e513-TXL
accept-ranges
bytes
access-control-allow-origin
*
content-length
13613
server
cloudflare
w=150
imagedelivery.net/A5gbiev6F8AaBvp6M146Kw/7fec0087-9e74-461f-b523-62f95057ae00/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imagedelivery.net/A5gbiev6F8AaBvp6M146Kw/7fec0087-9e74-461f-b523-62f95057ae00/w=150
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.3.36 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b22c0f9d114ce72e4883f1c0cfad21e391518525fa4ac471ba27f75c81fa7174
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://pay2win.cc/

Response headers

cf-cache-status
HIT
etag
"cfjFXpKtZekASzJuxAMPpCre1mr3a4R_Tyycf9pL2QDQ"
cf-bgj
imgq:85,h2pri
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Mon, 11 Nov 2024 23:14:40 GMT
content-type
image/avif
vary
Accept, Accept-Encoding
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
cache-control
public,max-age=172800,stale-while-revalidate=7200
cf-images
internal=ok/- q=0 n=29+51 c=3+48 v=2024.10.0 l=3480 f=false
cf-ray
8e11fadd2a66e513-TXL
accept-ranges
bytes
access-control-allow-origin
*
content-length
3480
server
cloudflare
x90_LRoVDEo
www.youtube.com/embed/ Frame BAEB 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/embed/x90_LRoVDEo
Requested by
Host: pay2win.cc
URL: https://pay2win.cc/assets/index-IqSqh1nE.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://pay2win.cc/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
br
content-security-policy
require-trusted-types-for 'script'
content-type
text/html; charset=utf-8
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
cross-origin-resource-policy
cross-origin
date
Mon, 11 Nov 2024 23:14:41 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
origin-trial
AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma
no-cache
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server
ESF
strict-transport-security
max-age=31536000
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options
nosniff
x-xss-protection
0
w=500
imagedelivery.net/A5gbiev6F8AaBvp6M146Kw/62f99a18-b228-4a8f-0e92-7dd104636100/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imagedelivery.net/A5gbiev6F8AaBvp6M146Kw/62f99a18-b228-4a8f-0e92-7dd104636100/w=500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.3.36 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
91a5fbb1d943ca213ceff791f6ec63c5d543d6c25e7b07d332cec636c62a2d73
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://pay2win.cc/

Response headers

cf-cache-status
HIT
etag
"cfT6RS4XPDUzMGmv__ryt7Oyd_hi8yaH7pEf2-gNpVDQ"
cf-bgj
imgq:85,h2pri
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Mon, 11 Nov 2024 23:14:41 GMT
content-type
image/avif
vary
Accept, Accept-Encoding
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
cache-control
public,max-age=172800,stale-while-revalidate=7200
cf-images
internal=ok/- q=0 n=2217+291 c=0+0 v=2024.10.6 l=13114 f=false
cf-ray
8e11fade4dfae513-TXL
accept-ranges
bytes
access-control-allow-origin
*
content-length
13114
server
cloudflare
w=500
imagedelivery.net/A5gbiev6F8AaBvp6M146Kw/fb2f1e18-e59c-463e-fa72-6aae01b74300/ 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imagedelivery.net/A5gbiev6F8AaBvp6M146Kw/fb2f1e18-e59c-463e-fa72-6aae01b74300/w=500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.3.36 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9bba638ad4369f4e81421ea6878d9adec95b53c28c2507a9c8641927038a0eaa
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://pay2win.cc/

Response headers

cf-cache-status
HIT
etag
"cfsIhJTf0G9RFWR7f2flvOxeYbhi8yaH7pEf2-gNpVDQ"
cf-bgj
imgq:85,h2pri
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Mon, 11 Nov 2024 23:14:41 GMT
content-type
image/avif
vary
Accept, Accept-Encoding
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
cache-control
public,max-age=172800,stale-while-revalidate=7200
cf-images
internal=ok/- q=0 n=1824+528 c=64+283 v=2024.10.6 l=16137 f=false
cf-ray
8e11fade4dfee513-TXL
accept-ranges
bytes
access-control-allow-origin
*
content-length
16137
server
cloudflare
w=500
imagedelivery.net/A5gbiev6F8AaBvp6M146Kw/075ddbb4-7a04-4f3e-20cd-685af7659400/ 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imagedelivery.net/A5gbiev6F8AaBvp6M146Kw/075ddbb4-7a04-4f3e-20cd-685af7659400/w=500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.3.36 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
db1ef769b6cfd144b785c324fcc487d9a6b9c27e41e1fc2afe6a90a5cf5f6a4d
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://pay2win.cc/

Response headers

cf-cache-status
HIT
etag
"cfbc5dfK0VCFJH9mCRL7wYhQIwhi8yaH7pEf2-gNpVDQ"
cf-bgj
imgq:85,h2pri
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Mon, 11 Nov 2024 23:14:41 GMT
content-type
image/avif
vary
Accept, Accept-Encoding
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
cache-control
public,max-age=172800,stale-while-revalidate=7200
cf-images
internal=ok/- q=0 n=69+390 c=0+0 v=2024.10.6 l=14121 f=false
cf-ray
8e11fade4e01e513-TXL
accept-ranges
bytes
access-control-allow-origin
*
content-length
14121
server
cloudflare
w=500
imagedelivery.net/A5gbiev6F8AaBvp6M146Kw/cf50993d-92c1-4f74-7529-2d98ab1c5b00/ 		13 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imagedelivery.net/A5gbiev6F8AaBvp6M146Kw/cf50993d-92c1-4f74-7529-2d98ab1c5b00/w=500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.3.36 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
91e7efe178e813ee505bc6e5bcba4bc8144a2f9673eec98c401c68d36363c5f1
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://pay2win.cc/

Response headers

cf-cache-status
HIT
etag
"cfUj_HDO8gUNpkJfx1S49kufJ8hi8yaH7pEf2-gNpVDQ"
cf-bgj
imgq:85,h2pri
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Mon, 11 Nov 2024 23:14:41 GMT
content-type
image/avif
vary
Accept, Accept-Encoding
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
cache-control
public,max-age=172800,stale-while-revalidate=7200
cf-images
internal=ok/- q=0 n=950+417 c=101+229 v=2024.10.6 l=13554 f=false
cf-ray
8e11fade4e05e513-TXL
accept-ranges
bytes
access-control-allow-origin
*
content-length
13554
server
cloudflare
w=500
imagedelivery.net/A5gbiev6F8AaBvp6M146Kw/7a20c99d-8c56-489c-18c1-3521b3238400/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imagedelivery.net/A5gbiev6F8AaBvp6M146Kw/7a20c99d-8c56-489c-18c1-3521b3238400/w=500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.3.36 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7b70394b453a1a298bb342db03e72c46eabb713197d08922008b6db3e1181a44
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://pay2win.cc/

Response headers

cf-cache-status
HIT
etag
"cf_HiqEATwEPS_AZO_avZ9h8Mqhi8yaH7pEf2-gNpVDQ"
cf-bgj
imgq:85,h2pri
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
date
Mon, 11 Nov 2024 23:14:41 GMT
content-type
image/avif
vary
Accept, Accept-Encoding
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
cache-control
public,max-age=172800,stale-while-revalidate=7200
cf-images
internal=ok/- q=0 n=821+424 c=35+143 v=2024.10.6 l=9084 f=false
cf-ray
8e11fade4e0ae513-TXL
accept-ranges
bytes
access-control-allow-origin
*
content-length
9084
server
cloudflare
s
t-api.billgang.com/ae0ed146-0bc5-496b-a946-a79cf2995e19/t/p/b27c79e7-0e8d-465d-a0e4-0fb685877efa/ 		54 B
684 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://t-api.billgang.com/ae0ed146-0bc5-496b-a946-a79cf2995e19/t/p/b27c79e7-0e8d-465d-a0e4-0fb685877efa/s
Requested by
Host: pay2win.cc
URL: https://pay2win.cc/assets/index-IqSqh1nE.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.66.41.45 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4b5df917eef0ee06c84f1198343efd5cf6a5cfabe7ada678f9976f0acd86034f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://pay2win.cc/

Response headers

access-control-max-age
864000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5UWEgVGed7%2Bea8i1AF4wMLI1wQnN%2BGSrv6on1UMFSUf3MMdIoqBUMsiP%2FTl3RboiHnlrQhOxI15OYcl%2BwJyqfG8lIWP3llhdRAvmj21mdsRDNV0ktvZWcy7XcU%2B26sVDwNNQUA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
*
cf-ray
8e11fadebd55e512-TXL
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=56027&sent=33&recv=23&lost=0&retrans=0&sent_bytes=16060&recv_bytes=6408&delivery_rate=17801&cwnd=12000&unsent_bytes=0&cid=5515b9ef2fd4a039&ts=442&x=1", cfHdrFlush;dur=0
date
Mon, 11 Nov 2024 23:14:41 GMT
content-type
application/json; charset=utf-8
vary
Accept-Encoding
server
cloudflare
access-control-allow-headers
*
e
t-api.billgang.com/ae0ed146-0bc5-496b-a946-a79cf2995e19/t/p/b27c79e7-0e8d-465d-a0e4-0fb685877efa/s/696980d7-f3e8-45d0-8c47-e5aff555b332/ 		54 B
692 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://t-api.billgang.com/ae0ed146-0bc5-496b-a946-a79cf2995e19/t/p/b27c79e7-0e8d-465d-a0e4-0fb685877efa/s/696980d7-f3e8-45d0-8c47-e5aff555b332/e
Requested by
Host: pay2win.cc
URL: https://pay2win.cc/assets/index-IqSqh1nE.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.66.41.45 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bed49025849f052dd5d1b9178a7e23a955f734a9f4395c0788dbc60bf4fd113b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
application/json
Referer
https://pay2win.cc/

Response headers

access-control-max-age
864000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fvuxXDy2rT%2FO6yHTFDYY%2FtcHnelfA%2BIoP%2BMNAqhfVfWFLiiD1A2PEQWliBY7LVtszODTLWdL%2FrWAmrGNzgrOl%2BDwp18vHY%2BFbCKM%2FHVohtRtYUQWy5IK3XWt9ej%2FoJTYpj65pQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
*
cf-ray
8e11fadf9fa8e512-TXL
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=58369&sent=38&recv=27&lost=0&retrans=0&sent_bytes=17435&recv_bytes=7298&delivery_rate=10241&cwnd=12000&unsent_bytes=0&cid=5515b9ef2fd4a039&ts=659&x=1", cfHdrFlush;dur=0
date
Mon, 11 Nov 2024 23:14:41 GMT
content-type
application/json; charset=utf-8
vary
Accept-Encoding
server
cloudflare
access-control-allow-headers
*
e
t-api.billgang.com/ae0ed146-0bc5-496b-a946-a79cf2995e19/t/p/b27c79e7-0e8d-465d-a0e4-0fb685877efa/s/696980d7-f3e8-45d0-8c47-e5aff555b332/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://t-api.billgang.com/ae0ed146-0bc5-496b-a946-a79cf2995e19/t/p/b27c79e7-0e8d-465d-a0e4-0fb685877efa/s/696980d7-f3e8-45d0-8c47-e5aff555b332/e
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.66.41.45 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://pay2win.cc
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
*
access-control-allow-methods
*
access-control-allow-origin
*
access-control-max-age
864000
alt-svc
h3=":443"; ma=86400
cf-ray
8e11fadf3eb3e512-TXL
content-length
0
date
Mon, 11 Nov 2024 23:14:41 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UGmPleeqPMuBBBJNHYtnGsWigbg9U2WSMEIrVKo2aZWjQCpY9dcaOWfcwtEXkIRHb%2BNZkI5yC%2FPEUfX2Q1bgpKUtZlnDM1Q8M864Vlxh0WxSUOVTOB536bGo67JLvFCknCY50g%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=QUIC&rtt=58516&sent=36&recv=25&lost=0&retrans=0&sent_bytes=16815&recv_bytes=6841&delivery_rate=9624&cwnd=12000&unsent_bytes=0&cid=5515b9ef2fd4a039&ts=495&x=1" cfHdrFlush;dur=0
vary
Accept-Encoding

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0

3 Cookies

Domain/Path Name / Value
.youtube.com/ Name: YSC
Value: VokTW47ivxE
.youtube.com/ Name: VISITOR_INFO1_LIVE
Value: NlhFSjvjHsg
.youtube.com/ Name: VISITOR_PRIVACY_METADATA
Value: CgJERRIEEgAgbg%3D%3D

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
imagedelivery.net
pay2win.cc
stores-api.billgang.com
t-api.billgang.com
www.youtube.com
104.18.3.36
172.217.16.195
172.66.41.45
172.67.72.91
2606:4700:20::ac43:485b
2a00:1450:4001:803::200a
2a00:1450:4001:80e::200e
0dd6fa7897249327e3545cf52c9b26e358a53f248cc3b22b2c016b8caa235386
2d5d7c5e5923d39f89707880ee8763312213c6da055fb194648da519dbff1020
30f3e74a2176f0e764bbdb297f308ab2e764b3a3f39c4ec10604fde082a91c68
4b5df917eef0ee06c84f1198343efd5cf6a5cfabe7ada678f9976f0acd86034f
50c60e6a2dc8fe9b03078acae7f9b6a8b25f3fd7e7204d298d9fcaeb4fb379eb
6607dd55acabe239ff6f02126541dbd75470127629ee262023aaaff8da421547
6e6bcbab279e17981b0bb33659f36c01fd602949117f44eb0b333306840af535
7b70394b453a1a298bb342db03e72c46eabb713197d08922008b6db3e1181a44
91a5fbb1d943ca213ceff791f6ec63c5d543d6c25e7b07d332cec636c62a2d73
91e7efe178e813ee505bc6e5bcba4bc8144a2f9673eec98c401c68d36363c5f1
922afb64cfc75d74678063d3f796e694c9bac74a443d93a58ded1e808c339bf3
9810c351429c2b828386aa7f12d319e9218d907426d673a774d633eb36aa80f5
9bba638ad4369f4e81421ea6878d9adec95b53c28c2507a9c8641927038a0eaa
9e4a2a5eecd168ef543fbb90e26aefd03a9109cf8fe129a79f3370aef4e8a4c2
b22c0f9d114ce72e4883f1c0cfad21e391518525fa4ac471ba27f75c81fa7174
beb532916159c2948358017aeafb66de2af6119fc27a9e82a2e6f20069adc389
bed49025849f052dd5d1b9178a7e23a955f734a9f4395c0788dbc60bf4fd113b
d4670978092d37c6240a04e96722e3c77bba104e689add369406cc09639f9258
db1ef769b6cfd144b785c324fcc487d9a6b9c27e41e1fc2afe6a90a5cf5f6a4d
f209266afe86f5d965f9dbe43263147414acacd540fc605a4832ea5779de660f
f94547f911fafb348945a99d496d0c0a030b21d689ca9bffa8a1767359c039bf