track.onecdn.co.uk Open in urlscan Pro
2606:4700:20::ac43:4bfb Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://t.co/kayAZncKlp
Effective URL:
https://track.onecdn.co.uk/wizardslots-mermaids-millions/
Submission Tags: falconsandbox
Submission: On August 03 via api (August 3rd 2024, 10:12:32 am UTC) from US — Scanned from GB

Summary HTTP 20 Redirects Behaviour Indicators

Summary

This website contacted 10 IPs in 6 countries across 12 domains to perform 20 HTTP transactions. The main IP is 2606:4700:20::ac43:4bfb, located in United States and belongs to CLOUDFLARENET, US. The main domain is track.onecdn.co.uk. The Cisco Umbrella rank of the primary domain is 306612.
TLS certificate: Issued by WE1 on June 17th 2024. Valid for: 3 months.

This is the only time track.onecdn.co.uk was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	93.184.221.165 93.184.221.165	15133 (EDGECAST) (EDGECAST)
1 1	2600:9000:205... 2600:9000:2057:0:19:9934:6a80:93a1	16509 (AMAZON-02) (AMAZON-02)
1 1	67.199.248.10 67.199.248.10	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
4	212.117.190.201 212.117.190.201	7979 (SERVERS-COM) (SERVERS-COM)
2 8	2606:4700:20:... 2606:4700:20::ac43:4bfb	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:811::200a	15169 (GOOGLE) (GOOGLE)
1	188.166.89.47 188.166.89.47	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
2	2a00:1450:400... 2a00:1450:4001:830::2008	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c0c::9d	15169 (GOOGLE) (GOOGLE)
1	172.217.23.99 172.217.23.99	15169 (GOOGLE) (GOOGLE)
20	10

1 93.184.221.165 (London, United Kingdom)

ASN15133 (EDGECAST, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2057:0:19:9934:6a80:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

zb1pr.app.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.199.248.10 (United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: bit.ly

bit.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 212.117.190.201 (Luxembourg, Luxembourg)

ASN7979 (SERVERS-COM, US)

1qgxtxd2n.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700:20::ac43:4bfb (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

track.onecdn.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 188.166.89.47 (Amsterdam, Netherlands)

ASN14061 (DIGITALOCEAN-ASN, US)
PTR: anonym.to

anonym.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.23.99 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s45-in-f3.1e100.net

www.google.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	onecdn.co.uk 2 redirects track.onecdn.co.uk — Cisco Umbrella Rank: 306612	12 KB
4	1qgxtxd2n.com 1qgxtxd2n.com — Cisco Umbrella Rank: 414479	34 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 104	21 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 112	165 KB
1	google.co.uk www.google.co.uk — Cisco Umbrella Rank: 4354	63 B
1	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 252	256 B
1	google.com region1.analytics.google.com — Cisco Umbrella Rank: 3773
1	anonym.to anonym.to — Cisco Umbrella Rank: 635784	5 KB
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 641	30 KB
1	bit.ly 1 redirects bit.ly — Cisco Umbrella Rank: 6373	409 B
1	app.link 1 redirects zb1pr.app.link	650 B
1	t.co t.co — Cisco Umbrella Rank: 979	551 B
20	12

	Domain	Requested by
8	track.onecdn.co.uk	2 redirects 1qgxtxd2n.com track.onecdn.co.uk
4	1qgxtxd2n.com	t.co 1qgxtxd2n.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	www.googletagmanager.com	track.onecdn.co.uk www.googletagmanager.com
1	www.google.co.uk	track.onecdn.co.uk
1	stats.g.doubleclick.net	www.googletagmanager.com
1	region1.analytics.google.com	www.googletagmanager.com
1	anonym.to	track.onecdn.co.uk
1	ajax.googleapis.com	track.onecdn.co.uk
1	bit.ly	1 redirects
1	zb1pr.app.link	1 redirects
1	t.co
20	12

This site contains no links.

Subject Issuer	Validity	Valid
t.co DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-05-08` - `2025-05-07`	a year	crt.sh
Buypass Class 2 CA 5	`2024-05-10` - `2024-11-05`	6 months	crt.sh
onecdn.co.uk WE1	`2024-06-17` - `2024-09-15`	3 months	crt.sh
upload.video.google.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
anonym.to R10	`2024-07-02` - `2024-09-30`	3 months	crt.sh
*.google-analytics.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
*.google.co.uk WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://track.onecdn.co.uk/wizardslots-mermaids-millions/
Frame ID: 9A90FCE88341CC6BCF42D0C1E2A9DBFC
Requests: 18 HTTP requests in this frame

Frame: https://track.onecdn.co.uk/cdn-cgi/challenge-platform/h/b/scripts/jsd/8c81cb09042c/main.js
Frame ID: 80456553CC9FFF42C8C171489CDD31C3
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://t.co/kayAZncKlp Page URL
https://zb1pr.app.link/maimai02 HTTP 307
https://bit.ly/4dupQVU?_branch_match_id=1348224288463422223&utm_medium=marketing&_branch_re... HTTP 301
https://1qgxtxd2n.com/1988642 Page URL
https://1qgxtxd2n.com/r/dir?zoneid=1988642&pb=0f6cf9fb92103431a63b2c1c8104b0b81722687146&psp=V2RF0... Page URL
https://track.onecdn.co.uk/wizardslots-mermaids-millions HTTP 301
https://track.onecdn.co.uk/wizardslots-mermaids-millions/ Page URL

Detected technologies

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

20
Requests

95 %
HTTPS

58 %
IPv6

12
Domains

12
Subdomains

10
IPs

6
Countries

267 kB
Transfer

706 kB
Size

18
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://t.co/kayAZncKlp Page URL
https://zb1pr.app.link/maimai02 HTTP 307
https://bit.ly/4dupQVU?_branch_match_id=1348224288463422223&utm_medium=marketing&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXr0oyLCjSSywo0MvJzMvWz03MBCIDIwA0STBCHwAAAA%3D%3D HTTP 301
https://1qgxtxd2n.com/1988642 Page URL
https://1qgxtxd2n.com/r/dir?zoneid=1988642&pb=0f6cf9fb92103431a63b2c1c8104b0b81722687146&psp=V2RF0sLl59DtrEBEXRGri6FWUEffivJ-HJthUPV-ZFBJi4-v8vSpUylvcgBRbRMrVfBoW2OUzdbCvw1XDA7lsxdlD_8QyZD9gaeqgiGyrJLy-mcH8WAsNFEGPVIDpqVyxKTgKKDuddjBR0r-2j7iYpo3cRpiONJHcNAomJWyj_Vm2xJMP1REq35SvrqVFyXj6rEhNlpEnvgeuhBmRjjoACJSrWWKxnadExt4PNl_Xzmjo6YduHhfEVkxmk_GFg0fHS5cnmNeg3tuCWoL5SPrsPZBBLypS74=&fdl=1&nojs=0&abvar=0&febuild=1.0.297&t=0&wcks=1&wgl=1&cnvs=1&os=-60&tz=Europe/London&ss=1&ls=1&bb=0&cti=0&fn=2&pt=4DwGtzhTG9hZGluZy4uLg&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-GB&pf=Linux%20x86_64&cd=24&vcv=Intel%20Inc.&vcn=Intel%20Iris%20OpenGL%20Engine&psr=poz4lqiaHR0cHM6Ly90LmNvLw&ix=0&x=1600&y=1200&md=0&psu=xe2SWN8aHR0cHM6Ly8xcWd4dHhkMm4uY29tLzE5ODg2NDI&afid=1238797459816448&dl=10&rtt=50&eclog=0&im=1&cha=&chb=&chbr=&chf=&chm=false&chmd=&chp=&chv=&pload=1007&rlp=%5B0%2C0.09999847412109375%2C85.9000015258789%2C45%2C26.20000457763672%2C227.70000457763672%2C123.50000762939453%2C81.5%5D Page URL
https://track.onecdn.co.uk/wizardslots-mermaids-millions HTTP 301
https://track.onecdn.co.uk/wizardslots-mermaids-millions/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

https://zb1pr.app.link/maimai02 HTTP 307
https://bit.ly/4dupQVU?_branch_match_id=1348224288463422223&utm_medium=marketing&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXr0oyLCjSSywo0MvJzMvWz03MBCIDIwA0STBCHwAAAA%3D%3D HTTP 301
https://1qgxtxd2n.com/1988642

Request Chain 9

https://track.onecdn.co.uk/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://track.onecdn.co.uk/cdn-cgi/challenge-platform/h/b/scripts/jsd/8c81cb09042c/main.js

20 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 kayAZncKlp Show response
t.co/ 248 B
551 B 250ms
153ms Document
text/html 93.184.221.165
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://t.co/kayAZncKlp

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.221.165 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

tsa_f /

Resource Hash

5cd85f36bca8127b68fa269f4fbe4f3d2c8272789ded38fac6cdd31ec4db58ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

cache-control: private,max-age=300
content-encoding: gzip
content-length: 181
content-type: text/html; charset=utf-8
date: Sat, 03 Aug 2024 10:12:24 GMT
expires: Sat, 03 Aug 2024 10:17:25 GMT
perf: 7402827104
server: tsa_f
strict-transport-security: max-age=0
vary: Origin
x-connection-hash: 614263b13463d0cad86b1c9f464ea34e6d673a102414ec547dc074b0e3e9d4f9
x-response-time: 120
x-transaction-id: 5943f4133389cc97
x-xss-protection: 0

GET
H2

200

1988642 Show response
1qgxtxd2n.com/
Redirect Chain

https://zb1pr.app.link/maimai02
https://bit.ly/4dupQVU?_branch_match_id=1348224288463422223&utm_medium=marketing&_branch_referrer=H4sIAAAAAAAAA8soKSkottLXr0oyLCjSSywo0MvJzMvWz03MBCIDIwA0STBCHwAAAA%3D%3D
https://1qgxtxd2n.com/1988642

4 KB
2 KB

145ms
42ms

Document
text/html

212.117.190.201
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL: https://1qgxtxd2n.com/1988642
Requested by: Host: t.co
URL: https://t.co/kayAZncKlp
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 212.117.190.201 Luxembourg, Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: nginx /
Resource Hash: 05190cb43e4ba04c1c46a6169b3603f4f793b0f898c661444bf380620ec19ac3

Request headers

Referer: https://t.co/kayAZncKlp
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Sat, 03 Aug 2024 10:12:26 GMT
referrer-policy: no-referrer
server: nginx
timing-allow-origin: *
vary: Accept-Encoding
x-route-id: check.sumbit.dl
x-trace: 80M0kTjHFDMkBgAlTLZ3oN3I8CiaLnGw8Ca0uv5rYhM273pt02-APXtkDAlRCZYkvf-IIgGQ

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=90
content-length: 116
content-security-policy: referrer always;
content-type: text/html; charset=utf-8
date: Sat, 03 Aug 2024 10:12:26 GMT
location: https://1qgxtxd2n.com/1988642
referrer-policy: unsafe-url
server: nginx
via: 1.1 google

GET
H2 200 submit.min.js Show response
1qgxtxd2n.com/ 68 KB
27 KB 58ms
57ms Script
application/javascript 212.117.190.201
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL: https://1qgxtxd2n.com/submit.min.js?abvar=
Requested by: Host: 1qgxtxd2n.com
URL: https://1qgxtxd2n.com/1988642
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 212.117.190.201 Luxembourg, Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: nginx /
Resource Hash: 1e195ccbce9ca0b035381c795c07bb57a092a07401797fb95fe218e0b985a0d8

Request headers

sec-ch-viewport-height: 1200
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
sec-ch-device-memory: 8
sec-ch-viewport-width: 1600
sec-ch-prefers-reduced-transparency: no-preference
Referer
sec-ch-prefers-reduced-motion: no-preference
sec-ch-dpr: 1
sec-ch-prefers-color-scheme: light

Response headers

date: Sat, 03 Aug 2024 10:12:26 GMT
content-encoding: gzip
last-modified: Wed, 24 Jul 2024 13:55:38 GMT
server: nginx
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
x-js-ab: current
etag: W/"66a107da-10fa4"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
timing-allow-origin: *

GET
H2 200 dir
1qgxtxd2n.com/r/ 8 KB
4 KB 45ms
44ms Document
text/html 212.117.190.201
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL: https://1qgxtxd2n.com/r/dir?zoneid=1988642&pb=0f6cf9fb92103431a63b2c1c8104b0b81722687146&psp=V2RF0sLl59DtrEBEXRGri6FWUEffivJ-HJthUPV-ZFBJi4-v8vSpUylvcgBRbRMrVfBoW2OUzdbCvw1XDA7lsxdlD_8QyZD9gaeqgiGyrJLy-mcH8WAsNFEGPVIDpqVyxKTgKKDuddjBR0r-2j7iYpo3cRpiONJHcNAomJWyj_Vm2xJMP1REq35SvrqVFyXj6rEhNlpEnvgeuhBmRjjoACJSrWWKxnadExt4PNl_Xzmjo6YduHhfEVkxmk_GFg0fHS5cnmNeg3tuCWoL5SPrsPZBBLypS74=&fdl=1&nojs=0&abvar=0&febuild=1.0.297&t=0&wcks=1&wgl=1&cnvs=1&os=-60&tz=Europe/London&ss=1&ls=1&bb=0&cti=0&fn=2&pt=4DwGtzhTG9hZGluZy4uLg&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-GB&pf=Linux%20x86_64&cd=24&vcv=Intel%20Inc.&vcn=Intel%20Iris%20OpenGL%20Engine&psr=poz4lqiaHR0cHM6Ly90LmNvLw&ix=0&x=1600&y=1200&md=0&psu=xe2SWN8aHR0cHM6Ly8xcWd4dHhkMm4uY29tLzE5ODg2NDI&afid=1238797459816448&dl=10&rtt=50&eclog=0&im=1&cha=&chb=&chbr=&chf=&chm=false&chmd=&chp=&chv=&pload=1007&rlp=%5B0%2C0.09999847412109375%2C85.9000015258789%2C45%2C26.20000457763672%2C227.70000457763672%2C123.50000762939453%2C81.5%5D
Requested by: Host: 1qgxtxd2n.com
URL: https://1qgxtxd2n.com/submit.min.js?abvar=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 212.117.190.201 Luxembourg, Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
sec-ch-device-memory: 8
sec-ch-dpr: 1
sec-ch-prefers-color-scheme: light
sec-ch-prefers-reduced-motion: no-preference
sec-ch-prefers-reduced-transparency: no-preference
sec-ch-viewport-height: 1200
sec-ch-viewport-width: 1600

Response headers

accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Sat, 03 Aug 2024 10:12:26 GMT
referrer-policy: no-referrer
server: nginx
timing-allow-origin: *
vary: Accept-Encoding
x-route-id: redirect.dl
x-trace: 0AMHGZAYj3vi4QrDN-_x8g7NDqKQdDl_cCtIfDWaJLAKYc0vtiJ149i6iLwnddVz9YQpvaW0

GET
H2

200

Primary Request / Show response
track.onecdn.co.uk/wizardslots-mermaids-millions/
Redirect Chain

https://track.onecdn.co.uk/wizardslots-mermaids-millions
https://track.onecdn.co.uk/wizardslots-mermaids-millions/

2 KB
1 KB

43ms
42ms

Document
text/html

2606:4700:20::ac43:4bfb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://track.onecdn.co.uk/wizardslots-mermaids-millions/
Requested by: Host: 1qgxtxd2n.com
URL: https://1qgxtxd2n.com/r/dir?zoneid=1988642&pb=0f6cf9fb92103431a63b2c1c8104b0b81722687146&psp=V2RF0sLl59DtrEBEXRGri6FWUEffivJ-HJthUPV-ZFBJi4-v8vSpUylvcgBRbRMrVfBoW2OUzdbCvw1XDA7lsxdlD_8QyZD9gaeqgiGyrJLy-mcH8WAsNFEGPVIDpqVyxKTgKKDuddjBR0r-2j7iYpo3cRpiONJHcNAomJWyj_Vm2xJMP1REq35SvrqVFyXj6rEhNlpEnvgeuhBmRjjoACJSrWWKxnadExt4PNl_Xzmjo6YduHhfEVkxmk_GFg0fHS5cnmNeg3tuCWoL5SPrsPZBBLypS74=&fdl=1&nojs=0&abvar=0&febuild=1.0.297&t=0&wcks=1&wgl=1&cnvs=1&os=-60&tz=Europe/London&ss=1&ls=1&bb=0&cti=0&fn=2&pt=4DwGtzhTG9hZGluZy4uLg&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-GB&pf=Linux%20x86_64&cd=24&vcv=Intel%20Inc.&vcn=Intel%20Iris%20OpenGL%20Engine&psr=poz4lqiaHR0cHM6Ly90LmNvLw&ix=0&x=1600&y=1200&md=0&psu=xe2SWN8aHR0cHM6Ly8xcWd4dHhkMm4uY29tLzE5ODg2NDI&afid=1238797459816448&dl=10&rtt=50&eclog=0&im=1&cha=&chb=&chbr=&chf=&chm=false&chmd=&chp=&chv=&pload=1007&rlp=%5B0%2C0.09999847412109375%2C85.9000015258789%2C45%2C26.20000457763672%2C227.70000457763672%2C123.50000762939453%2C81.5%5D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bfb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4efd0a89cce818c1305bbe74369742be375724bdfba466ba3edf8d167c28364b

Request headers

Referer: https://1qgxtxd2n.com/afu.php?zoneid=1977976&var=1988642&abvar=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

cf-cache-status: DYNAMIC
cf-ray: 8ad58782a9b89511-LHR
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sat, 03 Aug 2024 10:12:26 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer
refresh: 15 ; url= https://onecdn.co.uk/relay.php?https://t.co/p7bnmNh6p9
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ta9QIId0d%2FcyaDemvOCsSgTSz3DMLFUyZjDr1XC6a1eGQvkSQWADeHxjAtaKVGTtYG5oMx5%2FSdGuEdxlyLiZ51F9fA5ho%2Fh8zxBCisopjXhiLXDTugEYO5W%2BLa07y176L4Iu2M4DMw7aOm2v%2F55s7Q%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

Redirect headers

cf-cache-status: DYNAMIC
cf-ray: 8ad5878259719511-LHR
content-type: text/html
date: Sat, 03 Aug 2024 10:12:26 GMT
location: https://track.onecdn.co.uk/wizardslots-mermaids-millions/
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u%2BbYGUi5pgE2PDBed5CMiPzyyC7Jo4DcyGv0uNakiXDpC5D8I1qEOiXdxFXOXzl1ylE6%2Bee1HKxAAKaTWCsIfwczH8dLua4fxMdVMZeZwEN9QZLgUcZz87rxBkGdDU9PTA%2BdwH4EDQzjdS1bn429lg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

POST
H2 200 dupa.gif
1qgxtxd2n.com/ 43 B
482 B 42ms
41ms Ping
image/gif 212.117.190.201
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL: https://1qgxtxd2n.com/dupa.gif?z=1988642&ls=1&psu=xe2SWN8aHR0cHM6Ly8xcWd4dHhkMm4uY29tLzE5ODg2NDI&eclog=0&im=1&abvar=0&ss=1&fn=2&lang=en-GB&rtt=50&rlp=[0,0.09999847412109375,85.9000015258789,45,26.20000457763672,227.70000457763672,123.50000762939453,81.5]&cnvs=1&cti=0&md=0&os=-60&psr=poz4lqiaHR0cHM6Ly90LmNvLw&tz=Europe/London&vcv=Intel%20Inc.&ix=0&y=1200&wcks=1&bb=0&pf=Linux%20x86_64&vcn=Intel%20Iris%20OpenGL%20Engine&fdl=1&wgl=1&pt=4DwGtzhTG9hZGluZy4uLg&chm=false&pload=1007&nojs=0&t=0&x=1600&afid=1238797459816448&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&cd=24&febuild=1.0.297&dl=10&zoneid=1988642&pb=0f6cf9fb92103431a63b2c1c8104b0b81722687146&psp=hFjCwe1rDsi2aLq3gDz8yZxYUfHXmW70uamAxtoqAqdWbbYh1MhcF6OpBOZCuxGU5A0V9M9UlrUuZ_X578vV93PJJ7PkoSjKZ6rfY9AAeIB5I7GiH83eu2rG_OBF5SlV3wGAH7rh3KlvXdGLYFii4W381-LdTv6I5iwCr-edzIqH5r2J69QiNX3nSJAt_gK9-I5colYa4VKNISg2bcXUdp7PH6aqtOif_gW4QNrjwNPwgZu2C1A14Zt18LwraJ7F7RnpR5XlE_FkaMiRt1IUBOLTGTEUcsvEmgpVuHcF5h_nFRUvNt0o47CF8S2z91ZufhW9wO-ISg779_lI3YovgRAkULG8n9-8KOHAIdhrfYFbjdDpa2pk8tWMoV3bvOtFg6CUGbm0haOpsyR50s5BfkdLqHQloe77tHZtK9ze0UtWkl-Hj_gMV_bbC9INM5pRAgD9yzDj8rsHSusTLomVctdQvJjiSgRAagNwdSUQ-fi8XKoincnpNFlpoVCBJwlpmXSSETqyL52UdKsdRumNnvfk5MD-ZZeYA8drQYudCgp8M8602UGqS0yUVM0Aa5oF-J0D68SjPq3mwrGabkyGtHoXusAgLju2Zd1_giYDsy4jWmECbZwkPh25wE-aoEiOB4a56T6PNScYscl4hJ-Hh_-FTCF6wkkKZsLukUsaWEYmxPZs9JBbJdE=&pload=74&rlp=%5B0%2C0%2C0%2C0%2C-53.5%2C-8.200004577636719%2C-9.300003051757812%2C0%5D&bb=0
Requested by: Host: 1qgxtxd2n.com
URL: https://1qgxtxd2n.com/r/dir?zoneid=1988642&pb=0f6cf9fb92103431a63b2c1c8104b0b81722687146&psp=V2RF0sLl59DtrEBEXRGri6FWUEffivJ-HJthUPV-ZFBJi4-v8vSpUylvcgBRbRMrVfBoW2OUzdbCvw1XDA7lsxdlD_8QyZD9gaeqgiGyrJLy-mcH8WAsNFEGPVIDpqVyxKTgKKDuddjBR0r-2j7iYpo3cRpiONJHcNAomJWyj_Vm2xJMP1REq35SvrqVFyXj6rEhNlpEnvgeuhBmRjjoACJSrWWKxnadExt4PNl_Xzmjo6YduHhfEVkxmk_GFg0fHS5cnmNeg3tuCWoL5SPrsPZBBLypS74=&fdl=1&nojs=0&abvar=0&febuild=1.0.297&t=0&wcks=1&wgl=1&cnvs=1&os=-60&tz=Europe/London&ss=1&ls=1&bb=0&cti=0&fn=2&pt=4DwGtzhTG9hZGluZy4uLg&plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF&lang=en-GB&pf=Linux%20x86_64&cd=24&vcv=Intel%20Inc.&vcn=Intel%20Iris%20OpenGL%20Engine&psr=poz4lqiaHR0cHM6Ly90LmNvLw&ix=0&x=1600&y=1200&md=0&psu=xe2SWN8aHR0cHM6Ly8xcWd4dHhkMm4uY29tLzE5ODg2NDI&afid=1238797459816448&dl=10&rtt=50&eclog=0&im=1&cha=&chb=&chbr=&chf=&chm=false&chmd=&chp=&chv=&pload=1007&rlp=%5B0%2C0.09999847412109375%2C85.9000015258789%2C45%2C26.20000457763672%2C227.70000457763672%2C123.50000762939453%2C81.5%5D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 212.117.190.201 Luxembourg, Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

sec-ch-viewport-height: 1200
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
sec-ch-device-memory: 8
sec-ch-viewport-width: 1600
sec-ch-prefers-reduced-transparency: no-preference
Referer
sec-ch-prefers-reduced-motion: no-preference
sec-ch-dpr: 1
sec-ch-prefers-color-scheme: light

Response headers

date: Sat, 03 Aug 2024 10:12:26 GMT
x-route-id: stats.redirect-pixel
server: nginx
accept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data
timing-allow-origin: *
content-length: 43
content-type: image/gif

GET
H2 200 7zCA1lmnNPUpm7Zm6--54exbn9Q.js Show response
track.onecdn.co.uk/cdn-cgi/apps/head/ 5 KB
2 KB 40ms
38ms Script
application/javascript 2606:4700:20::ac43:4bfb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://track.onecdn.co.uk/cdn-cgi/apps/head/7zCA1lmnNPUpm7Zm6--54exbn9Q.js
Requested by: Host: track.onecdn.co.uk
URL: https://track.onecdn.co.uk/wizardslots-mermaids-millions/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bfb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c722243f39b891eaa8c40f1552960f57c3d5746f7b5ce236d75d6ea8250c8170

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sat, 03 Aug 2024 10:12:26 GMT
content-encoding: gzip
x-amz-version-id: W5TvhMzI98_q21sdgpX.FP6D8VVe9APG
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: HIT
x-amz-request-id: 8WR1D5PP9M3EHTJ2
age: 11581540
content-length: 1561
x-amz-id-2: akIe0t+apYdqpjke+o9SB8fzKQWsu4bJG97LOrpFsNgUsgXG+zL9E9OSh310R6TDhCZdvOyHvPQ=
last-modified: Sat, 12 Mar 2022 08:30:35 GMT
server: cloudflare
etag: "b63ffa6936052de1ce273aea5c433216"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZH5xeRuWloq2e0VuCUrob9CIcAcPajdltsXceOtk9Uvg9xX9f5tsTlIFq%2BHVw3Y6sfrWTxerH1wUS8w%2BF1swmyAH%2BBCvYOZLR%2BMZgbIEcnV9XDwG2BfOO9EQKCMenx8iz09Epeb3RwqONSKs6bh5lg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 8ad58782fa089511-LHR

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.7.1/ 85 KB
30 KB 139ms
45ms Script
text/javascript 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js

Requested by

Host: track.onecdn.co.uk
URL: https://track.onecdn.co.uk/wizardslots-mermaids-millions/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 02 Aug 2024 14:52:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 69589
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30462
x-xss-protection: 0
last-modified: Tue, 12 Sep 2023 02:38:22 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 02 Aug 2025 14:52:37 GMT

GET
H/1.1 200
OK anonymize.js Show response
anonym.to/anonym/ 4 KB
5 KB 149ms
43ms Script
application/javascript 188.166.89.47
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://anonym.to/anonym/anonymize.js
Requested by: Host: track.onecdn.co.uk
URL: https://track.onecdn.co.uk/wizardslots-mermaids-millions/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 188.166.89.47 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: anonym.to
Software: nginx /
Resource Hash: 9a270ae707a08cd88ceff9014f666feb7286943d3bca773675b2bdfdc025ffe0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Sat, 03 Aug 2024 10:12:26 GMT
Last-Modified: Thu, 06 Jul 2017 11:11:28 GMT
Server: nginx
ETag: "595e1ae0-1147"
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4423
Expires: Sun, 03 Aug 2025 10:12:26 GMT

GET
H2 200 puultvIRKLcR4X3UPmrFJulKArg.js Show response
track.onecdn.co.uk/cdn-cgi/apps/body/ 4 KB
2 KB 44ms
43ms Script
application/javascript 2606:4700:20::ac43:4bfb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://track.onecdn.co.uk/cdn-cgi/apps/body/puultvIRKLcR4X3UPmrFJulKArg.js
Requested by: Host: track.onecdn.co.uk
URL: https://track.onecdn.co.uk/cdn-cgi/apps/head/7zCA1lmnNPUpm7Zm6--54exbn9Q.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bfb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7e59364264e1845d2960130d4df88a05d73785d383b24a8d1568b15232a8d38d

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sat, 03 Aug 2024 10:12:26 GMT
content-encoding: gzip
x-amz-version-id: SeaW5KirP1lknpqIkuycIydBMFzOJ0NI
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: HIT
x-amz-request-id: 37N2SYPG0TWBTDPT
age: 2002399
content-length: 1317
x-amz-id-2: S8d1uh7od2wvM8bt+1vNo5tKh3p11EphEnWlIdQe8qFzR3KAC5dViY+chha0j5YTr3T4MW8Uf/k=
last-modified: Sat, 12 Mar 2022 08:30:34 GMT
server: cloudflare
etag: "b08330e4e7ef7a8bc180891110701921"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P6pXd6URxF%2BJytwhNij9Z5oswU0P1A3%2FzdRsJ9IMdvPVLgaeh%2BCK7fq1KpjPZ5IA%2B2VemUjUjQ6THuwlZ76x%2Fkh0EteyNxCTd1qo55HxDtiBRRiIjj%2FmoDZIfhTvtEfZA8YSgVZ6iCyBGR%2Best4FFA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 8ad58783eaf29511-LHR

GET
H2

200

main.js Show response
track.onecdn.co.uk/cdn-cgi/challenge-platform/h/b/scripts/jsd/8c81cb09042c/ Frame 8045
Redirect Chain

https://track.onecdn.co.uk/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://track.onecdn.co.uk/cdn-cgi/challenge-platform/h/b/scripts/jsd/8c81cb09042c/main.js?

8 KB
4 KB

39ms
36ms

Script
application/javascript

2606:4700:20::ac43:4bfb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://track.onecdn.co.uk/cdn-cgi/challenge-platform/h/b/scripts/jsd/8c81cb09042c/main.js?

Requested by

Host: track.onecdn.co.uk
URL: https://track.onecdn.co.uk/wizardslots-mermaids-millions/

Protocol

Server

2606:4700:20::ac43:4bfb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

50be9503084d571d4e1e74be33b3b0e63d75cf1637862156a0b5cfd0c1a174b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sat, 03 Aug 2024 10:12:26 GMT
content-encoding: br
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HqTWvBJvdJm%2BK9ALFKZxPzmA%2ByEn6D4TX%2Ffn0JqPo%2BdYikRQmm2ZLlhNIWr7DZqjdNSsnRSMN8%2B%2Bwm38RdXmpBkpnVuBBS3IdjjOgJeZZQdezrLHsMRlfKn8n9XMC8dDrrnPA5Lm3zv62qnCKvf2PQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
cf-ray: 8ad587849ba89511-LHR

Redirect headers

date: Sat, 03 Aug 2024 10:12:26 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uQp8pGMVd%2Fyq8Aq0NjqS8LoX%2F8xY5ot1tA6Ih0v%2Fan6nqhlMEZUVF6E1LbcL35aUWDpgXXdAur1SMqYzXtaxv2sjOACLQVrt7dF%2FL6xzyPy0vktIWneWyF0S8t3jECqHDoOQviuAMF7XtXNk6jJ1zA%3D%3D"}],"group":"cf-nel","max_age":604800}
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/8c81cb09042c/main.js?
access-control-allow-origin: *
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
cf-ray: 8ad587844b5f9511-LHR
content-length: 0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 209 KB
75 KB 148ms
54ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-222721725-1

Requested by

Host: track.onecdn.co.uk
URL: https://track.onecdn.co.uk/cdn-cgi/apps/body/puultvIRKLcR4X3UPmrFJulKArg.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

56b3ee88a6c3c597ccb05855d3f5bc0ce8864782235724aa395c92b5bc60d354

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sat, 03 Aug 2024 10:12:27 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 76728
x-xss-protection: 0
last-modified: Sat, 03 Aug 2024 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 03 Aug 2024 10:12:27 GMT

POST
H2 200 8ad58782a9b89511 Show response
track.onecdn.co.uk/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame 8045 0
612 B 80ms
75ms XHR
text/plain 2606:4700:20::ac43:4bfb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://track.onecdn.co.uk/cdn-cgi/challenge-platform/h/b/jsd/r/8ad58782a9b89511
Requested by: Host: track.onecdn.co.uk
URL: https://track.onecdn.co.uk/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bfb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Sat, 03 Aug 2024 10:12:27 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8ad587854c689511-LHR
content-length: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fQJszOCc%2Bjd18aNg6FPklvJFAMkHkU2%2BEAZ2AdGvOvLPBpAJE%2BDZY0Zmb%2FlHB2Cf4ehIyFI8jEY9kCTj0F4BpZLZu7cRCFRi%2BFHmM8RGJJ6RKzYi0VsbvEfv2xQuAWYyCxJ4JLKcNbAlO8KgTYKOTw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 256 KB
90 KB 55ms
54ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-7EH36G98G5&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-222721725-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f004b7512d8796331608ac45fe9bc869212a98fa9d8ee8ae8f6497f00acaa9b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sat, 03 Aug 2024 10:12:27 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 92062
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 03 Aug 2024 10:12:27 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 137ms
41ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-222721725-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 03 Aug 2024 08:29:07 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 6200
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Sat, 03 Aug 2024 10:29:07 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
0 121ms
40ms Fetch
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-7EH36G98G5&gtm=45je47v0v9111213503za200&_p=1722679946919&_gaz=1&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=95250752&cid=1156446884.1722679947&ul=en-gb&sr=1600x1200&_ng=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=AAAI&_s=1&sid=1722679947&sct=1&seg=0&dl=https%3A%2F%2Ftrack.onecdn.co.uk%2Fwizardslots-mermaids-millions%2F&dt=&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=800
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-7EH36G98G5&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 03 Aug 2024 10:12:27 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://track.onecdn.co.uk
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
256 B 120ms
39ms Ping
text/plain 2a00:1450:400c:c0c::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&_ng=1&tid=G-7EH36G98G5&cid=1156446884.1722679947&gtm=45je47v0v9111213503za200&aip=1&dma=0&gcd=13l3l3l3l1&npa=0&frm=0&tag_exp=95250752
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-7EH36G98G5&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c0c::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 03 Aug 2024 10:12:27 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://track.onecdn.co.uk
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.co.uk/ads/ 42 B
63 B 121ms
70ms Image
image/gif 172.217.23.99
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.uk/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&_ng=1&tid=G-7EH36G98G5&cid=1156446884.1722679947&gtm=45je47v0v9111213503za200&aip=1&dma=0&gcd=13l3l3l3l1&npa=0&frm=0&tag_exp=95250752&tag_exp=95250752&z=35200660

Requested by

Host: track.onecdn.co.uk
URL: https://track.onecdn.co.uk/wizardslots-mermaids-millions/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 03 Aug 2024 10:12:27 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
208 B 49ms
48ms XHR
text/plain 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1745623557&t=pageview&_s=1&dl=https%3A%2F%2Ftrack.onecdn.co.uk%2Fwizardslots-mermaids-millions%2F&ul=en-gb&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=612572488&gjid=34641053&cid=1156446884.1722679947&tid=UA-222721725-1&_gid=1720880483.1722679947&_r=1&gtm=457e47v0za200&gcd=13l3l3l3l1&dma=0&tag_exp=95250752&jsscut=1&z=101611638

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 03 Aug 2024 10:12:27 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://track.onecdn.co.uk
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 404 favicon.ico
track.onecdn.co.uk/ 1 KB
1 KB 42ms
41ms Other
text/html 2606:4700:20::ac43:4bfb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://track.onecdn.co.uk/favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::ac43:4bfb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f78c3584dada210aa25c7c26e73b11d8bdd1fcf9255f52d1f63d2f1831e8170e

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 03 Aug 2024 10:12:27 GMT
content-encoding: br
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RWGoyndm1K8dI7I%2FpxjhMBwpO5jV4uHuI2KsAMlO9uR6OCHTwV%2BW5Z1xpnAKCPxUV99fsbJOxho0wE5wqGdb8Af1%2FFit0%2FGcLoZId1zj%2Fi8FneinzQO2VVfNb3SK%2BvtQDpdVnHW6SSNGk%2FYl3iKSAg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html
cache-control: private, no-cache, max-age=0
cf-ray: 8ad58787ff2e9511-LHR

Verdicts & Comments Add Verdict or Comment

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

18 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.t.co/	1970-01-21 08:01:34	Name: muc Value: 0ed2982d-28ad-488d-a81c-ab9ab8066507
.app.link/	1970-01-21 07:16:55	Name: _s Value: PDRm68HIgubqnY1CxGDv30t5KwIg4ZnaqhVUJGZb30CeqibDCW353X6wKUQgX6uV
.bit.ly/	1970-01-21 02:50:31	Name: _bit Value: o73acq-0a3460e8edb3226ea4-00H
1qgxtxd2n.com/	1970-01-21 08:05:53	Name: CHCK Value: 1
1qgxtxd2n.com/	1970-01-21 08:05:53	Name: UID Value: 24080305122ef4869a3aed4b8fbb9b514448
1qgxtxd2n.com/	1970-01-21 08:05:49	Name: UGVyc2lzdFN0b3JhZ2U Value: %7B%7D
1qgxtxd2n.com/	1970-01-20 23:14:31	Name: OACCAP Value: AB6yqQAAAAAAAAAB
1qgxtxd2n.com/	1970-01-20 23:14:31	Name: OACBLOCK Value: AB6yqQAAAABmrf%2Bg
1qgxtxd2n.com/	1970-01-20 23:14:31	Name: TUCAP Value: 2yoSDwAAAAAAAAAB
1qgxtxd2n.com/	1970-01-20 23:14:31	Name: TUBLOCK Value: 2yoSDwAAAABmrf%2Bg
1qgxtxd2n.com/	1970-01-20 22:32:46	Name: OXCCLK Value: AB6yqQAAAAAAAAAB
1qgxtxd2n.com/	1970-01-20 22:32:46	Name: OXPCLK Value: AAIpywAAAAAAAAAB
1qgxtxd2n.com/	1970-01-20 22:32:46	Name: ppucnt Value: 1
.onecdn.co.uk/	1970-01-21 07:16:55	Name: cf_clearance Value: RNLhDU8LZdTP9GrFJV1QAXBySAb3SK_lcVawEFvTOpM-1722679947-1.0.1.1-0OYG34LanJAQmRQu9iLEQQpA3yLH33qk_6CVFqpEOKmwaR28SFP1YVXPBKm2zgst0_XAikMcDyNbIcmkH6nIfA
.onecdn.co.uk/	1970-01-21 08:07:19	Name: _ga_7EH36G98G5 Value: GS1.1.1722679947.1.0.1722679947.60.0.0
.onecdn.co.uk/	1970-01-21 08:07:19	Name: _ga Value: GA1.3.1156446884.1722679947
.onecdn.co.uk/	1970-01-20 22:32:46	Name: _gid Value: GA1.3.1720880483.1722679947
.onecdn.co.uk/	1970-01-20 22:31:20	Name: _gat_gtag_UA_222721725_1 Value: 1

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://track.onecdn.co.uk/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1qgxtxd2n.com
ajax.googleapis.com
anonym.to
bit.ly
region1.analytics.google.com
stats.g.doubleclick.net
t.co
track.onecdn.co.uk
www.google-analytics.com
www.google.co.uk
www.googletagmanager.com
zb1pr.app.link
172.217.23.99
188.166.89.47
2001:4860:4802:32::36
212.117.190.201
2600:9000:2057:0:19:9934:6a80:93a1
2606:4700:20::ac43:4bfb
2a00:1450:4001:811::200a
2a00:1450:4001:827::200e
2a00:1450:4001:830::2008
2a00:1450:400c:c0c::9d
67.199.248.10
93.184.221.165
05190cb43e4ba04c1c46a6169b3603f4f793b0f898c661444bf380620ec19ac3
1e195ccbce9ca0b035381c795c07bb57a092a07401797fb95fe218e0b985a0d8
4efd0a89cce818c1305bbe74369742be375724bdfba466ba3edf8d167c28364b
50be9503084d571d4e1e74be33b3b0e63d75cf1637862156a0b5cfd0c1a174b0
56b3ee88a6c3c597ccb05855d3f5bc0ce8864782235724aa395c92b5bc60d354
5cd85f36bca8127b68fa269f4fbe4f3d2c8272789ded38fac6cdd31ec4db58ed
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
7e59364264e1845d2960130d4df88a05d73785d383b24a8d1568b15232a8d38d
9a270ae707a08cd88ceff9014f666feb7286943d3bca773675b2bdfdc025ffe0
c722243f39b891eaa8c40f1552960f57c3d5746f7b5ce236d75d6ea8250c8170
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f004b7512d8796331608ac45fe9bc869212a98fa9d8ee8ae8f6497f00acaa9b9
f78c3584dada210aa25c7c26e73b11d8bdd1fcf9255f52d1f63d2f1831e8170e
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a

track.onecdn.co.uk Open in urlscan Pro 2606:4700:20::ac43:4bfb Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

20 Requests

95 %HTTPS

58 %IPv6

12 Domains

12 Subdomains

10 IPs

6 Countries

267 kBTransfer

706 kBSize

18 Cookies

0 Outgoing links

Page URL History

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

18 JavaScript Global Variables

18 Cookies

1 Console Messages

Security Headers

Indicators

track.onecdn.co.uk Open in urlscan Pro
2606:4700:20::ac43:4bfb Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

95 %
HTTPS

58 %
IPv6

12
Domains

12
Subdomains

10
IPs

6
Countries

267 kB
Transfer

706 kB
Size

18
Cookies

20 HTTP transactions
0 data transactions