cs.money Open in urlscan Pro
104.20.76.156 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://ziditipecvasp.gq/?phishing
Effective URL:
https://cs.money/?phishing
Submission: On September 25 via api (September 25th 2023, 12:42:31 pm UTC) from US — Scanned from DE

Summary HTTP 144 Redirects Links 20 Behaviour Indicators

Summary

This website contacted 31 IPs in 7 countries across 23 domains to perform 144 HTTP transactions. The main IP is 104.20.76.156, located in United States and belongs to CLOUDFLARENET, US. The main domain is cs.money. The Cisco Umbrella rank of the primary domain is 115191.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on April 11th 2023. Valid for: a year.

This is the only time cs.money was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	185.178.208.181 185.178.208.181	57724 (DDOS-GUARD) (DDOS-GUARD)
1 90	104.20.76.156 104.20.76.156	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
1	172.66.40.77 172.66.40.77	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	52.222.206.178 52.222.206.178	16509 (AMAZON-02) (AMAZON-02)
1	18.66.97.37 18.66.97.37	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:803::2008	15169 (GOOGLE) (GOOGLE)
1	94.130.55.46 94.130.55.46	24940 (HETZNER-AS) (HETZNER-AS)
3	82.202.192.242 82.202.192.242	50340 (SELECTEL-MSK) (SELECTEL-MSK)
1	13.227.219.120 13.227.219.120	16509 (AMAZON-02) (AMAZON-02)
2	34.215.78.194 34.215.78.194	16509 (AMAZON-02) (AMAZON-02)
2	54.72.52.209 54.72.52.209	16509 (AMAZON-02) (AMAZON-02)
1	2a05:d018:ac8... 2a05:d018:ac8:b900:d0e7:d53c:1be7:d35a	16509 (AMAZON-02) (AMAZON-02)
2	142.250.186.134 142.250.186.134	15169 (GOOGLE) (GOOGLE)
1 8	2a02:6b8::1:119 2a02:6b8::1:119	208722 (GLOBAL_DC) (GLOBAL_DC)
2	2a03:2880:f08... 2a03:2880:f083:9:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
3	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	54.192.87.248 54.192.87.248	16509 (AMAZON-02) (AMAZON-02)
1	146.75.116.157 146.75.116.157	54113 (FASTLY) (FASTLY)
1	104.244.42.69 104.244.42.69	13414 (TWITTER) (TWITTER)
1	104.244.42.195 104.244.42.195	13414 (TWITTER) (TWITTER)
1	35.201.85.199 35.201.85.199	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c00::9d	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
1	18.157.224.22 18.157.224.22	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
4	35.190.43.134 35.190.43.134	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f17... 2a03:2880:f176:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
1	104.20.77.156 104.20.77.156	13335 (CLOUDFLAR...) (CLOUDFLARENET)
144	31

1 185.178.208.181 (Russian Federation) 1 redirects

ASN57724 (DDOS-GUARD, RU)
PTR: ddos-guard.net

ziditipecvasp.gq	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

90 104.20.76.156 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

cs.money	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
traces.cs.money	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.66.40.77 (United States)

ASN13335 (CLOUDFLARENET, US)

gleam.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.206.178 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-206-178.fra56.r.cloudfront.net

cdn.amplitude.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.97.37 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-37.fra56.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:803::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 94.130.55.46 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.46.55.130.94.clients.your-server.de

statics.esputnik.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 82.202.192.242 (Russian Federation)

ASN50340 (SELECTEL-MSK, RU)

lib.usedesk.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure.usedesk.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.227.219.120 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-227-219-120.ams54.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.215.78.194 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-215-78-194.us-west-2.compute.amazonaws.com

api.amplitude.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.72.52.209 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-72-52-209.eu-west-1.compute.amazonaws.com

site-script.esputnik.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:ac8:b900:d0e7:d53c:1be7:d35a (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

esputnik.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.134 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f6.1e100.net

12489448.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a02:6b8::1:119 (Moscow, Russian Federation) 1 redirects

ASN208722 (GLOBAL_DC, FI)

mc.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mc.yandex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f083:9:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.192.87.248 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-192-87-248.ams50.r.cloudfront.net

sc-static.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.116.157 (Sweden)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.69 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.195 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.201.85.199 (Ascension Island)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 199.85.201.35.bc.googleusercontent.com

owox.cs.money	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.157.224.22 (United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-157-224-22.eu-central-1.compute.amazonaws.com

web-events.esputnik.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.190.43.134 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 134.43.190.35.bc.googleusercontent.com

tr.snapchat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f176:181:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.20.77.156 (United States)

ASN13335 (CLOUDFLARENET, US)

traces.cs.money	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
92	cs.money 1 redirects cs.money — Cisco Umbrella Rank: 115191 owox.cs.money — Cisco Umbrella Rank: 866049 traces.cs.money — Cisco Umbrella Rank: 774697	4 MB
7	yandex.com 1 redirects mc.yandex.com — Cisco Umbrella Rank: 6180	2 KB
5	esputnik.com statics.esputnik.com — Cisco Umbrella Rank: 123439 site-script.esputnik.com — Cisco Umbrella Rank: 125562 esputnik.com — Cisco Umbrella Rank: 60144 web-events.esputnik.com — Cisco Umbrella Rank: 142360	175 KB
4	snapchat.com tr.snapchat.com — Cisco Umbrella Rank: 955	743 B
4	gstatic.com fonts.gstatic.com	152 KB
3	google.de www.google.de — Cisco Umbrella Rank: 3974 adservice.google.de — Cisco Umbrella Rank: 9064	1 KB
3	google.com region1.analytics.google.com — Cisco Umbrella Rank: 2225 adservice.google.com — Cisco Umbrella Rank: 182	1 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 691	14 KB
3	doubleclick.net 12489448.fls.doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 175	1 KB
3	usedesk.ru lib.usedesk.ru — Cisco Umbrella Rank: 259923 secure.usedesk.ru — Cisco Umbrella Rank: 367821	256 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 111	272 KB
3	amplitude.com cdn.amplitude.com — Cisco Umbrella Rank: 3889 api.amplitude.com — Cisco Umbrella Rank: 2366	19 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 109	252 B
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 229	89 KB
2	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 1261 script.hotjar.com — Cisco Umbrella Rank: 1629	60 KB
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 1065	726 B
1	t.co t.co — Cisco Umbrella Rank: 707	378 B
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 1078	15 KB
1	sc-static.net sc-static.net — Cisco Umbrella Rank: 1100	17 KB
1	yandex.ru mc.yandex.ru — Cisco Umbrella Rank: 2472	70 KB
1	gleam.io gleam.io — Cisco Umbrella Rank: 67901	3 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 113	1 KB
1	ziditipecvasp.gq 1 redirects ziditipecvasp.gq	221 B
144	23

	Domain	Requested by
89	cs.money	1 redirects cs.money
7	mc.yandex.com	1 redirects cs.money mc.yandex.ru
4	tr.snapchat.com	sc-static.net
4	fonts.gstatic.com	fonts.googleapis.com
3	bat.bing.com	cs.money bat.bing.com
3	www.googletagmanager.com	cs.money www.googletagmanager.com
2	traces.cs.money	cs.money
2	adservice.google.de	adservice.google.com
2	www.facebook.com	cs.money
2	adservice.google.com	12489448.fls.doubleclick.net
2	secure.usedesk.ru	cs.money
2	connect.facebook.net	cs.money connect.facebook.net
2	12489448.fls.doubleclick.net	www.googletagmanager.com
2	site-script.esputnik.com	cs.money
2	api.amplitude.com	cs.money
1	web-events.esputnik.com	cs.money
1	www.google.de	cs.money
1	stats.g.doubleclick.net	www.googletagmanager.com
1	region1.analytics.google.com	www.googletagmanager.com
1	owox.cs.money	cs.money
1	analytics.twitter.com	cs.money
1	t.co	cs.money
1	static.ads-twitter.com	cs.money
1	sc-static.net	cs.money
1	mc.yandex.ru	cs.money
1	esputnik.com	cs.money
1	script.hotjar.com	static.hotjar.com
1	lib.usedesk.ru	cs.money
1	statics.esputnik.com	cs.money
1	static.hotjar.com	cs.money
1	cdn.amplitude.com	cs.money
1	gleam.io	cs.money
1	fonts.googleapis.com	cs.money
1	ziditipecvasp.gq	1 redirects
144	34

This site contains links to these domains. Also see Links.

Domain
auth.dota.trade
www.trustpilot.com
mobileapp.cs.money
ecs.faceit.com
blast.tv
csgo.starladder.com
hackerone.com
wiki.cs.money
3d.cs.money
chrome.google.com
apps.apple.com
app-promo.onelink.me
steamcommunity.com
vk.com
www.instagram.com
youtube.com
twitter.com
discord.gg
facebook.com

Subject Issuer	Validity	Valid
cs.money Cloudflare Inc ECC CA-3	`2023-04-11` - `2024-04-10`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
gleam.io GTS CA 1P5	`2023-09-23` - `2023-12-22`	3 months	crt.sh
cdn.amplitude.com Amazon RSA 2048 M01	`2023-01-12` - `2024-02-11`	a year	crt.sh
*.hotjar.com Amazon ECDSA 256 M01	`2023-03-09` - `2024-04-06`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
*.esputnik.com Sectigo RSA Domain Validation Secure Server CA	`2022-11-07` - `2023-11-28`	a year	crt.sh
*.usedesk.ru R3	`2023-08-31` - `2023-11-29`	3 months	crt.sh
*.amplitude.com COMODO RSA Domain Validation Secure Server CA	`2023-01-23` - `2024-02-14`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
mc.yandex.ru GlobalSign ECC OV SSL CA 2018	`2023-08-14` - `2024-01-24`	5 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-07-07` - `2023-10-02`	3 months	crt.sh
www.bing.com Microsoft Azure TLS Issuing CA 05	`2023-07-26` - `2024-01-22`	6 months	crt.sh
sc-static.net Amazon RSA 2048 M02	`2023-01-20` - `2024-02-18`	a year	crt.sh
ads-twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-21` - `2024-07-19`	a year	crt.sh
t.co DigiCert TLS RSA SHA256 2020 CA1	`2022-11-14` - `2023-11-14`	a year	crt.sh
*.twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-19` - `2024-09-17`	a year	crt.sh
owox.cs.money GTS CA 1D4	`2023-08-06` - `2023-11-04`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
*.snap.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-04-13` - `2024-04-12`	a year	crt.sh
*.google.de GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh

This page contains 9 frames:

Primary Page: https://cs.money/?phishing
Frame ID: 762AFA1A0F49253156A85986EB4540C7
Requests: 133 HTTP requests in this frame

Frame: https://12489448.fls.doubleclick.net/activityi;src=12489448;type=pageview;cat=allsite;ord=5640866126194;auiddc=52562672.1695645745;u1=undefined;gtm=45He39k2;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcs.money%2F%3Fphishing
Frame ID: 741AC0DB89712CF139B4A7E696046C2B
Requests: 1 HTTP requests in this frame

Frame: https://12489448.fls.doubleclick.net/activityi;src=12489448;type=pageview;cat=allsuniq;ord=1;num=3836746757056;auiddc=52562672.1695645745;u1=undefined;gtm=45He39k2;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcs.money%2F%3Fphishing
Frame ID: D9FF2890EA3373CAE7F4771474EE5FC9
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/src=12489448;type=pageview;cat=allsite;ord=5640866126194;auiddc=52562672.1695645745;u1=undefined;gtm=45He39k2;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcs.money%2F%3Fphishing
Frame ID: FA2E77F381CD58CC5EC0DDCB2085A8BB
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/src=12489448;type=pageview;cat=allsuniq;ord=1;num=3836746757056;auiddc=52562672.1695645745;u1=undefined;gtm=45He39k2;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcs.money%2F%3Fphishing
Frame ID: B15D2882E510D80CADE2CD93D7654F15
Requests: 1 HTTP requests in this frame

Frame: https://tr.snapchat.com/cm/i?pid=e7f7326d-44a9-4ee8-a401-e2978149a32f&u_scsid=139fe6ba-c81c-4a2d-a7cb-a7683bd39f49&u_sclid=221a99cc-33f2-4c9e-b1f5-48c3c05c515a
Frame ID: 399A7E80134693C72C9C48260C2634C4
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.de/ddm/fls/i/src=12489448;type=pageview;cat=allsite;ord=5640866126194;auiddc=52562672.1695645745;u1=undefined;gtm=45He39k2;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcs.money%2F%3Fphishing
Frame ID: 6A9C36C4B380F52FFDE37424093FCD59
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.de/ddm/fls/i/src=12489448;type=pageview;cat=allsuniq;ord=1;num=3836746757056;auiddc=52562672.1695645745;u1=undefined;gtm=45He39k2;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcs.money%2F%3Fphishing
Frame ID: F346142E85DB53510C7C5C89F95F5D2A
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 9B01E6C526136BD912BEE55301B2470D
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

CS.MONEY — Trading Bot for fast CS:GO skins trade

Page URL History Show full URLs

https://ziditipecvasp.gq/?phishing HTTP 302
https://cs.money/?phishing Page URL

Detected technologies

Amplitude (Analytics) Expand

Overall confidence: 100%
Detected patterns

cdn\.amplitude\.com

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

Yandex.Metrika (Analytics) Expand

Overall confidence: 100%
Detected patterns

mc\.yandex\.ru/metrika/(?:tag|watch)\.js

Page Statistics

144
Requests

99 %
HTTPS

41 %
IPv6

23
Domains

34
Subdomains

31
IPs

7
Countries

5645 kB
Transfer

12401 kB
Size

35
Cookies

20 Outgoing links

These are links going to different origins than the main page.

URL: https://auth.dota.trade/login?redirectUrl=https://cs.money/&callbackUrl=https://cs.money/login&redirectQuery=%3Fphishing
Title: Sign in with SteamSign in

Search URL Search Domain Scan URL

URL: https://www.trustpilot.com/review/cs.money

Search URL Search Domain Scan URL

URL: https://mobileapp.cs.money/
Title: Learn more

Search URL Search Domain Scan URL

URL: https://ecs.faceit.com/
Title: Event website

Search URL Search Domain Scan URL

URL: https://blast.tv/
Title: Event website

Search URL Search Domain Scan URL

URL: https://csgo.starladder.com/en/eu/starseries-s8
Title: Event website

Search URL Search Domain Scan URL

URL: https://hackerone.com/cs_money
Title: Bug bounty

Search URL Search Domain Scan URL

URL: https://wiki.cs.money/
Title: WIKI

Search URL Search Domain Scan URL

URL: https://3d.cs.money/
Title: 3D Skin Viewer

Search URL Search Domain Scan URL

URL: https://chrome.google.com/webstore/detail/csmoney-antiscam/bocdepodnagbohblgjmooobalmcojkpg
Title: Antiscam

Search URL Search Domain Scan URL

URL: https://apps.apple.com/app/cs-money-app/id1593006197
Title: Download on theApp Store

Search URL Search Domain Scan URL

URL: https://app-promo.onelink.me/ji9H/mainlanding
Title: Get it onGoogle Play

Search URL Search Domain Scan URL

URL: https://chrome.google.com/webstore/detail/csmoney-market/mkjknmlmebnimmkonggecjlccealonel
Title: Chrome Web Store Market

Search URL Search Domain Scan URL

URL: https://steamcommunity.com/groups/csmoneytrade

Search URL Search Domain Scan URL

URL: https://vk.com/csmoneytrade

Search URL Search Domain Scan URL

URL: https://www.instagram.com/csmoneytrade/

Search URL Search Domain Scan URL

URL: https://youtube.com/c/CSMONEY

Search URL Search Domain Scan URL

URL: https://twitter.com/csmoneytrade

Search URL Search Domain Scan URL

URL: https://discord.gg/TuFCsYuJNw

Search URL Search Domain Scan URL

URL: https://facebook.com/csmoneytrade/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://ziditipecvasp.gq/?phishing HTTP 302
https://cs.money/?phishing Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 94

https://cs.money/trustpilot HTTP 308
https://cs.money/trustpilot/

Request Chain 132

https://mc.yandex.com/watch/37320625?wmode=7&page-url=https%3A%2F%2Fcs.money%2F%3Fphishing&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3qm6qq812ez2u52y4wzrnbv%3Afp%3A864%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1120%3Acn%3A1%3Adp%3A0%3Als%3A431760191888%3Ahid%3A965080272%3Az%3A120%3Ai%3A20230925144226%3Aet%3A1695645746%3Ac%3A1%3Arn%3A414417630%3Arqn%3A1%3Au%3A1695645746907619808%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A25%2C18%2C162%2C43%2C347%2C0%2C%2C24%2C1%2C%2C%2C%2C1619%3Aco%3A0%3Acpf%3A1%3Ans%3A1695645742878%3Arqnl%3A1%3Ast%3A1695645746%3At%3ACS.MONEY%20%E2%80%94%20Trading%20Bot%20for%20fast%20CS%3AGO%20skins%20trade&t=gdpr(14)mc(p-2-ui-1-up-1)clc(0-0-0)rqnt(1)aw(1)ecs(0)ti(2) HTTP 302
https://mc.yandex.com/watch/37320625/1?wmode=7&page-url=https%3A%2F%2Fcs.money%2F%3Fphishing&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3qm6qq812ez2u52y4wzrnbv%3Afp%3A864%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1120%3Acn%3A1%3Adp%3A0%3Als%3A431760191888%3Ahid%3A965080272%3Az%3A120%3Ai%3A20230925144226%3Aet%3A1695645746%3Ac%3A1%3Arn%3A414417630%3Arqn%3A1%3Au%3A1695645746907619808%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A25%2C18%2C162%2C43%2C347%2C0%2C%2C24%2C1%2C%2C%2C%2C1619%3Aco%3A0%3Acpf%3A1%3Ans%3A1695645742878%3Arqnl%3A1%3Ast%3A1695645746%3At%3ACS.MONEY%20%E2%80%94%20Trading%20Bot%20for%20fast%20CS%3AGO%20skins%20trade&t=gdpr%2814%29mc%28p-2-ui-1-up-1%29clc%280-0-0%29rqnt%281%29aw%281%29ecs%280%29ti%282%29&redirnss=1

144 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
cs.money/
Redirect Chain

https://ziditipecvasp.gq/?phishing
https://cs.money/?phishing

379 KB
88 KB

205ms
162ms

Document
text/html

104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cs.money/?phishing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ae0ac0af8c7608ddbec514233ee34a55ddc812c94a6a6d4cc6c0718ba89f410

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, max-age=0, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 80c358c77eee4d44-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Mon, 25 Sep 2023 12:42:23 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff

Redirect headers

content-length: 0
content-security-policy: upgrade-insecure-requests;
content-type: text/html; charset=UTF-8
date: Mon, 25 Sep 2023 12:42:23 GMT
location: https://cs.money/?phishing
server: ddos-guard

GET
H2 200 mbgy3v-1fdf36f695054a369ee4.css
cs.money/_next/static/css/ 575 KB
108 KB 33ms
32ms Stylesheet
text/css 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cs.money/_next/static/css/mbgy3v-1fdf36f695054a369ee4.css

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a66ca5d72edc946137f101c9ab953f7f29d4b0d5ab0b965aa0e4a95721c9d9bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cs.money/?phishing
Origin: https://cs.money
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 25 Sep 2023 11:53:34 GMT
server: cloudflare
age: 2214
etag: W/"8fcb9-18acc300630"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
content-encoding: br
cache-control: public, max-age=31536000, immutable
cf-ray: 80c358c88fc04d44-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 mbgy3v-30d5a75f3e87cdae21df.css
cs.money/_next/static/css/ 35 KB
7 KB 25ms
25ms Stylesheet
text/css 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cs.money/_next/static/css/mbgy3v-30d5a75f3e87cdae21df.css

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1034ef43de4c9becfe10291877be0655dc1d8884c26a77b7ab65db3e5cac27b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cs.money/?phishing
Origin: https://cs.money
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 25 Sep 2023 11:53:34 GMT
server: cloudflare
age: 942
etag: W/"8cd4-18acc300630"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
content-encoding: br
cache-control: public, max-age=31536000, immutable
cf-ray: 80c358c88fc14d44-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 webpack-b85d6e9c491fbf597116.js Show response
cs.money/_next/static/chunks/ 6 KB
3 KB 43ms
17ms Script
application/javascript 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cs.money/_next/static/chunks/webpack-b85d6e9c491fbf597116.js

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ce8297461f2c955f892b80065fc9c4edbfac56294c2e1f7c21616e6bc23b38e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cs.money/?phishing
Origin: https://cs.money
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 25 Sep 2023 11:53:34 GMT
server: cloudflare
age: 2214
etag: W/"17ea-18acc300630"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
content-encoding: br
cache-control: public, max-age=31536000, immutable
cf-ray: 80c358c8afd54d44-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 framework-336caa3f6419768205fe.js Show response
cs.money/_next/static/chunks/ 129 KB
45 KB 41ms
15ms Script
application/javascript 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cs.money/_next/static/chunks/framework-336caa3f6419768205fe.js

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

20391cdc35039ea85e5420a2d30591fdcf8432b489c208d19d02d145b31fe05c

Security Headers

Name	Value
Content-Security-Policy	script-src https://cs.money 'self' 'unsafe-inline' 'unsafe-eval' cs.money .cs.money https://owox.cs.money https://support.cs.money https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://optimize.google.com https://www.googleoptimize.com https://www.googleanalytics.com https://static.hotjar.com https://static.ads-twitter.com https://cdn.amplitude.com mc.yandex.ru https://.yandex.com https://gleam.io https://widget.gleamjs.io https://analytics.tiktok.com https://connect.facebook.net https://www.facebook.com statics.esputnik.com https://snapchat.com https://.snapchat.com http://.hotjar.com https://.hotjar.com http://.hotjar.io https://.hotjar.io https://bat.bing.com https://c.bing.com https://.clarity.ms https://clarity.microsoft.com https://www.clarity.com https://s3.eu-central-1.amazonaws.com https://sc-static.net/scevent.min.js https://.googletagmanager.com https://.google-analytics.com https://.analytics.google.com https://.googletagmanager.com https://ajax.googleapis.com https://.g.doubleclick.net https://lib.usedesk.ru;worker-src 'self' data: blob:;object-src https://cs.money;img-src https://cs.money 'self' https://.cs.money https://.steamstatic.com https://steamcommunity-a.akamaihd.net https://steamcdn-a.akamaihd.net https://.doubleclick.net https://.bing.com https://t.co https://analytics.twitter.com https://facebook.com https://www.facebook.com https://analytics.ticktock.com https://mc.yandex.ru https://pic.csgo.trade https://www.googletagmanager.com https://secure.usedesk.ru data:;default-src 'self' https://cs.money;connect-src https://cs.money wss://ws-new.cs.money 'self' .cs.money https://owox.cs.money https://api.amplitude.com https://vc.hotjar.io https://content.hotjar.io https://ws.hotjar.com wss://support.cs.money wss://.hotjar.com https://analytics.google.com https://stats.g.doubleclick.net https://yandex.ru https://.yandex.ru https://.yandex.com https://snapchat.com https://.snapchat.com https://esputnik.com https://.esputnik.com https://facebook.com https://www.facebook.com https://analytics.tiktok.com https://api.usedesk.ru/ip https://pubsubsec2.usedesk.ru wss://pubsubsec2.usedesk.ru;media-src 'self' https://s3.eu-central-1.amazonaws.com https://www.google-analytics.com https://www.googletagmanager.com https://ad.doubleclick.net https://ade.googlesyndication.com https://12489448.fls.doubleclick.net https://secure.usedesk.ru/;form-action 'self' https://facebook.com https://www.facebook.com;font-src 'self' https://fonts.gstatic.com;frame-src http://www.youtube.com https://www.facebook.com/ https://cashier.bridgerpay.com/ https://api.sumsub.com/ https://vars.hotjar.com/ https://12489448.fls.doubleclick.net https://tr.snapchat.com https://.doubleclick.net https://*.g.doubleclick.net https://gleam.io;base-uri 'self';frame-ancestors 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cs.money/?phishing
Origin: https://cs.money
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
content-security-policy: script-src https://cs.money 'self' 'unsafe-inline' 'unsafe-eval' cs.money *.cs.money https://owox.cs.money https://support.cs.money https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://optimize.google.com https://www.googleoptimize.com https://www.googleanalytics.com https://static.hotjar.com https://static.ads-twitter.com https://cdn.amplitude.com mc.yandex.ru https://*.yandex.com https://gleam.io https://widget.gleamjs.io https://analytics.tiktok.com https://connect.facebook.net https://www.facebook.com statics.esputnik.com https://snapchat.com https://*.snapchat.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://bat.bing.com https://c.bing.com https://*.clarity.ms https://clarity.microsoft.com https://www.clarity.com https://s3.eu-central-1.amazonaws.com https://sc-static.net/scevent.min.js https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://ajax.googleapis.com https://*.g.doubleclick.net https://lib.usedesk.ru;worker-src 'self' data: blob:;object-src https://cs.money;img-src https://cs.money 'self' https://*.cs.money https://*.steamstatic.com https://steamcommunity-a.akamaihd.net https://steamcdn-a.akamaihd.net https://*.doubleclick.net https://*.bing.com https://t.co https://analytics.twitter.com https://facebook.com https://www.facebook.com https://analytics.ticktock.com https://mc.yandex.ru https://pic.csgo.trade https://www.googletagmanager.com https://secure.usedesk.ru data:;default-src 'self' https://cs.money;connect-src https://cs.money wss://ws-new.cs.money 'self' *.cs.money https://owox.cs.money https://api.amplitude.com https://vc.hotjar.io https://content.hotjar.io https://ws.hotjar.com wss://support.cs.money wss://*.hotjar.com https://analytics.google.com https://stats.g.doubleclick.net https://yandex.ru https://*.yandex.ru https://*.yandex.com https://snapchat.com https://*.snapchat.com https://esputnik.com https://*.esputnik.com https://facebook.com https://www.facebook.com https://analytics.tiktok.com https://api.usedesk.ru/ip https://pubsubsec2.usedesk.ru wss://pubsubsec2.usedesk.ru;media-src 'self' https://s3.eu-central-1.amazonaws.com https://www.google-analytics.com https://www.googletagmanager.com https://ad.doubleclick.net https://ade.googlesyndication.com https://12489448.fls.doubleclick.net https://secure.usedesk.ru/;form-action 'self' https://facebook.com https://www.facebook.com;font-src 'self' https://fonts.gstatic.com;frame-src http://www.youtube.com https://www.facebook.com/ https://cashier.bridgerpay.com/ https://api.sumsub.com/ https://vars.hotjar.com/ https://12489448.fls.doubleclick.net https://tr.snapchat.com https://*.doubleclick.net https://*.g.doubleclick.net https://gleam.io;base-uri 'self';frame-ancestors 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 2943929
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 22 Aug 2023 10:13:33 GMT
server: cloudflare
etag: W/"2025f-18a1cbc3cc8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: http://127.0.0.1:3000, https://owox.cs.money
access-control-expose-headers: Content-Length,Content-Range
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
cf-ray: 80c358c8afd74d44-FRA
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Authorization,Content-Type,Range,csrf-token,csrf-token,x-client-app,traceparent

GET
H3 200 main-02d63308f330734bfc86.js Show response
cs.money/_next/static/chunks/ 76 KB
26 KB 53ms
35ms Script
application/javascript 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cs.money/_next/static/chunks/main-02d63308f330734bfc86.js

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bf4721979f43b9b977b8930f1e3deaf101179c757ff1a9d94742de406dacef94

Security Headers

Name	Value
Content-Security-Policy	script-src https://cs.money 'self' 'unsafe-inline' 'unsafe-eval' cs.money .cs.money https://owox.cs.money https://support.cs.money https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://optimize.google.com https://www.googleoptimize.com https://www.googleanalytics.com https://static.hotjar.com https://static.ads-twitter.com https://cdn.amplitude.com mc.yandex.ru https://.yandex.com https://gleam.io https://widget.gleamjs.io https://analytics.tiktok.com https://connect.facebook.net https://www.facebook.com statics.esputnik.com https://snapchat.com https://.snapchat.com http://.hotjar.com https://.hotjar.com http://.hotjar.io https://.hotjar.io https://bat.bing.com https://c.bing.com https://.clarity.ms https://clarity.microsoft.com https://www.clarity.com https://s3.eu-central-1.amazonaws.com https://sc-static.net/scevent.min.js https://.googletagmanager.com https://.google-analytics.com https://.analytics.google.com https://.googletagmanager.com https://ajax.googleapis.com https://.g.doubleclick.net https://lib.usedesk.ru;worker-src 'self' data: blob:;object-src https://cs.money;img-src https://cs.money 'self' https://.cs.money https://.steamstatic.com https://steamcommunity-a.akamaihd.net https://steamcdn-a.akamaihd.net https://.doubleclick.net https://.bing.com https://t.co https://analytics.twitter.com https://facebook.com https://www.facebook.com https://analytics.ticktock.com https://mc.yandex.ru https://pic.csgo.trade https://www.googletagmanager.com https://secure.usedesk.ru data:;default-src 'self' https://cs.money;connect-src https://cs.money wss://ws-new.cs.money 'self' .cs.money https://owox.cs.money https://api.amplitude.com https://vc.hotjar.io https://content.hotjar.io https://ws.hotjar.com wss://support.cs.money wss://.hotjar.com https://analytics.google.com https://stats.g.doubleclick.net https://yandex.ru https://.yandex.ru https://.yandex.com https://snapchat.com https://.snapchat.com https://esputnik.com https://.esputnik.com https://facebook.com https://www.facebook.com https://analytics.tiktok.com https://api.usedesk.ru/ip https://pubsubsec2.usedesk.ru wss://pubsubsec2.usedesk.ru;media-src 'self' https://s3.eu-central-1.amazonaws.com https://www.google-analytics.com https://www.googletagmanager.com https://ad.doubleclick.net https://ade.googlesyndication.com https://12489448.fls.doubleclick.net https://secure.usedesk.ru/;form-action 'self' https://facebook.com https://www.facebook.com;font-src 'self' https://fonts.gstatic.com;frame-src http://www.youtube.com https://www.facebook.com/ https://cashier.bridgerpay.com/ https://api.sumsub.com/ https://vars.hotjar.com/ https://12489448.fls.doubleclick.net https://tr.snapchat.com https://.doubleclick.net https://*.g.doubleclick.net https://gleam.io;base-uri 'self';frame-ancestors 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cs.money/?phishing
Origin: https://cs.money
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
content-security-policy: script-src https://cs.money 'self' 'unsafe-inline' 'unsafe-eval' cs.money *.cs.money https://owox.cs.money https://support.cs.money https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://optimize.google.com https://www.googleoptimize.com https://www.googleanalytics.com https://static.hotjar.com https://static.ads-twitter.com https://cdn.amplitude.com mc.yandex.ru https://*.yandex.com https://gleam.io https://widget.gleamjs.io https://analytics.tiktok.com https://connect.facebook.net https://www.facebook.com statics.esputnik.com https://snapchat.com https://*.snapchat.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://bat.bing.com https://c.bing.com https://*.clarity.ms https://clarity.microsoft.com https://www.clarity.com https://s3.eu-central-1.amazonaws.com https://sc-static.net/scevent.min.js https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://ajax.googleapis.com https://*.g.doubleclick.net https://lib.usedesk.ru;worker-src 'self' data: blob:;object-src https://cs.money;img-src https://cs.money 'self' https://*.cs.money https://*.steamstatic.com https://steamcommunity-a.akamaihd.net https://steamcdn-a.akamaihd.net https://*.doubleclick.net https://*.bing.com https://t.co https://analytics.twitter.com https://facebook.com https://www.facebook.com https://analytics.ticktock.com https://mc.yandex.ru https://pic.csgo.trade https://www.googletagmanager.com https://secure.usedesk.ru data:;default-src 'self' https://cs.money;connect-src https://cs.money wss://ws-new.cs.money 'self' *.cs.money https://owox.cs.money https://api.amplitude.com https://vc.hotjar.io https://content.hotjar.io https://ws.hotjar.com wss://support.cs.money wss://*.hotjar.com https://analytics.google.com https://stats.g.doubleclick.net https://yandex.ru https://*.yandex.ru https://*.yandex.com https://snapchat.com https://*.snapchat.com https://esputnik.com https://*.esputnik.com https://facebook.com https://www.facebook.com https://analytics.tiktok.com https://api.usedesk.ru/ip https://pubsubsec2.usedesk.ru wss://pubsubsec2.usedesk.ru;media-src 'self' https://s3.eu-central-1.amazonaws.com https://www.google-analytics.com https://www.googletagmanager.com https://ad.doubleclick.net https://ade.googlesyndication.com https://12489448.fls.doubleclick.net https://secure.usedesk.ru/;form-action 'self' https://facebook.com https://www.facebook.com;font-src 'self' https://fonts.gstatic.com;frame-src http://www.youtube.com https://www.facebook.com/ https://cashier.bridgerpay.com/ https://api.sumsub.com/ https://vars.hotjar.com/ https://12489448.fls.doubleclick.net https://tr.snapchat.com https://*.doubleclick.net https://*.g.doubleclick.net https://gleam.io;base-uri 'self';frame-ancestors 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 2943929
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 22 Aug 2023 10:13:33 GMT
server: cloudflare
etag: W/"12f3f-18a1cbc3cc8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: http://127.0.0.1:3000, https://owox.cs.money
access-control-expose-headers: Content-Length,Content-Range
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
cf-ray: 80c358c8ab8c4daf-FRA
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Authorization,Content-Type,Range,csrf-token,csrf-token,x-client-app,traceparent

GET
H3 200 _app-deffb3a26fca6e809f62.js Show response
cs.money/_next/static/chunks/pages/ 4 MB
1 MB 66ms
49ms Script
application/javascript 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cs.money/_next/static/chunks/pages/_app-deffb3a26fca6e809f62.js

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5dd0114bcf5cbcb279a13417cfa97b44bc0fcf55042bf007d35daae170a2bb62

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cs.money/?phishing
Origin: https://cs.money
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 25 Sep 2023 11:53:34 GMT
server: cloudflare
age: 2214
etag: W/"44b039-18acc300630"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
content-encoding: br
cache-control: public, max-age=31536000, immutable
cf-ray: 80c358c8ab914daf-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 4790-f9762af36ac5506282ec.js Show response
cs.money/_next/static/chunks/ 57 KB
15 KB 45ms
28ms Script
application/javascript 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cs.money/_next/static/chunks/4790-f9762af36ac5506282ec.js

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bf89459db665da36d40200cd68a1253c3aeac1ba4635188c5c4f1de298a1df64

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cs.money/?phishing
Origin: https://cs.money
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 18 Sep 2023 13:53:51 GMT
server: cloudflare
age: 598900
etag: W/"e577-18aa891a198"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
content-encoding: br
cache-control: public, max-age=31536000, immutable
cf-ray: 80c358c8ab934daf-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 index-0ab7ebe098cf52e6b16a.js Show response
cs.money/_next/static/chunks/pages/ 9 KB
4 KB 59ms
42ms Script
application/javascript 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cs.money/_next/static/chunks/pages/index-0ab7ebe098cf52e6b16a.js

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

33bc28ac07bffbc02bb7c556b320d5d0154758b6ec5c4fbac209376f93a96dfc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cs.money/?phishing
Origin: https://cs.money
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 18 Sep 2023 13:53:51 GMT
server: cloudflare
age: 598900
etag: W/"2369-18aa891a198"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
content-encoding: br
cache-control: public, max-age=31536000, immutable
cf-ray: 80c358c8ab954daf-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 _buildManifest.js Show response
cs.money/_next/static/MbgY3vAfyQCc2BuDePbDE/ 5 KB
2 KB 60ms
43ms Script
application/javascript 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cs.money/_next/static/MbgY3vAfyQCc2BuDePbDE/_buildManifest.js

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e91a7689e7e98c6691bc2a4446d0a5b3cb6a22ebb1630fda76b02158de5481d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cs.money/?phishing
Origin: https://cs.money
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 25 Sep 2023 11:53:34 GMT
server: cloudflare
age: 2213
etag: W/"129e-18acc300630"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
content-encoding: br
cache-control: public, max-age=31536000, immutable
cf-ray: 80c358c8ab984daf-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 _ssgManifest.js Show response
cs.money/_next/static/MbgY3vAfyQCc2BuDePbDE/ 77 B
308 B 60ms
43ms Script
application/javascript 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cs.money/_next/static/MbgY3vAfyQCc2BuDePbDE/_ssgManifest.js

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cs.money/?phishing
Origin: https://cs.money
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 25 Sep 2023 11:53:34 GMT
server: cloudflare
age: 2213
etag: W/"4d-18acc300630"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
content-encoding: br
cache-control: public, max-age=31536000, immutable
cf-ray: 80c358c8ab9b4daf-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 desktop-banner.png
cs.money/img/cashback-action/ 19 KB
19 KB 61ms
44ms Image
image/png 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/img/cashback-action/desktop-banner.png

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2dd58354d6eb2794872b4258df9865511bc93c3bc5d94ea451f18942100d50f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: BYPASS
last-modified: Mon, 25 Sep 2023 11:45:13 GMT
server: cloudflare
etag: W/"4ad9-18acc286128"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=0
accept-ranges: bytes
cf-ray: 80c358c8ab9d4daf-FRA
alt-svc: h3=":443"; ma=86400
content-length: 19161

GET
H3 200 mobile-banner.png
cs.money/img/cashback-action/ 10 KB
11 KB 63ms
46ms Image
image/png 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/img/cashback-action/mobile-banner.png

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

de80f389c480e5b105eb477cd75efca6d5f5b8908d2435093cdc12d3335bb86d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: BYPASS
last-modified: Mon, 25 Sep 2023 11:45:13 GMT
server: cloudflare
etag: W/"28fe-18acc286128"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=0
accept-ranges: bytes
cf-ray: 80c358c8ab9e4daf-FRA
alt-svc: h3=":443"; ma=86400
content-length: 10494

GET
H3 200 background.png
cs.money/img/cashback-action/ 47 KB
48 KB 76ms
59ms Image
image/png 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/img/cashback-action/background.png

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f431b80eefc05d6a10f7d005317c1cb4c6575e06b8b6e95dde11eb040f66c94

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 926
cf-polished: status=not_needed
alt-svc: h3=":443"; ma=86400
content-length: 48563
cf-bgj: imgq:100,h2pri
last-modified: Mon, 25 Sep 2023 11:45:13 GMT
server: cloudflare
etag: W/"bdb3-18acc286128"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 80c358c8ab9f4daf-FRA

GET
H3 200 new_logo.svg
cs.money/svg/ 4 KB
2 KB 76ms
59ms Image
image/svg+xml 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/svg/new_logo.svg

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1959748de4e441488eafac628f9ba4607ad44699d5202569c12feac3ff0dceea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 25 Sep 2023 11:45:14 GMT
server: cloudflare
age: 265
etag: W/"115a-18acc286510"
vary: Accept-Encoding
content-type: image/svg+xml
content-encoding: br
cache-control: public, max-age=691200
cf-ray: 80c358c8aba04daf-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 en.svg
cs.money/svg/flags-new/ 1 KB
804 B 77ms
60ms Image
image/svg+xml 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/svg/flags-new/en.svg

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

609d6bfeb2dc769f744210667bc28c764c806678161441ca35cf45ee69bbdbe2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 25 Sep 2023 09:37:04 GMT
server: cloudflare
age: 4492
etag: W/"5d6-18acbb30e00"
vary: Accept-Encoding
content-type: image/svg+xml
content-encoding: br
cache-control: public, max-age=691200
cf-ray: 80c358c8aba24daf-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 ru.svg
cs.money/svg/flags-new/ 562 B
630 B 42ms
26ms Image
image/svg+xml 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/svg/flags-new/ru.svg

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c7ba7379c862d99cf8094cd02405adbe7f710c5eb81d8563dea6911b2ddb01c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 25 Sep 2023 09:37:04 GMT
server: cloudflare
age: 4492
etag: W/"232-18acbb30e00"
vary: Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
content-encoding: br
cache-control: public, max-age=691200
cf-ray: 80c358c8aba34daf-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 pt.svg
cs.money/svg/flags-new/ 822 B
727 B 80ms
63ms Image
image/svg+xml 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/svg/flags-new/pt.svg

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc0bcf1cbdfa76a00669186eff9de57b63543d8c0b455f8064392746f2441d37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: BYPASS
last-modified: Mon, 25 Sep 2023 11:45:14 GMT
server: cloudflare
content-encoding: br
etag: W/"336-18acc286510"
vary: Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=0
cf-ray: 80c358c8aba44daf-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 pl.svg
cs.money/svg/flags-new/ 356 B
482 B 81ms
65ms Image
image/svg+xml 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/svg/flags-new/pl.svg

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

40b2601848e753bebf1cbfebd0ead2d69b165d9a477d15f533b146e1febade01

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 25 Sep 2023 09:37:04 GMT
server: cloudflare
age: 4492
etag: W/"164-18acbb30e00"
vary: Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
content-encoding: br
cache-control: public, max-age=691200
cf-ray: 80c358c8aba54daf-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 uk.svg
cs.money/svg/flags-new/ 540 B
592 B 82ms
65ms Image
image/svg+xml 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/svg/flags-new/uk.svg

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

277bc854e06499fc5ea8d5878d7538ab92a3036cb143bc0e21455fd977d101e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 25 Sep 2023 11:45:14 GMT
server: cloudflare
age: 266
etag: W/"21c-18acc286510"
vary: Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
content-encoding: br
cache-control: public, max-age=691200
cf-ray: 80c358c8aba64daf-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 de.svg
cs.money/svg/flags-new/ 594 B
611 B 82ms
66ms Image
image/svg+xml 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/svg/flags-new/de.svg

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c7de15eb095bebecfe389c0e560e822ca4806258cb0307f366911027b7936ab2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 25 Sep 2023 11:45:14 GMT
server: cloudflare
age: 37
etag: W/"252-18acc286510"
vary: Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
content-encoding: br
cache-control: public, max-age=691200
cf-ray: 80c358c8aba74daf-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 tr.svg
cs.money/svg/flags-new/ 686 B
630 B 82ms
66ms Image
image/svg+xml 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/svg/flags-new/tr.svg

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

246aaf2b5e61543b906fcca7a9a25a4f12f78976e2a4f38d81576b4adac74855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 25 Sep 2023 11:45:14 GMT
server: cloudflare
age: 37
etag: W/"2ae-18acc286510"
vary: Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
content-encoding: br
cache-control: public, max-age=691200
cf-ray: 80c358c8aba84daf-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 sv.svg
cs.money/svg/flags-new/ 651 B
645 B 83ms
66ms Image
image/svg+xml 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/svg/flags-new/sv.svg

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6b9ed80639bca469212b8517f2a05da172dbaa83396d0991fc5ae3d41a15cf8b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 25 Sep 2023 11:45:14 GMT
server: cloudflare
age: 37
etag: W/"28b-18acc286510"
vary: Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
content-encoding: br
cache-control: public, max-age=691200
cf-ray: 80c358c8abaa4daf-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 zh.svg
cs.money/svg/flags-new/ 934 B
771 B 83ms
67ms Image
image/svg+xml 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/svg/flags-new/zh.svg

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dad0ae457c13ddb73c875ded3870c53b6cb6ce280298be6c7b6dd0cfcdd81085

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 25 Sep 2023 11:45:14 GMT
server: cloudflare
age: 37
etag: W/"3a6-18acc286510"
vary: Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
content-encoding: br
cache-control: public, max-age=691200
cf-ray: 80c358c8abac4daf-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 fr.svg
cs.money/svg/flags-new/ 553 B
572 B 83ms
67ms Image
image/svg+xml 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/svg/flags-new/fr.svg

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

475af5fdb913c07a44a0514550ff6a3bfe36680a4be043c4fffaf7e4eba92142

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 25 Sep 2023 09:37:04 GMT
server: cloudflare
age: 4492
etag: W/"229-18acbb30e00"
vary: Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
content-encoding: br
cache-control: public, max-age=691200
cf-ray: 80c358c8abad4daf-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 vi.svg
cs.money/svg/flags-new/ 464 B
538 B 84ms
67ms Image
image/svg+xml 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/svg/flags-new/vi.svg

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

642c0e19fcc8d769a7fefd4f563a26bde602ec2960f69467ce9628ca090a8f48

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 25 Sep 2023 11:45:14 GMT
server: cloudflare
age: 37
etag: W/"1d0-18acc286510"
vary: Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
content-encoding: br
cache-control: public, max-age=691200
cf-ray: 80c358c8abae4daf-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 ro.svg
cs.money/svg/flags-new/ 597 B
626 B 83ms
67ms Image
image/svg+xml 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/svg/flags-new/ro.svg

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d37f2e7600e0ea073cd27c539b2aa1c34d082a9ef8b45affb6cc61d7182c06e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 25 Sep 2023 09:37:04 GMT
server: cloudflare
age: 4492
etag: W/"255-18acbb30e00"
vary: Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
content-encoding: br
cache-control: public, max-age=691200
cf-ray: 80c358c8abaf4daf-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 cs.svg
cs.money/svg/flags-new/ 534 B
559 B 83ms
67ms Image
image/svg+xml 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/svg/flags-new/cs.svg

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f71116c3c63cace49a4343f08d223a13fd8ee478449c7ce4c0a5126c90e82b7b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 25 Sep 2023 09:37:04 GMT
server: cloudflare
age: 4492
etag: W/"216-18acbb30e00"
vary: Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
content-encoding: br
cache-control: public, max-age=691200
cf-ray: 80c358c8abb04daf-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 es.svg
cs.money/svg/flags-new/ 575 B
642 B 84ms
67ms Image
image/svg+xml 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/svg/flags-new/es.svg

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9fa95101414ec2dcb5d7a65f90f0970b8326971fc25a96015bd7d55a3c193d9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 25 Sep 2023 11:45:14 GMT
server: cloudflare
age: 37
etag: W/"23f-18acc286510"
vary: Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
content-encoding: br
cache-control: public, max-age=691200
cf-ray: 80c358c8abb14daf-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 dk.svg
cs.money/svg/flags-new/ 526 B
571 B 84ms
68ms Image
image/svg+xml 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/svg/flags-new/dk.svg

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b400c8a09997d596f18e18e6cdade8a96a100e821beabbac68e81c747ff6c80

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 25 Sep 2023 11:45:14 GMT
server: cloudflare
age: 37
etag: W/"20e-18acc286510"
vary: Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
content-encoding: br
cache-control: public, max-age=691200
cf-ray: 80c358c8abb24daf-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 fi.svg
cs.money/svg/flags-new/ 521 B
564 B 87ms
71ms Image
image/svg+xml 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/svg/flags-new/fi.svg

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff8e0e37256275dbe7f694b9c4933a4e94b8ad3d9dfa9b736a636a40e971f29f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 25 Sep 2023 11:45:14 GMT
server: cloudflare
age: 37
etag: W/"209-18acc286510"
vary: Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
content-encoding: br
cache-control: public, max-age=691200
cf-ray: 80c358c8abb34daf-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 no.svg
cs.money/svg/flags-new/ 844 B
720 B 88ms
72ms Image
image/svg+xml 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/svg/flags-new/no.svg

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d8179c8d496e99f2d8fad4d19bb2704f608fce31104b27735e01e402a2a1425d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 25 Sep 2023 09:37:04 GMT
server: cloudflare
age: 4492
etag: W/"34c-18acbb30e00"
vary: Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
content-encoding: br
cache-control: public, max-age=691200
cf-ray: 80c358c8abb44daf-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 hu.svg
cs.money/svg/flags-new/ 582 B
604 B 88ms
72ms Image
image/svg+xml 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/svg/flags-new/hu.svg

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

48ba180c5cbae5c6f70f719187f3d1c6473cccf3578ef5b9594098cac63ad1d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 25 Sep 2023 09:37:04 GMT
server: cloudflare
age: 4491
etag: W/"246-18acbb30e00"
vary: Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
content-encoding: br
cache-control: public, max-age=691200
cf-ray: 80c358c8abb54daf-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 jp.svg
cs.money/svg/flags-new/ 497 B
535 B 88ms
72ms Image
image/svg+xml 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/svg/flags-new/jp.svg

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4e9cfedd22e84aeda326ac9c06bb934fe47b0d64a6da808b19767b64647fd27e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 25 Sep 2023 09:37:04 GMT
server: cloudflare
age: 4492
etag: W/"1f1-18acbb30e00"
vary: Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
content-encoding: br
cache-control: public, max-age=691200
cf-ray: 80c358c8abb74daf-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 th.svg
cs.money/svg/flags-new/ 728 B
675 B 89ms
73ms Image
image/svg+xml 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/svg/flags-new/th.svg

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

53f9d00057b365252a452669aad24e1d0fa72b9d0e626347021d9c216de92126

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 25 Sep 2023 09:37:04 GMT
server: cloudflare
age: 4492
etag: W/"2d8-18acbb30e00"
vary: Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
content-encoding: br
cache-control: public, max-age=691200
cf-ray: 80c358c8abb94daf-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 logo_trade.svg
cs.money/svg/ 2 KB
775 B 89ms
73ms Image
image/svg+xml 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/svg/logo_trade.svg

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a19415d2ba0d26344a11208f862c09db40e34c88e9e051a16594319997b5dffd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 25 Sep 2023 09:37:04 GMT
server: cloudflare
age: 4492
etag: W/"62a-18acbb30e00"
vary: Accept-Encoding
content-type: image/svg+xml
content-encoding: br
cache-control: public, max-age=691200
cf-ray: 80c358c8abba4daf-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 header-bg.webp
cs.money/img/main/webp/ 2 MB
2 MB 89ms
73ms Image
image/webp 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/img/main/webp/header-bg.webp

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

477a6f20f1f9a1cbfad1118cddb7840ca6bf82edf3d62fc3dbd39b81a40db512

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 25 Sep 2023 09:37:04 GMT
server: cloudflare
age: 3882
etag: W/"1b66e4-18acbb30e00"
vary: Accept-Encoding
content-type: image/webp
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 80c358c8abbb4daf-FRA
alt-svc: h3=":443"; ma=86400
content-length: 1795812

GET
H3 200 ak-1750.webp
cs.money/img/main/webp/ 291 KB
292 KB 205ms
189ms Image
image/webp 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/img/main/webp/ak-1750.webp

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5bac0564702a691e8612c7d356a4aa52a4c817163bcd19b39d9f556d6493dc86

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: BYPASS
last-modified: Mon, 25 Sep 2023 11:45:14 GMT
server: cloudflare
etag: W/"48dba-18acc286510"
vary: Accept-Encoding
content-type: image/webp
cache-control: public, max-age=0
accept-ranges: bytes
cf-ray: 80c358c8abbc4daf-FRA
alt-svc: h3=":443"; ma=86400
content-length: 298426

GET
H3 200 skin_ak_line.svg
cs.money/svg/main/ 2 KB
955 B 218ms
203ms Image
image/svg+xml 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/svg/main/skin_ak_line.svg

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60feb38fb7f7aa935d9d6dc78f5ccdd6c254369b3b916f7f651cbeef40fdd271

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 25 Sep 2023 11:45:14 GMT
server: cloudflare
age: 37
etag: W/"61e-18acc286510"
vary: Accept-Encoding
content-type: image/svg+xml
content-encoding: br
cache-control: public, max-age=691200
cf-ray: 80c358c8abbd4daf-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 karambit-1750.webp
cs.money/img/main/webp/ 82 KB
83 KB 218ms
203ms Image
image/webp 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/img/main/webp/karambit-1750.webp

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ae30262a7ab20ec3c8e0f7047d1556a3c56f82cfa046612aae7b19a6cccbc39c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: BYPASS
last-modified: Mon, 25 Sep 2023 11:45:14 GMT
server: cloudflare
etag: W/"1490c-18acc286510"
vary: Accept-Encoding
content-type: image/webp
cache-control: public, max-age=0
accept-ranges: bytes
cf-ray: 80c358c8abbf4daf-FRA
alt-svc: h3=":443"; ma=86400
content-length: 84236

GET
H3 200 karambit-1024.webp
cs.money/img/main/webp/ 45 KB
45 KB 220ms
205ms Image
image/webp 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/img/main/webp/karambit-1024.webp

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9a6a4bb5e76cc9b441fe3e4e0c58654db8ab866a222f9083615302a8769c4b91

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 25 Sep 2023 11:45:14 GMT
server: cloudflare
age: 926
etag: W/"b4de-18acc286510"
vary: Accept-Encoding
content-type: image/webp
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 80c358c8abc04daf-FRA
alt-svc: h3=":443"; ma=86400
content-length: 46302

GET
H3 200 mobile_inventory.webp
cs.money/img/main/webp/ 116 KB
117 KB 221ms
206ms Image
image/webp 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/img/main/webp/mobile_inventory.webp

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c53360cd237fd4106a34c37adc4ac9dc49421cfb37bbb7db51d316c5dfd5cf98

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 25 Sep 2023 11:45:14 GMT
server: cloudflare
age: 37
etag: W/"1d162-18acc286510"
vary: Accept-Encoding
content-type: image/webp
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 80c358c8abc14daf-FRA
alt-svc: h3=":443"; ma=86400
content-length: 119138

GET
H3 200 cs_logo.svg
cs.money/svg/main/ 5 KB
3 KB 225ms
210ms Image
image/svg+xml 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/svg/main/cs_logo.svg

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9be605845609a20b806a2bd3815f2093a5610f79b4aa6c4bea13f207db050656

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 25 Sep 2023 11:45:14 GMT
server: cloudflare
age: 37
etag: W/"1490-18acc286510"
vary: Accept-Encoding
content-type: image/svg+xml
content-encoding: br
cache-control: public, max-age=691200
cf-ray: 80c358c8abc24daf-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 1.png
cs.money/img/main/slider-items/cs/ 21 KB
22 KB 225ms
210ms Image
image/webp 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/img/main/slider-items/cs/1.png

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0b7ff1fc9c359042b79f1741d60f49ba92210ea1b736eaa88c826b24c1adb500

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 6538
cf-polished: origFmt=png, origSize=23091
content-disposition: inline; filename="1.webp"
alt-svc: h3=":443"; ma=86400
content-length: 21904
cf-bgj: imgq:100,h2pri
last-modified: Mon, 25 Sep 2023 09:37:04 GMT
server: cloudflare
etag: W/"5a33-18acbb30e00"
vary: Accept
content-type: image/webp
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 80c358c8abc34daf-FRA

GET
H3 200 2.png
cs.money/img/main/slider-items/cs/ 18 KB
19 KB 227ms
213ms Image
image/webp 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/img/main/slider-items/cs/2.png

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

157bd7032975a23fac1a85326d0d57c7fee793c4742c518dbb34b9fb9c0b9af8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 6538
cf-polished: origFmt=png, origSize=20314
content-disposition: inline; filename="2.webp"
alt-svc: h3=":443"; ma=86400
content-length: 18780
cf-bgj: imgq:100,h2pri
last-modified: Mon, 25 Sep 2023 09:37:04 GMT
server: cloudflare
etag: W/"4f5a-18acbb30e00"
vary: Accept
content-type: image/webp
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 80c358c8abc44daf-FRA

GET
H3 200 3.png
cs.money/img/main/slider-items/cs/ 20 KB
20 KB 228ms
213ms Image
image/webp 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/img/main/slider-items/cs/3.png

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

355ebb91fab9395a1935a16e2e925d4ad44794f0e75c13e52789f2c19de0e919

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 6538
cf-polished: origFmt=png, origSize=21438
content-disposition: inline; filename="3.webp"
alt-svc: h3=":443"; ma=86400
content-length: 20304
cf-bgj: imgq:100,h2pri
last-modified: Mon, 25 Sep 2023 09:37:04 GMT
server: cloudflare
etag: W/"53be-18acbb30e00"
vary: Accept
content-type: image/webp
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 80c358c8abc54daf-FRA

GET
H3 200 4.png
cs.money/img/main/slider-items/cs/ 26 KB
26 KB 229ms
214ms Image
image/webp 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/img/main/slider-items/cs/4.png

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

82360d694f3a689dc096fff534ba6f798d91d9d049d48f5a59b59e320a5e5ae4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 6537
cf-polished: origFmt=png, origSize=28665
content-disposition: inline; filename="4.webp"
alt-svc: h3=":443"; ma=86400
content-length: 26450
cf-bgj: imgq:100,h2pri
last-modified: Mon, 25 Sep 2023 09:37:04 GMT
server: cloudflare
etag: W/"6ff9-18acbb30e00"
vary: Accept
content-type: image/webp
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 80c358c8abc64daf-FRA

GET
H3 200 5.png
cs.money/img/main/slider-items/cs/ 20 KB
21 KB 230ms
215ms Image
image/webp 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/img/main/slider-items/cs/5.png

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bca18cc57da7959c0a41faee4877fd623171185eac985a0a196593a4b5448392

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 6537
cf-polished: origFmt=png, origSize=21928
content-disposition: inline; filename="5.webp"
alt-svc: h3=":443"; ma=86400
content-length: 20826
cf-bgj: imgq:100,h2pri
last-modified: Mon, 25 Sep 2023 09:37:04 GMT
server: cloudflare
etag: W/"55a8-18acbb30e00"
vary: Accept
content-type: image/webp
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 80c358c8abc74daf-FRA

GET
H3 200 6.png
cs.money/img/main/slider-items/cs/ 21 KB
22 KB 231ms
217ms Image
image/png 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/img/main/slider-items/cs/6.png

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c6f589710c4e9ad9f1344b870053f4a852d21c59b8a1f1c468c6a29c4c5d9d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 37
cf-polished: origSize=23781, status=webp_bigger
alt-svc: h3=":443"; ma=86400
content-length: 21815
cf-bgj: imgq:100,h2pri
last-modified: Mon, 25 Sep 2023 11:45:14 GMT
server: cloudflare
etag: W/"5ce5-18acc286510"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 80c358c8abc84daf-FRA

GET
H3 200 7.png
cs.money/img/main/slider-items/cs/ 26 KB
27 KB 236ms
222ms Image
image/webp 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/img/main/slider-items/cs/7.png

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3c256a85e960536144d7705e510c156005e30a06f18bb6609f161689bd8727c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 6537
cf-polished: origFmt=png, origSize=28463
content-disposition: inline; filename="7.webp"
alt-svc: h3=":443"; ma=86400
content-length: 26840
cf-bgj: imgq:100,h2pri
last-modified: Mon, 25 Sep 2023 09:37:04 GMT
server: cloudflare
etag: W/"6f2f-18acbb30e00"
vary: Accept
content-type: image/webp
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 80c358c8abc94daf-FRA

GET
H3 200 8.png
cs.money/img/main/slider-items/cs/ 30 KB
30 KB 238ms
223ms Image
image/webp 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/img/main/slider-items/cs/8.png

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

48013ae3c8601cfa96c12086ef380d9a242f897f2ec863d1890fd4e7ab7af74f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 6537
cf-polished: origFmt=png, origSize=32008
content-disposition: inline; filename="8.webp"
alt-svc: h3=":443"; ma=86400
content-length: 30344
cf-bgj: imgq:100,h2pri
last-modified: Mon, 25 Sep 2023 09:37:04 GMT
server: cloudflare
etag: W/"7d08-18acbb30e00"
vary: Accept
content-type: image/webp
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 80c358c8abcb4daf-FRA

GET
H3 200 9.png
cs.money/img/main/slider-items/cs/ 21 KB
21 KB 238ms
224ms Image
image/webp 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/img/main/slider-items/cs/9.png

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ebc23e04c6e9a5a68191d90e74f63901d721b8087b5d816fe84356c0076ac9ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 6537
cf-polished: origFmt=png, origSize=22779
content-disposition: inline; filename="9.webp"
alt-svc: h3=":443"; ma=86400
content-length: 21146
cf-bgj: imgq:100,h2pri
last-modified: Mon, 25 Sep 2023 09:37:04 GMT
server: cloudflare
etag: W/"58fb-18acbb30e00"
vary: Accept
content-type: image/webp
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 80c358c8abce4daf-FRA

GET
H3 200 10.png
cs.money/img/main/slider-items/cs/ 27 KB
27 KB 241ms
226ms Image
image/webp 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/img/main/slider-items/cs/10.png

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0622d450be1e4ba7f9b65d6ad44dd182e31f53ad3ff3fc518902ee3bcbab7bfd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 6537
cf-polished: origFmt=png, origSize=29657
content-disposition: inline; filename="10.webp"
alt-svc: h3=":443"; ma=86400
content-length: 27630
cf-bgj: imgq:100,h2pri
last-modified: Mon, 25 Sep 2023 09:37:04 GMT
server: cloudflare
etag: W/"73d9-18acbb30e00"
vary: Accept
content-type: image/webp
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 80c358c8abd04daf-FRA

GET
H3 200 11.png
cs.money/img/main/slider-items/cs/ 22 KB
23 KB 250ms
236ms Image
image/webp 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/img/main/slider-items/cs/11.png

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4101e107aca8fa8767d9418aa96c3c65deccab6d00effbb62d709e1e2d570ef2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 6537
cf-polished: origFmt=png, origSize=24648
content-disposition: inline; filename="11.webp"
alt-svc: h3=":443"; ma=86400
content-length: 22820
cf-bgj: imgq:100,h2pri
last-modified: Mon, 25 Sep 2023 09:37:04 GMT
server: cloudflare
etag: W/"6048-18acbb30e00"
vary: Accept
content-type: image/webp
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 80c358c8abd24daf-FRA

GET
H3 200 12.png
cs.money/img/main/slider-items/cs/ 30 KB
30 KB 251ms
236ms Image
image/png 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/img/main/slider-items/cs/12.png

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99bd763141cda051f35be03257f7a49f49e644055e0941bacb76be1438407788

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 37
cf-polished: origSize=34245, status=webp_bigger
alt-svc: h3=":443"; ma=86400
content-length: 30737
cf-bgj: imgq:100,h2pri
last-modified: Mon, 25 Sep 2023 11:45:14 GMT
server: cloudflare
etag: W/"85c5-18acc286510"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 80c358c8abd44daf-FRA

GET
H3 200 13.png
cs.money/img/main/slider-items/cs/ 16 KB
16 KB 252ms
237ms Image
image/webp 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/img/main/slider-items/cs/13.png

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

62cbd4307a6c66a03bd7a48c0be685fd72b46af35e8c83d576ff736ceb8d00df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 6537
cf-polished: origFmt=png, origSize=18205
content-disposition: inline; filename="13.webp"
alt-svc: h3=":443"; ma=86400
content-length: 16378
cf-bgj: imgq:100,h2pri
last-modified: Mon, 25 Sep 2023 09:37:04 GMT
server: cloudflare
etag: W/"471d-18acbb30e00"
vary: Accept
content-type: image/webp
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 80c358c8abd64daf-FRA

GET
H3 200 14.png
cs.money/img/main/slider-items/cs/ 25 KB
25 KB 240ms
226ms Image
image/webp 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/img/main/slider-items/cs/14.png

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cdce87df81db165a364e1e3ac04e58fa09f8137b15c648bf5bc4daa3501df773

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 6537
cf-polished: origFmt=png, origSize=27398
content-disposition: inline; filename="14.webp"
alt-svc: h3=":443"; ma=86400
content-length: 25268
cf-bgj: imgq:100,h2pri
last-modified: Mon, 25 Sep 2023 09:37:04 GMT
server: cloudflare
etag: W/"6b06-18acbb30e00"
vary: Accept
content-type: image/webp
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 80c358c8abd84daf-FRA

GET
H3 200 15.png
cs.money/img/main/slider-items/cs/ 21 KB
21 KB 253ms
238ms Image
image/webp 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/img/main/slider-items/cs/15.png

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0cfd399fa94425cf05c937b5e51d65c3782f65d521aaefb6729a4da7cfa587f4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 6537
cf-polished: origFmt=png, origSize=23706
content-disposition: inline; filename="15.webp"
alt-svc: h3=":443"; ma=86400
content-length: 21502
cf-bgj: imgq:100,h2pri
last-modified: Mon, 25 Sep 2023 09:37:04 GMT
server: cloudflare
etag: W/"5c9a-18acbb30e00"
vary: Accept
content-type: image/webp
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 80c358c8abda4daf-FRA

GET
H3 200 16.png
cs.money/img/main/slider-items/cs/ 23 KB
24 KB 256ms
242ms Image
image/webp 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/img/main/slider-items/cs/16.png

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8293d74da3a1f358338a87ac27c56837300d351ebb093c2b47f2ff2cd362f314

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 6537
cf-polished: origFmt=png, origSize=26783
content-disposition: inline; filename="16.webp"
alt-svc: h3=":443"; ma=86400
content-length: 23838
cf-bgj: imgq:100,h2pri
last-modified: Mon, 25 Sep 2023 09:37:04 GMT
server: cloudflare
etag: W/"689f-18acbb30e00"
vary: Accept
content-type: image/webp
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 80c358c8abdb4daf-FRA

GET
H3 200 17.png
cs.money/img/main/slider-items/cs/ 20 KB
20 KB 257ms
242ms Image
image/png 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/img/main/slider-items/cs/17.png

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f95886a5ec10ee4923934f0614197df5be6a804a6bf11fd5b9ecaf72674292b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 37
cf-polished: origSize=22399, status=webp_bigger
alt-svc: h3=":443"; ma=86400
content-length: 20311
cf-bgj: imgq:100,h2pri
last-modified: Mon, 25 Sep 2023 11:45:14 GMT
server: cloudflare
etag: W/"577f-18acc286510"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 80c358c8abdd4daf-FRA

GET
H3 200 18.png
cs.money/img/main/slider-items/cs/ 20 KB
21 KB 258ms
244ms Image
image/webp 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/img/main/slider-items/cs/18.png

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

40838573fd3cb7b5b4c15bac832806ec5681cb9129ab6fe15d3c7f19165bef38

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 6537
cf-polished: origFmt=png, origSize=23544
content-disposition: inline; filename="18.webp"
alt-svc: h3=":443"; ma=86400
content-length: 20920
cf-bgj: imgq:100,h2pri
last-modified: Mon, 25 Sep 2023 09:37:04 GMT
server: cloudflare
etag: W/"5bf8-18acbb30e00"
vary: Accept
content-type: image/webp
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 80c358c8abde4daf-FRA

GET
H3 200 19.png
cs.money/img/main/slider-items/cs/ 28 KB
28 KB 259ms
244ms Image
image/webp 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/img/main/slider-items/cs/19.png

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

71d9c2d6abb6dac955a97b01e90a449f166b1e6703e405c495be4687a4b86252

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 6537
cf-polished: origFmt=png, origSize=30376
content-disposition: inline; filename="19.webp"
alt-svc: h3=":443"; ma=86400
content-length: 28472
cf-bgj: imgq:100,h2pri
last-modified: Mon, 25 Sep 2023 09:37:04 GMT
server: cloudflare
etag: W/"76a8-18acbb30e00"
vary: Accept
content-type: image/webp
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 80c358c8abe14daf-FRA

GET
H3 200 20.png
cs.money/img/main/slider-items/cs/ 35 KB
36 KB 259ms
245ms Image
image/webp 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/img/main/slider-items/cs/20.png

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0ed3951da9dab8b89e554d90750c743256c30de6e7c785f79dc779d5ff48224a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
age: 6537
cf-polished: origFmt=png, origSize=38982
content-disposition: inline; filename="20.webp"
alt-svc: h3=":443"; ma=86400
content-length: 36340
cf-bgj: imgq:100,h2pri
last-modified: Mon, 25 Sep 2023 09:37:04 GMT
server: cloudflare
etag: W/"9846-18acbb30e00"
vary: Accept
content-type: image/webp
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 80c358c8abe24daf-FRA

GET
H3 200 traektory_bg.webp
cs.money/img/main/webp/ 16 KB
16 KB 261ms
247ms Image
image/webp 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/img/main/webp/traektory_bg.webp

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5f9f54e2a62b8a3d8bb03ff28045eb741f442e9583dfcad1ab8914626f4ecf54

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 25 Sep 2023 11:45:14 GMT
server: cloudflare
age: 37
etag: W/"3f52-18acc286510"
vary: Accept-Encoding
content-type: image/webp
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 80c358c8abe34daf-FRA
alt-svc: h3=":443"; ma=86400
content-length: 16210

GET
H3 200 google-btn.svg
cs.money/svg/ 880 B
684 B 262ms
251ms Image
image/svg+xml 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/svg/google-btn.svg

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3385cdd204a67a60519900d1c4b12a457be3f5661e8ba422fdd173b86bc0f791

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 25 Sep 2023 09:37:04 GMT
server: cloudflare
age: 4490
etag: W/"370-18acbb30e00"
vary: Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
content-encoding: br
cache-control: public, max-age=691200
cf-ray: 80c358c8abe44daf-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 market_extension_pink.svg
cs.money/svg/ 522 B
584 B 262ms
251ms Image
image/svg+xml 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/svg/market_extension_pink.svg

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

978a987f7d64b9b592fee3ba591ac77a4153a9776c4836b6bee511ef3b0c2e26

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 25 Sep 2023 09:37:04 GMT
server: cloudflare
age: 4490
etag: W/"20a-18acbb30e00"
vary: Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
content-encoding: br
cache-control: public, max-age=691200
cf-ray: 80c358c8abe54daf-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 antiscam.svg
cs.money/svg/ 590 B
626 B 262ms
251ms Image
image/svg+xml 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/svg/antiscam.svg

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6f133a6b918849959ebbf7d33843ce25653b47ec473b4ef7ab9ca25706a4f680

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 25 Sep 2023 09:37:04 GMT
server: cloudflare
age: 4489
etag: W/"24e-18acbb30e00"
vary: Accept-Encoding, Accept-Encoding
content-type: image/svg+xml
content-encoding: br
cache-control: public, max-age=691200
cf-ray: 80c358c8abe74daf-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 master-card.svg
cs.money/svg/main/footer_icons/ 1 KB
924 B 262ms
251ms Image
image/svg+xml 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/svg/main/footer_icons/master-card.svg

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff797f0b7fcde485fe7ba3926903e37669e57eccc13563da2bafb2e9b2758d35

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 25 Sep 2023 09:37:04 GMT
server: cloudflare
age: 4489
etag: W/"587-18acbb30e00"
vary: Accept-Encoding
content-type: image/svg+xml
content-encoding: br
cache-control: public, max-age=691200
cf-ray: 80c358c8abe84daf-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 discover.svg
cs.money/svg/main/footer_icons/ 3 KB
1 KB 262ms
251ms Image
image/svg+xml 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/svg/main/footer_icons/discover.svg

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

415cc4f54ca1a125d0cad028b5d33b6d37bdeace8c6a2d141c7a4bac34527248

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 25 Sep 2023 09:37:04 GMT
server: cloudflare
age: 4489
etag: W/"bc0-18acbb30e00"
vary: Accept-Encoding
content-type: image/svg+xml
content-encoding: br
cache-control: public, max-age=691200
cf-ray: 80c358c8abec4daf-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 visa.svg
cs.money/svg/main/footer_icons/ 1 KB
951 B 262ms
251ms Image
image/svg+xml 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/svg/main/footer_icons/visa.svg

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8810d27df6380ffa3c03510776538e45616fa7ca195882e7e08a50743f95f6b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 25 Sep 2023 09:37:04 GMT
server: cloudflare
age: 4489
etag: W/"5b3-18acbb30e00"
vary: Accept-Encoding
content-type: image/svg+xml
content-encoding: br
cache-control: public, max-age=691200
cf-ray: 80c358c8cbef4daf-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 css2
fonts.googleapis.com/ 12 KB
1 KB 43ms
18ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700;800&display=swap

Requested by

Host: cs.money
URL: https://cs.money/_next/static/css/mbgy3v-1fdf36f695054a369ee4.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4544f00cd5f661622ed335dde404b4b24851ef95ec6d08e1b34c4e8d538b8994

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

strict-transport-security: max-age=31536000
date: Mon, 25 Sep 2023 12:42:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
expires: Mon, 25 Sep 2023 12:42:23 GMT

GET
H3 200 slider-bg.svg
cs.money/svg/main/ 2 KB
892 B 149ms
147ms Image
image/svg+xml 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/svg/main/slider-bg.svg

Requested by

Host: cs.money
URL: https://cs.money/_next/static/css/mbgy3v-30d5a75f3e87cdae21df.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

216989f80a3a1692860b3b9096b64fff2cdd5b3e5b245b824dd3ce1a0e4194c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/_next/static/css/mbgy3v-30d5a75f3e87cdae21df.css
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 25 Sep 2023 09:37:04 GMT
server: cloudflare
age: 4489
etag: W/"76a-18acbb30e00"
vary: Accept-Encoding
content-type: image/svg+xml
content-encoding: br
cache-control: public, max-age=691200
cf-ray: 80c358c96c644daf-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7W0Q5nw.woff2
fonts.gstatic.com/s/inter/v13/ 45 KB
46 KB 42ms
18ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7W0Q5nw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700;800&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3bcf04ca301e44f13f404c8a04aa4ae707f67a950e12ef30c238f96e784266a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://cs.money
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Thu, 21 Sep 2023 18:18:09 GMT
x-content-type-options: nosniff
age: 325454
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46552
x-xss-protection: 0
last-modified: Thu, 14 Sep 2023 00:46:39 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 20 Sep 2024 18:18:09 GMT

GET
H2 200 UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa0ZL7W0Q5n-wU.woff2
fonts.gstatic.com/s/inter/v13/ 17 KB
18 KB 31ms
7ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa0ZL7W0Q5n-wU.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700;800&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

286d47695ee1d88afa44f7e105e33c23f45b94eb8e73ded1b60a91439651e6e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://cs.money
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Thu, 21 Sep 2023 18:25:29 GMT
x-content-type-options: nosniff
age: 325014
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17612
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 23:51:16 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 20 Sep 2024 18:25:29 GMT

GET
H2 200 UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa2pL7W0Q5n-wU.woff2
fonts.gstatic.com/s/inter/v13/ 10 KB
10 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa2pL7W0Q5n-wU.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700;800&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6966db3c0ad9eea0b85f91521849cc97244d8037a434cf7996b8ac7ac7a09437

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://cs.money
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Tue, 19 Sep 2023 12:17:56 GMT
x-content-type-options: nosniff
age: 519867
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10496
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 23:23:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 18 Sep 2024 12:17:56 GMT

GET
H2 200 UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa25L7W0Q5n-wU.woff2
fonts.gstatic.com/s/inter/v13/ 78 KB
78 KB 9ms
8ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa25L7W0Q5n-wU.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700;800&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2e8d8e03816ce2481ffcf2c36e49455e50df685420e7aab096344909ad694d8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://cs.money
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Thu, 21 Sep 2023 18:18:09 GMT
x-content-type-options: nosniff
age: 325454
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 80044
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 23:49:44 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 20 Sep 2024 18:18:09 GMT

GET
H3 200 mobile_cart.webp
cs.money/img/main/webp/ 117 KB
117 KB 49ms
45ms Image
image/webp 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/img/main/webp/mobile_cart.webp

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3ef4f13614a362806526011a90b754d433b8596d726ed6d2d587d76444a9566a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 25 Sep 2023 09:37:04 GMT
server: cloudflare
age: 4491
etag: W/"1d2ac-18acbb30e00"
vary: Accept-Encoding
content-type: image/webp
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 80c358ca1ced4daf-FRA
alt-svc: h3=":443"; ma=86400
content-length: 119468

GET
H3 200 ecs.webp
cs.money/img/main/webp/ 19 KB
19 KB 44ms
40ms Image
image/webp 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/img/main/webp/ecs.webp

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8446b3d96567533b26d22c4c2c85f7f55e44327cd23d70ee8df38613b930fce1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 25 Sep 2023 09:37:04 GMT
server: cloudflare
age: 3876
etag: W/"4ace-18acbb30e00"
vary: Accept-Encoding
content-type: image/webp
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 80c358ca1cef4daf-FRA
alt-svc: h3=":443"; ma=86400
content-length: 19150

GET
H3 200 BlastProSeries.webp
cs.money/img/main/webp/ 37 KB
38 KB 47ms
43ms Image
image/webp 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/img/main/webp/BlastProSeries.webp

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

276701dace702146f505e1c7ff4ba05a8e8d09e6e6b3d37923da1374dc7c73a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 25 Sep 2023 09:37:04 GMT
server: cloudflare
age: 3876
etag: W/"95b4-18acbb30e00"
vary: Accept-Encoding
content-type: image/webp
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 80c358ca1cf04daf-FRA
alt-svc: h3=":443"; ma=86400
content-length: 38324

GET
H3 200 starladder.webp
cs.money/img/main/webp/ 15 KB
16 KB 44ms
40ms Image
image/webp 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/img/main/webp/starladder.webp

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

928c1e41db7da30ec2b642e41d877d798dc416c94c23a3b119477dc8db2934bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:23 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 25 Sep 2023 09:37:04 GMT
server: cloudflare
age: 3876
etag: W/"3da0-18acbb30e00"
vary: Accept-Encoding
content-type: image/webp
cache-control: public, max-age=691200
accept-ranges: bytes
cf-ray: 80c358ca1cf14daf-FRA
alt-svc: h3=":443"; ma=86400
content-length: 15776

GET
H3 200 1743.daf8d5674f5f5ef28cc0.js Show response
cs.money/_next/static/chunks/ 309 B
3 KB 69ms
69ms Script
application/javascript 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cs.money/_next/static/chunks/1743.daf8d5674f5f5ef28cc0.js

Requested by

Host: cs.money
URL: https://cs.money/_next/static/chunks/webpack-b85d6e9c491fbf597116.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b498e3228d7051da553d172df4a480e4fc65d03dc713fefa8dab80711ffb871c

Security Headers

Name	Value
Content-Security-Policy	script-src https://cs.money 'self' 'unsafe-inline' 'unsafe-eval' cs.money .cs.money https://owox.cs.money https://support.cs.money https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://optimize.google.com https://www.googleoptimize.com https://www.googleanalytics.com https://static.hotjar.com https://static.ads-twitter.com https://cdn.amplitude.com mc.yandex.ru https://.yandex.com https://gleam.io https://widget.gleamjs.io https://analytics.tiktok.com https://connect.facebook.net https://www.facebook.com statics.esputnik.com https://snapchat.com https://.snapchat.com http://.hotjar.com https://.hotjar.com http://.hotjar.io https://.hotjar.io https://bat.bing.com https://c.bing.com https://.clarity.ms https://clarity.microsoft.com https://www.clarity.com https://s3.eu-central-1.amazonaws.com https://sc-static.net/scevent.min.js https://.googletagmanager.com https://.google-analytics.com https://.analytics.google.com https://.googletagmanager.com https://ajax.googleapis.com https://.g.doubleclick.net https://lib.usedesk.ru;worker-src 'self' data: blob:;object-src https://cs.money;img-src https://cs.money 'self' https://.cs.money https://.steamstatic.com https://steamcommunity-a.akamaihd.net https://steamcdn-a.akamaihd.net https://.doubleclick.net https://.bing.com https://t.co https://analytics.twitter.com https://facebook.com https://www.facebook.com https://analytics.ticktock.com https://mc.yandex.ru https://pic.csgo.trade https://www.googletagmanager.com https://secure.usedesk.ru data:;default-src 'self' https://cs.money;connect-src https://cs.money wss://ws-new.cs.money 'self' .cs.money https://owox.cs.money https://api.amplitude.com https://vc.hotjar.io https://content.hotjar.io https://ws.hotjar.com wss://support.cs.money wss://.hotjar.com https://analytics.google.com https://stats.g.doubleclick.net https://yandex.ru https://.yandex.ru https://.yandex.com https://snapchat.com https://.snapchat.com https://esputnik.com https://.esputnik.com https://facebook.com https://www.facebook.com https://analytics.tiktok.com https://api.usedesk.ru/ip https://pubsubsec2.usedesk.ru wss://pubsubsec2.usedesk.ru;media-src 'self' https://s3.eu-central-1.amazonaws.com https://www.google-analytics.com https://www.googletagmanager.com https://ad.doubleclick.net https://ade.googlesyndication.com https://12489448.fls.doubleclick.net https://secure.usedesk.ru/;form-action 'self' https://facebook.com https://www.facebook.com;font-src 'self' https://fonts.gstatic.com;frame-src http://www.youtube.com https://www.facebook.com/ https://cashier.bridgerpay.com/ https://api.sumsub.com/ https://vars.hotjar.com/ https://12489448.fls.doubleclick.net https://tr.snapchat.com https://.doubleclick.net https://*.g.doubleclick.net https://gleam.io;base-uri 'self';frame-ancestors 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:24 GMT
content-security-policy: script-src https://cs.money 'self' 'unsafe-inline' 'unsafe-eval' cs.money *.cs.money https://owox.cs.money https://support.cs.money https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://optimize.google.com https://www.googleoptimize.com https://www.googleanalytics.com https://static.hotjar.com https://static.ads-twitter.com https://cdn.amplitude.com mc.yandex.ru https://*.yandex.com https://gleam.io https://widget.gleamjs.io https://analytics.tiktok.com https://connect.facebook.net https://www.facebook.com statics.esputnik.com https://snapchat.com https://*.snapchat.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://bat.bing.com https://c.bing.com https://*.clarity.ms https://clarity.microsoft.com https://www.clarity.com https://s3.eu-central-1.amazonaws.com https://sc-static.net/scevent.min.js https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://ajax.googleapis.com https://*.g.doubleclick.net https://lib.usedesk.ru;worker-src 'self' data: blob:;object-src https://cs.money;img-src https://cs.money 'self' https://*.cs.money https://*.steamstatic.com https://steamcommunity-a.akamaihd.net https://steamcdn-a.akamaihd.net https://*.doubleclick.net https://*.bing.com https://t.co https://analytics.twitter.com https://facebook.com https://www.facebook.com https://analytics.ticktock.com https://mc.yandex.ru https://pic.csgo.trade https://www.googletagmanager.com https://secure.usedesk.ru data:;default-src 'self' https://cs.money;connect-src https://cs.money wss://ws-new.cs.money 'self' *.cs.money https://owox.cs.money https://api.amplitude.com https://vc.hotjar.io https://content.hotjar.io https://ws.hotjar.com wss://support.cs.money wss://*.hotjar.com https://analytics.google.com https://stats.g.doubleclick.net https://yandex.ru https://*.yandex.ru https://*.yandex.com https://snapchat.com https://*.snapchat.com https://esputnik.com https://*.esputnik.com https://facebook.com https://www.facebook.com https://analytics.tiktok.com https://api.usedesk.ru/ip https://pubsubsec2.usedesk.ru wss://pubsubsec2.usedesk.ru;media-src 'self' https://s3.eu-central-1.amazonaws.com https://www.google-analytics.com https://www.googletagmanager.com https://ad.doubleclick.net https://ade.googlesyndication.com https://12489448.fls.doubleclick.net https://secure.usedesk.ru/;form-action 'self' https://facebook.com https://www.facebook.com;font-src 'self' https://fonts.gstatic.com;frame-src http://www.youtube.com https://www.facebook.com/ https://cashier.bridgerpay.com/ https://api.sumsub.com/ https://vars.hotjar.com/ https://12489448.fls.doubleclick.net https://tr.snapchat.com https://*.doubleclick.net https://*.g.doubleclick.net https://gleam.io;base-uri 'self';frame-ancestors 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 2943920
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 22 Aug 2023 10:13:33 GMT
server: cloudflare
etag: W/"135-18a1cbc3cc8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: http://127.0.0.1:3000, https://owox.cs.money
access-control-expose-headers: Content-Length,Content-Range
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
cf-ray: 80c358cdaf974daf-FRA
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Authorization,Content-Type,Range,csrf-token,csrf-token,x-client-app,traceparent

GET
H2 200 trk.js Show response
gleam.io/nKZep/ 5 KB
3 KB 84ms
43ms Script
text/javascript 172.66.40.77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://gleam.io/nKZep/trk.js

Requested by

Host: cs.money
URL: https://cs.money/_next/static/chunks/pages/_app-deffb3a26fca6e809f62.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.40.77 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

77f683e0b20e287f868fe0f7428a34bd12f9a2f3aeb69c055154b874f5df8407

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; object-src www.youtube.com player.vimeo.com w.soundcloud.com www.mixcloud.com www.kickstarter.com; script-src 'unsafe-inline' 'unsafe-eval' https:; worker-src 'self' blob:; report-uri /csp-report
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:24 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'; object-src www.youtube.com player.vimeo.com w.soundcloud.com www.mixcloud.com www.kickstarter.com; script-src 'unsafe-inline' 'unsafe-eval' https:; worker-src 'self' blob:; report-uri /csp-report
cf-cache-status: HIT
age: 73926
content-encoding: br
g-host: meepo20
alt-svc: h3=":443"; ma=86400
cdn-cache-control: max-age=86400, public
x-xss-protection: 1; mode=block
x-request-id: 89160423-937e-4e19-859e-1359a4ec0b57
x-ua-compatible: IE=edge
x-runtime: 0.013681
server: cloudflare
etag: W/"77f683e0b20e287f868fe0f7428a34bd"
vary: Accept-Encoding, Accept
content-type: text/javascript; charset=utf-8
cache-control: max-age=86400, public
x-robots-tag: noindex, nofollow
cf-ray: 80c358ce2dd14d5a-FRA

GET
H2 200 amplitude-5.6.0-min.gz.js Show response
cdn.amplitude.com/libs/ 54 KB
18 KB 65ms
8ms Script
application/javascript 52.222.206.178
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.amplitude.com/libs/amplitude-5.6.0-min.gz.js
Requested by: Host: cs.money
URL: https://cs.money/_next/static/chunks/pages/_app-deffb3a26fca6e809f62.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.206.178 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-206-178.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ae774b118cee10d72c1015cbb80162bcb4d78eb766de2cd91556c75b3f53842e

Request headers

Referer: https://cs.money/
Origin: https://cs.money
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Fri, 16 Jun 2023 03:46:38 GMT
content-encoding: gzip
via: 1.1 e94c77a12a65a84cbcef7856ed7e0fb8.cloudfront.net (CloudFront)
x-amz-version-id: mDTYb9DVA4OiMsOTl6ZeSz56To_Mt9Xe
x-amz-cf-pop: FRA56-P3
age: 8758547
x-cache: Hit from cloudfront
content-length: 18120
last-modified: Mon, 21 Oct 2019 23:58:53 GMT
server: AmazonS3
etag: "d49ce300a5685cb331876b1148a128f3"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges: bytes
x-amz-cf-id: w0v0Gm-b-853DadUGqrSoHkAout80Yc0XFAT9nRqRWcWx-yQt9qvaA==

GET
H2 200 hotjar-2848248.js Show response
static.hotjar.com/c/ 10 KB
4 KB 47ms
13ms Script
application/javascript 18.66.97.37
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2848248.js?sv=6

Requested by

Host: cs.money
URL: https://cs.money/_next/static/chunks/pages/_app-deffb3a26fca6e809f62.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.97.37 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-97-37.fra56.r.cloudfront.net

Software

Resource Hash

f2d765a89a38a673eafdff4cef0ddc184195b0dcd6d94506928562852fe24f54

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
content-encoding: br
x-content-type-options: nosniff
date: Mon, 25 Sep 2023 12:42:24 GMT
via: 1.1 018ffb575888f1c9ec960e3e977c042e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
age: 1
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
etag: W/a666613d28fbd12dcd4dd9b12422d0e5
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cache-control: max-age=60
x-amz-cf-id: LKOo3nF43pr0debrpatqrnLhO2mbKpQMARKo1S-7t5iD6eEF-5MzZA==

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 286 KB
94 KB 59ms
36ms Script
application/javascript 2a00:1450:4001:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NBH4ML5&gtm_auth=&gtm_preview=&gtm_cookies_win=x

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2134d71bc9b7857bf14c5d8c74134a607c1b0b6c61a8856fa1d3d7571935d02a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:24 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 96091
x-xss-protection: 0
last-modified: Mon, 25 Sep 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 25 Sep 2023 12:42:24 GMT

GET
H2 200 5F0F705E2AE34CD1A432BE0D10B8D811.js Show response
statics.esputnik.com/scripts/ 342 KB
87 KB 56ms
12ms Script
application/javascript 94.130.55.46
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://statics.esputnik.com/scripts/5F0F705E2AE34CD1A432BE0D10B8D811.js
Requested by: Host: cs.money
URL: https://cs.money/?phishing
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.130.55.46 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.46.55.130.94.clients.your-server.de
Software: nginx /
Resource Hash: 5a05b2bb4a4b326f2de4b75ec44196b2eb073ce25ec8f00e0c4b6b1bc2ec8c0b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:24 GMT
content-encoding: gzip
last-modified: Wed, 20 Sep 2023 07:29:45 GMT
server: nginx
x-amz-server-side-encryption: AES256
x-proxy-host: statics10
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=30, public, must-revalidate
access-control-allow-headers: Origin, X-Requested-With, Access-Control-Allow-Headers, Content-Type, Accept, cl-customer-id, *
x-proxy-cache: HIT

GET
H3 200 NotificationManager.88e0ad875cae5ad53bff.js Show response
cs.money/_next/static/chunks/ 2 KB
3 KB 21ms
20ms Script
application/javascript 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cs.money/_next/static/chunks/NotificationManager.88e0ad875cae5ad53bff.js

Requested by

Host: cs.money
URL: https://cs.money/_next/static/chunks/webpack-b85d6e9c491fbf597116.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

217e7b9f01dcbdae1d2835882c87fb3adb9118912ada12605090c2240f0bdac0

Security Headers

Name	Value
Content-Security-Policy	script-src https://cs.money 'self' 'unsafe-inline' 'unsafe-eval' cs.money .cs.money https://owox.cs.money https://support.cs.money https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://optimize.google.com https://www.googleoptimize.com https://www.googleanalytics.com https://static.hotjar.com https://static.ads-twitter.com https://cdn.amplitude.com mc.yandex.ru https://.yandex.com https://gleam.io https://widget.gleamjs.io https://analytics.tiktok.com https://connect.facebook.net https://www.facebook.com statics.esputnik.com https://snapchat.com https://.snapchat.com http://.hotjar.com https://.hotjar.com http://.hotjar.io https://.hotjar.io https://bat.bing.com https://c.bing.com https://.clarity.ms https://clarity.microsoft.com https://www.clarity.com https://s3.eu-central-1.amazonaws.com https://sc-static.net/scevent.min.js https://.googletagmanager.com https://.google-analytics.com https://.analytics.google.com https://.googletagmanager.com https://ajax.googleapis.com https://.g.doubleclick.net https://lib.usedesk.ru;worker-src 'self' data: blob:;object-src https://cs.money;img-src https://cs.money 'self' https://.cs.money https://.steamstatic.com https://steamcommunity-a.akamaihd.net https://steamcdn-a.akamaihd.net https://.doubleclick.net https://.bing.com https://t.co https://analytics.twitter.com https://facebook.com https://www.facebook.com https://analytics.ticktock.com https://mc.yandex.ru https://pic.csgo.trade https://www.googletagmanager.com https://secure.usedesk.ru data:;default-src 'self' https://cs.money;connect-src https://cs.money wss://ws-new.cs.money 'self' .cs.money https://owox.cs.money https://api.amplitude.com https://vc.hotjar.io https://content.hotjar.io https://ws.hotjar.com wss://support.cs.money wss://.hotjar.com https://analytics.google.com https://stats.g.doubleclick.net https://yandex.ru https://.yandex.ru https://.yandex.com https://snapchat.com https://.snapchat.com https://esputnik.com https://.esputnik.com https://facebook.com https://www.facebook.com https://analytics.tiktok.com https://api.usedesk.ru/ip https://pubsubsec2.usedesk.ru wss://pubsubsec2.usedesk.ru;media-src 'self' https://s3.eu-central-1.amazonaws.com https://www.google-analytics.com https://www.googletagmanager.com https://ad.doubleclick.net https://ade.googlesyndication.com https://12489448.fls.doubleclick.net https://secure.usedesk.ru/;form-action 'self' https://facebook.com https://www.facebook.com;font-src 'self' https://fonts.gstatic.com;frame-src http://www.youtube.com https://www.facebook.com/ https://cashier.bridgerpay.com/ https://api.sumsub.com/ https://vars.hotjar.com/ https://12489448.fls.doubleclick.net https://tr.snapchat.com https://.doubleclick.net https://*.g.doubleclick.net https://gleam.io;base-uri 'self';frame-ancestors 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:24 GMT
content-security-policy: script-src https://cs.money 'self' 'unsafe-inline' 'unsafe-eval' cs.money *.cs.money https://owox.cs.money https://support.cs.money https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://optimize.google.com https://www.googleoptimize.com https://www.googleanalytics.com https://static.hotjar.com https://static.ads-twitter.com https://cdn.amplitude.com mc.yandex.ru https://*.yandex.com https://gleam.io https://widget.gleamjs.io https://analytics.tiktok.com https://connect.facebook.net https://www.facebook.com statics.esputnik.com https://snapchat.com https://*.snapchat.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://bat.bing.com https://c.bing.com https://*.clarity.ms https://clarity.microsoft.com https://www.clarity.com https://s3.eu-central-1.amazonaws.com https://sc-static.net/scevent.min.js https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://ajax.googleapis.com https://*.g.doubleclick.net https://lib.usedesk.ru;worker-src 'self' data: blob:;object-src https://cs.money;img-src https://cs.money 'self' https://*.cs.money https://*.steamstatic.com https://steamcommunity-a.akamaihd.net https://steamcdn-a.akamaihd.net https://*.doubleclick.net https://*.bing.com https://t.co https://analytics.twitter.com https://facebook.com https://www.facebook.com https://analytics.ticktock.com https://mc.yandex.ru https://pic.csgo.trade https://www.googletagmanager.com https://secure.usedesk.ru data:;default-src 'self' https://cs.money;connect-src https://cs.money wss://ws-new.cs.money 'self' *.cs.money https://owox.cs.money https://api.amplitude.com https://vc.hotjar.io https://content.hotjar.io https://ws.hotjar.com wss://support.cs.money wss://*.hotjar.com https://analytics.google.com https://stats.g.doubleclick.net https://yandex.ru https://*.yandex.ru https://*.yandex.com https://snapchat.com https://*.snapchat.com https://esputnik.com https://*.esputnik.com https://facebook.com https://www.facebook.com https://analytics.tiktok.com https://api.usedesk.ru/ip https://pubsubsec2.usedesk.ru wss://pubsubsec2.usedesk.ru;media-src 'self' https://s3.eu-central-1.amazonaws.com https://www.google-analytics.com https://www.googletagmanager.com https://ad.doubleclick.net https://ade.googlesyndication.com https://12489448.fls.doubleclick.net https://secure.usedesk.ru/;form-action 'self' https://facebook.com https://www.facebook.com;font-src 'self' https://fonts.gstatic.com;frame-src http://www.youtube.com https://www.facebook.com/ https://cashier.bridgerpay.com/ https://api.sumsub.com/ https://vars.hotjar.com/ https://12489448.fls.doubleclick.net https://tr.snapchat.com https://*.doubleclick.net https://*.g.doubleclick.net https://gleam.io;base-uri 'self';frame-ancestors 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 2943919
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 22 Aug 2023 10:13:33 GMT
server: cloudflare
etag: W/"612-18a1cbc3cc8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: http://127.0.0.1:3000, https://owox.cs.money
access-control-expose-headers: Content-Length,Content-Range
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
cf-ray: 80c358cea8774daf-FRA
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Authorization,Content-Type,Range,csrf-token,csrf-token,x-client-app,traceparent

GET
H3 200 202.b530929be9b5d3664a5b.js Show response
cs.money/_next/static/chunks/ 20 KB
16 KB 21ms
20ms Script
application/javascript 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cs.money/_next/static/chunks/202.b530929be9b5d3664a5b.js

Requested by

Host: cs.money
URL: https://cs.money/_next/static/chunks/webpack-b85d6e9c491fbf597116.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

50bdb38bd653a08249fe048eb93ef35272f19b822db1d15383f710bc0fa63f7b

Security Headers

Name	Value
Content-Security-Policy	script-src https://cs.money 'self' 'unsafe-inline' 'unsafe-eval' cs.money .cs.money https://owox.cs.money https://support.cs.money https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://optimize.google.com https://www.googleoptimize.com https://www.googleanalytics.com https://static.hotjar.com https://static.ads-twitter.com https://cdn.amplitude.com mc.yandex.ru https://.yandex.com https://gleam.io https://widget.gleamjs.io https://analytics.tiktok.com https://connect.facebook.net https://www.facebook.com statics.esputnik.com https://snapchat.com https://.snapchat.com http://.hotjar.com https://.hotjar.com http://.hotjar.io https://.hotjar.io https://bat.bing.com https://c.bing.com https://.clarity.ms https://clarity.microsoft.com https://www.clarity.com https://s3.eu-central-1.amazonaws.com https://sc-static.net/scevent.min.js https://.googletagmanager.com https://.google-analytics.com https://.analytics.google.com https://.googletagmanager.com https://ajax.googleapis.com https://.g.doubleclick.net https://lib.usedesk.ru;worker-src 'self' data: blob:;object-src https://cs.money;img-src https://cs.money 'self' https://.cs.money https://.steamstatic.com https://steamcommunity-a.akamaihd.net https://steamcdn-a.akamaihd.net https://.doubleclick.net https://.bing.com https://t.co https://analytics.twitter.com https://facebook.com https://www.facebook.com https://analytics.ticktock.com https://mc.yandex.ru https://pic.csgo.trade https://www.googletagmanager.com https://secure.usedesk.ru data:;default-src 'self' https://cs.money;connect-src https://cs.money wss://ws-new.cs.money 'self' .cs.money https://owox.cs.money https://api.amplitude.com https://vc.hotjar.io https://content.hotjar.io https://ws.hotjar.com wss://support.cs.money wss://.hotjar.com https://analytics.google.com https://stats.g.doubleclick.net https://yandex.ru https://.yandex.ru https://.yandex.com https://snapchat.com https://.snapchat.com https://esputnik.com https://.esputnik.com https://facebook.com https://www.facebook.com https://analytics.tiktok.com https://api.usedesk.ru/ip https://pubsubsec2.usedesk.ru wss://pubsubsec2.usedesk.ru;media-src 'self' https://s3.eu-central-1.amazonaws.com https://www.google-analytics.com https://www.googletagmanager.com https://ad.doubleclick.net https://ade.googlesyndication.com https://12489448.fls.doubleclick.net https://secure.usedesk.ru/;form-action 'self' https://facebook.com https://www.facebook.com;font-src 'self' https://fonts.gstatic.com;frame-src http://www.youtube.com https://www.facebook.com/ https://cashier.bridgerpay.com/ https://api.sumsub.com/ https://vars.hotjar.com/ https://12489448.fls.doubleclick.net https://tr.snapchat.com https://.doubleclick.net https://*.g.doubleclick.net https://gleam.io;base-uri 'self';frame-ancestors 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:24 GMT
content-security-policy: script-src https://cs.money 'self' 'unsafe-inline' 'unsafe-eval' cs.money *.cs.money https://owox.cs.money https://support.cs.money https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://optimize.google.com https://www.googleoptimize.com https://www.googleanalytics.com https://static.hotjar.com https://static.ads-twitter.com https://cdn.amplitude.com mc.yandex.ru https://*.yandex.com https://gleam.io https://widget.gleamjs.io https://analytics.tiktok.com https://connect.facebook.net https://www.facebook.com statics.esputnik.com https://snapchat.com https://*.snapchat.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://bat.bing.com https://c.bing.com https://*.clarity.ms https://clarity.microsoft.com https://www.clarity.com https://s3.eu-central-1.amazonaws.com https://sc-static.net/scevent.min.js https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://ajax.googleapis.com https://*.g.doubleclick.net https://lib.usedesk.ru;worker-src 'self' data: blob:;object-src https://cs.money;img-src https://cs.money 'self' https://*.cs.money https://*.steamstatic.com https://steamcommunity-a.akamaihd.net https://steamcdn-a.akamaihd.net https://*.doubleclick.net https://*.bing.com https://t.co https://analytics.twitter.com https://facebook.com https://www.facebook.com https://analytics.ticktock.com https://mc.yandex.ru https://pic.csgo.trade https://www.googletagmanager.com https://secure.usedesk.ru data:;default-src 'self' https://cs.money;connect-src https://cs.money wss://ws-new.cs.money 'self' *.cs.money https://owox.cs.money https://api.amplitude.com https://vc.hotjar.io https://content.hotjar.io https://ws.hotjar.com wss://support.cs.money wss://*.hotjar.com https://analytics.google.com https://stats.g.doubleclick.net https://yandex.ru https://*.yandex.ru https://*.yandex.com https://snapchat.com https://*.snapchat.com https://esputnik.com https://*.esputnik.com https://facebook.com https://www.facebook.com https://analytics.tiktok.com https://api.usedesk.ru/ip https://pubsubsec2.usedesk.ru wss://pubsubsec2.usedesk.ru;media-src 'self' https://s3.eu-central-1.amazonaws.com https://www.google-analytics.com https://www.googletagmanager.com https://ad.doubleclick.net https://ade.googlesyndication.com https://12489448.fls.doubleclick.net https://secure.usedesk.ru/;form-action 'self' https://facebook.com https://www.facebook.com;font-src 'self' https://fonts.gstatic.com;frame-src http://www.youtube.com https://www.facebook.com/ https://cashier.bridgerpay.com/ https://api.sumsub.com/ https://vars.hotjar.com/ https://12489448.fls.doubleclick.net https://tr.snapchat.com https://*.doubleclick.net https://*.g.doubleclick.net https://gleam.io;base-uri 'self';frame-ancestors 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 2943919
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 22 Aug 2023 10:13:33 GMT
server: cloudflare
etag: W/"505f-18a1cbc3cc8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: http://127.0.0.1:3000, https://owox.cs.money
access-control-expose-headers: Content-Length,Content-Range
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
cf-ray: 80c358cea8814daf-FRA
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Authorization,Content-Type,Range,csrf-token,csrf-token,x-client-app,traceparent

GET
H3 200 mbgy3v-60f7d27d7abf74b0a603.css
cs.money/_next/static/css/ 4 KB
2 KB 21ms
21ms Stylesheet
text/css 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cs.money/_next/static/css/mbgy3v-60f7d27d7abf74b0a603.css

Requested by

Host: cs.money
URL: https://cs.money/_next/static/chunks/webpack-b85d6e9c491fbf597116.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ad0117e867fcc0670048ddb72a6cd21fd5587b9602e7f17689ec48221826e503

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:24 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 25 Sep 2023 11:53:34 GMT
server: cloudflare
age: 2214
etag: W/"10a0-18acc300630"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
content-encoding: br
cache-control: public, max-age=31536000, immutable
cf-ray: 80c358cea8824daf-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 FeedbackModal.fd5e2276c624d071a4d0.js Show response
cs.money/_next/static/chunks/ 12 KB
6 KB 19ms
18ms Script
application/javascript 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cs.money/_next/static/chunks/FeedbackModal.fd5e2276c624d071a4d0.js

Requested by

Host: cs.money
URL: https://cs.money/_next/static/chunks/webpack-b85d6e9c491fbf597116.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

37af93dee138c56b85b6547079c5ff2a96ca2deca7edfa854537b8d3fe61ba6f

Security Headers

Name	Value
Content-Security-Policy	script-src https://cs.money 'self' 'unsafe-inline' 'unsafe-eval' cs.money .cs.money https://owox.cs.money https://support.cs.money https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://optimize.google.com https://www.googleoptimize.com https://www.googleanalytics.com https://static.hotjar.com https://static.ads-twitter.com https://cdn.amplitude.com mc.yandex.ru https://.yandex.com https://gleam.io https://widget.gleamjs.io https://analytics.tiktok.com https://connect.facebook.net https://www.facebook.com statics.esputnik.com https://snapchat.com https://.snapchat.com http://.hotjar.com https://.hotjar.com http://.hotjar.io https://.hotjar.io https://bat.bing.com https://c.bing.com https://.clarity.ms https://clarity.microsoft.com https://www.clarity.com https://s3.eu-central-1.amazonaws.com https://sc-static.net/scevent.min.js https://.googletagmanager.com https://.google-analytics.com https://.analytics.google.com https://.googletagmanager.com https://ajax.googleapis.com https://.g.doubleclick.net https://lib.usedesk.ru;worker-src 'self' data: blob:;object-src https://cs.money;img-src https://cs.money 'self' https://.cs.money https://.steamstatic.com https://steamcommunity-a.akamaihd.net https://steamcdn-a.akamaihd.net https://.doubleclick.net https://.bing.com https://t.co https://analytics.twitter.com https://facebook.com https://www.facebook.com https://analytics.ticktock.com https://mc.yandex.ru https://pic.csgo.trade https://www.googletagmanager.com https://secure.usedesk.ru data:;default-src 'self' https://cs.money;connect-src https://cs.money wss://ws-new.cs.money 'self' .cs.money https://owox.cs.money https://api.amplitude.com https://vc.hotjar.io https://content.hotjar.io https://ws.hotjar.com wss://support.cs.money wss://.hotjar.com https://analytics.google.com https://stats.g.doubleclick.net https://yandex.ru https://.yandex.ru https://.yandex.com https://snapchat.com https://.snapchat.com https://esputnik.com https://.esputnik.com https://facebook.com https://www.facebook.com https://analytics.tiktok.com https://api.usedesk.ru/ip https://pubsubsec2.usedesk.ru wss://pubsubsec2.usedesk.ru;media-src 'self' https://s3.eu-central-1.amazonaws.com https://www.google-analytics.com https://www.googletagmanager.com https://ad.doubleclick.net https://ade.googlesyndication.com https://12489448.fls.doubleclick.net https://secure.usedesk.ru/;form-action 'self' https://facebook.com https://www.facebook.com;font-src 'self' https://fonts.gstatic.com;frame-src http://www.youtube.com https://www.facebook.com/ https://cashier.bridgerpay.com/ https://api.sumsub.com/ https://vars.hotjar.com/ https://12489448.fls.doubleclick.net https://tr.snapchat.com https://.doubleclick.net https://*.g.doubleclick.net https://gleam.io;base-uri 'self';frame-ancestors 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:24 GMT
content-security-policy: script-src https://cs.money 'self' 'unsafe-inline' 'unsafe-eval' cs.money *.cs.money https://owox.cs.money https://support.cs.money https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://optimize.google.com https://www.googleoptimize.com https://www.googleanalytics.com https://static.hotjar.com https://static.ads-twitter.com https://cdn.amplitude.com mc.yandex.ru https://*.yandex.com https://gleam.io https://widget.gleamjs.io https://analytics.tiktok.com https://connect.facebook.net https://www.facebook.com statics.esputnik.com https://snapchat.com https://*.snapchat.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://bat.bing.com https://c.bing.com https://*.clarity.ms https://clarity.microsoft.com https://www.clarity.com https://s3.eu-central-1.amazonaws.com https://sc-static.net/scevent.min.js https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://ajax.googleapis.com https://*.g.doubleclick.net https://lib.usedesk.ru;worker-src 'self' data: blob:;object-src https://cs.money;img-src https://cs.money 'self' https://*.cs.money https://*.steamstatic.com https://steamcommunity-a.akamaihd.net https://steamcdn-a.akamaihd.net https://*.doubleclick.net https://*.bing.com https://t.co https://analytics.twitter.com https://facebook.com https://www.facebook.com https://analytics.ticktock.com https://mc.yandex.ru https://pic.csgo.trade https://www.googletagmanager.com https://secure.usedesk.ru data:;default-src 'self' https://cs.money;connect-src https://cs.money wss://ws-new.cs.money 'self' *.cs.money https://owox.cs.money https://api.amplitude.com https://vc.hotjar.io https://content.hotjar.io https://ws.hotjar.com wss://support.cs.money wss://*.hotjar.com https://analytics.google.com https://stats.g.doubleclick.net https://yandex.ru https://*.yandex.ru https://*.yandex.com https://snapchat.com https://*.snapchat.com https://esputnik.com https://*.esputnik.com https://facebook.com https://www.facebook.com https://analytics.tiktok.com https://api.usedesk.ru/ip https://pubsubsec2.usedesk.ru wss://pubsubsec2.usedesk.ru;media-src 'self' https://s3.eu-central-1.amazonaws.com https://www.google-analytics.com https://www.googletagmanager.com https://ad.doubleclick.net https://ade.googlesyndication.com https://12489448.fls.doubleclick.net https://secure.usedesk.ru/;form-action 'self' https://facebook.com https://www.facebook.com;font-src 'self' https://fonts.gstatic.com;frame-src http://www.youtube.com https://www.facebook.com/ https://cashier.bridgerpay.com/ https://api.sumsub.com/ https://vars.hotjar.com/ https://12489448.fls.doubleclick.net https://tr.snapchat.com https://*.doubleclick.net https://*.g.doubleclick.net https://gleam.io;base-uri 'self';frame-ancestors 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 2943919
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 22 Aug 2023 10:13:33 GMT
server: cloudflare
etag: W/"3159-18a1cbc3cc8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: http://127.0.0.1:3000, https://owox.cs.money
access-control-expose-headers: Content-Length,Content-Range
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
cf-ray: 80c358cea8834daf-FRA
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Authorization,Content-Type,Range,csrf-token,csrf-token,x-client-app,traceparent

GET
H3 200 mbgy3v-f81674b43a3f25835fbe.css
cs.money/_next/static/css/ 2 KB
1 KB 19ms
18ms Stylesheet
text/css 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cs.money/_next/static/css/mbgy3v-f81674b43a3f25835fbe.css

Requested by

Host: cs.money
URL: https://cs.money/_next/static/chunks/webpack-b85d6e9c491fbf597116.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a9bc206c967e065909a6cf9b249b42eb6d7c9933a73519d2772cbf88bfae5e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:24 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 25 Sep 2023 11:53:34 GMT
server: cloudflare
age: 2214
etag: W/"908-18acc300630"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
content-encoding: br
cache-control: public, max-age=31536000, immutable
cf-ray: 80c358cec8974daf-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 1206.74818766bbf4b1e6f9b2.js Show response
cs.money/_next/static/chunks/ 4 KB
4 KB 20ms
19ms Script
application/javascript 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cs.money/_next/static/chunks/1206.74818766bbf4b1e6f9b2.js

Requested by

Host: cs.money
URL: https://cs.money/_next/static/chunks/webpack-b85d6e9c491fbf597116.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6bc00d7df49cf0636cb80bf4366720cde3d6fcaa50e711cd438bd22b678dbb81

Security Headers

Name	Value
Content-Security-Policy	script-src https://cs.money 'self' 'unsafe-inline' 'unsafe-eval' cs.money .cs.money https://owox.cs.money https://support.cs.money https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://optimize.google.com https://www.googleoptimize.com https://www.googleanalytics.com https://static.hotjar.com https://static.ads-twitter.com https://cdn.amplitude.com mc.yandex.ru https://.yandex.com https://gleam.io https://widget.gleamjs.io https://analytics.tiktok.com https://connect.facebook.net https://www.facebook.com statics.esputnik.com https://snapchat.com https://.snapchat.com http://.hotjar.com https://.hotjar.com http://.hotjar.io https://.hotjar.io https://bat.bing.com https://c.bing.com https://.clarity.ms https://clarity.microsoft.com https://www.clarity.com https://s3.eu-central-1.amazonaws.com https://sc-static.net/scevent.min.js https://.googletagmanager.com https://.google-analytics.com https://.analytics.google.com https://.googletagmanager.com https://ajax.googleapis.com https://.g.doubleclick.net https://lib.usedesk.ru;worker-src 'self' data: blob:;object-src https://cs.money;img-src https://cs.money 'self' https://.cs.money https://.steamstatic.com https://steamcommunity-a.akamaihd.net https://steamcdn-a.akamaihd.net https://.doubleclick.net https://.bing.com https://t.co https://analytics.twitter.com https://facebook.com https://www.facebook.com https://analytics.ticktock.com https://mc.yandex.ru https://pic.csgo.trade https://www.googletagmanager.com https://secure.usedesk.ru data:;default-src 'self' https://cs.money;connect-src https://cs.money wss://ws-new.cs.money 'self' .cs.money https://owox.cs.money https://api.amplitude.com https://vc.hotjar.io https://content.hotjar.io https://ws.hotjar.com wss://support.cs.money wss://.hotjar.com https://analytics.google.com https://stats.g.doubleclick.net https://yandex.ru https://.yandex.ru https://.yandex.com https://snapchat.com https://.snapchat.com https://esputnik.com https://.esputnik.com https://facebook.com https://www.facebook.com https://analytics.tiktok.com https://api.usedesk.ru/ip https://pubsubsec2.usedesk.ru wss://pubsubsec2.usedesk.ru;media-src 'self' https://s3.eu-central-1.amazonaws.com https://www.google-analytics.com https://www.googletagmanager.com https://ad.doubleclick.net https://ade.googlesyndication.com https://12489448.fls.doubleclick.net https://secure.usedesk.ru/;form-action 'self' https://facebook.com https://www.facebook.com;font-src 'self' https://fonts.gstatic.com;frame-src http://www.youtube.com https://www.facebook.com/ https://cashier.bridgerpay.com/ https://api.sumsub.com/ https://vars.hotjar.com/ https://12489448.fls.doubleclick.net https://tr.snapchat.com https://.doubleclick.net https://*.g.doubleclick.net https://gleam.io;base-uri 'self';frame-ancestors 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:24 GMT
content-security-policy: script-src https://cs.money 'self' 'unsafe-inline' 'unsafe-eval' cs.money *.cs.money https://owox.cs.money https://support.cs.money https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://optimize.google.com https://www.googleoptimize.com https://www.googleanalytics.com https://static.hotjar.com https://static.ads-twitter.com https://cdn.amplitude.com mc.yandex.ru https://*.yandex.com https://gleam.io https://widget.gleamjs.io https://analytics.tiktok.com https://connect.facebook.net https://www.facebook.com statics.esputnik.com https://snapchat.com https://*.snapchat.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://bat.bing.com https://c.bing.com https://*.clarity.ms https://clarity.microsoft.com https://www.clarity.com https://s3.eu-central-1.amazonaws.com https://sc-static.net/scevent.min.js https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://ajax.googleapis.com https://*.g.doubleclick.net https://lib.usedesk.ru;worker-src 'self' data: blob:;object-src https://cs.money;img-src https://cs.money 'self' https://*.cs.money https://*.steamstatic.com https://steamcommunity-a.akamaihd.net https://steamcdn-a.akamaihd.net https://*.doubleclick.net https://*.bing.com https://t.co https://analytics.twitter.com https://facebook.com https://www.facebook.com https://analytics.ticktock.com https://mc.yandex.ru https://pic.csgo.trade https://www.googletagmanager.com https://secure.usedesk.ru data:;default-src 'self' https://cs.money;connect-src https://cs.money wss://ws-new.cs.money 'self' *.cs.money https://owox.cs.money https://api.amplitude.com https://vc.hotjar.io https://content.hotjar.io https://ws.hotjar.com wss://support.cs.money wss://*.hotjar.com https://analytics.google.com https://stats.g.doubleclick.net https://yandex.ru https://*.yandex.ru https://*.yandex.com https://snapchat.com https://*.snapchat.com https://esputnik.com https://*.esputnik.com https://facebook.com https://www.facebook.com https://analytics.tiktok.com https://api.usedesk.ru/ip https://pubsubsec2.usedesk.ru wss://pubsubsec2.usedesk.ru;media-src 'self' https://s3.eu-central-1.amazonaws.com https://www.google-analytics.com https://www.googletagmanager.com https://ad.doubleclick.net https://ade.googlesyndication.com https://12489448.fls.doubleclick.net https://secure.usedesk.ru/;form-action 'self' https://facebook.com https://www.facebook.com;font-src 'self' https://fonts.gstatic.com;frame-src http://www.youtube.com https://www.facebook.com/ https://cashier.bridgerpay.com/ https://api.sumsub.com/ https://vars.hotjar.com/ https://12489448.fls.doubleclick.net https://tr.snapchat.com https://*.doubleclick.net https://*.g.doubleclick.net https://gleam.io;base-uri 'self';frame-ancestors 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 2943919
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 22 Aug 2023 10:13:33 GMT
server: cloudflare
etag: W/"e57-18a1cbc3cc8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: http://127.0.0.1:3000, https://owox.cs.money
access-control-expose-headers: Content-Length,Content-Range
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
cf-ray: 80c358cec8984daf-FRA
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Authorization,Content-Type,Range,csrf-token,csrf-token,x-client-app,traceparent

GET
H2 200 widget_164371_48785.js Show response
lib.usedesk.ru/secure.usedesk.ru/ 697 KB
209 KB 201ms
99ms Script
application/javascript 82.202.192.242
SELECTEL-MSK

General

Check archive.org

Show headers Download Go to

Full URL

https://lib.usedesk.ru/secure.usedesk.ru/widget_164371_48785.js

Requested by

Host: cs.money
URL: https://cs.money/_next/static/chunks/pages/_app-deffb3a26fca6e809f62.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

82.202.192.242 , Russian Federation, ASN50340 (SELECTEL-MSK, RU),

Reverse DNS

Software

nginx /

Resource Hash

7fa2740cb04acff61ee1ff217d2941b24801d24f892a004d9aa2b1b277239289

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:24 GMT
strict-transport-security: max-age=63072000
x-content-type-options: nosniff
last-modified: Tue, 19 Sep 2023 11:44:25 GMT
server: nginx
content-encoding: gzip
etag: W/"65098999-ae3e7"
content-type: application/javascript
cache-control: max-age=300, private
x-xss-protection: 1; mode=block
expires: Mon, 25 Sep 2023 12:47:24 GMT

GET
H3 200 simple Show response
cs.money/favorites-market/ 11 B
228 B 25ms
24ms XHR
application/json 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cs.money/favorites-market/simple

Requested by

Host: cs.money
URL: https://cs.money/_next/static/chunks/pages/_app-deffb3a26fca6e809f62.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

20de034cf9146746b46540f25ebd138c0d917d13792ab71ad2fe3b9609d0d997

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://cs.money/?phishing
traceparent: 00-32cb76bf7290d92255930cccb1e56aa7-e5ec22a7a0b64252-01
accept-language: de-DE,de;q=0.9
X-Client-App: web
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:24 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
x-powered-by: Express
etag: W/"b-LRcxe7iSAJH5JBcNMVwY3YCaOwE"
content-type: application/json; charset=utf-8
cf-ray: 80c358cf18d94daf-FRA
alt-svc: h3=":443"; ma=86400
content-length: 11

GET
H3 200 work_statuses Show response
cs.money/ 241 B
355 B 71ms
71ms XHR
application/json 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cs.money/work_statuses

Requested by

Host: cs.money
URL: https://cs.money/_next/static/chunks/pages/_app-deffb3a26fca6e809f62.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

902863ecb0bacce110204696a3348ce1f262ededa24066df09596811fb5704c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://cs.money/?phishing
traceparent: 00-e0b0dce6b6e00332c9d03fed246ce101-5f9dd2a6d0a7860a-01
accept-language: de-DE,de;q=0.9
X-Client-App: web
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

x-response-time: 44ms
date: Mon, 25 Sep 2023 12:42:24 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
x-download-options: noopen
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
cf-ray: 80c358cf18dd4daf-FRA
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block

GET
H3

200

/ Show response
cs.money/trustpilot/
Redirect Chain

https://cs.money/trustpilot
https://cs.money/trustpilot/

188 B
317 B

48ms
48ms

XHR
application/json

104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cs.money/trustpilot/

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cc45f5680d9740d5c1544e03e02e5efeb308d631a044a763bbec4d696f105b11

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:24 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
content-type: application/json; charset=utf-8
cf-ray: 80c358d049e94daf-FRA
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Mon, 25 Sep 2023 12:42:24 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
location: /trustpilot/
refresh: 0;url=/trustpilot/
cf-ray: 80c358cf18e24daf-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 modules.87c64ece4c32532efcb6.js Show response
script.hotjar.com/ 225 KB
55 KB 77ms
15ms Script
application/javascript 13.227.219.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.87c64ece4c32532efcb6.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2848248.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.227.219.120 Seattle, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-227-219-120.ams54.r.cloudfront.net

Software

Resource Hash

535b2abfe5021a4ebd5577db4ff0bcc358dd30d4943df49d02a26feb8c1a4ea4

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Thu, 21 Sep 2023 13:37:07 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 0f34c0d3b0e50b8875bcbb7d41684a58.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS54-C1
age: 342317
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 56133
last-modified: Thu, 21 Sep 2023 13:36:45 GMT
etag: "df814a1255030223e6ab003f27b95f6f"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: 7cppdAPSWrM3opGGk2Q1VAmavOaiUmozrvrkIsznGz3dQbmSUqZBGw==

POST
H2 200 / Show response
api.amplitude.com/ 7 B
206 B 1090ms
181ms XHR
text/html 34.215.78.194
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.amplitude.com/

Requested by

Host: cs.money
URL: https://cs.money/_next/static/chunks/pages/_app-deffb3a26fca6e809f62.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.215.78.194 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-215-78-194.us-west-2.compute.amazonaws.com

Software

Resource Hash

aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://cs.money/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 25 Sep 2023 12:42:25 GMT
strict-transport-security: max-age=15768000
trace-id: Root=1-65118031-5d33579c1882e267491bd493
content-length: 7
access-control-allow-methods: GET, POST
content-type: text/html;charset=utf-8

GET
H3 200 mbgy3v-9e4f1d1db3346f72cf3d.css
cs.money/_next/static/css/ 2 KB
981 B 44ms
43ms Stylesheet
text/css 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cs.money/_next/static/css/mbgy3v-9e4f1d1db3346f72cf3d.css

Requested by

Host: cs.money
URL: https://cs.money/_next/static/chunks/webpack-b85d6e9c491fbf597116.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1044401a605e4aa8aa486988c25364bc7782068567d65990b4c358d1a3f3a113

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:24 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: BYPASS
last-modified: Mon, 25 Sep 2023 11:53:34 GMT
server: cloudflare
content-encoding: br
etag: W/"61f-18acc300630"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 80c358d09a294daf-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 Notification.6e40b72d9245b024e685.js Show response
cs.money/_next/static/chunks/ 3 KB
4 KB 23ms
22ms Script
application/javascript 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cs.money/_next/static/chunks/Notification.6e40b72d9245b024e685.js

Requested by

Host: cs.money
URL: https://cs.money/_next/static/chunks/webpack-b85d6e9c491fbf597116.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c512c7f3b3197df4f2e44ed1fe4bacd25b3a2ee7f3d27d65b74873d49b9d88c2

Security Headers

Name	Value
Content-Security-Policy	script-src https://cs.money 'self' 'unsafe-inline' 'unsafe-eval' cs.money .cs.money https://owox.cs.money https://support.cs.money https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://optimize.google.com https://www.googleoptimize.com https://www.googleanalytics.com https://static.hotjar.com https://static.ads-twitter.com https://cdn.amplitude.com mc.yandex.ru https://.yandex.com https://gleam.io https://widget.gleamjs.io https://analytics.tiktok.com https://connect.facebook.net https://www.facebook.com statics.esputnik.com https://snapchat.com https://.snapchat.com http://.hotjar.com https://.hotjar.com http://.hotjar.io https://.hotjar.io https://bat.bing.com https://c.bing.com https://.clarity.ms https://clarity.microsoft.com https://www.clarity.com https://s3.eu-central-1.amazonaws.com https://sc-static.net/scevent.min.js https://.googletagmanager.com https://.google-analytics.com https://.analytics.google.com https://.googletagmanager.com https://ajax.googleapis.com https://.g.doubleclick.net https://lib.usedesk.ru;worker-src 'self' data: blob:;object-src https://cs.money;img-src https://cs.money 'self' https://.cs.money https://.steamstatic.com https://steamcommunity-a.akamaihd.net https://steamcdn-a.akamaihd.net https://.doubleclick.net https://.bing.com https://t.co https://analytics.twitter.com https://facebook.com https://www.facebook.com https://analytics.ticktock.com https://mc.yandex.ru https://pic.csgo.trade https://www.googletagmanager.com https://secure.usedesk.ru data:;default-src 'self' https://cs.money;connect-src https://cs.money wss://ws-new.cs.money 'self' .cs.money https://owox.cs.money https://api.amplitude.com https://vc.hotjar.io https://content.hotjar.io https://ws.hotjar.com wss://support.cs.money wss://.hotjar.com https://analytics.google.com https://stats.g.doubleclick.net https://yandex.ru https://.yandex.ru https://.yandex.com https://snapchat.com https://.snapchat.com https://esputnik.com https://.esputnik.com https://facebook.com https://www.facebook.com https://analytics.tiktok.com https://api.usedesk.ru/ip https://pubsubsec2.usedesk.ru wss://pubsubsec2.usedesk.ru;media-src 'self' https://s3.eu-central-1.amazonaws.com https://www.google-analytics.com https://www.googletagmanager.com https://ad.doubleclick.net https://ade.googlesyndication.com https://12489448.fls.doubleclick.net https://secure.usedesk.ru/;form-action 'self' https://facebook.com https://www.facebook.com;font-src 'self' https://fonts.gstatic.com;frame-src http://www.youtube.com https://www.facebook.com/ https://cashier.bridgerpay.com/ https://api.sumsub.com/ https://vars.hotjar.com/ https://12489448.fls.doubleclick.net https://tr.snapchat.com https://.doubleclick.net https://*.g.doubleclick.net https://gleam.io;base-uri 'self';frame-ancestors 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:24 GMT
content-security-policy: script-src https://cs.money 'self' 'unsafe-inline' 'unsafe-eval' cs.money *.cs.money https://owox.cs.money https://support.cs.money https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://optimize.google.com https://www.googleoptimize.com https://www.googleanalytics.com https://static.hotjar.com https://static.ads-twitter.com https://cdn.amplitude.com mc.yandex.ru https://*.yandex.com https://gleam.io https://widget.gleamjs.io https://analytics.tiktok.com https://connect.facebook.net https://www.facebook.com statics.esputnik.com https://snapchat.com https://*.snapchat.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://bat.bing.com https://c.bing.com https://*.clarity.ms https://clarity.microsoft.com https://www.clarity.com https://s3.eu-central-1.amazonaws.com https://sc-static.net/scevent.min.js https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://ajax.googleapis.com https://*.g.doubleclick.net https://lib.usedesk.ru;worker-src 'self' data: blob:;object-src https://cs.money;img-src https://cs.money 'self' https://*.cs.money https://*.steamstatic.com https://steamcommunity-a.akamaihd.net https://steamcdn-a.akamaihd.net https://*.doubleclick.net https://*.bing.com https://t.co https://analytics.twitter.com https://facebook.com https://www.facebook.com https://analytics.ticktock.com https://mc.yandex.ru https://pic.csgo.trade https://www.googletagmanager.com https://secure.usedesk.ru data:;default-src 'self' https://cs.money;connect-src https://cs.money wss://ws-new.cs.money 'self' *.cs.money https://owox.cs.money https://api.amplitude.com https://vc.hotjar.io https://content.hotjar.io https://ws.hotjar.com wss://support.cs.money wss://*.hotjar.com https://analytics.google.com https://stats.g.doubleclick.net https://yandex.ru https://*.yandex.ru https://*.yandex.com https://snapchat.com https://*.snapchat.com https://esputnik.com https://*.esputnik.com https://facebook.com https://www.facebook.com https://analytics.tiktok.com https://api.usedesk.ru/ip https://pubsubsec2.usedesk.ru wss://pubsubsec2.usedesk.ru;media-src 'self' https://s3.eu-central-1.amazonaws.com https://www.google-analytics.com https://www.googletagmanager.com https://ad.doubleclick.net https://ade.googlesyndication.com https://12489448.fls.doubleclick.net https://secure.usedesk.ru/;form-action 'self' https://facebook.com https://www.facebook.com;font-src 'self' https://fonts.gstatic.com;frame-src http://www.youtube.com https://www.facebook.com/ https://cashier.bridgerpay.com/ https://api.sumsub.com/ https://vars.hotjar.com/ https://12489448.fls.doubleclick.net https://tr.snapchat.com https://*.doubleclick.net https://*.g.doubleclick.net https://gleam.io;base-uri 'self';frame-ancestors 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 2937455
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 22 Aug 2023 10:13:33 GMT
server: cloudflare
etag: W/"ba7-18a1cbc3cc8"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: http://127.0.0.1:3000, https://owox.cs.money
access-control-expose-headers: Content-Length,Content-Range
cache-control: public, max-age=31536000, immutable
access-control-allow-credentials: true
cf-ray: 80c358d09a2a4daf-FRA
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Authorization,Content-Type,Range,csrf-token,csrf-token,x-client-app,traceparent

OPTIONS
H2 204 event
site-script.esputnik.com/site-script/v1/ Frame 0
0 144ms
32ms Preflight 54.72.52.209
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://site-script.esputnik.com/site-script/v1/event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.72.52.209 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-72-52-209.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://cs.money
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

access-control-allow-headers: Origin, X-Requested-With, Access-Control-Allow-Headers, Content-Type, Accept, cl-customer-id, *
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE
access-control-allow-origin: *
date: Mon, 25 Sep 2023 12:42:24 GMT
server: nginx
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers

POST
H2 200 event Show response
site-script.esputnik.com/site-script/v1/ 34 B
294 B 44ms
43ms XHR
application/json 54.72.52.209
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://site-script.esputnik.com/site-script/v1/event
Requested by: Host: cs.money
URL: https://cs.money/_next/static/chunks/pages/_app-deffb3a26fca6e809f62.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.72.52.209 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-72-52-209.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6f69de9cdb32a508852b2e7be4bdc73a185368f54114aca80c588b4144d52241

Request headers

Referer: https://cs.money/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Content-type: application/json; charset=UTF-8

Response headers

date: Mon, 25 Sep 2023 12:42:24 GMT
server: nginx
vary: Origin
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE
content-type: application/json
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Access-Control-Allow-Headers, Content-Type, Accept, cl-customer-id, *
content-length: 34

GET
H2 200 components Show response
esputnik.com/forms/v1/catalog/ 572 KB
88 KB 185ms
62ms Fetch
application/json 2a05:d018:ac8:b900:d0e7:d53c:1be7:d35a
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://esputnik.com/forms/v1/catalog/components
Requested by: Host: cs.money
URL: https://cs.money/_next/static/chunks/pages/_app-deffb3a26fca6e809f62.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d018:ac8:b900:d0e7:d53c:1be7:d35a Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 79b08ce421d186862222ce7c2813ffc23323b62c12254dd6573bc81c6b3b222e

Request headers

Referer: https://cs.money/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Content-Type: text/plain

Response headers

date: Mon, 25 Sep 2023 12:42:24 GMT
content-encoding: gzip
server: nginx
access-control-allow-methods: GET, POST, OPTIONS, PUT, DELETE
content-type: application/json
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Access-Control-Allow-Headers, Content-Type, Accept, cl-customer-id, *
x-proxy-cache: HIT

GET
H2 200 activityi;src=12489448;type=pageview;cat=allsite;ord=5640866126194;auiddc=52562672.1695645745;u1=undefined;gtm=45He39k2;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcs.... Show response
12489448.fls.doubleclick.net/ Frame 741A 521 B
805 B 762ms
45ms Document
text/html 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://12489448.fls.doubleclick.net/activityi;src=12489448;type=pageview;cat=allsite;ord=5640866126194;auiddc=52562672.1695645745;u1=undefined;gtm=45He39k2;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcs.money%2F%3Fphishing?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NBH4ML5&gtm_auth=&gtm_preview=&gtm_cookies_win=x

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

cafe /

Resource Hash

47a7913d4ba5fd2700a8a891ec67209bf03f39dbab71a1263dc5a6588b0656d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cs.money/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 278
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 25 Sep 2023 12:42:25 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 activityi;src=12489448;type=pageview;cat=allsuniq;ord=1;num=3836746757056;auiddc=52562672.1695645745;u1=undefined;gtm=45He39k2;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2... Show response
12489448.fls.doubleclick.net/ Frame D9FF 528 B
454 B 97ms
80ms Document
text/html 142.250.186.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://12489448.fls.doubleclick.net/activityi;src=12489448;type=pageview;cat=allsuniq;ord=1;num=3836746757056;auiddc=52562672.1695645745;u1=undefined;gtm=45He39k2;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcs.money%2F%3Fphishing?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NBH4ML5&gtm_auth=&gtm_preview=&gtm_cookies_win=x

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f6.1e100.net

Software

cafe /

Resource Hash

1a2e3f2da300117cf6224e22fad42b69971131f177df1f3aaef876389197407f

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://cs.money/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 282
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 25 Sep 2023 12:42:25 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 tag.js Show response
mc.yandex.ru/metrika/ 202 KB
70 KB 800ms
107ms Script
application/javascript 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/metrika/tag.js

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

2bbdea1641907d8624ed5fff410ac82a57e6328332422a0118067115a0c92af7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:25 GMT
content-encoding: br
strict-transport-security: max-age=31536000
last-modified: Mon, 25 Sep 2023 07:56:17 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
etag: "651112f1-114b6"
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
timing-allow-origin: *
content-length: 70838
expires: Mon, 25 Sep 2023 13:42:25 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 197 KB
53 KB 693ms
7ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b02d00f123297597d6e4b02dfbee910cfe211687b2d454309d5dd9b1b39fd0e4

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 25 Sep 2023 12:42:25 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 53243
x-xss-protection: 0
pragma: public
x-fb-debug: h33ixxVULqxk6jfgmgWr1z14wN7Sht6ncEKucM3MKGgi6sqcZS5w1Ua7c+Xk9okUhJe2/aOVyMNTp+GvaVTHaw==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 44 KB
13 KB 715ms
33ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

a236aed5086b9c24d3cc94944d4349e9ce469f325ac23bafcaa5fe3659b15fd1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Mon, 25 Sep 2023 12:42:25 GMT
last-modified: Wed, 06 Sep 2023 22:41:28 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: EC159F65F2A541338405D2DC5253090A Ref B: FRAEDGE1308 Ref C: 2023-09-25T12:42:25Z
etag: "09cc4613e1d91:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 12981

GET
H2 200 scevent.min.js Show response
sc-static.net/ 38 KB
17 KB 721ms
41ms Script
application/javascript 54.192.87.248
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sc-static.net/scevent.min.js
Requested by: Host: cs.money
URL: https://cs.money/?phishing
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.192.87.248 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-192-87-248.ams50.r.cloudfront.net
Software: CloudFront /
Resource Hash: 25f0d9a182b9a8883cf36f88666a255c54f4ee878e07ab76b73b6db27d2faaa9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:25 GMT
content-encoding: gzip
via: 1.1 abc3ecd1d98ae9cd426d47386509de18.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: AMS50-C1
x-cache: Miss from cloudfront
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
cache-control: private, s-maxage=0, max-age=600
access-control-allow-headers: Content-Type
content-length: 16649
x-amz-cf-id: f2vBibo99npsGs6ssKUPYQE7IXkLQ6-n5RxIjMH5k25rjDhhKOc2Dg==

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 685ms
6ms Script
application/javascript 146.75.116.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: cs.money
URL: https://cs.money/?phishing
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.116.157 , Sweden, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:25 GMT
content-encoding: gzip
last-modified: Thu, 27 Oct 2022 16:56:53 GMT
etag: "32ad004436155ec972bc50e6238b5b67+gzip+gzip"
vary: Accept-Encoding,Host
x-cache: HIT, HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15375
x-served-by: cache-iad-kjyo7100081-IAD, cache-fra-eddf8230125-FRA

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 270 KB
91 KB 28ms
27ms Script
application/javascript 2a00:1450:4001:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-HY7CCPCD7H&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NBH4ML5&gtm_auth=&gtm_preview=&gtm_cookies_win=x

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c1ce3247c2cf0613c84467f5aada18c3ec2632052d8b3d4f133b112f87495ade

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:24 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 92655
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 25 Sep 2023 12:42:24 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 256 KB
87 KB 29ms
28ms Script
application/javascript 2a00:1450:4001:803::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-CFRN8YJV66&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NBH4ML5&gtm_auth=&gtm_preview=&gtm_cookies_win=x

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3232e9b1c00994476c3099803362d43ac7b02c1d063e62411a9f7dcf63438eed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:24 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 89155
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 25 Sep 2023 12:42:24 GMT

GET
H2 206 sound4.mp3
secure.usedesk.ru/sounds/ 39 KB
40 KB 81ms
45ms Media
audio/mpeg 82.202.192.242
SELECTEL-MSK

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.usedesk.ru/sounds/sound4.mp3

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

82.202.192.242 , Russian Federation, ASN50340 (SELECTEL-MSK, RU),

Reverse DNS

Software

nginx /

Resource Hash

cdce51973421a2b535300be93b4cbac7ace5ad7b31b763d1ceb48f27fcd2e910

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000, max-age=63072000
X-Content-Type-Options	nosniff, nosniff
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

Referer: https://cs.money/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Range: bytes=0-

Response headers

date: Mon, 25 Sep 2023 12:42:25 GMT
strict-transport-security: max-age=63072000, max-age=63072000
x-content-type-options: nosniff, nosniff
last-modified: Thu, 21 Sep 2023 13:16:32 GMT
server: nginx
etag: "650c4230-9cd1"
content-type: audio/mpeg
Content-Range: bytes 0-40144/40145
Content-Length: 40145
x-xss-protection: 1; mode=block, 1; mode=block

GET
H3 200 cookie_icon.png
cs.money/img/ 2 KB
3 KB 89ms
88ms Image
image/png 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cs.money/img/cookie_icon.png

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c6bd769b992c4c02d0c1f3e6e904a7a6949cc88c35e0f3fd4e0202bec16570e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/?phishing
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:25 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: BYPASS
last-modified: Mon, 25 Sep 2023 11:45:13 GMT
server: cloudflare
etag: W/"950-18acc286128"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=0
accept-ranges: bytes
cf-ray: 80c358d39c6a4daf-FRA
alt-svc: h3=":443"; ma=86400
content-length: 2384

GET
H2 200 adsct
t.co/1/i/ 43 B
378 B 267ms
198ms Image
image/gif 104.244.42.69
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=324441c1-9d85-4c39-a8e9-812c9f6483e2&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=560123c7-1ece-483a-8047-ec8a8b861b82&tw_document_href=https%3A%2F%2Fcs.money%2F%3Fphishing&tw_iframe_status=0&txn_id=o2eh5&type=javascript&version=2.3.29

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.69 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_f /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

x-response-time: 172
date: Mon, 25 Sep 2023 12:42:25 GMT
strict-transport-security: max-age=0
server: tsa_f
content-type: image/gif;charset=utf-8
x-transaction-id: 11da03a85eb4d0f7
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: 034de8b5c253fcf228d8b914a446fd08d0a547a3826ff0e5fa1de436f13f9ce4
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/1/i/ 43 B
726 B 195ms
125ms Image
image/gif 104.244.42.195
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=324441c1-9d85-4c39-a8e9-812c9f6483e2&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=560123c7-1ece-483a-8047-ec8a8b861b82&tw_document_href=https%3A%2F%2Fcs.money%2F%3Fphishing&tw_iframe_status=0&txn_id=o2eh5&type=javascript&version=2.3.29

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.195 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_f /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

x-response-time: 103
date: Mon, 25 Sep 2023 12:42:24 GMT
strict-transport-security: max-age=631138519
server: tsa_f
content-type: image/gif;charset=utf-8
x-transaction-id: 43dbb47bf83b7394
cache-control: no-cache, no-store, max-age=0
perf: 7626143928
x-connection-hash: 3517abe739df867c32330f6713b4c7d503cf0852b8d7dd293200a0f13b8b948a
content-length: 43

GET
H2 200 489393595593899 Show response
connect.facebook.net/signals/config/ 136 KB
36 KB 8ms
8ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/489393595593899?v=2.9.128&r=stable&domain=cs.money

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

7116d86bd771bcc73e6cff0ea50cbcea695628ff3da38a3f1120e355c21c1d5b

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 25 Sep 2023 12:42:25 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 36097
x-xss-protection: 0
pragma: public
x-fb-debug: yC1jf4KS0TzNSI173j6Tv7Wd1fxkf8SKXKwdtREULrpPFxn45yCfi/mnzg0SvV011XHVNcyH2nGsgBp2wvb4tA==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 collect Show response
owox.cs.money/ga4/4cff0b6b0ec2432087b86aad6a764abe/g/ 0
325 B 55ms
19ms XHR
image/gif 35.201.85.199
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://owox.cs.money/ga4/4cff0b6b0ec2432087b86aad6a764abe/g/collect?v=2&tid=G-CFRN8YJV66&gtm=45je39k2&_p=253220883&cid=5178709.1695645746&ul=en-us&sr=1600x1200&_fplc=0&ir=1&ur=DE-HE&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EA&sst.uc=DE&sst.gse=1&sst.etld=google.de&sst.gcsub=region1&sst.tft=1695645744306&_s=1&sid=1695645745&sct=1&seg=0&dl=https%3A%2F%2Fcs.money%2F%3Fphishing&dt=CS.MONEY%20%E2%80%94%20Trading%20Bot%20for%20fast%20CS%3AGO%20skins%20trade&en=page_view&_fv=2&_nsi=1&_ss=1&tfd=2896&richsstsse
Requested by: Host: cs.money
URL: https://cs.money/_next/static/chunks/pages/_app-deffb3a26fca6e809f62.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.85.199 , Ascension Island, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 199.85.201.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

pragma: no-cache
date: Mon, 25 Sep 2023 12:42:25 GMT
via: 1.1 google
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: image/gif
access-control-allow-origin: https://cs.money
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H2 204 collect
region1.analytics.google.com/g/ 0
249 B 37ms
13ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-HY7CCPCD7H&gtm=45je39k2&_p=253220883&_gaz=1&cid=5178709.1695645746&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EA&_s=1&sid=1695645745&sct=1&seg=0&dl=https%3A%2F%2Fcs.money%2F%3Fphishing&dt=CS.MONEY%20%E2%80%94%20Trading%20Bot%20for%20fast%20CS%3AGO%20skins%20trade&en=page_view&_fv=2&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-HY7CCPCD7H&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

pragma: no-cache
date: Mon, 25 Sep 2023 12:42:25 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cs.money
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
249 B 65ms
20ms Ping
text/plain 2a00:1450:400c:c00::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-HY7CCPCD7H&cid=5178709.1695645746&gtm=45je39k2&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-HY7CCPCD7H&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

pragma: no-cache
date: Mon, 25 Sep 2023 12:42:25 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cs.money
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 68ms
46ms Image
image/gif 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-HY7CCPCD7H&cid=5178709.1695645746&gtm=45je39k2&aip=1&z=726605566

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

pragma: no-cache
date: Mon, 25 Sep 2023 12:42:25 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 v1
web-events.esputnik.com/api/ 0
0 92ms
8ms Fetch 18.157.224.22
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://web-events.esputnik.com/api/v1

Requested by

Host: cs.money
URL: https://cs.money/_next/static/chunks/pages/_app-deffb3a26fca6e809f62.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.157.224.22 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-157-224-22.eu-central-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://cs.money/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 25 Sep 2023 12:42:25 GMT
strict-transport-security: max-age=15724800; includeSubDomains
vary: Origin
access-control-allow-origin: https://cs.money
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
access-control-allow-credentials: true
expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H2 200 / Show response
api.amplitude.com/ 7 B
204 B 181ms
181ms XHR
text/html 34.215.78.194
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.amplitude.com/

Requested by

Host: cs.money
URL: https://cs.money/_next/static/chunks/pages/_app-deffb3a26fca6e809f62.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.215.78.194 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-215-78-194.us-west-2.compute.amazonaws.com

Software

Resource Hash

aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://cs.money/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 25 Sep 2023 12:42:25 GMT
strict-transport-security: max-age=15768000
trace-id: Root=1-65118031-455078e7558fc67609141eaa
content-length: 7
access-control-allow-methods: GET, POST
content-type: text/html;charset=utf-8

GET
H2 204 56381997.js Show response
bat.bing.com/p/action/ 0
116 B 39ms
38ms Script
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/56381997.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: private,max-age=1800
date: Mon, 25 Sep 2023 12:42:25 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 1113A61FFFDE4B27B108E3191A74A5B3 Ref B: FRAEDGE1308 Ref C: 2023-09-25T12:42:25Z
x-cache: CONFIG_NOCACHE

GET
H2 204 0
bat.bing.com/action/ 0
285 B 36ms
36ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=56381997&Ver=2&mid=c89589ec-42b6-45eb-b966-54d40fb9e043&sid=faf954605ba011eebe657b45382e0777&vid=faf991205ba011ee89a247931207ac49&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=CS.MONEY%20%E2%80%94%20Trading%20Bot%20for%20fast%20CS%3AGO%20skins%20trade&kw=csmoney,%20csgomoney,%20cs%20go%20bot,%20trade%20site,%20trading%20skins,%20bot%20trade,%20trade%20skin,%20csgo%20bot,%20skin%20bot,%20swap%20csgo%20skins,%20cs%20go%20case%20trade,%20steam%20trade%20site,%20buy%20skins,%20sell%20skins,%20skin%20exchange,%20cs%20go%20items&p=https%3A%2F%2Fcs.money%2F%3Fphishing&r=&lt=1620&evt=pageLoad&sv=1&rn=935086

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 25 Sep 2023 12:42:25 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 2D3234E3DC52447FB8BF3E655FF0008F Ref B: FRAEDGE1308 Ref C: 2023-09-25T12:42:25Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 src=12489448;type=pageview;cat=allsite;ord=5640866126194;auiddc=52562672.1695645745;u1=undefined;gtm=45He39k2;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcs.money%2F%3... Show response
adservice.google.com/ddm/fls/i/ Frame FA2E 520 B
651 B 75ms
49ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/ddm/fls/i/src=12489448;type=pageview;cat=allsite;ord=5640866126194;auiddc=52562672.1695645745;u1=undefined;gtm=45He39k2;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcs.money%2F%3Fphishing

Requested by

Host: 12489448.fls.doubleclick.net
URL: https://12489448.fls.doubleclick.net/activityi;src=12489448;type=pageview;cat=allsite;ord=5640866126194;auiddc=52562672.1695645745;u1=undefined;gtm=45He39k2;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcs.money%2F%3Fphishing?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a0254f9aa97a967f76f307739aa10eb27a2b1ba6b05c59dca6e2960e6acd663f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://12489448.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 276
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 25 Sep 2023 12:42:25 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 src=12489448;type=pageview;cat=allsuniq;ord=1;num=3836746757056;auiddc=52562672.1695645745;u1=undefined;gtm=45He39k2;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcs.mon... Show response
adservice.google.com/ddm/fls/i/ Frame B15D 527 B
351 B 73ms
50ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/ddm/fls/i/src=12489448;type=pageview;cat=allsuniq;ord=1;num=3836746757056;auiddc=52562672.1695645745;u1=undefined;gtm=45He39k2;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcs.money%2F%3Fphishing

Requested by

Host: 12489448.fls.doubleclick.net
URL: https://12489448.fls.doubleclick.net/activityi;src=12489448;type=pageview;cat=allsuniq;ord=1;num=3836746757056;auiddc=52562672.1695645745;u1=undefined;gtm=45He39k2;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcs.money%2F%3Fphishing?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3054fa488717e42754cdff4aaf67971b01bdcc959702580b789d75eca603c771

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://12489448.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 282
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 25 Sep 2023 12:42:25 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 e7f7326d-44a9-4ee8-a401-e2978149a32f.js Show response
tr.snapchat.com/config/money/ 172 B
455 B 88ms
18ms Script
application/javascript 35.190.43.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.snapchat.com/config/money/e7f7326d-44a9-4ee8-a401-e2978149a32f.js

Requested by

Host: sc-static.net
URL: https://sc-static.net/scevent.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.43.134 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

134.43.190.35.bc.googleusercontent.com

Software

API Gateway /

Resource Hash

cb868c152743a6c8f152da7772f07bc82cf12a6986411590a7b542f812402df8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

Referer: https://cs.money/
Origin: https://cs.money
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:25 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
content-encoding: gzip
via: 1.1 google
server: API Gateway
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: https://cs.money
x-envoy-upstream-service-time: 0
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 i Show response
tr.snapchat.com/cm/ Frame 399A 0
201 B 82ms
16ms Document
text/html 35.190.43.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.snapchat.com/cm/i?pid=e7f7326d-44a9-4ee8-a401-e2978149a32f&u_scsid=139fe6ba-c81c-4a2d-a7cb-a7683bd39f49&u_sclid=221a99cc-33f2-4c9e-b1f5-48c3c05c515a

Requested by

Host: sc-static.net
URL: https://sc-static.net/scevent.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.43.134 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

134.43.190.35.bc.googleusercontent.com

Software

API Gateway /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains

Request headers

Referer: https://cs.money/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Mon, 25 Sep 2023 12:42:25 GMT
server: API Gateway
strict-transport-security: max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains
via: 1.1 google
x-envoy-upstream-service-time: 0

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 60ms
8ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=489393595593899&ev=PageView&dl=https%3A%2F%2Fcs.money%2F%3Fphishing&rl=&if=false&ts=1695645745904&sw=1600&sh=1200&v=2.9.128&r=stable&ec=0&o=30&fbp=fb.1.1695645745903.923638122&it=1695645745700&coo=false&rqm=GET

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 25 Sep 2023 12:42:25 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 advert.gif
mc.yandex.com/metrika/ 43 B
161 B 55ms
54ms Image
image/gif 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/metrika/advert.gif

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:26 GMT
strict-transport-security: max-age=31536000
last-modified: Mon, 25 Sep 2023 07:56:17 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
etag: "651112f1-2b"
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 43
expires: Mon, 25 Sep 2023 13:42:26 GMT

GET
H2 200 src=12489448;type=pageview;cat=allsite;ord=5640866126194;auiddc=52562672.1695645745;u1=undefined;gtm=45He39k2;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcs.money%2F%3... Show response
adservice.google.de/ddm/fls/i/ Frame 6A9C 194 B
150 B 277ms
47ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/ddm/fls/i/src=12489448;type=pageview;cat=allsite;ord=5640866126194;auiddc=52562672.1695645745;u1=undefined;gtm=45He39k2;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcs.money%2F%3Fphishing

Requested by

Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/src=12489448;type=pageview;cat=allsite;ord=5640866126194;auiddc=52562672.1695645745;u1=undefined;gtm=45He39k2;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcs.money%2F%3Fphishing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 85
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 25 Sep 2023 12:42:26 GMT
expires: Mon, 25 Sep 2023 12:42:26 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 src=12489448;type=pageview;cat=allsuniq;ord=1;num=3836746757056;auiddc=52562672.1695645745;u1=undefined;gtm=45He39k2;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcs.mon... Show response
adservice.google.de/ddm/fls/i/ Frame F346 194 B
515 B 270ms
45ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/ddm/fls/i/src=12489448;type=pageview;cat=allsuniq;ord=1;num=3836746757056;auiddc=52562672.1695645745;u1=undefined;gtm=45He39k2;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcs.money%2F%3Fphishing

Requested by

Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/src=12489448;type=pageview;cat=allsuniq;ord=1;num=3836746757056;auiddc=52562672.1695645745;u1=undefined;gtm=45He39k2;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;epver=2;~oref=https%3A%2F%2Fcs.money%2F%3Fphishing

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 85
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 25 Sep 2023 12:42:26 GMT
expires: Mon, 25 Sep 2023 12:42:26 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

1 Show response
mc.yandex.com/watch/37320625/
Redirect Chain

https://mc.yandex.com/watch/37320625?wmode=7&page-url=https%3A%2F%2Fcs.money%2F%3Fphishing&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3qm6qq812ez2u52y4wzrnbv%3Afp%3A864%3Afu%3A0%3Aen%3...
https://mc.yandex.com/watch/37320625/1?wmode=7&page-url=https%3A%2F%2Fcs.money%2F%3Fphishing&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3qm6qq812ez2u52y4wzrnbv%3Afp%3A864%3Afu%3A0%3Aen...

460 B
543 B

59ms
59ms

XHR
application/json

2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/37320625/1?wmode=7&page-url=https%3A%2F%2Fcs.money%2F%3Fphishing&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3qm6qq812ez2u52y4wzrnbv%3Afp%3A864%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1120%3Acn%3A1%3Adp%3A0%3Als%3A431760191888%3Ahid%3A965080272%3Az%3A120%3Ai%3A20230925144226%3Aet%3A1695645746%3Ac%3A1%3Arn%3A414417630%3Arqn%3A1%3Au%3A1695645746907619808%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A25%2C18%2C162%2C43%2C347%2C0%2C%2C24%2C1%2C%2C%2C%2C1619%3Aco%3A0%3Acpf%3A1%3Ans%3A1695645742878%3Arqnl%3A1%3Ast%3A1695645746%3At%3ACS.MONEY%20%E2%80%94%20Trading%20Bot%20for%20fast%20CS%3AGO%20skins%20trade&t=gdpr%2814%29mc%28p-2-ui-1-up-1%29clc%280-0-0%29rqnt%281%29aw%281%29ecs%280%29ti%282%29&redirnss=1

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

099518703af0f449f3892cc3cc74ca2bda35ce444453713871f1c6345dee802c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

pragma: no-cache
date: Mon, 25 Sep 2023 12:42:26 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
last-modified: Mon, 25-Sep-2023 12:42:26 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-type: application/json; charset=utf-8
access-control-allow-origin: https://cs.money
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 460
x-xss-protection: 1; mode=block
expires: Mon, 25-Sep-2023 12:42:26 GMT

Redirect headers

pragma: no-cache
date: Mon, 25 Sep 2023 12:42:26 GMT
strict-transport-security: max-age=31536000
last-modified: Mon, 25-Sep-2023 12:42:26 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
location: /watch/37320625/1?wmode=7&page-url=https%3A%2F%2Fcs.money%2F%3Fphishing&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3qm6qq812ez2u52y4wzrnbv%3Afp%3A864%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1120%3Acn%3A1%3Adp%3A0%3Als%3A431760191888%3Ahid%3A965080272%3Az%3A120%3Ai%3A20230925144226%3Aet%3A1695645746%3Ac%3A1%3Arn%3A414417630%3Arqn%3A1%3Au%3A1695645746907619808%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A25%2C18%2C162%2C43%2C347%2C0%2C%2C24%2C1%2C%2C%2C%2C1619%3Aco%3A0%3Acpf%3A1%3Ans%3A1695645742878%3Arqnl%3A1%3Ast%3A1695645746%3At%3ACS.MONEY%20%E2%80%94%20Trading%20Bot%20for%20fast%20CS%3AGO%20skins%20trade&t=gdpr%2814%29mc%28p-2-ui-1-up-1%29clc%280-0-0%29rqnt%281%29aw%281%29ecs%280%29ti%282%29&redirnss=1
access-control-allow-origin: https://cs.money
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
expires: Mon, 25-Sep-2023 12:42:26 GMT

GET
H2 200 164371_48785_.jpg
secure.usedesk.ru//upload/chat_images/164371/ 9 KB
7 KB 51ms
51ms Image
image/jpeg 82.202.192.242
SELECTEL-MSK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.usedesk.ru//upload/chat_images/164371/164371_48785_.jpg

Requested by

Host: cs.money
URL: https://cs.money/?phishing

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

82.202.192.242 , Russian Federation, ASN50340 (SELECTEL-MSK, RU),

Reverse DNS

Software

nginx /

Resource Hash

78048f3c6b4fbb87657beba86ddaed0287a44944a95e59e0d77371850c81bd81

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 25 Sep 2023 12:42:26 GMT
strict-transport-security: max-age=63072000
x-content-type-options: nosniff
last-modified: Thu, 27 Jul 2023 08:30:28 GMT
server: nginx
content-encoding: gzip
etag: W/"64c22b24-25bb"
content-type: image/jpeg
cache-control: max-age=86400, private
x-xss-protection: 1; mode=block
expires: Tue, 26 Sep 2023 12:42:26 GMT

POST
H2 200 p
tr.snapchat.com/ 0
87 B 19ms
18ms Ping
text/plain 35.190.43.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.snapchat.com/p

Requested by

Host: sc-static.net
URL: https://sc-static.net/scevent.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.43.134 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

134.43.190.35.bc.googleusercontent.com

Software

API Gateway /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains

Request headers

Referer: https://cs.money/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Content-Type: application/json

Response headers

date: Mon, 25 Sep 2023 12:42:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains
via: 1.1 google
server: API Gateway
access-control-allow-origin: https://cs.money
x-envoy-upstream-service-time: 1
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H2 200 1
mc.yandex.com/watch/37320625/ 43 B
74 B 58ms
58ms Ping
image/gif 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/37320625/1?page-url=https%3A%2F%2Fcs.money%2F%3Fphishing&charset=utf-8&hittoken=1695645746_e37a77f6bcf2695e62faba05b6f3894f30d6c2ea97ab7ae63e2b2dd36d8e2243&browser-info=pa%3A1%3Aar%3A1%3Avf%3A3qm6qq812ez2u52y4wzrnbv%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1120%3Acn%3A1%3Adp%3A1%3Als%3A431760191888%3Ahid%3A965080272%3Az%3A120%3Ai%3A20230925144226%3Aet%3A1695645746%3Ac%3A1%3Arn%3A731308399%3Arqn%3A2%3Au%3A1695645746907619808%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Acpf%3A1%3Ans%3A1695645742878%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1695645746&t=gdpr(14%2C14)mc(p-2-ui-1-up-1)clc(0-0-0)rqnt(2)lt(134800)aw(1)ecs(0)ti(0)&force-urlencoded=1&site-info=%7B%22__ym%22%3A%7B%22user_id%22%3A%22undefined%22%7D%7D

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

pragma: no-cache
date: Mon, 25 Sep 2023 12:42:26 GMT
strict-transport-security: max-age=31536000
last-modified: Mon, 25-Sep-2023 12:42:26 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-type: image/gif
access-control-allow-origin: https://cs.money
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Mon, 25-Sep-2023 12:42:26 GMT

POST
H2 200 1
mc.yandex.com/watch/37320625/ 43 B
74 B 58ms
58ms Ping
image/gif 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/37320625/1?page-url=https%3A%2F%2Fcs.money%2F%3Fphishing&charset=utf-8&hittoken=1695645746_e37a77f6bcf2695e62faba05b6f3894f30d6c2ea97ab7ae63e2b2dd36d8e2243&browser-info=pa%3A1%3Aar%3A1%3Avf%3A3qm6qq812ez2u52y4wzrnbv%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1120%3Acn%3A1%3Adp%3A1%3Als%3A431760191888%3Ahid%3A965080272%3Az%3A120%3Ai%3A20230925144226%3Aet%3A1695645746%3Ac%3A1%3Arn%3A1035937290%3Arqn%3A3%3Au%3A1695645746907619808%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Acpf%3A1%3Ans%3A1695645742878%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1695645746&t=gdpr(14%2C14%2C14)mc(p-2-ui-1-up-1)clc(0-0-0)rqnt(3)lt(134800)aw(1)ecs(0)ti(0)&force-urlencoded=1&site-info=%7B%22__ymu%22%3A%7B%22steamid64%22%3A%22undefined%22%7D%7D

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cs.money/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

pragma: no-cache
date: Mon, 25 Sep 2023 12:42:26 GMT
strict-transport-security: max-age=31536000
last-modified: Mon, 25-Sep-2023 12:42:26 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-type: image/gif
access-control-allow-origin: https://cs.money
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Mon, 25-Sep-2023 12:42:26 GMT

OPTIONS
H2 200 p
tr.snapchat.com/ Frame 0
0 16ms
15ms Preflight 35.190.43.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tr.snapchat.com/p
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.43.134 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 134.43.190.35.bc.googleusercontent.com
Software: API Gateway /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://cs.money
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Authorization,Content-Type,x-grpc-web,X-Snap-Route-Tag,x-cof-user-agent,x-snap-client-user-agent,bitmoji-token,X-Snap-Access-Token
access-control-allow-methods: GET,POST,PUT,DELETE,OPTIONS,PATCH
access-control-allow-origin: https://cs.money
access-control-max-age: 600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Mon, 25 Sep 2023 12:42:25 GMT
server: API Gateway
via: 1.1 google

POST
H2 200 / Show response
www.facebook.com/tr/ Frame 9B01 0
67 B 24ms
24ms Document
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://cs.money
Referer: https://cs.money/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://cs.money
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Mon, 25 Sep 2023 12:42:26 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

POST
H2 200 37320625 Show response
mc.yandex.com/webvisor/ 43 B
145 B 322ms
110ms XHR
image/gif 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/webvisor/37320625?wv-part=1&wmode=0&wv-hit=965080272&page-url=https%3A%2F%2Fcs.money%2F%3Fphishing&rn=474314087&wv-type=3&browser-info=bt%3A1%3Awe%3A1%3Aet%3A1695645749%3Aw%3A1600x1200%3Av%3A1120%3Az%3A120%3Ai%3A20230925144229%3Au%3A1695645746907619808%3Avf%3A3qm6qq812ez2u52y4wzrnbv%3Ast%3A1695645749&t=gdpr(14%2C14%2C14)ti(2)

Requested by

Host: cs.money
URL: https://cs.money/_next/static/chunks/pages/_app-deffb3a26fca6e809f62.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://cs.money/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 25 Sep 2023 12:42:29 GMT
strict-transport-security: max-age=31536000
last-modified: Mon, 25-Sep-2023 12:42:29 GMT
content-type: image/gif
access-control-allow-origin: https://cs.money
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Mon, 25-Sep-2023 12:42:29 GMT

POST
H2 200 37320625 Show response
mc.yandex.com/webvisor/ 43 B
73 B 54ms
54ms XHR
image/gif 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/webvisor/37320625?wv-part=1&wmode=0&wv-hit=965080272&page-url=https%3A%2F%2Fcs.money%2F%3Fphishing&rn=619220911&wv-type=3&browser-info=we%3A1%3Aet%3A1695645750%3Aw%3A1600x1200%3Av%3A1120%3Az%3A120%3Ai%3A20230925144229%3Au%3A1695645746907619808%3Avf%3A3qm6qq812ez2u52y4wzrnbv%3Ast%3A1695645750&t=gdpr(14%2C14%2C14)ti(2)

Requested by

Host: cs.money
URL: https://cs.money/_next/static/chunks/pages/_app-deffb3a26fca6e809f62.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://cs.money/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 25 Sep 2023 12:42:29 GMT
strict-transport-security: max-age=31536000
last-modified: Mon, 25-Sep-2023 12:42:29 GMT
content-type: image/gif
access-control-allow-origin: https://cs.money
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Mon, 25-Sep-2023 12:42:29 GMT

OPTIONS
H2 204 traces
traces.cs.money/v1/ Frame 0
0 78ms
42ms Preflight 104.20.77.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://traces.cs.money/v1/traces

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.77.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://cs.money
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
access-control-allow-origin: https://cs.money
access-control-max-age: 1728000
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 80c358f29c7a6973-FRA
content-length: 0
date: Mon, 25 Sep 2023 12:42:30 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff

POST
H3 200 traces
traces.cs.money/v1/ 21 B
330 B 80ms
79ms Ping
application/json 104.20.76.156
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://traces.cs.money/v1/traces

Requested by

Host: cs.money
URL: https://cs.money/_next/static/chunks/pages/_app-deffb3a26fca6e809f62.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.20.76.156 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f56b35823a693646bf987ca07c9cbc4ff72a83b79b34595b20546b539795fdf0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cs.money/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Content-Type: application/json

Response headers

date: Mon, 25 Sep 2023 12:42:30 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
access-control-max-age: 1728000
access-control-allow-methods: GET, PUT, POST, DELETE, PATCH, OPTIONS
content-type: application/json
access-control-allow-origin: https://cs.money
access-control-allow-credentials: true
cf-ray: 80c358f2e8164daf-FRA
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
content-length: 21
alt-svc: h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

253 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

35 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
sc-static.net/scevent.min.js	1970-01-20 15:02:12	Name: X-AB Value: 0d6e407936704bd380072f5891d28b0e
.ziditipecvasp.gq/	1970-01-20 23:46:21	Name: __ddg1_ Value: qqr79EBMMd6ocaSSmqa1
cs.money/	1970-01-20 23:46:21	Name: region Value: Hesse
.cs.money/	1969-12-31 23:59:59	Name: new_language Value: en
.gleam.io/	1970-01-20 15:00:47	Name: __cf_bm Value: hu5MXK0rFRpcpmRsx9k_5QMlrdalOg8aNYc4b4vV0P0-1695645744-0-AdUR4tpKTCzw8EBPy9GQf5VIRLcG6BZiFIPat7UDdRVLenVk0eGaX5TjBXRAEx/TWBXASyr6YR1LYZPi0sTFhgI=
ws-new.cs.money/	1969-12-31 23:59:59	Name: INGRESSCOOKIE Value: 1695645745.5.3572.481243\|a8ab3df3d2a541d90d3cb04afbdf6104
.cs.money/	1970-01-21 00:36:45	Name: amplitude_id_c14fa5162b6e034d1c3b12854f3a26f5cs.money Value: eyJkZXZpY2VJZCI6ImE3ODU5ZDg2LTEyM2ItNGIzMy1iNzc1LTBmNjUzMDJkM2RkN1IiLCJ1c2VySWQiOm51bGwsIm9wdE91dCI6ZmFsc2UsInNlc3Npb25JZCI6MTY5NTY0NTc0NDcxNCwibGFzdEV2ZW50VGltZSI6MTY5NTY0NTc0NDcyNSwiZXZlbnRJZCI6MSwiaWRlbnRpZnlJZCI6Miwic2VxdWVuY2VOdW1iZXIiOjN9
.cs.money/	1970-01-21 00:36:45	Name: sc Value: 9BE1654F-75ED-4DA2-6865-04619421529B
.cs.money/	1970-01-20 17:10:21	Name: _gcl_au Value: 1.1.52562672.1695645745
.cs.money/	1970-01-20 23:46:21	Name: _hjSessionUser_2848248 Value: eyJpZCI6IjZkYmJmMTk2LWU3MjgtNTNhNi05ZDQ4LTBkYzAxMjhhYTUxNyIsImNyZWF0ZWQiOjE2OTU2NDU3NDUxOTUsImV4aXN0aW5nIjpmYWxzZX0=
.cs.money/	1970-01-20 15:00:47	Name: _hjFirstSeen Value: 1
.cs.money/	1970-01-20 15:00:45	Name: _hjIncludedInSessionSample_2848248 Value: 1
.cs.money/	1970-01-20 15:00:47	Name: _hjSession_2848248 Value: eyJpZCI6ImU0NGYwOGY2LWE2NGYtNGVjNi05NzI0LWU0NDY0MzY5Yjk1OSIsImNyZWF0ZWQiOjE2OTU2NDU3NDUxOTcsImluU2FtcGxlIjp0cnVlfQ==
.cs.money/	1970-01-20 15:00:47	Name: _hjAbsoluteSessionInProgress Value: 0
cs.money/	1969-12-31 23:59:59	Name: _hjHasCachedUserAttributes Value: true
.doubleclick.net/	1970-01-20 15:00:46	Name: test_cookie Value: CheckForPermission
.cs.money/	1970-01-21 00:36:45	Name: _ga_CFRN8YJV66 Value: GS1.1.1695645745.1.0.1695645745.0.0.0
.cs.money/	1970-01-21 00:36:45	Name: _ga Value: GA1.1.5178709.1695645746
.cs.money/	1970-01-21 00:36:45	Name: _ga_HY7CCPCD7H Value: GS1.1.1695645745.1.0.1695645745.60.0.0
.cs.money/	1970-01-20 23:44:55	Name: ouid Value: 997856130_3841282808
.cs.money/	1970-01-20 15:02:12	Name: _uetsid Value: faf954605ba011eebe657b45382e0777
.cs.money/	1970-01-21 00:22:21	Name: _uetvid Value: faf991205ba011ee89a247931207ac49
.cs.money/	1970-01-21 00:30:32	Name: _scid Value: 19275256-a262-4c75-872e-43dc7f3114ce
.cs.money/	1970-01-21 00:30:32	Name: _scid_r Value: 19275256-a262-4c75-872e-43dc7f3114ce
.twitter.com/	1970-01-21 00:36:45	Name: guest_id_marketing Value: v1%3A169564574582047461
.twitter.com/	1970-01-21 00:36:45	Name: guest_id_ads Value: v1%3A169564574582047461
.twitter.com/	1970-01-21 00:36:45	Name: personalization_id Value: "v1_leZkG9DoH9CRY5mSwE1B0Q=="
.twitter.com/	1970-01-21 00:36:45	Name: guest_id Value: v1%3A169564574582047461
.bing.com/	1970-01-21 00:22:21	Name: MUID Value: 081CC0A55F3E60BE38BED3325EEC612A
.cs.money/	1970-01-20 17:10:21	Name: _fbp Value: fb.1.1695645745903.923638122
.t.co/	1970-01-21 00:36:45	Name: muc_ads Value: a2d7c699-22e8-4953-88c9-64c97f98a4a5
.cs.money/	1970-01-20 23:46:21	Name: _ym_uid Value: 1695645746907619808
.cs.money/	1970-01-20 23:46:21	Name: _ym_d Value: 1695645746
.cs.money/	1970-01-20 15:01:57	Name: _ym_isad Value: 2
.cs.money/	1970-01-20 15:00:47	Name: _ym_visorc Value: w

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

12489448.fls.doubleclick.net
adservice.google.com
adservice.google.de
analytics.twitter.com
api.amplitude.com
bat.bing.com
cdn.amplitude.com
connect.facebook.net
cs.money
esputnik.com
fonts.googleapis.com
fonts.gstatic.com
gleam.io
lib.usedesk.ru
mc.yandex.com
mc.yandex.ru
owox.cs.money
region1.analytics.google.com
sc-static.net
script.hotjar.com
secure.usedesk.ru
site-script.esputnik.com
static.ads-twitter.com
static.hotjar.com
statics.esputnik.com
stats.g.doubleclick.net
t.co
tr.snapchat.com
traces.cs.money
web-events.esputnik.com
www.facebook.com
www.google.de
www.googletagmanager.com
ziditipecvasp.gq
104.20.76.156
104.20.77.156
104.244.42.195
104.244.42.69
13.227.219.120
142.250.186.134
146.75.116.157
172.66.40.77
18.157.224.22
18.66.97.37
185.178.208.181
2001:4860:4802:34::36
2620:1ec:c11::200
2a00:1450:4001:803::2008
2a00:1450:4001:80f::2003
2a00:1450:4001:812::2002
2a00:1450:4001:812::2003
2a00:1450:4001:82f::200a
2a00:1450:4001:831::2002
2a00:1450:400c:c00::9d
2a02:6b8::1:119
2a03:2880:f083:9:face:b00c:0:3
2a03:2880:f176:181:face:b00c:0:25de
2a05:d018:ac8:b900:d0e7:d53c:1be7:d35a
34.215.78.194
35.190.43.134
35.201.85.199
52.222.206.178
54.192.87.248
54.72.52.209
82.202.192.242
94.130.55.46
05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf
0622d450be1e4ba7f9b65d6ad44dd182e31f53ad3ff3fc518902ee3bcbab7bfd
099518703af0f449f3892cc3cc74ca2bda35ce444453713871f1c6345dee802c
0b7ff1fc9c359042b79f1741d60f49ba92210ea1b736eaa88c826b24c1adb500
0c6f589710c4e9ad9f1344b870053f4a852d21c59b8a1f1c468c6a29c4c5d9d9
0cfd399fa94425cf05c937b5e51d65c3782f65d521aaefb6729a4da7cfa587f4
0ed3951da9dab8b89e554d90750c743256c30de6e7c785f79dc779d5ff48224a
1034ef43de4c9becfe10291877be0655dc1d8884c26a77b7ab65db3e5cac27b5
1044401a605e4aa8aa486988c25364bc7782068567d65990b4c358d1a3f3a113
157bd7032975a23fac1a85326d0d57c7fee793c4742c518dbb34b9fb9c0b9af8
1959748de4e441488eafac628f9ba4607ad44699d5202569c12feac3ff0dceea
1a2e3f2da300117cf6224e22fad42b69971131f177df1f3aaef876389197407f
20391cdc35039ea85e5420a2d30591fdcf8432b489c208d19d02d145b31fe05c
20de034cf9146746b46540f25ebd138c0d917d13792ab71ad2fe3b9609d0d997
2134d71bc9b7857bf14c5d8c74134a607c1b0b6c61a8856fa1d3d7571935d02a
216989f80a3a1692860b3b9096b64fff2cdd5b3e5b245b824dd3ce1a0e4194c0
217e7b9f01dcbdae1d2835882c87fb3adb9118912ada12605090c2240f0bdac0
246aaf2b5e61543b906fcca7a9a25a4f12f78976e2a4f38d81576b4adac74855
25f0d9a182b9a8883cf36f88666a255c54f4ee878e07ab76b73b6db27d2faaa9
276701dace702146f505e1c7ff4ba05a8e8d09e6e6b3d37923da1374dc7c73a3
277bc854e06499fc5ea8d5878d7538ab92a3036cb143bc0e21455fd977d101e0
286d47695ee1d88afa44f7e105e33c23f45b94eb8e73ded1b60a91439651e6e0
2ae0ac0af8c7608ddbec514233ee34a55ddc812c94a6a6d4cc6c0718ba89f410
2bbdea1641907d8624ed5fff410ac82a57e6328332422a0118067115a0c92af7
2dd58354d6eb2794872b4258df9865511bc93c3bc5d94ea451f18942100d50f2
2e8d8e03816ce2481ffcf2c36e49455e50df685420e7aab096344909ad694d8e
3054fa488717e42754cdff4aaf67971b01bdcc959702580b789d75eca603c771
3232e9b1c00994476c3099803362d43ac7b02c1d063e62411a9f7dcf63438eed
3385cdd204a67a60519900d1c4b12a457be3f5661e8ba422fdd173b86bc0f791
33bc28ac07bffbc02bb7c556b320d5d0154758b6ec5c4fbac209376f93a96dfc
355ebb91fab9395a1935a16e2e925d4ad44794f0e75c13e52789f2c19de0e919
37af93dee138c56b85b6547079c5ff2a96ca2deca7edfa854537b8d3fe61ba6f
3bcf04ca301e44f13f404c8a04aa4ae707f67a950e12ef30c238f96e784266a1
3c256a85e960536144d7705e510c156005e30a06f18bb6609f161689bd8727c9
3ef4f13614a362806526011a90b754d433b8596d726ed6d2d587d76444a9566a
40838573fd3cb7b5b4c15bac832806ec5681cb9129ab6fe15d3c7f19165bef38
40b2601848e753bebf1cbfebd0ead2d69b165d9a477d15f533b146e1febade01
4101e107aca8fa8767d9418aa96c3c65deccab6d00effbb62d709e1e2d570ef2
415cc4f54ca1a125d0cad028b5d33b6d37bdeace8c6a2d141c7a4bac34527248
4544f00cd5f661622ed335dde404b4b24851ef95ec6d08e1b34c4e8d538b8994
475af5fdb913c07a44a0514550ff6a3bfe36680a4be043c4fffaf7e4eba92142
477a6f20f1f9a1cbfad1118cddb7840ca6bf82edf3d62fc3dbd39b81a40db512
47a7913d4ba5fd2700a8a891ec67209bf03f39dbab71a1263dc5a6588b0656d1
48013ae3c8601cfa96c12086ef380d9a242f897f2ec863d1890fd4e7ab7af74f
48ba180c5cbae5c6f70f719187f3d1c6473cccf3578ef5b9594098cac63ad1d6
4a9bc206c967e065909a6cf9b249b42eb6d7c9933a73519d2772cbf88bfae5e3
4b400c8a09997d596f18e18e6cdade8a96a100e821beabbac68e81c747ff6c80
4e9cfedd22e84aeda326ac9c06bb934fe47b0d64a6da808b19767b64647fd27e
4f431b80eefc05d6a10f7d005317c1cb4c6575e06b8b6e95dde11eb040f66c94
50bdb38bd653a08249fe048eb93ef35272f19b822db1d15383f710bc0fa63f7b
535b2abfe5021a4ebd5577db4ff0bcc358dd30d4943df49d02a26feb8c1a4ea4
53f9d00057b365252a452669aad24e1d0fa72b9d0e626347021d9c216de92126
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5a05b2bb4a4b326f2de4b75ec44196b2eb073ce25ec8f00e0c4b6b1bc2ec8c0b
5bac0564702a691e8612c7d356a4aa52a4c817163bcd19b39d9f556d6493dc86
5c7ba7379c862d99cf8094cd02405adbe7f710c5eb81d8563dea6911b2ddb01c
5dd0114bcf5cbcb279a13417cfa97b44bc0fcf55042bf007d35daae170a2bb62
5f9f54e2a62b8a3d8bb03ff28045eb741f442e9583dfcad1ab8914626f4ecf54
609d6bfeb2dc769f744210667bc28c764c806678161441ca35cf45ee69bbdbe2
60feb38fb7f7aa935d9d6dc78f5ccdd6c254369b3b916f7f651cbeef40fdd271
62cbd4307a6c66a03bd7a48c0be685fd72b46af35e8c83d576ff736ceb8d00df
642c0e19fcc8d769a7fefd4f563a26bde602ec2960f69467ce9628ca090a8f48
6966db3c0ad9eea0b85f91521849cc97244d8037a434cf7996b8ac7ac7a09437
6b9ed80639bca469212b8517f2a05da172dbaa83396d0991fc5ae3d41a15cf8b
6bc00d7df49cf0636cb80bf4366720cde3d6fcaa50e711cd438bd22b678dbb81
6f133a6b918849959ebbf7d33843ce25653b47ec473b4ef7ab9ca25706a4f680
6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e
6f69de9cdb32a508852b2e7be4bdc73a185368f54114aca80c588b4144d52241
7116d86bd771bcc73e6cff0ea50cbcea695628ff3da38a3f1120e355c21c1d5b
71d9c2d6abb6dac955a97b01e90a449f166b1e6703e405c495be4687a4b86252
77f683e0b20e287f868fe0f7428a34bd12f9a2f3aeb69c055154b874f5df8407
78048f3c6b4fbb87657beba86ddaed0287a44944a95e59e0d77371850c81bd81
79b08ce421d186862222ce7c2813ffc23323b62c12254dd6573bc81c6b3b222e
7fa2740cb04acff61ee1ff217d2941b24801d24f892a004d9aa2b1b277239289
82360d694f3a689dc096fff534ba6f798d91d9d049d48f5a59b59e320a5e5ae4
8293d74da3a1f358338a87ac27c56837300d351ebb093c2b47f2ff2cd362f314
8446b3d96567533b26d22c4c2c85f7f55e44327cd23d70ee8df38613b930fce1
8810d27df6380ffa3c03510776538e45616fa7ca195882e7e08a50743f95f6b6
8e91a7689e7e98c6691bc2a4446d0a5b3cb6a22ebb1630fda76b02158de5481d
902863ecb0bacce110204696a3348ce1f262ededa24066df09596811fb5704c0
928c1e41db7da30ec2b642e41d877d798dc416c94c23a3b119477dc8db2934bf
978a987f7d64b9b592fee3ba591ac77a4153a9776c4836b6bee511ef3b0c2e26
99bd763141cda051f35be03257f7a49f49e644055e0941bacb76be1438407788
9a6a4bb5e76cc9b441fe3e4e0c58654db8ab866a222f9083615302a8769c4b91
9be605845609a20b806a2bd3815f2093a5610f79b4aa6c4bea13f207db050656
9fa95101414ec2dcb5d7a65f90f0970b8326971fc25a96015bd7d55a3c193d9f
a0254f9aa97a967f76f307739aa10eb27a2b1ba6b05c59dca6e2960e6acd663f
a19415d2ba0d26344a11208f862c09db40e34c88e9e051a16594319997b5dffd
a236aed5086b9c24d3cc94944d4349e9ce469f325ac23bafcaa5fe3659b15fd1
a66ca5d72edc946137f101c9ab953f7f29d4b0d5ab0b965aa0e4a95721c9d9bb
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ad0117e867fcc0670048ddb72a6cd21fd5587b9602e7f17689ec48221826e503
ae30262a7ab20ec3c8e0f7047d1556a3c56f82cfa046612aae7b19a6cccbc39c
ae774b118cee10d72c1015cbb80162bcb4d78eb766de2cd91556c75b3f53842e
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
b02d00f123297597d6e4b02dfbee910cfe211687b2d454309d5dd9b1b39fd0e4
b498e3228d7051da553d172df4a480e4fc65d03dc713fefa8dab80711ffb871c
bc0bcf1cbdfa76a00669186eff9de57b63543d8c0b455f8064392746f2441d37
bca18cc57da7959c0a41faee4877fd623171185eac985a0a196593a4b5448392
bf4721979f43b9b977b8930f1e3deaf101179c757ff1a9d94742de406dacef94
bf89459db665da36d40200cd68a1253c3aeac1ba4635188c5c4f1de298a1df64
c1ce3247c2cf0613c84467f5aada18c3ec2632052d8b3d4f133b112f87495ade
c512c7f3b3197df4f2e44ed1fe4bacd25b3a2ee7f3d27d65b74873d49b9d88c2
c53360cd237fd4106a34c37adc4ac9dc49421cfb37bbb7db51d316c5dfd5cf98
c6bd769b992c4c02d0c1f3e6e904a7a6949cc88c35e0f3fd4e0202bec16570e5
c7de15eb095bebecfe389c0e560e822ca4806258cb0307f366911027b7936ab2
cb868c152743a6c8f152da7772f07bc82cf12a6986411590a7b542f812402df8
cc45f5680d9740d5c1544e03e02e5efeb308d631a044a763bbec4d696f105b11
cdce51973421a2b535300be93b4cbac7ace5ad7b31b763d1ceb48f27fcd2e910
cdce87df81db165a364e1e3ac04e58fa09f8137b15c648bf5bc4daa3501df773
ce8297461f2c955f892b80065fc9c4edbfac56294c2e1f7c21616e6bc23b38e8
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee
d37f2e7600e0ea073cd27c539b2aa1c34d082a9ef8b45affb6cc61d7182c06e8
d8179c8d496e99f2d8fad4d19bb2704f608fce31104b27735e01e402a2a1425d
dad0ae457c13ddb73c875ded3870c53b6cb6ce280298be6c7b6dd0cfcdd81085
de80f389c480e5b105eb477cd75efca6d5f5b8908d2435093cdc12d3335bb86d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ebc23e04c6e9a5a68191d90e74f63901d721b8087b5d816fe84356c0076ac9ec
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2d765a89a38a673eafdff4cef0ddc184195b0dcd6d94506928562852fe24f54
f56b35823a693646bf987ca07c9cbc4ff72a83b79b34595b20546b539795fdf0
f71116c3c63cace49a4343f08d223a13fd8ee478449c7ce4c0a5126c90e82b7b
f95886a5ec10ee4923934f0614197df5be6a804a6bf11fd5b9ecaf72674292b6
ff797f0b7fcde485fe7ba3926903e37669e57eccc13563da2bafb2e9b2758d35
ff8e0e37256275dbe7f694b9c4933a4e94b8ad3d9dfa9b736a636a40e971f29f

cs.money Open in urlscan Pro 104.20.76.156 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

144 Requests

99 %HTTPS

41 %IPv6

23 Domains

34 Subdomains

31 IPs

7 Countries

5645 kBTransfer

12401 kBSize

35 Cookies

20 Outgoing links

Page URL History

Redirected requests

144 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

cs.money Open in urlscan Pro
104.20.76.156 Public Scan

Screenshot
Live screenshot

Full Image

144
Requests

99 %
HTTPS

41 %
IPv6

23
Domains

34
Subdomains

31
IPs

7
Countries

5645 kB
Transfer

12401 kB
Size

35
Cookies

144 HTTP transactions
0 data transactions