entries.winloot.com Open in urlscan Pro
2606:4700:4400::ac40:9672 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://dailymoneyposttime.com/baaa2fbc-0b36-4d6f-81f4-39c3b52dc40399de3e6a5553350a37b057ff25728d67
Effective URL:
https://entries.winloot.com/bad-request?ec=a
Submission: On December 09 via api (December 9th 2024, 5:57:34 am UTC) from US — Scanned from US

Summary HTTP 47 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 14 IPs in 1 countries across 14 domains to perform 47 HTTP transactions. The main IP is 2606:4700:4400::ac40:9672, located in United States and belongs to CLOUDFLARENET, US. The main domain is entries.winloot.com.
TLS certificate: Issued by WE1 on November 25th 2024. Valid for: 3 months.

This is the only time entries.winloot.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	35.169.3.110 35.169.3.110	14618 (AMAZON-AES) (AMAZON-AES)
2 2	3.228.66.30 3.228.66.30	14618 (AMAZON-AES) (AMAZON-AES)
2 14	2606:4700:440... 2606:4700:4400::ac40:9672	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2607:f8b0:400... 2607:f8b0:4004:c17::5f	15169 (GOOGLE) (GOOGLE)
1	34.117.190.90 34.117.190.90	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2607:f8b0:400... 2607:f8b0:4004:c17::61	15169 (GOOGLE) (GOOGLE)
5	2607:f8b0:400... 2607:f8b0:4004:c1f::9c	15169 (GOOGLE) (GOOGLE)
1	2a04:4e42:400... 2a04:4e42:400::485	54113 (FASTLY) (FASTLY)
6	35.171.171.72 35.171.171.72	14618 (AMAZON-AES) (AMAZON-AES)
3	2607:f8b0:400... 2607:f8b0:4004:c08::5e	15169 (GOOGLE) (GOOGLE)
2	108.139.29.96 108.139.29.96	16509 (AMAZON-02) (AMAZON-02)
2	2607:f8b0:400... 2607:f8b0:4004:c09::8b	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4004:c09::9c	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4004:c1b::8a	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4004:c09::9d	15169 (GOOGLE) (GOOGLE)
47	14

1 35.169.3.110 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-169-3-110.compute-1.amazonaws.com

dailymoneyposttime.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.228.66.30 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-228-66-30.compute-1.amazonaws.com

wltcktrck.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
wnltrack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2606:4700:4400::ac40:9672 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

entries.winloot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4004:c17::5f (Washington, United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.117.190.90 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 90.190.117.34.bc.googleusercontent.com

pm.geniusmonkey.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c17::61 (Washington, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2607:f8b0:4004:c1f::9c (Washington, United States)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:400::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 35.171.171.72 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-171-171-72.compute-1.amazonaws.com

script.anura.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4004:c08::5e (Washington, United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 108.139.29.96 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-139-29-96.jfk50.r.cloudfront.net

ads.anura.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c09::8b (Washington, United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c09::9c (Washington, United States)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c1b::8a (Washington, United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c09::9d (Washington, United States)

ASN15169 (GOOGLE, US)

td.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	winloot.com 2 redirects entries.winloot.com	630 KB
8	anura.io script.anura.io — Cisco Umbrella Rank: 50831 ads.anura.io — Cisco Umbrella Rank: 64387	54 KB
4	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 110	228 KB
4	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29	4 KB
3	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 43 stats.g.doubleclick.net — Cisco Umbrella Rank: 135 td.doubleclick.net — Cisco Umbrella Rank: 182	556 B
3	gstatic.com fonts.gstatic.com	56 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 36	22 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	204 KB
1	google.com analytics.google.com — Cisco Umbrella Rank: 142
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 318	38 KB
1	geniusmonkey.com pm.geniusmonkey.com — Cisco Umbrella Rank: 16117	158 B
1	wnltrack.com 1 redirects wnltrack.com	888 B
1	wltcktrck.com 1 redirects wltcktrck.com	383 B
1	dailymoneyposttime.com 1 redirects dailymoneyposttime.com	371 B
47	14

	Domain	Requested by
14	entries.winloot.com	2 redirects entries.winloot.com
6	script.anura.io	entries.winloot.com script.anura.io
4	pagead2.googlesyndication.com	entries.winloot.com pagead2.googlesyndication.com
4	fonts.googleapis.com	entries.winloot.com
3	fonts.gstatic.com	fonts.googleapis.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	ads.anura.io	script.anura.io
2	www.googletagmanager.com	entries.winloot.com www.googletagmanager.com
1	td.doubleclick.net	www.googletagmanager.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	analytics.google.com	www.googletagmanager.com
1	googleads.g.doubleclick.net	pagead2.googlesyndication.com
1	cdn.jsdelivr.net	entries.winloot.com
1	pm.geniusmonkey.com	entries.winloot.com
1	wnltrack.com	1 redirects
1	wltcktrck.com	1 redirects
1	dailymoneyposttime.com	1 redirects
47	17

This site contains links to these domains. Also see Links.

Domain
www.winloot.com
winloot.zendesk.com

Subject Issuer	Validity	Valid
winloot.com WE1	`2024-11-25` - `2025-02-23`	3 months	crt.sh
upload.video.google.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
*.geniusmonkey.com Sectigo RSA Domain Validation Secure Server CA	`2024-04-18` - `2025-05-19`	a year	crt.sh
*.google-analytics.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2024 Q3	`2024-07-30` - `2025-08-31`	a year	crt.sh
script.anura.io Amazon RSA 2048 M02	`2024-09-15` - `2025-10-15`	a year	crt.sh
*.gstatic.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
ads.anura.io Amazon RSA 2048 M03	`2024-04-29` - `2025-05-27`	a year	crt.sh
*.google.com WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh
*.doubleclick.net WR2	`2024-10-21` - `2025-01-13`	3 months	crt.sh

This page contains 6 frames:

Primary Page: https://entries.winloot.com/bad-request?ec=a
Frame ID: 6C4F3D615C2B16A2CB23AB9111280497
Requests: 37 HTTP requests in this frame

Frame: https://entries.winloot.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/f9063374b04d/main.js
Frame ID: 259083B21F30A2BDB9255B226932C6F0
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20241120/r20190131/zrt_lookup_fy2021.html
Frame ID: C45F1D503D7086DFE639E6C8F9125190
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8765389362882491&output=html&adk=1812271804&adf=3025194257&abgtt=6&lmt=1733723849&plat=3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fentries.winloot.com%2Fi%2Fwl-pick-my-payment-mbs%3Faffid%3D388373%26cid%3D30371%26hta%3Dt%26o%3D5784%26unique_id%3D308083619%26utm_campaign%3D30371_1FDMPGLwl47231202%26utm_content%3D308083619%26utm_source%3D388373%26utm_term%3D79d979f4de50078b9067bf73e4b9f27cdd24ef964f322f2d47abc2d7ae8d751c&pra=5&wgl=1&aihb=0&asro=0&ailel=1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aiael=1~2~3~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aicel=33~38&aifxl=29_18~30_19&aiixl=29_5~30_6&aiict=1&aiapm=0.3221&aiapmi=0.33938&aiombap=1&aief=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1733723849584&bpp=3&bdt=411&idt=194&shv=r20241120&mjsv=m202412030101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&nras=1&correlator=1643977549458&frm=20&pv=2&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31088670%2C31089332%2C42532523%2C95330276%2C95347444%2C95345967&oid=2&pvsid=1402527367319004&tmod=1662922274&uas=0&nvt=1&fsapi=1&fc=1920&brdim=130%2C130%2C130%2C130%2C1600%2C0%2C1600%2C1285%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&td=1&tdf=2&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=214
Frame ID: CFB754948199576BF303D20B7E901D5C
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8765389362882491&output=html&h=280&slotname=8507988864&adk=2602382883&adf=3330382181&pi=t.ma~as.8507988864&w=480&abgtt=6&fwrn=4&fwrnh=100&lmt=1733723849&rafmt=1&format=480x280&url=https%3A%2F%2Fentries.winloot.com%2Fi%2Fwl-pick-my-payment-mbs%3Faffid%3D388373%26cid%3D30371%26hta%3Dt%26o%3D5784%26unique_id%3D308083619%26utm_campaign%3D30371_1FDMPGLwl47231202%26utm_content%3D308083619%26utm_source%3D388373%26utm_term%3D79d979f4de50078b9067bf73e4b9f27cdd24ef964f322f2d47abc2d7ae8d751c&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1733723849587&bpp=2&bdt=414&idt=300&shv=r20241120&mjsv=m202412030101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=0x0&nras=1&correlator=1643977549458&frm=20&pv=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=560&ady=173&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31088670%2C31089332%2C42532523%2C95330276%2C95347444%2C95345967&oid=2&pvsid=1402527367319004&tmod=1662922274&uas=0&nvt=1&fc=1920&brdim=130%2C130%2C130%2C130%2C1600%2C0%2C1600%2C1285%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&td=1&tdf=2&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=2&uci=a!2&fsb=1&dtd=305
Frame ID: E762C5F4E40E7290B6491AB276AF7D59
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/ga/rul?tid=G-5G15CRYQ5D&gacid=698403786.1733723850&gtm=45je4c40v9122969741za200&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101925629~102067555~102067808~102081485&z=723105096
Frame ID: F35CFCF5048F06FF2EB402AF73F573FF
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Winloot Offers

Page URL History Show full URLs

https://dailymoneyposttime.com/baaa2fbc-0b36-4d6f-81f4-39c3b52dc40399de3e6a5553350a37b057ff25728d67 HTTP 301
https://wltcktrck.com/?E=7VGF4spHru3%2ByiTZPtgvmBijPCswGcGy6ZdEd6J9iqU%3D&s1=1FDMPGLwl47231202&ema... HTTP 302
https://wnltrack.com/?E=7VGF4spHru3%2ByiTZPtgvmBijPCswGcGy6ZdEd6J9iqU%3D&s1=1FDMPGLwl47231202&ema... HTTP 302
https://entries.winloot.com/i/wl-pick-my-payment-mbs?hta=t&unique_id=308083619&o=5784&affid=388373&utm_c... HTTP 302
https://entries.winloot.com/i/wl-pick-my-payment-mbs?affid=388373&cid=30371&hta=t&o=5784&unique_id=30808... Page URL
https://entries.winloot.com/bad-request?ec=a Page URL

Detected technologies

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

47
Requests

85 %
HTTPS

67 %
IPv6

14
Domains

17
Subdomains

14
IPs

1
Countries

1234 kB
Transfer

3689 kB
Size

11
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: https://www.winloot.com/Site/MyAccount
Title: Account

Search URL Search Domain Scan URL

URL: https://www.winloot.com/Sweepstakes
Title: Sweeps

Search URL Search Domain Scan URL

URL: https://www.winloot.com/PrizeDraws
Title: Results

Search URL Search Domain Scan URL

URL: https://www.winloot.com/

Search URL Search Domain Scan URL

URL: https://winloot.zendesk.com/hc/en-us/requests/new
Title: Contact Us

Search URL Search Domain Scan URL

URL: http://www.winloot.com/Site/Privacypolicy
Title: Privacy

Search URL Search Domain Scan URL

URL: https://www.winloot.com/Site/PrivacyNoticeCalifornia
Title: California Privacy Notice

Search URL Search Domain Scan URL

URL: http://www.winloot.com/Site/Terms
Title: Terms

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://dailymoneyposttime.com/baaa2fbc-0b36-4d6f-81f4-39c3b52dc40399de3e6a5553350a37b057ff25728d67 HTTP 301
https://wltcktrck.com/?E=7VGF4spHru3%2ByiTZPtgvmBijPCswGcGy6ZdEd6J9iqU%3D&s1=1FDMPGLwl47231202&email=ancestorckb%40gmail.com&s2=baaa2fbc-0b36-4d6f-81f4-39c3b52dc403 HTTP 302
https://wnltrack.com/?E=7VGF4spHru3%2ByiTZPtgvmBijPCswGcGy6ZdEd6J9iqU%3D&s1=1FDMPGLwl47231202&email=ancestorckb%40gmail.com&s2=baaa2fbc-0b36-4d6f-81f4-39c3b52dc403&ckmguid=632e1ad5-703f-4930-a9ae-d8a4ac89aff5 HTTP 302
https://entries.winloot.com/i/wl-pick-my-payment-mbs?hta=t&unique_id=308083619&o=5784&affid=388373&utm_content=308083619&utm_source=388373&cid=30371&utm_campaign=30371_1FDMPGLwl47231202&email=ancestorckb%40gmail.com HTTP 302
https://entries.winloot.com/i/wl-pick-my-payment-mbs?affid=388373&cid=30371&hta=t&o=5784&unique_id=308083619&utm_campaign=30371_1FDMPGLwl47231202&utm_content=308083619&utm_source=388373&utm_term=79d979f4de50078b9067bf73e4b9f27cdd24ef964f322f2d47abc2d7ae8d751c Page URL
https://entries.winloot.com/bad-request?ec=a Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://dailymoneyposttime.com/baaa2fbc-0b36-4d6f-81f4-39c3b52dc40399de3e6a5553350a37b057ff25728d67 HTTP 301
https://wltcktrck.com/?E=7VGF4spHru3%2ByiTZPtgvmBijPCswGcGy6ZdEd6J9iqU%3D&s1=1FDMPGLwl47231202&email=ancestorckb%40gmail.com&s2=baaa2fbc-0b36-4d6f-81f4-39c3b52dc403 HTTP 302
https://wnltrack.com/?E=7VGF4spHru3%2ByiTZPtgvmBijPCswGcGy6ZdEd6J9iqU%3D&s1=1FDMPGLwl47231202&email=ancestorckb%40gmail.com&s2=baaa2fbc-0b36-4d6f-81f4-39c3b52dc403&ckmguid=632e1ad5-703f-4930-a9ae-d8a4ac89aff5 HTTP 302
https://entries.winloot.com/i/wl-pick-my-payment-mbs?hta=t&unique_id=308083619&o=5784&affid=388373&utm_content=308083619&utm_source=388373&cid=30371&utm_campaign=30371_1FDMPGLwl47231202&email=ancestorckb%40gmail.com HTTP 302
https://entries.winloot.com/i/wl-pick-my-payment-mbs?affid=388373&cid=30371&hta=t&o=5784&unique_id=308083619&utm_campaign=30371_1FDMPGLwl47231202&utm_content=308083619&utm_source=388373&utm_term=79d979f4de50078b9067bf73e4b9f27cdd24ef964f322f2d47abc2d7ae8d751c

Request Chain 12

https://entries.winloot.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://entries.winloot.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/f9063374b04d/main.js

47 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

wl-pick-my-payment-mbs Show response
entries.winloot.com/i/
Redirect Chain

https://dailymoneyposttime.com/baaa2fbc-0b36-4d6f-81f4-39c3b52dc40399de3e6a5553350a37b057ff25728d67
https://wltcktrck.com/?E=7VGF4spHru3%2ByiTZPtgvmBijPCswGcGy6ZdEd6J9iqU%3D&s1=1FDMPGLwl47231202&email=ancestorckb%40gmail.com&s2=baaa2fbc-0b36-4d6f-81f4-39c3b52dc403
https://wnltrack.com/?E=7VGF4spHru3%2ByiTZPtgvmBijPCswGcGy6ZdEd6J9iqU%3D&s1=1FDMPGLwl47231202&email=ancestorckb%40gmail.com&s2=baaa2fbc-0b36-4d6f-81f4-39c3b52dc403&ckmguid=632e1ad5-703f-4930-a9ae-d...
https://entries.winloot.com/i/wl-pick-my-payment-mbs?hta=t&unique_id=308083619&o=5784&affid=388373&utm_content=308083619&utm_source=388373&cid=30371&utm_campaign=30371_1FDMPGLwl47231202&email=ances...
https://entries.winloot.com/i/wl-pick-my-payment-mbs?affid=388373&cid=30371&hta=t&o=5784&unique_id=308083619&utm_campaign=30371_1FDMPGLwl47231202&utm_content=308083619&utm_source=388373&utm_term=79...

10 KB
5 KB

48ms
48ms

Document
text/html

2606:4700:4400::ac40:9672
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://entries.winloot.com/i/wl-pick-my-payment-mbs?affid=388373&cid=30371&hta=t&o=5784&unique_id=308083619&utm_campaign=30371_1FDMPGLwl47231202&utm_content=308083619&utm_source=388373&utm_term=79d979f4de50078b9067bf73e4b9f27cdd24ef964f322f2d47abc2d7ae8d751c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9672 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

631f33f66d831778054c341f679eff7dab7150af078966bd6beec90580d07600

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cache-control: max-age=0, private, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8ef2c208fb7f4228-EWR
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 09 Dec 2024 05:57:29 GMT
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
referrer-policy: strict-origin-when-cross-origin
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1733723849&sid=67ff5de4-ad2b-4112-9289-cf96be89efed&s=qcL1wY6fi1yYsE3KW%2F5JIgDAOGw85yqx8%2FVUB%2By4c5Y%3D"}]}
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1733723849&sid=67ff5de4-ad2b-4112-9289-cf96be89efed&s=qcL1wY6fi1yYsE3KW%2F5JIgDAOGw85yqx8%2FVUB%2By4c5Y%3D
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 vegur
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-request-id: 47938416-af2c-46b0-b5bf-1a881cf6f69d
x-runtime: 0.013960
x-xss-protection: 1; mode=block

Redirect headers

cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 8ef2c2088b134228-EWR
content-type: text/html; charset=utf-8
date: Mon, 09 Dec 2024 05:57:29 GMT
location: https://entries.winloot.com/i/wl-pick-my-payment-mbs?affid=388373&cid=30371&hta=t&o=5784&unique_id=308083619&utm_campaign=30371_1FDMPGLwl47231202&utm_content=308083619&utm_source=388373&utm_term=79d979f4de50078b9067bf73e4b9f27cdd24ef964f322f2d47abc2d7ae8d751c
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
referrer-policy: strict-origin-when-cross-origin
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1733723849&sid=67ff5de4-ad2b-4112-9289-cf96be89efed&s=qcL1wY6fi1yYsE3KW%2F5JIgDAOGw85yqx8%2FVUB%2By4c5Y%3D"}]}
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1733723849&sid=67ff5de4-ad2b-4112-9289-cf96be89efed&s=qcL1wY6fi1yYsE3KW%2F5JIgDAOGw85yqx8%2FVUB%2By4c5Y%3D
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 vegur
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-request-id: e419048b-1f5b-4ca3-a923-78f3e2a308d2
x-runtime: 0.006441
x-xss-protection: 1; mode=block

GET
H2 200 application-fc93b24652d6a2a8540e59e7b3086bb808646c75f7a186558730c257773032de.css
entries.winloot.com/assets/tenants/winloot/ 219 KB
27 KB 25ms
22ms Stylesheet
text/css 2606:4700:4400::ac40:9672
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://entries.winloot.com/assets/tenants/winloot/application-fc93b24652d6a2a8540e59e7b3086bb808646c75f7a186558730c257773032de.css

Requested by

Host: entries.winloot.com
URL: https://entries.winloot.com/i/wl-pick-my-payment-mbs?affid=388373&cid=30371&hta=t&o=5784&unique_id=308083619&utm_campaign=30371_1FDMPGLwl47231202&utm_content=308083619&utm_source=388373&utm_term=79d979f4de50078b9067bf73e4b9f27cdd24ef964f322f2d47abc2d7ae8d751c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9672 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9a100ea005a90e0a40f8558624cab70d7cfe6b5416cf0f549a47962cd26d4d9b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://entries.winloot.com/i/wl-pick-my-payment-mbs?affid=388373&cid=30371&hta=t&o=5784&unique_id=308083619&utm_campaign=30371_1FDMPGLwl47231202&utm_content=308083619&utm_source=388373&utm_term=79d979f4de50078b9067bf73e4b9f27cdd24ef964f322f2d47abc2d7ae8d751c

Response headers

content-encoding: gzip
cf-cache-status: HIT
age: 3145
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1733263676&sid=67ff5de4-ad2b-4112-9289-cf96be89efed&s=M5q3LvY3PxCQL0vEvD%2BKzG945ptm6jttEREcXFlVTsA%3D"}]}
expires: Mon, 09 Dec 2024 09:57:29 GMT
date: Mon, 09 Dec 2024 05:57:29 GMT
content-type: text/css
last-modified: Tue, 03 Dec 2024 22:04:19 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1733263676&sid=67ff5de4-ad2b-4112-9289-cf96be89efed&s=M5q3LvY3PxCQL0vEvD%2BKzG945ptm6jttEREcXFlVTsA%3D
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
cache-control: public, max-age=14400
via: 1.1 vegur
cf-ray: 8ef2c2095be04228-EWR
accept-ranges: bytes
content-length: 27334
server: cloudflare

GET
H2 200 application-c4549fdcff860cb49c899baf42e8e0fe19ebf41e2ed3d321b7a22cf08a78a472.js Show response
entries.winloot.com/assets/ 205 KB
67 KB 21ms
19ms Script
application/javascript 2606:4700:4400::ac40:9672
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://entries.winloot.com/assets/application-c4549fdcff860cb49c899baf42e8e0fe19ebf41e2ed3d321b7a22cf08a78a472.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9672 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c4549fdcff860cb49c899baf42e8e0fe19ebf41e2ed3d321b7a22cf08a78a472

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://entries.winloot.com/i/wl-pick-my-payment-mbs?affid=388373&cid=30371&hta=t&o=5784&unique_id=308083619&utm_campaign=30371_1FDMPGLwl47231202&utm_content=308083619&utm_source=388373&utm_term=79d979f4de50078b9067bf73e4b9f27cdd24ef964f322f2d47abc2d7ae8d751c

Response headers

content-encoding: gzip
cf-cache-status: HIT
age: 3145
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1730971731&sid=67ff5de4-ad2b-4112-9289-cf96be89efed&s=V3DzcSaywG2zr6wAXhjK5HRX21DmnayoFnjnBb8dSr4%3D"}]}
expires: Mon, 09 Dec 2024 09:57:29 GMT
date: Mon, 09 Dec 2024 05:57:29 GMT
content-type: application/javascript
last-modified: Fri, 26 Jul 2024 13:31:58 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1730971731&sid=67ff5de4-ad2b-4112-9289-cf96be89efed&s=V3DzcSaywG2zr6wAXhjK5HRX21DmnayoFnjnBb8dSr4%3D
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
cache-control: public, max-age=14400
via: 1.1 vegur
cf-ray: 8ef2c2095be24228-EWR
accept-ranges: bytes
content-length: 68271
server: cloudflare

GET
H2 200 css
fonts.googleapis.com/ 22 KB
2 KB 46ms
23ms Stylesheet
text/css 2607:f8b0:4004:c17::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:400,700|Josefin+Sans:300,400,700|Roboto+Mono:400,500,700

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c17::5f Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7d8a3a3839dc38a38c770c508e75e13312ae9ee939d58ebb3a351bd88066e031

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://entries.winloot.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 09 Dec 2024 05:57:29 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 09 Dec 2024 05:57:29 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Mon, 09 Dec 2024 05:42:43 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 gm.js Show response
pm.geniusmonkey.com/ 13 B
158 B 170ms
35ms Script
text/javascript 34.117.190.90
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://pm.geniusmonkey.com/gm.js?id=1028351851&z=1
Requested by: Host: entries.winloot.com
URL: https://entries.winloot.com/i/wl-pick-my-payment-mbs?affid=388373&cid=30371&hta=t&o=5784&unique_id=308083619&utm_campaign=30371_1FDMPGLwl47231202&utm_content=308083619&utm_source=388373&utm_term=79d979f4de50078b9067bf73e4b9f27cdd24ef964f322f2d47abc2d7ae8d751c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.190.90 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 90.190.117.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: a6a54d1044fa137ad30cfcc264f477f2e425b53d2f19abf2a1f2ae70366f81ed

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://entries.winloot.com/

Response headers

via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 09 Dec 2024 05:57:29 GMT
content-type: text/javascript;charset=utf-8
server: Google Frontend

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 223 KB
80 KB 49ms
26ms Script
application/javascript 2607:f8b0:4004:c17::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-36371770-1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c17::61 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

17be0783db65d89539bd733f5f278e05dabf45c874effb993bec449dbbe7eea2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://entries.winloot.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Mon, 09 Dec 2024 05:57:29 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 09 Dec 2024 05:57:29 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Mon, 09 Dec 2024 03:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 81440
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 logo-5e97275bb9aa10c30a2cd2b9978c3f3a85ecb8a3c17ace9fae33aa696e417843.png
entries.winloot.com/assets/partners/winloot/ 39 KB
40 KB 24ms
23ms Image
image/png 2606:4700:4400::ac40:9672
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://entries.winloot.com/assets/partners/winloot/logo-5e97275bb9aa10c30a2cd2b9978c3f3a85ecb8a3c17ace9fae33aa696e417843.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9672 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5e97275bb9aa10c30a2cd2b9978c3f3a85ecb8a3c17ace9fae33aa696e417843

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://entries.winloot.com/i/wl-pick-my-payment-mbs?affid=388373&cid=30371&hta=t&o=5784&unique_id=308083619&utm_campaign=30371_1FDMPGLwl47231202&utm_content=308083619&utm_source=388373&utm_term=79d979f4de50078b9067bf73e4b9f27cdd24ef964f322f2d47abc2d7ae8d751c

Response headers

cf-cache-status: HIT
age: 6665
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1730529659&sid=67ff5de4-ad2b-4112-9289-cf96be89efed&s=eu7ELgGuX2nPd723XeirK3Xvm4lyXCobJaBI2APB4qU%3D"}]}
expires: Mon, 09 Dec 2024 09:57:29 GMT
date: Mon, 09 Dec 2024 05:57:29 GMT
content-type: image/png
last-modified: Mon, 23 Oct 2023 23:53:06 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1730529659&sid=67ff5de4-ad2b-4112-9289-cf96be89efed&s=eu7ELgGuX2nPd723XeirK3Xvm4lyXCobJaBI2APB4qU%3D
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
cache-control: public, max-age=14400
via: 1.1 vegur
cf-ray: 8ef2c2095be34228-EWR
accept-ranges: bytes
content-length: 40357
server: cloudflare

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 157 KB
52 KB 58ms
35ms Script
text/javascript 2607:f8b0:4004:c1f::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8765389362882491

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1f::9c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8ea24161f26e5a5fb7214bb401f3b4a77d0b4af3bb94cf9531a007b283581c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://entries.winloot.com
Referer: https://entries.winloot.com/

Response headers

content-encoding: br
etag: 1133059619481385052
x-content-type-options: nosniff
expires: Mon, 09 Dec 2024 05:57:29 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Mon, 09 Dec 2024 05:57:29 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 53595
x-xss-protection: 0
server: cafe

GET
H2 200 tsparticles.confetti.bundle.min.js Show response
cdn.jsdelivr.net/npm/tsparticles-confetti@2.12.0/ 129 KB
38 KB 26ms
3ms Script
application/javascript 2a04:4e42:400::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/tsparticles-confetti@2.12.0/tsparticles.confetti.bundle.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

5c6e4cf6c85c2cba6ef1cb796d56eeea52d5ccba5f642865f9cb317722d53f5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://entries.winloot.com/

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"2025a-cVwX8+dIubRQ1x7+By78kiecYKM"
age: 3119828
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT, HIT
date: Mon, 09 Dec 2024 05:57:29 GMT
content-type: application/javascript; charset=utf-8
x-served-by: cache-fra-etou8220121-FRA, cache-lga21947-LGA
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 38688
x-jsd-version: 2.12.0

GET
H2 200 css2
fonts.googleapis.com/ 40 KB
1 KB 25ms
24ms Stylesheet
text/css 2607:f8b0:4004:c17::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Source+Sans+3:ital,wght@0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

Requested by

Host: entries.winloot.com
URL: https://entries.winloot.com/assets/tenants/winloot/application-fc93b24652d6a2a8540e59e7b3086bb808646c75f7a186558730c257773032de.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c17::5f Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

831bc1f1f57eb0a652fc3f2111d98f701af81dd2ed47be8657b1ceade2b3822c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://entries.winloot.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 09 Dec 2024 05:57:29 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 09 Dec 2024 05:57:29 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Mon, 09 Dec 2024 05:48:54 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 request.js Show response
script.anura.io/ 73 KB
26 KB 58ms
25ms Script
application/javascript 35.171.171.72
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://script.anura.io/request.js?instance=2280704368&source=388373&campaign=30371_1FDMPGLwl47231202&callback=anCallback&642663510047

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.171.171.72 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-171-171-72.compute-1.amazonaws.com

Software

nginx /

Resource Hash

6a82c9542cb3c7cb585d07452440b9d99b88a49208f11c9cec6ec7d703055a62

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://entries.winloot.com/

Response headers

cache-control: private, no-cache, no-store, must-revalidate, max-age=0, post-check=0, pre-check=0
content-encoding: gzip
pragma: no-cache
x-content-type-options: nosniff
expires: Sun, 28 Dec 1980 18:57:00 EST
date: Mon, 09 Dec 2024 05:57:29 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
server: nginx

GET
H3 200 nwpStKy2OAdR1K-IwhWudF-R3w8aZQ.woff2
fonts.gstatic.com/s/sourcesans3/v15/ 28 KB
28 KB 27ms
11ms Font
font/woff2 2607:f8b0:4004:c08::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesans3/v15/nwpStKy2OAdR1K-IwhWudF-R3w8aZQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Source+Sans+3:ital,wght@0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c9015686cf54e5e643e2bffe8cf0aa2c3140f56b0d84c1a315845e8a31601db4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://entries.winloot.com
Referer: https://fonts.googleapis.com/

Response headers

age: 428487
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Thu, 04 Dec 2025 06:56:02 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 04 Dec 2024 06:56:02 GMT
last-modified: Tue, 24 Oct 2023 01:41:28 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 28816
x-xss-protection: 0
server: sffe

GET
H2

200

main.js Show response
entries.winloot.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/f9063374b04d/ Frame 2590
Redirect Chain

https://entries.winloot.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://entries.winloot.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/f9063374b04d/main.js?

9 KB
4 KB

9ms
9ms

Script
application/javascript

2606:4700:4400::ac40:9672
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://entries.winloot.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/f9063374b04d/main.js?

Requested by

Protocol

Server

2606:4700:4400::ac40:9672 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f707107e0af976730ca90dcbcbb02134699079f32f1979d2d91400165b1f19a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
content-encoding: gzip
x-content-type-options: nosniff
cf-ray: 8ef2c20c1e2c4228-EWR
date: Mon, 09 Dec 2024 05:57:29 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: cloudflare

Redirect headers

cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/f9063374b04d/main.js?
cf-ray: 8ef2c20add214228-EWR
access-control-allow-origin: *
content-length: 0
date: Mon, 09 Dec 2024 05:57:29 GMT
vary: Accept-Encoding
server: cloudflare

GET 4892c9fc-1e3e-49fa-b3e7-74328817bc5f
https://entries.winloot.com/ Frame 0
0

GET
H2 200 showads.js Show response
ads.anura.io/ 0
375 B 57ms
5ms XHR
application/javascript 108.139.29.96
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.anura.io/showads.js?139495861992
Requested by: Host: script.anura.io
URL: https://script.anura.io/request.js?instance=2280704368&source=388373&campaign=30371_1FDMPGLwl47231202&callback=anCallback&642663510047
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.139.29.96 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-139-29-96.jfk50.r.cloudfront.net
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://entries.winloot.com/

Response headers

x-amz-cf-id: z8srzQiFC-A7PI47UGgScG_hy6E6r4ujqb0xNit7Y5v1AmgKayZpyA==
content-encoding: gzip
age: 57914
access-control-allow-methods: GET
via: 1.1 8fd21502425077e617fde7325b45e112.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
date: Sun, 08 Dec 2024 13:52:15 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
server: nginx
x-amz-cf-pop: JFK50-P2

GET d2c4a373-7729-42a0-8b2d-6a2c150f4e4f
https://entries.winloot.com/ Frame 0
0

GET
H3 200 slotcar_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202412030101/ 90 KB
31 KB 14ms
12ms Script
text/javascript 2607:f8b0:4004:c1f::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202412030101/slotcar_library_fy2021.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8765389362882491

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1f::9c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00c0c1fc5b752999d844d28b1424ae370e96a596eb682278636260c2db0e6712

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://entries.winloot.com/

Response headers

content-encoding: br
etag: 1642281430689650396
age: 54651
x-content-type-options: nosniff
expires: Sun, 22 Dec 2024 14:46:38 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Sun, 08 Dec 2024 14:46:38 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, immutable, max-age=1209600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 31903
x-xss-protection: 0
server: cafe

GET
H3 200 show_ads_impl_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202412030101/ 434 KB
144 KB 17ms
16ms Script
text/javascript 2607:f8b0:4004:c1f::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202412030101/show_ads_impl_fy2021.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8765389362882491

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1f::9c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

058d40abbf959e31b1d3282f707a52965ada28461f555664158a93e5f3b48e8c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://entries.winloot.com/

Response headers

content-encoding: br
etag: 16976266772740233961
age: 51648
x-content-type-options: nosniff
expires: Sun, 22 Dec 2024 15:36:41 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Sun, 08 Dec 2024 15:36:41 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, immutable, max-age=1209600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 147614
x-xss-protection: 0
server: cafe

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 383 KB
124 KB 20ms
19ms Script
application/javascript 2607:f8b0:4004:c17::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-5G15CRYQ5D&l=dataLayer&cx=c&gtm=457e4c40za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-36371770-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c17::61 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ae57822d3a2a60714fc950121a25aca5625de46df2fbd445a95c1441a769d122

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://entries.winloot.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Mon, 09 Dec 2024 05:57:29 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 09 Dec 2024 05:57:29 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 127078
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 31ms
9ms Script
text/javascript 2607:f8b0:4004:c09::8b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-36371770-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::8b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://entries.winloot.com/

Response headers

content-encoding: gzip
age: 2532
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options: nosniff
expires: Mon, 09 Dec 2024 07:15:17 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 09 Dec 2024 05:15:17 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
content-type: text/javascript
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 20994
server: Golfe2

POST
H2 200 8ef2c208fb7f4228 Show response
entries.winloot.com/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame 2590 0
614 B 20ms
15ms XHR
text/plain 2606:4700:4400::ac40:9672
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://entries.winloot.com/cdn-cgi/challenge-platform/h/g/jsd/r/8ef2c208fb7f4228
Requested by: Host: entries.winloot.com
URL: https://entries.winloot.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:9672 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: application/json
Referer

Response headers

cf-ray: 8ef2c20d1f044228-EWR
content-length: 0
date: Mon, 09 Dec 2024 05:57:29 GMT
content-type: text/plain; charset=UTF-8
server: cloudflare

GET
H3 200 zrt_lookup_fy2021.html
googleads.g.doubleclick.net/pagead/html/r20241120/r20190131/ Frame C45F 0
0 31ms
11ms Document
text/html 2607:f8b0:4004:c09::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20241120/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202412030101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c09::9c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://entries.winloot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

age: 32908
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4128
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 08 Dec 2024 20:49:01 GMT
etag: 17661348622971093804
expires: Sun, 22 Dec 2024 20:49:01 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET ads
googleads.g.doubleclick.net/pagead/ Frame CFB7 0
0

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
421 B 23ms
18ms XHR
text/plain 2607:f8b0:4004:c09::8b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=2062394983&t=pageview&_s=1&dl=https%3A%2F%2Fentries.winloot.com%2Fi%2Fwl-pick-my-payment-mbs%3Faffid%3D388373%26cid%3D30371%26hta%3Dt%26o%3D5784%26unique_id%3D308083619%26utm_campaign%3D30371_1FDMPGLwl47231202%26utm_content%3D308083619%26utm_source%3D388373%26utm_term%3D79d979f4de50078b9067bf73e4b9f27cdd24ef964f322f2d47abc2d7ae8d751c&ul=en-us&de=UTF-8&dt=Winloot%20Offers&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAACAAI~&jid=1337691553&gjid=951435291&cid=698403786.1733723850&tid=UA-36371770-1&_gid=1619501613.1733723850&_r=1&gtm=457e4c40za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102081485&jsscut=1&z=1347536927

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::8b Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://entries.winloot.com/

Response headers

report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],}
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 09 Dec 2024 05:57:29 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: text/plain
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0
access-control-allow-origin: https://entries.winloot.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 1
server: Golfe2

GET ads
googleads.g.doubleclick.net/pagead/ Frame E762 0
0

POST
H3 204 ping
pagead2.googlesyndication.com/pagead/ 0
0 25ms
24ms Fetch
text/html 2607:f8b0:4004:c1f::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pagead2.googlesyndication.com/pagead/ping?e=1
Requested by: Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8765389362882491
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4004:c1f::9c Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://entries.winloot.com/

Response headers

POST
H2 204 collect
analytics.google.com/g/ 0
0 57ms
17ms Fetch
text/plain 2607:f8b0:4004:c1b::8a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-5G15CRYQ5D&gtm=45je4c40v9122969741za200&_p=1733723849250&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102081485&cid=698403786.1733723850&ecid=1874831296&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&ec_mode=a&_eu=EAAI&_s=1&sid=1733723849&sct=1&seg=0&dl=https%3A%2F%2Fentries.winloot.com%2Fi%2Fwl-pick-my-payment-mbs%3Faffid%3D388373%26cid%3D30371%26hta%3Dt%26o%3D5784%26unique_id%3D308083619%26utm_campaign%3D30371_1FDMPGLwl47231202%26utm_content%3D308083619%26utm_source%3D388373%26utm_term%3D79d979f4de50078b9067bf73e4b9f27cdd24ef964f322f2d47abc2d7ae8d751c&dt=Winloot%20Offers&en=page_view&_fv=1&_ss=1&tfd=1558
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5G15CRYQ5D&l=dataLayer&cx=c&gtm=457e4c40za200
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c1b::8a Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://entries.winloot.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://entries.winloot.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 09 Dec 2024 05:57:30 GMT
content-type: text/plain
server: Golfe2

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
556 B 58ms
19ms Ping
text/plain 2607:f8b0:4004:c1f::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-5G15CRYQ5D&cid=698403786.1733723850&gtm=45je4c40v9122969741za200&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101925629~102067555~102067808~102081485
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5G15CRYQ5D&l=dataLayer&cx=c&gtm=457e4c40za200
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c1f::9c Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://entries.winloot.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://entries.winloot.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 09 Dec 2024 05:57:30 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 rul
td.doubleclick.net/td/ga/ Frame F35C 0
0 44ms
21ms Document
text/html 2607:f8b0:4004:c09::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/ga/rul?tid=G-5G15CRYQ5D&gacid=698403786.1733723850&gtm=45je4c40v9122969741za200&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101925629~102067555~102067808~102081485&z=723105096

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-5G15CRYQ5D&l=dataLayer&cx=c&gtm=457e4c40za200

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::9d Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://entries.winloot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 09 Dec 2024 05:57:30 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 response.json Show response
script.anura.io/ 52 B
404 B 182ms
159ms XHR
application/json 35.171.171.72
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://script.anura.io/response.json?42322470775

Requested by

Host: script.anura.io
URL: https://script.anura.io/request.js?instance=2280704368&source=388373&campaign=30371_1FDMPGLwl47231202&callback=anCallback&642663510047

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.171.171.72 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-171-171-72.compute-1.amazonaws.com

Software

nginx /

Resource Hash

c92964d4ee3572b1fe22e2eaafa820d0a3809a9d3a242410a712b74ba825a3f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-type: application/x-www-form-urlencoded
Referer: https://entries.winloot.com/

Response headers

cache-control: private, no-cache, no-store, must-revalidate, max-age=0, post-check=0, pre-check=0
content-encoding: gzip
pragma: no-cache
access-control-allow-methods: POST
x-content-type-options: nosniff
expires: Sun, 28 Dec 1980 18:57:00 EST
access-control-allow-origin: *
date: Mon, 09 Dec 2024 05:57:30 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
server: nginx

POST
H2 200 result.json
script.anura.io/ 41 B
396 B 16ms
15ms XHR
application/json 35.171.171.72
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://script.anura.io/result.json

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.171.171.72 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-171-171-72.compute-1.amazonaws.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-type: application/x-www-form-urlencoded
Referer: https://entries.winloot.com/

Response headers

cache-control: private, no-cache, no-store, must-revalidate, max-age=0, post-check=0, pre-check=0
content-encoding: gzip
pragma: no-cache
access-control-allow-methods: GET, POST
x-content-type-options: nosniff
expires: Sun, 28 Dec 1980 18:57:00 EST
access-control-allow-origin: *
date: Mon, 09 Dec 2024 05:57:30 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
server: nginx

GET
H2 200 Primary Request bad-request Show response
entries.winloot.com/ 6 KB
4 KB 64ms
63ms Document
text/html 2606:4700:4400::ac40:9672
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://entries.winloot.com/bad-request?ec=a

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9672 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0195dbc877678629e4b4bf09f45eb09a43ae4132a9ffed83d4996335e3d32eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://entries.winloot.com/i/wl-pick-my-payment-mbs?affid=388373&cid=30371&hta=t&o=5784&unique_id=308083619&utm_campaign=30371_1FDMPGLwl47231202&utm_content=308083619&utm_source=388373&utm_term=79d979f4de50078b9067bf73e4b9f27cdd24ef964f322f2d47abc2d7ae8d751c
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cache-control: max-age=0, private, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8ef2c210c9de4228-EWR
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 09 Dec 2024 05:57:30 GMT
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
referrer-policy: strict-origin-when-cross-origin
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1733723850&sid=67ff5de4-ad2b-4112-9289-cf96be89efed&s=PtI9q3FqLitrzBmll0W9noIPXCp0nw4%2F8b499b4QJmE%3D"}]}
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1733723850&sid=67ff5de4-ad2b-4112-9289-cf96be89efed&s=PtI9q3FqLitrzBmll0W9noIPXCp0nw4%2F8b499b4QJmE%3D
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 vegur
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-request-id: 58be42d5-cab3-42f6-a620-03fe2148b63b
x-runtime: 0.010696
x-xss-protection: 1; mode=block

GET
H2 200 application-fc93b24652d6a2a8540e59e7b3086bb808646c75f7a186558730c257773032de.css
entries.winloot.com/assets/tenants/winloot/ 219 KB
0 25ms
22ms Stylesheet
text/css 2606:4700:4400::ac40:9672
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://entries.winloot.com/assets/tenants/winloot/application-fc93b24652d6a2a8540e59e7b3086bb808646c75f7a186558730c257773032de.css

Requested by

Host: entries.winloot.com
URL: https://entries.winloot.com/bad-request?ec=a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9672 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9a100ea005a90e0a40f8558624cab70d7cfe6b5416cf0f549a47962cd26d4d9b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://entries.winloot.com/bad-request?ec=a

Response headers

content-encoding: gzip
cf-cache-status: HIT
age: 3145
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1733263676&sid=67ff5de4-ad2b-4112-9289-cf96be89efed&s=M5q3LvY3PxCQL0vEvD%2BKzG945ptm6jttEREcXFlVTsA%3D"}]}
expires: Mon, 09 Dec 2024 09:57:29 GMT
date: Mon, 09 Dec 2024 05:57:29 GMT
content-type: text/css
last-modified: Tue, 03 Dec 2024 22:04:19 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1733263676&sid=67ff5de4-ad2b-4112-9289-cf96be89efed&s=M5q3LvY3PxCQL0vEvD%2BKzG945ptm6jttEREcXFlVTsA%3D
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
cache-control: public, max-age=14400
via: 1.1 vegur
cf-ray: 8ef2c2095be04228-EWR
accept-ranges: bytes
content-length: 27334
server: cloudflare

GET
H2 200 application-c4549fdcff860cb49c899baf42e8e0fe19ebf41e2ed3d321b7a22cf08a78a472.js Show response
entries.winloot.com/assets/ 205 KB
0 21ms
19ms Script
application/javascript 2606:4700:4400::ac40:9672
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://entries.winloot.com/assets/application-c4549fdcff860cb49c899baf42e8e0fe19ebf41e2ed3d321b7a22cf08a78a472.js

Requested by

Host: entries.winloot.com
URL: https://entries.winloot.com/bad-request?ec=a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9672 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c4549fdcff860cb49c899baf42e8e0fe19ebf41e2ed3d321b7a22cf08a78a472

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://entries.winloot.com/bad-request?ec=a

Response headers

content-encoding: gzip
cf-cache-status: HIT
age: 3145
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1730971731&sid=67ff5de4-ad2b-4112-9289-cf96be89efed&s=V3DzcSaywG2zr6wAXhjK5HRX21DmnayoFnjnBb8dSr4%3D"}]}
expires: Mon, 09 Dec 2024 09:57:29 GMT
date: Mon, 09 Dec 2024 05:57:29 GMT
content-type: application/javascript
last-modified: Fri, 26 Jul 2024 13:31:58 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1730971731&sid=67ff5de4-ad2b-4112-9289-cf96be89efed&s=V3DzcSaywG2zr6wAXhjK5HRX21DmnayoFnjnBb8dSr4%3D
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
cache-control: public, max-age=14400
via: 1.1 vegur
cf-ray: 8ef2c2095be24228-EWR
accept-ranges: bytes
content-length: 68271
server: cloudflare

GET
H2 200 css
fonts.googleapis.com/ 22 KB
0 46ms
23ms Stylesheet
text/css 2607:f8b0:4004:c17::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:400,700|Josefin+Sans:300,400,700|Roboto+Mono:400,500,700

Requested by

Host: entries.winloot.com
URL: https://entries.winloot.com/bad-request?ec=a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c17::5f Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7d8a3a3839dc38a38c770c508e75e13312ae9ee939d58ebb3a351bd88066e031

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://entries.winloot.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 09 Dec 2024 05:57:29 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 09 Dec 2024 05:57:29 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Mon, 09 Dec 2024 05:42:43 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 logo-5e97275bb9aa10c30a2cd2b9978c3f3a85ecb8a3c17ace9fae33aa696e417843.png
entries.winloot.com/assets/partners/winloot/ 39 KB
0 24ms
23ms Image
image/png 2606:4700:4400::ac40:9672
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://entries.winloot.com/assets/partners/winloot/logo-5e97275bb9aa10c30a2cd2b9978c3f3a85ecb8a3c17ace9fae33aa696e417843.png

Requested by

Host: entries.winloot.com
URL: https://entries.winloot.com/bad-request?ec=a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9672 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5e97275bb9aa10c30a2cd2b9978c3f3a85ecb8a3c17ace9fae33aa696e417843

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://entries.winloot.com/bad-request?ec=a

Response headers

cf-cache-status: HIT
age: 6665
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1730529659&sid=67ff5de4-ad2b-4112-9289-cf96be89efed&s=eu7ELgGuX2nPd723XeirK3Xvm4lyXCobJaBI2APB4qU%3D"}]}
expires: Mon, 09 Dec 2024 09:57:29 GMT
date: Mon, 09 Dec 2024 05:57:29 GMT
content-type: image/png
last-modified: Mon, 23 Oct 2023 23:53:06 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1730529659&sid=67ff5de4-ad2b-4112-9289-cf96be89efed&s=eu7ELgGuX2nPd723XeirK3Xvm4lyXCobJaBI2APB4qU%3D
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
cache-control: public, max-age=14400
via: 1.1 vegur
cf-ray: 8ef2c2095be34228-EWR
accept-ranges: bytes
content-length: 40357
server: cloudflare

GET
H2 200 email-decode.min.js Show response
entries.winloot.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
825 B 6ms
5ms Script
application/javascript 2606:4700:4400::ac40:9672
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://entries.winloot.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: entries.winloot.com
URL: https://entries.winloot.com/bad-request?ec=a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9672 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://entries.winloot.com/bad-request?ec=a

Response headers

cache-control: max-age=172800, public
content-encoding: gzip
etag: W/"6751d1d7-4d7"
x-content-type-options: nosniff
cf-ray: 8ef2c2115a3f4228-EWR
expires: Wed, 11 Dec 2024 05:57:30 GMT
date: Mon, 09 Dec 2024 05:57:30 GMT
content-type: application/javascript
last-modified: Thu, 05 Dec 2024 16:16:23 GMT
vary: Accept-Encoding
server: cloudflare
x-frame-options: DENY

GET
H2 200 css2
fonts.googleapis.com/ 40 KB
0 25ms
24ms Stylesheet
text/css 2607:f8b0:4004:c17::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Source+Sans+3:ital,wght@0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

Requested by

Host: entries.winloot.com
URL: https://entries.winloot.com/assets/tenants/winloot/application-fc93b24652d6a2a8540e59e7b3086bb808646c75f7a186558730c257773032de.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c17::5f Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

831bc1f1f57eb0a652fc3f2111d98f701af81dd2ed47be8657b1ceade2b3822c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://entries.winloot.com/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 09 Dec 2024 05:57:29 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 09 Dec 2024 05:57:29 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Mon, 09 Dec 2024 05:48:54 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 request.js Show response
script.anura.io/ 73 KB
26 KB 17ms
17ms Script
application/javascript 35.171.171.72
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://script.anura.io/request.js?instance=2280704368&source=388373&campaign=30371_1FDMPGLwl47231202&callback=anCallback&280973124531

Requested by

Host: entries.winloot.com
URL: https://entries.winloot.com/bad-request?ec=a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.171.171.72 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-171-171-72.compute-1.amazonaws.com

Software

nginx /

Resource Hash

095ce7a69b18f1ca168210059cd233c0084e9aa47aebda976a4cd84491393257

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://entries.winloot.com/

Response headers

cache-control: private, no-cache, no-store, must-revalidate, max-age=0, post-check=0, pre-check=0
content-encoding: gzip
pragma: no-cache
x-content-type-options: nosniff
expires: Sun, 28 Dec 1980 18:57:00 EST
date: Mon, 09 Dec 2024 05:57:30 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
server: nginx

GET
H3 200 nwpStKy2OAdR1K-IwhWudF-R3w8aZQ.woff2
fonts.gstatic.com/s/sourcesans3/v15/ 28 KB
0 27ms
11ms Font
font/woff2 2607:f8b0:4004:c08::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesans3/v15/nwpStKy2OAdR1K-IwhWudF-R3w8aZQ.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://entries.winloot.com
Referer: https://fonts.googleapis.com/

Response headers

age: 428487
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Thu, 04 Dec 2025 06:56:02 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 04 Dec 2024 06:56:02 GMT
last-modified: Tue, 24 Oct 2023 01:41:28 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 28816
x-xss-protection: 0
server: sffe

GET
H3 200 nwpMtKy2OAdR1K-IwhWudF-R3woqZ-LY.woff2
fonts.gstatic.com/s/sourcesans3/v15/ 28 KB
28 KB 11ms
10ms Font
font/woff2 2607:f8b0:4004:c08::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesans3/v15/nwpMtKy2OAdR1K-IwhWudF-R3woqZ-LY.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

509b3883b5264f804925208d1b6beb70e22c2f19ee3d5535769b9ed6dc95e383

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://entries.winloot.com
Referer: https://fonts.googleapis.com/

Response headers

age: 428434
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Thu, 04 Dec 2025 06:56:56 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 04 Dec 2024 06:56:56 GMT
last-modified: Tue, 24 Oct 2023 02:09:19 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 28524
x-xss-protection: 0
server: sffe

GET 262beeb6-03d0-45b6-a0bc-07b73fd3ca56
https://entries.winloot.com/ Frame 0
0

GET
H2 200 showads.js Show response
ads.anura.io/ 0
376 B 5ms
4ms XHR
application/javascript 108.139.29.96
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.anura.io/showads.js?202684237765
Requested by: Host: script.anura.io
URL: https://script.anura.io/request.js?instance=2280704368&source=388373&campaign=30371_1FDMPGLwl47231202&callback=anCallback&280973124531
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.139.29.96 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-139-29-96.jfk50.r.cloudfront.net
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://entries.winloot.com/

Response headers

x-amz-cf-id: t5SqIQQrIXgC0kzke-dMp1NVlr8f9G752WzLHIT0XIgqeFjU4d5XIg==
content-encoding: gzip
age: 57915
access-control-allow-methods: GET
via: 1.1 8fd21502425077e617fde7325b45e112.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
date: Sun, 08 Dec 2024 13:52:15 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
server: nginx
x-amz-cf-pop: JFK50-P2

GET a7e4b112-1103-4a8e-9d17-ee45e8dedfdf
https://entries.winloot.com/ Frame 0
0

GET
H2 200 favicon-403eba63dfff6b1982dd09d51ef87cfdd5c0b7a62a93c90dd31025c8745c39d8.ico
entries.winloot.com/assets/partners/winloot/ 918 KB
480 KB 21ms
21ms Other
image/vnd.microsoft.icon 2606:4700:4400::ac40:9672
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://entries.winloot.com/assets/partners/winloot/favicon-403eba63dfff6b1982dd09d51ef87cfdd5c0b7a62a93c90dd31025c8745c39d8.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9672 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

403eba63dfff6b1982dd09d51ef87cfdd5c0b7a62a93c90dd31025c8745c39d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://entries.winloot.com/bad-request?ec=a

Response headers

content-encoding: gzip
cf-cache-status: HIT
age: 2465
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1710348570&sid=67ff5de4-ad2b-4112-9289-cf96be89efed&s=kEMU9INyYwIwIQuWpywbRXIJrh4Z2hVd%2BZ7Gn1wziFw%3D"}]}
expires: Mon, 09 Dec 2024 09:57:30 GMT
date: Mon, 09 Dec 2024 05:57:30 GMT
content-type: image/vnd.microsoft.icon
last-modified: Mon, 23 Oct 2023 23:53:06 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1710348570&sid=67ff5de4-ad2b-4112-9289-cf96be89efed&s=kEMU9INyYwIwIQuWpywbRXIJrh4Z2hVd%2BZ7Gn1wziFw%3D
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
cache-control: public, max-age=14400
via: 1.1 vegur
cf-ray: 8ef2c211faab4228-EWR
server: cloudflare

POST
H2 200 response.json Show response
script.anura.io/ 52 B
403 B 41ms
37ms XHR
application/json 35.171.171.72
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://script.anura.io/response.json?270437859562

Requested by

Host: script.anura.io
URL: https://script.anura.io/request.js?instance=2280704368&source=388373&campaign=30371_1FDMPGLwl47231202&callback=anCallback&280973124531

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.171.171.72 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-171-171-72.compute-1.amazonaws.com

Software

nginx /

Resource Hash

373075283c215b12ba09bc63584a401826968b0aea63afe32d7aeb65b6d05f69

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-type: application/x-www-form-urlencoded
Referer: https://entries.winloot.com/

Response headers

cache-control: private, no-cache, no-store, must-revalidate, max-age=0, post-check=0, pre-check=0
content-encoding: gzip
pragma: no-cache
access-control-allow-methods: POST
x-content-type-options: nosniff
expires: Sun, 28 Dec 1980 18:57:00 EST
access-control-allow-origin: *
date: Mon, 09 Dec 2024 05:57:30 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
server: nginx

POST
H2 200 result.json Show response
script.anura.io/ 41 B
396 B 16ms
15ms XHR
application/json 35.171.171.72
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://script.anura.io/result.json

Requested by

Host: entries.winloot.com
URL: https://entries.winloot.com/bad-request?ec=a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.171.171.72 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-171-171-72.compute-1.amazonaws.com

Software

nginx /

Resource Hash

73c54eec23bd5786eee2abde558ae996cc30db654cc6d513369ef8e6e1681de9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-type: application/x-www-form-urlencoded
Referer: https://entries.winloot.com/

Response headers

cache-control: private, no-cache, no-store, must-revalidate, max-age=0, post-check=0, pre-check=0
content-encoding: gzip
pragma: no-cache
access-control-allow-methods: GET, POST
x-content-type-options: nosniff
expires: Sun, 28 Dec 1980 18:57:00 EST
access-control-allow-origin: *
date: Mon, 09 Dec 2024 05:57:30 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
server: nginx

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: entries.winloot.com
URL: blob:https://entries.winloot.com/4892c9fc-1e3e-49fa-b3e7-74328817bc5f

Domain: entries.winloot.com
URL: blob:https://entries.winloot.com/d2c4a373-7729-42a0-8b2d-6a2c150f4e4f

Domain: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8765389362882491&output=html&adk=1812271804&adf=3025194257&abgtt=6&lmt=1733723849&plat=3%3A16%2C4%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fentries.winloot.com%2Fi%2Fwl-pick-my-payment-mbs%3Faffid%3D388373%26cid%3D30371%26hta%3Dt%26o%3D5784%26unique_id%3D308083619%26utm_campaign%3D30371_1FDMPGLwl47231202%26utm_content%3D308083619%26utm_source%3D388373%26utm_term%3D79d979f4de50078b9067bf73e4b9f27cdd24ef964f322f2d47abc2d7ae8d751c&pra=5&wgl=1&aihb=0&asro=0&ailel=1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aiael=1~2~3~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aicel=33~38&aifxl=29_18~30_19&aiixl=29_5~30_6&aiict=1&aiapm=0.3221&aiapmi=0.33938&aiombap=1&aief=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1733723849584&bpp=3&bdt=411&idt=194&shv=r20241120&mjsv=m202412030101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&nras=1&correlator=1643977549458&frm=20&pv=2&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31088670%2C31089332%2C42532523%2C95330276%2C95347444%2C95345967&oid=2&pvsid=1402527367319004&tmod=1662922274&uas=0&nvt=1&fsapi=1&fc=1920&brdim=130%2C130%2C130%2C130%2C1600%2C0%2C1600%2C1285%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&td=1&tdf=2&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=214

Domain: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8765389362882491&output=html&h=280&slotname=8507988864&adk=2602382883&adf=3330382181&pi=t.ma~as.8507988864&w=480&abgtt=6&fwrn=4&fwrnh=100&lmt=1733723849&rafmt=1&format=480x280&url=https%3A%2F%2Fentries.winloot.com%2Fi%2Fwl-pick-my-payment-mbs%3Faffid%3D388373%26cid%3D30371%26hta%3Dt%26o%3D5784%26unique_id%3D308083619%26utm_campaign%3D30371_1FDMPGLwl47231202%26utm_content%3D308083619%26utm_source%3D388373%26utm_term%3D79d979f4de50078b9067bf73e4b9f27cdd24ef964f322f2d47abc2d7ae8d751c&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1733723849587&bpp=2&bdt=414&idt=300&shv=r20241120&mjsv=m202412030101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=0x0&nras=1&correlator=1643977549458&frm=20&pv=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=560&ady=173&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=31088670%2C31089332%2C42532523%2C95330276%2C95347444%2C95345967&oid=2&pvsid=1402527367319004&tmod=1662922274&uas=0&nvt=1&fc=1920&brdim=130%2C130%2C130%2C130%2C1600%2C0%2C1600%2C1285%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&td=1&tdf=2&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=2&uci=a!2&fsb=1&dtd=305

Domain: entries.winloot.com
URL: blob:https://entries.winloot.com/262beeb6-03d0-45b6-a0bc-07b73fd3ca56

Domain: entries.winloot.com
URL: blob:https://entries.winloot.com/a7e4b112-1103-4a8e-9d17-ee45e8dedfdf

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

11 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.wnltrack.com/	1969-12-31 23:59:59	Name: sid Value: ebpIOjVAHOK8hYxy/G+O7KWpWHfYsbIZErAyS0cOc70sN7o07LHNRQ==
.wnltrack.com/	1970-01-21 11:11:23	Name: trk Value: YZqhU2M8HDh1v79UKW9y6aWpWHfYsbIZErAyS0cOc70sN7o07LHNRQ==
.wnltrack.com/	1970-01-21 01:36:50	Name: c5784 Value: ebpIOjVAHOKsg0TsWfPAQyoli726T3jvLR4KtW10gyh3myHgm9flSQ==
.winloot.com/	1970-01-21 01:35:25	Name: __cf_bm Value: KgMrpCSuof3t17NxBGFSG6dCwXKDMYrNZHqoi9h3f1o-1733723849-1.0.1.1-i2tKj6DFI7ukomP5906onTJ9mXtjrA_BVyBw_.yy.aBtlKrpwHv9IrjWZEppamlZeVc.rGLecal5I4S89nmYhw
.winloot.com/	1970-01-21 10:20:59	Name: cf_clearance Value: fCnE8AzIcx134rKvjEQqDqN5Z1iWbEFydtETZvsSNCM-1733723849-1.2.1.1-AoQn69LDGTW1ZXxjWy.O5wIyJyGdjYhHe.Wy4KJQHdqyd1ucodL6AVJqPQY0Q_AzzZSdIQ9zxZ8JZ6Pu0T4.cGP87jFiuWJxsUGyLCWJYWvwBdTpyEuhoTOcdHk95F01z2JrT2DJdL5rG4.7gha3NKBFhcnbS2mbZso.WSPf_h53qBdEkupSF_kn0IlM.2ga1IHkRGIIxBt_HpGuk4DlgUUffSgoylLDs9A5Z0vvMrz.gweKaMR3yBlK5kXtLqEa9agCI9Ahbva2lNRYgyqp6kBNYfiJOjNd9KQ4k48G_n2XWmjt0Gb2KUEG6K24jyqdKFOMgCI22GZl5Vvds55INz5npyczqfw05LqJt44IliH_lQX8TyaZJV6q0.Zk6Sba
.winloot.com/	1970-01-21 01:36:50	Name: _gid Value: GA1.2.1619501613.1733723850
.winloot.com/	1970-01-21 01:35:23	Name: _gat_gtag_UA_36371770_1 Value: 1
.winloot.com/	1970-01-21 11:11:23	Name: _ga_5G15CRYQ5D Value: GS1.1.1733723849.1.0.1733723849.60.0.1874831296
.winloot.com/	1970-01-21 11:11:23	Name: _ga Value: GA1.1.698403786.1733723850
.doubleclick.net/	1970-01-21 01:35:24	Name: test_cookie Value: CheckForPermission
entries.winloot.com/	1969-12-31 23:59:59	Name: _syndi_session Value: bFRJZ1NJVzJKODY3OHZ3RzlteDhFMWdMcDcrd3EyTnk1SUtTVkF6YUpIZmVvN3p5c2twYThta3FQUUhTa3llaGxRUWNmbnhYZ3daSmtCb21Va0FFeDREa25PekU0T1FPbHJmd3plVVRzT2RRUkNHT2kxbEVBOGxXVzgrbmJncGVWcGZsd05XQlN3aFc1dFJGZ1d3aVNKUjVuZW5vOXlGcitiZlhiNFBwWm1ReGNnZlNZalJuS0FiRlNCMkZYNkM2UWRobE90L0hkcFhJMEpDRi9OMnV4Q3BCdkNvS1JET0hFQUVOWDNFUVRRSlprQnk4ZkdOa3RjRG5oUnlSQWozMldnYlAxczdxUUhJRDUyRjRNa0dtSXl2L2tjU0tvaE03ZnVZK1dBSEpaQXVPMWw3WEZUb0JPMHFxZGNNUVJrRGlBcUE1NDVtUG5FWWwxWkExdGlTeGRaRFZ2Z0xDRVUvdGJkUmx1ZUhPZVZ3ekNJREdhRDJLZXR1MDQyNmZlTGs0a3hmRWdtbGp5YWc2V3NQdjR6dElpQTdWUjVRY2lVVEFLSWQ1blVCZ1gyMitHbGhya2ozdkJKSXcwcndOcHNIaTNMWEs3WVlBNVpFejBlQjd6ZnRuZ2h0SmJzTjUrNDFnckdRcVRaSkVPWjU0Q3Q0YVRXK2xoN29NWGJLaTZaQk0tLTEvREZtY2FPd3JNR2hrb1RIdmZ6M1E9PQ%3D%3D--bfedcd30b0535e0f9e6ad2914ad2079fc46473e0

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
rendering	warning	URL: https://entries.winloot.com/i/wl-pick-my-payment-mbs?affid=388373&cid=30371&hta=t&o=5784&unique_id=308083619&utm_campaign=30371_1FDMPGLwl47231202&utm_content=308083619&utm_source=388373&utm_term=79d979f4de50078b9067bf73e4b9f27cdd24ef964f322f2d47abc2d7ae8d751c Message: [GroupMarkerNotSet(crbug.com/242999)!:A070D301EC0F0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
rendering	warning	URL: https://entries.winloot.com/bad-request?ec=a Message: [GroupMarkerNotSet(crbug.com/242999)!:A070D301EC0F0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ads.anura.io
analytics.google.com
cdn.jsdelivr.net
dailymoneyposttime.com
entries.winloot.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
pagead2.googlesyndication.com
pm.geniusmonkey.com
script.anura.io
stats.g.doubleclick.net
td.doubleclick.net
wltcktrck.com
wnltrack.com
www.google-analytics.com
www.googletagmanager.com
entries.winloot.com
googleads.g.doubleclick.net
108.139.29.96
2606:4700:4400::ac40:9672
2607:f8b0:4004:c08::5e
2607:f8b0:4004:c09::8b
2607:f8b0:4004:c09::9c
2607:f8b0:4004:c09::9d
2607:f8b0:4004:c17::5f
2607:f8b0:4004:c17::61
2607:f8b0:4004:c1b::8a
2607:f8b0:4004:c1f::9c
2a04:4e42:400::485
3.228.66.30
34.117.190.90
35.169.3.110
35.171.171.72
00c0c1fc5b752999d844d28b1424ae370e96a596eb682278636260c2db0e6712
058d40abbf959e31b1d3282f707a52965ada28461f555664158a93e5f3b48e8c
095ce7a69b18f1ca168210059cd233c0084e9aa47aebda976a4cd84491393257
17be0783db65d89539bd733f5f278e05dabf45c874effb993bec449dbbe7eea2
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
373075283c215b12ba09bc63584a401826968b0aea63afe32d7aeb65b6d05f69
403eba63dfff6b1982dd09d51ef87cfdd5c0b7a62a93c90dd31025c8745c39d8
509b3883b5264f804925208d1b6beb70e22c2f19ee3d5535769b9ed6dc95e383
5c6e4cf6c85c2cba6ef1cb796d56eeea52d5ccba5f642865f9cb317722d53f5f
5e97275bb9aa10c30a2cd2b9978c3f3a85ecb8a3c17ace9fae33aa696e417843
631f33f66d831778054c341f679eff7dab7150af078966bd6beec90580d07600
6a82c9542cb3c7cb585d07452440b9d99b88a49208f11c9cec6ec7d703055a62
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
73c54eec23bd5786eee2abde558ae996cc30db654cc6d513369ef8e6e1681de9
7d8a3a3839dc38a38c770c508e75e13312ae9ee939d58ebb3a351bd88066e031
831bc1f1f57eb0a652fc3f2111d98f701af81dd2ed47be8657b1ceade2b3822c
8ea24161f26e5a5fb7214bb401f3b4a77d0b4af3bb94cf9531a007b283581c4f
9a100ea005a90e0a40f8558624cab70d7cfe6b5416cf0f549a47962cd26d4d9b
a6a54d1044fa137ad30cfcc264f477f2e425b53d2f19abf2a1f2ae70366f81ed
ae57822d3a2a60714fc950121a25aca5625de46df2fbd445a95c1441a769d122
c4549fdcff860cb49c899baf42e8e0fe19ebf41e2ed3d321b7a22cf08a78a472
c9015686cf54e5e643e2bffe8cf0aa2c3140f56b0d84c1a315845e8a31601db4
c92964d4ee3572b1fe22e2eaafa820d0a3809a9d3a242410a712b74ba825a3f2
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e0195dbc877678629e4b4bf09f45eb09a43ae4132a9ffed83d4996335e3d32eb
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f707107e0af976730ca90dcbcbb02134699079f32f1979d2d91400165b1f19a9

entries.winloot.com Open in urlscan Pro 2606:4700:4400::ac40:9672 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

47 Requests

85 %HTTPS

67 %IPv6

14 Domains

17 Subdomains

14 IPs

1 Countries

1234 kBTransfer

3689 kBSize

11 Cookies

8 Outgoing links

Page URL History

Redirected requests

47 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

entries.winloot.com Open in urlscan Pro
2606:4700:4400::ac40:9672 Public Scan

Screenshot
Live screenshot

Full Image

47
Requests

85 %
HTTPS

67 %
IPv6

14
Domains

17
Subdomains

14
IPs

1
Countries

1234 kB
Transfer

3689 kB
Size

11
Cookies

47 HTTP transactions
0 data transactions