pwa.mcnj9981.xyz Open in urlscan Pro
172.67.139.138 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://mb.icpv0336.xyz/v2/?f=clickadu&source=%7Bzoneid%7D&campaign=%7Bcampaignid%7D&cid=$%7Bsubid%7D
Effective URL:
https://pwa.mcnj9981.xyz/land/offer?p=pwa&f=clickadu&campaign=%7Bcampaignid%7D&source=%7Bzoneid%7D&cid=$%7Bsubid%7D&l=offer
Submission: On April 01 via api (April 1st 2024, 11:42:29 pm UTC) from US — Scanned from US

Summary HTTP 33 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 6 domains to perform 33 HTTP transactions. The main IP is 172.67.139.138, located in United States and belongs to CLOUDFLARENET, US. The main domain is pwa.mcnj9981.xyz.
TLS certificate: Issued by GTS CA 1P5 on February 4th 2024. Valid for: 3 months.

This is the only time pwa.mcnj9981.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:303... 2606:4700:3031::ac43:b689	13335 (CLOUDFLAR...) (CLOUDFLARENET)
14	172.67.139.138 172.67.139.138	13335 (CLOUDFLAR...) (CLOUDFLARENET)
14	157.185.170.20 157.185.170.20	54994 (ML-1432-5...) (ML-1432-54994)
3	172.67.222.15 172.67.222.15	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2607:f8b0:400... 2607:f8b0:4006:81c::2008	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:80d::200e	15169 (GOOGLE) (GOOGLE)
33	5

1 2606:4700:3031::ac43:b689 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

mb.icpv0336.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 172.67.139.138 (United States)

ASN13335 (CLOUDFLARENET, US)

pwa.mcnj9981.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 157.185.170.20 (Canada)

ASN54994 (ML-1432-54994, CA)

img.ioco9207.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.67.222.15 (United States)

ASN13335 (CLOUDFLARENET, US)

umami.xiaoou.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81c::2008 (United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:80d::200e (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	ioco9207.xyz img.ioco9207.xyz	193 KB
14	mcnj9981.xyz pwa.mcnj9981.xyz	284 KB
3	xiaoou.org umami.xiaoou.org	3 KB
1	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 34	255 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 42	93 KB
1	icpv0336.xyz 1 redirects mb.icpv0336.xyz	554 B
33	6

	Domain	Requested by
14	img.ioco9207.xyz	pwa.mcnj9981.xyz
14	pwa.mcnj9981.xyz	pwa.mcnj9981.xyz
3	umami.xiaoou.org	pwa.mcnj9981.xyz umami.xiaoou.org
1	www.google-analytics.com	www.googletagmanager.com
1	www.googletagmanager.com	pwa.mcnj9981.xyz
1	mb.icpv0336.xyz	1 redirects
33	6

This site contains no links.

Subject Issuer	Validity	Valid
mcnj9981.xyz GTS CA 1P5	`2024-02-04` - `2024-05-04`	3 months	crt.sh
*.tia587.xyz R3	`2024-01-21` - `2024-04-20`	3 months	crt.sh
xiaoou.org GTS CA 1P5	`2024-02-15` - `2024-05-15`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-03-04` - `2024-05-27`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://pwa.mcnj9981.xyz/land/offer?p=pwa&f=clickadu&campaign=%7Bcampaignid%7D&source=%7Bzoneid%7D&cid=$%7Bsubid%7D&l=offer
Frame ID: ABF5C4AD72F465B7BA0DE3472D2F0CC9
Requests: 32 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

XiaoOu Videos

Page URL History Show full URLs

http://mb.icpv0336.xyz/v2/?f=clickadu&source=%7Bzoneid%7D&campaign=%7Bcampaignid%7D&cid=$%7Bsubid%7D HTTP 307
https://mb.icpv0336.xyz/v2/?f=clickadu&source=%7Bzoneid%7D&campaign=%7Bcampaignid%7D&cid=$%7Bsubid%7D HTTP 302
https://pwa.mcnj9981.xyz/land/offer?p=pwa&f=clickadu&campaign=%7Bcampaignid%7D&source=%7Bzoneid%7D&ci... Page URL

Detected technologies

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Page Statistics

33
Requests

100 %
HTTPS

50 %
IPv6

6
Domains

6
Subdomains

5
IPs

2
Countries

573 kB
Transfer

3693 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://mb.icpv0336.xyz/v2/?f=clickadu&source=%7Bzoneid%7D&campaign=%7Bcampaignid%7D&cid=$%7Bsubid%7D HTTP 307
https://mb.icpv0336.xyz/v2/?f=clickadu&source=%7Bzoneid%7D&campaign=%7Bcampaignid%7D&cid=$%7Bsubid%7D HTTP 302
https://pwa.mcnj9981.xyz/land/offer?p=pwa&f=clickadu&campaign=%7Bcampaignid%7D&source=%7Bzoneid%7D&cid=$%7Bsubid%7D&l=offer Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

33 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3

200

Primary Request offer Show response
pwa.mcnj9981.xyz/land/
Redirect Chain

http://mb.icpv0336.xyz/v2/?f=clickadu&source=%7Bzoneid%7D&campaign=%7Bcampaignid%7D&cid=$%7Bsubid%7D
https://mb.icpv0336.xyz/v2/?f=clickadu&source=%7Bzoneid%7D&campaign=%7Bcampaignid%7D&cid=$%7Bsubid%7D
https://pwa.mcnj9981.xyz/land/offer?p=pwa&f=clickadu&campaign=%7Bcampaignid%7D&source=%7Bzoneid%7D&cid=$%7Bsubid%7D&l=offer

109 KB
14 KB

566ms
494ms

Document
text/html

172.67.139.138
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pwa.mcnj9981.xyz/land/offer?p=pwa&f=clickadu&campaign=%7Bcampaignid%7D&source=%7Bzoneid%7D&cid=$%7Bsubid%7D&l=offer
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.139.138 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 1a584d2ddbb9fcd8b4fcdbd79c959c1abbc7a588ab2d9097fd303d6f0e4c9329

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 86dc6f669c3b36d8-YYZ
content-encoding: br
content-type: text/html
date: Mon, 01 Apr 2024 23:42:21 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q%2FTC%2BAieK8GtKktuGGO%2BTNSv1ufmjtbthboLyIMID8igwy1ousYllAnij53RZq3zPiBuWJbldp0%2FI414o6FCeH4M3Uxl5yCSjCatEphlM%2FOW%2BQ3jjbTIGLknw9kyUvyPQZoW"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-powered-by: Express

Redirect headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 86dc6f62e9134bd3-BUF
content-type: text/html; charset=utf-8
date: Mon, 01 Apr 2024 23:42:21 GMT
location: https://pwa.mcnj9981.xyz/land/offer?p=pwa&f=clickadu&campaign=%7Bcampaignid%7D&source=%7Bzoneid%7D&cid=$%7Bsubid%7D&l=offer
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eJCkcscZYvMeVdB9Q7%2BBMMTXKMpOl1iQOsq289%2Fe10yxg1DZ8B2w5%2F4O9MSCZ2bo9dp%2B4kf%2BLHLCICz54qh0UnaSYFtb0URYrnNgJWPehtyqiqKsYt3gxYYWac795T9eudyLAFO21OFRcHxtalY%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept, Accept-Encoding
x-powered-by: Express

GET
H3 200 logo_nobg_60x60.png
pwa.mcnj9981.xyz/ 2 KB
2 KB 429ms
427ms Image
image/png 172.67.139.138
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pwa.mcnj9981.xyz/logo_nobg_60x60.png
Requested by: Host: pwa.mcnj9981.xyz
URL: https://pwa.mcnj9981.xyz/land/offer?p=pwa&f=clickadu&campaign=%7Bcampaignid%7D&source=%7Bzoneid%7D&cid=$%7Bsubid%7D&l=offer
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.139.138 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 4bd5bd873b1016b1c6b046e267fcc96d459a1247b95978151319ae32dfe8d91e

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://pwa.mcnj9981.xyz/land/offer?p=pwa&f=clickadu&campaign=%7Bcampaignid%7D&source=%7Bzoneid%7D&cid=$%7Bsubid%7D&l=offer
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 01 Apr 2024 23:42:22 GMT
cf-cache-status: MISS
last-modified: Thu, 09 Mar 2023 05:59:59 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
etag: W/"669-186c4f47153"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s7V90Ua2pwCNHcbhN2QJKlLuT5P55XU%2FjQFWif%2FzWeKcGVkf02wnlJfOnKofXTRsJzu5C0oeC1ToPuONprEYWMZvy3rkHrZSW5P25vRTDk6U129oj7TOIU0RCyV8LShqXKZr"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 86dc6f69eb5636d8-YYZ
alt-svc: h3=":443"; ma=86400
content-length: 1641

GET
H2 200 poster.jpg
img.ioco9207.xyz/image/landing/offer2/ 13 KB
14 KB 1513ms
146ms Image
image/jpeg 157.185.170.20
ML-1432-54994

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.ioco9207.xyz/image/landing/offer2/poster.jpg

Requested by

Host: pwa.mcnj9981.xyz
URL: https://pwa.mcnj9981.xyz/land/offer?p=pwa&f=clickadu&campaign=%7Bcampaignid%7D&source=%7Bzoneid%7D&cid=$%7Bsubid%7D&l=offer

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

157.185.170.20 , Canada, ASN54994 (ML-1432-54994, CA),

Reverse DNS

Software

PWS/8.3.1.0.8 /

Resource Hash

61025b9ad21fe3cb1ec0396c6cd23d6a7c95bbb6dfca8955295cfc839409d8fc

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://pwa.mcnj9981.xyz/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 01 Apr 2024 23:42:23 GMT
content-security-policy: block-all-mixed-content
via: 1.1 PS-MIA-01sxm108:6 (W), 1.1 am69:0 (W), 1.1 PS-JFK-04iJD178:9 (W)
x-amz-request-id: 17BABC4DCB031E22
age: 2128893
x-px: ms PS-JFK-04iJD178none, ht am69none
content-length: 13766
x-xss-protection: 1; mode=block
last-modified: Wed, 06 Mar 2024 02:45:51 GMT
server: PWS/8.3.1.0.8
etag: "d8ac0339f87301d1d0c1b9c5f92250fa"
vary: Origin
access-control-max-age: 7776000
content-type: image/jpeg
x-minio-deployment-id: 043b44a4-994e-49a1-aab3-08ec263f6f5b
access-control-allow-origin: *
cache-control: max-age=15552000
accept-ranges: bytes

GET
H3 200 empty.png
pwa.mcnj9981.xyz/ 934 B
1 KB 427ms
426ms Image
image/png 172.67.139.138
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pwa.mcnj9981.xyz/empty.png
Requested by: Host: pwa.mcnj9981.xyz
URL: https://pwa.mcnj9981.xyz/land/offer?p=pwa&f=clickadu&campaign=%7Bcampaignid%7D&source=%7Bzoneid%7D&cid=$%7Bsubid%7D&l=offer
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.139.138 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 229fddae5833fe861456c225c3055d39543884e057479c03600170ae77bbb524

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://pwa.mcnj9981.xyz/land/offer?p=pwa&f=clickadu&campaign=%7Bcampaignid%7D&source=%7Bzoneid%7D&cid=$%7Bsubid%7D&l=offer
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 01 Apr 2024 23:42:22 GMT
cf-cache-status: MISS
last-modified: Thu, 09 Mar 2023 05:59:59 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
etag: W/"3a6-186c4f47153"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zg8YZfVOtu6X5iqv65zL%2Bk8I8ZGXgX2YBdGuiNr6pTBhSVgrliHlp5miaNSMz%2FOjd6lrJOCJJQCXFC6C%2F5gzB9YqP9H8dPP7w3LUhR6upkqb5H83TSIoWZMLXUYdnO%2FZVv5D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 86dc6f6a1bb536d8-YYZ
alt-svc: h3=":443"; ma=86400
content-length: 934

GET
H3 200 5fc58e438e20afcf.css
pwa.mcnj9981.xyz/_next/static/css/ 60 KB
11 KB 412ms
410ms Stylesheet
text/css 172.67.139.138
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pwa.mcnj9981.xyz/_next/static/css/5fc58e438e20afcf.css
Requested by: Host: pwa.mcnj9981.xyz
URL: https://pwa.mcnj9981.xyz/land/offer?p=pwa&f=clickadu&campaign=%7Bcampaignid%7D&source=%7Bzoneid%7D&cid=$%7Bsubid%7D&l=offer
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.139.138 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: d8e4fa5470ede6af9fdfb2ce4cb20a0c4c2f7fd56f51fefe34edb943af3cdd9a

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://pwa.mcnj9981.xyz/land/offer?p=pwa&f=clickadu&campaign=%7Bcampaignid%7D&source=%7Bzoneid%7D&cid=$%7Bsubid%7D&l=offer
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 01 Apr 2024 23:42:22 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sun, 31 Mar 2024 22:35:24 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
etag: W/"f0f9-18e96a733e0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FrsTitArWO9Pg%2FQ0TCHnCJNBVVbhXQ8S28sepgBc2AS3OIQoI6ZeBnii1PlHn0XWLzfe2axJl3NRXmRXNjqzn0vsSqXy19hnrAHlD44Oyf628H0%2BMbz2rKyNRgWhtDhV45%2Bq"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86dc6f6a1bb836d8-YYZ
alt-svc: h3=":443"; ma=86400

GET
H2 206 MD165_640.mp4
img.ioco9207.xyz/image/landing/offer2/ 69 KB
0 1379ms
187ms Media
video/mp4 157.185.170.20
ML-1432-54994

General

Check archive.org

Show headers Download Go to

Full URL

https://img.ioco9207.xyz/image/landing/offer2/MD165_640.mp4

Requested by

Host: pwa.mcnj9981.xyz
URL: https://pwa.mcnj9981.xyz/land/offer?p=pwa&f=clickadu&campaign=%7Bcampaignid%7D&source=%7Bzoneid%7D&cid=$%7Bsubid%7D&l=offer

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

157.185.170.20 , Canada, ASN54994 (ML-1432-54994, CA),

Reverse DNS

Software

PWS/8.3.1.0.8 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept-Encoding: identity;q=1, *;q=0
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Referer: https://pwa.mcnj9981.xyz/
Range: bytes=0-
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 01 Apr 2024 23:42:23 GMT
content-security-policy: block-all-mixed-content
via: 1.1 shb74:7 (W), 1.1 am77:5 (W), 1.1 PS-JFK-04iJD178:9 (W)
x-amz-request-id: 17BBF3AEF2ED0492
age: 1667444
Content-Range: bytes 0-2269998/2269999
x-px: ms PS-JFK-04iJD178none, ht am77none
Content-Length: 2269999
x-xss-protection: 1; mode=block
last-modified: Wed, 06 Mar 2024 02:45:44 GMT
server: PWS/8.3.1.0.8
etag: "11dc761ed21c1ec957c007c64c3d7cc2"
access-control-max-age: 7776000
vary: accept-encoding
content-type: video/mp4
x-minio-deployment-id: 043b44a4-994e-49a1-aab3-08ec263f6f5b
access-control-allow-origin: *
cache-control: max-age=15552000
accept-ranges: bytes

GET
H3 200 script.js Show response
umami.xiaoou.org/ 2 KB
2 KB 340ms
152ms Script
application/javascript 172.67.222.15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://umami.xiaoou.org/script.js

Requested by

Host: pwa.mcnj9981.xyz
URL: https://pwa.mcnj9981.xyz/land/offer?p=pwa&f=clickadu&campaign=%7Bcampaignid%7D&source=%7Bzoneid%7D&cid=$%7Bsubid%7D&l=offer

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.222.15 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

56e70678cbf7e8c157c423bac4d2872f3b384a1784f43b1126ae5e59fd45d144

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';img-src *;script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline';connect-src 'self' api.umami.is cloud.umami.is;frame-ancestors 'self'

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://pwa.mcnj9981.xyz/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 01 Apr 2024 23:42:22 GMT
content-security-policy: default-src 'self';img-src *;script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline';connect-src 'self' api.umami.is cloud.umami.is;frame-ancestors 'self'
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Thu, 07 Mar 2024 06:06:08 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"977-18e1784e25b"
x-dns-prefetch-control: on
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tHx3oXelBggUwYdCnlK%2BgpyfFGJr7jFNT2yzJsGOCTt3IZxjsEEFNZj1tCHhU7kx1jkCxRx%2Bbre%2FKx4vhzm1e%2BrAxXoVE4Oc%2FF6P2zS92ixLMmELdUyiXXlzW%2FD1ej%2FtYrF%2B"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=14400
cf-ray: 86dc6f6c4a1f4bd2-BUF
alt-svc: h3=":443"; ma=86400

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 267 KB
93 KB 150ms
65ms Script
application/javascript 2607:f8b0:4006:81c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-9WB6DQN0YD

Requested by

Host: pwa.mcnj9981.xyz
URL: https://pwa.mcnj9981.xyz/land/offer?p=pwa&f=clickadu&campaign=%7Bcampaignid%7D&source=%7Bzoneid%7D&cid=$%7Bsubid%7D&l=offer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0222ed0c739ad77c7adcee0bd21f223712abe70170eb7c3fa6345e861f550e8b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://pwa.mcnj9981.xyz/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 01 Apr 2024 23:42:22 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 95041
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 01 Apr 2024 23:42:22 GMT

GET
H3 200 webpack-69eaf9c42e1baa1f.js Show response
pwa.mcnj9981.xyz/_next/static/chunks/ 28 KB
15 KB 598ms
596ms Script
application/javascript 172.67.139.138
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pwa.mcnj9981.xyz/_next/static/chunks/webpack-69eaf9c42e1baa1f.js
Requested by: Host: pwa.mcnj9981.xyz
URL: https://pwa.mcnj9981.xyz/land/offer?p=pwa&f=clickadu&campaign=%7Bcampaignid%7D&source=%7Bzoneid%7D&cid=$%7Bsubid%7D&l=offer
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.139.138 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 73bd8f7cc53106553c8709f0e5f92a2687120c6c207ec5f85cdf66f933768535

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://pwa.mcnj9981.xyz/land/offer?p=pwa&f=clickadu&campaign=%7Bcampaignid%7D&source=%7Bzoneid%7D&cid=$%7Bsubid%7D&l=offer
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 01 Apr 2024 23:42:22 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sun, 31 Mar 2024 22:35:24 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
etag: W/"6f22-18e96a733e0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OSiI%2Bj7e9o5iw3fpCJjXmnDiMV%2F9SN8pfXmjGASddpuCCDtZOOyYKs4T52UO3sGW9PwOHYezZaTqWOKTrkwIDqobz6ISdGAexIurn5cjt0yVdxUBml2fwA0VZT1o%2Fd%2BLL4Uz"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86dc6f6b2df936d8-YYZ
alt-svc: h3=":443"; ma=86400

GET
H3 200 framework-5ec7f968e70d8a94.js Show response
pwa.mcnj9981.xyz/_next/static/chunks/ 138 KB
45 KB 754ms
752ms Script
application/javascript 172.67.139.138
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pwa.mcnj9981.xyz/_next/static/chunks/framework-5ec7f968e70d8a94.js
Requested by: Host: pwa.mcnj9981.xyz
URL: https://pwa.mcnj9981.xyz/land/offer?p=pwa&f=clickadu&campaign=%7Bcampaignid%7D&source=%7Bzoneid%7D&cid=$%7Bsubid%7D&l=offer
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.139.138 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 37237a723129916cf9a73c4c8c01e713480b6b80f74d52a67a47027a26e4aa88

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://pwa.mcnj9981.xyz/land/offer?p=pwa&f=clickadu&campaign=%7Bcampaignid%7D&source=%7Bzoneid%7D&cid=$%7Bsubid%7D&l=offer
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 01 Apr 2024 23:42:22 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sun, 31 Mar 2024 22:35:24 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
etag: W/"22698-18e96a733e0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UV9uS%2F6l5cK93aVo4Vze94gCTeDQSyakwiywmLHNkOuGEWgtTeAn16GBYx7Y9yRN7WHN%2BGIVmFFuFt3vLt37A0NRBJqAkNQLQwT%2FpA5OAM5Nuh9BR5tiCYbkZGkP96PBFvo6"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86dc6f6b2dfd36d8-YYZ
alt-svc: h3=":443"; ma=86400

GET
H3 200 main-e934482243832482.js Show response
pwa.mcnj9981.xyz/_next/static/chunks/ 106 KB
32 KB 582ms
580ms Script
application/javascript 172.67.139.138
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pwa.mcnj9981.xyz/_next/static/chunks/main-e934482243832482.js
Requested by: Host: pwa.mcnj9981.xyz
URL: https://pwa.mcnj9981.xyz/land/offer?p=pwa&f=clickadu&campaign=%7Bcampaignid%7D&source=%7Bzoneid%7D&cid=$%7Bsubid%7D&l=offer
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.139.138 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: f0485925805270382ee742cd30c42ddc0209ab7d10b4e5310a242b5c2f17c5f3

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://pwa.mcnj9981.xyz/land/offer?p=pwa&f=clickadu&campaign=%7Bcampaignid%7D&source=%7Bzoneid%7D&cid=$%7Bsubid%7D&l=offer
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 01 Apr 2024 23:42:22 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sun, 31 Mar 2024 22:35:24 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
etag: W/"1a9d7-18e96a733e0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GrXicjR8bxaP2HoqvY06Rqq8TiCYnOxMLNmjfJkdj3ZP3B%2F2oz4rFouf8%2Fh9DuFrE6LMjJVvcumtU%2BXfgG7QTI3f2yVUlBRq3C%2FHvJjcpsSV9vlPE9MP3tdnXl%2FyMrTUGHm1"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86dc6f6b2dfe36d8-YYZ
alt-svc: h3=":443"; ma=86400

GET
H3 200 _app-e61df8ce2186e2a5.js Show response
pwa.mcnj9981.xyz/_next/static/chunks/pages/ 470 KB
129 KB 947ms
945ms Script
application/javascript 172.67.139.138
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pwa.mcnj9981.xyz/_next/static/chunks/pages/_app-e61df8ce2186e2a5.js
Requested by: Host: pwa.mcnj9981.xyz
URL: https://pwa.mcnj9981.xyz/land/offer?p=pwa&f=clickadu&campaign=%7Bcampaignid%7D&source=%7Bzoneid%7D&cid=$%7Bsubid%7D&l=offer
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.139.138 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 533249577314b033852de329773304e844b86d39219186a4854af8e029de62ed

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://pwa.mcnj9981.xyz/land/offer?p=pwa&f=clickadu&campaign=%7Bcampaignid%7D&source=%7Bzoneid%7D&cid=$%7Bsubid%7D&l=offer
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 01 Apr 2024 23:42:22 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sun, 31 Mar 2024 22:35:24 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
etag: W/"758f2-18e96a733e0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SpQgb0bBpR2nHGq%2BuKU9XeKTFMQQdQGNUwJqxeHFSuSqemh8SlIJAYZ%2FhBRB3XXemxwMB5NizdEMmbXcV7tIIcV0d21NorNVcsoIP%2Bn24QuiOox0pDuGVW%2F2lD6IKVfgY0N%2F"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86dc6f6b2dff36d8-YYZ
alt-svc: h3=":443"; ma=86400

GET
H3 200 watch-56609ad87593e5d1.js Show response
pwa.mcnj9981.xyz/_next/static/chunks/pages/ 28 KB
9 KB 414ms
413ms Script
application/javascript 172.67.139.138
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pwa.mcnj9981.xyz/_next/static/chunks/pages/watch-56609ad87593e5d1.js
Requested by: Host: pwa.mcnj9981.xyz
URL: https://pwa.mcnj9981.xyz/land/offer?p=pwa&f=clickadu&campaign=%7Bcampaignid%7D&source=%7Bzoneid%7D&cid=$%7Bsubid%7D&l=offer
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.139.138 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: f0a66ee9ae105ea3f31044b5dca519241eef902f8afaa9b0a20647f89ac90d5d

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://pwa.mcnj9981.xyz/land/offer?p=pwa&f=clickadu&campaign=%7Bcampaignid%7D&source=%7Bzoneid%7D&cid=$%7Bsubid%7D&l=offer
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 01 Apr 2024 23:42:22 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sun, 31 Mar 2024 22:35:24 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
etag: W/"6e46-18e96a733e0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kHHV%2FsgkRDuDqx7FUsUd1il8IwX2thh1vk4zB0pQvk93TZu1RELGu6RFPEyOYwawPyTKIt8fzqBMcKTy5aMg7feCaFr7fkUH160o5oOYleoxrLCytpHlWP3l2JJ%2BFedO3WnX"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86dc6f6b2e0136d8-YYZ
alt-svc: h3=":443"; ma=86400

GET
H3 200 _buildManifest.js Show response
pwa.mcnj9981.xyz/_next/static/PLWiQcQkSB88-6L3e4im8/ 8 KB
3 KB 440ms
439ms Script
application/javascript 172.67.139.138
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pwa.mcnj9981.xyz/_next/static/PLWiQcQkSB88-6L3e4im8/_buildManifest.js
Requested by: Host: pwa.mcnj9981.xyz
URL: https://pwa.mcnj9981.xyz/land/offer?p=pwa&f=clickadu&campaign=%7Bcampaignid%7D&source=%7Bzoneid%7D&cid=$%7Bsubid%7D&l=offer
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.139.138 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: cdb562ccc3de9adb447fb76399fb68fba4a5c2d0d0761649c31c55ca1aefa452

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://pwa.mcnj9981.xyz/land/offer?p=pwa&f=clickadu&campaign=%7Bcampaignid%7D&source=%7Bzoneid%7D&cid=$%7Bsubid%7D&l=offer
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 01 Apr 2024 23:42:22 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sun, 31 Mar 2024 22:35:24 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
etag: W/"20bd-18e96a733e0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7%2FI%2FdPeJ%2BYgpIsqubcUqoFQRmyKveJCxQFdZK1bFwTh6gcj%2FDw0dmdxDHUllJkM0jgo4EJiM5QpbErd3VEtNMwDK%2BbdkGYPI4U3VYHNpyaMloYDivZkY3Zf8ruH7pmPsr4mW"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86dc6f6b2e0336d8-YYZ
alt-svc: h3=":443"; ma=86400

GET
H3 200 _ssgManifest.js Show response
pwa.mcnj9981.xyz/_next/static/PLWiQcQkSB88-6L3e4im8/ 88 B
566 B 411ms
410ms Script
application/javascript 172.67.139.138
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pwa.mcnj9981.xyz/_next/static/PLWiQcQkSB88-6L3e4im8/_ssgManifest.js
Requested by: Host: pwa.mcnj9981.xyz
URL: https://pwa.mcnj9981.xyz/land/offer?p=pwa&f=clickadu&campaign=%7Bcampaignid%7D&source=%7Bzoneid%7D&cid=$%7Bsubid%7D&l=offer
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.139.138 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: a66383b381b46cccc8f600e19dedea91beedf07e06bb49f011fa7f7073ead591

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://pwa.mcnj9981.xyz/land/offer?p=pwa&f=clickadu&campaign=%7Bcampaignid%7D&source=%7Bzoneid%7D&cid=$%7Bsubid%7D&l=offer
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 01 Apr 2024 23:42:22 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sun, 31 Mar 2024 22:35:32 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
etag: W/"58-18e96a75320"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tePGTSUQhzqVJLwqz8bFgqlcZG6feJYbcxYG7smsZt1y846UdfpLt%2BW%2Bu3ySZn4TWLNXus6Q3RQO2tQQM65M3hcmAlRKmzdUJnj%2B2VzEYefqudNTIT5Hut8rGm9nxvnaHpKZ"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86dc6f6b2e0636d8-YYZ
alt-svc: h3=":443"; ma=86400

GET
H2 200 room_cn_2.webp
img.ioco9207.xyz/image/landing/offer2/ 24 KB
24 KB 1200ms
37ms Image
image/jpeg 157.185.170.20
ML-1432-54994

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.ioco9207.xyz/image/landing/offer2/room_cn_2.webp

Requested by

Host: pwa.mcnj9981.xyz
URL: https://pwa.mcnj9981.xyz/land/offer?p=pwa&f=clickadu&campaign=%7Bcampaignid%7D&source=%7Bzoneid%7D&cid=$%7Bsubid%7D&l=offer

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

157.185.170.20 , Canada, ASN54994 (ML-1432-54994, CA),

Reverse DNS

Software

PWS/8.3.1.0.8 /

Resource Hash

b6b5ea8487251a1ccfa2c468de60676ee2c25f86092b40846abf33caf0dc8291

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://pwa.mcnj9981.xyz/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 01 Apr 2024 23:42:23 GMT
content-security-policy: block-all-mixed-content
via: 1.1 shb79:3 (W), 1.1 PS-JFK-04iJD178:9 (W)
x-amz-request-id: 17C1EB8D0970771F
age: 106619
x-px: ms PS-JFK-04iJD178none, ht shb79none
content-length: 24430
x-xss-protection: 1; mode=block
last-modified: Wed, 06 Mar 2024 02:45:57 GMT
server: PWS/8.3.1.0.8
etag: "4e967b5e4240afba205a177b67d86396"
vary: Origin
access-control-max-age: 7776000
content-type: image/jpeg
x-minio-deployment-id: 043b44a4-994e-49a1-aab3-08ec263f6f5b
access-control-allow-origin: *
cache-control: max-age=15552000
accept-ranges: bytes

GET
H3 200 streaming.gif
pwa.mcnj9981.xyz/ 9 KB
9 KB 443ms
441ms Image
image/gif 172.67.139.138
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pwa.mcnj9981.xyz/streaming.gif
Requested by: Host: pwa.mcnj9981.xyz
URL: https://pwa.mcnj9981.xyz/land/offer?p=pwa&f=clickadu&campaign=%7Bcampaignid%7D&source=%7Bzoneid%7D&cid=$%7Bsubid%7D&l=offer
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.139.138 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 2942445064008fdb2d35ce8c740d46bed4bba75b21d9464b7a44485aded4600a

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://pwa.mcnj9981.xyz/land/offer?p=pwa&f=clickadu&campaign=%7Bcampaignid%7D&source=%7Bzoneid%7D&cid=$%7Bsubid%7D&l=offer
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 01 Apr 2024 23:42:22 GMT
cf-cache-status: MISS
last-modified: Thu, 09 Mar 2023 05:59:59 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
etag: W/"241e-186c4f47154"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jSr7YV%2FSEgfzWOyuW4IqjRYrsBFKy3ImNQ5lgUAlgBKzcawERPmt9u0b4XYcu85%2BAVqkCFFfGEq5a%2FmuTKa4Gtb4COBPsOfT0blbq41nQ9NkeO%2BhsUi4wpUYvimK6tH02%2BAg"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 86dc6f6b2e0836d8-YYZ
alt-svc: h3=":443"; ma=86400
content-length: 9246

GET
H2 200 room_asian_2.webp
img.ioco9207.xyz/image/landing/offer2/ 23 KB
24 KB 1420ms
257ms Image
image/jpeg 157.185.170.20
ML-1432-54994

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.ioco9207.xyz/image/landing/offer2/room_asian_2.webp

Requested by

Host: pwa.mcnj9981.xyz
URL: https://pwa.mcnj9981.xyz/land/offer?p=pwa&f=clickadu&campaign=%7Bcampaignid%7D&source=%7Bzoneid%7D&cid=$%7Bsubid%7D&l=offer

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

157.185.170.20 , Canada, ASN54994 (ML-1432-54994, CA),

Reverse DNS

Software

PWS/8.3.1.0.8 /

Resource Hash

951e4c7048415235b3b2fc5238cb0776b3e3ceb1331b30c50e5fa49cef8e0684

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://pwa.mcnj9981.xyz/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 01 Apr 2024 23:42:23 GMT
content-security-policy: block-all-mixed-content
via: 1.1 PS-MIA-01ake129:5 (W), 1.1 PS-MIA-01ake129:6 (W), 1.1 PS-JFK-04iJD178:9 (W)
x-amz-request-id: 17C24C852F624C0D
x-px: ms PS-JFK-04iJD178none, ms PS-MIA-01ake129none, ht PS-MIA-01ake129none
content-length: 23912
x-xss-protection: 1; mode=block
last-modified: Wed, 06 Mar 2024 02:45:41 GMT
server: PWS/8.3.1.0.8
etag: "040f5594e5835a8d69213afbc0cbd554"
vary: Origin
access-control-max-age: 7776000
content-type: image/jpeg
x-minio-deployment-id: 043b44a4-994e-49a1-aab3-08ec263f6f5b
access-control-allow-origin: *
cache-control: max-age=15552000
accept-ranges: bytes

GET
H2 200 country_ko.png
img.ioco9207.xyz/image/landing/offer2/ 1 KB
1 KB 1376ms
213ms Image
image/png 157.185.170.20
ML-1432-54994

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.ioco9207.xyz/image/landing/offer2/country_ko.png

Requested by

Host: pwa.mcnj9981.xyz
URL: https://pwa.mcnj9981.xyz/land/offer?p=pwa&f=clickadu&campaign=%7Bcampaignid%7D&source=%7Bzoneid%7D&cid=$%7Bsubid%7D&l=offer

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

157.185.170.20 , Canada, ASN54994 (ML-1432-54994, CA),

Reverse DNS

Software

PWS/8.3.1.0.8 /

Resource Hash

25e204bc4a6809c64ee996ca17359f7ee5f91b5eac45e7b9967e3594efd28000

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://pwa.mcnj9981.xyz/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 01 Apr 2024 23:42:23 GMT
content-security-policy: block-all-mixed-content
via: 1.1 PS-MIA-01ake129:13 (W)[209 200 2], 1.1 am69:2 (W), 1.1 PS-JFK-04iJD178:9 (W)
x-amz-request-id: 17925F7BDF6EB51A
age: 2128893
x-px: ms PS-JFK-04iJD178none, ht am69none
content-length: 1031
x-xss-protection: 1; mode=block
last-modified: Sun, 30 Apr 2023 22:44:32 GMT
server: PWS/8.3.1.0.8
etag: "00000000000000000000000000000000-1"
vary: Origin
access-control-max-age: 7776000
content-type: image/png
x-minio-deployment-id: 043b44a4-994e-49a1-aab3-08ec263f6f5b
access-control-allow-origin: *
cache-control: max-age=15552000
accept-ranges: bytes

GET
H2 200 room_us_2.webp
img.ioco9207.xyz/image/landing/offer2/ 14 KB
14 KB 1306ms
144ms Image
image/jpeg 157.185.170.20
ML-1432-54994

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.ioco9207.xyz/image/landing/offer2/room_us_2.webp

Requested by

Host: pwa.mcnj9981.xyz
URL: https://pwa.mcnj9981.xyz/land/offer?p=pwa&f=clickadu&campaign=%7Bcampaignid%7D&source=%7Bzoneid%7D&cid=$%7Bsubid%7D&l=offer

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

157.185.170.20 , Canada, ASN54994 (ML-1432-54994, CA),

Reverse DNS

Software

PWS/8.3.1.0.8 /

Resource Hash

ba064fbab390c1ed63114b448b0f7e425dc7a7fd7e6b35d2b5dfb9ce3f009494

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://pwa.mcnj9981.xyz/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 01 Apr 2024 23:42:23 GMT
content-security-policy: block-all-mixed-content
via: 1.1 PS-MIA-01Y85110:11 (W), 1.1 am75:0 (W), 1.1 PS-JFK-04iJD178:9 (W)
x-amz-request-id: 17BA495E1FAED681
age: 2255266
x-px: ms PS-JFK-04iJD178none, ht am75none
content-length: 14118
x-xss-protection: 1; mode=block
last-modified: Wed, 06 Mar 2024 02:45:49 GMT
server: PWS/8.3.1.0.8
etag: "cb74bc5e76ee8674de79782f8c1e819c"
vary: Origin
access-control-max-age: 7776000
content-type: image/jpeg
x-minio-deployment-id: 043b44a4-994e-49a1-aab3-08ec263f6f5b
access-control-allow-origin: *
cache-control: max-age=15552000
accept-ranges: bytes

GET
H2 200 country_us.png
img.ioco9207.xyz/image/landing/offer2/ 1 KB
2 KB 322ms
320ms Image
image/jpeg 157.185.170.20
ML-1432-54994

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.ioco9207.xyz/image/landing/offer2/country_us.png

Requested by

Host: pwa.mcnj9981.xyz
URL: https://pwa.mcnj9981.xyz/land/offer?p=pwa&f=clickadu&campaign=%7Bcampaignid%7D&source=%7Bzoneid%7D&cid=$%7Bsubid%7D&l=offer

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

157.185.170.20 , Canada, ASN54994 (ML-1432-54994, CA),

Reverse DNS

Software

PWS/8.3.1.0.8 /

Resource Hash

84270fbeacbddea00511a87c22a4124939b255de4f6800af5f41c41312e708fa

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://pwa.mcnj9981.xyz/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 01 Apr 2024 23:42:23 GMT
content-security-policy: block-all-mixed-content
via: 1.1 PS-MIA-01sxm108:6 (W), 1.1 PS-MIA-01sxm108:4 (W), 1.1 PS-JFK-04iJD178:9 (W)
x-amz-request-id: 17C24C8531EC140F
x-px: ms PS-JFK-04iJD178none, ms PS-MIA-01sxm108none, ht PS-MIA-01sxm108none
content-length: 1302
x-xss-protection: 1; mode=block
last-modified: Wed, 06 Mar 2024 02:45:43 GMT
server: PWS/8.3.1.0.8
etag: "41dc98d728b6fe0c90d8803c208c6977"
vary: Origin
access-control-max-age: 7776000
content-type: image/jpeg
x-minio-deployment-id: 043b44a4-994e-49a1-aab3-08ec263f6f5b
access-control-allow-origin: *
cache-control: max-age=15552000
accept-ranges: bytes

GET
H2 200 room_russian_3.webp
img.ioco9207.xyz/image/landing/offer2/ 18 KB
18 KB 38ms
37ms Image
image/jpeg 157.185.170.20
ML-1432-54994

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.ioco9207.xyz/image/landing/offer2/room_russian_3.webp

Requested by

Host: pwa.mcnj9981.xyz
URL: https://pwa.mcnj9981.xyz/land/offer?p=pwa&f=clickadu&campaign=%7Bcampaignid%7D&source=%7Bzoneid%7D&cid=$%7Bsubid%7D&l=offer

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

157.185.170.20 , Canada, ASN54994 (ML-1432-54994, CA),

Reverse DNS

Software

PWS/8.3.1.0.8 /

Resource Hash

0fd8ed837323a635e072d9c8a62a0a34925c6e5ac8107e6b2727c6591dd64b6b

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://pwa.mcnj9981.xyz/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 01 Apr 2024 23:42:23 GMT
content-security-policy: block-all-mixed-content
via: 1.1 shb79:3 (W), 1.1 PS-JFK-04iJD178:9 (W)
x-amz-request-id: 17C14ACAD6349E1E
age: 283375
x-px: ms PS-JFK-04iJD178none, ht shb79none
content-length: 18366
x-xss-protection: 1; mode=block
last-modified: Wed, 06 Mar 2024 02:46:02 GMT
server: PWS/8.3.1.0.8
etag: "f3eadfab6a0edf8ca91beb22eeb3e2dc"
vary: Origin
access-control-max-age: 7776000
content-type: image/jpeg
x-minio-deployment-id: 043b44a4-994e-49a1-aab3-08ec263f6f5b
access-control-allow-origin: *
cache-control: max-age=15552000
accept-ranges: bytes

GET
H2 200 room_couple.webp
img.ioco9207.xyz/image/landing/offer2/ 16 KB
17 KB 32ms
31ms Image
image/jpeg 157.185.170.20
ML-1432-54994

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.ioco9207.xyz/image/landing/offer2/room_couple.webp

Requested by

Host: pwa.mcnj9981.xyz
URL: https://pwa.mcnj9981.xyz/land/offer?p=pwa&f=clickadu&campaign=%7Bcampaignid%7D&source=%7Bzoneid%7D&cid=$%7Bsubid%7D&l=offer

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

157.185.170.20 , Canada, ASN54994 (ML-1432-54994, CA),

Reverse DNS

Software

PWS/8.3.1.0.8 /

Resource Hash

01e17e97c9ef34c65cbcee933ece88dfac672cfea732c356fa001c3936ac9513

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://pwa.mcnj9981.xyz/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 01 Apr 2024 23:42:23 GMT
content-security-policy: block-all-mixed-content
via: 1.1 PS-JFK-01T5Z186:9 (W), 1.1 PS-JFK-04iJD178:9 (W)
x-amz-request-id: 17C1EB8D0A1CEC9A
age: 106619
x-px: ms PS-JFK-04iJD178none, ht PS-JFK-01T5Z186none
content-length: 16518
x-xss-protection: 1; mode=block
last-modified: Wed, 06 Mar 2024 02:45:49 GMT
server: PWS/8.3.1.0.8
etag: "62f9fb7f4b08ce100f79c16447595d12"
vary: Origin
access-control-max-age: 7776000
content-type: image/jpeg
x-minio-deployment-id: 043b44a4-994e-49a1-aab3-08ec263f6f5b
access-control-allow-origin: *
cache-control: max-age=15552000
accept-ranges: bytes

POST
H2 204 collect
www.google-analytics.com/g/ 0
255 B 121ms
41ms Ping
text/plain 2607:f8b0:4006:80d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-9WB6DQN0YD&gtm=45je4410v893360646za200&_p=1712014941930&gcd=13l3l3l3l1&npa=0&dma=0&cid=1228236111.1712014942&ul=en-us&sr=800x600&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.86%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.86&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_s=1&sid=1712014942&sct=1&seg=0&dl=https%3A%2F%2Fpwa.mcnj9981.xyz%2Fland%2Foffer%3Fp%3Dpwa%26f%3Dclickadu%26campaign%3D%257Bcampaignid%257D%26source%3D%257Bzoneid%257D%26cid%3D%24%257Bsubid%257D%26l%3Doffer&dt=XiaoOu%20Videos&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1702
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-9WB6DQN0YD
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:80d::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://pwa.mcnj9981.xyz/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Mon, 01 Apr 2024 23:42:22 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://pwa.mcnj9981.xyz
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 5fc58e438e20afcf.css
pwa.mcnj9981.xyz/_next/static/css/ 60 KB
11 KB 44ms
43ms Stylesheet
text/css 172.67.139.138
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pwa.mcnj9981.xyz/_next/static/css/5fc58e438e20afcf.css
Requested by: Host: pwa.mcnj9981.xyz
URL: https://pwa.mcnj9981.xyz/land/offer?p=pwa&f=clickadu&campaign=%7Bcampaignid%7D&source=%7Bzoneid%7D&cid=$%7Bsubid%7D&l=offer
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.139.138 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: d8e4fa5470ede6af9fdfb2ce4cb20a0c4c2f7fd56f51fefe34edb943af3cdd9a

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://pwa.mcnj9981.xyz/land/offer?p=pwa&f=clickadu&campaign=%7Bcampaignid%7D&source=%7Bzoneid%7D&cid=$%7Bsubid%7D&l=offer
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 01 Apr 2024 23:42:22 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sun, 31 Mar 2024 22:35:24 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 0
x-powered-by: Express
etag: W/"f0f9-18e96a733e0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Cn3ngo5tBHmCsXbHvnrVjWHWgpxb4%2FPIig5snNzgoyyPfEo9trRSzoYepOU8lAZgiGpZi0niu07dvm14cgUBfUy%2B61CWVdoEiZYjPFOsSyjXl0DdUnDdFHGNDnnbSFwEBxYZ"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000, immutable
cf-ray: 86dc6f6d3a2036d8-YYZ
alt-svc: h3=":443"; ma=86400

GET
H2 206 MD165_640.mp4
img.ioco9207.xyz/image/landing/offer2/ 73 KB
74 KB 67ms
64ms Media
video/mp4 157.185.170.20
ML-1432-54994

General

Check archive.org

Show headers Download Go to

Full URL

https://img.ioco9207.xyz/image/landing/offer2/MD165_640.mp4

Requested by

Host: pwa.mcnj9981.xyz
URL: https://pwa.mcnj9981.xyz/land/offer?p=pwa&f=clickadu&campaign=%7Bcampaignid%7D&source=%7Bzoneid%7D&cid=$%7Bsubid%7D&l=offer

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

157.185.170.20 , Canada, ASN54994 (ML-1432-54994, CA),

Reverse DNS

Software

PWS/8.3.1.0.8 /

Resource Hash

20fec81cedab122f27b0c9930cd7a0ee5489182540f42c65bb4aee30df793d9d

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept-Encoding: identity;q=1, *;q=0
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Referer: https://pwa.mcnj9981.xyz/
Range: bytes=2195456-
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 01 Apr 2024 23:42:23 GMT
content-security-policy: block-all-mixed-content
via: 1.1 shb74:7 (W), 1.1 am69:2 (W), 1.1 PS-JFK-04iJD178:9 (W)
x-amz-request-id: 17BBF3AEF2ED0492
age: 1667444
Content-Range: bytes 2195456-2269998/2269999
x-px: ms PS-JFK-04iJD178none, ht am69none
Content-Length: 74543
x-xss-protection: 1; mode=block
last-modified: Wed, 06 Mar 2024 02:45:44 GMT
server: PWS/8.3.1.0.8
etag: "11dc761ed21c1ec957c007c64c3d7cc2"
access-control-max-age: 7776000
vary: accept-encoding
content-type: video/mp4
x-minio-deployment-id: 043b44a4-994e-49a1-aab3-08ec263f6f5b
access-control-allow-origin: *
cache-control: max-age=15552000
accept-ranges: bytes

GET
H2 206 MD165_640.mp4
img.ioco9207.xyz/image/landing/offer2/ 2 MB
0 28ms
27ms Media
video/mp4 157.185.170.20
ML-1432-54994

General

Check archive.org

Show headers Download Go to

Full URL

https://img.ioco9207.xyz/image/landing/offer2/MD165_640.mp4

Requested by

Host: pwa.mcnj9981.xyz
URL: https://pwa.mcnj9981.xyz/land/offer?p=pwa&f=clickadu&campaign=%7Bcampaignid%7D&source=%7Bzoneid%7D&cid=$%7Bsubid%7D&l=offer

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

157.185.170.20 , Canada, ASN54994 (ML-1432-54994, CA),

Reverse DNS

Software

PWS/8.3.1.0.8 /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept-Encoding: identity;q=1, *;q=0
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Referer: https://pwa.mcnj9981.xyz/
Range: bytes=65536-
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 01 Apr 2024 23:42:23 GMT
content-security-policy: block-all-mixed-content
via: 1.1 shb74:7 (W), 1.1 am77:5 (W), 0.0 PS-JFK-04iJD178:9 (W)
x-amz-request-id: 17BBF3AEF2ED0492
Content-Range: bytes 65536-2269998/2269999
x-px: ht PS-JFK-04iJD178none
Content-Length: 2204463
x-xss-protection: 1; mode=block
last-modified: Wed, 06 Mar 2024 02:45:44 GMT
server: PWS/8.3.1.0.8
etag: "11dc761ed21c1ec957c007c64c3d7cc2"
access-control-max-age: 7776000
vary: accept-encoding
content-type: video/mp4
x-minio-deployment-id: 043b44a4-994e-49a1-aab3-08ec263f6f5b
access-control-allow-origin: *
cache-control: max-age=15552000
accept-ranges: bytes

POST
H3 200 send Show response
umami.xiaoou.org/api/ 603 B
1 KB 531ms
530ms Fetch
text/plain 172.67.222.15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://umami.xiaoou.org/api/send

Requested by

Host: umami.xiaoou.org
URL: https://umami.xiaoou.org/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.222.15 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c55a48af3f82240635e9025a3273e532f45c4ef353404f77f46c7ed8cfcaf8b2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';img-src *;script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline';connect-src 'self' api.umami.is cloud.umami.is;frame-ancestors 'self'

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Win32"
Referer: https://pwa.mcnj9981.xyz/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 01 Apr 2024 23:42:24 GMT
content-security-policy: default-src 'self';img-src *;script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline';connect-src 'self' api.umami.is cloud.umami.is;frame-ancestors 'self'
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"ty2bvy15ufgr"
x-dns-prefetch-control: on
vary: Accept-Encoding
content-type: text/plain
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G8pgRKJAR5EviccIXrYzXgkJFbJ8bfDxGwTFYjgug45l5b%2FbgEBpR64ME9BaYEhOAeFkcKSrRYPuiD6I2hSgpC6GLeJ%2F8z3rT976j6UR2wKnak8628ro%2F43TDBPqZkLmqtIG"}],"group":"cf-nel","max_age":604800}
cf-ray: 86dc6f7608ef636f-ORD
alt-svc: h3=":443"; ma=86400

OPTIONS
H3 204 send
umami.xiaoou.org/api/ 0
0 186ms
124ms Preflight 172.67.222.15
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://umami.xiaoou.org/api/send

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.222.15 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';img-src *;script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline';connect-src 'self' api.umami.is cloud.umami.is;frame-ancestors 'self'

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://pwa.mcnj9981.xyz
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: *
access-control-max-age: 86400
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 86dc6f754810636f-ORD
content-length: 0
content-security-policy: default-src 'self';img-src *;script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline';connect-src 'self' api.umami.is cloud.umami.is;frame-ancestors 'self'
date: Mon, 01 Apr 2024 23:42:23 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V38lg1JyKu4t9PnJRBL01N1yYy4fX6AaDar8xQes5CInDpJ1gPhQqZZhTYcw9liOr8%2F4lzH7NQ%2Bs%2BL5%2FKjX4MiEoNd%2BhxpX6RO5DRrKvvzqXCZibdPqlXPew9NeB4HFc9tMO"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Access-Control-Request-Headers
x-dns-prefetch-control: on

GET
H2 200 country_cn.png
img.ioco9207.xyz/image/landing/offer2/ 777 B
1 KB 229ms
227ms Image
image/jpeg 157.185.170.20
ML-1432-54994

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.ioco9207.xyz/image/landing/offer2/country_cn.png

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

157.185.170.20 , Canada, ASN54994 (ML-1432-54994, CA),

Reverse DNS

Software

PWS/8.3.1.0.8 /

Resource Hash

78f68c15e9b5cb808489f9d1fbfcfcdd1c01ea09fa11ef11de47e08accb84944

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://pwa.mcnj9981.xyz/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 01 Apr 2024 23:42:23 GMT
content-security-policy: block-all-mixed-content
via: 1.1 shb79:0 (W), 1.1 shb79:3 (W), 1.1 PS-JFK-04iJD178:9 (W)
x-amz-request-id: 17C24C854473D85C
x-px: ms PS-JFK-04iJD178none, ms shb79none, ht shb79none
content-length: 777
x-xss-protection: 1; mode=block
last-modified: Wed, 06 Mar 2024 02:45:48 GMT
server: PWS/8.3.1.0.8
etag: "56d09fb98da0130bc6276a4dcd4d526b"
vary: Origin
access-control-max-age: 7776000
content-type: image/jpeg
x-minio-deployment-id: 043b44a4-994e-49a1-aab3-08ec263f6f5b
access-control-allow-origin: *
cache-control: max-age=15552000
accept-ranges: bytes

GET
H2 200 country_russia.png
img.ioco9207.xyz/image/landing/offer2/ 690 B
1 KB 126ms
125ms Image
image/jpeg 157.185.170.20
ML-1432-54994

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.ioco9207.xyz/image/landing/offer2/country_russia.png

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

157.185.170.20 , Canada, ASN54994 (ML-1432-54994, CA),

Reverse DNS

Software

PWS/8.3.1.0.8 /

Resource Hash

6c6b7ca0a212388c0ba28bce78c9185c291fd157ebf9349ab4fd587f1bbb146c

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://pwa.mcnj9981.xyz/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 01 Apr 2024 23:42:23 GMT
content-security-policy: block-all-mixed-content
via: 1.1 shb77:13 (W), 1.1 am69:0 (W), 1.1 PS-JFK-04iJD178:9 (W)
x-amz-request-id: 17BA824A60B717DF
age: 2128890
x-px: ms PS-JFK-04iJD178none, ht am69none
content-length: 690
x-xss-protection: 1; mode=block
last-modified: Wed, 06 Mar 2024 02:45:56 GMT
server: PWS/8.3.1.0.8
etag: "621365475f9a0eb7c88e072d4db7bde6"
vary: Origin
access-control-max-age: 7776000
content-type: image/jpeg
x-minio-deployment-id: 043b44a4-994e-49a1-aab3-08ec263f6f5b
access-control-allow-origin: *
cache-control: max-age=15552000
accept-ranges: bytes

GET
H2 200 country_un.png
img.ioco9207.xyz/image/landing/offer2/ 2 KB
2 KB 54ms
53ms Image
image/jpeg 157.185.170.20
ML-1432-54994

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.ioco9207.xyz/image/landing/offer2/country_un.png

Protocol

Security

TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305

Server

157.185.170.20 , Canada, ASN54994 (ML-1432-54994, CA),

Reverse DNS

Software

PWS/8.3.1.0.8 /

Resource Hash

904ed4d5486080d524e00707ddd830b6fd6e185ba229b4e9386ad636f90febbe

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://pwa.mcnj9981.xyz/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 01 Apr 2024 23:42:23 GMT
content-security-policy: block-all-mixed-content
via: 1.1 PS-JFK-01T5Z186:9 (W), 1.1 PS-JFK-04iJD178:9 (W)
x-amz-request-id: 17BD25769BF3FC74
age: 1450319
x-px: ms PS-JFK-04iJD178none, ht PS-JFK-01T5Z186none
content-length: 1659
x-xss-protection: 1; mode=block
last-modified: Wed, 06 Mar 2024 02:46:01 GMT
server: PWS/8.3.1.0.8
etag: "c1635a19ff56fc8cde1010f2607d01d5"
vary: Origin
access-control-max-age: 7776000
content-type: image/jpeg
x-minio-deployment-id: 043b44a4-994e-49a1-aab3-08ec263f6f5b
access-control-allow-origin: *
cache-control: max-age=15552000
accept-ranges: bytes

GET
H3 200 favicon.ico
pwa.mcnj9981.xyz/ 1 KB
1 KB 405ms
404ms Other
image/x-icon 172.67.139.138
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pwa.mcnj9981.xyz/favicon.ico
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.139.138 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 269bad24044345a4f5ff051e75e4f866e39283ffdc03d5b37020b2e4c1d5cc2b

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://pwa.mcnj9981.xyz/land/offer?p=pwa&f=clickadu&campaign=%7Bcampaignid%7D&source=%7Bzoneid%7D&cid=$%7Bsubid%7D&l=offer
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 01 Apr 2024 23:42:23 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Sun, 26 Feb 2023 01:50:05 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
etag: W/"47e-1868b69b26c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5YFNJWC2S9nB6Koc01PJGcTBGJ4aEJeHH%2FAmv4uAox%2BgtekB%2BVeFSXAOTJL%2BoYrTIA8Mwq0szuGh%2BgxpNt8twEFOHwz%2F50%2FEEIDBRTsWBMz3TxOuwSXHWhrUxupscv9oSE3l"}],"group":"cf-nel","max_age":604800}
content-type: image/x-icon
cache-control: public, max-age=14400
cf-ray: 86dc6f74fa1436d8-YYZ
alt-svc: h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.mcnj9981.xyz/	1970-01-21 05:09:34	Name: _ga_9WB6DQN0YD Value: GS1.1.1712014942.1.0.1712014942.0.0.0
			.mcnj9981.xyz/	1970-01-21 05:09:34	Name: _ga Value: GA1.1.1228236111.1712014942

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

img.ioco9207.xyz
mb.icpv0336.xyz
pwa.mcnj9981.xyz
umami.xiaoou.org
www.google-analytics.com
www.googletagmanager.com
157.185.170.20
172.67.139.138
172.67.222.15
2606:4700:3031::ac43:b689
2607:f8b0:4006:80d::200e
2607:f8b0:4006:81c::2008
01e17e97c9ef34c65cbcee933ece88dfac672cfea732c356fa001c3936ac9513
0222ed0c739ad77c7adcee0bd21f223712abe70170eb7c3fa6345e861f550e8b
0fd8ed837323a635e072d9c8a62a0a34925c6e5ac8107e6b2727c6591dd64b6b
1a584d2ddbb9fcd8b4fcdbd79c959c1abbc7a588ab2d9097fd303d6f0e4c9329
20fec81cedab122f27b0c9930cd7a0ee5489182540f42c65bb4aee30df793d9d
229fddae5833fe861456c225c3055d39543884e057479c03600170ae77bbb524
25e204bc4a6809c64ee996ca17359f7ee5f91b5eac45e7b9967e3594efd28000
269bad24044345a4f5ff051e75e4f866e39283ffdc03d5b37020b2e4c1d5cc2b
2942445064008fdb2d35ce8c740d46bed4bba75b21d9464b7a44485aded4600a
37237a723129916cf9a73c4c8c01e713480b6b80f74d52a67a47027a26e4aa88
4bd5bd873b1016b1c6b046e267fcc96d459a1247b95978151319ae32dfe8d91e
533249577314b033852de329773304e844b86d39219186a4854af8e029de62ed
56e70678cbf7e8c157c423bac4d2872f3b384a1784f43b1126ae5e59fd45d144
61025b9ad21fe3cb1ec0396c6cd23d6a7c95bbb6dfca8955295cfc839409d8fc
6c6b7ca0a212388c0ba28bce78c9185c291fd157ebf9349ab4fd587f1bbb146c
73bd8f7cc53106553c8709f0e5f92a2687120c6c207ec5f85cdf66f933768535
78f68c15e9b5cb808489f9d1fbfcfcdd1c01ea09fa11ef11de47e08accb84944
84270fbeacbddea00511a87c22a4124939b255de4f6800af5f41c41312e708fa
904ed4d5486080d524e00707ddd830b6fd6e185ba229b4e9386ad636f90febbe
951e4c7048415235b3b2fc5238cb0776b3e3ceb1331b30c50e5fa49cef8e0684
a66383b381b46cccc8f600e19dedea91beedf07e06bb49f011fa7f7073ead591
b6b5ea8487251a1ccfa2c468de60676ee2c25f86092b40846abf33caf0dc8291
ba064fbab390c1ed63114b448b0f7e425dc7a7fd7e6b35d2b5dfb9ce3f009494
c55a48af3f82240635e9025a3273e532f45c4ef353404f77f46c7ed8cfcaf8b2
cdb562ccc3de9adb447fb76399fb68fba4a5c2d0d0761649c31c55ca1aefa452
d8e4fa5470ede6af9fdfb2ce4cb20a0c4c2f7fd56f51fefe34edb943af3cdd9a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f0485925805270382ee742cd30c42ddc0209ab7d10b4e5310a242b5c2f17c5f3
f0a66ee9ae105ea3f31044b5dca519241eef902f8afaa9b0a20647f89ac90d5d

pwa.mcnj9981.xyz Open in urlscan Pro 172.67.139.138 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

33 Requests

100 %HTTPS

50 %IPv6

6 Domains

6 Subdomains

5 IPs

2 Countries

573 kBTransfer

3693 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

33 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

pwa.mcnj9981.xyz Open in urlscan Pro
172.67.139.138 Public Scan

Screenshot
Live screenshot

Full Image

33
Requests

100 %
HTTPS

50 %
IPv6

6
Domains

6
Subdomains

5
IPs

2
Countries

573 kB
Transfer

3693 kB
Size

2
Cookies

33 HTTP transactions
0 data transactions