www.legitpaidtoclick.com Open in urlscan Pro
2600:1901:0:84ef:: Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.legitpaidtoclick.com/
Effective URL:
https://www.legitpaidtoclick.com/
Submission: On August 22 via manual (August 22nd 2022, 12:23:06 pm UTC) from GB — Scanned from GB

Summary HTTP 50 Redirects Links 12 Behaviour Indicators

Summary

This website contacted 17 IPs in 3 countries across 19 domains to perform 50 HTTP transactions. The main IP is 2600:1901:0:84ef::, located in Kansas City, United States and belongs to GOOGLE, US. The main domain is www.legitpaidtoclick.com.
TLS certificate: Issued by R3 on August 19th 2022. Valid for: 3 months.

This is the only time www.legitpaidtoclick.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 3	2600:1901:0:8... 2600:1901:0:84ef::	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
3	2606:4700::68... 2606:4700::6812:3a9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6812:2a9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6812:90d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:303... 2606:4700:3031::6815:143a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:800::2008	15169 (GOOGLE) (GOOGLE)
2	35.208.170.164 35.208.170.164	19527 (GOOGLE-2) (GOOGLE-2)
2	2606:4700:303... 2606:4700:3035::6815:de7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:303... 2606:4700:3035::6815:28fe	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:303... 2606:4700:3031::ac43:c92d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.16.11.101 104.16.11.101	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:303... 2606:4700:3031::6815:5502	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a06:98c1:312... 2a06:98c1:3120::c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
50	17

3 2600:1901:0:84ef:: (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)

www.legitpaidtoclick.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6812:3a9 (United States)

ASN13335 (CLOUDFLARENET, US)

assets.zyrosite.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.zyrosite.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:2a9 (United States)

ASN13335 (CLOUDFLARENET, US)

userapp.zyrosite.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:90d (United States)

ASN13335 (CLOUDFLARENET, US)

api-ecommerce.zyro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3031::6815:143a (United States)

ASN13335 (CLOUDFLARENET, US)

www.scarlet-clicks.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.208.170.164 (Council Bluffs, United States)

ASN19527 (GOOGLE-2, US)
PTR: 164.170.208.35.bc.googleusercontent.com

www.grandclick.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3035::6815:de7 (United States)

ASN13335 (CLOUDFLARENET, US)

www.optimalbux.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3035::6815:28fe (United States)

ASN13335 (CLOUDFLARENET, US)

www.goldenclix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3031::ac43:c92d (United States)

ASN13335 (CLOUDFLARENET, US)

www.familyclix.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

www.twickerz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.buxsurveys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.gptplanet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.16.11.101 (None, )

ASN13335 (CLOUDFLARENET, US)

www.neobux.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3031::6815:5502 (United States)

ASN13335 (CLOUDFLARENET, US)

www.aticlix.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a06:98c1:3120::c (United States)

ASN13335 (CLOUDFLARENET, US)

www.cliquesteria.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.eldibux.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	gstatic.com fonts.gstatic.com	259 KB
5	zyrosite.com assets.zyrosite.com — Cisco Umbrella Rank: 411821 cdn.zyrosite.com userapp.zyrosite.com — Cisco Umbrella Rank: 519677	324 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 54	182 KB
3	legitpaidtoclick.com 1 redirects www.legitpaidtoclick.com	34 KB
2	gptplanet.com www.gptplanet.com	17 KB
2	eldibux.com www.eldibux.com	154 KB
2	buxsurveys.com www.buxsurveys.com	285 KB
2	cliquesteria.net www.cliquesteria.net	140 KB
2	aticlix.net www.aticlix.net	722 KB
2	neobux.com www.neobux.com — Cisco Umbrella Rank: 570847	10 KB
2	twickerz.com www.twickerz.com	57 KB
2	familyclix.com www.familyclix.com	379 KB
2	goldenclix.com www.goldenclix.com	14 KB
2	optimalbux.com www.optimalbux.com	399 KB
2	grandclick.com www.grandclick.com	246 KB
2	scarlet-clicks.info www.scarlet-clicks.info	27 KB
2	zyro.com api-ecommerce.zyro.com	2 KB
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 3094	353 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 78	72 KB
50	19

	Domain	Requested by
12	fonts.gstatic.com	fonts.googleapis.com
3	fonts.googleapis.com	www.legitpaidtoclick.com userapp.zyrosite.com
3	www.legitpaidtoclick.com	1 redirects userapp.zyrosite.com
2	www.gptplanet.com	srcdoc
2	www.eldibux.com	srcdoc
2	www.buxsurveys.com	srcdoc
2	www.cliquesteria.net	srcdoc
2	www.aticlix.net	srcdoc
2	www.neobux.com	srcdoc
2	www.twickerz.com	srcdoc
2	www.familyclix.com	srcdoc
2	www.goldenclix.com	srcdoc
2	www.optimalbux.com	srcdoc
2	www.grandclick.com	srcdoc
2	www.scarlet-clicks.info	srcdoc
2	api-ecommerce.zyro.com	userapp.zyrosite.com
2	userapp.zyrosite.com	www.legitpaidtoclick.com
2	assets.zyrosite.com	www.legitpaidtoclick.com userapp.zyrosite.com
1	region1.google-analytics.com	www.googletagmanager.com
1	www.googletagmanager.com	userapp.zyrosite.com
1	cdn.zyrosite.com	www.legitpaidtoclick.com
50	21

This site contains links to these domains. Also see Links.

Domain
www.gptplanet.com
www.grandclick.com
www.scarlet-clicks.info
www.optimalbux.com
www.twickerz.com
www.neobux.com
www.goldenclix.com
www.familyclix.com
www.eldibux.com
www.aticlix.net
www.cliquesteria.net
www.buxsurveys.com

Subject Issuer	Validity	Valid
www.legitpaidtoclick.com R3	`2022-08-19` - `2022-11-17`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-08-01` - `2022-10-24`	3 months	crt.sh
*.zyrosite.com Sectigo RSA Domain Validation Secure Server CA	`2022-06-23` - `2023-07-23`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-08-01` - `2022-10-24`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-11-16` - `2022-11-15`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-08-01` - `2022-10-24`	3 months	crt.sh
grandclick.com R3	`2022-08-21` - `2022-11-19`	3 months	crt.sh
neobux.com Cloudflare Inc ECC CA-3	`2022-02-24` - `2023-02-24`	a year	crt.sh

This page contains 13 frames:

Primary Page: https://www.legitpaidtoclick.com/
Frame ID: DECA43083AC53ED4A377C40D6AFED05A
Requests: 38 HTTP requests in this frame

Frame: https://www.familyclix.com/banner3.gif
Frame ID: 63D970B40BF9269B011480E05F2DF1F4
Requests: 1 HTTP requests in this frame

Frame: https://www.cliquesteria.net/banner3.gif
Frame ID: 5EF40E38055CA58A597960D7475C1EF3
Requests: 1 HTTP requests in this frame

Frame: https://www.neobux.com/imagens/banner9.gif
Frame ID: 552EC1BD4FF923D7581B8D6F510A1A09
Requests: 1 HTTP requests in this frame

Frame: https://www.eldibux.com/banner3.gif
Frame ID: BDC7AA48CC066B0F7DFEA4E8B7A3879E
Requests: 1 HTTP requests in this frame

Frame: https://www.scarlet-clicks.info/banners/banner2.png
Frame ID: 7B15566AB22F5481229F08B6B4C4FE87
Requests: 1 HTTP requests in this frame

Frame: https://www.optimalbux.com/100x100.gif
Frame ID: 91F4BDDCD4D21F698097F5200A2936EC
Requests: 1 HTTP requests in this frame

Frame: https://www.gptplanet.com/banners/banner2.png
Frame ID: 44C6D0CA781E5256D3B5BFDFCC087AC6
Requests: 1 HTTP requests in this frame

Frame: https://www.aticlix.net/banner2.gif
Frame ID: 6B3334E6449AD2563BB34502F653CBCB
Requests: 1 HTTP requests in this frame

Frame: https://www.grandclick.com/468x60-1.gif
Frame ID: 6EF7C1270DADCBA3AD4E772297F0CD0C
Requests: 1 HTTP requests in this frame

Frame: https://www.buxsurveys.com/images/buxsurveys125.gif
Frame ID: 64806FB0F56DD4AAFCDE917EFACD4DA8
Requests: 1 HTTP requests in this frame

Frame: https://www.twickerz.com/banner/125x125.gif
Frame ID: 2040964304AF2EFC374D3FBF83999B98
Requests: 1 HTTP requests in this frame

Frame: https://www.goldenclix.com/images/banner12.gif
Frame ID: 6D45D3089574720960B2EBAA026D58AC
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Home | Earn Passive Income Weekly Clicking Adz

Page URL History Show full URLs

http://www.legitpaidtoclick.com/ HTTP 301
https://www.legitpaidtoclick.com/ Page URL

Detected technologies

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Page Statistics

50
Requests

100 %
HTTPS

88 %
IPv6

19
Domains

21
Subdomains

17
IPs

3
Countries

3322 kB
Transfer

4745 kB
Size

2
Cookies

12 Outgoing links

These are links going to different origins than the main page.

URL: https://www.gptplanet.com/?ref=fasanxchange
Title: Join Now

Search URL Search Domain Scan URL

URL: https://www.grandclick.com/?ref=fasanxchange
Title: Join Now

Search URL Search Domain Scan URL

URL: https://www.scarlet-clicks.info/?ref=fasanxchange
Title: Join Now

Search URL Search Domain Scan URL

URL: https://www.optimalbux.com/?ref=fasanxchange
Title: Join Now

Search URL Search Domain Scan URL

URL: https://www.twickerz.com/?ref=fasanxchange
Title: Join Now

Search URL Search Domain Scan URL

URL: https://www.neobux.com/?r=fasanxchange
Title: Join Now

Search URL Search Domain Scan URL

URL: https://www.goldenclix.com/?ref=fasanxchange
Title: Join Now

Search URL Search Domain Scan URL

URL: https://www.familyclix.com/?ref=fasanxchange
Title: Join Now

Search URL Search Domain Scan URL

URL: https://www.eldibux.com/?ref=Fasanxchange
Title: Join Now

Search URL Search Domain Scan URL

URL: https://www.aticlix.net/?ref=fasanxchange
Title: Join Now

Search URL Search Domain Scan URL

URL: https://www.cliquesteria.net/?ref=fasanxchange
Title: Join Now

Search URL Search Domain Scan URL

URL: https://www.buxsurveys.com/?ref=fasanxcjange
Title: Join Now

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.legitpaidtoclick.com/ HTTP 301
https://www.legitpaidtoclick.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

50 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.legitpaidtoclick.com/
Redirect Chain

http://www.legitpaidtoclick.com/
https://www.legitpaidtoclick.com/

198 KB
23 KB

509ms
323ms

Document
text/html

2600:1901:0:84ef::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.legitpaidtoclick.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1901:0:84ef:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

openresty / Zyro.com

Resource Hash

55533d4527a4264bd7fb9c12af21b86b3c14dc01b9508b40fd406b791e7c1152

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors zyro.com .zyro.com .zyro.space .dp.zyro.space .hostinger.com *.hostinger.io
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

age: 72944
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=0, must-revalidate
cf-cache-status: HIT
cf-ray: 73eb93c13c7ed273-CDG
content-encoding: gzip
content-security-policy: frame-ancestors zyro.com *.zyro.com *.zyro.space *.dp.zyro.space *.hostinger.com *.hostinger.io
content-type: text/html
date: Mon, 22 Aug 2022 12:23:00 GMT
etag: W/"8bc5c33c7a06b00eae2b5a3daac01c06"
last-modified: Sun, 21 Aug 2022 16:07:05 GMT
link: <https://assets.zyrosite.com>; rel=preconnect; crossorigin, <https://userapp.zyrosite.com>; rel=preconnect; crossorigin, <https://fonts.googleapis.com>; rel=preconnect; crossorigin, <https://fonts.gstatic.com>; rel=preconnect; crossorigin
server: openresty
strict-transport-security: max-age=63072000; includeSubDomains; preload;
vary: Accept-Encoding
x-content-type-options: nosniff
x-hostinger-datacenter: gcp-europe-west1
x-hostinger-node: gcp-eu-west1-edge5
x-powered-by: Zyro.com
x-xss-protection: 1; mode=block

Redirect headers

Cache-Control: max-age=0, must-revalidate
Content-Length: 166
Content-Security-Policy: frame-ancestors zyro.com *.zyro.com *.zyro.space *.dp.zyro.space *.hostinger.com *.hostinger.io
Content-Type: text/html
Date: Mon, 22 Aug 2022 12:22:59 GMT
Link: <https://assets.zyrosite.com>; rel=preconnect; crossorigin, <https://userapp.zyrosite.com>; rel=preconnect; crossorigin, <https://fonts.googleapis.com>; rel=preconnect; crossorigin, <https://fonts.gstatic.com>; rel=preconnect; crossorigin
Location: https://www.legitpaidtoclick.com/
Server: openresty
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload;
Via: 1.1 google
X-Content-Type-Options: nosniff
X-Hostinger-Datacenter: gcp-us-central1
X-Hostinger-Node: gcp-us-central1-edge2
X-Powered-By: Zyro.com
X-XSS-Protection: 1; mode=block

GET
H2 200 css2
fonts.googleapis.com/ 233 KB
61 KB 191ms
74ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&family=Open+Sans:wght@300;400&family=Lato:wght@400&family=Noto+Sans+JP:wght@400;700&display=swap

Requested by

Host: www.legitpaidtoclick.com
URL: https://www.legitpaidtoclick.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6f473cae2fff3bb4c82030cb5179cf9838cd4089a3df44b1cf09f0f8dc438ec3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.legitpaidtoclick.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 22 Aug 2022 12:23:00 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 22 Aug 2022 12:23:00 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 22 Aug 2022 12:23:00 GMT

GET
H2 200 logo-xlarge-AE0XRK9oNEFrQowk.png
assets.zyrosite.com/mk3nbKoe6wSjKvJ6/ 30 KB
30 KB 242ms
85ms Image
image/webp 2606:4700::6812:3a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://assets.zyrosite.com/mk3nbKoe6wSjKvJ6/logo-xlarge-AE0XRK9oNEFrQowk.png

Requested by

Host: www.legitpaidtoclick.com
URL: https://www.legitpaidtoclick.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:3a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d6995c6931a860e3661b733a8bf9b84486ed93f3395245d2a8c4f1c8fc03197b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors zyro.com editor.zyro.com builder.hostinger.com hostinger.com
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.legitpaidtoclick.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 12:23:00 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 132983
cf-polished: origFmt=png, origSize=99899
content-disposition: inline; filename="logo-xlarge-AE0XRK9oNEFrQowk.webp"
vary: Accept, Accept-Encoding
content-length: 30470
x-xss-protection: 1; mode=block
last-modified: Thu, 18 Aug 2022 12:40:37 GMT
server: cloudflare
etag: "d82b6793c68f01024b5d864365354160"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=63072000; includeSubDomains; preload;
content-type: image/webp
access-control-allow-origin: *
cache-control: public
content-security-policy: frame-ancestors zyro.com editor.zyro.com builder.hostinger.com hostinger.com
accept-ranges: bytes
cf-ray: 73eb93c309d3748c-LHR
cf-bgj: imgq:100,h2pri

GET
H2 200 6AEYm85N10s.jpeg
cdn.zyrosite.com/cdn-cgi/image/format=auto,w=1920,fit=crop/cdn-builder-placeholders/asset-manager/ 22 KB
22 KB 266ms
107ms Image
image/webp 2606:4700::6812:3a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.zyrosite.com/cdn-cgi/image/format=auto,w=1920,fit=crop/cdn-builder-placeholders/asset-manager/6AEYm85N10s.jpeg?w=1366&q=70&auto=format

Requested by

Host: www.legitpaidtoclick.com
URL: https://www.legitpaidtoclick.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:3a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

00b6d17c20b5ad16c2b017b30407ea3698df0ba2741f5617c561da08ff758f18

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.legitpaidtoclick.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 12:23:00 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
content-length: 22374
last-modified: Thu, 07 Jul 2022 10:43:20 GMT
server: cloudflare
etag: "cfnGAemIyTGFeL6ncSdzKjjQ:df661fd6e4bc90089acb8bb1e60e8568"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept, Accept-Encoding
warning: cf-images 299 "crop fit mode needs both width and height", cf-images 299 "image too large for AVIF"
content-type: image/webp
cache-control: public, max-age=86400
cf-resized: internal=ok/h q=0 n=45 c=380 v=2022.8.3 l=22374
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
accept-ranges: bytes
cf-ray: 73eb93c318d87705-LHR
cf-bgj: imgq:86,h2pri

GET
H2 200 chunk-vendors.0c92de05.js Show response
userapp.zyrosite.com/1660905676/js/ 552 KB
177 KB 762ms
614ms Script
application/javascript 2606:4700::6812:2a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://userapp.zyrosite.com/1660905676/js/chunk-vendors.0c92de05.js

Requested by

Host: www.legitpaidtoclick.com
URL: https://www.legitpaidtoclick.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:2a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ec86775a9b786311039294c307f4290d7c825e447135701cc86fb9133f95fdf0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors zyro.com editor.zyro.com .dp.zyro.space .dp.hostinger.io builder.hostinger.com hostinger.com
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.legitpaidtoclick.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 12:23:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 264841
cf-ray: 73eb93c31e5c749d-LHR
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 19 Aug 2022 10:42:51 GMT
server: cloudflare
etag: W/"8296db2e95e49e52b848ae3a709b8d5c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=63072000; includeSubDomains; preload;
x-amz-version-id: imJd.QFkock_6KowOxb3f38_sRzaMQR_
content-security-policy: frame-ancestors zyro.com editor.zyro.com *.dp.zyro.space *.dp.hostinger.io builder.hostinger.com hostinger.com
content-type: application/javascript

GET
H2 200 index.cbfe8f0e.js Show response
userapp.zyrosite.com/1660905676/js/ 253 KB
65 KB 775ms
627ms Script
application/javascript 2606:4700::6812:2a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://userapp.zyrosite.com/1660905676/js/index.cbfe8f0e.js

Requested by

Host: www.legitpaidtoclick.com
URL: https://www.legitpaidtoclick.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:2a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9f20c8d28295dac7470b4230244bfa780e4cbbe0216606b10349e9460b4972fe

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors zyro.com editor.zyro.com .dp.zyro.space .dp.hostinger.io builder.hostinger.com hostinger.com
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.legitpaidtoclick.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 12:23:00 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 264841
cf-ray: 73eb93c31e5f749d-LHR
vary: Accept-Encoding
x-xss-protection: 1; mode=block
last-modified: Fri, 19 Aug 2022 10:42:51 GMT
server: cloudflare
etag: W/"148a02a3c0beb3bb2632e0f28ef2f7db"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=63072000; includeSubDomains; preload;
x-amz-version-id: L5PIsYWABp.NtfmgKvOxn5dQ65t6a43Y
content-security-policy: frame-ancestors zyro.com editor.zyro.com *.dp.zyro.space *.dp.hostinger.io builder.hostinger.com hostinger.com
content-type: application/javascript

GET
H2 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v23/ 23 KB
24 KB 171ms
54ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&family=Open+Sans:wght@300;400&family=Lato:wght@400&family=Noto+Sans+JP:wght@400;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.legitpaidtoclick.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 17:08:09 GMT
x-content-type-options: nosniff
age: 501291
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23580
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:48:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 16 Aug 2023 17:08:09 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
15 KB 223ms
106ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&family=Open+Sans:wght@300;400&family=Lato:wght@400&family=Noto+Sans+JP:wght@400;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.legitpaidtoclick.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 08:01:51 GMT
x-content-type-options: nosniff
age: 361269
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 18 Aug 2023 08:01:51 GMT

GET
H2 200 -F6pfjtqLzI2JPCgQBnw7HFQei0q1xVxjfp_dakBof6Bs-tb3ab2FNISVac.119.woff2
fonts.gstatic.com/s/notosansjp/v42/ 52 KB
52 KB 269ms
158ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/notosansjp/v42/-F6pfjtqLzI2JPCgQBnw7HFQei0q1xVxjfp_dakBof6Bs-tb3ab2FNISVac.119.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&family=Open+Sans:wght@300;400&family=Lato:wght@400&family=Noto+Sans+JP:wght@400;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

72886b29a4caed5ecd641a108d1b0393e3f94ecc551fc926dffe047e3cf35b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.legitpaidtoclick.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 16:38:08 GMT
x-content-type-options: nosniff
age: 589492
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53112
x-xss-protection: 0
last-modified: Mon, 09 May 2022 20:07:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 15 Aug 2023 16:38:08 GMT

GET
H2 200 -F6pfjtqLzI2JPCgQBnw7HFQei0q1xVxjfp_dakBof6Bs-tb3ab2FNISVac.118.woff2
fonts.gstatic.com/s/notosansjp/v42/ 13 KB
13 KB 251ms
140ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/notosansjp/v42/-F6pfjtqLzI2JPCgQBnw7HFQei0q1xVxjfp_dakBof6Bs-tb3ab2FNISVac.118.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&family=Open+Sans:wght@300;400&family=Lato:wght@400&family=Noto+Sans+JP:wght@400;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fad25cd49ede74711b387dc8073f3b1633337cf96a9291aacd4e94ef95aec2f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.legitpaidtoclick.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 10:27:45 GMT
x-content-type-options: nosniff
age: 6915
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13592
x-xss-protection: 0
last-modified: Mon, 09 May 2022 20:07:10 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 22 Aug 2023 10:27:45 GMT

GET
H2 200 -F6pfjtqLzI2JPCgQBnw7HFQei0q1xVxjfp_dakBof6Bs-tb3ab2FNISVac.117.woff2
fonts.gstatic.com/s/notosansjp/v42/ 10 KB
10 KB 291ms
181ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/notosansjp/v42/-F6pfjtqLzI2JPCgQBnw7HFQei0q1xVxjfp_dakBof6Bs-tb3ab2FNISVac.117.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&family=Open+Sans:wght@300;400&family=Lato:wght@400&family=Noto+Sans+JP:wght@400;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55ba69c11db1d4be0836acfb5abe76c32024507fe2573024d4db23983a0ae8f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.legitpaidtoclick.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 17:55:10 GMT
x-content-type-options: nosniff
age: 584870
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10016
x-xss-protection: 0
last-modified: Mon, 09 May 2022 20:07:11 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 15 Aug 2023 17:55:10 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 235ms
125ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&family=Open+Sans:wght@300;400&family=Lato:wght@400&family=Noto+Sans+JP:wght@400;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.legitpaidtoclick.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sun, 21 Aug 2022 05:29:41 GMT
x-content-type-options: nosniff
age: 111199
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 21 Aug 2023 05:29:41 GMT

GET
H2 200 data.json Show response
www.legitpaidtoclick.com/ 60 KB
10 KB 209ms
209ms Fetch
application/json 2600:1901:0:84ef::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.legitpaidtoclick.com/data.json

Requested by

Host: userapp.zyrosite.com
URL: https://userapp.zyrosite.com/1660905676/js/index.cbfe8f0e.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1901:0:84ef:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

openresty / Zyro.com

Resource Hash

50dafda7a01709be032a1adbd1f3337e865a83f9d932697bd89d036f8d5c2c8b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors zyro.com .zyro.com .zyro.space .dp.zyro.space .hostinger.com *.hostinger.io
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.legitpaidtoclick.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 12:23:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 70509
x-powered-by: Zyro.com
x-hostinger-datacenter: gcp-europe-west1
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Sun, 21 Aug 2022 16:07:01 GMT
server: openresty
etag: W/"51ac7b1fd07d016660e78d7460e5acf4"
strict-transport-security: max-age=63072000; includeSubDomains; preload;
content-type: application/json
vary: Accept-Encoding
cache-control: max-age=0, must-revalidate
x-hostinger-node: gcp-eu-west1-edge5
content-security-policy: frame-ancestors zyro.com *.zyro.com *.zyro.space *.dp.zyro.space *.hostinger.com *.hostinger.io
cf-ray: 73eb93c8a835d2a3-CDG
link: <https://assets.zyrosite.com>; rel=preconnect; crossorigin, <https://userapp.zyrosite.com>; rel=preconnect; crossorigin, <https://fonts.googleapis.com>; rel=preconnect; crossorigin, <https://fonts.gstatic.com>; rel=preconnect; crossorigin

GET
H2 200 css2
fonts.googleapis.com/ 233 KB
61 KB 73ms
72ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&family=Open+Sans:wght@300;400&family=Lato:wght@400&family=Noto+Sans+JP:wght@400;700&display=swap

Requested by

Host: userapp.zyrosite.com
URL: https://userapp.zyrosite.com/1660905676/js/index.cbfe8f0e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6f473cae2fff3bb4c82030cb5179cf9838cd4089a3df44b1cf09f0f8dc438ec3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.legitpaidtoclick.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 22 Aug 2022 12:23:01 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 22 Aug 2022 12:23:01 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 22 Aug 2022 12:23:01 GMT

GET
H2 200 logo-xlarge-AE0XRK9oNEFrQowk.png
assets.zyrosite.com/mk3nbKoe6wSjKvJ6/ 30 KB
30 KB 97ms
96ms Image
image/webp 2606:4700::6812:3a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://assets.zyrosite.com/mk3nbKoe6wSjKvJ6/logo-xlarge-AE0XRK9oNEFrQowk.png

Requested by

Host: userapp.zyrosite.com
URL: https://userapp.zyrosite.com/1660905676/js/chunk-vendors.0c92de05.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:3a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d6995c6931a860e3661b733a8bf9b84486ed93f3395245d2a8c4f1c8fc03197b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors zyro.com editor.zyro.com builder.hostinger.com hostinger.com
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.legitpaidtoclick.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 12:23:01 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 132984
cf-polished: origFmt=png, origSize=99899
content-disposition: inline; filename="logo-xlarge-AE0XRK9oNEFrQowk.webp"
vary: Accept, Accept-Encoding
content-length: 30470
x-xss-protection: 1; mode=block
last-modified: Thu, 18 Aug 2022 12:40:37 GMT
server: cloudflare
etag: "d82b6793c68f01024b5d864365354160"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=63072000; includeSubDomains; preload;
content-type: image/webp
access-control-allow-origin: *
cache-control: public
content-security-policy: frame-ancestors zyro.com editor.zyro.com builder.hostinger.com hostinger.com
accept-ranges: bytes
cf-ray: 73eb93c97aef748c-LHR
cf-bgj: imgq:100,h2pri

GET
H2 200 products Show response
api-ecommerce.zyro.com/store/demo_01G0E9P2R0CFTNBWEEFCEV8EG5/ 5 KB
1 KB 502ms
391ms Fetch
application/json 2606:4700::6812:90d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api-ecommerce.zyro.com/store/demo_01G0E9P2R0CFTNBWEEFCEV8EG5/products

Requested by

Host: userapp.zyrosite.com
URL: https://userapp.zyrosite.com/1660905676/js/index.cbfe8f0e.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:90d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

80772878ad5bc9a5a765079c5d51b46819b2d1802e27596f42a589020adb5dc0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.legitpaidtoclick.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 12:23:01 GMT
content-encoding: br
etag: W/"15a1-SnuHw4wVspJ2ig5MiQ6afEuar70"
cf-cache-status: DYNAMIC
server: cloudflare
x-powered-by: Express
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15724800; includeSubDomains
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cf-ray: 73eb93ca7d1b8895-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-request-id: 133e65b40142c22185654eb6721d2b4a

GET
H2 200 banner2.png
www.scarlet-clicks.info/banners/ 13 KB
14 KB 230ms
60ms Image
image/png 2606:4700:3031::6815:143a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.scarlet-clicks.info/banners/banner2.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:143a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9a23b47c91e1e8591fbf8216ca878ceace6569abef61c1f521685b11990b9c0b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.legitpaidtoclick.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 12:23:01 GMT
cf-cache-status: HIT
last-modified: Tue, 22 Nov 2016 12:32:15 GMT
server: cloudflare
age: 4118
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=12%2B8Zffd4x9rYvFicTxz%2BjzO5Vqv3s4q%2Fl4y2ayQluEX99v8tLxasqtLLwXJ%2BMdChq5KvkK7nCZDxuSOMC4zqm0CCnBpbsfpople0WBAYCe2VWHyPPP3pQ7iTU7VtzYsfHnIz9OQQ%2FvfeR81%2B1tBDhQ9azi14g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=2678400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 73eb93caed4f731e-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 13486

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 199 KB
72 KB 193ms
76ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-MTV4E922RE

Requested by

Host: userapp.zyrosite.com
URL: https://userapp.zyrosite.com/1660905676/js/chunk-vendors.0c92de05.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

aa80b68d06d476072dd2e4767bb64168a259923dfd55e8f9789e89cb193949ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.legitpaidtoclick.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 12:23:01 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 72805
x-xss-protection: 0
expires: Mon, 22 Aug 2022 12:23:01 GMT

GET
H2 200 468x60-1.gif
www.grandclick.com/ 122 KB
123 KB 984ms
463ms Image
image/gif 35.208.170.164
GOOGLE-2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.grandclick.com/468x60-1.gif
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.208.170.164 Council Bluffs, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 164.170.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: a391ed590f9b3b2f3ad6b758e4f7770499489126304bfb0de743d44f1e6a3e15

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.legitpaidtoclick.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 12:23:02 GMT
last-modified: Sat, 18 Dec 2021 20:50:18 GMT
server: nginx
etag: "61be498a-1e9be"
x-proxy-cache-info: DT:1
content-type: image/gif
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
accept-ranges: bytes
content-length: 125374
expires: Tue, 22 Aug 2023 12:23:02 GMT

GET
H2 200 100x100.gif
www.optimalbux.com/ 199 KB
200 KB 167ms
56ms Image
image/gif 2606:4700:3035::6815:de7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.optimalbux.com/100x100.gif
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:de7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8d31bdf52fb281b7dbb1d702649076c044f2f587b4745684ca3e44e9dfc028d2

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.legitpaidtoclick.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 12:23:01 GMT
cf-cache-status: HIT
last-modified: Sat, 09 Dec 2017 08:28:11 GMT
server: cloudflare
age: 6217
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=81nvsibneX5OEyQhi5u8IlKqjEy%2BZ%2BZ5UP3F5zdR3crLn9eSesX9O4%2B8ZNKxeeec9vDeH1uvIA31ppU0pj9td7h8CQoV5BYD2qIcmnLtPraZMFTF2kkpDMjabXbprfUWJ92Ycey3pnCQ%2FxXqpBlnD%2FA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=2678400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 73eb93ca8e4171ae-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 203766

GET
H2 200 banner12.gif
www.goldenclix.com/images/ 7 KB
7 KB 262ms
150ms Image
image/gif 2606:4700:3035::6815:28fe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.goldenclix.com/images/banner12.gif
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:28fe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 94ce198083170cb1bf6fa56877d6b66fc14c7bb180a06ecd3eae1592d1afde46

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.legitpaidtoclick.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 12:23:01 GMT
cf-cache-status: REVALIDATED
last-modified: Thu, 03 Aug 2017 10:32:23 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MrKfuEiWvsC9O5slF%2B0vbfeVJvApATwmyrwsS8MulttgrHOawetkEq4XVQBUENGmbbxpU0aeSupCDVE4Q1mm3KooGgcNykYhhfg207yCLrqqL6pkmdqu6aVzQE22J7uK18Q6MWEgSMlN9lX6mJj26H0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=2678400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 73eb93ca8b48779d-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6729

GET
H2 200 banner3.gif
www.familyclix.com/ 189 KB
190 KB 418ms
202ms Image
image/gif 2606:4700:3031::ac43:c92d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.familyclix.com/banner3.gif
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:3031::ac43:c92d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 55ec3eec40b67ab64cf3d37b23343851a0a3d83731c28f651ae8e6faf2305d9b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.legitpaidtoclick.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 12:23:01 GMT
cf-cache-status: MISS
last-modified: Tue, 20 Sep 2016 12:48:15 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5jDAm2pxBWe4D0Wvb0CPWBwRU4cd2OHaYt%2BXyaOb7JnTssfiLAUslOzcZBmxcNcW7P0W217qIGx7EOACiLEAUZJKzw8LVNGTg7l6uXzwqG5vaXB4J7hz6kNLEXBdQ17B5gxmzKhLOoE%2BQR%2FYaMoD%2BxM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: public, max-age=2678400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 73eb93cb3eeae638-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 193414

GET
H2 200 125x125.gif
www.twickerz.com/banner/ 28 KB
28 KB 162ms
55ms Image
image/gif 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.twickerz.com/banner/125x125.gif
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 016fda494001f08742b0849ac2c6e8f37d3e5c448d18a754fa90a78c62839da8

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.legitpaidtoclick.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 12:23:01 GMT
cf-cache-status: HIT
last-modified: Fri, 10 Nov 2017 07:39:26 GMT
server: cloudflare
age: 6010
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MQ0OKOZi%2F6MaM%2BKsoiVmDVCHwoaE5uWAWU8o1Xd0HhNu6CRcSk2LqUQQVjyJTQ1mVhBtXlFjxgt%2BCcYR%2FKpcdNXx1nhqaHsEvf4ukdjpJXZPt06v6zxFtVEz6ZxfsPkXZ8cb3ufoUCaOYlTzgxqF"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=2678400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 73eb93ca8e1176ef-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 28481

GET
H2 200 banner9.gif
www.neobux.com/imagens/ 5 KB
5 KB 221ms
110ms Image
image/webp 104.16.11.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.neobux.com/imagens/banner9.gif

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.11.101 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / NeoBux

Resource Hash

faefdaa702ff995c9ca4409e4e7305389cd6bf81220298b6cd0bade19c954aef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.legitpaidtoclick.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 12:23:01 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1616980
x-powered-by: NeoBux
p3p: CP="No P3P policy"
last-modified: Thu, 02 Jun 2011 18:03:02 GMT
content-disposition: inline; filename="banner9.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5024
x-xss-protection: 1; mode=block
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "e87d55504f21cc1:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
cache-control: public, max-age=2678400
cf-polished: origFmt=gif, origSize=10278
accept-ranges: bytes
cf-ray: 73eb93ca8dd576b9-LHR
expires: Thu, 22 Sep 2022 12:23:01 GMT

GET
H2 200 banner2.gif
www.aticlix.net/ 360 KB
361 KB 172ms
62ms Image
image/gif 2606:4700:3031::6815:5502
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.aticlix.net/banner2.gif

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3031::6815:5502 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cd963b1599e99195d3fe130ed8ad2ae410b0f53b29778f58d2ea6ce0be3e785a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.legitpaidtoclick.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 12:23:01 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 435098
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 368587
last-modified: Tue, 28 Dec 2021 07:32:58 GMT
server: cloudflare
etag: "59fcb-61cabdaa-310b6595c9ee7410;;;"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rdB3bbqOgu3l6kgQxV8iM7iuSRP1%2BWE%2FtSeqot3c2YbeDyazg4f9QzcXI%2F4NYY0VmNyT2LVroG5qJzY6SwXz3cQG1V1KvdHY2Y44g1y%2FYudcy8dyDyi8sietWe505UszK7Dpy%2FQtnly7ZVo%2BuK8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
content-security-policy: upgrade-insecure-requests
accept-ranges: bytes
cf-ray: 73eb93ca8cac8e15-LHR
expires: Wed, 24 Aug 2022 11:31:20 GMT

GET
H2 200 banner3.gif
www.cliquesteria.net/ 69 KB
70 KB 170ms
58ms Image
image/gif 2a06:98c1:3120::c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cliquesteria.net/banner3.gif
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4e240644ca44533b3f9eca7cd39b28d77eff648d0b8e249e070359e280fc9f58

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.legitpaidtoclick.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 12:23:01 GMT
cf-cache-status: HIT
last-modified: Sun, 02 Apr 2017 14:28:20 GMT
server: cloudflare
age: 255728
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tQN%2BRdUSxsBDESobYhUK2gKSuE%2B1VowASqCPtpU7yM9GcVzCIW5c7zR8lfb4ExZXlwQLAJzBPjaekhtab%2F87pAtvNHJXGn7YNt0C%2F73yufshXLkOgzI0zfMmsZ97vzR438zHklyk8dVcqXvXViCUmOqcJA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: public, max-age=2678400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 73eb93ca8e2e7789-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 buxsurveys125.gif
www.buxsurveys.com/images/ 142 KB
143 KB 145ms
115ms Image
image/gif 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.buxsurveys.com/images/buxsurveys125.gif

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e148186f97aafb2820402d854d38910fb91aadf8e0089dded06dab31b0c84b0f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.legitpaidtoclick.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5261
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 145488
last-modified: Sat, 13 Mar 2021 18:39:56 GMT
server: cloudflare
date: Mon, 22 Aug 2022 12:23:01 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F4uwthJxR8oe54GouxhO8oOfmwi3kJqLUdf%2FTidOJ0DUt11fMjURff2DwZ%2F9IWx2bzAMprXXUQ%2BBN0B8yZEfQNjMFnuQvJHbMuDB2bIOvBZFaIYk%2Bf0tr7GbhiVT%2BcJBHjfmY4nL2bNF17OYaBD7FYE%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 73eb93cb0aba71f2-LHR

GET
H2 200 banner3.gif
www.eldibux.com/ 77 KB
77 KB 274ms
141ms Image
image/gif 2a06:98c1:3120::c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.eldibux.com/banner3.gif
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 353623595f1c208f9d17f437dcfbc9a5c95500d7526e6713a83ebd2ef51cb24a

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.legitpaidtoclick.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 12:23:01 GMT
cf-cache-status: REVALIDATED
last-modified: Wed, 29 Jul 2020 21:17:02 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vxK5guC4UXnIIf1J6t54Rgwyu2bjX95RDnnyrPzA254km%2BXAfUbasB49U%2FEue7fwNXHcWuA5aSUK%2B8Me7DMcrebEQCRzcj7OM7t0J0Pr%2BVylZIOMIy4YZN%2FqeeOzp6xQuadvwHQFN4I5gAEvS3M%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=2678400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 73eb93cc0d0571fb-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 78436

GET
H2 200 banner2.png
www.gptplanet.com/banners/ 8 KB
8 KB 172ms
82ms Image
image/png 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.gptplanet.com/banners/banner2.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c1b4cf9c85bffc341ca52a9e569398353fc0f6a1823658c7a98970d9edb27340

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.legitpaidtoclick.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 12:23:01 GMT
cf-cache-status: HIT
last-modified: Mon, 06 Feb 2017 12:36:13 GMT
server: cloudflare
age: 1283
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rMOq57Fk12P97sDmC71BN9ou5TiobWjHmfXSYOd8wRyiUWk3GZ2%2Bj9MGelv9Nai7bZpeKCEp7GLvCfuAmp5qv6QMsF6vTJ6cJr%2Bze6T19UXxsokEElPts3mrBV3t8I1Ka8NjEvTLOYpX582Juc7jSA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=2678400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 73eb93cbcdc175cf-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 8285

GET
H2 200 banner3.gif
www.familyclix.com/ Frame 63D9 189 KB
189 KB 486ms
312ms Image
image/gif 2606:4700:3031::ac43:c92d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.familyclix.com/banner3.gif
Requested by: Host: srcdoc
URL: about:srcdoc
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700:3031::ac43:c92d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 55ec3eec40b67ab64cf3d37b23343851a0a3d83731c28f651ae8e6faf2305d9b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.legitpaidtoclick.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 12:23:01 GMT
cf-cache-status: HIT
last-modified: Tue, 20 Sep 2016 12:48:15 GMT
server: cloudflare
age: 0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6%2B%2BhXi12MnfMj%2Bv%2BU31gMbSwxfxvASzxduW9N5Dls1JEvki7GKB6Cr9AlxnOMWimf4FVKqbjRdywlvLDyT90zV9ZKCRka6kuy13whNupwUVbxa7WXON%2FYQ7CE%2FeVWm2MTK1jNJbEI0bl%2BkeMZZ6xdsU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: public, max-age=2678400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 73eb93cb3ee7e638-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 193414

GET
H2 200 banner3.gif
www.cliquesteria.net/ Frame 5EF4 69 KB
70 KB 169ms
103ms Image
image/gif 2a06:98c1:3120::c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.cliquesteria.net/banner3.gif
Requested by: Host: srcdoc
URL: about:srcdoc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4e240644ca44533b3f9eca7cd39b28d77eff648d0b8e249e070359e280fc9f58

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.legitpaidtoclick.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 12:23:01 GMT
cf-cache-status: HIT
last-modified: Sun, 02 Apr 2017 14:28:20 GMT
server: cloudflare
age: 255728
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hn%2F%2BHKDnnyTWhFCYvKOdJ9uFULCGgrgqtddnFDH%2Fi1EWEew3oZkmVSUmhLUKOssoocCcmst2N1Mgd1M%2Be6AlMaeJ4FTgzPoRcJYshc9yK4WCMeW9qeelPcQSHAL3MGLfyrgqrjMjMTjkaOomle64eKcvQw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: public, max-age=2678400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 73eb93ca8e2b7789-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 banner9.gif
www.neobux.com/imagens/ Frame 552E 5 KB
5 KB 245ms
186ms Image
image/webp 104.16.11.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.neobux.com/imagens/banner9.gif

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.11.101 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / NeoBux

Resource Hash

faefdaa702ff995c9ca4409e4e7305389cd6bf81220298b6cd0bade19c954aef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.legitpaidtoclick.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 12:23:01 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1616980
x-powered-by: NeoBux
p3p: CP="No P3P policy"
last-modified: Thu, 02 Jun 2011 18:03:02 GMT
content-disposition: inline; filename="banner9.webp"
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5024
x-xss-protection: 1; mode=block
cf-bgj: imgq:100,h2pri
server: cloudflare
etag: "e87d55504f21cc1:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
cache-control: public, max-age=2678400
cf-polished: origFmt=gif, origSize=10278
accept-ranges: bytes
cf-ray: 73eb93ca8dd376b9-LHR
expires: Thu, 22 Sep 2022 12:23:01 GMT

GET
H2 200 banner3.gif
www.eldibux.com/ Frame BDC7 77 KB
77 KB 480ms
186ms Image
image/gif 2a06:98c1:3120::c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.eldibux.com/banner3.gif
Requested by: Host: srcdoc
URL: about:srcdoc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 353623595f1c208f9d17f437dcfbc9a5c95500d7526e6713a83ebd2ef51cb24a

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.legitpaidtoclick.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 12:23:01 GMT
cf-cache-status: REVALIDATED
last-modified: Wed, 29 Jul 2020 21:17:02 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FTjW1rUwxS43JqZrt%2BAZrSy4TOLrl0ZAHsjemrSXOqA1NY47137Bt4GJu4j%2FNiL4ddqweNzE5L8bj8hfMWoun33KwCTU25CuOZHE5cTiQR6aPVdKikLZX741VvT4LLS0DuTEgJCVYXmVloRhXI4%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=2678400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 73eb93cc0d0371fb-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 78436

GET
H2 200 banner2.png
www.scarlet-clicks.info/banners/ Frame 7B15 13 KB
13 KB 172ms
65ms Image
image/png 2606:4700:3031::6815:143a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.scarlet-clicks.info/banners/banner2.png
Requested by: Host: srcdoc
URL: about:srcdoc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::6815:143a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9a23b47c91e1e8591fbf8216ca878ceace6569abef61c1f521685b11990b9c0b

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.legitpaidtoclick.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 12:23:01 GMT
cf-cache-status: HIT
last-modified: Tue, 22 Nov 2016 12:32:15 GMT
server: cloudflare
age: 4118
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zr877QBqyejl7O6UEBYtCSOiaXIF%2BqHQrlgWGnjcQutNnJcNOzjn8cDEOhYAIogyvQoz4M9Oijo9jetnGJc%2BPR1lrRc4L%2FAXvsQrVWkRbp564ZoiHfC1lbBcwYIcNf6qAR3PlCO%2FyJsPhTZo1ib9Ozsn4LDbEg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=2678400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 73eb93caed4d731e-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 13486

GET
H2 200 100x100.gif
www.optimalbux.com/ Frame 91F4 199 KB
199 KB 105ms
57ms Image
image/gif 2606:4700:3035::6815:de7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.optimalbux.com/100x100.gif
Requested by: Host: srcdoc
URL: about:srcdoc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:de7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8d31bdf52fb281b7dbb1d702649076c044f2f587b4745684ca3e44e9dfc028d2

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.legitpaidtoclick.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 12:23:01 GMT
cf-cache-status: HIT
last-modified: Sat, 09 Dec 2017 08:28:11 GMT
server: cloudflare
age: 6217
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0QB%2FXBOseeGnWVVee4SlBjLpxa7ShdiwRJJVOjFFxcUo%2FoojFmFEmHGuHd3cL%2BvrASDrMV%2FvlfgK90PAszZTYonFETsC%2FoG8Gb1%2BJpjT2tL5gogLPA6c7Y7zEDn4IHJXNBCDDVst47aC8r8XRvj9iEg%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=2678400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 73eb93ca8e3e71ae-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 203766

GET
H2 200 banner2.png
www.gptplanet.com/banners/ Frame 44C6 8 KB
9 KB 306ms
61ms Image
image/png 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.gptplanet.com/banners/banner2.png
Requested by: Host: srcdoc
URL: about:srcdoc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c1b4cf9c85bffc341ca52a9e569398353fc0f6a1823658c7a98970d9edb27340

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.legitpaidtoclick.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 12:23:01 GMT
cf-cache-status: HIT
last-modified: Mon, 06 Feb 2017 12:36:13 GMT
server: cloudflare
age: 1283
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MRpQCoYWj7KX6W22Zd3TLAzjjFz7d2ybxpNze4rRdNzrAGixg9YN%2F7%2BNt96aQSz%2F0cFMpfLE54n2974wEOp4H3gZ7IBnL7Q%2FFEvHy0jgsOOtN70HMnSIVx2AUx54377A9cBmgn10HyC1vQ1%2FC2gIpQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=2678400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 73eb93cbcdbf75cf-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 8285

GET
H2 200 banner2.gif
www.aticlix.net/ Frame 6B33 360 KB
361 KB 149ms
109ms Image
image/gif 2606:4700:3031::6815:5502
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.aticlix.net/banner2.gif

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3031::6815:5502 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cd963b1599e99195d3fe130ed8ad2ae410b0f53b29778f58d2ea6ce0be3e785a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.legitpaidtoclick.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 12:23:01 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 435098
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 368587
last-modified: Tue, 28 Dec 2021 07:32:58 GMT
server: cloudflare
etag: "59fcb-61cabdaa-310b6595c9ee7410;;;"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SV8sGAYgAtl0KCuIpf1YHfhXTvDQqPa01mNr%2BnOmi316JowhC1R0a0%2BgTlKWexJ66onueKyDhlBTEOmKuiXbTfBbJjR6DFhhCL1KRNraN33uHJieSLnb3ALXHrk5ui%2By9zB4YNug%2BDsHzp2t06Y%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
content-security-policy: upgrade-insecure-requests
accept-ranges: bytes
cf-ray: 73eb93ca8caa8e15-LHR
expires: Wed, 24 Aug 2022 11:31:20 GMT

GET
H2 200 468x60-1.gif
www.grandclick.com/ Frame 6EF7 122 KB
123 KB 746ms
303ms Image
image/gif 35.208.170.164
GOOGLE-2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.grandclick.com/468x60-1.gif
Requested by: Host: srcdoc
URL: about:srcdoc
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.208.170.164 Council Bluffs, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 164.170.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: a391ed590f9b3b2f3ad6b758e4f7770499489126304bfb0de743d44f1e6a3e15

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.legitpaidtoclick.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 12:23:01 GMT
last-modified: Sat, 18 Dec 2021 20:50:18 GMT
server: nginx
etag: "61be498a-1e9be"
x-proxy-cache-info: DT:1
content-type: image/gif
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
accept-ranges: bytes
content-length: 125374
expires: Tue, 22 Aug 2023 12:23:01 GMT

GET
H2 200 buxsurveys125.gif
www.buxsurveys.com/images/ Frame 6480 142 KB
143 KB 179ms
69ms Image
image/gif 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.buxsurveys.com/images/buxsurveys125.gif

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e148186f97aafb2820402d854d38910fb91aadf8e0089dded06dab31b0c84b0f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.legitpaidtoclick.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5261
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 145488
last-modified: Sat, 13 Mar 2021 18:39:56 GMT
server: cloudflare
date: Mon, 22 Aug 2022 12:23:01 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hn70Y%2ByWbU4WZyJbXN3K98v52W5a7qr1xu83MyLKoyYPSrDOSqn%2FjTlElkxpnEmW%2FGGSmv4AnLVMKHAEdMOfFzHp3qG3dF2MAyfgvYuXcX5M0rojkLAOUCY5Hcq8qCVNmP%2BeElw5Le0I88mUDTCuBRQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 73eb93cb0a8f71f2-LHR

GET
H2 200 125x125.gif
www.twickerz.com/banner/ Frame 2040 28 KB
28 KB 75ms
53ms Image
image/gif 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.twickerz.com/banner/125x125.gif
Requested by: Host: srcdoc
URL: about:srcdoc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 016fda494001f08742b0849ac2c6e8f37d3e5c448d18a754fa90a78c62839da8

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.legitpaidtoclick.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 12:23:01 GMT
cf-cache-status: HIT
last-modified: Fri, 10 Nov 2017 07:39:26 GMT
server: cloudflare
age: 6010
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FYOkaWIVz8XWRHlv93cLF%2FRn9RZKyg91T7PN%2Fwx%2BJzgSxTNemPgI0FhM4%2B2Tp6bUC4vndDxveaPsqAlnptWSEYdBiYnxrZvjpfcCYb%2Bdi5ePDwmhwiuFdtl6a8UTq9rnuf2wUI35GGFtY%2FEetiq6"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=2678400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 73eb93ca8e0c76ef-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 28481

GET
H2 200 banner12.gif
www.goldenclix.com/images/ Frame 6D45 7 KB
7 KB 170ms
148ms Image
image/gif 2606:4700:3035::6815:28fe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.goldenclix.com/images/banner12.gif
Requested by: Host: srcdoc
URL: about:srcdoc
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:28fe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 94ce198083170cb1bf6fa56877d6b66fc14c7bb180a06ecd3eae1592d1afde46

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.legitpaidtoclick.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 12:23:01 GMT
cf-cache-status: REVALIDATED
last-modified: Thu, 03 Aug 2017 10:32:23 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bts56yIqFKqUe7xlROGFTRgZufY39uQME%2F2wOIjDRN7rAqEkaskAM9HQhFZr5yti35YY%2BZya0tRVaoRU4qqRPHwJrU%2Fun6oogFZ6YVgDgdl67%2FIuU4Mk38m7RieVeHB12mr%2FOHiCiaA4aeKYA60nKKU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=2678400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 73eb93ca8b46779d-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6729

GET
H3 200 css2
fonts.googleapis.com/ 233 KB
60 KB 79ms
79ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&family=Open+Sans:wght@300;400&family=Lato:wght@400&family=Noto+Sans+JP:wght@400;700&display=swap

Requested by

Host: www.legitpaidtoclick.com
URL: https://www.legitpaidtoclick.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6f473cae2fff3bb4c82030cb5179cf9838cd4089a3df44b1cf09f0f8dc438ec3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 22 Aug 2022 12:23:01 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 22 Aug 2022 12:23:01 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 22 Aug 2022 12:23:01 GMT

GET
H3 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v23/ 23 KB
23 KB 203ms
93ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&family=Open+Sans:wght@300;400&family=Lato:wght@400&family=Noto+Sans+JP:wght@400;700&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.legitpaidtoclick.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 17:08:09 GMT
x-content-type-options: nosniff
age: 501292
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23580
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:48:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 16 Aug 2023 17:08:09 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
15 KB 185ms
75ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&family=Open+Sans:wght@300;400&family=Lato:wght@400&family=Noto+Sans+JP:wght@400;700&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.legitpaidtoclick.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 08:01:51 GMT
x-content-type-options: nosniff
age: 361270
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 18 Aug 2023 08:01:51 GMT

GET
H3 200 -F6pfjtqLzI2JPCgQBnw7HFQei0q1xVxjfp_dakBof6Bs-tb3ab2FNISVac.119.woff2
fonts.gstatic.com/s/notosansjp/v42/ 52 KB
52 KB 239ms
130ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/notosansjp/v42/-F6pfjtqLzI2JPCgQBnw7HFQei0q1xVxjfp_dakBof6Bs-tb3ab2FNISVac.119.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&family=Open+Sans:wght@300;400&family=Lato:wght@400&family=Noto+Sans+JP:wght@400;700&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

72886b29a4caed5ecd641a108d1b0393e3f94ecc551fc926dffe047e3cf35b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.legitpaidtoclick.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 16:38:08 GMT
x-content-type-options: nosniff
age: 589493
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53112
x-xss-protection: 0
last-modified: Mon, 09 May 2022 20:07:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 15 Aug 2023 16:38:08 GMT

GET
H3 200 -F6pfjtqLzI2JPCgQBnw7HFQei0q1xVxjfp_dakBof6Bs-tb3ab2FNISVac.118.woff2
fonts.gstatic.com/s/notosansjp/v42/ 13 KB
13 KB 255ms
146ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/notosansjp/v42/-F6pfjtqLzI2JPCgQBnw7HFQei0q1xVxjfp_dakBof6Bs-tb3ab2FNISVac.118.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&family=Open+Sans:wght@300;400&family=Lato:wght@400&family=Noto+Sans+JP:wght@400;700&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fad25cd49ede74711b387dc8073f3b1633337cf96a9291aacd4e94ef95aec2f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.legitpaidtoclick.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 10:27:45 GMT
x-content-type-options: nosniff
age: 6916
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13592
x-xss-protection: 0
last-modified: Mon, 09 May 2022 20:07:10 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 22 Aug 2023 10:27:45 GMT

GET
H3 200 -F6pfjtqLzI2JPCgQBnw7HFQei0q1xVxjfp_dakBof6Bs-tb3ab2FNISVac.117.woff2
fonts.gstatic.com/s/notosansjp/v42/ 10 KB
10 KB 226ms
118ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/notosansjp/v42/-F6pfjtqLzI2JPCgQBnw7HFQei0q1xVxjfp_dakBof6Bs-tb3ab2FNISVac.117.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&family=Open+Sans:wght@300;400&family=Lato:wght@400&family=Noto+Sans+JP:wght@400;700&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55ba69c11db1d4be0836acfb5abe76c32024507fe2573024d4db23983a0ae8f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.legitpaidtoclick.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 17:55:10 GMT
x-content-type-options: nosniff
age: 584871
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10016
x-xss-protection: 0
last-modified: Mon, 09 May 2022 20:07:11 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 15 Aug 2023 17:55:10 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 163ms
55ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&family=Open+Sans:wght@300;400&family=Lato:wght@400&family=Noto+Sans+JP:wght@400;700&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.legitpaidtoclick.com
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sun, 21 Aug 2022 05:29:41 GMT
x-content-type-options: nosniff
age: 111200
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 21 Aug 2023 05:29:41 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
353 B 176ms
60ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-MTV4E922RE&gtm=2oe8h0&_p=2036747848&cid=1663263404.1661170982&ul=en-us&sr=1600x1200&_z=ccd.v9B&_s=1&sid=1661170981&sct=1&seg=0&dl=https%3A%2F%2Fwww.legitpaidtoclick.com%2F&dt=Home%20%7C%20Earn%20Passive%20Income%20Weekly%20Clicking%20Adz&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-MTV4E922RE
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.legitpaidtoclick.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 22 Aug 2022 12:23:01 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.legitpaidtoclick.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 variants Show response
api-ecommerce.zyro.com/store/demo_01G0E9P2R0CFTNBWEEFCEV8EG5/ 416 B
544 B 426ms
370ms Fetch
application/json 2606:4700::6812:90d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api-ecommerce.zyro.com/store/demo_01G0E9P2R0CFTNBWEEFCEV8EG5/variants?fields=inventory_quantity

Requested by

Host: userapp.zyrosite.com
URL: https://userapp.zyrosite.com/1660905676/js/index.cbfe8f0e.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:90d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

9ac637c7efbfbb3e296b8a3bd2fb26bd77f839725c4efffc3c8f6e0b08ebf645

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://www.legitpaidtoclick.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 12:23:02 GMT
content-encoding: br
etag: W/"1a0-6RqKK1OBJHM0dtAP+t5lukYX2e0"
cf-cache-status: DYNAMIC
server: cloudflare
x-powered-by: Express
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15724800; includeSubDomains
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cf-ray: 73eb93cd49504058-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-request-id: 86f309377386113b4577918f0f985f99

Verdicts & Comments Add Verdict or Comment

29 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.legitpaidtoclick.com/	1970-01-20 15:02:10	Name: _ga_MTV4E922RE Value: GS1.1.1661170981.1.0.1661170981.0.0.0
			.legitpaidtoclick.com/	1970-01-20 15:02:10	Name: _ga Value: GA1.1.1663263404.1661170982

9 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://www.legitpaidtoclick.com/ Message: Mixed Content: The page at 'https://www.legitpaidtoclick.com/' was loaded over HTTPS, but requested an insecure element 'http://www.goldenclix.com/images/banner12.gif'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://www.legitpaidtoclick.com/ Message: Mixed Content: The page at 'https://www.legitpaidtoclick.com/' was loaded over HTTPS, but requested an insecure element 'http://www.aticlix.net/banner2.gif'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://www.legitpaidtoclick.com/ Message: Mixed Content: The page at 'https://www.legitpaidtoclick.com/' was loaded over HTTPS, but requested an insecure element 'http://www.eldibux.com/banner3.gif'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: about:srcdoc Message: Mixed Content: The page at 'about:srcdoc' was loaded over HTTPS, but requested an insecure element 'http://www.eldibux.com/banner3.gif'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: about:srcdoc Message: Mixed Content: The page at 'about:srcdoc' was loaded over HTTPS, but requested an insecure element 'http://www.aticlix.net/banner2.gif'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: about:srcdoc Message: Mixed Content: The page at 'about:srcdoc' was loaded over HTTPS, but requested an insecure element 'http://www.goldenclix.com/images/banner12.gif'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: about:srcdoc Message: Mixed Content: The page at 'about:srcdoc' was loaded over HTTPS, but requested an insecure element 'http://www.eldibux.com/banner3.gif'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: about:srcdoc Message: Mixed Content: The page at 'about:srcdoc' was loaded over HTTPS, but requested an insecure element 'http://www.aticlix.net/banner2.gif'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: about:srcdoc Message: Mixed Content: The page at 'about:srcdoc' was loaded over HTTPS, but requested an insecure element 'http://www.goldenclix.com/images/banner12.gif'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors zyro.com .zyro.com .zyro.space .dp.zyro.space .hostinger.com *.hostinger.io
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api-ecommerce.zyro.com
assets.zyrosite.com
cdn.zyrosite.com
fonts.googleapis.com
fonts.gstatic.com
region1.google-analytics.com
userapp.zyrosite.com
www.aticlix.net
www.buxsurveys.com
www.cliquesteria.net
www.eldibux.com
www.familyclix.com
www.goldenclix.com
www.googletagmanager.com
www.gptplanet.com
www.grandclick.com
www.legitpaidtoclick.com
www.neobux.com
www.optimalbux.com
www.scarlet-clicks.info
www.twickerz.com
104.16.11.101
2001:4860:4802:32::36
2600:1901:0:84ef::
2606:4700:3031::6815:143a
2606:4700:3031::6815:5502
2606:4700:3031::ac43:c92d
2606:4700:3035::6815:28fe
2606:4700:3035::6815:de7
2606:4700::6812:2a9
2606:4700::6812:3a9
2606:4700::6812:90d
2a00:1450:4001:800::2008
2a00:1450:4001:813::2003
2a00:1450:4001:82a::200a
2a06:98c1:3120::c
2a06:98c1:3121::3
35.208.170.164
00b6d17c20b5ad16c2b017b30407ea3698df0ba2741f5617c561da08ff758f18
016fda494001f08742b0849ac2c6e8f37d3e5c448d18a754fa90a78c62839da8
353623595f1c208f9d17f437dcfbc9a5c95500d7526e6713a83ebd2ef51cb24a
4e240644ca44533b3f9eca7cd39b28d77eff648d0b8e249e070359e280fc9f58
50dafda7a01709be032a1adbd1f3337e865a83f9d932697bd89d036f8d5c2c8b
55533d4527a4264bd7fb9c12af21b86b3c14dc01b9508b40fd406b791e7c1152
55ba69c11db1d4be0836acfb5abe76c32024507fe2573024d4db23983a0ae8f8
55ec3eec40b67ab64cf3d37b23343851a0a3d83731c28f651ae8e6faf2305d9b
6f473cae2fff3bb4c82030cb5179cf9838cd4089a3df44b1cf09f0f8dc438ec3
72886b29a4caed5ecd641a108d1b0393e3f94ecc551fc926dffe047e3cf35b4b
80772878ad5bc9a5a765079c5d51b46819b2d1802e27596f42a589020adb5dc0
8d31bdf52fb281b7dbb1d702649076c044f2f587b4745684ca3e44e9dfc028d2
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
94ce198083170cb1bf6fa56877d6b66fc14c7bb180a06ecd3eae1592d1afde46
9a23b47c91e1e8591fbf8216ca878ceace6569abef61c1f521685b11990b9c0b
9ac637c7efbfbb3e296b8a3bd2fb26bd77f839725c4efffc3c8f6e0b08ebf645
9f20c8d28295dac7470b4230244bfa780e4cbbe0216606b10349e9460b4972fe
a391ed590f9b3b2f3ad6b758e4f7770499489126304bfb0de743d44f1e6a3e15
aa80b68d06d476072dd2e4767bb64168a259923dfd55e8f9789e89cb193949ed
c1b4cf9c85bffc341ca52a9e569398353fc0f6a1823658c7a98970d9edb27340
cd963b1599e99195d3fe130ed8ad2ae410b0f53b29778f58d2ea6ce0be3e785a
d6995c6931a860e3661b733a8bf9b84486ed93f3395245d2a8c4f1c8fc03197b
e148186f97aafb2820402d854d38910fb91aadf8e0089dded06dab31b0c84b0f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ec86775a9b786311039294c307f4290d7c825e447135701cc86fb9133f95fdf0
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
fad25cd49ede74711b387dc8073f3b1633337cf96a9291aacd4e94ef95aec2f8
faefdaa702ff995c9ca4409e4e7305389cd6bf81220298b6cd0bade19c954aef

www.legitpaidtoclick.com Open in urlscan Pro 2600:1901:0:84ef:: Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

50 Requests

100 %HTTPS

88 %IPv6

19 Domains

21 Subdomains

17 IPs

3 Countries

3322 kBTransfer

4745 kBSize

2 Cookies

12 Outgoing links

Page URL History

Redirected requests

50 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.legitpaidtoclick.com Open in urlscan Pro
2600:1901:0:84ef:: Public Scan

Screenshot
Live screenshot

Full Image

50
Requests

100 %
HTTPS

88 %
IPv6

19
Domains

21
Subdomains

17
IPs

3
Countries

3322 kB
Transfer

4745 kB
Size

2
Cookies

50 HTTP transactions
0 data transactions