uselottery.top Open in urlscan Pro
2606:4700:3032::6815:4baf Public Scan

Go To Rescan
Add Verdict Report

URL:
http://uselottery.top/magnitcosmetic/
Submission: On January 16 via api (January 16th 2023, 1:42:48 pm UTC) from US — Scanned from DE

Summary HTTP 50 Redirects Behaviour Indicators

Summary

This website contacted 10 IPs in 5 countries across 10 domains to perform 50 HTTP transactions. The main IP is 2606:4700:3032::6815:4baf, located in United States and belongs to CLOUDFLARENET, US. The main domain is uselottery.top.

This is the only time uselottery.top was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 5	2606:4700:303... 2606:4700:3032::6815:4baf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:400d:802::2008	15169 (GOOGLE) (GOOGLE)
18	2a00:1450:400... 2a00:1450:4001:806::2001	15169 (GOOGLE) (GOOGLE)
2	185.66.201.42 185.66.201.42	201702 (SKHOSTING-EU) (SKHOSTING-EU)
2	185.66.200.220 185.66.200.220	201702 (SKHOSTING-EU) (SKHOSTING-EU)
2	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
4	103.235.46.191 103.235.46.191	55967 (BAIDU Bei...) (BAIDU Beijing Baidu Netcom Science and Technology Co.)
1	2a00:1450:400... 2a00:1450:4001:82b::200a	15169 (GOOGLE) (GOOGLE)
10	185.66.200.127 185.66.200.127	201702 (SKHOSTING-EU) (SKHOSTING-EU)
50	10

5 2606:4700:3032::6815:4baf (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

uselottery.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

js.goodgoodstudy.biz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:802::2008 (Ireland)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a00:1450:4001:806::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

1.bp.blogspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.66.201.42 (Slovakia)

ASN201702 (SKHOSTING-EU, SK)
PTR: affilist.com

benfly.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.66.200.220 (Slovakia)

ASN201702 (SKHOSTING-EU, SK)
PTR: 185.66.200.220.skhosting.eu

uprimp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 103.235.46.191 (Hong Kong)

ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN)

hm.baidu.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 185.66.200.127 (Slovakia)

ASN201702 (SKHOSTING-EU, SK)
PTR: 185.66.200.127.skhosting.eu

aff-a.advertica-cdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	blogspot.com 1.bp.blogspot.com — Cisco Umbrella Rank: 10250	551 KB
10	advertica-cdn.com aff-a.advertica-cdn.com	820 KB
6	goodgoodstudy.biz js.goodgoodstudy.biz	102 KB
5	uselottery.top 1 redirects uselottery.top	23 KB
4	baidu.com hm.baidu.com — Cisco Umbrella Rank: 9132	24 KB
2	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2439	399 B
2	uprimp.com uprimp.com — Cisco Umbrella Rank: 264604	936 B
2	benfly.net benfly.net	8 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 35	934 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 41	77 KB
50	10

	Domain	Requested by
18	1.bp.blogspot.com	uselottery.top
10	aff-a.advertica-cdn.com	benfly.net
6	js.goodgoodstudy.biz	uselottery.top
5	uselottery.top	1 redirects uselottery.top js.goodgoodstudy.biz
4	hm.baidu.com	uselottery.top
2	region1.google-analytics.com	www.googletagmanager.com
2	uprimp.com	uselottery.top uprimp.com
2	benfly.net	uselottery.top benfly.net
1	fonts.googleapis.com	benfly.net
1	www.googletagmanager.com	uselottery.top
50	10

This site contains no links.

Subject Issuer	Validity	Valid
*.goodgoodstudy.biz E1	`2022-12-24` - `2023-03-24`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-12-12` - `2023-03-06`	3 months	crt.sh
misc-sni.blogspot.com GTS CA 1C3	`2022-12-12` - `2023-03-06`	3 months	crt.sh
uprimp.com R3	`2023-01-15` - `2023-04-15`	3 months	crt.sh
baidu.com GlobalSign RSA OV SSL CA 2018	`2022-07-05` - `2023-08-06`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-12-12` - `2023-03-06`	3 months	crt.sh

This page contains 3 frames:

Primary Page: http://uselottery.top/magnitcosmetic/
Frame ID: C11658916FC6CF5F102A00C54F606E09
Requests: 37 HTTP requests in this frame

Frame: https://uprimp.com/bnr_xload.php?section=General&pub=995577&format=300x50&ga=g&xt=167387655997792&xtt=2856331
Frame ID: 312FD6799635BC2171A1E87B353304C3
Requests: 1 HTTP requests in this frame

Frame: http://benfly.net/c39aadb942/da1c750f07/?placementName=default&is_first=true&randomA=0_464&maxw=0
Frame ID: 933BEF7BDB71316AB82BF40BD8D436BD
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

🎉💄ⓂMagnit Cosmetic 12 Jahre Feier🛍️🎊

Page URL History Show full URLs

http://uselottery.top/magnitcosmetic HTTP 301
http://uselottery.top/magnitcosmetic/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Baidu Analytics (百度统计) (Analytics) Expand

Overall confidence: 100%
Detected patterns

hm\.baidu\.com/hm\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

SweetAlert2 (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

sweetalert2(?:\.all)?(?:\.min)?\.js
/npm/sweetalert2@([\d.]+)
sweetalert2@([\d.]+)/dist/sweetalert2(?:\.all)(?:\.min)\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

50
Requests

68 %
HTTPS

60 %
IPv6

10
Domains

10
Subdomains

10
IPs

5
Countries

1606 kB
Transfer

2186 kB
Size

7
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://uselottery.top/magnitcosmetic HTTP 301
http://uselottery.top/magnitcosmetic/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

50 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
uselottery.top/magnitcosmetic/
Redirect Chain

http://uselottery.top/magnitcosmetic
http://uselottery.top/magnitcosmetic/

85 KB
16 KB

222ms
222ms

Document
text/html

2606:4700:3032::6815:4baf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://uselottery.top/magnitcosmetic/
Protocol: HTTP/1.1
Server: 2606:4700:3032::6815:4baf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 72fbbc82cc9f59dacc8285d6cf5acd27d77fd5f89e429c9fd53f1c9d8aa9e5cd

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

CF-Cache-Status: DYNAMIC
CF-RAY: 78a74691bae2bbcb-FRA
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Mon, 16 Jan 2023 13:42:39 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O9Rj5De5EVASDeoBCZvWEXDteHmmFQaJ9YC6a0Xrpg0kAObcJk%2Fh6GYeLjGmYXDUFmmGCr2GNvB4%2F%2BMapag1vJSoIKHRS8e0NnkStSmTwf%2F0obvdqma%2F%2BHMW9rfDndHhVkGIOEN%2BCBXA5OSP1g%3D%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

CF-Cache-Status: DYNAMIC
CF-RAY: 78a7468efdd3bbcb-FRA
Connection: keep-alive
Content-Type: text/html
Date: Mon, 16 Jan 2023 13:42:39 GMT
Location: http://uselottery.top/magnitcosmetic/
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uX32SJGVDGHcMSWyzV6QDEYaCFkGm3uj%2FBrVEKiT6Y9r%2FdaNWUMGyq3IEsWonsOtQmMsfbliojrGtH%2BXxInDSdT010IoCgcOUNiBqSXzBo5yEPorQZE%2B1mjbi1e%2Bl5biBwysnecTe4q5Sf5ooQ%3D%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 jquery.min.js Show response
js.goodgoodstudy.biz/npm/jquery@3.6.0/dist/ 87 KB
32 KB 55ms
28ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.goodgoodstudy.biz/npm/jquery@3.6.0/dist/jquery.min.js

Requested by

Host: uselottery.top
URL: http://uselottery.top/magnitcosmetic/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ee11e902416a1d896f538103110337b39a0e2e2606bc1faf5cd0652914891127

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://uselottery.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 16 Jan 2023 13:42:39 GMT
strict-transport-security: max-age=31536000
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 17572
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 14 Apr 2021 06:26:22 GMT
server: cloudflare
etag: W/"60768b0e-15d9d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IYwlVdsyCZf5hi109TSczE8fFCuZ0fgdYUTa2SBuYevvRtgMzWYTDxB2su8YU3wM73pgAmURIUUIbK1WrqJ%2FGEo%2F3sY%2BRbzuzIdrhJ6mHGsrmrbrC7lq%2BFgTRh6S4mqBSmQ6Ue8zhN5UOBi2xS%2BSWxT9eA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=43200
cf-ray: 78a7469359026904-FRA
expires: Mon, 16 Jan 2023 20:49:47 GMT

GET
H2 200 bootstrap.min.js Show response
js.goodgoodstudy.biz/npm/bootstrap@4.6.0/dist/js/ 62 KB
16 KB 46ms
20ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.goodgoodstudy.biz/npm/bootstrap@4.6.0/dist/js/bootstrap.min.js

Requested by

Host: uselottery.top
URL: http://uselottery.top/magnitcosmetic/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a4555d8dee9f8adc976e84a97dfe87e6bf5794b579f49bb56f133fed85f7d709

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://uselottery.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 16 Jan 2023 13:42:39 GMT
strict-transport-security: max-age=31536000
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 32712
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 14 Apr 2021 02:49:20 GMT
server: cloudflare
etag: W/"60765830-f7f1"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j4DBDltbFWYZaEPMt7BUvcbfP0s%2Bzbsl61tL0qSX4QIG71x1l39szPrzg%2FooYUEujkx01xr2pJIEE7fqb9QsTIXtVj9jv9tduxQbLanrnz51oASDUUuQQ88LpE%2F%2FAezUu89xcDKvs%2F1aUgzjs4Fet7rMwQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=43200
cf-ray: 78a7469359056904-FRA
expires: Mon, 16 Jan 2023 16:37:26 GMT

GET
H2 200 sweetalert2.all.min.js Show response
js.goodgoodstudy.biz/npm/sweetalert2@10.16.0/dist/ 71 KB
20 KB 53ms
28ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.goodgoodstudy.biz/npm/sweetalert2@10.16.0/dist/sweetalert2.all.min.js

Requested by

Host: uselottery.top
URL: http://uselottery.top/magnitcosmetic/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0b7274b0b5b7f411de46416a6c9941062f7a57aaf919fdeda367b5959f4ce8ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://uselottery.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 16 Jan 2023 13:42:39 GMT
strict-transport-security: max-age=31536000
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 32692
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 14 Apr 2021 02:43:30 GMT
server: cloudflare
etag: W/"607656d2-11c3d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F9fa4SLumCFQr7zC78oN6sRrGKCfZPk6W%2FeZFom0m3H7Cy4aBZ1rRzf5J9sWsBJ5O59nu6EUJgYf3mPlHpFEtpelKsYM9cHqZlhYVOW7pleR%2Fq3nlu1beXuI4ymzjTmzF6Mh%2F0oMRaU6Mrc6Z0N2dMhgHw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=43200
cf-ray: 78a7469359086904-FRA
expires: Mon, 16 Jan 2023 16:37:47 GMT

GET
H2 200 lazyload.min.js Show response
js.goodgoodstudy.biz/npm/lazyload@2.0.0-rc.2/ 5 KB
3 KB 45ms
19ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.goodgoodstudy.biz/npm/lazyload@2.0.0-rc.2/lazyload.min.js

Requested by

Host: uselottery.top
URL: http://uselottery.top/magnitcosmetic/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b219e4cd8f8f9216f159285019be30d6bfe475d92ca30b3561551aaa2174751d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://uselottery.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 16 Jan 2023 13:42:39 GMT
strict-transport-security: max-age=31536000
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 32712
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Tue, 27 Jul 2021 04:19:04 GMT
server: cloudflare
etag: W/"60ff8938-12be"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kawt3se%2FdP8emTJoMrAHcAfArvL%2FC6ZEWeBzjKyzjLf7uUDWSlhvTRjrcs2zUY7hZEd8k94gVxdUzDejNzGWg%2BmeTknbaUUIqPITrsdEAZDaKe2UcXwpO3w%2FiLQI8hKNYkD%2FY%2F2w%2F%2FlcDNi547dz5GzgfA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=43200
cf-ray: 78a7469359096904-FRA
expires: Mon, 16 Jan 2023 16:37:26 GMT

GET
H2 200 popper.min.js Show response
js.goodgoodstudy.biz/npm/popper.js@1.16.1/dist/umd/ 21 KB
8 KB 46ms
21ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.goodgoodstudy.biz/npm/popper.js@1.16.1/dist/umd/popper.min.js

Requested by

Host: uselottery.top
URL: http://uselottery.top/magnitcosmetic/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e290dc4993b9ae7d34440db26be412b4bc4547a48ff635750d400164665d7fa6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://uselottery.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 16 Jan 2023 13:42:39 GMT
strict-transport-security: max-age=31536000
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 8233
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 16 Apr 2021 01:43:03 GMT
server: cloudflare
etag: W/"6078eba7-52f4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=25xAm9tVA87aOeqJhe2xO187otQvIQNYGeALRVuqlpbFwBFPiq%2Fu%2FSL7QWlSh5HoAJ5uhFqwMQ5rgzgbnf9gtNJjr7yAHVi6kdTH6zIRUtUTRYFUpIzwFIT6jWe3UOHzDOheaS6EvmfRLknazK03xJkuew%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=43200
cf-ray: 78a74693590b6904-FRA
expires: Mon, 16 Jan 2023 23:25:26 GMT

GET
H2 200 bootstrap.min.css
js.goodgoodstudy.biz/npm/bootstrap@4.6.0/dist/css/ 158 KB
25 KB 47ms
22ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.goodgoodstudy.biz/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css

Requested by

Host: uselottery.top
URL: http://uselottery.top/magnitcosmetic/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7d7a9043f4bed303fe2974ac4e3ba10d6b214e70f7ae549786ba2d347de05f81

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://uselottery.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 16 Jan 2023 13:42:39 GMT
strict-transport-security: max-age=31536000
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 17979
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Wed, 14 Apr 2021 02:50:45 GMT
server: cloudflare
etag: W/"60765885-27687"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FRLJg9Gf%2FtfDDHcwte%2BO3uN9ESAIWZhPXqusww6q%2FDN6sZaf8feQdL3F1M5E%2BpNr8YBRvOVe8XdcTN%2BH8sFLcGE4q%2FF4t%2F1GtusCnxgnBRY%2FFY8O3cttUN8ltzsCCaGqIL40cacS0GFl3586EqdtMHEHAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=43200
cf-ray: 78a7469358fe6904-FRA
expires: Mon, 16 Jan 2023 20:43:00 GMT

GET
H/1.1 200
OK sur.css
uselottery.top/magnitcosmetic/static/ 14 KB
5 KB 1449ms
1441ms Stylesheet
text/css 2606:4700:3032::6815:4baf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://uselottery.top/magnitcosmetic/static/sur.css
Requested by: Host: uselottery.top
URL: http://uselottery.top/magnitcosmetic/
Protocol: HTTP/1.1
Server: 2606:4700:3032::6815:4baf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2bc3d4c69d2b85b7b972b8b1b1d35fe0274346231a64d63207e64b528ca2dfa3

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://uselottery.top/magnitcosmetic/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Mon, 16 Jan 2023 13:42:41 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Last-Modified: Mon, 18 Apr 2022 07:17:27 GMT
Server: cloudflare
ETag: W/"625d1087-398e"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A4IGBhahkB%2BpQHAqzBMNaUefzzG6RatcKEVp3amGBsph%2FeHO1E5PBIqBiUQuqSnAlxsgT8PFu0nqNzJAmXJVW74OJ5YjXcBDrAQAaYRuf8SC8X%2BUnPZfxGDqmwLKvsQFGI77cvODEiEkUGZazw%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: text/css
Cache-Control: max-age=43200
CF-RAY: 78a746933cd39150-FRA
Expires: Tue, 17 Jan 2023 01:42:41 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 218 KB
77 KB 112ms
51ms Script
application/javascript 2a00:1450:400d:802::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-4P4ZF0BJDZ

Requested by

Host: uselottery.top
URL: http://uselottery.top/magnitcosmetic/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1ffc064a2fccc60ebbeb503e587cbb1bfb7029bc13c6a93d2e9c97714a8c6f19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://uselottery.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 16 Jan 2023 13:42:40 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 77922
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 16 Jan 2023 13:42:40 GMT

GET
H2 200 1650262835915124-4.png
1.bp.blogspot.com/-7XAbpEcx26s/Yl0DNcp6NYI/AAAAAAAAGPc/IWw8N8kFUQcj3dWVjfa6yI5VRbpKfsTGwCNcBGAsYHQ/s16000/ 7 KB
7 KB 31ms
8ms Image
image/png 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-7XAbpEcx26s/Yl0DNcp6NYI/AAAAAAAAGPc/IWw8N8kFUQcj3dWVjfa6yI5VRbpKfsTGwCNcBGAsYHQ/s16000/1650262835915124-4.png

Requested by

Host: uselottery.top
URL: http://uselottery.top/magnitcosmetic/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

6bc641f12d571f19855346ee9e1fd40d4d3f6cabf35fa97eb9e630320371acaf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://uselottery.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 16 Jan 2023 13:34:32 GMT
x-content-type-options: nosniff
age: 488
content-disposition: inline;filename="1650262835915124-4.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7169
x-xss-protection: 0
server: fife
etag: "v18fe"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 17 Jan 2023 13:34:32 GMT

GET
H2 200 1650262833815015-5.png
1.bp.blogspot.com/-W0c3_k8RZNg/Yl0DMzk1NvI/AAAAAAAAGPY/WF5rZjBGWYMeS3WhmJFVirj1DskcCVCHgCNcBGAsYHQ/s16000/ 4 KB
4 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-W0c3_k8RZNg/Yl0DMzk1NvI/AAAAAAAAGPY/WF5rZjBGWYMeS3WhmJFVirj1DskcCVCHgCNcBGAsYHQ/s16000/1650262833815015-5.png

Requested by

Host: uselottery.top
URL: http://uselottery.top/magnitcosmetic/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

f3f583832252b7eb799c234d968e4525c9f5c826a32a3c359b94c8a14ceabf13

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://uselottery.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 16 Jan 2023 13:34:32 GMT
x-content-type-options: nosniff
age: 488
content-disposition: inline;filename="1650262833815015-5.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4451
x-xss-protection: 0
server: fife
etag: "v1900"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 17 Jan 2023 13:34:32 GMT

GET
H2 200 1650262828433054-7.png
1.bp.blogspot.com/-kXjpXwW8esU/Yl0DLv2E3TI/AAAAAAAAGPQ/ZnBSwAJUKTUQRjkfFNMgGP7s4E7NMuiRwCNcBGAsYHQ/s16000/ 305 KB
305 KB 9ms
9ms Image
image/jpeg 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-kXjpXwW8esU/Yl0DLv2E3TI/AAAAAAAAGPQ/ZnBSwAJUKTUQRjkfFNMgGP7s4E7NMuiRwCNcBGAsYHQ/s16000/1650262828433054-7.png

Requested by

Host: uselottery.top
URL: http://uselottery.top/magnitcosmetic/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

c979577904e7957d025a7393475fb604ce88f001f2b7475574eb0543b54947f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://uselottery.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 16 Jan 2023 13:34:32 GMT
x-content-type-options: nosniff
age: 488
content-disposition: inline;filename="1650262828433054-7.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 311947
x-xss-protection: 0
server: fife
etag: "v1900"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 17 Jan 2023 13:34:32 GMT

GET
H3 200 1650262823499300-9.png
1.bp.blogspot.com/-n11OyXla0lk/Yl0DKbBNXGI/AAAAAAAAGPI/-wsTM-YPtqQH9futj7ODsJJ2DwF4birfACNcBGAsYHQ/s16000/ 23 KB
23 KB 8ms
8ms Image
image/png 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-n11OyXla0lk/Yl0DKbBNXGI/AAAAAAAAGPI/-wsTM-YPtqQH9futj7ODsJJ2DwF4birfACNcBGAsYHQ/s16000/1650262823499300-9.png

Requested by

Host: uselottery.top
URL: http://uselottery.top/magnitcosmetic/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

0e345a5348fbf5e804408d4dace9d2cc08f1bff344011ed2e13f260562114f0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://uselottery.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 16 Jan 2023 13:34:32 GMT
x-content-type-options: nosniff
age: 488
content-disposition: inline;filename="1650262823499300-9.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23397
x-xss-protection: 0
server: fife
etag: "v18fd"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 17 Jan 2023 13:34:32 GMT

GET
H3 200 1650262845899482-0.png
1.bp.blogspot.com/-5ZCd383yHbo/Yl0DQJ_dGnI/AAAAAAAAGPs/e1-7OE8_NH8Qt84OEyykv1og3C0rO_VXACNcBGAsYHQ/s16000/ 29 KB
29 KB 8ms
7ms Image
image/png 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-5ZCd383yHbo/Yl0DQJ_dGnI/AAAAAAAAGPs/e1-7OE8_NH8Qt84OEyykv1og3C0rO_VXACNcBGAsYHQ/s16000/1650262845899482-0.png

Requested by

Host: uselottery.top
URL: http://uselottery.top/magnitcosmetic/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

50f25513c9d4de3b634da279404dfdab2e548c3266e97550174476ad4ded16dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://uselottery.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 16 Jan 2023 13:34:32 GMT
x-content-type-options: nosniff
age: 488
content-disposition: inline;filename="1650262845899482-0.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29902
x-xss-protection: 0
server: fife
etag: "v1900"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 17 Jan 2023 13:34:32 GMT

GET
H3 200 1650262843231676-1.png
1.bp.blogspot.com/-zdOCdPWWbqE/Yl0DPSbjKNI/AAAAAAAAGPo/mNvlZ_uLj4EwtlNC39R9UwQUNlRDTDuDwCNcBGAsYHQ/s16000/ 2 KB
2 KB 8ms
8ms Image
image/png 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-zdOCdPWWbqE/Yl0DPSbjKNI/AAAAAAAAGPo/mNvlZ_uLj4EwtlNC39R9UwQUNlRDTDuDwCNcBGAsYHQ/s16000/1650262843231676-1.png

Requested by

Host: uselottery.top
URL: http://uselottery.top/magnitcosmetic/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

36ece7f4273e516844bd28f4722accc9ad37dfc8243b33c7bae4534e54704220

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://uselottery.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 16 Jan 2023 13:34:32 GMT
x-content-type-options: nosniff
age: 488
content-disposition: inline;filename="1650262843231676-1.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1956
x-xss-protection: 0
server: fife
etag: "v18ff"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 17 Jan 2023 13:34:32 GMT

GET
H3 200 1650262826181929-8.png
1.bp.blogspot.com/--SFCJIrcgoY/Yl0DLEyjxZI/AAAAAAAAGPM/X4VJP6m_n_4xZa4GComtqiNoX8Xy5Gh_ACNcBGAsYHQ/s16000/ 13 KB
14 KB 9ms
8ms Image
image/png 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/--SFCJIrcgoY/Yl0DLEyjxZI/AAAAAAAAGPM/X4VJP6m_n_4xZa4GComtqiNoX8Xy5Gh_ACNcBGAsYHQ/s16000/1650262826181929-8.png

Requested by

Host: uselottery.top
URL: http://uselottery.top/magnitcosmetic/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

2f56b8fd0bc0fb4f7e52c84603db533471abb616932b4e4a4a3575d750e8c70a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://uselottery.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 16 Jan 2023 13:34:32 GMT
x-content-type-options: nosniff
age: 488
content-disposition: inline;filename="1650262826181929-8.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13802
x-xss-protection: 0
server: fife
etag: "v18fe"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 17 Jan 2023 13:34:32 GMT

GET
H3 200 1650262840678415-2.png
1.bp.blogspot.com/-wjRK-wZHemk/Yl0DOmpU4KI/AAAAAAAAGPk/O22Yqg9C8Ms7JKlKWq1u07I2m3bbwB11QCNcBGAsYHQ/s16000/ 9 KB
9 KB 12ms
12ms Image
image/png 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-wjRK-wZHemk/Yl0DOmpU4KI/AAAAAAAAGPk/O22Yqg9C8Ms7JKlKWq1u07I2m3bbwB11QCNcBGAsYHQ/s16000/1650262840678415-2.png

Requested by

Host: uselottery.top
URL: http://uselottery.top/magnitcosmetic/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

b22a3542c195c5defda72223c32ab38ca9ec6b054fc33890c00295199d98184a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://uselottery.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 16 Jan 2023 13:34:32 GMT
x-content-type-options: nosniff
age: 488
content-disposition: inline;filename="1650262840678415-2.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9410
x-xss-protection: 0
server: fife
etag: "v1900"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 17 Jan 2023 13:34:32 GMT

GET
H/1.1 200
OK responsive.js Show response
benfly.net/js/ 4 KB
4 KB 42ms
16ms Script
application/javascript 185.66.201.42
SKHOSTING-EU

General

Check archive.org

Show headers Download Go to

Full URL: http://benfly.net/js/responsive.js
Requested by: Host: uselottery.top
URL: http://uselottery.top/magnitcosmetic/
Protocol: HTTP/1.1
Server: 185.66.201.42 , Slovakia, ASN201702 (SKHOSTING-EU, SK),
Reverse DNS: affilist.com
Software: nginx /
Resource Hash: 542ff7234f3f326b5697cee7a2254b234ece203ab4bf30a468432ee2bacce8fb

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://uselottery.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Mon, 16 Jan 2023 13:42:40 GMT
Last-Modified: Wed, 02 Nov 2022 13:52:39 GMT
Server: nginx
ETag: "63627627-e32"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3634

GET
H2 200 bnr.php Show response
uprimp.com/ 427 B
681 B 64ms
16ms Script
application/javascript 185.66.200.220
SKHOSTING-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://uprimp.com/bnr.php?section=General&pub=995577&format=300x50&ga=g
Requested by: Host: uselottery.top
URL: http://uselottery.top/magnitcosmetic/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.66.200.220 , Slovakia, ASN201702 (SKHOSTING-EU, SK),
Reverse DNS: 185.66.200.220.skhosting.eu
Software: nginx /
Resource Hash: 530ed8f7e60a5e2492f39c14f5fc2acd481d5ef6fbcc9cf2f3a27bac6c9b084b

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://uselottery.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 16 Jan 2023 13:42:39 GMT
last-modified: Mon, 16 Jan 2023 13:42:39 GMT
server: nginx
content-type: application/javascript
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-robots-tag: noindex, nofollow, noarchive, nosnippet
expires: Mon, 16 Jan 2023 13:42:39 GMT

GET
H3 200 1648116857468723-3.png
1.bp.blogspot.com/-IX0NERPtlQw/YjxEe3TS3eI/AAAAAAAAF4o/JT1-055ZteshmvNJaIezvnAdnhDdl81UgCNcBGAsYHQ/s16000/ 27 KB
28 KB 11ms
10ms Image
image/jpeg 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-IX0NERPtlQw/YjxEe3TS3eI/AAAAAAAAF4o/JT1-055ZteshmvNJaIezvnAdnhDdl81UgCNcBGAsYHQ/s16000/1648116857468723-3.png

Requested by

Host: uselottery.top
URL: http://uselottery.top/magnitcosmetic/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

e46bc4c2e8bd7ce491a5a483fd2992494f6d12bb3c31b78f82b288768def5494

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://uselottery.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 16 Jan 2023 13:34:32 GMT
x-content-type-options: nosniff
age: 488
content-disposition: inline;filename="1648116857468723-3.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28134
x-xss-protection: 0
server: fife
etag: "v1792"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 17 Jan 2023 13:34:32 GMT

GET
H3 200 1648116844438770-8.png
1.bp.blogspot.com/-ONaLuCxUCKw/YjxEbtLNXFI/AAAAAAAAF4U/8d3l7FRKq7ILdtMlKWxRprXlSRfXX7K4QCNcBGAsYHQ/s16000/ 27 KB
27 KB 9ms
9ms Image
image/jpeg 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-ONaLuCxUCKw/YjxEbtLNXFI/AAAAAAAAF4U/8d3l7FRKq7ILdtMlKWxRprXlSRfXX7K4QCNcBGAsYHQ/s16000/1648116844438770-8.png

Requested by

Host: uselottery.top
URL: http://uselottery.top/magnitcosmetic/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

ad38ca76a4eb48aef2012117dae41caf049bd15771a66cc285fe7158f54482ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://uselottery.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 16 Jan 2023 13:34:32 GMT
x-content-type-options: nosniff
age: 488
content-disposition: inline;filename="1648116844438770-8.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27707
x-xss-protection: 0
server: fife
etag: "v178f"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 17 Jan 2023 13:34:32 GMT

GET
H3 200 1645167983129807-0.png
1.bp.blogspot.com/-hxPs5xYEeMw/Yg9Fb1u8biI/AAAAAAAAFCs/p6PDwSLIqs43Wqod7ErP2UuEqI6aqpJ5gCNcBGAsYHQ/s16000/ 28 KB
28 KB 9ms
8ms Image
image/jpeg 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-hxPs5xYEeMw/Yg9Fb1u8biI/AAAAAAAAFCs/p6PDwSLIqs43Wqod7ErP2UuEqI6aqpJ5gCNcBGAsYHQ/s16000/1645167983129807-0.png

Requested by

Host: uselottery.top
URL: http://uselottery.top/magnitcosmetic/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

a0a20e881c51ca5a9beffa60ca64d6773158a2c8aa8490f3e0a3791f8f853cfb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://uselottery.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 16 Jan 2023 13:34:32 GMT
x-content-type-options: nosniff
age: 488
content-disposition: inline;filename="1645167983129807-0.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28982
x-xss-protection: 0
server: fife
etag: "v1432"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 17 Jan 2023 13:34:32 GMT

GET
H3 200 1645176776098597-3.png
1.bp.blogspot.com/-O07MzUE2x0M/Yg9nyHKAr1I/AAAAAAAAFDs/U7WO4SIueVYP0b0Z_M_BXD0BoZ0TO44WwCNcBGAsYHQ/s16000/ 27 KB
27 KB 9ms
8ms Image
image/jpeg 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-O07MzUE2x0M/Yg9nyHKAr1I/AAAAAAAAFDs/U7WO4SIueVYP0b0Z_M_BXD0BoZ0TO44WwCNcBGAsYHQ/s16000/1645176776098597-3.png

Requested by

Host: uselottery.top
URL: http://uselottery.top/magnitcosmetic/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

bea27ac894021e6d0942c8597f1f0b351c9940b9b2322fd61387b1a80c276e46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://uselottery.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 16 Jan 2023 13:34:32 GMT
x-content-type-options: nosniff
age: 488
content-disposition: inline;filename="1645176776098597-3.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28043
x-xss-protection: 0
server: fife
etag: "v1445"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 17 Jan 2023 13:34:32 GMT

GET
H3 200 30.jpg
1.bp.blogspot.com/-MMfkWQscwu8/YHgClhb8W-I/AAAAAAAAA_8/R9Dwskp0oeo3fxUWxdY6_To_ytfyqnIxgCLcBGAsYHQ/s16000/ 12 KB
12 KB 8ms
8ms Image
image/jpeg 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-MMfkWQscwu8/YHgClhb8W-I/AAAAAAAAA_8/R9Dwskp0oeo3fxUWxdY6_To_ytfyqnIxgCLcBGAsYHQ/s16000/30.jpg

Requested by

Host: uselottery.top
URL: http://uselottery.top/magnitcosmetic/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

206739c3809a179edfd46d57bdf934bd0181a184f2ce72c506cc910440a0c4db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://uselottery.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 16 Jan 2023 10:14:45 GMT
x-content-type-options: nosniff
age: 12475
content-disposition: inline;filename="30.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12216
x-xss-protection: 0
server: fife
etag: "v451"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 14 Jan 2023 11:02:21 GMT

GET
H3 200 18.jpg
1.bp.blogspot.com/-p1ChveCU69o/YHayWUEVcuI/AAAAAAAAA6Q/tdTo5J-EY-ATfKBk4FbncNEVWQWgLjS1ACLcBGAsYHQ/s16000/ 7 KB
7 KB 9ms
8ms Image
image/jpeg 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-p1ChveCU69o/YHayWUEVcuI/AAAAAAAAA6Q/tdTo5J-EY-ATfKBk4FbncNEVWQWgLjS1ACLcBGAsYHQ/s16000/18.jpg

Requested by

Host: uselottery.top
URL: http://uselottery.top/magnitcosmetic/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

c83868f743900bd013d53aa67ca833fece2b62c28a9b906512c9d74b01e6bf77

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://uselottery.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 16 Jan 2023 13:34:32 GMT
x-content-type-options: nosniff
age: 488
content-disposition: inline;filename="18.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6857
x-xss-protection: 0
server: fife
etag: "v3b5"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 17 Jan 2023 13:34:32 GMT

GET
H3 200 14.jpg
1.bp.blogspot.com/--mmji97XnyY/YHgCiXjljfI/AAAAAAAAA-s/AwAAJ3WnPzc7YyEUKwMQPhnna3cX58JiQCLcBGAsYHQ/s16000/ 11 KB
11 KB 8ms
8ms Image
image/jpeg 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/--mmji97XnyY/YHgCiXjljfI/AAAAAAAAA-s/AwAAJ3WnPzc7YyEUKwMQPhnna3cX58JiQCLcBGAsYHQ/s16000/14.jpg

Requested by

Host: uselottery.top
URL: http://uselottery.top/magnitcosmetic/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

7fe9f77c8f0908ade1db8e6d55aa9161bdd995a82380a6ef1f6bf7842b1181d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://uselottery.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 16 Jan 2023 13:34:32 GMT
x-content-type-options: nosniff
age: 488
content-disposition: inline;filename="14.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11577
x-xss-protection: 0
server: fife
etag: "v452"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 14 Jan 2023 11:02:21 GMT

GET
H3 200 46.jpg
1.bp.blogspot.com/-C2JfAbOkHAA/YHgCocHDwcI/AAAAAAAABBA/fp9rmQjt3dcbCCn1SgWZo-Nzf4z8Ja3KgCLcBGAsYHQ/s16000/ 11 KB
11 KB 8ms
8ms Image
image/jpeg 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-C2JfAbOkHAA/YHgCocHDwcI/AAAAAAAABBA/fp9rmQjt3dcbCCn1SgWZo-Nzf4z8Ja3KgCLcBGAsYHQ/s16000/46.jpg

Requested by

Host: uselottery.top
URL: http://uselottery.top/magnitcosmetic/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

6d275e2a0519d336493d928bb741a3435357d29fe1dee10567ea5a246d7e1144

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://uselottery.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 16 Jan 2023 10:14:46 GMT
x-content-type-options: nosniff
age: 12474
content-disposition: inline;filename="46.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11717
x-xss-protection: 0
server: fife
etag: "v451"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 16 Jan 2023 13:46:45 GMT

GET
H3 200 1.jpg
1.bp.blogspot.com/-A9gGeBaBT1k/YFmmMrDxvOI/AAAAAAAAAO0/ZcHE42CBSowoemyMNsFglLyGhZIu6k9VQCLcBGAsYHQ/s0/ 3 KB
3 KB 11ms
11ms Image
image/jpeg 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-A9gGeBaBT1k/YFmmMrDxvOI/AAAAAAAAAO0/ZcHE42CBSowoemyMNsFglLyGhZIu6k9VQCLcBGAsYHQ/s0/1.jpg

Requested by

Host: uselottery.top
URL: http://uselottery.top/magnitcosmetic/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

73be4e3bf11051d3a78c0e5cadaa1736e64f3432a471665c8d05cf2b7fdbc4e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://uselottery.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 16 Jan 2023 10:14:46 GMT
x-content-type-options: nosniff
age: 12474
content-disposition: inline;filename="1.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3123
x-xss-protection: 0
server: fife
etag: "vf4"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 09 Jan 2023 05:14:47 GMT

GET
H3 200 5.jpg
1.bp.blogspot.com/-1mFaaoOIqmw/YFmmNgCnEvI/AAAAAAAAAPE/ovOF8Lxu_P8dFqQurOjuTf0rJMaY8iWOwCLcBGAsYHQ/s0/ 3 KB
3 KB 9ms
8ms Image
image/jpeg 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-1mFaaoOIqmw/YFmmNgCnEvI/AAAAAAAAAPE/ovOF8Lxu_P8dFqQurOjuTf0rJMaY8iWOwCLcBGAsYHQ/s0/5.jpg

Requested by

Host: uselottery.top
URL: http://uselottery.top/magnitcosmetic/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

78b0672032059685568c7cd585da34a261d6da7b625179950b371bdedbf77261

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://uselottery.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

date: Mon, 16 Jan 2023 10:14:46 GMT
x-content-type-options: nosniff
age: 12474
content-disposition: inline;filename="5.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2617
x-xss-protection: 0
server: fife
etag: "vf7"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Mon, 16 Jan 2023 13:46:46 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
345 B 38ms
15ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-4P4ZF0BJDZ&gtm=2oe1a1&_p=931622955&cid=814755382.1673876561&ul=en-us&sr=1600x1200&_s=1&sid=1673876561&sct=1&seg=0&dl=http%3A%2F%2Fuselottery.top%2Fmagnitcosmetic%2F&dt=%F0%9F%8E%89%F0%9F%92%84%E2%93%82Magnit%20Cosmetic%2012%20Jahre%20Feier%F0%9F%9B%8D%EF%B8%8F%F0%9F%8E%8A&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4P4ZF0BJDZ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://uselottery.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 16 Jan 2023 13:42:41 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://uselottery.top
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bnr_xload.php Show response
uprimp.com/ Frame 312F 0
255 B 23ms
22ms Document
text/html 185.66.200.220
SKHOSTING-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://uprimp.com/bnr_xload.php?section=General&pub=995577&format=300x50&ga=g&xt=167387655997792&xtt=2856331
Requested by: Host: uprimp.com
URL: https://uprimp.com/bnr.php?section=General&pub=995577&format=300x50&ga=g
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.66.200.220 , Slovakia, ASN201702 (SKHOSTING-EU, SK),
Reverse DNS: 185.66.200.220.skhosting.eu
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://uselottery.top/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate post-check=0, pre-check=0
content-type: text/html; charset=UTF-8
date: Mon, 16 Jan 2023 13:42:41 GMT
expires: Mon, 16 Jan 2023 13:42:41 GMT
last-modified: Mon, 16 Jan 2023 13:42:41 GMT
pragma: no-cache
server: nginx
x-robots-tag: noindex, nofollow, noarchive, nosnippet

GET
H/1.1 200
OK yuming.js Show response
uselottery.top/magnitcosmetic/ 268 B
1004 B 432ms
432ms XHR
application/javascript 2606:4700:3032::6815:4baf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://uselottery.top/magnitcosmetic/yuming.js?1673876561393&_=1673876559934
Requested by: Host: js.goodgoodstudy.biz
URL: https://js.goodgoodstudy.biz/npm/jquery@3.6.0/dist/jquery.min.js
Protocol: HTTP/1.1
Server: 2606:4700:3032::6815:4baf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5bda45e4d33945806bf64cd6897f2a01c0d4587a6634905f0762925f8666765d

Request headers

Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer: http://uselottery.top/magnitcosmetic/
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Mon, 16 Jan 2023 13:42:41 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Last-Modified: Mon, 18 Apr 2022 07:17:27 GMT
Server: cloudflare
ETag: W/"625d1087-10c"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AgK7VnOLgruuPlbSVfAsgH8kpBKGz2XZmefrCVHwCWT2OETqVSCcQNtCHFZMBjqFGJkSzGeP0p4AofU1VHki0GSFV99gI%2BAzrjyRbzaFKBnjpOQbf7VNVhSejLtwn2u5OuDx6v44e4JSl3bhcA%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
Cache-Control: max-age=43200
CF-RAY: 78a7469cb82d9150-FRA
Expires: Tue, 17 Jan 2023 01:42:41 GMT

GET
H/1.1 200
OK hm.js Show response
hm.baidu.com/ 29 KB
12 KB 882ms
347ms Script
application/javascript 103.235.46.191
BAIDU Beijing Bai...

General

Check archive.org

Show headers Download Go to

Full URL

https://hm.baidu.com/hm.js?2c96b9e613d045c70b68ee91a4d1b62b

Requested by

Host: uselottery.top
URL: http://uselottery.top/magnitcosmetic/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),

Reverse DNS

Software

apache /

Resource Hash

344ce42c4b3d3c6b86692df07f1dccdd0f0b296d28d8193aed7348aae3e539e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=172800

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://uselottery.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Mon, 16 Jan 2023 13:42:42 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=172800
Server: apache
Etag: 57bdee457fdfa25244fea1e13d58a9bc
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: application/javascript
Cache-Control: max-age=0, must-revalidate
Content-Length: 11307

GET
H/1.1 200
OK hm.js Show response
hm.baidu.com/ 29 KB
12 KB 889ms
345ms Script
application/javascript 103.235.46.191
BAIDU Beijing Bai...

General

Check archive.org

Show headers Download Go to

Full URL

https://hm.baidu.com/hm.js?fe2131a30a7eef80970fad70159cd124

Requested by

Host: uselottery.top
URL: http://uselottery.top/magnitcosmetic/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),

Reverse DNS

Software

apache /

Resource Hash

64235f767f6bf46b446d51b868afd2128d4fea68d4824c090561820aa28853bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=172800

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://uselottery.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Mon, 16 Jan 2023 13:42:42 GMT
Content-Encoding: gzip
Strict-Transport-Security: max-age=172800
Server: apache
Etag: 48204a8630c56016a82382762b842c21
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: application/javascript
Cache-Control: max-age=0, must-revalidate
Content-Length: 11324

GET
H/1.1 200
OK tb2.php Show response
uselottery.top/j/ 137 B
790 B 436ms
436ms XHR
text/html 2606:4700:3032::6815:4baf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://uselottery.top/j/tb2.php?c=magnitcosmetic&np=taoluming&_=1673876559935
Requested by: Host: js.goodgoodstudy.biz
URL: https://js.goodgoodstudy.biz/npm/jquery@3.6.0/dist/jquery.min.js
Protocol: HTTP/1.1
Server: 2606:4700:3032::6815:4baf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 01081a1653f81560a50d005750194d67dd94065b7de1a04e13ba4aee40a69bd0

Request headers

Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer: http://uselottery.top/magnitcosmetic/
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Mon, 16 Jan 2023 13:42:42 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YIScF2laVGDv9LKqK960zG2CSeVI5jPGEWZvy9C4bZYwv7RI59ZzzpqhL5utqHkp0cKdTBRpn8Me5rlRTS7DdvGqnONG5Dt%2F3kPF7PmW2Ld7UcjfiKg%2FjKYsLupNNLI0u1PbbFgQf8drWMxZig%3D%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Connection: keep-alive
CF-RAY: 78a7469f7d359150-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H/1.1 200
OK hm.gif
hm.baidu.com/ 43 B
299 B 341ms
341ms Image
image/gif 103.235.46.191
BAIDU Beijing Bai...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1600x1200&vl=1200&et=0&ja=0&ln=en-us&lo=0&rnd=1365361284&si=2c96b9e613d045c70b68ee91a4d1b62b&v=1.3.0&lv=1&sn=47128&r=0&ww=1600&u=http%3A%2F%2Fuselottery.top%2Fmagnitcosmetic%2F%231673876561896&tt=%F0%9F%8E%89%F0%9F%92%84%E2%93%82Magnit%20Cosmetic%2012%20Jahre%20Feier%F0%9F%9B%8D%EF%B8%8F%F0%9F%8E%8A

Requested by

Host: uselottery.top
URL: http://uselottery.top/magnitcosmetic/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),

Reverse DNS

Software

apache /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=172800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://uselottery.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 16 Jan 2023 13:42:42 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
Server: apache
Content-Type: image/gif
Cache-Control: private, max-age=0, no-cache
Content-Length: 43

GET
H/1.1 200
OK hm.gif
hm.baidu.com/ 43 B
299 B 346ms
345ms Image
image/gif 103.235.46.191
BAIDU Beijing Bai...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1600x1200&vl=1200&et=0&ja=0&ln=en-us&lo=0&rnd=1312118329&si=fe2131a30a7eef80970fad70159cd124&v=1.3.0&lv=1&sn=47128&r=0&ww=1600&u=http%3A%2F%2Fuselottery.top%2Fmagnitcosmetic%2F%231673876561896&tt=%F0%9F%8E%89%F0%9F%92%84%E2%93%82Magnit%20Cosmetic%2012%20Jahre%20Feier%F0%9F%9B%8D%EF%B8%8F%F0%9F%8E%8A

Requested by

Host: uselottery.top
URL: http://uselottery.top/magnitcosmetic/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),

Reverse DNS

Software

apache /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=172800
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://uselottery.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 16 Jan 2023 13:42:42 GMT
Strict-Transport-Security: max-age=172800
X-Content-Type-Options: nosniff
Server: apache
Content-Type: image/gif
Cache-Control: private, max-age=0, no-cache
Content-Length: 43

GET
H/1.1 200
OK / Show response
benfly.net/c39aadb942/da1c750f07/ Frame 933B 33 KB
4 KB 55ms
54ms Document
text/html 185.66.201.42
SKHOSTING-EU

General

Check archive.org

Show headers Download Go to

Full URL: http://benfly.net/c39aadb942/da1c750f07/?placementName=default&is_first=true&randomA=0_464&maxw=0
Requested by: Host: benfly.net
URL: http://benfly.net/js/responsive.js
Protocol: HTTP/1.1
Server: 185.66.201.42 , Slovakia, ASN201702 (SKHOSTING-EU, SK),
Reverse DNS: affilist.com
Software: nginx /
Resource Hash: 547137a2a99ee7be26e5a059679cc6119b7fbd472904ec4b708346af4ec8d5e0

Request headers

Referer: http://uselottery.top/magnitcosmetic/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate post-check=0, pre-check=0
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Mon, 16 Jan 2023 13:42:43 GMT
Expires: Sun, 01 Jan 2014 00:00:00 GMT
Pragma: no-cache
Server: nginx
Transfer-Encoding: chunked
X-Robots-Tag: noindex,nofollow

GET
H2 200 css
fonts.googleapis.com/ Frame 933B 1 KB
934 B 41ms
18ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Catamaran:800&display=swap

Requested by

Host: benfly.net
URL: http://benfly.net/c39aadb942/da1c750f07/?placementName=default&is_first=true&randomA=0_464&maxw=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c95e71c15b79ee8adfcbe70fbeabb849da3bbdfdc76ab6e353a321f816451bd3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://benfly.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 16 Jan 2023 13:42:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 16 Jan 2023 13:42:43 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 16 Jan 2023 13:42:43 GMT

GET
H/1.1 200
OK fire.jpg
aff-a.advertica-cdn.com/genericImages/breaking-news/ Frame 933B 95 KB
96 KB 52ms
15ms Image
image/jpeg 185.66.200.127
SKHOSTING-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://aff-a.advertica-cdn.com/genericImages/breaking-news/fire.jpg
Requested by: Host: benfly.net
URL: http://benfly.net/c39aadb942/da1c750f07/?placementName=default&is_first=true&randomA=0_464&maxw=0
Protocol: HTTP/1.1
Server: 185.66.200.127 , Slovakia, ASN201702 (SKHOSTING-EU, SK),
Reverse DNS: 185.66.200.127.skhosting.eu
Software: nginx /
Resource Hash: 3ede3834b5ab7b96eb553d15389b0a2d6dca3f2c2f8b6c7a80c313f0c125a949

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://benfly.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Mon, 16 Jan 2023 13:42:43 GMT
Content-Encoding: gzip
Last-Modified: Wed, 09 Oct 2019 09:26:37 GMT
Server: nginx
ETag: W/"5d9da7cd-17dc1"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
X-Cache: HIT
Cache-Control: max-age=2592000
X-Server: cdnbts
Connection: keep-alive
Expires: Wed, 15 Feb 2023 13:42:43 GMT

GET
H/1.1 200
OK tornado.jpg
aff-a.advertica-cdn.com/genericImages/breaking-news/ Frame 933B 41 KB
40 KB 52ms
15ms Image
image/jpeg 185.66.200.127
SKHOSTING-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://aff-a.advertica-cdn.com/genericImages/breaking-news/tornado.jpg
Requested by: Host: benfly.net
URL: http://benfly.net/c39aadb942/da1c750f07/?placementName=default&is_first=true&randomA=0_464&maxw=0
Protocol: HTTP/1.1
Server: 185.66.200.127 , Slovakia, ASN201702 (SKHOSTING-EU, SK),
Reverse DNS: 185.66.200.127.skhosting.eu
Software: nginx /
Resource Hash: e3f8c209cb36df0ec275c3e0a5181494b023893e96fd25c668646fde8cf10003

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://benfly.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Mon, 16 Jan 2023 13:42:43 GMT
Content-Encoding: gzip
Last-Modified: Wed, 09 Oct 2019 09:25:36 GMT
Server: nginx
ETag: W/"5d9da790-a397"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
X-Cache: HIT
Cache-Control: max-age=2592000
X-Server: cdnbts
Connection: keep-alive
Expires: Wed, 15 Feb 2023 13:42:43 GMT

GET
H/1.1 200
OK shark.jpg
aff-a.advertica-cdn.com/genericImages/breaking-news/ Frame 933B 102 KB
102 KB 52ms
15ms Image
image/jpeg 185.66.200.127
SKHOSTING-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://aff-a.advertica-cdn.com/genericImages/breaking-news/shark.jpg
Requested by: Host: benfly.net
URL: http://benfly.net/c39aadb942/da1c750f07/?placementName=default&is_first=true&randomA=0_464&maxw=0
Protocol: HTTP/1.1
Server: 185.66.200.127 , Slovakia, ASN201702 (SKHOSTING-EU, SK),
Reverse DNS: 185.66.200.127.skhosting.eu
Software: nginx /
Resource Hash: 9ef2b1aecd71c5ee019f84f0e50624057f65be84e1834f53281eda772426d0e0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://benfly.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Mon, 16 Jan 2023 13:42:43 GMT
Content-Encoding: gzip
Last-Modified: Wed, 09 Oct 2019 09:26:04 GMT
Server: nginx
ETag: W/"5d9da7ac-197f9"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
X-Cache: HIT
Cache-Control: max-age=2592000
X-Server: cdnbts
Connection: keep-alive
Expires: Wed, 15 Feb 2023 13:42:43 GMT

GET
H/1.1 200
OK unicorn.jpg
aff-a.advertica-cdn.com/genericImages/breaking-news/ Frame 933B 131 KB
130 KB 58ms
19ms Image
image/jpeg 185.66.200.127
SKHOSTING-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://aff-a.advertica-cdn.com/genericImages/breaking-news/unicorn.jpg
Requested by: Host: benfly.net
URL: http://benfly.net/c39aadb942/da1c750f07/?placementName=default&is_first=true&randomA=0_464&maxw=0
Protocol: HTTP/1.1
Server: 185.66.200.127 , Slovakia, ASN201702 (SKHOSTING-EU, SK),
Reverse DNS: 185.66.200.127.skhosting.eu
Software: nginx /
Resource Hash: b5d9a3fb3f15053974af593c51e39440f1dfea9a23250fe7bb6e7c9a3f6369d5

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://benfly.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Mon, 16 Jan 2023 13:42:43 GMT
Content-Encoding: gzip
Last-Modified: Wed, 09 Oct 2019 09:24:51 GMT
Server: nginx
ETag: W/"5d9da763-20b52"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
X-Cache: HIT
Cache-Control: max-age=2592000
X-Server: cdnbts
Connection: keep-alive
Expires: Wed, 15 Feb 2023 13:42:43 GMT

GET
H/1.1 200
OK ufo.jpg
aff-a.advertica-cdn.com/genericImages/breaking-news/ Frame 933B 79 KB
79 KB 59ms
19ms Image
image/jpeg 185.66.200.127
SKHOSTING-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://aff-a.advertica-cdn.com/genericImages/breaking-news/ufo.jpg
Requested by: Host: benfly.net
URL: http://benfly.net/c39aadb942/da1c750f07/?placementName=default&is_first=true&randomA=0_464&maxw=0
Protocol: HTTP/1.1
Server: 185.66.200.127 , Slovakia, ASN201702 (SKHOSTING-EU, SK),
Reverse DNS: 185.66.200.127.skhosting.eu
Software: nginx /
Resource Hash: 627c82828babeaca73f02040facb14b5200b06511fa5ad572c1e3b4ae8b97a38

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://benfly.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Mon, 16 Jan 2023 13:42:43 GMT
Content-Encoding: gzip
Last-Modified: Wed, 09 Oct 2019 09:25:05 GMT
Server: nginx
ETag: W/"5d9da771-13b4b"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
X-Cache: HIT
Cache-Control: max-age=2592000
X-Server: cdnbts
Connection: keep-alive
Expires: Wed, 15 Feb 2023 13:42:43 GMT

GET
H/1.1 200
OK rocket.jpg
aff-a.advertica-cdn.com/genericImages/breaking-news/ Frame 933B 88 KB
89 KB 60ms
19ms Image
image/jpeg 185.66.200.127
SKHOSTING-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://aff-a.advertica-cdn.com/genericImages/breaking-news/rocket.jpg
Requested by: Host: benfly.net
URL: http://benfly.net/c39aadb942/da1c750f07/?placementName=default&is_first=true&randomA=0_464&maxw=0
Protocol: HTTP/1.1
Server: 185.66.200.127 , Slovakia, ASN201702 (SKHOSTING-EU, SK),
Reverse DNS: 185.66.200.127.skhosting.eu
Software: nginx /
Resource Hash: 25a604f84ee36fc3ca14abbc9fd2d0f7fd77d25304be93e7d8ab853fad2b8d8f

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://benfly.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Mon, 16 Jan 2023 13:42:43 GMT
Content-Encoding: gzip
Last-Modified: Wed, 09 Oct 2019 09:26:15 GMT
Server: nginx
ETag: W/"5d9da7b7-160b5"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
X-Cache: HIT
Cache-Control: max-age=2592000
X-Server: cdnbts
Connection: keep-alive
Expires: Wed, 15 Feb 2023 13:42:43 GMT

GET
H/1.1 200
OK spider.jpg
aff-a.advertica-cdn.com/genericImages/breaking-news/ Frame 933B 61 KB
61 KB 15ms
15ms Image
image/jpeg 185.66.200.127
SKHOSTING-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://aff-a.advertica-cdn.com/genericImages/breaking-news/spider.jpg
Requested by: Host: benfly.net
URL: http://benfly.net/c39aadb942/da1c750f07/?placementName=default&is_first=true&randomA=0_464&maxw=0
Protocol: HTTP/1.1
Server: 185.66.200.127 , Slovakia, ASN201702 (SKHOSTING-EU, SK),
Reverse DNS: 185.66.200.127.skhosting.eu
Software: nginx /
Resource Hash: 537c480d9d4ba33cdfd456f2593051318b5838929038f27e66c517eff4273913

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://benfly.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Mon, 16 Jan 2023 13:42:43 GMT
Content-Encoding: gzip
Last-Modified: Wed, 09 Oct 2019 09:25:50 GMT
Server: nginx
ETag: W/"5d9da79e-f2f2"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
X-Cache: HIT
Cache-Control: max-age=2592000
X-Server: cdnbts
Connection: keep-alive
Expires: Wed, 15 Feb 2023 13:42:43 GMT

GET
H/1.1 200
OK monster.jpg
aff-a.advertica-cdn.com/genericImages/breaking-news/ Frame 933B 28 KB
28 KB 18ms
17ms Image
image/jpeg 185.66.200.127
SKHOSTING-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://aff-a.advertica-cdn.com/genericImages/breaking-news/monster.jpg
Requested by: Host: benfly.net
URL: http://benfly.net/c39aadb942/da1c750f07/?placementName=default&is_first=true&randomA=0_464&maxw=0
Protocol: HTTP/1.1
Server: 185.66.200.127 , Slovakia, ASN201702 (SKHOSTING-EU, SK),
Reverse DNS: 185.66.200.127.skhosting.eu
Software: nginx /
Resource Hash: a1dfbcc9db37f157c099783262e8d3d5870da968e5ebeec15cd8465410c3b926

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://benfly.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Mon, 16 Jan 2023 13:42:43 GMT
Content-Encoding: gzip
Last-Modified: Wed, 09 Oct 2019 09:26:27 GMT
Server: nginx
ETag: W/"5d9da7c3-6f44"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
X-Cache: HIT
Cache-Control: max-age=2592000
X-Server: cdnbts
Connection: keep-alive
Expires: Wed, 15 Feb 2023 13:42:43 GMT

GET
H/1.1 200
OK water.jpg
aff-a.advertica-cdn.com/genericImages/breaking-news/ Frame 933B 107 KB
107 KB 16ms
16ms Image
image/jpeg 185.66.200.127
SKHOSTING-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://aff-a.advertica-cdn.com/genericImages/breaking-news/water.jpg
Requested by: Host: benfly.net
URL: http://benfly.net/c39aadb942/da1c750f07/?placementName=default&is_first=true&randomA=0_464&maxw=0
Protocol: HTTP/1.1
Server: 185.66.200.127 , Slovakia, ASN201702 (SKHOSTING-EU, SK),
Reverse DNS: 185.66.200.127.skhosting.eu
Software: nginx /
Resource Hash: abbf321467ead1fd88d0429817091daf733b38b7f9850ecf1b9308daf64147ac

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://benfly.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Mon, 16 Jan 2023 13:42:43 GMT
Content-Encoding: gzip
Last-Modified: Wed, 09 Oct 2019 09:24:25 GMT
Server: nginx
ETag: W/"5d9da749-1ac32"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
X-Cache: HIT
Cache-Control: max-age=2592000
X-Server: cdnbts
Connection: keep-alive
Expires: Wed, 15 Feb 2023 13:42:43 GMT

GET
H/1.1 200
OK tsunami.jpg
aff-a.advertica-cdn.com/genericImages/breaking-news/ Frame 933B 88 KB
88 KB 21ms
21ms Image
image/jpeg 185.66.200.127
SKHOSTING-EU

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://aff-a.advertica-cdn.com/genericImages/breaking-news/tsunami.jpg
Requested by: Host: benfly.net
URL: http://benfly.net/c39aadb942/da1c750f07/?placementName=default&is_first=true&randomA=0_464&maxw=0
Protocol: HTTP/1.1
Server: 185.66.200.127 , Slovakia, ASN201702 (SKHOSTING-EU, SK),
Reverse DNS: 185.66.200.127.skhosting.eu
Software: nginx /
Resource Hash: a906a456989df7202a54606e33079557cc9cf65a61941150073b337ff6f3b035

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://benfly.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date: Mon, 16 Jan 2023 13:42:43 GMT
Content-Encoding: gzip
Last-Modified: Wed, 09 Oct 2019 09:25:19 GMT
Server: nginx
ETag: W/"5d9da77f-15e0e"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
X-Cache: HIT
Cache-Control: max-age=2592000
X-Server: cdnbts
Connection: keep-alive
Expires: Wed, 15 Feb 2023 13:42:43 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
54 B 15ms
15ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-4P4ZF0BJDZ&gtm=2oe1a1&_p=931622955&cid=814755382.1673876561&ul=en-us&sr=1600x1200&_s=2&sid=1673876561&sct=1&seg=0&dl=http%3A%2F%2Fuselottery.top%2Fmagnitcosmetic%2F&dt=%F0%9F%8E%89%F0%9F%92%84%E2%93%82Magnit%20Cosmetic%2012%20Jahre%20Feier%F0%9F%9B%8D%EF%B8%8F%F0%9F%8E%8A&en=scroll&epn.percent_scrolled=90&_et=6
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4P4ZF0BJDZ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://uselottery.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 16 Jan 2023 13:42:46 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://uselottery.top
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

86 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.uselottery.top/	1970-01-20 18:33:56	Name: _ga_4P4ZF0BJDZ Value: GS1.1.1673876561.1.0.1673876561.0.0.0
.uselottery.top/	1970-01-20 18:33:56	Name: _ga Value: GA1.1.814755382.1673876561
.hm.baidu.com/	1970-01-20 18:33:56	Name: HMACCOUNT_BFESS Value: 6F247D51FF308A04
.uselottery.top/	1970-01-20 17:43:32	Name: Hm_lvt_2c96b9e613d045c70b68ee91a4d1b62b Value: 1673876563
.uselottery.top/	1969-12-31 23:59:59	Name: Hm_lpvt_2c96b9e613d045c70b68ee91a4d1b62b Value: 1673876563
.uselottery.top/	1970-01-20 17:43:32	Name: Hm_lvt_fe2131a30a7eef80970fad70159cd124 Value: 1673876563
.uselottery.top/	1969-12-31 23:59:59	Name: Hm_lpvt_fe2131a30a7eef80970fad70159cd124 Value: 1673876563

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1.bp.blogspot.com
aff-a.advertica-cdn.com
benfly.net
fonts.googleapis.com
hm.baidu.com
js.goodgoodstudy.biz
region1.google-analytics.com
uprimp.com
uselottery.top
www.googletagmanager.com
103.235.46.191
185.66.200.127
185.66.200.220
185.66.201.42
2001:4860:4802:32::36
2606:4700:3032::6815:4baf
2a00:1450:4001:806::2001
2a00:1450:4001:82b::200a
2a00:1450:400d:802::2008
2a06:98c1:3120::3
01081a1653f81560a50d005750194d67dd94065b7de1a04e13ba4aee40a69bd0
0b7274b0b5b7f411de46416a6c9941062f7a57aaf919fdeda367b5959f4ce8ef
0e345a5348fbf5e804408d4dace9d2cc08f1bff344011ed2e13f260562114f0f
1ffc064a2fccc60ebbeb503e587cbb1bfb7029bc13c6a93d2e9c97714a8c6f19
206739c3809a179edfd46d57bdf934bd0181a184f2ce72c506cc910440a0c4db
25a604f84ee36fc3ca14abbc9fd2d0f7fd77d25304be93e7d8ab853fad2b8d8f
2bc3d4c69d2b85b7b972b8b1b1d35fe0274346231a64d63207e64b528ca2dfa3
2f56b8fd0bc0fb4f7e52c84603db533471abb616932b4e4a4a3575d750e8c70a
344ce42c4b3d3c6b86692df07f1dccdd0f0b296d28d8193aed7348aae3e539e3
36ece7f4273e516844bd28f4722accc9ad37dfc8243b33c7bae4534e54704220
3ede3834b5ab7b96eb553d15389b0a2d6dca3f2c2f8b6c7a80c313f0c125a949
50f25513c9d4de3b634da279404dfdab2e548c3266e97550174476ad4ded16dd
530ed8f7e60a5e2492f39c14f5fc2acd481d5ef6fbcc9cf2f3a27bac6c9b084b
537c480d9d4ba33cdfd456f2593051318b5838929038f27e66c517eff4273913
542ff7234f3f326b5697cee7a2254b234ece203ab4bf30a468432ee2bacce8fb
547137a2a99ee7be26e5a059679cc6119b7fbd472904ec4b708346af4ec8d5e0
5bda45e4d33945806bf64cd6897f2a01c0d4587a6634905f0762925f8666765d
627c82828babeaca73f02040facb14b5200b06511fa5ad572c1e3b4ae8b97a38
64235f767f6bf46b446d51b868afd2128d4fea68d4824c090561820aa28853bd
6bc641f12d571f19855346ee9e1fd40d4d3f6cabf35fa97eb9e630320371acaf
6d275e2a0519d336493d928bb741a3435357d29fe1dee10567ea5a246d7e1144
72fbbc82cc9f59dacc8285d6cf5acd27d77fd5f89e429c9fd53f1c9d8aa9e5cd
73be4e3bf11051d3a78c0e5cadaa1736e64f3432a471665c8d05cf2b7fdbc4e4
78b0672032059685568c7cd585da34a261d6da7b625179950b371bdedbf77261
7d7a9043f4bed303fe2974ac4e3ba10d6b214e70f7ae549786ba2d347de05f81
7fe9f77c8f0908ade1db8e6d55aa9161bdd995a82380a6ef1f6bf7842b1181d5
9ef2b1aecd71c5ee019f84f0e50624057f65be84e1834f53281eda772426d0e0
a0a20e881c51ca5a9beffa60ca64d6773158a2c8aa8490f3e0a3791f8f853cfb
a1dfbcc9db37f157c099783262e8d3d5870da968e5ebeec15cd8465410c3b926
a4555d8dee9f8adc976e84a97dfe87e6bf5794b579f49bb56f133fed85f7d709
a906a456989df7202a54606e33079557cc9cf65a61941150073b337ff6f3b035
abbf321467ead1fd88d0429817091daf733b38b7f9850ecf1b9308daf64147ac
ad38ca76a4eb48aef2012117dae41caf049bd15771a66cc285fe7158f54482ae
b219e4cd8f8f9216f159285019be30d6bfe475d92ca30b3561551aaa2174751d
b22a3542c195c5defda72223c32ab38ca9ec6b054fc33890c00295199d98184a
b5d9a3fb3f15053974af593c51e39440f1dfea9a23250fe7bb6e7c9a3f6369d5
bea27ac894021e6d0942c8597f1f0b351c9940b9b2322fd61387b1a80c276e46
c83868f743900bd013d53aa67ca833fece2b62c28a9b906512c9d74b01e6bf77
c95e71c15b79ee8adfcbe70fbeabb849da3bbdfdc76ab6e353a321f816451bd3
c979577904e7957d025a7393475fb604ce88f001f2b7475574eb0543b54947f6
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
e290dc4993b9ae7d34440db26be412b4bc4547a48ff635750d400164665d7fa6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3f8c209cb36df0ec275c3e0a5181494b023893e96fd25c668646fde8cf10003
e46bc4c2e8bd7ce491a5a483fd2992494f6d12bb3c31b78f82b288768def5494
ee11e902416a1d896f538103110337b39a0e2e2606bc1faf5cd0652914891127
f3f583832252b7eb799c234d968e4525c9f5c826a32a3c359b94c8a14ceabf13

uselottery.top Open in urlscan Pro 2606:4700:3032::6815:4baf Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

50 Requests

68 %HTTPS

60 %IPv6

10 Domains

10 Subdomains

10 IPs

5 Countries

1606 kBTransfer

2186 kBSize

7 Cookies

0 Outgoing links

Page URL History

Redirected requests

50 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

uselottery.top Open in urlscan Pro
2606:4700:3032::6815:4baf Public Scan

Screenshot
Live screenshot

Full Image

50
Requests

68 %
HTTPS

60 %
IPv6

10
Domains

10
Subdomains

10
IPs

5
Countries

1606 kB
Transfer

2186 kB
Size

7
Cookies

50 HTTP transactions
0 data transactions