win-online-now-qq2.click Open in urlscan Pro
2a06:98c1:3121::3  Public Scan

4 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response win-online-now-qq2.click/	386 KB 48 KB	443ms 365ms	Document text/html	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://win-online-now-qq2.click/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 9220a92c58ff2cb0336ee56ae13a3f0e3be6cdd5ee203d62d66a7c57b9e8784a Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 accept-language nl-NL,nl;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 7d49ebf248c69ba7-FRA charset UTF-8 content-encoding br content-type text/html;charset=UTF-8 date Fri, 09 Jun 2023 14:04:05 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4nuUKXBNWySU6yoEG6ZbA9%2BgNLuYIGWQxf50cn01PPnhD95oZASyltYNqanx6NyHjWwzotOrQ27WT3pLTDvAL94v43V3%2F7otnmtnZ%2FP117bK%2F0lLugl6Db0cC7opkVLbOT%2FhBxdaC8tqyP%2FOUKm0XVveYHZzbLg%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H2	200	site-common-libs.css capp.nicepage.com/749b6d8a0f14c41c691b549523d620ca623dda75/	130 KB 24 KB	175ms 19ms	Stylesheet text/css	2a02:6ea0:c700::17 CDN77 ^_^
General Check archive.org Show headers Download Go to Full URL https://capp.nicepage.com/749b6d8a0f14c41c691b549523d620ca623dda75/site-common-libs.css Requested by Host: win-online-now-qq2.click URL: https://win-online-now-qq2.click/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::17 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / Resource Hash d8a4ad9b40bff45b7dac319ee56602d27ca76eb71f5566524b08c4cc7b565343 Request headers accept-language nl-NL,nl;q=0.9 Referer https://win-online-now-qq2.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers x-77-pop frankfurtDE date Fri, 09 Jun 2023 14:04:05 GMT x-amz-version-id qN2BXfRW.FC87AvvRl.A2zoGf9Wg.WHA content-encoding gzip x-amz-request-id 9JDSZQQS192YSMB6 x-cache HIT x-77-cache HIT x-age 194318 x-accel-date 1686125127 x-amz-id-2 Sa55VMHecWG63p+omIhY+2RRAXtuo78+i5ruLnvX05BxRrdPFW5BrTmfakOfmtKaSafqf8nkmlo= x-77-nzt AZySIYhcEzv/DvcCAA x-accel-expires @1687161927 last-modified Wed, 07 Jun 2023 07:40:10 GMT server CDN77-Turbo etag W/"228273e62fe7a29e1f8bba512b2c6430" x-77-nzt-ray f6587a1d12ad50b555318364c3f5fb15 vary Accept-Encoding content-type text/css
GET H2	200	css fonts.googleapis.com/	63 KB 2 KB	118ms 51ms	Stylesheet text/css	2a00:1450:4001:828::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Montserrat:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i%7COpen+Sans:300,300i,400,400i,500,500i,600,600i,700,700i,800,800i Requested by Host: win-online-now-qq2.click URL: https://win-online-now-qq2.click/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash a90026bc615bfab3cb89e45bb1d39e8f30100e1a2634a275131024d5f288a795 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language nl-NL,nl;q=0.9 Referer https://win-online-now-qq2.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Fri, 09 Jun 2023 14:04:05 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Fri, 09 Jun 2023 14:04:05 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Fri, 09 Jun 2023 14:04:05 GMT
GET H2	200	css fonts.googleapis.com/	25 KB 2 KB	117ms 50ms	Stylesheet text/css	2a00:1450:4001:828::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i Requested by Host: win-online-now-qq2.click URL: https://win-online-now-qq2.click/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 2ece1ce88d0c0ee1733e95c7bab6fc3795dc0fefc8e09027c67302d621479b47 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers accept-language nl-NL,nl;q=0.9 Referer https://win-online-now-qq2.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Fri, 09 Jun 2023 14:04:05 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Fri, 09 Jun 2023 12:44:58 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Fri, 09 Jun 2023 14:04:05 GMT
GET H2	200	nicepage.css csite.resource.nicepage.com/	2 MB 138 KB	207ms 36ms	Stylesheet text/css	2a02:6ea0:c700::18 CDN77 ^_^
General Check archive.org Show headers Download Go to Full URL https://csite.resource.nicepage.com/nicepage.css?version=0f644079-1a68-4a86-8642-505bfc7d1567 Requested by Host: win-online-now-qq2.click URL: https://win-online-now-qq2.click/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / Resource Hash 49ce02477c2c0339092c2cb50999cc3f23f779d9fa18b91744977eef39d32a8d Request headers accept-language nl-NL,nl;q=0.9 Referer https://win-online-now-qq2.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers x-77-pop frankfurtDE date Fri, 09 Jun 2023 14:04:05 GMT x-amz-version-id kxdgCV6Fua3dzKoIdcQ_dmO0lYwWGSCH content-encoding gzip x-amz-request-id JA806Z547V648Z3T x-cache HIT x-77-cache HIT x-age 270262 x-accel-date 1686049183 x-amz-id-2 ZWdI22iGxW3aKqy8g5bC8nlOkGdXIHvS6aYOTByxKfWLt1so4ZlQAOOaUi0QUa2dkxGZI8e0sQw= x-77-nzt AZySIYtfwNb/th8EAA x-accel-expires @1687085983 last-modified Tue, 23 May 2023 13:53:38 GMT server CDN77-Turbo etag W/"cff2a5d02dded3658c163dc2f2f84879" x-77-nzt-ray cf878727397cbda75531836429b6f216 vary Accept-Encoding, Accept-Encoding access-control-allow-methods POST, GET, PUT, DELETE, OPTIONS content-type text/css access-control-allow-origin * access-control-allow-credentials true access-control-allow-headers Content-Type
GET H2	200	nicepage-site.css csite.resource.nicepage.com/	313 KB 23 KB	226ms 55ms	Stylesheet text/css	2a02:6ea0:c700::18 CDN77 ^_^
General Check archive.org Show headers Download Go to Full URL https://csite.resource.nicepage.com/nicepage-site.css?version=0f644079-1a68-4a86-8642-505bfc7d1567 Requested by Host: win-online-now-qq2.click URL: https://win-online-now-qq2.click/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / Resource Hash e874b2d493e287574f96a4e984dc910b8492fc11593ed91f00ca47b80483e400 Request headers accept-language nl-NL,nl;q=0.9 Referer https://win-online-now-qq2.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers x-77-pop frankfurtDE date Fri, 09 Jun 2023 14:04:05 GMT x-amz-version-id 38jJRhk9pUFaSCDOeMTDOVv4ZxP831P2 content-encoding gzip x-amz-request-id JA8AD4QYQ0XPRJTH x-cache HIT x-77-cache HIT x-age 270262 x-accel-date 1686049183 x-amz-id-2 kxaM31r8mlHi3wf59l7++CFatgZcVbzj6DW83RVJjtOmYmUkNpzbkofbfY7l90Ko7RkhuiezDXY= x-77-nzt AZySIYsvA9P/th8EAA x-accel-expires @1687085983 last-modified Tue, 23 May 2023 13:53:39 GMT server CDN77-Turbo etag W/"1bd86faaf805f7019352d28b663c8c65" x-77-nzt-ray cf878727397cbda755318364fdba3e17 vary Accept-Encoding, Accept-Encoding access-control-allow-methods POST, GET, PUT, DELETE, OPTIONS content-type text/css access-control-allow-origin * access-control-allow-credentials true access-control-allow-headers Content-Type
GET H2	404	logo-w.png nicepage.com///csite.nicepage.com/Images/	0 0	100ms 52ms	Image text/html	85.17.54.85 LEASEWEB-NL-AMS-0...
General Check archive.org Show headers Download Go to Show image Full URL https://nicepage.com///csite.nicepage.com/Images/logo-w.png Requested by Host: win-online-now-qq2.click URL: https://win-online-now-qq2.click/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 85.17.54.85 Papendrecht, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL), Reverse DNS mx4.nicepage.io Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language nl-NL,nl;q=0.9 Referer https://win-online-now-qq2.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers
GET H2	200	/ nicepage.com/	0 0	50ms 25ms	Image text/html	85.17.54.85 LEASEWEB-NL-AMS-0...
General Check archive.org Show headers Download Go to Show image Full URL https://nicepage.com/ Requested by Host: win-online-now-qq2.click URL: https://win-online-now-qq2.click/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 85.17.54.85 Papendrecht, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL), Reverse DNS mx4.nicepage.io Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language nl-NL,nl;q=0.9 Referer https://win-online-now-qq2.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers
GET DATA	200 OK	truncated /	35 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992 Request headers accept-language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers Content-Type image/gif
GET DATA	200 OK	truncated /	543 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 25c2386d77016bc650d65bf6820a682dba57fa275ebcde829000ac44474dd306 Request headers accept-language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers Content-Type image/svg+xml
GET H2	200	KFOmCnqEu92Fr1Mu4mxK.woff2 fonts.gstatic.com/s/roboto/v30/	15 KB 16 KB	74ms 17ms	Font font/woff2	2a00:1450:4001:830::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://win-online-now-qq2.click accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers date Tue, 06 Jun 2023 22:48:48 GMT x-content-type-options nosniff age 227717 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 15744 x-xss-protection 0 last-modified Wed, 11 May 2022 19:24:48 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Wed, 05 Jun 2024 22:48:48 GMT
GET H2	200	KFOlCnqEu92Fr1MmSU5fBBc4.woff2 fonts.gstatic.com/s/roboto/v30/	15 KB 15 KB	78ms 22ms	Font font/woff2	2a00:1450:4001:830::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://win-online-now-qq2.click accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers date Fri, 02 Jun 2023 23:14:12 GMT x-content-type-options nosniff age 571793 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 15740 x-xss-protection 0 last-modified Wed, 11 May 2022 19:24:56 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sat, 01 Jun 2024 23:14:12 GMT
GET H2	200	JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 fonts.gstatic.com/s/montserrat/v25/	30 KB 30 KB	126ms 70ms	Font font/woff2	2a00:1450:4001:830::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Montserrat:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i%7COpen+Sans:300,300i,400,400i,500,500i,600,600i,700,700i,800,800i Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://win-online-now-qq2.click accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers date Sat, 03 Jun 2023 18:31:37 GMT x-content-type-options nosniff age 502348 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 30928 x-xss-protection 0 last-modified Mon, 11 Jul 2022 18:57:39 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sun, 02 Jun 2024 18:31:37 GMT
GET H2	200	KFOlCnqEu92Fr1MmWUlfBBc4.woff2 fonts.gstatic.com/s/roboto/v30/	15 KB 16 KB	94ms 38ms	Font font/woff2	2a00:1450:4001:830::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://win-online-now-qq2.click accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers date Tue, 06 Jun 2023 16:10:14 GMT x-content-type-options nosniff age 251631 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 15860 x-xss-protection 0 last-modified Wed, 11 May 2022 19:24:42 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Wed, 05 Jun 2024 16:10:14 GMT
GET H2	200	memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 fonts.gstatic.com/s/opensans/v35/	47 KB 47 KB	101ms 45ms	Font font/woff2	2a00:1450:4001:830::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css?family=Montserrat:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i%7COpen+Sans:300,300i,400,400i,500,500i,600,600i,700,700i,800,800i Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 7c7818c25a18e8a38553fcbcbc2ad0b5e964103a7d2e494f82815e3f70bf3fc5 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://win-online-now-qq2.click accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers date Sat, 03 Jun 2023 05:45:28 GMT x-content-type-options nosniff age 548317 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 48412 x-xss-protection 0 last-modified Tue, 02 May 2023 15:08:53 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Sun, 02 Jun 2024 05:45:28 GMT
GET H2	200	/ nicepage.com/	0 0	23ms 22ms	Media text/html	85.17.54.85 LEASEWEB-NL-AMS-0...
General Check archive.org Show headers Download Go to Full URL https://nicepage.com/ Requested by Host: win-online-now-qq2.click URL: https://win-online-now-qq2.click/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 85.17.54.85 Papendrecht, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL), Reverse DNS mx4.nicepage.io Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://win-online-now-qq2.click/ Accept-Encoding identity;q=1, *;q=0 accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Range bytes=0- Response headers
GET H2	404	logo-w.png nicepage.com///csite.nicepage.com/Images/	0 0	93ms 92ms	Image text/html	85.17.54.85 LEASEWEB-NL-AMS-0...
General Check archive.org Show headers Download Go to Show image Full URL https://nicepage.com///csite.nicepage.com/Images/logo-w.png Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 85.17.54.85 Papendrecht, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL), Reverse DNS mx4.nicepage.io Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language nl-NL,nl;q=0.9 Referer https://win-online-now-qq2.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers
GET H2	200	/ nicepage.com/	0 0	24ms 24ms	Image text/html	85.17.54.85 LEASEWEB-NL-AMS-0...
General Check archive.org Show headers Download Go to Show image Full URL https://nicepage.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 85.17.54.85 Papendrecht, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL), Reverse DNS mx4.nicepage.io Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers accept-language nl-NL,nl;q=0.9 Referer https://win-online-now-qq2.click/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Response headers
GET H2	200	/ nicepage.com/	0 0	45ms 34ms	Media text/html	85.17.54.85 LEASEWEB-NL-AMS-0...
General Check archive.org Show headers Download Go to Full URL https://nicepage.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 85.17.54.85 Papendrecht, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL), Reverse DNS mx4.nicepage.io Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://win-online-now-qq2.click/ Accept-Encoding identity;q=1, *;q=0 accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.106 Safari/537.36 Range bytes=0- Response headers

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			nicepage.com/	1970-01-20 21:12:21	Name: lang Value: en
			nicepage.com/	1970-01-20 21:12:21	Name: ref Value: https://win-online-now-qq2.click/
			nicepage.com/	1970-01-20 13:08:31	Name: locale Value: nl
			nicepage.com/	1969-12-31 23:59:59	Name: uid Value:
			nicepage.com/	1970-01-20 21:12:21	Name: AdsParameters Value: utm_source=referrer&utm_page=/Editor
			nicepage.com/	1969-12-31 23:59:59	Name: Upage Value: a3xwqbdtlkpmh1qnkykq00hd

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://nicepage.com///csite.nicepage.com/Images/logo-w.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://nicepage.com///csite.nicepage.com/Images/logo-w.png Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

capp.nicepage.com
csite.resource.nicepage.com
fonts.googleapis.com
fonts.gstatic.com
nicepage.com
win-online-now-qq2.click
2a00:1450:4001:828::200a
2a00:1450:4001:830::2003
2a02:6ea0:c700::17
2a02:6ea0:c700::18
2a06:98c1:3121::3
85.17.54.85
25c2386d77016bc650d65bf6820a682dba57fa275ebcde829000ac44474dd306
2ece1ce88d0c0ee1733e95c7bab6fc3795dc0fefc8e09027c67302d621479b47
49ce02477c2c0339092c2cb50999cc3f23f779d9fa18b91744977eef39d32a8d
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
7c7818c25a18e8a38553fcbcbc2ad0b5e964103a7d2e494f82815e3f70bf3fc5
9220a92c58ff2cb0336ee56ae13a3f0e3be6cdd5ee203d62d66a7c57b9e8784a
a90026bc615bfab3cb89e45bb1d39e8f30100e1a2634a275131024d5f288a795
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
d8a4ad9b40bff45b7dac319ee56602d27ca76eb71f5566524b08c4cc7b565343
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e874b2d493e287574f96a4e984dc910b8492fc11593ed91f00ca47b80483e400
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef