urlscan.io logo urlscan.io
SecurityTrails logo

pay2win.cc Open in urlscan Pro
2606:4700:20::681a:ee8  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://pay2win.cc/
Effective URL: https://pay2win.cc/
Submission: On October 08 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 2 countries across 6 domains to perform 30 HTTP transactions. The main IP is 2606:4700:20::681a:ee8, located in United States and belongs to CLOUDFLARENET, US. The main domain is pay2win.cc.
TLS certificate: Issued by E6 on October 4th 2024. Valid for: 3 months.
This is the only time pay2win.cc was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
4 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
8 2606:4700:310... 13335 (CLOUDFLAR...)
15 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
30 6
4    2606:4700:20::681a:ee8 (United States)

ASN13335 (CLOUDFLARENET, US)
pay2win.cc
1    2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
8    2606:4700:3108::ac42:292d (United States)

ASN13335 (CLOUDFLARENET, US)
stores-api.billgang.com
t-api.billgang.com
15    2606:4700::6812:324 (United States)

ASN13335 (CLOUDFLARENET, US)
imagedelivery.net
1    2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    2a00:1450:4001:81c::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.youtube.com
Apex Domain
Subdomains		 Transfer
15 imagedelivery.net
imagedelivery.net — Cisco Umbrella Rank: 14543
423 KB
8 billgang.com
stores-api.billgang.com
t-api.billgang.com
12 KB
4 pay2win.cc
pay2win.cc
271 KB
1 youtube.com
www.youtube.com — Cisco Umbrella Rank: 77
1 gstatic.com
fonts.gstatic.com
76 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 30
929 B
30 6
Domain Requested by
15 imagedelivery.net
4 t-api.billgang.com pay2win.cc
4 stores-api.billgang.com pay2win.cc
4 pay2win.cc pay2win.cc
1 www.youtube.com pay2win.cc
1 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com pay2win.cc
30 7

This site contains links to these domains. Also see Links.

Domain
discord.gg
Subject Issuer Validity Valid
pay2win.cc
E6		 2024-10-04 -
2025-01-02		 3 months crt.sh
upload.video.google.com
WR2		 2024-09-24 -
2024-12-17		 3 months crt.sh
billgang.com
WE1		 2024-09-03 -
2024-12-02		 3 months crt.sh
imagedelivery.net
E5		 2024-09-16 -
2024-12-15		 3 months crt.sh
*.gstatic.com
WR2		 2024-09-24 -
2024-12-17		 3 months crt.sh
*.google.com
WR2		 2024-09-24 -
2024-12-17		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://pay2win.cc/
Frame ID: 086468007C703117B83DCA263DCB6A9D
Requests: 28 HTTP requests in this frame

Frame: https://www.youtube.com/embed/x90_LRoVDEo
Frame ID: E762C67B29976EEC347AE3320F6D705A
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Home — pay2win

Page URL History Show full URLs

  1. http://pay2win.cc/ HTTP 307
    https://pay2win.cc/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

30
Requests

100 %
HTTPS

100 %
IPv6

6
Domains

7
Subdomains

6
IPs

2
Countries

783 kB
Transfer

1456 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://pay2win.cc/ HTTP 307
    https://pay2win.cc/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

30 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
pay2win.cc/
Redirect Chain
  • http://pay2win.cc/
  • https://pay2win.cc/
1 KB
899 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pay2win.cc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:ee8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a95ca3ece214863aa2e2158819ba72bae4aad1a269eed6729f1b27e817ba9f99

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cf-cache-status
DYNAMIC
cf-ray
8cf911cccfeed9d2-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Tue, 08 Oct 2024 21:02:01 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5D2RsSIobMtELZ4goMgE1HlAOHNGTTS8uZO8oKWD9l0XdQdHTjTCBfM1tISvvpYgQHxLHxUtNpR6ha0tu6kI0I1AlHNUwIBO9qzAbGz8A8cURyggZzJp23R8CM06QgM7q3eRra%2B%2Fxyc%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare

Redirect headers

Location
https://pay2win.cc/
Non-Authoritative-Reason
HttpsUpgrades
css2
fonts.googleapis.com/ 		1 KB
929 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Bricolage+Grotesque:opsz,wght@12..96,200..800&display=swap
Requested by
Host: pay2win.cc
URL: https://pay2win.cc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e0c72349156c3a8d20078cbb0931eb233d302b7ccd486ad18139d810ede8628b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://pay2win.cc/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Tue, 08 Oct 2024 21:02:01 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 08 Oct 2024 21:02:01 GMT
content-type
text/css; charset=utf-8
last-modified
Tue, 08 Oct 2024 20:43:10 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
index-Du2B9sh1.js
pay2win.cc/assets/ 		857 KB
254 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pay2win.cc/assets/index-Du2B9sh1.js
Requested by
Host: pay2win.cc
URL: https://pay2win.cc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:ee8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
13067ad26ce0fbbef7212c3849d93543abc2fafd3e20e5a7c52a63a737535901

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://pay2win.cc
Referer
https://pay2win.cc/

Response headers

cache-control
max-age=31536000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-bgj
minify
cf-cache-status
HIT
age
22526
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rfO%2BmKbBk4QnnVFbLf%2Bb%2BI854IaSSWZ9993bjOh7%2Fgbp2PLuY%2FODJ88qzp1PpInsIFv1p4KAbCXE1oMZu%2FWh90SijAfhpp4EYPEl0fIIcYWFZp6Xntvi0VKHvvRRE20l358o3BCf2kY%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8cf911cd5992d9d2-FRA
cf-polished
origSize=879389
date
Tue, 08 Oct 2024 21:02:01 GMT
content-type
application/javascript
last-modified
Tue, 08 Oct 2024 14:46:35 GMT
vary
Accept-Encoding
server
cloudflare
index-N3ZQOVZ9.css
pay2win.cc/assets/ 		52 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://pay2win.cc/assets/index-N3ZQOVZ9.css
Requested by
Host: pay2win.cc
URL: https://pay2win.cc/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:ee8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2ec7385a77bb5cd17c5f2f22c2eb186b9271deaa4fe9e9a9d5ed1307e06ae59a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://pay2win.cc
Referer
https://pay2win.cc/

Response headers

cache-control
max-age=31536000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-bgj
minify
cf-cache-status
HIT
age
22526
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wa8a3gyBnvVkFi8B7aHosg%2BGh2EHYFoC6D6jZdLknB8%2B1%2BEf1GwWQYHU5ATTk7MLyyzrjERHCK8avvNagUHFImDE8jeDRQ%2Bftjhswix%2BDqJzeNFQOf0dob1Yu3nZ4hnX4OhmonfRhII%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8cf911cd5990d9d2-FRA
cf-polished
origSize=52986
date
Tue, 08 Oct 2024 21:02:01 GMT
content-type
text/css
last-modified
Tue, 08 Oct 2024 14:46:35 GMT
vary
Accept-Encoding
server
cloudflare
general
stores-api.billgang.com/shops/pay2win.cc/ 		431 B
831 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://stores-api.billgang.com/shops/pay2win.cc/general
Requested by
Host: pay2win.cc
URL: https://pay2win.cc/assets/index-Du2B9sh1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3108::ac42:292d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2fbd9faf06c793a781482bc407ba0b8b36c3b636e400dd09fed6298f7f488883

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://pay2win.cc/

Response headers

access-control-max-age
864000
content-encoding
br
cf-cache-status
HIT
age
373775
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=siikAtH%2BYZulTytwFal%2BEetg2NuZn0Sqpoa%2FdpJ7SD1DrE77M9PaLgqH90LO4YITxjLHElfHyJpaApo%2BXzxUl82nlJJDrXAnMmsLOizUkjOr7gC%2FVDI1anMgENcr6dQQZPJly02ReEzCj%2FaUo5ri0itVY%2Fi9"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
*
date
Tue, 08 Oct 2024 21:02:02 GMT
content-type
application/json; charset=utf-8
last-modified
Fri, 04 Oct 2024 13:12:27 GMT
vary
Accept-Encoding
access-control-allow-headers
*
cache-control
no-store
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-response-time-ms
7
cf-ray
8cf911cea8f1dcce-FRA
access-control-allow-origin
*
server
cloudflare
settings
stores-api.billgang.com/shops/pay2win.cc/ 		2 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://stores-api.billgang.com/shops/pay2win.cc/settings
Requested by
Host: pay2win.cc
URL: https://pay2win.cc/assets/index-Du2B9sh1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3108::ac42:292d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2b8c12e6ede30f975410ce17d32cea631c13ff3afc52886ea032b210c615f9e6

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://pay2win.cc/

Response headers

access-control-max-age
864000
content-encoding
br
cf-cache-status
HIT
age
373775
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TQqVNWG1nVvL5IlQAF3KDAT1OCdfB%2B6WhRAFSmIp%2FvRWfJ9%2B7qPpoSNqdEUKfTzve9gcjXhgmv7IKfMOuADd6DCOi62fkLKaxiUipEIVk0nZOFZh%2Bqmb4ZzD4xT45MZV%2BW62q0ORTzRSdxyy7zAwHnP0AiKI"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
*
date
Tue, 08 Oct 2024 21:02:02 GMT
content-type
application/json; charset=utf-8
last-modified
Fri, 04 Oct 2024 13:12:27 GMT
vary
Accept-Encoding
access-control-allow-headers
*
cache-control
no-store
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-response-time-ms
3
cf-ray
8cf911cea8f7dcce-FRA
access-control-allow-origin
*
server
cloudflare
w=100
imagedelivery.net/A5gbiev6F8AaBvp6M146Kw/7fec0087-9e74-461f-b523-62f95057ae00/ 		2 KB
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://imagedelivery.net/A5gbiev6F8AaBvp6M146Kw/7fec0087-9e74-461f-b523-62f95057ae00/w=100
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:324 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
50c60e6a2dc8fe9b03078acae7f9b6a8b25f3fd7e7204d298d9fcaeb4fb379eb
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://pay2win.cc/

Response headers

content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
cache-control
public,max-age=172800,stale-while-revalidate=7200
cf-cache-status
HIT
etag
"cfjFXpKtZekASzJuxAMPpCre1mNEWuYOetQxiZZywEDQ"
cf-images
internal=ok/- q=0 n=72+51 c=3+48 v=2024.10.0 l=2341 f=false
cf-bgj
imgq:85,h2pri
x-content-type-options
nosniff
cf-ray
8cf911cebc79a01b-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
2341
date
Tue, 08 Oct 2024 21:02:02 GMT
content-type
image/avif
vary
Accept, Accept-Encoding
server
cloudflare
iconSprite.svg
pay2win.cc/ 		21 KB
7 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://pay2win.cc/iconSprite.svg
Requested by
Host: pay2win.cc
URL: https://pay2win.cc/assets/index-Du2B9sh1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:ee8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f94547f911fafb348945a99d496d0c0a030b21d689ca9bffa8a1767359c039bf

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://pay2win.cc/

Response headers

cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-cache-status
EXPIRED
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tFESxQ07Q4cs3Fu2laRfP67AiJyCQigSqYwVI70ggBFaqecvzaFERUHCGX%2BlHVUcmzEAvlPPuaNYPZ%2FGC9V%2FHtpM4FkdXu1QgRAw9Y6sytKkqY2yQYkVeOtDDG29vHWnanIPyCkM92A%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8cf911cf1eaad9d2-FRA
date
Tue, 08 Oct 2024 21:02:02 GMT
content-type
image/svg+xml
last-modified
Tue, 08 Oct 2024 21:02:02 GMT
vary
Accept-Encoding
server
cloudflare
%2F
stores-api.billgang.com/shops/pay2win.cc/ 		14 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://stores-api.billgang.com/shops/pay2win.cc/%2F
Requested by
Host: pay2win.cc
URL: https://pay2win.cc/assets/index-Du2B9sh1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3108::ac42:292d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4509708cf5cd00aa0f89f310816781510fd140aa57480322439b8a548e62b613

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://pay2win.cc/

Response headers

access-control-max-age
864000
content-encoding
br
cf-cache-status
HIT
age
373775
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1cYkuz3slPTGOGnnDE8P2%2FerChMMA87hBIKn6C6GE%2BY0t0P%2FjW8d24TjL8LwfSWbn4i%2Fr%2F3%2BaoVoUcyeS%2FZiKGasmUi0VeOTnFERUoFxJ3tGhXWZm7sYXTDg1BcV%2FAA0NDh7pQYlY5Ixg8p7WKpYhKE7mD5Y"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
*
date
Tue, 08 Oct 2024 21:02:02 GMT
content-type
application/json; charset=utf-8
last-modified
Fri, 04 Oct 2024 13:12:27 GMT
vary
Accept-Encoding
access-control-allow-headers
*
cache-control
no-store
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-response-time-ms
8
cf-ray
8cf911cf3a89dcce-FRA
access-control-allow-origin
*
server
cloudflare
%2F
stores-api.billgang.com/shops/pay2win.cc/ 		14 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://stores-api.billgang.com/shops/pay2win.cc/%2F
Requested by
Host: pay2win.cc
URL: https://pay2win.cc/assets/index-Du2B9sh1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3108::ac42:292d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4509708cf5cd00aa0f89f310816781510fd140aa57480322439b8a548e62b613

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://pay2win.cc/

Response headers

access-control-max-age
864000
content-encoding
br
cf-cache-status
HIT
age
373775
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lsw%2Bo9k1vhy1tQEaYuRNCyeuFxUDSdlmS8e4wkHPhdGJNYVEhodyvRO%2FH625FTPefogRJUIsEz3jP4MjRSe1zCG%2FFX1jfbFzFVLbV9aiWnIUjkGQCZp7IcCdansC4OOWzVJM%2B33BEtU2QRxl2MOTETAPaW7s"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
*
date
Tue, 08 Oct 2024 21:02:02 GMT
content-type
application/json; charset=utf-8
last-modified
Fri, 04 Oct 2024 13:12:27 GMT
vary
Accept-Encoding
access-control-allow-headers
*
cache-control
no-store
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-response-time-ms
8
cf-ray
8cf911cf8bdddcce-FRA
access-control-allow-origin
*
server
cloudflare
p
t-api.billgang.com/ae0ed146-0bc5-496b-a946-a79cf2995e19/t/ 		54 B
508 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://t-api.billgang.com/ae0ed146-0bc5-496b-a946-a79cf2995e19/t/p
Requested by
Host: pay2win.cc
URL: https://pay2win.cc/assets/index-Du2B9sh1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3108::ac42:292d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c5f2a3006b477bbc9fa011334186b8fef76035f11a9f80ec2ac35b30d1c7d59c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://pay2win.cc/

Response headers

access-control-max-age
864000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s%2BlC3wQgcMYiGI22On3Z5ZNgmcxf5L4ipdzwhKBbCUTkUjYGhZAa3QV4hvBMGXFPGcHKTwK%2FMcYQe0wTgZWe0J5Ek0eWxzyoXTHzH7Ft9Rve61%2FTet8%2B4GPsFtz3901pZY%2BmAUlLVmzP39WPJxdQjA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
*
cf-ray
8cf911cf5b20dcce-FRA
access-control-allow-origin
*
date
Tue, 08 Oct 2024 21:02:02 GMT
content-type
application/json; charset=utf-8
vary
Accept-Encoding
server
cloudflare
access-control-allow-headers
*
3y9K6as8bTXq_nANBjzKo3IeZx8z6up5BeSl9D4dj_x9PpZBMlGIInE.woff2
fonts.gstatic.com/s/bricolagegrotesque/v7/ 		76 KB
76 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/bricolagegrotesque/v7/3y9K6as8bTXq_nANBjzKo3IeZx8z6up5BeSl9D4dj_x9PpZBMlGIInE.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Bricolage+Grotesque:opsz,wght@12..96,200..800&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
922afb64cfc75d74678063d3f796e694c9bac74a443d93a58ded1e808c339bf3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://pay2win.cc
Referer
https://fonts.googleapis.com/

Response headers

age
47450
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Wed, 08 Oct 2025 07:51:12 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 08 Oct 2024 07:51:12 GMT
last-modified
Mon, 29 Jul 2024 22:36:30 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
77420
x-xss-protection
0
server
sffe
w=1920
imagedelivery.net/A5gbiev6F8AaBvp6M146Kw/fee34350-1597-4e0c-3248-c17183374c00/ 		35 KB
36 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imagedelivery.net/A5gbiev6F8AaBvp6M146Kw/fee34350-1597-4e0c-3248-c17183374c00/w=1920
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:324 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
523243dee434c910e0f14c392221f59b9e08201c061bd69278eaead3794dffac
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://pay2win.cc/

Response headers

content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
cache-control
public,max-age=172800,stale-while-revalidate=7200
cf-cache-status
HIT
etag
"cfetrlGLavR9vUur1ilvad7ssep_fOabiIY6DV23sxDQ"
cf-images
internal=ok/- q=0 n=860+652 c=0+0 v=2024.10.0 l=36122 f=false
cf-bgj
imgq:85,h2pri
x-content-type-options
nosniff
cf-ray
8cf911cf4d10a01b-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
36122
date
Tue, 08 Oct 2024 21:02:02 GMT
content-type
image/avif
vary
Accept, Accept-Encoding
server
cloudflare
w=500
imagedelivery.net/A5gbiev6F8AaBvp6M146Kw/7fec0087-9e74-461f-b523-62f95057ae00/ 		13 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imagedelivery.net/A5gbiev6F8AaBvp6M146Kw/7fec0087-9e74-461f-b523-62f95057ae00/w=500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:324 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9e4a2a5eecd168ef543fbb90e26aefd03a9109cf8fe129a79f3370aef4e8a4c2
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://pay2win.cc/

Response headers

content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
cache-control
public,max-age=172800,stale-while-revalidate=7200
cf-cache-status
HIT
etag
"cfjFXpKtZekASzJuxAMPpCre1mhi8yaH7pEf2-gNpVDQ"
cf-images
internal=ok/- q=0 n=34+232 c=2+129 v=2024.10.0 l=13613 f=false
cf-bgj
imgq:85,h2pri
x-content-type-options
nosniff
cf-ray
8cf911cf4d12a01b-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
13613
date
Tue, 08 Oct 2024 21:02:02 GMT
content-type
image/avif
vary
Accept, Accept-Encoding
server
cloudflare
w=150
imagedelivery.net/A5gbiev6F8AaBvp6M146Kw/7fec0087-9e74-461f-b523-62f95057ae00/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imagedelivery.net/A5gbiev6F8AaBvp6M146Kw/7fec0087-9e74-461f-b523-62f95057ae00/w=150
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:324 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b22c0f9d114ce72e4883f1c0cfad21e391518525fa4ac471ba27f75c81fa7174
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://pay2win.cc/

Response headers

content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
cache-control
public,max-age=172800,stale-while-revalidate=7200
cf-cache-status
HIT
etag
"cfjFXpKtZekASzJuxAMPpCre1mr3a4R_Tyycf9pL2QDQ"
cf-images
internal=ok/- q=0 n=391+67 c=4+62 v=2024.9.3 l=3480 f=false
cf-bgj
imgq:85,h2pri
x-content-type-options
nosniff
cf-ray
8cf911cf4d13a01b-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
3480
date
Tue, 08 Oct 2024 21:02:02 GMT
content-type
image/avif
vary
Accept, Accept-Encoding
server
cloudflare
x90_LRoVDEo
www.youtube.com/embed/ Frame E762 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/embed/x90_LRoVDEo
Requested by
Host: pay2win.cc
URL: https://pay2win.cc/assets/index-Du2B9sh1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://pay2win.cc/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
br
content-security-policy
require-trusted-types-for 'script'
content-type
text/html; charset=utf-8
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
cross-origin-resource-policy
cross-origin
date
Tue, 08 Oct 2024 21:02:02 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
origin-trial
AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma
no-cache
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server
ESF
strict-transport-security
max-age=31536000
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options
nosniff
x-xss-protection
0
w=500
imagedelivery.net/A5gbiev6F8AaBvp6M146Kw/62f99a18-b228-4a8f-0e92-7dd104636100/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imagedelivery.net/A5gbiev6F8AaBvp6M146Kw/62f99a18-b228-4a8f-0e92-7dd104636100/w=500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:324 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
91a5fbb1d943ca213ceff791f6ec63c5d543d6c25e7b07d332cec636c62a2d73
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://pay2win.cc/

Response headers

content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
cache-control
public,max-age=172800,stale-while-revalidate=7200
cf-cache-status
HIT
etag
"cfT6RS4XPDUzMGmv__ryt7Oyd_hi8yaH7pEf2-gNpVDQ"
cf-images
internal=ok/- q=0 n=872+420 c=0+0 v=2024.10.0 l=13114 f=false
cf-bgj
imgq:85,h2pri
x-content-type-options
nosniff
cf-ray
8cf911cffdf5a01b-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
13114
date
Tue, 08 Oct 2024 21:02:02 GMT
content-type
image/avif
vary
Accept, Accept-Encoding
server
cloudflare
w=500
imagedelivery.net/A5gbiev6F8AaBvp6M146Kw/fb2f1e18-e59c-463e-fa72-6aae01b74300/ 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imagedelivery.net/A5gbiev6F8AaBvp6M146Kw/fb2f1e18-e59c-463e-fa72-6aae01b74300/w=500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:324 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9bba638ad4369f4e81421ea6878d9adec95b53c28c2507a9c8641927038a0eaa
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://pay2win.cc/

Response headers

content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
cache-control
public,max-age=172800,stale-while-revalidate=7200
cf-cache-status
HIT
etag
"cfsIhJTf0G9RFWR7f2flvOxeYbhi8yaH7pEf2-gNpVDQ"
cf-images
internal=ok/- q=0 n=676+119 c=0+0 v=2024.10.0 l=16137 f=false
cf-bgj
imgq:85,h2pri
x-content-type-options
nosniff
cf-ray
8cf911cffdf7a01b-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
16137
date
Tue, 08 Oct 2024 21:02:02 GMT
content-type
image/avif
vary
Accept, Accept-Encoding
server
cloudflare
w=500
imagedelivery.net/A5gbiev6F8AaBvp6M146Kw/075ddbb4-7a04-4f3e-20cd-685af7659400/ 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imagedelivery.net/A5gbiev6F8AaBvp6M146Kw/075ddbb4-7a04-4f3e-20cd-685af7659400/w=500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:324 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
db1ef769b6cfd144b785c324fcc487d9a6b9c27e41e1fc2afe6a90a5cf5f6a4d
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://pay2win.cc/

Response headers

content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
cache-control
public,max-age=172800,stale-while-revalidate=7200
cf-cache-status
HIT
etag
"cfbc5dfK0VCFJH9mCRL7wYhQIwhi8yaH7pEf2-gNpVDQ"
cf-images
internal=ok/- q=0 n=938+117 c=0+0 v=2024.10.0 l=14121 f=false
cf-bgj
imgq:85,h2pri
x-content-type-options
nosniff
cf-ray
8cf911cffdf8a01b-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
14121
date
Tue, 08 Oct 2024 21:02:02 GMT
content-type
image/avif
vary
Accept, Accept-Encoding
server
cloudflare
w=500
imagedelivery.net/A5gbiev6F8AaBvp6M146Kw/cf50993d-92c1-4f74-7529-2d98ab1c5b00/ 		13 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imagedelivery.net/A5gbiev6F8AaBvp6M146Kw/cf50993d-92c1-4f74-7529-2d98ab1c5b00/w=500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:324 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
91e7efe178e813ee505bc6e5bcba4bc8144a2f9673eec98c401c68d36363c5f1
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://pay2win.cc/

Response headers

content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
cache-control
public,max-age=172800,stale-while-revalidate=7200
cf-cache-status
HIT
etag
"cfUj_HDO8gUNpkJfx1S49kufJ8hi8yaH7pEf2-gNpVDQ"
cf-images
internal=ok/- q=0 n=919+374 c=0+0 v=2024.10.0 l=13554 f=false
cf-bgj
imgq:85,h2pri
x-content-type-options
nosniff
cf-ray
8cf911cffdf9a01b-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
13554
date
Tue, 08 Oct 2024 21:02:02 GMT
content-type
image/avif
vary
Accept, Accept-Encoding
server
cloudflare
w=500
imagedelivery.net/A5gbiev6F8AaBvp6M146Kw/7a20c99d-8c56-489c-18c1-3521b3238400/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imagedelivery.net/A5gbiev6F8AaBvp6M146Kw/7a20c99d-8c56-489c-18c1-3521b3238400/w=500
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:324 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7b70394b453a1a298bb342db03e72c46eabb713197d08922008b6db3e1181a44
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://pay2win.cc/

Response headers

content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
cache-control
public,max-age=172800,stale-while-revalidate=7200
cf-cache-status
HIT
etag
"cf_HiqEATwEPS_AZO_avZ9h8Mqhi8yaH7pEf2-gNpVDQ"
cf-images
internal=ok/- q=0 n=801+208 c=0+0 v=2024.10.0 l=9084 f=false
cf-bgj
imgq:85,h2pri
x-content-type-options
nosniff
cf-ray
8cf911cffdfaa01b-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
9084
date
Tue, 08 Oct 2024 21:02:02 GMT
content-type
image/avif
vary
Accept, Accept-Encoding
server
cloudflare
w=1280
imagedelivery.net/A5gbiev6F8AaBvp6M146Kw/d56a3b5b-847f-4329-9fc5-52542c81f600/ 		54 KB
55 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imagedelivery.net/A5gbiev6F8AaBvp6M146Kw/d56a3b5b-847f-4329-9fc5-52542c81f600/w=1280
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:324 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
54635ed662026a4e02387ea29e68e01c1f2f281d058fecc6dd6d1d2aa078ac56
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://pay2win.cc/

Response headers

content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
cache-control
public,max-age=172800,stale-while-revalidate=7200
cf-cache-status
HIT
etag
"cfuyOeYm7614LYpQK4SzsxmNb0cqc3DLOvoRahjW0mDQ"
cf-images
internal=ok/- q=0 n=1022+356 c=0+0 v=2024.10.0 l=55602 f=false
cf-bgj
imgq:85,h2pri
x-content-type-options
nosniff
cf-ray
8cf911cffdfca01b-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
55602
date
Tue, 08 Oct 2024 21:02:02 GMT
content-type
image/avif
vary
Accept, Accept-Encoding
server
cloudflare
w=1280
imagedelivery.net/A5gbiev6F8AaBvp6M146Kw/900e3389-6918-411d-40d7-dde66a3ad000/ 		53 KB
53 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imagedelivery.net/A5gbiev6F8AaBvp6M146Kw/900e3389-6918-411d-40d7-dde66a3ad000/w=1280
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:324 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
77fbd3c491cee3c339f6438444cfbbbf06f72aa5e61f910b0d85b5fdf52c3c97
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://pay2win.cc/

Response headers

content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
cache-control
public,max-age=172800,stale-while-revalidate=7200
cf-cache-status
HIT
etag
"cfTWICOJUnIZAluTqOoW4ciPiDcqc3DLOvoRahjW0mDQ"
cf-images
internal=ok/- q=0 n=34+300 c=0+0 v=2024.9.3 l=54250 f=false
cf-bgj
imgq:85,h2pri
x-content-type-options
nosniff
cf-ray
8cf911d05e50a01b-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
54250
date
Tue, 08 Oct 2024 21:02:02 GMT
content-type
image/avif
vary
Accept, Accept-Encoding
server
cloudflare
w=1280
imagedelivery.net/A5gbiev6F8AaBvp6M146Kw/6dd08098-6e16-4539-191f-a9cabaffbe00/ 		54 KB
54 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imagedelivery.net/A5gbiev6F8AaBvp6M146Kw/6dd08098-6e16-4539-191f-a9cabaffbe00/w=1280
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:324 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d396e8ad90517bbbc5ebe43253d0b813198321b22899cefbbd9da30b82c4069f
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://pay2win.cc/

Response headers

content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
cache-control
public,max-age=172800,stale-while-revalidate=7200
cf-cache-status
HIT
etag
"cfEMNsnS4oSgCx2MMpwkZqOReYcqc3DLOvoRahjW0mDQ"
cf-images
internal=ram/- q=0 n=0+0 c=0+0 v=2024.9.4 l=55332
cf-bgj
imgq:85,h2pri
x-content-type-options
nosniff
cf-ray
8cf911d05e57a01b-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
55332
date
Tue, 08 Oct 2024 21:02:02 GMT
content-type
image/avif
vary
Accept, Accept-Encoding
server
cloudflare
w=1280
imagedelivery.net/A5gbiev6F8AaBvp6M146Kw/625f850d-df3f-4cd5-0add-77ce849ee900/ 		53 KB
53 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imagedelivery.net/A5gbiev6F8AaBvp6M146Kw/625f850d-df3f-4cd5-0add-77ce849ee900/w=1280
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:324 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f3b1cd5303db88e52a443d2317fb7cef37c68229d10869768c4c0daf4a982fc5
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://pay2win.cc/

Response headers

content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
cache-control
public,max-age=172800,stale-while-revalidate=7200
cf-cache-status
HIT
etag
"cfA6bX8rVnpOhHXeeo6nCn7aBrcqc3DLOvoRahjW0mDQ"
cf-images
internal=ok/- q=0 n=88+270 c=0+0 v=2024.10.0 l=53919 f=false
cf-bgj
imgq:85,h2pri
x-content-type-options
nosniff
cf-ray
8cf911d08e81a01b-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
53919
date
Tue, 08 Oct 2024 21:02:02 GMT
content-type
image/avif
vary
Accept, Accept-Encoding
server
cloudflare
w=1280
imagedelivery.net/A5gbiev6F8AaBvp6M146Kw/cdf613f3-909e-4a4e-e7a9-9bc276da2f00/ 		39 KB
40 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imagedelivery.net/A5gbiev6F8AaBvp6M146Kw/cdf613f3-909e-4a4e-e7a9-9bc276da2f00/w=1280
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:324 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d7f3d6f08366c5e1cb0901586b1e8ce7fb973cb81d34bbce31f3caca7e1cc0ce
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://pay2win.cc/

Response headers

content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
cache-control
public,max-age=172800,stale-while-revalidate=7200
cf-cache-status
HIT
etag
"cfb52wi0mjn4iVomCAYnu_3utmcqc3DLOvoRahjW0mDQ"
cf-images
internal=ok/- q=0 n=60+304 c=0+0 v=2024.9.3 l=40270 f=false
cf-bgj
imgq:85,h2pri
x-content-type-options
nosniff
cf-ray
8cf911d08e87a01b-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
40270
date
Tue, 08 Oct 2024 21:02:02 GMT
content-type
image/avif
vary
Accept, Accept-Encoding
server
cloudflare
w=1280
imagedelivery.net/A5gbiev6F8AaBvp6M146Kw/e61db29a-ec1e-462a-4e03-b528524b1b00/ 		47 KB
47 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imagedelivery.net/A5gbiev6F8AaBvp6M146Kw/e61db29a-ec1e-462a-4e03-b528524b1b00/w=1280
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:324 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c936290cfb0d635cb65be5bfd10391f59bfde98f69cac7d4c9e1273d82495876
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://pay2win.cc/

Response headers

content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
cache-control
public,max-age=172800,stale-while-revalidate=7200
cf-cache-status
HIT
etag
"cf_oJikCk4he70DXlj3m8JyQINcqc3DLOvoRahjW0mDQ"
cf-images
internal=ok/- q=0 n=344+371 c=15+230 v=2024.10.0 l=47674 f=false
cf-bgj
imgq:85,h2pri
x-content-type-options
nosniff
cf-ray
8cf911d0aec0a01b-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
47674
date
Tue, 08 Oct 2024 21:02:02 GMT
content-type
image/avif
vary
Accept, Accept-Encoding
server
cloudflare
s
t-api.billgang.com/ae0ed146-0bc5-496b-a946-a79cf2995e19/t/p/d3474bbf-8fc5-47c1-88b6-c748ef9691f4/ 		54 B
505 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://t-api.billgang.com/ae0ed146-0bc5-496b-a946-a79cf2995e19/t/p/d3474bbf-8fc5-47c1-88b6-c748ef9691f4/s
Requested by
Host: pay2win.cc
URL: https://pay2win.cc/assets/index-Du2B9sh1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3108::ac42:292d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b9c9cda1aef9594dd8852dce568f34e82af0c70456287b07d087c526c3def011

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://pay2win.cc/

Response headers

access-control-max-age
864000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QXk0CXxHzcRcZguGU1L2EX5fnXzCf9PlFtlOQBMbNrRKjnHY1KC66UmaVzyAQoJIc1RGG6VQ1NP4%2Fhz7f3oXFbIqPbu7nW8v1ff5hnPMuTSbDIv8pzizoZc8DzqzARMwRXzzk%2BQ7PlPe1lB1JEetrQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
*
cf-ray
8cf911d09f25dcce-FRA
access-control-allow-origin
*
date
Tue, 08 Oct 2024 21:02:02 GMT
content-type
application/json; charset=utf-8
vary
Accept-Encoding
server
cloudflare
access-control-allow-headers
*
e
t-api.billgang.com/ae0ed146-0bc5-496b-a946-a79cf2995e19/t/p/d3474bbf-8fc5-47c1-88b6-c748ef9691f4/s/b91ab26e-cf36-4ecf-8c49-2e6f5bf1cce4/ 		54 B
512 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://t-api.billgang.com/ae0ed146-0bc5-496b-a946-a79cf2995e19/t/p/d3474bbf-8fc5-47c1-88b6-c748ef9691f4/s/b91ab26e-cf36-4ecf-8c49-2e6f5bf1cce4/e
Requested by
Host: pay2win.cc
URL: https://pay2win.cc/assets/index-Du2B9sh1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3108::ac42:292d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
055a57cf0d38e73ab2229edea000bd6240f16d31dfaefc66e3040f61cb4473ff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
application/json
Referer
https://pay2win.cc/

Response headers

access-control-max-age
864000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jyl1Y2VZx5npiCUM6vFeX%2Bsr5bDBcR1wMtajwhhS69HCxPz3pLtlpSh%2Bhup4fHvaQjWUWRC%2BLmKYEGJyzKcRHKZFC1dWGZlrTxY%2FBKak1vnpb4k8dQ8%2BhKA1SxmtKMUbAux%2BUj%2B1sEdTanq%2FVkngdQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
*
cf-ray
8cf911d159e0dcce-FRA
access-control-allow-origin
*
date
Tue, 08 Oct 2024 21:02:02 GMT
content-type
application/json; charset=utf-8
vary
Accept-Encoding
server
cloudflare
access-control-allow-headers
*
e
t-api.billgang.com/ae0ed146-0bc5-496b-a946-a79cf2995e19/t/p/d3474bbf-8fc5-47c1-88b6-c748ef9691f4/s/b91ab26e-cf36-4ecf-8c49-2e6f5bf1cce4/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://t-api.billgang.com/ae0ed146-0bc5-496b-a946-a79cf2995e19/t/p/d3474bbf-8fc5-47c1-88b6-c748ef9691f4/s/b91ab26e-cf36-4ecf-8c49-2e6f5bf1cce4/e
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3108::ac42:292d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://pay2win.cc
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
*
access-control-allow-methods
*
access-control-allow-origin
*
access-control-max-age
864000
cf-ray
8cf911d11942dcce-FRA
content-length
0
date
Tue, 08 Oct 2024 21:02:02 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qDWYOMd1NzJyuqUg%2FHLmNtxa7Ou85%2FHsLT%2B11sHNllzaC1HNlkpOaku9YuNRNZWd425AUbSzfutdAPHuXWHPlY7nRri%2BcXgcqP3dF0hqDJuE3X%2BufO0qEkumgcq%2FWQMfAAJZ8JN3A863KM32xv%2FNvw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0

3 Cookies

Domain/Path Name / Value
.youtube.com/ Name: YSC
Value: gHvxJ4OMvoE
.youtube.com/ Name: VISITOR_INFO1_LIVE
Value: LCetbFcYzTo
.youtube.com/ Name: VISITOR_PRIVACY_METADATA
Value: CgJERRIEEgAgJQ%3D%3D

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
imagedelivery.net
pay2win.cc
stores-api.billgang.com
t-api.billgang.com
www.youtube.com
2606:4700:20::681a:ee8
2606:4700:3108::ac42:292d
2606:4700::6812:324
2a00:1450:4001:81c::200e
2a00:1450:4001:828::2003
2a00:1450:4001:829::200a
055a57cf0d38e73ab2229edea000bd6240f16d31dfaefc66e3040f61cb4473ff
13067ad26ce0fbbef7212c3849d93543abc2fafd3e20e5a7c52a63a737535901
2b8c12e6ede30f975410ce17d32cea631c13ff3afc52886ea032b210c615f9e6
2ec7385a77bb5cd17c5f2f22c2eb186b9271deaa4fe9e9a9d5ed1307e06ae59a
2fbd9faf06c793a781482bc407ba0b8b36c3b636e400dd09fed6298f7f488883
4509708cf5cd00aa0f89f310816781510fd140aa57480322439b8a548e62b613
50c60e6a2dc8fe9b03078acae7f9b6a8b25f3fd7e7204d298d9fcaeb4fb379eb
523243dee434c910e0f14c392221f59b9e08201c061bd69278eaead3794dffac
54635ed662026a4e02387ea29e68e01c1f2f281d058fecc6dd6d1d2aa078ac56
77fbd3c491cee3c339f6438444cfbbbf06f72aa5e61f910b0d85b5fdf52c3c97
7b70394b453a1a298bb342db03e72c46eabb713197d08922008b6db3e1181a44
91a5fbb1d943ca213ceff791f6ec63c5d543d6c25e7b07d332cec636c62a2d73
91e7efe178e813ee505bc6e5bcba4bc8144a2f9673eec98c401c68d36363c5f1
922afb64cfc75d74678063d3f796e694c9bac74a443d93a58ded1e808c339bf3
9bba638ad4369f4e81421ea6878d9adec95b53c28c2507a9c8641927038a0eaa
9e4a2a5eecd168ef543fbb90e26aefd03a9109cf8fe129a79f3370aef4e8a4c2
a95ca3ece214863aa2e2158819ba72bae4aad1a269eed6729f1b27e817ba9f99
b22c0f9d114ce72e4883f1c0cfad21e391518525fa4ac471ba27f75c81fa7174
b9c9cda1aef9594dd8852dce568f34e82af0c70456287b07d087c526c3def011
c5f2a3006b477bbc9fa011334186b8fef76035f11a9f80ec2ac35b30d1c7d59c
c936290cfb0d635cb65be5bfd10391f59bfde98f69cac7d4c9e1273d82495876
d396e8ad90517bbbc5ebe43253d0b813198321b22899cefbbd9da30b82c4069f
d7f3d6f08366c5e1cb0901586b1e8ce7fb973cb81d34bbce31f3caca7e1cc0ce
db1ef769b6cfd144b785c324fcc487d9a6b9c27e41e1fc2afe6a90a5cf5f6a4d
e0c72349156c3a8d20078cbb0931eb233d302b7ccd486ad18139d810ede8628b
f3b1cd5303db88e52a443d2317fb7cef37c68229d10869768c4c0daf4a982fc5
f94547f911fafb348945a99d496d0c0a030b21d689ca9bffa8a1767359c039bf