urlscan.io logo urlscan.io
SecurityTrails logo

online.winorama.com Open in urlscan Pro
2606:4700:20::681a:ebb  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://bankznow.com/
Effective URL: https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliatePro...
Submission: On September 06 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 15 IPs in 4 countries across 15 domains to perform 34 HTTP transactions. The main IP is 2606:4700:20::681a:ebb, located in United States and belongs to CLOUDFLARENET, US. The main domain is online.winorama.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 17th 2020. Valid for: a year.
This is the only time online.winorama.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 107.161.23.204 3842 (RAMNODE)
1 1 204.188.203.155 46844 (ST-BGP)
1 1 45.79.107.58 63949 (LINODE-AP...)
1 1 107.179.2.226 46573 (LAYER-HOST)
1 2 179.61.143.110 61317 (ASDETUK h...)
1 2 2606:4700:20:... 13335 (CLOUDFLAR...)
3 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
11 2606:4700:303... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
2 2606:4700:10:... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 2606:4700::68... 13335 (CLOUDFLAR...)
2 199.187.116.153 11054 (LIVEPERSON)
2 2a03:6400:10:... 11054 (LIVEPERSON)
2 2a03:6400:32:... 11054 (LIVEPERSON)
2 208.89.12.87 11054 (LIVEPERSON)
34 15
1    107.161.23.204 (Atlanta, United States)

ASN3842 (RAMNODE, US)
PTR: parking.namesilo.com
bankznow.com
1    204.188.203.155 (Chicago, United States)

ASN46844 (ST-BGP, US)
PTR: sixsigma5.ssbrmkt.com.br
www.bankznow.com
1    45.79.107.58 (Fremont, United States)

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: li1206-58.members.linode.com
www.316track.com
1    107.179.2.226 (Los Angeles, United States)

ASN46573 (LAYER-HOST, US)
6w1.quickagilessl.com
2    179.61.143.110 (Vienna, Austria)

ASN61317 (ASDETUK http://www.heficed.com, GB)
egtxiy.nd4he960dw.top
2    2606:4700:20::681a:2b7 (United States)

ASN13335 (CLOUDFLARENET, US)
click.power-ppp.com
3    2606:4700:20::681a:ebb (United States)

ASN13335 (CLOUDFLARENET, US)
online.winorama.com
secure.winorama.com
1    2a00:1450:4001:81c::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
11    2606:4700:3033::ac43:c659 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.cg-platform.com
1    2a00:1450:4001:81f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
2    2606:4700:10::ac43:1436 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.netoplay.com
cdn-origin.netoplay.com
1    2a00:1450:4001:820::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    2a00:1450:4001:800::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    2606:4700::6813:9308 (United States)

ASN13335 (CLOUDFLARENET, US)
script.crazyegg.com
2    199.187.116.153 (United States)

ASN11054 (LIVEPERSON, US)
lptag.liveperson.net
2    2a03:6400:10:0:178:249:97:99 (United Kingdom)

ASN11054 (LIVEPERSON, US)
accdn.lpsnmedia.net
2    2a03:6400:32:0:103:41:33:35 (United Kingdom)

ASN11054 (LIVEPERSON, US)
lpcdn.lpsnmedia.net
2    208.89.12.87 (United States)

ASN11054 (LIVEPERSON, US)
PTR: va.v.liveperson.net
va.v.liveperson.net
Domain Requested by
11 cdn.cg-platform.com online.winorama.com
cdn.cg-platform.com
2 va.v.liveperson.net lptag.liveperson.net
2 lpcdn.lpsnmedia.net lptag.liveperson.net
2 accdn.lpsnmedia.net lptag.liveperson.net
2 lptag.liveperson.net egtxiy.nd4he960dw.top
2 script.crazyegg.com www.googletagmanager.com
script.crazyegg.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 online.winorama.com egtxiy.nd4he960dw.top
online.winorama.com
2 click.power-ppp.com 1 redirects
2 egtxiy.nd4he960dw.top 1 redirects
1 secure.winorama.com
1 www.googletagmanager.com online.winorama.com
1 cdn-origin.netoplay.com online.winorama.com
1 fonts.gstatic.com fonts.googleapis.com
1 cdn.netoplay.com online.winorama.com
1 ajax.googleapis.com online.winorama.com
1 fonts.googleapis.com online.winorama.com
1 6w1.quickagilessl.com 1 redirects
1 www.316track.com 1 redirects
1 www.bankznow.com 1 redirects
1 bankznow.com 1 redirects
34 21

This site contains no links.

Subject Issuer Validity Valid
nd4he960dw.top
Let's Encrypt Authority X3		 2020-08-11 -
2020-11-09		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2020-07-17 -
2021-07-17		 a year crt.sh
upload.video.google.com
GTS CA 1O1		 2020-08-19 -
2020-11-11		 3 months crt.sh
*.gstatic.com
GTS CA 1O1		 2020-08-19 -
2020-11-11		 3 months crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-08-19 -
2020-11-11		 3 months crt.sh
*.liveperson.net
COMODO RSA Organization Validation Secure Server CA		 2017-12-17 -
2020-12-16		 3 years crt.sh
*.lpsnmedia.net
COMODO RSA Organization Validation Secure Server CA		 2018-02-26 -
2021-02-25		 3 years crt.sh
*.v.liveperson.net
Sectigo RSA Organization Validation Secure Server CA		 2020-04-13 -
2022-04-13		 2 years crt.sh

This page contains 2 frames:

Primary Page: https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936&ABClicks=1&shorten_link=57eb89f5005fb&shorten_target=8367&netoClickId=5f5486765e0f95c357cff8ef
Frame ID: 26990BEF62826A47F4B0971330EB2F85
Requests: 33 HTTP requests in this frame

Frame: https://lpcdn.lpsnmedia.net/le_secure_storage/3.10.0.1-release_5033/storage.secure.min.html?loc=https%3A%2F%2Fonline.winorama.com&site=70099149&env=prod
Frame ID: 7217FAC81ADD2136E29FF02956162D1C
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://bankznow.com/ HTTP 301
    http://www.bankznow.com/ HTTP 301
    https://www.316track.com/rd/r.php?sid=591&pub=650293&c1=907&c2=&c3= HTTP 302
    https://6w1.quickagilessl.com/?s1=650293&s2=295901386&s3=8 HTTP 302
    https://egtxiy.nd4he960dw.top/?sov=15704ff106c&hid=eigekeomkqiuigisug&s1=650293&s2=295901386&s3=8&cntrl=00... Page URL
  2. https://egtxiy.nd4he960dw.top/NET920gratoramacpldeCH.html?sov=15704ff106c&s1=650293&s2=295901386&s3=8&cntr... HTTP 302
    https://click.power-ppp.com/click/57eb89f5005fb?brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliate... HTTP 302
    https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • script /^https?:\/\/lptag\.liveperson\.net\/tag\/tag\.js/i
Overall confidence: 100%
Detected patterns
  • script /script\.crazyegg\.com\/pages\/scripts\/\d+\/\d+\.js/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
Overall confidence: 100%
Detected patterns
  • html /googletagmanager\.com\/ns\.html[^>]+><\/iframe>/i
  • html /<!-- (?:End )?Google Tag Manager -->/i
Overall confidence: 100%
Detected patterns
  • script /swfobject.*\.js/i
Overall confidence: 100%
Detected patterns
  • script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

34
Requests

100 %
HTTPS

63 %
IPv6

15
Domains

21
Subdomains

15
IPs

4
Countries

598 kB
Transfer

1059 kB
Size

16
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://bankznow.com/ HTTP 301
    http://www.bankznow.com/ HTTP 301
    https://www.316track.com/rd/r.php?sid=591&pub=650293&c1=907&c2=&c3= HTTP 302
    https://6w1.quickagilessl.com/?s1=650293&s2=295901386&s3=8 HTTP 302
    https://egtxiy.nd4he960dw.top/?sov=15704ff106c&hid=eigekeomkqiuigisug&s1=650293&s2=295901386&s3=8&cntrl=00000&pid=22624&redid=85287&gsid=488&campaign_id=1228&p_id=22624&id=XNSX.-r85287-t488&impid=1a4e8f00-f00d-11ea-a852-fa245441bcee Page URL
  2. https://egtxiy.nd4he960dw.top/NET920gratoramacpldeCH.html?sov=15704ff106c&s1=650293&s2=295901386&s3=8&cntrl=00000&pid=22624&redid=85287&gsid=488&campaign_id=1228&p_id=22624&id=XNSX.-r85287-t488&impid=1a4e8f00-f00d-11ea-a852-fa245441bcee&tov=684616 HTTP 302
    https://click.power-ppp.com/click/57eb89f5005fb?brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936 HTTP 302
    https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936&ABClicks=1&shorten_link=57eb89f5005fb&shorten_target=8367&netoClickId=5f5486765e0f95c357cff8ef Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://bankznow.com/ HTTP 301
  • http://www.bankznow.com/ HTTP 301
  • https://www.316track.com/rd/r.php?sid=591&pub=650293&c1=907&c2=&c3= HTTP 302
  • https://6w1.quickagilessl.com/?s1=650293&s2=295901386&s3=8 HTTP 302
  • https://egtxiy.nd4he960dw.top/?sov=15704ff106c&hid=eigekeomkqiuigisug&s1=650293&s2=295901386&s3=8&cntrl=00000&pid=22624&redid=85287&gsid=488&campaign_id=1228&p_id=22624&id=XNSX.-r85287-t488&impid=1a4e8f00-f00d-11ea-a852-fa245441bcee

34 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Cookie set /
egtxiy.nd4he960dw.top/
Redirect Chain
  • http://bankznow.com/
  • http://www.bankznow.com/
  • https://www.316track.com/rd/r.php?sid=591&pub=650293&c1=907&c2=&c3=
  • https://6w1.quickagilessl.com/?s1=650293&s2=295901386&s3=8
  • https://egtxiy.nd4he960dw.top/?sov=15704ff106c&hid=eigekeomkqiuigisug&s1=650293&s2=295901386&s3=8&cntrl=00000&pid=22624&redid=85287&gsid=488&campaign_id=1228&p_id=22624&id=XNSX.-r85287-t488&impid=1...
1 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://egtxiy.nd4he960dw.top/?sov=15704ff106c&hid=eigekeomkqiuigisug&s1=650293&s2=295901386&s3=8&cntrl=00000&pid=22624&redid=85287&gsid=488&campaign_id=1228&p_id=22624&id=XNSX.-r85287-t488&impid=1a4e8f00-f00d-11ea-a852-fa245441bcee
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
179.61.143.110 Vienna, Austria, ASN61317 (ASDETUK http://www.heficed.com, GB),
Reverse DNS
Software
/
Resource Hash
48d1944cbc1d5827027d7ef58b15d84d05c2cb1fc395b82d728f4c4ab8de0128

Request headers

Host
egtxiy.nd4he960dw.top
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 06 Sep 2020 06:49:26 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie
ci_session=CelVulRZTcRJ1OsbXm%2FJ5nJRhr%2FLWdnyPyKyV%2BqRQnJnL5TQvJQ1b7YkXpabviStGq3QR77yar6LZtdPx3rXUiUp68mmAUzySH4rgp2g7AVjRIdLP7tMlbM8Hd5wwObY7m%2FSXaeIsyLGQOHCCZ2UyJ6VO0ZqyQZ%2BQyRgHDqHIyeS5hPyJqC4mHgl6UIaRFe2FF0Apin48PR11Lt8BcCM7x29bFzvmxyoU1yJwnONLM7JaJgxGJZ%2BYAy0on%2Fjq4tp3U67MRfTy51kw%2FVOCGhQHmnOe61N5pQwWz9DGbwtO09OTqYAS7rrqFbecNTDWWG86zPQNy68N43m7OrxAPwVlb7Z0broSxDklqzaynC8Vmovr%2FgAsYC9F9VG0eyY4lI9ROhRLPU7JK4mM44xZAaQKpN8PeFY0w9RxsZPu1g6y4IqS5TcICZ%2BBya2NcIJ7Re0dRcmMdXDMAfD77kwKXbKDw%3D%3D; expires=Mon, 07-Sep-2020 06:49:26 GMT; Max-Age=86400; path=/; domain=.egtxiy.nd4he960dw.top click_id_1a4e8f00-f00d-11ea-a852-fa245441bcee=1ac5f98c-f00d-11ea-9b65-2d74e951a936 id=XNSX.650293%253A%253A295901386%253A%253A8; expires=Mon, 07-Sep-2020 06:51:06 GMT; Max-Age=86500; path=/; domain=.egtxiy.nd4he960dw.top SITE_ID=15704ff106c; expires=Mon, 07-Sep-2020 06:51:06 GMT; Max-Age=86500; path=/; domain=.egtxiy.nd4he960dw.top sov=15704ff106c; expires=Mon, 07-Sep-2020 06:51:06 GMT; Max-Age=86500; path=/; domain=.egtxiy.nd4he960dw.top tov=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.egtxiy.nd4he960dw.top mov=casino.mini; expires=Mon, 07-Sep-2020 06:51:06 GMT; Max-Age=86500; path=/; domain=.egtxiy.nd4he960dw.top redid=85287; expires=Mon, 07-Sep-2020 06:51:06 GMT; Max-Age=86500; path=/; domain=.egtxiy.nd4he960dw.top campaign_id=1228; expires=Mon, 07-Sep-2020 06:51:06 GMT; Max-Age=86500; path=/; domain=.egtxiy.nd4he960dw.top gsid=488; expires=Mon, 07-Sep-2020 06:51:06 GMT; Max-Age=86500; path=/; domain=.egtxiy.nd4he960dw.top pid=22624; expires=Mon, 07-Sep-2020 06:51:06 GMT; Max-Age=86500; path=/; domain=.egtxiy.nd4he960dw.top ref=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.egtxiy.nd4he960dw.top impid=1a4e8f00-f00d-11ea-a852-fa245441bcee; expires=Mon, 07-Sep-2020 06:51:06 GMT; Max-Age=86500; path=/; domain=.egtxiy.nd4he960dw.top URI=sov%3D15704ff106c%26hid%3Deigekeomkqiuigisug%26s1%3D650293%26s2%3D295901386%26s3%3D8%26cntrl%3D00000%26pid%3D22624%26redid%3D85287%26gsid%3D488%26campaign_id%3D1228%26p_id%3D22624%26id%3DXNSX.-r85287-t488%26impid%3D1a4e8f00-f00d-11ea-a852-fa245441bcee; expires=Mon, 07-Sep-2020 06:51:06 GMT; Max-Age=86500; path=/; domain=.egtxiy.nd4he960dw.top templateid=2889; expires=Mon, 07-Sep-2020 06:51:06 GMT; Max-Age=86500; path=/; domain=.egtxiy.nd4he960dw.top path=redirect; expires=Mon, 07-Sep-2020 06:51:06 GMT; Max-Age=86500; path=/; domain=.egtxiy.nd4he960dw.top version=684616; expires=Mon, 07-Sep-2020 06:51:06 GMT; Max-Age=86500; path=/; domain=.egtxiy.nd4he960dw.top tags[2889][expand_enable]=-1; expires=Mon, 07-Sep-2020 06:51:06 GMT; Max-Age=86500; path=/; domain=.egtxiy.nd4he960dw.top tags[2889][alert_enable]=0; expires=Mon, 07-Sep-2020 06:51:06 GMT; Max-Age=86500; path=/; domain=.egtxiy.nd4he960dw.top tags[2889][audio_enable]=0; expires=Mon, 07-Sep-2020 06:51:06 GMT; Max-Age=86500; path=/; domain=.egtxiy.nd4he960dw.top tags[2889][pop_enable]=0; expires=Mon, 07-Sep-2020 06:51:06 GMT; Max-Age=86500; path=/; domain=.egtxiy.nd4he960dw.top tags[684616][expand_enable]=-1; expires=Mon, 07-Sep-2020 06:51:06 GMT; Max-Age=86500; path=/; domain=.egtxiy.nd4he960dw.top tags[684616][alert_enable]=0; expires=Mon, 07-Sep-2020 06:51:06 GMT; Max-Age=86500; path=/; domain=.egtxiy.nd4he960dw.top tags[684616][audio_enable]=0; expires=Mon, 07-Sep-2020 06:51:06 GMT; Max-Age=86500; path=/; domain=.egtxiy.nd4he960dw.top tags[684616][pop_enable]=0; expires=Mon, 07-Sep-2020 06:51:06 GMT; Max-Age=86500; path=/; domain=.egtxiy.nd4he960dw.top content=684616; expires=Mon, 07-Sep-2020 06:51:06 GMT; Max-Age=86500; path=/; domain=.egtxiy.nd4he960dw.top token=5a2baa3e513d9d398b42d0cc4686812e; expires=Mon, 07-Sep-2020 06:51:06 GMT; Max-Age=86500; path=/; domain=.egtxiy.nd4he960dw.top rpm=37; expires=Mon, 07-Sep-2020 06:51:06 GMT; Max-Age=86500; path=/; domain=.egtxiy.nd4he960dw.top log_15704ff106c=1; expires=Mon, 07-Sep-2020 06:51:06 GMT; Max-Age=86500; path=/; domain=.egtxiy.nd4he960dw.top token=5a2baa3e513d9d398b42d0cc4686812e; expires=Mon, 07-Sep-2020 06:51:06 GMT; Max-Age=86500; path=/; domain=.egtxiy.nd4he960dw.top rpm=37; expires=Mon, 07-Sep-2020 06:51:06 GMT; Max-Age=86500; path=/; domain=.egtxiy.nd4he960dw.top payload=e50f99366873cb2aa08191b76271b30b676a638653102804b0eca001412e1b29d554e632f13a0619de859860a58fe74d3791cbde07d3dcff5088081b6537ba6337993045b7ecaa3022a5aaed5d5b13ad3bdf488d4a70b1696279c3e69c38a8c8799fa6adc9bbea52800f6f6e6cd97e7f67fb09c16beee7392b23cfb7536ed0d2f37d1448ce57c53a4e1252d1e9932c3f79b7c97f2e766bb0a2aee7025cd7e7c669f62899e4627de9d068d980bbeb5ca8c85b3da6798b41ecc7748a6e5f079409038bf0091f4f43de5311af8138ceffef55dc16ca9723e5d48549d4085c4ea0e4317ee789492805486e2bfed85878b8451cc531e18a475e1e90e26f47b227fb2b7af1fc4f9d7607f6dc91a0f34b019d2081f57b61bddd09a2e19e67d46bef7098c275732d2bcf08a8f497b3f9dfa4711ffe9abea6115fc0c6d2774b0f423e292f75fe144d219267c76107f21886791f67961693d55da6425362610f57b53e596cd81396cd3e340a895133b56be814ddc8cc4044b6ee8fd42636055578c4c4cad288fde1e9c1acb8624fd9713ebc8ce364b471bc1e12891a54c594a214c2b08be90ca0335264165dd42db304b88c4cf05d3e183caef68c038e07a5d978259ef09b08d0a973bef7c03b5ebed00c320eba7a9f50102a3dfc9db5e66ba3bd21c67993cb52e7635e6c12276def30e39e63b544dd9965f369900e8b38d15a77c98c4f476dfd80b6404fb3c4268c474bc7887b3969a21888ceca4f76a6ff4ef51fbf5d6b71346056eb42c875becd253f03bfc60351063349ca645e6abc01f3ae3afd8255cce1a427ded561f0ef7f5adec3c9760b65e26580d2349cc368048424c500f36787922e79d644c3704681cdbb0982607480845df0a08869ce95a6526ab951cc5f1e655411b90f4ed31dc637f2c598740d62a1513da232204933e1b61bfd58d2592b8958db0ffe9b2cbbb9feaddf6a13b56403ffa5fd2b788736ca0d10d33ade96e4cff5a427ec0e590e1ecd3caded2f99dbee3301f469b74aeb992f3ebeb32622a3c5d6b704a2de26076aa08b509ba042f31e9bbb1ef17f8fd8fb59565469bbec7405ebb63dd87a35b9576d569bcddd817ccd2e3045125ea81ba1665ec992100a23949b84a3a09909642f9e0b26db3ed5435d8ca5abd03af32d10701282138a661c48d9891f9480dafa1a0a743c1d96e0eb5b11203e96e860e01b28738c7929c4fdab920323d451d90a2740f4a273084c96406dca7ae600dacbd46c290f2ec2cc21142aa51d34d79497ee386b3f539f1e3111b901aab089e2afabd9be627f64d071c50fbb03debb1ffa417a8afb8a88d04518a66ddcb0b341f26f21851e0f5fc281e78a68fcb21117a6d15133e259c99337b10b8d5d37abef67c226e79e94b442eeee381c7ffbb61043f7a197688d2a9da0e06cf6e6a1a351c1d1513db3677514f1e643660ebdbca68a808d99e2d5782d91c2b27b4ef203e307fbc98a26c37e3eb5e2ca62fde4f0e00323ac81d3940f02ee1d2ccca0bbab604a10e2a6d4cd6580247f3d639e86004adc1f4127887f93d6634c387eb9bf7e8982936854e9cc938e7d5b97751a615ebf01ba842a8656f62bf59ad4c0ea67f8ebe8a029fdd36bacbbe97f77d98c250523fe82202efb6ea42258dd0c310c6a5183c655797b923bd797a4a10aa11a3e6253db06a49b3806c31940c4a7f622bb70af404d441b1f4b58763c833484cdb7ea6eb578dbcfc2d02fbd7466f5f82f5db5957c658cdffea42a172c8989e83ca696ff117a68756eff875c7df702775c881b4ec30ace38398831d338191f1f40cbec448f486c930b30d541b701ea96e8e1cd4313c8913c7123483ed9cc6e42afa0eb146943a6495f1abe4681a49fbbc06adfe9839e014b00c85b6a4a0adf6c3c4d0ff71f936f64de4392b3d6f307dce94191ec100680c03b24c1caaa2215f9198f8c6001; expires=Mon, 07-Sep-2020 06:51:06 GMT; Max-Age=86500; path=/; domain=.egtxiy.nd4he960dw.top payloadIV=c683a9bd97f50ec31a174249f872f736; expires=Mon, 07-Sep-2020 06:51:06 GMT; Max-Age=86500; path=/; domain=.egtxiy.nd4he960dw.top init_ev=0; expires=Mon, 07-Sep-2020 06:51:06 GMT; Max-Age=86500; path=/; domain=.egtxiy.nd4he960dw.top id=XNSX.650293%253A%253A295901386%253A%253A8; expires=Mon, 07-Sep-2020 06:51:06 GMT; Max-Age=86500; path=/; domain=.egtxiy.nd4he960dw.top SITE_ID=15704ff106c; expires=Mon, 07-Sep-2020 06:51:06 GMT; Max-Age=86500; path=/; domain=.egtxiy.nd4he960dw.top sov=15704ff106c; expires=Mon, 07-Sep-2020 06:51:06 GMT; Max-Age=86500; path=/; domain=.egtxiy.nd4he960dw.top tov=684616; expires=Mon, 07-Sep-2020 06:51:06 GMT; Max-Age=86500; path=/; domain=.egtxiy.nd4he960dw.top mov=casino.mini; expires=Mon, 07-Sep-2020 06:51:06 GMT; Max-Age=86500; path=/; domain=.egtxiy.nd4he960dw.top redid=85287; expires=Mon, 07-Sep-2020 06:51:06 GMT; Max-Age=86500; path=/; domain=.egtxiy.nd4he960dw.top campaign_id=1228; expires=Mon, 07-Sep-2020 06:51:06 GMT; Max-Age=86500; path=/; domain=.egtxiy.nd4he960dw.top gsid=488; expires=Mon, 07-Sep-2020 06:51:06 GMT; Max-Age=86500; path=/; domain=.egtxiy.nd4he960dw.top pid=22624; expires=Mon, 07-Sep-2020 06:51:06 GMT; Max-Age=86500; path=/; domain=.egtxiy.nd4he960dw.top ref=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.egtxiy.nd4he960dw.top impid=1a4e8f00-f00d-11ea-a852-fa245441bcee; expires=Mon, 07-Sep-2020 06:51:06 GMT; Max-Age=86500; path=/; domain=.egtxiy.nd4he960dw.top tags[2889][iframe_enable]=0; expires=Mon, 07-Sep-2020 06:51:06 GMT; Max-Age=86500; path=/; domain=.egtxiy.nd4he960dw.top mini-backend=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
X-Source
Mini
X-Rot
684616
X-Sov
15704ff106c
Expires
Mon, 01 Jan 2001 00:00:00 GMT
Cache-Control
no-cache
Pragma
no-cache
Content-Encoding
gzip

Redirect headers

Date
Sun, 06 Sep 2020 06:49:25 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
X-ImpID
1a4e8f00-f00d-11ea-a852-fa245441bcee
Location
https://egtxiy.nd4he960dw.top/?sov=15704ff106c&hid=eigekeomkqiuigisug&s1=650293&s2=295901386&s3=8&cntrl=00000&pid=22624&redid=85287&gsid=488&campaign_id=1228&p_id=22624&id=XNSX.-r85287-t488&impid=1a4e8f00-f00d-11ea-a852-fa245441bcee
Set-Cookie
redir-backend=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Primary Request index.html
online.winorama.com/lps/de/slots/
Redirect Chain
  • https://egtxiy.nd4he960dw.top/NET920gratoramacpldeCH.html?sov=15704ff106c&s1=650293&s2=295901386&s3=8&cntrl=00000&pid=22624&redid=85287&gsid=488&campaign_id=1228&p_id=22624&id=XNSX.-r85287-t488&imp...
  • https://click.power-ppp.com/click/57eb89f5005fb?brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936
  • https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936&ABClicks=1&shorten...
7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936&ABClicks=1&shorten_link=57eb89f5005fb&shorten_target=8367&netoClickId=5f5486765e0f95c357cff8ef
Requested by
Host: egtxiy.nd4he960dw.top
URL: https://egtxiy.nd4he960dw.top/?sov=15704ff106c&hid=eigekeomkqiuigisug&s1=650293&s2=295901386&s3=8&cntrl=00000&pid=22624&redid=85287&gsid=488&campaign_id=1228&p_id=22624&id=XNSX.-r85287-t488&impid=1a4e8f00-f00d-11ea-a852-fa245441bcee
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:ebb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e827aa0079d754610cce8940d677a03376035e9e2627ae875a31c90307a8025d

Request headers

:method
GET
:authority
online.winorama.com
:scheme
https
:path
/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936&ABClicks=1&shorten_link=57eb89f5005fb&shorten_target=8367&netoClickId=5f5486765e0f95c357cff8ef
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://egtxiy.nd4he960dw.top/?sov=15704ff106c&hid=eigekeomkqiuigisug&s1=650293&s2=295901386&s3=8&cntrl=00000&pid=22624&redid=85287&gsid=488&campaign_id=1228&p_id=22624&id=XNSX.-r85287-t488&impid=1a4e8f00-f00d-11ea-a852-fa245441bcee
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://egtxiy.nd4he960dw.top/?sov=15704ff106c&hid=eigekeomkqiuigisug&s1=650293&s2=295901386&s3=8&cntrl=00000&pid=22624&redid=85287&gsid=488&campaign_id=1228&p_id=22624&id=XNSX.-r85287-t488&impid=1a4e8f00-f00d-11ea-a852-fa245441bcee

Response headers

status
200
date
Sun, 06 Sep 2020 06:49:26 GMT
content-type
text/html
set-cookie
__cfduid=d16d3000ea440a1bf12ba03c15e3dd4b91599374966; expires=Tue, 06-Oct-20 06:49:26 GMT; path=/; domain=.winorama.com; HttpOnly; SameSite=Lax; Secure
last-modified
Tue, 12 May 2020 10:53:27 GMT
vary
Accept-Encoding
cf-cache-status
DYNAMIC
cf-request-id
0503c657ed0000d6f1f787b200000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
5ce640064c0ed6f1-FRA
content-encoding
br

Redirect headers

status
302
date
Sun, 06 Sep 2020 06:49:26 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=d60c3762189a715299a13d44cf93d6b361599374966; expires=Tue, 06-Oct-20 06:49:26 GMT; path=/; domain=.power-ppp.com; HttpOnly; SameSite=Lax Click_57eb89f5005fb=a%3A1%3A%7Bi%3A0%3Bs%3A4%3A%228367%22%3B%7D; expires=Tue, 06-Oct-2020 06:49:26 GMT; Max-Age=2592000; path=/ Count=1; expires=Tue, 06-Oct-2020 06:49:26 GMT; Max-Age=2592000; path=/
rd
err: No redis
location
https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936&ABClicks=1&shorten_link=57eb89f5005fb&shorten_target=8367&netoClickId=5f5486765e0f95c357cff8ef
cf-cache-status
DYNAMIC
cf-request-id
0503c657690000c29ff40a4200000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
5ce640057a82c29f-FRA
css
fonts.googleapis.com/ 		7 KB
840 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:400,300,700
Requested by
Host: online.winorama.com
URL: https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936&ABClicks=1&shorten_link=57eb89f5005fb&shorten_target=8367&netoClickId=5f5486765e0f95c357cff8ef
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
6b1f5548a7fc890aa44b896f957ca567c10fdb011ca4e2cb42750f50f2d41e6f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936&ABClicks=1&shorten_link=57eb89f5005fb&shorten_target=8367&netoClickId=5f5486765e0f95c357cff8ef
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sun, 06 Sep 2020 06:49:26 GMT
server
ESF
date
Sun, 06 Sep 2020 06:49:26 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 06 Sep 2020 06:49:26 GMT
style.css
cdn.cg-platform.com/de/WR/slots/ 		1 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.cg-platform.com/de/WR/slots/style.css
Requested by
Host: online.winorama.com
URL: https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936&ABClicks=1&shorten_link=57eb89f5005fb&shorten_target=8367&netoClickId=5f5486765e0f95c357cff8ef
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:c659 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
94ed768f39c89fc71274c2846d8dc58ae164f1336cf664d208c53c822f437ed2

Request headers

Referer
https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936&ABClicks=1&shorten_link=57eb89f5005fb&shorten_target=8367&netoClickId=5f5486765e0f95c357cff8ef
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 06 Sep 2020 06:49:26 GMT
content-encoding
br
cf-cache-status
HIT
age
1292
x-guploader-uploadid
AAANsUnCaDlZS-DbnLeA9vELSJwcOfF1XtkUSqrZF8hFMHOTTfxOcpuKRNOqgHHRfTUaNPSO6RmZl0x32N_MUkXHKpk
x-goog-storage-class
MULTI_REGIONAL
status
200
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-type
text/css
cf-request-id
0503c6584300009754adb46200000001
last-modified
Thu, 22 Mar 2018 10:22:22 GMT
server
cloudflare
etag
W/"b5193cbf1869d8a83d643bb0c99b8204"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=E1nBIA==, md5=tRk8vxhp2Kg9ZDuwyZuCBA==
x-goog-generation
1521714142962656
cache-control
public, max-age=14400
x-goog-stored-content-length
1082
cf-ray
5ce64006d9949754-FRA
expires
Sun, 06 Sep 2020 07:27:54 GMT
swfobject.js
cdn.cg-platform.com/script/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cg-platform.com/script/swfobject.js
Requested by
Host: online.winorama.com
URL: https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936&ABClicks=1&shorten_link=57eb89f5005fb&shorten_target=8367&netoClickId=5f5486765e0f95c357cff8ef
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:c659 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2c798a1ed77d81808ccd071c777ab901965f0ed613cf47867f5e737d6671f905

Request headers

Referer
https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936&ABClicks=1&shorten_link=57eb89f5005fb&shorten_target=8367&netoClickId=5f5486765e0f95c357cff8ef
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 06 Sep 2020 06:49:26 GMT
content-encoding
br
cf-cache-status
HIT
age
6849068
x-guploader-uploadid
AAANsUnJwTTlQzpz6-kB3-D39zvVS__EXHT9VBm3ku9c2DFqs-OnPYwO44oE1c5JjBJs_Ahhm-vvsb_fIH62EOEaXQ
x-goog-storage-class
MULTI_REGIONAL
status
200
x-goog-metageneration
3
x-goog-stored-content-encoding
identity
content-type
application/javascript
cf-request-id
0503c6584300009754adb47200000001
last-modified
Thu, 18 Jan 2018 10:08:59 GMT
server
cloudflare
etag
W/"d51ac3392c9563764592fddfca470ea1"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=BopeQQ==, md5=1RrDOSyVY3ZFkv3fykcOoQ==
x-goog-generation
1516270139434877
cache-control
max-age=14400, 3456000
x-goog-stored-content-length
10070
cf-ray
5ce64006d9959754-FRA
expires
Sat, 19 Jun 2021 00:18:18 GMT
DE_logo.png
cdn.cg-platform.com/de/WR/slots/ 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cg-platform.com/de/WR/slots/DE_logo.png
Requested by
Host: online.winorama.com
URL: https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936&ABClicks=1&shorten_link=57eb89f5005fb&shorten_target=8367&netoClickId=5f5486765e0f95c357cff8ef
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:c659 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a97a711620aed9011a63ee2326ff742d1d678ad711ea1cd59166af81ee6780eb

Request headers

Referer
https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936&ABClicks=1&shorten_link=57eb89f5005fb&shorten_target=8367&netoClickId=5f5486765e0f95c357cff8ef
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 06 Sep 2020 06:49:26 GMT
cf-cache-status
HIT
age
1292
x-guploader-uploadid
AAANsUnNip1juIA1MHFfyW_k-3WLgSWb2DMF5ZsVwhsFp6JC4aLIDiYdhNTHtbCQBc0cmJr4HnyrLS3znwWtZyMB6Q
x-goog-storage-class
MULTI_REGIONAL
status
200
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-type
image/png
content-length
15232
cf-request-id
0503c6585600009754adb4a200000001
last-modified
Thu, 22 Mar 2018 10:22:22 GMT
server
cloudflare
etag
"bcb03359b2a9b4127a94ccfc881681d0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=XUndIw==, md5=vLAzWbKptBJ6lMz8iBaB0A==
x-goog-generation
1521714142496237
cache-control
public, max-age=14400
x-goog-stored-content-length
15232
accept-ranges
bytes
cf-ray
5ce64006f9ac9754-FRA
expires
Sun, 06 Sep 2020 07:27:54 GMT
DE_BG.jpg
cdn.cg-platform.com/de/WR/slots/ 		206 KB
206 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cg-platform.com/de/WR/slots/DE_BG.jpg
Requested by
Host: online.winorama.com
URL: https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936&ABClicks=1&shorten_link=57eb89f5005fb&shorten_target=8367&netoClickId=5f5486765e0f95c357cff8ef
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:c659 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aae06fad918c1dc569b99c236eb43012188be8cdbc9b344c08d5499f1c1cb44a

Request headers

Referer
https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936&ABClicks=1&shorten_link=57eb89f5005fb&shorten_target=8367&netoClickId=5f5486765e0f95c357cff8ef
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 06 Sep 2020 06:49:26 GMT
cf-cache-status
HIT
age
1292
x-guploader-uploadid
AAANsUm8l4k7BWs-VJfy17gAyNhUWGqPa7To4gJWwm3b-ZHFDTES8dZq3JzLBRLfToxC1IHBL5ZMZ2uHaoirm-K0dQ
x-goog-storage-class
MULTI_REGIONAL
status
200
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-type
image/jpeg
content-length
210612
cf-request-id
0503c6585600009754adb4b200000001
last-modified
Thu, 22 Mar 2018 10:22:22 GMT
server
cloudflare
etag
"b3574aa7f63f770208043933377172d6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=JA7xAw==, md5=s1dKp/Y/dwIIBDkzN3Fy1g==
x-goog-generation
1521714142049516
expires
Sun, 06 Sep 2020 07:27:54 GMT
cache-control
public, max-age=14400
x-goog-stored-content-length
210612
accept-ranges
bytes
cf-ray
5ce64006f9ae9754-FRA
cf-bgj
h2pri
DE_bt1.png
cdn.cg-platform.com/de/WR/slots/ 		10 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cg-platform.com/de/WR/slots/DE_bt1.png
Requested by
Host: online.winorama.com
URL: https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936&ABClicks=1&shorten_link=57eb89f5005fb&shorten_target=8367&netoClickId=5f5486765e0f95c357cff8ef
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:c659 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
150db10ec6edd21650851702b40403c14b5ec259d5fe928cba7015093ec066e9

Request headers

Referer
https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936&ABClicks=1&shorten_link=57eb89f5005fb&shorten_target=8367&netoClickId=5f5486765e0f95c357cff8ef
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 06 Sep 2020 06:49:26 GMT
cf-cache-status
HIT
age
1292
x-guploader-uploadid
AAANsUldsJRQ14LTTFrcE9LfZlemmChOC4zHJxngnIAbzuNQfGtfHCIXUZ8pWD7bmsyyO4OCXJAnz4LjP3eMKju9qg
x-goog-storage-class
MULTI_REGIONAL
status
200
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
image/png
content-length
10666
cf-request-id
0503c6585600009754adb4c200000001
last-modified
Sun, 26 Jan 2020 15:07:32 GMT
server
cloudflare
etag
"9569b984ffbef027a4990193c2ec4cab"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=v6kL2g==, md5=lWm5hP++8CekmQGTwuxMqw==
x-goog-generation
1580051252323479
cache-control
public, max-age=14400
x-goog-stored-content-length
10666
accept-ranges
bytes
cf-ray
5ce64006f9af9754-FRA
expires
Sun, 06 Sep 2020 07:27:54 GMT
DE_bt2.png
cdn.cg-platform.com/de/WR/slots/ 		11 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cg-platform.com/de/WR/slots/DE_bt2.png
Requested by
Host: online.winorama.com
URL: https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936&ABClicks=1&shorten_link=57eb89f5005fb&shorten_target=8367&netoClickId=5f5486765e0f95c357cff8ef
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:c659 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fa6fb6ce76a3618b2c9cb7dbfb28be19be81c06919430c631309207cf66a7349

Request headers

Referer
https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936&ABClicks=1&shorten_link=57eb89f5005fb&shorten_target=8367&netoClickId=5f5486765e0f95c357cff8ef
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 06 Sep 2020 06:49:26 GMT
cf-cache-status
HIT
age
1292
x-guploader-uploadid
AAANsUmPbWY_gPepMRukaY4Rs1M3CW0qSh7flV57-gc0OeIelDrBSZqETFEB5Y9Z80FFMKhWypu9Qq5GL55mgIvK4xM
x-goog-storage-class
MULTI_REGIONAL
status
200
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
image/png
content-length
11727
cf-request-id
0503c6585600009754adb4d200000001
last-modified
Sun, 26 Jan 2020 15:07:32 GMT
server
cloudflare
etag
"feb41251c3257a010e5de9e68f580318"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=mNMmuw==, md5=/rQSUcMlegEOXenmj1gDGA==
x-goog-generation
1580051252932308
cache-control
public, max-age=14400
x-goog-stored-content-length
11727
accept-ranges
bytes
cf-ray
5ce64006f9b09754-FRA
expires
Sun, 06 Sep 2020 07:27:54 GMT
DE_bt3.png
cdn.cg-platform.com/de/WR/slots/ 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cg-platform.com/de/WR/slots/DE_bt3.png
Requested by
Host: online.winorama.com
URL: https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936&ABClicks=1&shorten_link=57eb89f5005fb&shorten_target=8367&netoClickId=5f5486765e0f95c357cff8ef
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:c659 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
16ce51b5037fdc5974f9a9efbde97d7f65b6c70701e12f00be63e24d22b619db

Request headers

Referer
https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936&ABClicks=1&shorten_link=57eb89f5005fb&shorten_target=8367&netoClickId=5f5486765e0f95c357cff8ef
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 06 Sep 2020 06:49:26 GMT
cf-cache-status
HIT
age
1292
x-guploader-uploadid
AAANsUluSayXV5-amo_m3NZGMZWs4eQ8UWDTs_9gMA5lB3JgK6JdguXWBkvMvR_M_4NlIjzO_Zpu_jfi1ydLiRIWpdA
x-goog-storage-class
MULTI_REGIONAL
status
200
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
image/png
content-length
11380
cf-request-id
0503c6585800009754adb4e200000001
last-modified
Sun, 26 Jan 2020 15:07:32 GMT
server
cloudflare
etag
"2d674a5b0043fb5a64bea8060831b4e5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=AK+PMQ==, md5=LWdKWwBD+1pkvqgGCDG05Q==
x-goog-generation
1580051252323525
cache-control
public, max-age=14400
x-goog-stored-content-length
11380
accept-ranges
bytes
cf-ray
5ce64006f9b29754-FRA
expires
Sun, 06 Sep 2020 07:27:54 GMT
DE_BG2.jpg
cdn.cg-platform.com/de/WR/slots/ 		63 KB
63 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cg-platform.com/de/WR/slots/DE_BG2.jpg?v=1
Requested by
Host: online.winorama.com
URL: https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936&ABClicks=1&shorten_link=57eb89f5005fb&shorten_target=8367&netoClickId=5f5486765e0f95c357cff8ef
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:c659 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
355f7a0179962ac986aee5286dc751b737a975008afca96fbb1c58aec72a4ac9

Request headers

Referer
https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936&ABClicks=1&shorten_link=57eb89f5005fb&shorten_target=8367&netoClickId=5f5486765e0f95c357cff8ef
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 06 Sep 2020 06:49:26 GMT
cf-cache-status
DYNAMIC
age
1292
x-guploader-uploadid
ABg5-UyT7MT09ixTJJkutR2CwZEjpEICLrNqptpEW8sbTCu0g30jyXuvlYENr8xhLGVEnasp4yp00F49OqRP5b2yl-GRTITthQ
x-goog-storage-class
MULTI_REGIONAL
status
200
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-type
image/jpeg
content-length
64038
cf-request-id
0503c6585800009754adb4f200000001
last-modified
Mon, 15 Oct 2018 06:34:53 GMT
server
cloudflare
etag
"d757bce551e3427da7bb5503dfd791a5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=gsCi3w==, md5=11e85VHjQn2nu1UD39eRpQ==
x-goog-generation
1539585293614971
cache-control
public, max-age=3600
x-goog-stored-content-length
64038
accept-ranges
bytes
cf-ray
5ce64006f9b39754-FRA
expires
Sun, 06 Sep 2020 07:27:54 GMT
payment_and_security_de.png
cdn.cg-platform.com/de/WR/slots/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cg-platform.com/de/WR/slots/payment_and_security_de.png
Requested by
Host: online.winorama.com
URL: https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936&ABClicks=1&shorten_link=57eb89f5005fb&shorten_target=8367&netoClickId=5f5486765e0f95c357cff8ef
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:c659 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
99e02ef2118d3a231f53a29f91d80cdee09f55371f3eb0287589458e37aca15a

Request headers

Referer
https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936&ABClicks=1&shorten_link=57eb89f5005fb&shorten_target=8367&netoClickId=5f5486765e0f95c357cff8ef
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 06 Sep 2020 06:49:26 GMT
cf-cache-status
HIT
age
1292
x-guploader-uploadid
AAANsUk7xzUggCFdYkmCeP7LaotVwE8NExBmBHGmFANULaCQE3X3i32puYadNUw8NmG1CaywiQNpyDlJbaW4tOustBk
x-goog-storage-class
MULTI_REGIONAL
status
200
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-type
image/png
content-length
6611
cf-request-id
0503c6585800009754adb50200000001
last-modified
Thu, 22 Mar 2018 10:22:22 GMT
server
cloudflare
etag
"0c5fd525ae55df1c8b4224d406349120"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=8HMRqQ==, md5=DF/VJa5V3xyLQiTUBjSRIA==
x-goog-generation
1521714142827660
cache-control
public, max-age=14400
x-goog-stored-content-length
6611
accept-ranges
bytes
cf-ray
5ce64006f9b49754-FRA
expires
Sun, 06 Sep 2020 07:27:54 GMT
email-decode.min.js
online.winorama.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 		1 KB
858 B 		Script
General
Check archive.org
Download Go to
Full URL
https://online.winorama.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: online.winorama.com
URL: https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936&ABClicks=1&shorten_link=57eb89f5005fb&shorten_target=8367&netoClickId=5f5486765e0f95c357cff8ef
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:ebb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936&ABClicks=1&shorten_link=57eb89f5005fb&shorten_target=8367&netoClickId=5f5486765e0f95c357cff8ef
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 06 Sep 2020 06:49:26 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Tue, 01 Sep 2020 23:31:46 GMT
server
cloudflare
etag
W/"5f4ed9e2-4d7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
SAMEORIGIN
content-type
application/javascript
status
200
cache-control
max-age=172800, public
cf-ray
5ce64006ed69d6f1-FRA
cf-request-id
0503c658510000d6f1f7881200000001
expires
Tue, 08 Sep 2020 06:49:26 GMT
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.10.2/ 		91 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js
Requested by
Host: online.winorama.com
URL: https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936&ABClicks=1&shorten_link=57eb89f5005fb&shorten_target=8367&netoClickId=5f5486765e0f95c357cff8ef
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936&ABClicks=1&shorten_link=57eb89f5005fb&shorten_target=8367&netoClickId=5f5486765e0f95c357cff8ef
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 31 Aug 2020 11:04:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
503111
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
32954
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 31 Aug 2021 11:04:15 GMT
utils.js
cdn.cg-platform.com/script/ 		30 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cg-platform.com/script/utils.js
Requested by
Host: online.winorama.com
URL: https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936&ABClicks=1&shorten_link=57eb89f5005fb&shorten_target=8367&netoClickId=5f5486765e0f95c357cff8ef
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:c659 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8afbc38b350f84a6e687c79de1b6413c6e18509fc14968a8fa8329782ddf1bc3

Request headers

Referer
https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936&ABClicks=1&shorten_link=57eb89f5005fb&shorten_target=8367&netoClickId=5f5486765e0f95c357cff8ef
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 06 Sep 2020 06:49:26 GMT
content-encoding
br
cf-cache-status
HIT
age
1983
x-guploader-uploadid
ABg5-UwQkFWGpL8AYCJOzXrSE27bDa1JaBuXaj0rqbx6tmOsc8fq8wBD_FVjddL8_dYmCF4HYKgWPvC7L8TxbJ9F8WM
x-goog-storage-class
MULTI_REGIONAL
status
200
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
content-type
text/javascript
cf-request-id
0503c6585600009754adb49200000001
last-modified
Thu, 27 Aug 2020 13:02:51 GMT
server
cloudflare
etag
W/"f69410ba4e6b61628fe7ad47593b262c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=4Me8WA==, md5=9pQQuk5rYWKP561HWTsmLA==
x-goog-generation
1598533371588915
cache-control
public, max-age=14400
x-goog-stored-content-length
31174
cf-ray
5ce64006f9ab9754-FRA
expires
Sun, 06 Sep 2020 07:16:23 GMT
popups.js
cdn.netoplay.com/assets/js/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.netoplay.com/assets/js/popups.js?v=5
Requested by
Host: online.winorama.com
URL: https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936&ABClicks=1&shorten_link=57eb89f5005fb&shorten_target=8367&netoClickId=5f5486765e0f95c357cff8ef
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:10::ac43:1436 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936&ABClicks=1&shorten_link=57eb89f5005fb&shorten_target=8367&netoClickId=5f5486765e0f95c357cff8ef
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers
style.css
cdn.cg-platform.com/de/WR/slots/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cg-platform.com/de/WR/slots/style.css
Requested by
Host: cdn.cg-platform.com
URL: https://cdn.cg-platform.com/de/WR/slots/style.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:c659 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://cdn.cg-platform.com/de/WR/slots/style.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 06 Sep 2020 06:49:26 GMT
content-encoding
br
cf-cache-status
HIT
age
1292
x-guploader-uploadid
AAANsUnCaDlZS-DbnLeA9vELSJwcOfF1XtkUSqrZF8hFMHOTTfxOcpuKRNOqgHHRfTUaNPSO6RmZl0x32N_MUkXHKpk
x-goog-storage-class
MULTI_REGIONAL
status
200
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
content-type
text/css
cf-request-id
0503c6585800009754adb51200000001
last-modified
Thu, 22 Mar 2018 10:22:22 GMT
server
cloudflare
etag
W/"b5193cbf1869d8a83d643bb0c99b8204"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-goog-hash
crc32c=E1nBIA==, md5=tRk8vxhp2Kg9ZDuwyZuCBA==
x-goog-generation
1521714142962656
cache-control
public, max-age=14400
x-goog-stored-content-length
1082
cf-ray
5ce64006f9b69754-FRA
expires
Sun, 06 Sep 2020 07:27:54 GMT
mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v17/ 		9 KB
9 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,300,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:820::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://online.winorama.com
Referer
https://fonts.googleapis.com/css?family=Open+Sans:400,300,700
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 31 Aug 2020 11:04:00 GMT
x-content-type-options
nosniff
last-modified
Tue, 23 Jul 2019 19:30:49 GMT
server
sffe
age
503126
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9132
x-xss-protection
0
expires
Tue, 31 Aug 2021 11:04:00 GMT
visitorCountry.php
cdn-origin.netoplay.com/ 		354 B
577 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn-origin.netoplay.com/visitorCountry.php?language=de
Requested by
Host: online.winorama.com
URL: https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936&ABClicks=1&shorten_link=57eb89f5005fb&shorten_target=8367&netoClickId=5f5486765e0f95c357cff8ef
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:10::ac43:1436 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/5.5.9-1ubuntu4.29
Resource Hash
04cbc6ba55d63904e4aae6f3505070cf11cbf03444a8a67743f426de73e890a7

Request headers

Referer
https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936&ABClicks=1&shorten_link=57eb89f5005fb&shorten_target=8367&netoClickId=5f5486765e0f95c357cff8ef
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 06 Sep 2020 06:49:26 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
server
cloudflare
x-powered-by
PHP/5.5.9-1ubuntu4.29
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cf-ray
5ce640072aeae00b-FRA
content-length
189
cf-request-id
0503c658780000e00bea0ae200000001
gtm.js
www.googletagmanager.com/ 		127 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-MM92NX
Requested by
Host: online.winorama.com
URL: https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936&ABClicks=1&shorten_link=57eb89f5005fb&shorten_target=8367&netoClickId=5f5486765e0f95c357cff8ef
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
f42ae0af7d2542a2845a9ef1098ed5178462a2ff0b99554f092a2b6ea2040f0b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936&ABClicks=1&shorten_link=57eb89f5005fb&shorten_target=8367&netoClickId=5f5486765e0f95c357cff8ef
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 06 Sep 2020 06:49:27 GMT
content-encoding
br
vary
Accept-Encoding
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
45119
x-xss-protection
0
last-modified
Sun, 06 Sep 2020 06:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sun, 06 Sep 2020 06:49:27 GMT
/
secure.winorama.com/server/clickstats/ 		0
92 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.winorama.com/server/clickstats/?brandId=4&deviceCategory=1&campaignId=52730&mediaId=5788&affiliateProfileName=85287&referer=https%3A%2F%2Fonline.winorama.com%2Flps%2Fde%2Fslots%2Findex.html%3Fshorten_link%3D57eb89f5005fb%26shorten_target%3D8367%26netoClickId%3D5f5486765e0f95c357cff8ef%26Inc%3D71532112%26brandId%3D4%26campaignId%3D52730%26mediaId%3D5788%26mode%3D1%26affiliateProfileName%3D85287%26V1%3D1ac5f98c-f00d-11ea-9b65-2d74e951a936%26ABClicks%3D1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:ebb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936&ABClicks=1&shorten_link=57eb89f5005fb&shorten_target=8367&netoClickId=5f5486765e0f95c357cff8ef
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 06 Sep 2020 06:49:27 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
text/plain
status
200
cf-ray
5ce64008eab3d6f1-FRA
content-length
0
cf-request-id
0503c6598e0000d6f1f7896200000001
71532112
click.power-ppp.com/traffic/registration/minisite/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://click.power-ppp.com/traffic/registration/minisite/71532112
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:2b7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936&ABClicks=1&shorten_link=57eb89f5005fb&shorten_target=8367&netoClickId=5f5486765e0f95c357cff8ef
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers
analytics.js
www.google-analytics.com/ 		45 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MM92NX
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1fbd06d98ff87713eb030669571c929ab75539f05252f04ae1df807c28b20e95
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936&ABClicks=1&shorten_link=57eb89f5005fb&shorten_target=8367&netoClickId=5f5486765e0f95c357cff8ef
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 19 Aug 2020 20:46:40 GMT
server
Golfe2
age
5627
date
Sun, 06 Sep 2020 05:15:40 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18323
expires
Sun, 06 Sep 2020 07:15:40 GMT
6704.js
script.crazyegg.com/pages/scripts/0078/ 		17 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.crazyegg.com/pages/scripts/0078/6704.js?444271
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MM92NX
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8bedcb6af2cbdb366f52bdac2c9f5411227e0e6dae465f1937db3bc448443f89

Request headers

Referer
https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936&ABClicks=1&shorten_link=57eb89f5005fb&shorten_target=8367&netoClickId=5f5486765e0f95c357cff8ef
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 06 Sep 2020 06:49:27 GMT
content-encoding
gzip
cf-cache-status
HIT
ce-version
11.1.68
age
15187
cf-polished
origSize=17744
status
200
cf-request-id
0503c6599e0000c2db4aae7200000001
last-modified
Sun, 06 Sep 2020 02:36:20 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
access-control-expose-headers
CE-Version
cache-control
public, max-age=300, s-maxage=1209600
cf-ray
5ce64008fcf9c2db-FRA
cf-bgj
minify
tag.js
lptag.liveperson.net/tag/ 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lptag.liveperson.net/tag/tag.js?site=70099149
Requested by
Host: egtxiy.nd4he960dw.top
URL: https://egtxiy.nd4he960dw.top/?sov=15704ff106c&hid=eigekeomkqiuigisug&s1=650293&s2=295901386&s3=8&cntrl=00000&pid=22624&redid=85287&gsid=488&campaign_id=1228&p_id=22624&id=XNSX.-r85287-t488&impid=1a4e8f00-f00d-11ea-a852-fa245441bcee
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.187.116.153 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software
ws /
Resource Hash
cc490a8ef7deb4c7fba66f332ad8cdd39433675b95d2bd341300ab7b718f8e4e

Request headers

Referer
https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936&ABClicks=1&shorten_link=57eb89f5005fb&shorten_target=8367&netoClickId=5f5486765e0f95c357cff8ef
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 06 Sep 2020 06:49:27 GMT
content-encoding
gzip
last-modified
Tue, 21 Aug 2018 07:47:45 GMT
server
ws
etag
"5b7bc3a1-198d"
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
status
200
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control
public, max-age=630
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
content-length
6541
collect
www.google-analytics.com/j/ 		1 B
397 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j85&a=399171420&t=pageview&_s=1&dl=https%3A%2F%2Fonline.winorama.com%2Flps%2Fde%2Fslots%2Findex.html%3FInc%3D71532112%26brandId%3D4%26campaignId%3D52730%26mediaId%3D5788%26mode%3D1%26affiliateProfileName%3D85287%26V1%3D1ac5f98c-f00d-11ea-9b65-2d74e951a936%26ABClicks%3D1%26shorten_link%3D57eb89f5005fb%26shorten_target%3D8367%26netoClickId%3D5f5486765e0f95c357cff8ef&dr=https%3A%2F%2Fegtxiy.nd4he960dw.top%2F%3Fsov%3D15704ff106c%26hid%3Deigekeomkqiuigisug%26s1%3D650293%26s2%3D295901386%26s3%3D8%26cntrl%3D00000%26pid%3D22624%26redid%3D85287%26gsid%3D488%26campaign_id%3D1228%26p_id%3D22624%26id%3DXNSX.-r85287-t488%26impid%3D1a4e8f00-f00d-11ea-a852-fa245441bcee&dp=https%3A%2F%2Fonline.winorama.com%2Flps%2Fde%2Fslots%2Findex.html%3FInc%3D71532112%26brandId%3D4%26campaignId%3D52730%26mediaId%3D5788%26mode%3D1%26affiliateProfileName%3D85287%26V1%3D1ac5f98c-f00d-11ea-9b65-2d74e951a936%26ABClicks%3D1%26shorten_link%3D57eb89f5005fb%26shorten_target%3D8367%26netoClickId%3D5f5486765e0f95c357cff8ef&ul=en-us&de=UTF-8&dt=Winorama&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=1933010957&gjid=1475219301&cid=1562742934.1599374967&tid=UA-27702367-3&_gid=1729117704.1599374967&_r=1&gtm=2wg8q1MM92NX&cd1=4&cd3=85287&cd4=5788&cd6=52730&z=187779002
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936&ABClicks=1&shorten_link=57eb89f5005fb&shorten_target=8367&netoClickId=5f5486765e0f95c357cff8ef
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sun, 06 Sep 2020 06:49:27 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
200
content-type
text/plain
access-control-allow-origin
https://online.winorama.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
11.1.68.js
script.crazyegg.com/pages/versioned/common-scripts/ 		70 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.crazyegg.com/pages/versioned/common-scripts/11.1.68.js
Requested by
Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0078/6704.js?444271
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
48d02d1758575a3ee0e7ba8a0a1c29666b4f55a00d1bf15fd1703897febf4cdb

Request headers

Referer
https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936&ABClicks=1&shorten_link=57eb89f5005fb&shorten_target=8367&netoClickId=5f5486765e0f95c357cff8ef
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 06 Sep 2020 06:49:27 GMT
content-encoding
gzip
cf-cache-status
HIT
age
3222650
cf-polished
origSize=71592
status
200
cf-request-id
0503c659b40000c2db4aae8200000001
last-modified
Fri, 17 Jul 2020 16:40:52 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
5ce640092d37c2db-FRA
cf-bgj
minify
.jsonp
lptag.liveperson.net/lptag/api/account/70099149/configuration/applications/taglets/ 		241 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lptag.liveperson.net/lptag/api/account/70099149/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Requested by
Host: egtxiy.nd4he960dw.top
URL: https://egtxiy.nd4he960dw.top/?sov=15704ff106c&hid=eigekeomkqiuigisug&s1=650293&s2=295901386&s3=8&cntrl=00000&pid=22624&redid=85287&gsid=488&campaign_id=1228&p_id=22624&id=XNSX.-r85287-t488&impid=1a4e8f00-f00d-11ea-a852-fa245441bcee
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.187.116.153 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software
ws /
Resource Hash
8518c8a5cbd6968d5d5b47c372f0501edd6132f97dd98823c517e6b2d06fb900

Request headers

Referer
https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936&ABClicks=1&shorten_link=57eb89f5005fb&shorten_target=8367&netoClickId=5f5486765e0f95c357cff8ef
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 06 Sep 2020 06:49:28 GMT
content-encoding
gzip
server
ws
x-cache-status
HIT
access-control-allow-methods
GET, POST, PATCH
content-type
application/x-javascript
status
200
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control
public, max-age=630
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
/
accdn.lpsnmedia.net/api/account/70099149/configuration/setting/accountproperties/ 		4 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://accdn.lpsnmedia.net/api/account/70099149/configuration/setting/accountproperties/?cb=lpCb63793x67403
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/70099149/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a03:6400:10:0:178:249:97:99 , United Kingdom, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software
ws /
Resource Hash
76bcf704d5ca021ab219f02d8f54b846ba42c7042682e63e866bdfa529ae2dd0

Request headers

Referer
https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936&ABClicks=1&shorten_link=57eb89f5005fb&shorten_target=8367&netoClickId=5f5486765e0f95c357cff8ef
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 06 Sep 2020 06:49:28 GMT
content-encoding
gzip
server
ws
x-cache-status
HIT
vary
Accept
content-type
application/javascript
status
200
x-envoy-upstream-service-time
1
expires
Sun, 06 Sep 2020 06:49:50 GMT
zones
accdn.lpsnmedia.net/api/account/70099149/configuration/le-campaigns/ 		18 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://accdn.lpsnmedia.net/api/account/70099149/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/70099149/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a03:6400:10:0:178:249:97:99 , United Kingdom, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software
ws /
Resource Hash
f51501f3c90d4f33902fb172761559c851f1675eed5c3b9537bcb3f560d06b36

Request headers

Referer
https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936&ABClicks=1&shorten_link=57eb89f5005fb&shorten_target=8367&netoClickId=5f5486765e0f95c357cff8ef
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 06 Sep 2020 06:49:28 GMT
content-encoding
gzip
server
ws
x-cache-status
HIT
vary
Accept
content-type
application/javascript
status
200
x-envoy-upstream-service-time
2
expires
Sun, 06 Sep 2020 06:49:58 GMT
storage.secure.min.html
lpcdn.lpsnmedia.net/le_secure_storage/3.10.0.1-release_5033/ Frame 7217 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://lpcdn.lpsnmedia.net/le_secure_storage/3.10.0.1-release_5033/storage.secure.min.html?loc=https%3A%2F%2Fonline.winorama.com&site=70099149&env=prod
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/70099149/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a03:6400:32:0:103:41:33:35 , United Kingdom, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software
ws /
Resource Hash

Request headers

:method
GET
:authority
lpcdn.lpsnmedia.net
:scheme
https
:path
/le_secure_storage/3.10.0.1-release_5033/storage.secure.min.html?loc=https%3A%2F%2Fonline.winorama.com&site=70099149&env=prod
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936&ABClicks=1&shorten_link=57eb89f5005fb&shorten_target=8367&netoClickId=5f5486765e0f95c357cff8ef
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936&ABClicks=1&shorten_link=57eb89f5005fb&shorten_target=8367&netoClickId=5f5486765e0f95c357cff8ef

Response headers

status
200
date
Sun, 06 Sep 2020 06:49:31 GMT
content-type
text/html
last-modified
Mon, 30 Mar 2020 14:49:35 GMT
content-encoding
gzip
server
ws
vary
Origin
access-control-allow-methods
GET, POST, PATCH
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials
true
expires
Sun, 06 Sep 2020 06:59:31 GMT
cache-control
max-age=600
storage.secure.min.js
lpcdn.lpsnmedia.net/le_secure_storage/3.10.0.1-release_5033/ 		37 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lpcdn.lpsnmedia.net/le_secure_storage/3.10.0.1-release_5033/storage.secure.min.js?loc=https%3A%2F%2Fonline.winorama.com&site=70099149&force=1&env=prod
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/70099149/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a03:6400:32:0:103:41:33:35 , United Kingdom, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software
ws /
Resource Hash
90db019114bcb830c53464def2150205998e91e2f57435919648a90bde2a9805

Request headers

Referer
https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936&ABClicks=1&shorten_link=57eb89f5005fb&shorten_target=8367&netoClickId=5f5486765e0f95c357cff8ef
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 06 Sep 2020 06:49:32 GMT
content-encoding
gzip
last-modified
Mon, 30 Mar 2020 14:49:35 GMT
server
ws
vary
Origin
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
status
200
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control
max-age=600
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
expires
Sun, 06 Sep 2020 06:59:32 GMT
70099149
va.v.liveperson.net/api/js/ 		237 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://va.v.liveperson.net/api/js/70099149?&cb=lpCb43900x29665&t=sp&ts=1599374968930&pid=6519622327&tid=7386970449&pt=Winorama&u=https%3A%2F%2Fonline.winorama.com%2Flps%2Fde%2Fslots%2Findex.html%3FInc%3D71532112%26brandId%3D4%26campaignId%3D52730%26mediaId%3D5788%26mode%3D1%26affiliateProfileName%3D85287%26V1%3D1ac5f98c-f00d-11ea-9b65-2d74e951a936%26ABClicks%3D1%26shorten_link%3D57eb89f5005fb%26shorten_target%3D8367%26netoClickId%3D5f5486765e0f95c357cff8ef&r=https%3A%2F%2Fegtxiy.nd4he960dw.top%2F%3Fsov%3D15704ff106c%26hid%3Deigekeomkqiuigisug%26s1%3D650293%26s2%3D295901386%26s3%3D8%26cntrl%3D00000%26pid%3D22624%26redid%3D85287%26gsid%3D488%26campaign_id%3D1228%26p_id%3D22624%26id%3DXNSX.-r85287-t488%26impid%3D1a4e8f00-f00d-11ea-a852-fa245441bcee&df=0&os=1&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%7D%5D
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/70099149/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.89.12.87 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
va.v.liveperson.net
Software
ws /
Resource Hash
242bd693fe7ffcca07a3b43a7284bd0c9d89fc8dce1a97ef285429177f336503

Request headers

Referer
https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936&ABClicks=1&shorten_link=57eb89f5005fb&shorten_target=8367&netoClickId=5f5486765e0f95c357cff8ef
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 06 Sep 2020 06:49:32 GMT
content-encoding
gzip
server
ws
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
status
200
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control
no-store
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
70099149
va.v.liveperson.net/api/js/ 		111 B
854 B 		Script
General
Check archive.org
Download Go to
Full URL
https://va.v.liveperson.net/api/js/70099149?sid=om-qcYtXQFqPjV6vDp7mNA&cb=lpCb52049x45110&t=pl&ts=1599374971930&pid=6519622327&tid=7386970449&vid=EzZDNjYTQ3MDdiYzA2NWU0
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/70099149/configuration/applications/taglets/.jsonp?v=2.0&df=0&b=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.89.12.87 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
va.v.liveperson.net
Software
ws /
Resource Hash
38ff6efb47c387860c8519e2ace3204f7bf73d9a9ada8899cc4140517aa0173f

Request headers

Referer
https://online.winorama.com/lps/de/slots/index.html?Inc=71532112&brandId=4&campaignId=52730&mediaId=5788&mode=1&affiliateProfileName=85287&V1=1ac5f98c-f00d-11ea-9b65-2d74e951a936&ABClicks=1&shorten_link=57eb89f5005fb&shorten_target=8367&netoClickId=5f5486765e0f95c357cff8ef
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sun, 06 Sep 2020 06:49:32 GMT
content-encoding
gzip
server
ws
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
status
200
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control
no-store
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token

Verdicts & Comments Add Verdict or Comment

52 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes object| brandInfo object| swfobject function| $ function| jQuery object| platformWindow function| get_url_parameter function| getAllUrlParams object| Cookies object| Preferences function| getParamsFromFunction function| getParamsFromCookie function| checkInArray function| checkClick function| getStringCookieProperties function| OpenGamesWindowIt function| OpenGamesWindow function| openLiveChat function| printPixel function| registerUser function| isDepositor function| getVIPLevel function| fireEvent function| isReal object| lpMTagConfig function| lpAddMonitorTag function| getMobileDomain object| isMobile boolean| isNgBrand string| COOKIE_PREFIX object| jQuery110207712821513713843 function| countryCode function| getCurrencySymbol function| getCurrencyString function| getCurrencyForPlatform function| getServerDate function| extraParameters object| dataLayer string| swfVer string| str object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| lpTag object| gaplugins object| gaGlobal object| gaData object| CE2 object| CE2BH function| _typeof function| _extends

16 Cookies

Domain/Path Name / Value
.winorama.com/ Name: unikClick
Value: yes
.winorama.com/ Name: referer
Value: https%253A%252F%252Fonline.winorama.com%252Flps%252Fde%252Fslots%252Findex.html%253Fshorten_link%253D57eb89f5005fb%2526shorten_target%253D8367%2526netoClickId%253D5f5486765e0f95c357cff8ef%2526Inc%253D71532112%2526brandId%253D4%2526campaignId%253D52730%2526mediaId%253D5788%2526mode%253D1%2526affiliateProfileName%253D85287%2526V1%253D1ac5f98c-f00d-11ea-9b65-2d74e951a936%2526ABClicks%253D1
.winorama.com/ Name: netoClickId
Value: 5f5486765e0f95c357cff8ef
.winorama.com/ Name: brandId
Value: 4
.winorama.com/ Name: affiliateProfileName
Value: 85287
.winorama.com/ Name: shorten_link
Value: 57eb89f5005fb
.winorama.com/ Name: V1
Value: 1ac5f98c-f00d-11ea-9b65-2d74e951a936
.winorama.com/ Name: mediaId
Value: 5788
.winorama.com/ Name: shorten_target
Value: 8367
.winorama.com/ Name: ABClicks
Value: 1
.winorama.com/ Name: campaignId
Value: 52730
.winorama.com/ Name: IncPar
Value: 71532112
.winorama.com/ Name: Inc
Value: 71532112
.winorama.com/ Name: mode
Value: 1
.winorama.com/ Name: lang
Value: de
.winorama.com/ Name: __cfduid
Value: d16d3000ea440a1bf12ba03c15e3dd4b91599374966

1 Console Messages

Source Level URL
Text
console-api log URL: https://cdn.cg-platform.com/script/utils.js(Line 843)
Message:
https://cdn.cg-platform.com/de/WR/slots/payment_and_security_de.png

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

6w1.quickagilessl.com
accdn.lpsnmedia.net
ajax.googleapis.com
bankznow.com
cdn-origin.netoplay.com
cdn.cg-platform.com
cdn.netoplay.com
click.power-ppp.com
egtxiy.nd4he960dw.top
fonts.googleapis.com
fonts.gstatic.com
lpcdn.lpsnmedia.net
lptag.liveperson.net
online.winorama.com
script.crazyegg.com
secure.winorama.com
va.v.liveperson.net
www.316track.com
www.bankznow.com
www.google-analytics.com
www.googletagmanager.com
107.161.23.204
107.179.2.226
179.61.143.110
199.187.116.153
204.188.203.155
208.89.12.87
2606:4700:10::ac43:1436
2606:4700:20::681a:2b7
2606:4700:20::681a:ebb
2606:4700:3033::ac43:c659
2606:4700::6813:9308
2a00:1450:4001:800::2008
2a00:1450:4001:800::200e
2a00:1450:4001:81c::200a
2a00:1450:4001:81f::200a
2a00:1450:4001:820::2003
2a03:6400:10:0:178:249:97:99
2a03:6400:32:0:103:41:33:35
45.79.107.58
04cbc6ba55d63904e4aae6f3505070cf11cbf03444a8a67743f426de73e890a7
150db10ec6edd21650851702b40403c14b5ec259d5fe928cba7015093ec066e9
16ce51b5037fdc5974f9a9efbde97d7f65b6c70701e12f00be63e24d22b619db
1fbd06d98ff87713eb030669571c929ab75539f05252f04ae1df807c28b20e95
242bd693fe7ffcca07a3b43a7284bd0c9d89fc8dce1a97ef285429177f336503
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2c798a1ed77d81808ccd071c777ab901965f0ed613cf47867f5e737d6671f905
355f7a0179962ac986aee5286dc751b737a975008afca96fbb1c58aec72a4ac9
38ff6efb47c387860c8519e2ace3204f7bf73d9a9ada8899cc4140517aa0173f
48d02d1758575a3ee0e7ba8a0a1c29666b4f55a00d1bf15fd1703897febf4cdb
48d1944cbc1d5827027d7ef58b15d84d05c2cb1fc395b82d728f4c4ab8de0128
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
6b1f5548a7fc890aa44b896f957ca567c10fdb011ca4e2cb42750f50f2d41e6f
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
76bcf704d5ca021ab219f02d8f54b846ba42c7042682e63e866bdfa529ae2dd0
8518c8a5cbd6968d5d5b47c372f0501edd6132f97dd98823c517e6b2d06fb900
89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e
8afbc38b350f84a6e687c79de1b6413c6e18509fc14968a8fa8329782ddf1bc3
8bedcb6af2cbdb366f52bdac2c9f5411227e0e6dae465f1937db3bc448443f89
90db019114bcb830c53464def2150205998e91e2f57435919648a90bde2a9805
94ed768f39c89fc71274c2846d8dc58ae164f1336cf664d208c53c822f437ed2
99e02ef2118d3a231f53a29f91d80cdee09f55371f3eb0287589458e37aca15a
a97a711620aed9011a63ee2326ff742d1d678ad711ea1cd59166af81ee6780eb
aae06fad918c1dc569b99c236eb43012188be8cdbc9b344c08d5499f1c1cb44a
cc490a8ef7deb4c7fba66f332ad8cdd39433675b95d2bd341300ab7b718f8e4e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e827aa0079d754610cce8940d677a03376035e9e2627ae875a31c90307a8025d
f42ae0af7d2542a2845a9ef1098ed5178462a2ff0b99554f092a2b6ea2040f0b
f51501f3c90d4f33902fb172761559c851f1675eed5c3b9537bcb3f560d06b36
fa6fb6ce76a3618b2c9cb7dbfb28be19be81c06919430c631309207cf66a7349