urlscan.io logo urlscan.io
SecurityTrails logo

lp1s.web-security-addon.xyz Open in urlscan Pro
2606:4700:3032::6815:4895  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://nickelobeon.nl/
Effective URL: https://lp1s.web-security-addon.xyz/?&utm_campaign=00543_test-best&cep=25rizRKabrrrOT9usQnP9LOhx7ztkrigSOGjzvZI4Dxm-Ku9pm0U-lAqWVDaQ...
Submission: On October 19 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 4 countries across 8 domains to perform 7 HTTP transactions. The main IP is 2606:4700:3032::6815:4895, located in United States and belongs to CLOUDFLARENET, US. The main domain is lp1s.web-security-addon.xyz.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on December 18th 2020. Valid for: a year.
This is the only time lp1s.web-security-addon.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2 95.211.189.151 60781 (LEASEWEB-...)
2 2 173.192.101.24 36351 (SOFTLAYER)
2 3 35.201.103.0 15169 (GOOGLE)
1 1 212.32.250.2 60781 (LEASEWEB-...)
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
2 2606:4700:303... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
7 6
2    95.211.189.151 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
nickelobeon.nl
2    173.192.101.24 (Dallas, United States)

ASN36351 (SOFTLAYER, US)
PTR: 18.65.c0ad.ip4.static.sl-reverse.com
mybetterdl.com
p185689.mybetterdl.com
3    35.201.103.0 (Ascension Island)

ASN15169 (GOOGLE, US)
PTR: 0.103.201.35.bc.googleusercontent.com
www.greatdexchange.com
1    212.32.250.2 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
tracking.prmtracking3.com
1    2606:4700:3030::ac43:cd01 (United States)

ASN13335 (CLOUDFLARENET, US)
track.sparta-tracking.xyz
2    2606:4700:3032::6815:4895 (United States)

ASN13335 (CLOUDFLARENET, US)
lp1s.web-security-addon.xyz
1    2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
Domain Requested by
3 www.greatdexchange.com 2 redirects nickelobeon.nl
2 fonts.gstatic.com fonts.googleapis.com
2 lp1s.web-security-addon.xyz www.greatdexchange.com
lp1s.web-security-addon.xyz
2 nickelobeon.nl 1 redirects
1 fonts.googleapis.com lp1s.web-security-addon.xyz
1 track.sparta-tracking.xyz 1 redirects
1 tracking.prmtracking3.com 1 redirects
1 p185689.mybetterdl.com 1 redirects
1 mybetterdl.com 1 redirects
7 9

This site contains links to these domains. Also see Links.

Domain
www.web-security-addon.xyz
Subject Issuer Validity Valid
greatdexchange.com
Sectigo RSA Domain Validation Secure Server CA		 2021-02-18 -
2022-02-18		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2020-12-18 -
2021-12-17		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh
*.gstatic.com
GTS CA 1C3		 2021-09-13 -
2021-11-20		 2 months crt.sh

This page contains 1 frames:

Primary Page: https://lp1s.web-security-addon.xyz/?&utm_campaign=00543_test-best&cep=25rizRKabrrrOT9usQnP9LOhx7ztkrigSOGjzvZI4Dxm-Ku9pm0U-lAqWVDaQavV7tyOeQkNKzurZMa_XQ1foEkm93tZTecKFyI8UqOJ0k8Nr5HRsPVDkL5gSvO4116ynudKMCn9IN5GiXdnta8s3dNgdkY5ZO5gApSXc4H_3e8FSD1NlQ9bT-9ADz8uVMfkTqHnv4ieEillp7AAX_xzbRqLD_-joU6KnDeHUe8HbURqiFRioh98s1TR9LIVzuZ6spmitn0i8xvAvDDOpwi1bB0Zless8JYrBAPAuoe2OCb_FZ5dAvEIO7cNZf0HwllpDNXwqmyK7wGs7C1w-a3dfM0lw6yCW-ouQUMLS2Cpvzyf6lQ50_iGBMcowmM0PWJC-ATxP0j2aVmesCgJVIWn-F_ctpqsfLbR856RekM5ZsVJ9MqSWDzPWRE2uziqCpio&lptoken=164234746738741e3800&trafficsource.id=6_2714719-197812650-1736179157&externalid=616f2bb6d5f1d600018ba600
Frame ID: 2EADB81B2CDE7B69A2393EB7BAD0A0F4
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

WebSecurity

Page URL History Show full URLs

  1. http://nickelobeon.nl/ Page URL
  2. http://nickelobeon.nl/?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTYzNDY... HTTP 302
    https://mybetterdl.com/aS/feedclick?s=Un8YNmzNixpndAYfZXLGLStZ7ZClr2grXXYOCY6Emo1zYBFxsT_-rr1MrDN7N... HTTP 302
    https://p185689.mybetterdl.com/adServe/domainClick?ai=tMxzWfm12LoqfQ4cSEAyB3ITEokkkcff-RBTNy8WkAHxHf4t_mLY3... HTTP 302
    https://www.greatdexchange.com/jump/next.php?r=2714719&sub1=revenuehits&sub2={zoneid} Page URL
  3. https://www.greatdexchange.com/jump/next.php?stamat=m%257CJqIjfTI2aQdH8AH0dEdHP3xP.402%252C7H0PozvLiGV-YkDx... HTTP 302
    https://www.greatdexchange.com/script/i.php?stamat=m%257C%252C%252Cwjfnt2P-oGU3BU9GH0dEdHP3xP.cfe%252CFbOJq... HTTP 302
    https://tracking.prmtracking3.com/click?pid=6&offer_id=2433551&sub1=16346756383118995387104755229113315&sub2=2... HTTP 302
    https://track.sparta-tracking.xyz/d3a55da1-a8d7-4776-a91e-75c51408bbc5?trafficsource.id=6_2714719-197812650-17... HTTP 302
    https://lp1s.web-security-addon.xyz/?&utm_campaign=00543_test-best&cep=25rizRKabrrrOT9usQnP9LOhx7ztkrigSOGjzvZI4... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

7
Requests

86 %
HTTPS

50 %
IPv6

8
Domains

9
Subdomains

6
IPs

4
Countries

63 kB
Transfer

154 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://nickelobeon.nl/ Page URL
  2. http://nickelobeon.nl/?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTYzNDY4MjgzNiwiaWF0IjoxNjM0Njc1NjM2LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIycW5vaGw1YTdrMHE2bTJtczQwN2c5azMiLCJuYmYiOjE2MzQ2NzU2MzYsInRzIjoxNjM0Njc1NjM2NzI5Mjg1fQ.WXnWJ0F9Rwtp1dlYKK2CH-_cgH6SNV-GpjqyIWHeCig&sid=e20040f2-311b-11ec-90bf-8c227b850de8 HTTP 302
    https://mybetterdl.com/aS/feedclick?s=Un8YNmzNixpndAYfZXLGLStZ7ZClr2grXXYOCY6Emo1zYBFxsT_-rr1MrDN7NPIWnIFjje5HrPodK7X5QIc3n0hfs9IVa7UGgGUtnOtrdEShwgPSYDeeRhYRq2NAfQ6SiUnMKG1xv31r6HPqc5_T5XfmENYXbWzNNl6RGTsBSkn3TAU5FotHo-LBOllWwempJqY0OHJZytZWXnh3nuCgZd6WdSTCvsWq8t7P3QSg7qzgDTbmEu6_Rnpq4e3KrImy-rz_G_NOrWBOfcm7RJertw2m247T_5y_zHcQVZSy3iO5icdbMnnI8Rzfh8truqNJ-tfHqFc-wkOK2j6VSAthoQ4VsSTjgLl8n4V83_f7Zw5Nq8C_1Co2vV_XKmUFeKc75Yu5AVD__EAcZgUJL1Fa1DcXFgqkB3JZmQaeIIOByB376ZOcQ8wwiVOJex43ClnpcZg0OdVFy61m_RU2QRZvrYEIOeck7BSEtwo8m-BP6-xW6kSJrzFRTMOab3cd75lyrCEu7xhoBWRojIr4pNQzyi_ri4JX-1bBCA_bB53vv2DgPuDHcbBSjtrUAJQT3vtw5mSsgNPhzfbK3olh4o0XIG_00aTIgjhH8-SFsysd2NbYu_W8kgsv5bJuQSvxVydyixOCjdZ7U7u0qX7RSTPVQCXOXTSlTL7KGe-wHZHgDzfzZ00Wn6ezSJ_5-JS7tIqug4uzIhv-0RBEM_pXVo12AYznNH4T_nGoVRjvvdGPtjCpuxztmpccGV6psmh6NQr4_GZEozNffiZr6zCL4zDRdvuGP8gPj6wI-1tjTiRa_YDrkIW1cZFm6TdRvftPx4f5YHI_z70HZ8L7APJIj1Cl1_VJqppmCxXdu9ZSbf5qafFpwKVf1Fa7oss2s1ZQ7mR2o2tPACGDwyE1IGXB5Fchg9l6zmwxYmZRLjddtNgvdsvFKwAFgloipyfk0SD6B7cCTV8H7LgHZ4G-Exo371wuGWKzkGUyUMpZXMK3EZ9sMfcEn3pdnGSoQpHTA7Kz9fo94mKnTULy2teQgTesP9hhxGDRHWG4uWWICXGwoH8sHHIMxYMRwisSyW4UKVXLIUgDq2oIlaUhe4-JeKaP7K1ewgmFxxcjfl2jWjRlBavzIZ9OeYGVfsA2k2tEoPr5gUzrbHv3jRQmWnSLYv7gI6xZ1OUg_mm1P-liCptk2qgtd_wi2GcYVQnW1zBE5GUp_qqT1AtDTftr8Euc-9mlvYzqMWr6iq0Bv1yYehc3sljHGjZWKjcbzUT8HxR4YGsw_MP7XH8dLYd0OJGfO0oSOSkuPZ-R2caikcVZozpDbYDCimXp7kjFSHQv-K_rU7lSQr-SsmPqxo53hfEYRBKPz90kXOF-8HRrbc13hkzaQYSYz-YSrWVXkDXMj33vTnSSzfaNh1Q7_rneK2G5HBHAGI8aS9_HRx8axaqN2IBu2n015Mg HTTP 302
    https://p185689.mybetterdl.com/adServe/domainClick?ai=tMxzWfm12LoqfQ4cSEAyB3ITEokkkcff-RBTNy8WkAHxHf4t_mLY3PFt7iGxnQvy7Zraz8HqFZUTXnLPvbyStX_9b8ky2I1bKC7gQCEt6FVlqf_64l0Z6tuoTIETfKJBIthnGFUJ1tc-JVYK2wrAPqMhDqf7kErmaXEhXbKvSzGcjKjd2c6SeQ8B78vhYDGt7vZnww4CklAa1tnnJtMBrq8sw_i5vD2Oa12e38uuGfzEgz4XZP0gmwDojgHyynN1-rVVBwUbSr_tzFXyl2Xqp42dSrBkHXC218va1jhGFGI8jdqPtxH4UCJQ48Q3rpLLNlfGdf3DcofXCB6hjLj_YHAXkZifdxCbuZMoHaWmwuNtadod4QUG5-x8gRDqP9rSedozOvh8r9KXGxLswNnZTzVhJqUW8tgabJ-Hjf6JeOQ&ui=Un8YNmzNixpndAYfZXLGLZmqLhDpWjFVIaIc3yOo5HIa1tnnJtMBrtmaHwq165iqkh15gpwwtLsFZQtB_tQlUvQtDAFjV2xBSvcCNTRpSpz5ad_kZFJ5MA&si=1&oref=c62959cdf690439be1f12736010b3ebb&optunit=hkzaQYSYz-aoQ8KyluyrSA&rb=Rl_VhPiUh7k&rr=1&abtg=0 HTTP 302
    https://www.greatdexchange.com/jump/next.php?r=2714719&sub1=revenuehits&sub2={zoneid} Page URL
  3. https://www.greatdexchange.com/jump/next.php?stamat=m%257CJqIjfTI2aQdH8AH0dEdHP3xP.402%252C7H0PozvLiGV-YkDx825CHp86Ht71W_kQ03EiF4a-UpG-beK1I-ZqWoM6zZ5lNwa9fzBxUKm-HIs_114db_LxVSmAiFdpfetsNvRDsYyTjZZWYiPcjfCnkKESK2-Z2N8d&cbur=0.43895007408532005&cbtitle=&cbiframe=0&cbWidth=1600&cbHeight=1200&cbdescription=&cbkeywords=&cbref=http%3A%2F%2Fnickelobeon.nl%2F HTTP 302
    https://www.greatdexchange.com/script/i.php?stamat=m%257C%252C%252Cwjfnt2P-oGU3BU9GH0dEdHP3xP.cfe%252CFbOJq3tscpO7d9zh_8BQ6EgPx_vGFQrTp3RjIpfwf6IDTmsSkOmHggVIZhcrqyHtQc-QdvFUIJX_jOHgWQyYc_C7O4AXG2mwTXC66senZE3IIoh03ElvCDwIKBtOCuAVR2ly9tX3dxfmKkJPJR0e7NQJDLWZv1TyIDqvEa5NKI-rOYou5jZydwiOb3HWFjqytXTK0ne3_7KnjmldOsVdyUin9lGz_KuT76clV-wWqxgYGhAzvAShl5b7TuwjFZ6C9XqrXJ31FzMnHUWQ5De9mLafWfUmngaeI-tjOF8krEOAw8IQOlIZwskqkWlYAuezB1b4Yv0Zn60Ex6ZppPsEmfmLypYIZqUnCkZuCdGEPhV8AdIrTHkQZSkCsnf98E5-aOw6JbevyAroInMdPuwd-kQ-w0GGtF23I9aYCn1gcyB4wTVO_1bBiutFD7Cds3rQ6eU31u3PTHLTStEiKRThUp-KLcT94bqWLa3aavI1buw%252C HTTP 302
    https://tracking.prmtracking3.com/click?pid=6&offer_id=2433551&sub1=16346756383118995387104755229113315&sub2=2714719-197812650-1736179157 HTTP 302
    https://track.sparta-tracking.xyz/d3a55da1-a8d7-4776-a91e-75c51408bbc5?trafficsource.id=6_2714719-197812650-1736179157&externalid=616f2bb6d5f1d600018ba600 HTTP 302
    https://lp1s.web-security-addon.xyz/?&utm_campaign=00543_test-best&cep=25rizRKabrrrOT9usQnP9LOhx7ztkrigSOGjzvZI4Dxm-Ku9pm0U-lAqWVDaQavV7tyOeQkNKzurZMa_XQ1foEkm93tZTecKFyI8UqOJ0k8Nr5HRsPVDkL5gSvO4116ynudKMCn9IN5GiXdnta8s3dNgdkY5ZO5gApSXc4H_3e8FSD1NlQ9bT-9ADz8uVMfkTqHnv4ieEillp7AAX_xzbRqLD_-joU6KnDeHUe8HbURqiFRioh98s1TR9LIVzuZ6spmitn0i8xvAvDDOpwi1bB0Zless8JYrBAPAuoe2OCb_FZ5dAvEIO7cNZf0HwllpDNXwqmyK7wGs7C1w-a3dfM0lw6yCW-ouQUMLS2Cpvzyf6lQ50_iGBMcowmM0PWJC-ATxP0j2aVmesCgJVIWn-F_ctpqsfLbR856RekM5ZsVJ9MqSWDzPWRE2uziqCpio&lptoken=164234746738741e3800&trafficsource.id=6_2714719-197812650-1736179157&externalid=616f2bb6d5f1d600018ba600 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • http://nickelobeon.nl/?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTYzNDY4MjgzNiwiaWF0IjoxNjM0Njc1NjM2LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIycW5vaGw1YTdrMHE2bTJtczQwN2c5azMiLCJuYmYiOjE2MzQ2NzU2MzYsInRzIjoxNjM0Njc1NjM2NzI5Mjg1fQ.WXnWJ0F9Rwtp1dlYKK2CH-_cgH6SNV-GpjqyIWHeCig&sid=e20040f2-311b-11ec-90bf-8c227b850de8 HTTP 302
  • https://mybetterdl.com/aS/feedclick?s=Un8YNmzNixpndAYfZXLGLStZ7ZClr2grXXYOCY6Emo1zYBFxsT_-rr1MrDN7NPIWnIFjje5HrPodK7X5QIc3n0hfs9IVa7UGgGUtnOtrdEShwgPSYDeeRhYRq2NAfQ6SiUnMKG1xv31r6HPqc5_T5XfmENYXbWzNNl6RGTsBSkn3TAU5FotHo-LBOllWwempJqY0OHJZytZWXnh3nuCgZd6WdSTCvsWq8t7P3QSg7qzgDTbmEu6_Rnpq4e3KrImy-rz_G_NOrWBOfcm7RJertw2m247T_5y_zHcQVZSy3iO5icdbMnnI8Rzfh8truqNJ-tfHqFc-wkOK2j6VSAthoQ4VsSTjgLl8n4V83_f7Zw5Nq8C_1Co2vV_XKmUFeKc75Yu5AVD__EAcZgUJL1Fa1DcXFgqkB3JZmQaeIIOByB376ZOcQ8wwiVOJex43ClnpcZg0OdVFy61m_RU2QRZvrYEIOeck7BSEtwo8m-BP6-xW6kSJrzFRTMOab3cd75lyrCEu7xhoBWRojIr4pNQzyi_ri4JX-1bBCA_bB53vv2DgPuDHcbBSjtrUAJQT3vtw5mSsgNPhzfbK3olh4o0XIG_00aTIgjhH8-SFsysd2NbYu_W8kgsv5bJuQSvxVydyixOCjdZ7U7u0qX7RSTPVQCXOXTSlTL7KGe-wHZHgDzfzZ00Wn6ezSJ_5-JS7tIqug4uzIhv-0RBEM_pXVo12AYznNH4T_nGoVRjvvdGPtjCpuxztmpccGV6psmh6NQr4_GZEozNffiZr6zCL4zDRdvuGP8gPj6wI-1tjTiRa_YDrkIW1cZFm6TdRvftPx4f5YHI_z70HZ8L7APJIj1Cl1_VJqppmCxXdu9ZSbf5qafFpwKVf1Fa7oss2s1ZQ7mR2o2tPACGDwyE1IGXB5Fchg9l6zmwxYmZRLjddtNgvdsvFKwAFgloipyfk0SD6B7cCTV8H7LgHZ4G-Exo371wuGWKzkGUyUMpZXMK3EZ9sMfcEn3pdnGSoQpHTA7Kz9fo94mKnTULy2teQgTesP9hhxGDRHWG4uWWICXGwoH8sHHIMxYMRwisSyW4UKVXLIUgDq2oIlaUhe4-JeKaP7K1ewgmFxxcjfl2jWjRlBavzIZ9OeYGVfsA2k2tEoPr5gUzrbHv3jRQmWnSLYv7gI6xZ1OUg_mm1P-liCptk2qgtd_wi2GcYVQnW1zBE5GUp_qqT1AtDTftr8Euc-9mlvYzqMWr6iq0Bv1yYehc3sljHGjZWKjcbzUT8HxR4YGsw_MP7XH8dLYd0OJGfO0oSOSkuPZ-R2caikcVZozpDbYDCimXp7kjFSHQv-K_rU7lSQr-SsmPqxo53hfEYRBKPz90kXOF-8HRrbc13hkzaQYSYz-YSrWVXkDXMj33vTnSSzfaNh1Q7_rneK2G5HBHAGI8aS9_HRx8axaqN2IBu2n015Mg HTTP 302
  • https://p185689.mybetterdl.com/adServe/domainClick?ai=tMxzWfm12LoqfQ4cSEAyB3ITEokkkcff-RBTNy8WkAHxHf4t_mLY3PFt7iGxnQvy7Zraz8HqFZUTXnLPvbyStX_9b8ky2I1bKC7gQCEt6FVlqf_64l0Z6tuoTIETfKJBIthnGFUJ1tc-JVYK2wrAPqMhDqf7kErmaXEhXbKvSzGcjKjd2c6SeQ8B78vhYDGt7vZnww4CklAa1tnnJtMBrq8sw_i5vD2Oa12e38uuGfzEgz4XZP0gmwDojgHyynN1-rVVBwUbSr_tzFXyl2Xqp42dSrBkHXC218va1jhGFGI8jdqPtxH4UCJQ48Q3rpLLNlfGdf3DcofXCB6hjLj_YHAXkZifdxCbuZMoHaWmwuNtadod4QUG5-x8gRDqP9rSedozOvh8r9KXGxLswNnZTzVhJqUW8tgabJ-Hjf6JeOQ&ui=Un8YNmzNixpndAYfZXLGLZmqLhDpWjFVIaIc3yOo5HIa1tnnJtMBrtmaHwq165iqkh15gpwwtLsFZQtB_tQlUvQtDAFjV2xBSvcCNTRpSpz5ad_kZFJ5MA&si=1&oref=c62959cdf690439be1f12736010b3ebb&optunit=hkzaQYSYz-aoQ8KyluyrSA&rb=Rl_VhPiUh7k&rr=1&abtg=0 HTTP 302
  • https://www.greatdexchange.com/jump/next.php?r=2714719&sub1=revenuehits&sub2={zoneid}

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
nickelobeon.nl/ 		470 B
828 B 		Document
General
Check archive.org
Download Go to
Full URL
http://nickelobeon.nl/
Protocol
HTTP/1.1
Server
95.211.189.151 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Host
nickelobeon.nl
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

cache-control
max-age=0, private, must-revalidate
connection
close
content-length
470
content-type
text/html; charset=utf-8
date
Tue, 19 Oct 2021 20:33:56 GMT
server
nginx
set-cookie
sid=e20040f2-311b-11ec-90bf-8c227b850de8; path=/; domain=.nickelobeon.nl; expires=Sun, 06 Nov 2089 23:48:03 GMT; max-age=2147483647; HttpOnly
next.php
www.greatdexchange.com/jump/
Redirect Chain
  • http://nickelobeon.nl/?js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTYzNDY4MjgzNiwiaWF0IjoxNjM0Njc1NjM2LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIycW5vaGw1YTdrMHE2bTJtczQwN2c5az...
  • https://mybetterdl.com/aS/feedclick?s=Un8YNmzNixpndAYfZXLGLStZ7ZClr2grXXYOCY6Emo1zYBFxsT_-rr1MrDN7NPIWnIFjje5HrPodK7X5QIc3n0hfs9IVa7UGgGUtnOtrdEShwgPSYDeeRhYRq2NAfQ6SiUnMKG1xv31r6HPqc5_T5XfmENYXbWz...
  • https://p185689.mybetterdl.com/adServe/domainClick?ai=tMxzWfm12LoqfQ4cSEAyB3ITEokkkcff-RBTNy8WkAHxHf4t_mLY3PFt7iGxnQvy7Zraz8HqFZUTXnLPvbyStX_9b8ky2I1bKC7gQCEt6FVlqf_64l0Z6tuoTIETfKJBIthnGFUJ1tc-JVY...
  • https://www.greatdexchange.com/jump/next.php?r=2714719&sub1=revenuehits&sub2={zoneid}
7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.greatdexchange.com/jump/next.php?r=2714719&sub1=revenuehits&sub2={zoneid}
Requested by
Host: nickelobeon.nl
URL: http://nickelobeon.nl/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.103.0 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS
0.103.201.35.bc.googleusercontent.com
Software
openresty /
Resource Hash
298b3ba8ea1cc2ce07fcacdd4e4fdec02c95b57322a3157b01ef5e9c5c34a9ea

Request headers

:method
GET
:authority
www.greatdexchange.com
:scheme
https
:path
/jump/next.php?r=2714719&sub1=revenuehits&sub2={zoneid}
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
http://nickelobeon.nl/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
http://nickelobeon.nl/

Response headers

server
openresty
date
Tue, 19 Oct 2021 20:33:57 GMT
content-type
text/html; charset=utf-8
access-control-allow-origin
*
content-encoding
gzip
via
1.1 google
alt-svc
clear

Redirect headers

server
nginx
date
Tue, 19 Oct 2021 20:33:57 GMT
content-length
0
set-cookie
rhid=79911974119; Max-Age=15552000; Expires=Sun, 17-Apr-2022 20:33:57 GMT; Domain=mybetterdl.com; Path=/; SameSite=None; secure; loi=ad_1117289_off_562661_aff_87624_cid_185689-NICKELOBEON.NL_ts_1634675637; Max-Age=3600; Expires=Tue, 19-Oct-2021 21:33:57 GMT; Domain=mybetterdl.com; Path=/; SameSite=None; secure;
location
https://www.greatdexchange.com/jump/next.php?r=2714719&sub1=revenuehits&sub2={zoneid}
Primary Request /
lp1s.web-security-addon.xyz/
Redirect Chain
  • https://www.greatdexchange.com/jump/next.php?stamat=m%257CJqIjfTI2aQdH8AH0dEdHP3xP.402%252C7H0PozvLiGV-YkDx825CHp86Ht71W_kQ03EiF4a-UpG-beK1I-ZqWoM6zZ5lNwa9fzBxUKm-HIs_114db_LxVSmAiFdpfetsNvRDsYyTjZ...
  • https://www.greatdexchange.com/script/i.php?stamat=m%257C%252C%252Cwjfnt2P-oGU3BU9GH0dEdHP3xP.cfe%252CFbOJq3tscpO7d9zh_8BQ6EgPx_vGFQrTp3RjIpfwf6IDTmsSkOmHggVIZhcrqyHtQc-QdvFUIJX_jOHgWQyYc_C7O4AXG2m...
  • https://tracking.prmtracking3.com/click?pid=6&offer_id=2433551&sub1=16346756383118995387104755229113315&sub2=2714719-197812650-1736179157
  • https://track.sparta-tracking.xyz/d3a55da1-a8d7-4776-a91e-75c51408bbc5?trafficsource.id=6_2714719-197812650-1736179157&externalid=616f2bb6d5f1d600018ba600
  • https://lp1s.web-security-addon.xyz/?&utm_campaign=00543_test-best&cep=25rizRKabrrrOT9usQnP9LOhx7ztkrigSOGjzvZI4Dxm-Ku9pm0U-lAqWVDaQavV7tyOeQkNKzurZMa_XQ1foEkm93tZTecKFyI8UqOJ0k8Nr5HRsPVDkL5gSvO411...
88 KB
26 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://lp1s.web-security-addon.xyz/?&utm_campaign=00543_test-best&cep=25rizRKabrrrOT9usQnP9LOhx7ztkrigSOGjzvZI4Dxm-Ku9pm0U-lAqWVDaQavV7tyOeQkNKzurZMa_XQ1foEkm93tZTecKFyI8UqOJ0k8Nr5HRsPVDkL5gSvO4116ynudKMCn9IN5GiXdnta8s3dNgdkY5ZO5gApSXc4H_3e8FSD1NlQ9bT-9ADz8uVMfkTqHnv4ieEillp7AAX_xzbRqLD_-joU6KnDeHUe8HbURqiFRioh98s1TR9LIVzuZ6spmitn0i8xvAvDDOpwi1bB0Zless8JYrBAPAuoe2OCb_FZ5dAvEIO7cNZf0HwllpDNXwqmyK7wGs7C1w-a3dfM0lw6yCW-ouQUMLS2Cpvzyf6lQ50_iGBMcowmM0PWJC-ATxP0j2aVmesCgJVIWn-F_ctpqsfLbR856RekM5ZsVJ9MqSWDzPWRE2uziqCpio&lptoken=164234746738741e3800&trafficsource.id=6_2714719-197812650-1736179157&externalid=616f2bb6d5f1d600018ba600
Requested by
Host: www.greatdexchange.com
URL: https://www.greatdexchange.com/jump/next.php?r=2714719&sub1=revenuehits&sub2={zoneid}
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6815:4895 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
43c6014044537c5a355c801b7e5fbb2d884f47022663353ffb7da5e120fea137
Security Headers
Name Value
X-Frame-Options ALLOWALL

Request headers

:method
GET
:authority
lp1s.web-security-addon.xyz
:scheme
https
:path
/?&utm_campaign=00543_test-best&cep=25rizRKabrrrOT9usQnP9LOhx7ztkrigSOGjzvZI4Dxm-Ku9pm0U-lAqWVDaQavV7tyOeQkNKzurZMa_XQ1foEkm93tZTecKFyI8UqOJ0k8Nr5HRsPVDkL5gSvO4116ynudKMCn9IN5GiXdnta8s3dNgdkY5ZO5gApSXc4H_3e8FSD1NlQ9bT-9ADz8uVMfkTqHnv4ieEillp7AAX_xzbRqLD_-joU6KnDeHUe8HbURqiFRioh98s1TR9LIVzuZ6spmitn0i8xvAvDDOpwi1bB0Zless8JYrBAPAuoe2OCb_FZ5dAvEIO7cNZf0HwllpDNXwqmyK7wGs7C1w-a3dfM0lw6yCW-ouQUMLS2Cpvzyf6lQ50_iGBMcowmM0PWJC-ATxP0j2aVmesCgJVIWn-F_ctpqsfLbR856RekM5ZsVJ9MqSWDzPWRE2uziqCpio&lptoken=164234746738741e3800&trafficsource.id=6_2714719-197812650-1736179157&externalid=616f2bb6d5f1d600018ba600
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://www.greatdexchange.com/jump/next.php?r=2714719&sub1=revenuehits&sub2={zoneid}

Response headers

date
Tue, 19 Oct 2021 20:33:58 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
x-frame-options
ALLOWALL
access-control-allow-origin
*
access-control-allow-methods
GET, POST, PATCH, PUT, DELETE, OPTIONS
access-control-allow-headers
Origin, Content-Type, X-Auth-Token, Authorization
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XuuVhaZ89kHyu2RWeynaEQKrTQjoPGnt%2FTFcmctaM3dHMf%2BnMCNY%2B2xmc4gcJyUfXL7Nb6Z8ap6wrDfOebL%2BReAWBgqIhQzZARfkfBOQ1dWST4Tw8Ho4hMkJQpZnJb85n%2B0h6MCTJIL87hYiiA%2BO3%2FHhxmCFcMMa5nc%3D"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
6a0cc8d45d523753-MXP
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

Redirect headers

date
Tue, 19 Oct 2021 20:33:58 GMT
content-length
0
cache-control
no-store, no-cache, pre-check=0, post-check=0
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://lp1s.web-security-addon.xyz/?&utm_campaign=00543_test-best&cep=25rizRKabrrrOT9usQnP9LOhx7ztkrigSOGjzvZI4Dxm-Ku9pm0U-lAqWVDaQavV7tyOeQkNKzurZMa_XQ1foEkm93tZTecKFyI8UqOJ0k8Nr5HRsPVDkL5gSvO4116ynudKMCn9IN5GiXdnta8s3dNgdkY5ZO5gApSXc4H_3e8FSD1NlQ9bT-9ADz8uVMfkTqHnv4ieEillp7AAX_xzbRqLD_-joU6KnDeHUe8HbURqiFRioh98s1TR9LIVzuZ6spmitn0i8xvAvDDOpwi1bB0Zless8JYrBAPAuoe2OCb_FZ5dAvEIO7cNZf0HwllpDNXwqmyK7wGs7C1w-a3dfM0lw6yCW-ouQUMLS2Cpvzyf6lQ50_iGBMcowmM0PWJC-ATxP0j2aVmesCgJVIWn-F_ctpqsfLbR856RekM5ZsVJ9MqSWDzPWRE2uziqCpio&lptoken=164234746738741e3800&trafficsource.id=6_2714719-197812650-1736179157&externalid=616f2bb6d5f1d600018ba600
pragma
no-cache
set-cookie
d3a55da1-a8d7-4776-a91e-75c51408bbc5-v4=UZesWNcUJXy4OUCC6qgcQiPH5uNAd00O8njZBiMv96s; Max-Age=86400; Expires=Wed, 20-Oct-2021 20:33:58 GMT; Domain=track.sparta-tracking.xyz; Path=/; HttpOnly cep-v4=e7nB3BDLCIMtgYT99PoazMp2Wjn2qM4caDLhrw7Hz3oBPuMB4iKoq36mSjHujTFy9LXR4blVgMXGa_vEUVU6NiTEiQd5f3_nVE-AnjqmoFDj_G7pQa52z41UtVG1K2SoKuhlJ4aVoDDqiFulPHFzoU1i-snrs4s2y6ykdxQSk_c19e8t-duVn7uNxcMQ1-Uh82IV7sUJzX_tMGck3IJ_-rB4lAwC1IIrdIrFSK7SiwIh94fKJel0FtcQ1q2T1ya3fxUgMuyOd1P3goUjRB1l_hNVx72EoFDC2dTtbghj4nb-7hg93vVXC2aZWl8HlxY8bo1zG3X-V3a8NQv_TNTl-AlbMoTriYa6IM7OnV5t_VlZ0BzIwg9Vfox5vhi1ArPzb7aJychhKHUPLFv0PZnhpWkMYWsMmSHqJExUF4RvLPGHrzfOgfpd56cj1CMC86TK; Max-Age=86400; Expires=Wed, 20-Oct-2021 20:33:58 GMT; Domain=track.sparta-tracking.xyz; Path=/; HttpOnly
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fjJuZIeS30QJFmYHK93zaiWFZD8MCe94tMXRS1F6fNUyyqjOv8p8%2FnzVRbRdnUC%2FvXrODXifwP1LG%2BLpICC0b2PrQr7DFpkuY0SnHR7qoWakheEp9MgXv%2FlXkGt%2Fl4JcyaaahQXXvBMN46H9faDyFxM%2FY4iWQ4Mx"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
6a0cc8d3c9e95c56-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
css2
fonts.googleapis.com/ 		8 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700&display=swap
Requested by
Host: lp1s.web-security-addon.xyz
URL: https://lp1s.web-security-addon.xyz/?&utm_campaign=00543_test-best&cep=25rizRKabrrrOT9usQnP9LOhx7ztkrigSOGjzvZI4Dxm-Ku9pm0U-lAqWVDaQavV7tyOeQkNKzurZMa_XQ1foEkm93tZTecKFyI8UqOJ0k8Nr5HRsPVDkL5gSvO4116ynudKMCn9IN5GiXdnta8s3dNgdkY5ZO5gApSXc4H_3e8FSD1NlQ9bT-9ADz8uVMfkTqHnv4ieEillp7AAX_xzbRqLD_-joU6KnDeHUe8HbURqiFRioh98s1TR9LIVzuZ6spmitn0i8xvAvDDOpwi1bB0Zless8JYrBAPAuoe2OCb_FZ5dAvEIO7cNZf0HwllpDNXwqmyK7wGs7C1w-a3dfM0lw6yCW-ouQUMLS2Cpvzyf6lQ50_iGBMcowmM0PWJC-ATxP0j2aVmesCgJVIWn-F_ctpqsfLbR856RekM5ZsVJ9MqSWDzPWRE2uziqCpio&lptoken=164234746738741e3800&trafficsource.id=6_2714719-197812650-1736179157&externalid=616f2bb6d5f1d600018ba600
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
3fa49132cfd4ae80349a262b643fc4f9afa40c41a56032d7e05c3500f4ec9313
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://lp1s.web-security-addon.xyz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Tue, 19 Oct 2021 20:30:48 GMT
server
ESF
date
Tue, 19 Oct 2021 20:33:58 GMT
x-frame-options
SAMEORIGIN
report-to
{"group":"AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"}]}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only
same-origin; report-to="AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"
expires
Tue, 19 Oct 2021 20:33:58 GMT
truncated
/ 		14 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f1619855c0cd12e2f4c3e7a7b812465d6443d4e5c3291e274d53d334164b02c1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/png
email-decode.min.js
lp1s.web-security-addon.xyz/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lp1s.web-security-addon.xyz/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: lp1s.web-security-addon.xyz
URL: https://lp1s.web-security-addon.xyz/?&utm_campaign=00543_test-best&cep=25rizRKabrrrOT9usQnP9LOhx7ztkrigSOGjzvZI4Dxm-Ku9pm0U-lAqWVDaQavV7tyOeQkNKzurZMa_XQ1foEkm93tZTecKFyI8UqOJ0k8Nr5HRsPVDkL5gSvO4116ynudKMCn9IN5GiXdnta8s3dNgdkY5ZO5gApSXc4H_3e8FSD1NlQ9bT-9ADz8uVMfkTqHnv4ieEillp7AAX_xzbRqLD_-joU6KnDeHUe8HbURqiFRioh98s1TR9LIVzuZ6spmitn0i8xvAvDDOpwi1bB0Zless8JYrBAPAuoe2OCb_FZ5dAvEIO7cNZf0HwllpDNXwqmyK7wGs7C1w-a3dfM0lw6yCW-ouQUMLS2Cpvzyf6lQ50_iGBMcowmM0PWJC-ATxP0j2aVmesCgJVIWn-F_ctpqsfLbR856RekM5ZsVJ9MqSWDzPWRE2uziqCpio&lptoken=164234746738741e3800&trafficsource.id=6_2714719-197812650-1736179157&externalid=616f2bb6d5f1d600018ba600
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6815:4895 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

:path
/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
pragma
no-cache
accept-encoding
gzip, deflate, br
accept-language
de-DE,de;q=0.9
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
lp1s.web-security-addon.xyz
referer
https://lp1s.web-security-addon.xyz/?&utm_campaign=00543_test-best&cep=25rizRKabrrrOT9usQnP9LOhx7ztkrigSOGjzvZI4Dxm-Ku9pm0U-lAqWVDaQavV7tyOeQkNKzurZMa_XQ1foEkm93tZTecKFyI8UqOJ0k8Nr5HRsPVDkL5gSvO4116ynudKMCn9IN5GiXdnta8s3dNgdkY5ZO5gApSXc4H_3e8FSD1NlQ9bT-9ADz8uVMfkTqHnv4ieEillp7AAX_xzbRqLD_-joU6KnDeHUe8HbURqiFRioh98s1TR9LIVzuZ6spmitn0i8xvAvDDOpwi1bB0Zless8JYrBAPAuoe2OCb_FZ5dAvEIO7cNZf0HwllpDNXwqmyK7wGs7C1w-a3dfM0lw6yCW-ouQUMLS2Cpvzyf6lQ50_iGBMcowmM0PWJC-ATxP0j2aVmesCgJVIWn-F_ctpqsfLbR856RekM5ZsVJ9MqSWDzPWRE2uziqCpio&lptoken=164234746738741e3800&trafficsource.id=6_2714719-197812650-1736179157&externalid=616f2bb6d5f1d600018ba600
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept-Language
de-DE,de;q=0.9
Referer
https://lp1s.web-security-addon.xyz/?&utm_campaign=00543_test-best&cep=25rizRKabrrrOT9usQnP9LOhx7ztkrigSOGjzvZI4Dxm-Ku9pm0U-lAqWVDaQavV7tyOeQkNKzurZMa_XQ1foEkm93tZTecKFyI8UqOJ0k8Nr5HRsPVDkL5gSvO4116ynudKMCn9IN5GiXdnta8s3dNgdkY5ZO5gApSXc4H_3e8FSD1NlQ9bT-9ADz8uVMfkTqHnv4ieEillp7AAX_xzbRqLD_-joU6KnDeHUe8HbURqiFRioh98s1TR9LIVzuZ6spmitn0i8xvAvDDOpwi1bB0Zless8JYrBAPAuoe2OCb_FZ5dAvEIO7cNZf0HwllpDNXwqmyK7wGs7C1w-a3dfM0lw6yCW-ouQUMLS2Cpvzyf6lQ50_iGBMcowmM0PWJC-ATxP0j2aVmesCgJVIWn-F_ctpqsfLbR856RekM5ZsVJ9MqSWDzPWRE2uziqCpio&lptoken=164234746738741e3800&trafficsource.id=6_2714719-197812650-1736179157&externalid=616f2bb6d5f1d600018ba600
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Tue, 19 Oct 2021 20:33:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 13 Oct 2021 10:17:24 GMT
server
cloudflare
etag
W/"6166b234-4d7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
DENY
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZgRNjXfwpv1y6o7XUJlpbcQQhwaOsHZMv6GXDiMRRvSxfJmnrgAxzG14pPYhUxNl%2FYrUnj1NoOAoZOECl9rACHS%2FOVccL%2F3%2BOWApy8shTQ0nuqKh05RzJJSYiqF%2FwS1oOzBQcfmIyI1trRbs8Ig7yNViBeVSSakomgU%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=172800 public
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6a0cc8d5a8c53753-MXP
vary
Accept-Encoding
expires
Thu, 21 Oct 2021 20:33:58 GMT
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2b74fcd6c38eb603d9c86cd1c8cb97ba423d200d7e3e555cbc5a704ac456e00f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type
image/png
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://lp1s.web-security-addon.xyz
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 13 Oct 2021 16:31:57 GMT
x-content-type-options
nosniff
age
532922
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15920
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:21 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 13 Oct 2022 16:31:57 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://lp1s.web-security-addon.xyz
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date
Wed, 13 Oct 2021 16:31:41 GMT
x-content-type-options
nosniff
age
532938
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15688
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:19 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 13 Oct 2022 16:31:41 GMT

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect boolean| originAgentCluster

7 Cookies

Domain/Path Name / Value
.nickelobeon.nl/ Name: sid
Value: e20040f2-311b-11ec-90bf-8c227b850de8
.mybetterdl.com/ Name: rhid
Value: 79911974119
.mybetterdl.com/ Name: loi
Value: ad_1117289_off_562661_aff_87624_cid_185689-NICKELOBEON.NL_ts_1634675637
tracking.prmtracking3.com/ Name: afclick
Value: 616f2bb6d5f1d600018ba600
tracking.prmtracking3.com/ Name: afoffers
Value: {"2433551":1634675638}
.track.sparta-tracking.xyz/ Name: d3a55da1-a8d7-4776-a91e-75c51408bbc5-v4
Value: UZesWNcUJXy4OUCC6qgcQiPH5uNAd00O8njZBiMv96s
.track.sparta-tracking.xyz/ Name: cep-v4
Value: e7nB3BDLCIMtgYT99PoazMp2Wjn2qM4caDLhrw7Hz3oBPuMB4iKoq36mSjHujTFy9LXR4blVgMXGa_vEUVU6NiTEiQd5f3_nVE-AnjqmoFDj_G7pQa52z41UtVG1K2SoKuhlJ4aVoDDqiFulPHFzoU1i-snrs4s2y6ykdxQSk_c19e8t-duVn7uNxcMQ1-Uh82IV7sUJzX_tMGck3IJ_-rB4lAwC1IIrdIrFSK7SiwIh94fKJel0FtcQ1q2T1ya3fxUgMuyOd1P3goUjRB1l_hNVx72EoFDC2dTtbghj4nb-7hg93vVXC2aZWl8HlxY8bo1zG3X-V3a8NQv_TNTl-AlbMoTriYa6IM7OnV5t_VlZ0BzIwg9Vfox5vhi1ArPzb7aJychhKHUPLFv0PZnhpWkMYWsMmSHqJExUF4RvLPGHrzfOgfpd56cj1CMC86TK