a8672336.mnoova.com Open in urlscan Pro
2606:4700:3031::681b:a0b4 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://pubgucforfree.website/
Effective URL:
https://a8672336.mnoova.com/rc/487946c6b3?affclick=bmconv_20210112031724_1f8e737a_0b75_4bbd_b7a9_f087b0e3d1e8&pubid=136436_l...
Submission: On January 12 via api (January 12th 2021, 2:17:37 am UTC) from IE

Summary HTTP 50 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 20 IPs in 5 countries across 20 domains to perform 50 HTTP transactions. The main IP is 2606:4700:3031::681b:a0b4, located in United States and belongs to CLOUDFLARENET, US. The main domain is a8672336.mnoova.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 16th 2020. Valid for: a year.

This is the only time a8672336.mnoova.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	216.239.38.21 216.239.38.21	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:819::2013	15169 (GOOGLE) (GOOGLE)
1	2a04:4e42:400... 2a04:4e42:400::729	54113 (FASTLY) (FASTLY)
3	2a00:1450:400... 2a00:1450:4001:803::200a	15169 (GOOGLE) (GOOGLE)
11	2600:9000:219... 2600:9000:2190:1000:1c:b3e3:eb40:21	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:816::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:802::200a	15169 (GOOGLE) (GOOGLE)
1	2600:9000:206... 2600:9000:206f:2c00:3:b5aa:ad80:21	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:303... 2606:4700:3031::681f:4424	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:806::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:819::2003	15169 (GOOGLE) (GOOGLE)
4	2600:9000:219... 2600:9000:2190:bc00:1a:60a5:c0c0:21	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
1 1	2606:4700:303... 2606:4700:3032::681b:9a72	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:303... 2606:4700:3030::681f:4524	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	212.32.252.129 212.32.252.129	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
1 3	65.60.9.234 65.60.9.234	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
1 1	104.27.131.164 104.27.131.164	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	198.134.116.30 198.134.116.30	27257 (WEBAIR-IN...) (WEBAIR-INTERNET)
2 3	51.83.143.92 51.83.143.92	16276 (OVH) (OVH)
1 2	2606:4700:303... 2606:4700:3035::6818:7f98	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	2606:4700:303... 2606:4700:3032::ac43:81a9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 3	172.64.140.31 172.64.140.31	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2606:4700:303... 2606:4700:3031::681b:a0b4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 4	104.18.26.20 104.18.26.20	13335 (CLOUDFLAR...) (CLOUDFLARENET)
50	20

1 216.239.38.21 (Los Gatos, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: any-in-2615.1e100.net

pubgucforfree.website	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:819::2013 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.pubgucforfree.website	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:400::729 (Ascension Island)

ASN54113 (FASTLY, US)

browser.sentry-cdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:803::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2600:9000:2190:1000:1c:b3e3:eb40:21 (United States)

ASN16509 (AMAZON-02, US)

d13pxqgp3ixdbh.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:816::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:206f:2c00:3:b5aa:ad80:21 (United States)

ASN16509 (AMAZON-02, US)

d13nu0oomnx5ti.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3031::681f:4424 (United States)

ASN13335 (CLOUDFLARENET, US)

cldoffers.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:819::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:2190:bc00:1a:60a5:c0c0:21 (United States)

ASN16509 (AMAZON-02, US)

d1xkyo9j4r7vnn.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3032::681b:9a72 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

smrturl.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3030::681f:4524 (United States)

ASN13335 (CLOUDFLARENET, US)

cldoffers.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 212.32.252.129 (Netherlands) 2 redirects

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

m.banhmidigital.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cpadstrtmd.mobisway.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 65.60.9.234 (Chicago, United States) 1 redirects

ASN32475 (SINGLEHOP-LLC, US)
PTR: server04.com-2.mobi

jump.totopcontent.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.27.131.164 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

tracking.armorads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.134.116.30 (Garden City, United States) 1 redirects

ASN27257 (WEBAIR-INTERNET, US)

go.whiteanemone.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 51.83.143.92 (Poland) 2 redirects

ASN16276 (OVH, FR)
PTR: ns3155458.ip-51-83-143.eu

guay.labtrffc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ak.labtrffc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3035::6818:7f98 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

popmyads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3032::ac43:81a9 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

misctraff.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.64.140.31 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

trk85.nundori.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700:3031::681b:a0b4 (United States)

ASN13335 (CLOUDFLARENET, US)

a8672336.mnoova.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.18.26.20 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

hcaptcha.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.hcaptcha.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	cloudfront.net d13pxqgp3ixdbh.cloudfront.net d13nu0oomnx5ti.cloudfront.net d1xkyo9j4r7vnn.cloudfront.net	1 MB
8	mnoova.com a8672336.mnoova.com	37 KB
4	hcaptcha.com 1 redirects hcaptcha.com assets.hcaptcha.com	22 KB
4	googleapis.com fonts.googleapis.com ajax.googleapis.com	84 KB
3	nundori.xyz 1 redirects trk85.nundori.xyz	13 KB
3	labtrffc.com 2 redirects guay.labtrffc.com ak.labtrffc.com	1 KB
3	totopcontent.xyz 1 redirects jump.totopcontent.xyz	7 KB
3	gstatic.com fonts.gstatic.com	27 KB
3	google-analytics.com www.google-analytics.com	19 KB
3	pubgucforfree.website 1 redirects pubgucforfree.website www.pubgucforfree.website	23 KB
2	popmyads.com 1 redirects popmyads.com	2 KB
2	cldoffers.net cldoffers.net	3 KB
1	misctraff.com 1 redirects misctraff.com	614 B
1	whiteanemone.xyz 1 redirects go.whiteanemone.xyz	236 B
1	armorads.com 1 redirects tracking.armorads.com	1 KB
1	mobisway.com 1 redirects cpadstrtmd.mobisway.com	277 B
1	banhmidigital.com 1 redirects m.banhmidigital.com	208 B
1	smrturl.co 1 redirects smrturl.co	950 B
1	sentry-cdn.com browser.sentry-cdn.com	17 KB
0	amung.us Failed whos.amung.us Failed
50	20

	Domain	Requested by
11	d13pxqgp3ixdbh.cloudfront.net	www.pubgucforfree.website d13pxqgp3ixdbh.cloudfront.net
8	a8672336.mnoova.com	trk85.nundori.xyz a8672336.mnoova.com
4	d1xkyo9j4r7vnn.cloudfront.net	d13nu0oomnx5ti.cloudfront.net
3	assets.hcaptcha.com	a8672336.mnoova.com hcaptcha.com
3	trk85.nundori.xyz	1 redirects ak.labtrffc.com www.pubgucforfree.website
3	jump.totopcontent.xyz	1 redirects cldoffers.net jump.totopcontent.xyz
3	fonts.gstatic.com	fonts.googleapis.com
3	www.google-analytics.com	www.pubgucforfree.website browser.sentry-cdn.com
3	fonts.googleapis.com	www.pubgucforfree.website
2	ak.labtrffc.com	1 redirects
2	popmyads.com	1 redirects jump.totopcontent.xyz
2	cldoffers.net	www.pubgucforfree.website
2	www.pubgucforfree.website	www.pubgucforfree.website
1	hcaptcha.com	1 redirects
1	misctraff.com	1 redirects
1	guay.labtrffc.com	1 redirects
1	go.whiteanemone.xyz	1 redirects
1	tracking.armorads.com	1 redirects
1	cpadstrtmd.mobisway.com	1 redirects
1	m.banhmidigital.com	1 redirects
1	smrturl.co	1 redirects
1	d13nu0oomnx5ti.cloudfront.net	www.pubgucforfree.website
1	ajax.googleapis.com	www.pubgucforfree.website
1	browser.sentry-cdn.com	www.pubgucforfree.website
1	pubgucforfree.website	1 redirects
0	whos.amung.us Failed	popmyads.com
50	26

This site contains links to these domains. Also see Links.

Domain
lagungroen.com
chrome.google.com
www.cloudflare.com

Subject Issuer	Validity	Valid
www.pubgucforfree.website GTS CA 1D2	`2020-12-09` - `2021-03-09`	3 months	crt.sh
v2.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2021-01-08` - `2021-04-22`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
*.cloudfront.net DigiCert Global CA G2	`2020-05-26` - `2021-04-21`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-09` - `2021-08-09`	a year	crt.sh
*.gstatic.com GTS CA 1O1	`2020-12-15` - `2021-03-09`	3 months	crt.sh
jump.totopcontent.xyz R3	`2020-12-05` - `2021-03-05`	3 months	crt.sh
lone-star.landingtrack.com R3	`2020-12-25` - `2021-03-25`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://a8672336.mnoova.com/rc/487946c6b3?affclick=bmconv_20210112031724_1f8e737a_0b75_4bbd_b7a9_f087b0e3d1e8&pubid=136436_lonestar-unknown
Frame ID: 82EEEE14D0F6C8446D291CA33FBBD35F
Requests: 48 HTTP requests in this frame

Frame: https://assets.hcaptcha.com/captcha/v1/d1dd7d8/static/hcaptcha-challenge.html
Frame ID: 1AB1DAF9239C90E9AE7B89F3B686654A
Requests: 1 HTTP requests in this frame

Frame: https://assets.hcaptcha.com/captcha/v1/d1dd7d8/static/hcaptcha-checkbox.html
Frame ID: BB5F8A7712079BF078E902DC2BF667A3
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://pubgucforfree.website/ HTTP 301
https://www.pubgucforfree.website/ Page URL
https://smrturl.co/6901901 HTTP 302
http://cldoffers.net/public/click_direct.php?offer_id=53176900&offer_position=1&visitor_id=694795... Page URL
https://m.banhmidigital.com/click?pid=1309&offer_id=59119&sub1=834866550&sub5=90162 HTTP 302
https://cpadstrtmd.mobisway.com/click?pid=1373&offer_id=55094&sub5=1309&sub3=59119&sub4=%2AIn-House%2A+%5BPI... HTTP 302
https://jump.totopcontent.xyz/?utm_medium=04a36d53033249cb443c0269cf7ee2c9c2143472&utm_campaign=main&1=130... Page URL
https://jump.totopcontent.xyz/?utm_term=6916691968596639832&clickverify=1&utm_content=e6c2c6dcd68fd49594fc... Page URL
https://jump.totopcontent.xyz/proc.php?55731de6e09826a8634f725334aa5d2a4920efaf HTTP 302
http://tracking.armorads.com/sl?id=5faa890a127bd6bcbd27203b&pid=4&sub1=M6916691968596639832&sub2=15494&su... HTTP 302
https://go.whiteanemone.xyz/redirect?feed=276309&auth=ebuQy0&url=http%3A%2F%2Fcryptocore.xyz&pub_clickid... HTTP 302
https://guay.labtrffc.com/l.php?p=c:l312xvi_932jkpeqt&d=5fe36418910f697781101d52&s=276309&d2=cryptocor... HTTP 302
https://popmyads.com/serve/52264/49052/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgyLmNvbQ== Page URL
https://popmyads.com/go HTTP 302
https://ak.labtrffc.com/u.php?p=c:xecd97ulltzndt7xv&d=5f9a76a347eb6438d428a930 Page URL
https://ak.labtrffc.com/u.php?p=c:xecd97ulltzndt7xv&d=5f9a76a347eb6438d428a930&bv=1 HTTP 302
https://misctraff.com/l/26999945f86ad855cd3c?sub=5ffd06b4fae1d81a0f0612a4&source=lonestar-unknown&... HTTP 302
https://trk85.nundori.xyz/l/26999945f86ad855cd3c.js?sub=5ffd06b4fae1d81a0f0612a4&source=lonestar-unkno... Page URL
https://trk85.nundori.xyz/l/26999945f86ad855cd3c.js?sub=5ffd06b4fae1d81a0f0612a4&source=lonestar-unkno... HTTP 302
https://trk85.nundori.xyz/gw.js?sub=5ffd06b4fae1d81a0f0612a4&sub2=lambda2&source=lonestar-unknown&url=... Page URL
https://a8672336.mnoova.com/rc/487946c6b3?affclick=bmconv_20210112031724_1f8e737a_0b75_4bbd_b7a9_f087b0e... Page URL

Detected technologies

Java (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers server /GSE/i

OpenGSE (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /GSE/i

Page Statistics

50
Requests

94 %
HTTPS

68 %
IPv6

20
Domains

26
Subdomains

20
IPs

5
Countries

1456 kB
Transfer

1928 kB
Size

3
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://lagungroen.com/telephonequinquenni.php?showtopic=7

Search URL Search Domain Scan URL

URL: https://chrome.google.com/webstore/detail/privacy-pass/ajhmfdgkijocedmfjonnpjfojldioehi
Title: Chrome Web Store

Search URL Search Domain Scan URL

URL: https://www.cloudflare.com/5xx-error-landing
Title: Cloudflare

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://pubgucforfree.website/ HTTP 301
https://www.pubgucforfree.website/ Page URL
https://smrturl.co/6901901 HTTP 302
http://cldoffers.net/public/click_direct.php?offer_id=53176900&offer_position=1&visitor_id=694795914&m=0&user_id=90162&it=1139071&key=af50d&s2=smart-6901901&hash=b966b533c93aa525976ca33fb7cbbd00 Page URL
https://m.banhmidigital.com/click?pid=1309&offer_id=59119&sub1=834866550&sub5=90162 HTTP 302
https://cpadstrtmd.mobisway.com/click?pid=1373&offer_id=55094&sub5=1309&sub3=59119&sub4=%2AIn-House%2A+%5BPIN%5D+DE+Content+Download+Purple HTTP 302
https://jump.totopcontent.xyz/?utm_medium=04a36d53033249cb443c0269cf7ee2c9c2143472&utm_campaign=main&1=1309&cid=5ffd06b2b30101000157086a Page URL
https://jump.totopcontent.xyz/?utm_term=6916691968596639832&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb5b081b68784b49a9b98f5fff1f8eef1f2e0f4bbe7e6fc878a9a90eedeecaa8d8c878d83c7ad8b99d5f8cbcaffcec9f2f3f085848291f5cafac8f8f8fffccdf3f1f0f1c6c7c45e Page URL
https://jump.totopcontent.xyz/proc.php?55731de6e09826a8634f725334aa5d2a4920efaf HTTP 302
http://tracking.armorads.com/sl?id=5faa890a127bd6bcbd27203b&pid=4&sub1=M6916691968596639832&sub2=15494&sub3=15494-651cd233 HTTP 302
https://go.whiteanemone.xyz/redirect?feed=276309&auth=ebuQy0&url=http%3A%2F%2Fcryptocore.xyz&pub_clickid=5ffd06b3e12d04000102fa20&sub1=4-15494&query=http%3A%2F%2Fcryptocore.xyz HTTP 302
https://guay.labtrffc.com/l.php?p=c:l312xvi_932jkpeqt&d=5fe36418910f697781101d52&s=276309&d2=cryptocore.xyz HTTP 302
https://popmyads.com/serve/52264/49052/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgyLmNvbQ== Page URL
https://popmyads.com/go HTTP 302
https://ak.labtrffc.com/u.php?p=c:xecd97ulltzndt7xv&d=5f9a76a347eb6438d428a930 Page URL
https://ak.labtrffc.com/u.php?p=c:xecd97ulltzndt7xv&d=5f9a76a347eb6438d428a930&bv=1 HTTP 302
https://misctraff.com/l/26999945f86ad855cd3c?sub=5ffd06b4fae1d81a0f0612a4&source=lonestar-unknown&sub2=lambda2 HTTP 302
https://trk85.nundori.xyz/l/26999945f86ad855cd3c.js?sub=5ffd06b4fae1d81a0f0612a4&source=lonestar-unknown&sub2=lambda2 Page URL
https://trk85.nundori.xyz/l/26999945f86ad855cd3c.js?sub=5ffd06b4fae1d81a0f0612a4&source=lonestar-unknown&sub2=lambda2&code=34Y3VvBDU7Nzc8OkFDQEFEQkkRhYV3Fn.GGI9-jR1PVB.JhYMkVVYml5SdK3eVm6OnUKlqaV83NgN4aG4ICHKBDD1DPj8QenoURUdGRxh6kRxNU05PIIKKJFVXVlconaQsWWNeL5Kmm5cBAWVuaQY3B2t0bQw8DX2BfoUTE4qDehhfiImCiII.aI6EUCOMmIyKKZ2coJEtlKGdMpiUbHRnA3lmB1R3g3N3eG49RD5BMjthdnmAho2JjoRYPmiOlYePRHKHikh4fUuETV9fj2JmkjUqIkR0dXJsX25sVnWBPURDSEBGSjU.YmBtZ2dIPYqIi4ZCaomIkZZRSW2TnpyblF9pZWEwLzY0NDg0PTkpXWxyboB4P0ZFSkJITBd5jxtTHIGLIFghg1dXJlZXWVlaWyyOYmMxYWIzc2cDMzQ1Ngdubws7PT0Ocnh1E0MUe4KNGX97h4.CHoKIjiNUVVYmk5aQK1xcXV4vo6WkmgEyMzQ1Njc3CHh9bnyCDw.Ag3aGiXcXSUhJTUtNTVUfhZeOkSVYWSeajpAslKGin6NrYWJhbDBvZWd6eW5vbTlvfHs.hT.Ce4RUhlR7U5KAf4FXVpWNjpeek4qbX6GgUZBqY5VpkmlpYTQ2OmlnPDs7QW4-PkVvSENBEoV2eHkYSUlMUE1OU1IghJCXlCYmnpaWKyujlJqlMWEylmRoAzQ1Njc4OTo7Ozw9P0BBQkJERUZHSElKS0xNTk9QUVJTU1VWV1hZWltcXV5fX2FiY2QxMjM0NTY3ODk6Ozw9PT8Pc3qHFEVGR0hJSktMTU5PUFFRU1RUVlZYWVpbXCyko6MxqGBjO3gwXDpbXEJ-N3w-ent8fUuIQH9Ig4SFhlSRSZBTk1qXT2dukV18J5OVmJItkpxchYQypXR1AzMEcWd2CQlyd38OPg9.hRNERUVHSElJS0sclIIgUVJThVYliZmgKiqej5EvYWQxpaNkAjQ3BGl2eQk6CnlvcQ9IPkUSgIiFF0hN&_tdf=15 HTTP 302
https://trk85.nundori.xyz/gw.js?sub=5ffd06b4fae1d81a0f0612a4&sub2=lambda2&source=lonestar-unknown&url=https%3A%2F%2Fa8672336.mnoova.com%2Frc%2F487946c6b3%3Faffclick%3Dbmconv_20210112031724_1f8e737a_0b75_4bbd_b7a9_f087b0e3d1e8%26pubid%3D136436_lonestar-unknown&vId=bmconv_20210112031724_1f8e737a_0b75_4bbd_b7a9_f087b0e3d1e8&hash=26999945f86ad855cd3c&ete=true Page URL
https://a8672336.mnoova.com/rc/487946c6b3?affclick=bmconv_20210112031724_1f8e737a_0b75_4bbd_b7a9_f087b0e3d1e8&pubid=136436_lonestar-unknown Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://pubgucforfree.website/ HTTP 301
https://www.pubgucforfree.website/

Request Chain 29

https://smrturl.co/6901901 HTTP 302
http://cldoffers.net/public/click_direct.php?offer_id=53176900&offer_position=1&visitor_id=694795914&m=0&user_id=90162&it=1139071&key=af50d&s2=smart-6901901&hash=b966b533c93aa525976ca33fb7cbbd00

Request Chain 32

https://m.banhmidigital.com/click?pid=1309&offer_id=59119&sub1=834866550&sub5=90162 HTTP 302
https://cpadstrtmd.mobisway.com/click?pid=1373&offer_id=55094&sub5=1309&sub3=59119&sub4=%2AIn-House%2A+%5BPIN%5D+DE+Content+Download+Purple HTTP 302
https://jump.totopcontent.xyz/?utm_medium=04a36d53033249cb443c0269cf7ee2c9c2143472&utm_campaign=main&1=1309&cid=5ffd06b2b30101000157086a

Request Chain 34

https://jump.totopcontent.xyz/proc.php?55731de6e09826a8634f725334aa5d2a4920efaf HTTP 302
http://tracking.armorads.com/sl?id=5faa890a127bd6bcbd27203b&pid=4&sub1=M6916691968596639832&sub2=15494&sub3=15494-651cd233 HTTP 302
https://go.whiteanemone.xyz/redirect?feed=276309&auth=ebuQy0&url=http%3A%2F%2Fcryptocore.xyz&pub_clickid=5ffd06b3e12d04000102fa20&sub1=4-15494&query=http%3A%2F%2Fcryptocore.xyz HTTP 302
https://guay.labtrffc.com/l.php?p=c:l312xvi_932jkpeqt&d=5fe36418910f697781101d52&s=276309&d2=cryptocore.xyz HTTP 302
https://popmyads.com/serve/52264/49052/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgyLmNvbQ==

Request Chain 36

https://popmyads.com/go HTTP 302
https://ak.labtrffc.com/u.php?p=c:xecd97ulltzndt7xv&d=5f9a76a347eb6438d428a930

Request Chain 37

https://ak.labtrffc.com/u.php?p=c:xecd97ulltzndt7xv&d=5f9a76a347eb6438d428a930&bv=1 HTTP 302
https://misctraff.com/l/26999945f86ad855cd3c?sub=5ffd06b4fae1d81a0f0612a4&source=lonestar-unknown&sub2=lambda2 HTTP 302
https://trk85.nundori.xyz/l/26999945f86ad855cd3c.js?sub=5ffd06b4fae1d81a0f0612a4&source=lonestar-unknown&sub2=lambda2

Request Chain 38

https://trk85.nundori.xyz/l/26999945f86ad855cd3c.js?sub=5ffd06b4fae1d81a0f0612a4&source=lonestar-unknown&sub2=lambda2&code=34Y3VvBDU7Nzc8OkFDQEFEQkkRhYV3Fn.GGI9-jR1PVB.JhYMkVVYml5SdK3eVm6OnUKlqaV83NgN4aG4ICHKBDD1DPj8QenoURUdGRxh6kRxNU05PIIKKJFVXVlconaQsWWNeL5Kmm5cBAWVuaQY3B2t0bQw8DX2BfoUTE4qDehhfiImCiII.aI6EUCOMmIyKKZ2coJEtlKGdMpiUbHRnA3lmB1R3g3N3eG49RD5BMjthdnmAho2JjoRYPmiOlYePRHKHikh4fUuETV9fj2JmkjUqIkR0dXJsX25sVnWBPURDSEBGSjU.YmBtZ2dIPYqIi4ZCaomIkZZRSW2TnpyblF9pZWEwLzY0NDg0PTkpXWxyboB4P0ZFSkJITBd5jxtTHIGLIFghg1dXJlZXWVlaWyyOYmMxYWIzc2cDMzQ1Ngdubws7PT0Ocnh1E0MUe4KNGX97h4.CHoKIjiNUVVYmk5aQK1xcXV4vo6WkmgEyMzQ1Njc3CHh9bnyCDw.Ag3aGiXcXSUhJTUtNTVUfhZeOkSVYWSeajpAslKGin6NrYWJhbDBvZWd6eW5vbTlvfHs.hT.Ce4RUhlR7U5KAf4FXVpWNjpeek4qbX6GgUZBqY5VpkmlpYTQ2OmlnPDs7QW4-PkVvSENBEoV2eHkYSUlMUE1OU1IghJCXlCYmnpaWKyujlJqlMWEylmRoAzQ1Njc4OTo7Ozw9P0BBQkJERUZHSElKS0xNTk9QUVJTU1VWV1hZWltcXV5fX2FiY2QxMjM0NTY3ODk6Ozw9PT8Pc3qHFEVGR0hJSktMTU5PUFFRU1RUVlZYWVpbXCyko6MxqGBjO3gwXDpbXEJ-N3w-ent8fUuIQH9Ig4SFhlSRSZBTk1qXT2dukV18J5OVmJItkpxchYQypXR1AzMEcWd2CQlyd38OPg9.hRNERUVHSElJS0sclIIgUVJThVYliZmgKiqej5EvYWQxpaNkAjQ3BGl2eQk6CnlvcQ9IPkUSgIiFF0hN&_tdf=15 HTTP 302
https://trk85.nundori.xyz/gw.js?sub=5ffd06b4fae1d81a0f0612a4&sub2=lambda2&source=lonestar-unknown&url=https%3A%2F%2Fa8672336.mnoova.com%2Frc%2F487946c6b3%3Faffclick%3Dbmconv_20210112031724_1f8e737a_0b75_4bbd_b7a9_f087b0e3d1e8%26pubid%3D136436_lonestar-unknown&vId=bmconv_20210112031724_1f8e737a_0b75_4bbd_b7a9_f087b0e3d1e8&hash=26999945f86ad855cd3c&ete=true

Request Chain 44

https://hcaptcha.com/1/api.js?render=explicit&recaptchacompat=off&onload=_cf_chl_hload HTTP 302
https://assets.hcaptcha.com/captcha/v1/d1dd7d8/hcaptcha.js

50 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

/ Show response
www.pubgucforfree.website/
Redirect Chain

https://pubgucforfree.website/
https://www.pubgucforfree.website/

56 KB
21 KB

288ms
231ms

Document
text/html

2a00:1450:4001:819::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.pubgucforfree.website/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

28d9444d57af8e721a4b8ccefa8c5153e21ab8ecc18d74020eb2640bd86d8c31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.pubgucforfree.website
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-type: text/html; charset=UTF-8
expires: Tue, 12 Jan 2021 02:17:19 GMT
date: Tue, 12 Jan 2021 02:17:19 GMT
cache-control: private, max-age=0
last-modified: Tue, 10 Nov 2020 20:18:59 GMT
etag: W/"165cafcc1a62d6d0dbcf8a3f74e82f390c48a7f2443893f15fb363b26bc48b3f"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 20934
server: GSE

Redirect headers

location: https://www.pubgucforfree.website/
date: Tue, 12 Jan 2021 02:17:19 GMT
content-type: text/html; charset=UTF-8
server: ghs
content-length: 231
x-xss-protection: 0
x-frame-options: SAMEORIGIN

GET
H2 200 bundle.min.js Show response
browser.sentry-cdn.com/5.20.1/ 57 KB
17 KB 15ms
12ms Script
application/javascript 2a04:4e42:400::729
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://browser.sentry-cdn.com/5.20.1/bundle.min.js

Requested by

Host: www.pubgucforfree.website
URL: https://www.pubgucforfree.website/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:400::729 , Ascension Island, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

10857f89891b5c5827b881c4765b4138ae1e639f27f3b0038acc8323cfd524f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Origin: https://www.pubgucforfree.website
Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 02:17:20 GMT
content-encoding: gzip
last-modified: Fri, 24 Jul 2020 17:20:56 GMT
server: Fastly
age: 14798641
etag: "acc4b6b75bee9ca9debfec575a79e02e"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
strict-transport-security: max-age=31536000; includeSubDomains
accept-ranges: bytes
content-length: 17755
expires: Sat, 24 Jul 2021 19:33:19 GMT

GET
H2 200 css
fonts.googleapis.com/ 2 KB
629 B 17ms
15ms Stylesheet
text/css 2a00:1450:4001:803::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300

Requested by

Host: www.pubgucforfree.website
URL: https://www.pubgucforfree.website/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a0a2d0ec76113bd8d1be2ae8c448e60b9524cf6e2ddcfeff13b8b4c9c20331e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 12 Jan 2021 01:57:28 GMT
server: ESF
date: Tue, 12 Jan 2021 02:17:20 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 12 Jan 2021 02:17:20 GMT

GET
H2 200 css
fonts.googleapis.com/ 2 KB
623 B 17ms
15ms Stylesheet
text/css 2a00:1450:4001:803::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:400

Requested by

Host: www.pubgucforfree.website
URL: https://www.pubgucforfree.website/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

cf7a2b3976c3af63dc2bca70cc5625a26341f19b1ccd484feddf076df895ed58

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 12 Jan 2021 02:06:52 GMT
server: ESF
date: Tue, 12 Jan 2021 02:17:20 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 12 Jan 2021 02:17:20 GMT

GET
H2 200 css
fonts.googleapis.com/ 2 KB
651 B 17ms
15ms Stylesheet
text/css 2a00:1450:4001:803::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:700

Requested by

Host: www.pubgucforfree.website
URL: https://www.pubgucforfree.website/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

13d8bedef21a6e0167d2e3c984641c75a6afcfab246094b868c364ad87784b3f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 12 Jan 2021 00:52:30 GMT
server: ESF
date: Tue, 12 Jan 2021 02:17:20 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 12 Jan 2021 02:17:20 GMT

GET
H2 200 font-awesome.min.css
d13pxqgp3ixdbh.cloudfront.net/assets/landing_pages/fa/css/ 28 KB
29 KB 16ms
14ms Stylesheet
text/css 2600:9000:2190:1000:1c:b3e3:eb40:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d13pxqgp3ixdbh.cloudfront.net/assets/landing_pages/fa/css/font-awesome.min.css
Requested by: Host: www.pubgucforfree.website
URL: https://www.pubgucforfree.website/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:1000:1c:b3e3:eb40:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 008a1d103902f15fdb1c191fcb1ce8954330e7b8de43d09abb08555ba609f420

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
last-modified: Mon, 30 Jan 2017 06:33:55 GMT
server: AmazonS3
age: 16317
etag: "4083f5d376eb849a458cc790b53ba080"
x-cache: Hit from cloudfront
content-type: text/css
date: Tue, 12 Jan 2021 00:28:45 GMT
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-length: 29063
x-amz-cf-id: 4ZsAB00Ynw-md3EghL_qs9DYBDfJS-XvmM7mEXTp1GYa9S32Fsxh7Q==

GET
H2 200 jquery-ui.min.css
d13pxqgp3ixdbh.cloudfront.net/assets/landing_pages/jqueryui/ 31 KB
31 KB 14ms
12ms Stylesheet
text/css 2600:9000:2190:1000:1c:b3e3:eb40:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d13pxqgp3ixdbh.cloudfront.net/assets/landing_pages/jqueryui/jquery-ui.min.css
Requested by: Host: www.pubgucforfree.website
URL: https://www.pubgucforfree.website/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:1000:1c:b3e3:eb40:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 47cbd399f2a844e3a0e1bf92cf13a95144b9675adf0373832a66d90f0365846d

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
last-modified: Mon, 30 Jan 2017 06:33:56 GMT
server: AmazonS3
age: 58974
etag: "19ca3a91bcbc81deb63641d06e500736"
x-cache: Hit from cloudfront
content-type: text/css
date: Mon, 11 Jan 2021 10:59:01 GMT
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-length: 31604
x-amz-cf-id: OQlJi6xFhrT9UOCF6L0wvxasWpmp1Hx2ei9dRAKgL1b-aoZDRySYHA==

GET
H2 200 css_front.css
d13pxqgp3ixdbh.cloudfront.net/assets/content_lockers/ 6 KB
7 KB 14ms
13ms Stylesheet
text/css 2600:9000:2190:1000:1c:b3e3:eb40:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d13pxqgp3ixdbh.cloudfront.net/assets/content_lockers/css_front.css
Requested by: Host: www.pubgucforfree.website
URL: https://www.pubgucforfree.website/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:1000:1c:b3e3:eb40:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a316fe7b1efa45b37b1c03c170e5772d1d5f2ffd084af6ca474a984c3b0bcc3c

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
last-modified: Mon, 30 Jan 2017 06:33:55 GMT
server: AmazonS3
age: 56940
etag: "90975bb431b0bc97e177770be23ecf7c"
x-cache: Hit from cloudfront
content-type: text/css
date: Tue, 12 Jan 2021 00:53:10 GMT
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-length: 6592
x-amz-cf-id: iTjtfCXZawH118gb69LTevfCmLKoeLB4ZODsMrxY52QczJ39Z1rvOw==

GET
H2 200 animate.css
d13pxqgp3ixdbh.cloudfront.net/assets/content_lockers/noty-2.3.8/demo/ 71 KB
72 KB 14ms
13ms Stylesheet
text/css 2600:9000:2190:1000:1c:b3e3:eb40:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d13pxqgp3ixdbh.cloudfront.net/assets/content_lockers/noty-2.3.8/demo/animate.css
Requested by: Host: www.pubgucforfree.website
URL: https://www.pubgucforfree.website/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:1000:1c:b3e3:eb40:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 88683b0a41b07f465377c8846933bdfb1e57fc9a54accef3e5fd0125bd052cc7

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
last-modified: Mon, 30 Jan 2017 06:33:55 GMT
server: AmazonS3
age: 90738
etag: "e78c4ece198b758d2fb2e18ff0283249"
x-cache: Hit from cloudfront
content-type: text/css
date: Mon, 11 Jan 2021 16:37:32 GMT
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-length: 72922
x-amz-cf-id: mzeub1TKrTJiX6jeQvdBEZsbELzbJL9_vbSb3Fe-y8PRIJCMMMx58w==

GET
H2 200 15557405207e3329d09819d567544ff408902c5baf.png
d13pxqgp3ixdbh.cloudfront.net/uploads/ 237 KB
238 KB 47ms
47ms Image
image/png 2600:9000:2190:1000:1c:b3e3:eb40:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d13pxqgp3ixdbh.cloudfront.net/uploads/15557405207e3329d09819d567544ff408902c5baf.png
Requested by: Host: www.pubgucforfree.website
URL: https://www.pubgucforfree.website/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:1000:1c:b3e3:eb40:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5b8053a39234c7ddbe92341726f98f9ad18d157bdbe6e17ed4afed215548fca9

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: buNcUzYk6UrxyJnl_LFjVvpyzFBEs8hH
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
last-modified: Sat, 20 Apr 2019 06:08:41 GMT
server: AmazonS3
age: 38175
etag: "a205d740b20634e0b5a2240fdc625e06"
x-cache: Hit from cloudfront
content-type: image/png
date: Mon, 11 Jan 2021 15:41:06 GMT
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-length: 242580
x-amz-cf-id: aeA8P8cTLLOS3GVOVt5SIs7nDI6uHbeFurHvPopgEUxbkcnh0ibKQg==

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 46 KB
18 KB 7ms
5ms Script
text/javascript 2a00:1450:4001:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.pubgucforfree.website
URL: https://www.pubgucforfree.website/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 23 Oct 2020 03:00:57 GMT
server: Golfe2
age: 2739
date: Tue, 12 Jan 2021 01:31:41 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18817
expires: Tue, 12 Jan 2021 03:31:41 GMT

GET
H2 200 1533609650e6355c8d49860d27f653aaaeb7ed2acd.png
d13pxqgp3ixdbh.cloudfront.net/uploads/ 10 KB
11 KB 209ms
207ms Image
image/png 2600:9000:2190:1000:1c:b3e3:eb40:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d13pxqgp3ixdbh.cloudfront.net/uploads/1533609650e6355c8d49860d27f653aaaeb7ed2acd.png
Requested by: Host: www.pubgucforfree.website
URL: https://www.pubgucforfree.website/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:1000:1c:b3e3:eb40:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bb750a7508ab12971933e75b760bdc5c7b2b0960eef882f4c6388a9dd87d7db6

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: rAcrOVvstYaX6ujq9GToE8_EPegKAZx8
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
last-modified: Tue, 07 Aug 2018 02:40:51 GMT
server: AmazonS3
age: 56359
etag: "ae220447f399d02b05c52bd8740a016c"
x-cache: Hit from cloudfront
content-type: image/png
date: Mon, 11 Jan 2021 10:38:02 GMT
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-length: 10655
x-amz-cf-id: _fS1WjOdMdPzCuPvhVnH2I_1fcp6WUTSh4Wj3mYmZ8_rv_o8V6fHow==

GET
H2 200 1503845781a32459b327a1f4d4781c0e439d397201.png
d13pxqgp3ixdbh.cloudfront.net/uploads/ 16 KB
16 KB 209ms
207ms Image
image/png 2600:9000:2190:1000:1c:b3e3:eb40:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d13pxqgp3ixdbh.cloudfront.net/uploads/1503845781a32459b327a1f4d4781c0e439d397201.png
Requested by: Host: www.pubgucforfree.website
URL: https://www.pubgucforfree.website/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:1000:1c:b3e3:eb40:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c7aaabb36a4dd360177e71eba58caa48380c0f71ec22c7e389a2fba01d7cbfe1

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: i7HQhEziDm1Ks_rHByhoNG_KM74tgkHJ
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
last-modified: Sun, 27 Aug 2017 14:56:22 GMT
server: AmazonS3
age: 84785
etag: "850154d5ee84d93509bfcbc969cae75f"
x-cache: Hit from cloudfront
content-type: image/png
date: Mon, 11 Jan 2021 02:44:16 GMT
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-length: 16368
x-amz-cf-id: svxZiTBVNUO9_qJn2qe9M0HzwFFFoxBQTZuGEJvWYMoO72prijURTQ==

GET
H2 200 jquery.js Show response
ajax.googleapis.com/ajax/libs/jquery/1/ 276 KB
83 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1/jquery.js

Requested by

Host: www.pubgucforfree.website
URL: https://www.pubgucforfree.website/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3029834a820c79c154c377f52e2719fc3ff2a27600a07ae089ea7fde9087f6bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 06 Jan 2021 19:23:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 456830
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 84371
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 06 Jan 2022 19:23:30 GMT

GET
H2 200 jquery-ui.min.js Show response
d13pxqgp3ixdbh.cloudfront.net/assets/landing_pages/jqueryui/ 247 KB
248 KB 206ms
204ms Script
application/x-javascript 2600:9000:2190:1000:1c:b3e3:eb40:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d13pxqgp3ixdbh.cloudfront.net/assets/landing_pages/jqueryui/jquery-ui.min.js
Requested by: Host: www.pubgucforfree.website
URL: https://www.pubgucforfree.website/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:1000:1c:b3e3:eb40:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b827f5917d353d0862dbd30720e73926f4488b88f19fede11ca9d206b49f4831

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
last-modified: Mon, 30 Jan 2017 06:33:56 GMT
server: AmazonS3
age: 58974
etag: "6cf0bfd19dae4c8eff9624f7cb36ac49"
x-cache: Hit from cloudfront
content-type: application/x-javascript
date: Mon, 11 Jan 2021 11:38:52 GMT
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-length: 253385
x-amz-cf-id: aYJ1ay5iSFnQztTJxi5aPTLU7r_SnuApKngY_PKKsHGgf9alp42VcA==

GET
H2 200 1bb80a7.js Show response
d13nu0oomnx5ti.cloudfront.net/ 23 KB
23 KB 351ms
349ms Script
application/javascript 2600:9000:206f:2c00:3:b5aa:ad80:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d13nu0oomnx5ti.cloudfront.net/1bb80a7.js
Requested by: Host: www.pubgucforfree.website
URL: https://www.pubgucforfree.website/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:2c00:3:b5aa:ad80:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ae1df32f028cc1ab83471711b69773c079ad4fe2bb80cc510e5a1c7d15de5831

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 01:20:39 GMT
via: 1.1 1c5b98f7bd5001d6fe1040daa237afc6.cloudfront.net (CloudFront)
last-modified: Sun, 25 Oct 2020 08:49:21 GMT
server: AmazonS3
age: 46021
etag: "4a024ce4e4ffe91521f5d82d02dd2588"
x-cache: Error from cloudfront
content-type: application/javascript
x-amz-cf-pop: FRA56-C1
content-length: 23439
x-amz-cf-id: _fquIDp5rKU44Nda9qqcwkd1Pw_pQ1_G79IChyySbnC5zg_8EU9Jcw==

GET
H2 200 t.js Show response
cldoffers.net/public/external/ 2 KB
1001 B 18ms
15ms Script
application/javascript 2606:4700:3031::681f:4424
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cldoffers.net/public/external/t.js
Requested by: Host: www.pubgucforfree.website
URL: https://www.pubgucforfree.website/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681f:4424 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fff2c7e238400b24472e5d6c529d7f625ec50ec4383ac23d33ca05d9c1f07a7d

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 02:17:20 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 21 Jul 2020 08:43:40 GMT
server: cloudflare
age: 3854
etag: W/"696-5aaef9eb90f9a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=9kZlRZ3Z7Z0JC91VS6nA%2BOjtfBbpNh89LwTKqapmuJlPKSR%2F8Gn5B1%2BiUUH0Y8C6ZiC7atRDx%2BbxBLKyQhUQfVTBqu%2FbNKSSB0npCaJvJlYcSwvEned1I4zQ"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 6103616c69331f4d-FRA
cf-request-id: 0795fb37c600001f4dd69a3000000001

GET
H2 200 jquery.noty.packaged.js Show response
d13pxqgp3ixdbh.cloudfront.net/assets/content_lockers/noty-2.3.8/js/noty/packaged/ 46 KB
46 KB 208ms
206ms Script
application/x-javascript 2600:9000:2190:1000:1c:b3e3:eb40:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d13pxqgp3ixdbh.cloudfront.net/assets/content_lockers/noty-2.3.8/js/noty/packaged/jquery.noty.packaged.js
Requested by: Host: www.pubgucforfree.website
URL: https://www.pubgucforfree.website/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:1000:1c:b3e3:eb40:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2727db8841f5a577e0d4bed1ab8f6b6bffa353dbffc087123c80ed1017a0b9bc

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: null
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
last-modified: Mon, 30 Jan 2017 06:33:55 GMT
server: AmazonS3
age: 56290
etag: "18397af3de42a96504923283d0d3d3a1"
x-cache: Hit from cloudfront
content-type: application/x-javascript
date: Mon, 11 Jan 2021 17:25:31 GMT
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-length: 46983
x-amz-cf-id: gS2GHNNCURSG1g0MUf1Tz5vY6j_seVAY1l9PvoYnST2OOGCU_3EbGw==

GET
H2 200 1542954524d5ec939de9e7a6b8d0e879920943ab4d.jpg
d13pxqgp3ixdbh.cloudfront.net/uploads/ 394 KB
396 KB 208ms
207ms Image
image/jpg 2600:9000:2190:1000:1c:b3e3:eb40:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d13pxqgp3ixdbh.cloudfront.net/uploads/1542954524d5ec939de9e7a6b8d0e879920943ab4d.jpg
Requested by: Host: www.pubgucforfree.website
URL: https://www.pubgucforfree.website/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:1000:1c:b3e3:eb40:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 541c1f1f94e053e53f04e8ad6eb4637b3e96dfc7bc047dd786772e4e29dcc28a

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: uRSulE7L3GfonzT7s6R1lS.UiFMeXHyE
via: 1.1 d92debab8d9ca0518390aebaec8733a7.cloudfront.net (CloudFront)
last-modified: Fri, 23 Nov 2018 06:28:45 GMT
server: AmazonS3
age: 48920
etag: "f0d5017f75f3e224b9c54ed0406fc30e"
x-cache: Hit from cloudfront
content-type: image/jpg
date: Mon, 11 Jan 2021 12:42:01 GMT
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-length: 403833
x-amz-cf-id: ajPvlZ7jYfQ0rBRk-9qHuWPULcdl_2NWA6vPEE4tmAhdkenHgpfucA==

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v18/ 9 KB
9 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.pubgucforfree.website
Referer: https://fonts.googleapis.com/css?family=Open+Sans:400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 07 Jan 2021 20:12:17 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:28 GMT
server: sffe
age: 367503
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9132
x-xss-protection: 0
expires: Fri, 07 Jan 2022 20:12:17 GMT

GET
H3-Q050 200 mem5YaGs126MiZpBA-UN_r8OUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v18/ 9 KB
9 KB 35ms
20ms Font
font/woff2 2a00:1450:4001:819::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN_r8OUuhpKKSTjw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5e261f7e11c39ff6f4c8fe884e5c9de2fa15f29085a1adefdd36603ef2e23c00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.pubgucforfree.website
Referer: https://fonts.googleapis.com/css?family=Open+Sans:300
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 06 Jan 2021 12:48:41 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:16 GMT
server: sffe
age: 480519
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9016
x-xss-protection: 0
expires: Thu, 06 Jan 2022 12:48:41 GMT

GET
H3-Q050 200 mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v18/ 9 KB
9 KB 33ms
20ms Font
font/woff2 2a00:1450:4001:819::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:700

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:819::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a48a6e4b14fe55f750c0a3dfb5a6f4941bdc06af0aa542b90de25c30c2b4625c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.pubgucforfree.website
Referer: https://fonts.googleapis.com/css?family=Open+Sans:700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 08 Jan 2021 11:36:52 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:27 GMT
server: sffe
age: 312028
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9080
x-xss-protection: 0
expires: Sat, 08 Jan 2022 11:36:52 GMT

GET
H2 200 cookienotice.js Show response
www.pubgucforfree.website/js/ 6 KB
2 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:819::2013
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.pubgucforfree.website/js/cookienotice.js

Requested by

Host: www.pubgucforfree.website
URL: https://www.pubgucforfree.website/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2013 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 02:17:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 11 Jan 2021 21:15:51 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 2026
x-xss-protection: 0
expires: Tue, 19 Jan 2021 02:17:20 GMT

GET
H2 200 html.1134091.21651.0.js Show response
d1xkyo9j4r7vnn.cloudfront.net/public/external/v2/ 8 KB
8 KB 322ms
321ms Script
application/javascript 2600:9000:2190:bc00:1a:60a5:c0c0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1xkyo9j4r7vnn.cloudfront.net/public/external/v2/html.1134091.21651.0.js
Requested by: Host: d13nu0oomnx5ti.cloudfront.net
URL: https://d13nu0oomnx5ti.cloudfront.net/1bb80a7.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:bc00:1a:60a5:c0c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Apache/2.4.41 () OpenSSL/1.0.2k-fips PHP/7.4.11 / PHP/7.4.11
Resource Hash: 60c00e54b8a301239b89f078023d8b58cc9a791cc195521df5d08462161a3d63

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 02:17:20 GMT
via: 1.1 a4f3f56409fe4e0b42683dc15dd52ef8.cloudfront.net (CloudFront)
server: Apache/2.4.41 () OpenSSL/1.0.2k-fips PHP/7.4.11
x-amz-cf-pop: ZRH50-C1
x-powered-by: PHP/7.4.11
x-cache: Miss from cloudfront
content-type: application/javascript
x-amz-cf-id: pUV1BzQZJxEAgiIaDpeWg_Pi_M4hZ3I1R_Q4e_2ftlW5nDyi3B_qFQ==

GET
H2 200 css_front.css
d1xkyo9j4r7vnn.cloudfront.net/public/external/ 6 KB
7 KB 315ms
315ms Stylesheet
text/css 2600:9000:2190:bc00:1a:60a5:c0c0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1xkyo9j4r7vnn.cloudfront.net/public/external/css_front.css
Requested by: Host: d13nu0oomnx5ti.cloudfront.net
URL: https://d13nu0oomnx5ti.cloudfront.net/1bb80a7.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:bc00:1a:60a5:c0c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Apache/2.4.41 () OpenSSL/1.0.2k-fips PHP/7.4.11 /
Resource Hash: a7bd79b6fba60944ee3a9c153108ff0819d2db57850116ac7065a86db08af4ec

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 02:17:20 GMT
via: 1.1 a4f3f56409fe4e0b42683dc15dd52ef8.cloudfront.net (CloudFront)
last-modified: Tue, 23 Jun 2020 20:05:34 GMT
server: Apache/2.4.41 () OpenSSL/1.0.2k-fips PHP/7.4.11
x-amz-cf-pop: ZRH50-C1
etag: "19c4-5a8c5e1dcc9d4"
x-cache: Miss from cloudfront
content-type: text/css
accept-ranges: bytes
content-length: 6596
x-amz-cf-id: C88HGK5MSQE5SQ2q8oy_0PxYxG6J0UOor2qtKswnVmD1lP1YxB2Siw==

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
25 B 47ms
13ms XHR
text/plain 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j87&a=1986184280&t=event&_s=1&dl=https%3A%2F%2Fwww.pubgucforfree.website%2F&ul=en-us&de=UTF-8&dt=Generate%20Unlimited%20UC%20and%20BP%20for%20your%20PUBG%20App!%20Working%20for%20Any%20Devices&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=VisitorEvents&ea=lockerJS_pageload&el=Locker%20JS%20Pageload&_u=6EBAAEABAAAAAC~&jid=1297297772&gjid=961552388&cid=1394375998.1610417840&uid=lniirmqwt&tid=UA-85922709-7&_gid=164626336.1610417840&_r=1&_slc=1&z=1540454774

Requested by

Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/5.20.1/bundle.min.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 12 Jan 2021 02:17:20 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.pubgucforfree.website
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
395 B 39ms
13ms XHR
text/plain 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j87&a=1986184280&t=pageView&_s=1&dl=https%3A%2F%2Fwww.pubgucforfree.website%2F&ul=en-us&de=UTF-8&dt=Generate%20Unlimited%20UC%20and%20BP%20for%20your%20PUBG%20App!%20Working%20for%20Any%20Devices&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=6EDAAEABAAAAAC~&jid=1124134748&gjid=1936153028&cid=1394375998.1610417840&tid=UA-85922709-2&_gid=164626336.1610417840&_r=1&_slc=1&cd1=0&z=682224996

Requested by

Host: browser.sentry-cdn.com
URL: https://browser.sentry-cdn.com/5.20.1/bundle.min.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 12 Jan 2021 02:17:20 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.pubgucforfree.website
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 fontawesome-webfont.woff2
d13pxqgp3ixdbh.cloudfront.net/assets/landing_pages/fa/fonts/ 70 KB
71 KB 651ms
651ms Font
application/octet-stream 2600:9000:2190:1000:1c:b3e3:eb40:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d13pxqgp3ixdbh.cloudfront.net/assets/landing_pages/fa/fonts/fontawesome-webfont.woff2?v=4.6.3
Requested by: Host: d13pxqgp3ixdbh.cloudfront.net
URL: https://d13pxqgp3ixdbh.cloudfront.net/assets/landing_pages/fa/css/font-awesome.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:1000:1c:b3e3:eb40:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

Origin: https://www.pubgucforfree.website
Referer: https://d13pxqgp3ixdbh.cloudfront.net/assets/landing_pages/fa/css/font-awesome.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 02:17:21 GMT
via: 1.1 c07945b00aad28e34fbfebb3d3907061.cloudfront.net (CloudFront)
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-amz-cf-pop: ZRH50-C1
x-cache: Miss from cloudfront
content-length: 71896
last-modified: Mon, 30 Jan 2017 06:33:55 GMT
server: AmazonS3
etag: "e6cf7c6ec7c2d6f670ae9d762604cb0b"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
x-amz-version-id: null
access-control-allow-origin: *
accept-ranges: bytes
content-type: application/octet-stream
x-amz-cf-id: oF2EfqHjvvi4GiT13BDpi9Z5G7HWwfRJdQK9jcUf_GEKK8Fw7ICmuQ==

GET
H2 200 css.css
d1xkyo9j4r7vnn.cloudfront.net/public/clockers/Blank/ 700 B
1 KB 316ms
316ms Stylesheet
text/css 2600:9000:2190:bc00:1a:60a5:c0c0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1xkyo9j4r7vnn.cloudfront.net/public/clockers/Blank/css.css
Requested by: Host: d13nu0oomnx5ti.cloudfront.net
URL: https://d13nu0oomnx5ti.cloudfront.net/1bb80a7.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:bc00:1a:60a5:c0c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Apache/2.4.41 () OpenSSL/1.0.2k-fips PHP/7.4.11 /
Resource Hash: 0b1e91559bf23d2dce422563b7f51f45fd5ce9e09ed759d384a5077474c3962d

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 02:17:20 GMT
via: 1.1 a4f3f56409fe4e0b42683dc15dd52ef8.cloudfront.net (CloudFront)
last-modified: Fri, 10 Apr 2020 22:29:00 GMT
server: Apache/2.4.41 () OpenSSL/1.0.2k-fips PHP/7.4.11
x-amz-cf-pop: ZRH50-C1
etag: "2bc-5a2f7428ae907"
x-cache: Miss from cloudfront
content-type: text/css
accept-ranges: bytes
content-length: 700
x-amz-cf-id: goe4qVk8jY6jvqZyS9FIkGtt4ZlpaMD2pZ6SNNbsrePi6tnDGMU5mg==

GET
H/1.1

200
OK

Cookie set click_direct.php Show response
cldoffers.net/public/
Redirect Chain

https://smrturl.co/6901901
http://cldoffers.net/public/click_direct.php?offer_id=53176900&offer_position=1&visitor_id=694795914&m=0&user_id=90162&it=1139071&key=af50d&s2=smart-6901901&hash=b966b533c93aa525976ca33fb7cbbd00

539 B
2 KB

730ms
718ms

Document
text/html

2606:4700:3030::681f:4524
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://cldoffers.net/public/click_direct.php?offer_id=53176900&offer_position=1&visitor_id=694795914&m=0&user_id=90162&it=1139071&key=af50d&s2=smart-6901901&hash=b966b533c93aa525976ca33fb7cbbd00
Protocol: HTTP/1.1
Server: 2606:4700:3030::681f:4524 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.11
Resource Hash: 83f3051c876e0e24a9040e7d9a8a562500e4ebe926ce330ad6a7fdb0a3044509

Request headers

Host: cldoffers.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.pubgucforfree.website/

Response headers

Date: Tue, 12 Jan 2021 02:17:22 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 539
Connection: keep-alive
Set-Cookie: __cfduid=d5148a8632bab52188527d0b75f6d5e801610417841; expires=Thu, 11-Feb-21 02:17:21 GMT; path=/; domain=.cldoffers.net; HttpOnly; SameSite=Lax BUILD_VISITOR_RAND=6b2303fc; expires=Wed, 13-Jan-2021 02:17:22 GMT; Max-Age=86400; path=/; secure; HttpOnly; SameSite=None BUILD_VISITOR_ID=694795914; expires=Wed, 13-Jan-2021 02:17:22 GMT; Max-Age=86400; path=/; secure; HttpOnly; SameSite=None BUILD_VISITOR_ID_KEY=d4873a4b22092a73b77096f06e1ce19c; expires=Wed, 13-Jan-2021 02:17:22 GMT; Max-Age=86400; path=/; secure; HttpOnly; SameSite=None BUILD_CLICK_IDS=%5B834866550%5D; expires=Wed, 13-Jan-2021 02:17:22 GMT; Max-Age=86400; path=/
X-Powered-By: PHP/7.4.11
Cache-Control: no-cache, no-transform
Pragma: no-cache
Expires: Sat, 26 Jul 1997 05:00:00 GMT
CF-Cache-Status: DYNAMIC
cf-request-id: 0795fb3ee3000032482c947000000001
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=6JD%2B4rLgrfgaUSElemf2H9psM9gVMaqLaO1J7cMgjJqYyjrE5CbdKfEvF2e16y%2Fx35VYrpXaLLpe9PGzYumPsgCv%2FZqroV7q9rES06TJMXVVYbxRQ5YsmnAv"}],"group":"cf-nel","max_age":604800}
NEL: {"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 61036177ccd23248-FRA

Redirect headers

date: Tue, 12 Jan 2021 02:17:21 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d82688ecccaafcfd221f5a9adb8f4be691610417841; expires=Thu, 11-Feb-21 02:17:21 GMT; path=/; domain=.smrturl.co; HttpOnly; SameSite=Lax CPABUILD_API=1b429942bfba4be9bd7e; expires=Thu, 22-Apr-2021 02:17:21 GMT; Max-Age=8640000; path=/; HttpOnly BUILD_VISITOR_ID=694795914; expires=Wed, 13-Jan-2021 02:17:21 GMT; Max-Age=86400; path=/ BUILD_VISITOR_IT_ID=1139071; expires=Wed, 13-Jan-2021 02:17:21 GMT; Max-Age=86400; path=/
x-powered-by: PHP/7.4.11
location: http://cldoffers.net/public/click_direct.php?offer_id=53176900&offer_position=1&visitor_id=694795914&m=0&user_id=90162&it=1139071&key=af50d&s2=smart-6901901&hash=b966b533c93aa525976ca33fb7cbbd00
cf-cache-status: DYNAMIC
cf-request-id: 0795fb3d2200002c56972f8000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=XuOXTuRRFSaFykHO7hqgMWH%2B36QPjQPo2QSy9LWfV2ceWuUXIga1RwSA5J2Lo6wxV11KT6VUIdO6%2FKpVtbNJl9qFqWCpiIZoBb1NQgFGdqVpt%2FsaPHXE"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 610361750d852c56-FRA

GET
H2 200 guid
d1xkyo9j4r7vnn.cloudfront.net/public/ 0
286 B 315ms
315ms Script
text/html 2600:9000:2190:bc00:1a:60a5:c0c0:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1xkyo9j4r7vnn.cloudfront.net/public/guid?cpguid=lniirmqwt&e=ll&t=1610417841428
Requested by: Host: d13nu0oomnx5ti.cloudfront.net
URL: https://d13nu0oomnx5ti.cloudfront.net/1bb80a7.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2190:bc00:1a:60a5:c0c0:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Apache/2.4.41 () OpenSSL/1.0.2k-fips PHP/7.4.11 / PHP/7.4.11
Resource Hash

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 02:17:21 GMT
via: 1.1 a4f3f56409fe4e0b42683dc15dd52ef8.cloudfront.net (CloudFront)
server: Apache/2.4.41 () OpenSSL/1.0.2k-fips PHP/7.4.11
x-amz-cf-pop: ZRH50-C1
x-powered-by: PHP/7.4.11
x-cache: Miss from cloudfront
content-type: text/html; charset=UTF-8
content-length: 0
x-amz-cf-id: ZRvwS5LJuhTQZGlTDmVNDfr9WQ1e_UF_wlJLttC-z69cVgVg2d0Jag==

GET click_direct.php
cldoffers.net/public/ 0
0

GET
H2

200

/ Show response
jump.totopcontent.xyz/
Redirect Chain

https://m.banhmidigital.com/click?pid=1309&offer_id=59119&sub1=834866550&sub5=90162
https://cpadstrtmd.mobisway.com/click?pid=1373&offer_id=55094&sub5=1309&sub3=59119&sub4=%2AIn-House%2A+%5BPIN%5D+DE+Content+Download+Purple
https://jump.totopcontent.xyz/?utm_medium=04a36d53033249cb443c0269cf7ee2c9c2143472&utm_campaign=main&1=1309&cid=5ffd06b2b30101000157086a

3 KB
2 KB

368ms
121ms

Document
text/html

65.60.9.234
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://jump.totopcontent.xyz/?utm_medium=04a36d53033249cb443c0269cf7ee2c9c2143472&utm_campaign=main&1=1309&cid=5ffd06b2b30101000157086a

Requested by

Host: cldoffers.net
URL: http://cldoffers.net/public/click_direct.php?offer_id=53176900&offer_position=1&visitor_id=694795914&m=0&user_id=90162&it=1139071&key=af50d&s2=smart-6901901&hash=b966b533c93aa525976ca33fb7cbbd00

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

65.60.9.234 Chicago, United States, ASN32475 (SINGLEHOP-LLC, US),

Reverse DNS

server04.com-2.mobi

Software

nginx / PHP/7.4.10

Resource Hash

0a89d32dc11b7e0eeb5308b49aec1a8796ac2dbb3d6cb7f7109bb93fefc9e250

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;

Request headers

:method: GET
:authority: jump.totopcontent.xyz
:scheme: https
:path: /?utm_medium=04a36d53033249cb443c0269cf7ee2c9c2143472&utm_campaign=main&1=1309&cid=5ffd06b2b30101000157086a
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://cldoffers.net/public/click_direct.php?offer_id=53176900&offer_position=1&visitor_id=694795914&m=0&user_id=90162&it=1139071&key=af50d&s2=smart-6901901&hash=b966b533c93aa525976ca33fb7cbbd00

Response headers

server: nginx
date: Tue, 12 Jan 2021 02:17:23 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.10
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
set-cookie: u=4ddea5cbf382f0bd98bd31217934a919; expires=Wed, 12-Jan-2022 02:17:23 GMT; Max-Age=31536000; path=/
strict-transport-security: max-age=31536000; includeSubdomains;
content-encoding: gzip

Redirect headers

server: nginx
date: Tue, 12 Jan 2021 02:17:22 GMT
content-type: text/html; charset=utf-8
content-length: 171
location: https://jump.totopcontent.xyz/?utm_medium=04a36d53033249cb443c0269cf7ee2c9c2143472&utm_campaign=main&1=1309&cid=5ffd06b2b30101000157086a
referer
referrer-policy: no-referrer
set-cookie: afclick=5ffd06b2b30101000157086a; Expires=Wed, 12 Jan 2022 02:17:22 GMT; Secure; SameSite=None

GET
H2 200 / Show response
jump.totopcontent.xyz/ 11 KB
5 KB 125ms
125ms Document
text/html 65.60.9.234
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://jump.totopcontent.xyz/?utm_term=6916691968596639832&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb5b081b68784b49a9b98f5fff1f8eef1f2e0f4bbe7e6fc878a9a90eedeecaa8d8c878d83c7ad8b99d5f8cbcaffcec9f2f3f085848291f5cafac8f8f8fffccdf3f1f0f1c6c7c45e

Requested by

Host: jump.totopcontent.xyz
URL: https://jump.totopcontent.xyz/?utm_medium=04a36d53033249cb443c0269cf7ee2c9c2143472&utm_campaign=main&1=1309&cid=5ffd06b2b30101000157086a

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

65.60.9.234 Chicago, United States, ASN32475 (SINGLEHOP-LLC, US),

Reverse DNS

server04.com-2.mobi

Software

nginx / PHP/7.4.10

Resource Hash

1f3c254caccc6c58b74636c905842a846b72a9a2e33755517502e7635700309e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;

Request headers

:method: GET
:authority: jump.totopcontent.xyz
:scheme: https
:path: /?utm_term=6916691968596639832&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb5b081b68784b49a9b98f5fff1f8eef1f2e0f4bbe7e6fc878a9a90eedeecaa8d8c878d83c7ad8b99d5f8cbcaffcec9f2f3f085848291f5cafac8f8f8fffccdf3f1f0f1c6c7c45e
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://jump.totopcontent.xyz/?utm_medium=04a36d53033249cb443c0269cf7ee2c9c2143472&utm_campaign=main&1=1309&cid=5ffd06b2b30101000157086a
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: u=4ddea5cbf382f0bd98bd31217934a919
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://jump.totopcontent.xyz/?utm_medium=04a36d53033249cb443c0269cf7ee2c9c2143472&utm_campaign=main&1=1309&cid=5ffd06b2b30101000157086a

Response headers

server: nginx
date: Tue, 12 Jan 2021 02:17:23 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.10
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubdomains;
content-encoding: gzip

GET
H2

200

aHR0cDovL3RyYWZmaXgyLmNvbQ== Show response
popmyads.com/serve/52264/49052/szqpmqqoapdpgpq/
Redirect Chain

https://jump.totopcontent.xyz/proc.php?55731de6e09826a8634f725334aa5d2a4920efaf
http://tracking.armorads.com/sl?id=5faa890a127bd6bcbd27203b&pid=4&sub1=M6916691968596639832&sub2=15494&sub3=15494-651cd233
https://go.whiteanemone.xyz/redirect?feed=276309&auth=ebuQy0&url=http%3A%2F%2Fcryptocore.xyz&pub_clickid=5ffd06b3e12d04000102fa20&sub1=4-15494&query=http%3A%2F%2Fcryptocore.xyz
https://guay.labtrffc.com/l.php?p=c:l312xvi_932jkpeqt&d=5fe36418910f697781101d52&s=276309&d2=cryptocore.xyz
https://popmyads.com/serve/52264/49052/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgyLmNvbQ==

2 KB
2 KB

82ms
66ms

Document
text/html

2606:4700:3035::6818:7f98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://popmyads.com/serve/52264/49052/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgyLmNvbQ==

Requested by

Host: jump.totopcontent.xyz
URL: https://jump.totopcontent.xyz/?utm_term=6916691968596639832&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb5b081b68784b49a9b98f5fff1f8eef1f2e0f4bbe7e6fc878a9a90eedeecaa8d8c878d83c7ad8b99d5f8cbcaffcec9f2f3f085848291f5cafac8f8f8fffccdf3f1f0f1c6c7c45e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3035::6818:7f98 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / PHP/7.1.33

Resource Hash

e4d6d3267475b4633694b1f8a36ccb7a074ed8d808a21c6f7bb6687a19edb7ca

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'none'
X-Frame-Options	DENY

Request headers

:method: GET
:authority: popmyads.com
:scheme: https
:path: /serve/52264/49052/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgyLmNvbQ==
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://jump.totopcontent.xyz/?utm_term=6916691968596639832&clickverify=1&utm_content=e6c2c6dcd68fd49594fc9695a6a795938a8bb8888c8f8cbdb2c6b0c4b6b78583babb88b8bcbfbc8dafb5b081b68784b49a9b98f5fff1f8eef1f2e0f4bbe7e6fc878a9a90eedeecaa8d8c878d83c7ad8b99d5f8cbcaffcec9f2f3f085848291f5cafac8f8f8fffccdf3f1f0f1c6c7c45e#

Response headers

date: Tue, 12 Jan 2021 02:17:24 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=df94887598c7a1c9fdcb72bd19b103d261610417844; expires=Thu, 11-Feb-21 02:17:24 GMT; path=/; domain=.popmyads.com; HttpOnly; SameSite=Lax __cf_bm=f4143b8d9adca931876a6c5103edbef551cab6fa-1610417844-1800-AR19LrDzOUl8ESQp++pKI9yLe2AccxJtUzhDZ7baM8jyaz4YCjkgclVtdKNLOEI6WwACHY/0YhDPIzw5oJQBcwk=; path=/; expires=Tue, 12-Jan-21 02:47:24 GMT; domain=.popmyads.com; HttpOnly; Secure; SameSite=None
x-powered-by: PHP/7.1.33
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
cf-cache-status: DYNAMIC
cf-request-id: 0795fb478000004abcb0bc8000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=BfPToCsgEfZi50aF%2BFBj2emjhapOJ%2Fe8bsx9QBs1Jg8i%2ByBAdC5tc132l3VPX5ypGjma%2FO1ZmQTdGIBqM8hrHBML3HS5uhD9drcRBIB7baUAYfYegJfOeOs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 610361859ca54abc-FRA
content-encoding: br

Redirect headers

Server: nginx
Date: Tue, 12 Jan 2021 02:17:24 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 10ut8s57tx
Raund: 1p
Location: https://popmyads.com/serve/52264/49052/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgyLmNvbQ==

GET popmyads.png
whos.amung.us/swidget/ 0
0

GET
H/1.1

200
OK

Cookie set u.php Show response
ak.labtrffc.com/
Redirect Chain

https://popmyads.com/go
https://ak.labtrffc.com/u.php?p=c:xecd97ulltzndt7xv&d=5f9a76a347eb6438d428a930

540 B
675 B

162ms
52ms

Document
text/html

51.83.143.92
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://ak.labtrffc.com/u.php?p=c:xecd97ulltzndt7xv&d=5f9a76a347eb6438d428a930
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.83.143.92 , Poland, ASN16276 (OVH, FR),
Reverse DNS: ns3155458.ip-51-83-143.eu
Software: nginx /
Resource Hash: a57d6f151aa87b398e655dd1ee9eeffcbe2ea9b68fc410af66031995eb0bc17e

Request headers

Host: ak.labtrffc.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
Referer: https://popmyads.com/serve/52264/49052/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgyLmNvbQ==
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
Origin: https://popmyads.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://popmyads.com/serve/52264/49052/szqpmqqoapdpgpq/aHR0cDovL3RyYWZmaXgyLmNvbQ==

Response headers

Server: nginx
Date: Tue, 12 Jan 2021 02:17:24 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: bt-5f9a76a347eb6438d428a930=5ffd06b4fae1d81a0f0612a4; expires=Fri, 15-Jan-2021 02:17:24 GMT; Max-Age=259200; path=/; domain=ak.labtrffc.com; HttpOnly
Content-Encoding: gzip

Redirect headers

date: Tue, 12 Jan 2021 02:17:24 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.1.33
set-cookie: wGprrBLT=2; expires=Tue, 12-Jan-2021 02:17:26 GMT; Max-Age=2; path=/
location: https://ak.labtrffc.com/u.php?p=c:xecd97ulltzndt7xv&d=5f9a76a347eb6438d428a930
cf-cache-status: DYNAMIC
cf-request-id: 0795fb47d300004abc56163000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=gop5QW%2BAotZeN26shOz8mHQhes2sKi1jC3TTJuf6kE19mk9MGJc8TTSAis4h7Lven3MrkQzN47j%2FLgl%2BWxq2W8hrjfzMU1VU98%2BxXyhK4T%2Fb%2Bxerx7zhI50%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 610361861d4a4abc-FRA

GET
H2

200

26999945f86ad855cd3c.js Show response
trk85.nundori.xyz/l/
Redirect Chain

https://ak.labtrffc.com/u.php?p=c:xecd97ulltzndt7xv&d=5f9a76a347eb6438d428a930&bv=1
https://misctraff.com/l/26999945f86ad855cd3c?sub=5ffd06b4fae1d81a0f0612a4&source=lonestar-unknown&sub2=lambda2
https://trk85.nundori.xyz/l/26999945f86ad855cd3c.js?sub=5ffd06b4fae1d81a0f0612a4&source=lonestar-unknown&sub2=lambda2

36 KB
12 KB

93ms
34ms

Document
text/html

172.64.140.31
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://trk85.nundori.xyz/l/26999945f86ad855cd3c.js?sub=5ffd06b4fae1d81a0f0612a4&source=lonestar-unknown&sub2=lambda2
Requested by: Host: ak.labtrffc.com
URL: https://ak.labtrffc.com/u.php?p=c:xecd97ulltzndt7xv&d=5f9a76a347eb6438d428a930
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.140.31 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 29eddce2034a37edddd7b743551f12f50cddbdf80690919b7e597bb78e5b416a

Request headers

:method: GET
:authority: trk85.nundori.xyz
:scheme: https
:path: /l/26999945f86ad855cd3c.js?sub=5ffd06b4fae1d81a0f0612a4&source=lonestar-unknown&sub2=lambda2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://ak.labtrffc.com/u.php?p=c:xecd97ulltzndt7xv&d=5f9a76a347eb6438d428a930
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ak.labtrffc.com/u.php?p=c:xecd97ulltzndt7xv&d=5f9a76a347eb6438d428a930

Response headers

date: Tue, 12 Jan 2021 02:17:24 GMT
content-type: text/html
set-cookie: __cfduid=d590d54847d3c4e78c4b8a094350a10491610417844; expires=Thu, 11-Feb-21 02:17:24 GMT; path=/; domain=.nundori.xyz; HttpOnly; SameSite=Lax
last-modified: Tue, 20 Aug 2019 14:25:21 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 8164
cf-request-id: 0795fb49720000f152de065000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=nftGMKDtwvFXdc%2F2KfuCqQpah0WhcM3bigmwQ0ZC5nBAJ1QcveyQNx2JjW%2FL1frXHZFAWQNKA910VI%2BANlgxm7iGmERg%2FbU6bnIl%2BMW%2FQ92FEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 61036188bb04f152-ARN
content-encoding: br

Redirect headers

date: Tue, 12 Jan 2021 02:17:24 GMT
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
location: https://trk85.nundori.xyz/l/26999945f86ad855cd3c.js?sub=5ffd06b4fae1d81a0f0612a4&source=lonestar-unknown&sub2=lambda2
cf-request-id: 0795fb49150000c2bdcb8c5000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=YnGMXhq8DQCbH1nHp%2FvATh6NAMd2r7peAXVILEeY6K8dRctb%2FESijZq7h%2FzqkhQcCVFRcI965yFKAenQQxmKOXFbjNGGD%2BvpZnflOAg%2BnNR8%2BTKkRJMPrEXy"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 61036188294ec2bd-FRA

GET
H2

200

gw.js Show response
trk85.nundori.xyz/
Redirect Chain

https://trk85.nundori.xyz/l/26999945f86ad855cd3c.js?sub=5ffd06b4fae1d81a0f0612a4&source=lonestar-unknown&sub2=lambda2&code=34Y3VvBDU7Nzc8OkFDQEFEQkkRhYV3Fn.GGI9-jR1PVB.JhYMkVVYml5SdK3eVm6OnUKlqaV83...
https://trk85.nundori.xyz/gw.js?sub=5ffd06b4fae1d81a0f0612a4&sub2=lambda2&source=lonestar-unknown&url=https%3A%2F%2Fa8672336.mnoova.com%2Frc%2F487946c6b3%3Faffclick%3Dbmconv_20210112031724_1f8e737a...

1 KB
902 B

32ms
32ms

Document
text/html

172.64.140.31
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://trk85.nundori.xyz/gw.js?sub=5ffd06b4fae1d81a0f0612a4&sub2=lambda2&source=lonestar-unknown&url=https%3A%2F%2Fa8672336.mnoova.com%2Frc%2F487946c6b3%3Faffclick%3Dbmconv_20210112031724_1f8e737a_0b75_4bbd_b7a9_f087b0e3d1e8%26pubid%3D136436_lonestar-unknown&vId=bmconv_20210112031724_1f8e737a_0b75_4bbd_b7a9_f087b0e3d1e8&hash=26999945f86ad855cd3c&ete=true
Requested by: Host: www.pubgucforfree.website
URL: https://www.pubgucforfree.website/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.140.31 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e13ed77dfeaa6337766a94370d26a84f27097e38ef8aeb897f3cdcb5a39e2b4b

Request headers

:method: GET
:authority: trk85.nundori.xyz
:scheme: https
:path: /gw.js?sub=5ffd06b4fae1d81a0f0612a4&sub2=lambda2&source=lonestar-unknown&url=https%3A%2F%2Fa8672336.mnoova.com%2Frc%2F487946c6b3%3Faffclick%3Dbmconv_20210112031724_1f8e737a_0b75_4bbd_b7a9_f087b0e3d1e8%26pubid%3D136436_lonestar-unknown&vId=bmconv_20210112031724_1f8e737a_0b75_4bbd_b7a9_f087b0e3d1e8&hash=26999945f86ad855cd3c&ete=true
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://trk85.nundori.xyz/l/26999945f86ad855cd3c.js?sub=5ffd06b4fae1d81a0f0612a4&source=lonestar-unknown&sub2=lambda2
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: __cfduid=d590d54847d3c4e78c4b8a094350a10491610417844; BSESSID=trkd1ee6a6a-9167-4cfe-a958-0d8ad8491b6d
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://trk85.nundori.xyz/l/26999945f86ad855cd3c.js?sub=5ffd06b4fae1d81a0f0612a4&source=lonestar-unknown&sub2=lambda2

Response headers

date: Tue, 12 Jan 2021 02:17:24 GMT
content-type: text/html
last-modified: Fri, 08 Jan 2021 14:59:37 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 8159
cf-request-id: 0795fb4a130000f1528c369000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=wQd60Q4PMCxX6w11iucZw7g9PT29DgcOXE6PuNYy%2BYijbIb5Ft0V%2F6miZIhhhm5nAEqdW859tXEgajp2kQ%2BARt7hQWqLVaGzuG%2FjbvDhaj7uhQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 61036189bbb1f152-ARN
content-encoding: br

Redirect headers

date: Tue, 12 Jan 2021 02:17:24 GMT
location: https://trk85.nundori.xyz/gw.js?sub=5ffd06b4fae1d81a0f0612a4&sub2=lambda2&source=lonestar-unknown&url=https%3A%2F%2Fa8672336.mnoova.com%2Frc%2F487946c6b3%3Faffclick%3Dbmconv_20210112031724_1f8e737a_0b75_4bbd_b7a9_f087b0e3d1e8%26pubid%3D136436_lonestar-unknown&vId=bmconv_20210112031724_1f8e737a_0b75_4bbd_b7a9_f087b0e3d1e8&hash=26999945f86ad855cd3c&ete=true
cache-control: private, max-age=0, no-cache, no-store, must-revalidate
pragma: no-cache
set-cookie: BSESSID=trkd1ee6a6a-9167-4cfe-a958-0d8ad8491b6d; Max-Age=63072000; Expires=Thu, 12 Jan 2023 02:17:24 GMT; Path=/
cf-cache-status: DYNAMIC
cf-request-id: 0795fb49ba0000f1529a270000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Ep4CHF6Un6gcduFwkDuIzDlYzMAv1ezfXAgu7T6QSzu2MACXqs8oAdjcvRHmNovIhzvVSjvs0yJBPlYYXQNsnKipLwD80j5HhtrIwI9VfmRImg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 610361892b5df152-ARN

GET
H2 403 Primary Request 487946c6b3 Show response
a8672336.mnoova.com/rc/ 13 KB
7 KB 42ms
11ms Document
text/html 2606:4700:3031::681b:a0b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://a8672336.mnoova.com/rc/487946c6b3?affclick=bmconv_20210112031724_1f8e737a_0b75_4bbd_b7a9_f087b0e3d1e8&pubid=136436_lonestar-unknown

Requested by

Host: trk85.nundori.xyz
URL: https://trk85.nundori.xyz/l/26999945f86ad855cd3c?sub=5ffd06b4fae1d81a0f0612a4&sub2=lambda2&source=lonestar-unknown&url=https%3A%2F%2Fa8672336.mnoova.com%2Frc%2F487946c6b3%3Faffclick%3Dbmconv_20210112031724_1f8e737a_0b75_4bbd_b7a9_f087b0e3d1e8%26pubid%3D136436_lonestar-unknown&vId=bmconv_20210112031724_1f8e737a_0b75_4bbd_b7a9_f087b0e3d1e8&hash=26999945f86ad855cd3c&ete=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3031::681b:a0b4 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ede8a5d8ef9a1a35227028bba7c973cd5dff22e927789cb23f0a501544d0aeff

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

:method: GET
:authority: a8672336.mnoova.com
:scheme: https
:path: /rc/487946c6b3?affclick=bmconv_20210112031724_1f8e737a_0b75_4bbd_b7a9_f087b0e3d1e8&pubid=136436_lonestar-unknown
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://trk85.nundori.xyz/l/26999945f86ad855cd3c?sub=5ffd06b4fae1d81a0f0612a4&sub2=lambda2&source=lonestar-unknown&url=https%3A%2F%2Fa8672336.mnoova.com%2Frc%2F487946c6b3%3Faffclick%3Dbmconv_20210112031724_1f8e737a_0b75_4bbd_b7a9_f087b0e3d1e8%26pubid%3D136436_lonestar-unknown&vId=bmconv_20210112031724_1f8e737a_0b75_4bbd_b7a9_f087b0e3d1e8&hash=26999945f86ad855cd3c&ete=true
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://trk85.nundori.xyz/l/26999945f86ad855cd3c?sub=5ffd06b4fae1d81a0f0612a4&sub2=lambda2&source=lonestar-unknown&url=https%3A%2F%2Fa8672336.mnoova.com%2Frc%2F487946c6b3%3Faffclick%3Dbmconv_20210112031724_1f8e737a_0b75_4bbd_b7a9_f087b0e3d1e8%26pubid%3D136436_lonestar-unknown&vId=bmconv_20210112031724_1f8e737a_0b75_4bbd_b7a9_f087b0e3d1e8&hash=26999945f86ad855cd3c&ete=true

Response headers

date: Tue, 12 Jan 2021 02:17:24 GMT
content-type: text/html; charset=UTF-8
cf-chl-bypass: 1
set-cookie: __cfduid=df534538b000bc162288ffda5c31afde81610417844; expires=Thu, 11-Feb-21 02:17:24 GMT; path=/; domain=.mnoova.com; HttpOnly; SameSite=Lax
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
x-frame-options: SAMEORIGIN
cf-request-id: 0795fb4a4d00002c36380af000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=58DZTqwEHgUd1c4wAGhOEYquW41zVWJTCYYLG%2BkbY%2BprBNhRHDxRNpVNLB3nFYyS9IH84sQmJ5%2BF9X7EiYJMMvJh1t5Hjyn8VgXyWaUrOWbHIvD%2FzhHrD2%2F8BZofxEuu"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 6103618a1b5e2c36-FRA
content-encoding: br

GET
H2 200 cf.errors.css
a8672336.mnoova.com/cdn-cgi/styles/ 23 KB
4 KB 8ms
7ms Stylesheet
text/css 2606:4700:3031::681b:a0b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://a8672336.mnoova.com/cdn-cgi/styles/cf.errors.css

Requested by

Host: a8672336.mnoova.com
URL: https://a8672336.mnoova.com/rc/487946c6b3?affclick=bmconv_20210112031724_1f8e737a_0b75_4bbd_b7a9_f087b0e3d1e8&pubid=136436_lonestar-unknown

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3031::681b:a0b4 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

16fd28061d42cf29268600418d5aa26b585435027ca599a42141cbc820f2547c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://a8672336.mnoova.com/rc/487946c6b3?affclick=bmconv_20210112031724_1f8e737a_0b75_4bbd_b7a9_f087b0e3d1e8&pubid=136436_lonestar-unknown
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 02:17:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 05 Jan 2021 18:13:45 GMT
server: cloudflare
etag: W/"5ff4ac59-5c88"
x-frame-options: DENY
content-type: text/css
cache-control: max-age=7200, public
cf-ray: 6103618a3b842c36-FRA
vary: Accept-Encoding
expires: Tue, 12 Jan 2021 04:17:24 GMT

GET
H2 200 v1 Show response
a8672336.mnoova.com/cdn-cgi/challenge-platform/h/b/orchestrate/captcha/ 39 KB
13 KB 39ms
39ms Script
text/javascript 2606:4700:3031::681b:a0b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a8672336.mnoova.com/cdn-cgi/challenge-platform/h/b/orchestrate/captcha/v1
Requested by: Host: a8672336.mnoova.com
URL: https://a8672336.mnoova.com/rc/487946c6b3?affclick=bmconv_20210112031724_1f8e737a_0b75_4bbd_b7a9_f087b0e3d1e8&pubid=136436_lonestar-unknown
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681b:a0b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 315d66bf12754b2496aa62ff61399e38d11864e9dc60b2952d150bfe2461fdf7

Request headers

Referer: https://a8672336.mnoova.com/rc/487946c6b3?affclick=bmconv_20210112031724_1f8e737a_0b75_4bbd_b7a9_f087b0e3d1e8&pubid=136436_lonestar-unknown
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 02:17:24 GMT
content-encoding: br
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=S9yPqOGx9kYKuN3yqau85Ih8njWFrMDb8t5LAHdjw5VWZcPpo1OdnjowiUDBXT5w%2FEXQsAPH8AYUxaj%2B%2Fn3tkIinVvD0jZB5xCC%2B2iVR3yWL%2BoFf1SoDYn%2BLSTPxJzwG"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cf-ray: 6103618a4b962c36-FRA
cf-request-id: 0795fb4a7000002c3628b23000000001

GET
H2 200 transparent.gif
a8672336.mnoova.com/cdn-cgi/images/trace/captcha/nojs/h/ 42 B
129 B 7ms
7ms Image
image/gif 2606:4700:3031::681b:a0b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a8672336.mnoova.com/cdn-cgi/images/trace/captcha/nojs/h/transparent.gif?ray=6103618a1b5e2c36

Requested by

Host: a8672336.mnoova.com
URL: https://a8672336.mnoova.com/rc/487946c6b3?affclick=bmconv_20210112031724_1f8e737a_0b75_4bbd_b7a9_f087b0e3d1e8&pubid=136436_lonestar-unknown

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3031::681b:a0b4 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://a8672336.mnoova.com/rc/487946c6b3?affclick=bmconv_20210112031724_1f8e737a_0b75_4bbd_b7a9_f087b0e3d1e8&pubid=136436_lonestar-unknown
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 02:17:24 GMT
x-content-type-options: nosniff
last-modified: Tue, 05 Jan 2021 18:13:45 GMT
server: cloudflare
etag: "5ff4ac59-2a"
x-frame-options: DENY
content-type: image/gif
cache-control: max-age=7200, public
accept-ranges: bytes
cf-ray: 6103618a5b9b2c36-FRA
vary: Accept-Encoding
content-length: 42
expires: Tue, 12 Jan 2021 04:17:24 GMT

GET
H2 200 browser-bar.png
a8672336.mnoova.com/cdn-cgi/images/ 715 B
790 B 8ms
8ms Image
image/png 2606:4700:3031::681b:a0b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a8672336.mnoova.com/cdn-cgi/images/browser-bar.png?1376755637

Requested by

Host: a8672336.mnoova.com
URL: https://a8672336.mnoova.com/cdn-cgi/styles/cf.errors.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3031::681b:a0b4 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8c873472f4925d5d47521db4d52532d2983e9cb1bde8b43143a6cc6db56c35db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://a8672336.mnoova.com/cdn-cgi/styles/cf.errors.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 02:17:24 GMT
x-content-type-options: nosniff
last-modified: Tue, 05 Jan 2021 18:13:45 GMT
server: cloudflare
etag: "5ff4ac59-2cb"
x-frame-options: DENY
content-type: image/png
cache-control: max-age=7200, public
accept-ranges: bytes
cf-ray: 6103618a5b9c2c36-FRA
vary: Accept-Encoding
content-length: 715
expires: Tue, 12 Jan 2021 04:17:24 GMT

GET
H2 200 cf-no-screenshot-warn.png
a8672336.mnoova.com/cdn-cgi/images/ 3 KB
3 KB 8ms
7ms Image
image/png 2606:4700:3031::681b:a0b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a8672336.mnoova.com/cdn-cgi/images/cf-no-screenshot-warn.png

Requested by

Host: a8672336.mnoova.com
URL: https://a8672336.mnoova.com/cdn-cgi/styles/cf.errors.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3031::681b:a0b4 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d4eb829b9da3417d1cde6b2f3cbf24cd125fb6805adc22b37191e7a1bf0a543b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://a8672336.mnoova.com/cdn-cgi/styles/cf.errors.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 02:17:24 GMT
x-content-type-options: nosniff
last-modified: Tue, 05 Jan 2021 18:13:45 GMT
server: cloudflare
etag: "5ff4ac59-a20"
x-frame-options: DENY
content-type: image/png
cache-control: max-age=7200, public
accept-ranges: bytes
cf-ray: 6103618a5b9d2c36-FRA
vary: Accept-Encoding
content-length: 2592
expires: Tue, 12 Jan 2021 04:17:24 GMT

GET
H2

200

hcaptcha.js Show response
assets.hcaptcha.com/captcha/v1/d1dd7d8/
Redirect Chain

https://hcaptcha.com/1/api.js?render=explicit&recaptchacompat=off&onload=_cf_chl_hload
https://assets.hcaptcha.com/captcha/v1/d1dd7d8/hcaptcha.js

66 KB
21 KB

28ms
27ms

Script
application/javascript

104.18.26.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.hcaptcha.com/captcha/v1/d1dd7d8/hcaptcha.js

Requested by

Host: a8672336.mnoova.com
URL: https://a8672336.mnoova.com/rc/487946c6b3?affclick=bmconv_20210112031724_1f8e737a_0b75_4bbd_b7a9_f087b0e3d1e8&pubid=136436_lonestar-unknown

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.26.20 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d5e2fb2ee021af874a5e925d868b7f19625c8f003f23f526c73fc9c33c22bb1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://a8672336.mnoova.com/rc/487946c6b3?affclick=bmconv_20210112031724_1f8e737a_0b75_4bbd_b7a9_f087b0e3d1e8&pubid=136436_lonestar-unknown
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 12 Jan 2021 02:17:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 39511
cf-polished: origSize=68092
last-modified: Thu, 31 Dec 2020 17:10:25 GMT
strict-transport-security: max-age=2592000; includeSubDomains; preload
x-amz-request-id: 1DEDFD26FDB55CC1
x-amz-id-2: z1AJKZ4z5g424sJq9XbljDrHSKyulMnmtR50/p0Ee822IISl53D9orIRnjw/Lf3x/l25fDRKQdU=
cf-bgj: minify
server: cloudflare
etag: W/"e41324088a2addc15c67d6611aaa6614"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=1382400
cf-request-id: 0795fb4b3b0000736b2d000000000001
cf-ray: 6103618b9e0e736b-CPH
expires: Thu, 28 Jan 2021 02:17:25 GMT

Redirect headers

date: Tue, 12 Jan 2021 02:17:25 GMT
x-content-type-options: nosniff
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
location: https://assets.hcaptcha.com/captcha/v1/d1dd7d8/hcaptcha.js
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
strict-transport-security: max-age=2592000; includeSubDomains; preload
cf-ray: 6103618b5de6736b-CPH
cf-request-id: 0795fb4b150000736b70a1b000000001
expires: Thu, 01 Jan 1970 00:00:01 GMT

POST
H2 200 251a8e3d424864b Show response
a8672336.mnoova.com/cdn-cgi/challenge-platform/h/b/generate/ov1/0.5382451274381561:1610415582:3ee1d5af4e59bae00e1030320b0f02cdcb4e1779480c43c33387219dd4ec3891/6103618a1b5e2c36/ 51 KB
7 KB 66ms
65ms XHR
text/plain 2606:4700:3031::681b:a0b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a8672336.mnoova.com/cdn-cgi/challenge-platform/h/b/generate/ov1/0.5382451274381561:1610415582:3ee1d5af4e59bae00e1030320b0f02cdcb4e1779480c43c33387219dd4ec3891/6103618a1b5e2c36/251a8e3d424864b
Requested by: Host: a8672336.mnoova.com
URL: https://a8672336.mnoova.com/cdn-cgi/challenge-platform/h/b/orchestrate/captcha/v1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681b:a0b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 48990a1c43278fc099841e99a834c4a054a7ed77e3b48914eb5df4f2d839c014

Request headers

Referer: https://a8672336.mnoova.com/rc/487946c6b3?affclick=bmconv_20210112031724_1f8e737a_0b75_4bbd_b7a9_f087b0e3d1e8&pubid=136436_lonestar-unknown
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
CF-Challenge: 251a8e3d424864b
Content-type: application/x-www-form-urlencoded

Response headers

date: Tue, 12 Jan 2021 02:17:25 GMT
content-encoding: br
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=VjF9XwH5E%2FiGhKrQDFL7vTogwOarMWwpt2QFX%2FOnOv7SWariogEBfhLlV4ieM85dntxRmP%2B90M9ZDhG8vsOqBDLRs8JTte%2B0Q3r%2BVK0wMDWouzRTTRIfmnRjcqfhMt3T"}],"group":"cf-nel","max_age":604800}
content-type: text/plain;charset=UTF-8
cf-ray: 6103618b3c6d2c36-FRA
cf-request-id: 0795fb4b0100002c363ab9e000000001

POST
H2 200 251a8e3d424864b Show response
a8672336.mnoova.com/cdn-cgi/challenge-platform/h/b/generate/ov1/0.5382451274381561:1610415582:3ee1d5af4e59bae00e1030320b0f02cdcb4e1779480c43c33387219dd4ec3891/6103618a1b5e2c36/ 6 KB
2 KB 120ms
119ms XHR
text/plain 2606:4700:3031::681b:a0b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a8672336.mnoova.com/cdn-cgi/challenge-platform/h/b/generate/ov1/0.5382451274381561:1610415582:3ee1d5af4e59bae00e1030320b0f02cdcb4e1779480c43c33387219dd4ec3891/6103618a1b5e2c36/251a8e3d424864b
Requested by: Host: a8672336.mnoova.com
URL: https://a8672336.mnoova.com/cdn-cgi/challenge-platform/h/b/orchestrate/captcha/v1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::681b:a0b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f39eb4b55ea74c3286a23747d6c7927cd4064e21f010f58cbc41c33a46eb63a6

Request headers

Referer: https://a8672336.mnoova.com/rc/487946c6b3?affclick=bmconv_20210112031724_1f8e737a_0b75_4bbd_b7a9_f087b0e3d1e8&pubid=136436_lonestar-unknown
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
CF-Challenge: 251a8e3d424864b
Content-type: application/x-www-form-urlencoded

Response headers

date: Tue, 12 Jan 2021 02:17:25 GMT
content-encoding: br
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=QWdoato0XXnQ7ph%2FkRzjnO5AK1oA00IwetGLenGhcNUyBM4awj4ik1rbr6AO3WrE0ir8BO44zmghnHZXOkB5dOS6l5EVjbRYvTvsJtiWsHVGAWadZ0yfyUY7J00PJON0"}],"group":"cf-nel","max_age":604800}
content-type: text/plain;charset=UTF-8
cf-ray: 6103618d9f942c36-FRA
cf-request-id: 0795fb4c8200002c364b2e8000000001

GET
H2 200 hcaptcha-challenge.html
assets.hcaptcha.com/captcha/v1/d1dd7d8/static/ Frame 1AB1 0
0 165ms
165ms Document
text/html 104.18.26.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.hcaptcha.com/captcha/v1/d1dd7d8/static/hcaptcha-challenge.html

Requested by

Host: hcaptcha.com
URL: https://hcaptcha.com/1/api.js?render=explicit&recaptchacompat=off&onload=_cf_chl_hload

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.26.20 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:method: GET
:authority: assets.hcaptcha.com
:scheme: https
:path: /captcha/v1/d1dd7d8/static/hcaptcha-challenge.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a8672336.mnoova.com/rc/487946c6b3?affclick=bmconv_20210112031724_1f8e737a_0b75_4bbd_b7a9_f087b0e3d1e8&pubid=136436_lonestar-unknown
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://a8672336.mnoova.com/rc/487946c6b3?affclick=bmconv_20210112031724_1f8e737a_0b75_4bbd_b7a9_f087b0e3d1e8&pubid=136436_lonestar-unknown

Response headers

date: Tue, 12 Jan 2021 02:17:25 GMT
content-type: text/html
set-cookie: __cfduid=d5b3625b66035d9bc9824198c467260241610417845; expires=Thu, 11-Feb-21 02:17:25 GMT; path=/; domain=.hcaptcha.com; HttpOnly; SameSite=Lax; Secure
x-amz-id-2: 9Il+0AZwZowojjkzTNPVz0PRUMxmXAPG29/aG1wbCPaLuFPLT2gMGnd8I9Iy/iOXb/y+4xMQqiw=
x-amz-request-id: FD5128B4BB712BC4
cache-control: max-age=1209600
last-modified: Thu, 31 Dec 2020 17:10:25 GMT
cf-cache-status: DYNAMIC
cf-request-id: 0795fb4d0e0000736bf7816000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=2592000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 6103618e7f35736b-CPH
content-encoding: gzip

GET
H2 200 hcaptcha-checkbox.html
assets.hcaptcha.com/captcha/v1/d1dd7d8/static/ Frame BB5F 0
0 156ms
156ms Document
text/html 104.18.26.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.hcaptcha.com/captcha/v1/d1dd7d8/static/hcaptcha-checkbox.html

Requested by

Host: hcaptcha.com
URL: https://hcaptcha.com/1/api.js?render=explicit&recaptchacompat=off&onload=_cf_chl_hload

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.26.20 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

:method: GET
:authority: assets.hcaptcha.com
:scheme: https
:path: /captcha/v1/d1dd7d8/static/hcaptcha-checkbox.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a8672336.mnoova.com/rc/487946c6b3?affclick=bmconv_20210112031724_1f8e737a_0b75_4bbd_b7a9_f087b0e3d1e8&pubid=136436_lonestar-unknown
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://a8672336.mnoova.com/rc/487946c6b3?affclick=bmconv_20210112031724_1f8e737a_0b75_4bbd_b7a9_f087b0e3d1e8&pubid=136436_lonestar-unknown

Response headers

date: Tue, 12 Jan 2021 02:17:25 GMT
content-type: text/html
set-cookie: __cfduid=d5b3625b66035d9bc9824198c467260241610417845; expires=Thu, 11-Feb-21 02:17:25 GMT; path=/; domain=.hcaptcha.com; HttpOnly; SameSite=Lax; Secure
x-amz-id-2: 5neH2eC5O8/qaw8zCO74vZekmcjseIV3z4VV7DM1whtWhPM72trDyY1FjmCKK8PvYnHrSkz6v4k=
x-amz-request-id: 1C6C468B2F7DADE4
cache-control: max-age=1209600
last-modified: Thu, 31 Dec 2020 17:10:25 GMT
cf-cache-status: DYNAMIC
cf-request-id: 0795fb4d130000736b521b1000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=2592000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 6103618e8f3c736b-CPH
content-encoding: gzip

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cldoffers.net
URL: http://cldoffers.net/public/click_direct.php?offer_id=53176900&offer_position=1&visitor_id=694795914&m=0&user_id=90162&it=1139071&key=af50d&s2=smart-6901901&hash=b966b533c93aa525976ca33fb7cbbd00

Domain: whos.amung.us
URL: https://whos.amung.us/swidget/popmyads.png

Verdicts & Comments Add Verdict or Comment

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
a8672336.mnoova.com/	1970-01-19 15:20:21	Name: cf_chl_prog Value: a17
a8672336.mnoova.com/	1970-01-19 15:20:21	Name: cf_chl_1 Value: 251a8e3d424864b
.mnoova.com/	1970-01-19 16:03:29	Name: __cfduid Value: df534538b000bc162288ffda5c31afde81610417844

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://hcaptcha.com/1/api.js?render=explicit&recaptchacompat=off&onload=_cf_chl_hload(Line 1) Message: recaptchacompat disabled

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a8672336.mnoova.com
ajax.googleapis.com
ak.labtrffc.com
assets.hcaptcha.com
browser.sentry-cdn.com
cldoffers.net
cpadstrtmd.mobisway.com
d13nu0oomnx5ti.cloudfront.net
d13pxqgp3ixdbh.cloudfront.net
d1xkyo9j4r7vnn.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
go.whiteanemone.xyz
guay.labtrffc.com
hcaptcha.com
jump.totopcontent.xyz
m.banhmidigital.com
misctraff.com
popmyads.com
pubgucforfree.website
smrturl.co
tracking.armorads.com
trk85.nundori.xyz
whos.amung.us
www.google-analytics.com
www.pubgucforfree.website
cldoffers.net
whos.amung.us
104.18.26.20
104.27.131.164
172.64.140.31
198.134.116.30
212.32.252.129
216.239.38.21
2600:9000:206f:2c00:3:b5aa:ad80:21
2600:9000:2190:1000:1c:b3e3:eb40:21
2600:9000:2190:bc00:1a:60a5:c0c0:21
2606:4700:3030::681f:4524
2606:4700:3031::681b:a0b4
2606:4700:3031::681f:4424
2606:4700:3032::681b:9a72
2606:4700:3032::ac43:81a9
2606:4700:3035::6818:7f98
2a00:1450:4001:802::200a
2a00:1450:4001:803::200a
2a00:1450:4001:806::2003
2a00:1450:4001:808::200e
2a00:1450:4001:816::200e
2a00:1450:4001:819::2003
2a00:1450:4001:819::2013
2a04:4e42:400::729
51.83.143.92
65.60.9.234
008a1d103902f15fdb1c191fcb1ce8954330e7b8de43d09abb08555ba609f420
068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568
0a89d32dc11b7e0eeb5308b49aec1a8796ac2dbb3d6cb7f7109bb93fefc9e250
0b1e91559bf23d2dce422563b7f51f45fd5ce9e09ed759d384a5077474c3962d
10857f89891b5c5827b881c4765b4138ae1e639f27f3b0038acc8323cfd524f8
13d8bedef21a6e0167d2e3c984641c75a6afcfab246094b868c364ad87784b3f
16fd28061d42cf29268600418d5aa26b585435027ca599a42141cbc820f2547c
1f3c254caccc6c58b74636c905842a846b72a9a2e33755517502e7635700309e
2727db8841f5a577e0d4bed1ab8f6b6bffa353dbffc087123c80ed1017a0b9bc
28d9444d57af8e721a4b8ccefa8c5153e21ab8ecc18d74020eb2640bd86d8c31
29eddce2034a37edddd7b743551f12f50cddbdf80690919b7e597bb78e5b416a
3029834a820c79c154c377f52e2719fc3ff2a27600a07ae089ea7fde9087f6bc
315d66bf12754b2496aa62ff61399e38d11864e9dc60b2952d150bfe2461fdf7
47cbd399f2a844e3a0e1bf92cf13a95144b9675adf0373832a66d90f0365846d
48990a1c43278fc099841e99a834c4a054a7ed77e3b48914eb5df4f2d839c014
541c1f1f94e053e53f04e8ad6eb4637b3e96dfc7bc047dd786772e4e29dcc28a
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
5b8053a39234c7ddbe92341726f98f9ad18d157bdbe6e17ed4afed215548fca9
5e261f7e11c39ff6f4c8fe884e5c9de2fa15f29085a1adefdd36603ef2e23c00
60c00e54b8a301239b89f078023d8b58cc9a791cc195521df5d08462161a3d63
83f3051c876e0e24a9040e7d9a8a562500e4ebe926ce330ad6a7fdb0a3044509
88683b0a41b07f465377c8846933bdfb1e57fc9a54accef3e5fd0125bd052cc7
8c873472f4925d5d47521db4d52532d2983e9cb1bde8b43143a6cc6db56c35db
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a0a2d0ec76113bd8d1be2ae8c448e60b9524cf6e2ddcfeff13b8b4c9c20331e2
a316fe7b1efa45b37b1c03c170e5772d1d5f2ffd084af6ca474a984c3b0bcc3c
a48a6e4b14fe55f750c0a3dfb5a6f4941bdc06af0aa542b90de25c30c2b4625c
a57d6f151aa87b398e655dd1ee9eeffcbe2ea9b68fc410af66031995eb0bc17e
a7bd79b6fba60944ee3a9c153108ff0819d2db57850116ac7065a86db08af4ec
ae1df32f028cc1ab83471711b69773c079ad4fe2bb80cc510e5a1c7d15de5831
b827f5917d353d0862dbd30720e73926f4488b88f19fede11ca9d206b49f4831
bb750a7508ab12971933e75b760bdc5c7b2b0960eef882f4c6388a9dd87d7db6
c7aaabb36a4dd360177e71eba58caa48380c0f71ec22c7e389a2fba01d7cbfe1
cf7a2b3976c3af63dc2bca70cc5625a26341f19b1ccd484feddf076df895ed58
d4eb829b9da3417d1cde6b2f3cbf24cd125fb6805adc22b37191e7a1bf0a543b
d5e2fb2ee021af874a5e925d868b7f19625c8f003f23f526c73fc9c33c22bb1b
e13ed77dfeaa6337766a94370d26a84f27097e38ef8aeb897f3cdcb5a39e2b4b
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
e4d6d3267475b4633694b1f8a36ccb7a074ed8d808a21c6f7bb6687a19edb7ca
ede8a5d8ef9a1a35227028bba7c973cd5dff22e927789cb23f0a501544d0aeff
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f39eb4b55ea74c3286a23747d6c7927cd4064e21f010f58cbc41c33a46eb63a6
fff2c7e238400b24472e5d6c529d7f625ec50ec4383ac23d33ca05d9c1f07a7d

a8672336.mnoova.com Open in urlscan Pro 2606:4700:3031::681b:a0b4 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

50 Requests

94 %HTTPS

68 %IPv6

20 Domains

26 Subdomains

20 IPs

5 Countries

1456 kBTransfer

1928 kBSize

3 Cookies

3 Outgoing links

Page URL History

Redirected requests

50 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

a8672336.mnoova.com Open in urlscan Pro
2606:4700:3031::681b:a0b4 Public Scan

Screenshot
Live screenshot

Full Image

50
Requests

94 %
HTTPS

68 %
IPv6

20
Domains

26
Subdomains

20
IPs

5
Countries

1456 kB
Transfer

1928 kB
Size

3
Cookies

50 HTTP transactions
0 data transactions