urlscan.io logo urlscan.io
SecurityTrails logo

freepremium.cf Open in urlscan Pro
185.199.108.153  Public Scan

Go To Rescan Add Verdict Report
URL: https://freepremium.cf/
Submission: On July 18 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 15 IPs in 4 countries across 18 domains to perform 26 HTTP transactions. The main IP is 185.199.108.153, located in United States and belongs to FASTLY, US. The main domain is freepremium.cf.
TLS certificate: Issued by R3 on July 18th 2023. Valid for: 3 months.
This is the only time freepremium.cf was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 185.199.108.153 54113 (FASTLY)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 1 185.66.200.220 201702 (SKHOSTING-EU)
1 185.66.201.58 201702 (SKHOSTING-EU)
5 45.133.44.52 39572 (ADVANCEDH...)
2 45.133.44.53 39572 (ADVANCEDH...)
2 157.90.84.242 24940 (HETZNER-AS)
1 157.90.84.246 24940 (HETZNER-AS)
4 2a01:4f8:e0:1... 24940 (HETZNER-AS)
2 3 2607:f8b0:400... 15169 (GOOGLE)
1 185.66.201.7 201702 (SKHOSTING-EU)
2 65.60.9.235 32475 (SINGLEHOP...)
1 2606:4700:e6:... 13335 (CLOUDFLAR...)
2 116.202.204.10 24940 (HETZNER-AS)
1 1 2a02:b4a:1:6::3 39572 (ADVANCEDH...)
2 45.133.44.32 39572 (ADVANCEDH...)
26 15
1    185.199.108.153 (United States)

ASN54113 (FASTLY, US)
PTR: cdn-185-199-108-153.github.com
freepremium.cf
1    2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com
1    185.66.200.220 (Slovakia)

ASN201702 (SKHOSTING-EU, SK)
PTR: 185.66.200.220.skhosting.eu
vdbaa.com
1    185.66.201.58 (Slovakia)

ASN201702 (SKHOSTING-EU, SK)
PTR: 185.66.201.58.skhosting.eu
namel.net
5    45.133.44.52 (Philadelphia, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
ea18dad2af.82308721ac.com
js.capndr.com
2    45.133.44.53 (Philadelphia, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
js.wpadmngr.com
cf9ebac989.13c65864bc.com
2    157.90.84.242 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.242.84.90.157.clients.your-server.de
fp.metricswpsh.com
1    157.90.84.246 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.246.84.90.157.clients.your-server.de
nereserv.com
4    2a01:4f8:e0:19cb::1 (Germany)

ASN24940 (HETZNER-AS, DE)
c36700d174.46febd8df8.com
3    2607:f8b0:4006:809::200d (Flushing, United States)

ASN15169 (GOOGLE, US)
accounts.google.com
1    185.66.201.7 (Slovakia)

ASN201702 (SKHOSTING-EU, SK)
PTR: 185.66.201.7.skhosting.eu
ucaba.live
2    65.60.9.235 (United States)

ASN32475 (SINGLEHOP-LLC, US)
PTR: server04.com-2.mobi
us-1.rwe-twe.com
1    2606:4700:e6::ac40:cc1a (United States)

ASN13335 (CLOUDFLARENET, US)
adtrace.online
2    116.202.204.10 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.10.204.202.116.clients.your-server.de
static.bookmsg.com
1    2a02:b4a:1:6::3 (Netherlands)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
naoprj.com
2    45.133.44.32 (Philadelphia, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
i.wmgtr.com
Apex Domain
Subdomains		 Transfer
4 46febd8df8.com
c36700d174.46febd8df8.com
19 KB
4 82308721ac.com
ea18dad2af.82308721ac.com
198 KB
3 google.com
accounts.google.com — Cisco Umbrella Rank: 67
2 KB
2 wmgtr.com
i.wmgtr.com — Cisco Umbrella Rank: 19550
97 KB
2 bookmsg.com
static.bookmsg.com — Cisco Umbrella Rank: 31816
1 KB
2 rwe-twe.com
us-1.rwe-twe.com
4 KB
2 metricswpsh.com
fp.metricswpsh.com — Cisco Umbrella Rank: 32064
401 B
1 naoprj.com
naoprj.com
136 B
1 adtrace.online
adtrace.online
457 B
1 ucaba.live
ucaba.live
316 B
1 nereserv.com
nereserv.com — Cisco Umbrella Rank: 29082
201 B
1 13c65864bc.com
cf9ebac989.13c65864bc.com
207 B
1 capndr.com
js.capndr.com — Cisco Umbrella Rank: 128313
238 B
1 wpadmngr.com
js.wpadmngr.com — Cisco Umbrella Rank: 14459
825 B
1 namel.net
namel.net
681 B
1 vdbaa.com
vdbaa.com
837 B
1 bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1032
22 KB
1 freepremium.cf
freepremium.cf
6 KB
26 18
Domain Requested by
4 c36700d174.46febd8df8.com ea18dad2af.82308721ac.com
4 ea18dad2af.82308721ac.com freepremium.cf
ea18dad2af.82308721ac.com
3 accounts.google.com 2 redirects freepremium.cf
2 i.wmgtr.com
2 static.bookmsg.com
2 us-1.rwe-twe.com ucaba.live
us-1.rwe-twe.com
2 fp.metricswpsh.com ea18dad2af.82308721ac.com
1 naoprj.com 1 redirects
1 adtrace.online ea18dad2af.82308721ac.com
1 ucaba.live namel.net
1 nereserv.com ea18dad2af.82308721ac.com
1 cf9ebac989.13c65864bc.com ea18dad2af.82308721ac.com
1 js.capndr.com ea18dad2af.82308721ac.com
1 js.wpadmngr.com ea18dad2af.82308721ac.com
1 namel.net freepremium.cf
1 vdbaa.com 1 redirects
1 maxcdn.bootstrapcdn.com freepremium.cf
1 freepremium.cf
26 18

This site contains links to these domains. Also see Links.

Domain
www.gdiz.eu.org
Subject Issuer Validity Valid
freepremium.cf
R3		 2023-07-18 -
2023-10-16		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-12-30 -
2023-12-30		 a year crt.sh
namel.net
R3		 2023-07-08 -
2023-10-06		 3 months crt.sh
ea18dad2af.82308721ac.com
R3		 2023-07-15 -
2023-10-13		 3 months crt.sh
js.wpadmngr.com
R3		 2023-07-15 -
2023-10-13		 3 months crt.sh
js.capndr.com
R3		 2023-06-25 -
2023-09-23		 3 months crt.sh
cf9ebac989.13c65864bc.com
R3		 2023-07-15 -
2023-10-13		 3 months crt.sh
notification.tubecup.net
R3		 2023-07-14 -
2023-10-12		 3 months crt.sh
46febd8df8.com
R3		 2023-07-15 -
2023-10-13		 3 months crt.sh
ucaba.live
R3		 2023-07-13 -
2023-10-11		 3 months crt.sh
us-1.rwe-twe.com
R3		 2023-07-14 -
2023-10-12		 3 months crt.sh
adtrace.online
GTS CA 1P5		 2023-07-02 -
2023-09-30		 3 months crt.sh
bookmsg.com
R3		 2023-07-14 -
2023-10-12		 3 months crt.sh
i.wmgtr.com
R3		 2023-06-24 -
2023-09-22		 3 months crt.sh

This page contains 5 frames:

Primary Page: https://freepremium.cf/
Frame ID: 3E048A224442D6F9AAC87BB60921E7B5
Requests: 16 HTTP requests in this frame

Frame: https://us-1.rwe-twe.com/?utm_term=7257089657475694674
Frame ID: 9732CDCB56CCF7202EE60FF9B0D3125D
Requests: 4 HTTP requests in this frame

Frame: https://js.wpadmngr.com/static/storage.html
Frame ID: 1A7CBC17B237392B5BB2577BADE517C4
Requests: 1 HTTP requests in this frame

Frame: https://adtrace.online/tag
Frame ID: E7FAFCD42B1642A74C79CD0E0BFA6701
Requests: 1 HTTP requests in this frame

Frame: data://truncated
Frame ID: 379DFA16A5814D0A8CA8A699758DEAD6
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Website Promotion

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Page Statistics

26
Requests

92 %
HTTPS

31 %
IPv6

18
Domains

18
Subdomains

15
IPs

4
Countries

351 kB
Transfer

996 kB
Size

6
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • https://vdbaa.com/fullpage.php?section=General&pub=772124&ga=g HTTP 302
  • https://namel.net/d0d63e31e7/070a954047/?placementName=ROTATOR&type=n&cv=XZixCkGjAjpAjiCiGkkjdCpCkdNkNZpdNrkACrCZZZCCrixCrrpCrCrGCxCixxZxxikjCCr_14893&adApiR=loaded_string_29765339b7bc33242890322183c6347e098be_2615714_1689672854.7882_92454&refferer=1134279226_aHR0cHM6Ly9mcmVlcHJlbWl1bS5jZi8=&yxDom=dmRiYWEuY29t_9f0199818f55a7669128123a276be0b0
Request Chain 13
  • https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP 302
  • https://accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AeDOFXimpUoOcJDbEJq_u6Ng9f6NXzm2UcZMwVFRIDq9EDibgKI86CtnT2tISLku8h3qETVx6l5c0g HTTP 302
  • https://accounts.google.com/v3/signin/identifier?dsh=S-1039487689%3A1689672855569036&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AeDOFXiWm-XOSrDZIlf8VJhpTMxUH9rjcKuqX0DuSwGo92QTA5iuIO91v1HM09qeY3Us3vzUSyzJqQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin
Request Chain 23
  • https://naoprj.com/dsp/ph/icm?aid=11098941134187873221&mid=0&sid=1391&t=1689672856&subid=73293536&cpa=876bea0d-6390-4de5-b4e2-fbf72988420d&format=default-slide-b_r-body HTTP 302
  • https://i.wmgtr.com/cic/C9a8-D6chm6NUazzp0AbGRs8uSs1H8j0.png

26 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
freepremium.cf/ 		13 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://freepremium.cf/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.199.108.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
cdn-185-199-108-153.github.com
Software
GitHub.com /
Resource Hash
4252b1a72a4b562ed13e26eaf19c0250580a1ab308a710a4700df230f8e48777

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
0
cache-control
max-age=600
content-encoding
gzip
content-length
5355
content-type
text/html; charset=utf-8
date
Tue, 18 Jul 2023 09:34:13 GMT
etag
W/"64b6544d-34fc"
expires
Tue, 18 Jul 2023 09:44:13 GMT
last-modified
Tue, 18 Jul 2023 08:58:53 GMT
server
GitHub.com
vary
Accept-Encoding
via
1.1 varnish
x-cache
MISS
x-cache-hits
0
x-fastly-request-id
f37907517337a2b5cf68a4146deb36e1ca05a21d
x-github-request-id
DF0C:0A78:3B4583:5E7014:64B65C95
x-proxy-cache
MISS
x-served-by
cache-nyc-kteb1890039-NYC
x-timer
S1689672854.725880,VS0,VE12
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/ 		141 KB
22 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
Requested by
Host: freepremium.cf
URL: https://freepremium.cf/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freepremium.cf/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 18 Jul 2023 09:34:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
cdn-edgestorageid
941
age
21143887
cdn-cachedat
08/03/2022 13:22:01
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:04:04 GMT
cdn-proxyver
1.02
cdn-requestpullcode
200
server
cloudflare
etag
W/"450fc463b8b1a349df717056fbb3e078"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
8f3ad9ccac945f8aa869720049edcaec
timing-allow-origin
*
cdn-requestcountrycode
US
cdn-status
200
cf-ray
7e89ba4979e04bbd-BUF
cdn-requestpullsuccess
True
/
namel.net/d0d63e31e7/070a954047/ Frame 9732
Redirect Chain
  • https://vdbaa.com/fullpage.php?section=General&pub=772124&ga=g
  • https://namel.net/d0d63e31e7/070a954047/?placementName=ROTATOR&type=n&cv=XZixCkGjAjpAjiCiGkkjdCpCkdNkNZpdNrkACrCZZZCCrixCrrpCrCrGCxCixxZxxikjCCr_14893&adApiR=loaded_string_29765339b7bc3324289032218...
700 B
681 B 		Document
General
Check archive.org
Download Go to
Full URL
https://namel.net/d0d63e31e7/070a954047/?placementName=ROTATOR&type=n&cv=XZixCkGjAjpAjiCiGkkjdCpCkdNkNZpdNrkACrCZZZCCrixCrrpCrCrGCxCixxZxxikjCCr_14893&adApiR=loaded_string_29765339b7bc33242890322183c6347e098be_2615714_1689672854.7882_92454&refferer=1134279226_aHR0cHM6Ly9mcmVlcHJlbWl1bS5jZi8=&yxDom=dmRiYWEuY29t_9f0199818f55a7669128123a276be0b0
Requested by
Host: freepremium.cf
URL: https://freepremium.cf/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.66.201.58 , Slovakia, ASN201702 (SKHOSTING-EU, SK),
Reverse DNS
185.66.201.58.skhosting.eu
Software
nginx /
Resource Hash
bd712f9cfe8a0e519bea47e81168a7b5182d72744f4d9731e12a10235849585d

Request headers

Referer
https://freepremium.cf/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate post-check=0, pre-check=0
content-encoding
br
content-type
text/html; charset=utf-8
date
Tue, 18 Jul 2023 09:34:15 GMT
expires
Sun, 01 Jan 2014 00:00:00 GMT
pragma
no-cache
server
nginx
x-robots-tag
noindex,nofollow

Redirect headers

cache-control
no-store, no-cache, must-revalidate post-check=0, pre-check=0
content-type
text/html; charset=UTF-8
date
Tue, 18 Jul 2023 09:34:14 GMT
expires
Tue, 18 Jul 2023 09:34:14 GMT
last-modified
Tue, 18 Jul 2023 09:34:14 GMT
location
https://namel.net/d0d63e31e7/070a954047/?placementName=ROTATOR&type=n&cv=XZixCkGjAjpAjiCiGkkjdCpCkdNkNZpdNrkACrCZZZCCrixCrrpCrCrGCxCixxZxxikjCCr_14893&adApiR=loaded_string_29765339b7bc33242890322183c6347e098be_2615714_1689672854.7882_92454&refferer=1134279226_aHR0cHM6Ly9mcmVlcHJlbWl1bS5jZi8=&yxDom=dmRiYWEuY29t_9f0199818f55a7669128123a276be0b0
pragma
no-cache
server
nginx
x-robots-tag
noindex, nofollow, noarchive, nosnippet
019b43a3fdcf68cae1f50346447ddffb.js
ea18dad2af.82308721ac.com/ 		167 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ea18dad2af.82308721ac.com/019b43a3fdcf68cae1f50346447ddffb.js
Requested by
Host: freepremium.cf
URL: https://freepremium.cf/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.133.44.52 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
b3b9e5d75cf2e758f9a2a6673792bc4c8be3ab7d8af28a1976266bffd1ccb6d2

Request headers

Referer
https://freepremium.cf/
Origin
https://freepremium.cf
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

expires
Tue, 18 Jul 2023 09:39:14 GMT
date
Tue, 18 Jul 2023 09:34:14 GMT
content-encoding
gzip
last-modified
Tue, 18 Jul 2023 09:04:04 GMT
server
nginx/1.18.0
etag
W/"64b65584-29b9f"
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=300
x-proxy-cache
HIT
storage.html
js.wpadmngr.com/static/ Frame 1A7C 		1 KB
825 B 		Document
General
Check archive.org
Download Go to
Full URL
https://js.wpadmngr.com/static/storage.html
Requested by
Host: ea18dad2af.82308721ac.com
URL: https://ea18dad2af.82308721ac.com/019b43a3fdcf68cae1f50346447ddffb.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.133.44.53 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
01c71e162607df5b9dd58ec5460cc91139e53c43f52512648895c439bc5c9608

Request headers

Referer
https://freepremium.cf/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

access-control-allow-origin
*
cache-control
max-age=300
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Tue, 18 Jul 2023 09:34:14 GMT
etag
W/"64ae711b-5fd"
expires
Tue, 18 Jul 2023 09:39:14 GMT
last-modified
Wed, 12 Jul 2023 09:23:39 GMT
server
nginx/1.18.0
x-proxy-cache
HIT
65811
ea18dad2af.82308721ac.com/33657f7d9d4f2a808af3aa67c575a7ab/ 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ea18dad2af.82308721ac.com/33657f7d9d4f2a808af3aa67c575a7ab/65811?version_name=d
Requested by
Host: ea18dad2af.82308721ac.com
URL: https://ea18dad2af.82308721ac.com/019b43a3fdcf68cae1f50346447ddffb.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.133.44.52 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
7cb5ee2bea931d1c90e90506698e25ea0010f60ed2ec97766840410e1315a554

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freepremium.cf/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

expires
Tue, 18 Jul 2023 09:39:14 GMT
date
Tue, 18 Jul 2023 09:34:14 GMT
server
nginx/1.18.0
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=300
content-length
1883
x-proxy-cache
MISS
advertising.js
js.capndr.com/ 		0
238 B 		Script
General
Check archive.org
Download Go to
Full URL
https://js.capndr.com/advertising.js
Requested by
Host: ea18dad2af.82308721ac.com
URL: https://ea18dad2af.82308721ac.com/019b43a3fdcf68cae1f50346447ddffb.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.133.44.52 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freepremium.cf/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

expires
Tue, 18 Jul 2023 09:39:14 GMT
date
Tue, 18 Jul 2023 09:34:14 GMT
last-modified
Fri, 14 Jul 2023 08:23:25 GMT
server
nginx/1.18.0
etag
"64b105fd-0"
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=300
accept-ranges
bytes
content-length
0
x-proxy-cache
HIT
track
cf9ebac989.13c65864bc.com/in/ 		0
207 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cf9ebac989.13c65864bc.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIzOTUzNzAxMDAzMjY4NzYzNjAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuNjYuMCIsInRhZ19pZCI6NjU4MTEsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTYwMHgxMjAwIiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJFdGMvVW5rbm93biIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjQzLCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjAsInVzZXJfa2V5d29yZHMiOiJXZWJzaXRlJTJDUHJvbW90aW9uIn0=
Requested by
Host: ea18dad2af.82308721ac.com
URL: https://ea18dad2af.82308721ac.com/019b43a3fdcf68cae1f50346447ddffb.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.133.44.53 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freepremium.cf/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 18 Jul 2023 09:34:15 GMT
server
nginx/1.18.0
vary
Origin
access-control-allow-methods
*
access-control-allow-origin
*
cache-control
no-transform, no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type
content-length
0
a8684a6817414d8d32178ea80163bca6.js
ea18dad2af.82308721ac.com/ 		42 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ea18dad2af.82308721ac.com/a8684a6817414d8d32178ea80163bca6.js
Requested by
Host: ea18dad2af.82308721ac.com
URL: https://ea18dad2af.82308721ac.com/019b43a3fdcf68cae1f50346447ddffb.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.133.44.52 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
5468c890ef602977130a0f59d15243417fdb9b8d70da59ebc72be7e044b63d14

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freepremium.cf/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

expires
Tue, 18 Jul 2023 09:39:15 GMT
date
Tue, 18 Jul 2023 09:34:15 GMT
content-encoding
gzip
last-modified
Mon, 26 Jun 2023 11:18:31 GMT
server
nginx/1.18.0
etag
W/"64997407-a786"
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=300
x-proxy-cache
HIT
220fd1e6d696a5d7a0cc6aaa8198d5af.js
ea18dad2af.82308721ac.com/ 		502 KB
124 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ea18dad2af.82308721ac.com/220fd1e6d696a5d7a0cc6aaa8198d5af.js
Requested by
Host: ea18dad2af.82308721ac.com
URL: https://ea18dad2af.82308721ac.com/019b43a3fdcf68cae1f50346447ddffb.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.133.44.52 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
65309a3f1d82ae48f0f76ed61c26c0c20fb65404014acf62172fd6d52c45cc08

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freepremium.cf/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

expires
Tue, 18 Jul 2023 09:39:15 GMT
date
Tue, 18 Jul 2023 09:34:15 GMT
content-encoding
gzip
last-modified
Mon, 17 Jul 2023 08:58:12 GMT
server
nginx/1.18.0
etag
W/"64b502a4-7d6c5"
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=300
x-proxy-cache
HIT
fp
fp.metricswpsh.com/ 		27 B
401 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fp.metricswpsh.com/fp?tag_id=65811
Requested by
Host: ea18dad2af.82308721ac.com
URL: https://ea18dad2af.82308721ac.com/019b43a3fdcf68cae1f50346447ddffb.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
157.90.84.242 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.242.84.90.157.clients.your-server.de
Software
nginx/1.20.1 /
Resource Hash
d0b6a6198643ccf6ccf2cbd178c094b15e4b6c013d6de82580e3b2f4e062b187

Request headers

Referer
https://freepremium.cf/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type
application/json;charset=UTF-8

Response headers

Date
Tue, 18 Jul 2023 09:34:16 GMT
Server
nginx/1.20.1
Vary
Origin
Content-Type
application/json; charset=UTF-8
Access-Control-Allow-Origin
https://freepremium.cf
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
27
fp
fp.metricswpsh.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://fp.metricswpsh.com/fp?tag_id=65811
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
157.90.84.242 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.242.84.90.157.clients.your-server.de
Software
nginx/1.20.1 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://freepremium.cf
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
content-type
Access-Control-Allow-Methods
GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin
https://freepremium.cf
Connection
keep-alive
Date
Tue, 18 Jul 2023 09:34:15 GMT
Server
nginx/1.20.1
Vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
dip
nereserv.com/in/ 		0
201 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://nereserv.com/in/dip?site=native-push&wl=1&event_id=6ffcd74b-fb49-45bf-9882-c04ecf58683c&subid=1375110137&sid=4216833612&spot_id=293536&created_at=2023-07-18&timezone=0&ver=8.76.3&is_native=1
Requested by
Host: ea18dad2af.82308721ac.com
URL: https://ea18dad2af.82308721ac.com/220fd1e6d696a5d7a0cc6aaa8198d5af.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
157.90.84.246 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.246.84.90.157.clients.your-server.de
Software
nginx/1.20.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freepremium.cf/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 18 Jul 2023 09:34:15 GMT
server
nginx/1.20.1
vary
Origin
access-control-allow-methods
*
access-control-allow-origin
*
cache-control
no-transform, no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type
content-length
0
multy
c36700d174.46febd8df8.com/in/ 		19 KB
19 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c36700d174.46febd8df8.com/in/multy
Requested by
Host: ea18dad2af.82308721ac.com
URL: https://ea18dad2af.82308721ac.com/220fd1e6d696a5d7a0cc6aaa8198d5af.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a01:4f8:e0:19cb::1 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
00bf851987d3fe1fce80150ca63e39fedf17fc704e0a2a482f8265b8cd3ce550

Request headers

Referer
https://freepremium.cf/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type
application/json;charset=UTF-8

Response headers

pragma
no-cache
date
Tue, 18 Jul 2023 09:34:17 GMT
server
nginx/1.18.0
vary
Origin
access-control-allow-methods
*
content-type
application/json
access-control-allow-origin
*
cache-control
no-transform, no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type
content-length
19252
identifier
accounts.google.com/v3/signin/
Redirect Chain
  • https://accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
  • https://accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=AeDOFXimpUoOcJDbEJq_u6Ng9f6NXzm2UcZMwVFRIDq9EDibgKI86CtnT2tIS...
  • https://accounts.google.com/v3/signin/identifier?dsh=S-1039487689%3A1689672855569036&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AeDOFXiWm-XOSrDZIlf8VJhpTMxUH9rjcKuqX0DuSwGo92QTA5...
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://accounts.google.com/v3/signin/identifier?dsh=S-1039487689%3A1689672855569036&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AeDOFXiWm-XOSrDZIlf8VJhpTMxUH9rjcKuqX0DuSwGo92QTA5iuIO91v1HM09qeY3Us3vzUSyzJqQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin
Requested by
Host: freepremium.cf
URL: https://freepremium.cf/
Protocol
H3
Server
2607:f8b0:4006:809::200d Flushing, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Redirect headers

date
Tue, 18 Jul 2023 09:34:15 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
content-security-policy
require-trusted-types-for 'script';report-uri /cspreport, script-src 'report-sample' 'nonce-lX5ucFbCD1lVF1GWlDHvyQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
397
x-xss-protection
1; mode=block
pragma
no-cache
server
GSE
x-frame-options
DENY
report-to
{"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-type
text/html; charset=UTF-8
location
https://accounts.google.com/v3/signin/identifier?dsh=S-1039487689%3A1689672855569036&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AeDOFXiWm-XOSrDZIlf8VJhpTMxUH9rjcKuqX0DuSwGo92QTA5iuIO91v1HM09qeY3Us3vzUSyzJqQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy-report-only
same-origin; report-to="coop_gse_qebhlk"
expires
Mon, 01 Jan 1990 00:00:00 GMT
multy
c36700d174.46febd8df8.com/in/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://c36700d174.46febd8df8.com/in/multy
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a01:4f8:e0:19cb::1 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://freepremium.cf
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-headers
Content-Type
access-control-allow-methods
*
access-control-allow-origin
*
cache-control
no-transform, no-cache, no-store, must-revalidate
date
Tue, 18 Jul 2023 09:34:15 GMT
pragma
no-cache
server
nginx/1.18.0
vary
Origin
go.php
ucaba.live/ Frame 9732 		649 B
316 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ucaba.live/go.php?go=https%3A%2F%2Fus-1.rwe-twe.com%2F%3Futm_medium%3D39c97d50389918646c360b71b97f8bfa649e3527%26utm_campaign%3DPUSH-MS-SL-A%26cid%3D90affC1689672855aff7444687454456a708a627%261%3D29696185&do=0dc5314b09884ee37f7f0f5383b2b7b4
Requested by
Host: namel.net
URL: https://namel.net/d0d63e31e7/070a954047/?placementName=ROTATOR&type=n&cv=XZixCkGjAjpAjiCiGkkjdCpCkdNkNZpdNrkACrCZZZCCrixCrrpCrCrGCxCixxZxxikjCCr_14893&adApiR=loaded_string_29765339b7bc33242890322183c6347e098be_2615714_1689672854.7882_92454&refferer=1134279226_aHR0cHM6Ly9mcmVlcHJlbWl1bS5jZi8=&yxDom=dmRiYWEuY29t_9f0199818f55a7669128123a276be0b0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.66.201.7 , Slovakia, ASN201702 (SKHOSTING-EU, SK),
Reverse DNS
185.66.201.7.skhosting.eu
Software
nginx /
Resource Hash
e0fab6b07a4b8cc149abe1755195f92a2085f6520a965207c211387dfea7a3f2

Request headers

Referer
https://namel.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

content-encoding
br
content-type
text/html; charset=UTF-8
date
Tue, 18 Jul 2023 09:34:16 GMT
server
nginx
/
us-1.rwe-twe.com/ Frame 9732 		1 KB
928 B 		Document
General
Check archive.org
Download Go to
Full URL
https://us-1.rwe-twe.com/?utm_medium=39c97d50389918646c360b71b97f8bfa649e3527&utm_campaign=PUSH-MS-SL-A&cid=90affC1689672855aff7444687454456a708a627&1=29696185
Requested by
Host: ucaba.live
URL: https://ucaba.live/go.php?go=https%3A%2F%2Fus-1.rwe-twe.com%2F%3Futm_medium%3D39c97d50389918646c360b71b97f8bfa649e3527%26utm_campaign%3DPUSH-MS-SL-A%26cid%3D90affC1689672855aff7444687454456a708a627%261%3D29696185&do=0dc5314b09884ee37f7f0f5383b2b7b4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.60.9.235 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx / PHP/8.2.0
Resource Hash
1eb274d0952c946858dca57861b09e4dcca6a637d32ba575bbd48088070322c1

Request headers

Referer
https://ucaba.live/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ch
Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version
cache-control
no-store, no-cache, must-revalidate, max-age=0
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Tue, 18 Jul 2023 09:34:16 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://us-1.rwe-twe.com/?utm_term=7257089657475694674
pragma
no-cache
server
nginx
vary
Accept-Encoding
x-powered-by
PHP/8.2.0
/
us-1.rwe-twe.com/ Frame 9732 		8 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://us-1.rwe-twe.com/?utm_term=7257089657475694674
Requested by
Host: us-1.rwe-twe.com
URL: https://us-1.rwe-twe.com/?utm_medium=39c97d50389918646c360b71b97f8bfa649e3527&utm_campaign=PUSH-MS-SL-A&cid=90affC1689672855aff7444687454456a708a627&1=29696185
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.60.9.235 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx / PHP/8.2.0
Resource Hash
387eb4f27a6cf26ff19e7ee1c52f91a30eade817ed86c978c7e95787d864ca90

Request headers

Referer
https://us-1.rwe-twe.com/?utm_medium=39c97d50389918646c360b71b97f8bfa649e3527&utm_campaign=PUSH-MS-SL-A&cid=90affC1689672855aff7444687454456a708a627&1=29696185
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ch
Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version
cache-control
no-store, no-cache, must-revalidate, max-age=0
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Tue, 18 Jul 2023 09:34:16 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
pragma
no-cache
server
nginx
vary
Accept-Encoding
x-powered-by
PHP/8.2.0
tag
adtrace.online/ Frame E7FA 		1 B
457 B 		Document
General
Check archive.org
Download Go to
Full URL
https://adtrace.online/tag
Requested by
Host: ea18dad2af.82308721ac.com
URL: https://ea18dad2af.82308721ac.com/019b43a3fdcf68cae1f50346447ddffb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e6::ac40:cc1a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

Request headers

Referer
https://freepremium.cf/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7e89ba5d9b743300-EWR
content-encoding
br
content-type
text/html
date
Tue, 18 Jul 2023 09:34:17 GMT
last-modified
Thu, 06 Jul 2023 06:32:50 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SPd1onSj21PPcPE%2FrJ4ADCEx26frv1M8b4sr1xhfO9cp6GVnmZXQ%2B9WG8UVd5Gvexey1FMP5KDyBWIxD34AAxKyQmqen93IckLl8t24O4hcevziAFqncnUXkBLjde6VnZ4S8c2vUggSArOuHNQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
static.bookmsg.com/creatives/US/ 		590 B
747 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?mlf=1&cpa=5a14dc09-2ac4-4765-bd74-bbe3ae1b4bd6&mlc=1&format=default-slide-b_r-body
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
116.202.204.10 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.10.204.202.116.clients.your-server.de
Software
nginx/1.18.0 /
Resource Hash
c2443b0a74b25158756abb7aa12832e5442adab247aab6e24514f54396c72579

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freepremium.cf/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 18 Jul 2023 09:34:17 GMT
last-modified
Tue, 24 Nov 2020 14:24:12 GMT
server
nginx/1.18.0
etag
"5fbd178c-24e"
content-type
image/webp
cache-control
public, max-age=315360000
accept-ranges
bytes
content-length
590
US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
static.bookmsg.com/creatives/US/ 		590 B
746 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
116.202.204.10 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.10.204.202.116.clients.your-server.de
Software
nginx/1.18.0 /
Resource Hash
c2443b0a74b25158756abb7aa12832e5442adab247aab6e24514f54396c72579

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freepremium.cf/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 18 Jul 2023 09:34:17 GMT
last-modified
Tue, 24 Nov 2020 14:24:12 GMT
server
nginx/1.18.0
etag
"5fbd178c-24e"
content-type
image/webp
cache-control
public, max-age=315360000
accept-ranges
bytes
content-length
590
/
c36700d174.46febd8df8.com/in/show/ 		0
201 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c36700d174.46febd8df8.com/in/show/?mid=868938065203674337&pid=0&site=native-push-adult&sc=US&usage_type=DCH&subid=1375110137&sid=4216833612&cid=2766&price=0.004361762771606446&is_cpm=0&cpm=0&ecpm=0.2752529080801285&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&tcid=0&out_id=1&ver=8.76.3&ver_c=&refdom=freepremium.cf&hostname=auc-inpage-hz-0-c&site_id=31293536&spot_id=293536&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=1689759256&created_at=2023-07-18&is_native=2&auction_queue=&burl=Q5ExeGa__giPVPVNWrR2kjS_sFsSF-Mr2muBovFkANRaTd9nzBMBiw&pop_winurl=&ip=96.9.246.195&testab=0&px_id=31293536&adblock=0&auction_host=&mm=0&yc=0&render_type=hq&campaign_type=lq-pop&uniq=&exp=&resp_type=&iabcat=IAB25-3&min_cpm=0.005469811060754405&placement_type_id=0&skin_test=0&verify_hash=8e339a6ec4883210873f2e8be7c88de2&score=0&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D1375110137%26spot_id%3D293536%26is_adult%3D1%26p%3Dhttps%253A%252F%252Ffreepremium.cf%252F%26idzone%3D0%26sid%3D1886&ml=&tag_ab=d&original_bid=0&user_fp=10132820112145685257&v2=0&v2_track=0&is_pop_cpc=0&applied_features=prod,main-skins-settings&url=d9mZ5FI9L8o0J6PAPLjQBM3pRD2y74NOBpEnyImzp_7GzloAwDGnZRa1tUpztcgaR47BBd4xsaUSanYwK4KtofvlVKCOEN6cVtzXoL8CUDlTxXLJ8GRHtm4O5RTkOSNxWH1Kquk-Bi8nhFovVHEVuE0yCqXG0KG8QQcbVs9kabkxhO-bYg&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&skin_id=2&vertical_id=0&real_bid=0.004050332967533579&pr=&user_keywords=&auc_type=1&aid=412&ext_cid=0&device_theme=light&keywords=&label_ids=4,89,108,0&conditions=dch_ip,tz_offset&need_redirect_show=0&page=https%3A%2F%2Ffreepremium.cf%2F&auction_time=1689672856&show_count=1&from_cache=0&original_bid_usd=0&mlf=1&cpa=8075b7d2-b1aa-4dee-ab36-817714731983&mlc=1&format=default-slide-b_r-body
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a01:4f8:e0:19cb::1 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freepremium.cf/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 18 Jul 2023 09:34:17 GMT
server
nginx/1.18.0
vary
Origin
access-control-allow-methods
*
access-control-allow-origin
*
cache-control
no-transform, no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type
content-length
0
truncated
/ Frame 379D 		483 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
444a68f8495f8630e1a536a36db8f87ae01cc45e59a3ebf341e1568cc0904cf0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type
image/svg+xml
C9a8-D6chm6NUazzp0AbGRs8uSs1H8j0.png
i.wmgtr.com/cic/ Frame 379D
Redirect Chain
  • https://naoprj.com/dsp/ph/icm?aid=11098941134187873221&mid=0&sid=1391&t=1689672856&subid=73293536&cpa=876bea0d-6390-4de5-b4e2-fbf72988420d&format=default-slide-b_r-body
  • https://i.wmgtr.com/cic/C9a8-D6chm6NUazzp0AbGRs8uSs1H8j0.png
5 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.wmgtr.com/cic/C9a8-D6chm6NUazzp0AbGRs8uSs1H8j0.png
Protocol
H2
Server
45.133.44.32 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.19.0 /
Resource Hash
156f066aa45a333dc6a0f21ae15a08f2c75a6509638999e183c7ee591a531c47
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

expires
Wed, 19 Jul 2023 08:34:17 GMT
date
Tue, 18 Jul 2023 09:34:17 GMT
content-encoding
gzip
server
nginx/1.19.0
x-frame-options
SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=82800
x-content-type-option
nosniff
x-xss-protection
1; mode=block
x-proxy-cache
HIT

Redirect headers

location
https://i.wmgtr.com/cic/C9a8-D6chm6NUazzp0AbGRs8uSs1H8j0.png
date
Tue, 18 Jul 2023 09:34:17 GMT
accept-ch
Sec-CH-UA-Platform-Version
server
nginx/1.18.0
content-length
0
/
c36700d174.46febd8df8.com/in/show/ 		0
200 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c36700d174.46febd8df8.com/in/show/?mid=868938065203674337&pid=0&site=native-push-adult&sc=US&usage_type=DCH&subid=1375110137&sid=4216833612&cid=2449&price=0.01995&is_cpm=0&cpm=0&ecpm=0.0412982199796625&crid=710624102&crtid=23cc91817ae534e3d054bb319a3c230a&tcid=0&out_id=0&ver=8.76.3&ver_c=&refdom=freepremium.cf&hostname=auc-inpage-hz-0-c&site_id=31293536&spot_id=293536&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=1689759256&created_at=2023-07-18&is_native=1&auction_queue=&burl=aaugN3K4KP0AFhpqYZ8juaZaoKnKyAxEwLDAxz9jP9u68_Ccq25sOg&pop_winurl=&ip=96.9.246.195&testab=0&px_id=73293536&adblock=0&auction_host=&mm=0&yc=0&render_type=hq&campaign_type=hq&uniq=27bb6fd7b66f7bcf18b813e3e9bedf0b41d904b0dbb67c96bededc3aaa1e0faf&exp=1440&resp_type=&iabcat=IAB25-3&min_cpm=0.00019293318227965985&placement_type_id=0&skin_test=0&verify_hash=31260df85fe7c3fe71b626eced96a2de&score=0&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D1375110137%26spot_id%3D293536%26is_adult%3D1%26p%3Dhttps%253A%252F%252Ffreepremium.cf%252F%26idzone%3D0%26sid%3D1886&ml=&tag_ab=d&original_bid=0.01995&user_fp=10132820112145685257&v2=0&v2_track=0&is_pop_cpc=0&applied_features=prod,main-skins-settings&url=i_gzG1V3N3Rs61wyXH_9yUJCJ38NlMVW-j66hUKe2bFxc23p3v0qe7tkYRQlN6aetU7dvS-PrpYTRPkfKv7GWGKRuB5UOFVhS81bfh4RCpjH2NvopTvV_KPj3K7gL9bbrGCoCjuDWtm8VUpOlXm5o74UlThyr1pdf3gwl69KNRu1uL4SDqTEuRQ&image_url=https%3A%2F%2Fi.wmgtr.com%2Fcim%2FuApZ1ScGgqJeV6iYMUfjIN6NUJp0b-6F.png&skin_id=2&vertical_id=5&real_bid=0.017228820312023187&pr=&user_keywords=&auc_type=1&aid=108&ext_cid=0&device_theme=light&keywords=&label_ids=4,90,95,5,98&conditions=dch_ip,tz_offset&need_redirect_show=0&page=https%3A%2F%2Ffreepremium.cf%2F&auction_time=1689672856&show_count=1&from_cache=0&original_bid_usd=0.01995&cpa=08e0a8a2-06e6-452c-a66c-66f3bdd9b821&format=default-slide-b_r-body
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a01:4f8:e0:19cb::1 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software
nginx/1.18.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://freepremium.cf/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 18 Jul 2023 09:34:17 GMT
server
nginx/1.18.0
vary
Origin
access-control-allow-methods
*
access-control-allow-origin
*
cache-control
no-transform, no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type
content-length
0
uApZ1ScGgqJeV6iYMUfjIN6NUJp0b-6F.png
i.wmgtr.com/cim/ Frame 379D 		92 KB
92 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.wmgtr.com/cim/uApZ1ScGgqJeV6iYMUfjIN6NUJp0b-6F.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.133.44.32 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.19.0 /
Resource Hash
26eaa41204e8b888678f4cc488ea5844eac00dee735cbcc80c4ea1e2918c6776
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

expires
Wed, 19 Jul 2023 08:34:17 GMT
date
Tue, 18 Jul 2023 09:34:17 GMT
content-encoding
gzip
server
nginx/1.19.0
x-frame-options
SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=82800
x-content-type-option
nosniff
x-xss-protection
1; mode=block
x-proxy-cache
HIT

Verdicts & Comments Add Verdict or Comment

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 boolean| credentialless object| onbeforetoggle object| onscrollend function| initAd function| R function| X function| showAnchorAd function| closeAnchorAd object| __adFormats object| __formatsGetters object| _admSptsInVw object| AdManager object| a3klsam function| createCANativeAd object| activesInpages function| __fp-init

6 Cookies

Domain/Path Name / Value
namel.net/d0d63e31e7/070a954047 Name: total_impressions
Value: 1
.vdbaa.com/ Name: used_ad2615714
Value: 1
.vdbaa.com/ Name: total_impressions
Value: 1
.vdbaa.com/ Name: cpa_673873
Value: popup_978584583_4
namel.net/ Name: used_ad2615714
Value: 1
fp.metricswpsh.com/ Name: id
Value: 8608055501039955599

1 Console Messages

Source Level URL
Text
network error URL: https://accounts.google.com/v3/signin/identifier?dsh=S-1039487689%3A1689672855569036&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=AeDOFXiWm-XOSrDZIlf8VJhpTMxUH9rjcKuqX0DuSwGo92QTA5iuIO91v1HM09qeY3Us3vzUSyzJqQ&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin
Message:
Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.google.com
adtrace.online
c36700d174.46febd8df8.com
cf9ebac989.13c65864bc.com
ea18dad2af.82308721ac.com
fp.metricswpsh.com
freepremium.cf
i.wmgtr.com
js.capndr.com
js.wpadmngr.com
maxcdn.bootstrapcdn.com
namel.net
naoprj.com
nereserv.com
static.bookmsg.com
ucaba.live
us-1.rwe-twe.com
vdbaa.com
116.202.204.10
157.90.84.242
157.90.84.246
185.199.108.153
185.66.200.220
185.66.201.58
185.66.201.7
2606:4700::6812:acf
2606:4700:e6::ac40:cc1a
2607:f8b0:4006:809::200d
2a01:4f8:e0:19cb::1
2a02:b4a:1:6::3
45.133.44.32
45.133.44.52
45.133.44.53
65.60.9.235
00bf851987d3fe1fce80150ca63e39fedf17fc704e0a2a482f8265b8cd3ce550
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
01c71e162607df5b9dd58ec5460cc91139e53c43f52512648895c439bc5c9608
156f066aa45a333dc6a0f21ae15a08f2c75a6509638999e183c7ee591a531c47
1eb274d0952c946858dca57861b09e4dcca6a637d32ba575bbd48088070322c1
26eaa41204e8b888678f4cc488ea5844eac00dee735cbcc80c4ea1e2918c6776
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
387eb4f27a6cf26ff19e7ee1c52f91a30eade817ed86c978c7e95787d864ca90
4252b1a72a4b562ed13e26eaf19c0250580a1ab308a710a4700df230f8e48777
444a68f8495f8630e1a536a36db8f87ae01cc45e59a3ebf341e1568cc0904cf0
5468c890ef602977130a0f59d15243417fdb9b8d70da59ebc72be7e044b63d14
65309a3f1d82ae48f0f76ed61c26c0c20fb65404014acf62172fd6d52c45cc08
7cb5ee2bea931d1c90e90506698e25ea0010f60ed2ec97766840410e1315a554
b3b9e5d75cf2e758f9a2a6673792bc4c8be3ab7d8af28a1976266bffd1ccb6d2
bd712f9cfe8a0e519bea47e81168a7b5182d72744f4d9731e12a10235849585d
c2443b0a74b25158756abb7aa12832e5442adab247aab6e24514f54396c72579
d0b6a6198643ccf6ccf2cbd178c094b15e4b6c013d6de82580e3b2f4e062b187
e0fab6b07a4b8cc149abe1755195f92a2085f6520a965207c211387dfea7a3f2
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855