clicks4freedom.com Open in urlscan Pro
2606:4700:3032::6815:4bee Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://s3-us-west-2.amazonaws.com/q7s4b6m9cb3zv1h8/tp1n5y3u87opazcy/afad2d9.html#NSzs0K5i.cfml?dtjRv0ccNLgpcxL4ccdcC0c8c43tqgJjgcb...
Effective URL:
https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
Submission: On August 19 via api (August 19th 2022, 8:23:10 pm UTC) from BE — Scanned from US

Summary HTTP 39 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 7 domains to perform 39 HTTP transactions. The main IP is 2606:4700:3032::6815:4bee, located in United States and belongs to CLOUDFLARENET, US. The main domain is clicks4freedom.com.
TLS certificate: Issued by E1 on August 1st 2022. Valid for: 3 months.

This is the only time clicks4freedom.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Scam (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	52.92.161.184 52.92.161.184	16509 (AMAZON-02) (AMAZON-02)
1 1	161.129.69.48 161.129.69.48	55154 (MADGEN-01) (MADGEN-01)
1 1	181.214.242.99 181.214.242.99	61317 (ASDETUK w...) (ASDETUK www.heficed.com)
1 1	34.117.79.165 34.117.79.165	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 33	2606:4700:303... 2606:4700:3032::6815:4bee	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2607:f8b0:400... 2607:f8b0:4006:824::200a	15169 (GOOGLE) (GOOGLE)
5	2606:4700:303... 2606:4700:3037::6815:1725	13335 (CLOUDFLAR...) (CLOUDFLARENET)
39	4

1 52.92.161.184 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-us-west-2.amazonaws.com

s3-us-west-2.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 161.129.69.48 (Elk Grove Village, United States) 1 redirects

ASN55154 (MADGEN-01, US)
PTR: johnson-espinoza.carolinaslings.com

esprithouse.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 181.214.242.99 (United Arab Emirates) 1 redirects

ASN61317 (ASDETUK www.heficed.com, GB)
PTR: ohone.guyagents.com

www.obetincloud.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.117.79.165 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 165.79.117.34.bc.googleusercontent.com

www.lpredirect.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

33 2606:4700:3032::6815:4bee (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

clicks4freedom.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:824::200a (Perth Amboy, United States)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:3037::6815:1725 (United States)

ASN13335 (CLOUDFLARENET, US)

trk-consulatu.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
event.trk-consulatu.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
33	clicks4freedom.com 1 redirects clicks4freedom.com	4 MB
5	trk-consulatu.com trk-consulatu.com — Cisco Umbrella Rank: 29936 event.trk-consulatu.com — Cisco Umbrella Rank: 89231	3 KB
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 286	31 KB
1	lpredirect.com 1 redirects www.lpredirect.com — Cisco Umbrella Rank: 799328	470 B
1	obetincloud.com 1 redirects www.obetincloud.com — Cisco Umbrella Rank: 720748	580 B
1	esprithouse.com 1 redirects esprithouse.com — Cisco Umbrella Rank: 309122	290 B
1	amazonaws.com s3-us-west-2.amazonaws.com	801 B
39	7

	Domain	Requested by
33	clicks4freedom.com	1 redirects s3-us-west-2.amazonaws.com clicks4freedom.com
4	event.trk-consulatu.com	trk-consulatu.com
1	trk-consulatu.com	clicks4freedom.com
1	ajax.googleapis.com	clicks4freedom.com
1	www.lpredirect.com	1 redirects
1	www.obetincloud.com	1 redirects
1	esprithouse.com	1 redirects
1	s3-us-west-2.amazonaws.com
39	8

This site contains links to these domains. Also see Links.

Domain
www.megatr4ffic.com

Subject Issuer	Validity	Valid
*.s3-us-west-2.amazonaws.com Amazon	`2021-12-17` - `2022-11-29`	a year	crt.sh
*.clicks4freedom.com E1	`2022-08-01` - `2022-10-30`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-08-01` - `2022-10-24`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-08-01` - `2023-08-01`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
Frame ID: 2EBEBEFA0EC52BE75AEEF4977C497331
Requests: 37 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Survey Rewards

Page URL History Show full URLs

https://s3-us-west-2.amazonaws.com/q7s4b6m9cb3zv1h8/tp1n5y3u87opazcy/afad2d9.html Page URL
http://esprithouse.com/NSzs0K5i.cfml?dtjRv0ccNLgpcxL4ccdcC0c8c43tqgJjgcbbb4T HTTP 302
https://www.obetincloud.com/59j19w4/wj3686r/?sub1=2_522188_2637701&sub2=1685_5870603_3580888_29&sub3=490... HTTP 302
https://www.lpredirect.com/24QSBG/C36MNMM/?source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f HTTP 302
https://clicks4freedom.com/Y9WT7UFWIZ/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1... HTTP 302
https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&s... Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

39
Requests

100 %
HTTPS

43 %
IPv6

7
Domains

8
Subdomains

4
IPs

2
Countries

4051 kB
Transfer

4153 kB
Size

3
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.megatr4ffic.com/24QSBG/BN26X32/?source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
Title: Continue

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://s3-us-west-2.amazonaws.com/q7s4b6m9cb3zv1h8/tp1n5y3u87opazcy/afad2d9.html Page URL
http://esprithouse.com/NSzs0K5i.cfml?dtjRv0ccNLgpcxL4ccdcC0c8c43tqgJjgcbbb4T HTTP 302
https://www.obetincloud.com/59j19w4/wj3686r/?sub1=2_522188_2637701&sub2=1685_5870603_3580888_29&sub3=490841749_104-237-193-28 HTTP 302
https://www.lpredirect.com/24QSBG/C36MNMM/?source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f HTTP 302
https://clicks4freedom.com/Y9WT7UFWIZ/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5= HTTP 302
https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

39 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK afad2d9.html
s3-us-west-2.amazonaws.com/q7s4b6m9cb3zv1h8/tp1n5y3u87opazcy/ 445 B
801 B 367ms
105ms Document
text/html 52.92.161.184
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3-us-west-2.amazonaws.com/q7s4b6m9cb3zv1h8/tp1n5y3u87opazcy/afad2d9.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.92.161.184 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-west-2.amazonaws.com
Software: AmazonS3 /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Accept-Ranges: bytes
Content-Length: 445
Content-Type: text/html
Date: Fri, 19 Aug 2022 20:23:03 GMT
ETag: "d776a45a58224af16785cf08ec64625f"
Last-Modified: Fri, 19 Aug 2022 08:39:14 GMT
Server: AmazonS3
x-amz-id-2: K4uo/L2jl3qv7Z3d9au9+qZEh+KC9lj0HVIpibEyYAjWNqGDuCd5Z3QLX5DEbaXG+nYt7fwXhTc=
x-amz-request-id: 3Z6KHN3HDWH43H5B

GET
H2

200

Primary Request / Show response
clicks4freedom.com/
Redirect Chain

http://esprithouse.com/NSzs0K5i.cfml?dtjRv0ccNLgpcxL4ccdcC0c8c43tqgJjgcbbb4T
https://www.obetincloud.com/59j19w4/wj3686r/?sub1=2_522188_2637701&sub2=1685_5870603_3580888_29&sub3=490841749_104-237-193-28
https://www.lpredirect.com/24QSBG/C36MNMM/?source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f
https://clicks4freedom.com/Y9WT7UFWIZ/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=

47 KB
9 KB

416ms
416ms

Document
text/html

2606:4700:3032::6815:4bee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
Requested by: Host: s3-us-west-2.amazonaws.com
URL: https://s3-us-west-2.amazonaws.com/q7s4b6m9cb3zv1h8/tp1n5y3u87opazcy/afad2d9.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6815:4bee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f0a8753fcb15ca3c5cdaf3c64928c0e3ff9fdb7e23d2555c8e6dcca6839d2b34

Request headers

Referer: https://s3-us-west-2.amazonaws.com/q7s4b6m9cb3zv1h8/tp1n5y3u87opazcy/afad2d9.html#NSzs0K5i.cfml?dtjRv0ccNLgpcxL4ccdcC0c8c43tqgJjgcbbb4T
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 73d59adc2897b045-ATL
content-encoding: br
content-type: text/html
date: Fri, 19 Aug 2022 20:23:04 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
last-modified: Tue, 16 Aug 2022 18:50:55 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DCoS0evAgNU5TD8G6rAQ4sJmH6sH4LpHW1laKR1SHG2du1PL%2FOO196mlmfq2tho3bH9eHfgzOCFBMXhIxwdEJH7xsNC2tHGYp9jwbMhcxd3n601Yg5wuF3rxqJ%2FOonRiHzJmbc4oOa%2BtwvYQt84cdl0%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 73d59ada1c4bb045-ATL
content-type: text/html
date: Fri, 19 Aug 2022 20:23:04 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
location: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HnTbBeZRvPtioicpe7%2BrWrHkmfQBd%2BzDCiN%2BKB62hcZpb6y9MLkrHAo5Qdv09g4pbbbPGOAHr7QDBErE%2BFzU7el2b9pIHc9HilBvqZUJ2pW8Zu0eekssZFoHXF1q8chCnsohaLS5gOwimILiTRlfimU%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ 87 KB
31 KB 147ms
41ms Script
text/javascript 2607:f8b0:4006:824::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

Requested by

Host: clicks4freedom.com
URL: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::200a Perth Amboy, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://clicks4freedom.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Fri, 19 Aug 2022 11:23:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 32359
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31021
x-xss-protection: 0
last-modified: Fri, 08 May 2020 07:05:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 19 Aug 2023 11:23:45 GMT

GET
H3 200 customredisp2.css
clicks4freedom.com/css/ 23 KB
6 KB 366ms
366ms Stylesheet
text/css 2606:4700:3032::6815:4bee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://clicks4freedom.com/css/customredisp2.css
Requested by: Host: clicks4freedom.com
URL: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:4bee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: df5c4cd2d92ba6a95e1ad788f59d132c1bedd8c11d0d8518af285f4dbde68cb3

Request headers

accept-language: en-US,en;q=0.9
Referer: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Fri, 19 Aug 2022 20:23:05 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Thu, 23 Jun 2022 14:57:40 GMT
server: cloudflare
etag: W/"2433333717"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xl4IzBoDH43%2FuLLK7J4zv8cfg9t62a7MgkdpxtxBk%2F7QKhJcwu8y%2BJCyUfvTUtBGTZok19JNgdjU1BS2pMt0mFInj6GYuofpNhRH0eCrQ1J9pKT2FQ971E%2FGWaHP0UXo2g2Crq1L6nnzPyhDPYgyUuA%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
cf-ray: 73d59adf5f09e6d0-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 pub.min.js Show response
clicks4freedom.com/js/ 3 KB
2 KB 313ms
313ms Script
application/javascript 2606:4700:3032::6815:4bee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://clicks4freedom.com/js/pub.min.js
Requested by: Host: clicks4freedom.com
URL: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:4bee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b0a79f2bd09a605d906f23c84884ecaf4cf9fee5f0286040e9a0f889d6790ca0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Fri, 19 Aug 2022 20:23:05 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Thu, 23 Jun 2022 14:57:44 GMT
server: cloudflare
etag: W/"541432476"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V2tk7GFkfs4xjLh8DbCy%2FGmFFPMPw9hQNQtxV7Jvy4IE3v3W8WCH%2Fy%2BK7Y3geLS0TsmOraIGxMOlDFBpKDdTy5bM6JRjUcqAEAcmsIuQsUIcv1beKFXQXVlo3MOzYr%2F5V7kvIiIha7AZr8g2HKNxa6k%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cf-ray: 73d59ae1a96de6d0-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 logo.png
clicks4freedom.com/img/ 14 KB
15 KB 361ms
361ms Image
image/png 2606:4700:3032::6815:4bee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://clicks4freedom.com/img/logo.png
Requested by: Host: clicks4freedom.com
URL: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:4bee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f9126e64a8d1dcd29b78e78a1526f96c1c700fbae3eb73cfa30894abcf292db9

Request headers

accept-language: en-US,en;q=0.9
Referer: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Fri, 19 Aug 2022 20:23:05 GMT
cf-cache-status: DYNAMIC
last-modified: Thu, 23 Jun 2022 14:57:43 GMT
server: cloudflare
etag: "3779159939"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RI71cEfzBJxK7oGw%2F2R3IYGgN34L%2BCpuQJif9ggM6ZbSAGgasEAAh9uBzggQrz3pUHnMYuj3tXhPb8bgQI2TjDw%2B5sQsJx4cCPe7fkuxe9Km7%2B1tg%2FM%2FWgWg%2BinWehQKmdHbab03OboPNYVeM6rL814%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
accept-ranges: bytes
cf-ray: 73d59ae1a96fe6d0-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 14809

GET
H3 200 flaglogo.png
clicks4freedom.com/img/ 2 KB
2 KB 313ms
305ms Image
image/png 2606:4700:3032::6815:4bee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://clicks4freedom.com/img/flaglogo.png
Requested by: Host: clicks4freedom.com
URL: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:4bee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: eb97f1ceb86cf65febe6fc09278d503747f140e18297b6da6ee4bdcd41479f43

Request headers

accept-language: en-US,en;q=0.9
Referer: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Fri, 19 Aug 2022 20:23:05 GMT
cf-cache-status: DYNAMIC
last-modified: Thu, 23 Jun 2022 14:57:43 GMT
server: cloudflare
etag: "471769962"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rmeDYQnLd9PqHyF67leGWsOFyDr9s%2Bl6Eo01Wpotdby65tHzGDxYvLut%2FcsSyK0r7pwyr%2Bv3kTyPtDC8yS42IXaCzwaTiGz4qwISTjDErU5aLVfiC%2FF6ag7fS8P9AZ0yCjhHtRJXpFFAHDp46LmScs4%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
accept-ranges: bytes
cf-ray: 73d59ae1b97be6d0-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1781

GET
H3 200 zfold.png
clicks4freedom.com/img/ 955 KB
956 KB 378ms
370ms Image
image/png 2606:4700:3032::6815:4bee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://clicks4freedom.com/img/zfold.png
Requested by: Host: clicks4freedom.com
URL: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:4bee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8c76748729ce1fc56232fed6a8aff3fef2f9b947f4e0e3ffd6a50d2f6828d1a7

Request headers

accept-language: en-US,en;q=0.9
Referer: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Fri, 19 Aug 2022 20:23:05 GMT
cf-cache-status: DYNAMIC
last-modified: Thu, 23 Jun 2022 14:57:40 GMT
server: cloudflare
etag: "4161659809"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SV5eo2%2BDOfSB4hD3Mo01u49ZsPyATQwZAGEleC7UeZR5GyPGL9%2FLsMlDZHTdDHGCID%2BtN6R3KdG1iEokoFHGgLf8jhCtxIurxZoH0D38TMZ4c5vHBnfMzZkY0HOlIMMF1Bap6AmNcSLb6odNtawdOz8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
accept-ranges: bytes
cf-ray: 73d59ae1b97ce6d0-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 977846

GET
H3 200 loading.gif
clicks4freedom.com/img/ 1 KB
2 KB 313ms
306ms Image
image/gif 2606:4700:3032::6815:4bee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://clicks4freedom.com/img/loading.gif
Requested by: Host: clicks4freedom.com
URL: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:4bee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 735ee02711d4d62d8cfba0c075237f227491a044441540d39f8c8203ccd54cea

Request headers

accept-language: en-US,en;q=0.9
Referer: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Fri, 19 Aug 2022 20:23:05 GMT
cf-cache-status: DYNAMIC
last-modified: Thu, 23 Jun 2022 14:57:43 GMT
server: cloudflare
etag: "2725143812"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5gZHHGB5AK9T%2FPKjilCumtUvQEicbQ7iHuAaWoC%2FOdIG32V05YJZmzXMzNo%2BcIRT7I%2BrExEFVTEAnT9LAu%2FbwR0M8BaT5SzYPXdYAy3NL%2FQ4F3ubwmIDqdjErlA0E6WgtgWwjuAseYmI%2Fb1%2FyS9A6vk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
accept-ranges: bytes
cf-ray: 73d59ae1b980e6d0-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1457

GET
H3 200 fb-check.jpg
clicks4freedom.com/img/ 646 B
1 KB 313ms
306ms Image
image/jpeg 2606:4700:3032::6815:4bee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://clicks4freedom.com/img/fb-check.jpg
Requested by: Host: clicks4freedom.com
URL: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:4bee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8fccb5c96c54856548fbad584f0e41f72313b94b33ec32d328985b3267f4035e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Fri, 19 Aug 2022 20:23:05 GMT
cf-cache-status: DYNAMIC
last-modified: Thu, 23 Jun 2022 14:57:44 GMT
server: cloudflare
etag: "3159874170"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6XymkjXIouRDVOI8LkKO40gLDBJ458naPr%2BjNO8Ix7fBS4dc5Uj9mx1Pm9LzYE4TijbTRLdGxS6WnwkfRug%2Fo8Hw5H438RiVBsmXGOWPNQWiuvYjUvk3tE7gpSUeXxoTzPncsdPnZgT4KZMZbu1FlJU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
accept-ranges: bytes
cf-ray: 73d59ae1b981e6d0-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 646

GET
H3 200 rayb.jpg
clicks4freedom.com/img/ 60 KB
60 KB 378ms
371ms Image
image/jpeg 2606:4700:3032::6815:4bee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://clicks4freedom.com/img/rayb.jpg
Requested by: Host: clicks4freedom.com
URL: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:4bee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b4112d018aa51d02571af877208328bddb900b01aab55d881daf0e37b9248a6

Request headers

accept-language: en-US,en;q=0.9
Referer: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Fri, 19 Aug 2022 20:23:05 GMT
cf-cache-status: DYNAMIC
last-modified: Thu, 23 Jun 2022 14:57:43 GMT
server: cloudflare
etag: "3571228833"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6ERKSEL3JylTsrfTQLNZRH6o2tVOKQcIhVnCJydzaYArNZLziwshP2yNhegIbuq9n5dpC1rQbuuZ0ucZFi7JQrun16dTkibknoVRXeeBxEZtiD4Sigtq74lyGpB12CIILHkjsXB%2BAD%2BPMkskfGFRkvM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
accept-ranges: bytes
cf-ray: 73d59ae1b982e6d0-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 60990

GET
H3 200 5.png
clicks4freedom.com/img/ 2 KB
3 KB 313ms
307ms Image
image/png 2606:4700:3032::6815:4bee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://clicks4freedom.com/img/5.png
Requested by: Host: clicks4freedom.com
URL: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:4bee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f802d314b51ab2b5d692ee180db50de925778f5b8b1e4aa99e03ebbcc22b3f6

Request headers

accept-language: en-US,en;q=0.9
Referer: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Fri, 19 Aug 2022 20:23:05 GMT
cf-cache-status: DYNAMIC
last-modified: Thu, 23 Jun 2022 14:57:43 GMT
server: cloudflare
etag: "2940560807"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mQ8A3KnHLRqpWX5j3sjX%2BeFSiF7TwR33ghErHnRaOKgWYAuLjAesEz%2F2siWsTOnNaXO61VA4jGTHaeonbVjYbvstxegFF9DSKtGpVWLllRPfJ82CaJ1pc7dts7yVxTiLGMuew8eDqPGId6pdgaLtWC8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
accept-ranges: bytes
cf-ray: 73d59ae1b984e6d0-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2486

GET
H3 200 cart.png
clicks4freedom.com/img/ 1 KB
2 KB 314ms
307ms Image
image/png 2606:4700:3032::6815:4bee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://clicks4freedom.com/img/cart.png
Requested by: Host: clicks4freedom.com
URL: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:4bee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6d894003d6071be103ca497c54461c500d2656e88003dd0afed8cdc0ed7bffe3

Request headers

accept-language: en-US,en;q=0.9
Referer: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Fri, 19 Aug 2022 20:23:05 GMT
cf-cache-status: DYNAMIC
last-modified: Thu, 23 Jun 2022 14:57:40 GMT
server: cloudflare
etag: "1796619451"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MYNdS1RxIjySyzMF9mgQmEYwMAohaFYhvtRXTVLZ9qFGQ5%2FT4fe7cpsGmu6QJx7V8fJIOhvUM83RTCubnFK07ubZhsLmKwMcGrmn8B3%2F9cR%2B72Kpl1Dia6QyZbINOh6KRTSlXU8NEUbu41xPhrMiKzg%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
accept-ranges: bytes
cf-ray: 73d59ae1b985e6d0-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1214

GET
H3 200 cartblack.png
clicks4freedom.com/img/ 1 KB
2 KB 314ms
308ms Image
image/png 2606:4700:3032::6815:4bee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://clicks4freedom.com/img/cartblack.png
Requested by: Host: clicks4freedom.com
URL: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:4bee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bb640067b5d233f221c2a280bb5be089cc087a872941ae5f588f8230b60bee40

Request headers

accept-language: en-US,en;q=0.9
Referer: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Fri, 19 Aug 2022 20:23:05 GMT
cf-cache-status: DYNAMIC
last-modified: Thu, 23 Jun 2022 14:57:44 GMT
server: cloudflare
etag: "3753793601"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iKnFhI25YPRT%2B743crV5QSYtEyTgRxDYvhPpJXafYAV8JZHDC05RiZ1o7qIOBPM30O8tHhN26hZTQVr6aLagCIprTNUyg2asX0fPCOl6fOpeOerrOkQZF7BpKkH7%2FqxOZHwoP7T30rFSRJc0I9XQ4So%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
accept-ranges: bytes
cf-ray: 73d59ae1b986e6d0-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1031

GET
H3 200 flash.jpg
clicks4freedom.com/img/ 130 KB
130 KB 377ms
370ms Image
image/jpeg 2606:4700:3032::6815:4bee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://clicks4freedom.com/img/flash.jpg
Requested by: Host: clicks4freedom.com
URL: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:4bee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c2c4e5d34b502f1dadc324847956c1775165dec3b5383828536713c1fd9406f

Request headers

accept-language: en-US,en;q=0.9
Referer: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Fri, 19 Aug 2022 20:23:05 GMT
cf-cache-status: DYNAMIC
last-modified: Thu, 23 Jun 2022 14:57:40 GMT
server: cloudflare
etag: "2780232469"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lc8EkWjeuH78Av1csEjXSGq%2FDXEk4FJL%2FiLFzTNIxyPqe8mssaQQZCnjc%2FfV2VnohGP3srYPjIWHqLFvJggwnvl4q0fs0E0dk%2FAmt495M0ezSV7HIK6rR2b%2BeUm6l%2FspoLPG3Age%2BiVsMirRUGShtSQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
accept-ranges: bytes
cf-ray: 73d59ae1b987e6d0-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 133008

GET
H3 404 ava.png
clicks4freedom.com/img/ 341 B
341 B 314ms
309ms Image
text/html 2606:4700:3032::6815:4bee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://clicks4freedom.com/img/ava.png
Requested by: Host: clicks4freedom.com
URL: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:4bee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 664f2b1654c363a6348b688d5d475ed9ec0e7ef3c72f6f315f37fe97a2fe63eb

Request headers

accept-language: en-US,en;q=0.9
Referer: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Fri, 19 Aug 2022 20:23:05 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c3JCFoXXIrrvgKRY5VeCUYSmDveiRf2w2nUOz78aNB%2BFZrRQmcG7PY4DCRDflRzXfrDThdYdn%2FoFVcpwyL9Jo%2FAxCL8qEzfip4PipTBWwnPZIeqD6%2BbDO8%2BROOV%2FkU3MHgnQYlA4SLSNCTJDx3qQlOM%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html
cf-ray: 73d59ae1b988e6d0-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 1.jpg
clicks4freedom.com/img/ 49 KB
50 KB 379ms
373ms Image
image/jpeg 2606:4700:3032::6815:4bee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://clicks4freedom.com/img/1.jpg
Requested by: Host: clicks4freedom.com
URL: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:4bee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 316a6975de3078b71f6d0c0f92ac22b0f4586e6d048ed7808339e6b5e3cface2

Request headers

accept-language: en-US,en;q=0.9
Referer: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Fri, 19 Aug 2022 20:23:05 GMT
cf-cache-status: DYNAMIC
last-modified: Thu, 23 Jun 2022 14:57:44 GMT
server: cloudflare
etag: "3616939894"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9bqk%2Foz6PlTElhwuJy791nNv02TBdS2d8holD7%2F%2FDjGLLbGS%2BOpNinDXjSFTCHZ3VHA7AlaSfOZRQajp2gc7CjvFB93uZOgT3RsS4D53pPZpST8DrUEiYsYDbIh3q3KOHPH%2Bn3B6AZG0TdtFPbAxtJ0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
accept-ranges: bytes
cf-ray: 73d59ae1b989e6d0-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 50556

GET
H3 200 like.png
clicks4freedom.com/img/ 51 KB
52 KB 154ms
148ms Image
image/png 2606:4700:3032::6815:4bee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://clicks4freedom.com/img/like.png
Requested by: Host: clicks4freedom.com
URL: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:4bee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3dc08e38fdf43aacbddfd66aa1296477ca8debc634f4d046b968bef1f1422ec0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Fri, 19 Aug 2022 20:23:05 GMT
cf-cache-status: DYNAMIC
last-modified: Thu, 23 Jun 2022 14:57:43 GMT
server: cloudflare
etag: "3257149108"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6LbV3wHyzR8FYt0Tyyc8IqnwZeej%2FLdVB3Eos%2FDOswKajUxePLsGPJrbCz8v1QW4gszJ7HoAJ6NHPqp2k8lHms6x%2BP9PeZj2dbicYzLfA5SL0cD7gXJZYG80uAEdChO7%2BdozCSPS%2FkllRjUx6ke7w4I%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
accept-ranges: bytes
cf-ray: 73d59ae1b98de6d0-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 52462

GET
H3 200 heart.png
clicks4freedom.com/img/ 2 KB
2 KB 315ms
310ms Image
image/png 2606:4700:3032::6815:4bee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://clicks4freedom.com/img/heart.png
Requested by: Host: clicks4freedom.com
URL: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:4bee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7ca149b3cceff96e46271c81bc29cb4ecc52e44ee015e539a67dbdc55a41b90a

Request headers

accept-language: en-US,en;q=0.9
Referer: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Fri, 19 Aug 2022 20:23:05 GMT
cf-cache-status: DYNAMIC
last-modified: Thu, 23 Jun 2022 14:57:43 GMT
server: cloudflare
etag: "3471746740"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=viNtKUVrFjAzRhQFpNmcHrY2%2BRDsN6ZoWI5UMuRPGUjLzxZYXgALCI4i7x38oX3UNce31KLcbXBslXfiqoze5HEyd2b%2F3dllFNzrk0o5L7c56xOk8fgyQ6xk3pyFbjpM04VKjCpKFvqGLj9kpBIAatU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
accept-ranges: bytes
cf-ray: 73d59ae1b990e6d0-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1649

GET
H3 200 2.jpg
clicks4freedom.com/img/ 53 KB
54 KB 381ms
375ms Image
image/jpeg 2606:4700:3032::6815:4bee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://clicks4freedom.com/img/2.jpg
Requested by: Host: clicks4freedom.com
URL: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:4bee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 63538636408d694425020b341235e224b91a191cd704704649e00b970c91bdf2

Request headers

accept-language: en-US,en;q=0.9
Referer: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Fri, 19 Aug 2022 20:23:05 GMT
cf-cache-status: DYNAMIC
last-modified: Thu, 23 Jun 2022 14:57:44 GMT
server: cloudflare
etag: "852630032"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=glPBauqd9vr8olukuToEjg4OAqyRy7dj14U2Z2m%2BRQN3CnhXC04nwOWEd%2B%2FYVOEDWSaPyGGsJcxkhfS76VsPtCowTMkd28cDNP3dE%2B5lstOP1pvwOrpe376ngq9Xmi19QVIXKc41H05QSAGOoVSid4w%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
accept-ranges: bytes
cf-ray: 73d59ae1b991e6d0-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 54538

GET
H3 200 ispv1-t-1.jpg
clicks4freedom.com/img/ 102 KB
102 KB 400ms
394ms Image
image/jpeg 2606:4700:3032::6815:4bee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://clicks4freedom.com/img/ispv1-t-1.jpg
Requested by: Host: clicks4freedom.com
URL: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:4bee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: abd9792cbf8616eff5f3d6fd5451f5a224b665bbc0b20cc6f75918bea91a4aab

Request headers

accept-language: en-US,en;q=0.9
Referer: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Fri, 19 Aug 2022 20:23:05 GMT
cf-cache-status: DYNAMIC
last-modified: Thu, 23 Jun 2022 14:57:43 GMT
server: cloudflare
etag: "2434966637"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CaQLER09Q%2FzUczy57NGGJ9oQ%2BbpbMsFZNfpcr%2BZrwcCd32EX%2BVJ9k0m76%2FsdqQQ0qqX4ZxOZ30UpnPoY4LTgWcMCAQZq7U2fZSgJfflIGXakdwxeBiKpKJ5GiH3MVis9Imv5A9Zt1y9m1hL%2BMf9bTvc%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
accept-ranges: bytes
cf-ray: 73d59ae1b995e6d0-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 104164

GET
H3 404 sad.png
clicks4freedom.com/img/ 341 B
341 B 350ms
345ms Image
text/html 2606:4700:3032::6815:4bee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://clicks4freedom.com/img/sad.png
Requested by: Host: clicks4freedom.com
URL: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:4bee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 664f2b1654c363a6348b688d5d475ed9ec0e7ef3c72f6f315f37fe97a2fe63eb

Request headers

accept-language: en-US,en;q=0.9
Referer: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Fri, 19 Aug 2022 20:23:05 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HTagzvdu%2FD1Vi%2FTJjRCODBIbJaK83uWfr%2Fx3GD7FvPOMS%2FY8Mrdc%2B2mRkVtoeMkLtgJG2IZJfvxHwLO0HR%2BFjlE1sMeHpDohHwBBYZ37u75HQ57LGo2YfyUvd%2B%2FAa4Q0VO%2FWwf77I5XvbLW6x15se4k%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html
cf-ray: 73d59ae1b997e6d0-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 yay.png
clicks4freedom.com/img/ 3 KB
4 KB 315ms
310ms Image
image/png 2606:4700:3032::6815:4bee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://clicks4freedom.com/img/yay.png
Requested by: Host: clicks4freedom.com
URL: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:4bee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 89c620db5c942f519d01f1fb1a8af66d054e0389e325540158c60b7a1bd3fe33

Request headers

accept-language: en-US,en;q=0.9
Referer: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Fri, 19 Aug 2022 20:23:05 GMT
cf-cache-status: DYNAMIC
last-modified: Thu, 23 Jun 2022 14:57:40 GMT
server: cloudflare
etag: "3767302986"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l5AZgHw4mkivsbb1wMZl0YnVvq63WQBFzEkLWBRl%2B82sNSmV5AtZdZ%2BA1hAMVOKJl99l1s%2BUrXZ6zjS1zVxNrj36PK2xXk45cGNn2cuY6Vt%2BUL%2B8%2FKwX3un2BY1sykn92AaPLkoQQdswn45kk9jN5M0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
accept-ranges: bytes
cf-ray: 73d59ae1b998e6d0-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3539

GET
H3 200 3.jpg
clicks4freedom.com/img/ 48 KB
48 KB 400ms
395ms Image
image/jpeg 2606:4700:3032::6815:4bee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://clicks4freedom.com/img/3.jpg
Requested by: Host: clicks4freedom.com
URL: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:4bee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 59cc1d4bffd1ff0dc79947be1723f97ab0e32018791c0981b096cd2b60351231

Request headers

accept-language: en-US,en;q=0.9
Referer: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Fri, 19 Aug 2022 20:23:05 GMT
cf-cache-status: DYNAMIC
last-modified: Thu, 23 Jun 2022 14:57:44 GMT
server: cloudflare
etag: "4176534069"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lUzpNE30jpRKomriBACy2rs4XRqEVql6N2OczVIq2b0J%2Bh7Y%2FB9QgcfyVP98sidpnz8knwuvP%2BC69gmWsSz5HnJOeV2vFgXOKmYz6Rqfb0kSDT7tkZ1yIXiIr0yJWxwhfEUm7aLxhPjL3oEMw1qKcBM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
accept-ranges: bytes
cf-ray: 73d59ae1b99be6d0-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 48729

GET
H3 404 x2.jpg
clicks4freedom.com/img/ 341 B
341 B 351ms
346ms Image
text/html 2606:4700:3032::6815:4bee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://clicks4freedom.com/img/x2.jpg
Requested by: Host: clicks4freedom.com
URL: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:4bee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 664f2b1654c363a6348b688d5d475ed9ec0e7ef3c72f6f315f37fe97a2fe63eb

Request headers

accept-language: en-US,en;q=0.9
Referer: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Fri, 19 Aug 2022 20:23:05 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6pqCtfoKBAgev%2BdimQ3RaUsErT%2FNLgfR1rV6KxpBL9nFtGwYWzFnBDOpxbjCrRvaYXFKrzV1d5B3ijdkLXOFx67mSUYwYawa2SCa8HqyA7dphIotfHeZpbUfBzQFTUZYGxC%2BaAJLuE%2FyqYstRT9QU7Y%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html
cf-ray: 73d59ae1b99fe6d0-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 4.jpg
clicks4freedom.com/img/ 50 KB
51 KB 388ms
383ms Image
image/jpeg 2606:4700:3032::6815:4bee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://clicks4freedom.com/img/4.jpg
Requested by: Host: clicks4freedom.com
URL: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:4bee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d8c52e741d2269191bf4d7350e1b46ce419515da20bfee8a7230561862027269

Request headers

accept-language: en-US,en;q=0.9
Referer: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Fri, 19 Aug 2022 20:23:05 GMT
cf-cache-status: DYNAMIC
last-modified: Thu, 23 Jun 2022 14:57:43 GMT
server: cloudflare
etag: "2629134092"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iqWpWo6n71MhcuODjhw0xOa4IjEkyasIHOZ4bJAFAJ5GXgrYLZObt1h0%2FtG8r7HTYtIUDhLmdZnOnK86RxXiiiWFQLfvtKZXtxnm27s1vYsNz0UkxpBf7p9Tf%2B4lzmqAXOwFCTSCZ%2B2rjW1gu3ZdMvQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
accept-ranges: bytes
cf-ray: 73d59ae1b9a1e6d0-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 51660

GET
H3 200 iphone_fr_test_1.jpg
clicks4freedom.com/img/ 78 KB
79 KB 399ms
395ms Image
image/jpeg 2606:4700:3032::6815:4bee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://clicks4freedom.com/img/iphone_fr_test_1.jpg
Requested by: Host: clicks4freedom.com
URL: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:4bee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 55c68db1c402f37e1cc4b91eec434684e67c23a76628408f7fb276449f2d3ae2

Request headers

accept-language: en-US,en;q=0.9
Referer: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Fri, 19 Aug 2022 20:23:05 GMT
cf-cache-status: DYNAMIC
last-modified: Thu, 23 Jun 2022 14:57:42 GMT
server: cloudflare
etag: "1765894785"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3jtT3rjd2ZPV3btmeioUsDmXwIcpT%2FTGhv%2B89fpEcKaM6Tot9tFYLIkSQHy%2FPpL6%2FFDsNX2EMWJt7Jz6pfdnczG79MIlSgNwk35Ipxwc3qiOapt7Qu8VpS2MAfyf2q1wTbQulLUk%2FXzdUdvop0dFjLk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
accept-ranges: bytes
cf-ray: 73d59ae1b9a3e6d0-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 80151

GET
H3 200 wow.png
clicks4freedom.com/img/ 2 KB
3 KB 351ms
347ms Image
image/png 2606:4700:3032::6815:4bee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://clicks4freedom.com/img/wow.png
Requested by: Host: clicks4freedom.com
URL: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:4bee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ba1ca1f5946be5d7901bc3167808211a24036f1a0a56f7dafcc2aaca0c8d8ced

Request headers

accept-language: en-US,en;q=0.9
Referer: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Fri, 19 Aug 2022 20:23:05 GMT
cf-cache-status: DYNAMIC
last-modified: Thu, 23 Jun 2022 14:57:44 GMT
server: cloudflare
etag: "3868548206"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kn%2FnsaBDr%2FtgEsL8Z3SX%2BnfRavbphSmCj%2BQ15VOUqSbE8FHyQsH5dlAdS3g9J4c43FrSE2zfi4pudRA%2FEphInTJqsHsx4%2BjamenBxNVKLuZVcfC1wB8e3aBfEHk%2B3%2BhOBsM3v%2F4n1lVycPSLWHtWd6M%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
accept-ranges: bytes
cf-ray: 73d59ae1b9a4e6d0-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2118

GET
H3 200 5.jpg
clicks4freedom.com/img/ 46 KB
47 KB 393ms
389ms Image
image/jpeg 2606:4700:3032::6815:4bee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://clicks4freedom.com/img/5.jpg
Requested by: Host: clicks4freedom.com
URL: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:4bee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c3401ff0b047bd896a0f6e22c032b6b5d01bf6e18381db39d5ed3678fc913cab

Request headers

accept-language: en-US,en;q=0.9
Referer: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Fri, 19 Aug 2022 20:23:05 GMT
cf-cache-status: DYNAMIC
last-modified: Thu, 23 Jun 2022 14:57:44 GMT
server: cloudflare
etag: "4084292135"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EhCNVF86pNPKo49AqJZt%2F25mz1qF5uH9H7QUWz3YW5lVbUzPDciFFc%2FresUg7mZyLSmbpAUzzboFKPPSOhhUjTk%2BVCHZM8e8xgdb8kgodMbXlEHdCe0yEf29XERIUyny5iuGM5zQlMXZ0rx4HZDLLww%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
accept-ranges: bytes
cf-ray: 73d59ae1b9a5e6d0-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 47307

GET
H3 200 f_guarantee.png
clicks4freedom.com/img/ 6 KB
7 KB 351ms
347ms Image
image/png 2606:4700:3032::6815:4bee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://clicks4freedom.com/img/f_guarantee.png
Requested by: Host: clicks4freedom.com
URL: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:4bee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bf97443d681d2bc0ca04b707d0d3d443bcf99b1bf4fc0af84ac51286d0b4e02b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Fri, 19 Aug 2022 20:23:05 GMT
cf-cache-status: DYNAMIC
last-modified: Thu, 23 Jun 2022 14:57:40 GMT
server: cloudflare
etag: "2075213504"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eZeuH3f8enKNgUPVGvIqtYcNzgbd8R0L63%2FigbpHQTt1bkBRgn6z%2Bv9BAsEJncjCfO0CHzSE8rWqghA7cSvoSZffo2DS1jkaS8uuIHiyEVlUh6eP0iziYbkqFSbos1Du4XetkDJV19%2BNl8IkE2zSKiM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
accept-ranges: bytes
cf-ray: 73d59ae1b9a6e6d0-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6352

GET
H3 200 f_secure_1.png
clicks4freedom.com/img/ 10 KB
10 KB 351ms
348ms Image
image/png 2606:4700:3032::6815:4bee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://clicks4freedom.com/img/f_secure_1.png
Requested by: Host: clicks4freedom.com
URL: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:4bee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c6c896e27ff1f1d6cb22ce652dcca916946ce9f003bcb4fe30d1265fcb531a95

Request headers

accept-language: en-US,en;q=0.9
Referer: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Fri, 19 Aug 2022 20:23:05 GMT
cf-cache-status: DYNAMIC
last-modified: Thu, 23 Jun 2022 14:57:44 GMT
server: cloudflare
etag: "3340687817"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kOxIDvgJ5gD7%2Bqh6W3geYPUnnkQZ91oEEi3BKHGkqwVOCEUFAzQhM%2BoWT4zT90LMkEoGpfpfX8B%2FHo0EaN7%2B6fzpkX%2FNbPH8kcE7UO6FuU6jnMy4bssT3CZpDKmrEG%2BvcHyYZundtthwtpQR6quQKmk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
accept-ranges: bytes
cf-ray: 73d59ae1b9a7e6d0-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 9862

GET
H3 200 timer.js Show response
clicks4freedom.com/js/ 784 B
855 B 287ms
287ms Script
application/javascript 2606:4700:3032::6815:4bee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://clicks4freedom.com/js/timer.js
Requested by: Host: clicks4freedom.com
URL: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:4bee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3ad41cb6cc140f2799fb0b61dfd5fcbece1f0bc2c132b1062209101b09a683ea

Request headers

accept-language: en-US,en;q=0.9
Referer: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Fri, 19 Aug 2022 20:23:05 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Thu, 23 Jun 2022 14:57:44 GMT
server: cloudflare
etag: W/"1273470249"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rNR0UaxflY%2BYlhnHNH21NuWAD788%2FA8KGKu5VpRPo%2B2jWgYrWCQmIvucztdbXaK8RjHm5n1Nin7UX42ugsZLYsGfkfxqcOWfCdvDJdS2N3%2Fddw4q5z2mq99BMLtai%2BnxkfKGnxtsxenLIddyh31aeAE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cf-ray: 73d59ae0983fe6d0-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 logo_black.png
clicks4freedom.com/img/ 14 KB
15 KB 406ms
403ms Image
image/png 2606:4700:3032::6815:4bee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://clicks4freedom.com/img/logo_black.png
Requested by: Host: clicks4freedom.com
URL: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:4bee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f9126e64a8d1dcd29b78e78a1526f96c1c700fbae3eb73cfa30894abcf292db9

Request headers

accept-language: en-US,en;q=0.9
Referer: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Fri, 19 Aug 2022 20:23:05 GMT
cf-cache-status: DYNAMIC
last-modified: Thu, 23 Jun 2022 14:57:40 GMT
server: cloudflare
etag: "1650556191"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jRlinZNeez9jxG1sFdFNtGVaPn4phC9W%2F6VHRcw9CnigIsRDjh2YYkycDuUcH0WGpaq5QBjF6fAqr2Sba8VLOldfl4yAdZ28sMvDo4ucgaguXrfPj7a8XktX5mIkYARpOnZ0mE6p5enfwaKs2eutny0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
accept-ranges: bytes
cf-ray: 73d59ae1b9a8e6d0-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 14809

GET
H2 200 64d5p99gj0 Show response
trk-consulatu.com/scripts/push/script/ 7 KB
3 KB 185ms
79ms Script
application/javascript 2606:4700:3037::6815:1725
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://trk-consulatu.com/scripts/push/script/64d5p99gj0?url=clicks4freedom.com

Requested by

Host: clicks4freedom.com
URL: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::6815:1725 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

52c947bf15495b69d0b2bb9ea339beed7b88ca3100a32c34d3bfebe164c1c669

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://clicks4freedom.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Fri, 19 Aug 2022 20:23:05 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: DENY
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MFRhXNyk6%2ByhqEXJqpzIg1UCvl3xEa2qxuO38VrVtmij5z%2F5zJShcJAr6EVIaIvMAH95iStC7rhqqV8gC8nQEcXYqaaCy8Nq7gqjDz4znIR5%2FINFKpilCJfAzAEofuYRsgbuUobee3EB9dd8N4TkRg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript;charset=UTF-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
cf-ray: 73d59ae25dc5efd0-EWR
expires: 0

GET
H3 200 banner.jpg
clicks4freedom.com/img/ 2 MB
2 MB 398ms
395ms Image
image/jpeg 2606:4700:3032::6815:4bee
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://clicks4freedom.com/img/banner.jpg
Requested by: Host: clicks4freedom.com
URL: https://clicks4freedom.com/css/customredisp2.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:4bee , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e1d8f589dad2ab64f0e60915a1a97bc84ecbd7987281d4f5e9d7983e6baae196

Request headers

accept-language: en-US,en;q=0.9
Referer: https://clicks4freedom.com/css/customredisp2.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Fri, 19 Aug 2022 20:23:05 GMT
cf-cache-status: DYNAMIC
last-modified: Thu, 23 Jun 2022 14:57:43 GMT
server: cloudflare
etag: "3853148423"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kWkCs8xp09PEucnHdoKhFzkTv3OK%2Fe05POvo3nskaMM%2BL59eKiIUhRct0mylfXnwqpQhDxxovWRQAJX8PguuzUN%2BEf4KP%2BTS4moovp3lrChZ%2F6U2vgYdXqLWgySZMm05a1IUdO8KQ9il0hjsNjiuhcE%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
accept-ranges: bytes
cf-ray: 73d59ae1b9aae6d0-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2356426

OPTIONS
H2 200 oldw1rx6gz
event.trk-consulatu.com/register/event_log/ 0
0 168ms
72ms Preflight 2606:4700:3037::6815:1725
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://event.trk-consulatu.com/register/event_log/oldw1rx6gz
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::6815:1725 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://clicks4freedom.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: https://clicks4freedom.com
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-max-age: 1800
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 73d59ae77ca6b0bb-ATL
content-length: 0
date: Fri, 19 Aug 2022 20:23:06 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kBV7hJr7rQjDuEYv1FpLTU4d%2FM0Ctjl%2BQBTgg%2FV8597F1WTibXgIQ6Lk%2BZae7oHXsPDdrQ5gLTopBw9sfiT0jI8cygSpT9rLbtHnRCVTyC%2FGsx2%2Bt%2FUeVsZm9Qse3taurnOk%2BNXpfPZKwJjRJHIa1JvQYNe5yw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers

POST
H3 200 oldw1rx6gz
event.trk-consulatu.com/register/event_log/ 0
0 114ms
70ms Fetch 2606:4700:3037::6815:1725
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://event.trk-consulatu.com/register/event_log/oldw1rx6gz

Requested by

Host: trk-consulatu.com
URL: https://trk-consulatu.com/scripts/push/script/64d5p99gj0?url=clicks4freedom.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::6815:1725 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://clicks4freedom.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-type: application/json

Response headers

date: Fri, 19 Aug 2022 20:23:06 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-pushplatformapp-alert: pushPlatformApp.pushSubscription.deleted
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
expires: 0
server: cloudflare
x-frame-options: DENY
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mv76Il6803dnDeRzCzsiyi5cPzShR03q5ieduLCCKly8rncnbQsi4UCjn9sfDzoHUDwTht9BcnvsNlTIuq%2FjQyldE47%2B%2FFdS48MWOFZHGIi2n2%2BbLqyLheiLzff%2BJa7XBZurp7bENAjbtz8nllj%2BGkgZvY9RMw%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://clicks4freedom.com
access-control-expose-headers: Authorization, Link, X-Total-Count
cache-control: no-cache, no-store, max-age=0, must-revalidate
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
access-control-allow-credentials: true
cf-ray: 73d59ae82a1fb060-ATL
x-pushplatformapp-params

OPTIONS
H2 200 oldw1rx6gz
event.trk-consulatu.com/register/event_log/ 0
0 164ms
70ms Preflight 2606:4700:3037::6815:1725
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://event.trk-consulatu.com/register/event_log/oldw1rx6gz
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::6815:1725 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://clicks4freedom.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: https://clicks4freedom.com
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-max-age: 1800
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 73d59ae77caab0bb-ATL
content-length: 0
date: Fri, 19 Aug 2022 20:23:06 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oWyAMIXBTvI9CWU3p4LaBQ%2FbwYwxJAlWMFgjEHKs4CVNE4yBfiyz7R7SIRq1nyLZ569ZzZu%2FpUF3sZ7ehGk%2FgyhZ09Z9NgLK1NCm6uhYlmJ6%2FCPWbunDYDaZSE59HixkE%2BLO%2FvkK5Lx9%2BM7pg8ZoWBYmGlo83g%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers

POST
H3 200 oldw1rx6gz
event.trk-consulatu.com/register/event_log/ 0
0 117ms
71ms Fetch 2606:4700:3037::6815:1725
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://event.trk-consulatu.com/register/event_log/oldw1rx6gz

Requested by

Host: trk-consulatu.com
URL: https://trk-consulatu.com/scripts/push/script/64d5p99gj0?url=clicks4freedom.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::6815:1725 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://clicks4freedom.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-type: application/json

Response headers

date: Fri, 19 Aug 2022 20:23:06 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-pushplatformapp-alert: pushPlatformApp.pushSubscription.deleted
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
expires: 0
server: cloudflare
x-frame-options: DENY
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WRQmAIHjpYSXoeSaXCBIaKZxlbvgXUbFXyg4GYjK2AWSuXv0r3azwzByRPAcuVjVHOlNGpo%2FOOafMkbhGGNB0R5ASjHYLaJw4RSsl17qHa4gWrUj9jhh2W8cygXQQAp1fAGGyr3p%2Bse97ItHLekc03nJIhUrkQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://clicks4freedom.com
access-control-expose-headers: Authorization, Link, X-Total-Count
cache-control: no-cache, no-store, max-age=0, must-revalidate
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
access-control-allow-credentials: true
cf-ray: 73d59ae82a22b060-ATL
x-pushplatformapp-params

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Scam (Online)

48 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.lpredirect.com/	1970-01-20 14:58:20	Name: uniqueClick_C36MNMM Value: 22e8c44e-c65c-4619-a848-398040446e93:1660940583
www.lpredirect.com/	1970-01-20 07:31:56	Name: transaction_id Value: 0e6c2867e4ca46a880c184c63c41371f
clicks4freedom.com/	1969-12-31 23:59:59	Name: SESSIONIDS Value: Y9WT7UFWIZ

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://clicks4freedom.com/img/ava.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://clicks4freedom.com/img/sad.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://clicks4freedom.com/img/x2.jpg Message: Failed to load resource: the server responded with a status of 404 ()
other	error	URL: https://clicks4freedom.com/?encoded_value=24QSBG&source_id=2655&sub1=bfa5c71ccfb2404eaa8e4f1c079d481f&sub2=&sub3=&sub4=&sub5= Message: Chrome currently does not support the Push API in incognito mode (https://crbug.com/401439). There is deliberately no way to feature-detect this, since incognito mode needs to be undetectable by websites.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
clicks4freedom.com
esprithouse.com
event.trk-consulatu.com
s3-us-west-2.amazonaws.com
trk-consulatu.com
www.lpredirect.com
www.obetincloud.com
161.129.69.48
181.214.242.99
2606:4700:3032::6815:4bee
2606:4700:3037::6815:1725
2607:f8b0:4006:824::200a
34.117.79.165
52.92.161.184
0c2c4e5d34b502f1dadc324847956c1775165dec3b5383828536713c1fd9406f
316a6975de3078b71f6d0c0f92ac22b0f4586e6d048ed7808339e6b5e3cface2
3ad41cb6cc140f2799fb0b61dfd5fcbece1f0bc2c132b1062209101b09a683ea
3b4112d018aa51d02571af877208328bddb900b01aab55d881daf0e37b9248a6
3dc08e38fdf43aacbddfd66aa1296477ca8debc634f4d046b968bef1f1422ec0
52c947bf15495b69d0b2bb9ea339beed7b88ca3100a32c34d3bfebe164c1c669
55c68db1c402f37e1cc4b91eec434684e67c23a76628408f7fb276449f2d3ae2
59cc1d4bffd1ff0dc79947be1723f97ab0e32018791c0981b096cd2b60351231
5f802d314b51ab2b5d692ee180db50de925778f5b8b1e4aa99e03ebbcc22b3f6
63538636408d694425020b341235e224b91a191cd704704649e00b970c91bdf2
664f2b1654c363a6348b688d5d475ed9ec0e7ef3c72f6f315f37fe97a2fe63eb
6d894003d6071be103ca497c54461c500d2656e88003dd0afed8cdc0ed7bffe3
735ee02711d4d62d8cfba0c075237f227491a044441540d39f8c8203ccd54cea
7ca149b3cceff96e46271c81bc29cb4ecc52e44ee015e539a67dbdc55a41b90a
89c620db5c942f519d01f1fb1a8af66d054e0389e325540158c60b7a1bd3fe33
8c76748729ce1fc56232fed6a8aff3fef2f9b947f4e0e3ffd6a50d2f6828d1a7
8fccb5c96c54856548fbad584f0e41f72313b94b33ec32d328985b3267f4035e
abd9792cbf8616eff5f3d6fd5451f5a224b665bbc0b20cc6f75918bea91a4aab
b0a79f2bd09a605d906f23c84884ecaf4cf9fee5f0286040e9a0f889d6790ca0
ba1ca1f5946be5d7901bc3167808211a24036f1a0a56f7dafcc2aaca0c8d8ced
bb640067b5d233f221c2a280bb5be089cc087a872941ae5f588f8230b60bee40
bf97443d681d2bc0ca04b707d0d3d443bcf99b1bf4fc0af84ac51286d0b4e02b
c3401ff0b047bd896a0f6e22c032b6b5d01bf6e18381db39d5ed3678fc913cab
c6c896e27ff1f1d6cb22ce652dcca916946ce9f003bcb4fe30d1265fcb531a95
d8c52e741d2269191bf4d7350e1b46ce419515da20bfee8a7230561862027269
df5c4cd2d92ba6a95e1ad788f59d132c1bedd8c11d0d8518af285f4dbde68cb3
e1d8f589dad2ab64f0e60915a1a97bc84ecbd7987281d4f5e9d7983e6baae196
eb97f1ceb86cf65febe6fc09278d503747f140e18297b6da6ee4bdcd41479f43
f0a8753fcb15ca3c5cdaf3c64928c0e3ff9fdb7e23d2555c8e6dcca6839d2b34
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f9126e64a8d1dcd29b78e78a1526f96c1c700fbae3eb73cfa30894abcf292db9

clicks4freedom.com Open in urlscan Pro 2606:4700:3032::6815:4bee Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

39 Requests

100 %HTTPS

43 %IPv6

7 Domains

8 Subdomains

4 IPs

2 Countries

4051 kBTransfer

4153 kBSize

3 Cookies

1 Outgoing links

Page URL History

Redirected requests

39 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

clicks4freedom.com Open in urlscan Pro
2606:4700:3032::6815:4bee Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

39
Requests

100 %
HTTPS

43 %
IPv6

7
Domains

8
Subdomains

4
IPs

2
Countries

4051 kB
Transfer

4153 kB
Size

3
Cookies

39 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!