urlscan.io logo urlscan.io
SecurityTrails logo

message.freshnewmessage.com Open in urlscan Pro
2606:4700:3037::ac43:8db3  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://bit.ly/34VsYJT#410689679a1630504a12634
Effective URL: https://message.freshnewmessage.com/js2/o/nw/n5_n/index.html
Submission: On February 06 via api from BE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 12 IPs in 4 countries across 16 domains to perform 17 HTTP transactions. The main IP is 2606:4700:3037::ac43:8db3, located in United States and belongs to CLOUDFLARENET, US. The main domain is message.freshnewmessage.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on January 11th 2021. Valid for: a year.
This is the only time message.freshnewmessage.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 67.199.248.11 396982 (GOOGLE-PR...)
1 2 172.245.13.29 36352 (AS-COLOCR...)
1 107.173.219.95 36352 (AS-COLOCR...)
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
3 2606:4700:303... 13335 (CLOUDFLAR...)
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 1 213.227.134.196 60781 (LEASEWEB-...)
1 2 67.212.173.76 32475 (SINGLEHOP...)
1 1 18.184.175.15 16509 (AMAZON-02)
1 116.202.159.170 24940 (HETZNER-AS)
3 2606:4700:303... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 94.130.239.212 24940 (HETZNER-AS)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700:303... 13335 (CLOUDFLAR...)
17 12
1    67.199.248.11 (United States)

ASN396982 (GOOGLE-PRIVATE-CLOUD, US)
PTR: bit.ly
bit.ly
2    172.245.13.29 (Buffalo, United States)

ASN36352 (AS-COLOCROSSING, US)
PTR: 172-245-13-29-host.colocrossing.com
dfh2fgh.kitanders.com
1    107.173.219.95 (Buffalo, United States)

ASN36352 (AS-COLOCROSSING, US)
PTR: 107-173-219-95-host.colocrossing.com
trajactapps.com
1    2606:4700:3037::ac43:b63d (United States)

ASN13335 (CLOUDFLARENET, US)
wing.eygenci.com
3    2606:4700:3036::ac43:dfaf (United States)

ASN13335 (CLOUDFLARENET, US)
fallback3.ueive.com
1    2606:4700:3035::ac43:8643 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.addlnk.com
1    213.227.134.196 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
clickbytemedia.go2affise.com
2    67.212.173.76 (Chicago, United States)

ASN32475 (SINGLEHOP-LLC, US)
PTR: server04.com-2.mobi
clock.daisybuleonclock.com
1    18.184.175.15 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-184-175-15.eu-central-1.compute.amazonaws.com
gmail.kintura.io
1    116.202.159.170 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.170.159.202.116.clients.your-server.de
4507510.catchtheclick.com
3    2606:4700:3037::ac43:8db3 (United States)

ASN13335 (CLOUDFLARENET, US)
message.freshnewmessage.com
1    2a00:1450:4001:828::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    94.130.239.212 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.212.239.130.94.clients.your-server.de
specializedlink.com
2    2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2a00:1450:400c:c00::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    2606:4700:3033::6815:b65 (United States)

ASN13335 (CLOUDFLARENET, US)
bonga.liveplayingnow.com
Domain Requested by
3 message.freshnewmessage.com 4507510.catchtheclick.com
message.freshnewmessage.com
3 fallback3.ueive.com trajactapps.com
fallback3.ueive.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 clock.daisybuleonclock.com 1 redirects fallback3.ueive.com
2 dfh2fgh.kitanders.com 1 redirects
1 bonga.liveplayingnow.com message.freshnewmessage.com
1 stats.g.doubleclick.net www.google-analytics.com
1 specializedlink.com message.freshnewmessage.com
1 www.googletagmanager.com message.freshnewmessage.com
1 4507510.catchtheclick.com clock.daisybuleonclock.com
1 gmail.kintura.io 1 redirects
1 clickbytemedia.go2affise.com 1 redirects
1 cdn.addlnk.com fallback3.ueive.com
1 wing.eygenci.com 1 redirects
1 trajactapps.com dfh2fgh.kitanders.com
1 bit.ly 1 redirects
17 16

This site contains no links.

Subject Issuer Validity Valid
trajactapps.com
Sectigo RSA Domain Validation Secure Server CA		 2020-12-03 -
2021-12-13		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2020-08-21 -
2021-08-21		 a year crt.sh
clock.daisybuleonclock.com
R3		 2021-01-26 -
2021-04-26		 3 months crt.sh
*.catchtheclick.com
Let's Encrypt Authority X3		 2020-11-11 -
2021-02-09		 3 months crt.sh
*.google-analytics.com
GTS CA 1O1		 2021-01-19 -
2021-04-13		 3 months crt.sh
specializedlink.com
R3		 2020-12-16 -
2021-03-16		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1O1		 2021-01-19 -
2021-04-13		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://message.freshnewmessage.com/js2/o/nw/n5_n/index.html
Frame ID: 77774A0909220BFC20BEED28DAA33424
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://bit.ly/34VsYJT HTTP 301
    http://dfh2fgh.kitanders.com/1770777qd2191478iW0zy0sw24RXr106760KHsh Page URL
  2. http://dfh2fgh.kitanders.com/1770777qd2191478iW0zy0sw24RXr106760KHsh?inf=410689679a1630504a12634 HTTP 302
    https://trajactapps.com/1763c827d8cba9b5000/15b-1770777-1630504-106760-12634-/410689679 Page URL
  3. https://wing.eygenci.com/oc/72c5d39a7c?affclick=1118729267&pubid=690344 HTTP 302
    https://fallback3.ueive.com/rc/d92944b1c7?af5=offer-campaign-target-notvalid Page URL
  4. https://clickbytemedia.go2affise.com/click?pid=943&offer_id=737406&sub1=pubf2b5ebd7625849608705726dd0f1241d&sub2= HTTP 302
    https://clock.daisybuleonclock.com/?utm_medium=c46dc61af81bd06b95cc3c4060f0d9e3e5980f24&utm_campaign=WW_Smartli... Page URL
  5. https://clock.daisybuleonclock.com/proc.php?48331f8e44518ca1a41767d134d27ffe67632fb7 HTTP 302
    https://gmail.kintura.io/in/2md774OHKyyeroir00iP?cost=0&extid=M6926076768491143201&partnid=18671&plac... HTTP 302
    https://4507510.catchtheclick.com/?mob=dNg0yM7orh7w7FmfddpVRg08_HhpbNIqq7K27UEKILMDFVVz1-Uh0cA0IvAKYdcGHKZePq2... Page URL
  6. https://message.freshnewmessage.com/js2/o/nw/n5_n/index.html Page URL

Page Statistics

17
Requests

94 %
HTTPS

50 %
IPv6

16
Domains

16
Subdomains

12
IPs

4
Countries

88 kB
Transfer

214 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://bit.ly/34VsYJT HTTP 301
    http://dfh2fgh.kitanders.com/1770777qd2191478iW0zy0sw24RXr106760KHsh Page URL
  2. http://dfh2fgh.kitanders.com/1770777qd2191478iW0zy0sw24RXr106760KHsh?inf=410689679a1630504a12634 HTTP 302
    https://trajactapps.com/1763c827d8cba9b5000/15b-1770777-1630504-106760-12634-/410689679 Page URL
  3. https://wing.eygenci.com/oc/72c5d39a7c?affclick=1118729267&pubid=690344 HTTP 302
    https://fallback3.ueive.com/rc/d92944b1c7?af5=offer-campaign-target-notvalid Page URL
  4. https://clickbytemedia.go2affise.com/click?pid=943&offer_id=737406&sub1=pubf2b5ebd7625849608705726dd0f1241d&sub2= HTTP 302
    https://clock.daisybuleonclock.com/?utm_medium=c46dc61af81bd06b95cc3c4060f0d9e3e5980f24&utm_campaign=WW_SmartlinkWW_Smartlink_LYY&1=943.&cid=601e5e1f9156ef0001e0356a Page URL
  5. https://clock.daisybuleonclock.com/proc.php?48331f8e44518ca1a41767d134d27ffe67632fb7 HTTP 302
    https://gmail.kintura.io/in/2md774OHKyyeroir00iP?cost=0&extid=M6926076768491143201&partnid=18671&placid=18671-52342e41 HTTP 302
    https://4507510.catchtheclick.com/?mob=dNg0yM7orh7w7FmfddpVRg08_HhpbNIqq7K27UEKILMDFVVz1-Uh0cA0IvAKYdcGHKZePq2lYxzxgBIkrpMzTg&clickid=ab0Tvy9dosW5c53lAxsKl1u Page URL
  6. https://message.freshnewmessage.com/js2/o/nw/n5_n/index.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://bit.ly/34VsYJT HTTP 301
  • http://dfh2fgh.kitanders.com/1770777qd2191478iW0zy0sw24RXr106760KHsh
Request Chain 1
  • http://dfh2fgh.kitanders.com/1770777qd2191478iW0zy0sw24RXr106760KHsh?inf=410689679a1630504a12634 HTTP 302
  • https://trajactapps.com/1763c827d8cba9b5000/15b-1770777-1630504-106760-12634-/410689679
Request Chain 2
  • https://wing.eygenci.com/oc/72c5d39a7c?affclick=1118729267&pubid=690344 HTTP 302
  • https://fallback3.ueive.com/rc/d92944b1c7?af5=offer-campaign-target-notvalid
Request Chain 6
  • https://clickbytemedia.go2affise.com/click?pid=943&offer_id=737406&sub1=pubf2b5ebd7625849608705726dd0f1241d&sub2= HTTP 302
  • https://clock.daisybuleonclock.com/?utm_medium=c46dc61af81bd06b95cc3c4060f0d9e3e5980f24&utm_campaign=WW_SmartlinkWW_Smartlink_LYY&1=943.&cid=601e5e1f9156ef0001e0356a
Request Chain 7
  • https://clock.daisybuleonclock.com/proc.php?48331f8e44518ca1a41767d134d27ffe67632fb7 HTTP 302
  • https://gmail.kintura.io/in/2md774OHKyyeroir00iP?cost=0&extid=M6926076768491143201&partnid=18671&placid=18671-52342e41 HTTP 302
  • https://4507510.catchtheclick.com/?mob=dNg0yM7orh7w7FmfddpVRg08_HhpbNIqq7K27UEKILMDFVVz1-Uh0cA0IvAKYdcGHKZePq2lYxzxgBIkrpMzTg&clickid=ab0Tvy9dosW5c53lAxsKl1u

17 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
1770777qd2191478iW0zy0sw24RXr106760KHsh
dfh2fgh.kitanders.com/
Redirect Chain
  • https://bit.ly/34VsYJT
  • http://dfh2fgh.kitanders.com/1770777qd2191478iW0zy0sw24RXr106760KHsh
214 B
425 B 		Document
General
Check archive.org
Download Go to
Full URL
http://dfh2fgh.kitanders.com/1770777qd2191478iW0zy0sw24RXr106760KHsh
Protocol
HTTP/1.1
Server
172.245.13.29 Buffalo, United States, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS
172-245-13-29-host.colocrossing.com
Software
Apache/2.4.6 (CentOS) /
Resource Hash

Request headers

Host
dfh2fgh.kitanders.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 06 Feb 2021 09:15:10 GMT
Server
Apache/2.4.6 (CentOS)
Content-Length
214
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8

Redirect headers

server
nginx
date
Sat, 06 Feb 2021 09:15:09 GMT
content-type
text/html; charset=utf-8
content-length
155
cache-control
private, max-age=90
content-security-policy
referrer always;
location
http://dfh2fgh.kitanders.com/1770777qd2191478iW0zy0sw24RXr106760KHsh
referrer-policy
unsafe-url
set-cookie
_bit=l169f9-f50d88caee69b9ebc1-00b; Domain=bit.ly; Expires=Thu, 05 Aug 2021 09:15:09 GMT
via
1.1 google
alt-svc
clear
Cookie set 410689679
trajactapps.com/1763c827d8cba9b5000/15b-1770777-1630504-106760-12634-/
Redirect Chain
  • http://dfh2fgh.kitanders.com/1770777qd2191478iW0zy0sw24RXr106760KHsh?inf=410689679a1630504a12634
  • https://trajactapps.com/1763c827d8cba9b5000/15b-1770777-1630504-106760-12634-/410689679
134 B
447 B 		Document
General
Check archive.org
Download Go to
Full URL
https://trajactapps.com/1763c827d8cba9b5000/15b-1770777-1630504-106760-12634-/410689679
Requested by
Host: dfh2fgh.kitanders.com
URL: http://dfh2fgh.kitanders.com/1770777qd2191478iW0zy0sw24RXr106760KHsh
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.173.219.95 Buffalo, United States, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS
107-173-219-95-host.colocrossing.com
Software
Apache /
Resource Hash

Request headers

Host
trajactapps.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
document
Referer
http://dfh2fgh.kitanders.com/1770777qd2191478iW0zy0sw24RXr106760KHsh
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
http://dfh2fgh.kitanders.com/1770777qd2191478iW0zy0sw24RXr106760KHsh#410689679a1630504a12634

Response headers

Date
Sat, 06 Feb 2021 09:15:11 GMT
Server
Apache
Set-Cookie
uid24690=1118729267-20210206041511-d4b020e88075f16ae101abe92f50d34d-; domain=; expires=Mon, 08-Mar-2021 09:15:11 GMT; path=/; SameSite=None; Secure
Content-Length
134
Connection
close
Content-Type
text/html; charset=UTF-8

Redirect headers

Date
Sat, 06 Feb 2021 09:15:10 GMT
Server
Apache/2.4.6 (CentOS)
location
https://trajactapps.com/1763c827d8cba9b5000/15b-1770777-1630504-106760-12634-/410689679
Content-Length
0
Keep-Alive
timeout=5, max=99
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
d92944b1c7
fallback3.ueive.com/rc/
Redirect Chain
  • https://wing.eygenci.com/oc/72c5d39a7c?affclick=1118729267&pubid=690344
  • https://fallback3.ueive.com/rc/d92944b1c7?af5=offer-campaign-target-notvalid
2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://fallback3.ueive.com/rc/d92944b1c7?af5=offer-campaign-target-notvalid
Requested by
Host: trajactapps.com
URL: https://trajactapps.com/1763c827d8cba9b5000/15b-1770777-1630504-106760-12634-/410689679
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:dfaf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

:method
GET
:authority
fallback3.ueive.com
:scheme
https
:path
/rc/d92944b1c7?af5=offer-campaign-target-notvalid
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://trajactapps.com/1763c827d8cba9b5000/15b-1770777-1630504-106760-12634-/410689679
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://trajactapps.com/1763c827d8cba9b5000/15b-1770777-1630504-106760-12634-/410689679

Response headers

date
Sat, 06 Feb 2021 09:15:11 GMT
content-type
text/html; charset=utf-8
set-cookie
__cfduid=d51fa9cbf75ebd052b82564b8b97fa4c91612602911; expires=Mon, 08-Mar-21 09:15:11 GMT; path=/; domain=.ueive.com; HttpOnly; SameSite=Lax AWSELB=C723C109122745B344257D865D5D1ACC183B61B7F154C07B44CC549AD61E6569EAF15491A171997A94F28DBB5D5462CB427C91D87F8E2914CA2A768F32E584C6A31E29DE7E;PATH=/;MAX-AGE=360
cache-control
no-cache="set-cookie"
content-language
en
vary
Accept-Encoding,Accept-Language,Cookie
cf-cache-status
DYNAMIC
cf-request-id
081838c2fe0000178aa530b000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2BNvCO9aJPVPbf9C%2BG2ZeHiinUDWG6BrGZbAlAUlakKfWGtYsKviJwAc%2F0SAEV4EygZrbOv6dcuXhGPDCtLP6UsgEAfH18OeYMe8ZDYmGvg28%2BuOV8r7ZX%2B011wbcNqIS"}]}
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
61d3c3e4cc3f178a-FRA
content-encoding
br

Redirect headers

date
Sat, 06 Feb 2021 09:15:11 GMT
content-type
text/html; charset=utf-8
set-cookie
__cfduid=de79cfaa2c0d2a88135677c1acea39f8e1612602911; expires=Mon, 08-Mar-21 09:15:11 GMT; path=/; domain=.eygenci.com; HttpOnly; SameSite=Lax AWSELB=C723C109122745B344257D865D5D1ACC183B61B7F154C07B44CC549AD61E6569EAF15491A171997A94F28DBB5D5462CB427C91D87F8E2914CA2A768F32E584C6A31E29DE7E;PATH=/;MAX-AGE=360
cache-control
no-cache="set-cookie"
content-language
en
location
https://fallback3.ueive.com/rc/d92944b1c7?af5=offer-campaign-target-notvalid
vary
Accept-Language,Cookie
cf-cache-status
DYNAMIC
cf-request-id
081838c28f00004a9828379000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ACNxaiC4RpO2QobQWeH7c1aRKAjNINHgsFtFNq7P8i3hhICMDM0KVQZmfAjb0hd66bNi2jXeags0fgZb5xUrxeuQd5qQo1rg7zxB7PTc0Iw37tvW9JQTurAWcPmb"}]}
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
61d3c3e41d274a98-FRA
redirect.css
cdn.addlnk.com/ 		0
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.addlnk.com/redirect.css
Requested by
Host: fallback3.ueive.com
URL: https://fallback3.ueive.com/rc/d92944b1c7?af5=offer-campaign-target-notvalid
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::ac43:8643 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers
api.js
fallback3.ueive.com/cdn-cgi/bm/cv/669835187/ 		35 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fallback3.ueive.com/cdn-cgi/bm/cv/669835187/api.js
Requested by
Host: fallback3.ueive.com
URL: https://fallback3.ueive.com/rc/d92944b1c7?af5=offer-campaign-target-notvalid
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:dfaf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 06 Feb 2021 09:15:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=aU4su9a3BOEgCyicq5eW7e5r5%2FTxv1AHFwNINSklLYQSgyZeqn448%2FjUikmeypqZXErHWfjbZbXAd018oMuqOMVlioXS44JUSCQb7jCasl8%2BYgW%2BSg4QXHlxWSfuVPes"}]}
content-type
text/javascript
cache-control
max-age=604800, public
cf-ray
61d3c3e58d6b178a-FRA
cf-request-id
081838c3790000178a83a91000000001
result
fallback3.ueive.com/cdn-cgi/bm/cv/ 		0
503 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fallback3.ueive.com/cdn-cgi/bm/cv/result?req_id=61d3c3e4cc3f178a
Requested by
Host: fallback3.ueive.com
URL: https://fallback3.ueive.com/cdn-cgi/bm/cv/669835187/api.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:dfaf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/json

Response headers

date
Sat, 06 Feb 2021 09:15:11 GMT
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=LDufHAwcc5vWeYd6r%2BR%2BVy1ukFAuai56wt%2FyVPTEgMHjnZU820BcNDtxo7oSA%2B3wmfZzTwOKktxno6iwbPFFr%2BndnIqECeQR43bnvlNi8E3aPf9tmf6bzOhl17XPWZsO"}]}
cf-ray
61d3c3e64e80178a-FRA
cf-request-id
081838c3e90000178a4a9ed000000001
/
clock.daisybuleonclock.com/
Redirect Chain
  • https://clickbytemedia.go2affise.com/click?pid=943&offer_id=737406&sub1=pubf2b5ebd7625849608705726dd0f1241d&sub2=
  • https://clock.daisybuleonclock.com/?utm_medium=c46dc61af81bd06b95cc3c4060f0d9e3e5980f24&utm_campaign=WW_SmartlinkWW_Smartlink_LYY&1=943.&cid=601e5e1f9156ef0001e0356a
9 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://clock.daisybuleonclock.com/?utm_medium=c46dc61af81bd06b95cc3c4060f0d9e3e5980f24&utm_campaign=WW_SmartlinkWW_Smartlink_LYY&1=943.&cid=601e5e1f9156ef0001e0356a
Requested by
Host: fallback3.ueive.com
URL: https://fallback3.ueive.com/rc/d92944b1c7?af5=offer-campaign-target-notvalid
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
67.212.173.76 Chicago, United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx / PHP/7.4.10
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;

Request headers

:method
GET
:authority
clock.daisybuleonclock.com
:scheme
https
:path
/?utm_medium=c46dc61af81bd06b95cc3c4060f0d9e3e5980f24&utm_campaign=WW_SmartlinkWW_Smartlink_LYY&1=943.&cid=601e5e1f9156ef0001e0356a
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://fallback3.ueive.com/rc/d92944b1c7?af5=offer-campaign-target-notvalid

Response headers

server
nginx
date
Sat, 06 Feb 2021 09:15:12 GMT
content-type
text/html; charset=utf-8
vary
Accept-Encoding
x-powered-by
PHP/7.4.10
cache-control
no-store, no-cache, must-revalidate, max-age=0
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
set-cookie
u=49e3630163d61b23a91923745e5a2a5e; expires=Sun, 06-Feb-2022 09:15:12 GMT; Max-Age=31536000; path=/
strict-transport-security
max-age=31536000; includeSubdomains;
content-encoding
gzip

Redirect headers

server
nginx
date
Sat, 06 Feb 2021 09:15:11 GMT
content-type
text/html; charset=utf-8
content-length
200
location
https://clock.daisybuleonclock.com/?utm_medium=c46dc61af81bd06b95cc3c4060f0d9e3e5980f24&utm_campaign=WW_SmartlinkWW_Smartlink_LYY&1=943.&cid=601e5e1f9156ef0001e0356a
set-cookie
afclick=601e5e1f9156ef0001e0356a; Expires=Sun, 06 Feb 2022 09:15:11 GMT; Secure; SameSite=None
/
4507510.catchtheclick.com/
Redirect Chain
  • https://clock.daisybuleonclock.com/proc.php?48331f8e44518ca1a41767d134d27ffe67632fb7
  • https://gmail.kintura.io/in/2md774OHKyyeroir00iP?cost=0&extid=M6926076768491143201&partnid=18671&placid=18671-52342e41
  • https://4507510.catchtheclick.com/?mob=dNg0yM7orh7w7FmfddpVRg08_HhpbNIqq7K27UEKILMDFVVz1-Uh0cA0IvAKYdcGHKZePq2lYxzxgBIkrpMzTg&clickid=ab0Tvy9dosW5c53lAxsKl1u
4 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://4507510.catchtheclick.com/?mob=dNg0yM7orh7w7FmfddpVRg08_HhpbNIqq7K27UEKILMDFVVz1-Uh0cA0IvAKYdcGHKZePq2lYxzxgBIkrpMzTg&clickid=ab0Tvy9dosW5c53lAxsKl1u
Requested by
Host: clock.daisybuleonclock.com
URL: https://clock.daisybuleonclock.com/?utm_medium=c46dc61af81bd06b95cc3c4060f0d9e3e5980f24&utm_campaign=WW_SmartlinkWW_Smartlink_LYY&1=943.&cid=601e5e1f9156ef0001e0356a
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
116.202.159.170 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.170.159.202.116.clients.your-server.de
Software
nginx/1.16.1 (Ubuntu) /
Resource Hash

Request headers

Host
4507510.catchtheclick.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
document
Referer
https://clock.daisybuleonclock.com/?utm_medium=c46dc61af81bd06b95cc3c4060f0d9e3e5980f24&utm_campaign=WW_SmartlinkWW_Smartlink_LYY&1=943.&cid=601e5e1f9156ef0001e0356a
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://clock.daisybuleonclock.com/?utm_medium=c46dc61af81bd06b95cc3c4060f0d9e3e5980f24&utm_campaign=WW_SmartlinkWW_Smartlink_LYY&1=943.&cid=601e5e1f9156ef0001e0356a#

Response headers

Server
nginx/1.16.1 (Ubuntu)
Date
Sat, 06 Feb 2021 09:15:12 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Content-Encoding
gzip

Redirect headers

Date
Sat, 06 Feb 2021 09:15:12 GMT
Content-Type
text/html; charset=utf-8
Content-Length
366
Connection
keep-alive
X-Powered-By
Quanta Engine 1.1
Server
quanta
X-Kin-Region
eu-central-1
X-Kin-CID
ab0Tvy9dosW5c53lAxsK
Set-Cookie
_q=H4sIAAAAAAAAA41Ua2vbMBT9K8YfSgupI%2FmhxB1hlH1YR1o6aEdWxhCKfO2IyJKR5a5ZyX%2Fftd1H6DZoIMQ696Fz7znOYyi1AuPDs8ewa8FxUQ2n8Mr%2BVlqLaRaR4PhKSGW8bTcfgi%2FGgw4QCK5vgu8BJZymPDsJzptGwwrWS%2BWnWTKLEhYcLy9ury4ngVZbCD6D3NqT4NPG2Rqm8yQiUUpJEjEa3IhSOPVUFU5C1eD98ziiBL95RAdQC1N1SI5LWwDGwRyCDiplDcLfbt7mvsbAnA5hByU4Bw6hjfdNezadSm3lNiqEanfrToM1IyBtPf3Y%2BZrXUKiuXsiUFZJRUc7puiBsnWdSJjIljJSkyCGBLJ%2BTMk6P%2Bhop6kaoyixWK35TC%2Be1MtvDZ355d3dEF3maREdSFQtGKGRAy5xmDEpC8EiSjIkDyrywtVD9MP9nHO4nIbZre0nFmtze7%2FLCtqtMZok%2Bf2iXPS5t51ron1BXZ4tOQsEF6k4ZjRmJcxqjDqb1wkjgqgjPUkoT7Ps00wiRjKUHWNX1aBjXxWyWXl8sdztwVjlC1FccwTtRlkryFq9%2B7pnOsSfajjfIQVW78KwUuoVJ%2BHTmWKSMMtVLAB48OCP0UB9esRzZztiMzdOc0jSJCcWr0MFOAS6A9l5oPe%2BB3V%2FzOdv5kUhMkhSBQrVYuO786JcVqGrjobgucfnY1va%2FY%2F4snseDzwokx5veaz1uOq0nYT%2BnVgJ7G%2FC%2FrNsOMZamGSoD90gGqf1Acd7wEZ5vcDkvIDoAL3WqGgS%2FV63y%2FdvR8mfNRp7edbgY8XQaWY550qKAaw3POe9aXl%2BEURKR%2FhM%2Bd36de%2F8Tk7rWo9PQPw2a2Qz96JzN%2BgaNxn%2BLF%2BA0i3G3kNJwv9%2BPcgwGHDL%2Bac93Omq%2F%2FwMhiNpevAQAAA%3D%3D; Path=/; Expires=Fri, 07 May 2021 09:15:12 GMT
Location
https://4507510.catchtheclick.com/?mob=dNg0yM7orh7w7FmfddpVRg08_HhpbNIqq7K27UEKILMDFVVz1-Uh0cA0IvAKYdcGHKZePq2lYxzxgBIkrpMzTg&clickid=ab0Tvy9dosW5c53lAxsKl1u
Vary
Accept
X-Passed
1
Primary Request index.html
message.freshnewmessage.com/js2/o/nw/n5_n/ 		8 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://message.freshnewmessage.com/js2/o/nw/n5_n/index.html
Requested by
Host: 4507510.catchtheclick.com
URL: https://4507510.catchtheclick.com/?mob=dNg0yM7orh7w7FmfddpVRg08_HhpbNIqq7K27UEKILMDFVVz1-Uh0cA0IvAKYdcGHKZePq2lYxzxgBIkrpMzTg&clickid=ab0Tvy9dosW5c53lAxsKl1u
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:8db3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
53369de6f23fdc3f9340302f4c4e00098764831660a56e1f379e513c5a63de33

Request headers

:method
GET
:authority
message.freshnewmessage.com
:scheme
https
:path
/js2/o/nw/n5_n/index.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://4507510.catchtheclick.com/?mob=dNg0yM7orh7w7FmfddpVRg08_HhpbNIqq7K27UEKILMDFVVz1-Uh0cA0IvAKYdcGHKZePq2lYxzxgBIkrpMzTg&clickid=ab0Tvy9dosW5c53lAxsKl1u
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://4507510.catchtheclick.com/?mob=dNg0yM7orh7w7FmfddpVRg08_HhpbNIqq7K27UEKILMDFVVz1-Uh0cA0IvAKYdcGHKZePq2lYxzxgBIkrpMzTg&clickid=ab0Tvy9dosW5c53lAxsKl1u

Response headers

date
Sat, 06 Feb 2021 09:15:12 GMT
content-type
text/html
set-cookie
__cfduid=d3a427feedbb157eb2b1a89c0130b776a1612602912; expires=Mon, 08-Mar-21 09:15:12 GMT; path=/; domain=.freshnewmessage.com; HttpOnly; SameSite=Lax
last-modified
Fri, 09 Oct 2020 15:49:12 GMT
vary
Accept-Encoding
expires
Fri, 28 Jan 2022 08:45:24 GMT
cache-control
max-age=31536000
cf-cache-status
HIT
age
779388
cf-request-id
081838c79c00004a68d183e000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=tPQk9cMGEJdr50WW%2F467NkmsiXoEQ0MI3ftW2b%2F7E0DMjkPG7oEOqHi93IDQBIJXJ4BGcO7zwfBYI7m7%2BFjYRser%2Byi6q9OgxpFDiV1NDyPP5sle2uZFRvF0W1IPmOMSnGLBaP%2BwQMo%3D"}]}
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
61d3c3ec2c444a68-FRA
content-encoding
br
inc.js
message.freshnewmessage.com/js2/o/nw/n5_n/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://message.freshnewmessage.com/js2/o/nw/n5_n/inc.js
Requested by
Host: message.freshnewmessage.com
URL: https://message.freshnewmessage.com/js2/o/nw/n5_n/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:8db3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fc666b8fcbf6c6636fcc9616b25d17c4af2113279c0ba28248b341e1c021851b

Request headers

Referer
https://message.freshnewmessage.com/js2/o/nw/n5_n/index.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 06 Feb 2021 09:15:12 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
1638258
cf-polished
origSize=13192
cf-bgj
minify
cf-request-id
081838c7b500004a68dc09f000000001
last-modified
Mon, 18 Jan 2021 09:58:54 GMT
server
cloudflare
etag
W/"60055bde-3388"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ew0cUHMg4EjtXg17M83Fbo2mFno9FrqjSbBsPQ1eCDU044ui1fXlKKJnKw8apoIkMHTjJp1TX4N0K%2B2jqXmYpJyXHLMfHzOnfqzYME%2FEXv40u8BaNBItncEXjJU%2FwqurcfmV%2BOR2i1M%3D"}]}
content-type
application/javascript
cache-control
max-age=31536000
cf-ray
61d3c3ec5ca34a68-FRA
expires
Tue, 18 Jan 2022 10:10:54 GMT
download.gif
message.freshnewmessage.com/js2/o/nw/n5_n/ 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://message.freshnewmessage.com/js2/o/nw/n5_n/download.gif
Requested by
Host: message.freshnewmessage.com
URL: https://message.freshnewmessage.com/js2/o/nw/n5_n/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:8db3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6600e628d105299a9954bb85edc818356f1ec6136ba5d503dc39b2b3de8526c7

Request headers

Referer
https://message.freshnewmessage.com/js2/o/nw/n5_n/index.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 06 Feb 2021 09:15:12 GMT
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
1638258
content-length
7591
cf-request-id
081838c7b500004a689a148000000001
last-modified
Thu, 21 May 2020 16:38:53 GMT
server
cloudflare
etag
"5ec6ae9d-1da7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=CxbQxtYs4oq3c1visbZUxBX0XrBHi96z7VTazL5jJHA%2Foj9rNEdq%2FzrREl4l5TFPsT38h7LycSPlBkeYhN3%2BoTfuf66dzmrEgnogYY5zJJFhqFxrTHnFdhZrCK1B5DvoNXZAQ4c1vXI%3D"}]}
content-type
image/gif
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
61d3c3ec5ca74a68-FRA
expires
Tue, 18 Jan 2022 10:10:54 GMT
js
www.googletagmanager.com/gtag/ 		97 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-117424918-2
Requested by
Host: message.freshnewmessage.com
URL: https://message.freshnewmessage.com/js2/o/nw/n5_n/index.html
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
0cfa1f83ed3825d340686f0df82bfa9ef4feedf76ccaebb7d383577382852372
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://message.freshnewmessage.com/js2/o/nw/n5_n/index.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 06 Feb 2021 09:15:12 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38958
x-xss-protection
0
last-modified
Sat, 06 Feb 2021 09:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sat, 06 Feb 2021 09:15:12 GMT
c.php
specializedlink.com/ 		0
526 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://specializedlink.com/c.php
Requested by
Host: message.freshnewmessage.com
URL: https://message.freshnewmessage.com/js2/o/nw/n5_n/inc.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
94.130.239.212 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.212.239.130.94.clients.your-server.de
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://message.freshnewmessage.com/js2/o/nw/n5_n/index.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sat, 06 Feb 2021 09:15:12 GMT
Server
nginx/1.18.0 (Ubuntu)
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
application/octet-stream, text/html
Access-Control-Allow-Origin
https://message.freshnewmessage.com
Access-Control-Expose-Headers
Content-Length,Content-Range
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Content-Length
0
analytics.js
www.google-analytics.com/ 		46 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-117424918-2
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://message.freshnewmessage.com/js2/o/nw/n5_n/index.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 23 Oct 2020 03:00:57 GMT
server
Golfe2
age
6605
date
Sat, 06 Feb 2021 07:25:07 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18817
expires
Sat, 06 Feb 2021 09:25:07 GMT
collect
www.google-analytics.com/j/ 		2 B
74 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j87&a=2044729863&t=pageview&_s=1&dl=https%3A%2F%2Fmessage.freshnewmessage.com%2Fjs2%2Fo%2Fnw%2Fn5_n%2Findex.html&dr=https%3A%2F%2F4507510.catchtheclick.com%2F%3Fmob%3DdNg0yM7orh7w7FmfddpVRg08_HhpbNIqq7K27UEKILMDFVVz1-Uh0cA0IvAKYdcGHKZePq2lYxzxgBIkrpMzTg%26clickid%3Dab0Tvy9dosW5c53lAxsKl1u&ul=en-us&de=UTF-8&dt=Confirm%20notifications&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUABAAAAAC~&jid=1424580533&gjid=1325115079&cid=41921275.1612602913&tid=UA-117424918-2&_gid=2019564603.1612602913&_r=1&gtm=2ou1r0&z=2119489625
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://message.freshnewmessage.com/js2/o/nw/n5_n/index.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 06 Feb 2021 09:15:12 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://message.freshnewmessage.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		1 B
95 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j87&tid=UA-117424918-2&cid=41921275.1612602913&jid=1424580533&gjid=1325115079&_gid=2019564603.1612602913&_u=IEBAAUAAAAAAAC~&z=994502722
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://message.freshnewmessage.com/js2/o/nw/n5_n/index.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Sat, 06 Feb 2021 09:15:12 GMT
content-type
text/plain
access-control-allow-origin
https://message.freshnewmessage.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
c.php
bonga.liveplayingnow.com/ 		0
824 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://bonga.liveplayingnow.com/c.php?v1=2&va=2
Requested by
Host: message.freshnewmessage.com
URL: https://message.freshnewmessage.com/js2/o/nw/n5_n/inc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::6815:b65 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://message.freshnewmessage.com/js2/o/nw/n5_n/index.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Sat, 06 Feb 2021 09:15:12 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
access-control-allow-origin
https://message.freshnewmessage.com
report-to
{"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=XotHRinoLA3IqDlW0aanpfLedypIAdazfIOgJxNZwcNrmMo%2BzqMXI9%2F3RNjDUY%2BUgyPFa6AEKLzJwhfbKstbP%2FX7Htllwh7wz1muI%2FIOz6AA5k12VRFuJ0iBYFtvwR%2F%2FJ46z0J8%3D"}]}
access-control-expose-headers
Content-Length,Content-Range
access-control-allow-credentials
true
cf-ray
61d3c3ed2b3e2b22-FRA
access-control-allow-headers
DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
cf-request-id
081838c83600002b226e0ba000000001

Verdicts & Comments Add Verdict or Comment

45 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated number| ggl_acct function| getpub string| maind function| getParameterByName function| getCookie object| MegaPush undefined| cinfo function| timeoutfn function| mfun object| idbKeyval function| gtag object| dataLayer string| dom_host string| href object| all_rs string| link object| domainarr function| setCookie number| jjj function| new_rand function| isPrivateMode number| count function| trackOutboundLink string| next function| fine number| mg object| body function| FullScreen string| domain object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| gaplugins object| gaGlobal object| gaData

0 Cookies

3 Console Messages

Source Level URL
Text
console-api log URL: https://message.freshnewmessage.com/js2/o/nw/n5_n/inc.js(Line 18)
Message:
console-api log URL: https://message.freshnewmessage.com/js2/o/nw/n5_n/inc.js(Line 19)
Message:
undefined
console-api log URL: https://message.freshnewmessage.com/js2/o/nw/n5_n/inc.js(Line 20)
Message:
new c 30x6639x1543601e5e2093ad9