cool.therewardsqueen.com Open in urlscan Pro
2606:4700:4400::6812:20bf Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://echo4.bluehornet.com/ct/102217308:73lsToGmN:m:1:3680449436:F153034FFDD1B9073DC19C8CFDF534F9:r
Effective URL:
https://cool.therewardsqueen.com/?ts=AAB9523C
Submission: On July 27 via api (July 27th 2023, 9:51:27 pm UTC) from BE — Scanned from DE

Summary HTTP 25 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 6 IPs in 3 countries across 8 domains to perform 25 HTTP transactions. The main IP is 2606:4700:4400::6812:20bf, located in United States and belongs to CLOUDFLARENET, US. The main domain is cool.therewardsqueen.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 10th 2023. Valid for: a year.

This is the only time cool.therewardsqueen.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Scam (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	34.208.132.144 34.208.132.144	16509 (AMAZON-02) (AMAZON-02)
1 18	2606:4700:440... 2606:4700:4400::6812:20bf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	52.217.89.126 52.217.89.126	16509 (AMAZON-02) (AMAZON-02)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:2b	20446 (STACKPATH...) (STACKPATH-CDN)
1	51.77.64.70 51.77.64.70	16276 (OVH) (OVH)
1	2606:4700:303... 2606:4700:3038::6815:ead1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:829::200a	15169 (GOOGLE) (GOOGLE)
25	6

1 34.208.132.144 (Boardman, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-208-132-144.us-west-2.compute.amazonaws.com

echo4.bluehornet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2606:4700:4400::6812:20bf (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

cool.therewardsqueen.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.subscribefunnels.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sites.subscribefunnels.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.217.89.126 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1.amazonaws.com

s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:2b (Netherlands)

ASN20446 (STACKPATH-CDN, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.77.64.70 (Germany)

ASN16276 (OVH, FR)
PTR: de-fra-1.pro.ip-api.com

pro.ip-api.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3038::6815:ead1 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.pushflow.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	subscribefunnels.com cdn.subscribefunnels.com sites.subscribefunnels.com	143 KB
4	amazonaws.com s3.amazonaws.com	599 KB
4	therewardsqueen.com 1 redirects cool.therewardsqueen.com	18 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 76	1 KB
1	pushflow.net cdn.pushflow.net — Cisco Umbrella Rank: 246673	186 KB
1	ip-api.com pro.ip-api.com — Cisco Umbrella Rank: 6373	254 B
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 754	30 KB
1	bluehornet.com 1 redirects echo4.bluehornet.com — Cisco Umbrella Rank: 203562	795 B
25	8

	Domain	Requested by
13	cdn.subscribefunnels.com	cool.therewardsqueen.com
4	s3.amazonaws.com	cool.therewardsqueen.com
4	cool.therewardsqueen.com	1 redirects cool.therewardsqueen.com
1	fonts.googleapis.com	client
1	cdn.pushflow.net	cool.therewardsqueen.com
1	pro.ip-api.com	code.jquery.com
1	sites.subscribefunnels.com	cool.therewardsqueen.com
1	code.jquery.com	cool.therewardsqueen.com
1	echo4.bluehornet.com	1 redirects
25	9

This site contains links to these domains. Also see Links.

Domain
agreegift.com
subscribefunnels.com

Subject Issuer	Validity	Valid
therewardsqueen.com Cloudflare Inc ECC CA-3	`2023-07-10` - `2024-07-08`	a year	crt.sh
subscribefunnels.com Cloudflare Inc ECC CA-3	`2023-07-25` - `2023-10-22`	3 months	crt.sh
s3.amazonaws.com Amazon RSA 2048 M01	`2023-07-10` - `2024-06-21`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh
*.ip-api.com Sectigo RSA Domain Validation Secure Server CA	`2022-11-25` - `2023-12-26`	a year	crt.sh
pushflow.net GTS CA 1P5	`2023-07-02` - `2023-09-30`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://cool.therewardsqueen.com/?ts=AAB9523C
Frame ID: 0EE4FAEFB631824ED0EEE5E31F103BCE
Requests: 23 HTTP requests in this frame

Frame: https://cool.therewardsqueen.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/f0089873/invisible.js
Frame ID: 8DE358340B85238AA5FB11EA9668850B
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Survey Rewards

Page URL History Show full URLs

http://echo4.bluehornet.com/ct/102217308:73lsToGmN:m:1:3680449436:F153034FFDD1B9073DC19C8CFDF534F9:r HTTP 302
https://cool.therewardsqueen.com/?ts=AAB9523C Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

25
Requests

96 %
HTTPS

57 %
IPv6

8
Domains

9
Subdomains

6
IPs

3
Countries

977 kB
Transfer

1452 kB
Size

5
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://agreegift.com/uph1/tos.html
Title: here

Search URL Search Domain Scan URL

URL: https://subscribefunnels.com/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://echo4.bluehornet.com/ct/102217308:73lsToGmN:m:1:3680449436:F153034FFDD1B9073DC19C8CFDF534F9:r HTTP 302
https://cool.therewardsqueen.com/?ts=AAB9523C Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 21

https://cool.therewardsqueen.com/cdn-cgi/challenge-platform/scripts/invisible.js HTTP 302
https://cool.therewardsqueen.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/f0089873/invisible.js

25 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
cool.therewardsqueen.com/
Redirect Chain

http://echo4.bluehornet.com/ct/102217308:73lsToGmN:m:1:3680449436:F153034FFDD1B9073DC19C8CFDF534F9:r
https://cool.therewardsqueen.com/?ts=AAB9523C

56 KB
14 KB

559ms
434ms

Document
text/html

2606:4700:4400::6812:20bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cool.therewardsqueen.com/?ts=AAB9523C

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:20bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

172238106422a28ed71d1db6b314817a994a89453c349f96c6431dd98534637d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
cf-cache-status: DYNAMIC
cf-ray: 7ed81a732d713639-FRA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Thu, 27 Jul 2023 21:51:22 GMT
server: cloudflare
strict-transport-security: max-age=15724800; includeSubDomains
vary: Accept-Encoding
x-powered-by: Express

Redirect headers

AMFplus-Ver: 1.4.0.0
Cache-Control: no-cache
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 180
Content-Type: text/html; charset=utf-8
Date: Thu, 27 Jul 2023 21:51:21 GMT
Location: https://cool.therewardsqueen.com/?ts=AAB9523C
Pragma: no-cache
Referrer-Policy: no-referrer-when-downgrade
Server: Apache
Vary: X-Forwarded-Proto,Accept-Encoding

GET
H2 200 customredisp2.css
cdn.subscribefunnels.com/3c35567f-fcbc-48b9-b503-40204ae566e4/sr/assets/ 22 KB
4 KB 728ms
622ms Stylesheet
text/css 2606:4700:4400::6812:20bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.subscribefunnels.com/3c35567f-fcbc-48b9-b503-40204ae566e4/sr/assets/customredisp2.css
Requested by: Host: cool.therewardsqueen.com
URL: https://cool.therewardsqueen.com/?ts=AAB9523C
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:20bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bfd1d5fe340fa44624ac0e9e330e686c32278c0935835089bd816a1a1a4429a0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cool.therewardsqueen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Thu, 27 Jul 2023 21:51:23 GMT
via: 1.1 01c82f5226ffef5f7e654ffdbab24db6.cloudfront.net (CloudFront)
content-encoding: gzip
x-amz-version-id: MFY01KwbkhsvrXOs20SBOipoxeU3u5mm
cf-cache-status: MISS
x-amz-cf-pop: ZRH55-P1
x-cache: Miss from cloudfront
service-worker-allowed: /~cdn
last-modified: Thu, 17 Nov 2022 18:53:06 GMT
server: cloudflare
etag: W/"f9d2313bdd6e1885c283acaa74f30ec0"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7ed81a76ae944d28-FRA
x-amz-cf-id: NAr0bkeB77C9BtqV-E2XM_vK7DWtZ7WnUlV2ayGdnlgd-aXiNk9srw==
expires: Fri, 26 Jul 2024 21:51:23 GMT

GET
H2 404 pub.min.js
cdn.subscribefunnels.com/3c35567f-fcbc-48b9-b503-40204ae566e4/sr/assets/ 0
0 581ms
476ms Script
application/xml 2606:4700:4400::6812:20bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.subscribefunnels.com/3c35567f-fcbc-48b9-b503-40204ae566e4/sr/assets/pub.min.js
Requested by: Host: cool.therewardsqueen.com
URL: https://cool.therewardsqueen.com/?ts=AAB9523C
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:20bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cool.therewardsqueen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

GET
H/1.1 200
OK cooooool.png
s3.amazonaws.com/subscribe-funnels-production/assets/3c35567f-fcbc-48b9-b503-40204ae566e4/ 171 KB
171 KB 453ms
188ms Image
image/png 52.217.89.126
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/subscribe-funnels-production/assets/3c35567f-fcbc-48b9-b503-40204ae566e4/cooooool.png
Requested by: Host: cool.therewardsqueen.com
URL: https://cool.therewardsqueen.com/?ts=AAB9523C
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.89.126 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: db11da935d80d56ccae24c780dc6576674b47d5de713e45f7e83102152464a99

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cool.therewardsqueen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Thu, 27 Jul 2023 21:51:23 GMT
x-amz-version-id: sNom1TU6XvkYmuO4sRZU2BzMGWknc1lb
Last-Modified: Thu, 17 Nov 2022 19:16:53 GMT
Server: AmazonS3
x-amz-request-id: N0HPYD053154MNVH
ETag: "c18c8c1cf0d32836f0b9e6f9ac3f39bd"
Content-Type: image/png
Cache-Control: max-age=600000
Accept-Ranges: bytes
Content-Length: 174977
x-amz-id-2: SF+gfZBXMPjG/opy9sbjEha7NfnYKI1FxHboN2JzMgjes/aJgdBxSFSo2L+780W1ED5AIVVZ4X8=

GET
H/1.1 200
OK DeWaltSetDrills1.png
s3.amazonaws.com/subscribe-funnels-production/assets/3c35567f-fcbc-48b9-b503-40204ae566e4/ 250 KB
250 KB 443ms
179ms Image
image/png 52.217.89.126
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/subscribe-funnels-production/assets/3c35567f-fcbc-48b9-b503-40204ae566e4/DeWaltSetDrills1.png
Requested by: Host: cool.therewardsqueen.com
URL: https://cool.therewardsqueen.com/?ts=AAB9523C
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.89.126 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 99eb8768cd11765996aedad9e83f24b146256e3703310169e4d23a084f90b222

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cool.therewardsqueen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Thu, 27 Jul 2023 21:51:23 GMT
x-amz-version-id: cAJ90vOL8Hbrd5v_dWn9h6geK0GSvQz4
Last-Modified: Thu, 17 Nov 2022 18:53:06 GMT
Server: AmazonS3
x-amz-request-id: N0HGJ48N8D12EAC9
ETag: "33e1b501f74d0c1079a802d7e4f0a179"
Content-Type: image/png
Cache-Control: max-age=600000
Accept-Ranges: bytes
Content-Length: 255492
x-amz-id-2: Sf0UjcRq5cWPbHzaRGDXVd5lsFGo2btnAsutTrNsKngnVTBi1ESyD0500TtccndMlVoggMJOc+4=

GET
H2 200 loading.gif
cdn.subscribefunnels.com/3c35567f-fcbc-48b9-b503-40204ae566e4/sr/assets/ 1 KB
2 KB 604ms
508ms Image
image/gif 2606:4700:4400::6812:20bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.subscribefunnels.com/3c35567f-fcbc-48b9-b503-40204ae566e4/sr/assets/loading.gif
Requested by: Host: cool.therewardsqueen.com
URL: https://cool.therewardsqueen.com/?ts=AAB9523C
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:20bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 735ee02711d4d62d8cfba0c075237f227491a044441540d39f8c8203ccd54cea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cool.therewardsqueen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Thu, 27 Jul 2023 21:51:23 GMT
via: 1.1 b50b0f4274b74414c7dcdb544e6090a2.cloudfront.net (CloudFront)
x-amz-version-id: KE2nV2PLoB75or_K9CKWwNpwQkX3ay2n
cf-cache-status: MISS
x-amz-cf-pop: ZRH55-P1
x-cache: Miss from cloudfront
content-length: 1457
service-worker-allowed: /~cdn
last-modified: Thu, 17 Nov 2022 18:53:05 GMT
server: cloudflare
etag: "e77529aa1a83920de7897a4c5c5f9707"
vary: Accept-Encoding
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7ed81a76ae984d28-FRA
x-amz-cf-id: XAfl3yQaJFtosjMsAaKN6PUkMs2vi72tu4Oi5O3xbHsvyYHVMmn7nQ==
expires: Fri, 26 Jul 2024 21:51:23 GMT

GET
H2 200 fb-check.jpg
cdn.subscribefunnels.com/3c35567f-fcbc-48b9-b503-40204ae566e4/sr/assets/ 646 B
1 KB 601ms
505ms Image
image/jpeg 2606:4700:4400::6812:20bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.subscribefunnels.com/3c35567f-fcbc-48b9-b503-40204ae566e4/sr/assets/fb-check.jpg
Requested by: Host: cool.therewardsqueen.com
URL: https://cool.therewardsqueen.com/?ts=AAB9523C
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:20bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8fccb5c96c54856548fbad584f0e41f72313b94b33ec32d328985b3267f4035e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cool.therewardsqueen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Thu, 27 Jul 2023 21:51:23 GMT
via: 1.1 b16802a1e349d80b7688070778305ae2.cloudfront.net (CloudFront)
x-amz-version-id: 8T50Sev4lTJkaPh9DOmBmwqaiwmEH44V
cf-cache-status: MISS
x-amz-cf-pop: FRA53-C1
x-cache: Miss from cloudfront
content-length: 646
service-worker-allowed: /~cdn
last-modified: Thu, 17 Nov 2022 18:53:06 GMT
server: cloudflare
etag: "3d0f87c98f70c57b535974b34862a8e9"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7ed81a76ae974d28-FRA
x-amz-cf-id: 9hcYeZflvkSu8KhPg0nxTQ6r9JJKwBJLr81O_o2-X-WJm1OqlXoJwQ==
expires: Fri, 26 Jul 2024 21:51:23 GMT

GET
H/1.1 200
OK Screen%20Shot%202022-11-17%20at%2011.18.31%20AM.png
s3.amazonaws.com/subscribe-funnels-production/assets/3c35567f-fcbc-48b9-b503-40204ae566e4/ 6 KB
6 KB 422ms
160ms Image
image/png 52.217.89.126
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/subscribe-funnels-production/assets/3c35567f-fcbc-48b9-b503-40204ae566e4/Screen%20Shot%202022-11-17%20at%2011.18.31%20AM.png
Requested by: Host: cool.therewardsqueen.com
URL: https://cool.therewardsqueen.com/?ts=AAB9523C
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.89.126 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 2cce71c500d910e63432c85b0c30a12ab74132ff32251c8708e39178aa7bdd13

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cool.therewardsqueen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Thu, 27 Jul 2023 21:51:23 GMT
x-amz-version-id: UMSTM9F_a3q4QOzIGUJcQ1njJDTucs.L
Last-Modified: Thu, 17 Nov 2022 19:19:06 GMT
Server: AmazonS3
x-amz-request-id: N0HMYR8C8AT61TXQ
ETag: "54ac6d94c98d307a866610e5d6adea7e"
Content-Type: image/png
Cache-Control: max-age=600000
Accept-Ranges: bytes
Content-Length: 5854
x-amz-id-2: phhQhORdXFIW2EqEKlxXQycI4cjswjL6HKNtdLbuDcqLtg7eGN2Edoot9b1tDbYVQ6dduGB2rZ8=

GET
H2 200 cart.png
cdn.subscribefunnels.com/3c35567f-fcbc-48b9-b503-40204ae566e4/sr/assets/ 1 KB
2 KB 632ms
538ms Image
image/png 2606:4700:4400::6812:20bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.subscribefunnels.com/3c35567f-fcbc-48b9-b503-40204ae566e4/sr/assets/cart.png
Requested by: Host: cool.therewardsqueen.com
URL: https://cool.therewardsqueen.com/?ts=AAB9523C
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:20bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6d894003d6071be103ca497c54461c500d2656e88003dd0afed8cdc0ed7bffe3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cool.therewardsqueen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Thu, 27 Jul 2023 21:51:23 GMT
via: 1.1 e8b17f734954ee4d46d26cf302323482.cloudfront.net (CloudFront)
x-amz-version-id: 9J12DtE2LwSPTdQ7Fwh7SSE1vw.kTLti
cf-cache-status: MISS
x-amz-cf-pop: FRA53-C1
x-cache: Miss from cloudfront
content-length: 1214
service-worker-allowed: /~cdn
last-modified: Thu, 17 Nov 2022 18:53:05 GMT
server: cloudflare
etag: "6ece7957054717bcc051ad42d09d010f"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7ed81a76ae9a4d28-FRA
x-amz-cf-id: PAZ-BECnDiGfA9u4PAsSvtxwoEpPHqVyF1MoZMJG9LWWYTR2SSPheQ==
expires: Fri, 26 Jul 2024 21:51:23 GMT

GET
H2 200 cartblack.png
cdn.subscribefunnels.com/3c35567f-fcbc-48b9-b503-40204ae566e4/sr/assets/ 1 KB
1 KB 511ms
508ms Image
image/png 2606:4700:4400::6812:20bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.subscribefunnels.com/3c35567f-fcbc-48b9-b503-40204ae566e4/sr/assets/cartblack.png
Requested by: Host: cool.therewardsqueen.com
URL: https://cool.therewardsqueen.com/?ts=AAB9523C
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:20bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bb640067b5d233f221c2a280bb5be089cc087a872941ae5f588f8230b60bee40

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cool.therewardsqueen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Thu, 27 Jul 2023 21:51:23 GMT
via: 1.1 2bb98457c96f801517f8d0d98344cd3c.cloudfront.net (CloudFront)
x-amz-version-id: jsVE1O.vGutcZfJDY8lxmIqDN4Dg0LIk
cf-cache-status: MISS
x-amz-cf-pop: ZRH55-P1
x-cache: Miss from cloudfront
content-length: 1031
service-worker-allowed: /~cdn
last-modified: Thu, 17 Nov 2022 18:53:06 GMT
server: cloudflare
etag: "95a6d586aa3ca2cfa43eb358875387d7"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7ed81a773f2d4d28-FRA
x-amz-cf-id: slkR1sAQSCJ4XQJc2o1hUXyXYYcyOtrEC_WFVCYCJcEFrIrps9F-lw==
expires: Fri, 26 Jul 2024 21:51:23 GMT

GET
H2 200 t-v6-1.png
cdn.subscribefunnels.com/1543aa1c-d5b2-437d-8d53-1d5783ed36d8/sr/assets/ 21 KB
22 KB 579ms
577ms Image
image/png 2606:4700:4400::6812:20bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.subscribefunnels.com/1543aa1c-d5b2-437d-8d53-1d5783ed36d8/sr/assets/t-v6-1.png
Requested by: Host: cool.therewardsqueen.com
URL: https://cool.therewardsqueen.com/?ts=AAB9523C
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:20bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 745009bea0c53a20212514ee3b11334313fe73225cb53053f90d82d45a4685ae

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cool.therewardsqueen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Thu, 27 Jul 2023 21:51:23 GMT
via: 1.1 ab39b007ab81966ada6e7fb1536bf376.cloudfront.net (CloudFront)
x-amz-version-id: _FvOosKWgWaP4irUTXfhjirRbXRocqBw
cf-cache-status: MISS
x-amz-cf-pop: FRA53-C1
x-cache: Miss from cloudfront
content-length: 21789
service-worker-allowed: /~cdn
last-modified: Mon, 14 Mar 2022 17:08:07 GMT
server: cloudflare
etag: "7daf4c56a389b8568cb29d67bf34849a"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7ed81a773f2e4d28-FRA
x-amz-cf-id: 5_ND65gvqHTUYNAQQqDt_tM398WmhVdc1iHh7BuRCMACssECJIRivg==
expires: Fri, 26 Jul 2024 21:51:23 GMT

GET
H2 200 t-v6-5.png
cdn.subscribefunnels.com/1543aa1c-d5b2-437d-8d53-1d5783ed36d8/sr/assets/ 19 KB
19 KB 626ms
624ms Image
image/png 2606:4700:4400::6812:20bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.subscribefunnels.com/1543aa1c-d5b2-437d-8d53-1d5783ed36d8/sr/assets/t-v6-5.png
Requested by: Host: cool.therewardsqueen.com
URL: https://cool.therewardsqueen.com/?ts=AAB9523C
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:20bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8709d39fa2145c42849a308928908012b733dafc55d16d2bdb277b46c17096b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cool.therewardsqueen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Thu, 27 Jul 2023 21:51:23 GMT
via: 1.1 2177a1d449a3e8dc7269040f15d81cb0.cloudfront.net (CloudFront)
x-amz-version-id: AAlDayVwoD9lLtF9UVHATA.UPRadafGv
cf-cache-status: MISS
x-amz-cf-pop: ZRH55-P1
x-cache: Miss from cloudfront
content-length: 19059
service-worker-allowed: /~cdn
last-modified: Mon, 14 Mar 2022 17:08:07 GMT
server: cloudflare
etag: "18ae89383c95831bcc2a9e93bc1265ff"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7ed81a773f304d28-FRA
x-amz-cf-id: EmTziaakjXh2KJB8CoCy30gtKJDQzS0x6LoqzN1wvL3jwbKAc3FTBg==
expires: Fri, 26 Jul 2024 21:51:23 GMT

GET
H2 200 f_guarantee.png
cdn.subscribefunnels.com/1543aa1c-d5b2-437d-8d53-1d5783ed36d8/sr/assets/ 6 KB
7 KB 508ms
506ms Image
image/png 2606:4700:4400::6812:20bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.subscribefunnels.com/1543aa1c-d5b2-437d-8d53-1d5783ed36d8/sr/assets/f_guarantee.png
Requested by: Host: cool.therewardsqueen.com
URL: https://cool.therewardsqueen.com/?ts=AAB9523C
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:20bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bf97443d681d2bc0ca04b707d0d3d443bcf99b1bf4fc0af84ac51286d0b4e02b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cool.therewardsqueen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Thu, 27 Jul 2023 21:51:23 GMT
via: 1.1 49039a44484a184312d8f608c205b640.cloudfront.net (CloudFront)
x-amz-version-id: .lJu8iIJcAQ4_PM2QtwzC978JwC5_nf_
cf-cache-status: MISS
x-amz-cf-pop: ZRH55-P1
x-cache: Miss from cloudfront
content-length: 6352
service-worker-allowed: /~cdn
last-modified: Mon, 14 Mar 2022 17:08:07 GMT
server: cloudflare
etag: "22508899121504e1b30622e4b68367ee"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7ed81a773f334d28-FRA
x-amz-cf-id: qs9WQMDDee5blY37kRS3WqyeUcGYnBYjTwkHbY0tDylXnSB73Leesg==
expires: Fri, 26 Jul 2024 21:51:23 GMT

GET
H2 200 f_secure_1.png
cdn.subscribefunnels.com/1543aa1c-d5b2-437d-8d53-1d5783ed36d8/sr/assets/ 10 KB
10 KB 504ms
502ms Image
image/png 2606:4700:4400::6812:20bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.subscribefunnels.com/1543aa1c-d5b2-437d-8d53-1d5783ed36d8/sr/assets/f_secure_1.png
Requested by: Host: cool.therewardsqueen.com
URL: https://cool.therewardsqueen.com/?ts=AAB9523C
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:20bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c6c896e27ff1f1d6cb22ce652dcca916946ce9f003bcb4fe30d1265fcb531a95

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cool.therewardsqueen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Thu, 27 Jul 2023 21:51:23 GMT
via: 1.1 9f25aa45df27e50f380232059fde4c1a.cloudfront.net (CloudFront)
x-amz-version-id: MNqvQtTKkOrxW5RedVny7ukKRIFl0Flb
cf-cache-status: MISS
x-amz-cf-pop: ZRH55-P1
x-cache: Miss from cloudfront
content-length: 9862
service-worker-allowed: /~cdn
last-modified: Mon, 14 Mar 2022 17:08:07 GMT
server: cloudflare
etag: "96de7278165f82601754fd6d5b84adc4"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7ed81a773f374d28-FRA
x-amz-cf-id: 44a3Elkb0gkF_w8B85ngm8dB3pRxR1Nd68GcUpufAPaQWAb5TWR1qA==
expires: Fri, 26 Jul 2024 21:51:23 GMT

GET
H2 200 timer.js Show response
cdn.subscribefunnels.com/3c35567f-fcbc-48b9-b503-40204ae566e4/sr/assets/ 642 B
729 B 604ms
506ms Script
text/javascript 2606:4700:4400::6812:20bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.subscribefunnels.com/3c35567f-fcbc-48b9-b503-40204ae566e4/sr/assets/timer.js
Requested by: Host: cool.therewardsqueen.com
URL: https://cool.therewardsqueen.com/?ts=AAB9523C
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:20bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6654bb37eb080d19cee41ebae557b061ae412aac957d32d248e6daab287cd128

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cool.therewardsqueen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Thu, 27 Jul 2023 21:51:23 GMT
via: 1.1 7549433a09d06354ea864d169b689e50.cloudfront.net (CloudFront)
content-encoding: gzip
x-amz-version-id: SSApOxrrFZ.7Z10f7.8qIo9afN2HyOIQ
cf-cache-status: MISS
x-amz-cf-pop: FRA53-C1
x-cache: Miss from cloudfront
service-worker-allowed: /~cdn
last-modified: Thu, 17 Nov 2022 18:53:06 GMT
server: cloudflare
etag: W/"7815a8b0f247b537fec5e381fd1433e6"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 7ed81a76ae964d28-FRA
x-amz-cf-id: _cINxZ4FjrPAgdkp4q2mtBx8804KDZJX34H4_p2CHfyw98GEs40uDw==
expires: Fri, 26 Jul 2024 21:51:23 GMT

GET
H2 200 jquery-3.4.1.min.js Show response
code.jquery.com/ 86 KB
30 KB 144ms
43ms Script
application/javascript 2001:4de0:ac18::1:a:2b
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.4.1.min.js
Requested by: Host: cool.therewardsqueen.com
URL: https://cool.therewardsqueen.com/?ts=AAB9523C
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:2b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cool.therewardsqueen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Thu, 27 Jul 2023 21:51:22 GMT
content-encoding: gzip
last-modified: Fri, 12 Aug 2022 13:47:02 GMT
server: nginx
etag: W/"62f659d6-15851"
vary: Accept-Encoding
x-hw: 1690494682.dop221.fr8.t,1690494682.cds138.fr8.hn,1690494682.cds236.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30638

GET
H2 200 logoTabVector.png
sites.subscribefunnels.com/assets/images/ 71 KB
72 KB 489ms
382ms Image
image/png 2606:4700:4400::6812:20bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sites.subscribefunnels.com/assets/images/logoTabVector.png

Requested by

Host: cool.therewardsqueen.com
URL: https://cool.therewardsqueen.com/?ts=AAB9523C

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:20bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ec7f6d8be0523e65fd5e696efbb6c492baec35f4b4bb8909ad5b29a0901ad5eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cool.therewardsqueen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Thu, 27 Jul 2023 21:51:23 GMT
strict-transport-security: max-age=15724800; includeSubDomains
cf-cache-status: REVALIDATED
last-modified: Tue, 25 Jul 2023 20:51:20 GMT
server: cloudflare
etag: "64c035c8-11c8b"
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7ed81a76ebf53608-FRA
content-length: 72843
expires: Fri, 26 Jul 2024 21:51:23 GMT

GET
H2 200 loading.gif
cdn.subscribefunnels.com/3c35567f-fcbc-48b9-b503-40204ae566e4/sr/assets/ 1 KB
2 KB 51ms
51ms Image
image/gif 2606:4700:4400::6812:20bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.subscribefunnels.com/3c35567f-fcbc-48b9-b503-40204ae566e4/sr/assets/loading.gif
Requested by: Host: cool.therewardsqueen.com
URL: https://cool.therewardsqueen.com/?ts=AAB9523C
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:20bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 735ee02711d4d62d8cfba0c075237f227491a044441540d39f8c8203ccd54cea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cool.therewardsqueen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Thu, 27 Jul 2023 21:51:23 GMT
via: 1.1 b50b0f4274b74414c7dcdb544e6090a2.cloudfront.net (CloudFront)
x-amz-version-id: KE2nV2PLoB75or_K9CKWwNpwQkX3ay2n
cf-cache-status: HIT
x-amz-cf-pop: ZRH55-P1
age: 0
x-cache: Miss from cloudfront
content-length: 1457
service-worker-allowed: /~cdn
last-modified: Thu, 17 Nov 2022 18:53:05 GMT
server: cloudflare
etag: "e77529aa1a83920de7897a4c5c5f9707"
vary: Accept-Encoding
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7ed81a7aaae14d28-FRA
x-amz-cf-id: XAfl3yQaJFtosjMsAaKN6PUkMs2vi72tu4Oi5O3xbHsvyYHVMmn7nQ==
expires: Fri, 26 Jul 2024 21:51:23 GMT

GET
H2 200 fb-check.jpg
cdn.subscribefunnels.com/3c35567f-fcbc-48b9-b503-40204ae566e4/sr/assets/ 646 B
997 B 48ms
48ms Image
image/jpeg 2606:4700:4400::6812:20bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.subscribefunnels.com/3c35567f-fcbc-48b9-b503-40204ae566e4/sr/assets/fb-check.jpg
Requested by: Host: cool.therewardsqueen.com
URL: https://cool.therewardsqueen.com/?ts=AAB9523C
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:20bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8fccb5c96c54856548fbad584f0e41f72313b94b33ec32d328985b3267f4035e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cool.therewardsqueen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Thu, 27 Jul 2023 21:51:23 GMT
via: 1.1 b16802a1e349d80b7688070778305ae2.cloudfront.net (CloudFront)
x-amz-version-id: 8T50Sev4lTJkaPh9DOmBmwqaiwmEH44V
cf-cache-status: HIT
x-amz-cf-pop: FRA53-C1
age: 0
x-cache: Miss from cloudfront
content-length: 646
service-worker-allowed: /~cdn
cf-bgj: h2pri
last-modified: Thu, 17 Nov 2022 18:53:06 GMT
server: cloudflare
etag: "3d0f87c98f70c57b535974b34862a8e9"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 7ed81a7aaae34d28-FRA
x-amz-cf-id: 9hcYeZflvkSu8KhPg0nxTQ6r9JJKwBJLr81O_o2-X-WJm1OqlXoJwQ==
expires: Fri, 26 Jul 2024 21:51:23 GMT

GET
H/1.1 200
OK cooooool.png
s3.amazonaws.com/subscribe-funnels-production/assets/3c35567f-fcbc-48b9-b503-40204ae566e4/ 171 KB
171 KB 143ms
142ms Image
image/png 52.217.89.126
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.amazonaws.com/subscribe-funnels-production/assets/3c35567f-fcbc-48b9-b503-40204ae566e4/cooooool.png
Requested by: Host: cool.therewardsqueen.com
URL: https://cool.therewardsqueen.com/?ts=AAB9523C
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.217.89.126 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: db11da935d80d56ccae24c780dc6576674b47d5de713e45f7e83102152464a99

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cool.therewardsqueen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Date: Thu, 27 Jul 2023 21:51:24 GMT
x-amz-version-id: sNom1TU6XvkYmuO4sRZU2BzMGWknc1lb
Last-Modified: Thu, 17 Nov 2022 19:16:53 GMT
Server: AmazonS3
x-amz-request-id: WZ33T98VJEC36VQR
ETag: "c18c8c1cf0d32836f0b9e6f9ac3f39bd"
Content-Type: image/png
Cache-Control: max-age=600000
Accept-Ranges: bytes
Content-Length: 174977
x-amz-id-2: 6eN6h8oaR8y5QxCRWkC6R93em5A+zUAj0tM98k+BsFzaGGE/kWTqDW8k1CxWkqSHF/GzTs6uGZo=

GET
H/1.1 403
Forbidden json Show response
pro.ip-api.com/ 92 B
254 B 149ms
41ms XHR
application/json 51.77.64.70
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://pro.ip-api.com/json?key=yzivs13ng2D2ldb
Requested by: Host: code.jquery.com
URL: https://code.jquery.com/jquery-3.4.1.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 51.77.64.70 , Germany, ASN16276 (OVH, FR),
Reverse DNS: de-fra-1.pro.ip-api.com
Software: /
Resource Hash: d05c0e909bdedac17a489ae6824edc81386259c6567d7dabe4123b6312024024

Request headers

Accept: */*
Referer: https://cool.therewardsqueen.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Thu, 27 Jul 2023 21:51:23 GMT
Content-Length: 92
Content-Type: application/json; charset=utf-8

GET
H2 200 pushflowSDK.js Show response
cdn.pushflow.net/scripts/current/sdk/ 547 KB
186 KB 163ms
54ms Script
application/javascript 2606:4700:3038::6815:ead1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pushflow.net/scripts/current/sdk/pushflowSDK.js
Requested by: Host: cool.therewardsqueen.com
URL: https://cool.therewardsqueen.com/?ts=AAB9523C
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3038::6815:ead1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2f634cb1aea4711ac0d7f1ca20a3bc48dc4e53067ed1c5cadde3fcd70b127c2a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cool.therewardsqueen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Thu, 27 Jul 2023 21:51:23 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 04 Jul 2023 08:54:28 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 8518
etag: W/"64a3de44-88a79"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vxDANwQ5wbk0xnjK65n9JV%2BV0crJWJPCm4IJE8GSlv1WgnbjQj6%2Frk0AZFYIOfmpEPjZBT%2BNlSx%2FX0JFG%2B8QdsgAPTxtRo%2B93pnfT3mm1i6oIXGcT4I1YZs9r6GHsPA1uy%2F8awtHMSVh3kqNuQx3"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
cf-ray: 7ed81a7b7b7d730f-LHR
alt-svc: h3=":443"; ma=86400

GET
H2

200

invisible.js Show response
cool.therewardsqueen.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/f0089873/ Frame 8DE3
Redirect Chain

https://cool.therewardsqueen.com/cdn-cgi/challenge-platform/scripts/invisible.js
https://cool.therewardsqueen.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/f0089873/invisible.js

7 KB
4 KB

46ms
46ms

Script
application/javascript

2606:4700:4400::6812:20bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cool.therewardsqueen.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/f0089873/invisible.js

Requested by

Host: cool.therewardsqueen.com
URL: https://cool.therewardsqueen.com/?ts=AAB9523C

Protocol

Server

2606:4700:4400::6812:20bf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

db941a845a7f1183c1ca30312a7fac72f4694b829c246b3e215679c2d63208c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Thu, 27 Jul 2023 21:51:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
vary: accept-encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 7ed81a7b2e0b3639-FRA

Redirect headers

date: Thu, 27 Jul 2023 21:51:23 GMT
content-encoding: gzip
server: cloudflare
vary: accept-encoding
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/f0089873/invisible.js
access-control-allow-origin: *
cache-control: max-age=300, public
cf-ray: 7ed81a7aedc13639-FRA

POST
H2 200 7ed81a732d713639 Show response
cool.therewardsqueen.com/cdn-cgi/challenge-platform/h/g/cv/result/ Frame 8DE3 0
240 B 91ms
91ms XHR
text/plain 2606:4700:4400::6812:20bf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cool.therewardsqueen.com/cdn-cgi/challenge-platform/h/g/cv/result/7ed81a732d713639
Requested by: Host: cool.therewardsqueen.com
URL: https://cool.therewardsqueen.com/cdn-cgi/challenge-platform/scripts/invisible.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:20bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 27 Jul 2023 21:51:23 GMT
content-encoding: gzip
server: cloudflare
cf-ray: 7ed81a7c1f023639-FRA
content-type: text/plain; charset=UTF-8

GET
H2 200 css2
fonts.googleapis.com/ 4 KB
1 KB 137ms
49ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: client
URL: about:client

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cool.therewardsqueen.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 27 Jul 2023 21:51:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 27 Jul 2023 20:23:23 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 27 Jul 2023 21:51:25 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Scam (Online)

58 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
echo4.bluehornet.com/	1970-01-20 13:44:59	Name: AWSALB Value: +orI0OgjzXcsvPlwD0CcZDsLdf7lNwW69UR94XK1ouEZzHr5zvsXwVC3C+8w6KGU5dr36I5uRekzl5pLdoeg0CXEk8XRGstmARySaFnAFNMk/V8ZXwizJwEMvCkN
cool.therewardsqueen.com/	1970-01-20 13:34:56	Name: sf-session-id Value: 5ea7571d-b535-46c1-9547-cc594e2f799e
.subscribefunnels.com/	1970-01-20 13:34:56	Name: __cf_bm Value: 1FVtlu4vwTb9geRfz4X2eFX3bIyCy_hY5.Zbr.dJLto-1690494683-0-AfdtQsrViUQ0IXvtxSatd3yD3i06bET+RBE8sjOr2hYyne4wSMSWLO8PKB3YEAEmOSjzeGMwSecEKZi5ZiwTUcs=
.cool.therewardsqueen.com/	1970-01-20 22:20:30	Name: cf_clearance Value: 4THJjZb7o4Ho_khPmOwwLYnUjAR0oA4G1pzH6NKgMzs-1690494683-0-0.2.1690494683
.cool.therewardsqueen.com/	1970-01-20 13:34:56	Name: __cf_bm Value: pXV5Jd8B.8XDDsTM1bWn3nqkBykeeauBjgIlNQxY2Qw-1690494684-0-AZOGby02+M0oBSSSmWPk6z9xf6FoN7blwjOhiiyG9/kpHq/DplO/u6pPeNP2zteJw+gICcmKlaODwQtOtUbiyIY=

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://cdn.subscribefunnels.com/3c35567f-fcbc-48b9-b503-40204ae566e4/sr/assets/pub.min.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://pro.ip-api.com/json?key=yzivs13ng2D2ldb Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
other	error	URL: https://cool.therewardsqueen.com/?ts=AAB9523C Message: Chrome currently does not support the Push API in incognito mode (https://crbug.com/401439). There is deliberately no way to feature-detect this, since incognito mode needs to be undetectable by websites.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.pushflow.net
cdn.subscribefunnels.com
code.jquery.com
cool.therewardsqueen.com
echo4.bluehornet.com
fonts.googleapis.com
pro.ip-api.com
s3.amazonaws.com
sites.subscribefunnels.com
2001:4de0:ac18::1:a:2b
2606:4700:3038::6815:ead1
2606:4700:4400::6812:20bf
2a00:1450:4001:829::200a
34.208.132.144
51.77.64.70
52.217.89.126
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
172238106422a28ed71d1db6b314817a994a89453c349f96c6431dd98534637d
2cce71c500d910e63432c85b0c30a12ab74132ff32251c8708e39178aa7bdd13
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
2f634cb1aea4711ac0d7f1ca20a3bc48dc4e53067ed1c5cadde3fcd70b127c2a
6654bb37eb080d19cee41ebae557b061ae412aac957d32d248e6daab287cd128
6d894003d6071be103ca497c54461c500d2656e88003dd0afed8cdc0ed7bffe3
735ee02711d4d62d8cfba0c075237f227491a044441540d39f8c8203ccd54cea
745009bea0c53a20212514ee3b11334313fe73225cb53053f90d82d45a4685ae
8709d39fa2145c42849a308928908012b733dafc55d16d2bdb277b46c17096b1
8fccb5c96c54856548fbad584f0e41f72313b94b33ec32d328985b3267f4035e
99eb8768cd11765996aedad9e83f24b146256e3703310169e4d23a084f90b222
bb640067b5d233f221c2a280bb5be089cc087a872941ae5f588f8230b60bee40
bf97443d681d2bc0ca04b707d0d3d443bcf99b1bf4fc0af84ac51286d0b4e02b
bfd1d5fe340fa44624ac0e9e330e686c32278c0935835089bd816a1a1a4429a0
c6c896e27ff1f1d6cb22ce652dcca916946ce9f003bcb4fe30d1265fcb531a95
d05c0e909bdedac17a489ae6824edc81386259c6567d7dabe4123b6312024024
db11da935d80d56ccae24c780dc6576674b47d5de713e45f7e83102152464a99
db941a845a7f1183c1ca30312a7fac72f4694b829c246b3e215679c2d63208c5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ec7f6d8be0523e65fd5e696efbb6c492baec35f4b4bb8909ad5b29a0901ad5eb

cool.therewardsqueen.com Open in urlscan Pro 2606:4700:4400::6812:20bf Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

25 Requests

96 %HTTPS

57 %IPv6

8 Domains

9 Subdomains

6 IPs

3 Countries

977 kBTransfer

1452 kBSize

5 Cookies

2 Outgoing links

Page URL History

Redirected requests

25 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

58 JavaScript Global Variables

5 Cookies

cool.therewardsqueen.com Open in urlscan Pro
2606:4700:4400::6812:20bf Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

25
Requests

96 %
HTTPS

57 %
IPv6

8
Domains

9
Subdomains

6
IPs

3
Countries

977 kB
Transfer

1452 kB
Size

5
Cookies

25 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!