lp.duckdayis.com Open in urlscan Pro
188.114.96.3 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://oroling.com/astrometer/decarbonize/4670333536/dura/astrometer/1716873251/decarbonize/abbatical
Effective URL:
https://lp.duckdayis.com/13f152d5aba3678b7d11de1155ec3b3b32537d1b?oid=465&affid=28&_ef_transaction_id=6773747889d844e0a4d...
Submission: On May 28 via api (May 28th 2024, 6:48:32 am UTC) from BE — Scanned from DE

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 5 countries across 9 domains to perform 15 HTTP transactions. The main IP is 188.114.96.3, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is lp.duckdayis.com.
TLS certificate: Issued by E1 on May 6th 2024. Valid for: 3 months.

This is the only time lp.duckdayis.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
4	77.220.204.209 77.220.204.209	51898 (BORNEO) (BORNEO)
1	2a00:1450:400... 2a00:1450:4001:806::200a	15169 (GOOGLE) (GOOGLE)
2 2	34.149.194.84 34.149.194.84	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	207.154.193.175 207.154.193.175	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1 1	2606:4700:303... 2606:4700:3033::ac43:959f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 5	188.114.96.3 188.114.96.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	104.17.24.14 104.17.24.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	188.114.97.3 188.114.97.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	165.227.135.219 165.227.135.219	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
15	6

4 77.220.204.209 (Bishkek, Kyrgyzstan)

ASN51898 (BORNEO, KG)
PTR: oroling.com

oroling.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.149.194.84 (Kansas City, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 84.194.149.34.bc.googleusercontent.com

www.virtualmingu.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 207.154.193.175 (Frankfurt am Main, Germany) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)
PTR: stl.golddiscount.top

stl.golddiscount.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3033::ac43:959f (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

click.morningsevenos.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 188.114.96.3 (Amsterdam, Netherlands) 1 redirects

ASN13335 (CLOUDFLARENET, US)

lp.duckdayis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.17.24.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 188.114.97.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

cdn1.liquifycdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 165.227.135.219 (Frankfurt am Main, Germany)

ASN14061 (DIGITALOCEAN-ASN, US)
PTR: clk.nicegoldwinner.top

clk.nicegoldwinner.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	duckdayis.com 1 redirects lp.duckdayis.com	53 KB
4	oroling.com oroling.com	16 KB
3	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 237	45 KB
2	nicegoldwinner.top clk.nicegoldwinner.top	20 KB
2	virtualmingu.com 2 redirects www.virtualmingu.com	888 B
1	liquifycdn.com cdn1.liquifycdn.com	14 KB
1	morningsevenos.com 1 redirects click.morningsevenos.com	1 KB
1	golddiscount.top 1 redirects stl.golddiscount.top	812 B
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 380	30 KB
15	9

	Domain	Requested by
5	lp.duckdayis.com	1 redirects oroling.com lp.duckdayis.com
4	oroling.com	oroling.com ajax.googleapis.com
3	cdnjs.cloudflare.com	lp.duckdayis.com
2	clk.nicegoldwinner.top	lp.duckdayis.com clk.nicegoldwinner.top
2	www.virtualmingu.com	2 redirects
1	cdn1.liquifycdn.com	lp.duckdayis.com
1	click.morningsevenos.com	1 redirects
1	stl.golddiscount.top	1 redirects
1	ajax.googleapis.com	oroling.com
15	9

This site contains no links.

Subject Issuer	Validity	Valid
upload.video.google.com WR2	`2024-05-06` - `2024-07-29`	3 months	crt.sh
duckdayis.com E1	`2024-05-06` - `2024-08-04`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
liquifycdn.com GTS CA 1P5	`2024-05-23` - `2024-08-21`	3 months	crt.sh
clk.nicegoldwinner.top R3	`2024-03-11` - `2024-06-09`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://lp.duckdayis.com/13f152d5aba3678b7d11de1155ec3b3b32537d1b?oid=465&affid=28&_ef_transaction_id=6773747889d844e0a4dc3808a0e16a04&sub1=9bfd8d8c570f46a9be12094e5f4da571&sub2=145&sub4=4583
Frame ID: 22F08523CA05B9CDF83CC2CF9942492D
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Information

Page URL History Show full URLs

http://oroling.com/astrometer/decarbonize/4670333536/dura/astrometer/1716873251/decarbonize/abb... HTTP 307
https://oroling.com/astrometer/decarbonize/4670333536/dura/astrometer/1716873251/decarbonize/abb... HTTP 307
http://oroling.com/astrometer/decarbonize/4670333536/dura/astrometer/1716873251/decarbonize/abb... Page URL
https://www.virtualmingu.com/7KB1XW/24TX27D/?sub1=tc4670333536_337980936&source_id=4583&uum=3E47A0C1-1716... HTTP 302
https://www.virtualmingu.com/cmp/4L458Q/9P848/?__rpt=0&__po=643&__ptid=22e9c883145049de8eadfafa7b42e04d&_... HTTP 302
https://stl.golddiscount.top/cmp/NHNQ1/8GC3R/?sub1=9bfd8d8c570f46a9be12094e5f4da571&sub2=145&sub3=&sub4=4... HTTP 302
https://click.morningsevenos.com/de_DE/d5he1aNo4XIy?oid=465&affid=28&first_name=&last_name=&address=&zip_code... HTTP 302
https://lp.duckdayis.com/enter/13f152d5aba3678b7d11de1155ec3b3b32537d1b?oid=465&affid=28&_ef_transact... HTTP 302
https://lp.duckdayis.com/13f152d5aba3678b7d11de1155ec3b3b32537d1b?oid=465&affid=28&_ef_transaction_id... Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

15
Requests

73 %
HTTPS

22 %
IPv6

9
Domains

9
Subdomains

6
IPs

5
Countries

175 kB
Transfer

521 kB
Size

16
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://oroling.com/astrometer/decarbonize/4670333536/dura/astrometer/1716873251/decarbonize/abbatical HTTP 307
https://oroling.com/astrometer/decarbonize/4670333536/dura/astrometer/1716873251/decarbonize/abbatical HTTP 307
http://oroling.com/astrometer/decarbonize/4670333536/dura/astrometer/1716873251/decarbonize/abbatical Page URL
https://www.virtualmingu.com/7KB1XW/24TX27D/?sub1=tc4670333536_337980936&source_id=4583&uum=3E47A0C1-1716878898.2674 HTTP 302
https://www.virtualmingu.com/cmp/4L458Q/9P848/?__rpt=0&__po=643&__ptid=22e9c883145049de8eadfafa7b42e04d&__rpa=0&__rc=1&sub1=tc4670333536_337980936&sub2=&sub3=&sub4=&sub5=&source_id=4583&__pcd=9&uum=3E47A0C1-1716878898.2674 HTTP 302
https://stl.golddiscount.top/cmp/NHNQ1/8GC3R/?sub1=9bfd8d8c570f46a9be12094e5f4da571&sub2=145&sub3=&sub4=4583&first_name=&last_name=&address=&zip_code=&city=&phone_number=&email= HTTP 302
https://click.morningsevenos.com/de_DE/d5he1aNo4XIy?oid=465&affid=28&first_name=&last_name=&address=&zip_code=&city=&phone_number=&email=&_ef_transaction_id=6773747889d844e0a4dc3808a0e16a04&sub1=9bfd8d8c570f46a9be12094e5f4da571&sub2=145&sub3=&sub4=4583&sub5= HTTP 302
https://lp.duckdayis.com/enter/13f152d5aba3678b7d11de1155ec3b3b32537d1b?oid=465&affid=28&_ef_transaction_id=6773747889d844e0a4dc3808a0e16a04&sub1=9bfd8d8c570f46a9be12094e5f4da571&sub2=145&sub3=&sub4=4583&sub5= HTTP 302
https://lp.duckdayis.com/13f152d5aba3678b7d11de1155ec3b3b32537d1b?oid=465&affid=28&_ef_transaction_id=6773747889d844e0a4dc3808a0e16a04&sub1=9bfd8d8c570f46a9be12094e5f4da571&sub2=145&sub4=4583 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://oroling.com/astrometer/decarbonize/4670333536/dura/astrometer/1716873251/decarbonize/abbatical HTTP 307
https://oroling.com/astrometer/decarbonize/4670333536/dura/astrometer/1716873251/decarbonize/abbatical HTTP 307
http://oroling.com/astrometer/decarbonize/4670333536/dura/astrometer/1716873251/decarbonize/abbatical

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

abbatical Show response
oroling.com/astrometer/decarbonize/4670333536/dura/astrometer/1716873251/decarbonize/
Redirect Chain

http://oroling.com/astrometer/decarbonize/4670333536/dura/astrometer/1716873251/decarbonize/abbatical
https://oroling.com/astrometer/decarbonize/4670333536/dura/astrometer/1716873251/decarbonize/abbatical
http://oroling.com/astrometer/decarbonize/4670333536/dura/astrometer/1716873251/decarbonize/abbatical

834 B
667 B

261ms
261ms

Document
text/html

77.220.204.209
BORNEO

General

Check archive.org

Show headers Download Go to

Full URL: http://oroling.com/astrometer/decarbonize/4670333536/dura/astrometer/1716873251/decarbonize/abbatical
Protocol: HTTP/1.1
Server: 77.220.204.209 Bishkek, Kyrgyzstan, ASN51898 (BORNEO, KG),
Reverse DNS: oroling.com
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 342631eb2dd3812701d332b01738771ee6b74d99b7f9adb8fba696fc558709a5

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Tue, 28 May 2024 06:48:17 GMT
Server: nginx/1.10.3 (Ubuntu)
Transfer-Encoding: chunked
Vary: Accept-Encoding

Redirect headers

Location: http://oroling.com/astrometer/decarbonize/4670333536/dura/astrometer/1716873251/decarbonize/abbatical
Non-Authoritative-Reason: HttpsUpgrades

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.2.1/ 85 KB
30 KB 64ms
7ms Script
text/javascript 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js

Requested by

Host: oroling.com
URL: http://oroling.com/astrometer/decarbonize/4670333536/dura/astrometer/1716873251/decarbonize/abbatical

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 26 May 2024 16:14:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 138829
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30306
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 26 May 2025 16:14:28 GMT

GET
H/1.1 200
OK 898712029.5269474888.2316014603.599224472
oroling.com/ 14 KB
15 KB 352ms
352ms Image
image/gif 77.220.204.209
BORNEO

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://oroling.com/898712029.5269474888.2316014603.599224472
Requested by: Host: oroling.com
URL: http://oroling.com/astrometer/decarbonize/4670333536/dura/astrometer/1716873251/decarbonize/abbatical
Protocol: HTTP/1.1
Server: 77.220.204.209 Bishkek, Kyrgyzstan, ASN51898 (BORNEO, KG),
Reverse DNS: oroling.com
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 8effef18a817c22d929eb3955cd32d2ffb4859b8d7035c8e2f4ade2bb41e77f6

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 28 May 2024 06:48:18 GMT
Server: nginx/1.10.3 (Ubuntu)
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 14742
Expires: 0

POST
H/1.1 200
OK abbatical&p=a
oroling.com/astrometer/decarbonize/4670333536/dura/astrometer/1716873251/decarbonize/ 116 B
366 B 456ms
374ms XHR
text/html 77.220.204.209
BORNEO

General

Check archive.org

Show headers Download Go to

Full URL: http://oroling.com/astrometer/decarbonize/4670333536/dura/astrometer/1716873251/decarbonize/abbatical&p=a
Requested by: Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
Protocol: HTTP/1.1
Server: 77.220.204.209 Bishkek, Kyrgyzstan, ASN51898 (BORNEO, KG),
Reverse DNS: oroling.com
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash

Request headers

Accept: */*
Referer
X-Requested-With: XMLHttpRequest
Accept-Language: de-DE,de;q=0.9;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Date: Tue, 28 May 2024 06:48:18 GMT
Content-Encoding: gzip
Server: nginx/1.10.3 (Ubuntu)
Connection: keep-alive
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK favicon.ico
oroling.com/ 43 B
245 B 266ms
246ms Other
image/gif 77.220.204.209
BORNEO

General

Check archive.org

Show headers Download Go to

Full URL: http://oroling.com/favicon.ico
Protocol: HTTP/1.1
Server: 77.220.204.209 Bishkek, Kyrgyzstan, ASN51898 (BORNEO, KG),
Reverse DNS: oroling.com
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Date: Tue, 28 May 2024 06:48:18 GMT
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx/1.10.3 (Ubuntu)
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H3

200

Primary Request 13f152d5aba3678b7d11de1155ec3b3b32537d1b Show response
lp.duckdayis.com/
Redirect Chain

https://www.virtualmingu.com/7KB1XW/24TX27D/?sub1=tc4670333536_337980936&source_id=4583&uum=3E47A0C1-1716878898.2674
https://www.virtualmingu.com/cmp/4L458Q/9P848/?__rpt=0&__po=643&__ptid=22e9c883145049de8eadfafa7b42e04d&__rpa=0&__rc=1&sub1=tc4670333536_337980936&sub2=&sub3=&sub4=&sub5=&source_id=4583&__pcd=9&uum...
https://stl.golddiscount.top/cmp/NHNQ1/8GC3R/?sub1=9bfd8d8c570f46a9be12094e5f4da571&sub2=145&sub3=&sub4=4583&first_name=&last_name=&address=&zip_code=&city=&phone_number=&email=
https://click.morningsevenos.com/de_DE/d5he1aNo4XIy?oid=465&affid=28&first_name=&last_name=&address=&zip_code=&city=&phone_number=&email=&_ef_transaction_id=6773747889d844e0a4dc3808a0e16a04&sub1=9b...
https://lp.duckdayis.com/enter/13f152d5aba3678b7d11de1155ec3b3b32537d1b?oid=465&affid=28&_ef_transaction_id=6773747889d844e0a4dc3808a0e16a04&sub1=9bfd8d8c570f46a9be12094e5f4da571&sub2=145&sub3=&sub...
https://lp.duckdayis.com/13f152d5aba3678b7d11de1155ec3b3b32537d1b?oid=465&affid=28&_ef_transaction_id=6773747889d844e0a4dc3808a0e16a04&sub1=9bfd8d8c570f46a9be12094e5f4da571&sub2=145&sub4=4583

26 KB
11 KB

639ms
618ms

Document
text/html

188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://lp.duckdayis.com/13f152d5aba3678b7d11de1155ec3b3b32537d1b?oid=465&affid=28&_ef_transaction_id=6773747889d844e0a4dc3808a0e16a04&sub1=9bfd8d8c570f46a9be12094e5f4da571&sub2=145&sub4=4583

Requested by

Host: oroling.com
URL: http://oroling.com/astrometer/decarbonize/4670333536/dura/astrometer/1716873251/decarbonize/abbatical

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

785146e1ba334fdaae5959124bb8c3487bbcce2343b7c7688ca215057709d1a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache, private
cf-cache-status: DYNAMIC
cf-ray: 88ac4c66caa09741-FRA
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Tue, 28 May 2024 06:48:20 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X%2BLQxoCtp3WjJA7%2BTMsC5FwFOf8KfOAME1HNO%2FDUC3OpE11djo7b0tESoxC6S%2FkCBv7fgYvYIVuQipKF7pI9wZLzaMFXo7qBA9VTWRQLkh4Cjt9vfgwKVd5dMvKw7qlrNJPi"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

Redirect headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache, private
cf-cache-status: DYNAMIC
cf-ray: 88ac4c63efbc9741-FRA
content-type: text/html; charset=UTF-8
date: Tue, 28 May 2024 06:48:20 GMT
location: https://lp.duckdayis.com/13f152d5aba3678b7d11de1155ec3b3b32537d1b?oid=465&affid=28&_ef_transaction_id=6773747889d844e0a4dc3808a0e16a04&sub1=9bfd8d8c570f46a9be12094e5f4da571&sub2=145&sub4=4583
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ooMHy%2F%2BoUuynSpMOcgSXkMPhMaIPCsP6zBO7JIdMgbMbjcu6SkVj5mwazzMVABC3G3VftFNVMPokzbtVQ7fBMzciMrC2uFU4kOrb%2Fgf7mTztkN4AeBwTgWXHhqjSJXmRnxIY"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.1/ 88 KB
28 KB 49ms
17ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.1/jquery.min.js

Requested by

Host: lp.duckdayis.com
URL: https://lp.duckdayis.com/13f152d5aba3678b7d11de1155ec3b3b32537d1b?oid=465&affid=28&_ef_transaction_id=6773747889d844e0a4dc3808a0e16a04&sub1=9bfd8d8c570f46a9be12094e5f4da571&sub2=145&sub4=4583

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Origin: https://lp.duckdayis.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 28 May 2024 06:48:20 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 473535
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27990
last-modified: Fri, 26 Aug 2022 18:34:13 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "63091225-6d56"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BN1XzD9SXLMHkQ3Q%2BAFP9140vgbRlHBHxdiBmzpLsSQHVO4u4zwmJ%2B2W80ajD4GEgBFxc78Zn9SM24QySZ1w%2BPUXdKFnY%2FGV3XNhXTc41IMI1NlvwI4OY%2BtTQmXQc6YxtcArMuuh"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 88ac4c6b0de43616-FRA
expires: Sun, 18 May 2025 06:48:20 GMT

GET
H3 200 styles.css
lp.duckdayis.com/assets/css/ 53 KB
8 KB 46ms
42ms Stylesheet
text/css 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://lp.duckdayis.com/assets/css/styles.css?id=ed8ac1c08d4d3f9d324296f3094c43d2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4c5b8481febc886b3a96d81e477c3a09e5ca850c0f265d23c52baae54571fdd1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 28 May 2024 06:48:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 06 May 2024 05:17:17 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"663867dd-d5db"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pP3lIC71Tv1gTYbzz%2Fa9DrOr1ghgasoqOyFxLoCOf1tHPfE86p%2B0F%2F%2F1YHk%2BfKePQt2HIm3IAMhdoI3i1fYRKXQIvr95%2F%2Bdm1riWlY56nq1yXJsvD1gsbuiKmux9nspf%2B3ys"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 88ac4c6adf2e9741-FRA
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block

GET
H3 200 jquery-3.6.1.min.js Show response
lp.duckdayis.com/assets/js/ 88 KB
31 KB 47ms
43ms Script
application/javascript 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://lp.duckdayis.com/assets/js/jquery-3.6.1.min.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 28 May 2024 06:48:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Mon, 06 May 2024 05:17:17 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"663867dd-15e40"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XeBLGVj91KFzwiAwET1giq7Fc6a2ZQqa4Q7%2BH9p8hYOc1fTbZex2Ly8lk9DxF6%2FQ6e7nPrifnz8tg2qax2w8JOHNFrjOHaKe20lc6GYc2bW7f6r%2Fw7kR7dJDQnrI8WWltECT"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 88ac4c6adf309741-FRA
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block

GET
H3 200 jquery.validate.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.19.0/ 24 KB
7 KB 19ms
19ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.19.0/jquery.validate.min.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6eefc13f4d9832e74173dea423bca495ceb7f4cbb888a19434d71a9bc0f69cb7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Origin: https://lp.duckdayis.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 28 May 2024 06:48:21 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 297674
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 6955
last-modified: Mon, 04 May 2020 16:11:46 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec2-5f30"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8apMtuSG5CzLmTvN8FO9fPYXT1lXUF2XnnwulQYJx6KZsSkyCGK%2ByEqRPsTuqIl5IppkWEdzdU%2BH6ixvaw9fRkXPS9Q8mqTb5%2FdsIEOmYwz8SJOZ%2BJviU056yKylRAj0DvnXucLB"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 88ac4c6b3e1f3616-FRA
expires: Sun, 18 May 2025 06:48:21 GMT

GET
H3 200 card.svg
cdn1.liquifycdn.com/cp/form-campaign-checkout-v2/assets/images/ 33 KB
14 KB 74ms
40ms Image
image/svg+xml 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn1.liquifycdn.com/cp/form-campaign-checkout-v2/assets/images/card.svg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8003f52342e1def68499f3d0d10d988f20cd7086faa0fa7eaaf7dcae42ed07e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 28 May 2024 06:48:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: *, *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o3gM4RdyncHKgaV8qSu3gOy0lsCmSdxkTgplveGJMmnc4S8vqs8PRR3GhxCzn7EdFbhM%2BvBr6ZNOpegKrvrj1j7YQUUa%2FsUxMK2mENbD5vuEuZQ%2FbNiLSkIOCdP3Xdxdf9snzDNw"}],"group":"cf-nel","max_age":604800}
cache-control: no-cache, private
cf-ray: 88ac4c6b0f1e9f20-FRA
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block

GET
H3 200 card.min.js Show response
cdnjs.cloudflare.com/ajax/libs/card/1.3.1/js/ 49 KB
10 KB 49ms
18ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/card/1.3.1/js/card.min.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

61a1aeeea29068f11931d842256185a8cf63a9eba801ca8e176c19a6266258a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 28 May 2024 06:48:20 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 998972
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 9498
last-modified: Mon, 04 May 2020 16:09:06 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e22-c3a2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DG8ueu0dISOfvLzgLyOOgaLAPto71Nwe5nbfMRlfYdcy%2BB45ioutlywaPTxBUAi9kUWSdkrdYreKBB3T30zpj5IyN5HJGrdeBf%2BCUWFn8mAS%2FwwRaTP83IZtaUmSCgzGGPlOOUpW"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 88ac4c6b0b642be6-FRA
expires: Sun, 18 May 2025 06:48:20 GMT

GET
H/1.1 200
OK everflow.js Show response
clk.nicegoldwinner.top/scripts/sdk/ 60 KB
19 KB 295ms
215ms Script
text/javascript 165.227.135.219
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://clk.nicegoldwinner.top/scripts/sdk/everflow.js
Requested by: Host: lp.duckdayis.com
URL: https://lp.duckdayis.com/13f152d5aba3678b7d11de1155ec3b3b32537d1b?oid=465&affid=28&_ef_transaction_id=6773747889d844e0a4dc3808a0e16a04&sub1=9bfd8d8c570f46a9be12094e5f4da571&sub2=145&sub4=4583
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 165.227.135.219 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: clk.nicegoldwinner.top
Software: nginx /
Resource Hash: 49e6ab5d6a1a330f0077577b21164ad3912ce1917c303d50302d89ab4b70005a

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 28 May 2024 06:48:21 GMT
content-encoding: gzip
server: nginx
accept-ch: Sec-Ch-Ua-Platform-Version,Sec-Ch-Ua-Model
transfer-encoding: chunked
vary: Origin
content-type: text/javascript
cache-control: max-age=14400
x-eflow-request-id: bad26ff6-e295-44fd-b049-320ed3172769

GET
H3 200 favicon.ico
lp.duckdayis.com/ 0
447 B 50ms
42ms Other
image/x-icon 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://lp.duckdayis.com/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 28 May 2024 06:48:21 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 0
x-xss-protection: 1; mode=block
last-modified: Mon, 06 May 2024 05:17:17 GMT
server: cloudflare
etag: "663867dd-0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JTZpqqjgl9qSHk0m37VKY04oOzgGGJ%2BLgxUA1THQi2oia%2FojEguZv4Mg211BxBZ1TIDWgMeYTeHZOWym1OsxXSI2e70nhyDw9KBzOfg5lktV3fZLDlnx4irv%2BsJQBi3ESfBc"}],"group":"cf-nel","max_age":604800}
content-type: image/x-icon
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 88ac4c6dcaa59741-FRA

GET
H/1.1 200
OK click Show response
clk.nicegoldwinner.top/sdk/ 87 B
721 B 220ms
219ms Fetch
application/json 165.227.135.219
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://clk.nicegoldwinner.top/sdk/click?effp=1e6a13196380810139482f039d868031&sec_ch_ua_platform=Win32&sec_ch_ua_platform_version=10.0.0&sec_ch_ua_model=&_ef_transaction_id=6773747889d844e0a4dc3808a0e16a04&oid=465&affid=28&__cc=&async=json&sub1=9bfd8d8c570f46a9be12094e5f4da571&sub2=145&sub4=4583&__qp=oid%7Caffid%7C_ef_transaction_id%7Csub1%7Csub2%7Csub4&__rf=&__efckuq=86
Requested by: Host: clk.nicegoldwinner.top
URL: https://clk.nicegoldwinner.top/scripts/sdk/everflow.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 165.227.135.219 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: clk.nicegoldwinner.top
Software: nginx /
Resource Hash: 52063d696006a89dab825d122a69f25cff9dbfbdada6b4af0ca3343bac0e3a92

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 28 May 2024 06:48:21 GMT
server: nginx
accept-ch: Sec-Ch-Ua-Platform-Version,Sec-Ch-Ua-Model
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://lp.duckdayis.com
access-control-allow-credentials: true
x-eflow-request-id: ba15eb7b-4f34-4d68-b38a-33f9d9f25422
content-length: 87

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

16 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.virtualmingu.com/	1970-01-20 20:54:42	Name: uniqueClick_24TX27D Value: 74946ede-65ea-4be0-8ca0-8357da270a61:1716878898
www.virtualmingu.com/	1970-01-20 20:54:42	Name: uniqueClick_9P848 Value: e7ee4f39-f2b8-41c2-8263-9a20161a9bf9:1716878898
www.virtualmingu.com/	1970-01-20 23:04:14	Name: transaction_id Value: 9bfd8d8c570f46a9be12094e5f4da571
stl.golddiscount.top/	1970-01-20 20:56:05	Name: uniqueClick_8GC3R Value: c064dbda-132e-48de-83d1-f3f22a0dc5b3:1716878898
stl.golddiscount.top/	1970-01-20 23:04:14	Name: transaction_id Value: 6773747889d844e0a4dc3808a0e16a04
click.morningsevenos.com/	1970-01-20 20:54:49	Name: XSRF-TOKEN Value: eyJpdiI6ImNyMitqVkZFNHcrT2FYczYveE8zNWc9PSIsInZhbHVlIjoiaEdnRW1JN2VEYjBHMFZXUDRLOUJBOTd4ZHlpSjM1dFJFTE96dno4bHRzWUlyZnNrd3dxNWtGcmlPSnVlbVg0aTZ0eGNQeEJmdnNUT2lQSjl5c2FuTzBTRFRkYXhlbkI1bGc5ZHlFenFTSGRDWVlNNjBCWjFWVXVmT2RBOHN5UHciLCJtYWMiOiI0ZDE0NWM1YjRhN2JmZmIxNzRiN2E4ZmNkZjljNzM2NjQ5ZGNlYzc0Yjk1NjZmMGM1NWQ2Yjk3YzJiM2U0OTFkIiwidGFnIjoiIn0%3D
click.morningsevenos.com/	1970-01-20 20:54:49	Name: spring_session Value: eyJpdiI6Ik1Oak9veE1pSE9wVFU3ZjVXczhQRmc9PSIsInZhbHVlIjoiWGlqWFRrSzJxSzFRVkpEeVNNNlhMT3NJMmVUaFpTcnNtTTNUamJVdTY4dk1kL1E0Ynd2cGR5SmQ5czhTTHBCTEtoOTRkdklXS0FBalFwU1B5VFltZUl4VENheVVvc0J4RWdEOHZXMjhpZm5lWFB2ZmdtTmxtTGxWeThCRlBmNHgiLCJtYWMiOiIwNWQ2ZjNjMTllNGQ2NzE3NWI5NjkxY2UyYTY3YTFkN2JmM2M1OTY5OTU2NzNkMDU3ZGJjNWNiNmJhYmM1OWFmIiwidGFnIjoiIn0%3D
lp.duckdayis.com/	1970-01-20 20:54:49	Name: XSRF-TOKEN Value: eyJpdiI6IkoydkxzRGJPcEdYUExkZm1wOHNld2c9PSIsInZhbHVlIjoiaXhuYUNSVkdTWjJWNzYzYzZ3TSttOTZpM1gvNWlSS05mYmExaEtNajVVTEFuakd0bStBcGRRV0xKUlhxRVZ6eXVqYyt3YXpBcUxvaXhzbWZqa3BqZ2ZMa3JYNHpJVXo1enUzc2lIbzAzRlFERGJVcmZLeFpOZXF3UVZqVW5IMkMiLCJtYWMiOiI0MjY5NzkzOTAzYzIzNzZkZjQyNGE1MzM2OWIwMzM0MDI0Nzg1ZWY1NTBmMzY2MTNkODg0Y2IwNzRhMGNhY2IwIiwidGFnIjoiIn0%3D
lp.duckdayis.com/	1970-01-20 20:54:49	Name: sitesession Value: eyJpdiI6IkozM0lBVDd2cmg2eURxaWhEeGN1Z3c9PSIsInZhbHVlIjoiejVTZm9yRkkyUlBVZDVNdVp2SVRGYXgxV2FRQjdERTJibjNZNmRoYlR3V1R5TVVOVlVQeXk5WUtNenhsTGh5bTFCN0FQZVFrMFVKa0I3NUhwVUllWjgvaFhONFMvVEgwUkQxYm9YNm9SczJPN2puem9xbU01ai9FSGVnZm0vWWEiLCJtYWMiOiI5ZDkwMzA3NGJjOTIzY2JjMzcxZjhiNzZjNGNlMjU3ZjM5YzFhNTk1MDkzZjgzMjkyYmRiNWRhNGEwMDMxYThiIiwidGFnIjoiIn0%3D
lp.duckdayis.com/	1970-01-20 20:54:49	Name: YmHjMRbNZbk3bJ1eViKiskgVkTkhgkjcHyTbXVVP Value: eyJpdiI6IktDK2tKelFqbW9HR0NwZlM3dm9YWGc9PSIsInZhbHVlIjoiZ1h3ZDRSZ21TejJqbGNQVkdKR0tXa0tjN1Brei9PY0RiaCtnNVkxZWprZjlVK3R6Q0lncWw5TmtjbWw2K3M4WTZjejkrQStmZjZoMFk3Snk4aE9nVlh1YlRaRnNadmpaa25IcHlPS2tmQTM2Q0lFM3BCRWs4QmhSd1J0WWRsdyt5cWkxWFVUTFhxSFhETVpsZ0RHWVNCUnU5L2hUcXpFUlRNTXlVMHhCMmNrU0cvU1ZZK3AxaUFzU1dNakltd012U2czUGlBemZpSzJTWUkrZnEwUmVXcFpka1V2SEJFMkVPaEFIbU1MNTB0YlRXWGlISks5R1piTVR3UzVGbnNLSGhXbEhVaE16RDJQWXo0VEwvRFgvdFVMbmtheVBrRWU0eVJLRmZSNE4wVWdpbmE1ajhUakdraExSRENOOGJGQ01IQTlGTG9GeGdLbFBBdlQybllpNno1akZla2JjNEtmOUNpVzE5Y1RlODErU1RqeXhVM001VmVhczJ6Z2c3bXU5VWc0a3REZkVmWFlSY3o5YzFkS25Bb2lRbXM5a2c5ZnRSREQ4TWtTbzFHRitTY2FPYVZEb1BqL1luSnZsNldRbG8xd29JYS9lTW5ScWlpYnVLS0J5c2JpNk1tSFhIbDFZZlgzK0dxT1piRWZMZ2tLOHNoZEZ4Qkw3VktBVFlMYUtRWVl0VEhLS09ZS2ZOMkx2S3hWTHppaDBleXAyY2RCSTlnQ0dmdTZSdUxBVndPbUViT1JheU03T29rYTU0RHZBMERjZlVxbEsxVUVhazRxQjVnQTZHRUJJa3luaGY2dXBWc0IxN1J5WTl6MDRJaVloNTdXWUZZekRrYTZOZVcwVmlnMG1PWWxrRGk4UUVadUk3UEx5UkpJR1BYUzU3K2RSdE1GRDVRU20raHhJSmJrUmdSU1ZYN2JoTkNhTDlWVkN0eCtBOXBWb2NaU3JleHVMRlQwSFRoWkh6aVdTc2s0VDlST2tyektRdHhSUXM5bUtRN1cxOVg5RnN0STF4WDhVNHhjOW1tK0RrWTZ0NjIwc2tQLy9TbzJtb1hBS25XZWRmZnVDUHd6akRrU1Z2K2x0WlRsd0JxY0YxMk9SRDVuci9kRnh3Z1RTdWViQWdsN0ZUZy92aWNnaERtNmpuVVZ6Z3Y2K25tK3hnRGhiaDdBdi9vOWxiUWFTZ1NJRVhabTdiQmM5TFJZQUdwc2d1Yjdrb0JGMW0wUk1LcTZZZFBJZVhPSWJFKzRSVzVzMGNlc05qd1lpYkVZUXBNcEkyUmNjelpsK3FSWEFLcUZCTVAxaFdkUXowekZnZ0Z1aUhlOWhDME9ibjFtUlBpcVFCVG9Hc1lCaXNsYnpDdGpNWWZsNnhMOHBobERsc3ozN0loTURsNWFMQVdSWXhTSzh4UW14YWh6ZG1iRmV3QmxYQjNXSFpNdzBSeFF4VlluU2RVZzVJMk9nNVJiQjJSVjk3UUFDc0xoeGhZdVVOWjRvN0tEQWhlK0w4QXBoSW9nUUVCQjBpdG1CVE9SbEtGVWNDZVRGU1FZaCtBakpYWjhRSEd6eThxb3BqajJicXN1b2dBa2dRcUZWUEJpSXI2ZU5TYlZUcURUZUlDVEh2MFpwVHdlRDdqUjQxKzZLVHFSK2VCYjJLRmRBbFBjM0UrZEFrV0YwdkJ6b1kvZWZRYm5pbUtybWdEZ0RiK0QrdDRWUll4ZW9STDRWazZFQ0ZJSjBGVE1QMVB1VGZiQ1BsOSsrWndrRU1NbGZacEZVcTQrSFYyWm9USVV5U1hURFFMbWM1K3I3MHR1K2RrQmlwSGNHOWVoRzh6cklXZz09IiwibWFjIjoiNTkyZDUwODFmMTc1NWFlNDNiMTgzYjYwM2I4N2U4MDAzNjI4NTc5MGVmYzg2NDJkYTIwYjk5YTljZjVhNjBmYSIsInRhZyI6IiJ9
clk.nicegoldwinner.top/	1970-01-20 20:56:05	Name: uniqueClick Value: da387b90-5496-4b2b-9f25-6cdca9b352f5:1716878901
clk.nicegoldwinner.top/	1970-01-20 23:04:14	Name: transaction_id Value: 6773747889d844e0a4dc3808a0e16a04
lp.duckdayis.com/	1970-01-20 21:37:50	Name: ef_witness Value: 1
lp.duckdayis.com/	1970-01-20 21:37:50	Name: ef_affid Value: 28
lp.duckdayis.com/	1970-01-20 21:37:50	Name: ef_tid_c_o_465 Value: 6773747889d844e0a4dc3808a0e16a04
lp.duckdayis.com/	1970-01-20 21:37:50	Name: ef_tid_c_a_3 Value: 6773747889d844e0a4dc3808a0e16a04

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
rendering	warning	URL: https://lp.duckdayis.com/13f152d5aba3678b7d11de1155ec3b3b32537d1b?oid=465&affid=28&_ef_transaction_id=6773747889d844e0a4dc3808a0e16a04&sub1=9bfd8d8c570f46a9be12094e5f4da571&sub2=145&sub4=4583 Message: [.WebGL-0xb2801858000]GL Driver Message (OpenGL, Performance, GL_CLOSE_PATH_NV, High): GPU stall due to ReadPixels
other	warning	URL: https://lp.duckdayis.com/13f152d5aba3678b7d11de1155ec3b3b32537d1b?oid=465&affid=28&_ef_transaction_id=6773747889d844e0a4dc3808a0e16a04&sub1=9bfd8d8c570f46a9be12094e5f4da571&sub2=145&sub4=4583 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://lp.duckdayis.com/13f152d5aba3678b7d11de1155ec3b3b32537d1b?oid=465&affid=28&_ef_transaction_id=6773747889d844e0a4dc3808a0e16a04&sub1=9bfd8d8c570f46a9be12094e5f4da571&sub2=145&sub4=4583 Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
cdn1.liquifycdn.com
cdnjs.cloudflare.com
click.morningsevenos.com
clk.nicegoldwinner.top
lp.duckdayis.com
oroling.com
stl.golddiscount.top
www.virtualmingu.com
104.17.24.14
165.227.135.219
188.114.96.3
188.114.97.3
207.154.193.175
2606:4700:3033::ac43:959f
2a00:1450:4001:806::200a
34.149.194.84
77.220.204.209
342631eb2dd3812701d332b01738771ee6b74d99b7f9adb8fba696fc558709a5
49e6ab5d6a1a330f0077577b21164ad3912ce1917c303d50302d89ab4b70005a
4c5b8481febc886b3a96d81e477c3a09e5ca850c0f265d23c52baae54571fdd1
52063d696006a89dab825d122a69f25cff9dbfbdada6b4af0ca3343bac0e3a92
61a1aeeea29068f11931d842256185a8cf63a9eba801ca8e176c19a6266258a2
6eefc13f4d9832e74173dea423bca495ceb7f4cbb888a19434d71a9bc0f69cb7
785146e1ba334fdaae5959124bb8c3487bbcce2343b7c7688ca215057709d1a4
8003f52342e1def68499f3d0d10d988f20cd7086faa0fa7eaaf7dcae42ed07e9
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
8effef18a817c22d929eb3955cd32d2ffb4859b8d7035c8e2f4ade2bb41e77f6
a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

lp.duckdayis.com Open in urlscan Pro 188.114.96.3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

15 Requests

73 %HTTPS

22 %IPv6

9 Domains

9 Subdomains

6 IPs

5 Countries

175 kBTransfer

521 kBSize

16 Cookies

0 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

16 Cookies

3 Console Messages

Indicators

lp.duckdayis.com Open in urlscan Pro
188.114.96.3 Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

73 %
HTTPS

22 %
IPv6

9
Domains

9
Subdomains

6
IPs

5
Countries

175 kB
Transfer

521 kB
Size

16
Cookies

15 HTTP transactions
0 data transactions