tqnqt.tunnelbuilder.top Open in urlscan Pro
172.67.206.228 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://morgenhealthcare.in/ct/?4069482
Effective URL:
https://tqnqt.tunnelbuilder.top/eyes-robot/?pl=jPYNfiJs70uLjptRAgGw_A&sm=eyes-robot&hash=N165D5UIIXFYHO0dXIqfqw&exp=1686923132
Submission: On June 16 via manual (June 16th 2023, 1:40:34 pm UTC) from PT — Scanned from SG

Summary HTTP 32 Redirects Behaviour Indicators

Summary

This website contacted 8 IPs in 5 countries across 9 domains to perform 32 HTTP transactions. The main IP is 172.67.206.228, located in United States and belongs to CLOUDFLARENET, US. The main domain is tqnqt.tunnelbuilder.top.
TLS certificate: Issued by E1 on May 25th 2023. Valid for: 3 months.

This is the only time tqnqt.tunnelbuilder.top was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 2	184.168.102.96 184.168.102.96	26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC)
1	91.238.104.193 91.238.104.193	50321 (BYTES-AS) (BYTES-AS)
1 4	2.59.222.113 2.59.222.113	209155 (ONEHOSTPL...) (ONEHOSTPLANET)
1 3	134.209.192.77 134.209.192.77	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1 1	104.21.22.161 104.21.22.161	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	172.67.206.228 172.67.206.228	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	104.21.81.244 104.21.81.244	() ()
2	2404:6800:400... 2404:6800:4003:c00::5e	() ()
32	8

2 184.168.102.96 (Singapore) 1 redirects

ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: 96.102.168.184.host.secureserver.net

morgenhealthcare.in	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.238.104.193 (Ukraine)

ASN50321 (BYTES-AS, UA)

click.clickandanalytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2.59.222.113 (Kyiv, Ukraine) 1 redirects

ASN209155 (ONEHOSTPLANET, CZ)

block.descriptionscripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fire.descriptionscripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 134.209.192.77 (Amsterdam, Netherlands) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

desirepurplestock.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
0.desirepurplestock.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.21.22.161 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

tqnqt.rigelbetelgeuse.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 172.67.206.228 (United States)

ASN13335 (CLOUDFLARENET, US)

tqnqt.tunnelbuilder.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.21.81.244 (None, )

ASN- ()

js.streampsh.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
feed.streampsh.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2404:6800:4003:c00::5e (None, )

ASN- ()

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	tunnelbuilder.top tqnqt.tunnelbuilder.top	56 KB
4	streampsh.top js.streampsh.top feed.streampsh.top	12 KB
4	descriptionscripts.com 1 redirects block.descriptionscripts.com fire.descriptionscripts.com Failed	4 KB
3	desirepurplestock.com desirepurplestock.com Failed 0.desirepurplestock.com	36 KB
2	gstatic.com www.gstatic.com	18 KB
2	morgenhealthcare.in 1 redirects morgenhealthcare.in	1 KB
1	rigelbetelgeuse.top 1 redirects tqnqt.rigelbetelgeuse.top	690 B
1	clickandanalytics.com click.clickandanalytics.com	648 B
0	js2json.com Failed js2json.com Failed
32	9

	Domain	Requested by
12	tqnqt.tunnelbuilder.top	morgenhealthcare.in tqnqt.tunnelbuilder.top js.streampsh.top
3	js.streampsh.top	tqnqt.tunnelbuilder.top js.streampsh.top
2	www.gstatic.com	js.streampsh.top
2	0.desirepurplestock.com	1 redirects morgenhealthcare.in
2	fire.descriptionscripts.com	block.descriptionscripts.com
2	block.descriptionscripts.com	morgenhealthcare.in block.descriptionscripts.com
2	morgenhealthcare.in	1 redirects
1	feed.streampsh.top	js.streampsh.top
1	tqnqt.rigelbetelgeuse.top	1 redirects
1	desirepurplestock.com	fire.descriptionscripts.com
1	click.clickandanalytics.com	morgenhealthcare.in
0	js2json.com Failed	tqnqt.tunnelbuilder.top
32	12

This site contains no links.

Subject Issuer	Validity	Valid
morgenhealthcare.in Sectigo RSA Domain Validation Secure Server CA	`2022-11-07` - `2023-11-07`	a year	crt.sh
click.clickandanalytics.com R3	`2023-05-21` - `2023-08-19`	3 months	crt.sh
block.descriptionscripts.com R3	`2023-04-28` - `2023-07-27`	3 months	crt.sh
fire.descriptionscripts.com R3	`2023-04-21` - `2023-07-20`	3 months	crt.sh
desirepurplestock.com R3	`2023-05-11` - `2023-08-09`	3 months	crt.sh
tunnelbuilder.top E1	`2023-05-25` - `2023-08-23`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-03-25` - `2024-03-23`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-05-22` - `2023-08-14`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://tqnqt.tunnelbuilder.top/eyes-robot/?pl=jPYNfiJs70uLjptRAgGw_A&sm=eyes-robot&hash=N165D5UIIXFYHO0dXIqfqw&exp=1686923132
Frame ID: 93E1290DBBE9797B300CA7DBE01C24D9
Requests: 32 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Press “Allow” to verify, that you are not a robot

Page URL History Show full URLs

https://morgenhealthcare.in/ct/?4069482 HTTP 302
https://morgenhealthcare.in/ Page URL
https://fire.descriptionscripts.com/get.php?wid=215315&sid=32463463&gid=24563463 HTTP 302
https://fire.descriptionscripts.com/get.php?wid=215315&sid=32463463&gid=24563463&kid=yummy Page URL
https://desirepurplestock.com/?p=ha4tcolcmu5gi3bphaydcmq&sub2=Marc Page URL
https://0.desirepurplestock.com/?p=ha4tcolcmu5gi3bphaydcmq&sub2=Marc Page URL
https://0.desirepurplestock.com/?auf=gu2tiyrxmy5diojygyxtqmbrgixtemrpge3dqnrzgizdqmzr&s=1&sub1=&sub2=Marc&su... HTTP 302
https://tqnqt.rigelbetelgeuse.top/?pl=jPYNfiJs70uLjptRAgGw_A HTTP 302
https://tqnqt.tunnelbuilder.top/eyes-robot/?pl=jPYNfiJs70uLjptRAgGw_A&sm=eyes-robot&hash=N165D5UIIXFYHO0dXIq... Page URL
https://tqnqt.tunnelbuilder.top/eyes-robot/?pl=jPYNfiJs70uLjptRAgGw_A&sm=eyes-robot&hash=N165D5UIIXFYHO0dXIq... Page URL

Detected technologies

Nuxt.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<div [^>]*id="__nuxt"

Page Statistics

32
Requests

78 %
HTTPS

13 %
IPv6

9
Domains

12
Subdomains

8
IPs

5
Countries

127 kB
Transfer

210 kB
Size

8
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://morgenhealthcare.in/ct/?4069482 HTTP 302
https://morgenhealthcare.in/ Page URL
https://fire.descriptionscripts.com/get.php?wid=215315&sid=32463463&gid=24563463 HTTP 302
https://fire.descriptionscripts.com/get.php?wid=215315&sid=32463463&gid=24563463&kid=yummy Page URL
https://desirepurplestock.com/?p=ha4tcolcmu5gi3bphaydcmq&sub2=Marc Page URL
https://0.desirepurplestock.com/?p=ha4tcolcmu5gi3bphaydcmq&sub2=Marc Page URL
https://0.desirepurplestock.com/?auf=gu2tiyrxmy5diojygyxtqmbrgixtemrpge3dqnrzgizdqmzr&s=1&sub1=&sub2=Marc&sub3=&sub4=&cpc=0&cpm=0 HTTP 302
https://tqnqt.rigelbetelgeuse.top/?pl=jPYNfiJs70uLjptRAgGw_A HTTP 302
https://tqnqt.tunnelbuilder.top/eyes-robot/?pl=jPYNfiJs70uLjptRAgGw_A&sm=eyes-robot&hash=N165D5UIIXFYHO0dXIqfqw&exp=1686923132 Page URL
https://tqnqt.tunnelbuilder.top/eyes-robot/?pl=jPYNfiJs70uLjptRAgGw_A&sm=eyes-robot&hash=N165D5UIIXFYHO0dXIqfqw&exp=1686923132 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://morgenhealthcare.in/ct/?4069482 HTTP 302
https://morgenhealthcare.in/

Request Chain 5

https://fire.descriptionscripts.com/get.php?wid=215315&sid=32463463&gid=24563463 HTTP 302
https://fire.descriptionscripts.com/get.php?wid=215315&sid=32463463&gid=24563463&kid=yummy

Request Chain 11

https://0.desirepurplestock.com/?auf=gu2tiyrxmy5diojygyxtqmbrgixtemrpge3dqnrzgizdqmzr&s=1&sub1=&sub2=Marc&sub3=&sub4=&cpc=0&cpm=0 HTTP 302
https://tqnqt.rigelbetelgeuse.top/?pl=jPYNfiJs70uLjptRAgGw_A HTTP 302
https://tqnqt.tunnelbuilder.top/eyes-robot/?pl=jPYNfiJs70uLjptRAgGw_A&sm=eyes-robot&hash=N165D5UIIXFYHO0dXIqfqw&exp=1686923132

32 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

500

/ Show response
morgenhealthcare.in/
Redirect Chain

https://morgenhealthcare.in/ct/?4069482
https://morgenhealthcare.in/

3 KB
1 KB

209ms
209ms

Document
text/html

184.168.102.96
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://morgenhealthcare.in/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.168.102.96 , Singapore, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: 96.102.168.184.host.secureserver.net
Software: Apache / PHP/7.4.33
Resource Hash: 427bb9a7938a54dce4ce088f2650e3eea2ed7ceb3cbe104077cd3b805a1fdede

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: zh-SG,zh;q=0.9

Response headers

cache-control: no-cache, must-revalidate, max-age=0
content-encoding: br
content-length: 1020
content-type: text/html; charset=UTF-8
date: Fri, 16 Jun 2023 13:40:26 GMT
expires: Wed, 11 Jan 1984 05:00:00 GMT
server: Apache
vary: Accept-Encoding
x-powered-by: PHP/7.4.33

Redirect headers

content-encoding: br
content-length: 1
content-type: text/html; charset=UTF-8
date: Fri, 16 Jun 2023 13:40:26 GMT
location: /
server: Apache
vary: Accept-Encoding
x-powered-by: PHP/7.4.33

GET
H/1.1 200
OK take Show response
click.clickandanalytics.com/ 0
648 B 820ms
191ms Script
text/html 91.238.104.193
BYTES-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://click.clickandanalytics.com/take
Requested by: Host: morgenhealthcare.in
URL: https://morgenhealthcare.in/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 91.238.104.193 , Ukraine, ASN50321 (BYTES-AS, UA),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://morgenhealthcare.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 16 Jun 2023 13:40:27 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: 0

GET
H2 200 path.js Show response
block.descriptionscripts.com/scripts/ 2 KB
1 KB 1311ms
416ms Script
application/javascript 2.59.222.113
ONEHOSTPLANET

General

Check archive.org

Show headers Download Go to

Full URL

https://block.descriptionscripts.com/scripts/path.js?v=1.0.3

Requested by

Host: morgenhealthcare.in
URL: https://morgenhealthcare.in/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.59.222.113 Kyiv, Ukraine, ASN209155 (ONEHOSTPLANET, CZ),

Reverse DNS

Software

nginx /

Resource Hash

73a3195d9570ffc6ab9d2488eb93144017f76a0c6e8d5afd66f16035a068db47

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000;

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://morgenhealthcare.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 13:40:28 GMT
content-encoding: gzip
strict-transport-security: max-age=15768000;
server: nginx
content-length: 1134
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8

GET
H2 200 main.js Show response
block.descriptionscripts.com/ 3 KB
2 KB 416ms
416ms Script
application/javascript 2.59.222.113
ONEHOSTPLANET

General

Check archive.org

Show headers Download Go to

Full URL

https://block.descriptionscripts.com/main.js

Requested by

Host: block.descriptionscripts.com
URL: https://block.descriptionscripts.com/scripts/path.js?v=1.0.3

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.59.222.113 Kyiv, Ukraine, ASN209155 (ONEHOSTPLANET, CZ),

Reverse DNS

Software

nginx /

Resource Hash

cda1099db3e2407595dbad40b613a47fd83e4a062083571ec01fcc7e46e95bba

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000;

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://morgenhealthcare.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 13:40:28 GMT
strict-transport-security: max-age=15768000;
content-encoding: gzip
last-modified: Sat, 29 Apr 2023 07:22:16 GMT
server: nginx
etag: W/"644cc5a8-dd0"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET get.php
fire.descriptionscripts.com/ 0
0

GET
H2

200

get.php
fire.descriptionscripts.com/
Redirect Chain

https://fire.descriptionscripts.com/get.php?wid=215315&sid=32463463&gid=24563463
https://fire.descriptionscripts.com/get.php?wid=215315&sid=32463463&gid=24563463&kid=yummy

845 B
574 B

427ms
426ms

Document
text/html

2.59.222.113
ONEHOSTPLANET

General

Check archive.org

Show headers Download Go to

Full URL

https://fire.descriptionscripts.com/get.php?wid=215315&sid=32463463&gid=24563463&kid=yummy

Requested by

Host: block.descriptionscripts.com
URL: https://block.descriptionscripts.com/main.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.59.222.113 Kyiv, Ukraine, ASN209155 (ONEHOSTPLANET, CZ),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000;

Request headers

Referer: https://morgenhealthcare.in/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: zh-SG,zh;q=0.9

Response headers

content-encoding: gzip
content-length: 432
content-type: text/html; charset=UTF-8
date: Fri, 16 Jun 2023 13:40:30 GMT
server: nginx
strict-transport-security: max-age=15768000;
vary: Accept-Encoding

Redirect headers

content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 16 Jun 2023 13:40:29 GMT
location: https://fire.descriptionscripts.com/get.php?wid=215315&sid=32463463&gid=24563463&kid=yummy
server: nginx
strict-transport-security: max-age=15768000;

GET /
desirepurplestock.com/ 0
0

GET
H2 200 / Show response
desirepurplestock.com/ 18 KB
18 KB 759ms
170ms Document
text/html 134.209.192.77
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://desirepurplestock.com/?p=ha4tcolcmu5gi3bphaydcmq&sub2=Marc

Requested by

Host: fire.descriptionscripts.com
URL: https://fire.descriptionscripts.com/get.php?wid=215315&sid=32463463&gid=24563463&kid=yummy

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

134.209.192.77 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

b4cb0c800de0c660d67e71b3d147e83e34afad9309edc301c117dc31d8c61b18

Security Headers

Name	Value
Content-Security-Policy	img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://fire.descriptionscripts.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: zh-SG,zh;q=0.9

Response headers

access-control-allow-origin: *
content-security-policy: img-src https: data:; upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Fri, 16 Jun 2023 13:40:31 GMT
server: nginx
strict-transport-security: max-age=31536000

GET
H2 200 / Show response
0.desirepurplestock.com/ 18 KB
18 KB 246ms
171ms Document
text/html 134.209.192.77
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://0.desirepurplestock.com/?p=ha4tcolcmu5gi3bphaydcmq&sub2=Marc

Requested by

Host: morgenhealthcare.in
URL: https://morgenhealthcare.in/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

134.209.192.77 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

nginx /

Resource Hash

e7f8e9e23de3bf35ca42daeee138fa45f8db92edf2dfaed33277c28570a56328

Security Headers

Name	Value
Content-Security-Policy	img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://desirepurplestock.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: zh-SG,zh;q=0.9

Response headers

access-control-allow-origin: *
content-security-policy: img-src https: data:; upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Fri, 16 Jun 2023 13:40:31 GMT
server: nginx
strict-transport-security: max-age=31536000

GET
H2

200

/ Show response
tqnqt.tunnelbuilder.top/eyes-robot/
Redirect Chain

https://0.desirepurplestock.com/?auf=gu2tiyrxmy5diojygyxtqmbrgixtemrpge3dqnrzgizdqmzr&s=1&sub1=&sub2=Marc&sub3=&sub4=&cpc=0&cpm=0
https://tqnqt.rigelbetelgeuse.top/?pl=jPYNfiJs70uLjptRAgGw_A
https://tqnqt.tunnelbuilder.top/eyes-robot/?pl=jPYNfiJs70uLjptRAgGw_A&sm=eyes-robot&hash=N165D5UIIXFYHO0dXIqfqw&exp=1686923132

1 KB
932 B

209ms
185ms

Document
text/html

172.67.206.228
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tqnqt.tunnelbuilder.top/eyes-robot/?pl=jPYNfiJs70uLjptRAgGw_A&sm=eyes-robot&hash=N165D5UIIXFYHO0dXIqfqw&exp=1686923132
Requested by: Host: morgenhealthcare.in
URL: https://morgenhealthcare.in/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.206.228 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 049335476932d7ea96625777f9878ea9e84dde6fb33dea9b0d5a6018665371df

Request headers

Referer: https://0.desirepurplestock.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: zh-SG,zh;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7d83771a7aca4d51-SIN
content-encoding: br
content-type: text/html
date: Fri, 16 Jun 2023 13:40:33 GMT
last-modified: Mon, 01 May 2023 15:50:37 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HzaGTfLmmD7%2BDJyx8QL7x5KLCRH7h9637zEdKRloDGjU8vT2uOCmAm55Fi1r0UsFD%2FDztjCP%2Fu9vDB0gh2K%2FoitR%2FFtqJpDRHmf%2BtZqvXwyZZMljKyCNGHgeNgvQE6%2B3v50RKsmXTrMELA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare

Redirect headers

alt-svc: h3=":443"; ma=86400
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7d8377183f8b3dce-SIN
content-length: 0
date: Fri, 16 Jun 2023 13:40:33 GMT
location: https://tqnqt.tunnelbuilder.top/eyes-robot/?pl=jPYNfiJs70uLjptRAgGw_A&sm=eyes-robot&hash=N165D5UIIXFYHO0dXIqfqw&exp=1686923132
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3pSk8PcVfcVFxLYq0D8pp9ILjsOViCbtQ60jRrPkz34dziUyCtlxJLiM4Gep15jtenSFfqdbpRRxCQx580UZNOoWPCM%2BzozTMTF4NlZ1L24Tk3NgZMeFsEBK1nURFQcg%2FENd6I2mX9dW3ZB4"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H2 200 trls.js Show response
tqnqt.tunnelbuilder.top/eyes-robot/assets/ 11 KB
2 KB 12ms
10ms Script
application/javascript 172.67.206.228
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tqnqt.tunnelbuilder.top/eyes-robot/assets/trls.js
Requested by: Host: tqnqt.tunnelbuilder.top
URL: https://tqnqt.tunnelbuilder.top/eyes-robot/?pl=jPYNfiJs70uLjptRAgGw_A&sm=eyes-robot&hash=N165D5UIIXFYHO0dXIqfqw&exp=1686923132
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.206.228 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2fb2aad4f3b3426df4bb5633b627f529940bd06d0690f6b11cfcf42f0fea3e4b

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://tqnqt.tunnelbuilder.top/eyes-robot/?pl=jPYNfiJs70uLjptRAgGw_A&sm=eyes-robot&hash=N165D5UIIXFYHO0dXIqfqw&exp=1686923132
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 13:40:33 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 4935
etag: W/"643e420e-2af6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RaaEJ0oZnFjq4HG04eSeZOkG%2F5zjnyOfOWh5WQdW%2FH9sOxVoV3PkC%2FLvCLsfbrc7KWg9kMnLaQdg32%2F94gredMCANsEb%2By3SPXtZ5FAwcUM1mGqCIN%2BVRROSAansdqfjzNsmy5JYBBbp9A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 7d83771bac524d51-SIN
alt-svc: h3=":443"; ma=86400

GET
H2 200 style.css
tqnqt.tunnelbuilder.top/eyes-robot/assets/ 3 KB
1 KB 13ms
12ms Stylesheet
text/css 172.67.206.228
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tqnqt.tunnelbuilder.top/eyes-robot/assets/style.css
Requested by: Host: tqnqt.tunnelbuilder.top
URL: https://tqnqt.tunnelbuilder.top/eyes-robot/?pl=jPYNfiJs70uLjptRAgGw_A&sm=eyes-robot&hash=N165D5UIIXFYHO0dXIqfqw&exp=1686923132
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.206.228 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 29ee31143c5bd03b7dcaf2e40476e50c4ed26d32a725525a4f3dced678c90896

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://tqnqt.tunnelbuilder.top/eyes-robot/?pl=jPYNfiJs70uLjptRAgGw_A&sm=eyes-robot&hash=N165D5UIIXFYHO0dXIqfqw&exp=1686923132
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 13:40:33 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 5362
etag: W/"643e420e-cf6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JlRxXtCsGVICL21fMQ1h7YlDuBd9m09dUYUm%2F%2FM7YMZO%2BqZyF97fAldRi%2BtHKUX062OlDZmj4hHMfoLwL0aGDEl2pUovpISHwlbu3hvfdPahDrXIU0IzveFlDghqtGrNfYp5N5uowYetwQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 7d83771bbc534d51-SIN
alt-svc: h3=":443"; ma=86400

GET
H3 200 1.png
tqnqt.tunnelbuilder.top/eyes-robot/assets/ 10 KB
11 KB 18ms
17ms Image
image/png 172.67.206.228
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tqnqt.tunnelbuilder.top/eyes-robot/assets/1.png
Requested by: Host: tqnqt.tunnelbuilder.top
URL: https://tqnqt.tunnelbuilder.top/eyes-robot/?pl=jPYNfiJs70uLjptRAgGw_A&sm=eyes-robot&hash=N165D5UIIXFYHO0dXIqfqw&exp=1686923132
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.206.228 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 967b8859fedb2c63afc8ae6ae2839fdd40f0e26af85adc6605a629f3c0ed0837

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://tqnqt.tunnelbuilder.top/eyes-robot/?pl=jPYNfiJs70uLjptRAgGw_A&sm=eyes-robot&hash=N165D5UIIXFYHO0dXIqfqw&exp=1686923132
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 13:40:33 GMT
cf-cache-status: HIT
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 5193
etag: "643e420e-295f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k%2BvpS7lKZs68Ge8GmFQBJ2apJw6NJWUBWSV7ktNjSi14%2BPTGiA9GILRMx7W5lJJNJf4R%2BMShgcd1l1vDjli3RmGPoblWMXS%2BcxbZXAbBhGikVrN5MQjUwcT8JSFANfOmqHNqdZHCbW05Zw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7d83771bc86a40cc-SIN
alt-svc: h3=":443"; ma=86400
content-length: 10591

GET
H3 200 2.png
tqnqt.tunnelbuilder.top/eyes-robot/assets/ 1 KB
2 KB 15ms
14ms Image
image/png 172.67.206.228
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tqnqt.tunnelbuilder.top/eyes-robot/assets/2.png
Requested by: Host: tqnqt.tunnelbuilder.top
URL: https://tqnqt.tunnelbuilder.top/eyes-robot/?pl=jPYNfiJs70uLjptRAgGw_A&sm=eyes-robot&hash=N165D5UIIXFYHO0dXIqfqw&exp=1686923132
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.206.228 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 09d12e3c0e65fda26b9073e70e02fb24fa6941a4a3b1b81211b6470f00769ea5

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://tqnqt.tunnelbuilder.top/eyes-robot/?pl=jPYNfiJs70uLjptRAgGw_A&sm=eyes-robot&hash=N165D5UIIXFYHO0dXIqfqw&exp=1686923132
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 13:40:33 GMT
cf-cache-status: HIT
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 4090
etag: "643e420e-425"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ASw4a9905sZXZHTYwVRVEUu306jJA0acgTowyYyrQ0wILmPWiBsUgrJAl7oNBejFydB%2FMwtFHK9JlnMwKWid7rohUh4Uc8ncJ4WMVPZjIJ9L1GhB%2BQIQHuFUi8DgLEZ98exrfOIxs4KDeQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7d83771bc86e40cc-SIN
alt-svc: h3=":443"; ma=86400
content-length: 1061

GET
H2 200 pl.js Show response
js.streampsh.top/ps/ 3 KB
2 KB 205ms
183ms Script
application/javascript 104.21.81.244

General

Check archive.org

Show headers Download Go to

Full URL: https://js.streampsh.top/ps/pl.js?edg=true&fullscreen=true
Requested by: Host: tqnqt.tunnelbuilder.top
URL: https://tqnqt.tunnelbuilder.top/eyes-robot/?pl=jPYNfiJs70uLjptRAgGw_A&sm=eyes-robot&hash=N165D5UIIXFYHO0dXIqfqw&exp=1686923132
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.81.244 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: daa69a5e86f32de4ab6cdac3ee241b8a3b7a30d60ecb335bfc20236fb675cbdb

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://tqnqt.tunnelbuilder.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 13:40:33 GMT
content-encoding: br
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wv%2BfyXMWzxu6U21oM9BAdzVf%2Fa5YHItptExBa3bSKum6v7GjF6H01TiO9qH1gjH881YO6rFxyuNAanXPmQu3%2BHoc2EP5E2qQO74wF%2BaOnCicKMdqk6c9sF81%2FE0iMmcG5eI%2F"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-ray: 7d83771bef6f4715-SIN
alt-svc: h3=":443"; ma=86400

GET script.js
js2json.com/ 0
0

GET
H3 200 image.png
tqnqt.tunnelbuilder.top/eyes-robot/assets/ 11 KB
11 KB 12ms
11ms Image
image/png 172.67.206.228
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tqnqt.tunnelbuilder.top/eyes-robot/assets/image.png
Requested by: Host: tqnqt.tunnelbuilder.top
URL: https://tqnqt.tunnelbuilder.top/eyes-robot/assets/style.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.206.228 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f0434a1fc8ffba3a47bbb9f1fa5a2f789651a020e7b86e507ff300b7c367057f

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://tqnqt.tunnelbuilder.top/eyes-robot/assets/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 13:40:33 GMT
cf-cache-status: HIT
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 5260
etag: "643e420e-2b23"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DbcjWXv92QUA%2FQO67i0kaiQDry1X1Vzd2MrGomubjKbggiz7uxQEMBAZINWjz%2FKFAUwnj4nXPSr%2BL7FwU3PITTnHkM1SCxDRn4iAliXTWF77p6lPop1q8JZmx7IeyWCeW9IWq5gYNbCgmQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7d83771bc87d40cc-SIN
alt-svc: h3=":443"; ma=86400
content-length: 11043

GET
H2 200 ps.js Show response
js.streampsh.top/ps/ 23 KB
9 KB 326ms
325ms Script
application/javascript 104.21.81.244

General

Check archive.org

Show headers Download Go to

Full URL: https://js.streampsh.top/ps/ps.js?edg=true&fullscreen=true&pl=true&id=jPYNfiJs70uLjptRAgGw_A&sm=eyes-robot&click_id=&sub_id=&appspot=
Requested by: Host: js.streampsh.top
URL: https://js.streampsh.top/ps/pl.js?edg=true&fullscreen=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.81.244 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 66d91f095e1fd85b15a44fc558a94b6724991cd84bdd93916559f2439507e749

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://tqnqt.tunnelbuilder.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 13:40:33 GMT
content-encoding: br
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZEzM46dMz6TEhlZp%2BqOzHNcaM7dQ0KGDrqmso8p21jYFKiixHQxNLwQD7ul4mTZtsBGtr3DzvP5ogw2jQ6ONIgDYZ8%2Bjl%2FeqymVuXCg87%2Fmy8hmpib8LnoM3yjoxGWnpz5yq"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-ray: 7d83771d18ce4715-SIN
alt-svc: h3=":443"; ma=86400

GET
H2 200 config.js Show response
feed.streampsh.top/ps/ 364 B
596 B 193ms
181ms Script
application/javascript 104.21.81.244

General

Check archive.org

Show headers Download Go to

Full URL: https://feed.streampsh.top/ps/config.js?id=jPYNfiJs70uLjptRAgGw_A
Requested by: Host: js.streampsh.top
URL: https://js.streampsh.top/ps/ps.js?edg=true&fullscreen=true&pl=true&id=jPYNfiJs70uLjptRAgGw_A&sm=eyes-robot&click_id=&sub_id=&appspot=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.81.244 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: bc8f01c22a60dbb9098f8be9baa7e484bce7ec5335a6dcf02fee212202fb2045

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://tqnqt.tunnelbuilder.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 13:40:33 GMT
content-encoding: br
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UmkdwddGjXv6OmOq7wtJW%2Bf%2FXtEmfkwpFNLEJXU2b9k5OflfAIsw%2FNXMN4ajPQA7vt5a970%2BAGYHTiPp5%2BmX%2BYQnB7Uw8PqAXaj6m2gVp2NcxYWCW9YuBLo3cKKC%2Bb%2BzRo7bVP4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-ray: 7d83771f3b6b4715-SIN
alt-svc: h3=":443"; ma=86400

GET
H2 200 firebase-app.js Show response
www.gstatic.com/firebasejs/8.4.1/ 21 KB
7 KB 13ms
4ms Script
text/javascript 2404:6800:4003:c00::5e

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/firebasejs/8.4.1/firebase-app.js

Requested by

Host: js.streampsh.top
URL: https://js.streampsh.top/ps/ps.js?edg=true&fullscreen=true&pl=true&id=jPYNfiJs70uLjptRAgGw_A&sm=eyes-robot&click_id=&sub_id=&appspot=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c00::5e -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

d4d5669220045e130b79770e93dc7dca5fdfa00c9d7047639dbb15c4f28eb2e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://tqnqt.tunnelbuilder.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 23:46:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 222827
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6763
x-xss-protection: 0
last-modified: Tue, 13 Apr 2021 06:56:11 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
vary: Accept-Encoding
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 12 Jun 2024 23:46:46 GMT

GET
H2 200 firebase-messaging.js Show response
www.gstatic.com/firebasejs/8.4.1/ 40 KB
11 KB 5ms
4ms Script
text/javascript 2404:6800:4003:c00::5e

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js

Requested by

Host: js.streampsh.top
URL: https://js.streampsh.top/ps/ps.js?edg=true&fullscreen=true&pl=true&id=jPYNfiJs70uLjptRAgGw_A&sm=eyes-robot&click_id=&sub_id=&appspot=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4003:c00::5e -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

a8d6389e6811b9fea7ff683cb31a57a6e0b29781407d7f5d45994aae1b5725b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://tqnqt.tunnelbuilder.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Tue, 13 Jun 2023 23:52:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 222470
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10908
x-xss-protection: 0
last-modified: Tue, 13 Apr 2021 06:56:17 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
vary: Accept-Encoding
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 12 Jun 2024 23:52:43 GMT

GET
H3 200 Primary Request / Show response
tqnqt.tunnelbuilder.top/eyes-robot/ 1 KB
901 B 342ms
342ms Document
text/html 172.67.206.228
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tqnqt.tunnelbuilder.top/eyes-robot/?pl=jPYNfiJs70uLjptRAgGw_A&sm=eyes-robot&hash=N165D5UIIXFYHO0dXIqfqw&exp=1686923132
Requested by: Host: js.streampsh.top
URL: https://js.streampsh.top/ps/ps.js?edg=true&fullscreen=true&pl=true&id=jPYNfiJs70uLjptRAgGw_A&sm=eyes-robot&click_id=&sub_id=&appspot=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.206.228 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 049335476932d7ea96625777f9878ea9e84dde6fb33dea9b0d5a6018665371df

Request headers

Referer: https://tqnqt.tunnelbuilder.top/eyes-robot/?pl=jPYNfiJs70uLjptRAgGw_A&sm=eyes-robot&hash=N165D5UIIXFYHO0dXIqfqw&exp=1686923132
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36
accept-language: zh-SG,zh;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7d837720ae9d40cc-SIN
content-encoding: br
content-type: text/html
date: Fri, 16 Jun 2023 13:40:34 GMT
last-modified: Mon, 01 May 2023 15:50:37 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ha2nW7hhgVvl%2BP7dh2C0j2WsqZXWzPWNdRLiSkdT3XMWQgBTRKUx5Cm89kAFaCVcPL%2Bv8VPJM6EMsJazfOCgDsN9aWWnuqgLv%2BWOphioI9OyluV9q3B4ThE26bJEOZoI8%2Fh7QDLsmEoPPg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H3 200 trls.js Show response
tqnqt.tunnelbuilder.top/eyes-robot/assets/ 11 KB
2 KB 27ms
26ms Script
application/javascript 172.67.206.228
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tqnqt.tunnelbuilder.top/eyes-robot/assets/trls.js
Requested by: Host: tqnqt.tunnelbuilder.top
URL: https://tqnqt.tunnelbuilder.top/eyes-robot/?pl=jPYNfiJs70uLjptRAgGw_A&sm=eyes-robot&hash=N165D5UIIXFYHO0dXIqfqw&exp=1686923132
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.206.228 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2fb2aad4f3b3426df4bb5633b627f529940bd06d0690f6b11cfcf42f0fea3e4b

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://tqnqt.tunnelbuilder.top/eyes-robot/?pl=jPYNfiJs70uLjptRAgGw_A&sm=eyes-robot&hash=N165D5UIIXFYHO0dXIqfqw&exp=1686923132
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 13:40:34 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 5309
etag: W/"643e420e-2af6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xEjG132mkSyKYBdobnKbbEEV1OwNrl5KrHwdI9yTNam7AE%2Fe6VhIgC3vYBXdqduSd24Afk%2F1fp7SMTPZv8%2BzwqfMxu9YBQNqOML7Ga1aIlLOEMHt%2F1JKaWxezg6DUJiv9bjYtmaKsxDhWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 7d837722c9c840cc-SIN
alt-svc: h3=":443"; ma=86400

GET
H3 200 style.css
tqnqt.tunnelbuilder.top/eyes-robot/assets/ 3 KB
1 KB 11ms
11ms Stylesheet
text/css 172.67.206.228
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tqnqt.tunnelbuilder.top/eyes-robot/assets/style.css
Requested by: Host: tqnqt.tunnelbuilder.top
URL: https://tqnqt.tunnelbuilder.top/eyes-robot/?pl=jPYNfiJs70uLjptRAgGw_A&sm=eyes-robot&hash=N165D5UIIXFYHO0dXIqfqw&exp=1686923132
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.206.228 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 29ee31143c5bd03b7dcaf2e40476e50c4ed26d32a725525a4f3dced678c90896

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://tqnqt.tunnelbuilder.top/eyes-robot/?pl=jPYNfiJs70uLjptRAgGw_A&sm=eyes-robot&hash=N165D5UIIXFYHO0dXIqfqw&exp=1686923132
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 13:40:34 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 5310
etag: W/"643e420e-cf6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H7jItJL5CUqYoRtakFrC%2B9knG%2FWkH35zrQAalXnsQ3pnNKzGBcoEsQTxz%2BcfT0jDtvlBVSx2VwKOpU3naKZ5XbHtmPzbG6yR0Mthj6E3Xi2LfkgtLyVtkKMRhJ%2Bs0gE%2BBgQqIHasBqiSjg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 7d837722c9ca40cc-SIN
alt-svc: h3=":443"; ma=86400

GET
H3 200 1.png
tqnqt.tunnelbuilder.top/eyes-robot/assets/ 10 KB
11 KB 13ms
13ms Image
image/png 172.67.206.228
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tqnqt.tunnelbuilder.top/eyes-robot/assets/1.png
Requested by: Host: tqnqt.tunnelbuilder.top
URL: https://tqnqt.tunnelbuilder.top/eyes-robot/?pl=jPYNfiJs70uLjptRAgGw_A&sm=eyes-robot&hash=N165D5UIIXFYHO0dXIqfqw&exp=1686923132
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.206.228 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 967b8859fedb2c63afc8ae6ae2839fdd40f0e26af85adc6605a629f3c0ed0837

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://tqnqt.tunnelbuilder.top/eyes-robot/?pl=jPYNfiJs70uLjptRAgGw_A&sm=eyes-robot&hash=N165D5UIIXFYHO0dXIqfqw&exp=1686923132
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 13:40:34 GMT
cf-cache-status: HIT
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 5194
etag: "643e420e-295f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P0q7ioBOutCM80u%2F8BC5umG4kJyzu4VSmUaC4ctqN%2Fh9KjX8k8GonQyxnDThGsBWbNP8nv4ku9Ek66W1PggaQyibnm4k8KFhsBhp1BLrOxhNad0FnWfMXeid4HDvseTbjGtAeNQ1ddbo3A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7d837722f9f940cc-SIN
alt-svc: h3=":443"; ma=86400
content-length: 10591

GET
H3 200 2.png
tqnqt.tunnelbuilder.top/eyes-robot/assets/ 1 KB
1 KB 11ms
10ms Image
image/png 172.67.206.228
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tqnqt.tunnelbuilder.top/eyes-robot/assets/2.png
Requested by: Host: tqnqt.tunnelbuilder.top
URL: https://tqnqt.tunnelbuilder.top/eyes-robot/?pl=jPYNfiJs70uLjptRAgGw_A&sm=eyes-robot&hash=N165D5UIIXFYHO0dXIqfqw&exp=1686923132
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.206.228 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 09d12e3c0e65fda26b9073e70e02fb24fa6941a4a3b1b81211b6470f00769ea5

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://tqnqt.tunnelbuilder.top/eyes-robot/?pl=jPYNfiJs70uLjptRAgGw_A&sm=eyes-robot&hash=N165D5UIIXFYHO0dXIqfqw&exp=1686923132
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 13:40:34 GMT
cf-cache-status: HIT
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 4091
etag: "643e420e-425"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rnUnZIuSRRBRUunrq43mH1LYhGla%2FClnhgCRFCdIX9Yz5hc08F%2FeFwERHMpAD%2FF1%2BvlSS%2BalxIVktX6rWTIhKjAc9LHQmTF7xzO034TGtsBZZDb82Pae4DWSFiefVOmkpAmuDpKl4uDRAg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7d837722f9fa40cc-SIN
alt-svc: h3=":443"; ma=86400
content-length: 1061

GET
H3 200 pl.js Show response
js.streampsh.top/ps/ 3 KB
2 KB 196ms
196ms Script
application/javascript 104.21.81.244

General

Check archive.org

Show headers Download Go to

Full URL: https://js.streampsh.top/ps/pl.js?edg=true&fullscreen=true
Requested by: Host: tqnqt.tunnelbuilder.top
URL: https://tqnqt.tunnelbuilder.top/eyes-robot/?pl=jPYNfiJs70uLjptRAgGw_A&sm=eyes-robot&hash=N165D5UIIXFYHO0dXIqfqw&exp=1686923132
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.81.244 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: daa69a5e86f32de4ab6cdac3ee241b8a3b7a30d60ecb335bfc20236fb675cbdb

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://tqnqt.tunnelbuilder.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 13:40:34 GMT
content-encoding: br
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AynA3PX24Hpeedvyzzg4OB4k9UE9pITeNR3LJc4oTU8a6MdatPXeeYsVGGbPTXryZaMHNvPWfdNofPfcQEa9N1OZSNnziCn6tGj7wJca4MAosLWOmCD4KGvxKYOtT%2FPoN9v1"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-ray: 7d837722ec71448a-SIN
alt-svc: h3=":443"; ma=86400

GET script.js
js2json.com/ 0
0

GET
H3 200 image.png
tqnqt.tunnelbuilder.top/eyes-robot/assets/ 11 KB
11 KB 16ms
16ms Image
image/png 172.67.206.228
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tqnqt.tunnelbuilder.top/eyes-robot/assets/image.png
Requested by: Host: tqnqt.tunnelbuilder.top
URL: https://tqnqt.tunnelbuilder.top/eyes-robot/assets/style.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.206.228 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f0434a1fc8ffba3a47bbb9f1fa5a2f789651a020e7b86e507ff300b7c367057f

Request headers

accept-language: zh-SG,zh;q=0.9
Referer: https://tqnqt.tunnelbuilder.top/eyes-robot/assets/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.133 Safari/537.36

Response headers

date: Fri, 16 Jun 2023 13:40:34 GMT
cf-cache-status: HIT
last-modified: Tue, 18 Apr 2023 07:09:02 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 5261
etag: "643e420e-2b23"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xkWGT1OAb4%2BQvNqDCrS8tEHPrZvw7JJkGvlSz0dKj27OPdARTjTWWVA7IocKCAdPpdzBDrE7DQxGyTEnlZKjvFp5hdxp2MxebpCoRRHHj1QrNEI4UPvPHcLpoKfWWDswdv5jeagzlDAS9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7d837722f9fc40cc-SIN
alt-svc: h3=":443"; ma=86400
content-length: 11043

GET ps.js
js.streampsh.top/ps/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: fire.descriptionscripts.com
URL: https://fire.descriptionscripts.com/get.php?wid=215315&sid=32463463&gid=24563463

Domain: desirepurplestock.com
URL: https://desirepurplestock.com/?p=ha4tcolcmu5gi3bphaydcmq&sub2=Marc

Domain: desirepurplestock.com
URL: https://desirepurplestock.com/?p=ha4tcolcmu5gi3bphaydcmq&sub2=Marc

Domain: desirepurplestock.com
URL: https://desirepurplestock.com/?p=ha4tcolcmu5gi3bphaydcmq&sub2=Marc

Domain: js2json.com
URL: https://js2json.com/script.js

Domain: js2json.com
URL: https://js2json.com/script.js

Domain: js.streampsh.top
URL: https://js.streampsh.top/ps/ps.js?edg=true&fullscreen=true&pl=true&id=jPYNfiJs70uLjptRAgGw_A&sm=eyes-robot&click_id=&sub_id=&appspot=

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
morgenhealthcare.in/	1970-01-20 12:35:51	Name: wpcurrentimes Value: 1
.desirepurplestock.com/	1970-01-20 13:18:34	Name: uuid Value: 8e20bda4-7332-468e-abe0-2d0664758a09
.0.desirepurplestock.com/	1970-01-20 13:18:34	Name: uuid Value: 8e20bda4-7332-468e-abe0-2d0664758a09
0.desirepurplestock.com/	1970-01-20 13:18:34	Name: uuid Value: 8e20bda4-7332-468e-abe0-2d0664758a09
.0.desirepurplestock.com/	1970-01-20 12:36:49	Name: ccid Value: %5B170878%5D
tqnqt.rigelbetelgeuse.top/	1970-01-20 12:41:08	Name: jPYNfiJs70uLjptRAgGw_A Value: 5
tqnqt.rigelbetelgeuse.top/	1970-01-20 22:11:22	Name: __pl Value: ed7e5b98-11f5-43f3-9260-22aeb939efed
tqnqt.rigelbetelgeuse.top/	1970-01-20 12:35:26	Name: __cap Value: 1

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://morgenhealthcare.in/ Message: Failed to load resource: the server responded with a status of 500 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0.desirepurplestock.com
block.descriptionscripts.com
click.clickandanalytics.com
desirepurplestock.com
feed.streampsh.top
fire.descriptionscripts.com
js.streampsh.top
js2json.com
morgenhealthcare.in
tqnqt.rigelbetelgeuse.top
tqnqt.tunnelbuilder.top
www.gstatic.com
desirepurplestock.com
fire.descriptionscripts.com
js.streampsh.top
js2json.com
104.21.22.161
104.21.81.244
134.209.192.77
172.67.206.228
184.168.102.96
2.59.222.113
2404:6800:4003:c00::5e
91.238.104.193
049335476932d7ea96625777f9878ea9e84dde6fb33dea9b0d5a6018665371df
09d12e3c0e65fda26b9073e70e02fb24fa6941a4a3b1b81211b6470f00769ea5
29ee31143c5bd03b7dcaf2e40476e50c4ed26d32a725525a4f3dced678c90896
2fb2aad4f3b3426df4bb5633b627f529940bd06d0690f6b11cfcf42f0fea3e4b
427bb9a7938a54dce4ce088f2650e3eea2ed7ceb3cbe104077cd3b805a1fdede
66d91f095e1fd85b15a44fc558a94b6724991cd84bdd93916559f2439507e749
73a3195d9570ffc6ab9d2488eb93144017f76a0c6e8d5afd66f16035a068db47
967b8859fedb2c63afc8ae6ae2839fdd40f0e26af85adc6605a629f3c0ed0837
a8d6389e6811b9fea7ff683cb31a57a6e0b29781407d7f5d45994aae1b5725b7
b4cb0c800de0c660d67e71b3d147e83e34afad9309edc301c117dc31d8c61b18
bc8f01c22a60dbb9098f8be9baa7e484bce7ec5335a6dcf02fee212202fb2045
cda1099db3e2407595dbad40b613a47fd83e4a062083571ec01fcc7e46e95bba
d4d5669220045e130b79770e93dc7dca5fdfa00c9d7047639dbb15c4f28eb2e2
daa69a5e86f32de4ab6cdac3ee241b8a3b7a30d60ecb335bfc20236fb675cbdb
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7f8e9e23de3bf35ca42daeee138fa45f8db92edf2dfaed33277c28570a56328
f0434a1fc8ffba3a47bbb9f1fa5a2f789651a020e7b86e507ff300b7c367057f

tqnqt.tunnelbuilder.top Open in urlscan Pro 172.67.206.228 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

32 Requests

78 %HTTPS

13 %IPv6

9 Domains

12 Subdomains

8 IPs

5 Countries

127 kBTransfer

210 kBSize

8 Cookies

0 Outgoing links

Page URL History

Redirected requests

32 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

8 Cookies

tqnqt.tunnelbuilder.top Open in urlscan Pro
172.67.206.228 Public Scan

Screenshot
Live screenshot

Full Image

32
Requests

78 %
HTTPS

13 %
IPv6

9
Domains

12
Subdomains

8
IPs

5
Countries

127 kB
Transfer

210 kB
Size

8
Cookies

32 HTTP transactions
0 data transactions