rtudd.cat Open in urlscan Pro
35.208.201.23 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://avcoglobal.com/dursim29819
Effective URL:
https://rtudd.cat/oozox/app/signin
Submission: On July 08 via manual (July 8th 2021, 3:32:57 pm UTC) from US

Summary HTTP 23 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 3 countries across 8 domains to perform 23 HTTP transactions. The main IP is 35.208.201.23, located in Council Bluffs, United States and belongs to GOOGLE-2, US. The main domain is rtudd.cat.
TLS certificate: Issued by R3 on June 3rd 2021. Valid for: 3 months.

This is the only time rtudd.cat was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

	IP Address	AS Autonomous System
1 1	45.64.104.223 45.64.104.223	132335 (NETWORK-L...) (NETWORK-LEAPSWITCH-IN LeapSwitch Networks Pvt Ltd)
2 8	35.208.201.23 35.208.201.23	19527 (GOOGLE-2) (GOOGLE-2)
1	2606:4700:303... 2606:4700:3030::6815:5ce5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2.16.186.211 2.16.186.211	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 6	104.126.37.25 104.126.37.25	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
23	6

1 45.64.104.223 (Pune, India) 1 redirects

ASN132335 (NETWORK-LEAPSWITCH-IN LeapSwitch Networks Pvt Ltd, IN)

avcoglobal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 35.208.201.23 (Council Bluffs, United States) 2 redirects

ASN19527 (GOOGLE-2, US)
PTR: 23.201.208.35.bc.googleusercontent.com

rtudd.cat	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3030::6815:5ce5 (United States)

ASN13335 (CLOUDFLARENET, US)

js-codes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2.16.186.211 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-186-211.deploy.static.akamaitechnologies.com

cdn.livechatinc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.livechat-files.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.livechat-static.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.126.37.25 (Frankfurt am Main, Germany) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-126-37-25.deploy.static.akamaitechnologies.com

api.livechatinc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure.livechatinc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
accounts.livechatinc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	livechatinc.com 1 redirects cdn.livechatinc.com api.livechatinc.com secure.livechatinc.com accounts.livechatinc.com	275 KB
8	rtudd.cat 2 redirects rtudd.cat	129 KB
2	gstatic.com fonts.gstatic.com	32 KB
1	livechat-static.com cdn.livechat-static.com	365 KB
1	livechat-files.com cdn.livechat-files.com	5 KB
1	googleapis.com fonts.googleapis.com	807 B
1	js-codes.com js-codes.com	2 KB
1	avcoglobal.com 1 redirects avcoglobal.com	230 B
23	8

	Domain	Requested by
8	rtudd.cat	2 redirects rtudd.cat
6	cdn.livechatinc.com	rtudd.cat secure.livechatinc.com
3	api.livechatinc.com	cdn.livechatinc.com
2	accounts.livechatinc.com	1 redirects cdn.livechatinc.com
2	fonts.gstatic.com	fonts.googleapis.com
1	cdn.livechat-static.com
1	cdn.livechat-files.com
1	fonts.googleapis.com	secure.livechatinc.com
1	secure.livechatinc.com	cdn.livechatinc.com
1	js-codes.com	rtudd.cat
1	avcoglobal.com	1 redirects
23	11

This site contains no links.

Subject Issuer	Validity	Valid
rtudd.cat R3	`2021-06-03` - `2021-09-01`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-03` - `2022-07-02`	a year	crt.sh
livechat.com DigiCert SHA2 Secure Server CA	`2021-04-20` - `2022-04-25`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2021-06-22` - `2021-09-14`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-06-22` - `2021-09-14`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://rtudd.cat/oozox/app/signin
Frame ID: D13D3F72ACC430EA1904CF6025DE3219
Requests: 12 HTTP requests in this frame

Frame: https://secure.livechatinc.com/customer/action/open_chat?license_id=12947988&group=0&embedded=1&widget_version=3&unique_groups=0
Frame ID: A79064FED83B8E8560FC49AAC760210B
Requests: 10 HTTP requests in this frame

Frame: https://accounts.livechatinc.com/static/postmessage.html
Frame ID: 9B54F2AFFB3F5C306CCBC4CF767C7219
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://avcoglobal.com/dursim29819 HTTP 301
https://rtudd.cat/oozox/app/signin HTTP 302
https://rtudd.cat/oozox/app/index.php HTTP 302
https://rtudd.cat/oozox/app/signin Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

LiveChat (Live Chat) Expand

Overall confidence: 100%
Detected patterns

script /cdn\.livechatinc\.com\/.*tracking\.js/i

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /([\d.]+)?\/modernizr(?:.([\d.]+))?.*\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

23
Requests

100 %
HTTPS

43 %
IPv6

8
Domains

11
Subdomains

6
IPs

3
Countries

807 kB
Transfer

1549 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://avcoglobal.com/dursim29819 HTTP 301
https://rtudd.cat/oozox/app/signin HTTP 302
https://rtudd.cat/oozox/app/index.php HTTP 302
https://rtudd.cat/oozox/app/signin Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 17

https://accounts.livechatinc.com/customer?license_id=12947988&flow=button&response_type=token&client_id=c5e4f61e1a6c3b1521b541bc5c5a2ac5&redirect_uri=https%3A%2F%2Fsecure.livechatinc.com%2Fcustomer%2Faction%2Fopen_chat&post_message_uri=https%3A%2F%2Fsecure.livechatinc.com%2Fcustomer%2Faction%2Fopen_chat&state=%40livechat%2Fcustomer-auth HTTP 302
https://accounts.livechatinc.com/static/postmessage.html

23 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request signin Show response
rtudd.cat/oozox/app/
Redirect Chain

https://avcoglobal.com/dursim29819
https://rtudd.cat/oozox/app/signin
https://rtudd.cat/oozox/app/index.php
https://rtudd.cat/oozox/app/signin

7 KB
2 KB

138ms
138ms

Document
text/html

35.208.201.23
GOOGLE-2

General

Check archive.org

Show headers Download Go to

Full URL: https://rtudd.cat/oozox/app/signin
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.208.201.23 Council Bluffs, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 23.201.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 9256b01fb7d319df98ec487452eb1b475a327c483e83efc35207a8a3797ec979

Request headers

:method: GET
:authority: rtudd.cat
:scheme: https
:path: /oozox/app/signin
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: PHPSESSID=6dd832f110ba34c30f832c6fcc36b4d3
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

server: nginx
date: Thu, 08 Jul 2021 15:32:38 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-httpd-modphp: 1
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-proxy-cache: MISS
x-proxy-cache-info: 0 NC:000000 UP:SKIP_CACHE_NO_CACHE
content-encoding: br

Redirect headers

server: nginx
date: Thu, 08 Jul 2021 15:32:38 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: signin
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-httpd-modphp: 1
host-header: 6b7412fb82ca5edfd0917e3957f05d89
x-proxy-cache: MISS
x-proxy-cache-info: 0 NC:000000 UP:SKIP_CACHE_NO_CACHE

GET
H2 200 signin.css
rtudd.cat/oozox/app/lib/styles/ 11 KB
3 KB 136ms
135ms Stylesheet
text/css 35.208.201.23
GOOGLE-2

General

Check archive.org

Show headers Download Go to

Full URL: https://rtudd.cat/oozox/app/lib/styles/signin.css
Requested by: Host: rtudd.cat
URL: https://rtudd.cat/oozox/app/signin
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.208.201.23 Council Bluffs, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 23.201.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: b23c0b83a601504ebc54a84623a2ae2b7cdf7208892499597401af735b35a832

Request headers

:path: /oozox/app/lib/styles/signin.css
pragma: no-cache
cookie: PHPSESSID=6dd832f110ba34c30f832c6fcc36b4d3
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: rtudd.cat
referer: https://rtudd.cat/oozox/app/signin
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://rtudd.cat/oozox/app/signin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Jul 2021 15:32:38 GMT
content-encoding: br
last-modified: Wed, 07 Jul 2021 18:14:27 GMT
server: nginx
etag: W/"60e5ef03-2c60"
vary: Accept-Encoding
x-proxy-cache-info: DT:1
content-type: text/css
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
expires: Fri, 08 Jul 2022 15:32:38 GMT

GET
H2 200 jquery-3.3.1.min.js Show response
rtudd.cat/oozox/app/lib/js/ 85 KB
29 KB 251ms
250ms Script
application/javascript 35.208.201.23
GOOGLE-2

General

Check archive.org

Show headers Download Go to

Full URL: https://rtudd.cat/oozox/app/lib/js/jquery-3.3.1.min.js
Requested by: Host: rtudd.cat
URL: https://rtudd.cat/oozox/app/signin
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.208.201.23 Council Bluffs, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 23.201.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Request headers

:path: /oozox/app/lib/js/jquery-3.3.1.min.js
pragma: no-cache
cookie: PHPSESSID=6dd832f110ba34c30f832c6fcc36b4d3
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: rtudd.cat
referer: https://rtudd.cat/oozox/app/signin
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://rtudd.cat/oozox/app/signin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Jul 2021 15:32:39 GMT
content-encoding: br
last-modified: Wed, 07 Jul 2021 18:14:27 GMT
server: nginx
etag: W/"60e5ef03-1538f"
vary: Accept-Encoding
x-proxy-cache-info: DT:1
content-type: application/javascript
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
expires: Fri, 08 Jul 2022 15:32:39 GMT

GET
H2 200 modernizr.min.js Show response
js-codes.com/modernizr/2.9.0/ 4 KB
2 KB 90ms
50ms Script
application/javascript 2606:4700:3030::6815:5ce5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js-codes.com/modernizr/2.9.0/modernizr.min.js
Requested by: Host: rtudd.cat
URL: https://rtudd.cat/oozox/app/signin
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::6815:5ce5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express, Phusion Passenger 5.3.7
Resource Hash: a6c3bff965978df8093c3a29f7071c21d7439a212af41e7b40ce70d94d6bcc44

Request headers

Referer: https://rtudd.cat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Jul 2021 15:32:39 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 6603097
x-powered-by: Express, Phusion Passenger 5.3.7
status: 200 OK
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Wed, 11 Oct 2017 07:04:24 GMT
server: cloudflare
etag: W/"edf-15f0a3fa4c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=93czpwjnTZ1svQt5lI6zPAUc6WzbLSc8D3dSqyN8WMkXORPFOKsPtImBn3txt35p1U5sZA8rM0FQB10jLTIB1URdRKoG1bwRtDeHL9eQXczihgNOzwMNDDbA6VHR5o3m17PIFTaf"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000
cf-ray: 66ba5dcf9e7e16ea-FRA
expires: Sat, 23 Apr 2022 05:21:02 GMT

GET
H2 200 tracking.js Show response
cdn.livechatinc.com/ 85 KB
25 KB 96ms
27ms Script
application/javascript 2.16.186.211
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.livechatinc.com/tracking.js
Requested by: Host: rtudd.cat
URL: https://rtudd.cat/oozox/app/signin
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.186.211 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-211.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 299f002a908a15968be878534247c58b43b6204eb9b9100b91225b54986fe40c

Request headers

Referer: https://rtudd.cat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: fE4ohRJ77QxBfFJFKX63yac_ASwLiHaf
content-encoding: br
last-modified: Fri, 02 Jul 2021 07:12:16 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
etag: W/"dcdb94139b10be92dbb9b5fe82ac82d9"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=28800
date: Thu, 08 Jul 2021 15:32:39 GMT
content-length: 24756
x-amz-cf-id: rL7kErUlgGcrYO8SI3b0kW3xvQppbo3PETl1HoGcIAtnQnJ-PmeJlg==
expires: Thu, 08 Jul 2021 23:32:39 GMT

GET
H2 200 logo_official.svg
rtudd.cat/oozox/app/lib/pics/ 5 KB
2 KB 141ms
135ms Image
image/svg+xml 35.208.201.23
GOOGLE-2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtudd.cat/oozox/app/lib/pics/logo_official.svg
Requested by: Host: rtudd.cat
URL: https://rtudd.cat/oozox/app/lib/styles/signin.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.208.201.23 Council Bluffs, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 23.201.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: b3cc50b9e94bbecaaeb1079b64b8ca50616d1732824964c1cc2c5422627a0ec5

Request headers

:path: /oozox/app/lib/pics/logo_official.svg
pragma: no-cache
cookie: PHPSESSID=6dd832f110ba34c30f832c6fcc36b4d3
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: rtudd.cat
referer: https://rtudd.cat/oozox/app/lib/styles/signin.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://rtudd.cat/oozox/app/lib/styles/signin.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Jul 2021 15:32:39 GMT
content-encoding: br
last-modified: Wed, 07 Jul 2021 18:14:27 GMT
server: nginx
etag: W/"60e5ef03-1351"
vary: Accept-Encoding
x-proxy-cache-info: DT:1
content-type: image/svg+xml
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
expires: Fri, 08 Jul 2022 15:32:39 GMT

GET
H2 200 p_small_regular.woff
rtudd.cat/oozox/app/lib/fonts/ 46 KB
46 KB 155ms
154ms Font
font/woff 35.208.201.23
GOOGLE-2

General

Check archive.org

Show headers Download Go to

Full URL: https://rtudd.cat/oozox/app/lib/fonts/p_small_regular.woff
Requested by: Host: rtudd.cat
URL: https://rtudd.cat/oozox/app/lib/styles/signin.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.208.201.23 Council Bluffs, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 23.201.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: ae79dcc3eb016922caa1d095cfd936446bc65a46bb3364b242dfc556f7e3c6a8

Request headers

sec-fetch-mode: cors
origin: https://rtudd.cat
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: font
cookie: PHPSESSID=6dd832f110ba34c30f832c6fcc36b4d3
:path: /oozox/app/lib/fonts/p_small_regular.woff
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: rtudd.cat
referer: https://rtudd.cat/oozox/app/lib/styles/signin.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://rtudd.cat
Referer: https://rtudd.cat/oozox/app/lib/styles/signin.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Jul 2021 15:32:39 GMT
last-modified: Wed, 07 Jul 2021 18:14:27 GMT
server: nginx
etag: "60e5ef03-b8eb"
x-proxy-cache-info: DT:1
content-type: font/woff
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
accept-ranges: bytes
content-length: 47339
expires: Fri, 08 Jul 2022 15:32:39 GMT

GET
H2 200 p_small_light.woff
rtudd.cat/oozox/app/lib/fonts/ 46 KB
46 KB 249ms
248ms Font
font/woff 35.208.201.23
GOOGLE-2

General

Check archive.org

Show headers Download Go to

Full URL: https://rtudd.cat/oozox/app/lib/fonts/p_small_light.woff
Requested by: Host: rtudd.cat
URL: https://rtudd.cat/oozox/app/lib/styles/signin.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.208.201.23 Council Bluffs, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 23.201.208.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 843e67ad522a908162007f4b7601819a5bbfef00e38ac7aec778766da8b7b2ab

Request headers

sec-fetch-mode: cors
origin: https://rtudd.cat
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: font
cookie: PHPSESSID=6dd832f110ba34c30f832c6fcc36b4d3
:path: /oozox/app/lib/fonts/p_small_light.woff
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: rtudd.cat
referer: https://rtudd.cat/oozox/app/lib/styles/signin.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://rtudd.cat
Referer: https://rtudd.cat/oozox/app/lib/styles/signin.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Jul 2021 15:32:39 GMT
last-modified: Wed, 07 Jul 2021 18:14:27 GMT
server: nginx
etag: "60e5ef03-b66f"
x-proxy-cache-info: DT:1
content-type: font/woff
cache-control: max-age=31536000
host-header: 8441280b0c35cbc1147f8ba998a563a7
accept-ranges: bytes
content-length: 46703
expires: Fri, 08 Jul 2022 15:32:39 GMT

GET
H2 200 get_dynamic_configuration Show response
api.livechatinc.com/v3.3/customer/action/ 257 B
442 B 242ms
171ms Script
application/javascript 104.126.37.25
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://api.livechatinc.com/v3.3/customer/action/get_dynamic_configuration?license_id=12947988&url=https%3A%2F%2Frtudd.cat%2Foozox%2Fapp%2Fsignin&channel_type=code&jsonp=__omkw8smvrhn

Requested by

Host: cdn.livechatinc.com
URL: https://cdn.livechatinc.com/tracking.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.126.37.25 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a104-126-37-25.deploy.static.akamaitechnologies.com

Software

Resource Hash

5c43c6926e1df5e73920d165449008fcb897ac1dea4a84f88935a51def79733d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://rtudd.cat/;
X-Frame-Options	allow-from https://rtudd.cat/

Request headers

Referer: https://rtudd.cat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: frame-ancestors https://rtudd.cat/;
x-frame-options: allow-from https://rtudd.cat/
date: Thu, 08 Jul 2021 15:32:39 GMT
content-length: 257
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8

GET
H2 200 get_configuration Show response
api.livechatinc.com/v3.3/customer/action/ 4 KB
1 KB 561ms
560ms Script
application/javascript 104.126.37.25
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://api.livechatinc.com/v3.3/customer/action/get_configuration?license_id=12947988&version=5.1.1.7.12.11.7.1.1.1.1.4&group_id=0&jsonp=__lc_static_config
Requested by: Host: cdn.livechatinc.com
URL: https://cdn.livechatinc.com/tracking.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.37.25 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-37-25.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 9e2b0f9853ce86860c896dfdcf62730062d8adaea111f4e04843beda3e97d2fc

Request headers

Referer: https://rtudd.cat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Jul 2021 15:32:40 GMT
content-encoding: gzip
cache-control: public, max-age=600
content-type: application/javascript; charset=UTF-8
content-length: 1191
vary: Accept-Encoding
expires: Thu, 08 Jul 2021 15:42:40 GMT

GET
H2 200 open_chat Show response
secure.livechatinc.com/customer/action/ Frame A790 4 KB
2 KB 167ms
164ms Document
text/html 104.126.37.25
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.livechatinc.com/customer/action/open_chat?license_id=12947988&group=0&embedded=1&widget_version=3&unique_groups=0
Requested by: Host: cdn.livechatinc.com
URL: https://cdn.livechatinc.com/tracking.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.37.25 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-37-25.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 8103c9c446021644e3ff3727e1990d58524c0ea403768ee35a1c36074745f375

Request headers

:method: GET
:authority: secure.livechatinc.com
:scheme: https
:path: /customer/action/open_chat?license_id=12947988&group=0&embedded=1&widget_version=3&unique_groups=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtudd.cat/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://rtudd.cat/

Response headers

content-encoding: gzip
content-type: text/html; charset=utf-8
vary: Accept-Encoding
content-length: 2008
expires: Thu, 08 Jul 2021 15:32:40 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Thu, 08 Jul 2021 15:32:40 GMT

GET
H2 200 get_localization Show response
api.livechatinc.com/v3.3/customer/action/ 10 KB
4 KB 163ms
163ms Script
application/javascript 104.126.37.25
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://api.livechatinc.com/v3.3/customer/action/get_localization?license_id=12947988&version=c92df623023877719a90b2a350049cd0_b9dfc1449d818686c582bce48733a6e2&language=en&group_id=0&jsonp=__lc_localization
Requested by: Host: cdn.livechatinc.com
URL: https://cdn.livechatinc.com/tracking.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.37.25 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-37-25.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 9635c310f5b1283cfe4fb98e50229599fb8fe1842479c5a21356e6e16adc3c0b

Request headers

Referer: https://rtudd.cat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 08 Jul 2021 15:32:40 GMT
cache-control: public, max-age=600
content-type: application/javascript; charset=UTF-8
content-encoding: gzip
content-length: 3725
vary: Accept-Encoding
expires: Thu, 08 Jul 2021 15:42:40 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame A790 5 KB
807 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Noto+Sans:400,700&subset=latin-ext&display=swap

Requested by

Host: secure.livechatinc.com
URL: https://secure.livechatinc.com/customer/action/open_chat?license_id=12947988&group=0&embedded=1&widget_version=3&unique_groups=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3f2296fc1af54692bd56501bf9156cae1da8028424f9dbf8b00e5f40b6c3a4d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://secure.livechatinc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 08 Jul 2021 14:56:11 GMT
server: ESF
date: Thu, 08 Jul 2021 15:32:40 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 08 Jul 2021 15:32:40 GMT

GET
H2 200 2.c5551093.chunk.js Show response
cdn.livechatinc.com/widget/static/js/ Frame A790 377 KB
110 KB 33ms
32ms Script
application/javascript 2.16.186.211
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.livechatinc.com/widget/static/js/2.c5551093.chunk.js
Requested by: Host: secure.livechatinc.com
URL: https://secure.livechatinc.com/customer/action/open_chat?license_id=12947988&group=0&embedded=1&widget_version=3&unique_groups=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.186.211 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-211.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 74b4a28729201fae2dbb53b42592ee518a7343ed8bbb6508ee0844d4d1e0030b

Request headers

Referer: https://secure.livechatinc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: 4VlY0JX.WEGYnUUxoteC6PMDdqMps0w9
content-encoding: br
last-modified: Fri, 02 Jul 2021 07:12:17 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
etag: W/"d799bf79962bc0c1d21d5829b734f344"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
date: Thu, 08 Jul 2021 15:32:40 GMT
content-length: 111578
x-amz-cf-id: 8FbR4MV7Fi9yLaumWZxi8ZToy1e40933suxZZA5HfjulLAX9kq5MxA==
expires: Fri, 08 Jul 2022 15:32:40 GMT

GET
H2 200 0.88d54b4c.chunk.js Show response
cdn.livechatinc.com/widget/static/js/ Frame A790 23 KB
8 KB 51ms
50ms Script
application/javascript 2.16.186.211
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.livechatinc.com/widget/static/js/0.88d54b4c.chunk.js
Requested by: Host: secure.livechatinc.com
URL: https://secure.livechatinc.com/customer/action/open_chat?license_id=12947988&group=0&embedded=1&widget_version=3&unique_groups=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.186.211 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-211.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 70eef99f016276772a27a6176e60dd2565d7acd70c3850e9cc9f8d240abe814d

Request headers

Referer: https://secure.livechatinc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: OTkE1UFJkii6KMFdKNIvJ9iAxal6VobA
content-encoding: br
last-modified: Thu, 01 Jul 2021 12:56:44 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
etag: W/"ff8e1d51eee6cb0c2e221d1129f678bb"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
date: Thu, 08 Jul 2021 15:32:40 GMT
content-length: 7947
x-amz-cf-id: VtS8XYmXAQx_ueqqU-4f3queCOkfmcZfHkJJ5NjPjGKLKMTbM_sskQ==
expires: Fri, 08 Jul 2022 15:32:40 GMT

GET
H2 200 iframe.abe1ef84.chunk.js Show response
cdn.livechatinc.com/widget/static/js/ Frame A790 410 KB
108 KB 54ms
53ms Script
application/javascript 2.16.186.211
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.livechatinc.com/widget/static/js/iframe.abe1ef84.chunk.js
Requested by: Host: secure.livechatinc.com
URL: https://secure.livechatinc.com/customer/action/open_chat?license_id=12947988&group=0&embedded=1&widget_version=3&unique_groups=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.186.211 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-211.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: c9f46a0250bd4256adfbe2036267fea912522eaec1f38abb786749017db8ebe4

Request headers

Referer: https://secure.livechatinc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: x.9MtUzeyz6al.fIR0D4xQSsn2djU6c8
content-encoding: br
last-modified: Thu, 08 Jul 2021 08:51:21 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
etag: W/"b5057db805416d9d6f180b79bd4f2620"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
date: Thu, 08 Jul 2021 15:32:40 GMT
content-length: 109675
x-amz-cf-id: umrhug43b0tkrHrp_8aoECp4TF8CTILQo0MgoERebNjAtv0CNXxXPA==
expires: Fri, 08 Jul 2022 15:32:40 GMT

GET
H2 200 o-0IIpQlx3QUlC5A4PNr5TRA.woff2
fonts.gstatic.com/s/notosans/v12/ Frame A790 16 KB
16 KB 9ms
8ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/notosans/v12/o-0IIpQlx3QUlC5A4PNr5TRA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Noto+Sans:400,700&subset=latin-ext&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a9f53c02752e79270686f1b2a3616b86d3af1ea2a288f2977e34b1141d552ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://secure.livechatinc.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Jul 2021 05:12:10 GMT
x-content-type-options: nosniff
age: 210030
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16056
x-xss-protection: 0
last-modified: Wed, 24 Mar 2021 17:50:31 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 06 Jul 2022 05:12:10 GMT

GET
H2 200 o-0NIpQlx3QUlC5A4PNjXhFVZNyB.woff2
fonts.gstatic.com/s/notosans/v12/ Frame A790 16 KB
16 KB 9ms
9ms Font
font/woff2 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/notosans/v12/o-0NIpQlx3QUlC5A4PNjXhFVZNyB.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Noto+Sans:400,700&subset=latin-ext&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8beec539128cea621e511cd54f21a0d17ff891a16a0ebd7a98a3e4fbc00bd0e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://secure.livechatinc.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 06 Jul 2021 13:51:41 GMT
x-content-type-options: nosniff
age: 178859
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16180
x-xss-protection: 0
last-modified: Wed, 24 Mar 2021 17:43:44 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 06 Jul 2022 13:51:41 GMT

GET
H2

200

postmessage.html Show response
accounts.livechatinc.com/static/ Frame 9B54
Redirect Chain

https://accounts.livechatinc.com/customer?license_id=12947988&flow=button&response_type=token&client_id=c5e4f61e1a6c3b1521b541bc5c5a2ac5&redirect_uri=https%3A%2F%2Fsecure.livechatinc.com%2Fcustomer...
https://accounts.livechatinc.com/static/postmessage.html

553 B
493 B

157ms
157ms

Document
text/html

104.126.37.25
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://accounts.livechatinc.com/static/postmessage.html
Requested by: Host: cdn.livechatinc.com
URL: https://cdn.livechatinc.com/widget/static/js/iframe.abe1ef84.chunk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.126.37.25 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a104-126-37-25.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 7cb6c118ec3898ea3cf8db6f9d26f49cbe1ed8475e269b78d8162307b648b1ae

Request headers

:method: GET
:authority: accounts.livechatinc.com
:scheme: https
:path: /static/postmessage.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://secure.livechatinc.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://secure.livechatinc.com/

Response headers

content-encoding: gzip
content-type: text/html
etag: "06F41167B22D690E6AD57C16440DEC37558AF6A5"
vary: Accept-Encoding
content-length: 365
date: Thu, 08 Jul 2021 15:32:41 GMT

Redirect headers

cache-control: no-cache, no-store, max-age=0, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT
location: https://accounts.livechatinc.com/static/postmessage.html#access_token=dal:i-XynGQ_SzqgOWvYkm7Ndw&entity_id=b01e9cb7-b2de-44cd-5f1e-eba16b2c7f8d&expires_in=28800&redirect_uri=https://secure.livechatinc.com/customer/action/open_chat&state=@livechat/customer-auth&token_type=Bearer
pragma: no-cache
content-length: 0
date: Thu, 08 Jul 2021 15:32:41 GMT
set-cookie: __lc_cid=b01e9cb7-b2de-44cd-5f1e-eba16b2c7f8d; Path=/customer; Domain=accounts.livechatinc.com; Expires=Sat, 08 Jul 2023 15:32:41 GMT; Max-Age=63072000; HttpOnly; Secure; SameSite=None __lc_cst=339d6802b804eeb7dd2e7faccafc52b0290ccd02e3e967517e7cefe7efb390737dc1be168e372a918d09a64c3f449aec551c139d51a74e8039296ceeb895; Path=/customer; Domain=accounts.livechatinc.com; Expires=Sat, 08 Jul 2023 15:32:41 GMT; Max-Age=63072000; HttpOnly; Secure; SameSite=None __lc2_cid=b01e9cb7-b2de-44cd-5f1e-eba16b2c7f8d; Path=/licence; Domain=accounts.livechatinc.com; Expires=Sat, 08 Jul 2023 15:32:41 GMT; Max-Age=63072000; HttpOnly; Secure; SameSite=None __lc2_cst=339d6802b804eeb7dd2e7faccafc52b0290ccd02e3e967517e7cefe7efb390737dc1be168e372a918d09a64c3f449aec551c139d51a74e8039296ceeb895; Path=/licence; Domain=accounts.livechatinc.com; Expires=Sat, 08 Jul 2023 15:32:41 GMT; Max-Age=63072000; HttpOnly; Secure; SameSite=None __oauth_redirect_detector=counter=1&t=1625758391&tag=4ab05ad1c2099a750283e096686ea36245eabd75; Path=/; Expires=Thu, 08 Jul 2021 15:33:11 GMT; HttpOnly

GET
H2 200 greeting.6348669c.chunk.js Show response
cdn.livechatinc.com/widget/static/js/ Frame A790 14 KB
5 KB 33ms
31ms Script
application/javascript 2.16.186.211
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.livechatinc.com/widget/static/js/greeting.6348669c.chunk.js
Requested by: Host: secure.livechatinc.com
URL: https://secure.livechatinc.com/customer/action/open_chat?license_id=12947988&group=0&embedded=1&widget_version=3&unique_groups=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.186.211 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-211.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 46c2abc7be31888f31bef79c79451d601460e8cd1379afb9d554fbae7b553a74

Request headers

Referer: https://secure.livechatinc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: lO.i67zCYgOWjUIkxDMFLNKqapLaDn2l
content-encoding: br
last-modified: Thu, 08 Jul 2021 08:51:21 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1
etag: W/"f29dc9ac898c3497aed476ea356500fb"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
date: Thu, 08 Jul 2021 15:32:47 GMT
content-length: 4365
x-amz-cf-id: YzYPLjvEd2vDQ-nYqfvCFrKY4k_8P4sgVH9wqA467jy3t-CSMpm2KA==
expires: Fri, 08 Jul 2022 15:32:47 GMT

GET
H2 200 53a7236a80e2cbf9749baf2026ddbf76.jpeg
cdn.livechat-files.com/api/file/lc/img/12947988/ Frame A790 5 KB
5 KB 490ms
488ms Image
image/jpeg 2.16.186.211
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.livechat-files.com/api/file/lc/img/12947988/53a7236a80e2cbf9749baf2026ddbf76.jpeg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.186.211 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-211.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 992c9cb6774a8d6fa85792279d33b9109fef2f871fdf8e79adad3da56179a4b2

Request headers

Referer: https://secure.livechatinc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 08 Jul 2021 15:32:47 GMT
cache-control: private, max-age=86400
content-length: 4971
content-type: image/jpeg

GET
H2 206 new_message.34190d36.ogg
cdn.livechatinc.com/widget/static/media/ 11 KB
11 KB 28ms
27ms Media
application/octet-stream 2.16.186.211
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.livechatinc.com/widget/static/media/new_message.34190d36.ogg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.186.211 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-211.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 1d0bdbe8013ddd58bf31229ea12bd42dfe6bf4cb022cc65d519a45a13c403b5d

Request headers

Referer: https://rtudd.cat/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

x-amz-version-id: .Wc6JO8hb2vjBelHOXaNOoy4vYyve5GM
last-modified: Thu, 01 Jul 2021 12:56:44 GMT
server: AmazonS3
x-amz-cf-pop: FRA2-C1
etag: "a37211a6cfcda45352d5abcff1e446bb"
content-type: application/octet-stream
Content-Range: bytes 0-11403/11404
cache-control: max-age=31536000
date: Thu, 08 Jul 2021 15:32:47 GMT
accept-ranges: bytes
access-control-allow-origin: *
Content-Length: 11404
x-amz-cf-id: yh9be5V4uAFXiGS7I6Bzskpk2_D1vlI8rgBV0rmqzXugzcwilfKJjw==
expires: Fri, 08 Jul 2022 15:32:47 GMT

GET
H2 200 handwave.gif
cdn.livechat-static.com/api/file/lc/img/rich-greetings/ Frame A790 364 KB
365 KB 37ms
29ms Image
image/gif 2.16.186.211
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.livechat-static.com/api/file/lc/img/rich-greetings/handwave.gif
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.186.211 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-211.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: d368f73655941321fa294f8c0f5d63f0a6caaab3dccac499800b4e2e49358a51

Request headers

Referer: https://secure.livechatinc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 08 Jul 2021 15:32:49 GMT
cache-control: private, max-age=45511
content-length: 372763
content-type: image/gif

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			rtudd.cat/	1969-12-31 23:59:59	Name: PHPSESSID Value: 6dd832f110ba34c30f832c6fcc36b4d3

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.livechatinc.com
api.livechatinc.com
avcoglobal.com
cdn.livechat-files.com
cdn.livechat-static.com
cdn.livechatinc.com
fonts.googleapis.com
fonts.gstatic.com
js-codes.com
rtudd.cat
secure.livechatinc.com
104.126.37.25
2.16.186.211
2606:4700:3030::6815:5ce5
2a00:1450:4001:803::2003
2a00:1450:4001:82f::200a
35.208.201.23
45.64.104.223
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
1d0bdbe8013ddd58bf31229ea12bd42dfe6bf4cb022cc65d519a45a13c403b5d
299f002a908a15968be878534247c58b43b6204eb9b9100b91225b54986fe40c
3f2296fc1af54692bd56501bf9156cae1da8028424f9dbf8b00e5f40b6c3a4d9
46c2abc7be31888f31bef79c79451d601460e8cd1379afb9d554fbae7b553a74
4a9f53c02752e79270686f1b2a3616b86d3af1ea2a288f2977e34b1141d552ec
5c43c6926e1df5e73920d165449008fcb897ac1dea4a84f88935a51def79733d
70eef99f016276772a27a6176e60dd2565d7acd70c3850e9cc9f8d240abe814d
74b4a28729201fae2dbb53b42592ee518a7343ed8bbb6508ee0844d4d1e0030b
7cb6c118ec3898ea3cf8db6f9d26f49cbe1ed8475e269b78d8162307b648b1ae
8103c9c446021644e3ff3727e1990d58524c0ea403768ee35a1c36074745f375
843e67ad522a908162007f4b7601819a5bbfef00e38ac7aec778766da8b7b2ab
8beec539128cea621e511cd54f21a0d17ff891a16a0ebd7a98a3e4fbc00bd0e5
9256b01fb7d319df98ec487452eb1b475a327c483e83efc35207a8a3797ec979
9635c310f5b1283cfe4fb98e50229599fb8fe1842479c5a21356e6e16adc3c0b
992c9cb6774a8d6fa85792279d33b9109fef2f871fdf8e79adad3da56179a4b2
9e2b0f9853ce86860c896dfdcf62730062d8adaea111f4e04843beda3e97d2fc
a6c3bff965978df8093c3a29f7071c21d7439a212af41e7b40ce70d94d6bcc44
ae79dcc3eb016922caa1d095cfd936446bc65a46bb3364b242dfc556f7e3c6a8
b23c0b83a601504ebc54a84623a2ae2b7cdf7208892499597401af735b35a832
b3cc50b9e94bbecaaeb1079b64b8ca50616d1732824964c1cc2c5422627a0ec5
c9f46a0250bd4256adfbe2036267fea912522eaec1f38abb786749017db8ebe4
d368f73655941321fa294f8c0f5d63f0a6caaab3dccac499800b4e2e49358a51

rtudd.cat Open in urlscan Pro 35.208.201.23 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

23 Requests

100 %HTTPS

43 %IPv6

8 Domains

11 Subdomains

6 IPs

3 Countries

807 kBTransfer

1549 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

23 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

20 JavaScript Global Variables

1 Cookies

Indicators

rtudd.cat Open in urlscan Pro
35.208.201.23 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

23
Requests

100 %
HTTPS

43 %
IPv6

8
Domains

11
Subdomains

6
IPs

3
Countries

807 kB
Transfer

1549 kB
Size

1
Cookies

23 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!