qr-captcha.com Open in urlscan Pro
139.45.197.167 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://t.co/tsMCw33nkf
Effective URL:
https://qr-captcha.com/?t=0&ymid=720296103471489577
Submission: On August 29 via manual (August 29th 2023, 7:51:36 am UTC) from NG — Scanned from DE

Summary HTTP 32 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 2 countries across 5 domains to perform 32 HTTP transactions. The main IP is 139.45.197.167, located in United Kingdom and belongs to RETN-AS, GB. The main domain is qr-captcha.com. The Cisco Umbrella rank of the primary domain is 361121.
TLS certificate: Issued by R3 on June 16th 2023. Valid for: 3 months.

This is the only time qr-captcha.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	104.244.42.133 104.244.42.133	13414 (TWITTER) (TWITTER)
1	139.45.197.245 139.45.197.245	9002 (RETN-AS) (RETN-AS)
4	139.45.195.8 139.45.195.8	9002 (RETN-AS) (RETN-AS)
1 20	172.64.133.20 172.64.133.20	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	139.45.197.167 139.45.197.167	9002 (RETN-AS) (RETN-AS)
32	6

1 104.244.42.133 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.45.197.245 (United Kingdom)

ASN9002 (RETN-AS, GB)

zeekaihu.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 139.45.195.8 (United Kingdom)

ASN9002 (RETN-AS, GB)

my.rtmark.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 172.64.133.20 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

psaugourtauy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 139.45.197.167 (United Kingdom)

ASN9002 (RETN-AS, GB)

qr-captcha.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
20	psaugourtauy.com 1 redirects psaugourtauy.com — Cisco Umbrella Rank: 72523	71 KB
4	qr-captcha.com qr-captcha.com — Cisco Umbrella Rank: 361121	20 KB
4	rtmark.net my.rtmark.net — Cisco Umbrella Rank: 11867	2 KB
1	zeekaihu.net zeekaihu.net — Cisco Umbrella Rank: 232975	2 KB
1	t.co t.co — Cisco Umbrella Rank: 556	628 B
32	5

	Domain	Requested by
20	psaugourtauy.com	1 redirects zeekaihu.net psaugourtauy.com
4	qr-captcha.com	psaugourtauy.com qr-captcha.com
4	my.rtmark.net	zeekaihu.net psaugourtauy.com
1	zeekaihu.net	t.co
1	t.co
32	5

This site contains no links.

Subject Issuer	Validity	Valid
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-05` - `2024-02-05`	a year	crt.sh
rtmark.net R3	`2023-07-25` - `2023-10-23`	3 months	crt.sh
psaugourtauy.com E1	`2023-08-14` - `2023-11-12`	3 months	crt.sh
qr-captcha.com R3	`2023-06-16` - `2023-09-14`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://qr-captcha.com/?t=0&ymid=720296103471489577
Frame ID: 2D68107564E1B04BAA5936B6BB978C15
Requests: 36 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://t.co/tsMCw33nkf Page URL
http://zeekaihu.net/4/6191987 Page URL
https://psaugourtauy.com/?s=720296080214077844&ssk=c02d27489a3f1837db08ae20398cc238&svar=1693295487&z... Page URL
https://psaugourtauy.com/cdn-cgi/phish-bypass?atok=Qd3U0qYY_IIM9LBsGsanTeeBHu9rfsqSiK1tpIA_g.E-169329... HTTP 301
https://psaugourtauy.com/?s=720296080214077844&ssk=c02d27489a3f1837db08ae20398cc238&svar=1693295487&z... Page URL
https://psaugourtauy.com/?s=720296080214077844&ssk=c02d27489a3f1837db08ae20398cc238&svar=1693295487&z... Page URL
https://psaugourtauy.com/submenu/4662728/?rhd=1&var=6191987&var3=720296080214077844&oaid=148aacb80283... Page URL
https://qr-captcha.com/?t=0&ymid=720296103471489577 Page URL

Page Statistics

32
Requests

88 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

6
IPs

2
Countries

95 kB
Transfer

312 kB
Size

10
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://t.co/tsMCw33nkf Page URL
http://zeekaihu.net/4/6191987 Page URL
https://psaugourtauy.com/?s=720296080214077844&ssk=c02d27489a3f1837db08ae20398cc238&svar=1693295487&z=6191987&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb Page URL
https://psaugourtauy.com/cdn-cgi/phish-bypass?atok=Qd3U0qYY_IIM9LBsGsanTeeBHu9rfsqSiK1tpIA_g.E-1693295487-0-%2F%3Fs%3D720296080214077844%26ssk%3Dc02d27489a3f1837db08ae20398cc238%26svar%3D1693295487%26z%3D6191987%26pz%3D4662709%26tb%3D4662728%26l%3DWGYVPKNMPvY53zb HTTP 301
https://psaugourtauy.com/?s=720296080214077844&ssk=c02d27489a3f1837db08ae20398cc238&svar=1693295487&z=6191987&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb Page URL
https://psaugourtauy.com/?s=720296080214077844&ssk=c02d27489a3f1837db08ae20398cc238&svar=1693295487&z=6191987&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2 Page URL
https://psaugourtauy.com/submenu/4662728/?rhd=1&var=6191987&var3=720296080214077844&oaid=148aacb80283d2fa68d250c0413abb22 Page URL
https://qr-captcha.com/?t=0&ymid=720296103471489577 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6

https://psaugourtauy.com/cdn-cgi/phish-bypass?atok=Qd3U0qYY_IIM9LBsGsanTeeBHu9rfsqSiK1tpIA_g.E-1693295487-0-%2F%3Fs%3D720296080214077844%26ssk%3Dc02d27489a3f1837db08ae20398cc238%26svar%3D1693295487%26z%3D6191987%26pz%3D4662709%26tb%3D4662728%26l%3DWGYVPKNMPvY53zb HTTP 301
https://psaugourtauy.com/?s=720296080214077844&ssk=c02d27489a3f1837db08ae20398cc238&svar=1693295487&z=6191987&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb

32 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 tsMCw33nkf
t.co/ 282 B
628 B 229ms
148ms Document
text/html 104.244.42.133
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://t.co/tsMCw33nkf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.133 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	referrer always;
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private,max-age=300
content-encoding: gzip
content-length: 204
content-security-policy: referrer always;
content-type: text/html; charset=utf-8
date: Tue, 29 Aug 2023 07:51:25 GMT
expires: Tue, 29 Aug 2023 07:56:26 GMT
perf: 7626143928
referrer-policy: unsafe-url
server: tsa_o
strict-transport-security: max-age=0
vary: Origin
x-connection-hash: 4aec7b102ffb05c25c98b93eabf4053e85a6658772dec21a37eb5b84c28cbef7
x-response-time: 120
x-transaction-id: 8aadea38d61c763c
x-xss-protection: 0

GET
H/1.1 200
OK 6191987
zeekaihu.net/4/ 1 KB
2 KB 61ms
29ms Document
text/html 139.45.197.245
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://zeekaihu.net/4/6191987
Requested by: Host: t.co
URL: https://t.co/tsMCw33nkf
Protocol: HTTP/1.1
Server: 139.45.197.245 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://t.co/tsMCw33nkf
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Allow-Methods: GET, POST, OPTIONS POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin: * *
Access-Control-Max-Age: 86400
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0 no-store, no-cache, must-revalidate, max-age=0
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=utf8
Date: Tue, 29 Aug 2023 07:51:27 GMT
Expires: Tue, 11 Jan 1994 10:00:00 GMT Mon, 26 Jul 1997 05:00:00 GMT
Link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch" <https://psaugourtauy.com>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://me9qgidaa.com>; rel="preconnect dns-prefetch"
Pragma: no-cache no-cache
Server: nginx
Timing-Allow-Origin: *
Transfer-Encoding: chunked
X-Trace-Id: 99d6e6211ef6b85f34670555b3b99111

POST
H2 200 img.gif
my.rtmark.net/ 43 B
504 B 99ms
28ms Ping
image/gif 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/img.gif?f=merge&userId=423a026d3ff6415896ebda73e2c4c7da

Requested by

Host: zeekaihu.net
URL: http://zeekaihu.net/4/6191987

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 07:51:27 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: image/gif
access-control-allow-origin: http://zeekaihu.net
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 43

GET
H2 200 / Show response
psaugourtauy.com/ 5 KB
2 KB 170ms
107ms Document
text/html 172.64.133.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://psaugourtauy.com/?s=720296080214077844&ssk=c02d27489a3f1837db08ae20398cc238&svar=1693295487&z=6191987&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb

Requested by

Host: zeekaihu.net
URL: http://zeekaihu.net/4/6191987

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.133.20 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e85003d223919385f0964bee7967cd1d7cbd4e2d845f3bf62a1077060c44555b

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-ray: 7fe3357adff33a3d-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 29 Aug 2023 07:51:27 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xF3LdM0jZjIstZK05a%2BA40O8xpXk6DWNbTpzyVlH0862HksC4lpIvxtKulU4npGvdRo3pC12FTU65BvP%2Bsk2isONVCWwZ1gtW8uRffP7iOYdwYNDMKg%2BHg5D3RcmUA47dFJy"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H2 200 cf.errors.css
psaugourtauy.com/cdn-cgi/styles/ 24 KB
5 KB 21ms
20ms Stylesheet
text/css 172.64.133.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://psaugourtauy.com/cdn-cgi/styles/cf.errors.css

Requested by

Host: psaugourtauy.com
URL: https://psaugourtauy.com/?s=720296080214077844&ssk=c02d27489a3f1837db08ae20398cc238&svar=1693295487&z=6191987&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.133.20 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1103290e25ebda2712abe344a87facbac00ddaba712729be9fe5feef807bf91b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://psaugourtauy.com/?s=720296080214077844&ssk=c02d27489a3f1837db08ae20398cc238&svar=1693295487&z=6191987&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 07:51:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 23 Aug 2023 13:09:20 GMT
server: cloudflare
etag: W/"64e60500-5e44"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=7200, public
cf-ray: 7fe3357b98a63a3d-FRA
expires: Tue, 29 Aug 2023 09:51:27 GMT

GET
H3 200 icon-exclamation.png
psaugourtauy.com/cdn-cgi/images/ 452 B
670 B 20ms
19ms Image
image/png 172.64.133.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://psaugourtauy.com/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: psaugourtauy.com
URL: https://psaugourtauy.com/cdn-cgi/styles/cf.errors.css

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.133.20 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://psaugourtauy.com/cdn-cgi/styles/cf.errors.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 07:51:27 GMT
x-content-type-options: nosniff
last-modified: Wed, 23 Aug 2023 13:09:20 GMT
server: cloudflare
etag: "64e60500-1c4"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=7200, public
accept-ranges: bytes
cf-ray: 7fe3357bba869295-FRA
content-length: 452
expires: Tue, 29 Aug 2023 09:51:27 GMT

GET
H3

200

/ Show response
psaugourtauy.com/
Redirect Chain

https://psaugourtauy.com/cdn-cgi/phish-bypass?atok=Qd3U0qYY_IIM9LBsGsanTeeBHu9rfsqSiK1tpIA_g.E-1693295487-0-%2F%3Fs%3D720296080214077844%26ssk%3Dc02d27489a3f1837db08ae20398cc238%26svar%3D1693295487...
https://psaugourtauy.com/?s=720296080214077844&ssk=c02d27489a3f1837db08ae20398cc238&svar=1693295487&z=6191987&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb

39 KB
13 KB

90ms
89ms

Document
text/html

172.64.133.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://psaugourtauy.com/?s=720296080214077844&ssk=c02d27489a3f1837db08ae20398cc238&svar=1693295487&z=6191987&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.133.20 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.33
Resource Hash: a7989312a5e027fc621ceec7b53ec2c8e24eac5601f9ed11e5c217361b115bc1

Request headers

Referer: https://psaugourtauy.com/?s=720296080214077844&ssk=c02d27489a3f1837db08ae20398cc238&svar=1693295487&z=6191987&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-origin: *
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7fe335974b759295-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 29 Aug 2023 07:51:31 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hQ9wjCF7Kf5FFCaKJw4hYx%2FsIv2Kmbh1cVdUjhdGjgPoEjUJSZJgdvipzgnSvzPuByqG1DVTqDUkIIeZny9vqLZCVbJ5Cz3fomQ%2FjZBMp9vXZMJ48BSVumxMwyQkH2TJOY1p"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-powered-by: PHP/7.4.33

Redirect headers

cache-control: private, no-cache
cf-ray: 7fe335973b619295-FRA
content-length: 167
content-type: text/html
date: Tue, 29 Aug 2023 07:51:31 GMT
location: https://psaugourtauy.com/?s=720296080214077844&ssk=c02d27489a3f1837db08ae20398cc238&svar=1693295487&z=6191987&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
server: cloudflare
x-content-type-options: nosniff
x-frame-options: DENY

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
543 B 32ms
31ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js?userId=148aacb80283d2fa68d250c0413abb22

Requested by

Host: psaugourtauy.com
URL: https://psaugourtauy.com/?s=720296080214077844&ssk=c02d27489a3f1837db08ae20398cc238&svar=1693295487&z=6191987&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

c748b2236ab63dfd97982f21f3df35348146a281ad2374055fcaa0aa9b8ec845

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://psaugourtauy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 07:51:31 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://psaugourtauy.com
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H3 200 micro.tag.min.js Show response
psaugourtauy.com/pfe/current/ 26 KB
11 KB 50ms
49ms Script
application/javascript 172.64.133.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://psaugourtauy.com/pfe/current/micro.tag.min.js?z=4662709&ymid=720296080214077844&var=6191987&sw=/sw-check-permissions/4662709&uhd=1
Requested by: Host: psaugourtauy.com
URL: https://psaugourtauy.com/?s=720296080214077844&ssk=c02d27489a3f1837db08ae20398cc238&svar=1693295487&z=6191987&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.133.20 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 414af32e4b8883639a4d227bc7a9a9e6b42e1d22031dc4aaf81fff3c70d7488e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://psaugourtauy.com/?s=720296080214077844&ssk=c02d27489a3f1837db08ae20398cc238&svar=1693295487&z=6191987&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Aug 2023 07:51:31 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 23 Aug 2023 12:46:21 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"64e5ff9d-68c6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GhgT2QhpdshSyZHTDsRWRzeGq2j0QdYi4Xh%2B%2Be3kDt45AktKMXFMYKxQSBm9B7kDyCH3Bqf3yXNEKAwq4hOFUTD9hcmBxfUoT9zU%2FXLFL1e6QsNLuBrwz3YfDt8UyyE71XH%2F"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
access-control-allow-credentials: true
cf-ray: 7fe33597fbfb9295-FRA
alt-svc: h3=":443"; ma=86400

GET
DATA 200
OK truncated
/ 327 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 56c09cdddbb52eff660021ca91896cde47f956f91be4b43601d8224873bdcbcc

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 / Show response
psaugourtauy.com/19/4662728/ 3 KB
2 KB 44ms
43ms XHR
application/json 172.64.133.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://psaugourtauy.com/19/4662728/?abt_opts=1&var=6191987&var3=720296080214077844&ymid=&rhd=1

Requested by

Host: psaugourtauy.com
URL: https://psaugourtauy.com/?s=720296080214077844&ssk=c02d27489a3f1837db08ae20398cc238&svar=1693295487&z=6191987&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.133.20 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

88d9f25117274c41b5d31b6d4b35194f4f768a7196465659f39a94c057f7ba35

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://psaugourtauy.com/?s=720296080214077844&ssk=c02d27489a3f1837db08ae20398cc238&svar=1693295487&z=6191987&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 07:51:31 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-trace-id: cdf9f80c33feeb602a49dceba3dd8c0a
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LFBunl31je73SsAuKdh45EEf9x8NujfXMsddNgsHVg9ymK8sQTMT%2FLVTKpRIvOEiCh3KzpmYbzfM35aen0Jb53O1r5bC6msfTHl%2B%2FAV0%2FqmrGG3NIbrvEeQ0ZFI%2BgYwjNiJi"}],"group":"cf-nel","max_age":604800}
access-control-max-age: 86400
access-control-allow-credentials: true
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
timing-allow-origin: *
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://me9qgidaa.com>; rel="preconnect dns-prefetch"
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
cf-ray: 7fe335980c099295-FRA
expires: Tue, 11 Jan 1994 10:00:00 GMT

POST
H3 200 / Show response
psaugourtauy.com/ 2 B
527 B 59ms
59ms XHR
application/json 172.64.133.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://psaugourtauy.com/?s=720296080214077844&ssk=c02d27489a3f1837db08ae20398cc238&svar=1693295487&z=6191987&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&mprtr=1
Requested by: Host: psaugourtauy.com
URL: https://psaugourtauy.com/?s=720296080214077844&ssk=c02d27489a3f1837db08ae20398cc238&svar=1693295487&z=6191987&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.133.20 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.26
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://psaugourtauy.com/?s=720296080214077844&ssk=c02d27489a3f1837db08ae20398cc238&svar=1693295487&z=6191987&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 07:51:31 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/7.4.26
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AjNxHQKShqzTlrlEa22QsOvRh5An%2F5rbgA%2BgGnJZnwKty%2B87EVd4G23pE%2F8L2m9HlyYKoWGNipUu5D%2F3P7eTfkPsYrJpuUzCSsatXvr267KnMs5GjDXtlWS3IfzGiFWQd3Wr"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
cf-ray: 7fe335981c179295-FRA
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
alt-svc: h3=":443"; ma=86400

GET
H3 200 rhd Show response
psaugourtauy.com/ 2 KB
3 KB 55ms
55ms Fetch
application/json 172.64.133.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://psaugourtauy.com/rhd?rb=FkcRM8faE7tv5RForqfq6gHOvGnWbUEbrYZ5zCT167ZFV_ooROXDCn-oAqt26Mq61z4Og_ztBfeO9inoPv-EDy6EoAQ2eObsnuc7geZXzaPFn5Zg_LGuxgNppKvtRxWCmsSU51VeP28NYvxttjY69wksLy80_jB5ewAL2Am3xPjBNaOVU_1IcM1mLeulDUw_K4tG5_eTKb3MokOeLvpGu5ODpEBxw8pcqn6yphB017rLCgBXDCXZZnjG5Bde5KiaLsU2-LUI2mZuYnLNaqH4P2zbiYSWnkw7mxexDr7meZDHW6wjz6qZ-cctN8Vmp_Y5EyznPZjfpF2U_0k4eeSunt5uiIi-tmCM5q3oFhqN1VRGWeR1aio2tiERaaUXBhS9xchTW5pTT8Ci30nCpBTCJUysF4Nb9x45cX1YZBrPRCzgEhnyQejkksGY0gMPqag4A-L2u0P9UTiZY3InKun6Pxia7ZUlglG8HhPxkSNePhs%3D&request_ab2=150001&zoneid=4662728&fs=0&cf=0&sw=1600&sh=1200&sah=1200&wx=0&wy=0&ww=1600&wh=1200&cw=1600&wih=1200&wiw=1600&wfc=0&pl=https%3A%2F%2Fpsaugourtauy.com%2F%3Fs%3D720296080214077844%26ssk%3Dc02d27489a3f1837db08ae20398cc238%26svar%3D1693295487%26z%3D6191987%26pz%3D4662709%26tb%3D4662728%26l%3DWGYVPKNMPvY53zb&drf=https%3A%2F%2Fpsaugourtauy.com%2F%3Fs%3D720296080214077844%26ssk%3Dc02d27489a3f1837db08ae20398cc238%26svar%3D1693295487%26z%3D6191987%26pz%3D4662709%26tb%3D4662728%26l%3DWGYVPKNMPvY53zb&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-unknown&var=6191987&var3=720296080214077844&ymid=&rhd=1&m=link

Requested by

Host: psaugourtauy.com
URL: https://psaugourtauy.com/?s=720296080214077844&ssk=c02d27489a3f1837db08ae20398cc238&svar=1693295487&z=6191987&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.133.20 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0af012d8e9fc5947d7827a8565c0636c97db54ae6fe5762f6c38d0be37c6919f

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://psaugourtauy.com/?s=720296080214077844&ssk=c02d27489a3f1837db08ae20398cc238&svar=1693295487&z=6191987&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 07:51:31 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-trace-id: a4308a84820fdfa02d0a673d6221419a
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=98AXc%2BIAWUcjBdmG%2FRqaZgb9Rks%2BYWHJAyeVILTO%2Bu%2BSv9Cp3fv6xw186WPahve%2Bzz3TiLqgzHcY8jzEjdmetJ5KJO1MhRFIEyU0CCTeCmQilUvMZtkqz9VAbWDujTsKBg25"}],"group":"cf-nel","max_age":604800}
access-control-max-age: 86400
access-control-allow-credentials: true
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
timing-allow-origin: *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
cf-ray: 7fe335984c4f9295-FRA
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H3 200 4662709
psaugourtauy.com/sw-check-permissions/ 0
944 B 43ms
43ms Other
application/javascript 172.64.133.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://psaugourtauy.com/sw-check-permissions/4662709?var=6191987&ymid=720296080214077844&uhd=1
Requested by: Host: psaugourtauy.com
URL: https://psaugourtauy.com/pfe/current/micro.tag.min.js?z=4662709&ymid=720296080214077844&var=6191987&sw=/sw-check-permissions/4662709&uhd=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.133.20 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.33
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://psaugourtauy.com/?s=720296080214077844&ssk=c02d27489a3f1837db08ae20398cc238&svar=1693295487&z=6191987&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 07:51:31 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/7.4.33
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PwqQJ0VQEtBU6KnKpCU8US0rud5G%2FVt5z235U9sBiU2yr3Di9Tcu57AlaEbQexx3YXSUlnMMeOLyJ6F0Bkcs8JQDMgM9lCmskv3Ohnd3Cfbt38%2Ff3KR4zI%2Bzs5Ayz8RmC0sk"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cf-ray: 7fe335985c5a9295-FRA
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
alt-svc: h3=":443"; ma=86400

POST
H3 200 zone
psaugourtauy.com/ 0
480 B 61ms
61ms Ping
text/plain 172.64.133.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://psaugourtauy.com/zone?&pub=0&zone_id=4662709&is_mobile=false&domain=psaugourtauy.com&var=6191987&ymid=720296080214077844&var_3=&var_4=&dsig=&action=prerequest

Requested by

Host: psaugourtauy.com
URL: https://psaugourtauy.com/pfe/current/micro.tag.min.js?z=4662709&ymid=720296080214077844&var=6191987&sw=/sw-check-permissions/4662709&uhd=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.133.20 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://psaugourtauy.com/?s=720296080214077844&ssk=c02d27489a3f1837db08ae20398cc238&svar=1693295487&z=6191987&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

x-trace-id: dcf0acb0e72d7a172157b2d29f30058d
date: Tue, 29 Aug 2023 07:51:31 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=plOIFNcbEREqUfKshzxYPgFJjMXNAGQjxbd%2FkfXHSfu4ndk%2BfyrxQBybRJxnxWyjzMqK7ThY6pIPjsU2fw8tmr96P0Il2zjnxnvMQe0yd8wbWPsaFCgyydgdM9NezdaTYXvE"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://psaugourtauy.com
access-control-allow-credentials: true
cf-ray: 7fe335985c5b9295-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 0
alt-svc: h3=":443"; ma=86400

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
543 B 32ms
32ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js?pub=0&userId=&zoneId=4662709&checkDuplicate=true&ymid=720296080214077844&var=6191987

Requested by

Host: psaugourtauy.com
URL: https://psaugourtauy.com/pfe/current/micro.tag.min.js?z=4662709&ymid=720296080214077844&var=6191987&sw=/sw-check-permissions/4662709&uhd=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

c748b2236ab63dfd97982f21f3df35348146a281ad2374055fcaa0aa9b8ec845

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://psaugourtauy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 07:51:31 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://psaugourtauy.com
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H3 200 zone
psaugourtauy.com/ 901 B
1 KB 35ms
35ms Fetch
application/json 172.64.133.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://psaugourtauy.com/zone?&pub=0&zone_id=4662709&is_mobile=false&domain=psaugourtauy.com&var=6191987&ymid=720296080214077844&var_3=&var_4=&dsig=&action=settings

Requested by

Host: psaugourtauy.com
URL: https://psaugourtauy.com/pfe/current/micro.tag.min.js?z=4662709&ymid=720296080214077844&var=6191987&sw=/sw-check-permissions/4662709&uhd=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.133.20 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://psaugourtauy.com/?s=720296080214077844&ssk=c02d27489a3f1837db08ae20398cc238&svar=1693295487&z=6191987&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 07:51:31 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-trace-id: 13034f473fd30de4a7dd9e39449f7e43
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bweZVLIYZaNMVBYPYR1OL%2Fl1YBURNM7v2dE4PoBNO8bUf2Ctg9Nj0ct%2FOu2x5HgbUQiWgAwwDidFZDHi2Idyinn1so1ZOqSF3%2BO9qn4hIEkItpnArlbKl9CW319tCYmr%2BTGF"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 7fe335987c7c9295-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept

GET
H3 200 / Show response
psaugourtauy.com/ 39 KB
13 KB 91ms
90ms Document
text/html 172.64.133.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://psaugourtauy.com/?s=720296080214077844&ssk=c02d27489a3f1837db08ae20398cc238&svar=1693295487&z=6191987&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2
Requested by: Host: psaugourtauy.com
URL: https://psaugourtauy.com/?s=720296080214077844&ssk=c02d27489a3f1837db08ae20398cc238&svar=1693295487&z=6191987&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.133.20 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.24
Resource Hash: 194f47a3f557b2e85bf64328ec3952d088f53c4a8a014c60006f2825e560e689

Request headers

Referer: https://psaugourtauy.com/?s=720296080214077844&ssk=c02d27489a3f1837db08ae20398cc238&svar=1693295487&z=6191987&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-origin: *
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7fe33598bcb19295-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 29 Aug 2023 07:51:32 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F2RSZm4gl6p6eQf1OHfw5P1t9XlS%2BfHE3aDmldYauIO2y61irurWCj1ZYwhkoyr7e569vMTXGxlUFZAjnVzOw33EQ2reudaJEq6kTF37ypKXWuCEVnmIC%2BbF0xZahssX9XeU"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-powered-by: PHP/7.4.24

GET
H3 200 micro.tag.min.js Show response
psaugourtauy.com/pfe/current/ 26 KB
11 KB 46ms
45ms Script
application/javascript 172.64.133.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://psaugourtauy.com/pfe/current/micro.tag.min.js?z=4662709&ymid=720296080214077844&var=6191987&sw=/sw-check-permissions/4662709&uhd=1
Requested by: Host: psaugourtauy.com
URL: https://psaugourtauy.com/?s=720296080214077844&ssk=c02d27489a3f1837db08ae20398cc238&svar=1693295487&z=6191987&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.133.20 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 414af32e4b8883639a4d227bc7a9a9e6b42e1d22031dc4aaf81fff3c70d7488e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://psaugourtauy.com/?s=720296080214077844&ssk=c02d27489a3f1837db08ae20398cc238&svar=1693295487&z=6191987&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Aug 2023 07:51:32 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Wed, 23 Aug 2023 12:46:21 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"64e5ff9d-68c6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t0f7EgcFlrEkljSiCkbkX%2FadwLAnnDVXhJL%2Bs2RNU%2B18tpnPoL1slu0pWcSzGjC2g6Mrdkqr2K8r3gNKMFHLTXYRlq8KafoTvEvauZpUcmMmrsWO8%2FwjU6pnOT5we%2FUM4McL"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
access-control-allow-credentials: true
cf-ray: 7fe335996d359295-FRA
alt-svc: h3=":443"; ma=86400

GET
DATA 200
OK truncated
/ 327 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 56c09cdddbb52eff660021ca91896cde47f956f91be4b43601d8224873bdcbcc

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 / Show response
psaugourtauy.com/19/4662728/ 3 KB
2 KB 53ms
52ms XHR
application/json 172.64.133.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://psaugourtauy.com/19/4662728/?abt_opts=1&var=6191987&var3=720296080214077844&ymid=&rhd=1

Requested by

Host: psaugourtauy.com
URL: https://psaugourtauy.com/?s=720296080214077844&ssk=c02d27489a3f1837db08ae20398cc238&svar=1693295487&z=6191987&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.133.20 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

098ce9563c02c3aa652989046a2455c8504dd6de542ac8e4f9195a91969bb71e

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://psaugourtauy.com/?s=720296080214077844&ssk=c02d27489a3f1837db08ae20398cc238&svar=1693295487&z=6191987&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 07:51:32 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-trace-id: 5fb51e3f0925161e0bbe32861f8be762
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WfMDQG63Hfu%2B5qFyDf5nK1robebYbKDT9RfKrf8zpUqzT%2BA5Ikx4wxCyN%2BOuNcIuVjkgkevtb0gJREY6XUQ3Udw6MLf9%2F5rFihWbxs3CGyESE2vtqlrxjnr9G%2FUjxSk0rE%2Ft"}],"group":"cf-nel","max_age":604800}
access-control-max-age: 86400
access-control-allow-credentials: true
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
timing-allow-origin: *
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://me9qgidaa.com>; rel="preconnect dns-prefetch"
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
cf-ray: 7fe335997d4b9295-FRA
expires: Tue, 11 Jan 1994 10:00:00 GMT

POST
H3 200 / Show response
psaugourtauy.com/ 2 B
531 B 50ms
49ms XHR
application/json 172.64.133.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://psaugourtauy.com/?s=720296080214077844&ssk=c02d27489a3f1837db08ae20398cc238&svar=1693295487&z=6191987&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2&mprtr=1
Requested by: Host: psaugourtauy.com
URL: https://psaugourtauy.com/?s=720296080214077844&ssk=c02d27489a3f1837db08ae20398cc238&svar=1693295487&z=6191987&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.133.20 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.33
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://psaugourtauy.com/?s=720296080214077844&ssk=c02d27489a3f1837db08ae20398cc238&svar=1693295487&z=6191987&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 07:51:32 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/7.4.33
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tEeOEkB3i5%2FWba4X7ioCO%2BeVigc%2FuvNxGnbX%2FZUAkTVensCGpArKKujmM8%2BKqRLjhWGt5mUz8I%2Bc2%2BIWaK1xaBoRLeTHi0fvQZh7SH46O41CinlqoB6GZ0tMxPD8qnRec%2BqV"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
cf-ray: 7fe335997d4c9295-FRA
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
alt-svc: h3=":443"; ma=86400

GET
H3 200 4662709
psaugourtauy.com/sw-check-permissions/ 0
951 B 42ms
41ms Other
application/javascript 172.64.133.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://psaugourtauy.com/sw-check-permissions/4662709?var=6191987&ymid=720296080214077844&uhd=1
Requested by: Host: psaugourtauy.com
URL: https://psaugourtauy.com/pfe/current/micro.tag.min.js?z=4662709&ymid=720296080214077844&var=6191987&sw=/sw-check-permissions/4662709&uhd=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.133.20 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.27
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://psaugourtauy.com/?s=720296080214077844&ssk=c02d27489a3f1837db08ae20398cc238&svar=1693295487&z=6191987&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 07:51:32 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/7.4.27
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AMFDCQ41L2K%2BZCnGw2Iog4Lv8j3QZyO8XETvwtcfHGpJP3vMt4l3X8IugYnVQ2XMw8wpakpMHMmrE%2B6W55%2BybplILISCIezK21gMz%2B3mZtVsQfzHqpd6UwVEb6hkZqkd%2Bm%2Fb"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cf-ray: 7fe33599bd7e9295-FRA
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
alt-svc: h3=":443"; ma=86400

POST
H3 200 zone
psaugourtauy.com/ 0
481 B 34ms
34ms Ping
text/plain 172.64.133.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://psaugourtauy.com/zone?&pub=0&zone_id=4662709&is_mobile=false&domain=psaugourtauy.com&var=6191987&ymid=720296080214077844&var_3=&var_4=&dsig=&action=prerequest

Requested by

Host: psaugourtauy.com
URL: https://psaugourtauy.com/pfe/current/micro.tag.min.js?z=4662709&ymid=720296080214077844&var=6191987&sw=/sw-check-permissions/4662709&uhd=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.133.20 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://psaugourtauy.com/?s=720296080214077844&ssk=c02d27489a3f1837db08ae20398cc238&svar=1693295487&z=6191987&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

x-trace-id: 154f654239790a4f366f7daab1b8a7cb
date: Tue, 29 Aug 2023 07:51:32 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LkjNBg50SyJQVe07OXjS%2F%2BbNBtx2zJ%2FgJt%2BovuC0Pyx8Wvoswld3rkadAwB8fctHXRPdht5v0BOSeow3Eg6SpcBIcnVupttio%2FAiosRV7yIUiCnboUTcmPyauuNguGOfkZhB"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://psaugourtauy.com
access-control-allow-credentials: true
cf-ray: 7fe33599bd819295-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 0
alt-svc: h3=":443"; ma=86400

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
543 B 38ms
36ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js?pub=0&userId=&zoneId=4662709&checkDuplicate=true&ymid=720296080214077844&var=6191987

Requested by

Host: psaugourtauy.com
URL: https://psaugourtauy.com/pfe/current/micro.tag.min.js?z=4662709&ymid=720296080214077844&var=6191987&sw=/sw-check-permissions/4662709&uhd=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

c748b2236ab63dfd97982f21f3df35348146a281ad2374055fcaa0aa9b8ec845

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://psaugourtauy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 07:51:32 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://psaugourtauy.com
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H3 200 zone Show response
psaugourtauy.com/ 901 B
1 KB 39ms
38ms Fetch
application/json 172.64.133.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://psaugourtauy.com/zone?&pub=0&zone_id=4662709&is_mobile=false&domain=psaugourtauy.com&var=6191987&ymid=720296080214077844&var_3=&var_4=&dsig=&action=settings

Requested by

Host: psaugourtauy.com
URL: https://psaugourtauy.com/pfe/current/micro.tag.min.js?z=4662709&ymid=720296080214077844&var=6191987&sw=/sw-check-permissions/4662709&uhd=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.133.20 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

246f894b5ae96150cef756a3eb8b0cdca27017fd5b375983042d3d4d4b26159d

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://psaugourtauy.com/?s=720296080214077844&ssk=c02d27489a3f1837db08ae20398cc238&svar=1693295487&z=6191987&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 07:51:32 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-trace-id: 25de2e2d754637bbd84d7db6b7489155
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9Qm7PxoHVMMAvU9Jel5Qu4%2BenUtDyewaUTHI6bV6qHl7Ovg%2FBQpuFDfbzRNECQJwTBXn8NhZkXWx%2BHPNt7OT%2F%2BTBF85saEAl8%2BCS9kyxx%2FKolN%2BNxHU2Ccdu5vcFmOdj47mv"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 7fe33599dd989295-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept

GET
H3 200 /
psaugourtauy.com/submenu/4662728/ 933 B
2 KB 118ms
117ms Document
text/html 172.64.133.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://psaugourtauy.com/submenu/4662728/?rhd=1&var=6191987&var3=720296080214077844&oaid=148aacb80283d2fa68d250c0413abb22

Requested by

Host: psaugourtauy.com
URL: https://psaugourtauy.com/?s=720296080214077844&ssk=c02d27489a3f1837db08ae20398cc238&svar=1693295487&z=6191987&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.133.20 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 86400
alt-svc: h3=":443"; ma=86400
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
cf-cache-status: DYNAMIC
cf-ray: 7fe3359d39219295-FRA
content-length: 933
content-type: text/html; charset=utf8
date: Tue, 29 Aug 2023 07:51:32 GMT
expires: Tue, 11 Jan 1994 10:00:00 GMT
link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch" <https://qr-captcha.com>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://me9qgidaa.com>; rel="preconnect dns-prefetch"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CnD4KllWdS5B4KUxNcHOkhv07TfI6d5yti85e%2BSOcJ4hW7aO4Y6Ms1MdRSwbdN7mda4MI2LDkW0a6gMOs7kD1HE%2BrTp59XSc2p2Erk%2B7A806jucPkGMWDoAvHNQIIXJcI1CI"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=1
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-trace-id: 5476a00b4e9cd7125b748317f73bfe99

GET
H2 200 Primary Request / Show response
qr-captcha.com/ 20 KB
5 KB 90ms
30ms Document
text/html 139.45.197.167
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://qr-captcha.com/?t=0&ymid=720296103471489577

Requested by

Host: psaugourtauy.com
URL: https://psaugourtauy.com/submenu/4662728/?rhd=1&var=6191987&var3=720296080214077844&oaid=148aacb80283d2fa68d250c0413abb22

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.167 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

4ac8c1d09e42e0362fcde9dbfa6baa5127a1a9901a207b030a1736bf4cf3c8f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: public, max-age=0
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 29 Aug 2023 07:51:32 GMT
etag: W/"50f6-188c4485de8"
last-modified: Fri, 16 Jun 2023 12:57:37 GMT
server: nginx
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H2 200 animate.css
qr-captcha.com/Attention_files/ 78 KB
4 KB 2692ms
2691ms Stylesheet
text/css 139.45.197.167
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://qr-captcha.com/Attention_files/animate.css

Requested by

Host: qr-captcha.com
URL: https://qr-captcha.com/?t=0&ymid=720296103471489577

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.167 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

d1413e8c95a61b36e4ea9441e9ead3cce29089e85043b0706453597016c01fdb

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://qr-captcha.com/?t=0&ymid=720296103471489577
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 07:51:35 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
last-modified: Fri, 16 Jun 2023 12:57:37 GMT
server: nginx
content-encoding: br
etag: W/"1361f-188c4485de8"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=0

GET
H2 200 qrcode.js Show response
qr-captcha.com/ 32 KB
9 KB 28ms
28ms Script
application/javascript 139.45.197.167
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://qr-captcha.com/qrcode.js

Requested by

Host: qr-captcha.com
URL: https://qr-captcha.com/?t=0&ymid=720296103471489577

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.167 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

d2079946b3e68504ca4b983b90947803dba2fb32c48c20383e566ecee7db0ad7

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://qr-captcha.com/?t=0&ymid=720296103471489577
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 07:51:32 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
last-modified: Fri, 16 Jun 2023 12:57:37 GMT
server: nginx
content-encoding: br
etag: W/"80f0-188c4485de8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0

GET
H2 200 new_free.svg
qr-captcha.com/Attention_files/ 2 KB
2 KB 2661ms
2660ms Image
image/svg+xml 139.45.197.167
RETN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://qr-captcha.com/Attention_files/new_free.svg

Requested by

Host: qr-captcha.com
URL: https://qr-captcha.com/?t=0&ymid=720296103471489577

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.167 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

89bcc9a26f3ed7fb196ca1d744395e6fb79f4561ced17605eb27105a9f67e56e

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://qr-captcha.com/?t=0&ymid=720296103471489577
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 07:51:35 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
last-modified: Fri, 16 Jun 2023 12:57:37 GMT
server: nginx
etag: W/"609-188c4485de8"
content-type: image/svg+xml
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 1545

GET loading.svg
qr-captcha.com/Attention_files/ 0
0

GET x76v737e5ug
qr-captcha.com/w/ 0
0

GET
DATA 200
OK truncated
/ 85 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4a711f5cd03c09fd79ae2f19bb2f71168e71c18b7562626a1ae8d99ebc3212ff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Content-Type: image/gif

GET bg.gif
qr-captcha.com/assets/ 0
0

GET
DATA 200
OK truncated
/ 7 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8fc6f15eedacfd43a291b8ab04628565286f22ea884d9460c872e5ca13b17493

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Content-Type: image/png

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: qr-captcha.com
URL: https://qr-captcha.com/Attention_files/loading.svg

Domain: qr-captcha.com
URL: https://qr-captcha.com/w/x76v737e5ug

Domain: qr-captcha.com
URL: https://qr-captcha.com/assets/bg.gif

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.t.co/	1970-01-20 23:51:49	Name: muc Value: f92a83f0-c1d0-4d3a-b86d-ce2c5d64c159
zeekaihu.net/	1970-01-20 23:07:11	Name: OAID Value: 423a026d3ff6415896ebda73e2c4c7da
zeekaihu.net/	1970-01-20 23:07:11	Name: oaidts Value: 1693295487
my.rtmark.net/	1970-01-20 23:07:11	Name: ID Value: 423a026d3ff6415896ebda73e2c4c7da
.psaugourtauy.com/	1970-01-20 14:23:01	Name: __cf_mw_byp Value: Qd3U0qYY_IIM9LBsGsanTeeBHu9rfsqSiK1tpIA_g.E-1693295487-0-/?s=720296080214077844&ssk=c02d27489a3f1837db08ae20398cc238&svar=1693295487&z=6191987&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
psaugourtauy.com/	1970-01-20 14:31:40	Name: syncedCookie Value: true
psaugourtauy.com/	1970-01-20 23:07:11	Name: OAID Value: 148aacb80283d2fa68d250c0413abb22
psaugourtauy.com/	1970-01-20 14:21:35	Name: prefetchAd_4662728 Value: true
psaugourtauy.com/	1970-01-20 14:21:39	Name: reverse Value: 19O_py_kPgRbbwqO0q1FglT-mqRfMaTzGcjRYgsEyNk
psaugourtauy.com/	1970-01-20 23:07:11	Name: oaidts Value: 1693295492

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://t.co/tsMCw33nkf Message: Unrecognized Content-Security-Policy directive 'referrer'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	referrer always;
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

my.rtmark.net
psaugourtauy.com
qr-captcha.com
t.co
zeekaihu.net
qr-captcha.com
104.244.42.133
139.45.195.8
139.45.197.167
139.45.197.245
172.64.133.20
098ce9563c02c3aa652989046a2455c8504dd6de542ac8e4f9195a91969bb71e
0af012d8e9fc5947d7827a8565c0636c97db54ae6fe5762f6c38d0be37c6919f
1103290e25ebda2712abe344a87facbac00ddaba712729be9fe5feef807bf91b
194f47a3f557b2e85bf64328ec3952d088f53c4a8a014c60006f2825e560e689
246f894b5ae96150cef756a3eb8b0cdca27017fd5b375983042d3d4d4b26159d
414af32e4b8883639a4d227bc7a9a9e6b42e1d22031dc4aaf81fff3c70d7488e
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4a711f5cd03c09fd79ae2f19bb2f71168e71c18b7562626a1ae8d99ebc3212ff
4ac8c1d09e42e0362fcde9dbfa6baa5127a1a9901a207b030a1736bf4cf3c8f2
56c09cdddbb52eff660021ca91896cde47f956f91be4b43601d8224873bdcbcc
88d9f25117274c41b5d31b6d4b35194f4f768a7196465659f39a94c057f7ba35
89bcc9a26f3ed7fb196ca1d744395e6fb79f4561ced17605eb27105a9f67e56e
8fc6f15eedacfd43a291b8ab04628565286f22ea884d9460c872e5ca13b17493
a7989312a5e027fc621ceec7b53ec2c8e24eac5601f9ed11e5c217361b115bc1
c748b2236ab63dfd97982f21f3df35348146a281ad2374055fcaa0aa9b8ec845
d1413e8c95a61b36e4ea9441e9ead3cce29089e85043b0706453597016c01fdb
d2079946b3e68504ca4b983b90947803dba2fb32c48c20383e566ecee7db0ad7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e85003d223919385f0964bee7967cd1d7cbd4e2d845f3bf62a1077060c44555b
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

qr-captcha.com Open in urlscan Pro 139.45.197.167 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

32 Requests

88 %HTTPS

0 %IPv6

5 Domains

5 Subdomains

6 IPs

2 Countries

95 kBTransfer

312 kBSize

10 Cookies

0 Outgoing links

Page URL History

Redirected requests

32 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

qr-captcha.com Open in urlscan Pro
139.45.197.167 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

32
Requests

88 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

6
IPs

2
Countries

95 kB
Transfer

312 kB
Size

10
Cookies

32 HTTP transactions
4 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!