urlscan.io logo urlscan.io
SecurityTrails logo

payitforwardgroups.com Open in urlscan Pro
206.72.192.242  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://e.targito.com/c?a=a765e20b-92d0-4544-a4c3-c23518cbf01d&o=gsklub_cz&m=6b67e0df-8f21-4d26-bac6-98abbf8b9329&c=75...
Effective URL: https://payitforwardgroups.com/__//eqooqp/qcwvj2/x2.0/cwvjqtkbg?enkgpv_kf=4765445d-32e6-49d0-83g6-1f93765276ec&tgfktgev_wtk=jvv...
Submission Tags: falconsandbox
Submission: On June 29 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 4 domains to perform 4 HTTP transactions. The main IP is 206.72.192.242, located in United States and belongs to IS-AS-1, US. The main domain is payitforwardgroups.com.
TLS certificate: Issued by R3 on June 29th 2023. Valid for: 3 months.
This is the only time payitforwardgroups.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 18.185.21.38 16509 (AMAZON-02)
1 45.74.8.8 3223 (VOXILITY)
2 5 206.72.192.242 19318 (IS-AS-1)
4 2
Apex Domain
Subdomains		 Transfer
4 payitforwardgroups.com
payitforwardgroups.com
60 KB
1 495life.com
495life.com
649 B
1 lawyerjmp.net
9char.lawyerjmp.net
286 B
1 targito.com
e.targito.com — Cisco Umbrella Rank: 665642
835 B
4 4
Domain Requested by
4 payitforwardgroups.com 1 redirects payitforwardgroups.com
1 495life.com 1 redirects
1 9char.lawyerjmp.net
1 e.targito.com 1 redirects
4 4

This site contains no links.

Subject Issuer Validity Valid
payitforwardgroups.com
R3		 2023-06-29 -
2023-09-27		 3 months crt.sh

This page contains 1 frames:

Frame: https://payitforwardgroups.com/__//eqooqp/qcwvj2/x2.0/cwvjqtkbg?enkgpv_kf=4765445d-32e6-49d0-83g6-1f93765276ec&tgfktgev_wtk=jvvru%3C%2H%2Hyyy.qhhkeg.eqo%2Hncpfkpix2&tgurqpug_varg=eqfg%20kf_vqmgp&ueqrg=qrgpkf%20rtqhkng%20jvvru%3C%2H%2Hyyy.qhhkeg.eqo%2Hx2%2HQhhkegJqog.Cnn&tgurqpug_oqfg=hqto_rquv&pqpeg=637929903776466681.A2A4AlPlQYKvPYTnOk00PYToNYGaPIGvPIOzO2TjPljoOoA1PVK3AoO5QVOvQYGaPk00AYLlNVi5BFCvAoAaOliyQYHlOYWz&wk_nqecngu=gp-WU&omv=gp-WU&uvcvg=I-XnsevaZLqScbPfu6RYpY7IJD_LTOPESPKueoPo49a8yaDo0kqCdRJbDG3lbRNIEam2zNMQCsdLvyVNVNFWspCLHwP5Uk8CHlDZMafbjd6z4GKk3_P0qHa9xXPJADlYDaFR66v5o5Tc01hUKi5E_UkoKs8q1prnbGla9Aj5bbLO6ATkGK82KM6RbZaa32JC_42rdz0FxBy525JrewXiOC1XYRBkEMHna3LGpORVj7Nfhqq6y-4zLmWjmayBnR-YwnorQ3rtTugIAMDKXXrnLy&z-enkgpv-UMW=KF_PGVUVCPFCTF2_0&z-enkgpv-xgt=6.12.1.0&ste=ujcpg.ejcdc%40fgekukxgitqwr.eqo&sso_reload=true
Frame ID: BD929B3164C6E287D01041B28EDC91E5
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://495life.com/?skpavvfw?fqww&qrc=shane.chaba@decisivegroup.com HTTP 302
    https://payitforwardgroups.com/?sign=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3BheWl0Zm9yd... HTTP 302
    https://payitforwardgroups.com/__//eqooqp/qcwvj2/x2.0/cwvjqtkbg?enkgpv_kf=4765445d-32e6-49d0-83g6-1f9376527... Page URL

Page Statistics

4
Requests

75 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

2
IPs

2
Countries

59 kB
Transfer

155 kB
Size

15
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://495life.com/?skpavvfw?fqww&qrc=shane.chaba@decisivegroup.com HTTP 302
    https://payitforwardgroups.com/?sign=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3BheWl0Zm9yd2FyZGdyb3Vwcy5jb20iLCJkb21haW4iOiJwYXlpdGZvcndhcmRncm91cHMuY29tIiwia2V5Ijoic2ZsYmhJcDVZeE1VIiwicXJjIjoic2hhbmUuY2hhYmFAZGVjaXNpdmVncm91cC5jb20iLCJpYXQiOjE2ODgwNzAzNzQsImV4cCI6MTY4ODA3MDQ5NH0.zS1WOaQWOzk3Zk03Q9ND5Rsuxixi78gdUKDp0yfE29w HTTP 302
    https://payitforwardgroups.com/__//eqooqp/qcwvj2/x2.0/cwvjqtkbg?enkgpv_kf=4765445d-32e6-49d0-83g6-1f93765276ec&tgfktgev_wtk=jvvru%3C%2H%2Hyyy.qhhkeg.eqo%2Hncpfkpix2&tgurqpug_varg=eqfg%20kf_vqmgp&ueqrg=qrgpkf%20rtqhkng%20jvvru%3C%2H%2Hyyy.qhhkeg.eqo%2Hx2%2HQhhkegJqog.Cnn&tgurqpug_oqfg=hqto_rquv&pqpeg=637929903776466681.A2A4AlPlQYKvPYTnOk00PYToNYGaPIGvPIOzO2TjPljoOoA1PVK3AoO5QVOvQYGaPk00AYLlNVi5BFCvAoAaOliyQYHlOYWz&wk_nqecngu=gp-WU&omv=gp-WU&uvcvg=I-XnsevaZLqScbPfu6RYpY7IJD_LTOPESPKueoPo49a8yaDo0kqCdRJbDG3lbRNIEam2zNMQCsdLvyVNVNFWspCLHwP5Uk8CHlDZMafbjd6z4GKk3_P0qHa9xXPJADlYDaFR66v5o5Tc01hUKi5E_UkoKs8q1prnbGla9Aj5bbLO6ATkGK82KM6RbZaa32JC_42rdz0FxBy525JrewXiOC1XYRBkEMHna3LGpORVj7Nfhqq6y-4zLmWjmayBnR-YwnorQ3rtTugIAMDKXXrnLy&z-enkgpv-UMW=KF_PGVUVCPFCTF2_0&z-enkgpv-xgt=6.12.1.0&ste=ujcpg.ejcdc%40fgekukxgitqwr.eqo Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://e.targito.com/c?a=a765e20b-92d0-4544-a4c3-c23518cbf01d&o=gsklub_cz&m=6b67e0df-8f21-4d26-bac6-98abbf8b9329&c=75283f30-ec7c-4c64-8e96-b11b9ceb9007&d=1550125868&l=footer_menu_2&u=http://9CHAR.lawyerjmp.net%2Fsos%2Fc2hhbmUuY2hhYmFAZGVjaXNpdmVncm91cC5jb20=%2F%2F%2Fc2hhbmUuY2hhYmFAZGVjaXNpdmVncm91cC5jb20= HTTP 302
  • http://9char.lawyerjmp.net/sos/c2hhbmUuY2hhYmFAZGVjaXNpdmVncm91cC5jb20=///c2hhbmUuY2hhYmFAZGVjaXNpdmVncm91cC5jb20=

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
c2hhbmUuY2hhYmFAZGVjaXNpdmVncm91cC5jb20=
9char.lawyerjmp.net/sos/c2hhbmUuY2hhYmFAZGVjaXNpdmVncm91cC5jb20=///
Redirect Chain
  • https://e.targito.com/c?a=a765e20b-92d0-4544-a4c3-c23518cbf01d&o=gsklub_cz&m=6b67e0df-8f21-4d26-bac6-98abbf8b9329&c=75283f30-ec7c-4c64-8e96-b11b9ceb9007&d=1550125868&l=footer_menu_2&u=http://9CHAR....
  • http://9char.lawyerjmp.net/sos/c2hhbmUuY2hhYmFAZGVjaXNpdmVncm91cC5jb20=///c2hhbmUuY2hhYmFAZGVjaXNpdmVncm91cC5jb20=
0
286 B 		Document
General
Check archive.org
Download Go to
Full URL
http://9char.lawyerjmp.net/sos/c2hhbmUuY2hhYmFAZGVjaXNpdmVncm91cC5jb20=///c2hhbmUuY2hhYmFAZGVjaXNpdmVncm91cC5jb20=
Protocol
HTTP/1.1
Server
45.74.8.8 Los Angeles, United States, ASN3223 (VOXILITY, GB),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
Date
Thu, 29 Jun 2023 20:26:14 GMT
Keep-Alive
timeout=5, max=100
Server
Apache
Transfer-Encoding
chunked
refresh
0;url=https://495life.com/?skpavvfw?fqww&qrc=shane.chaba@decisivegroup.com

Redirect headers

content-length
0
date
Thu, 29 Jun 2023 20:26:13 GMT
location
http://9char.lawyerjmp.net/sos/c2hhbmUuY2hhYmFAZGVjaXNpdmVncm91cC5jb20=///c2hhbmUuY2hhYmFAZGVjaXNpdmVncm91cC5jb20=
server
Kestrel
Primary Request cwvjqtkbg
payitforwardgroups.com/__//eqooqp/qcwvj2/x2.0/
Redirect Chain
  • https://495life.com/?skpavvfw?fqww&qrc=shane.chaba@decisivegroup.com
  • https://payitforwardgroups.com/?sign=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3BheWl0Zm9yd2FyZGdyb3Vwcy5jb20iLCJkb21haW4iOiJwYXlpdGZvcndhcmRncm91cHMuY29tIiwia2V5Ijoic2ZsYmhJcDVZeE1...
  • https://payitforwardgroups.com/__//eqooqp/qcwvj2/x2.0/cwvjqtkbg?enkgpv_kf=4765445d-32e6-49d0-83g6-1f93765276ec&tgfktgev_wtk=jvvru%3C%2H%2Hyyy.qhhkeg.eqo%2Hncpfkpix2&tgurqpug_varg=eqfg%20kf_vqmgp&ue...
20 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://payitforwardgroups.com/__//eqooqp/qcwvj2/x2.0/cwvjqtkbg?enkgpv_kf=4765445d-32e6-49d0-83g6-1f93765276ec&tgfktgev_wtk=jvvru%3C%2H%2Hyyy.qhhkeg.eqo%2Hncpfkpix2&tgurqpug_varg=eqfg%20kf_vqmgp&ueqrg=qrgpkf%20rtqhkng%20jvvru%3C%2H%2Hyyy.qhhkeg.eqo%2Hx2%2HQhhkegJqog.Cnn&tgurqpug_oqfg=hqto_rquv&pqpeg=637929903776466681.A2A4AlPlQYKvPYTnOk00PYToNYGaPIGvPIOzO2TjPljoOoA1PVK3AoO5QVOvQYGaPk00AYLlNVi5BFCvAoAaOliyQYHlOYWz&wk_nqecngu=gp-WU&omv=gp-WU&uvcvg=I-XnsevaZLqScbPfu6RYpY7IJD_LTOPESPKueoPo49a8yaDo0kqCdRJbDG3lbRNIEam2zNMQCsdLvyVNVNFWspCLHwP5Uk8CHlDZMafbjd6z4GKk3_P0qHa9xXPJADlYDaFR66v5o5Tc01hUKi5E_UkoKs8q1prnbGla9Aj5bbLO6ATkGK82KM6RbZaa32JC_42rdz0FxBy525JrewXiOC1XYRBkEMHna3LGpORVj7Nfhqq6y-4zLmWjmayBnR-YwnorQ3rtTugIAMDKXXrnLy&z-enkgpv-UMW=KF_PGVUVCPFCTF2_0&z-enkgpv-xgt=6.12.1.0&ste=ujcpg.ejcdc%40fgekukxgitqwr.eqo
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
206.72.192.242 , United States, ASN19318 (IS-AS-1, US),
Reverse DNS
yolo.support
Software
/
Resource Hash
d4ecbd5ddbfe0c2e56f819f2a039daa22b2c335e1acc69eb5bdf91e3deb45fbc
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
http://9char.lawyerjmp.net/sos/c2hhbmUuY2hhYmFAZGVjaXNpdmVncm91cC5jb20=///c2hhbmUuY2hhYmFAZGVjaXNpdmVncm91cC5jb20=
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-store, no-cache
Connection
close
Content-Encoding
gzip
Content-Security-Policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Content-Type
text/html; charset=utf-8
Date
Thu, 29 Jun 2023 20:26:16 GMT
Expires
-1
P3P
CP="DSP CUR OTPi IND OTRi ONL FIN"
Pragma
no-cache
Referrer-Policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding
content-length
20745
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+bno"}]}
x-ms-clitelem
1,50168,0,,
x-ms-ests-server
2.1.15723.3 - SCUS ProdSlices
x-ms-request-id
c8a22f14-09fd-4a61-8d3c-08672ab7f900

Redirect headers

Connection
keep-alive
Date
Thu, 29 Jun 2023 20:26:15 GMT
Keep-Alive
timeout=5
Transfer-Encoding
chunked
location
/__//eqooqp/qcwvj2/x2.0/cwvjqtkbg?enkgpv_kf=4765445d-32e6-49d0-83g6-1f93765276ec&tgfktgev_wtk=jvvru%3C%2H%2Hyyy.qhhkeg.eqo%2Hncpfkpix2&tgurqpug_varg=eqfg%20kf_vqmgp&ueqrg=qrgpkf%20rtqhkng%20jvvru%3C%2H%2Hyyy.qhhkeg.eqo%2Hx2%2HQhhkegJqog.Cnn&tgurqpug_oqfg=hqto_rquv&pqpeg=637929903776466681.A2A4AlPlQYKvPYTnOk00PYToNYGaPIGvPIOzO2TjPljoOoA1PVK3AoO5QVOvQYGaPk00AYLlNVi5BFCvAoAaOliyQYHlOYWz&wk_nqecngu=gp-WU&omv=gp-WU&uvcvg=I-XnsevaZLqScbPfu6RYpY7IJD_LTOPESPKueoPo49a8yaDo0kqCdRJbDG3lbRNIEam2zNMQCsdLvyVNVNFWspCLHwP5Uk8CHlDZMafbjd6z4GKk3_P0qHa9xXPJADlYDaFR66v5o5Tc01hUKi5E_UkoKs8q1prnbGla9Aj5bbLO6ATkGK82KM6RbZaa32JC_42rdz0FxBy525JrewXiOC1XYRBkEMHna3LGpORVj7Nfhqq6y-4zLmWjmayBnR-YwnorQ3rtTugIAMDKXXrnLy&z-enkgpv-UMW=KF_PGVUVCPFCTF2_0&z-enkgpv-xgt=6.12.1.0&ste=ujcpg.ejcdc%40fgekukxgitqwr.eqo
BssoInterrupt_Core_TslNr0xtu1lnBhfEmx5v_A2.js
payitforwardgroups.com/aadcdn.msauth.net/~/shared/1.0/content/js/ 		135 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://payitforwardgroups.com/aadcdn.msauth.net/~/shared/1.0/content/js/BssoInterrupt_Core_TslNr0xtu1lnBhfEmx5v_A2.js
Requested by
Host: payitforwardgroups.com
URL: https://payitforwardgroups.com/__//eqooqp/qcwvj2/x2.0/cwvjqtkbg?enkgpv_kf=4765445d-32e6-49d0-83g6-1f93765276ec&tgfktgev_wtk=jvvru%3C%2H%2Hyyy.qhhkeg.eqo%2Hncpfkpix2&tgurqpug_varg=eqfg%20kf_vqmgp&ueqrg=qrgpkf%20rtqhkng%20jvvru%3C%2H%2Hyyy.qhhkeg.eqo%2Hx2%2HQhhkegJqog.Cnn&tgurqpug_oqfg=hqto_rquv&pqpeg=637929903776466681.A2A4AlPlQYKvPYTnOk00PYToNYGaPIGvPIOzO2TjPljoOoA1PVK3AoO5QVOvQYGaPk00AYLlNVi5BFCvAoAaOliyQYHlOYWz&wk_nqecngu=gp-WU&omv=gp-WU&uvcvg=I-XnsevaZLqScbPfu6RYpY7IJD_LTOPESPKueoPo49a8yaDo0kqCdRJbDG3lbRNIEam2zNMQCsdLvyVNVNFWspCLHwP5Uk8CHlDZMafbjd6z4GKk3_P0qHa9xXPJADlYDaFR66v5o5Tc01hUKi5E_UkoKs8q1prnbGla9Aj5bbLO6ATkGK82KM6RbZaa32JC_42rdz0FxBy525JrewXiOC1XYRBkEMHna3LGpORVj7Nfhqq6y-4zLmWjmayBnR-YwnorQ3rtTugIAMDKXXrnLy&z-enkgpv-UMW=KF_PGVUVCPFCTF2_0&z-enkgpv-xgt=6.12.1.0&ste=ujcpg.ejcdc%40fgekukxgitqwr.eqo
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
206.72.192.242 , United States, ASN19318 (IS-AS-1, US),
Reverse DNS
yolo.support
Software
/
Resource Hash
cdd6335082db092565eea26e87ef303754cfabf163711d82f4f46082ca9187cc
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payitforwardgroups.com/__//eqooqp/qcwvj2/x2.0/cwvjqtkbg?enkgpv_kf=4765445d-32e6-49d0-83g6-1f93765276ec&tgfktgev_wtk=jvvru%3C%2H%2Hyyy.qhhkeg.eqo%2Hncpfkpix2&tgurqpug_varg=eqfg%20kf_vqmgp&ueqrg=qrgpkf%20rtqhkng%20jvvru%3C%2H%2Hyyy.qhhkeg.eqo%2Hx2%2HQhhkegJqog.Cnn&tgurqpug_oqfg=hqto_rquv&pqpeg=637929903776466681.A2A4AlPlQYKvPYTnOk00PYToNYGaPIGvPIOzO2TjPljoOoA1PVK3AoO5QVOvQYGaPk00AYLlNVi5BFCvAoAaOliyQYHlOYWz&wk_nqecngu=gp-WU&omv=gp-WU&uvcvg=I-XnsevaZLqScbPfu6RYpY7IJD_LTOPESPKueoPo49a8yaDo0kqCdRJbDG3lbRNIEam2zNMQCsdLvyVNVNFWspCLHwP5Uk8CHlDZMafbjd6z4GKk3_P0qHa9xXPJADlYDaFR66v5o5Tc01hUKi5E_UkoKs8q1prnbGla9Aj5bbLO6ATkGK82KM6RbZaa32JC_42rdz0FxBy525JrewXiOC1XYRBkEMHna3LGpORVj7Nfhqq6y-4zLmWjmayBnR-YwnorQ3rtTugIAMDKXXrnLy&z-enkgpv-UMW=KF_PGVUVCPFCTF2_0&z-enkgpv-xgt=6.12.1.0&ste=ujcpg.ejcdc%40fgekukxgitqwr.eqo
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
Date
Thu, 29 Jun 2023 20:26:17 GMT
Content-Encoding
gzip
Content-Security-Policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
X-Azure-Ref-OriginShield
0aPucZAAAAAC5qpQ4ety7QIeOFsY1LcsFU0pDRURHRTA1MDkAMzlhMTJmN2UtODk5Zi00NmNmLWE2ZDAtMjRiYmJhMjdkOTU2
Content-MD5
BGzMFmjYettTMBq/kEjyvg==
X-Cache
TCP_HIT
Connection
close
content-length
138360
x-ms-lease-status
unlocked
Last-Modified
Fri, 09 Jun 2023 21:12:05 GMT
ETag
0x8DB692E2D3E79E3
X-Azure-Ref
06eidZAAAAAD7ehJxxY3PTKrgKludlChQTEFYMzExMDAwMTA4MDI5ADM5YTEyZjdlLTg5OWYtNDZjZi1hNmQwLTI0YmJiYTI3ZDk1Ng==
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
x-ms-request-id
79ea6dfb-501e-009a-18ba-a9de11000000
Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Cache-Control
public, max-age=31536000
x-ms-version
2009-09-19
cwvjqtkbg
payitforwardgroups.com/__//eqooqp/qcwvj2/x2.0/ 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://payitforwardgroups.com/__//eqooqp/qcwvj2/x2.0/cwvjqtkbg?enkgpv_kf=4765445d-32e6-49d0-83g6-1f93765276ec&tgfktgev_wtk=jvvru%3C%2H%2Hyyy.qhhkeg.eqo%2Hncpfkpix2&tgurqpug_varg=eqfg%20kf_vqmgp&ueqrg=qrgpkf%20rtqhkng%20jvvru%3C%2H%2Hyyy.qhhkeg.eqo%2Hx2%2HQhhkegJqog.Cnn&tgurqpug_oqfg=hqto_rquv&pqpeg=637929903776466681.A2A4AlPlQYKvPYTnOk00PYToNYGaPIGvPIOzO2TjPljoOoA1PVK3AoO5QVOvQYGaPk00AYLlNVi5BFCvAoAaOliyQYHlOYWz&wk_nqecngu=gp-WU&omv=gp-WU&uvcvg=I-XnsevaZLqScbPfu6RYpY7IJD_LTOPESPKueoPo49a8yaDo0kqCdRJbDG3lbRNIEam2zNMQCsdLvyVNVNFWspCLHwP5Uk8CHlDZMafbjd6z4GKk3_P0qHa9xXPJADlYDaFR66v5o5Tc01hUKi5E_UkoKs8q1prnbGla9Aj5bbLO6ATkGK82KM6RbZaa32JC_42rdz0FxBy525JrewXiOC1XYRBkEMHna3LGpORVj7Nfhqq6y-4zLmWjmayBnR-YwnorQ3rtTugIAMDKXXrnLy&z-enkgpv-UMW=KF_PGVUVCPFCTF2_0&z-enkgpv-xgt=6.12.1.0&ste=ujcpg.ejcdc%40fgekukxgitqwr.eqo&sso_reload=true
Requested by
Host: payitforwardgroups.com
URL: https://payitforwardgroups.com/aadcdn.msauth.net/~/shared/1.0/content/js/BssoInterrupt_Core_TslNr0xtu1lnBhfEmx5v_A2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
206.72.192.242 , United States, ASN19318 (IS-AS-1, US),
Reverse DNS
yolo.support
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://payitforwardgroups.com/__//eqooqp/qcwvj2/x2.0/cwvjqtkbg?enkgpv_kf=4765445d-32e6-49d0-83g6-1f93765276ec&tgfktgev_wtk=jvvru%3C%2H%2Hyyy.qhhkeg.eqo%2Hncpfkpix2&tgurqpug_varg=eqfg%20kf_vqmgp&ueqrg=qrgpkf%20rtqhkng%20jvvru%3C%2H%2Hyyy.qhhkeg.eqo%2Hx2%2HQhhkegJqog.Cnn&tgurqpug_oqfg=hqto_rquv&pqpeg=637929903776466681.A2A4AlPlQYKvPYTnOk00PYToNYGaPIGvPIOzO2TjPljoOoA1PVK3AoO5QVOvQYGaPk00AYLlNVi5BFCvAoAaOliyQYHlOYWz&wk_nqecngu=gp-WU&omv=gp-WU&uvcvg=I-XnsevaZLqScbPfu6RYpY7IJD_LTOPESPKueoPo49a8yaDo0kqCdRJbDG3lbRNIEam2zNMQCsdLvyVNVNFWspCLHwP5Uk8CHlDZMafbjd6z4GKk3_P0qHa9xXPJADlYDaFR66v5o5Tc01hUKi5E_UkoKs8q1prnbGla9Aj5bbLO6ATkGK82KM6RbZaa32JC_42rdz0FxBy525JrewXiOC1XYRBkEMHna3LGpORVj7Nfhqq6y-4zLmWjmayBnR-YwnorQ3rtTugIAMDKXXrnLy&z-enkgpv-UMW=KF_PGVUVCPFCTF2_0&z-enkgpv-xgt=6.12.1.0&ste=ujcpg.ejcdc%40fgekukxgitqwr.eqo
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-store, no-cache
Connection
close
Content-Encoding
gzip
Content-Security-Policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Content-Type
text/html; charset=utf-8
Date
Thu, 29 Jun 2023 20:26:18 GMT
Expires
-1
Link
<https://aadcdn.msftauth.net>; rel=preconnect; crossorigin, <https://aadcdn.msftauth.net>; rel=dns-prefetch, <https://aadcdn.msauth.net>; rel=dns-prefetch
P3P
CP="DSP CUR OTPi IND OTRi ONL FIN"
Pragma
no-cache
Referrer-Policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding
content-length
46284
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+bno"}]}
x-ms-clitelem
1,0,0,,
x-ms-ests-server
2.1.15723.3 - NCUS ProdSlices
x-ms-request-id
f88d34ed-3e23-4d3c-89f4-1d40462b1e00

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend

15 Cookies

Domain/Path Name / Value
.targito.com/ Name: a765e20b-92d0-4544-a4c3-c23518cbf01d
Value: 75283f30-ec7c-4c64-8e96-b11b9ceb9007
.targito.com/ Name: trgid_gsklub_cz
Value: 75283f30-ec7c-4c64-8e96-b11b9ceb9007
.targito.com/ Name: a765e20b-92d0-4544-a4c3-c23518cbf01d_m
Value: 6b67e0df-8f21-4d26-bac6-98abbf8b9329
.targito.com/ Name: trgm_gsklub_cz
Value: 6b67e0df-8f21-4d26-bac6-98abbf8b9329
.targito.com/ Name: a765e20b-92d0-4544-a4c3-c23518cbf01d_d
Value: 1550125868
.targito.com/ Name: trgd_gsklub_cz
Value: 1550125868
495life.com/ Name: qPdM
Value: sflbhIp5YxMU
495life.com/ Name: qPdM.sig
Value: F1Sh5zHgegQCSu0C7cFYiNB_CiY
payitforwardgroups.com/ Name: qPdM
Value: sflbhIp5YxMU
payitforwardgroups.com/ Name: qPdM.sig
Value: F1Sh5zHgegQCSu0C7cFYiNB_CiY
payitforwardgroups.com/ Name: fpc
Value: AgqpvrU4AFdMpoGywWIrYYE
payitforwardgroups.com/ Name: x-ms-gateway-slice
Value: estsfd
payitforwardgroups.com/ Name: stsservicecookie
Value: estsfd
.payitforwardgroups.com/ Name: AADSSO
Value: NA|NoExtension
payitforwardgroups.com/ Name: SSOCOOKIEPULLED
Value: 1