urlscan.io logo urlscan.io
SecurityTrails logo

payfreetrx.gq Open in urlscan Pro
206.189.19.197  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://www.payfreetrx.gq/
Effective URL: https://payfreetrx.gq/
Submission Tags: krdprod
Submission: On March 15 via api from JP — Scanned from JP
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 13 IPs in 6 countries across 12 domains to perform 47 HTTP transactions. The main IP is 206.189.19.197, located in London, United Kingdom and belongs to DIGITALOCEAN-ASN, US. The main domain is payfreetrx.gq.
TLS certificate: Issued by R3 on March 14th 2022. Valid for: 3 months.
This is the only time payfreetrx.gq was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 11 206.189.19.197 14061 (DIGITALOC...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
4 192.243.59.13 39572 (ADVANCEDH...)
5 172.64.199.29 13335 (CLOUDFLAR...)
4 2404:6800:400... 15169 (GOOGLE)
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 2001:4de0:ac1... 20446 (STACKPATH...)
5 2404:6800:400... 15169 (GOOGLE)
6 195.201.108.252 24940 (HETZNER-AS)
5 2606:4700:303... 13335 (CLOUDFLAR...)
2 2404:6800:400... 15169 (GOOGLE)
47 13
11    206.189.19.197 (London, United Kingdom)

ASN14061 (DIGITALOCEAN-ASN, US)
PTR: r213.lon1.mysecurecloudhost.com
www.payfreetrx.gq
payfreetrx.gq
2    2606:4700::6810:5714 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.jsdelivr.net
2    2606:4700::6810:135e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
4    192.243.59.13 (Ashburn, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
illegalprotected.com
5    172.64.199.29 (United States)

ASN13335 (CLOUDFLARENET, US)
adhitzads.com
p3.adhitzads.com
4    2404:6800:4004:820::2004 (Australia)

ASN15169 (GOOGLE, US)
www.google.com
1    2606:4700:3035::ac43:d116 (United States)

ASN13335 (CLOUDFLARENET, US)
static.surfe.pro
1    2001:4de0:ac18::1:a:3b (Netherlands)

ASN20446 (STACKPATH-CDN, US)
code.jquery.com
5    2404:6800:400a:805::2003 (Osaka, Japan)

ASN15169 (GOOGLE, US)
www.gstatic.com
6    195.201.108.252 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.252.108.201.195.clients.your-server.de
surfe.pro
5    2606:4700:3036::6815:19ec (United States)

ASN13335 (CLOUDFLARENET, US)
static.surfe.be
2    2404:6800:4004:822::2002 (Australia)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
googleads.g.doubleclick.net
Apex Domain
Subdomains		 Transfer
11 payfreetrx.gq
www.payfreetrx.gq
payfreetrx.gq
130 KB
7 surfe.pro
static.surfe.pro — Cisco Umbrella Rank: 250179
surfe.pro — Cisco Umbrella Rank: 195881
24 KB
5 surfe.be
static.surfe.be — Cisco Umbrella Rank: 282077
643 KB
5 gstatic.com
www.gstatic.com
469 KB
5 adhitzads.com
adhitzads.com — Cisco Umbrella Rank: 175023
p3.adhitzads.com — Cisco Umbrella Rank: 195090
3 KB
4 google.com
www.google.com — Cisco Umbrella Rank: 2
24 KB
4 illegalprotected.com
illegalprotected.com
2 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 194
90 KB
2 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 403
48 KB
1 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 38
5 KB
1 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 90
53 KB
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 588
30 KB
47 12
Domain Requested by
10 payfreetrx.gq payfreetrx.gq
6 surfe.pro payfreetrx.gq
5 static.surfe.be payfreetrx.gq
5 www.gstatic.com www.google.com
4 www.google.com payfreetrx.gq
www.gstatic.com
4 illegalprotected.com payfreetrx.gq
3 p3.adhitzads.com adhitzads.com
2 adhitzads.com payfreetrx.gq
2 cdnjs.cloudflare.com payfreetrx.gq
cdnjs.cloudflare.com
2 cdn.jsdelivr.net payfreetrx.gq
1 googleads.g.doubleclick.net pagead2.googlesyndication.com
1 pagead2.googlesyndication.com payfreetrx.gq
1 code.jquery.com payfreetrx.gq
1 static.surfe.pro payfreetrx.gq
1 www.payfreetrx.gq 1 redirects
47 15

This site contains links to these domains. Also see Links.

Domain
cryptofp.xyz
claimfreeltc.com
cryptoonly.xyz
claimfreedoge.ml
faucetpay.io
surfe.be
surfe.pro
t.me
Subject Issuer Validity Valid
cpcontacts.payfreetrx.gq
R3		 2022-03-14 -
2022-06-12		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-07-03 -
2022-07-02		 a year crt.sh
illegalprotected.com
R3		 2022-02-17 -
2022-05-18		 3 months crt.sh
www.google.com
GTS CA 1C3		 2022-02-17 -
2022-05-12		 3 months crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2021-07-14 -
2022-08-14		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2022-02-17 -
2022-05-12		 3 months crt.sh
surfe.pro
R3		 2022-01-02 -
2022-04-02		 3 months crt.sh
*.google.com
GTS CA 1C3		 2022-02-17 -
2022-05-12		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2022-02-17 -
2022-05-12		 3 months crt.sh

This page contains 4 frames:

Primary Page: https://payfreetrx.gq/
Frame ID: A84E98A4AB6C6A7CABC96EE6737DA77A
Requests: 44 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcrTQceAAAAAIWYZUVZmEakjULtbeZa--EkPzaL&co=aHR0cHM6Ly9wYXlmcmVldHJ4LmdxOjQ0Mw..&hl=en&v=85AXn53af-oJBEtL2o2WpAjZ&size=normal&cb=id3a9f9hu981
Frame ID: F8B7AA15D6A972A3D9523C9FA2CA9170
Requests: 4 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=85AXn53af-oJBEtL2o2WpAjZ&k=6LcrTQceAAAAAIWYZUVZmEakjULtbeZa--EkPzaL
Frame ID: D4758FB04BF09BDBE893AFF6DA8A43B9
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220308/r20190131/zrt_lookup.html
Frame ID: 2D9120D1D1B5B433B74D4A70D883C401
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Pay Free TRX | Free Tron Faucet

Page URL History Show full URLs

  1. http://www.payfreetrx.gq/ HTTP 302
    https://payfreetrx.gq/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
  • //cdn\.jsdelivr\.net/
Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

47
Requests

100 %
HTTPS

67 %
IPv6

12
Domains

15
Subdomains

13
IPs

6
Countries

1519 kB
Transfer

2801 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.payfreetrx.gq/ HTTP 302
    https://payfreetrx.gq/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

47 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
payfreetrx.gq/
Redirect Chain
  • http://www.payfreetrx.gq/
  • https://payfreetrx.gq/
59 KB
34 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://payfreetrx.gq/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
206.189.19.197 London, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
r213.lon1.mysecurecloudhost.com
Software
LiteSpeed /
Resource Hash
10c993e7139a6c360155d3523a7c769fe5239443868705dc8aab8e3711aa5b46
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
jp-JP,jp;q=0.9

Response headers

expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
x-xss-protection
0
content-type
text/html; charset=UTF-8
content-encoding
br
vary
Accept-Encoding,User-Agent
date
Tue, 15 Mar 2022 09:35:41 GMT
server
LiteSpeed
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"

Redirect headers

Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
content-type
text/html
content-length
683
date
Tue, 15 Mar 2022 09:35:40 GMT
server
LiteSpeed
cache-control
no-cache, no-store, must-revalidate, max-age=0
location
https://payfreetrx.gq/
vary
User-Agent
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/css/ 		158 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css
Requested by
Host: payfreetrx.gq
URL: https://payfreetrx.gq/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4ffcc598ee6cff4692c1cea272cd8a2f195f6dec32473e94370d6cdcfa5fe601
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://payfreetrx.gq/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 15 Mar 2022 09:35:41 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
42982
x-jsd-version
4.6.0
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra19169-FRA, cache-tyo11930-TYO
timing-allow-origin
*
x-jsd-version-type
version
server
cloudflare
etag
W/"27681-LKxK/BIJg5IUESlr1Oj9ipS6I34"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
cf-ray
6ec442ad69da8aa4-NRT
all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.2/css/ 		58 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.2/css/all.min.css
Requested by
Host: payfreetrx.gq
URL: https://payfreetrx.gq/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d1fb8d8337cd22568295b0ed998c85c58f0b4cd083af0b0db21cb0af80002f2d
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://payfreetrx.gq/
Origin
https://payfreetrx.gq
Accept-Language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 15 Mar 2022 09:35:41 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
1073553
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
10472
timing-allow-origin
*
last-modified
Wed, 13 Jan 2021 22:29:05 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5fff7431-e7d0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xFBHlg9a3BusUmtnwoPhIj1l5QZzNInpHnfDO2klZpW%2F9WYpUBoNqbBLeq6vN0WCpD%2B1nam4Bdd8NhARuYFnd%2FvoHhXwvachyUyoY88%2BL1tDvvCbUt6PgeShXTE4QjuXm5kek2mBvmyCH4%2BxLtxlte8n"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6ec442ad691f80ea-NRT
expires
Sun, 05 Mar 2023 09:35:41 GMT
base.css
payfreetrx.gq/libs/css/ 		748 B
346 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://payfreetrx.gq/libs/css/base.css
Requested by
Host: payfreetrx.gq
URL: https://payfreetrx.gq/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
206.189.19.197 London, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
r213.lon1.mysecurecloudhost.com
Software
LiteSpeed /
Resource Hash
96d937266e197db610a6e47e75f3afe063b0795eb0559104696e89bf74c538cb

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://payfreetrx.gq/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 15 Mar 2022 09:35:41 GMT
content-encoding
br
last-modified
Sat, 04 Dec 2021 15:04:03 GMT
server
LiteSpeed
vary
Accept-Encoding,User-Agent
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
313
expires
Tue, 22 Mar 2022 09:35:41 GMT
muluken33.css
payfreetrx.gq/libs/css/ 		481 B
247 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://payfreetrx.gq/libs/css/muluken33.css
Requested by
Host: payfreetrx.gq
URL: https://payfreetrx.gq/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
206.189.19.197 London, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
r213.lon1.mysecurecloudhost.com
Software
LiteSpeed /
Resource Hash
38d02513f9d05aff4dfabb80c52ff1ebde2121c3d36d9220839a6e420411ef7c

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://payfreetrx.gq/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 15 Mar 2022 09:35:41 GMT
content-encoding
br
last-modified
Sat, 04 Dec 2021 15:04:03 GMT
server
LiteSpeed
vary
Accept-Encoding,User-Agent
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
215
expires
Tue, 22 Mar 2022 09:35:41 GMT
non2.css
payfreetrx.gq/libs/css/ 		268 B
249 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://payfreetrx.gq/libs/css/non2.css
Requested by
Host: payfreetrx.gq
URL: https://payfreetrx.gq/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
206.189.19.197 London, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
r213.lon1.mysecurecloudhost.com
Software
LiteSpeed /
Resource Hash
9d06ebf17ecd008d93560a00503c7fc28d98626bb3fa6753940328fdcfd404af

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://payfreetrx.gq/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 15 Mar 2022 09:35:41 GMT
content-encoding
br
last-modified
Sat, 04 Dec 2021 15:04:03 GMT
server
LiteSpeed
vary
Accept-Encoding,User-Agent
content-type
text/css
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
142
expires
Tue, 22 Mar 2022 09:35:41 GMT
trx.webp
payfreetrx.gq/images/ 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://payfreetrx.gq/images/trx.webp
Requested by
Host: payfreetrx.gq
URL: https://payfreetrx.gq/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
206.189.19.197 London, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
r213.lon1.mysecurecloudhost.com
Software
LiteSpeed /
Resource Hash
61eab1d4003b3dd628d918947651f8432c9dafaa34481246de5f2b36b2bee00a

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://payfreetrx.gq/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 15 Mar 2022 09:35:42 GMT
last-modified
Sat, 04 Dec 2021 15:04:01 GMT
server
LiteSpeed
vary
User-Agent
content-type
image/webp
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
14274
expires
Tue, 22 Mar 2022 09:35:42 GMT
bitcoin.png
payfreetrx.gq/images/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://payfreetrx.gq/images/bitcoin.png
Requested by
Host: payfreetrx.gq
URL: https://payfreetrx.gq/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
206.189.19.197 London, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
r213.lon1.mysecurecloudhost.com
Software
LiteSpeed /
Resource Hash
12bac3f45f1535bada74fa9b39e3e70b88d0991e1c5ba8c5bbfc8d4f6534b091

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://payfreetrx.gq/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 15 Mar 2022 09:35:42 GMT
last-modified
Sat, 04 Dec 2021 15:04:01 GMT
server
LiteSpeed
vary
User-Agent
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
4517
expires
Tue, 22 Mar 2022 09:35:42 GMT
ltc.png
payfreetrx.gq/images/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://payfreetrx.gq/images/ltc.png
Requested by
Host: payfreetrx.gq
URL: https://payfreetrx.gq/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
206.189.19.197 London, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
r213.lon1.mysecurecloudhost.com
Software
LiteSpeed /
Resource Hash
660f278b2a3296b26b1f7c03cef134d736e10e2ab90eedfc0fa3c6d491cb2a1f

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://payfreetrx.gq/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 15 Mar 2022 09:35:42 GMT
last-modified
Sat, 04 Dec 2021 15:04:01 GMT
server
LiteSpeed
vary
User-Agent
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
8583
expires
Tue, 22 Mar 2022 09:35:42 GMT
dogecoin.webp
payfreetrx.gq/images/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://payfreetrx.gq/images/dogecoin.webp
Requested by
Host: payfreetrx.gq
URL: https://payfreetrx.gq/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
206.189.19.197 London, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
r213.lon1.mysecurecloudhost.com
Software
LiteSpeed /
Resource Hash
12cdf34bdeaa0a84bcd0bb7be47519ad24905d66c3c8935c75ab39935e9ed922

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://payfreetrx.gq/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 15 Mar 2022 09:35:42 GMT
last-modified
Sat, 04 Dec 2021 15:04:01 GMT
server
LiteSpeed
vary
User-Agent
content-type
image/webp
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
8118
expires
Tue, 22 Mar 2022 09:35:42 GMT
a38f4c3b3033496ea09f4e55dc3f5401.js
illegalprotected.com/a3/8f/4c/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://illegalprotected.com/a3/8f/4c/a38f4c3b3033496ea09f4e55dc3f5401.js
Requested by
Host: payfreetrx.gq
URL: https://payfreetrx.gq/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.243.59.13 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.17.6 /
Resource Hash

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://payfreetrx.gq/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 15 Mar 2022 09:35:42 GMT
Server
nginx/1.17.6
Connection
keep-alive
Content-Type
application/javascript
Content-Length
0
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
1151505
adhitzads.com/ 		448 B
547 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adhitzads.com/1151505
Requested by
Host: payfreetrx.gq
URL: https://payfreetrx.gq/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.199.29 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ff2973ef6ca9464067a7377b0e3918e5bcb7b4d6ae31b4a674e5a6b91082629a

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://payfreetrx.gq/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 15 Mar 2022 09:35:42 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PM20gJ2ioybumqZrLCPSUx4unqQXQ%2F6CZd8cUYdK8B2oNSYRqKBqSN5k0c47jGC5uagT%2BtvUcmTLUV8FKBtSAsK%2FOexeUgdV03gYqtJQn7ZhOrQ%2FzrFuk8mv4ZAPyh0u"}],"group":"cf-nel","max_age":604800}
content-type
text/html
cache-control
max-age=3600, public
cf-ray
6ec442aeefea3511-NRT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Tue, 15 Mar 2022 10:35:42 GMT
1150934
adhitzads.com/ 		448 B
837 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adhitzads.com/1150934
Requested by
Host: payfreetrx.gq
URL: https://payfreetrx.gq/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.199.29 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cfe564fe9edbdb08470597c1215d101e10cd59bcbfacd4767eb87607e1a21f7b

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://payfreetrx.gq/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 15 Mar 2022 09:35:42 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OMmerNIm199sh1yGGMksDeNz9zagxwgteeAI5j6mWYOrQp0w3Kmxt1pNZWrvpSf5ugeCCBraAB%2BRivFttnHa4t82d8E90w%2BWe2cVXgzU%2BkhR1IzqrYwySarJmPjm5xtn"}],"group":"cf-nel","max_age":604800}
content-type
text/html
cache-control
max-age=3600, public
cf-ray
6ec442aeefec3511-NRT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Tue, 15 Mar 2022 10:35:42 GMT
api.js
www.google.com/recaptcha/ 		850 B
966 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js
Requested by
Host: payfreetrx.gq
URL: https://payfreetrx.gq/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:820::2004 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
efe60d3132396e59045e15ed5c74035c98ac27b363af49041b12706746af8b52
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://payfreetrx.gq/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 15 Mar 2022 09:35:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
content-security-policy
frame-ancestors 'self'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
553
x-xss-protection
1; mode=block
expires
Tue, 15 Mar 2022 09:35:41 GMT
net.js
static.surfe.pro/js/ 		4 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.surfe.pro/js/net.js
Requested by
Host: payfreetrx.gq
URL: https://payfreetrx.gq/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::ac43:d116 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
907106ff835026bd9f8f6fbf84342aafc70923664634d6afbcd4da37a7dc964d

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://payfreetrx.gq/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 15 Mar 2022 09:35:41 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 10 Mar 2022 16:06:12 GMT
server
cloudflare
age
4725
etag
W/"622a21f4-11a9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NZqlapTN4vmb%2FLE1msaR%2BoHx%2BdbIfwo6sCNTrv1q%2B5ce3UgP2RQyIJNGHG9rf1EbvuAtJK0UWQmZ10lFvIF1iNoeaFUlwKh029Bed9p%2FYlwbK8lyDNZcF45oHf3BdtKl9NwVjCg22J%2BtIscz%2BhXx"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6ec442aefd2480d2-NRT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
jquery-3.5.1.min.js
code.jquery.com/ 		87 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.5.1.min.js
Requested by
Host: payfreetrx.gq
URL: https://payfreetrx.gq/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac18::1:a:3b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
nginx /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

Referer
https://payfreetrx.gq/
Origin
https://payfreetrx.gq
Accept-Language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 15 Mar 2022 09:35:42 GMT
content-encoding
gzip
last-modified
Fri, 20 Aug 2021 17:47:53 GMT
server
nginx
etag
W/"611feac9-15d84"
vary
Accept-Encoding
x-hw
1647336942.dop024.pa1.t,1647336942.cds220.pa1.hn,1647336942.cds214.pa1.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
30879
bootstrap.bundle.min.js
cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/js/ 		82 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/js/bootstrap.bundle.min.js
Requested by
Host: payfreetrx.gq
URL: https://payfreetrx.gq/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b0212543cc5a4a0a31c1b5a9d1e8973261992116b4cfde3e7dfcf33b4e81a97b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://payfreetrx.gq/
Origin
https://payfreetrx.gq
Accept-Language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 15 Mar 2022 09:35:41 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
42976
x-jsd-version
4.6.0
x-cache
MISS, HIT
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by
cache-fra19141-FRA, cache-tyo11957-TYO
timing-allow-origin
*
x-jsd-version-type
version
server
cloudflare
etag
W/"1499a-rsVR5NVzRjCI/KfRT7ZE6zifGDk"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
cf-ray
6ec442aeeab53521-NRT
show_ads.js
payfreetrx.gq/libs/ 		23 B
71 B 		Script
General
Check archive.org
Download Go to
Full URL
https://payfreetrx.gq/libs/show_ads.js
Requested by
Host: payfreetrx.gq
URL: https://payfreetrx.gq/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
206.189.19.197 London, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
r213.lon1.mysecurecloudhost.com
Software
LiteSpeed /
Resource Hash
ae8733fbaff642fc86c871273af6a0430ca67d764e4169c5a38c6fd66fbf8169

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://payfreetrx.gq/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 15 Mar 2022 09:35:42 GMT
last-modified
Sat, 04 Dec 2021 15:04:03 GMT
server
LiteSpeed
vary
User-Agent
content-type
application/javascript
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
23
expires
Tue, 22 Mar 2022 09:35:42 GMT
/
p3.adhitzads.com/ 		0
307 B 		Script
General
Check archive.org
Download Go to
Full URL
https://p3.adhitzads.com/?z=1151505&p=1171784871&l=https%3A//payfreetrx.gq/&c=1
Requested by
Host: adhitzads.com
URL: https://adhitzads.com/1151505
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.199.29 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/5.6.40
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://payfreetrx.gq/
Accept-Language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Tue, 15 Mar 2022 09:35:42 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/5.6.40
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5Jrxr3KBcy3rDEREcvVXQ8eQCGdt9rPW9UD6Fp%2BzQK%2BZ07DWSCXvl6%2BWqS2QPN%2FahmS1jY4UvhamKhNkMC15MLtho7q9SiNtsE1PsjFlilW%2FUVI5kufaHwGoO6qoLT5CStTC"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
cf-ray
6ec442b36d393511-NRT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
/
p3.adhitzads.com/ 		0
540 B 		Script
General
Check archive.org
Download Go to
Full URL
https://p3.adhitzads.com/?z=1150934&p=1171784871&l=https%3A//payfreetrx.gq/&c=2
Requested by
Host: adhitzads.com
URL: https://adhitzads.com/1150934
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.199.29 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/5.6.40
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://payfreetrx.gq/
Accept-Language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Tue, 15 Mar 2022 09:35:43 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/5.6.40
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gk9YHMYEQ0hpNfYY9sTx%2Bfe%2FpmW3NyA8K2VSrJyeaEuOLbK8UzOLhDa%2FH6i7E5J2sjB52nR6sxsJmVTeL4p3q4HVz8743f9xh%2FAq0nSTJ2oc4yT9l5XcZr9PKgO2uZHSYfbB"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
cf-ray
6ec442b50946808d-NRT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
fa-solid-900.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.2/webfonts/ 		78 KB
79 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.2/webfonts/fa-solid-900.woff2
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.2/css/all.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a0428c36942097bbf7cc98bcebc81dee047382fac414217e89cc572c7f9473f6
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.2/css/all.min.css
Origin
https://payfreetrx.gq
Accept-Language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 15 Mar 2022 09:35:42 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
750178
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
80252
timing-allow-origin
*
last-modified
Wed, 13 Jan 2021 22:29:06 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5fff7432-1397c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6IYjLbako4wmV6ZkBzcBvfCdG2s%2Fr5n1Dj6d1CDKmj11PfQW4PRUBDIbjQVdjox9r7zn9t1xj25xmJLoTDjW0YYn62Z9ZKbM8%2BnRH4tTV%2BR%2F4vJAWBdMPkxMZTw4EMgka1w7AqBHlekjhZVu%2BTjLNWr6"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
6ec442b50ee51d87-NRT
expires
Sun, 05 Mar 2023 09:35:42 GMT
truncated
/ 		12 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
932bae3c696596fce163734724bcac3e2f173efd5c87d099cc0052b765eb05b0

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type
image/png
/
p3.adhitzads.com/ 		0
508 B 		Script
General
Check archive.org
Download Go to
Full URL
https://p3.adhitzads.com/?z=1150934&p=1171784871&l=https%3A//payfreetrx.gq/&c=3
Requested by
Host: adhitzads.com
URL: https://adhitzads.com/1150934
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.199.29 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/5.6.40
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://payfreetrx.gq/
Accept-Language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Tue, 15 Mar 2022 09:35:43 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/5.6.40
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NPQLmqMnu6SxKi30qY0bBnAi0JxM%2FMFft%2Bu5%2F43vDVXjeSXbItS3TwQBrCGNVDW%2BjLhS0RvdtTmMwyeB4%2BS8Iukahk707ZSD%2BYpYKf81Pi1WxELmzB1c1OOlr4TZbzcCzw7m"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
cf-ray
6ec442b6bb96808d-NRT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
recaptcha__en.js
www.gstatic.com/recaptcha/releases/85AXn53af-oJBEtL2o2WpAjZ/ 		357 KB
141 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/85AXn53af-oJBEtL2o2WpAjZ/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:400a:805::2003 Osaka, Japan, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cfb94e5ee3cf4cc864f0afd05660956b94cf3f42232c7ac5e119924713c294ad
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://payfreetrx.gq/
Origin
https://payfreetrx.gq
Accept-Language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Mon, 14 Mar 2022 18:43:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
53530
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
143659
x-xss-protection
0
last-modified
Mon, 07 Mar 2022 05:02:21 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 14 Mar 2023 18:43:33 GMT
id
surfe.pro/net/ 		16 B
348 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://surfe.pro/net/id
Requested by
Host: payfreetrx.gq
URL: https://payfreetrx.gq/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.201.108.252 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.252.108.201.195.clients.your-server.de
Software
nginx /
Resource Hash
a0f374169233ddcd138fc70a1010cc900d4361ba609501c4a42e70b2c681236d

Request headers

Referer
https://payfreetrx.gq/
Accept-Language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Tue, 15 Mar 2022 09:35:44 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS, DELETE, PUT
content-type
text/html; charset=UTF-8
access-control-allow-origin
https://payfreetrx.gq
access-control-allow-credentials
true
the-rule
surfe.pro
access-control-allow-headers
User-Agent,Keep-Alive,Content-Type
speed-02
main-t-new - 0.0025770664215088
teaser
surfe.pro/net/ 		18 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://surfe.pro/net/teaser?sid=300031&w=0&seed=6891421425983597&doc_ref=&href=aHR0cHM6Ly9wYXlmcmVldHJ4LmdxLw==
Requested by
Host: payfreetrx.gq
URL: https://payfreetrx.gq/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.201.108.252 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.252.108.201.195.clients.your-server.de
Software
nginx /
Resource Hash
d5bfbd6be0544cd4bf25589fe19dc7f81dcba55b97540cf087dcd6631104ad06

Request headers

Referer
https://payfreetrx.gq/
Accept-Language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Tue, 15 Mar 2022 09:35:44 GMT
content-encoding
gzip
speed-07
main-t-old 1 - 0.047643899917603
server
nginx
speed-04
main-tid 3 - 0.012897968292236
speed-05
b-found at 9 - 0.047075986862183
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS, DELETE, PUT
content-type
text/html; charset=UTF-8
access-control-allow-origin
https://payfreetrx.gq
access-control-allow-credentials
true
speed-08
main-t-new - 0.050935029983521
speed-06
PH-all 1000 checked - 0.047625064849854
speed-03
site-inited-view - 0.012870073318481
access-control-allow-headers
User-Agent,Keep-Alive,Content-Type
speed-02
preload - 0.0020139217376709
the-rule
surfe.pro
teaser
surfe.pro/net/ 		18 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://surfe.pro/net/teaser?sid=300031&w=0&seed=23832924168017455&doc_ref=&href=aHR0cHM6Ly9wYXlmcmVldHJ4LmdxLw==
Requested by
Host: payfreetrx.gq
URL: https://payfreetrx.gq/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.201.108.252 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.252.108.201.195.clients.your-server.de
Software
nginx /
Resource Hash
8b42cb420aa0ef37c924e0fe61602d69d0bc6effd83d6aac85cd3a6040e724dc

Request headers

Referer
https://payfreetrx.gq/
Accept-Language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Tue, 15 Mar 2022 09:35:44 GMT
content-encoding
gzip
speed-07
main-t-old 1 - 0.056200981140137
server
nginx
speed-04
main-tid 3 - 0.013108015060425
speed-05
b-found at 10 - 0.055501937866211
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS, DELETE, PUT
content-type
text/html; charset=UTF-8
access-control-allow-origin
https://payfreetrx.gq
access-control-allow-credentials
true
speed-08
main-t-new - 0.082190990447998
speed-06
PH-all 1000 checked - 0.05618691444397
speed-03
site-inited-view - 0.013078927993774
access-control-allow-headers
User-Agent,Keep-Alive,Content-Type
speed-02
preload - 0.0022799968719482
the-rule
surfe.pro
teaser
surfe.pro/net/ 		20 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://surfe.pro/net/teaser?sid=300030&w=1140&seed=06312985590507636&doc_ref=&href=aHR0cHM6Ly9wYXlmcmVldHJ4LmdxLw==
Requested by
Host: payfreetrx.gq
URL: https://payfreetrx.gq/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.201.108.252 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.252.108.201.195.clients.your-server.de
Software
nginx /
Resource Hash
6790449d5890bafef7e506d4d112da0e65fed4588058418568bdef41e243c89b

Request headers

Referer
https://payfreetrx.gq/
Accept-Language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Tue, 15 Mar 2022 09:35:44 GMT
content-encoding
gzip
speed-07
main-t-old 1 - 0.058475971221924
server
nginx
speed-04
main-tid 11 - 0.01619291305542
speed-05
b-found at 10 - 0.057792901992798
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS, DELETE, PUT
content-type
text/html; charset=UTF-8
access-control-allow-origin
https://payfreetrx.gq
access-control-allow-credentials
true
speed-08
main-t-new - 0.068619012832642
speed-06
PH-all 1000 checked - 0.058457851409912
speed-03
site-inited-view - 0.016157865524292
access-control-allow-headers
User-Agent,Keep-Alive,Content-Type
speed-02
preload - 0.0016608238220215
the-rule
surfe.pro
invoke.js
illegalprotected.com/56de48f0227466b8fbfb2e6012e9b5a1/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://illegalprotected.com/56de48f0227466b8fbfb2e6012e9b5a1/invoke.js
Requested by
Host: payfreetrx.gq
URL: https://payfreetrx.gq/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.243.59.13 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.17.6 /
Resource Hash

Request headers

Referer
https://payfreetrx.gq/
Accept-Language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 15 Mar 2022 09:35:44 GMT
Server
nginx/1.17.6
Connection
keep-alive
Content-Type
application/javascript
Content-Length
0
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
81259877eecfd63899714e388a5309f1-300x250.gif
static.surfe.be/upload/1718050/ 		120 KB
121 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.surfe.be/upload/1718050/81259877eecfd63899714e388a5309f1-300x250.gif
Requested by
Host: payfreetrx.gq
URL: https://payfreetrx.gq/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::6815:19ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
70b56d74e7469ac661a0b32448584246bba725a7a0d364c0f155490976477429

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://payfreetrx.gq/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 15 Mar 2022 09:35:44 GMT
cf-cache-status
HIT
last-modified
Mon, 31 Jan 2022 20:55:08 GMT
server
cloudflare
age
81747
etag
W/"61f84cac-1e0bb"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UwJWEkqwNhTIyBX1RGkpqvWyBmQ8fScQuvhM02Spgyyrj0HntqFcwXH7dN9KvXcL46Wz8eofjgLQqKZ7NByDWc2hk8TmWbYdzx5rg9Uc7LjV10JotiDpHGLO%2Bo8go5cjvyg4ahOqshy5FfocIlo%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
public, max-age=86400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6ec442be8c040ae8-NRT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
885157252ceb3497607c011dc7c12d83.png
static.surfe.be/upload/62348/ 		287 KB
287 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.surfe.be/upload/62348/885157252ceb3497607c011dc7c12d83.png
Requested by
Host: payfreetrx.gq
URL: https://payfreetrx.gq/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::6815:19ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bcd4785d6fcd22a9b1dbd1cd0af213af112f8b901b78a17a270d49049d7a23dc

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://payfreetrx.gq/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 15 Mar 2022 09:35:44 GMT
cf-cache-status
HIT
last-modified
Mon, 02 Nov 2020 08:08:18 GMT
server
cloudflare
age
57938
etag
W/"5f9fbe72-47a49"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HYRfJhYMWW3XGPjxdWihbu%2FgbVe%2Bf5%2Bm690emYRT%2BozsJIRORjPuPd6sGdTAhwnF41%2F88KdTYAKRT8sCHNv8IM4igDikKOWVUmsOZCCaB4g4m1z0aDMRkXZP%2Bn4H0FdNPfLHkXf0%2FRiRSILygFI%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
public, max-age=86400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6ec442c05be63414-NRT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
b2ced40b760f9211398adfa92f1ec7ea-300x250.jpg
static.surfe.be/upload/1/ 		36 KB
36 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.surfe.be/upload/1/b2ced40b760f9211398adfa92f1ec7ea-300x250.jpg
Requested by
Host: payfreetrx.gq
URL: https://payfreetrx.gq/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::6815:19ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6e66999873d2ab152a8a815bdc3d48bb102a4d3b64e60062207bd822b562997b

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://payfreetrx.gq/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 15 Mar 2022 09:35:44 GMT
cf-cache-status
HIT
last-modified
Thu, 14 Jan 2021 21:03:10 GMT
server
cloudflare
age
63125
etag
W/"6000b18e-8f4d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3NOSqK19u%2F8VqqV4T7KbfANCTMRCw%2FAdEPsyOR%2B4CHgQvmPjgnLR%2FqcuaaUEo%2BtpH%2BpK%2Be3G83S2TW2Oz0PJQHazOi7HjgmLUY6VEloWcLfDDURgMdW8i7SV4uYUJExX4mUwBHaH0ZWqWzccdA0%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
public, max-age=86400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6ec442c05be43414-NRT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
teaser
surfe.pro/net/ 		20 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://surfe.pro/net/teaser?sid=300030&w=1140&seed=993018606262944&doc_ref=&href=aHR0cHM6Ly9wYXlmcmVldHJ4LmdxLw==
Requested by
Host: payfreetrx.gq
URL: https://payfreetrx.gq/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.201.108.252 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.252.108.201.195.clients.your-server.de
Software
nginx /
Resource Hash
062a1f21542238c8c5824b90d2966287ae3b177372cfd2234e67a95121270262

Request headers

Referer
https://payfreetrx.gq/
Accept-Language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Tue, 15 Mar 2022 09:35:44 GMT
content-encoding
gzip
speed-07
main-t-new - 0.019711017608643
server
nginx
speed-04
main-tid 11 - 0.010200023651123
speed-05
banners from cache - 0.01062798500061
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS, DELETE, PUT
content-type
text/html; charset=UTF-8
access-control-allow-origin
https://payfreetrx.gq
access-control-allow-credentials
true
speed-06
main-t-old 1 - 0.01063084602356
speed-03
site-inited-view - 0.010171890258789
access-control-allow-headers
User-Agent,Keep-Alive,Content-Type
speed-02
preload - 0.0018289089202881
the-rule
surfe.pro
invoke.js
illegalprotected.com/56de48f0227466b8fbfb2e6012e9b5a1/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://illegalprotected.com/56de48f0227466b8fbfb2e6012e9b5a1/invoke.js
Requested by
Host: payfreetrx.gq
URL: https://payfreetrx.gq/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.243.59.13 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.17.6 /
Resource Hash

Request headers

Referer
https://payfreetrx.gq/
Accept-Language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 15 Mar 2022 09:35:44 GMT
Server
nginx/1.17.6
Connection
keep-alive
Content-Type
application/javascript
Content-Length
0
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
ca01d2146aef2a900032baee4cfb3866.jpg
static.surfe.be/upload/1/ 		134 KB
135 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.surfe.be/upload/1/ca01d2146aef2a900032baee4cfb3866.jpg
Requested by
Host: payfreetrx.gq
URL: https://payfreetrx.gq/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::6815:19ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4bd1454185b14994106e77d86faf9f05fe354e86e781a7da53ffcfd348197f92

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://payfreetrx.gq/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 15 Mar 2022 09:35:44 GMT
cf-cache-status
HIT
last-modified
Tue, 30 Apr 2019 15:45:30 GMT
server
cloudflare
age
72933
etag
W/"5cc86d9a-219a5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zM5hUDE6z6lBOH6lbaeri5rKzllWlTjUnGlbmeppn1BSrz6EM7EShtA2nlAXtVTYYywEFfry2ISqSoNN%2BqmJd3Jshko1hlYhtmrU1eOcZSGVSaYxgJ6pfBYzdcDJXGwt7qOK9YgHx0dJoOxJE6s%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
public, max-age=86400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6ec442c1ee083414-NRT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
teaser
surfe.pro/net/ 		20 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://surfe.pro/net/teaser?sid=300030&w=1140&seed=3629586337876616&doc_ref=&href=aHR0cHM6Ly9wYXlmcmVldHJ4LmdxLw==
Requested by
Host: payfreetrx.gq
URL: https://payfreetrx.gq/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
195.201.108.252 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.252.108.201.195.clients.your-server.de
Software
nginx /
Resource Hash
dc08e10046f9dc1ff95073d130889bbcebc13e80540ed338b4a1274d26db652d

Request headers

Referer
https://payfreetrx.gq/
Accept-Language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Tue, 15 Mar 2022 09:35:45 GMT
content-encoding
gzip
speed-07
main-t-new - 0.018847942352295
server
nginx
speed-04
main-tid 11 - 0.0097019672393799
speed-05
banners from cache - 0.010142087936401
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS, DELETE, PUT
content-type
text/html; charset=UTF-8
access-control-allow-origin
https://payfreetrx.gq
access-control-allow-credentials
true
speed-06
main-t-old 1 - 0.010145902633667
speed-03
site-inited-view - 0.0096120834350586
access-control-allow-headers
User-Agent,Keep-Alive,Content-Type
speed-02
preload - 0.0018410682678223
the-rule
surfe.pro
invoke.js
illegalprotected.com/56de48f0227466b8fbfb2e6012e9b5a1/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://illegalprotected.com/56de48f0227466b8fbfb2e6012e9b5a1/invoke.js
Requested by
Host: payfreetrx.gq
URL: https://payfreetrx.gq/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.243.59.13 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx/1.17.6 /
Resource Hash

Request headers

Referer
https://payfreetrx.gq/
Accept-Language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 15 Mar 2022 09:35:45 GMT
Server
nginx/1.17.6
Connection
keep-alive
Content-Type
application/javascript
Content-Length
0
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
d31f768ce95a86b3c092d7d9eda49234.jpg
static.surfe.be/upload/1/ 		63 KB
64 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.surfe.be/upload/1/d31f768ce95a86b3c092d7d9eda49234.jpg
Requested by
Host: payfreetrx.gq
URL: https://payfreetrx.gq/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::6815:19ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b520e4bd94e029e2955a7fc74b0e8aca04d261db104670e5838dc5c4e965eae4

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://payfreetrx.gq/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 15 Mar 2022 09:35:45 GMT
cf-cache-status
HIT
last-modified
Thu, 05 Sep 2019 10:22:48 GMT
server
cloudflare
age
65958
etag
W/"5d70e1f8-fce1"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lLkdGeO3nUm31c3EINa6lYrs9hZbakS%2B4Fgr%2F8Doc82qrc%2BE9DOKTqeq5h%2FvZ6MscM3svniDl8nL3Yv%2Fwo1ggquYJ6VaMO9eoD6dHyrUdQZESW0TIHsxJAJBRmzwMuyb8kQDESXsMJKoym0WCqQ%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
public, max-age=86400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6ec442c3784b3414-NRT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
anchor
www.google.com/recaptcha/api2/ Frame F8B7 		43 KB
22 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcrTQceAAAAAIWYZUVZmEakjULtbeZa--EkPzaL&co=aHR0cHM6Ly9wYXlmcmVldHJ4LmdxOjQ0Mw..&hl=en&v=85AXn53af-oJBEtL2o2WpAjZ&size=normal&cb=id3a9f9hu981
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/85AXn53af-oJBEtL2o2WpAjZ/recaptcha__en.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2404:6800:4004:820::2004 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
5dbe0c81e2191aadb76b73b7e1bb409548e03885e905f01770fd136ed4ae127d
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-faApVaFI7NhKlExKQYDM9g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
jp-JP,jp;q=0.9
Referer
https://payfreetrx.gq/

Response headers

cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Tue, 15 Mar 2022 09:35:45 GMT
content-security-policy
script-src 'report-sample' 'nonce-faApVaFI7NhKlExKQYDM9g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
22691
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
truncated
/ 		6 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0f2bc284ea431ba5f4cec90e397b4257980ceb4e3bf0b79965188acec6e70907

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
294e6d66855246620238f6b89663f8ec560257f36648c036b8f397ae8913a2b5

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3b31632175d356790bea8a9891b26370912bcf68df5ea37edc586cbb69530ca0

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ffed8adc9a008b6888d98014cee4e5d855910f70d3f7d0a8213b1b121398519d

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type
image/png
styles__ltr.css
www.gstatic.com/recaptcha/releases/85AXn53af-oJBEtL2o2WpAjZ/ Frame F8B7 		51 KB
24 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/85AXn53af-oJBEtL2o2WpAjZ/styles__ltr.css
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcrTQceAAAAAIWYZUVZmEakjULtbeZa--EkPzaL&co=aHR0cHM6Ly9wYXlmcmVldHJ4LmdxOjQ0Mw..&hl=en&v=85AXn53af-oJBEtL2o2WpAjZ&size=normal&cb=id3a9f9hu981
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2404:6800:400a:805::2003 Osaka, Japan, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Mon, 14 Mar 2022 18:43:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
53531
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24237
x-xss-protection
0
last-modified
Mon, 07 Mar 2022 05:02:21 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 14 Mar 2023 18:43:34 GMT
recaptcha__en.js
www.gstatic.com/recaptcha/releases/85AXn53af-oJBEtL2o2WpAjZ/ Frame F8B7 		357 KB
140 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/85AXn53af-oJBEtL2o2WpAjZ/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcrTQceAAAAAIWYZUVZmEakjULtbeZa--EkPzaL&co=aHR0cHM6Ly9wYXlmcmVldHJ4LmdxOjQ0Mw..&hl=en&v=85AXn53af-oJBEtL2o2WpAjZ&size=normal&cb=id3a9f9hu981
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2404:6800:400a:805::2003 Osaka, Japan, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cfb94e5ee3cf4cc864f0afd05660956b94cf3f42232c7ac5e119924713c294ad
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Mon, 14 Mar 2022 18:43:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
53532
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
143659
x-xss-protection
0
last-modified
Mon, 07 Mar 2022 05:02:21 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 14 Mar 2023 18:43:33 GMT
next.js
payfreetrx.gq/ 		89 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://payfreetrx.gq/next.js
Requested by
Host: payfreetrx.gq
URL: https://payfreetrx.gq/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
206.189.19.197 London, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
r213.lon1.mysecurecloudhost.com
Software
LiteSpeed /
Resource Hash
40210c3e6699b543ce899a3eca6f2b66404ac53d728a626549557a92c1c59561

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://payfreetrx.gq/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 15 Mar 2022 09:35:45 GMT
content-encoding
br
last-modified
Sat, 04 Dec 2021 15:04:01 GMT
server
LiteSpeed
vary
Accept-Encoding,User-Agent
content-type
application/javascript
cache-control
public, max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
61011
expires
Tue, 22 Mar 2022 09:35:45 GMT
webworker.js
www.google.com/recaptcha/api2/ Frame F8B7 		102 B
134 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=85AXn53af-oJBEtL2o2WpAjZ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2404:6800:4004:820::2004 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
e9707e0f26dd47c5a91ff3582091109a33aeeb6eac0253ed617fb58bc0be7039
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcrTQceAAAAAIWYZUVZmEakjULtbeZa--EkPzaL&co=aHR0cHM6Ly9wYXlmcmVldHJ4LmdxOjQ0Mw..&hl=en&v=85AXn53af-oJBEtL2o2WpAjZ&size=normal&cb=id3a9f9hu981
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 15 Mar 2022 09:35:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
cross-origin-embedder-policy
require-corp
x-frame-options
SAMEORIGIN
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
content-security-policy
frame-ancestors 'self'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
112
x-xss-protection
1; mode=block
expires
Tue, 15 Mar 2022 09:35:45 GMT
bframe
www.google.com/recaptcha/api2/ Frame D475 		7 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/bframe?hl=en&v=85AXn53af-oJBEtL2o2WpAjZ&k=6LcrTQceAAAAAIWYZUVZmEakjULtbeZa--EkPzaL
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/85AXn53af-oJBEtL2o2WpAjZ/recaptcha__en.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2404:6800:4004:820::2004 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
167421f38963a77f4c2219eac5153ace98cc42ba7f0387a022bc7f08597ec49f
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-Dz+qHMzwA+lqtHlbmGPxUg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
jp-JP,jp;q=0.9
Referer
https://payfreetrx.gq/

Response headers

cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Tue, 15 Mar 2022 09:35:45 GMT
content-security-policy
script-src 'report-sample' 'nonce-Dz+qHMzwA+lqtHlbmGPxUg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
1113
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
styles__ltr.css
www.gstatic.com/recaptcha/releases/85AXn53af-oJBEtL2o2WpAjZ/ Frame D475 		51 KB
24 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/85AXn53af-oJBEtL2o2WpAjZ/styles__ltr.css
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=85AXn53af-oJBEtL2o2WpAjZ&k=6LcrTQceAAAAAIWYZUVZmEakjULtbeZa--EkPzaL
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2404:6800:400a:805::2003 Osaka, Japan, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Mon, 14 Mar 2022 18:43:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
53531
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24237
x-xss-protection
0
last-modified
Mon, 07 Mar 2022 05:02:21 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 14 Mar 2023 18:43:34 GMT
recaptcha__en.js
www.gstatic.com/recaptcha/releases/85AXn53af-oJBEtL2o2WpAjZ/ Frame D475 		357 KB
140 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/85AXn53af-oJBEtL2o2WpAjZ/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=en&v=85AXn53af-oJBEtL2o2WpAjZ&k=6LcrTQceAAAAAIWYZUVZmEakjULtbeZa--EkPzaL
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2404:6800:400a:805::2003 Osaka, Japan, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cfb94e5ee3cf4cc864f0afd05660956b94cf3f42232c7ac5e119924713c294ad
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Mon, 14 Mar 2022 18:43:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
53532
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
143659
x-xss-protection
0
last-modified
Mon, 07 Mar 2022 05:02:21 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 14 Mar 2023 18:43:33 GMT
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		152 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: payfreetrx.gq
URL: https://payfreetrx.gq/next.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:822::2002 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7c3d346514f3f43558b04e0ea005de844d2fa370377016fdbbf6606aecc22432
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://payfreetrx.gq/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 15 Mar 2022 09:35:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
53721
x-xss-protection
0
server
cafe
etag
16483397765686907986
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Tue, 15 Mar 2022 09:35:46 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20220308/r20190131/ Frame 2D91 		10 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20220308/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:822::2002 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0ce5fc08d0f617e71e1d61bcd79fc7cc1855f4221945b0c09ac774685fe7f52c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
jp-JP,jp;q=0.9
Referer
https://payfreetrx.gq/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4502
x-xss-protection
0
date
Mon, 14 Mar 2022 12:47:17 GMT
expires
Mon, 28 Mar 2022 12:47:17 GMT
cache-control
public, max-age=1209600
age
74909
etag
4044455266028820542
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Verdicts & Comments Add Verdict or Comment

34 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 function| structuredClone object| oncontextlost object| oncontextrestored function| downloadJSAtOnload number| _adhtz number| _adhtx object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| adsurfebe object| atOptions function| $ function| jQuery object| bootstrap boolean| show_ads_gr8_lite object| closure_lm_883706 object| googletag object| google_js_reporting_queue number| google_srt object| google_logging_queue number| tmod object| google_ad_modifications object| ggeac object| google_persistent_state_async boolean| google_measure_js_timing object| google_reactive_ads_global_state boolean| _gfp_a_ object| adsbygoogle string| google_user_agent_client_hint

1 Cookies

Domain/Path Name / Value
payfreetrx.gq/ Name: PHPSESSID
Value: cf5c54d08f8322acff64007725388da9

16 Console Messages

Source Level URL
Text
network error URL: https://illegalprotected.com/a3/8f/4c/a38f4c3b3033496ea09f4e55dc3f5401.js
Message:
Failed to load resource: the server responded with a status of 403 (Forbidden)
javascript warning URL: https://adhitzads.com/1151505
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://p3.adhitzads.com/?z=1151505&p=1171784871&l=https%3A//payfreetrx.gq/&c=1, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://adhitzads.com/1151505
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://p3.adhitzads.com/?z=1151505&p=1171784871&l=https%3A//payfreetrx.gq/&c=1, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://adhitzads.com/1150934
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://p3.adhitzads.com/?z=1150934&p=1171784871&l=https%3A//payfreetrx.gq/&c=2, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://adhitzads.com/1150934
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://p3.adhitzads.com/?z=1150934&p=1171784871&l=https%3A//payfreetrx.gq/&c=2, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://adhitzads.com/1150934
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://p3.adhitzads.com/?z=1150934&p=1171784871&l=https%3A//payfreetrx.gq/&c=3, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://adhitzads.com/1150934
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://p3.adhitzads.com/?z=1150934&p=1171784871&l=https%3A//payfreetrx.gq/&c=3, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://payfreetrx.gq/(Line 210)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://illegalprotected.com/56de48f0227466b8fbfb2e6012e9b5a1/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://payfreetrx.gq/(Line 210)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://illegalprotected.com/56de48f0227466b8fbfb2e6012e9b5a1/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network error URL: https://illegalprotected.com/56de48f0227466b8fbfb2e6012e9b5a1/invoke.js
Message:
Failed to load resource: the server responded with a status of 403 (Forbidden)
javascript warning URL: https://payfreetrx.gq/(Line 225)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://illegalprotected.com/56de48f0227466b8fbfb2e6012e9b5a1/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://payfreetrx.gq/(Line 225)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://illegalprotected.com/56de48f0227466b8fbfb2e6012e9b5a1/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network error URL: https://illegalprotected.com/56de48f0227466b8fbfb2e6012e9b5a1/invoke.js
Message:
Failed to load resource: the server responded with a status of 403 (Forbidden)
javascript warning URL: https://payfreetrx.gq/(Line 240)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://illegalprotected.com/56de48f0227466b8fbfb2e6012e9b5a1/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://payfreetrx.gq/(Line 240)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://illegalprotected.com/56de48f0227466b8fbfb2e6012e9b5a1/invoke.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network error URL: https://illegalprotected.com/56de48f0227466b8fbfb2e6012e9b5a1/invoke.js
Message:
Failed to load resource: the server responded with a status of 403 (Forbidden)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Xss-Protection 0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adhitzads.com
cdn.jsdelivr.net
cdnjs.cloudflare.com
code.jquery.com
googleads.g.doubleclick.net
illegalprotected.com
p3.adhitzads.com
pagead2.googlesyndication.com
payfreetrx.gq
static.surfe.be
static.surfe.pro
surfe.pro
www.google.com
www.gstatic.com
www.payfreetrx.gq
172.64.199.29
192.243.59.13
195.201.108.252
2001:4de0:ac18::1:a:3b
206.189.19.197
2404:6800:4004:820::2004
2404:6800:4004:822::2002
2404:6800:400a:805::2003
2606:4700:3035::ac43:d116
2606:4700:3036::6815:19ec
2606:4700::6810:135e
2606:4700::6810:5714
062a1f21542238c8c5824b90d2966287ae3b177372cfd2234e67a95121270262
0ce5fc08d0f617e71e1d61bcd79fc7cc1855f4221945b0c09ac774685fe7f52c
0f2bc284ea431ba5f4cec90e397b4257980ceb4e3bf0b79965188acec6e70907
10c993e7139a6c360155d3523a7c769fe5239443868705dc8aab8e3711aa5b46
12bac3f45f1535bada74fa9b39e3e70b88d0991e1c5ba8c5bbfc8d4f6534b091
12cdf34bdeaa0a84bcd0bb7be47519ad24905d66c3c8935c75ab39935e9ed922
167421f38963a77f4c2219eac5153ace98cc42ba7f0387a022bc7f08597ec49f
294e6d66855246620238f6b89663f8ec560257f36648c036b8f397ae8913a2b5
38d02513f9d05aff4dfabb80c52ff1ebde2121c3d36d9220839a6e420411ef7c
3b31632175d356790bea8a9891b26370912bcf68df5ea37edc586cbb69530ca0
40210c3e6699b543ce899a3eca6f2b66404ac53d728a626549557a92c1c59561
4bd1454185b14994106e77d86faf9f05fe354e86e781a7da53ffcfd348197f92
4ffcc598ee6cff4692c1cea272cd8a2f195f6dec32473e94370d6cdcfa5fe601
5dbe0c81e2191aadb76b73b7e1bb409548e03885e905f01770fd136ed4ae127d
61eab1d4003b3dd628d918947651f8432c9dafaa34481246de5f2b36b2bee00a
660f278b2a3296b26b1f7c03cef134d736e10e2ab90eedfc0fa3c6d491cb2a1f
6790449d5890bafef7e506d4d112da0e65fed4588058418568bdef41e243c89b
6e66999873d2ab152a8a815bdc3d48bb102a4d3b64e60062207bd822b562997b
70b56d74e7469ac661a0b32448584246bba725a7a0d364c0f155490976477429
7c3d346514f3f43558b04e0ea005de844d2fa370377016fdbbf6606aecc22432
8b42cb420aa0ef37c924e0fe61602d69d0bc6effd83d6aac85cd3a6040e724dc
907106ff835026bd9f8f6fbf84342aafc70923664634d6afbcd4da37a7dc964d
932bae3c696596fce163734724bcac3e2f173efd5c87d099cc0052b765eb05b0
96d937266e197db610a6e47e75f3afe063b0795eb0559104696e89bf74c538cb
9d06ebf17ecd008d93560a00503c7fc28d98626bb3fa6753940328fdcfd404af
a0428c36942097bbf7cc98bcebc81dee047382fac414217e89cc572c7f9473f6
a0f374169233ddcd138fc70a1010cc900d4361ba609501c4a42e70b2c681236d
ae8733fbaff642fc86c871273af6a0430ca67d764e4169c5a38c6fd66fbf8169
b0212543cc5a4a0a31c1b5a9d1e8973261992116b4cfde3e7dfcf33b4e81a97b
b520e4bd94e029e2955a7fc74b0e8aca04d261db104670e5838dc5c4e965eae4
bcd4785d6fcd22a9b1dbd1cd0af213af112f8b901b78a17a270d49049d7a23dc
cfb94e5ee3cf4cc864f0afd05660956b94cf3f42232c7ac5e119924713c294ad
cfe564fe9edbdb08470597c1215d101e10cd59bcbfacd4767eb87607e1a21f7b
d1fb8d8337cd22568295b0ed998c85c58f0b4cd083af0b0db21cb0af80002f2d
d5bfbd6be0544cd4bf25589fe19dc7f81dcba55b97540cf087dcd6631104ad06
dc08e10046f9dc1ff95073d130889bbcebc13e80540ed338b4a1274d26db652d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9707e0f26dd47c5a91ff3582091109a33aeeb6eac0253ed617fb58bc0be7039
efe60d3132396e59045e15ed5c74035c98ac27b363af49041b12706746af8b52
f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
ff2973ef6ca9464067a7377b0e3918e5bcb7b4d6ae31b4a674e5a6b91082629a
ffed8adc9a008b6888d98014cee4e5d855910f70d3f7d0a8213b1b121398519d