qr-captcha.com Open in urlscan Pro
139.45.197.167 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://roblox.gallery/
Effective URL:
https://qr-captcha.com/?t=0&ymid=712954173532152714&oaid=87f0433505070951cd2199dbf5322783
Submission Tags: phishingrod
Submission: On August 09 via api (August 9th 2023, 1:37:25 am UTC) from DE — Scanned from NL

Summary HTTP 35 Redirects Behaviour Indicators

Summary

This website contacted 8 IPs in 3 countries across 7 domains to perform 35 HTTP transactions. The main IP is 139.45.197.167, located in United Kingdom and belongs to RETN-AS, GB. The main domain is qr-captcha.com. The Cisco Umbrella rank of the primary domain is 377252.
TLS certificate: Issued by R3 on June 16th 2023. Valid for: 3 months.

This is the only time qr-captcha.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Scam (Online)

Domain & IP information

	IP Address	AS Autonomous System
4	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
1 2	139.45.197.238 139.45.197.238	9002 (RETN-AS) (RETN-AS)
4	139.45.195.8 139.45.195.8	9002 (RETN-AS) (RETN-AS)
1	139.45.195.253 139.45.195.253	9002 (RETN-AS) (RETN-AS)
17	172.64.129.32 172.64.129.32	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	139.45.197.167 139.45.197.167	9002 (RETN-AS) (RETN-AS)
35	8

4 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

roblox.gallery	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 139.45.197.238 (United Kingdom) 1 redirects

ASN9002 (RETN-AS, GB)

whairtoa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 139.45.195.8 (United Kingdom)

ASN9002 (RETN-AS, GB)

my.rtmark.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.45.195.253 (United Kingdom)

ASN9002 (RETN-AS, GB)

datatechone.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 172.64.129.32 (United States)

ASN13335 (CLOUDFLARENET, US)

totalfreshwords.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 139.45.197.167 (United Kingdom)

ASN9002 (RETN-AS, GB)

qr-captcha.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	totalfreshwords.com totalfreshwords.com	63 KB
5	qr-captcha.com qr-captcha.com — Cisco Umbrella Rank: 377252	21 KB
4	rtmark.net my.rtmark.net — Cisco Umbrella Rank: 10960	2 KB
4	roblox.gallery roblox.gallery	15 KB
2	whairtoa.com 1 redirects whairtoa.com — Cisco Umbrella Rank: 268414	13 KB
1	datatechone.com datatechone.com — Cisco Umbrella Rank: 33374	465 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 77	850 B
35	7

	Domain	Requested by
17	totalfreshwords.com	totalfreshwords.com
5	qr-captcha.com	totalfreshwords.com qr-captcha.com
4	my.rtmark.net	whairtoa.com totalfreshwords.com
4	roblox.gallery	roblox.gallery
2	whairtoa.com	1 redirects roblox.gallery
1	datatechone.com	whairtoa.com
1	fonts.googleapis.com	roblox.gallery
35	7

This site contains no links.

Subject Issuer	Validity	Valid
roblox.gallery GTS CA 1P5	`2023-08-07` - `2023-11-05`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-07-17` - `2023-10-09`	3 months	crt.sh
whairtoa.com R3	`2023-07-16` - `2023-10-14`	3 months	crt.sh
rtmark.net R3	`2023-07-25` - `2023-10-23`	3 months	crt.sh
datatechone.com Sectigo RSA Domain Validation Secure Server CA	`2022-12-18` - `2023-12-24`	a year	crt.sh
totalfreshwords.com E1	`2023-07-22` - `2023-10-20`	3 months	crt.sh
qr-captcha.com R3	`2023-06-16` - `2023-09-14`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://qr-captcha.com/?t=0&ymid=712954173532152714&oaid=87f0433505070951cd2199dbf5322783
Frame ID: 76313A3C5389FD71EB061905A3944F92
Requests: 39 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://roblox.gallery/ Page URL
https://whairtoa.com/4/4138880 Page URL
https://whairtoa.com/?z=4138880&syncedCookie=true&rhd=false HTTP 302
https://totalfreshwords.com/?s=712954172550681246&ssk=57f6d188d91569c5b229c8a04cc5f476&svar=1691545040&z... Page URL
https://totalfreshwords.com/?s=712954172550681246&ssk=57f6d188d91569c5b229c8a04cc5f476&svar=1691545040&z... Page URL
https://qr-captcha.com/?t=0&ymid=712954173532152714&oaid=87f0433505070951cd2199dbf5322783 Page URL

Page Statistics

35
Requests

94 %
HTTPS

29 %
IPv6

7
Domains

7
Subdomains

8
IPs

3
Countries

114 kB
Transfer

352 kB
Size

10
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://roblox.gallery/ Page URL
https://whairtoa.com/4/4138880 Page URL
https://whairtoa.com/?z=4138880&syncedCookie=true&rhd=false HTTP 302
https://totalfreshwords.com/?s=712954172550681246&ssk=57f6d188d91569c5b229c8a04cc5f476&svar=1691545040&z=4138880&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb Page URL
https://totalfreshwords.com/?s=712954172550681246&ssk=57f6d188d91569c5b229c8a04cc5f476&svar=1691545040&z=4138880&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2 Page URL
https://qr-captcha.com/?t=0&ymid=712954173532152714&oaid=87f0433505070951cd2199dbf5322783 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 8

https://whairtoa.com/?z=4138880&syncedCookie=true&rhd=false HTTP 302
https://totalfreshwords.com/?s=712954172550681246&ssk=57f6d188d91569c5b229c8a04cc5f476&svar=1691545040&z=4138880&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb

35 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
roblox.gallery/ 39 KB
12 KB 289ms
45ms Document
text/html 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://roblox.gallery/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

da10982fdb9abb5eb43f401eb5d902343fd0888db26f7744a1e00166fbdf2316

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7f3c45f26b7e901e-FRA
content-encoding: br
content-language: th-TH
content-security-policy: default-src 'self' http: https: data: blob: 'unsafe-inline'
content-type: text/html;charset=UTF-8
date: Wed, 09 Aug 2023 01:37:19 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h4EYgSxKkLHkrX9BHGZbBVlaDku1nP8SSc7db%2FOKrjEZD9ZrkzuqFEeENVeQDtn5tN%2Fgu0I%2BPghgEWMJxo6YLydnHaM2bO3%2BM9eEDpXaFPB7ovPKgbOvU9rgiouaFickOWhqzywqbeows7pFSg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-cache: HIT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H2 200 css
fonts.googleapis.com/ 2 KB
850 B 83ms
31ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:300,400,700&display=swap

Requested by

Host: roblox.gallery
URL: https://roblox.gallery/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

51a8aab72d9a7b9c6dcd455c7c96c3ed24f7f767308209c7a9afa9a6fad346a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 09 Aug 2023 01:37:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 09 Aug 2023 00:18:50 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 09 Aug 2023 01:37:19 GMT

GET
H2 200 email-decode.min.js Show response
roblox.gallery/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 24ms
23ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://roblox.gallery/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: roblox.gallery
URL: https://roblox.gallery/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://roblox.gallery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Wed, 09 Aug 2023 01:37:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 04 Aug 2023 16:29:35 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"64cd276f-4d7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wGPSZl1%2BTB3i7sDub3opCHy%2B3U5VT89l04gYSnWMxrhTGyIA8GOTcdTORH88TLnVdQdsg1lb8ynW1G67o1eMAUkhKZz5FzrOqf%2FpnQ7GCvfTHTsqIvNG1edNmuFv4UoLHpRrpvxVfUT9tPqlQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 7f3c45f2bba4901e-FRA
expires: Fri, 11 Aug 2023 01:37:19 GMT

GET
H2 200 json.js Show response
roblox.gallery/ 1 KB
1012 B 48ms
47ms Script
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://roblox.gallery/json.js

Requested by

Host: roblox.gallery
URL: https://roblox.gallery/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8c1259b475e8e2eef1d1a8544e0c1660b6a4d41b6efaf45c1e3f9b658b9e3f88

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://roblox.gallery/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Wed, 09 Aug 2023 01:37:19 GMT
content-security-policy: default-src 'self' http: https: data: blob: 'unsafe-inline'
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
x-cache: MISS
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qxEEO%2FSeopgtg3SEapZVBdpxZdi%2FII77QYRBad1VCIMCSswMr4daRUcjMC7qcli4kvrDDcySknnbcrwVep4t0Jh%2BxiXdqZy9LMkADiyGedgY8%2BvYbyPHOFz44whQJFeFHjKHx2NQaLfQBCl5AA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: private
cf-ray: 7f3c45f2cba8901e-FRA

PATCH
H3 403 json.js
roblox.gallery/ 206 B
750 B 61ms
60ms XHR
application/javascript 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://roblox.gallery/json.js?_6069795635090351

Requested by

Host: roblox.gallery
URL: https://roblox.gallery/json.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://roblox.gallery/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 09 Aug 2023 01:37:19 GMT
content-security-policy: default-src 'self' http: https: data: blob: 'unsafe-inline'
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: same-origin
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j6JwADWki5U%2FTUZcsdqvL1VXyykc7ypNEMxKr%2BnPyWdXgKCfYtdjs2hQOLMwMlqtlTvWXVMdqoKKseEpg48RkxOfB7cbH93%2BXNePYBh%2FVrKE4T9oosuw6z5uRZ9kMpC2ZWLnAhvit6EtexERZg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: private
cf-ray: 7f3c45f318f335e4-FRA

GET
H2 200 4138880 Show response
whairtoa.com/4/ 27 KB
12 KB 61ms
26ms Document
text/html 139.45.197.238
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://whairtoa.com/4/4138880
Requested by: Host: roblox.gallery
URL: https://roblox.gallery/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.238 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: 6f731051a6c1261548ec172ab3382b814ef9da0f8b0e6891755bf9b4a5ec0dac

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: * *
access-control-max-age: 86400
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0 no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
content-type: text/html; charset=utf8
date: Wed, 09 Aug 2023 01:37:19 GMT
expires: Tue, 11 Jan 1994 10:00:00 GMT Mon, 26 Jul 1997 05:00:00 GMT
link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
pragma: no-cache no-cache
server: nginx
timing-allow-origin: *
x-trace-id: 21ebb63bdbf7a03d474935a558e875f8

GET
H2 200 img.gif
my.rtmark.net/ 43 B
491 B 49ms
14ms Image
image/gif 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://my.rtmark.net/img.gif?f=merge&userId=a0836f350fd84e9bbee01edb861a5f43

Requested by

Host: whairtoa.com
URL: https://whairtoa.com/4/4138880

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://whairtoa.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Wed, 09 Aug 2023 01:37:20 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 43

POST
H/1.1 200
OK add
datatechone.com/log/ 2 B
465 B 50ms
14ms XHR
text/plain 139.45.195.253
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://datatechone.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
Requested by: Host: whairtoa.com
URL: https://whairtoa.com/4/4138880
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.195.253 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Referer: https://whairtoa.com/
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Wed, 09 Aug 2023 01:37:20 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: https://whairtoa.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 2

GET
H2

200

/ Show response
totalfreshwords.com/
Redirect Chain

https://whairtoa.com/?z=4138880&syncedCookie=true&rhd=false
https://totalfreshwords.com/?s=712954172550681246&ssk=57f6d188d91569c5b229c8a04cc5f476&svar=1691545040&z=4138880&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb

38 KB
13 KB

140ms
93ms

Document
text/html

172.64.129.32
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://totalfreshwords.com/?s=712954172550681246&ssk=57f6d188d91569c5b229c8a04cc5f476&svar=1691545040&z=4138880&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.129.32 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.24
Resource Hash: e4843e5836562316fb08542a811cd5a05467a83fd92df47b2f6b4e1a1e9df35f

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://whairtoa.com
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-origin: *
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7f3c45f4ec065b86-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 09 Aug 2023 01:37:20 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y%2BayRnm8YWvWlMg6NzeYvwEyrgXtfel6U8Qe0acFwhUYg%2FNY2n9cx97FT7tglRT8PlVTvDFu3JMgYX3jClGYYxPER9uCQRcFHcKfc0bmjPk9I2MmRwNzZ7XMtDlOUF%2FSy%2FzOV5jt"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-powered-by: PHP/7.4.24

Redirect headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://whairtoa.com
access-control-max-age: 86400
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
content-length: 0
date: Wed, 09 Aug 2023 01:37:20 GMT
expires: Tue, 11 Jan 1994 10:00:00 GMT
link: <https://totalfreshwords.com>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://me9qgidaa.com>; rel="preconnect dns-prefetch"
location: https://totalfreshwords.com/?s=712954172550681246&ssk=57f6d188d91569c5b229c8a04cc5f476&svar=1691545040&z=4138880&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
pragma: no-cache
referrer-policy: no-referrer
server: nginx
strict-transport-security: max-age=1
timing-allow-origin: * *
x-content-type-options: nosniff
x-trace-id: f8604aa5d971ab2563bcc2abb1739fc5

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
545 B 15ms
14ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js?userId=87f0433505070951cd2199dbf5322783

Requested by

Host: totalfreshwords.com
URL: https://totalfreshwords.com/?s=712954172550681246&ssk=57f6d188d91569c5b229c8a04cc5f476&svar=1691545040&z=4138880&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

c6c65d334d68bd9a81d32a7a63307b0df633543ec421d9a18470dd5fff4bef1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://totalfreshwords.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Wed, 09 Aug 2023 01:37:20 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://totalfreshwords.com
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H2 200 micro.tag.min.js Show response
totalfreshwords.com/pfe/current/ 26 KB
10 KB 46ms
45ms Script
application/javascript 172.64.129.32
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://totalfreshwords.com/pfe/current/micro.tag.min.js?z=4662709&ymid=712954172550681246&var=4138880&sw=/sw-check-permissions/4662709&uhd=1
Requested by: Host: totalfreshwords.com
URL: https://totalfreshwords.com/?s=712954172550681246&ssk=57f6d188d91569c5b229c8a04cc5f476&svar=1691545040&z=4138880&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.129.32 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8bff789be40b8393590ce6ecf50acd90cb3000b36c75a748d64a05db3f4f84f6

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://totalfreshwords.com/?s=712954172550681246&ssk=57f6d188d91569c5b229c8a04cc5f476&svar=1691545040&z=4138880&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Aug 2023 01:37:20 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 04 Aug 2023 11:40:28 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"64cce3ac-689b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SAC567S5oeOeFUvUxXpnZ1EbMapRGjb8hEP5JAQDn0UxIxajXn1E37jbwTb3vMmBpYQQAMc%2F0e2dMu5F2dx3QXyfS1VGLMERyk6pD9BYb5RNvk6X8b1E5DATcZNUnKcGl7OWNxCX"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
access-control-allow-credentials: true
cf-ray: 7f3c45f59c4c5b86-FRA
alt-svc: h3=":443"; ma=86400

GET
DATA 200
OK truncated
/ 327 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 56c09cdddbb52eff660021ca91896cde47f956f91be4b43601d8224873bdcbcc

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 / Show response
totalfreshwords.com/19/4662728/ 3 KB
2 KB 39ms
38ms XHR
application/json 172.64.129.32
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://totalfreshwords.com/19/4662728/?abt_opts=1&var=4138880&var3=712954172550681246&ymid=&rhd=1

Requested by

Host: totalfreshwords.com
URL: https://totalfreshwords.com/?s=712954172550681246&ssk=57f6d188d91569c5b229c8a04cc5f476&svar=1691545040&z=4138880&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.129.32 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

41ed542e01490d42c2975ca2ed0bd468b25fed1d77e9e94fc6ad7f3fdb49be22

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://totalfreshwords.com/?s=712954172550681246&ssk=57f6d188d91569c5b229c8a04cc5f476&svar=1691545040&z=4138880&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Wed, 09 Aug 2023 01:37:20 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-trace-id: a614abfef7ef18ec93f4739719e836bf
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BOV47viwXKn41zQZ3GdmUV%2F9rDTm0GoKCPLgFAh963mht8OBPvinb5oYegRTDarpUo%2FJTHProYJTthiVR8eA9OIQHz83DhbE7TDknRnY4TxOeyWj9Z%2BWy18dtzOcqPO%2BvatLBd5U"}],"group":"cf-nel","max_age":604800}
access-control-max-age: 86400
access-control-allow-credentials: true
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
timing-allow-origin: *
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://me9qgidaa.com>; rel="preconnect dns-prefetch"
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
cf-ray: 7f3c45f5ac5e5b86-FRA
expires: Tue, 11 Jan 1994 10:00:00 GMT

POST
H2 200 / Show response
totalfreshwords.com/ 2 B
414 B 46ms
45ms XHR
application/json 172.64.129.32
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://totalfreshwords.com/?s=712954172550681246&ssk=57f6d188d91569c5b229c8a04cc5f476&svar=1691545040&z=4138880&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&mprtr=1
Requested by: Host: totalfreshwords.com
URL: https://totalfreshwords.com/?s=712954172550681246&ssk=57f6d188d91569c5b229c8a04cc5f476&svar=1691545040&z=4138880&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.129.32 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.33
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://totalfreshwords.com/?s=712954172550681246&ssk=57f6d188d91569c5b229c8a04cc5f476&svar=1691545040&z=4138880&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Wed, 09 Aug 2023 01:37:20 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/7.4.33
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZeeFLwxk80PwommuKpqltxHvv8%2FC%2FqdhgZMqZZgH%2FrZdj20G6p8zuM3BXyclhqUnMVZJlqHmZN895YRGm5FSLDjWUtC9Se66UyanhpmmyJhtUih66GwVOhHzJkWOf%2FUGDND7fBtu"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
cf-ray: 7f3c45f5ac605b86-FRA
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
alt-svc: h3=":443"; ma=86400

GET
H3 200 rhd
totalfreshwords.com/ 2 KB
3 KB 45ms
45ms Fetch
application/json 172.64.129.32
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://totalfreshwords.com/rhd?rb=l61pxgH_YMGd15_MaPcFXnwM07vnNzL27FwP4EiWii5KfWXimYCy-Jg8z5WpvbUpqb2Ucofr5hkrqgvbHJB0Y_1BGSpxKXdpNkxzmAJv-M6kLgJm1KWxEDYKR1arY0fg7bmQvHO3Zlgai3tqgsQAod8BOTG30hC8JFbOw3Po0gRHjgYLsa9z4JCQfJNcC3iXpe9Oc70cCN4nBqsdtbbmSOpKLAbwA4AhU__XqzKW9fyKG2zmI2YreqLl5YKumk3c9VK27FFGbF3dhAHCOF7LJfHCvV0zFocQcln3bbu8wRigm2AydMhXe9o8bIasxRSH9YFupK7ZPoc3gg07smdDuIgetxDVuKCafici3VEmfviP6aiNCkrbnPW087MwrCEguTBc0JYYZ2chlUyyfVpaohPbFFCPw625SumS1CXrE3g-eEX-ktKsS9d4NjFRS4zvCuQdblx1LSOgk4i4TgHEd4IjsKc5K2ZLF88H_4RFt40%3D&request_ab2=0&zoneid=4662728&fs=0&cf=0&sw=1600&sh=1200&sah=1200&wx=0&wy=0&ww=1600&wh=1200&cw=1600&wih=1200&wiw=1600&wfc=0&pl=https%3A%2F%2Ftotalfreshwords.com%2F%3Fs%3D712954172550681246%26ssk%3D57f6d188d91569c5b229c8a04cc5f476%26svar%3D1691545040%26z%3D4138880%26pz%3D4662709%26tb%3D4662728%26l%3DWGYVPKNMPvY53zb&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-unknown&var=4138880&var3=712954172550681246&ymid=&rhd=1&m=link

Requested by

Host: totalfreshwords.com
URL: https://totalfreshwords.com/?s=712954172550681246&ssk=57f6d188d91569c5b229c8a04cc5f476&svar=1691545040&z=4138880&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.129.32 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://totalfreshwords.com/?s=712954172550681246&ssk=57f6d188d91569c5b229c8a04cc5f476&svar=1691545040&z=4138880&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Wed, 09 Aug 2023 01:37:20 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-trace-id: 89a269d40336675397724090f61b3a15
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=um2siPFeiJnXVJWi%2BWprp2co1sFxkJn3sRdZcMJBTzg7cTu9%2FsRC8go%2FHf3SnwC%2FO6Lasb%2BjUCE1HkShiHASfUz5Hn%2BrMkiPsKdh96KjZqstwJq6vXYvecpcfo72Kr%2BjcH8Slm8S"}],"group":"cf-nel","max_age":604800}
access-control-max-age: 86400
access-control-allow-credentials: true
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
timing-allow-origin: *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
cf-ray: 7f3c45f5e8ab2c43-FRA
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H3 200 4662709
totalfreshwords.com/sw-check-permissions/ 0
951 B 43ms
43ms Other
application/javascript 172.64.129.32
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://totalfreshwords.com/sw-check-permissions/4662709?var=4138880&ymid=712954172550681246&uhd=1
Requested by: Host: totalfreshwords.com
URL: https://totalfreshwords.com/pfe/current/micro.tag.min.js?z=4662709&ymid=712954172550681246&var=4138880&sw=/sw-check-permissions/4662709&uhd=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.129.32 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.33
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://totalfreshwords.com/?s=712954172550681246&ssk=57f6d188d91569c5b229c8a04cc5f476&svar=1691545040&z=4138880&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Wed, 09 Aug 2023 01:37:20 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/7.4.33
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qHNovXVcLmDteMLNcXLYTmsjrCy9UXpWigaBrmIyil0j1u89RJpSdExq%2F7pgQk%2FmF3UjUMp8vMCgsYsrwCx5UWFLA46HaLVPbDmEALUc5qYC0Fo6kR2GnZEn2M2m0%2FlUvxAvO8s8"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cf-ray: 7f3c45f5f8ae2c43-FRA
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
alt-svc: h3=":443"; ma=86400

POST
H3 200 zone
totalfreshwords.com/ 0
481 B 40ms
40ms Ping
text/plain 172.64.129.32
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://totalfreshwords.com/zone?&pub=0&zone_id=4662709&is_mobile=false&domain=totalfreshwords.com&var=4138880&ymid=712954172550681246&var_3=&var_4=&dsig=&action=prerequest

Requested by

Host: totalfreshwords.com
URL: https://totalfreshwords.com/pfe/current/micro.tag.min.js?z=4662709&ymid=712954172550681246&var=4138880&sw=/sw-check-permissions/4662709&uhd=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.129.32 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://totalfreshwords.com/?s=712954172550681246&ssk=57f6d188d91569c5b229c8a04cc5f476&svar=1691545040&z=4138880&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-trace-id: f6f0a3b57965c6f6a9b14615da7de97b
date: Wed, 09 Aug 2023 01:37:20 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oZZP8A0cwpSeFPlm6OF96J4eMgvZSrtSAPRn0LkQOQty%2BaPzlfbEP7X7Agkr0TsdW8OLw1B2k10E2Rde1HlJmbeHGT5hR4CzyharfhcAu5CzBwhqX716N9ncDfshbNKykKyDklPh"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://totalfreshwords.com
access-control-allow-credentials: true
cf-ray: 7f3c45f5f8b02c43-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 0
alt-svc: h3=":443"; ma=86400

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
545 B 15ms
14ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js?pub=0&userId=&zoneId=4662709&checkDuplicate=true&ymid=712954172550681246&var=4138880

Requested by

Host: totalfreshwords.com
URL: https://totalfreshwords.com/pfe/current/micro.tag.min.js?z=4662709&ymid=712954172550681246&var=4138880&sw=/sw-check-permissions/4662709&uhd=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

c6c65d334d68bd9a81d32a7a63307b0df633543ec421d9a18470dd5fff4bef1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://totalfreshwords.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Wed, 09 Aug 2023 01:37:20 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://totalfreshwords.com
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H3 200 zone
totalfreshwords.com/ 902 B
1 KB 41ms
41ms Fetch
application/json 172.64.129.32
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://totalfreshwords.com/zone?&pub=0&zone_id=4662709&is_mobile=false&domain=totalfreshwords.com&var=4138880&ymid=712954172550681246&var_3=&var_4=&dsig=&action=settings

Requested by

Host: totalfreshwords.com
URL: https://totalfreshwords.com/pfe/current/micro.tag.min.js?z=4662709&ymid=712954172550681246&var=4138880&sw=/sw-check-permissions/4662709&uhd=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.129.32 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://totalfreshwords.com/?s=712954172550681246&ssk=57f6d188d91569c5b229c8a04cc5f476&svar=1691545040&z=4138880&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Wed, 09 Aug 2023 01:37:20 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-trace-id: 1377360e9dfeb20da7ed4442aea381d5
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DifL9cr6woV85CiQGdJQFSOeYstMEqmTP59ntcW86yi6%2FbBbEhmMR2wlq7qNV7YMw4gxEDmYnVh04Hai4KOEGlu4M30%2BbNazy3x2vGKq83cXk5RhNcrsI0emyk4bR1rTe9OrzKL1"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 7f3c45f608be2c43-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept

GET
H3 200 / Show response
totalfreshwords.com/ 38 KB
13 KB 72ms
71ms Document
text/html 172.64.129.32
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://totalfreshwords.com/?s=712954172550681246&ssk=57f6d188d91569c5b229c8a04cc5f476&svar=1691545040&z=4138880&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2
Requested by: Host: totalfreshwords.com
URL: https://totalfreshwords.com/?s=712954172550681246&ssk=57f6d188d91569c5b229c8a04cc5f476&svar=1691545040&z=4138880&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.129.32 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.33
Resource Hash: bf95f936bb11e3d9cbc37da2e13c03dbc5d0a4ec7dfdc7e759daa2ae9312f393

Request headers

Referer: https://totalfreshwords.com/?s=712954172550681246&ssk=57f6d188d91569c5b229c8a04cc5f476&svar=1691545040&z=4138880&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-origin: *
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7f3c45f628d42c43-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 09 Aug 2023 01:37:20 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iUzhouewkhSL0MtZ4ScdZWVNV1PxCMdnw3BW00l8sMXR9BDdvwg1yGBkpmO98sXxOoeTgpzNg4MXtyBFBV0ePlU%2BIoCouEENpWNBBzmYkF4qedK20N1XxC13M4vFr%2FVx%2BM5fBsQs"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-powered-by: PHP/7.4.33

GET
H3 200 micro.tag.min.js Show response
totalfreshwords.com/pfe/current/ 26 KB
11 KB 42ms
41ms Script
application/javascript 172.64.129.32
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://totalfreshwords.com/pfe/current/micro.tag.min.js?z=4662709&ymid=712954172550681246&var=4138880&sw=/sw-check-permissions/4662709&uhd=1
Requested by: Host: totalfreshwords.com
URL: https://totalfreshwords.com/?s=712954172550681246&ssk=57f6d188d91569c5b229c8a04cc5f476&svar=1691545040&z=4138880&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.129.32 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8bff789be40b8393590ce6ecf50acd90cb3000b36c75a748d64a05db3f4f84f6

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://totalfreshwords.com/?s=712954172550681246&ssk=57f6d188d91569c5b229c8a04cc5f476&svar=1691545040&z=4138880&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 09 Aug 2023 01:37:20 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 04 Aug 2023 11:40:28 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"64cce3ac-689b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YQUgWrMorEqvm%2FraUtUBj7kzRGEnDj6j8FWRRu%2BbMLYIS3sHpMiIasvlVo0IxkA0lOS68ZJSp3Tsq5pVv7CbUnO8Zu%2BRlDrE85h7AZwlBVxcN8dh5ErZBbHqPFenLTpBbkrE3gHS"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
access-control-allow-credentials: true
cf-ray: 7f3c45f6a9342c43-FRA
alt-svc: h3=":443"; ma=86400

GET
DATA 200
OK truncated
/ 327 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 56c09cdddbb52eff660021ca91896cde47f956f91be4b43601d8224873bdcbcc

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 / Show response
totalfreshwords.com/19/4662728/ 3 KB
2 KB 37ms
35ms XHR
application/json 172.64.129.32
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://totalfreshwords.com/19/4662728/?abt_opts=1&var=4138880&var3=712954172550681246&ymid=&rhd=1

Requested by

Host: totalfreshwords.com
URL: https://totalfreshwords.com/?s=712954172550681246&ssk=57f6d188d91569c5b229c8a04cc5f476&svar=1691545040&z=4138880&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.129.32 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1dfc09eeab20ccf5454a58c2619a2a2e1424f668c9fa7d818f7781f79a0346ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://totalfreshwords.com/?s=712954172550681246&ssk=57f6d188d91569c5b229c8a04cc5f476&svar=1691545040&z=4138880&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Wed, 09 Aug 2023 01:37:20 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-trace-id: 6421a4169c1b0abc4dae930a9bbf1d7b
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wuno6yv8R5CsEt1qv3dPQi%2BaJqHg6np26YUti2dPeqxI1C4xnwcpO7h2rnjXXndRccp3mTQNNTAjULfv%2FcrPlhPFsUBoaGOmwIRjDOqepBaru2INf7lkaNCHP8jpFjPxAILykYS0"}],"group":"cf-nel","max_age":604800}
access-control-max-age: 86400
access-control-allow-credentials: true
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
timing-allow-origin: *
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://me9qgidaa.com>; rel="preconnect dns-prefetch"
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
cf-ray: 7f3c45f6b9412c43-FRA
expires: Tue, 11 Jan 1994 10:00:00 GMT

POST
H3 200 / Show response
totalfreshwords.com/ 2 B
532 B 46ms
46ms XHR
application/json 172.64.129.32
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://totalfreshwords.com/?s=712954172550681246&ssk=57f6d188d91569c5b229c8a04cc5f476&svar=1691545040&z=4138880&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2&mprtr=1
Requested by: Host: totalfreshwords.com
URL: https://totalfreshwords.com/?s=712954172550681246&ssk=57f6d188d91569c5b229c8a04cc5f476&svar=1691545040&z=4138880&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.129.32 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.33
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://totalfreshwords.com/?s=712954172550681246&ssk=57f6d188d91569c5b229c8a04cc5f476&svar=1691545040&z=4138880&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Wed, 09 Aug 2023 01:37:20 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/7.4.33
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yX1UkVeh%2FyaD3krqqZ%2F4xYlpNFhBUruLa6Gw30bqony59DuMZBvyJF0XaYRwGePfTDSY%2BRh3FtY3%2BHejrGmsPAodPr3uM4LsD0sAPAudIOU%2B8tPwqMg1mmeRXBWUscodC9G%2F0fMl"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
cf-ray: 7f3c45f6c9462c43-FRA
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
alt-svc: h3=":443"; ma=86400

GET
H3 200 rhd Show response
totalfreshwords.com/ 2 KB
3 KB 45ms
45ms Fetch
application/json 172.64.129.32
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://totalfreshwords.com/rhd?rb=-F2Ddf3TnyWEoHk68zoEIJ4_qWFVEqLZUDON6SBTbuJN6SKBCMylmRGJVUmdNsrpg1PV6IhgFQhFWzdu22vkIcGz0HT3TPqMGzsjBG5Yf9AuHWt_3o5IQlzdWlLtvoMI0gSWZikkDpf2Hix4rVvPUS_utRQ4SJ1Z-I57xG77lz1ay07JyJgHf2yMDchUNN4GV28gllQdTAHsWF_fePM2G5p-6wbOhMZC0CMQjqjBBHPTV2V8QzTntFCv5W1hT0_PFguZM_LFeRwRYfimJitmTd1wHMsNz1Nrgyoj9WZ96w6n-U-289UffbwwcosULjLGv747s89witg8PqWezZ3O1Rs2-tDV-BsuipsHFktC_JEuT2cwM4IwEZT3Vf59Ip4mBgZ0NOSQsqLUQAyPE2VP_nNGOtlncHj8PkMcZNlcmDBLGTCOBFDHOwPr1slvxjeOVPqaDz5LpikT2SZeVuTLvWQPl6XhrEpUV5DOxE4tKSjWiHD2&request_ab2=0&zoneid=4662728&fs=0&cf=0&sw=1600&sh=1200&sah=1200&wx=0&wy=0&ww=1600&wh=1200&cw=1600&wih=1200&wiw=1600&wfc=0&pl=https%3A%2F%2Ftotalfreshwords.com%2F%3Fs%3D712954172550681246%26ssk%3D57f6d188d91569c5b229c8a04cc5f476%26svar%3D1691545040%26z%3D4138880%26pz%3D4662709%26tb%3D4662728%26l%3DWGYVPKNMPvY53zb%26rdc%3D2&drf=https%3A%2F%2Ftotalfreshwords.com%2F%3Fs%3D712954172550681246%26ssk%3D57f6d188d91569c5b229c8a04cc5f476%26svar%3D1691545040%26z%3D4138880%26pz%3D4662709%26tb%3D4662728%26l%3DWGYVPKNMPvY53zb&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-unknown&var=4138880&var3=712954172550681246&ymid=&rhd=1&m=link

Requested by

Host: totalfreshwords.com
URL: https://totalfreshwords.com/?s=712954172550681246&ssk=57f6d188d91569c5b229c8a04cc5f476&svar=1691545040&z=4138880&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.129.32 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

841b056a724baeeeed2f3015ad7026258ac91928b826ebe2463eb982e65128e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://totalfreshwords.com/?s=712954172550681246&ssk=57f6d188d91569c5b229c8a04cc5f476&svar=1691545040&z=4138880&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Wed, 09 Aug 2023 01:37:20 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-trace-id: 61d2e04f33131175243b0409f5eea4a5
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jqbkAb3lZzoIoG%2BP4wHUAX9zS1O1TmgrifBnMoL3%2But49y6pfi3ItXk%2FWiZnpxSEm0zlf7rcRuOxqtyKmyAsoxuUfMYXdLBlqH8mrZL%2BNPrwxyRdPL%2F9XEDF%2BJyZ9uM4f4EufVys"}],"group":"cf-nel","max_age":604800}
access-control-max-age: 86400
access-control-allow-credentials: true
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
timing-allow-origin: *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
cf-ray: 7f3c45f6f96c2c43-FRA
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H3 200 4662709
totalfreshwords.com/sw-check-permissions/ 0
956 B 48ms
48ms Other
application/javascript 172.64.129.32
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://totalfreshwords.com/sw-check-permissions/4662709?var=4138880&ymid=712954172550681246&uhd=1
Requested by: Host: totalfreshwords.com
URL: https://totalfreshwords.com/pfe/current/micro.tag.min.js?z=4662709&ymid=712954172550681246&var=4138880&sw=/sw-check-permissions/4662709&uhd=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.129.32 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.33
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://totalfreshwords.com/?s=712954172550681246&ssk=57f6d188d91569c5b229c8a04cc5f476&svar=1691545040&z=4138880&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Wed, 09 Aug 2023 01:37:20 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/7.4.33
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wSvH86%2F54OV0PDuMnxd01LkZjPJkY1SzroQBcz4TnlxvU3n6u%2BtHxjB245Y%2Fbv%2FZcSbd5MOIt6nUe6YqcKZYq8xyxeasKyOcDxzM8eoSh6cBg%2BWE3IhejWuaPwjE%2BxUXQg4OS9GA"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cf-ray: 7f3c45f7096f2c43-FRA
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
alt-svc: h3=":443"; ma=86400

POST
H3 200 zone
totalfreshwords.com/ 0
485 B 33ms
33ms Ping
text/plain 172.64.129.32
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://totalfreshwords.com/zone?&pub=0&zone_id=4662709&is_mobile=false&domain=totalfreshwords.com&var=4138880&ymid=712954172550681246&var_3=&var_4=&dsig=&action=prerequest

Requested by

Host: totalfreshwords.com
URL: https://totalfreshwords.com/pfe/current/micro.tag.min.js?z=4662709&ymid=712954172550681246&var=4138880&sw=/sw-check-permissions/4662709&uhd=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.129.32 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://totalfreshwords.com/?s=712954172550681246&ssk=57f6d188d91569c5b229c8a04cc5f476&svar=1691545040&z=4138880&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-trace-id: 0ffe5be3a3e650254ef800db819e9500
date: Wed, 09 Aug 2023 01:37:20 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZObRDjCLE0chNN4VRNjwG4IhAdfG%2Bt388eWa%2BIqd66gxb8TbvrpjX5s4r8i6o0LRgWHzQzsPMnHIKlIT0GxpYcAlRYko4%2FVlqCfa1cSgyKHieHvgmMrYa9IxO8uvxPUZcXCkPm0x"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://totalfreshwords.com
access-control-allow-credentials: true
cf-ray: 7f3c45f709712c43-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 0
alt-svc: h3=":443"; ma=86400

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
545 B 16ms
15ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js?pub=0&userId=&zoneId=4662709&checkDuplicate=true&ymid=712954172550681246&var=4138880

Requested by

Host: totalfreshwords.com
URL: https://totalfreshwords.com/pfe/current/micro.tag.min.js?z=4662709&ymid=712954172550681246&var=4138880&sw=/sw-check-permissions/4662709&uhd=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

c6c65d334d68bd9a81d32a7a63307b0df633543ec421d9a18470dd5fff4bef1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://totalfreshwords.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Wed, 09 Aug 2023 01:37:20 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://totalfreshwords.com
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H3 200 zone Show response
totalfreshwords.com/ 902 B
1 KB 33ms
33ms Fetch
application/json 172.64.129.32
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://totalfreshwords.com/zone?&pub=0&zone_id=4662709&is_mobile=false&domain=totalfreshwords.com&var=4138880&ymid=712954172550681246&var_3=&var_4=&dsig=&action=settings

Requested by

Host: totalfreshwords.com
URL: https://totalfreshwords.com/pfe/current/micro.tag.min.js?z=4662709&ymid=712954172550681246&var=4138880&sw=/sw-check-permissions/4662709&uhd=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.129.32 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2c80733126c47fd33e21e09afd114181eb5f50f9702cc02567c19c4a08964c08

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://totalfreshwords.com/?s=712954172550681246&ssk=57f6d188d91569c5b229c8a04cc5f476&svar=1691545040&z=4138880&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Wed, 09 Aug 2023 01:37:20 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-trace-id: 168f10f425fd0b8cc27ab3f29dc1a22b
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ovu5vrWc9bItdKWMHJ3xBHWi8hBvXh17cuvazLjMCLiD52NI80UFWf93HkMg%2B3%2Fx8CiU5j02Ytx%2BuuoyX50jurRhyWHaOQR48QryfjzDID43RwxrldZzY3I96AMsXqQYUggtqffy"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 7f3c45f7197a2c43-FRA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept

GET
H2 200 Primary Request / Show response
qr-captcha.com/ 20 KB
5 KB 60ms
25ms Document
text/html 139.45.197.167
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://qr-captcha.com/?t=0&ymid=712954173532152714&oaid=87f0433505070951cd2199dbf5322783

Requested by

Host: totalfreshwords.com
URL: https://totalfreshwords.com/?s=712954172550681246&ssk=57f6d188d91569c5b229c8a04cc5f476&svar=1691545040&z=4138880&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.167 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

4ac8c1d09e42e0362fcde9dbfa6baa5127a1a9901a207b030a1736bf4cf3c8f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

cache-control: public, max-age=0
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 09 Aug 2023 01:37:21 GMT
etag: W/"50f6-188c4485de8"
last-modified: Fri, 16 Jun 2023 12:57:37 GMT
server: nginx
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff

POST
H3 200 cat.php
totalfreshwords.com/ 0
760 B 37ms
36ms Ping
text/plain 172.64.129.32
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://totalfreshwords.com/cat.php?userId=87f0433505070951cd2199dbf5322783&zoneid=4662728&rb=-F2Ddf3TnyWEoHk68zoEIJ4_qWFVEqLZUDON6SBTbuJN6SKBCMylmRGJVUmdNsrpg1PV6IhgFQhFWzdu22vkIcGz0HT3TPqMGzsjBG5Yf9AuHWt_3o5IQlzdWlLtvoMI0gSWZikkDpf2Hix4rVvPUS_utRQ4SJ1Z-I57xG77lz1ay07JyJgHf2yMDchUNN4GV28gllQdTAHsWF_fePM2G5p-6wbOhMZC0CMQjqjBBHPTV2V8QzTntFCv5W1hT0_PFguZM_LFeRwRYfimJitmTd1wHMsNz1Nrgyoj9WZ96w6n-U-289UffbwwcosULjLGv747s89witg8PqWezZ3O1Rs2-tDV-BsuipsHFktC_JEuT2cwM4IwEZT3Vf59Ip4mBgZ0NOSQsqLUQAyPE2VP_nNGOtlncHj8PkMcZNlcmDBLGTCOBFDHOwPr1slvxjeOVPqaDz5LpikT2SZeVuTLvWQPl6XhrEpUV5DOxE4tKSjWiHD2&var=4138880&var3=712954172550681246&ymid=&rhd=1

Requested by

Host: totalfreshwords.com
URL: https://totalfreshwords.com/?s=712954172550681246&ssk=57f6d188d91569c5b229c8a04cc5f476&svar=1691545040&z=4138880&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.129.32 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://totalfreshwords.com/?s=712954172550681246&ssk=57f6d188d91569c5b229c8a04cc5f476&svar=1691545040&z=4138880&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 09 Aug 2023 01:37:21 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 0
x-trace-id: 5379e67f49e25a9d99bed2b8d1721083
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, OPTIONS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NdUy%2FKOavFQrzb%2F1aczLmH8%2BZqO8COXydgJW3kNJfHt812iSwaz1ldom6lkJA9VrjM1HbHVu4txtjqfxf%2BDV0pAVZ84L8FE08Jda8DwdhP3IjDcx3EDMFXlJrAZSAgQYqGqQ6Bze"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://totalfreshwords.com
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
cf-ray: 7f3c45fa5bfc2c43-FRA
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H2 200 animate.css
qr-captcha.com/Attention_files/ 78 KB
4 KB 3293ms
3293ms Stylesheet
text/css 139.45.197.167
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://qr-captcha.com/Attention_files/animate.css

Requested by

Host: qr-captcha.com
URL: https://qr-captcha.com/?t=0&ymid=712954173532152714&oaid=87f0433505070951cd2199dbf5322783

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.167 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

d1413e8c95a61b36e4ea9441e9ead3cce29089e85043b0706453597016c01fdb

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qr-captcha.com/?t=0&ymid=712954173532152714&oaid=87f0433505070951cd2199dbf5322783
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Wed, 09 Aug 2023 01:37:24 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
last-modified: Fri, 16 Jun 2023 12:57:37 GMT
server: nginx
content-encoding: br
etag: W/"1361f-188c4485de8"
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
cache-control: public, max-age=0

GET
H2 200 qrcode.js Show response
qr-captcha.com/ 32 KB
9 KB 16ms
16ms Script
application/javascript 139.45.197.167
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://qr-captcha.com/qrcode.js

Requested by

Host: qr-captcha.com
URL: https://qr-captcha.com/?t=0&ymid=712954173532152714&oaid=87f0433505070951cd2199dbf5322783

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.167 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

d2079946b3e68504ca4b983b90947803dba2fb32c48c20383e566ecee7db0ad7

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qr-captcha.com/?t=0&ymid=712954173532152714&oaid=87f0433505070951cd2199dbf5322783
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Wed, 09 Aug 2023 01:37:21 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
last-modified: Fri, 16 Jun 2023 12:57:37 GMT
server: nginx
content-encoding: br
etag: W/"80f0-188c4485de8"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=0

GET
H2 200 new_free.svg
qr-captcha.com/Attention_files/ 2 KB
2 KB 3258ms
3257ms Image
image/svg+xml 139.45.197.167
RETN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://qr-captcha.com/Attention_files/new_free.svg

Requested by

Host: qr-captcha.com
URL: https://qr-captcha.com/?t=0&ymid=712954173532152714&oaid=87f0433505070951cd2199dbf5322783

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.167 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

89bcc9a26f3ed7fb196ca1d744395e6fb79f4561ced17605eb27105a9f67e56e

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qr-captcha.com/?t=0&ymid=712954173532152714&oaid=87f0433505070951cd2199dbf5322783
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Wed, 09 Aug 2023 01:37:24 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
last-modified: Fri, 16 Jun 2023 12:57:37 GMT
server: nginx
etag: W/"609-188c4485de8"
content-type: image/svg+xml
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 1545

GET
H2 200 loading.svg
qr-captcha.com/Attention_files/ 386 B
600 B 15ms
14ms Image
image/svg+xml 139.45.197.167
RETN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://qr-captcha.com/Attention_files/loading.svg

Requested by

Host: qr-captcha.com
URL: https://qr-captcha.com/?t=0&ymid=712954173532152714&oaid=87f0433505070951cd2199dbf5322783

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.167 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

d4d917c84ef07493d6dc83306cb754ddddc1cdb4fc879e09f5b54a0b6f11d451

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://qr-captcha.com/?t=0&ymid=712954173532152714&oaid=87f0433505070951cd2199dbf5322783
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Wed, 09 Aug 2023 01:37:24 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
last-modified: Fri, 16 Jun 2023 12:57:37 GMT
server: nginx
etag: W/"182-188c4485de8"
content-type: image/svg+xml
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 386

GET h70t5stium5
qr-captcha.com/w/ 0
0

GET
DATA 200
OK truncated
/ 85 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4a711f5cd03c09fd79ae2f19bb2f71168e71c18b7562626a1ae8d99ebc3212ff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Type: image/gif

GET bg.gif
qr-captcha.com/assets/ 0
0

GET
DATA 200
OK truncated
/ 8 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3a8fc48fd72b48d3866f433a44f0c37693960ae34e03b0f143a12ba2108df08c

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Type: image/png

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: qr-captcha.com
URL: https://qr-captcha.com/w/h70t5stium5

Domain: qr-captcha.com
URL: https://qr-captcha.com/assets/bg.gif

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Scam (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
roblox.gallery/	1970-01-20 22:38:01	Name: bxdqmruqbzro Value: JUUwJUI5JTgzJUUwJUI4JTg0JUUwJUI4JUEzJTNGJTIwJUUwJUI5JTgxJUUwJUI4JTk3JUUwJUI4JTg3JUUwJUI4JTgxJUUwJUI4JUIxJUUwJUI5JThBJUUwJUI4JTgxJTIwJUUwJUI4JUFCJUUwJUI5JTg5JUUwJUI4JUIyJUUwJUI4JUExJUUwJUI4JTlCJUUwJUI4JUI0JUUwJUI4JTk0Mkc=
whairtoa.com/	1970-01-20 22:38:01	Name: OAID Value: a0836f350fd84e9bbee01edb861a5f43
whairtoa.com/	1970-01-20 22:38:01	Name: oaidts Value: 1691545039
my.rtmark.net/	1970-01-20 22:38:01	Name: ID Value: a0836f350fd84e9bbee01edb861a5f43
whairtoa.com/	1970-01-20 14:02:29	Name: syncedCookie Value: true
totalfreshwords.com/	1970-01-20 22:38:01	Name: oaidts Value: 1691545040
totalfreshwords.com/	1970-01-20 23:28:25	Name: syncedCookie Value: true
totalfreshwords.com/	1970-01-20 22:38:01	Name: OAID Value: 87f0433505070951cd2199dbf5322783
totalfreshwords.com/	1970-01-20 13:52:25	Name: prefetchAd_4662728 Value: true
totalfreshwords.com/	1970-01-20 13:52:28	Name: reverse Value: khNBgdYXRS0UJePBnHKrOwk2jXn5qIZgT_qwSpVjxkg

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://roblox.gallery/json.js?_6069795635090351 Message: Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' http: https: data: blob: 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

datatechone.com
fonts.googleapis.com
my.rtmark.net
qr-captcha.com
roblox.gallery
totalfreshwords.com
whairtoa.com
qr-captcha.com
139.45.195.253
139.45.195.8
139.45.197.167
139.45.197.238
172.64.129.32
2a00:1450:4001:82f::200a
2a06:98c1:3121::3
1dfc09eeab20ccf5454a58c2619a2a2e1424f668c9fa7d818f7781f79a0346ff
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2c80733126c47fd33e21e09afd114181eb5f50f9702cc02567c19c4a08964c08
3a8fc48fd72b48d3866f433a44f0c37693960ae34e03b0f143a12ba2108df08c
41ed542e01490d42c2975ca2ed0bd468b25fed1d77e9e94fc6ad7f3fdb49be22
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4a711f5cd03c09fd79ae2f19bb2f71168e71c18b7562626a1ae8d99ebc3212ff
4ac8c1d09e42e0362fcde9dbfa6baa5127a1a9901a207b030a1736bf4cf3c8f2
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
51a8aab72d9a7b9c6dcd455c7c96c3ed24f7f767308209c7a9afa9a6fad346a5
56c09cdddbb52eff660021ca91896cde47f956f91be4b43601d8224873bdcbcc
6f731051a6c1261548ec172ab3382b814ef9da0f8b0e6891755bf9b4a5ec0dac
841b056a724baeeeed2f3015ad7026258ac91928b826ebe2463eb982e65128e8
89bcc9a26f3ed7fb196ca1d744395e6fb79f4561ced17605eb27105a9f67e56e
8bff789be40b8393590ce6ecf50acd90cb3000b36c75a748d64a05db3f4f84f6
8c1259b475e8e2eef1d1a8544e0c1660b6a4d41b6efaf45c1e3f9b658b9e3f88
bf95f936bb11e3d9cbc37da2e13c03dbc5d0a4ec7dfdc7e759daa2ae9312f393
c6c65d334d68bd9a81d32a7a63307b0df633543ec421d9a18470dd5fff4bef1e
d1413e8c95a61b36e4ea9441e9ead3cce29089e85043b0706453597016c01fdb
d2079946b3e68504ca4b983b90947803dba2fb32c48c20383e566ecee7db0ad7
d4d917c84ef07493d6dc83306cb754ddddc1cdb4fc879e09f5b54a0b6f11d451
da10982fdb9abb5eb43f401eb5d902343fd0888db26f7744a1e00166fbdf2316
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4843e5836562316fb08542a811cd5a05467a83fd92df47b2f6b4e1a1e9df35f

qr-captcha.com Open in urlscan Pro 139.45.197.167 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

35 Requests

94 %HTTPS

29 %IPv6

7 Domains

7 Subdomains

8 IPs

3 Countries

114 kBTransfer

352 kBSize

10 Cookies

0 Outgoing links

Page URL History

Redirected requests

35 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

qr-captcha.com Open in urlscan Pro
139.45.197.167 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

35
Requests

94 %
HTTPS

29 %
IPv6

7
Domains

7
Subdomains

8
IPs

3
Countries

114 kB
Transfer

352 kB
Size

10
Cookies

35 HTTP transactions
4 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!