urlscan.io logo urlscan.io
SecurityTrails logo

filetxtxt-man3e.ondigitalocean.app Open in urlscan Pro
2606:4700::6810:f44e  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://qrmvc.frommence.click/?wow=2aVGlmZmFueS5DYXN0bGViZXJyeUBBRkdyb3VwLmNvbQ==
Effective URL: https://filetxtxt-man3e.ondigitalocean.app/4d6b192c43be83ae296adc984abf63dd/tpmcrx5e1wlp8nlkwaprr8kg361zeb.php?login=Tiffany.Castleberry&.v...
Submission: On April 27 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 11 IPs in 3 countries across 15 domains to perform 32 HTTP transactions. The main IP is 2606:4700::6810:f44e, located in United States and belongs to CLOUDFLARENET, US. The main domain is filetxtxt-man3e.ondigitalocean.app.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on October 18th 2022. Valid for: a year.
This is the only time filetxtxt-man3e.ondigitalocean.app was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

1    2606:4700:3031::6815:1c02 (United States)

ASN13335 (CLOUDFLARENET, US)
qrmvc.frommence.click
3    2001:4860:4802:34::178 (United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    13.32.121.21 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-121-21.fra60.r.cloudfront.net
sb.scorecardresearch.com
5    2606:4700::6810:f44e (United States)

ASN13335 (CLOUDFLARENET, US)
filetxtxt-man3e.ondigitalocean.app
1    2a00:1450:400c:c0a::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    2a00:1450:4001:80b::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
6    2606:4700:10::6816:4851 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.jotfor.ms
2    2a00:1450:4001:811::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
3    2606:4700::6810:7aaf (United States)

ASN13335 (CLOUDFLARENET, US)
unpkg.com
Apex Domain
Subdomains		 Transfer
6 jotfor.ms
cdn.jotfor.ms — Cisco Umbrella Rank: 41353
33 KB
5 ondigitalocean.app
filetxtxt-man3e.ondigitalocean.app
21 KB
3 unpkg.com
unpkg.com — Cisco Umbrella Rank: 1180
2 KB
3 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 91
22 KB
2 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 607
112 KB
2 scorecardresearch.com
sb.scorecardresearch.com — Cisco Umbrella Rank: 218
3 KB
1 google.de
www.google.de — Cisco Umbrella Rank: 3425
408 B
1 google.com
www.google.com — Cisco Umbrella Rank: 16
408 B
1 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 166
353 B
1 frommence.click
qrmvc.frommence.click
67 KB
0 cors.io Failed
cors.io Failed
0 afgroup.com Failed
afgroup.com Failed
0 java.com Failed
java.com Failed
0 saramin.co.kr Failed
saramin.co.kr Failed
0 xinhuanet.com Failed
xinhuanet.com Failed
32 15
Domain Requested by
6 cdn.jotfor.ms filetxtxt-man3e.ondigitalocean.app
cdn.jotfor.ms
5 filetxtxt-man3e.ondigitalocean.app 1 redirects filetxtxt-man3e.ondigitalocean.app
3 unpkg.com 2 redirects filetxtxt-man3e.ondigitalocean.app
3 www.google-analytics.com qrmvc.frommence.click
www.google-analytics.com
2 ajax.googleapis.com filetxtxt-man3e.ondigitalocean.app
2 sb.scorecardresearch.com qrmvc.frommence.click
1 www.google.de
1 www.google.com
1 stats.g.doubleclick.net www.google-analytics.com
1 qrmvc.frommence.click qrmvc.frommence.click
0 cors.io Failed filetxtxt-man3e.ondigitalocean.app
0 afgroup.com Failed filetxtxt-man3e.ondigitalocean.app
0 java.com Failed filetxtxt-man3e.ondigitalocean.app
0 saramin.co.kr Failed filetxtxt-man3e.ondigitalocean.app
0 xinhuanet.com Failed filetxtxt-man3e.ondigitalocean.app
32 15

This site contains no links.

Subject Issuer Validity Valid
frommence.click
E1		 2023-04-26 -
2023-07-25		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-04-03 -
2023-06-26		 3 months crt.sh
*.scorecardresearch.com
Amazon RSA 2048 M02		 2023-03-01 -
2024-01-28		 a year crt.sh
ondigitalocean.app
Cloudflare Inc ECC CA-3		 2022-10-18 -
2023-10-17		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-04-03 -
2023-06-26		 3 months crt.sh
www.google.com
GTS CA 1C3		 2023-04-03 -
2023-06-26		 3 months crt.sh
www.google.de
GTS CA 1C3		 2023-04-03 -
2023-06-26		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-02-10 -
2024-02-10		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2023-04-03 -
2023-06-26		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://filetxtxt-man3e.ondigitalocean.app/4d6b192c43be83ae296adc984abf63dd/tpmcrx5e1wlp8nlkwaprr8kg361zeb.php?login=Tiffany.Castleberry&.verify?service=fav=1&mail&data:text/html;charset=utf-8;base64,PGh0bWw+DgPC9zdHlsZT4NCiAgPGlmcmFt=Tiffany.Castleberry&loginID=Tiffany.Castleberry&.
Frame ID: D15F1DFFDCE0D2EF9F7465BDCDDC9FA0
Requests: 34 HTTP requests in this frame

Frame: https://afgroup.com/
Frame ID: 7F5E662CD953967B66D924409C495D82
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Authenticate AFGroup.com

Page URL History Show full URLs

  1. https://qrmvc.frommence.click/?wow=2aVGlmZmFueS5DYXN0bGViZXJyeUBBRkdyb3VwLmNvbQ== Page URL
  2. https://filetxtxt-man3e.ondigitalocean.app/ Page URL
  3. https://filetxtxt-man3e.ondigitalocean.app/wnP0q5Y11L.php HTTP 302
    https://filetxtxt-man3e.ondigitalocean.app/4d6b192c43be83ae296adc984abf63dd/load.php?token=29VGlmZmFueS5DYXN0bGViZXJyeU... Page URL
  4. https://filetxtxt-man3e.ondigitalocean.app/4d6b192c43be83ae296adc984abf63dd/tpmcrx5e1wlp8nlkwaprr8kg361zeb.php?login=Ti... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googleapis\.com/.+webfont
Overall confidence: 100%
Detected patterns
  • \.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

32
Requests

66 %
HTTPS

90 %
IPv6

15
Domains

15
Subdomains

11
IPs

3
Countries

260 kB
Transfer

791 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://qrmvc.frommence.click/?wow=2aVGlmZmFueS5DYXN0bGViZXJyeUBBRkdyb3VwLmNvbQ== Page URL
  2. https://filetxtxt-man3e.ondigitalocean.app/ Page URL
  3. https://filetxtxt-man3e.ondigitalocean.app/wnP0q5Y11L.php HTTP 302
    https://filetxtxt-man3e.ondigitalocean.app/4d6b192c43be83ae296adc984abf63dd/load.php?token=29VGlmZmFueS5DYXN0bGViZXJyeUBBRkdyb3VwLmNvbQ%3D%3D Page URL
  4. https://filetxtxt-man3e.ondigitalocean.app/4d6b192c43be83ae296adc984abf63dd/tpmcrx5e1wlp8nlkwaprr8kg361zeb.php?login=Tiffany.Castleberry&.verify?service=fav=1&mail&data:text/html;charset=utf-8;base64,PGh0bWw+DgPC9zdHlsZT4NCiAgPGlmcmFt=Tiffany.Castleberry&loginID=Tiffany.Castleberry&. Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 15
  • https://filetxtxt-man3e.ondigitalocean.app/wnP0q5Y11L.php HTTP 302
  • https://filetxtxt-man3e.ondigitalocean.app/4d6b192c43be83ae296adc984abf63dd/load.php?token=29VGlmZmFueS5DYXN0bGViZXJyeUBBRkdyb3VwLmNvbQ%3D%3D
Request Chain 25
  • https://filetxtxt-man3e.ondigitalocean.app/4d6b192c43be83ae296adc984abf63dd/resources/js/flyoutmenu.css?1001088 HTTP 0
  • http://xinhuanet.com/
Request Chain 26
  • https://filetxtxt-man3e.ondigitalocean.app/4d6b192c43be83ae296adc984abf63dd/resources/js/flyoutmenu.js?1001088 HTTP 0
  • http://saramin.co.kr/
Request Chain 28
  • https://unpkg.com/@ungap/custom-elements-builtin HTTP 302
  • https://unpkg.com/@ungap/custom-elements-builtin@0.6.5 HTTP 302
  • https://unpkg.com/@ungap/custom-elements-builtin@0.6.5/min.js
Request Chain 30
  • https://filetxtxt-man3e.ondigitalocean.app/4d6b192c43be83ae296adc984abf63dd/resources/css/global.css?1001088 HTTP 0
  • http://java.com/

32 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
qrmvc.frommence.click/ 		403 KB
67 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://qrmvc.frommence.click/?wow=2aVGlmZmFueS5DYXN0bGViZXJyeUBBRkdyb3VwLmNvbQ==
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:1c02 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ad9e0bba3081f7c0af3822e5ed03fa466733ac8d4861b8a6d24f9d72c87083be

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7be7068a3e27360e-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Thu, 27 Apr 2023 12:21:29 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VbL5i7j%2F4knfMTy%2FZvudSLPbwI%2Fk8mW27q98pozgQ%2BSxwcFivNLq3GIekVsvzPd0CsddvM%2FdUtSzHSlRRn8IMh9EPt7d78jppf9U%2F8dFG6vhURXIT4SW2imaZNzfq%2FMOKYl%2B59KExpShlZgoLLVHgsCRY%2B8%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
runtime.7f20d89c4e911307604a.js
qrmvc.frommence.click/dist/ 		0
0
vendor.2085506d54afd087ad3f.chunk.js
qrmvc.frommence.click/dist/ 		0
0
main.31dfeb50611da7e8458b.chunk.js
qrmvc.frommence.click/dist/ 		0
0
Home.bdb962fc9ab1fc23d23a.chunk.js
qrmvc.frommence.click/dist/ 		0
0
analytics.js
www.google-analytics.com/ 		51 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: qrmvc.frommence.click
URL: https://qrmvc.frommence.click/?wow=2aVGlmZmFueS5DYXN0bGViZXJyeUBBRkdyb3VwLmNvbQ==
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://qrmvc.frommence.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 27 Apr 2023 10:32:18 GMT
last-modified
Mon, 17 Apr 2023 22:36:01 GMT
server
Golfe2
age
6551
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20737
expires
Thu, 27 Apr 2023 12:32:18 GMT
beacon.js
sb.scorecardresearch.com/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sb.scorecardresearch.com/beacon.js
Requested by
Host: qrmvc.frommence.click
URL: https://qrmvc.frommence.click/?wow=2aVGlmZmFueS5DYXN0bGViZXJyeUBBRkdyb3VwLmNvbQ==
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-21.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://qrmvc.frommence.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Thu, 27 Apr 2023 05:40:28 GMT
content-encoding
gzip
via
1.1 bf791e1829ff18782cd9837fbba03616.cloudfront.net (CloudFront)
last-modified
Thu, 09 Mar 2023 09:22:40 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P1
age
24063
x-amz-server-side-encryption
AES256
etag
W/"a06e7a176f40dc26aa5e9567ac9d2d5e"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=86400
x-amz-cf-id
CXVuBboj2b-Onmxr6PjFk_FFa6EGJDutTepk1pX27GCnb1BRBP2DlQ==
/
filetxtxt-man3e.ondigitalocean.app/ 		4 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://filetxtxt-man3e.ondigitalocean.app/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:f44e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
925760536dc4d7e7715736bf8012b8bcf4a7d3d98a8c2e123a3753e077388543

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://qrmvc.frommence.click
Referer
https://qrmvc.frommence.click/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private
cf-cache-status
DYNAMIC
cf-ray
7be7068ddbe5924d-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Thu, 27 Apr 2023 12:21:30 GMT
server
cloudflare
x-do-app-origin
c8ea78e1-ae88-46f0-ba8e-924a393cd4f4
x-do-orig-status
200
b
sb.scorecardresearch.com/ 		0
226 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sb.scorecardresearch.com/b?c1=2&c2=6036484&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1682598089873&ns_c=UTF-8&c7=https%3A%2F%2Fqrmvc.frommence.click%2F%3Fwow%3D2aVGlmZmFueS5DYXN0bGViZXJyeUBBRkdyb3VwLmNvbQ%3D%3D&c8=Trending%20stories%20on%20Indian%20Lifestyle%2C%20Culture%2C%20Relationships%2C%20Food%2C%20Travel%2C%20Entertainment%2C%20News%20and%20New%20Technology%20News%20-%20Indiatimes.com&c9=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-21.fra60.r.cloudfront.net
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://qrmvc.frommence.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Thu, 27 Apr 2023 12:21:29 GMT
via
1.1 bf791e1829ff18782cd9837fbba03616.cloudfront.net (CloudFront)
accept-ch
UA, Platform, Arch, Model, Mobile
x-amz-cf-pop
FRA60-P1
x-amz-cf-id
DP7SrsRRSnzLaKOrAryrSOIiD0jwqqwW_A_fGoDMjOFaOWXMpySINg==
x-cache
Miss from cloudfront
linkid.js
www.google-analytics.com/plugins/ua/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/plugins/ua/linkid.js
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://qrmvc.frommence.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Thu, 27 Apr 2023 12:03:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1072
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
859
x-xss-protection
0
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Thu, 27 Apr 2023 13:03:37 GMT
collect
stats.g.doubleclick.net/j/ 		4 B
353 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j100&tid=UA-198011-6&cid=1795629494.1682598090&jid=1379482919&gjid=1747976584&_gid=1061722239.1682598090&_u=aGBAiEIhBAAAAEAAI~&z=277811797
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0a::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://qrmvc.frommence.click/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Thu, 27 Apr 2023 12:21:29 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://qrmvc.frommence.click
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
193 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j100&a=2121415507&t=pageview&_s=1&dl=https%3A%2F%2Fqrmvc.frommence.click%2F%3Fwow%3D2aVGlmZmFueS5DYXN0bGViZXJyeUBBRkdyb3VwLmNvbQ%3D%3D&ul=en-us&de=UTF-8&dt=Trending%20stories%20on%20Indian%20Lifestyle%2C%20Culture%2C%20Relationships%2C%20Food%2C%20Travel%2C%20Entertainment%2C%20News%20and%20New%20Technology%20News%20-%20Indiatimes.com&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGBAiEIhBAAAAAAAI~&jid=1379482919&gjid=1747976584&cid=1795629494.1682598090&tid=UA-198011-6&_gid=1061722239.1682598090&cd8=&cd9=&cd10=&cd11=&z=1252661701
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://qrmvc.frommence.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Apr 2023 10:05:11 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
8178
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/ 		42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j100&tid=UA-198011-6&cid=1795629494.1682598090&jid=1379482919&_u=aGBAiEIhBAAAAEAAI~&z=1081503345
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://qrmvc.frommence.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Apr 2023 12:21:30 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j100&tid=UA-198011-6&cid=1795629494.1682598090&jid=1379482919&_u=aGBAiEIhBAAAAEAAI~&z=1081503345
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://qrmvc.frommence.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Apr 2023 12:21:30 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3b60df3d0d46184f806db653ea98a104dd84750e461f3085a02f3c5c9629a159

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type
image/gif
load.php
filetxtxt-man3e.ondigitalocean.app/4d6b192c43be83ae296adc984abf63dd/
Redirect Chain
  • https://filetxtxt-man3e.ondigitalocean.app/wnP0q5Y11L.php
  • https://filetxtxt-man3e.ondigitalocean.app/4d6b192c43be83ae296adc984abf63dd/load.php?token=29VGlmZmFueS5DYXN0bGViZXJyeUBBRkdyb3VwLmNvbQ%3D%3D
5 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://filetxtxt-man3e.ondigitalocean.app/4d6b192c43be83ae296adc984abf63dd/load.php?token=29VGlmZmFueS5DYXN0bGViZXJyeUBBRkdyb3VwLmNvbQ%3D%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:f44e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cb4f2bbadf3d50e4cc3ae73a1ef661c6ed2a1934ca6695d990508d883135771a

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://filetxtxt-man3e.ondigitalocean.app
Referer
https://filetxtxt-man3e.ondigitalocean.app/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private
cf-cache-status
MISS
cf-ray
7be706b3bf5c924d-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Thu, 27 Apr 2023 12:21:36 GMT
last-modified
Thu, 27 Apr 2023 12:21:36 GMT
server
cloudflare
vary
Accept-Encoding
x-do-app-origin
c8ea78e1-ae88-46f0-ba8e-924a393cd4f4
x-do-orig-status
200

Redirect headers

cache-control
private
cf-cache-status
DYNAMIC
cf-ray
7be70692390b924d-FRA
content-type
text/html; charset=UTF-8
date
Thu, 27 Apr 2023 12:21:35 GMT
location
4d6b192c43be83ae296adc984abf63dd/load.php?token=29VGlmZmFueS5DYXN0bGViZXJyeUBBRkdyb3VwLmNvbQ%3D%3D
server
cloudflare
x-do-app-origin
c8ea78e1-ae88-46f0-ba8e-924a393cd4f4
x-do-orig-status
302
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3b60df3d0d46184f806db653ea98a104dd84750e461f3085a02f3c5c9629a159

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type
image/gif
Primary Request tpmcrx5e1wlp8nlkwaprr8kg361zeb.php
filetxtxt-man3e.ondigitalocean.app/4d6b192c43be83ae296adc984abf63dd/ 		41 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://filetxtxt-man3e.ondigitalocean.app/4d6b192c43be83ae296adc984abf63dd/tpmcrx5e1wlp8nlkwaprr8kg361zeb.php?login=Tiffany.Castleberry&.verify?service=fav=1&mail&data:text/html;charset=utf-8;base64,PGh0bWw+DgPC9zdHlsZT4NCiAgPGlmcmFt=Tiffany.Castleberry&loginID=Tiffany.Castleberry&.
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:f44e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ebe772ae5f1caede0fccfba9f270d1cb775a490ea29adfbe5b3926a4dcd135b8

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://filetxtxt-man3e.ondigitalocean.app
Referer
https://filetxtxt-man3e.ondigitalocean.app/4d6b192c43be83ae296adc984abf63dd/load.php?token=29VGlmZmFueS5DYXN0bGViZXJyeUBBRkdyb3VwLmNvbQ%3D%3D
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private
cf-cache-status
DYNAMIC
cf-ray
7be706b7acb0924d-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Thu, 27 Apr 2023 12:21:36 GMT
server
cloudflare
x-do-app-origin
c8ea78e1-ae88-46f0-ba8e-924a393cd4f4
x-do-orig-status
200
formCss.css
cdn.jotfor.ms/static/ 		57 KB
14 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jotfor.ms/static/formCss.css?3.3.16036
Requested by
Host: filetxtxt-man3e.ondigitalocean.app
URL: https://filetxtxt-man3e.ondigitalocean.app/4d6b192c43be83ae296adc984abf63dd/tpmcrx5e1wlp8nlkwaprr8kg361zeb.php?login=Tiffany.Castleberry&.verify?service=fav=1&mail&data:text/html;charset=utf-8;base64,PGh0bWw+DgPC9zdHlsZT4NCiAgPGlmcmFt=Tiffany.Castleberry&loginID=Tiffany.Castleberry&.
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4851 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ad5556058f1a09376426ded120c9cba7b5d36a855101d8f261904d5ac53d067c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://filetxtxt-man3e.ondigitalocean.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Thu, 27 Apr 2023 12:21:36 GMT
content-encoding
gzip
via
1.1 google
cf-cache-status
MISS
last-modified
Thu, 27 Apr 2023 12:15:26 GMT
server
cloudflare
etag
W/"644a675e-e445"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=315360000
cf-ray
7be706b91b3139e2-FRA
expires
Thu, 31 Dec 2037 23:55:55 GMT
nova.css
cdn.jotfor.ms/css/styles/ 		37 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jotfor.ms/css/styles/nova.css?3.3.16036
Requested by
Host: filetxtxt-man3e.ondigitalocean.app
URL: https://filetxtxt-man3e.ondigitalocean.app/4d6b192c43be83ae296adc984abf63dd/tpmcrx5e1wlp8nlkwaprr8kg361zeb.php?login=Tiffany.Castleberry&.verify?service=fav=1&mail&data:text/html;charset=utf-8;base64,PGh0bWw+DgPC9zdHlsZT4NCiAgPGlmcmFt=Tiffany.Castleberry&loginID=Tiffany.Castleberry&.
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4851 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0e1f90cb5bf3415bbbd1964a6c5e4c8ea536ed9e94fe4546743a58b7ac159858

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://filetxtxt-man3e.ondigitalocean.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-static
2
date
Thu, 27 Apr 2023 12:21:36 GMT
content-encoding
gzip
via
1.1 google
cf-cache-status
MISS
last-modified
Fri, 07 Apr 2023 08:25:41 GMT
server
cloudflare
etag
W/"642fd385-9240"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=86400
cf-ray
7be706b91b3239e2-FRA
expires
Thu, 01 Jan 1970 00:00:01 GMT
566a91c2977cdfcd478b4567.css
cdn.jotfor.ms/themes/CSS/ 		12 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jotfor.ms/themes/CSS/566a91c2977cdfcd478b4567.css?
Requested by
Host: filetxtxt-man3e.ondigitalocean.app
URL: https://filetxtxt-man3e.ondigitalocean.app/4d6b192c43be83ae296adc984abf63dd/tpmcrx5e1wlp8nlkwaprr8kg361zeb.php?login=Tiffany.Castleberry&.verify?service=fav=1&mail&data:text/html;charset=utf-8;base64,PGh0bWw+DgPC9zdHlsZT4NCiAgPGlmcmFt=Tiffany.Castleberry&loginID=Tiffany.Castleberry&.
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4851 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2921532e0d96e30b36806c12dcbe0422c061459e5df60888b217f410b464f2fa

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://filetxtxt-man3e.ondigitalocean.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Thu, 27 Apr 2023 12:21:36 GMT
content-encoding
gzip
via
1.1 google
cf-cache-status
HIT
age
3545821
content-security-policy-report-only
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; report-uri /opt/csp-violation-report.php
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
pragma
no-cache
last-modified
Thu, 16 Mar 2023 14:14:38 GMT
server
cloudflare
etag
W/"f31f0f3ab422a7352c46fed9f874da1e"
vary
Accept-Encoding
content-type
text/css;charset=UTF-8
cache-control
max-age=86400
x-form-cache
MISS-APP
cf-ray
7be706b91b3439e2-FRA
expires
Thu, 01 Jan 1970 00:00:01 GMT
webfont.js
ajax.googleapis.com/ajax/libs/webfont/1.4.2/ 		18 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/webfont/1.4.2/webfont.js
Requested by
Host: filetxtxt-man3e.ondigitalocean.app
URL: https://filetxtxt-man3e.ondigitalocean.app/4d6b192c43be83ae296adc984abf63dd/tpmcrx5e1wlp8nlkwaprr8kg361zeb.php?login=Tiffany.Castleberry&.verify?service=fav=1&mail&data:text/html;charset=utf-8;base64,PGh0bWw+DgPC9zdHlsZT4NCiAgPGlmcmFt=Tiffany.Castleberry&loginID=Tiffany.Castleberry&.
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
52ed15904751d037ad3a0835c1df150485c6d1b815355bbad1ccad6fda5f4e9b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://filetxtxt-man3e.ondigitalocean.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Fri, 21 Apr 2023 18:05:08 GMT
x-content-type-options
nosniff
age
497788
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
18365
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 20 Apr 2024 18:05:08 GMT
printForm.css
cdn.jotfor.ms/css/ 		456 B
394 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jotfor.ms/css/printForm.css?3.3.16036
Requested by
Host: filetxtxt-man3e.ondigitalocean.app
URL: https://filetxtxt-man3e.ondigitalocean.app/4d6b192c43be83ae296adc984abf63dd/tpmcrx5e1wlp8nlkwaprr8kg361zeb.php?login=Tiffany.Castleberry&.verify?service=fav=1&mail&data:text/html;charset=utf-8;base64,PGh0bWw+DgPC9zdHlsZT4NCiAgPGlmcmFt=Tiffany.Castleberry&loginID=Tiffany.Castleberry&.
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4851 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b23b22d37aabecfaf4922f97f2b1fa93da87fd0a284624f7f8fa00bf40b37cb7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://filetxtxt-man3e.ondigitalocean.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

expires
Thu, 01 Jan 1970 00:00:01 GMT
date
Thu, 27 Apr 2023 12:21:37 GMT
via
1.1 google
content-encoding
gzip
cf-cache-status
MISS
last-modified
Thu, 24 Nov 2022 12:22:16 GMT
server
cloudflare
etag
W/"637f61f8-1c8"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=86400
cf-ray
7be706ba0c7739e2-FRA
x-static
2
control_appointment.css
cdn.jotfor.ms/stylebuilder/ 		17 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jotfor.ms/stylebuilder/control_appointment.css
Requested by
Host: cdn.jotfor.ms
URL: https://cdn.jotfor.ms/css/styles/nova.css?3.3.16036
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4851 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7ec9698c0010549046b692efe833d7d57a488d72b79feff7fa4be58fb21aa8b0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.jotfor.ms/css/styles/nova.css?3.3.16036
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Thu, 27 Apr 2023 12:21:36 GMT
content-encoding
gzip
via
1.1 google
cf-cache-status
HIT
age
3548132
content-security-policy-report-only
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; report-uri /opt/csp-violation-report.php
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
global-router
true
x-static
2
pragma
no-cache
last-modified
Fri, 17 Mar 2023 10:45:56 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/css;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=86400
x-form-cache
MISS-APP
cf-ray
7be706ba0c7a39e2-FRA
expires
Thu, 01 Jan 1970 00:00:01 GMT, Thu, 01 Jan 1970 00:00:01 GMT
control_inline.css
cdn.jotfor.ms/stylebuilder/ 		28 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jotfor.ms/stylebuilder/control_inline.css
Requested by
Host: cdn.jotfor.ms
URL: https://cdn.jotfor.ms/css/styles/nova.css?3.3.16036
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:4851 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cb6b6901cb9b9d2ce623128512f9092b18fa853ac3bc789773b3e68e16768036

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdn.jotfor.ms/css/styles/nova.css?3.3.16036
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Thu, 27 Apr 2023 12:21:36 GMT
content-encoding
gzip
via
1.1 google
cf-cache-status
HIT
age
3548146
content-security-policy-report-only
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; report-uri /opt/csp-violation-report.php
p3p
CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
global-router
true
x-static
2
pragma
no-cache
last-modified
Fri, 17 Mar 2023 10:45:44 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/css;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=86400
x-form-cache
MISS-APP
cf-ray
7be706ba0c7c39e2-FRA
expires
Thu, 01 Jan 1970 00:00:01 GMT, Thu, 01 Jan 1970 00:00:01 GMT
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.11.1/ 		94 KB
94 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js
Requested by
Host: filetxtxt-man3e.ondigitalocean.app
URL: https://filetxtxt-man3e.ondigitalocean.app/4d6b192c43be83ae296adc984abf63dd/tpmcrx5e1wlp8nlkwaprr8kg361zeb.php?login=Tiffany.Castleberry&.verify?service=fav=1&mail&data:text/html;charset=utf-8;base64,PGh0bWw+DgPC9zdHlsZT4NCiAgPGlmcmFt=Tiffany.Castleberry&loginID=Tiffany.Castleberry&.
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://filetxtxt-man3e.ondigitalocean.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 22 Apr 2023 14:55:02 GMT
x-content-type-options
nosniff
age
422795
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
95786
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 21 Apr 2024 14:55:02 GMT
/
xinhuanet.com/
Redirect Chain
  • https://filetxtxt-man3e.ondigitalocean.app/4d6b192c43be83ae296adc984abf63dd/resources/js/flyoutmenu.css?1001088
  • http://xinhuanet.com/
0
0
/
saramin.co.kr/
Redirect Chain
  • https://filetxtxt-man3e.ondigitalocean.app/4d6b192c43be83ae296adc984abf63dd/resources/js/flyoutmenu.js?1001088
  • http://saramin.co.kr/
0
0
global.css
filetxtxt-man3e.ondigitalocean.app/4d6b192c43be83ae296adc984abf63dd/resources/css/ 		0
0
min.js
unpkg.com/@ungap/custom-elements-builtin@0.6.5/
Redirect Chain
  • https://unpkg.com/@ungap/custom-elements-builtin
  • https://unpkg.com/@ungap/custom-elements-builtin@0.6.5
  • https://unpkg.com/@ungap/custom-elements-builtin@0.6.5/min.js
3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://unpkg.com/@ungap/custom-elements-builtin@0.6.5/min.js
Requested by
Host: filetxtxt-man3e.ondigitalocean.app
URL: https://filetxtxt-man3e.ondigitalocean.app/4d6b192c43be83ae296adc984abf63dd/tpmcrx5e1wlp8nlkwaprr8kg361zeb.php?login=Tiffany.Castleberry&.verify?service=fav=1&mail&data:text/html;charset=utf-8;base64,PGh0bWw+DgPC9zdHlsZT4NCiAgPGlmcmFt=Tiffany.Castleberry&loginID=Tiffany.Castleberry&.
Protocol
H2
Server
2606:4700::6810:7aaf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c226073a8935761439e5638028b49d180f072e1936f639daed65c9f6accc1b07
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://filetxtxt-man3e.ondigitalocean.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Thu, 27 Apr 2023 12:21:37 GMT
via
1.1 fly.io
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
5002579
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id
01FX0CKRZ0C63B79TZVE1GYP52-fra
server
cloudflare
etag
W/"c21-bikpPrGKFSa63gUSdMjSFgcBrCk"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
7be706bc09a99b83-FRA

Redirect headers

date
Thu, 27 Apr 2023 12:21:37 GMT
via
1.1 fly.io
x-content-type-options
nosniff
cf-cache-status
HIT
fly-request-id
01GVCCW0T5S144EXH6D5SSVQEK-fra
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
3923472
vary
Accept, Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
location
/@ungap/custom-elements-builtin@0.6.5/min.js
cache-control
public, max-age=31536000
cf-ray
7be706bbe97e9b83-FRA
x-frame-bypass.js
filetxtxt-man3e.ondigitalocean.app/engine/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://filetxtxt-man3e.ondigitalocean.app/engine/x-frame-bypass.js
Requested by
Host: filetxtxt-man3e.ondigitalocean.app
URL: https://filetxtxt-man3e.ondigitalocean.app/4d6b192c43be83ae296adc984abf63dd/tpmcrx5e1wlp8nlkwaprr8kg361zeb.php?login=Tiffany.Castleberry&.verify?service=fav=1&mail&data:text/html;charset=utf-8;base64,PGh0bWw+DgPC9zdHlsZT4NCiAgPGlmcmFt=Tiffany.Castleberry&loginID=Tiffany.Castleberry&.
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:f44e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b2a786229d4e76551baac6ab56e6374769828a414f02955863ea098d5886309a

Request headers

Referer
https://filetxtxt-man3e.ondigitalocean.app/4d6b192c43be83ae296adc984abf63dd/tpmcrx5e1wlp8nlkwaprr8kg361zeb.php?login=Tiffany.Castleberry&.verify?service=fav=1&mail&data:text/html;charset=utf-8;base64,PGh0bWw+DgPC9zdHlsZT4NCiAgPGlmcmFt=Tiffany.Castleberry&loginID=Tiffany.Castleberry&.
Origin
https://filetxtxt-man3e.ondigitalocean.app
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Thu, 27 Apr 2023 12:21:37 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Tue, 01 Jan 1980 00:00:01 GMT
server
cloudflare
x-do-app-origin
c8ea78e1-ae88-46f0-ba8e-924a393cd4f4
x-do-orig-status
200
etag
W/"9c1-11ef9b484c240"
vary
Accept-Encoding
content-type
application/javascript
cache-control
private
cf-ray
7be706bb698e924d-FRA
/
java.com/
Redirect Chain
  • https://filetxtxt-man3e.ondigitalocean.app/4d6b192c43be83ae296adc984abf63dd/resources/css/global.css?1001088
  • http://java.com/
0
0
/
afgroup.com/ Frame 7F5E 		0
0
truncated
/ 		7 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
128da03c97f2bf3cffb2c078c0b360ce4cb88100f5a0d0ff4533cd64e5006d61

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type
image/jpeg
/
cors.io/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
qrmvc.frommence.click
URL
https://qrmvc.frommence.click/dist/runtime.7f20d89c4e911307604a.js
Domain
qrmvc.frommence.click
URL
https://qrmvc.frommence.click/dist/vendor.2085506d54afd087ad3f.chunk.js
Domain
qrmvc.frommence.click
URL
https://qrmvc.frommence.click/dist/main.31dfeb50611da7e8458b.chunk.js
Domain
qrmvc.frommence.click
URL
https://qrmvc.frommence.click/dist/Home.bdb962fc9ab1fc23d23a.chunk.js
Domain
xinhuanet.com
URL
http://xinhuanet.com/
Domain
saramin.co.kr
URL
http://saramin.co.kr/
Domain
filetxtxt-man3e.ondigitalocean.app
URL
https://filetxtxt-man3e.ondigitalocean.app/4d6b192c43be83ae296adc984abf63dd/resources/css/global.css?1001088
Domain
java.com
URL
http://java.com/
Domain
afgroup.com
URL
https://afgroup.com/
Domain
cors.io
URL
https://cors.io/?https://afgroup.com/

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 boolean| credentialless boolean| Ha object| webfont object| WebFont function| $ function| jQuery object| swRegisterManager function| swPostRegister

5 Cookies

Domain/Path Name / Value
.frommence.click/ Name: _ga
Value: GA1.2.1795629494.1682598090
.frommence.click/ Name: _gid
Value: GA1.2.1061722239.1682598090
.frommence.click/ Name: _gat
Value: 1
filetxtxt-man3e.ondigitalocean.app/ Name: xlogin
Value: dGlmZmFueS5jYXN0bGViZXJyeUBhZmdyb3VwLmNvbQ%3D%3D
filetxtxt-man3e.ondigitalocean.app/ Name: ip
Value: MmEwMzoxYjIwOjY6ZjAxMTo6NmU%3D

3 Console Messages

Source Level URL
Text
security error URL: https://filetxtxt-man3e.ondigitalocean.app/4d6b192c43be83ae296adc984abf63dd/tpmcrx5e1wlp8nlkwaprr8kg361zeb.php?login=Tiffany.Castleberry&.verify?service=fav=1&mail&data:text/html;charset=utf-8;base64,PGh0bWw+DgPC9zdHlsZT4NCiAgPGlmcmFt=Tiffany.Castleberry&loginID=Tiffany.Castleberry&.#n=1252899642&fid=1
Message:
Mixed Content: The page at 'https://filetxtxt-man3e.ondigitalocean.app/4d6b192c43be83ae296adc984abf63dd/tpmcrx5e1wlp8nlkwaprr8kg361zeb.php?login=Tiffany.Castleberry&.verify?service=fav=1&mail&data:text/html;charset=utf-8;base64,PGh0bWw+DgPC9zdHlsZT4NCiAgPGlmcmFt=Tiffany.Castleberry&loginID=Tiffany.Castleberry&.#n=1252899642&fid=1' was loaded over HTTPS, but requested an insecure stylesheet 'http://xinhuanet.com/'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://filetxtxt-man3e.ondigitalocean.app/4d6b192c43be83ae296adc984abf63dd/tpmcrx5e1wlp8nlkwaprr8kg361zeb.php?login=Tiffany.Castleberry&.verify?service=fav=1&mail&data:text/html;charset=utf-8;base64,PGh0bWw+DgPC9zdHlsZT4NCiAgPGlmcmFt=Tiffany.Castleberry&loginID=Tiffany.Castleberry&.#n=1252899642&fid=1
Message:
Mixed Content: The page at 'https://filetxtxt-man3e.ondigitalocean.app/4d6b192c43be83ae296adc984abf63dd/tpmcrx5e1wlp8nlkwaprr8kg361zeb.php?login=Tiffany.Castleberry&.verify?service=fav=1&mail&data:text/html;charset=utf-8;base64,PGh0bWw+DgPC9zdHlsZT4NCiAgPGlmcmFt=Tiffany.Castleberry&loginID=Tiffany.Castleberry&.#n=1252899642&fid=1' was loaded over HTTPS, but requested an insecure script 'http://saramin.co.kr/'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://filetxtxt-man3e.ondigitalocean.app/4d6b192c43be83ae296adc984abf63dd/tpmcrx5e1wlp8nlkwaprr8kg361zeb.php?login=Tiffany.Castleberry&.verify?service=fav=1&mail&data:text/html;charset=utf-8;base64,PGh0bWw+DgPC9zdHlsZT4NCiAgPGlmcmFt=Tiffany.Castleberry&loginID=Tiffany.Castleberry&.#n=1252899642&fid=1
Message:
Mixed Content: The page at 'https://filetxtxt-man3e.ondigitalocean.app/4d6b192c43be83ae296adc984abf63dd/tpmcrx5e1wlp8nlkwaprr8kg361zeb.php?login=Tiffany.Castleberry&.verify?service=fav=1&mail&data:text/html;charset=utf-8;base64,PGh0bWw+DgPC9zdHlsZT4NCiAgPGlmcmFt=Tiffany.Castleberry&loginID=Tiffany.Castleberry&.#n=1252899642&fid=1' was loaded over HTTPS, but requested an insecure stylesheet 'http://java.com/'. This request has been blocked; the content must be served over HTTPS.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

afgroup.com
ajax.googleapis.com
cdn.jotfor.ms
cors.io
filetxtxt-man3e.ondigitalocean.app
java.com
qrmvc.frommence.click
saramin.co.kr
sb.scorecardresearch.com
stats.g.doubleclick.net
unpkg.com
www.google-analytics.com
www.google.com
www.google.de
xinhuanet.com
afgroup.com
cors.io
filetxtxt-man3e.ondigitalocean.app
java.com
qrmvc.frommence.click
saramin.co.kr
xinhuanet.com
13.32.121.21
2001:4860:4802:34::178
2606:4700:10::6816:4851
2606:4700:3031::6815:1c02
2606:4700::6810:7aaf
2606:4700::6810:f44e
2a00:1450:4001:80b::2004
2a00:1450:4001:811::200a
2a00:1450:4001:812::2003
2a00:1450:400c:c0a::9b
0e1f90cb5bf3415bbbd1964a6c5e4c8ea536ed9e94fe4546743a58b7ac159858
128da03c97f2bf3cffb2c078c0b360ce4cb88100f5a0d0ff4533cd64e5006d61
2921532e0d96e30b36806c12dcbe0422c061459e5df60888b217f410b464f2fa
3b60df3d0d46184f806db653ea98a104dd84750e461f3085a02f3c5c9629a159
52ed15904751d037ad3a0835c1df150485c6d1b815355bbad1ccad6fda5f4e9b
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
7ec9698c0010549046b692efe833d7d57a488d72b79feff7fa4be58fb21aa8b0
925760536dc4d7e7715736bf8012b8bcf4a7d3d98a8c2e123a3753e077388543
ad5556058f1a09376426ded120c9cba7b5d36a855101d8f261904d5ac53d067c
ad9e0bba3081f7c0af3822e5ed03fa466733ac8d4861b8a6d24f9d72c87083be
b23b22d37aabecfaf4922f97f2b1fa93da87fd0a284624f7f8fa00bf40b37cb7
b2a786229d4e76551baac6ab56e6374769828a414f02955863ea098d5886309a
c226073a8935761439e5638028b49d180f072e1936f639daed65c9f6accc1b07
cb4f2bbadf3d50e4cc3ae73a1ef661c6ed2a1934ca6695d990508d883135771a
cb6b6901cb9b9d2ce623128512f9092b18fa853ac3bc789773b3e68e16768036
ebe772ae5f1caede0fccfba9f270d1cb775a490ea29adfbe5b3926a4dcd135b8