qr-captcha.com Open in urlscan Pro
139.45.197.167 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://deslatiosan.com/4/5998989/?var=5532923
Effective URL:
https://qr-captcha.com/?t=0&ymid=712359392842092815&oaid=e6f66ac5e55b423a83e31eab09b357d5
Submission: On August 07 via api (August 7th 2023, 10:13:57 am UTC) from US — Scanned from GB

Summary HTTP 29 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 2 countries across 5 domains to perform 29 HTTP transactions. The main IP is 139.45.197.167, located in and belongs to . The main domain is qr-captcha.com.
TLS certificate: Issued by R3 on June 16th 2023. Valid for: 3 months.

This is the only time qr-captcha.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	139.45.197.238 139.45.197.238	9002 (RETN-AS) (RETN-AS)
4	139.45.195.8 139.45.195.8	9002 (RETN-AS) (RETN-AS)
17	172.64.128.32 172.64.128.32	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:10:... 2606:4700:10::6816:1974	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	139.45.197.167 139.45.197.167	() ()
29	6

1 139.45.197.238 (United Kingdom)

ASN9002 (RETN-AS, GB)

deslatiosan.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 139.45.195.8 (United Kingdom)

ASN9002 (RETN-AS, GB)

my.rtmark.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 172.64.128.32 (United States)

ASN13335 (CLOUDFLARENET, US)

totalfreshwords.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::6816:1974 (United States)

ASN13335 (CLOUDFLARENET, US)

littlecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.45.197.167 (None, )

ASN- ()

qr-captcha.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	totalfreshwords.com totalfreshwords.com	62 KB
4	rtmark.net my.rtmark.net — Cisco Umbrella Rank: 10960	2 KB
2	littlecdn.com littlecdn.com — Cisco Umbrella Rank: 14984	3 KB
1	qr-captcha.com qr-captcha.com	5 KB
1	deslatiosan.com deslatiosan.com	2 KB
29	5

	Domain	Requested by
17	totalfreshwords.com	deslatiosan.com totalfreshwords.com
4	my.rtmark.net	deslatiosan.com totalfreshwords.com
2	littlecdn.com	totalfreshwords.com
1	qr-captcha.com	totalfreshwords.com qr-captcha.com
1	deslatiosan.com
29	5

This site contains no links.

Subject Issuer	Validity	Valid
deslatiosan.com R3	`2023-07-15` - `2023-10-13`	3 months	crt.sh
rtmark.net R3	`2023-07-25` - `2023-10-23`	3 months	crt.sh
totalfreshwords.com E1	`2023-07-22` - `2023-10-20`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-04-11` - `2024-04-10`	a year	crt.sh
qr-captcha.com R3	`2023-06-16` - `2023-09-14`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://qr-captcha.com/?t=0&ymid=712359392842092815&oaid=e6f66ac5e55b423a83e31eab09b357d5
Frame ID: E4663FE4F42B446AA92AC8BBE030C29A
Requests: 29 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://deslatiosan.com/4/5998989/?var=5532923 Page URL
https://totalfreshwords.com/?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=GB&hr=0&i18db=1&l=gnSq6b... Page URL
https://totalfreshwords.com/?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=GB&hr=0&i18db=1&l=gnSq6b... Page URL
https://qr-captcha.com/?t=0&ymid=712359392842092815&oaid=e6f66ac5e55b423a83e31eab09b357d5 Page URL

Page Statistics

29
Requests

86 %
HTTPS

20 %
IPv6

5
Domains

5
Subdomains

6
IPs

2
Countries

74 kB
Transfer

166 kB
Size

8
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://deslatiosan.com/4/5998989/?var=5532923 Page URL
https://totalfreshwords.com/?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=GB&hr=0&i18db=1&l=gnSq6b3k7lHvVR4&oaid=e6f66ac5e55b423a83e31eab09b357d5&pshr=0&rd=0&s=712359390430367837&ssk=caeab60e816cf8fd7f788c52b16ab663&svar=1691403232&tb=5202628&tbad=5234825&vi=0&vo=0&z=5998989 Page URL
https://totalfreshwords.com/?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=GB&hr=0&i18db=1&l=gnSq6b3k7lHvVR4&oaid=e6f66ac5e55b423a83e31eab09b357d5&pshr=0&rd=0&s=712359390430367837&ssk=caeab60e816cf8fd7f788c52b16ab663&svar=1691403232&tb=5202628&tbad=5234825&vi=0&vo=0&z=5998989&rdc=2 Page URL
https://qr-captcha.com/?t=0&ymid=712359392842092815&oaid=e6f66ac5e55b423a83e31eab09b357d5 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

29 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 /
deslatiosan.com/4/5998989/ 2 KB
2 KB 153ms
46ms Document
text/html 139.45.197.238
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://deslatiosan.com/4/5998989/?var=5532923
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.238 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: * *
access-control-max-age: 86400
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0 no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
content-type: text/html; charset=utf8
date: Mon, 07 Aug 2023 10:13:52 GMT
expires: Tue, 11 Jan 1994 10:00:00 GMT Mon, 26 Jul 1997 05:00:00 GMT
link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch" <https://totalfreshwords.com>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://me9qgidaa.com>; rel="preconnect dns-prefetch"
pragma: no-cache no-cache
server: nginx
timing-allow-origin: *
x-trace-id: 3839536d977151e9638519dd04d3d391

POST
H2 200 img.gif
my.rtmark.net/ 43 B
506 B 141ms
43ms Ping
image/gif 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/img.gif?f=merge&userId=e6f66ac5e55b423a83e31eab09b357d5

Requested by

Host: deslatiosan.com
URL: https://deslatiosan.com/4/5998989/?var=5532923

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 10:13:52 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: image/gif
access-control-allow-origin: https://deslatiosan.com
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 43

GET
H2 200 / Show response
totalfreshwords.com/ 32 KB
12 KB 175ms
99ms Document
text/html 172.64.128.32
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://totalfreshwords.com/?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=GB&hr=0&i18db=1&l=gnSq6b3k7lHvVR4&oaid=e6f66ac5e55b423a83e31eab09b357d5&pshr=0&rd=0&s=712359390430367837&ssk=caeab60e816cf8fd7f788c52b16ab663&svar=1691403232&tb=5202628&tbad=5234825&vi=0&vo=0&z=5998989
Requested by: Host: deslatiosan.com
URL: https://deslatiosan.com/4/5998989/?var=5532923
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.128.32 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.33
Resource Hash: 055718ad012245cea6b67e2e7805bfd22cc7761296b25e34e74bcb5c433e6429

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-origin: *
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7f2ebfdc9fef48af-LHR
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 07 Aug 2023 10:13:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ddHzXFA4994E2XrkQie24p8TM55wpng%2BTM04qmvl313flAhWNZxxD5ZT0ehOhUUVnFv0T7H4bpsTjG8HIHhup61Vc9OI9%2BJJ83acNxxPak%2FMxj3cgT4TKoPaIWi%2Fxvbe1GooIcTL"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-powered-by: PHP/7.4.33

GET
H2 200 style.css
littlecdn.com/apps/templates/subscriptions/universal/css/ 7 KB
2 KB 111ms
40ms Stylesheet
text/css 2606:4700:10::6816:1974
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://littlecdn.com/apps/templates/subscriptions/universal/css/style.css?v=2
Requested by: Host: totalfreshwords.com
URL: https://totalfreshwords.com/?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=GB&hr=0&i18db=1&l=gnSq6b3k7lHvVR4&oaid=e6f66ac5e55b423a83e31eab09b357d5&pshr=0&rd=0&s=712359390430367837&ssk=caeab60e816cf8fd7f788c52b16ab663&svar=1691403232&tb=5202628&tbad=5234825&vi=0&vo=0&z=5998989
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1974 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4335283743eb9e075b61c5870fd9a6ef1077eeb5369044b1d614a32a098b4779

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://totalfreshwords.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 10:13:52 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 31 Jul 2023 15:22:23 GMT
server: cloudflare
age: 4491
etag: W/"64c7d1af-1bb3"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS, HEAD
content-type: text/css
access-control-allow-origin: *
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=3600
cf-ray: 7f2ebfddce1c887d-LHR
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
545 B 45ms
44ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js?userId=e6f66ac5e55b423a83e31eab09b357d5

Requested by

Host: totalfreshwords.com
URL: https://totalfreshwords.com/?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=GB&hr=0&i18db=1&l=gnSq6b3k7lHvVR4&oaid=e6f66ac5e55b423a83e31eab09b357d5&pshr=0&rd=0&s=712359390430367837&ssk=caeab60e816cf8fd7f788c52b16ab663&svar=1691403232&tb=5202628&tbad=5234825&vi=0&vo=0&z=5998989

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

d37d8ac1d5cd06bb6f7f3a80ba2385cc35a0b2900aac26c217f21e9c130f120c

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://totalfreshwords.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 10:13:52 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://totalfreshwords.com
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H2 200 micro.tag.min.js Show response
totalfreshwords.com/pfe/current/ 26 KB
10 KB 68ms
67ms Script
application/javascript 172.64.128.32
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://totalfreshwords.com/pfe/current/micro.tag.min.js?z=5202932&ymid=712359390430367837&var=5998989&sw=/sw-check-permissions/5202932&uhd=1
Requested by: Host: totalfreshwords.com
URL: https://totalfreshwords.com/?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=GB&hr=0&i18db=1&l=gnSq6b3k7lHvVR4&oaid=e6f66ac5e55b423a83e31eab09b357d5&pshr=0&rd=0&s=712359390430367837&ssk=caeab60e816cf8fd7f788c52b16ab663&svar=1691403232&tb=5202628&tbad=5234825&vi=0&vo=0&z=5998989
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.128.32 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8bff789be40b8393590ce6ecf50acd90cb3000b36c75a748d64a05db3f4f84f6

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://totalfreshwords.com/?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=GB&hr=0&i18db=1&l=gnSq6b3k7lHvVR4&oaid=e6f66ac5e55b423a83e31eab09b357d5&pshr=0&rd=0&s=712359390430367837&ssk=caeab60e816cf8fd7f788c52b16ab663&svar=1691403232&tb=5202628&tbad=5234825&vi=0&vo=0&z=5998989
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Aug 2023 10:13:52 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 04 Aug 2023 11:40:28 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"64cce3ac-689b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TZKt1%2FyUf73iu0baMWvWjSWd8Tn%2FWS8gdBXlOuQ3HgrfDynBRQlmyVXaFsVQDPSqolqqVUMEmUsAilr5XZmJDTkBWX%2Fz%2FVHiqBaGy7juWO73hsca2J7O6yC2XUUGhCh%2BsI5cT4wA"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
access-control-allow-credentials: true
cf-ray: 7f2ebfdd58cd48af-LHR
alt-svc: h3=":443"; ma=86400

GET
H2 200 / Show response
totalfreshwords.com/19/5202628/ 3 KB
3 KB 49ms
49ms XHR
application/json 172.64.128.32
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://totalfreshwords.com/19/5202628/?abt_opts=1&var=5998989&var3=712359390430367837&ymid=&rhd=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.128.32 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d4feb6892ca2d64175383a9a5167828bb8eacd399078eef04d6458e33091b3a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://totalfreshwords.com/?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=GB&hr=0&i18db=1&l=gnSq6b3k7lHvVR4&oaid=e6f66ac5e55b423a83e31eab09b357d5&pshr=0&rd=0&s=712359390430367837&ssk=caeab60e816cf8fd7f788c52b16ab663&svar=1691403232&tb=5202628&tbad=5234825&vi=0&vo=0&z=5998989
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 10:13:52 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-trace-id: ea973e6a8068a2724834de18290c2983
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BdQ251PYwpysgdmkGjCFQqDYlBJNohDChljiU5%2FZt7FmBs%2FDVBVULkZnePJuq7Fu3ej6sWfQ%2FUxli6CQD3SBu%2FM8ZkRpW9K8N7u%2FufnlAAEiKey%2BKpO%2FBbpa3agpb3iL37prbBoP"}],"group":"cf-nel","max_age":604800}
access-control-max-age: 86400
access-control-allow-credentials: true
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
timing-allow-origin: *
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://me9qgidaa.com>; rel="preconnect dns-prefetch"
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
cf-ray: 7f2ebfdd58d048af-LHR
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H3 200 rhd Show response
totalfreshwords.com/ 3 KB
3 KB 54ms
54ms Fetch
application/json 172.64.128.32
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://totalfreshwords.com/rhd?rb=JHTvEDMcvgNsr15leopzueMZdW-hnZp3PY7QoGhsja-RJfCi3udy0hyFGHQaoEg4w2dX_aaG-F2-pbeLom09-aEbXCgnjZUdJU9Zy9F_FH5PAN5GhvMenQdM9b4IjRal3cjWNgYp4NlRR3lkKThHSQYwd34rMortbMFI3S1-7TDCjS_wWqYQB8yGIirWU1MSe0Qws5EU5lyVvNzhMTvH0ciow-2UcbnnSKv5engswErN9w4RIo3Re04LUf-GeYJMGIpMUwCmyWuRE7xj0GEvcqfwhOzyMkmpZBkEnbv0V3OBqJrnyv9VzpyyEGGsLDcHElqiNDyGmgyAujaK7oU2X0Hz9fOVfnxSo6iClajdnbUEX3jJ_qqvdYDHEUz3X0xou-KN-d8yHZsKAtOUWkGwB4Oio5Kb-H0xSP8Wua3NdLB5SocrPCcpENSnKAZPaBBENvs_jhDUR8jHfOcBSI-SvWvkZrq2BKjZXqpLHVCzMR9aevLFqOvHWb6kZhEKkltn6rkQe07-TimOhu5RWAFsVSf_1yT5hOnWe2gfjBV8piQEN-k1Am4gEGqWhjto8Iuzr4kyfLkQd1FQ5hfIqIORCFijQijfA1VwEf_xY_eb4nFo6HBdJ34W2BrOrnjHz3ZiwTQzWrqwO15GoS1p-BTWhRFQMUw%3D&request_ab2=0&zoneid=5202628&fs=0&cf=0&sw=1600&sh=1200&sah=1200&wx=0&wy=0&ww=1600&wh=1200&cw=1600&wih=1200&wiw=1600&wfc=0&pl=https%3A%2F%2Ftotalfreshwords.com%2F%3Fb%3D2909618%26ba%3D0%26campid%3D14083%26did%3D2%26dm%3D0%26ep%3D0%26fp%3D0%26g%3DGB%26hr%3D0%26i18db%3D1%26l%3DgnSq6b3k7lHvVR4%26oaid%3De6f66ac5e55b423a83e31eab09b357d5%26pshr%3D0%26rd%3D0%26s%3D712359390430367837%26ssk%3Dcaeab60e816cf8fd7f788c52b16ab663%26svar%3D1691403232%26tb%3D5202628%26tbad%3D5234825%26vi%3D0%26vo%3D0%26z%3D5998989&drf=&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-unknown&var=5998989&var3=712359390430367837&ymid=&rhd=1&m=link

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.128.32 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

16be347bcfbb466b18eaf0929d293ed2cc4bbc8b8e81dd38e57015dcb0182ec7

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://totalfreshwords.com/?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=GB&hr=0&i18db=1&l=gnSq6b3k7lHvVR4&oaid=e6f66ac5e55b423a83e31eab09b357d5&pshr=0&rd=0&s=712359390430367837&ssk=caeab60e816cf8fd7f788c52b16ab663&svar=1691403232&tb=5202628&tbad=5234825&vi=0&vo=0&z=5998989
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 10:13:52 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-trace-id: 646ff55f64e33a478eca1286785b273a
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CVH%2FGmoNhSL8IzzJK6aww%2B3qZvRiR35zllcFjVVQr1Xafol%2FPGnIsdScuhSj3GkIhdlbPqnMv9l85e8NyzgWqHRklMs88DPIjQggeSxCTxkulwlqPWc%2BQZYHw0czynqJJrHJ4riu"}],"group":"cf-nel","max_age":604800}
access-control-max-age: 86400
access-control-allow-credentials: true
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
timing-allow-origin: *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
cf-ray: 7f2ebfddbae823c5-LHR
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H3 200 5202932
totalfreshwords.com/sw-check-permissions/ 0
951 B 58ms
58ms Other
application/javascript 172.64.128.32
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://totalfreshwords.com/sw-check-permissions/5202932?var=5998989&ymid=712359390430367837&uhd=1
Requested by: Host: totalfreshwords.com
URL: https://totalfreshwords.com/pfe/current/micro.tag.min.js?z=5202932&ymid=712359390430367837&var=5998989&sw=/sw-check-permissions/5202932&uhd=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.128.32 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.24
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://totalfreshwords.com/?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=GB&hr=0&i18db=1&l=gnSq6b3k7lHvVR4&oaid=e6f66ac5e55b423a83e31eab09b357d5&pshr=0&rd=0&s=712359390430367837&ssk=caeab60e816cf8fd7f788c52b16ab663&svar=1691403232&tb=5202628&tbad=5234825&vi=0&vo=0&z=5998989
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 10:13:52 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/7.4.24
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8fV%2FLYdADMHWdg0r9GbyDhKIoEtK6Bakt3Eb83LSGp34RaeEvxVIR8fsHlOGfMASXqMbGZzOTwhh3v%2F6Wzv3gqNGPDFwfmmOazOKnXNbwZDywDDhfsUlLPMes0f8Rt16fMZKfqWy"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cf-ray: 7f2ebfdddb1823c5-LHR
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
alt-svc: h3=":443"; ma=86400

POST
H3 200 zone
totalfreshwords.com/ 0
492 B 56ms
56ms Ping
text/plain 172.64.128.32
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://totalfreshwords.com/zone?&pub=0&zone_id=5202932&is_mobile=false&domain=totalfreshwords.com&var=5998989&ymid=712359390430367837&var_3=&var_4=&dsig=&action=prerequest

Requested by

Host: totalfreshwords.com
URL: https://totalfreshwords.com/pfe/current/micro.tag.min.js?z=5202932&ymid=712359390430367837&var=5998989&sw=/sw-check-permissions/5202932&uhd=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.128.32 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://totalfreshwords.com/?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=GB&hr=0&i18db=1&l=gnSq6b3k7lHvVR4&oaid=e6f66ac5e55b423a83e31eab09b357d5&pshr=0&rd=0&s=712359390430367837&ssk=caeab60e816cf8fd7f788c52b16ab663&svar=1691403232&tb=5202628&tbad=5234825&vi=0&vo=0&z=5998989
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-trace-id: f7849b1302b5602cfd133bb0dceb6042
date: Mon, 07 Aug 2023 10:13:52 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0VAhmsVhetiM%2B47xu%2BjryWKEYywAQI%2BN62HsLkIzOORitQD%2F8F5XvbSSHZqE%2FXOR1MYWLKNrEqDA5iI6EP1cH4OvZ3TNK57wzVgzbNTsQHb4VR1HnhuKsxHYO2YG7bt%2F%2BJJhmcPL"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://totalfreshwords.com
access-control-allow-credentials: true
cf-ray: 7f2ebfdddb1a23c5-LHR
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 0
alt-svc: h3=":443"; ma=86400

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
545 B 46ms
45ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js?pub=0&userId=&zoneId=5202932&checkDuplicate=true&ymid=712359390430367837&var=5998989

Requested by

Host: totalfreshwords.com
URL: https://totalfreshwords.com/pfe/current/micro.tag.min.js?z=5202932&ymid=712359390430367837&var=5998989&sw=/sw-check-permissions/5202932&uhd=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

d37d8ac1d5cd06bb6f7f3a80ba2385cc35a0b2900aac26c217f21e9c130f120c

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://totalfreshwords.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 10:13:52 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://totalfreshwords.com
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H3 200 zone
totalfreshwords.com/ 906 B
1 KB 59ms
58ms Fetch
application/json 172.64.128.32
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://totalfreshwords.com/zone?&pub=0&zone_id=5202932&is_mobile=false&domain=totalfreshwords.com&var=5998989&ymid=712359390430367837&var_3=&var_4=&dsig=&action=settings

Requested by

Host: totalfreshwords.com
URL: https://totalfreshwords.com/pfe/current/micro.tag.min.js?z=5202932&ymid=712359390430367837&var=5998989&sw=/sw-check-permissions/5202932&uhd=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.128.32 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://totalfreshwords.com/?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=GB&hr=0&i18db=1&l=gnSq6b3k7lHvVR4&oaid=e6f66ac5e55b423a83e31eab09b357d5&pshr=0&rd=0&s=712359390430367837&ssk=caeab60e816cf8fd7f788c52b16ab663&svar=1691403232&tb=5202628&tbad=5234825&vi=0&vo=0&z=5998989
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 10:13:52 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-trace-id: 121f0756dbcf04c77c8208a6d141e26e
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kMhgXEkbYEOkr3Vx94hXXqYHrCaOcPpN%2BHqwZ7sk9rI7FT2sXy07g5llRBSb7efh6Koo9TZD3q5LKPMnfQ2lEM%2B7F%2BEUPnKZhE2RhOObFV8H3VdbqkqyogWY%2Bj2boDfI1DGE9jfh"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 7f2ebfddeb4123c5-LHR
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept

POST
H3 200 /
totalfreshwords.com/ 2 B
527 B 93ms
92ms XHR
application/json 172.64.128.32
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://totalfreshwords.com/?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=GB&hr=0&i18db=1&l=gnSq6b3k7lHvVR4&oaid=e6f66ac5e55b423a83e31eab09b357d5&pshr=0&rd=0&s=712359390430367837&ssk=caeab60e816cf8fd7f788c52b16ab663&svar=1691403232&tb=5202628&tbad=5234825&vi=0&vo=0&z=5998989&mprtr=1
Requested by: Host: totalfreshwords.com
URL: https://totalfreshwords.com/?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=GB&hr=0&i18db=1&l=gnSq6b3k7lHvVR4&oaid=e6f66ac5e55b423a83e31eab09b357d5&pshr=0&rd=0&s=712359390430367837&ssk=caeab60e816cf8fd7f788c52b16ab663&svar=1691403232&tb=5202628&tbad=5234825&vi=0&vo=0&z=5998989
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.128.32 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.24
Resource Hash

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://totalfreshwords.com/?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=GB&hr=0&i18db=1&l=gnSq6b3k7lHvVR4&oaid=e6f66ac5e55b423a83e31eab09b357d5&pshr=0&rd=0&s=712359390430367837&ssk=caeab60e816cf8fd7f788c52b16ab663&svar=1691403232&tb=5202628&tbad=5234825&vi=0&vo=0&z=5998989
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 10:13:53 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/7.4.24
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rsBanKsD13xm2hWuTxmhY2CDamaPRZtG%2BvlgckMQZ9o8LjHhzlpjIqc4GNWVQvbbqWKMJ9Exz8EpGdreAyHgUqYdoz62wu1U7wShblO3BH4ZaL3GRj7xgCW%2FYkZzY0ebdwXNZm4z"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
cf-ray: 7f2ebfde1b8b23c5-LHR
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
alt-svc: h3=":443"; ma=86400

GET
H3 200 / Show response
totalfreshwords.com/ 32 KB
11 KB 153ms
153ms Document
text/html 172.64.128.32
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://totalfreshwords.com/?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=GB&hr=0&i18db=1&l=gnSq6b3k7lHvVR4&oaid=e6f66ac5e55b423a83e31eab09b357d5&pshr=0&rd=0&s=712359390430367837&ssk=caeab60e816cf8fd7f788c52b16ab663&svar=1691403232&tb=5202628&tbad=5234825&vi=0&vo=0&z=5998989&rdc=2
Requested by: Host: totalfreshwords.com
URL: https://totalfreshwords.com/?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=GB&hr=0&i18db=1&l=gnSq6b3k7lHvVR4&oaid=e6f66ac5e55b423a83e31eab09b357d5&pshr=0&rd=0&s=712359390430367837&ssk=caeab60e816cf8fd7f788c52b16ab663&svar=1691403232&tb=5202628&tbad=5234825&vi=0&vo=0&z=5998989
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.128.32 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.33
Resource Hash: 084c6922e352c7f677c8ba70ee411c29c7cce44a74dddc7ff3b6416dec976fde

Request headers

Referer: https://totalfreshwords.com/?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=GB&hr=0&i18db=1&l=gnSq6b3k7lHvVR4&oaid=e6f66ac5e55b423a83e31eab09b357d5&pshr=0&rd=0&s=712359390430367837&ssk=caeab60e816cf8fd7f788c52b16ab663&svar=1691403232&tb=5202628&tbad=5234825&vi=0&vo=0&z=5998989
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-origin: *
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7f2ebfde8c2023c5-LHR
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 07 Aug 2023 10:13:53 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MlzwnAIehH4X6FHC4GEYhSssqF8YJHYZkauaPu86FzFLemONJugBRTuRZ9UmkgRemg6dBXAJP92V0pftDmzD3FT4mUgxKsi%2BxjQz3W1mCQJRl2nV%2F6BIa372UASZuUSqO1Ychcj4"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-powered-by: PHP/7.4.33

GET
H2 200 style.css
littlecdn.com/apps/templates/subscriptions/universal/css/ 7 KB
1 KB 38ms
38ms Stylesheet
text/css 2606:4700:10::6816:1974
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://littlecdn.com/apps/templates/subscriptions/universal/css/style.css?v=2
Requested by: Host: totalfreshwords.com
URL: https://totalfreshwords.com/?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=GB&hr=0&i18db=1&l=gnSq6b3k7lHvVR4&oaid=e6f66ac5e55b423a83e31eab09b357d5&pshr=0&rd=0&s=712359390430367837&ssk=caeab60e816cf8fd7f788c52b16ab663&svar=1691403232&tb=5202628&tbad=5234825&vi=0&vo=0&z=5998989&rdc=2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1974 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4335283743eb9e075b61c5870fd9a6ef1077eeb5369044b1d614a32a098b4779

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://totalfreshwords.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 10:13:53 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 31 Jul 2023 15:22:23 GMT
server: cloudflare
age: 4492
etag: W/"64c7d1af-1bb3"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS, HEAD
content-type: text/css
access-control-allow-origin: *
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=3600
cf-ray: 7f2ebfdf3890887d-LHR
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range

GET
H3 200 micro.tag.min.js Show response
totalfreshwords.com/pfe/current/ 26 KB
11 KB 50ms
49ms Script
application/javascript 172.64.128.32
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://totalfreshwords.com/pfe/current/micro.tag.min.js?z=5202932&ymid=712359390430367837&var=5998989&sw=/sw-check-permissions/5202932&uhd=1
Requested by: Host: totalfreshwords.com
URL: https://totalfreshwords.com/?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=GB&hr=0&i18db=1&l=gnSq6b3k7lHvVR4&oaid=e6f66ac5e55b423a83e31eab09b357d5&pshr=0&rd=0&s=712359390430367837&ssk=caeab60e816cf8fd7f788c52b16ab663&svar=1691403232&tb=5202628&tbad=5234825&vi=0&vo=0&z=5998989&rdc=2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.128.32 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8bff789be40b8393590ce6ecf50acd90cb3000b36c75a748d64a05db3f4f84f6

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://totalfreshwords.com/?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=GB&hr=0&i18db=1&l=gnSq6b3k7lHvVR4&oaid=e6f66ac5e55b423a83e31eab09b357d5&pshr=0&rd=0&s=712359390430367837&ssk=caeab60e816cf8fd7f788c52b16ab663&svar=1691403232&tb=5202628&tbad=5234825&vi=0&vo=0&z=5998989&rdc=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 07 Aug 2023 10:13:53 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 04 Aug 2023 11:40:28 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"64cce3ac-689b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jTHxKs3eLHZvixE%2BH20AyW8r%2BhHESHhii3zSyByhr%2B2M9cbWN%2F8MvR%2FmpGicKlS93%2FosuRjRqitsnz0mkHf8%2BiWDuObR8usbz%2B6WOFMXCdmJUw5bMdAqXtRbkWYoE2gPsFfUqrqt"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
access-control-allow-credentials: true
cf-ray: 7f2ebfdf4d9923c5-LHR
alt-svc: h3=":443"; ma=86400

GET
H3 200 / Show response
totalfreshwords.com/19/5202628/ 3 KB
3 KB 78ms
78ms XHR
application/json 172.64.128.32
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://totalfreshwords.com/19/5202628/?abt_opts=1&var=5998989&var3=712359390430367837&ymid=&rhd=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.128.32 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9edf843550730b0334725f9d8a94a8fa4ad0bcd66eef0d2128862dcb169cfe1f

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://totalfreshwords.com/?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=GB&hr=0&i18db=1&l=gnSq6b3k7lHvVR4&oaid=e6f66ac5e55b423a83e31eab09b357d5&pshr=0&rd=0&s=712359390430367837&ssk=caeab60e816cf8fd7f788c52b16ab663&svar=1691403232&tb=5202628&tbad=5234825&vi=0&vo=0&z=5998989&rdc=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 10:13:53 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-trace-id: ce84c2d4d0aba06da7d7221495b205b3
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rNxTwfZ1P5mnonrQvI%2FYPC1LGJRbC6favnDT5el45RUkC%2FHYVDm%2FTnWfZMPQzsBDfsmG3NYDHuPq67NdK2rhHLVB2GU3KBx6Ad9jbTXpMqNQvCv1HGwOd3jmC6aL%2BA7njw1Tnubn"}],"group":"cf-nel","max_age":604800}
access-control-max-age: 86400
access-control-allow-credentials: true
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
timing-allow-origin: *
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://me9qgidaa.com>; rel="preconnect dns-prefetch"
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
cf-ray: 7f2ebfdf4d9b23c5-LHR
expires: Tue, 11 Jan 1994 10:00:00 GMT

POST
H3 200 / Show response
totalfreshwords.com/ 2 B
529 B 61ms
61ms XHR
application/json 172.64.128.32
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://totalfreshwords.com/?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=GB&hr=0&i18db=1&l=gnSq6b3k7lHvVR4&oaid=e6f66ac5e55b423a83e31eab09b357d5&pshr=0&rd=0&s=712359390430367837&ssk=caeab60e816cf8fd7f788c52b16ab663&svar=1691403232&tb=5202628&tbad=5234825&vi=0&vo=0&z=5998989&rdc=2&mprtr=1
Requested by: Host: totalfreshwords.com
URL: https://totalfreshwords.com/?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=GB&hr=0&i18db=1&l=gnSq6b3k7lHvVR4&oaid=e6f66ac5e55b423a83e31eab09b357d5&pshr=0&rd=0&s=712359390430367837&ssk=caeab60e816cf8fd7f788c52b16ab663&svar=1691403232&tb=5202628&tbad=5234825&vi=0&vo=0&z=5998989&rdc=2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.128.32 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.33
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://totalfreshwords.com/?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=GB&hr=0&i18db=1&l=gnSq6b3k7lHvVR4&oaid=e6f66ac5e55b423a83e31eab09b357d5&pshr=0&rd=0&s=712359390430367837&ssk=caeab60e816cf8fd7f788c52b16ab663&svar=1691403232&tb=5202628&tbad=5234825&vi=0&vo=0&z=5998989&rdc=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 10:13:53 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/7.4.33
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WKGgeRp6X0QFhHNhyvyg2wm2rwqza9OBCUhPVMWXSA9snZPJCtiMkwxWYyhJ22frk0Dq17JRgHJ3RRoBF8VPm8P34Q%2FBQCwP92bEkOZT%2F46afTpe3nEwTV2fhwVwKIKP3MOYxQUP"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
cf-ray: 7f2ebfdf7df323c5-LHR
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
alt-svc: h3=":443"; ma=86400

GET
H3 200 5202932
totalfreshwords.com/sw-check-permissions/ 0
952 B 63ms
63ms Other
application/javascript 172.64.128.32
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://totalfreshwords.com/sw-check-permissions/5202932?var=5998989&ymid=712359390430367837&uhd=1
Requested by: Host: totalfreshwords.com
URL: https://totalfreshwords.com/pfe/current/micro.tag.min.js?z=5202932&ymid=712359390430367837&var=5998989&sw=/sw-check-permissions/5202932&uhd=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.128.32 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.4.24
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://totalfreshwords.com/?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=GB&hr=0&i18db=1&l=gnSq6b3k7lHvVR4&oaid=e6f66ac5e55b423a83e31eab09b357d5&pshr=0&rd=0&s=712359390430367837&ssk=caeab60e816cf8fd7f788c52b16ab663&svar=1691403232&tb=5202628&tbad=5234825&vi=0&vo=0&z=5998989&rdc=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 10:13:53 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/7.4.24
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pmHWuKLs9KXGnjvgAS7a3G2p6HxP7HdJOu6AkD5G%2B0%2F5O7nWWoQ5SqJXZqVysPgPLAK5u3traoHQ4K%2Bv8ApmtRvpGauVEH72cUnW3BpR1%2FsFYWqtPOR5DCaiaiWDRdSKYdB4cWto"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cf-ray: 7f2ebfdf9e2923c5-LHR
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
alt-svc: h3=":443"; ma=86400

POST
H3 200 zone
totalfreshwords.com/ 0
486 B 49ms
49ms Ping
text/plain 172.64.128.32
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://totalfreshwords.com/zone?&pub=0&zone_id=5202932&is_mobile=false&domain=totalfreshwords.com&var=5998989&ymid=712359390430367837&var_3=&var_4=&dsig=&action=prerequest

Requested by

Host: totalfreshwords.com
URL: https://totalfreshwords.com/pfe/current/micro.tag.min.js?z=5202932&ymid=712359390430367837&var=5998989&sw=/sw-check-permissions/5202932&uhd=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.128.32 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://totalfreshwords.com/?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=GB&hr=0&i18db=1&l=gnSq6b3k7lHvVR4&oaid=e6f66ac5e55b423a83e31eab09b357d5&pshr=0&rd=0&s=712359390430367837&ssk=caeab60e816cf8fd7f788c52b16ab663&svar=1691403232&tb=5202628&tbad=5234825&vi=0&vo=0&z=5998989&rdc=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-trace-id: 34e9d68972d99a8244094f8382784ecf
date: Mon, 07 Aug 2023 10:13:53 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uXOVw1hJ6OXxY9wY7eWkigxVQxKP2w6L3d7baq9%2FhhV8y624t63XCX%2FeVpuFsaz%2FtDLSxEaUoxIOg3oYCHoWM2K%2BJbeG9qts1u569xnEqXZvsdaqG6PFaqkY2gEn6UdYhTukSq7E"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://totalfreshwords.com
access-control-allow-credentials: true
cf-ray: 7f2ebfdf9e2e23c5-LHR
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 0
alt-svc: h3=":443"; ma=86400

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
545 B 43ms
43ms Fetch
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js?pub=0&userId=&zoneId=5202932&checkDuplicate=true&ymid=712359390430367837&var=5998989

Requested by

Host: totalfreshwords.com
URL: https://totalfreshwords.com/pfe/current/micro.tag.min.js?z=5202932&ymid=712359390430367837&var=5998989&sw=/sw-check-permissions/5202932&uhd=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

d37d8ac1d5cd06bb6f7f3a80ba2385cc35a0b2900aac26c217f21e9c130f120c

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://totalfreshwords.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 10:13:53 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://totalfreshwords.com
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H3 200 zone Show response
totalfreshwords.com/ 906 B
1 KB 46ms
46ms Fetch
application/json 172.64.128.32
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://totalfreshwords.com/zone?&pub=0&zone_id=5202932&is_mobile=false&domain=totalfreshwords.com&var=5998989&ymid=712359390430367837&var_3=&var_4=&dsig=&action=settings

Requested by

Host: totalfreshwords.com
URL: https://totalfreshwords.com/pfe/current/micro.tag.min.js?z=5202932&ymid=712359390430367837&var=5998989&sw=/sw-check-permissions/5202932&uhd=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.128.32 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6de9b5949b06c7bc2e5e2ff7253114cc65242d1cd65c6bae0cfd5903ef4282c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://totalfreshwords.com/?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=GB&hr=0&i18db=1&l=gnSq6b3k7lHvVR4&oaid=e6f66ac5e55b423a83e31eab09b357d5&pshr=0&rd=0&s=712359390430367837&ssk=caeab60e816cf8fd7f788c52b16ab663&svar=1691403232&tb=5202628&tbad=5234825&vi=0&vo=0&z=5998989&rdc=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 10:13:53 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-trace-id: 3248c0745b893dddb0a8362363dcca99
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=flUb5h3%2BxPLDNeDb3p3O3vuAqh01TpIndKi%2FMQT8Ri1ikscplq66r4rVxTASqRBWNEbNTNzpEFKYzZYF8A%2Fi627lnBuNiTQl0z4SukgDUWyxeGr1p3iRk%2FFaCAqlKBYG5lLe68Kd"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 7f2ebfdfae3e23c5-LHR
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept

GET
H3 200 rhd Show response
totalfreshwords.com/ 3 KB
3 KB 53ms
52ms Fetch
application/json 172.64.128.32
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://totalfreshwords.com/rhd?rb=qEICsPHxKcMFRp_K8IuNmHD2nk6eCgugHWAJAXDeVojqwerpjEgrCsV61K7ODK0F2sSogFjpEA7MoJzEwR-1mE2nz8F-KZIJnt99K4H8qBSQ2mzcAWmstSXFOrwF0QCv2IB7bG-beReTZ77HYgGMamVgbF6E4UXkRVotpXpdN2t9pftifDb590DaUNYML5bdHRnXTfrJOu6JLf6YcbunFZWRF0_y-0pk52bZOHbP0dUB4LYBcaBbkoGsjUclScJ7fG4ji3Rd8NIOgiuOMcvVKhC5T4_Bt3qq8aztm2h5HsPk3J4V7V6_NGa_4ovhXhiupjJMG7vT6Gs4VsZSYuRQRdtTJG6_Yb52hK6TYfJziSFtCScH10i6D6EZovwROHhQtyouVI9D3EFuM5ghFNQml_AJ7UZCasN-RxuZDpJcBJNj9G1kwwhyA4KHu5s9lXulP4sb61UP4meozX9tWgiA5BVEjDtId4n5yIZ5ayQYTK9-UEdnhDudDPQOx240Fgcld2hJ_wooNyFu8O0idfbYmjuHxTP_3rjj7U9c3fbOLZu-e_FPeo2bWZs8_ItPFAGppmNw0wNnT_0QRKFqauGiNYSi5XaHpUixrfTAfbMwEzhMfHuIT4xsiJnpxHdYHk2LlQMmqpiVEo8j1MDfjcdR9veE4tnk_Dj6LB-F9w%3D%3D&request_ab2=0&zoneid=5202628&fs=0&cf=0&sw=1600&sh=1200&sah=1200&wx=0&wy=0&ww=1600&wh=1200&cw=1600&wih=1200&wiw=1600&wfc=0&pl=https%3A%2F%2Ftotalfreshwords.com%2F%3Fb%3D2909618%26ba%3D0%26campid%3D14083%26did%3D2%26dm%3D0%26ep%3D0%26fp%3D0%26g%3DGB%26hr%3D0%26i18db%3D1%26l%3DgnSq6b3k7lHvVR4%26oaid%3De6f66ac5e55b423a83e31eab09b357d5%26pshr%3D0%26rd%3D0%26s%3D712359390430367837%26ssk%3Dcaeab60e816cf8fd7f788c52b16ab663%26svar%3D1691403232%26tb%3D5202628%26tbad%3D5234825%26vi%3D0%26vo%3D0%26z%3D5998989%26rdc%3D2&drf=https%3A%2F%2Ftotalfreshwords.com%2F%3Fb%3D2909618%26ba%3D0%26campid%3D14083%26did%3D2%26dm%3D0%26ep%3D0%26fp%3D0%26g%3DGB%26hr%3D0%26i18db%3D1%26l%3DgnSq6b3k7lHvVR4%26oaid%3De6f66ac5e55b423a83e31eab09b357d5%26pshr%3D0%26rd%3D0%26s%3D712359390430367837%26ssk%3Dcaeab60e816cf8fd7f788c52b16ab663%26svar%3D1691403232%26tb%3D5202628%26tbad%3D5234825%26vi%3D0%26vo%3D0%26z%3D5998989&np=1&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-unknown&var=5998989&var3=712359390430367837&ymid=&rhd=1&m=link

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.128.32 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d4cdb67006e34c7d72e911cf7dda4a0c0e2f5ffae0fa0749ad02fa1468bd4481

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-GB,en;q=0.9
Referer: https://totalfreshwords.com/?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=GB&hr=0&i18db=1&l=gnSq6b3k7lHvVR4&oaid=e6f66ac5e55b423a83e31eab09b357d5&pshr=0&rd=0&s=712359390430367837&ssk=caeab60e816cf8fd7f788c52b16ab663&svar=1691403232&tb=5202628&tbad=5234825&vi=0&vo=0&z=5998989&rdc=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Mon, 07 Aug 2023 10:13:53 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: gzip
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-trace-id: 69af6292f916f6d3ec37463260b6ee35
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=11nm6f7YJVUqChg8u06NUzxmH2pqo1Wk8FQqe2DVjNyxOZsxuAlofB8jt8V%2FUy7jdiUqZBW%2FNrG1Xo9ZuaqKpeEvpMWGQDkp67rrVy31jjoiA7tueKC1uKjdcL7rjvSzI%2BWLjdZt"}],"group":"cf-nel","max_age":604800}
access-control-max-age: 86400
access-control-allow-credentials: true
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
timing-allow-origin: *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
cf-ray: 7f2ebfdfce8423c5-LHR
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET
H2 200 Primary Request /
qr-captcha.com/ 20 KB
5 KB 3600ms
3484ms Document
text/html 139.45.197.167

General

Check archive.org

Show headers Download Go to

Full URL

https://qr-captcha.com/?t=0&ymid=712359392842092815&oaid=e6f66ac5e55b423a83e31eab09b357d5

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.197.167 -, , ASN (),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: en-GB,en;q=0.9

Response headers

cache-control: public, max-age=0
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 07 Aug 2023 10:13:57 GMT
etag: W/"50f6-188c4485de8"
last-modified: Fri, 16 Jun 2023 12:57:37 GMT
server: nginx
strict-transport-security: max-age=1
vary: Accept-Encoding
x-content-type-options: nosniff

POST
H3 200 cat.php
totalfreshwords.com/ 0
757 B 46ms
45ms Ping
text/plain 172.64.128.32
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://totalfreshwords.com/cat.php?userId=e6f66ac5e55b423a83e31eab09b357d5&zoneid=5202628&rb=qEICsPHxKcMFRp_K8IuNmHD2nk6eCgugHWAJAXDeVojqwerpjEgrCsV61K7ODK0F2sSogFjpEA7MoJzEwR-1mE2nz8F-KZIJnt99K4H8qBSQ2mzcAWmstSXFOrwF0QCv2IB7bG-beReTZ77HYgGMamVgbF6E4UXkRVotpXpdN2t9pftifDb590DaUNYML5bdHRnXTfrJOu6JLf6YcbunFZWRF0_y-0pk52bZOHbP0dUB4LYBcaBbkoGsjUclScJ7fG4ji3Rd8NIOgiuOMcvVKhC5T4_Bt3qq8aztm2h5HsPk3J4V7V6_NGa_4ovhXhiupjJMG7vT6Gs4VsZSYuRQRdtTJG6_Yb52hK6TYfJziSFtCScH10i6D6EZovwROHhQtyouVI9D3EFuM5ghFNQml_AJ7UZCasN-RxuZDpJcBJNj9G1kwwhyA4KHu5s9lXulP4sb61UP4meozX9tWgiA5BVEjDtId4n5yIZ5ayQYTK9-UEdnhDudDPQOx240Fgcld2hJ_wooNyFu8O0idfbYmjuHxTP_3rjj7U9c3fbOLZu-e_FPeo2bWZs8_ItPFAGppmNw0wNnT_0QRKFqauGiNYSi5XaHpUixrfTAfbMwEzhMfHuIT4xsiJnpxHdYHk2LlQMmqpiVEo8j1MDfjcdR9veE4tnk_Dj6LB-F9w==&var=5998989&var3=712359390430367837&ymid=&rhd=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.64.128.32 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://totalfreshwords.com/?b=2909618&ba=0&campid=14083&did=2&dm=0&ep=0&fp=0&g=GB&hr=0&i18db=1&l=gnSq6b3k7lHvVR4&oaid=e6f66ac5e55b423a83e31eab09b357d5&pshr=0&rd=0&s=712359390430367837&ssk=caeab60e816cf8fd7f788c52b16ab663&svar=1691403232&tb=5202628&tbad=5234825&vi=0&vo=0&z=5998989&rdc=2
accept-language: en-GB,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 07 Aug 2023 10:13:53 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 0
x-trace-id: d127194c3070751f220672f7993650d3
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
server: cloudflare
access-control-max-age: 86400
access-control-allow-methods: GET, POST, OPTIONS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZbXpiw9AtzVDUYAxoZ8x5PwKHdEuTCQ4NgkyBSZH2My906fTHbboCJ7TZSd6HzCKUgagy7eX2YYdGNxuowC2TWmBZGyRNPQzNCVmhoRDMJF6GrNaLxBog%2B1U1fplWa8y5NGt2sFS"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://totalfreshwords.com
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
cf-ray: 7f2ebfe30cc623c5-LHR
expires: Tue, 11 Jan 1994 10:00:00 GMT

GET animate.css
qr-captcha.com/Attention_files/ 0
0

GET qrcode.js
qr-captcha.com/ 0
0

GET new_free.svg
qr-captcha.com/Attention_files/ 0
0

GET loading.svg
qr-captcha.com/Attention_files/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: qr-captcha.com
URL: https://qr-captcha.com/Attention_files/animate.css

Domain: qr-captcha.com
URL: https://qr-captcha.com/qrcode.js

Domain: qr-captcha.com
URL: https://qr-captcha.com/Attention_files/new_free.svg

Domain: qr-captcha.com
URL: https://qr-captcha.com/Attention_files/loading.svg

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
deslatiosan.com/	1970-01-20 22:35:39	Name: OAID Value: e6f66ac5e55b423a83e31eab09b357d5
deslatiosan.com/	1970-01-20 22:35:39	Name: oaidts Value: 1691403232
my.rtmark.net/	1970-01-20 22:35:39	Name: ID Value: e6f66ac5e55b423a83e31eab09b357d5
totalfreshwords.com/	1970-01-20 22:35:39	Name: OAID Value: e6f66ac5e55b423a83e31eab09b357d5
totalfreshwords.com/	1970-01-20 22:35:39	Name: oaidts Value: 1691403232
totalfreshwords.com/	1970-01-20 22:37:05	Name: syncedCookie Value: true
totalfreshwords.com/	1970-01-20 13:50:03	Name: prefetchAd_5202628 Value: true
totalfreshwords.com/	1970-01-20 13:50:06	Name: reverse Value: BsLjrDdcA_b9ZyG6Vu-8BywSmk9w8mTpLiPOSPxbNyY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

deslatiosan.com
littlecdn.com
my.rtmark.net
qr-captcha.com
totalfreshwords.com
qr-captcha.com
139.45.195.8
139.45.197.167
139.45.197.238
172.64.128.32
2606:4700:10::6816:1974
055718ad012245cea6b67e2e7805bfd22cc7761296b25e34e74bcb5c433e6429
084c6922e352c7f677c8ba70ee411c29c7cce44a74dddc7ff3b6416dec976fde
16be347bcfbb466b18eaf0929d293ed2cc4bbc8b8e81dd38e57015dcb0182ec7
4335283743eb9e075b61c5870fd9a6ef1077eeb5369044b1d614a32a098b4779
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
6de9b5949b06c7bc2e5e2ff7253114cc65242d1cd65c6bae0cfd5903ef4282c8
8bff789be40b8393590ce6ecf50acd90cb3000b36c75a748d64a05db3f4f84f6
9edf843550730b0334725f9d8a94a8fa4ad0bcd66eef0d2128862dcb169cfe1f
d37d8ac1d5cd06bb6f7f3a80ba2385cc35a0b2900aac26c217f21e9c130f120c
d4cdb67006e34c7d72e911cf7dda4a0c0e2f5ffae0fa0749ad02fa1468bd4481
d4feb6892ca2d64175383a9a5167828bb8eacd399078eef04d6458e33091b3a7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

qr-captcha.com Open in urlscan Pro 139.45.197.167 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

29 Requests

86 %HTTPS

20 %IPv6

5 Domains

5 Subdomains

6 IPs

2 Countries

74 kBTransfer

166 kBSize

8 Cookies

0 Outgoing links

Page URL History

Redirected requests

29 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

8 Cookies

Indicators

qr-captcha.com Open in urlscan Pro
139.45.197.167 Public Scan

Screenshot
Live screenshot

Full Image

29
Requests

86 %
HTTPS

20 %
IPv6

5
Domains

5
Subdomains

6
IPs

2
Countries

74 kB
Transfer

166 kB
Size

8
Cookies

29 HTTP transactions
0 data transactions