twafgig.cn Open in urlscan Pro
2606:4700:3033::ac43:8547  Public Scan

2 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. https://rqlredw.cn/?Login/wctx1D1DFxFDg.do.php?wctx/NBCW2101.do?paypaybank/wctx/NBG129A0G13.do?MngKey=77C0C0C9587615370B2DF743DBE3E32F Page URL
2. https://twafgig.cn/wctx1D1DFxFDg.do.php Page URL
3. https://twafgig.cn/wctx1D1DFxFDg.do.php Page URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ Show response rqlredw.cn/	224 B 377 B	393ms 127ms	Document text/html	23.94.73.208 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://rqlredw.cn/?Login/wctx1D1DFxFDg.do.php?wctx/NBCW2101.do?paypaybank/wctx/NBG129A0G13.do?MngKey=77C0C0C9587615370B2DF743DBE3E32F Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.73.208 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS mail1.fkvytbaq.cn Software nginx / Resource Hash 9207caaf79f20da386783d5ba03e0e308f8eec0d31ebf6e81b6c26cf662c0c8e Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 accept-language jp-JP,jp;q=0.9 Response headers accept-ranges bytes content-length 224 content-type text/html date Wed, 20 Jul 2022 14:48:07 GMT etag "62d795a7-e0" last-modified Wed, 20 Jul 2022 05:41:59 GMT server nginx strict-transport-security max-age=31536000
GET H2	200	1.js rqlredw.cn/	253 B 466 B	128ms 128ms	Script application/javascript	23.94.73.208 AS-COLOCROSSING
General Check archive.org Show headers Download Go to Full URL https://rqlredw.cn/1.js Requested by Host: rqlredw.cn URL: https://rqlredw.cn/?Login/wctx1D1DFxFDg.do.php?wctx/NBCW2101.do?paypaybank/wctx/NBG129A0G13.do?MngKey=77C0C0C9587615370B2DF743DBE3E32F Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.94.73.208 Seattle, United States, ASN36352 (AS-COLOCROSSING, US), Reverse DNS mail1.fkvytbaq.cn Software nginx / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000 Request headers accept-language jp-JP,jp;q=0.9 Referer https://rqlredw.cn/?Login/wctx1D1DFxFDg.do.php?wctx/NBCW2101.do?paypaybank/wctx/NBG129A0G13.do?MngKey=77C0C0C9587615370B2DF743DBE3E32F User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Response headers date Wed, 20 Jul 2022 14:48:08 GMT last-modified Wed, 20 Jul 2022 05:52:22 GMT server nginx etag "62d79816-fd" strict-transport-security max-age=31536000 content-type application/javascript cache-control max-age=43200 accept-ranges bytes content-length 253 expires Thu, 21 Jul 2022 02:48:08 GMT
GET H2	503	wctx1D1DFxFDg.do.php Show response twafgig.cn/	10 KB 11 KB	30ms 8ms	Document text/html	2606:4700:3033::ac43:8547 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://twafgig.cn/wctx1D1DFxFDg.do.php Requested by Host: rqlredw.cn URL: https://rqlredw.cn/1.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::ac43:8547 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 4e4b08d6e9f7718027d50bd0404d40f1a0d2b202495beb82cc518f9ab33d18df Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers Referer https://rqlredw.cn/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 accept-language jp-JP,jp;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cache-control private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 cf-ray 72dc7efb1a098aa4-NRT content-type text/html; charset=UTF-8 date Wed, 20 Jul 2022 14:48:08 GMT expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" expires Thu, 01 Jan 1970 00:00:01 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} permissions-policy accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UxgBGtlnKnW2pWstHE%2FjdCKrAxUaxLtMvTFdTMKlWRoxj0EtQlMB15BffKB8zdJfg1oVaNyH031pMjrxJs09w0Tci5sl%2BLuOuDoDBpcMURDJawNIisYuZ87vqNo666VyRYziIXmLLpPj"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding x-frame-options SAMEORIGIN
GET H2	200	v1 Show response twafgig.cn/cdn-cgi/challenge-platform/h/g/orchestrate/jsch/	35 KB 13 KB	20ms 19ms	Script application/javascript	2606:4700:3033::ac43:8547 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://twafgig.cn/cdn-cgi/challenge-platform/h/g/orchestrate/jsch/v1?ray=72dc7efb1a098aa4 Requested by Host: twafgig.cn URL: https://twafgig.cn/wctx1D1DFxFDg.do.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::ac43:8547 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash dfa40d39edda12008f530d7378d709b592220777af122f108aabddba353db0fa Request headers accept-language jp-JP,jp;q=0.9 Referer https://twafgig.cn/wctx1D1DFxFDg.do.php?__cf_chl_rt_tk=ePkh4nMWVOlNrGQ1cCAJ5h.Jmbd6AHpiIIpN2fW5fJY-1658328488-0-gaNycGzNCFE User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Response headers date Wed, 20 Jul 2022 14:48:08 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t2BW92TIutFDTn6Bpwpwhd2DKvCe27OGcmgQvFjs7u%2BG533Qg66mBxivdWil%2BKlaTQeyIjmlAs0tQPpwqhsBoDamt7wnGkBuV2jMUYm1RQTd4Nj%2F2%2BrLaETnhzmyOihCp9d8han0EKlg"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=UTF-8 cache-control max-age=0, must-revalidate cf-ray 72dc7efb7a8d8aa4-NRT alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	transparent.gif twafgig.cn/cdn-cgi/images/trace/jschal/js/	42 B 220 B	4ms 4ms	Image image/gif	2606:4700:3033::ac43:8547 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://twafgig.cn/cdn-cgi/images/trace/jschal/js/transparent.gif?ray=72dc7efb1a098aa4 Requested by Host: twafgig.cn URL: https://twafgig.cn/wctx1D1DFxFDg.do.php?__cf_chl_rt_tk=ePkh4nMWVOlNrGQ1cCAJ5h.Jmbd6AHpiIIpN2fW5fJY-1658328488-0-gaNycGzNCFE Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::ac43:8547 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY Request headers accept-language jp-JP,jp;q=0.9 Referer https://twafgig.cn/wctx1D1DFxFDg.do.php?__cf_chl_rt_tk=ePkh4nMWVOlNrGQ1cCAJ5h.Jmbd6AHpiIIpN2fW5fJY-1658328488-0-gaNycGzNCFE User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Response headers date Wed, 20 Jul 2022 14:48:08 GMT x-content-type-options nosniff last-modified Fri, 15 Jul 2022 15:34:13 GMT server cloudflare etag "62d188f5-2a" x-frame-options DENY content-type image/gif cache-control max-age=7200, public accept-ranges bytes cf-ray 72dc7efb7a8f8aa4-NRT vary Accept-Encoding content-length 42 expires Wed, 20 Jul 2022 16:48:08 GMT
GET H2	200	transparent.gif twafgig.cn/cdn-cgi/images/trace/jschal/nojs/	42 B 101 B	4ms 4ms	Image image/gif	2606:4700:3033::ac43:8547 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://twafgig.cn/cdn-cgi/images/trace/jschal/nojs/transparent.gif?ray=72dc7efb1a098aa4 Requested by Host: twafgig.cn URL: https://twafgig.cn/wctx1D1DFxFDg.do.php?__cf_chl_rt_tk=ePkh4nMWVOlNrGQ1cCAJ5h.Jmbd6AHpiIIpN2fW5fJY-1658328488-0-gaNycGzNCFE Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::ac43:8547 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY Request headers accept-language jp-JP,jp;q=0.9 Referer https://twafgig.cn/wctx1D1DFxFDg.do.php?__cf_chl_rt_tk=ePkh4nMWVOlNrGQ1cCAJ5h.Jmbd6AHpiIIpN2fW5fJY-1658328488-0-gaNycGzNCFE User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Response headers date Wed, 20 Jul 2022 14:48:08 GMT x-content-type-options nosniff last-modified Fri, 15 Jul 2022 15:34:13 GMT server cloudflare etag "62d188f5-2a" x-frame-options DENY content-type image/gif cache-control max-age=7200, public accept-ranges bytes cf-ray 72dc7efb7a908aa4-NRT vary Accept-Encoding content-length 42 expires Wed, 20 Jul 2022 16:48:08 GMT
POST H3	200	0ee0f4990144c77 Show response twafgig.cn/cdn-cgi/challenge-platform/h/g/flow/ov1/0.5598690406036592:1658326000:q_yu6adcrMLIFQxGGmid_e1F64F7VcFPw3DUtKD0qyU/72dc7efb1a098aa4/	128 KB 68 KB	54ms 53ms	XHR text/plain	2606:4700:3033::ac43:8547 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://twafgig.cn/cdn-cgi/challenge-platform/h/g/flow/ov1/0.5598690406036592:1658326000:q_yu6adcrMLIFQxGGmid_e1F64F7VcFPw3DUtKD0qyU/72dc7efb1a098aa4/0ee0f4990144c77 Requested by Host: twafgig.cn URL: https://twafgig.cn/cdn-cgi/challenge-platform/h/g/orchestrate/jsch/v1?ray=72dc7efb1a098aa4 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3033::ac43:8547 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 4b9df6303fd7aa3998d605d365578fd33dbe3acfe42c53c99d68f839502b9e63 Request headers Referer https://twafgig.cn/wctx1D1DFxFDg.do.php accept-language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 CF-Challenge 0ee0f4990144c77 Content-type application/x-www-form-urlencoded Response headers date Wed, 20 Jul 2022 14:48:08 GMT content-encoding br cf_chl_gen lbxbWL7IwBHxzp/FwLjAG+M0HKmJIg2ClE6+/IEKAHZedN5h3a8SqNXKucmA1KuMuHOHlYmOr5gYXpLqfVasSgG0vI79kKmmB6x4O018yC8X8gfkzGLxF5Ip7u5hovTd8cqLz1VBkPmY0V9t7hsyFYrHO7BEltdOpgUo/JQGaLf7Q5xaVjNBi6Cn7zCkE6xiYanXVbUODt6RxhxtngRmi/hLkL20RhPwoX6yqaF36B/Ewavl6L7bxLYwQ14LXlRniLRBIXDrr9qGcVsMmEOiE21s6q/CZyHQgl67YfxYe39EaMysuzU1VqhoMKsOpJ9iX20sV0F4hQj3wtPtureWKYaDf2YyoaDRh5Rzi7sCKwuBArQJ69jnQPIlv0IcbQNywk3hPsgM+39ovHQfxiLlMMHs/v4lUxXqHAkWM/WadHE=$HQZROC/K/SUczTS2RUhErg== nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hRT%2F7kyVnGgdInZaXUHnVNYWsQ2fbdd2xUeHv%2B%2Bze8u%2BIndczMr0HPjk74GZ96F639bXixlCxGYHfmAAKQTD6uVvW%2B25ujuBPOcPt%2FFaDVEQc1mjh2tPf437d5b2YhvwE2rsyF8DjpN8"}],"group":"cf-nel","max_age":604800} content-type text/plain; charset=UTF-8 cf-ray 72dc7efc6a06b011-NRT alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	FimsS6wkVMyLPrG twafgig.cn/cdn-cgi/challenge-platform/h/g/img/72dc7efb1a098aa4/1658328488401/	61 B 509 B	11ms 11ms	Image image/png	2606:4700:3033::ac43:8547 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://twafgig.cn/cdn-cgi/challenge-platform/h/g/img/72dc7efb1a098aa4/1658328488401/FimsS6wkVMyLPrG Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3033::ac43:8547 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ff8b3bf35639216a2503b45c6c711bcdf8ead5e199fdb13513c40f91d7359c32 Request headers accept-language jp-JP,jp;q=0.9 Referer https://twafgig.cn/wctx1D1DFxFDg.do.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Response headers date Wed, 20 Jul 2022 14:48:08 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I0izdOsrADE51zYk4WrIUkEBT4rvUnAW7lWeKChiiIeGpooTk4wNBx%2FrZlbo38avRt6gPJCuLfd81QcKDb8weyXzRgNPqlVVheFbuiIw%2FFAyxi2c9h%2FyhaGMvn%2FKoA51Sa4jUWN1gcMw"}],"group":"cf-nel","max_age":604800} content-type image/png cf-ray 72dc7efd2b9eb011-NRT alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
POST		probe tls-ech-experiment.cloudflareresearch.com/.well-known/	0 0
POST		probe tls-ech-experiment-c.cloudflareresearch.com/.well-known/	0 0
GET H3	401	9baAX9qYt8WoByJ Show response twafgig.cn/cdn-cgi/challenge-platform/h/g/pat/72dc7efb1a098aa4/1658328488403/e7c33dffe899b39fd67580b4970dcb5dfc89b65479b2bfee90b46557711df721/	1 B 975 B	18ms 17ms	Fetch text/plain	2606:4700:3033::ac43:8547 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://twafgig.cn/cdn-cgi/challenge-platform/h/g/pat/72dc7efb1a098aa4/1658328488403/e7c33dffe899b39fd67580b4970dcb5dfc89b65479b2bfee90b46557711df721/9baAX9qYt8WoByJ Requested by Host: rqlredw.cn URL: https://rqlredw.cn/?Login/wctx1D1DFxFDg.do.php?wctx/NBCW2101.do?paypaybank/wctx/NBG129A0G13.do?MngKey=77C0C0C9587615370B2DF743DBE3E32F Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3033::ac43:8547 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5 Request headers accept-language jp-JP,jp;q=0.9 Referer https://twafgig.cn/wctx1D1DFxFDg.do.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Response headers date Wed, 20 Jul 2022 14:48:09 GMT www-authenticate PrivateToken challenge=AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20g58M9_-iZs5_WdYC0lw3LXfyJtlR5sr_ukLRlV3Ed9yEACnR3YWZnaWcuY24=, token-key=MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAj_nzogphx4Z_OsXPuMsa2inAodCsAIgqaw73FElcDPa4QHTpyy7UqftvPEcjX7QfTJGvHUb32L-6l_Exr3UFmpcK1fVxhEKR56F89LrZzhkEVF4cv_AtBamJk2gyIBnksFciUkfF1TDEugQnREyaUSHKFWyA-wbZ1FJd_KGXNp1X6smtnk4qHS1fh5IZAtLyCAlsEzGyImQ5uC3ASv3mA9wuMtvlwzmyAwQou3f-l-DVf0ZHo7tmx3ONGDyatQLIOy_MMdkfkpw5Exgg6-rg3kOFQV5sb6JljM_ZMopDUHFIcWXoCgW3_3lGJT3yJlAHOrThP1yjP_doDc4fZlpcCQIDAQAB, max-age=15 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7QZlUJOGtxL9f1KtvPAKotTQSqt1qzQ1r%2BQ0ignInNoVuWmrQRaip53oV%2BZSMbySIrDaniEgMRR26oMh2xK9vmWoP8NLYxWyG4XkhMoWS%2FNxbsE2hYLNJ%2FI1uJHapD0Xsz9jo79SfPrY"}],"group":"cf-nel","max_age":604800} content-type text/plain; charset=UTF-8 cf-ray 72dc7f032f23b011-NRT alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET DATA	200 OK	truncated /	68 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058 Request headers accept-language jp-JP,jp;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Response headers Content-Type image/png
POST H3	200	0ee0f4990144c77 Show response twafgig.cn/cdn-cgi/challenge-platform/h/g/flow/ov1/0.5598690406036592:1658326000:q_yu6adcrMLIFQxGGmid_e1F64F7VcFPw3DUtKD0qyU/72dc7efb1a098aa4/	1 KB 2 KB	42ms 42ms	XHR text/html	2606:4700:3033::ac43:8547 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://twafgig.cn/cdn-cgi/challenge-platform/h/g/flow/ov1/0.5598690406036592:1658326000:q_yu6adcrMLIFQxGGmid_e1F64F7VcFPw3DUtKD0qyU/72dc7efb1a098aa4/0ee0f4990144c77 Requested by Host: twafgig.cn URL: https://twafgig.cn/cdn-cgi/challenge-platform/h/g/orchestrate/jsch/v1?ray=72dc7efb1a098aa4 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3033::ac43:8547 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash cf942ac212725d6cc7a8b51a3eccc8b9c5a5ea7aab8c7283700eec4329681936 Request headers Referer https://twafgig.cn/wctx1D1DFxFDg.do.php accept-language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 CF-Challenge 0ee0f4990144c77 Content-type application/x-www-form-urlencoded Response headers date Wed, 20 Jul 2022 14:48:10 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare cf_chl_out ogelEm+6shWDhocUPwFlNuJcZCC0piHa7osVAbwaIBN7Yj9d9pkM/01h1DPRUJKKnBkxBvXNMp3MfZRbWPVhgw==$sOONY7EQV35qyDUOZ2BXjw== expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H4DLOcFTGHCiATYzvwNyBjuTavhqJ6vmwVrmkPW%2BD%2FRFZXEY8qd7Ag7x906GSGevPPRCor%2B5Z7SH8nKdC2ZDY%2Bwrq6YKpnAexIWPkzm53CKGZ25ZG6JcPmYlW%2BLwvmORZKVPESOP1KEL"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cf_chl_out_s 7ITLRFeNVCwW/Vunaepswyk1tfJ4lxmYvb+14j3kHx+Vitzm2L8qA+cT/rVPr5yJeP0GNNt4+nUK/o1EKwxJSYtztkz5hrn2eedHp+3/pZ2EB/hYNBPs/+FEDrQgoGGHdCcfmgxafBjScqP8UNetWAqtj00KtpTIkDODEvJYkBvMa/tHozVsj+m2f5UY0s8TEpU8qWJFhxAf62IEwpo+YhsaB766KMctrR4d0YNwocllVy75WYcv0s/J3YYqtp26HrTQk6LHTjwno/E5+2ChZsL+1TRl3ftaLPcp3c+u5plEUIqKE6iSaubCYUNXmlsDm8XdSTzIl7srjRUoz4u5l5eQoCll8DuzE2pMBp5eSSiNCaWz96nyI3bIPs0f4oxEEUimvH+pugHrGu6twFEHxpb3GPJDOuNmPWyelGlSfZE1mijg0O2gzrV5JWndpPSnyAUk0Ssm0tzUCnEUexwbpQ==$ToYHCgwqT6Sl1mE/eV/Zqw== cf-ray 72dc7f071e58b011-NRT alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	503	Primary Request wctx1D1DFxFDg.do.php Show response twafgig.cn/	10 KB 11 KB	10ms 10ms	Document text/html	2606:4700:3033::ac43:8547 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://twafgig.cn/wctx1D1DFxFDg.do.php Requested by Host: rqlredw.cn URL: https://rqlredw.cn/?Login/wctx1D1DFxFDg.do.php?wctx/NBCW2101.do?paypaybank/wctx/NBG129A0G13.do?MngKey=77C0C0C9587615370B2DF743DBE3E32F Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3033::ac43:8547 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 79a30b84779db049cefcef63a24954760febd5e9cf877acf7a263637b26058b2 Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers Referer https://twafgig.cn/wctx1D1DFxFDg.do.php Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 accept-language jp-JP,jp;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cache-control private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 cf-ray 72dc7f142dc1b011-NRT content-type text/html; charset=UTF-8 date Wed, 20 Jul 2022 14:48:12 GMT expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" expires Thu, 01 Jan 1970 00:00:01 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} permissions-policy accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I2K2m4f6Pb3H6z%2BgCJRYXjK2M7jcEY7Xr9zSHLDICj3ylHhbSUkJtbH53EMtm1yxfhGUdUTfe0egxpVPeo9nsbVqHbAx2ulMvs0puNuL6PmdwfgrlPMlq9VahurwOmjevvQREYpfI1gE"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding x-frame-options SAMEORIGIN
GET H3	200	v1 Show response twafgig.cn/cdn-cgi/challenge-platform/h/g/orchestrate/jsch/	32 KB 12 KB	14ms 14ms	Script application/javascript	2606:4700:3033::ac43:8547 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://twafgig.cn/cdn-cgi/challenge-platform/h/g/orchestrate/jsch/v1?ray=72dc7f142dc1b011 Requested by Host: twafgig.cn URL: https://twafgig.cn/wctx1D1DFxFDg.do.php Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3033::ac43:8547 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 52a25b0ede9ac4d40d40a332b74b4f8979b1ff545c8d3aeb57792c8eeb224109 Request headers accept-language jp-JP,jp;q=0.9 Referer https://twafgig.cn/wctx1D1DFxFDg.do.php?__cf_chl_rt_tk=H31j1S0rDlNC4i0TC3adH.6HmrX72mnzxAi.acD1nPk-1658328492-0-gaNycGzNBmU User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Response headers date Wed, 20 Jul 2022 14:48:12 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FFv7IxDC9supN8z90WbCqC0MpbYU96IFWqSFg2S63ijtufiMrEKUBAnFKooa5gFPJAQ0umcgv93zAJrGylVANzsnnZq4ymzLfzIHW66PeJpWiwlj2eGt%2BS%2FYYcQwQFAwqVb2ULNoCNQf"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=UTF-8 cache-control max-age=0, must-revalidate cf-ray 72dc7f144df3b011-NRT alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	transparent.gif twafgig.cn/cdn-cgi/images/trace/jschal/js/	42 B 222 B	4ms 4ms	Image image/gif	2606:4700:3033::ac43:8547 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://twafgig.cn/cdn-cgi/images/trace/jschal/js/transparent.gif?ray=72dc7f142dc1b011 Requested by Host: twafgig.cn URL: https://twafgig.cn/wctx1D1DFxFDg.do.php?__cf_chl_rt_tk=H31j1S0rDlNC4i0TC3adH.6HmrX72mnzxAi.acD1nPk-1658328492-0-gaNycGzNBmU Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3033::ac43:8547 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY Request headers accept-language jp-JP,jp;q=0.9 Referer https://twafgig.cn/wctx1D1DFxFDg.do.php?__cf_chl_rt_tk=H31j1S0rDlNC4i0TC3adH.6HmrX72mnzxAi.acD1nPk-1658328492-0-gaNycGzNBmU User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Response headers date Wed, 20 Jul 2022 14:48:12 GMT x-content-type-options nosniff last-modified Fri, 15 Jul 2022 15:34:13 GMT server cloudflare etag "62d188f5-2a" x-frame-options DENY content-type image/gif cache-control max-age=7200, public accept-ranges bytes cf-ray 72dc7f144df6b011-NRT vary Accept-Encoding content-length 42 expires Wed, 20 Jul 2022 16:48:12 GMT
GET H3	200	transparent.gif twafgig.cn/cdn-cgi/images/trace/jschal/nojs/	42 B 222 B	4ms 4ms	Image image/gif	2606:4700:3033::ac43:8547 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://twafgig.cn/cdn-cgi/images/trace/jschal/nojs/transparent.gif?ray=72dc7f142dc1b011 Requested by Host: twafgig.cn URL: https://twafgig.cn/wctx1D1DFxFDg.do.php?__cf_chl_rt_tk=H31j1S0rDlNC4i0TC3adH.6HmrX72mnzxAi.acD1nPk-1658328492-0-gaNycGzNBmU Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3033::ac43:8547 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY Request headers accept-language jp-JP,jp;q=0.9 Referer https://twafgig.cn/wctx1D1DFxFDg.do.php?__cf_chl_rt_tk=H31j1S0rDlNC4i0TC3adH.6HmrX72mnzxAi.acD1nPk-1658328492-0-gaNycGzNBmU User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Response headers date Wed, 20 Jul 2022 14:48:12 GMT x-content-type-options nosniff last-modified Fri, 15 Jul 2022 15:34:13 GMT server cloudflare etag "62d188f5-2a" x-frame-options DENY content-type image/gif cache-control max-age=7200, public accept-ranges bytes cf-ray 72dc7f144df7b011-NRT vary Accept-Encoding content-length 42 expires Wed, 20 Jul 2022 16:48:12 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

tls-ech-experiment.cloudflareresearch.com

URL

https://tls-ech-experiment.cloudflareresearch.com/.well-known/probe

Domain

tls-ech-experiment-c.cloudflareresearch.com

URL

https://tls-ech-experiment-c.cloudflareresearch.com/.well-known/probe

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| _cf_chl_opt function| _cf_chl_enter function| sendRequest boolean| _cf_chl_done_ran function| _cf_chl_done function| SHA256 object| _cf_chl_ctx object| _ undefined| _cf_gcr

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			twafgig.cn/	1970-01-20 04:38:52	Name: cf_chl_prog Value: F16
			twafgig.cn/	1970-01-20 04:38:52	Name: cf_chl_rc_ni Value: 1

9 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
network	error	URL: https://twafgig.cn/wctx1D1DFxFDg.do.php Message: Failed to load resource: the server responded with a status of 503 ()
javascript	error	URL: https://twafgig.cn/wctx1D1DFxFDg.do.php Message: Access to XMLHttpRequest at 'https://tls-ech-experiment.cloudflareresearch.com/.well-known/probe' from origin 'https://twafgig.cn' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://tls-ech-experiment.cloudflareresearch.com/.well-known/probe Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://twafgig.cn/wctx1D1DFxFDg.do.php Message: Access to XMLHttpRequest at 'https://tls-ech-experiment-c.cloudflareresearch.com/.well-known/probe' from origin 'https://twafgig.cn' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://tls-ech-experiment-c.cloudflareresearch.com/.well-known/probe Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://twafgig.cn/cdn-cgi/challenge-platform/h/g/pat/72dc7efb1a098aa4/1658328488403/e7c33dffe899b39fd67580b4970dcb5dfc89b65479b2bfee90b46557711df721/9baAX9qYt8WoByJ Message: Failed to load resource: the server responded with a status of 401 ()
security	warning	Message: Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
network	error	URL: https://twafgig.cn/wctx1D1DFxFDg.do.php Message: Failed to load resource: the server responded with a status of 503 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

rqlredw.cn
tls-ech-experiment-c.cloudflareresearch.com
tls-ech-experiment.cloudflareresearch.com
twafgig.cn
tls-ech-experiment-c.cloudflareresearch.com
tls-ech-experiment.cloudflareresearch.com
23.94.73.208
2606:4700:3033::ac43:8547
4b9df6303fd7aa3998d605d365578fd33dbe3acfe42c53c99d68f839502b9e63
4e4b08d6e9f7718027d50bd0404d40f1a0d2b202495beb82cc518f9ab33d18df
52a25b0ede9ac4d40d40a332b74b4f8979b1ff545c8d3aeb57792c8eeb224109
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5
79a30b84779db049cefcef63a24954760febd5e9cf877acf7a263637b26058b2
9207caaf79f20da386783d5ba03e0e308f8eec0d31ebf6e81b6c26cf662c0c8e
cf942ac212725d6cc7a8b51a3eccc8b9c5a5ea7aab8c7283700eec4329681936
dfa40d39edda12008f530d7378d709b592220777af122f108aabddba353db0fa
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ff8b3bf35639216a2503b45c6c711bcdf8ead5e199fdb13513c40f91d7359c32