webservice-public.duckdns.org Open in urlscan Pro
113.30.149.227 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://urlz.fr/stwr
Effective URL:
https://webservice-public.duckdns.org/remboursement/reformeclient/app/
Submission: On October 29 via automatic, source openphish (October 29th 2024, 1:33:42 pm UTC) — Scanned from FR

Summary HTTP 54 Redirects Behaviour Indicators

Summary

This website contacted 22 IPs in 7 countries across 23 domains to perform 54 HTTP transactions. The main IP is 113.30.149.227, located in Madrid, Spain and belongs to KAMATERA, US. The main domain is webservice-public.duckdns.org.
TLS certificate: Issued by R10 on October 2nd 2024. Valid for: 3 months.

This is the only time webservice-public.duckdns.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Impots Gouv (Government)

Domain & IP information

	IP Address	AS Autonomous System
2	104.21.234.215 104.21.234.215	13335 (CLOUDFLAR...) (CLOUDFLARENET)
16	113.30.149.227 113.30.149.227	36007 (KAMATERA) (KAMATERA)
2	2a00:1450:400... 2a00:1450:4001:82a::2008	15169 (GOOGLE) (GOOGLE)
9	2606:4700:10:... 2606:4700:10::ac43:2bb2	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	18.244.18.94 18.244.18.94	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:275... 2600:9000:275b:bc00:1b:cadc:ef40:93a1	16509 (AMAZON-02) (AMAZON-02)
2	188.114.97.3 188.114.97.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2.19.126.149 2.19.126.149	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a02:2638:3::c 2a02:2638:3::c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	145.239.193.51 145.239.193.51	16276 (OVH) (OVH)
1	51.38.120.206 51.38.120.206	16276 (OVH) (OVH)
1	2620:116:800d... 2620:116:800d:21:b314:a0ef:ab7c:d546	16509 (AMAZON-02) (AMAZON-02)
1	63.32.126.153 63.32.126.153	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:10:... 2606:4700:10::6816:15d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	54.229.254.42 54.229.254.42	16509 (AMAZON-02) (AMAZON-02)
2	188.114.96.3 188.114.96.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
2	2606:4700:10:... 2606:4700:10::6816:5d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:223... 2600:9000:223c:c600:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a04:4e42:200... 2a04:4e42:200::649	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:829::200a	15169 (GOOGLE) (GOOGLE)
1	142.250.181.227 142.250.181.227	15169 (GOOGLE) (GOOGLE)
54	22

2 104.21.234.215 (None, )

ASN13335 (CLOUDFLARENET, US)

urlz.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 113.30.149.227 (Madrid, Spain)

ASN36007 (KAMATERA, US)

webservice-public.duckdns.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2606:4700:10::ac43:2bb2 (United States)

ASN13335 (CLOUDFLARENET, US)

ads.themoneytizer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.244.18.94 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-18-244-18-94.fra56.r.cloudfront.net

cmp.quantcast.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:275b:bc00:1b:cadc:ef40:93a1 (United States)

ASN16509 (AMAZON-02, US)

cmp.inmobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 188.114.97.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

cdn.themoneytizer.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.19.126.149 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-19-126-149.deploy.static.akamaitechnologies.com

ced.sascdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 145.239.193.51 (France)

ASN16276 (OVH, FR)

tag.leadplace.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.38.120.206 (Hessen, Germany)

ASN16276 (OVH, FR)
PTR: ip206.ip-51-38-120.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:b314:a0ef:ab7c:d546 (United States)

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.32.126.153 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-32-126-153.eu-west-1.compute.amazonaws.com

p.cpx.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:15d (United States)

ASN13335 (CLOUDFLARENET, US)

boot.pbstck.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.229.254.42 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-229-254-42.eu-west-1.compute.amazonaws.com

adtrack.adleadevent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 188.114.96.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

tmzr.themoneytizer.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
rawgit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::6816:5d (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.pbstck.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223c:c600:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:200::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.181.227 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	duckdns.org webservice-public.duckdns.org	102 KB
9	themoneytizer.com ads.themoneytizer.com — Cisco Umbrella Rank: 58103	64 KB
3	pbstck.com boot.pbstck.com — Cisco Umbrella Rank: 11064 cdn.pbstck.com — Cisco Umbrella Rank: 11709	43 KB
3	themoneytizer.fr cdn.themoneytizer.fr — Cisco Umbrella Rank: 72243 tmzr.themoneytizer.fr — Cisco Umbrella Rank: 78648	150 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	175 KB
2	urlz.fr urlz.fr — Cisco Umbrella Rank: 849481	7 KB
1	gstatic.com fonts.gstatic.com	18 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 30	2 KB
1	rawgit.com rawgit.com — Cisco Umbrella Rank: 12374	38 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 791	82 KB
1	quantcount.com rules.quantcount.com — Cisco Umbrella Rank: 1501	1 KB
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 3643 www.google-analytics.com Failed
1	adleadevent.com adtrack.adleadevent.com — Cisco Umbrella Rank: 59094	859 B
1	cpx.to p.cpx.to — Cisco Umbrella Rank: 11565	6 KB
1	quantserve.com secure.quantserve.com — Cisco Umbrella Rank: 1471	10 KB
1	onetag-sys.com onetag-sys.com — Cisco Umbrella Rank: 691
1	leadplace.fr tag.leadplace.fr — Cisco Umbrella Rank: 75237	4 KB
1	criteo.com gum.criteo.com — Cisco Umbrella Rank: 461	718 B
1	sascdn.com ced.sascdn.com — Cisco Umbrella Rank: 13680	22 KB
1	inmobi.com cmp.inmobi.com — Cisco Umbrella Rank: 5253	2 KB
1	quantcast.com 1 redirects cmp.quantcast.com — Cisco Umbrella Rank: 8821	605 B
0	biddertmz.com Failed metrics.biddertmz.com Failed
0	impots.gouv.fr Failed www.impots.gouv.fr — Cisco Umbrella Rank: 447024 Failed
54	23

	Domain	Requested by
16	webservice-public.duckdns.org	urlz.fr webservice-public.duckdns.org
9	ads.themoneytizer.com	urlz.fr ads.themoneytizer.com
2	cdn.pbstck.com	boot.pbstck.com
2	cdn.themoneytizer.fr	ads.themoneytizer.com
2	www.googletagmanager.com	urlz.fr www.googletagmanager.com
2	urlz.fr	urlz.fr
1	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	webservice-public.duckdns.org
1	rawgit.com	webservice-public.duckdns.org
1	code.jquery.com	webservice-public.duckdns.org
1	rules.quantcount.com	secure.quantserve.com
1	region1.google-analytics.com	www.googletagmanager.com
1	tmzr.themoneytizer.fr	ads.themoneytizer.com
1	adtrack.adleadevent.com	ads.themoneytizer.com
1	boot.pbstck.com	ads.themoneytizer.com
1	p.cpx.to	ads.themoneytizer.com
1	secure.quantserve.com	ads.themoneytizer.com
1	onetag-sys.com	ads.themoneytizer.com
1	tag.leadplace.fr	ads.themoneytizer.com
1	gum.criteo.com	ads.themoneytizer.com
1	ced.sascdn.com	ads.themoneytizer.com
1	cmp.inmobi.com	cmp.quantcast.com
1	cmp.quantcast.com	1 redirects
0	www.google-analytics.com Failed	www.googletagmanager.com
0	metrics.biddertmz.com Failed	ads.themoneytizer.com
0	www.impots.gouv.fr Failed
54	26

This site contains no links.

Subject Issuer	Validity	Valid
urlz.fr WE1	`2024-10-24` - `2025-01-22`	3 months	crt.sh
webservice-public.duckdns.org R10	`2024-10-02` - `2024-12-31`	3 months	crt.sh
*.google-analytics.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
ads.themoneytizer.com WE1	`2024-09-05` - `2024-12-04`	3 months	crt.sh
themoneytizer.fr WE1	`2024-09-20` - `2024-12-19`	3 months	crt.sh
*.sascdn.com DigiCert TLS RSA SHA256 2020 CA1	`2024-07-16` - `2025-07-16`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-09-24` - `2024-12-25`	3 months	crt.sh
*.leadplace.fr Gandi RSA Domain Validation Secure Server CA 3	`2024-09-11` - `2025-09-11`	a year	crt.sh
*.onetag-sys.com DigiCert Global G3 TLS ECC SHA384 2020 CA1	`2024-01-23` - `2025-01-29`	a year	crt.sh
quantserve.com R11	`2024-10-22` - `2025-01-20`	3 months	crt.sh
p.cpx.to Amazon RSA 2048 M03	`2024-04-24` - `2025-05-23`	a year	crt.sh
pbstck.com WE1	`2024-10-28` - `2025-01-26`	3 months	crt.sh
*.adleadevent.com Amazon RSA 2048 M02	`2024-05-27` - `2025-06-26`	a year	crt.sh
*.jquery.com Sectigo ECC Domain Validation Secure Server CA	`2024-06-25` - `2025-06-25`	a year	crt.sh
rawgit.com WE1	`2024-10-18` - `2025-01-16`	3 months	crt.sh
upload.video.google.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
*.gstatic.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh

This page contains 4 frames:

Primary Page: https://webservice-public.duckdns.org/remboursement/reformeclient/app/
Frame ID: 270D706618C19F590CFDB61E236C807C
Requests: 51 HTTP requests in this frame

Frame: https://webservice-public.duckdns.org/remboursement/reformeclient/app/
Frame ID: 350991CDBB5A603069A5CD742C9C3B8D
Requests: 1 HTTP requests in this frame

Frame: https://webservice-public.duckdns.org/remboursement/reformeclient/app/
Frame ID: 300B86F642A56D153A4BA2DEE257FE9E
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=2a897e3f18e6769&cb=1730208817880
Frame ID: DCDE20FD55F528791F85A2E85EB001F7
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Particuliers | Authentification

Page URL History Show full URLs

https://urlz.fr/stwr Page URL
https://webservice-public.duckdns.org/remboursement/reformeclient/app/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

/prebid\.js

Quantcast Measure (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.quantserve\.com/quant\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

54
Requests

89 %
HTTPS

50 %
IPv6

23
Domains

26
Subdomains

22
IPs

7
Countries

727 kB
Transfer

2362 kB
Size

5
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://urlz.fr/stwr Page URL
https://webservice-public.duckdns.org/remboursement/reformeclient/app/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10

https://cmp.quantcast.com/choice/6Fv0cGNfc_bw8/www.themoneytizer.com/choice.js HTTP 301
https://cmp.inmobi.com/choice/6Fv0cGNfc_bw8/www.themoneytizer.com/choice.js?tag_version=V2

Request Chain 12

https://www.impots.gouv.fr/portail/sites/all/themes/impotsgouv/favicon.ico HTTP 301
https://www.impots.gouv.fr/sites/all/themes/impotsgouv/favicon.ico

Request Chain 52

https://www.impots.gouv.fr/portail/sites/all/themes/impotsgouv/favicon.ico HTTP 301
https://www.impots.gouv.fr/sites/all/themes/impotsgouv/favicon.ico

54 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 stwr Show response
urlz.fr/ 10 KB
3 KB 754ms
707ms Document
text/html 104.21.234.215
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://urlz.fr/stwr
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.234.215 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3f7d5576f8128a113d552dee1d909e60f4464f7320a14fabb2e3c3bd4485ef08

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: max-age=60
cf-cache-status: DYNAMIC
cf-ray: 8da389c6ad05ba7e-BRU
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 29 Oct 2024 13:33:35 GMT
expires: Tue, 29 Oct 2024 13:34:35 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rTosx%2FY5xWTeKVmeDfbyk89tp9%2BmZ%2Bs1Sc7tSPdnUIZRU8t1MYFqQmYRleQs4ZXXw6nvbZk%2BFr2R7o9hw3HJOna2KM%2BvtkbJVpxXxrfmZZlbMjacoZH5JSWj"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=QUIC&rtt=21138&sent=13&recv=10&lost=0&retrans=0&sent_bytes=4147&recv_bytes=4486&delivery_rate=663&cwnd=12000&unsent_bytes=0&cid=4e765e8eddcc020a&ts=717&x=1" cfHdrFlush;dur=0
x-fastcgi-cache: MISS

GET
H3 200 rocket-loader.min.js Show response
urlz.fr/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 23ms
23ms Script
application/javascript 104.21.234.215
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://urlz.fr/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: urlz.fr
URL: https://urlz.fr/stwr

Protocol

Security

QUIC, , AES_128_GCM

Server

104.21.234.215 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://urlz.fr/stwr

Response headers

x-frame-options: DENY
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cache-control: max-age=172800, public
content-encoding: gzip
etag: W/"67180f7e-302c"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vZeOwWg7JE3aFzk%2Brycl1ZlkjAbw7H69puVAB7Oy9U3Uh8CGEo1nA%2B8crXGsR7v%2FrZtbyL3KYo011o3DE35u%2FF%2BRQI60I3MNuDQK39uv2uI%2FMxWIokVO9z21"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
cf-ray: 8da389cb2bd5ba7e-BRU
expires: Thu, 31 Oct 2024 13:33:35 GMT
date: Tue, 29 Oct 2024 13:33:35 GMT
content-type: application/javascript
last-modified: Tue, 22 Oct 2024 20:47:58 GMT
server: cloudflare
vary: Accept-Encoding

GET
H2 200 /
webservice-public.duckdns.org/remboursement/reformeclient/app/ Frame 3509 0
0 1274ms
46ms Document
text/html 113.30.149.227
KAMATERA

General

Check archive.org

Show headers Download Go to

Full URL

https://webservice-public.duckdns.org/remboursement/reformeclient/app/

Requested by

Host: urlz.fr
URL: https://urlz.fr/stwr

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

113.30.149.227 Madrid, Spain, ASN36007 (KAMATERA, US),

Reverse DNS

Software

nginx / PHP/8.3.13 PleskLin

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://urlz.fr/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 29 Oct 2024 13:33:15 GMT
server: nginx
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PHP/8.3.13 PleskLin

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 221 KB
79 KB 142ms
48ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-162669458-1

Requested by

Host: urlz.fr
URL: https://urlz.fr/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

4bbd69c75f21f2b31c158aa714a77198781ebf2ae9f4358974a9ca694fba4f56

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://urlz.fr/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Tue, 29 Oct 2024 13:33:36 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 29 Oct 2024 13:33:36 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Tue, 29 Oct 2024 12:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 80539
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 requestform.js Show response
ads.themoneytizer.com/s/ 7 KB
1 KB 317ms
36ms Script
text/html 2606:4700:10::ac43:2bb2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.themoneytizer.com/s/requestform.js?siteId=15056&formatId=6
Requested by: Host: urlz.fr
URL: https://urlz.fr/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:2bb2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/8.2.17
Resource Hash: 0867891b222dc16d393505032a81c271c3438eb981011462553db069ee490a75

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://urlz.fr/

Response headers

server: cloudflare
cache-control: max-age=259200
content-encoding: br
cf-cache-status: HIT
age: 30468
cf-ray: 8da389cec83bf168-CDG
apigw-requestid: AZXJji2tDoEEP-A=
date: Tue, 29 Oct 2024 13:33:36 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.2.17
vary: Accept-Encoding
last-modified: Tue, 29 Oct 2024 05:00:07 GMT

GET
H2 200 gen.js Show response
ads.themoneytizer.com/s/ 4 KB
2 KB 314ms
34ms Script
text/html 2606:4700:10::ac43:2bb2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.themoneytizer.com/s/gen.js?type=6
Requested by: Host: urlz.fr
URL: https://urlz.fr/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:2bb2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/8.2.17
Resource Hash: 3dd4f53067dd0f0bd875bcf7acebfb72e908b5329da8f19ab48fbbe4aa10daa5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://urlz.fr/

Response headers

server: cloudflare
cache-control: max-age=259200
content-encoding: br
cf-cache-status: HIT
age: 30810
cf-ray: 8da389cec83cf168-CDG
apigw-requestid: AZXJfhYIjoEEJhQ=
date: Tue, 29 Oct 2024 13:33:36 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.2.17
vary: Accept-Encoding
last-modified: Tue, 29 Oct 2024 05:00:05 GMT

GET
H2 200 requestform.js Show response
ads.themoneytizer.com/s/ 7 KB
1 KB 315ms
34ms Script
text/html 2606:4700:10::ac43:2bb2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.themoneytizer.com/s/requestform.js?siteId=15056&formatId=28
Requested by: Host: urlz.fr
URL: https://urlz.fr/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:2bb2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/8.2.17
Resource Hash: 7f51d6fd34b4371bfe8e66a7e7b3f2096a4abeb6087854df7f852022d229d182

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://urlz.fr/

Response headers

server: cloudflare
cache-control: max-age=259200
content-encoding: br
cf-cache-status: HIT
age: 30468
cf-ray: 8da389cec838f168-CDG
apigw-requestid: AZXJihwJjoEEM7Q=
date: Tue, 29 Oct 2024 13:33:36 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.2.17
vary: Accept-Encoding
last-modified: Tue, 29 Oct 2024 05:00:06 GMT

GET
H2 200 gen.js Show response
ads.themoneytizer.com/s/ 4 KB
2 KB 317ms
37ms Script
text/html 2606:4700:10::ac43:2bb2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.themoneytizer.com/s/gen.js?type=28
Requested by: Host: urlz.fr
URL: https://urlz.fr/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:2bb2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/8.2.17
Resource Hash: 3dd4f53067dd0f0bd875bcf7acebfb72e908b5329da8f19ab48fbbe4aa10daa5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://urlz.fr/

Response headers

server: cloudflare
cache-control: max-age=259200
content-encoding: br
cf-cache-status: HIT
age: 30810
cf-ray: 8da389cec835f168-CDG
apigw-requestid: AZXJdjDRDoEEJiA=
date: Tue, 29 Oct 2024 13:33:36 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.2.17
vary: Accept-Encoding
last-modified: Tue, 29 Oct 2024 05:00:05 GMT

GET
H2 200 requestform.js Show response
ads.themoneytizer.com/s/ 7 KB
1 KB 316ms
36ms Script
text/html 2606:4700:10::ac43:2bb2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.themoneytizer.com/s/requestform.js?siteId=15056&formatId=1
Requested by: Host: urlz.fr
URL: https://urlz.fr/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:2bb2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/8.2.17
Resource Hash: 2c9e4c9cdb0d2a60e18c484cd80109907a5cb7a0c3358862fc67533294691e11

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://urlz.fr/

Response headers

server: cloudflare
cache-control: max-age=259200
content-encoding: br
cf-cache-status: HIT
age: 30468
cf-ray: 8da389cec839f168-CDG
apigw-requestid: AZXJjiAbDoEEMTg=
date: Tue, 29 Oct 2024 13:33:36 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.2.17
vary: Accept-Encoding
last-modified: Tue, 29 Oct 2024 05:00:06 GMT

GET
H2 200 gen.js Show response
ads.themoneytizer.com/s/ 4 KB
2 KB 314ms
35ms Script
text/html 2606:4700:10::ac43:2bb2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.themoneytizer.com/s/gen.js?type=1
Requested by: Host: urlz.fr
URL: https://urlz.fr/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:2bb2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/8.2.17
Resource Hash: 3dd4f53067dd0f0bd875bcf7acebfb72e908b5329da8f19ab48fbbe4aa10daa5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://urlz.fr/

Response headers

server: cloudflare
cache-control: max-age=259200
content-encoding: br
cf-cache-status: HIT
age: 30810
cf-ray: 8da389cec833f168-CDG
apigw-requestid: AZXJej2qDoEEJTA=
date: Tue, 29 Oct 2024 13:33:36 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.2.17
vary: Accept-Encoding
last-modified: Tue, 29 Oct 2024 05:00:05 GMT

GET
H2

200

choice.js
cmp.inmobi.com/choice/6Fv0cGNfc_bw8/www.themoneytizer.com/
Redirect Chain

https://cmp.quantcast.com/choice/6Fv0cGNfc_bw8/www.themoneytizer.com/choice.js
https://cmp.inmobi.com/choice/6Fv0cGNfc_bw8/www.themoneytizer.com/choice.js?tag_version=V2

4 KB
2 KB

301ms
42ms

Script
application/javascript

2600:9000:275b:bc00:1b:cadc:ef40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cmp.inmobi.com/choice/6Fv0cGNfc_bw8/www.themoneytizer.com/choice.js?tag_version=V2
Protocol: H2
Server: 2600:9000:275b:bc00:1b:cadc:ef40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://urlz.fr/

Response headers

vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin,Accept-Encoding
cache-control: max-age=900
content-encoding: br
etag: W/"2f952b6e5c723f68a451eda821ff0ce5"
age: 55
cross-origin-resource-policy: cross-origin
via: 1.1 96f7375d4633bdc30f727db82897e3b4.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: OO92QTqY9YieFpqTh3sKcPxo0_dHiaNhI6y20VYf-Bl4PnK0vCdyug==
date: Tue, 29 Oct 2024 13:33:17 GMT
content-type: application/javascript
last-modified: Mon, 01 Jul 2024 09:12:25 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P7
x-amz-server-side-encryption: AES256

Redirect headers

etag: "408e9e32ff11d19e90e67eb67eb171dc"
age: 48
x-cache: Hit from cloudfront
x-amz-cf-id: X-Vky2SXLn_JhrylFnEH8YZpxgaQ0RWjUcIZhPwhJtGtCqXHPtHeTA==
date: Tue, 29 Oct 2024 13:32:51 GMT
last-modified: Wed, 15 Nov 2023 20:03:11 GMT
vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin,Accept-Encoding
cache-control: max-age=3600
location: https://cmp.inmobi.com/choice/6Fv0cGNfc_bw8/www.themoneytizer.com/choice.js?tag_version=V2
cross-origin-resource-policy: cross-origin
via: 1.1 0be2062deeede74cb37dc047454ddbce.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 0
x-amz-cf-pop: FRA56-P11
server: AmazonS3
x-amz-website-redirect-location: https://cmp.inmobi.com/choice/6Fv0cGNfc_bw8/www.themoneytizer.com/choice.js?tag_version=V2
x-amz-server-side-encryption: AES256

GET
H2 200 requestform3.js Show response
ads.themoneytizer.com/s/ 108 KB
18 KB 37ms
30ms Script
text/html 2606:4700:10::ac43:2bb2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.themoneytizer.com/s/requestform3.js?siteId=15056&formatId=1
Requested by: Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform.js?siteId=15056&formatId=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:2bb2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/8.2.17
Resource Hash: e8c13759547f4e9b83a13e718b7595cc39772b6fd79ceb37dcba879695fac973

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://urlz.fr/

Response headers

server: cloudflare
cache-control: max-age=259200
content-encoding: br
cf-cache-status: HIT
age: 30469
cf-ray: 8da389d78961f168-CDG
apigw-requestid: AZXJsj85DoEEPgg=
date: Tue, 29 Oct 2024 13:33:37 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.2.17
vary: Accept-Encoding
last-modified: Tue, 29 Oct 2024 05:00:07 GMT

GET

favicon.ico
www.impots.gouv.fr/sites/all/themes/impotsgouv/
Redirect Chain

https://www.impots.gouv.fr/portail/sites/all/themes/impotsgouv/favicon.ico
https://www.impots.gouv.fr/sites/all/themes/impotsgouv/favicon.ico

0
0

GET metric
metrics.biddertmz.com/ 0
0

GET
H2 200 requestform3.js Show response
ads.themoneytizer.com/s/ 107 KB
18 KB 43ms
38ms Script
text/html 2606:4700:10::ac43:2bb2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.themoneytizer.com/s/requestform3.js?siteId=15056&formatId=28
Requested by: Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform.js?siteId=15056&formatId=28
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:2bb2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/8.2.17
Resource Hash: d14096d8c04cdfa32d228ad57fed242f0e1565481fdc7ba291583259693dc41c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://urlz.fr/

Response headers

server: cloudflare
cache-control: max-age=259200
content-encoding: br
cf-cache-status: HIT
age: 30469
cf-ray: 8da389d78964f168-CDG
apigw-requestid: AZXJtg4yDoEEJrQ=
date: Tue, 29 Oct 2024 13:33:37 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.2.17
vary: Accept-Encoding
last-modified: Tue, 29 Oct 2024 05:00:07 GMT

GET
H2 200 requestform3.js Show response
ads.themoneytizer.com/s/ 107 KB
18 KB 40ms
35ms Script
text/html 2606:4700:10::ac43:2bb2
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.themoneytizer.com/s/requestform3.js?siteId=15056&formatId=6
Requested by: Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform.js?siteId=15056&formatId=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:2bb2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/8.2.17
Resource Hash: 7617e7015fc08204a0c0ca0f304d49e020eeea3216d4f95e90a1ed8c9bcab8d5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://urlz.fr/

Response headers

server: cloudflare
cache-control: max-age=259200
content-encoding: br
cf-cache-status: HIT
age: 30469
cf-ray: 8da389d78969f168-CDG
apigw-requestid: AZXJvj_jjoEEJKQ=
date: Tue, 29 Oct 2024 13:33:37 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.2.17
vary: Accept-Encoding
last-modified: Tue, 29 Oct 2024 05:00:07 GMT

GET
H2 200 /
webservice-public.duckdns.org/remboursement/reformeclient/app/ Frame 300B 0
0 48ms
47ms Document
text/html 113.30.149.227
KAMATERA

General

Check archive.org

Show headers Download Go to

Full URL

https://webservice-public.duckdns.org/remboursement/reformeclient/app/

Requested by

Host: urlz.fr
URL: https://urlz.fr/stwr

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

113.30.149.227 Madrid, Spain, ASN36007 (KAMATERA, US),

Reverse DNS

Software

nginx / PHP/8.3.13 PleskLin

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://urlz.fr/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 29 Oct 2024 13:33:16 GMT
server: nginx
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PHP/8.3.13 PleskLin

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 274 KB
96 KB 52ms
50ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-YETLCG4WNK&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-162669458-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c25c59a282e4046f12746d5b1892bc20a25415b81d1d20ffafdc0a28761515bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://urlz.fr/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Tue, 29 Oct 2024 13:33:37 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 29 Oct 2024 13:33:37 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 97930
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 lib_adagio.js Show response
cdn.themoneytizer.fr/ads/ 2 KB
1 KB 185ms
38ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.themoneytizer.fr/ads/lib_adagio.js
Requested by: Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform.js?siteId=15056&formatId=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e1a3214e6ad4fe4355c5b99490b2e66ed2331ae65f8d7bdb8a864552c4532dfb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://urlz.fr/

Response headers

content-encoding: br
cf-cache-status: HIT
x-amz-version-id: qvYhA6q9SmHJElAJ4hWBgTd.Ag0_5M8x
etag: W/"f2ae4810b618b8843df5265f6320f1a4"
age: 496890
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FdT9%2BJocb5g5crbZBG7DODckVOBwRT2M02IBWxgWVXKRjAS6oGNEHSw4LMlX9XOVBKdHrPSB0KbBxq9O1cZ3CME8FIe7sne6x14gJyzDnLLYq28hty4W2jFydt612BvglIVExy6t1g%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=20805&sent=13&recv=10&lost=0&retrans=0&sent_bytes=4212&recv_bytes=4374&delivery_rate=31499&cwnd=12000&unsent_bytes=0&cid=3b681888285ea881&ts=150&x=1", cfHdrFlush;dur=0
date: Tue, 29 Oct 2024 13:33:38 GMT
content-type: application/javascript
last-modified: Wed, 05 Jun 2024 18:28:25 GMT
vary: Accept-Encoding
x-amz-id-2: 9533jrmgr8FVCVL/Kqckoqkdak6KHM0iwBklc1k6mUufCi3hj60O1vOOi8PohJ9VTTbE/n+rXLg=
cache-control: max-age=2678400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: V2E2GXJAVHC3M5PH
cf-ray: 8da389d8be787006-CDG
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H/1.1 200
OK smart.js Show response
ced.sascdn.com/tag/1097/ 64 KB
22 KB 177ms
29ms Script
application/javascript 2.19.126.149
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ced.sascdn.com/tag/1097/smart.js
Requested by: Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform3.js?siteId=15056&formatId=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.126.149 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-19-126-149.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 3b1b96c0ea2f3b650976bc44041bfc1ffe97781d370ed93a6548d0cfbce925e0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://urlz.fr/

Response headers

Cache-Control: public, max-age=7200
Content-Encoding: gzip
Connection: keep-alive
Expires: Tue, 29 Oct 2024 15:33:38 GMT
Content-Length: 22577
Date: Tue, 29 Oct 2024 13:33:38 GMT
Content-Type: application/javascript; charset=UTF-8
Vary: Accept-Encoding

GET
H2 200 sync Show response
gum.criteo.com/ 49 B
718 B 177ms
26ms Script
text/javascript 2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sync?c=147&r=2&j=criteoCallback

Requested by

Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform3.js?siteId=15056&formatId=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

005c3133bf387e1b00a5ec25effc468f7752591adac19a3782d200bf68a970f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://urlz.fr/

Response headers

strict-transport-security: max-age=31536000; preload;
cache-control: private, max-age=3600
content-encoding: gzip
server-processing-duration-in-ticks: 351391
expires: 60
date: Tue, 29 Oct 2024 13:33:37 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
server: Kestrel

GET
H/1.1 200
OK libJsLP.js Show response
tag.leadplace.fr/ 4 KB
4 KB 164ms
17ms Script
application/javascript 145.239.193.51
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.leadplace.fr/libJsLP.js
Requested by: Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform3.js?siteId=15056&formatId=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 145.239.193.51 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: 97c32278e8275102822dd3f18f9de62b7ff1f796bb43cf04c0845114ec912d16

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://urlz.fr/

Response headers

etag: "65704eb1-f36"
x-iplb-instance: 57475
x-iplb-request-id: B22190B0:C4DC_91EFC133:01BB_6720E431_24291BD9:37FB
accept-ranges: bytes
content-length: 3894
date: Tue, 29 Oct 2024 13:33:38 GMT
content-type: application/javascript
last-modified: Wed, 06 Dec 2023 10:36:33 GMT
server: nginx/1.20.1

GET
H2 204 /
onetag-sys.com/usync/ Frame DCDE 0
0 112ms
23ms Document
text/plain 51.38.120.206
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=2a897e3f18e6769&cb=1730208817880

Requested by

Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform3.js?siteId=15056&formatId=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.38.120.206 Hessen, Germany, ASN16276 (OVH, FR),

Reverse DNS

ip206.ip-51-38-120.eu

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://urlz.fr/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
cache-control: no-store
strict-transport-security: max-age=15552000

GET
H2 200 quant.js Show response
secure.quantserve.com/ 23 KB
10 KB 181ms
31ms Script
application/javascript 2620:116:800d:21:b314:a0ef:ab7c:d546
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform3.js?siteId=15056&formatId=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:b314:a0ef:ab7c:d546 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 20133cc700841ec85f087ff9834a922b482b9135e98574a9afebade4c754558c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://urlz.fr/

Response headers

cache-control: private, max-age=604800
content-encoding: gzip
etag: "HP/dXILNCv8vRT01LqWQOg=="
expires: Tue, 05 Nov 2024 13:33:38 GMT
accept-ranges: bytes
date: Tue, 29 Oct 2024 13:33:38 GMT
content-type: application/javascript
vary: Accept-Encoding

GET
H2 200 px.js Show response
p.cpx.to/p/12773/ 5 KB
6 KB 181ms
32ms Script
application/javascript 63.32.126.153
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://p.cpx.to/p/12773/px.js
Requested by: Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform3.js?siteId=15056&formatId=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.32.126.153 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-32-126-153.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 7d728de39899e380361b84986ac71163942785138b8052825967a5f2ff0105db

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://urlz.fr/

Response headers

cache-control: public, max-age=86400
content-length: 5524
date: Tue, 29 Oct 2024 13:33:38 GMT
content-type: application/javascript; charset=UTF-8

GET
H2 200 d086759d-86af-4b34-852b-bb5d4c87aa38 Show response
boot.pbstck.com/v1/tag/ 1 KB
948 B 181ms
33ms Script
application/javascript 2606:4700:10::6816:15d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://boot.pbstck.com/v1/tag/d086759d-86af-4b34-852b-bb5d4c87aa38
Requested by: Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform3.js?siteId=15056&formatId=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:15d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ce26c7de1b239c45d149b0188f8176737ea8eae9a8c33ddd0c82a04cfae5ef1e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://urlz.fr/

Response headers

cache-control: public,max-age=1200
timing-allow-origin: *
content-encoding: gzip
cf-cache-status: HIT
age: 200
cf-ray: 8da389d8cb33f0af-CDG
accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 709
date: Tue, 29 Oct 2024 13:33:38 GMT
content-type: application/javascript
last-modified: Tue, 29 Oct 2024 13:30:18 GMT
vary: Accept-Encoding
server: cloudflare

GET
H/1.1 200
OK mailNotification.php Show response
adtrack.adleadevent.com/ 0
859 B 214ms
35ms Script
application/x-javascript 54.229.254.42
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://adtrack.adleadevent.com/mailNotification.php?st=a96081b6-db78-48c4-9f82-b93e316fb1f7
Requested by: Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform3.js?siteId=15056&formatId=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.229.254.42 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-229-254-42.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://urlz.fr/

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0, no-cache="set-cookie"
Content-Encoding: gzip
Pragma: no-cache
Connection: keep-alive
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Access-Control-Allow-Origin: *
Content-Length: 20
Date: Tue, 29 Oct 2024 13:33:38 GMT
Content-Type: application/x-javascript
Last-Modified: Tue, 29 Oct 2024 13:33:38 GMT
Server: Apache
Vary: Accept-Encoding

GET
H3 200 prebid.js
tmzr.themoneytizer.fr/v9.16.0u2.0.18/d7aafc52c8a4a53e4a8ac91cd016e564/ 436 KB
147 KB 185ms
47ms Script
application/javascript 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tmzr.themoneytizer.fr/v9.16.0u2.0.18/d7aafc52c8a4a53e4a8ac91cd016e564/prebid.js
Requested by: Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform3.js?siteId=15056&formatId=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://urlz.fr/

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"5a70c93fb734cfcba351a9e1e21d4bec"
age: 725599
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KzYDA4wDXthLs2buTWebg%2FHIlJ5Kzsv99wcubbAWNl7FrjWHsTbDbJTu%2FGSZqtm2X6R25sycL9HJfXCe2HixNJUUo9Jf9B%2BKc9%2BI7MQ%2BszrhBj7CqHaE%2FU1M4PBxLmzxkaEzWyzCuNU%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=20104&sent=11&recv=9&lost=0&retrans=0&sent_bytes=4136&recv_bytes=4357&delivery_rate=27162&cwnd=12000&unsent_bytes=0&cid=9b43ec2c9577aad1&ts=146&x=1", cfHdrFlush;dur=0
date: Tue, 29 Oct 2024 13:33:38 GMT
content-type: application/javascript
last-modified: Fri, 18 Oct 2024 16:39:08 GMT
vary: Accept-Encoding
x-amz-id-2: S8cj60NZ/FZ6ZcLTNX+AGZTOgeVoE2qOvp3uOPOeuTnnWwmAst3VBJj/WmHWVZ39dH0oEenpmOU=
cache-control: max-age=2678400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: 5Z2C0S171ZYF7FNF
cf-ray: 8da389d8b9906f10-CDG
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 lib_fs_close.js Show response
cdn.themoneytizer.fr/ads/ 652 B
1 KB 37ms
36ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.themoneytizer.fr/ads/lib_fs_close.js
Requested by: Host: ads.themoneytizer.com
URL: https://ads.themoneytizer.com/s/requestform3.js?siteId=15056&formatId=6
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 50e55a95e9db7e15e936fb087be3b7f51c680f4902d4a19c2a15467d29678cae

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://urlz.fr/

Response headers

content-encoding: br
cf-cache-status: HIT
x-amz-version-id: Nnvvv1jdDwZYuBcVZSRsjH6BurhA_E9P
etag: W/"51041511d28e6417ba394f775f87da93"
age: 499900
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8XyQhcTEnGV0%2B%2FaTpPr1kikIuhCUmIaotBYWMwYO3AgeynBz%2FG9VLGHkY0TGlXiUUszbVI8oE2TFevYThg8djgmyOpAXExSn%2FpvR7Nrtv%2BriWTPuptEOVfZyID%2BqkgXk%2FIstzdAeUg%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=21573&sent=16&recv=13&lost=0&retrans=0&sent_bytes=5720&recv_bytes=4729&delivery_rate=56123&cwnd=12000&unsent_bytes=0&cid=3b681888285ea881&ts=176&x=1", cfHdrFlush;dur=0
date: Tue, 29 Oct 2024 13:33:38 GMT
content-type: application/javascript
last-modified: Wed, 05 Jun 2024 18:28:22 GMT
vary: Accept-Encoding
x-amz-id-2: hzskeKa3h7xdeZ0cvxbU0evMYQ5dIsVCMxZRLE+YXDxq0xs7RkvemXK/8RCyDq7D2AhdVWuuw6o=
cache-control: max-age=2678400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: S6S2HX8X2D19KV6K
cf-ray: 8da389d8eea57006-CDG
server: cloudflare
x-amz-server-side-encryption: AES256

POST
H2 204 collect
region1.google-analytics.com/g/ 0
0 103ms
32ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-YETLCG4WNK&gtm=45je4ao0v9135308222za200&_p=1730208817833&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tcfd=10001&tag_exp=101533421~101823848~101925629&cid=2026775463.1730208818&ul=fr-fr&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EAAI&_s=1&sid=1730208817&sct=1&seg=0&dl=https%3A%2F%2Furlz.fr%2Fstwr&dt=Particuliers%20%7C%20Authentification&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=2870
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-YETLCG4WNK&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://urlz.fr/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://urlz.fr
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 29 Oct 2024 13:33:38 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 user-sessions-b6ed2f5.js
cdn.pbstck.com/ 38 KB
15 KB 106ms
42ms XHR
application/javascript 2606:4700:10::6816:5d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pbstck.com/user-sessions-b6ed2f5.js
Requested by: Host: boot.pbstck.com
URL: https://boot.pbstck.com/v1/tag/d086759d-86af-4b34-852b-bb5d4c87aa38
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:5d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://urlz.fr/

Response headers

access-control-max-age: 3000
content-encoding: br
cf-cache-status: HIT
etag: W/"9027c42100e8c3cae398170112fbce0d"
age: 1128103
access-control-allow-methods: GET
alt-svc: h3=":443"; ma=86400
date: Tue, 29 Oct 2024 13:33:38 GMT
content-type: application/javascript
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 16 Oct 2024 10:32:07 GMT
x-amz-id-2: XefG5VJUMRg3vPm17fkw/4ItnvUHvJmDYShyCi52klf4LJYIo3RJ1Ajwok908xCX/B7B8HkQiEI=
cache-control: public,max-age=31536000,immutable
x-amz-request-id: YRXVFTT20YV29Q9C
cf-ray: 8da389d95d19048a-CDG
access-control-allow-origin: *
server: cloudflare

GET
H2 200 collector-e8794bc.js
cdn.pbstck.com/ 83 KB
27 KB 106ms
41ms XHR
application/javascript 2606:4700:10::6816:5d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.pbstck.com/collector-e8794bc.js
Requested by: Host: boot.pbstck.com
URL: https://boot.pbstck.com/v1/tag/d086759d-86af-4b34-852b-bb5d4c87aa38
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:5d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://urlz.fr/

Response headers

access-control-max-age: 3000
content-encoding: br
cf-cache-status: HIT
etag: W/"806b240a2c0b9278b4d87e20e1db6001"
age: 2524911
access-control-allow-methods: GET
alt-svc: h3=":443"; ma=86400
date: Tue, 29 Oct 2024 13:33:38 GMT
content-type: application/javascript
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Mon, 30 Sep 2024 08:08:26 GMT
x-amz-id-2: aVKLlhJfqInyPpoHpCnnIVORJ3QDCZxXxbn4QH76qpX5wwydnKygMaTWyNV0OujhJ7es/n8hmjA=
cache-control: public,max-age=31536000,immutable
x-amz-request-id: YRDMBCKYMBAS19KV
cf-ray: 8da389d95d1c048a-CDG
access-control-allow-origin: *
server: cloudflare

GET
H2 200 rules-p-6Fv0cGNfc_bw8.js
rules.quantcount.com/ 1 KB
1 KB 291ms
42ms Script
application/javascript 2600:9000:223c:c600:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-6Fv0cGNfc_bw8.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:c600:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://urlz.fr/

Response headers

content-encoding: gzip
etag: W/"1f431dc94c1f033d6666f0fe637e2d7b"
age: 1293
access-control-allow-methods: GET
x-cache: Hit from cloudfront
x-amz-cf-id: gEs-DwO9UTaETaL6p_AXyAPcShFYyJpi_ErvbUf45mEgh9Q3cybuAQ==
date: Tue, 29 Oct 2024 13:12:06 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Thu, 13 Oct 2022 22:35:53 GMT
cache-control: max-age=3600
cross-origin-resource-policy: cross-origin
via: 1.1 83f1b8f73f37458f38e2ee1fc0b9e68c.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-amz-cf-pop: FRA56-P2
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 Primary Request / Show response
webservice-public.duckdns.org/remboursement/reformeclient/app/ 2 KB
763 B 127ms
41ms Document
text/html 113.30.149.227
KAMATERA

General

Check archive.org

Show headers Download Go to

Full URL

https://webservice-public.duckdns.org/remboursement/reformeclient/app/

Requested by

Host: urlz.fr
URL: https://urlz.fr/stwr

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

113.30.149.227 Madrid, Spain, ASN36007 (KAMATERA, US),

Reverse DNS

Software

nginx / PHP/8.3.13 PleskLin

Resource Hash

dd99286a72cb7f6732d5c02816232f28402993b3f9147b49082f1f2412b307b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

Referer: https://urlz.fr/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 29 Oct 2024 13:33:16 GMT
server: nginx
strict-transport-security: max-age=15768000; includeSubDomains
x-powered-by: PHP/8.3.13 PleskLin

GET cmp2.js
cmp.inmobi.com/tcfv2/53/ 0
0

GET analytics.js
www.google-analytics.com/ 0
0

GET
H2 200 jquery-1.11.0.js Show response
code.jquery.com/ 276 KB
82 KB 59ms
18ms Script
application/javascript 2a04:4e42:200::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-1.11.0.js
Requested by: Host: webservice-public.duckdns.org
URL: https://webservice-public.duckdns.org/remboursement/reformeclient/app/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: ce0343e1d6f489768eeefe022c12181c6a0822e756239851310acf076d23d10c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://webservice-public.duckdns.org/

Response headers

content-encoding: gzip
etag: W/"28feccc0-45140"
age: 2866581
x-cache: HIT, HIT
date: Tue, 29 Oct 2024 13:33:38 GMT
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
x-cache-hits: 3683, 833
x-served-by: cache-lga21937-LGA, cache-lcy-eglc8600021-LCY
vary: Accept-Encoding
cache-control: public, max-age=31536000, stale-while-revalidate=604800
x-timer: S1730208819.514001,VS0,VE0
cross-origin-resource-policy: cross-origin
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 83550
server: nginx

GET
H3 200 jquery.inputmask.bundle.js Show response
rawgit.com/RobinHerbots/jquery.inputmask/3.x/dist/ 214 KB
38 KB 64ms
34ms Script
application/javascript 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://rawgit.com/RobinHerbots/jquery.inputmask/3.x/dist/jquery.inputmask.bundle.js

Requested by

Host: webservice-public.duckdns.org
URL: https://webservice-public.duckdns.org/remboursement/reformeclient/app/

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5cbeb9095648444ae26ad665785931d937a10bc83b78f2cf51eaefea0dc0ec21

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://webservice-public.duckdns.org/

Response headers

x-robots-tag: none
content-encoding: gzip
cf-cache-status: HIT
etag: W/"239e0cb721224bc76940cfad39ef0f2ecf1de110e9a777ecc9e2fefa91c0fe7b"
age: 262
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j1jfC9VGH%2BSZm3JY9BOTxGXaMXGukBJLs2GbvwUTsJ52g5j0BBBphZzFaSRYwNLn6Eczr4O5NN0GX5zYU8KUgpqTuZyqFowJjNRewe%2BQ42snhA7JfXPnrq%2BErSGd"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
sunset: Tue, 01 Oct 2019 00:00:00 GMT
rawgit-cache-status: HIT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=19821&sent=11&recv=7&lost=0&retrans=0&sent_bytes=4199&recv_bytes=4307&delivery_rate=131951&cwnd=12000&unsent_bytes=0&cid=2b74f00dbe4b1b00&ts=41&x=1", cfExtPri, cfHdrFlush;dur=0
date: Tue, 29 Oct 2024 13:33:38 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
priority: u=1,i=?0
strict-transport-security: max-age=31536000; preload
link: <https://rawgit.com/>; rel="sunset"; title="RawGit will soon shut down. Please stop using it."
cache-control: max-age=3600, s-maxage=300
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8da389dbad8e6fa6-CDG
access-control-allow-origin: *
server: cloudflare

GET
H2 200 bootstrap.min.css
webservice-public.duckdns.org/remboursement/reformeclient/app/templates/styles/ 105 KB
16 KB 125ms
121ms Stylesheet
text/css 113.30.149.227
KAMATERA

General

Check archive.org

Show headers Download Go to

Full URL

https://webservice-public.duckdns.org/remboursement/reformeclient/app/templates/styles/bootstrap.min.css

Requested by

Host: webservice-public.duckdns.org
URL: https://webservice-public.duckdns.org/remboursement/reformeclient/app/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

113.30.149.227 Madrid, Spain, ASN36007 (KAMATERA, US),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

d62fa88039420770a01d1ae673503f76fe3d2c1a2579ef17ea5d0fcdb11c771e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://webservice-public.duckdns.org/remboursement/reformeclient/app/

Response headers

strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
etag: W/"66a7ca30-1a445"
date: Tue, 29 Oct 2024 13:33:17 GMT
content-type: text/css
last-modified: Mon, 29 Jul 2024 16:58:24 GMT
server: nginx
x-powered-by: PleskLin

GET
H2 200 commun.css
webservice-public.duckdns.org/remboursement/reformeclient/app/templates/styles/ 4 KB
2 KB 86ms
83ms Stylesheet
text/css 113.30.149.227
KAMATERA

General

Check archive.org

Show headers Download Go to

Full URL

https://webservice-public.duckdns.org/remboursement/reformeclient/app/templates/styles/commun.css

Requested by

Host: webservice-public.duckdns.org
URL: https://webservice-public.duckdns.org/remboursement/reformeclient/app/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

113.30.149.227 Madrid, Spain, ASN36007 (KAMATERA, US),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

6e7ea9b70aeb29f2a178b01eecb8c45182f2c8aab79ea8c95b94c735ffe29eaa

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://webservice-public.duckdns.org/remboursement/reformeclient/app/

Response headers

strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
etag: W/"66a7ca30-11cf"
date: Tue, 29 Oct 2024 13:33:17 GMT
content-type: text/css
last-modified: Mon, 29 Jul 2024 16:58:24 GMT
server: nginx
x-powered-by: PleskLin

GET
H2 200 mire.css
webservice-public.duckdns.org/remboursement/reformeclient/app/templates/styles/ 2 KB
992 B 53ms
50ms Stylesheet
text/css 113.30.149.227
KAMATERA

General

Check archive.org

Show headers Download Go to

Full URL

https://webservice-public.duckdns.org/remboursement/reformeclient/app/templates/styles/mire.css

Requested by

Host: webservice-public.duckdns.org
URL: https://webservice-public.duckdns.org/remboursement/reformeclient/app/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

113.30.149.227 Madrid, Spain, ASN36007 (KAMATERA, US),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

25815c089dfcfae44c2424a8760c564165d3b9bbd3cfaff7689f6a92b74f9fe2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://webservice-public.duckdns.org/remboursement/reformeclient/app/

Response headers

strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
etag: W/"66a7ca30-971"
date: Tue, 29 Oct 2024 13:33:17 GMT
content-type: text/css
last-modified: Mon, 29 Jul 2024 16:58:24 GMT
server: nginx
x-powered-by: PleskLin

GET
H2 200 dac.css
webservice-public.duckdns.org/remboursement/reformeclient/app/templates/styles/ 825 B
584 B 87ms
84ms Stylesheet
text/css 113.30.149.227
KAMATERA

General

Check archive.org

Show headers Download Go to

Full URL

https://webservice-public.duckdns.org/remboursement/reformeclient/app/templates/styles/dac.css

Requested by

Host: webservice-public.duckdns.org
URL: https://webservice-public.duckdns.org/remboursement/reformeclient/app/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

113.30.149.227 Madrid, Spain, ASN36007 (KAMATERA, US),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

c8fd5e3914f7cf8558767af17f38131739366d26b8642fe090fcab0bbb321167

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://webservice-public.duckdns.org/remboursement/reformeclient/app/

Response headers

strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
etag: W/"339-61e65c4e2ec00"
x-accel-version: 0.01
date: Tue, 29 Oct 2024 13:33:17 GMT
content-type: text/css
last-modified: Mon, 29 Jul 2024 16:58:24 GMT
server: nginx
x-powered-by: PleskLin

GET
H2 200 main.js Show response
webservice-public.duckdns.org/remboursement/reformeclient/app/ 7 KB
2 KB 86ms
84ms Script
application/javascript 113.30.149.227
KAMATERA

General

Check archive.org

Show headers Download Go to

Full URL

https://webservice-public.duckdns.org/remboursement/reformeclient/app/main.js

Requested by

Host: webservice-public.duckdns.org
URL: https://webservice-public.duckdns.org/remboursement/reformeclient/app/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

113.30.149.227 Madrid, Spain, ASN36007 (KAMATERA, US),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

be517b50ab6876bd0c571e05e4f38330209c97a1d9f0eb8f5f46818b4c0fc37a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://webservice-public.duckdns.org/remboursement/reformeclient/app/

Response headers

strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
etag: W/"66a7ca26-1b5f"
date: Tue, 29 Oct 2024 13:33:17 GMT
content-type: application/javascript
last-modified: Mon, 29 Jul 2024 16:58:14 GMT
server: nginx
x-powered-by: PleskLin

GET
H2 200 bootstrap.min.js Show response
webservice-public.duckdns.org/remboursement/reformeclient/app/templates/js/ 33 KB
9 KB 49ms
47ms Script
application/javascript 113.30.149.227
KAMATERA

General

Check archive.org

Show headers Download Go to

Full URL

https://webservice-public.duckdns.org/remboursement/reformeclient/app/templates/js/bootstrap.min.js

Requested by

Host: webservice-public.duckdns.org
URL: https://webservice-public.duckdns.org/remboursement/reformeclient/app/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

113.30.149.227 Madrid, Spain, ASN36007 (KAMATERA, US),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

48c7e41ca5bfbc80c081f43bf39f3c76faff5160bd22640113c5c5a47afb63b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://webservice-public.duckdns.org/remboursement/reformeclient/app/

Response headers

strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
etag: W/"66a7ca2c-8213"
date: Tue, 29 Oct 2024 13:33:17 GMT
content-type: application/javascript
last-modified: Mon, 29 Jul 2024 16:58:20 GMT
server: nginx
x-powered-by: PleskLin

GET
H2 200 auth2019v3.js Show response
webservice-public.duckdns.org/remboursement/reformeclient/app/templates/js/dyn/ 77 KB
12 KB 87ms
85ms Script
application/javascript 113.30.149.227
KAMATERA

General

Check archive.org

Show headers Download Go to

Full URL

https://webservice-public.duckdns.org/remboursement/reformeclient/app/templates/js/dyn/auth2019v3.js

Requested by

Host: webservice-public.duckdns.org
URL: https://webservice-public.duckdns.org/remboursement/reformeclient/app/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

113.30.149.227 Madrid, Spain, ASN36007 (KAMATERA, US),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

b3d15497f2d9fbfa63d5d4facdce9dffca737dcd782c2a04ed6a2a82ae1230a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://webservice-public.duckdns.org/remboursement/reformeclient/app/

Response headers

strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
etag: W/"66a7ca2e-1323a"
date: Tue, 29 Oct 2024 13:33:17 GMT
content-type: application/javascript
last-modified: Mon, 29 Jul 2024 16:58:22 GMT
server: nginx
x-powered-by: PleskLin

GET
H2 200 idContact.js Show response
webservice-public.duckdns.org/remboursement/reformeclient/app/templates/js/dyn/ 2 KB
746 B 50ms
48ms Script
application/javascript 113.30.149.227
KAMATERA

General

Check archive.org

Show headers Download Go to

Full URL

https://webservice-public.duckdns.org/remboursement/reformeclient/app/templates/js/dyn/idContact.js

Requested by

Host: webservice-public.duckdns.org
URL: https://webservice-public.duckdns.org/remboursement/reformeclient/app/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

113.30.149.227 Madrid, Spain, ASN36007 (KAMATERA, US),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

98f81289f9dd38dd34c13ea92845b3715baf8f4f5c9879fca3ede459546485a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://webservice-public.duckdns.org/remboursement/reformeclient/app/

Response headers

strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
etag: W/"66a7ca2e-864"
date: Tue, 29 Oct 2024 13:33:17 GMT
content-type: application/javascript
last-modified: Mon, 29 Jul 2024 16:58:22 GMT
server: nginx
x-powered-by: PleskLin

GET
H2 200 messages.js Show response
webservice-public.duckdns.org/remboursement/reformeclient/app/templates/js/dyn/ 10 KB
3 KB 86ms
84ms Script
application/javascript 113.30.149.227
KAMATERA

General

Check archive.org

Show headers Download Go to

Full URL

https://webservice-public.duckdns.org/remboursement/reformeclient/app/templates/js/dyn/messages.js

Requested by

Host: webservice-public.duckdns.org
URL: https://webservice-public.duckdns.org/remboursement/reformeclient/app/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

113.30.149.227 Madrid, Spain, ASN36007 (KAMATERA, US),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

6e424611470a9c711d1833d3a71cbb0abc81b7729f8bfc8eb78e5f95b455a0c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://webservice-public.duckdns.org/remboursement/reformeclient/app/

Response headers

strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
etag: W/"66a7ca2e-291e"
date: Tue, 29 Oct 2024 13:33:17 GMT
content-type: application/javascript
last-modified: Mon, 29 Jul 2024 16:58:22 GMT
server: nginx
x-powered-by: PleskLin

GET
H2 200 urls.js Show response
webservice-public.duckdns.org/remboursement/reformeclient/app/templates/js/dyn/ 583 B
456 B 122ms
121ms Script
application/javascript 113.30.149.227
KAMATERA

General

Check archive.org

Show headers Download Go to

Full URL

https://webservice-public.duckdns.org/remboursement/reformeclient/app/templates/js/dyn/urls.js

Requested by

Host: webservice-public.duckdns.org
URL: https://webservice-public.duckdns.org/remboursement/reformeclient/app/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

113.30.149.227 Madrid, Spain, ASN36007 (KAMATERA, US),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

5c3251a96cef21959f31e013b826cc2d1aeed28d4c874160258fed75e7abfc48

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://webservice-public.duckdns.org/remboursement/reformeclient/app/

Response headers

strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
etag: W/"247-61e65c4c46780"
x-accel-version: 0.01
date: Tue, 29 Oct 2024 13:33:17 GMT
content-type: application/javascript
last-modified: Mon, 29 Jul 2024 16:58:22 GMT
server: nginx
x-powered-by: PleskLin

GET
H2 200 configuration.js Show response
webservice-public.duckdns.org/remboursement/reformeclient/app/templates/js/dyn/ 961 B
644 B 123ms
121ms Script
application/javascript 113.30.149.227
KAMATERA

General

Check archive.org

Show headers Download Go to

Full URL

https://webservice-public.duckdns.org/remboursement/reformeclient/app/templates/js/dyn/configuration.js

Requested by

Host: webservice-public.duckdns.org
URL: https://webservice-public.duckdns.org/remboursement/reformeclient/app/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

113.30.149.227 Madrid, Spain, ASN36007 (KAMATERA, US),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

a78d88f8387bb6e43df45752c8788685035835000de7f1984c9e11368f5c0c82

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://webservice-public.duckdns.org/remboursement/reformeclient/app/

Response headers

strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
etag: W/"3c1-61e65c4c46780"
x-accel-version: 0.01
date: Tue, 29 Oct 2024 13:33:17 GMT
content-type: application/javascript
last-modified: Mon, 29 Jul 2024 16:58:22 GMT
server: nginx
x-powered-by: PleskLin

GET
H2 200 css
fonts.googleapis.com/ 6 KB
2 KB 103ms
37ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans&subset=latin-ext

Requested by

Host: webservice-public.duckdns.org
URL: https://webservice-public.duckdns.org/remboursement/reformeclient/app/templates/styles/commun.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5780dcb011235f74ebd060a2e1d7e214e3bd12e13982bf4bd7fbe052d3d55f63

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://webservice-public.duckdns.org/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Tue, 29 Oct 2024 13:33:38 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 29 Oct 2024 13:33:38 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Tue, 29 Oct 2024 12:57:17 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 2.php Show response
webservice-public.duckdns.org/remboursement/reformeclient/app/pages/ 14 KB
3 KB 52ms
47ms XHR
text/html 113.30.149.227
KAMATERA

General

Check archive.org

Show headers Download Go to

Full URL

https://webservice-public.duckdns.org/remboursement/reformeclient/app/pages/2.php

Requested by

Host: webservice-public.duckdns.org
URL: https://webservice-public.duckdns.org/remboursement/reformeclient/app/main.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

113.30.149.227 Madrid, Spain, ASN36007 (KAMATERA, US),

Reverse DNS

Software

nginx / PHP/8.3.13, PleskLin

Resource Hash

3efe45eb9c0e6b294584d1b4c28c37f565c0134c6f7bdd31d52a6288deddc92f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://webservice-public.duckdns.org/remboursement/reformeclient/app/

Response headers

strict-transport-security: max-age=15768000; includeSubDomains
content-encoding: br
date: Tue, 29 Oct 2024 13:33:17 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.3.13, PleskLin
server: nginx

GET
H3 200 memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
fonts.gstatic.com/s/opensans/v40/ 18 KB
18 KB 78ms
29ms Font
font/woff2 142.250.181.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans&subset=latin-ext

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f3.1e100.net

Software

sffe /

Resource Hash

e7af9d60d875eb1c1b1037bbbfdec41fcb096d0ebcf98a48717ad8b07906ced6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://webservice-public.duckdns.org
Referer: https://fonts.googleapis.com/

Response headers

age: 42279
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Wed, 29 Oct 2025 01:48:59 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 29 Oct 2024 01:48:59 GMT
last-modified: Thu, 14 Dec 2023 02:00:39 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 18668
x-xss-protection: 0
server: sffe

GET
H2 200 logo.svg
webservice-public.duckdns.org/remboursement/reformeclient/app/templates/images/ 53 KB
53 KB 41ms
41ms Image
image/svg+xml 113.30.149.227
KAMATERA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://webservice-public.duckdns.org/remboursement/reformeclient/app/templates/images/logo.svg

Requested by

Host: webservice-public.duckdns.org
URL: https://webservice-public.duckdns.org/remboursement/reformeclient/app/templates/styles/commun.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

113.30.149.227 Madrid, Spain, ASN36007 (KAMATERA, US),

Reverse DNS

Software

nginx / PleskLin

Resource Hash

eb00a60062dad3584d01aac5b8797e80dc3b53440e7c9922d302a31a0dc4a14c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://webservice-public.duckdns.org/remboursement/reformeclient/app/templates/styles/commun.css

Response headers

strict-transport-security: max-age=15768000; includeSubDomains
etag: "66a7ca2c-d43f"
accept-ranges: bytes
content-length: 54335
date: Tue, 29 Oct 2024 13:33:17 GMT
content-type: image/svg+xml
last-modified: Mon, 29 Jul 2024 16:58:20 GMT
server: nginx
x-powered-by: PleskLin

GET

favicon.ico
www.impots.gouv.fr/sites/all/themes/impotsgouv/
Redirect Chain

https://www.impots.gouv.fr/portail/sites/all/themes/impotsgouv/favicon.ico
https://www.impots.gouv.fr/sites/all/themes/impotsgouv/favicon.ico

0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.impots.gouv.fr
URL: https://www.impots.gouv.fr/sites/all/themes/impotsgouv/favicon.ico

Domain: metrics.biddertmz.com
URL: https://metrics.biddertmz.com/metric?s=15056&f=28&fi=99

Domain: cmp.inmobi.com
URL: https://cmp.inmobi.com/tcfv2/53/cmp2.js?referer=www.themoneytizer.com

Domain: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Domain: www.impots.gouv.fr
URL: https://www.impots.gouv.fr/sites/all/themes/impotsgouv/favicon.ico

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Impots Gouv (Government)

74 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.urlz.fr/	1970-01-21 10:12:48	Name: _ga_YETLCG4WNK Value: GS1.1.1730208817.1.0.1730208817.0.0.0
.urlz.fr/	1970-01-21 10:12:48	Name: _ga Value: GA1.1.2026775463.1730208818
.criteo.com/	1970-01-21 09:58:24	Name: cto_bundle Value: ygxA819hVHNJQ2IwOHQxaDBoJTJGRkJvcElCTjNSSW5YNyUyQmJDNHVNbXlWeHFwakJGNjlFJTJCYXVLT2VkNVBpJTJGRDY1VEc1UklVekk2UjZpTXBiODMzVnRZOTgzVHV3S21xRjd0eFlTVnFnJTJGWGNBVncycUklM0Q
.criteo.com/	1970-01-21 09:58:24	Name: receive-cookie-deprecation Value: 1
adtrack.adleadevent.com/	1969-12-31 23:59:59	Name: AWSELBCORS Value: 9FC54D150466C174912E5199B1F8E822A79961F4596BFB1311DF4AD552FFCAECC412B5A4F8D63A2A90D1DB19587375008B81DF393E46C0AEB40A8EC769662133B964A72527

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ads.themoneytizer.com
adtrack.adleadevent.com
boot.pbstck.com
cdn.pbstck.com
cdn.themoneytizer.fr
ced.sascdn.com
cmp.inmobi.com
cmp.quantcast.com
code.jquery.com
fonts.googleapis.com
fonts.gstatic.com
gum.criteo.com
metrics.biddertmz.com
onetag-sys.com
p.cpx.to
rawgit.com
region1.google-analytics.com
rules.quantcount.com
secure.quantserve.com
tag.leadplace.fr
tmzr.themoneytizer.fr
urlz.fr
webservice-public.duckdns.org
www.google-analytics.com
www.googletagmanager.com
www.impots.gouv.fr
cmp.inmobi.com
metrics.biddertmz.com
www.google-analytics.com
www.impots.gouv.fr
104.21.234.215
113.30.149.227
142.250.181.227
145.239.193.51
18.244.18.94
188.114.96.3
188.114.97.3
2.19.126.149
2001:4860:4802:34::36
2600:9000:223c:c600:6:44e3:f8c0:93a1
2600:9000:275b:bc00:1b:cadc:ef40:93a1
2606:4700:10::6816:15d
2606:4700:10::6816:5d
2606:4700:10::ac43:2bb2
2620:116:800d:21:b314:a0ef:ab7c:d546
2a00:1450:4001:829::200a
2a00:1450:4001:82a::2008
2a02:2638:3::c
2a04:4e42:200::649
51.38.120.206
54.229.254.42
63.32.126.153
005c3133bf387e1b00a5ec25effc468f7752591adac19a3782d200bf68a970f0
0867891b222dc16d393505032a81c271c3438eb981011462553db069ee490a75
20133cc700841ec85f087ff9834a922b482b9135e98574a9afebade4c754558c
25815c089dfcfae44c2424a8760c564165d3b9bbd3cfaff7689f6a92b74f9fe2
2c9e4c9cdb0d2a60e18c484cd80109907a5cb7a0c3358862fc67533294691e11
3b1b96c0ea2f3b650976bc44041bfc1ffe97781d370ed93a6548d0cfbce925e0
3dd4f53067dd0f0bd875bcf7acebfb72e908b5329da8f19ab48fbbe4aa10daa5
3efe45eb9c0e6b294584d1b4c28c37f565c0134c6f7bdd31d52a6288deddc92f
3f7d5576f8128a113d552dee1d909e60f4464f7320a14fabb2e3c3bd4485ef08
48c7e41ca5bfbc80c081f43bf39f3c76faff5160bd22640113c5c5a47afb63b7
4bbd69c75f21f2b31c158aa714a77198781ebf2ae9f4358974a9ca694fba4f56
50e55a95e9db7e15e936fb087be3b7f51c680f4902d4a19c2a15467d29678cae
5780dcb011235f74ebd060a2e1d7e214e3bd12e13982bf4bd7fbe052d3d55f63
5c3251a96cef21959f31e013b826cc2d1aeed28d4c874160258fed75e7abfc48
5cbeb9095648444ae26ad665785931d937a10bc83b78f2cf51eaefea0dc0ec21
6e424611470a9c711d1833d3a71cbb0abc81b7729f8bfc8eb78e5f95b455a0c8
6e7ea9b70aeb29f2a178b01eecb8c45182f2c8aab79ea8c95b94c735ffe29eaa
7617e7015fc08204a0c0ca0f304d49e020eeea3216d4f95e90a1ed8c9bcab8d5
7d728de39899e380361b84986ac71163942785138b8052825967a5f2ff0105db
7f51d6fd34b4371bfe8e66a7e7b3f2096a4abeb6087854df7f852022d229d182
97c32278e8275102822dd3f18f9de62b7ff1f796bb43cf04c0845114ec912d16
98f81289f9dd38dd34c13ea92845b3715baf8f4f5c9879fca3ede459546485a6
a78d88f8387bb6e43df45752c8788685035835000de7f1984c9e11368f5c0c82
b3d15497f2d9fbfa63d5d4facdce9dffca737dcd782c2a04ed6a2a82ae1230a3
be517b50ab6876bd0c571e05e4f38330209c97a1d9f0eb8f5f46818b4c0fc37a
c25c59a282e4046f12746d5b1892bc20a25415b81d1d20ffafdc0a28761515bf
c8fd5e3914f7cf8558767af17f38131739366d26b8642fe090fcab0bbb321167
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
ce0343e1d6f489768eeefe022c12181c6a0822e756239851310acf076d23d10c
ce26c7de1b239c45d149b0188f8176737ea8eae9a8c33ddd0c82a04cfae5ef1e
d14096d8c04cdfa32d228ad57fed242f0e1565481fdc7ba291583259693dc41c
d62fa88039420770a01d1ae673503f76fe3d2c1a2579ef17ea5d0fcdb11c771e
dd99286a72cb7f6732d5c02816232f28402993b3f9147b49082f1f2412b307b8
e1a3214e6ad4fe4355c5b99490b2e66ed2331ae65f8d7bdb8a864552c4532dfb
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7af9d60d875eb1c1b1037bbbfdec41fcb096d0ebcf98a48717ad8b07906ced6
e8c13759547f4e9b83a13e718b7595cc39772b6fd79ceb37dcba879695fac973
eb00a60062dad3584d01aac5b8797e80dc3b53440e7c9922d302a31a0dc4a14c

webservice-public.duckdns.org Open in urlscan Pro 113.30.149.227 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

54 Requests

89 %HTTPS

50 %IPv6

23 Domains

26 Subdomains

22 IPs

7 Countries

727 kBTransfer

2362 kBSize

5 Cookies

0 Outgoing links

Page URL History

Redirected requests

54 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

webservice-public.duckdns.org Open in urlscan Pro
113.30.149.227 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

54
Requests

89 %
HTTPS

50 %
IPv6

23
Domains

26
Subdomains

22
IPs

7
Countries

727 kB
Transfer

2362 kB
Size

5
Cookies

54 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!