ntx0r.duqaryc.cfd Open in urlscan Pro
195.62.46.148 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://ntx0r.duqaryc.cfd/
Effective URL:
https://ntx0r.duqaryc.cfd/a/pay.php/?t=enter&o=5654062&h=3583d28a35258f6692a8b897829b304ea1cf3595
Submission: On August 14 via manual (August 14th 2024, 11:52:23 am UTC) from RU — Scanned from US

Summary HTTP 23 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 23 HTTP transactions. The main IP is 195.62.46.148, located in Germany and belongs to SKYLINK, NL. The main domain is ntx0r.duqaryc.cfd.
TLS certificate: Issued by E6 on August 13th 2024. Valid for: 3 months.

This is the only time ntx0r.duqaryc.cfd was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 15	195.62.46.148 195.62.46.148	44592 (SKYLINK) (SKYLINK)
1	2607:f8b0:400... 2607:f8b0:4006:809::200a	15169 (GOOGLE) (GOOGLE)
2	2a03:9d40:801... 2a03:9d40:801:ff00::1	41095 (IPTP) (IPTP)
6	2607:f8b0:400... 2607:f8b0:4006:81d::2003	15169 (GOOGLE) (GOOGLE)
1	198.244.165.101 198.244.165.101	16276 (OVH) (OVH)
23	5

15 195.62.46.148 (Germany) 2 redirects

ASN44592 (SKYLINK, NL)

ntx0r.duqaryc.cfd	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:809::200a (United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:9d40:801:ff00::1 (Ashburn, United States)

ASN41095 (IPTP, GB)

code.jivosite.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2607:f8b0:4006:81d::2003 (United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.244.165.101 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: ns3199009.ip-198-244-165.eu

telemetry.jivosite.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	duqaryc.cfd 2 redirects ntx0r.duqaryc.cfd	34 KB
6	gstatic.com fonts.gstatic.com	84 KB
3	jivosite.com code.jivosite.com — Cisco Umbrella Rank: 42186 telemetry.jivosite.com — Cisco Umbrella Rank: 56613	6 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 110	1 KB
23	4

	Domain	Requested by
15	ntx0r.duqaryc.cfd	2 redirects ntx0r.duqaryc.cfd
6	fonts.gstatic.com	fonts.googleapis.com
2	code.jivosite.com	ntx0r.duqaryc.cfd code.jivosite.com
1	telemetry.jivosite.com	code.jivosite.com
1	fonts.googleapis.com	ntx0r.duqaryc.cfd
23	5

This site contains no links.

Subject Issuer	Validity	Valid
duqaryc.cfd E6	`2024-08-13` - `2024-11-11`	3 months	crt.sh
upload.video.google.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
*.jivosite.com Go Daddy Secure Certificate Authority - G2	`2024-04-05` - `2025-05-07`	a year	crt.sh
*.gstatic.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://ntx0r.duqaryc.cfd/a/pay.php/?t=enter&o=5654062&h=3583d28a35258f6692a8b897829b304ea1cf3595
Frame ID: 31E8CF28EC6D1121CA2BFF0779C83A4D
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Страница оплаты

Page URL History Show full URLs

https://ntx0r.duqaryc.cfd/ HTTP 302
https://ntx0r.duqaryc.cfd/a/pay.php/?t=create&p=130&h=b8095176dcfd2ae3c2f2db25e31b8acbad9fb549&cprice=... HTTP 302
https://ntx0r.duqaryc.cfd/a/pay.php/?t=enter&o=5654062&h=3583d28a35258f6692a8b897829b304ea1cf3595 Page URL

Detected technologies

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

23
Requests

100 %
HTTPS

60 %
IPv6

4
Domains

5
Subdomains

5
IPs

3
Countries

125 kB
Transfer

200 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://ntx0r.duqaryc.cfd/ HTTP 302
https://ntx0r.duqaryc.cfd/a/pay.php/?t=create&p=130&h=b8095176dcfd2ae3c2f2db25e31b8acbad9fb549&cprice=1000 HTTP 302
https://ntx0r.duqaryc.cfd/a/pay.php/?t=enter&o=5654062&h=3583d28a35258f6692a8b897829b304ea1cf3595 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

23 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
ntx0r.duqaryc.cfd/a/pay.php/
Redirect Chain

https://ntx0r.duqaryc.cfd/
https://ntx0r.duqaryc.cfd/a/pay.php/?t=create&p=130&h=b8095176dcfd2ae3c2f2db25e31b8acbad9fb549&cprice=1000
https://ntx0r.duqaryc.cfd/a/pay.php/?t=enter&o=5654062&h=3583d28a35258f6692a8b897829b304ea1cf3595

10 KB
3 KB

182ms
182ms

Document
text/html

195.62.46.148
SKYLINK

General

Check archive.org

Show headers Download Go to

Full URL: https://ntx0r.duqaryc.cfd/a/pay.php/?t=enter&o=5654062&h=3583d28a35258f6692a8b897829b304ea1cf3595
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 195.62.46.148 , Germany, ASN44592 (SKYLINK, NL),
Reverse DNS
Software: nginx/1.22.1 / PHP/7.1.33
Resource Hash: bd310de4c97d59f50aebb451e2ebc5e9728d926cd7f7a9f752221a5eb9dd4c17

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Headers: X-Requested-With
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Wed, 14 Aug 2024 11:52:18 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Server: nginx/1.22.1
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Powered-By: PHP/7.1.33

Redirect headers

Access-Control-Allow-Headers: X-Requested-With
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Wed, 14 Aug 2024 11:52:18 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: https://ntx0r.duqaryc.cfd/a/pay.php/?t=enter&o=5654062&h=3583d28a35258f6692a8b897829b304ea1cf3595
Pragma: no-cache
Server: nginx/1.22.1
X-Powered-By: PHP/7.1.33

GET
H2 200 css2
fonts.googleapis.com/ 7 KB
1 KB 221ms
87ms Stylesheet
text/css 2607:f8b0:4006:809::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;500;700&display=swap

Requested by

Host: ntx0r.duqaryc.cfd
URL: https://ntx0r.duqaryc.cfd/a/pay.php/?t=enter&o=5654062&h=3583d28a35258f6692a8b897829b304ea1cf3595

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:809::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

dd4346a722f73229419ca5e2a2902f05f182a432adb7eea2fad34ce01b8e4ba7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://ntx0r.duqaryc.cfd/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 14 Aug 2024 11:52:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 14 Aug 2024 10:28:25 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 14 Aug 2024 11:52:18 GMT

GET
H/1.1 200
OK style.min.css
ntx0r.duqaryc.cfd/formpay/Banks/v/Gosuslugi/css/ 7 KB
2 KB 156ms
155ms Stylesheet
text/css 195.62.46.148
SKYLINK

General

Check archive.org

Show headers Download Go to

Full URL: https://ntx0r.duqaryc.cfd/formpay/Banks/v/Gosuslugi/css/style.min.css?_v=20230211150506
Requested by: Host: ntx0r.duqaryc.cfd
URL: https://ntx0r.duqaryc.cfd/a/pay.php/?t=enter&o=5654062&h=3583d28a35258f6692a8b897829b304ea1cf3595
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 195.62.46.148 , Germany, ASN44592 (SKYLINK, NL),
Reverse DNS
Software: nginx/1.22.1 /
Resource Hash: 78dbd065ca584904697c71ec4f7acf65925ed16aa78de504ae5fbf5b8df26d36

Request headers

Referer: https://ntx0r.duqaryc.cfd/a/pay.php/?t=enter&o=5654062&h=3583d28a35258f6692a8b897829b304ea1cf3595
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Wed, 14 Aug 2024 11:52:18 GMT
Content-Encoding: gzip
Last-Modified: Sat, 11 May 2024 15:04:17 GMT
Server: nginx/1.22.1
ETag: W/"1d83-6182ef752a962"
Transfer-Encoding: chunked
Vary: Accept-Encoding, Accept-Encoding
Content-Type: text/css
Access-Control-Allow-Origin: *
Connection: keep-alive

GET
H/1.1 200
OK logo.svg
ntx0r.duqaryc.cfd/formpay/Banks/v/Gosuslugi/img/ 2 KB
1 KB 308ms
151ms Image
image/svg+xml 195.62.46.148
SKYLINK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ntx0r.duqaryc.cfd/formpay/Banks/v/Gosuslugi/img/logo.svg
Requested by: Host: ntx0r.duqaryc.cfd
URL: https://ntx0r.duqaryc.cfd/a/pay.php/?t=enter&o=5654062&h=3583d28a35258f6692a8b897829b304ea1cf3595
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 195.62.46.148 , Germany, ASN44592 (SKYLINK, NL),
Reverse DNS
Software: nginx/1.22.1 /
Resource Hash: 042e57c90432b9ab0cac0c85f7af3825427ca280717f60bc28edeac2c44b0888

Request headers

Referer: https://ntx0r.duqaryc.cfd/a/pay.php/?t=enter&o=5654062&h=3583d28a35258f6692a8b897829b304ea1cf3595
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Wed, 14 Aug 2024 11:52:18 GMT
Content-Encoding: gzip
Last-Modified: Sat, 11 May 2024 15:03:48 GMT
Server: nginx/1.22.1
ETag: W/"7b8-6182ef5a2c29a"
Transfer-Encoding: chunked
Vary: Accept-Encoding, Accept-Encoding
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Connection: keep-alive

GET
H/1.1 200
OK mastercard.svg
ntx0r.duqaryc.cfd/formpay/Banks/v/Gosuslugi/img/ 1 KB
878 B 596ms
152ms Image
image/svg+xml 195.62.46.148
SKYLINK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ntx0r.duqaryc.cfd/formpay/Banks/v/Gosuslugi/img/mastercard.svg
Requested by: Host: ntx0r.duqaryc.cfd
URL: https://ntx0r.duqaryc.cfd/a/pay.php/?t=enter&o=5654062&h=3583d28a35258f6692a8b897829b304ea1cf3595
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 195.62.46.148 , Germany, ASN44592 (SKYLINK, NL),
Reverse DNS
Software: nginx/1.22.1 /
Resource Hash: 97d96ec3cab2e54f84d213dc261e9ff6c28c5e09dc61890fc864a3f53233542e

Request headers

Referer: https://ntx0r.duqaryc.cfd/a/pay.php/?t=enter&o=5654062&h=3583d28a35258f6692a8b897829b304ea1cf3595
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Wed, 14 Aug 2024 11:52:19 GMT
Content-Encoding: gzip
Last-Modified: Sat, 11 May 2024 15:03:57 GMT
Server: nginx/1.22.1
ETag: W/"58b-6182ef626e6d7"
Transfer-Encoding: chunked
Vary: Accept-Encoding, Accept-Encoding
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Connection: keep-alive

GET
H/1.1 200
OK visa.svg
ntx0r.duqaryc.cfd/formpay/Banks/v/Gosuslugi/img/ 1 KB
1 KB 387ms
150ms Image
image/svg+xml 195.62.46.148
SKYLINK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ntx0r.duqaryc.cfd/formpay/Banks/v/Gosuslugi/img/visa.svg
Requested by: Host: ntx0r.duqaryc.cfd
URL: https://ntx0r.duqaryc.cfd/a/pay.php/?t=enter&o=5654062&h=3583d28a35258f6692a8b897829b304ea1cf3595
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 195.62.46.148 , Germany, ASN44592 (SKYLINK, NL),
Reverse DNS
Software: nginx/1.22.1 /
Resource Hash: 30cb7c53abb0bea9b51a7d2589af4bea4bdd66cce47f3f24ca716f408341f19e

Request headers

Referer: https://ntx0r.duqaryc.cfd/a/pay.php/?t=enter&o=5654062&h=3583d28a35258f6692a8b897829b304ea1cf3595
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Wed, 14 Aug 2024 11:52:19 GMT
Content-Encoding: gzip
Last-Modified: Sat, 11 May 2024 15:03:55 GMT
Server: nginx/1.22.1
ETag: W/"5d5-6182ef60076f7"
Transfer-Encoding: chunked
Vary: Accept-Encoding, Accept-Encoding
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Connection: keep-alive

GET
H/1.1 200
OK mir.svg
ntx0r.duqaryc.cfd/formpay/Banks/v/Gosuslugi/img/ 1 KB
1 KB 439ms
151ms Image
image/svg+xml 195.62.46.148
SKYLINK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ntx0r.duqaryc.cfd/formpay/Banks/v/Gosuslugi/img/mir.svg
Requested by: Host: ntx0r.duqaryc.cfd
URL: https://ntx0r.duqaryc.cfd/a/pay.php/?t=enter&o=5654062&h=3583d28a35258f6692a8b897829b304ea1cf3595
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 195.62.46.148 , Germany, ASN44592 (SKYLINK, NL),
Reverse DNS
Software: nginx/1.22.1 /
Resource Hash: 4f2c19dad8304bd2820c67edc3376aa9ea04dd5cc92577e6df6ede32e58f43c7

Request headers

Referer: https://ntx0r.duqaryc.cfd/a/pay.php/?t=enter&o=5654062&h=3583d28a35258f6692a8b897829b304ea1cf3595
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Wed, 14 Aug 2024 11:52:19 GMT
Content-Encoding: gzip
Last-Modified: Sat, 11 May 2024 15:03:51 GMT
Server: nginx/1.22.1
ETag: W/"5d1-6182ef5cdb6bb"
Transfer-Encoding: chunked
Vary: Accept-Encoding, Accept-Encoding
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Connection: keep-alive

GET
H/1.1 200
OK mir.png
ntx0r.duqaryc.cfd/formpay/Banks/v/Gosuslugi/img/ 547 B
822 B 441ms
152ms Image
image/png 195.62.46.148
SKYLINK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ntx0r.duqaryc.cfd/formpay/Banks/v/Gosuslugi/img/mir.png
Requested by: Host: ntx0r.duqaryc.cfd
URL: https://ntx0r.duqaryc.cfd/a/pay.php/?t=enter&o=5654062&h=3583d28a35258f6692a8b897829b304ea1cf3595
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 195.62.46.148 , Germany, ASN44592 (SKYLINK, NL),
Reverse DNS
Software: nginx/1.22.1 /
Resource Hash: a6a425adf47dfaaddc18a7559fab36452c0ef166408b5f9c970759fe7fef4a7c

Request headers

Referer: https://ntx0r.duqaryc.cfd/a/pay.php/?t=enter&o=5654062&h=3583d28a35258f6692a8b897829b304ea1cf3595
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Wed, 14 Aug 2024 11:52:19 GMT
Last-Modified: Sat, 11 May 2024 15:03:58 GMT
Server: nginx/1.22.1
ETag: "223-6182ef62e1a99"
Content-Type: image/png
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 547

GET
H/1.1 200
OK mastercard.png
ntx0r.duqaryc.cfd/formpay/Banks/v/Gosuslugi/img/ 535 B
810 B 356ms
151ms Image
image/png 195.62.46.148
SKYLINK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ntx0r.duqaryc.cfd/formpay/Banks/v/Gosuslugi/img/mastercard.png
Requested by: Host: ntx0r.duqaryc.cfd
URL: https://ntx0r.duqaryc.cfd/a/pay.php/?t=enter&o=5654062&h=3583d28a35258f6692a8b897829b304ea1cf3595
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 195.62.46.148 , Germany, ASN44592 (SKYLINK, NL),
Reverse DNS
Software: nginx/1.22.1 /
Resource Hash: 4b8c5cc2edf2460c0229156480610c6067037eadeae47a1dc0e58aa3b497c753

Request headers

Referer: https://ntx0r.duqaryc.cfd/a/pay.php/?t=enter&o=5654062&h=3583d28a35258f6692a8b897829b304ea1cf3595
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Wed, 14 Aug 2024 11:52:19 GMT
Last-Modified: Sat, 11 May 2024 15:03:48 GMT
Server: nginx/1.22.1
ETag: "217-6182ef5990667"
Content-Type: image/png
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 535

GET
H/1.1 200
OK visa.png
ntx0r.duqaryc.cfd/formpay/Banks/v/Gosuslugi/img/ 833 B
1 KB 204ms
149ms Image
image/png 195.62.46.148
SKYLINK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ntx0r.duqaryc.cfd/formpay/Banks/v/Gosuslugi/img/visa.png
Requested by: Host: ntx0r.duqaryc.cfd
URL: https://ntx0r.duqaryc.cfd/a/pay.php/?t=enter&o=5654062&h=3583d28a35258f6692a8b897829b304ea1cf3595
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 195.62.46.148 , Germany, ASN44592 (SKYLINK, NL),
Reverse DNS
Software: nginx/1.22.1 /
Resource Hash: 8829ee18f95a7f6c8b1087df2e0a9dcee0e60e2957e9f3a4cf69f7324b4d00c5

Request headers

Referer: https://ntx0r.duqaryc.cfd/a/pay.php/?t=enter&o=5654062&h=3583d28a35258f6692a8b897829b304ea1cf3595
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Wed, 14 Aug 2024 11:52:18 GMT
Last-Modified: Sat, 11 May 2024 15:04:05 GMT
Server: nginx/1.22.1
ETag: "341-6182ef69f10aa"
Content-Type: image/png
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 833

GET
H/1.1 200
OK amex.png
ntx0r.duqaryc.cfd/formpay/Banks/v/Gosuslugi/img/ 704 B
979 B 211ms
152ms Image
image/png 195.62.46.148
SKYLINK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ntx0r.duqaryc.cfd/formpay/Banks/v/Gosuslugi/img/amex.png
Requested by: Host: ntx0r.duqaryc.cfd
URL: https://ntx0r.duqaryc.cfd/a/pay.php/?t=enter&o=5654062&h=3583d28a35258f6692a8b897829b304ea1cf3595
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 195.62.46.148 , Germany, ASN44592 (SKYLINK, NL),
Reverse DNS
Software: nginx/1.22.1 /
Resource Hash: 0b33c63a8c5e27ff8f69065e4b8d484bfce417a744f371ac77c64962a15e9474

Request headers

Referer: https://ntx0r.duqaryc.cfd/a/pay.php/?t=enter&o=5654062&h=3583d28a35258f6692a8b897829b304ea1cf3595
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Wed, 14 Aug 2024 11:52:18 GMT
Last-Modified: Sat, 11 May 2024 15:04:01 GMT
Server: nginx/1.22.1
ETag: "2c0-6182ef65daa6b"
Content-Type: image/png
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 704

GET
H/1.1 200
OK jcb.png
ntx0r.duqaryc.cfd/formpay/Banks/v/Gosuslugi/img/ 846 B
1 KB 227ms
150ms Image
image/png 195.62.46.148
SKYLINK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ntx0r.duqaryc.cfd/formpay/Banks/v/Gosuslugi/img/jcb.png
Requested by: Host: ntx0r.duqaryc.cfd
URL: https://ntx0r.duqaryc.cfd/a/pay.php/?t=enter&o=5654062&h=3583d28a35258f6692a8b897829b304ea1cf3595
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 195.62.46.148 , Germany, ASN44592 (SKYLINK, NL),
Reverse DNS
Software: nginx/1.22.1 /
Resource Hash: c58eaa1271acf144532c5a807056d6e0fd3aa7bd5081235fdcc421b365492482

Request headers

Referer: https://ntx0r.duqaryc.cfd/a/pay.php/?t=enter&o=5654062&h=3583d28a35258f6692a8b897829b304ea1cf3595
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Wed, 14 Aug 2024 11:52:18 GMT
Last-Modified: Sat, 11 May 2024 15:03:54 GMT
Server: nginx/1.22.1
ETag: "34e-6182ef5fddee6"
Content-Type: image/png
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 846

GET
H/1.1 200
OK app.min.js Show response
ntx0r.duqaryc.cfd/formpay/Banks/js/ 64 KB
17 KB 592ms
303ms Script
application/javascript 195.62.46.148
SKYLINK

General

Check archive.org

Show headers Download Go to

Full URL: https://ntx0r.duqaryc.cfd/formpay/Banks/js/app.min.js?_v=20230211150506
Requested by: Host: ntx0r.duqaryc.cfd
URL: https://ntx0r.duqaryc.cfd/a/pay.php/?t=enter&o=5654062&h=3583d28a35258f6692a8b897829b304ea1cf3595
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 195.62.46.148 , Germany, ASN44592 (SKYLINK, NL),
Reverse DNS
Software: nginx/1.22.1 /
Resource Hash: 58b64132346688871f7fce5fb86826f42782c8ab1f5e32ffe5fa7df18be50a35

Request headers

Referer: https://ntx0r.duqaryc.cfd/a/pay.php/?t=enter&o=5654062&h=3583d28a35258f6692a8b897829b304ea1cf3595
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Wed, 14 Aug 2024 11:52:19 GMT
Content-Encoding: gzip
Last-Modified: Tue, 23 May 2023 13:47:30 GMT
Server: nginx/1.22.1
ETag: W/"1010f-5fc5ca0eacc6a"
Transfer-Encoding: chunked
Vary: Accept-Encoding, Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Connection: keep-alive

GET
H2 200 pzv4ojjrDC Show response
code.jivosite.com/widget/ 17 KB
6 KB 313ms
179ms Script
application/javascript 2a03:9d40:801:ff00::1
IPTP

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jivosite.com/widget/pzv4ojjrDC
Requested by: Host: ntx0r.duqaryc.cfd
URL: https://ntx0r.duqaryc.cfd/a/pay.php/?t=enter&o=5654062&h=3583d28a35258f6692a8b897829b304ea1cf3595
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:9d40:801:ff00::1 Ashburn, United States, ASN41095 (IPTP, GB),
Reverse DNS
Software: nginx /
Resource Hash: a369ffea1ddcb3e5e3530c1fe528653063f4b6e46aec0812d30739197d6dfc02

Request headers

Referer: https://ntx0r.duqaryc.cfd/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 11:52:19 GMT
content-encoding: br
via: 1.1 sharxy
x-geo-shard: sber1
content-length: 6058
x-node: dc5-up-gc28
last-modified: Wed, 07 Aug 2024 15:11:50 GMT
server: nginx
etag: "66b38eb6-17aa"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=7200
cache: MISS
accept-ranges: bytes
expires: Wed, 14 Aug 2024 13:52:19 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v32/ 18 KB
18 KB 218ms
86ms Font
font/woff2 2607:f8b0:4006:81d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ntx0r.duqaryc.cfd
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Thu, 08 Aug 2024 20:52:51 GMT
x-content-type-options: nosniff
age: 485967
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18536
x-xss-protection: 0
last-modified: Thu, 01 Aug 2024 20:41:24 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 08 Aug 2025 20:52:51 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v32/ 18 KB
18 KB 271ms
139ms Font
font/woff2 2607:f8b0:4006:81d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ntx0r.duqaryc.cfd
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Thu, 08 Aug 2024 20:52:51 GMT
x-content-type-options: nosniff
age: 485967
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18596
x-xss-protection: 0
last-modified: Thu, 01 Aug 2024 20:41:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 08 Aug 2025 20:52:51 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v32/ 18 KB
18 KB 295ms
163ms Font
font/woff2 2607:f8b0:4006:81d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ntx0r.duqaryc.cfd
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Thu, 08 Aug 2024 20:57:20 GMT
x-content-type-options: nosniff
age: 485698
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18588
x-xss-protection: 0
last-modified: Thu, 01 Aug 2024 20:41:24 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 08 Aug 2025 20:57:20 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu5mxKOzY.woff2
fonts.gstatic.com/s/roboto/v32/ 10 KB
10 KB 205ms
74ms Font
font/woff2 2607:f8b0:4006:81d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu5mxKOzY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d539033909dd344ae868f1c72bd0fc3d5ee082c9a76882448849481fd8ed857

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ntx0r.duqaryc.cfd
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Thu, 08 Aug 2024 20:57:30 GMT
x-content-type-options: nosniff
age: 485688
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9852
x-xss-protection: 0
last-modified: Thu, 01 Aug 2024 20:41:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 08 Aug 2025 20:57:30 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2
fonts.gstatic.com/s/roboto/v32/ 10 KB
10 KB 318ms
187ms Font
font/woff2 2607:f8b0:4006:81d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9f226239b7cb86705238ec5a036a05bdb8fa187630f9c686db7c52ad53b64482

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ntx0r.duqaryc.cfd
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Thu, 08 Aug 2024 20:58:06 GMT
x-content-type-options: nosniff
age: 485652
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9780
x-xss-protection: 0
last-modified: Thu, 01 Aug 2024 20:41:23 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 08 Aug 2025 20:58:06 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2
fonts.gstatic.com/s/roboto/v32/ 10 KB
10 KB 194ms
63ms Font
font/woff2 2607:f8b0:4006:81d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec999ab71cbb6beb7e10406b0d6910c32b5079b7def5722662d2915cf3a54677

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ntx0r.duqaryc.cfd
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Thu, 08 Aug 2024 20:57:43 GMT
x-content-type-options: nosniff
age: 485675
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9964
x-xss-protection: 0
last-modified: Thu, 01 Aug 2024 20:41:23 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 08 Aug 2025 20:57:43 GMT

GET
H2 200 pzv4ojjrDC Show response
code.jivosite.com/script/widget/config/ 29 B
234 B 176ms
59ms XHR
application/json 2a03:9d40:801:ff00::1
IPTP

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jivosite.com/script/widget/config/pzv4ojjrDC
Requested by: Host: code.jivosite.com
URL: https://code.jivosite.com/widget/pzv4ojjrDC
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:9d40:801:ff00::1 Ashburn, United States, ASN41095 (IPTP, GB),
Reverse DNS
Software: nginx /
Resource Hash: 83a00ef8a5bc290c76d5813193eb405fa0ef2bb6ee3b9ac81cef030aa5de8e21

Request headers

Referer: https://ntx0r.duqaryc.cfd/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 11:52:19 GMT
via: 1.1 sharxy
server: nginx
x-cached-since: 2024-08-14T10:37:55+00:00
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=7200
cache: HIT
accept-ranges: bytes
x-geo-shard: sber1
content-length: 29
x-node: dc5-up-gc28
expires: Wed, 14 Aug 2024 12:37:55 GMT

GET
H/1.1 200
OK favicon.png
ntx0r.duqaryc.cfd/formpay/Banks/v/Gosuslugi/img/ 2 KB
2 KB 153ms
153ms Other
image/png 195.62.46.148
SKYLINK

General

Check archive.org

Show headers Download Go to

Full URL: https://ntx0r.duqaryc.cfd/formpay/Banks/v/Gosuslugi/img/favicon.png
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 195.62.46.148 , Germany, ASN44592 (SKYLINK, NL),
Reverse DNS
Software: nginx/1.22.1 /
Resource Hash: fc9f228a8c19afbbb8dd7a896fedcfa257a6ad2b988b7712a253f06b1a5ab157

Request headers

Referer: https://ntx0r.duqaryc.cfd/a/pay.php/?t=enter&o=5654062&h=3583d28a35258f6692a8b897829b304ea1cf3595
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Wed, 14 Aug 2024 11:52:19 GMT
Last-Modified: Sat, 11 May 2024 15:04:00 GMT
Server: nginx/1.22.1
ETag: "6f3-6182ef65a108b"
Content-Type: image/png
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1779

POST
H/1.1 204
No Content w
telemetry.jivosite.com/ 0
93 B 405ms
131ms Ping
text/plain 198.244.165.101
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://telemetry.jivosite.com/w
Requested by: Host: code.jivosite.com
URL: https://code.jivosite.com/widget/pzv4ojjrDC
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 198.244.165.101 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS: ns3199009.ip-198-244-165.eu
Software: JivoTelemetry/0.9.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ntx0r.duqaryc.cfd/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Wed, 14 Aug 2024 11:52:19 GMT
Server: JivoTelemetry/0.9.4

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			ntx0r.duqaryc.cfd/	1970-01-20 22:57:21	Name: PHPSESSID Value: 59220e11f5c35cb42ec86cfc10b4c2a4

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jivosite.com
fonts.googleapis.com
fonts.gstatic.com
ntx0r.duqaryc.cfd
telemetry.jivosite.com
195.62.46.148
198.244.165.101
2607:f8b0:4006:809::200a
2607:f8b0:4006:81d::2003
2a03:9d40:801:ff00::1
042e57c90432b9ab0cac0c85f7af3825427ca280717f60bc28edeac2c44b0888
0b33c63a8c5e27ff8f69065e4b8d484bfce417a744f371ac77c64962a15e9474
30cb7c53abb0bea9b51a7d2589af4bea4bdd66cce47f3f24ca716f408341f19e
4b8c5cc2edf2460c0229156480610c6067037eadeae47a1dc0e58aa3b497c753
4d539033909dd344ae868f1c72bd0fc3d5ee082c9a76882448849481fd8ed857
4f2c19dad8304bd2820c67edc3376aa9ea04dd5cc92577e6df6ede32e58f43c7
58b64132346688871f7fce5fb86826f42782c8ab1f5e32ffe5fa7df18be50a35
78dbd065ca584904697c71ec4f7acf65925ed16aa78de504ae5fbf5b8df26d36
83a00ef8a5bc290c76d5813193eb405fa0ef2bb6ee3b9ac81cef030aa5de8e21
8829ee18f95a7f6c8b1087df2e0a9dcee0e60e2957e9f3a4cf69f7324b4d00c5
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
97d96ec3cab2e54f84d213dc261e9ff6c28c5e09dc61890fc864a3f53233542e
9f226239b7cb86705238ec5a036a05bdb8fa187630f9c686db7c52ad53b64482
a369ffea1ddcb3e5e3530c1fe528653063f4b6e46aec0812d30739197d6dfc02
a6a425adf47dfaaddc18a7559fab36452c0ef166408b5f9c970759fe7fef4a7c
ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6
bd310de4c97d59f50aebb451e2ebc5e9728d926cd7f7a9f752221a5eb9dd4c17
c58eaa1271acf144532c5a807056d6e0fd3aa7bd5081235fdcc421b365492482
d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb
dd4346a722f73229419ca5e2a2902f05f182a432adb7eea2fad34ce01b8e4ba7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ec999ab71cbb6beb7e10406b0d6910c32b5079b7def5722662d2915cf3a54677
fc9f228a8c19afbbb8dd7a896fedcfa257a6ad2b988b7712a253f06b1a5ab157

ntx0r.duqaryc.cfd Open in urlscan Pro 195.62.46.148 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

23 Requests

100 %HTTPS

60 %IPv6

4 Domains

5 Subdomains

5 IPs

3 Countries

125 kBTransfer

200 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

23 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

1 Cookies

Indicators

ntx0r.duqaryc.cfd Open in urlscan Pro
195.62.46.148 Public Scan

Screenshot
Live screenshot

Full Image

23
Requests

100 %
HTTPS

60 %
IPv6

4
Domains

5
Subdomains

5
IPs

3
Countries

125 kB
Transfer

200 kB
Size

1
Cookies

23 HTTP transactions
0 data transactions