urlscan.io logo urlscan.io
SecurityTrails logo

erseryrfdxcju.online Open in urlscan Pro
173.214.175.131  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://dekalaserbrasil.com.br/hdy
Effective URL: https://erseryrfdxcju.online/captcha.rdr?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2Ns...
Submission: On March 29 via manual from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 1 countries across 5 domains to perform 19 HTTP transactions. The main IP is 173.214.175.131, located in United States and belongs to IS-AS-1, US. The main domain is erseryrfdxcju.online.
TLS certificate: Issued by R3 on March 19th 2024. Valid for: 3 months.
This is the only time erseryrfdxcju.online was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2 192.185.210.237 19871 (NETWORK-S...)
2 9 172.67.146.223 13335 (CLOUDFLAR...)
3 10 173.214.175.131 19318 (IS-AS-1)
19 4
Domain Requested by
9 onlyprivatefileddouc.com 2 redirects dekalaserbrasil.com.br
onlyprivatefileddouc.com
8 erseryrfdxcju.online 3 redirects onlyprivatefileddouc.com
erseryrfdxcju.online
2 dustbursters.com onlyprivatefileddouc.com
2 dekalaserbrasil.com.br 1 redirects
0 login.live.com Failed erseryrfdxcju.online
19 5

This site contains no links.

Subject Issuer Validity Valid
dekalaserbrasil.com.br
R3		 2024-03-01 -
2024-05-30		 3 months crt.sh
onlyprivatefileddouc.com
GTS CA 1P5		 2024-03-25 -
2024-06-23		 3 months crt.sh
dustbursters.com
R3		 2024-03-18 -
2024-06-16		 3 months crt.sh
erseryrfdxcju.online
R3		 2024-03-19 -
2024-06-17		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://erseryrfdxcju.online/captcha.rdr?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MWJlZTM4ODgtMDRiZS02MTk3LTRiMzEtYWIyNGVkZGUzMDQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ3MjgyNjEyMTc4NzM2Mi5lYWI1ZDdjYy02OTBjLTQyNGEtYjMzYy03MDliMGFkNzUwYzgmc3RhdGU9RGN0QkZvQWdDQUJScmRkeFNBUVZQQTVpNjVaZFB4Wl9kcE5UU21jNFFzWklrc0hhaEpSR3BTb3FQT2gtYlBVdDdqQW1PalJxQm92WlFYQXV0QzBkWFhPOFYza19Lejg=&sso_reload=true
Frame ID: 82D2B781C0FE18E91B5309D8D827F022
Requests: 18 HTTP requests in this frame

Frame: https://onlyprivatefileddouc.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/dc6b543c1346/main.js
Frame ID: FAAC3DED13B30495B38ECD8C996821B5
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://dekalaserbrasil.com.br/hdy HTTP 301
    https://dekalaserbrasil.com.br/hdy/ Page URL
  2. https://onlyprivatefileddouc.com/authy Page URL
  3. https://onlyprivatefileddouc.com/authy HTTP 301
    http://onlyprivatefileddouc.com/authy/ HTTP 307
    https://onlyprivatefileddouc.com/authy/ Page URL
  4. https://erseryrfdxcju.online/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2Vyc2VyeX... HTTP 302
    https://erseryrfdxcju.online/ HTTP 301
    https://erseryrfdxcju.online/owa/ HTTP 302
    https://erseryrfdxcju.online/captcha.rdr?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0... Page URL
  5. https://erseryrfdxcju.online/captcha.rdr?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0... Page URL

Page Statistics

19
Requests

74 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

4
IPs

1
Countries

116 kB
Transfer

234 kB
Size

22
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://dekalaserbrasil.com.br/hdy HTTP 301
    https://dekalaserbrasil.com.br/hdy/ Page URL
  2. https://onlyprivatefileddouc.com/authy Page URL
  3. https://onlyprivatefileddouc.com/authy HTTP 301
    http://onlyprivatefileddouc.com/authy/ HTTP 307
    https://onlyprivatefileddouc.com/authy/ Page URL
  4. https://erseryrfdxcju.online/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2Vyc2VyeXJmZHhjanUub25saW5lIiwiZG9tYWluIjoiZXJzZXJ5cmZkeGNqdS5vbmxpbmUiLCJrZXkiOiJVdnVWd3VBSGRGUGciLCJxcmMiOm51bGwsImlhdCI6MTcxMTY4NTgxMSwiZXhwIjoxNzExNjg1OTMxfQ.LN_-7-iI3MsXHnI0T0BKvGkrtXARFiWLyaQnQfRsvgc HTTP 302
    https://erseryrfdxcju.online/ HTTP 301
    https://erseryrfdxcju.online/owa/ HTTP 302
    https://erseryrfdxcju.online/captcha.rdr?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MWJlZTM4ODgtMDRiZS02MTk3LTRiMzEtYWIyNGVkZGUzMDQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ3MjgyNjEyMTc4NzM2Mi5lYWI1ZDdjYy02OTBjLTQyNGEtYjMzYy03MDliMGFkNzUwYzgmc3RhdGU9RGN0QkZvQWdDQUJScmRkeFNBUVZQQTVpNjVaZFB4Wl9kcE5UU21jNFFzWklrc0hhaEpSR3BTb3FQT2gtYlBVdDdqQW1PalJxQm92WlFYQXV0QzBkWFhPOFYza19Lejg= Page URL
  5. https://erseryrfdxcju.online/captcha.rdr?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MWJlZTM4ODgtMDRiZS02MTk3LTRiMzEtYWIyNGVkZGUzMDQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ3MjgyNjEyMTc4NzM2Mi5lYWI1ZDdjYy02OTBjLTQyNGEtYjMzYy03MDliMGFkNzUwYzgmc3RhdGU9RGN0QkZvQWdDQUJScmRkeFNBUVZQQTVpNjVaZFB4Wl9kcE5UU21jNFFzWklrc0hhaEpSR3BTb3FQT2gtYlBVdDdqQW1PalJxQm92WlFYQXV0QzBkWFhPOFYza19Lejg=&sso_reload=true Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://dekalaserbrasil.com.br/hdy HTTP 301
  • https://dekalaserbrasil.com.br/hdy/
Request Chain 3
  • https://onlyprivatefileddouc.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://onlyprivatefileddouc.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/dc6b543c1346/main.js
Request Chain 6
  • https://onlyprivatefileddouc.com/authy HTTP 301
  • http://onlyprivatefileddouc.com/authy/ HTTP 307
  • https://onlyprivatefileddouc.com/authy/
Request Chain 10
  • https://erseryrfdxcju.online/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2Vyc2VyeXJmZHhjanUub25saW5lIiwiZG9tYWluIjoiZXJzZXJ5cmZkeGNqdS5vbmxpbmUiLCJrZXkiOiJVdnVWd3VBSGRGUGciLCJxcmMiOm51bGwsImlhdCI6MTcxMTY4NTgxMSwiZXhwIjoxNzExNjg1OTMxfQ.LN_-7-iI3MsXHnI0T0BKvGkrtXARFiWLyaQnQfRsvgc HTTP 302
  • https://erseryrfdxcju.online/ HTTP 301
  • https://erseryrfdxcju.online/owa/ HTTP 302
  • https://erseryrfdxcju.online/captcha.rdr?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MWJlZTM4ODgtMDRiZS02MTk3LTRiMzEtYWIyNGVkZGUzMDQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ3MjgyNjEyMTc4NzM2Mi5lYWI1ZDdjYy02OTBjLTQyNGEtYjMzYy03MDliMGFkNzUwYzgmc3RhdGU9RGN0QkZvQWdDQUJScmRkeFNBUVZQQTVpNjVaZFB4Wl9kcE5UU21jNFFzWklrc0hhaEpSR3BTb3FQT2gtYlBVdDdqQW1PalJxQm92WlFYQXV0QzBkWFhPOFYza19Lejg=

19 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
dekalaserbrasil.com.br/hdy/
Redirect Chain
  • https://dekalaserbrasil.com.br/hdy
  • https://dekalaserbrasil.com.br/hdy/
421 B
359 B 		Document
General
Check archive.org
Download Go to
Full URL
https://dekalaserbrasil.com.br/hdy/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.185.210.237 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS
br106-ip17.hostgator.com.br
Software
Apache /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
en-US,en;q=0.9
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
content-encoding
gzip
content-length
275
content-type
text/html
date
Fri, 29 Mar 2024 04:16:48 GMT
last-modified
Thu, 28 Mar 2024 15:44:09 GMT
server
Apache
vary
Accept-Encoding

Redirect headers

content-length
243
content-type
text/html; charset=iso-8859-1
date
Fri, 29 Mar 2024 04:16:48 GMT
location
https://dekalaserbrasil.com.br/hdy/
server
Apache
authy
onlyprivatefileddouc.com/ 		19 KB
20 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://onlyprivatefileddouc.com/authy
Requested by
Host: dekalaserbrasil.com.br
URL: https://dekalaserbrasil.com.br/hdy/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.146.223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
000c1332c4e43eccc2b263091a861f9ec170a8512e1728f2f39e31911383ba50
Security Headers
Name Value
X-Content-Type-Options nosniff nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block 1; mode=block

Request headers

Referer
https://dekalaserbrasil.com.br/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
en-US,en;q=0.9
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-cache-status
DYNAMIC
cf-ray
86bd0bf2ce6321df-MIA
content-type
text/html; charset=utf-8
date
Fri, 29 Mar 2024 04:16:49 GMT
expires
0
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hZhcLpfg%2FW%2BPJNyY3BDAdk0Mp5Kct93oUK%2Bi%2FX9MV0hORVHPDO8%2F2X%2FURkpVteMUbRGTP12R8BSiwHmaY6Wh65gzs0M0K14Au%2BTUMWOK0aLbdklqQziHQqVFTexx5IdgBO6nPB22EVMwYXQ%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-content-type-options
nosniff nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block 1; mode=block
authy
onlyprivatefileddouc.com/ 		0
849 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://onlyprivatefileddouc.com/authy
Requested by
Host: dekalaserbrasil.com.br
URL: https://dekalaserbrasil.com.br/hdy/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.146.223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
X-Requested-TimeStamp-Expire
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
X-Requested-TimeStamp-Combination
X-Requested-Type-Combination
GET
Content-type
application/x-www-form-urlencoded
X-Requested-Type
GET
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Referer
https://onlyprivatefileddouc.com/authy
X-Requested-with
XMLHttpRequest
X-Requested-TimeStamp
GVYgcIWB2eXB4ZyFiFmsu2Dv-Pk
48272352
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Fri, 29 Mar 2024 04:16:49 GMT
x-server-powered-by
Engintron
x-content-type-options
nosniff, nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ob%2BPPmjABB6gEVwZqDITi%2FvBgrobg1o1HQRMyzXeEawHrA8jOsbXVcsoGX3AsTyaFFHBmpZBA9izn20wUVGNdRzzKQYFPVqarYR3XNrX4DqTV%2FcL3x1ek%2FtrcfBl4FXBNf6MK%2FN8GnL9rFI%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray
86bd0bf6da1921df-MIA
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block, 1; mode=block
expires
0
main.js
onlyprivatefileddouc.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/dc6b543c1346/ Frame FAAC
Redirect Chain
  • https://onlyprivatefileddouc.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://onlyprivatefileddouc.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/dc6b543c1346/main.js
8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://onlyprivatefileddouc.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/dc6b543c1346/main.js
Protocol
H3
Server
172.67.146.223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2cd2fb117bbcfde2768b8afafb4e2a8448b692638b51b01a7e352d0e132d2365
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

date
Fri, 29 Mar 2024 04:16:49 GMT
content-encoding
br
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mR5IRhZrd0U%2FAD3GTDi9RP8dixyRtigFNXpWa7UnalmbZl4LW5NvkiB8cVJY%2Bf6gFRMBse5pAPUROyJOVhLOqvJQ09Ws5tZnAWKXSbZ5XTsiDV9NCr36Kpv40YZDcOGp3H3LiAW5x8f1FOM%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
cf-ray
86bd0bf72a7b21df-MIA
alt-svc
h3=":443"; ma=86400

Redirect headers

date
Fri, 29 Mar 2024 04:16:49 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N5BDWalNXY5HjRBGJs8QjbbNle5DSaEE%2FBzUNpPGfEUX%2BvPpSb5aYZR9j32tW1WqUVvGTv7JLF48ei087KixYjSlkCSjT2iQ7ag%2FyzFiQLkMcQylLHcWIDLi5RA6ybXJXV%2FWVcIxYXUsRm8%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
location
/cdn-cgi/challenge-platform/h/g/scripts/jsd/dc6b543c1346/main.js
cache-control
max-age=300, public
cf-ray
86bd0bf6ea1c21df-MIA
alt-svc
h3=":443"; ma=86400
content-length
0
favicon.ico
onlyprivatefileddouc.com/ 		6 KB
7 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://onlyprivatefileddouc.com/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.146.223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://onlyprivatefileddouc.com/authy
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Fri, 29 Mar 2024 04:16:50 GMT
x-content-type-options
nosniff, nosniff
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NaF23HydAs4Ebw3ZxirUCVfPRsRwyXdD00Fk285ENfo6Dxfp372ezmXizuXBDPFRf4g4ebBsRINDoWYMRuUddQPtRIXya4s83PJJTFKgn6XhjU2edjMukqyl0u9aHfpAvGlLD37xypyxaG8%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray
86bd0bf6ea2121df-MIA
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block, 1; mode=block
expires
0
86bd0bf2ce6321df
onlyprivatefileddouc.com/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame FAAC 		0
603 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://onlyprivatefileddouc.com/cdn-cgi/challenge-platform/h/g/jsd/r/86bd0bf2ce6321df
Requested by
Host: onlyprivatefileddouc.com
URL: https://onlyprivatefileddouc.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.146.223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform
"Win32"
Referer
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

date
Fri, 29 Mar 2024 04:16:49 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DE5ydarlcGPxsUunulYOXpWKRuKot5pBmD1BfqIE9bxZmIb3hDv7wJGk21hRxCMq1kgE4YGUj8sFQoBWVWcfdKNkoiwCecp%2FiHd0pTFJBMRqgF4FDLiqq9i6nR67EiBnAHt09AYyRAnBZ%2F0%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
cf-ray
86bd0bf83b6e21df-MIA
alt-svc
h3=":443"; ma=86400
/
onlyprivatefileddouc.com/authy/
Redirect Chain
  • https://onlyprivatefileddouc.com/authy
  • http://onlyprivatefileddouc.com/authy/
  • https://onlyprivatefileddouc.com/authy/
3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://onlyprivatefileddouc.com/authy/
Requested by
Host: dekalaserbrasil.com.br
URL: https://dekalaserbrasil.com.br/hdy/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.146.223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dff0529c1caee21dfb2ed52c4ec65306156ddcd394bbfceb7663fac670d310c6
Security Headers
Name Value
X-Content-Type-Options nosniff nosniff
X-Xss-Protection 1; mode=block 1; mode=block

Request headers

Referer
https://onlyprivatefileddouc.com/authy
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
en-US,en;q=0.9
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
86bd0bfabe0021df-MIA
content-encoding
br
content-type
text/html
date
Fri, 29 Mar 2024 04:16:50 GMT
last-modified
Tue, 19 Mar 2024 11:17:18 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5osaRTIk3Q5625Un0l1T2E2uB2Zea9dHq0rWlAkg2yFLBy1A33X1r1IlItCnTpUvcQjBhDHMtUg9SSyLtqucWXMk95QHTC5fu1FnOPozvAeeTdWxQzj70zCJrNsIJOVvvG30TIW%2FKc8k%2FZY%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-content-type-options
nosniff nosniff
x-nginx-upstream-cache-status
EXPIRED
x-server-powered-by
Engintron
x-xss-protection
1; mode=block 1; mode=block

Redirect headers

Location
https://onlyprivatefileddouc.com/authy/
Non-Authoritative-Reason
HttpsUpgrades
/
dustbursters.com/ 		323 B
693 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dustbursters.com/?hmhkspnl
Requested by
Host: onlyprivatefileddouc.com
URL: https://onlyprivatefileddouc.com/authy/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
173.214.175.131 , United States, ASN19318 (IS-AS-1, US),
Reverse DNS
server.gangaani.cc
Software
/
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
qrc-auth
Mgx4FcJXjp4oB3kMp5rpgYczVYU8WM4a+JUEZSzbFKnIVyoy31C4AL5mZUaRIj1oI9JybY2UoprImnE9QgE9D2T/Kww97ga1Mh7twM9ZBBw4+P3NpmanOErcww8yaVH00a+9AI5S5EaD34lUSjQ843TWFVBgbVFyE2fjHnI1JGQaWKO3Gc+GlYeKg+E7kMwKgqQiELlrT+nz82qaV5NTKFXDpBVkyQIrXgymGyh2QbV5nvyNMJWAMVIAGip+Clf1JRiNimIczTxzD69ntsBvGQCD62lqOV5U365AwmztKV6+xOsvFCnONLVHqgLc6uvTrU5Yf1A5AQt924agEwsd2w==
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept
application/json
Referer
https://onlyprivatefileddouc.com/
sec-ch-ua-platform
"Win32"

Response headers

Access-Control-Allow-Origin
*
Date
Fri, 29 Mar 2024 04:16:51 GMT
Connection
keep-alive
Keep-Alive
timeout=5
Transfer-Encoding
chunked
content-type
application/json
/
dustbursters.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://dustbursters.com/?hmhkspnl
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
173.214.175.131 , United States, ASN19318 (IS-AS-1, US),
Reverse DNS
server.gangaani.cc
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
qrc-auth
Access-Control-Request-Method
GET
Origin
https://onlyprivatefileddouc.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Headers
*
Access-Control-Allow-Origin
*
Connection
keep-alive
Date
Fri, 29 Mar 2024 04:16:51 GMT
Keep-Alive
timeout=5
Transfer-Encoding
chunked
favicon.ico
onlyprivatefileddouc.com/ 		315 B
738 B 		Other
General
Check archive.org
Download Go to
Full URL
https://onlyprivatefileddouc.com/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.146.223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
Security Headers
Name Value
X-Content-Type-Options nosniff, nosniff
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://onlyprivatefileddouc.com/authy/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
public
date
Fri, 29 Mar 2024 04:16:50 GMT
content-encoding
br
x-content-type-options
nosniff, nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5D2cflw1zhavgzKBw9aQqHfYmayJXGEiUTtJxdKkzUad3nAkX2sTZhGHflpSFN5PdsYYKG38L5i2VuDQarMiSXKKas8m%2BS%2B39nM%2BCSxC8jzlWbNXIhy%2BEAKjenVMir26aDYcQZgwJrHqOJw%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=iso-8859-1
cache-control
public, max-age=315360000, stale-while-revalidate=315360000, stale-if-error=315360000, immutable
cf-ray
86bd0bfc4f6e21df-MIA
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block, 1; mode=block
captcha.rdr
erseryrfdxcju.online/
Redirect Chain
  • https://erseryrfdxcju.online/?dataXX0=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL2Vyc2VyeXJmZHhjanUub25saW5lIiwiZG9tYWluIjoiZXJzZXJ5cmZkeGNqdS5vbmxpbmUiLCJrZXkiOiJVdnVWd3VBSGRGUGciLC...
  • https://erseryrfdxcju.online/
  • https://erseryrfdxcju.online/owa/
  • https://erseryrfdxcju.online/captcha.rdr?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3Rf...
21 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://erseryrfdxcju.online/captcha.rdr?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MWJlZTM4ODgtMDRiZS02MTk3LTRiMzEtYWIyNGVkZGUzMDQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ3MjgyNjEyMTc4NzM2Mi5lYWI1ZDdjYy02OTBjLTQyNGEtYjMzYy03MDliMGFkNzUwYzgmc3RhdGU9RGN0QkZvQWdDQUJScmRkeFNBUVZQQTVpNjVaZFB4Wl9kcE5UU21jNFFzWklrc0hhaEpSR3BTb3FQT2gtYlBVdDdqQW1PalJxQm92WlFYQXV0QzBkWFhPOFYza19Lejg=
Requested by
Host: onlyprivatefileddouc.com
URL: https://onlyprivatefileddouc.com/authy/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
173.214.175.131 , United States, ASN19318 (IS-AS-1, US),
Reverse DNS
server.gangaani.cc
Software
/
Resource Hash
7c8375472fed9bcc829b0762e01c21a848548f0d77f4d218225785a935147cde
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://onlyprivatefileddouc.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
en-US,en;q=0.9
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Cache-Control
no-store, no-cache
Connection
close
Content-Encoding
gzip
Content-Security-Policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Content-Type
text/html; charset=utf-8
Date
Fri, 29 Mar 2024 04:16:51 GMT
Expires
-1
P3P
CP="DSP CUR OTPi IND OTRi ONL FIN"
Pragma
no-cache
Referrer-Policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding
content-length
21195
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
x-ms-ests-server
2.1.17615.11 - EUS ProdSlices
x-ms-request-id
c7dd089c-dc4b-4636-8391-cc591fb60c00
x-ms-srs
1.P

Redirect headers

Alt-Svc
h3=":443",h3-29=":443"
Connection
close
Content-Security-Policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Content-Type
text/html; charset=utf-8
Date
Fri, 29 Mar 2024 04:16:51 GMT
Location
https://erseryrfdxcju.online/captcha.rdr?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MWJlZTM4ODgtMDRiZS02MTk3LTRiMzEtYWIyNGVkZGUzMDQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ3MjgyNjEyMTc4NzM2Mi5lYWI1ZDdjYy02OTBjLTQyNGEtYjMzYy03MDliMGFkNzUwYzgmc3RhdGU9RGN0QkZvQWdDQUJScmRkeFNBUVZQQTVpNjVaZFB4Wl9kcE5UU21jNFFzWklrc0hhaEpSR3BTb3FQT2gtYlBVdDdqQW1PalJxQm92WlFYQXV0QzBkWFhPOFYza19Lejg=
NEL
{"report_to":"NelOfficeUpload1","max_age":7200,"include_subdomains":true,"failure_fraction":1.0,"success_fraction":0.01}
P3P
CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Server
Microsoft-IIS/10.0
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-BEServer
CH3P221MB1489
X-BackEnd-Begin
2024-03-29T04:16:52.178
X-BackEnd-End
2024-03-29T04:16:52.178
X-BackEndHttpStatus
302, 302
X-BeSku
WCS8
X-CalculatedBETarget
CH3P221MB1489.NAMP221.PROD.OUTLOOK.COM
X-CalculatedFETarget
CH0PR03CU014.internal.outlook.com
X-DiagInfo
CH3P221MB1489
X-FEEFZInfo
MNZ
X-FEProxyInfo
BL1P221CA0001.NAMP221.PROD.OUTLOOK.COM
X-FEServer
CH0PR03CA0391, BL1P221CA0001
X-FirstHopCafeEFZ
MNZ
X-IIDs
0
X-OWA-DiagnosticsInfo
0;0;0
X-Proxy-BackendServerStatus
302
X-Proxy-RoutingCorrectness
1
X-RUM-NotUpdateQueriedDbCopy
1
X-RUM-NotUpdateQueriedPath
1
X-RUM-Validated
1
X-UA-Compatible
IE=EmulateIE7
content-length
1288
request-id
1bee3888-04be-6197-4b31-ab24edde3041
BssoInterrupt_Core_HC7t4HZ_o96i0-T341lIwg2.js
erseryrfdxcju.online/aadcdn.msauth.net/~/shared/1.0/content/js/ 		138 KB
50 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://erseryrfdxcju.online/aadcdn.msauth.net/~/shared/1.0/content/js/BssoInterrupt_Core_HC7t4HZ_o96i0-T341lIwg2.js
Requested by
Host: erseryrfdxcju.online
URL: https://erseryrfdxcju.online/captcha.rdr?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MWJlZTM4ODgtMDRiZS02MTk3LTRiMzEtYWIyNGVkZGUzMDQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ3MjgyNjEyMTc4NzM2Mi5lYWI1ZDdjYy02OTBjLTQyNGEtYjMzYy03MDliMGFkNzUwYzgmc3RhdGU9RGN0QkZvQWdDQUJScmRkeFNBUVZQQTVpNjVaZFB4Wl9kcE5UU21jNFFzWklrc0hhaEpSR3BTb3FQT2gtYlBVdDdqQW1PalJxQm92WlFYQXV0QzBkWFhPOFYza19Lejg=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
173.214.175.131 , United States, ASN19318 (IS-AS-1, US),
Reverse DNS
server.gangaani.cc
Software
/
Resource Hash
333b84e45aaeb806f18d94951b9cd6aa6898ee23506a3d4872199333e96dcc6d
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://erseryrfdxcju.online/captcha.rdr?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MWJlZTM4ODgtMDRiZS02MTk3LTRiMzEtYWIyNGVkZGUzMDQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ3MjgyNjEyMTc4NzM2Mi5lYWI1ZDdjYy02OTBjLTQyNGEtYjMzYy03MDliMGFkNzUwYzgmc3RhdGU9RGN0QkZvQWdDQUJScmRkeFNBUVZQQTVpNjVaZFB4Wl9kcE5UU21jNFFzWklrc0hhaEpSR3BTb3FQT2gtYlBVdDdqQW1PalJxQm92WlFYQXV0QzBkWFhPOFYza19Lejg=
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
Date
Fri, 29 Mar 2024 04:16:53 GMT
Content-Encoding
gzip
Content-Security-Policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
X-Cache
TCP_HIT
x-fd-int-roxy-purgeid
0
Connection
close
content-length
141298
x-ms-lease-status
unlocked
Last-Modified
Sat, 02 Mar 2024 00:12:08 GMT
ETag
0x8DC3A4D6646D827
x-azure-ref
20240329T041653Z-s3gx626d495t5egq8vbseg4gn40000000gfg000000007nh7
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
x-ms-request-id
df55d2dc-801e-0016-5ecc-7bafb0000000
Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
Cache-Control
public, max-age=31536000
x-ms-version
2009-09-19
Accept-Ranges
bytes
truncated
/ 		341 B
0 		Script
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
90682803943448f3acffc81014c87fdd71f30d8cf97335fcea451fac1e568221

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type
text/javascript
reportbssotelemetry
erseryrfdxcju.online/common/instrumentation/ 		265 B
2 KB 		Ping
General
Check archive.org
Download Go to
Full URL
https://erseryrfdxcju.online/common/instrumentation/reportbssotelemetry?hpgid=6&hpgact=1800&client-request-id=1bee3888-04be-6197-4b31-ab24edde3041&hpgrequestid=c7dd089c-dc4b-4636-8391-cc591fb60c00
Requested by
Host: erseryrfdxcju.online
URL: https://erseryrfdxcju.online/aadcdn.msauth.net/~/shared/1.0/content/js/BssoInterrupt_Core_HC7t4HZ_o96i0-T341lIwg2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
173.214.175.131 , United States, ASN19318 (IS-AS-1, US),
Reverse DNS
server.gangaani.cc
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform
"Win32"
Referer
https://erseryrfdxcju.online/captcha.rdr?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MWJlZTM4ODgtMDRiZS02MTk3LTRiMzEtYWIyNGVkZGUzMDQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ3MjgyNjEyMTc4NzM2Mi5lYWI1ZDdjYy02OTBjLTQyNGEtYjMzYy03MDliMGFkNzUwYzgmc3RhdGU9RGN0QkZvQWdDQUJScmRkeFNBUVZQQTVpNjVaZFB4Wl9kcE5UU21jNFFzWklrc0hhaEpSR3BTb3FQT2gtYlBVdDdqQW1PalJxQm92WlFYQXV0QzBkWFhPOFYza19Lejg=
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Fri, 29 Mar 2024 04:16:52 GMT
x-ms-srs
1.P
Referrer-Policy
strict-origin-when-cross-origin
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
Content-Security-Policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Content-Type
application/json; charset=utf-8
P3P
CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id
60cdaaf2-7bf4-46b9-ae69-57de965f0000
Cache-Control
no-store, no-cache
Connection
close
content-length
265
x-ms-ests-server
2.1.17615.13 - SCUS ProdSlices
Expires
-1
Primary Request captcha.rdr
erseryrfdxcju.online/ 		38 KB
17 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://erseryrfdxcju.online/captcha.rdr?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MWJlZTM4ODgtMDRiZS02MTk3LTRiMzEtYWIyNGVkZGUzMDQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ3MjgyNjEyMTc4NzM2Mi5lYWI1ZDdjYy02OTBjLTQyNGEtYjMzYy03MDliMGFkNzUwYzgmc3RhdGU9RGN0QkZvQWdDQUJScmRkeFNBUVZQQTVpNjVaZFB4Wl9kcE5UU21jNFFzWklrc0hhaEpSR3BTb3FQT2gtYlBVdDdqQW1PalJxQm92WlFYQXV0QzBkWFhPOFYza19Lejg=&sso_reload=true
Requested by
Host: erseryrfdxcju.online
URL: https://erseryrfdxcju.online/aadcdn.msauth.net/~/shared/1.0/content/js/BssoInterrupt_Core_HC7t4HZ_o96i0-T341lIwg2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
173.214.175.131 , United States, ASN19318 (IS-AS-1, US),
Reverse DNS
server.gangaani.cc
Software
/
Resource Hash
db9544a46657b4eadbdf915070bb0b0a57fc325e18d9d99194ee904230d9ae8d
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://erseryrfdxcju.online/captcha.rdr?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MWJlZTM4ODgtMDRiZS02MTk3LTRiMzEtYWIyNGVkZGUzMDQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ3MjgyNjEyMTc4NzM2Mi5lYWI1ZDdjYy02OTBjLTQyNGEtYjMzYy03MDliMGFkNzUwYzgmc3RhdGU9RGN0QkZvQWdDQUJScmRkeFNBUVZQQTVpNjVaZFB4Wl9kcE5UU21jNFFzWklrc0hhaEpSR3BTb3FQT2gtYlBVdDdqQW1PalJxQm92WlFYQXV0QzBkWFhPOFYza19Lejg=
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
en-US,en;q=0.9
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Cache-Control
no-store, no-cache
Connection
close
Content-Encoding
gzip
Content-Security-Policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Content-Type
text/html; charset=utf-8
Date
Fri, 29 Mar 2024 04:16:52 GMT
Expires
-1
Link
<https://aadcdn.msauth.net>; rel=preconnect; crossorigin, <https://aadcdn.msauth.net>; rel=dns-prefetch, <https://aadcdn.msftauth.net>; rel=dns-prefetch
P3P
CP="DSP CUR OTPi IND OTRi ONL FIN"
Pragma
no-cache
Referrer-Policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding
content-length
38582
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
x-ms-ests-server
2.1.17615.13 - WUS3 ProdSlices
x-ms-request-id
38d7b84e-9a43-4e9f-be0d-19553acd1100
x-ms-srs
1.P
favicon.ico
erseryrfdxcju.online/ 		0
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://erseryrfdxcju.online/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
173.214.175.131 , United States, ASN19318 (IS-AS-1, US),
Reverse DNS
server.gangaani.cc
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://erseryrfdxcju.online/captcha.rdr?ref=aHR0cHM6Ly9sb2dpbi5taWNyb3NvZnRvbmxpbmUuY29tL2NvbW1vbi9vYXV0aDIvYXV0aG9yaXplP2NsaWVudF9pZD0wMDAwMDAwMi0wMDAwLTBmZjEtY2UwMC0wMDAwMDAwMDAwMDAmcmVkaXJlY3RfdXJpPWh0dHBzJTNhJTJmJTJmb3V0bG9vay5vZmZpY2UuY29tJTJmb3dhJTJmJnJlc291cmNlPTAwMDAwMDAyLTAwMDAtMGZmMS1jZTAwLTAwMDAwMDAwMDAwMCZyZXNwb25zZV9tb2RlPWZvcm1fcG9zdCZyZXNwb25zZV90eXBlPWNvZGUraWRfdG9rZW4mc2NvcGU9b3BlbmlkJm1zYWZlZD0xJm1zYXJlZGlyPTEmY2xpZW50LXJlcXVlc3QtaWQ9MWJlZTM4ODgtMDRiZS02MTk3LTRiMzEtYWIyNGVkZGUzMDQxJnByb3RlY3RlZHRva2VuPXRydWUmY2xhaW1zPSU3YiUyMmlkX3Rva2VuJTIyJTNhJTdiJTIyeG1zX2NjJTIyJTNhJTdiJTIydmFsdWVzJTIyJTNhJTViJTIyQ1AxJTIyJTVkJTdkJTdkJTdkJm5vbmNlPTYzODQ3MjgyNjEyMTc4NzM2Mi5lYWI1ZDdjYy02OTBjLTQyNGEtYjMzYy03MDliMGFkNzUwYzgmc3RhdGU9RGN0QkZvQWdDQUJScmRkeFNBUVZQQTVpNjVaZFB4Wl9kcE5UU21jNFFzWklrc0hhaEpSR3BTb3FQT2gtYlBVdDdqQW1PalJxQm92WlFYQXV0QzBkWFhPOFYza19Lejg=
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Fri, 29 Mar 2024 04:16:52 GMT
x-ms-srs
1.P
Referrer-Policy
strict-origin-when-cross-origin
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
Content-Security-Policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; form-action * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: filesystem: ; frame-ancestors 'self' * http://* https://* file://* about: javascript: data: blob: filesystem: ; object-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
P3P
CP="DSP CUR OTPi IND OTRi ONL FIN"
x-ms-request-id
b8ba3c8b-a50e-4a1f-8bab-5b6977eb1000
Cache-Control
private
Connection
close
Content-Length
0
x-ms-ests-server
2.1.17615.11 - NCUS ProdSlices
converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css
erseryrfdxcju.online/aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/ 		0
0
ConvergedLogin_PCore_QMJbZSc_Phofl-lfd63BLw2.js
erseryrfdxcju.online/aadcdn.msauth.net/~/shared/1.0/content/js/ 		0
0
ux.converged.login.strings-en.min_pevuvrbnnz-5coi_b4jtbw2.js
erseryrfdxcju.online/aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/ 		0
0
truncated
/ 		341 B
0 		Script
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
90682803943448f3acffc81014c87fdd71f30d8cf97335fcea451fac1e568221

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type
text/javascript
Me.htm
login.live.com/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
erseryrfdxcju.online
URL
https://erseryrfdxcju.online/aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/converged.v2.login.min_1ito3russhq-9gioj-zd4w2.css
Domain
erseryrfdxcju.online
URL
https://erseryrfdxcju.online/aadcdn.msauth.net/~/shared/1.0/content/js/ConvergedLogin_PCore_QMJbZSc_Phofl-lfd63BLw2.js
Domain
erseryrfdxcju.online
URL
https://erseryrfdxcju.online/aadcdn.msauth.net/~/ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_pevuvrbnnz-5coi_b4jtbw2.js
Domain
login.live.com
URL
https://login.live.com/Me.htm?v=3

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onpagereveal

22 Cookies

Domain/Path Name / Value
onlyprivatefileddouc.com/ Name: Z6SjZg0F5HYLRfeyFWMNu_BuTyk
Value: yOrIN3gMzFF7R3wy-UFqv58K_MQ
onlyprivatefileddouc.com/ Name: NbsyIHfjEri9jjTBqBaurDgZTSk
Value: 1711685805
onlyprivatefileddouc.com/ Name: C5GHVN4Kmhq6OaC-F-4P5I5It5g
Value: 1711772205
onlyprivatefileddouc.com/ Name: dfG-pyPU0PwrNWNbfbQGned1iQo
Value: sobL-BHMVbh55Jx02ufGAdrYOdU
onlyprivatefileddouc.com/ Name: jyaIAZ5FRvEEs3FE69LWXO9cJbo
Value: xiD6oqkV4tbsb_V0nKXezUYa2m8
onlyprivatefileddouc.com/ Name: Bd_UpOdMV45M_oC9S54Qg3f-1dw
Value: 1711685809
onlyprivatefileddouc.com/ Name: UcY6tOJaf2uAjEJErzujWswJurs
Value: 1711772209
onlyprivatefileddouc.com/ Name: WOgFkJ-DQGwCV5jiAKHlt3UhcWI
Value: PD-piqE05064mkuKy5kgOO0QT-k
.onlyprivatefileddouc.com/ Name: cf_clearance
Value: dxI3HLpDgD4uRNOIcSoDBfbLFqq7x4sua8lNju2.dzM-1711685809-1.0.1.1-4ZjCPhrehmgkIVG6yRNLWouX9j8AhAf5xTZaPqUURpo.oQOz7DzVxXOMxKrCu3LJHkBKp710bD05iqCVvxy2xg
erseryrfdxcju.online/ Name: qPdM
Value: UvuVwuAHdFPg
erseryrfdxcju.online/ Name: qPdM.sig
Value: lzSB-b1mwg_KIovmvDUmpjEH6EE
erseryrfdxcju.online/ Name: ClientId
Value: 937B456AEC454860A8BE5A03FDAB9519
erseryrfdxcju.online/ Name: OIDC
Value: 1
erseryrfdxcju.online/ Name: OpenIdConnect.nonce.v3.mW80s4E4EUviwVGZlROrRIxxYBLs59ndDdKc4_pmUeY
Value: 638472826121787362.eab5d7cc-690c-424a-b33c-709b0ad750c8
erseryrfdxcju.online/ Name: X-OWA-RedirectHistory
Value: ArLym14B4pe6D6dP3Ag
.erseryrfdxcju.online/ Name: esctx-R18zs8aEJLM
Value: AQABCQEAAADnfolhJpSnRYB1SVj-Hgd8GptF2xHRFRXio3pi3UUAzeXE7PTZPEBg40Eeo0spQskjHjxrbyJ9coiniybYnmTnPEPnCGZ0xQVXINIVEc4o9EVI5pP_VwK22992g5wDlTd-Q6xSGRYyP-wi7YooKoLBPQt8bnFDJ-pnbBWt9PEUqSAA
erseryrfdxcju.online/ Name: fpc
Value: Au_j4LaLFQ5ElqftmxvGD4A
.erseryrfdxcju.online/ Name: esctx
Value: PAQABBwEAAADnfolhJpSnRYB1SVj-Hgd8hyAnT2wNLwYHl2x0BYRBIydpsG_amLrn4cwYts4MjbVCfGY0KHd1EE-NNxVADa4PQinoRXT_KJWrDB26pnglzwsM6rmnmzqrRSAHvLSP7iAPr3F4iL_x7rADQfKmZZNvtgan5I0xg-TJJUE9Js-osorsp7DwqRKPV55t_S5ELYAgAA
erseryrfdxcju.online/ Name: x-ms-gateway-slice
Value: estsfd
erseryrfdxcju.online/ Name: stsservicecookie
Value: estsfd
.erseryrfdxcju.online/ Name: AADSSO
Value: NA|NoExtension
erseryrfdxcju.online/ Name: SSOCOOKIEPULLED
Value: 1

4 Console Messages

Source Level URL
Text
network error URL: https://onlyprivatefileddouc.com/authy
Message:
Failed to load resource: the server responded with a status of 503 ()
network error URL: https://onlyprivatefileddouc.com/favicon.ico
Message:
Failed to load resource: the server responded with a status of 503 ()
network error URL: https://onlyprivatefileddouc.com/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://erseryrfdxcju.online/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)