fwnitro.caitsith2.com Open in urlscan Pro
172.67.135.75 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://fwnitro.caitsith2.com/
Submission Tags: phishingrod
Submission: On May 08 via api (May 8th 2024, 2:46:27 am UTC) from DE — Scanned from DE

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 3 domains to perform 15 HTTP transactions. The main IP is 172.67.135.75, located in United States and belongs to CLOUDFLARENET, US. The main domain is fwnitro.caitsith2.com.
TLS certificate: Issued by GTS CA 1P5 on March 12th 2024. Valid for: 3 months.

This is the only time fwnitro.caitsith2.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
13	172.67.135.75 172.67.135.75	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	151.101.65.21 151.101.65.21	54113 (FASTLY) (FASTLY)
2	192.229.221.25 192.229.221.25	15133 (EDGECAST) (EDGECAST)
15	2

13 172.67.135.75 (United States)

ASN13335 (CLOUDFLARENET, US)

fwnitro.caitsith2.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.65.21 (San Francisco, United States) 2 redirects

ASN54113 (FASTLY, US)

www.paypal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.229.221.25 (United States)

ASN15133 (EDGECAST, US)

www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	caitsith2.com fwnitro.caitsith2.com	349 KB
2	paypalobjects.com www.paypalobjects.com — Cisco Umbrella Rank: 2599	3 KB
2	paypal.com 2 redirects www.paypal.com — Cisco Umbrella Rank: 2954	1 KB
15	3

	Domain	Requested by
13	fwnitro.caitsith2.com	fwnitro.caitsith2.com
2	www.paypalobjects.com	fwnitro.caitsith2.com
2	www.paypal.com	2 redirects
15	3

This site contains no links.

Subject Issuer	Validity	Valid
caitsith2.com GTS CA 1P5	`2024-03-12` - `2024-06-10`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://fwnitro.caitsith2.com/
Frame ID: 32E32F5E399DC1C73AE389EB9CF5CBB6
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

FWNitro homebrew firmware replacement for Nintendo DS

Detected technologies

PayPal (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

<input[^>]+_s-xclick
paypalobjects\.com

Page Statistics

15
Requests

87 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

1
Countries

351 kB
Transfer

348 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://www.paypal.com/en_US/i/btn/x-click-but04.gif HTTP 301
https://www.paypalobjects.com/en_US/i/btn/x-click-but04.gif

Request Chain 1

https://www.paypal.com/en_US/i/scr/pixel.gif HTTP 301
https://www.paypalobjects.com/en_US/i/scr/pixel.gif

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 Primary Request / Show response
fwnitro.caitsith2.com/ 7 KB
4 KB 303ms
277ms Document
text/html 172.67.135.75
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fwnitro.caitsith2.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.135.75 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e7681ab07099de49b94d6db788009695c3dcb5d63ac81bc3e322b68a7db9d54e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 88061e772822a025-FRA
content-encoding: gzip
content-type: text/html
date: Wed, 08 May 2024 02:46:22 GMT
last-modified: Fri, 28 Jun 2019 16:47:22 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sDqZJNLcdwSaJa5TZJ0E3B31Vzd%2Fz0qOZh2ElgB%2BrdHzBdGJPWrS4PNUrm8SS86%2FHyMi89Z33sSL8Kzgqza6%2B8BBQId%2BQnv%2FSGH%2FIBnGP%2BwsTktxURejwUhYl8yl3mgP4Z1PzI5g%2Fps%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-turbo-charged-by: LiteSpeed

GET
H2

200

x-click-but04.gif
www.paypalobjects.com/en_US/i/btn/
Redirect Chain

https://www.paypal.com/en_US/i/btn/x-click-but04.gif
https://www.paypalobjects.com/en_US/i/btn/x-click-but04.gif

2 KB
2 KB

138ms
9ms

Image
image/gif

192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/en_US/i/btn/x-click-but04.gif

Requested by

Host: fwnitro.caitsith2.com
URL: https://fwnitro.caitsith2.com/

Protocol

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CC7) /

Resource Hash

a8f36837d21e73e1a17fa2936ec161187b3d1e6b08c0335433aec8153cd41049

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://fwnitro.caitsith2.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date: Wed, 08 May 2024 02:46:23 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-cache: HIT
paypal-debug-id: e3ed805e968c0
dc: ccg11-origin-www-1.paypal.com
content-length: 2127
last-modified: Fri, 16 Aug 2019 04:57:33 GMT
server: ECAcc (frc/4CC7)
traceparent: 00-0000000000000000000e3ed805e968c0-a11c753bc76f3cdb-01
etag: "5d5637bd-84f"
content-type: image/gif
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
expires: Wed, 08 May 2024 03:46:23 GMT

Redirect headers

date: Wed, 08 May 2024 02:46:23 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: MISS, MISS
paypal-debug-id: f154456f766aa
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
content-length: 0
x-served-by: cache-fra-etou8220103-FRA, cache-fra-etou8220103-FRA
accept-ch: Sec-CH-UA-Full
traceparent: 00-0000000000000000000f154456f766aa-af6e8c3b141edd9f-01
x-timer: S1715136383.894127,VS0,VE142
location: https://www.paypalobjects.com/en_US/i/btn/x-click-but04.gif
cache-control: max-age=0, no-cache, no-store, must-revalidate
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
accept-ranges: bytes
x-cache-hits: 0, 0

GET
H2

200

pixel.gif
www.paypalobjects.com/en_US/i/scr/
Redirect Chain

https://www.paypal.com/en_US/i/scr/pixel.gif
https://www.paypalobjects.com/en_US/i/scr/pixel.gif

43 B
442 B

125ms
7ms

Image
image/gif

192.229.221.25
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/en_US/i/scr/pixel.gif

Requested by

Host: fwnitro.caitsith2.com
URL: https://fwnitro.caitsith2.com/

Protocol

Server

192.229.221.25 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CBC) /

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://fwnitro.caitsith2.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date: Wed, 08 May 2024 02:46:23 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
x-cache: HIT
paypal-debug-id: a39820370b473
dc: ccg11-origin-www-1.paypal.com
content-length: 43
last-modified: Fri, 16 Aug 2019 04:57:34 GMT
server: ECAcc (frc/4CBC)
traceparent: 00-0000000000000000000a39820370b473-e447a56bf5767cae-01
etag: "5d5637be-2b"
content-type: image/gif
cache-control: s-maxage=31536000, public,max-age=3600
accept-ranges: bytes
timing-allow-origin: https://www.paypal.com,https://www.sandbox.paypal.com
expires: Wed, 08 May 2024 03:46:23 GMT

Redirect headers

date: Wed, 08 May 2024 02:46:23 GMT
via: 1.1 varnish, 1.1 varnish
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-cache: MISS, MISS
paypal-debug-id: f15445605a4db
server-timing: content-encoding;desc="",x-cdn;desc="fastly"
dc: ccg11-origin-www-1.paypal.com
content-length: 0
x-served-by: cache-fra-etou8220103-FRA, cache-fra-etou8220103-FRA
accept-ch: Sec-CH-UA-Full
traceparent: 00-0000000000000000000f15445605a4db-18eb31e18f055110-01
x-timer: S1715136383.893989,VS0,VE156
location: https://www.paypalobjects.com/en_US/i/scr/pixel.gif
cache-control: max-age=0, no-cache, no-store, must-revalidate
origin-trial: AlIogV3KFtnbfVCyl9Z2NprE7FD8PYCt+TQiYdE3ppeJjJ0xJKcthYwOxXpRCNopxVWdOIENMcNSvQCGAmj0fw0AAAB2eyJvcmlnaW4iOiJodHRwczovL3BheXBhbC5jb206NDQzIiwiZmVhdHVyZSI6IlNlbmRGdWxsVXNlckFnZW50QWZ0ZXJSZWR1Y3Rpb24iLCJleHBpcnkiOjE2ODQ4ODYzOTksImlzU3ViZG9tYWluIjp0cnVlfQ==
accept-ranges: bytes
x-cache-hits: 0, 0

GET
H3 200 main%20menu.jpg
fwnitro.caitsith2.com/images/screen%20shots/ 31 KB
32 KB 367ms
367ms Image
image/jpeg 172.67.135.75
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fwnitro.caitsith2.com/images/screen%20shots/main%20menu.jpg

Requested by

Host: fwnitro.caitsith2.com
URL: https://fwnitro.caitsith2.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.135.75 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

df2242b147f154f7b1a67cf5c4c79098f8c1b3da35a3cae30d8a041a59209678

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fwnitro.caitsith2.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 08 May 2024 02:46:23 GMT
strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 31875
last-modified: Fri, 28 Jun 2019 16:47:46 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XlvRuJfZa4Kl7HeHxhqV8bGcFNYsyYGgmDt3xSLuqxkT3pNZoHAf0H0YrDZepn%2FLK5iiMsnPoJqZM%2BeU3iYf1ZuGqApG1dghHL9qwj%2FsyR6ttlv%2BjORJly3L5p9c%2BwvMESdbRG3VyPo%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 88061e78e984a025-FRA
expires: Wed, 15 May 2024 02:46:23 GMT

GET
H3 200 config%20menu.JPG
fwnitro.caitsith2.com/images/screen%20shots/ 27 KB
27 KB 374ms
374ms Image
image/jpeg 172.67.135.75
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fwnitro.caitsith2.com/images/screen%20shots/config%20menu.JPG

Requested by

Host: fwnitro.caitsith2.com
URL: https://fwnitro.caitsith2.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.135.75 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d608306174804a86c1bdd9d746169bdbe9bf11cdda0e956f3f60e1aab3f4e49c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fwnitro.caitsith2.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 08 May 2024 02:46:23 GMT
strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 27346
last-modified: Fri, 28 Jun 2019 16:47:43 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=32azAIzAEcmwlLnQqj5QbwLDMsHeVvsu%2BLsR7dWqtJZEO3j3fuxaB%2Ft9CQbRWUFgPdwzGV2JhfTwNF4Ot5wF%2B4F%2B7ZfevyMu1HTIWGsWRS9ogFFkF%2B2LYolLy75vNLo2UKbdj4aRgKc%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 88061e78f988a025-FRA
expires: Wed, 15 May 2024 02:46:23 GMT

GET
H3 200 wifi%20setting.jpg
fwnitro.caitsith2.com/images/screen%20shots/ 31 KB
31 KB 396ms
395ms Image
image/jpeg 172.67.135.75
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fwnitro.caitsith2.com/images/screen%20shots/wifi%20setting.jpg

Requested by

Host: fwnitro.caitsith2.com
URL: https://fwnitro.caitsith2.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.135.75 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5ea25820408429e29133fa706451135aec8b500d4db8c795582c72960b58ae1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fwnitro.caitsith2.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 08 May 2024 02:46:23 GMT
strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 31431
last-modified: Fri, 28 Jun 2019 16:47:46 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=esqa89%2Fu3byrVnPNLGxLySp2emawPo1wZah%2FFsCOCxkazymN%2F5SzpXesGUdKOkP9CHh8SQIs3%2B1jjf0GWszqFJAdfJ0dFAQjGpb0Y8IDPq%2BuSNPqoHyMSZno95mSKLWH%2BSkFpI5GdhE%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 88061e78f989a025-FRA
expires: Wed, 15 May 2024 02:46:23 GMT

GET
H3 200 user%20preferences.jpg
fwnitro.caitsith2.com/images/screen%20shots/ 33 KB
34 KB 382ms
381ms Image
image/jpeg 172.67.135.75
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fwnitro.caitsith2.com/images/screen%20shots/user%20preferences.jpg

Requested by

Host: fwnitro.caitsith2.com
URL: https://fwnitro.caitsith2.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.135.75 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9a3aa3f63693ce54b0256fcb57c17beb7cc55c37ca10308727103726d362a72a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fwnitro.caitsith2.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 08 May 2024 02:46:23 GMT
strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 33870
last-modified: Fri, 28 Jun 2019 16:47:47 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t90sud4HOx1dUJXl4hqJaFqIJD1NYkTvhlrox5EhmMaXMnupT6IuZ4dLAXFw%2BOtYx3hHWJnMXv7sPF1N%2FTlnTgloCQp7b2%2F6qhP1BExzM%2F8PdYszs1fw%2BIupZllnbIIbVxnSnx94VRQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 88061e78f98ba025-FRA
expires: Wed, 15 May 2024 02:46:23 GMT

GET
H3 200 rtc%20setting.jpg
fwnitro.caitsith2.com/images/screen%20shots/ 27 KB
28 KB 397ms
396ms Image
image/jpeg 172.67.135.75
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fwnitro.caitsith2.com/images/screen%20shots/rtc%20setting.jpg

Requested by

Host: fwnitro.caitsith2.com
URL: https://fwnitro.caitsith2.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.135.75 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d88741aa2bdebb21744ac70e684fc68723d96905fdc30a2ba341f6ebe608e475

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fwnitro.caitsith2.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 08 May 2024 02:46:23 GMT
strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 27651
last-modified: Fri, 28 Jun 2019 16:47:43 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Py8gIBiO1I6nfmFLUap0efqPZRHzhmj2tMZfgbe6TEEv%2FDiMbHf1nrihJUtFyxbEac0KqNl8LzXxhp9izGZ%2F2B61GZAjToZsJ%2Fe1Kttj1ZHuyY0i3x5GW%2BTdNVpWj8m%2FNlGLx5GDZEA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 88061e78f98ca025-FRA
expires: Wed, 15 May 2024 02:46:23 GMT

GET
H3 200 alarm%20clock%20main.jpg
fwnitro.caitsith2.com/images/screen%20shots/ 29 KB
29 KB 388ms
387ms Image
image/jpeg 172.67.135.75
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fwnitro.caitsith2.com/images/screen%20shots/alarm%20clock%20main.jpg

Requested by

Host: fwnitro.caitsith2.com
URL: https://fwnitro.caitsith2.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.135.75 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a031dc5604035a30a416c810264c3298ee2e0a61f5f6a3a4bf49ac0c0872cc99

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fwnitro.caitsith2.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 08 May 2024 02:46:23 GMT
strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 29464
last-modified: Fri, 28 Jun 2019 16:47:45 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QZK9z71ARaolNkrKd0xBX5XinTBpM0n3nn5BBxbhOzJkOaun%2BcuCisArI8LAb5mu3Ql4AcEvSPZ2QB822jh6uvMN9jpslGruA371HHMokon53034sn2UZKXxS7Jh1MyPSCOcsRZe%2BNM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 88061e78f98ea025-FRA
expires: Wed, 15 May 2024 02:46:23 GMT

GET
H3 200 alarm%20clock%20settings.jpg
fwnitro.caitsith2.com/images/screen%20shots/ 28 KB
28 KB 372ms
371ms Image
image/jpeg 172.67.135.75
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fwnitro.caitsith2.com/images/screen%20shots/alarm%20clock%20settings.jpg

Requested by

Host: fwnitro.caitsith2.com
URL: https://fwnitro.caitsith2.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.135.75 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5640beb86484238fcbd5c7d9190463717238346b8842513e94a25a68d8a2611b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fwnitro.caitsith2.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 08 May 2024 02:46:23 GMT
strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 28292
last-modified: Fri, 28 Jun 2019 16:47:44 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wpLAN1lQJg1L7pobwYcPFIVjQ67tvSxd6HkXgy40cD58tD6xm1i2f8CDF3S2c8tca%2BY5rCkmQpmcnyZayTH2LRbwkoOk%2FzNUvXkwQaI00rBhsUi%2BBtGsn1LKLtn6OnHtn3KwNiVBero%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 88061e78f98fa025-FRA
expires: Wed, 15 May 2024 02:46:23 GMT

GET
H3 200 memory%20viewer.jpg
fwnitro.caitsith2.com/images/screen%20shots/ 48 KB
48 KB 419ms
419ms Image
image/jpeg 172.67.135.75
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fwnitro.caitsith2.com/images/screen%20shots/memory%20viewer.jpg

Requested by

Host: fwnitro.caitsith2.com
URL: https://fwnitro.caitsith2.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.135.75 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f074ae0293d9691e6f5ff652c5998f38007c87c68d051757a87825a99500f78b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fwnitro.caitsith2.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 08 May 2024 02:46:23 GMT
strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 48883
last-modified: Fri, 28 Jun 2019 16:48:08 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bnK2All70n7WwrMY0eSpjOEIs%2BIFq3bosCQz26jAfE2gvxVZy9M6OomiXT6v73DPCtFxu%2FdjvS6nOwWhuK4fw59%2B919z2b6kB3PpdpXpRz39TpqTRzfeKxQVI4ztxGjW%2BuIdh5RyIeY%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 88061e78f990a025-FRA
expires: Wed, 15 May 2024 02:46:23 GMT

GET
H3 200 programming%20mode.jpg
fwnitro.caitsith2.com/images/screen%20shots/ 26 KB
26 KB 391ms
390ms Image
image/jpeg 172.67.135.75
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fwnitro.caitsith2.com/images/screen%20shots/programming%20mode.jpg

Requested by

Host: fwnitro.caitsith2.com
URL: https://fwnitro.caitsith2.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.135.75 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d8eb7f25815165374ca1857a0e427e0d13e01cde59dcc55b691c1f33dda0a82f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fwnitro.caitsith2.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 08 May 2024 02:46:23 GMT
strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 26259
last-modified: Fri, 28 Jun 2019 16:47:42 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qhg%2BGjEDHfacwTMIOIuHvQAPa957cFwYPhaAu%2Bx%2F7sPYzHssbpD2n4AD5tGUTzEVh6O0Savy%2BjavtNL9hw0saWQLXd0F3zx%2FtMhh0kiG713%2B0GokIr4yeOiz3HxVVESv%2Flm%2F%2FXcwLKk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 88061e78f991a025-FRA
expires: Wed, 15 May 2024 02:46:23 GMT

GET
H3 200 mkds%20offline%20course%20hack.jpg
fwnitro.caitsith2.com/images/screen%20shots/ 35 KB
35 KB 393ms
393ms Image
image/jpeg 172.67.135.75
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fwnitro.caitsith2.com/images/screen%20shots/mkds%20offline%20course%20hack.jpg

Requested by

Host: fwnitro.caitsith2.com
URL: https://fwnitro.caitsith2.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.135.75 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5158238c8385a1dbfbdfae38e1f9e753819fcd802f81db87958d3e4806527139

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fwnitro.caitsith2.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 08 May 2024 02:46:23 GMT
strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 35770
last-modified: Fri, 28 Jun 2019 16:47:51 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1tMnxuW%2BeBAsKk04H86%2B6k3kVQzCK%2BD6bdLtYYXbpu2M%2F3AkqmBbIA95O4uNqDRUXECDKboo7qOg7kvbcOqrlYxhaUytrOQBl3lgRXPgTdnP1WRX8bmMFHDRCmunrzfQiUSBiexTF7s%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 88061e78f992a025-FRA
expires: Wed, 15 May 2024 02:46:23 GMT

GET
H3 200 card%20dumper.jpg
fwnitro.caitsith2.com/images/screen%20shots/ 25 KB
26 KB 392ms
391ms Image
image/jpeg 172.67.135.75
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fwnitro.caitsith2.com/images/screen%20shots/card%20dumper.jpg

Requested by

Host: fwnitro.caitsith2.com
URL: https://fwnitro.caitsith2.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.135.75 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d581de48435826cf7d392f5a01a8fe19c1cf474198c015aa7142da8a7777c938

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fwnitro.caitsith2.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 08 May 2024 02:46:23 GMT
strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 25639
last-modified: Fri, 28 Jun 2019 16:47:42 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MOMZIL6DaQmNQnsGieCiWozgj8R3z5yEpWmfwupf1vG2j2PGyPlrY3IinU29gRUE1NksmpyfamFZDeAmfVDj9vulv4s2YJmldCKYsnw9zsaPSqg5DhC5DhG35YCyPluLC2Ix9OFNAvI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 88061e78f993a025-FRA
expires: Wed, 15 May 2024 02:46:23 GMT

GET
H3 404 favicon.ico
fwnitro.caitsith2.com/ 1 KB
1 KB 265ms
265ms Other
text/html 172.67.135.75
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fwnitro.caitsith2.com/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.135.75 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4c13d452dd5d49671bd93ca32f2b4f85c78e39b6ab0ad1f38d98ed267f8fd896

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fwnitro.caitsith2.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 08 May 2024 02:46:23 GMT
strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: gzip
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MSW5T7LkY%2FIV0WYgGiqu2CXcrvOjw6mkEQBVxww2JdGs%2FyA3ktPt8PTcFquf1ads6BIR96hwXuDi2aUHJA%2FeyZKC%2FqjmXDe7yWAHKt6qNf%2BrJs%2BOsflsiBvNklrP7pTIxiU3N4tI%2FQs%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
x-turbo-charged-by: LiteSpeed
cf-ray: 88061e7b9b20a025-FRA
alt-svc: h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.paypal.com/	1970-01-21 06:01:36	Name: ts Value: vreXpYrS%3D1809744382%26vteXpYrS%3D1715138182%26vr%3D561847fe18f0a556008d0d24ffaa929a%26vt%3D561847fe18f0a556008d0d24ffaa9299%26vtyp%3Dnew
			.paypal.com/	1970-01-21 06:01:36	Name: ts_c Value: vr%3D561847fe18f0a556008d0d24ffaa929a%26vt%3D561847fe18f0a556008d0d24ffaa9299

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://fwnitro.caitsith2.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://fwnitro.caitsith2.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://fwnitro.caitsith2.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://fwnitro.caitsith2.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
network	error	URL: https://fwnitro.caitsith2.com/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fwnitro.caitsith2.com
www.paypal.com
www.paypalobjects.com
151.101.65.21
172.67.135.75
192.229.221.25
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
4c13d452dd5d49671bd93ca32f2b4f85c78e39b6ab0ad1f38d98ed267f8fd896
5158238c8385a1dbfbdfae38e1f9e753819fcd802f81db87958d3e4806527139
5640beb86484238fcbd5c7d9190463717238346b8842513e94a25a68d8a2611b
5ea25820408429e29133fa706451135aec8b500d4db8c795582c72960b58ae1d
9a3aa3f63693ce54b0256fcb57c17beb7cc55c37ca10308727103726d362a72a
a031dc5604035a30a416c810264c3298ee2e0a61f5f6a3a4bf49ac0c0872cc99
a8f36837d21e73e1a17fa2936ec161187b3d1e6b08c0335433aec8153cd41049
d581de48435826cf7d392f5a01a8fe19c1cf474198c015aa7142da8a7777c938
d608306174804a86c1bdd9d746169bdbe9bf11cdda0e956f3f60e1aab3f4e49c
d88741aa2bdebb21744ac70e684fc68723d96905fdc30a2ba341f6ebe608e475
d8eb7f25815165374ca1857a0e427e0d13e01cde59dcc55b691c1f33dda0a82f
df2242b147f154f7b1a67cf5c4c79098f8c1b3da35a3cae30d8a041a59209678
e7681ab07099de49b94d6db788009695c3dcb5d63ac81bc3e322b68a7db9d54e
f074ae0293d9691e6f5ff652c5998f38007c87c68d051757a87825a99500f78b

fwnitro.caitsith2.com Open in urlscan Pro 172.67.135.75 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

15 Requests

87 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

2 IPs

1 Countries

351 kBTransfer

348 kBSize

2 Cookies

0 Outgoing links

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

2 Cookies

5 Console Messages

Security Headers

Indicators

fwnitro.caitsith2.com Open in urlscan Pro
172.67.135.75 Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

87 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

1
Countries

351 kB
Transfer

348 kB
Size

2
Cookies

15 HTTP transactions
0 data transactions