wfpiebnuo.underlevel.world Open in urlscan Pro
172.67.183.102 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://intactglas.com/0/2/39525/5b78f5f979d938b783449fcd93892fed/10/38286_20/0.43659946877580236
Effective URL:
https://wfpiebnuo.underlevel.world/gizv/zatc/rruo/yhgh?a659527e845dc136f9ad48e566ca83ad
Submission: On August 11 via api (August 11th 2024, 7:12:45 pm UTC) from US — Scanned from US

Summary HTTP 17 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 5 domains to perform 17 HTTP transactions. The main IP is 172.67.183.102, located in United States and belongs to CLOUDFLARENET, US. The main domain is wfpiebnuo.underlevel.world.
TLS certificate: Issued by WE1 on July 26th 2024. Valid for: 3 months.

This is the only time wfpiebnuo.underlevel.world was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Tracking (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1	31.222.255.22 31.222.255.22	49392 (ASBAXETN) (ASBAXETN)
1 1	172.67.203.137 172.67.203.137	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	172.67.183.102 172.67.183.102	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:303... 2606:4700:3037::ac43:8ef5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	172.67.150.30 172.67.150.30	13335 (CLOUDFLAR...) (CLOUDFLARENET)
17	4

1 31.222.255.22 (Seychelles)

ASN49392 (ASBAXETN, RU)

intactglas.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.203.137 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

ninogyro.click	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 172.67.183.102 (United States)

ASN13335 (CLOUDFLARENET, US)

wfpiebnuo.underlevel.world	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3037::ac43:8ef5 (United States)

ASN13335 (CLOUDFLARENET, US)

use.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.67.150.30 (United States)

ASN13335 (CLOUDFLARENET, US)

trk-elevostra.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
event.trk-elevostra.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	underlevel.world wfpiebnuo.underlevel.world	327 KB
4	trk-elevostra.com trk-elevostra.com — Cisco Umbrella Rank: 357103 event.trk-elevostra.com — Cisco Umbrella Rank: 369321	3 KB
1	fontawesome.com use.fontawesome.com — Cisco Umbrella Rank: 1950	426 KB
1	ninogyro.click 1 redirects ninogyro.click	651 B
1	intactglas.com intactglas.com	581 B
17	5

	Domain	Requested by
11	wfpiebnuo.underlevel.world	intactglas.com wfpiebnuo.underlevel.world
3	event.trk-elevostra.com	trk-elevostra.com
1	trk-elevostra.com	wfpiebnuo.underlevel.world
1	use.fontawesome.com	wfpiebnuo.underlevel.world
1	ninogyro.click	1 redirects
1	intactglas.com
17	6

This site contains no links.

Subject Issuer	Validity	Valid
intactglas.com R10	`2024-08-02` - `2024-10-31`	3 months	crt.sh
underlevel.world WE1	`2024-07-26` - `2024-10-24`	3 months	crt.sh
use.fontawesome.com Cloudflare Inc ECC CA-3	`2023-10-12` - `2024-10-10`	a year	crt.sh
trk-elevostra.com WE1	`2024-08-11` - `2024-11-09`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://wfpiebnuo.underlevel.world/gizv/zatc/rruo/yhgh?a659527e845dc136f9ad48e566ca83ad
Frame ID: D06038CB3591DFF9265D60A5CEC3B72B
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

(1) Notification

Page URL History Show full URLs

http://intactglas.com/0/2/39525/5b78f5f979d938b783449fcd93892fed/10/38286_20/0.43659946877580236 HTTP 307
https://intactglas.com/0/2/39525/5b78f5f979d938b783449fcd93892fed/10/38286_20/0.43659946877580236 Page URL
https://ninogyro.click/?id=209&s1=351983&s2=1215539642&s3=5992&p=us5upstrack7a HTTP 302
https://wfpiebnuo.underlevel.world/gizv/zatc/rruo/yhgh?a659527e845dc136f9ad48e566ca83ad Page URL

Detected technologies

animate.css (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link [^>]+(?:/([\d.]+)/)?animate\.(?:min\.)?css

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

17
Requests

100 %
HTTPS

20 %
IPv6

5
Domains

6
Subdomains

4
IPs

2
Countries

758 kB
Transfer

1608 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://intactglas.com/0/2/39525/5b78f5f979d938b783449fcd93892fed/10/38286_20/0.43659946877580236 HTTP 307
https://intactglas.com/0/2/39525/5b78f5f979d938b783449fcd93892fed/10/38286_20/0.43659946877580236 Page URL
https://ninogyro.click/?id=209&s1=351983&s2=1215539642&s3=5992&p=us5upstrack7a HTTP 302
https://wfpiebnuo.underlevel.world/gizv/zatc/rruo/yhgh?a659527e845dc136f9ad48e566ca83ad Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://intactglas.com/0/2/39525/5b78f5f979d938b783449fcd93892fed/10/38286_20/0.43659946877580236 HTTP 307
https://intactglas.com/0/2/39525/5b78f5f979d938b783449fcd93892fed/10/38286_20/0.43659946877580236

17 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

0.43659946877580236
intactglas.com/0/2/39525/5b78f5f979d938b783449fcd93892fed/10/38286_20/
Redirect Chain

http://intactglas.com/0/2/39525/5b78f5f979d938b783449fcd93892fed/10/38286_20/0.43659946877580236
https://intactglas.com/0/2/39525/5b78f5f979d938b783449fcd93892fed/10/38286_20/0.43659946877580236

141 B
581 B

1305ms
496ms

Document
text/html

31.222.255.22
ASBAXETN

General

Check archive.org

Show headers Download Go to

Full URL

https://intactglas.com/0/2/39525/5b78f5f979d938b783449fcd93892fed/10/38286_20/0.43659946877580236

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

31.222.255.22 , Seychelles, ASN49392 (ASBAXETN, RU),

Reverse DNS

Software

nginx/1.12.2 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=16000000; includeSubDomains; preload;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sun, 11 Aug 2024 19:12:32 GMT
server: nginx/1.12.2
strict-transport-security: max-age=16000000; includeSubDomains; preload;
transfer-encoding: chunked
vary: Accept-Encoding

Redirect headers

Location: https://intactglas.com/0/2/39525/5b78f5f979d938b783449fcd93892fed/10/38286_20/0.43659946877580236
Non-Authoritative-Reason: HttpsUpgrades

GET
H3

200

Primary Request yhgh Show response
wfpiebnuo.underlevel.world/gizv/zatc/rruo/
Redirect Chain

https://ninogyro.click/?id=209&s1=351983&s2=1215539642&s3=5992&p=us5upstrack7a
https://wfpiebnuo.underlevel.world/gizv/zatc/rruo/yhgh?a659527e845dc136f9ad48e566ca83ad

39 KB
8 KB

1067ms
293ms

Document
text/html

172.67.183.102
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://wfpiebnuo.underlevel.world/gizv/zatc/rruo/yhgh?a659527e845dc136f9ad48e566ca83ad

Requested by

Host: intactglas.com
URL: https://intactglas.com/0/2/39525/5b78f5f979d938b783449fcd93892fed/10/38286_20/0.43659946877580236

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.183.102 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

30379c013f79bd6b41d3bee44a11120590b44359fbea0779db5a849092ffb890

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://intactglas.com/0/2/39525/5b78f5f979d938b783449fcd93892fed/10/38286_20/0.43659946877580236
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8b1a89b66f797cd3-LAX
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sun, 11 Aug 2024 19:12:34 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j6bu2ERn%2BblJl7AhvPXFQr2fdeaVRzvqaphr%2B3ymN6jNZHRhBYTQn6GD8M9fyi%2BlRSQ02qJ5C5q4%2BwoDUlia680Jrnv%2FS6eCilqAGYiJGkFx40p4JzvuBalUaiNjYf%2FpaUOZ16nhl7bbotNJSA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding,User-Agent
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

Redirect headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache, no-store, must-revalidate, max-age=0
cf-cache-status: DYNAMIC
cf-ray: 8b1a89b0ab6a0fc4-LAX
content-type: text/html; charset=UTF-8
date: Sun, 11 Aug 2024 19:12:33 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: https://wfpiebnuo.underlevel.world/gizv/zatc/rruo/yhgh?a659527e845dc136f9ad48e566ca83ad
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZeqvrgWjS04aRNOKt7SnZ8fXMIrXbsyEXSIG%2FfhiGCEd5wHQJwD1fLqTxk3pfjK3X28mbT0lx5R9mn%2BsQ%2FRuaPLHIyVzg49SMZsE%2FS0HZC9ji2rkYTpNReW0nMvji2Qdkw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: User-Agent
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H3 200 style.css
wfpiebnuo.underlevel.world/master/us177/ 15 KB
4 KB 82ms
80ms Stylesheet
text/css 172.67.183.102
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://wfpiebnuo.underlevel.world/master/us177/style.css

Requested by

Host: wfpiebnuo.underlevel.world
URL: https://wfpiebnuo.underlevel.world/gizv/zatc/rruo/yhgh?a659527e845dc136f9ad48e566ca83ad

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.183.102 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

11f105a08e89103402777a983b6d8f88cc66c7706f95a348719d70ffe3adada3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://wfpiebnuo.underlevel.world/gizv/zatc/rruo/yhgh?a659527e845dc136f9ad48e566ca83ad
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sun, 11 Aug 2024 19:12:34 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 85261
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Thu, 18 Apr 2024 20:46:54 GMT
server: cloudflare
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nqh4kTMx11wqAjL1DRV%2FxAU5Ktp%2FA91gMnFviivwVJIHO5P%2FFD5xcKQUOwHSUHA7gQdf6%2BSZMt5A6DQ%2F8QI4IQdzLpiQERkgpAMAdqX1NVOoaQ8KVncbd%2F9syAyWG67RXsp0iEi5aztYJyCC0A%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
cf-ray: 8b1a89b8b96a7cd3-LAX
expires: Sat, 17 Aug 2024 19:31:33 GMT

GET
H3 200 animate.min.css
wfpiebnuo.underlevel.world/master/us177/ 57 KB
5 KB 150ms
147ms Stylesheet
text/css 172.67.183.102
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://wfpiebnuo.underlevel.world/master/us177/animate.min.css

Requested by

Host: wfpiebnuo.underlevel.world
URL: https://wfpiebnuo.underlevel.world/gizv/zatc/rruo/yhgh?a659527e845dc136f9ad48e566ca83ad

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.183.102 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4c055e6d0d9ba2b8f1be4719110e92c1b9499ed0759f0d1c48fccd16a7b31dcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://wfpiebnuo.underlevel.world/gizv/zatc/rruo/yhgh?a659527e845dc136f9ad48e566ca83ad
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sun, 11 Aug 2024 19:12:34 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 85261
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Thu, 18 Apr 2024 20:46:53 GMT
server: cloudflare
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H5qcBb4jIIS%2BseGJ68B2wqPAzw3ti9jh9yG2urxf18iJGD3ksaFycs9QIGNO4m8Jxl7w40s4AxSn1XxZhgTqbWGhZ%2FEQDA9HnJNSdxzr9ajH3bLJHlx%2BbpjGKjtCzPBnndxO53abYockVIxkdw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
cf-ray: 8b1a89b8c96d7cd3-LAX
expires: Sat, 17 Aug 2024 19:31:33 GMT

GET
H2 200 all.js Show response
use.fontawesome.com/releases/v5.15.4/js/ 1 MB
426 KB 955ms
89ms Script
application/javascript 2606:4700:3037::ac43:8ef5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.15.4/js/all.js
Requested by: Host: wfpiebnuo.underlevel.world
URL: https://wfpiebnuo.underlevel.world/gizv/zatc/rruo/yhgh?a659527e845dc136f9ad48e566ca83ad
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::ac43:8ef5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 812ab0e46f86b2ce98ab2425ab2224b90d0845952a1ac0d5abd734b6217e98bf

Request headers

Referer: https://wfpiebnuo.underlevel.world/
Origin: https://wfpiebnuo.underlevel.world
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sun, 11 Aug 2024 19:12:35 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 22 Sep 2023 01:45:24 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 85332
etag: W/"5e29440867fdb02a48dffded02338c31"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Lt06pVplpR2T9ZB5hrkYBv1u%2FdBV1w%2BDC5upTqARspwD%2BpsAG0rv1avEExrk72t45zrMVfMQsamjqx1lblHX0BeEWxoKyrl7gXWjuOlGtjS6HasPa8GhXHhMy%2BjxIlQGT9nbaRFbvknrPKBs8vO00SEr"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31556926
cf-ray: 8b1a89bffa5808cb-LAX
alt-svc: h3=":443"; ma=86400

GET
H3 200 msg.js Show response
wfpiebnuo.underlevel.world/inc/ 943 B
925 B 279ms
273ms Script
application/javascript 172.67.183.102
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://wfpiebnuo.underlevel.world/inc/msg.js?3666b05c8a7a53272bcc4f9ee7010bf3

Requested by

Host: wfpiebnuo.underlevel.world
URL: https://wfpiebnuo.underlevel.world/gizv/zatc/rruo/yhgh?a659527e845dc136f9ad48e566ca83ad

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.183.102 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

19f7dd15af70121da291e6df75452886b47a5d0e074f2ed422be30e8ec5d9671

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://wfpiebnuo.underlevel.world/gizv/zatc/rruo/yhgh?a659527e845dc136f9ad48e566ca83ad
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sun, 11 Aug 2024 19:12:34 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 21 Jun 2024 16:01:34 GMT
server: cloudflare
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BcX%2BHyJXFrIdPHpYX7Bq%2FifXvZm5j3H4N7vO%2Fn59AmNeUp4QV5Sim83x8Ro6Kq%2FZfq8LwhFQRbXwoT11dD%2BsU%2FbhKN5Tp0yU3Ev1T4Qn5gWjAuzU3NKcu9Z1CeHBqEfzhB2JXUQ%2F62FUN8gugw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
cf-ray: 8b1a89b8c9727cd3-LAX
expires: Sun, 18 Aug 2024 19:12:34 GMT

GET
H3 200 logopp.png
wfpiebnuo.underlevel.world/master/us177/ 50 KB
50 KB 150ms
144ms Image
image/png 172.67.183.102
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://wfpiebnuo.underlevel.world/master/us177/logopp.png

Requested by

Host: wfpiebnuo.underlevel.world
URL: https://wfpiebnuo.underlevel.world/gizv/zatc/rruo/yhgh?a659527e845dc136f9ad48e566ca83ad

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.183.102 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cc9d1599746ab92c71d07d5078adbdc763295f6d64760d9528b1d28245ca97dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://wfpiebnuo.underlevel.world/gizv/zatc/rruo/yhgh?a659527e845dc136f9ad48e566ca83ad
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sun, 11 Aug 2024 19:12:34 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 85261
alt-svc: h3=":443"; ma=86400
content-length: 50691
x-xss-protection: 1; mode=block
last-modified: Thu, 18 Apr 2024 20:46:53 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent, Accept-Encoding
content-type: image/png
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iqHp7UuCTlNiN18YSEIKZ1cAxSPcvxb6VlWCU4a%2FWemjTqAy6PBnGoW9m4hJ7aqX56sqT6Ml0rmLz4EV8BBrPBc3%2FjweC6Puby42oeF4SRmEJZIIqr4eVx%2ByyAlNnTFdkZ2Ab7KHjmkkXysmKQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 8b1a89b8c9737cd3-LAX
expires: Sat, 17 Aug 2024 19:31:33 GMT

GET
H3 200 product.jpg
wfpiebnuo.underlevel.world/master/us177/ 67 KB
67 KB 81ms
76ms Image
image/jpeg 172.67.183.102
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://wfpiebnuo.underlevel.world/master/us177/product.jpg

Requested by

Host: wfpiebnuo.underlevel.world
URL: https://wfpiebnuo.underlevel.world/gizv/zatc/rruo/yhgh?a659527e845dc136f9ad48e566ca83ad

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.183.102 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6b86dbbda25715a3533518c22ab3698a4732674fffbf7bde8f18ab8685f249ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://wfpiebnuo.underlevel.world/gizv/zatc/rruo/yhgh?a659527e845dc136f9ad48e566ca83ad
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sun, 11 Aug 2024 19:12:34 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 85260
alt-svc: h3=":443"; ma=86400
content-length: 68264
x-xss-protection: 1; mode=block
last-modified: Thu, 18 Apr 2024 20:46:55 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent, Accept-Encoding
content-type: image/jpeg
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rRoUSOJGCCSnzOqWlj0EDsjWvMGEVhoy8QHklkcw0uxFqgGoZD54byOP95%2B3DW0vNTQHTwFIo6M0Da1Ypbod2fBRfsvP6TFWDiKzVAEHF0biQAZro6tC5XiRw0R0rSLB6e6xfGnA4KqqmxkNNg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 8b1a89b8c9747cd3-LAX
expires: Sat, 17 Aug 2024 19:31:33 GMT

GET
H3 200 logo.png
wfpiebnuo.underlevel.world/master/us177/ 75 KB
75 KB 94ms
93ms Image
image/png 172.67.183.102
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://wfpiebnuo.underlevel.world/master/us177/logo.png

Requested by

Host: wfpiebnuo.underlevel.world
URL: https://wfpiebnuo.underlevel.world/gizv/zatc/rruo/yhgh?a659527e845dc136f9ad48e566ca83ad

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.183.102 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f37a1bc4b16b7c892cd9d8d66360ea31a060c56ed322bc52d5efafd48b52568c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://wfpiebnuo.underlevel.world/gizv/zatc/rruo/yhgh?a659527e845dc136f9ad48e566ca83ad
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sun, 11 Aug 2024 19:12:34 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 85260
alt-svc: h3=":443"; ma=86400
content-length: 76299
x-xss-protection: 1; mode=block
last-modified: Thu, 18 Apr 2024 20:46:55 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent, Accept-Encoding
content-type: image/png
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iMpdnC2MMHo8I6BBeK9D%2BXMiFOfgKDiDg3S3PsizQ02WoiAQS3Ih4DpXUWaBffL9RYooyFuENwspjj3Xg0sw8S%2BrIAzp3msEsnLNCcENzf26VRFxFNhxSvDGaeI3WczZPOo%2FNZ5PQQDam4gsyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 8b1a89ba2a8a7cd3-LAX
expires: Sat, 17 Aug 2024 19:31:34 GMT

GET
H3 200 loading.gif
wfpiebnuo.underlevel.world/master/us177/ 107 KB
107 KB 84ms
81ms Image
image/gif 172.67.183.102
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://wfpiebnuo.underlevel.world/master/us177/loading.gif

Requested by

Host: wfpiebnuo.underlevel.world
URL: https://wfpiebnuo.underlevel.world/gizv/zatc/rruo/yhgh?a659527e845dc136f9ad48e566ca83ad

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.183.102 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a09a57db981b13c71ac6a6f4c966656994cef24c3cebfbd816fe1fa5af8c1065

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://wfpiebnuo.underlevel.world/gizv/zatc/rruo/yhgh?a659527e845dc136f9ad48e566ca83ad
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sun, 11 Aug 2024 19:12:34 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 85260
alt-svc: h3=":443"; ma=86400
content-length: 109494
x-xss-protection: 1; mode=block
last-modified: Thu, 18 Apr 2024 20:46:54 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent, Accept-Encoding
content-type: image/gif
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F2LWxCwzHUX3waFBGX4MdynfmJWzSJBZm0jg9AqJ9a2j4xL9dKu7037CYf17gTaG4aMjhHr8Dke5wquSsQdNPPj4jDk8b6uZZV4AD80o5ZidOAS9QResUyzd%2BYF7k82awL%2BjSZPk4%2FQocOKrSA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 8b1a89ba8ad07cd3-LAX
expires: Sat, 17 Aug 2024 19:31:34 GMT

GET
H3 200 check.png
wfpiebnuo.underlevel.world/master/us177/ 8 KB
9 KB 84ms
82ms Image
image/png 172.67.183.102
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://wfpiebnuo.underlevel.world/master/us177/check.png

Requested by

Host: wfpiebnuo.underlevel.world
URL: https://wfpiebnuo.underlevel.world/gizv/zatc/rruo/yhgh?a659527e845dc136f9ad48e566ca83ad

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.183.102 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

054a0ebcf5acd05cf68a90276f12dc32fbc1b7a7aa864be4ab2d35cd584f55fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://wfpiebnuo.underlevel.world/gizv/zatc/rruo/yhgh?a659527e845dc136f9ad48e566ca83ad
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sun, 11 Aug 2024 19:12:34 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 85260
alt-svc: h3=":443"; ma=86400
content-length: 8338
x-xss-protection: 1; mode=block
last-modified: Thu, 18 Apr 2024 20:46:53 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent, Accept-Encoding
content-type: image/png
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DoKCQ7UOY6rxRcPT0o9WlQYmjpEgaBFfp40pxZ%2Bts99v%2B8r1IdIbTfuAYsQm6BJZmUTsfdhCaDpluBBqsEc1My0pzcbVvmfEjeDmOn%2BGyJvVvNkA3Mghp1oV9IOKHdAZAmyx6eGMgPIPWwqw9w%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 8b1a89ba8ad37cd3-LAX
expires: Sat, 17 Aug 2024 19:31:34 GMT

GET
H3 200 script.js Show response
wfpiebnuo.underlevel.world/master/us177/ 13 KB
2 KB 118ms
115ms Script
application/javascript 172.67.183.102
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://wfpiebnuo.underlevel.world/master/us177/script.js

Requested by

Host: wfpiebnuo.underlevel.world
URL: https://wfpiebnuo.underlevel.world/gizv/zatc/rruo/yhgh?a659527e845dc136f9ad48e566ca83ad

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.183.102 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2d52b22d335024aa0efba1dd0a13ebdac87329bf27b3f0b6d7bba7a2522eed33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://wfpiebnuo.underlevel.world/gizv/zatc/rruo/yhgh?a659527e845dc136f9ad48e566ca83ad
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sun, 11 Aug 2024 19:12:34 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 85261
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Thu, 18 Apr 2024 20:46:54 GMT
server: cloudflare
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2pPJHhq%2Bxh8AWMmslfOwu5dA2f8ytSDrkmbx5NTEgQeiwJBhQHO6v2oUUWF3blzlaNZY3amBgLgd2K0z28AGEIYz6xYaRlB5%2FEMfgtNOFIJW7p6LdxtSbaSq9OvOOuSmorybWe1wHX70f3kRkg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
cf-ray: 8b1a89ba8ad27cd3-LAX
expires: Sat, 17 Aug 2024 19:31:33 GMT

GET
H3 200 v9e118mez8 Show response
trk-elevostra.com/scripts/push/ 8 KB
3 KB 218ms
71ms Script
application/javascript 172.67.150.30
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://trk-elevostra.com/scripts/push/v9e118mez8

Requested by

Host: wfpiebnuo.underlevel.world
URL: https://wfpiebnuo.underlevel.world/inc/msg.js?3666b05c8a7a53272bcc4f9ee7010bf3

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.150.30 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0023a8f8391b10006ee27598323de8d0e3d019755e8f7a16e88464b1aef00b39

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://wfpiebnuo.underlevel.world/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sun, 11 Aug 2024 19:12:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4197
alt-svc: h3=":443"; ma=86400
content-length: 2519
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 11 Aug 2024 18:02:38 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: application/javascript;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9Kd6UNPPPt%2FmXbAmvE79TskT3qVjZdHTzzvNElzZn5Ckj9pyp8hV8JMtSQiVKNG3pq%2F7%2BljfluF1GA3XCfEPKqZjrWA6S53lLuc6qFTnpI0h515tQi%2FvDRk6Q3m%2Bcp5SUm9m2w%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400, must-revalidate
permissions-policy: camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
accept-ranges: bytes
cf-ray: 8b1a89bb7f972f46-LAX
expires: 0

GET
H3 200 favicon.ico
wfpiebnuo.underlevel.world/ 0
511 B 74ms
73ms Other
image/x-icon 172.67.183.102
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://wfpiebnuo.underlevel.world/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.183.102 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://wfpiebnuo.underlevel.world/gizv/zatc/rruo/yhgh?a659527e845dc136f9ad48e566ca83ad
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sun, 11 Aug 2024 19:12:36 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 85332
alt-svc: h3=":443"; ma=86400
content-length: 0
x-xss-protection: 1; mode=block
last-modified: Tue, 11 Jun 2024 20:46:17 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent, Accept-Encoding
content-type: image/x-icon
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N5NG96WIDysNOt2q1gF1REdrgg78f0elWGnqmHtIq7prxpMvcFK9qv%2FS9R8T85f6lv8oWIAUcTftP0yIffeH3sYe1qq3DDkEDvZctBghqYeZRpWRyeFOl4bcin6fsapi%2FSRrP%2FACVGTsKFnIQg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 8b1a89c2c9be7cd3-LAX
expires: Sat, 17 Aug 2024 19:30:24 GMT

OPTIONS
H3 200 v9e118mez8
event.trk-elevostra.com/register/event_log/ 0
0 436ms
316ms Preflight 172.67.150.30
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://event.trk-elevostra.com/register/event_log/v9e118mez8

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.150.30 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://wfpiebnuo.underlevel.world
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-expose-headers: Authorization, Link, X-Total-Count, X-pushPlatformApp-alert, X-pushPlatformApp-error, X-pushPlatformApp-params
access-control-max-age: 1800
alt-svc: h3=":443"; ma=86400
cache-control: no-cache, no-store, max-age=0, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8b1a89c44e03cb7d-LAX
content-length: 0
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
date: Sun, 11 Aug 2024 19:12:36 GMT
expires: 0
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
permissions-policy: camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kHHE64jAJQwiL9w1l5hwPoINVcGOV57leXIDelHoFn8kLLrrrEQShf2gpm4J9KqvVKD0H7IB5RlWJVgZxOFlyUSStbvJS%2FlNw8txOrkPcioQ8EOwqkYo5ytr%2FVDsilNFHFQ%2BEIZPxcupoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

POST
H3 200 v9e118mez8
event.trk-elevostra.com/register/event_log/ 0
0 132ms
131ms Fetch 172.67.150.30
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://event.trk-elevostra.com/register/event_log/v9e118mez8

Requested by

Host: trk-elevostra.com
URL: https://trk-elevostra.com/scripts/push/v9e118mez8

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.150.30 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://wfpiebnuo.underlevel.world/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-type: application/json

Response headers

x-pushplatformapp-params
date: Sun, 11 Aug 2024 19:12:36 GMT
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-pushplatformapp-alert: pushPlatformApp.pushSubscription.deleted
alt-svc: h3=":443"; ma=86400
content-length: 0
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: SAMEORIGIN
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CpSCXvpHT8i4q64dPQXO%2FCyHQwwKPMEPev2iKs1ZKLZV5hYoK%2BoiYiBvAYtGzfSuTZ978tECqUTe8DVzr1SkL0ah33ZVJRsXWW1o6zyGGwLqUpG%2Fmq5%2F%2BPM5g3Q6sfuQNx4KYvPRPeUsKQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
access-control-expose-headers: Authorization, Link, X-Total-Count, X-pushPlatformApp-alert, X-pushPlatformApp-error, X-pushPlatformApp-params
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
cf-ray: 8b1a89c63a72cb7d-LAX
expires: 0

POST
H3 200 v9e118mez8
event.trk-elevostra.com/register/event_log/ 0
0 134ms
132ms Fetch 172.67.150.30
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://event.trk-elevostra.com/register/event_log/v9e118mez8

Requested by

Host: trk-elevostra.com
URL: https://trk-elevostra.com/scripts/push/v9e118mez8

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.150.30 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://wfpiebnuo.underlevel.world/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-type: application/json

Response headers

x-pushplatformapp-params
date: Sun, 11 Aug 2024 19:12:38 GMT
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-pushplatformapp-alert: pushPlatformApp.pushSubscription.deleted
alt-svc: h3=":443"; ma=86400
content-length: 0
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: SAMEORIGIN
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9LvS6xcAiMsKGpuUh3X3OXBoa6hdirFCgOZhq0D5Qiv%2B0uQhUOrBPdtzYRzeSrtiNWI6GeEeRfG%2FJEdybyfeEf7vty6ObPXCHC6Nl8DkvjfMR40mOMoO69KR1H8x3lfxxHhzSFF75jruxA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
access-control-expose-headers: Authorization, Link, X-Total-Count, X-pushPlatformApp-alert, X-pushPlatformApp-error, X-pushPlatformApp-params
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
cf-ray: 8b1a89cf1e52cb7d-LAX
expires: 0

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Tracking (Transportation)

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
intactglas.com/	1970-01-20 23:26:35	Name: uid5992 Value: 1215539642-20240811151232-6161e12ec8ab1cc551b41963eb798cdb-3905
ninogyro.click/	1969-12-31 23:59:59	Name: PHPSESSID Value: f97c257afd907a00784892e0e2e979e3
wfpiebnuo.underlevel.world/	1969-12-31 23:59:59	Name: PHPSESSID Value: f7be917b0cf1d5de323f44bd8d5b6668

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	error	URL: https://wfpiebnuo.underlevel.world/gizv/zatc/rruo/yhgh?a659527e845dc136f9ad48e566ca83ad Message: Chrome currently does not support the Push API in incognito mode (https://crbug.com/401439). There is deliberately no way to feature-detect this, since incognito mode needs to be undetectable by websites.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=16000000; includeSubDomains; preload;

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

event.trk-elevostra.com
intactglas.com
ninogyro.click
trk-elevostra.com
use.fontawesome.com
wfpiebnuo.underlevel.world
172.67.150.30
172.67.183.102
172.67.203.137
2606:4700:3037::ac43:8ef5
31.222.255.22
0023a8f8391b10006ee27598323de8d0e3d019755e8f7a16e88464b1aef00b39
054a0ebcf5acd05cf68a90276f12dc32fbc1b7a7aa864be4ab2d35cd584f55fd
11f105a08e89103402777a983b6d8f88cc66c7706f95a348719d70ffe3adada3
19f7dd15af70121da291e6df75452886b47a5d0e074f2ed422be30e8ec5d9671
2d52b22d335024aa0efba1dd0a13ebdac87329bf27b3f0b6d7bba7a2522eed33
30379c013f79bd6b41d3bee44a11120590b44359fbea0779db5a849092ffb890
4c055e6d0d9ba2b8f1be4719110e92c1b9499ed0759f0d1c48fccd16a7b31dcf
6b86dbbda25715a3533518c22ab3698a4732674fffbf7bde8f18ab8685f249ce
812ab0e46f86b2ce98ab2425ab2224b90d0845952a1ac0d5abd734b6217e98bf
a09a57db981b13c71ac6a6f4c966656994cef24c3cebfbd816fe1fa5af8c1065
cc9d1599746ab92c71d07d5078adbdc763295f6d64760d9528b1d28245ca97dd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f37a1bc4b16b7c892cd9d8d66360ea31a060c56ed322bc52d5efafd48b52568c

wfpiebnuo.underlevel.world Open in urlscan Pro 172.67.183.102 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

100 %HTTPS

20 %IPv6

5 Domains

6 Subdomains

4 IPs

2 Countries

758 kBTransfer

1608 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

26 JavaScript Global Variables

3 Cookies

1 Console Messages

Security Headers

Indicators

wfpiebnuo.underlevel.world Open in urlscan Pro
172.67.183.102 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

100 %
HTTPS

20 %
IPv6

5
Domains

6
Subdomains

4
IPs

2
Countries

758 kB
Transfer

1608 kB
Size

3
Cookies

17 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!