she.lavateraas.sbs Open in urlscan Pro
188.114.96.3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://onea.sunflowersad.shop/index.php/campaigns/oc880ko5n4744/track-url/dy130fvl8o999/ae715cc9c7ee306bf81f3b2d41c2fc90ffe0e194
Effective URL:
https://she.lavateraas.sbs/?customer-id=oc880ko5n4744-xs956a5a7c1c2-dy130fvl8o999
Submission: On November 04 via api (November 4th 2024, 1:07:12 pm UTC) from DE — Scanned from NL

Summary HTTP 23 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 4 domains to perform 23 HTTP transactions. The main IP is 188.114.96.3, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is she.lavateraas.sbs.
TLS certificate: Issued by WE1 on November 2nd 2024. Valid for: 3 months.

This is the only time she.lavateraas.sbs was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Scam (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 23	188.114.96.3 188.114.96.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	172.67.200.40 172.67.200.40	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:303... 2606:4700:3037::ac43:8ef5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
23	2

23 188.114.96.3 (Amsterdam, Netherlands) 1 redirects

ASN13335 (CLOUDFLARENET, US)

onea.sunflowersad.shop	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
she.lavateraas.sbs	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.200.40 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

facebook-pixel.squareminus.shop	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3037::ac43:8ef5 (United States)

ASN13335 (CLOUDFLARENET, US)

use.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
22	lavateraas.sbs she.lavateraas.sbs	1024 KB
1	fontawesome.com use.fontawesome.com — Cisco Umbrella Rank: 1222	426 KB
1	squareminus.shop 1 redirects facebook-pixel.squareminus.shop	664 B
1	sunflowersad.shop 1 redirects onea.sunflowersad.shop	875 B
23	4

	Domain	Requested by
22	she.lavateraas.sbs	she.lavateraas.sbs
1	use.fontawesome.com	she.lavateraas.sbs
1	facebook-pixel.squareminus.shop	1 redirects
1	onea.sunflowersad.shop	1 redirects
23	4

This site contains links to these domains. Also see Links.

Domain
virus-scanned.kiuorusta.shop

Subject Issuer	Validity	Valid
lavateraas.sbs WE1	`2024-11-02` - `2025-01-31`	3 months	crt.sh
use.fontawesome.com WE1	`2024-09-09` - `2024-12-09`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://she.lavateraas.sbs/?customer-id=oc880ko5n4744-xs956a5a7c1c2-dy130fvl8o999
Frame ID: 00D5930C5B40C17B6E63A8AACBD072F2
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Belohnungen für Umfragen

Page URL History Show full URLs

https://onea.sunflowersad.shop/index.php/campaigns/oc880ko5n4744/track-url/dy130fvl8o999/ae715cc9c7ee306bf8... HTTP 301
https://facebook-pixel.squareminus.shop/ZTyB5juI7sow2pLk6smN2qEr?customer-id=oc880ko5n4744-xs956a5a7c1c2-dy130fvl8o999 HTTP 301
http://she.lavateraas.sbs/?customer-id=oc880ko5n4744-xs956a5a7c1c2-dy130fvl8o999 HTTP 307
https://she.lavateraas.sbs/?customer-id=oc880ko5n4744-xs956a5a7c1c2-dy130fvl8o999 Page URL

Detected technologies

animate.css (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link [^>]+(?:/([\d.]+)/)?animate\.(?:min\.)?css

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

23
Requests

100 %
HTTPS

33 %
IPv6

4
Domains

4
Subdomains

2
IPs

2
Countries

1450 kB
Transfer

2289 kB
Size

1
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://virus-scanned.kiuorusta.shop/m3o5Rw1fQbgY1Vc5is3lujfosi9LpwH7jU2eTNxvX9YtdrdFsOfrU4aem6KMgbPT3ss8gU1l4ss/?source_id=G-SHE&s1=oc880ko5n4744-xs956a5a7c1c2-dy130fvl8o999
Title: Continuer

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://onea.sunflowersad.shop/index.php/campaigns/oc880ko5n4744/track-url/dy130fvl8o999/ae715cc9c7ee306bf81f3b2d41c2fc90ffe0e194 HTTP 301
https://facebook-pixel.squareminus.shop/ZTyB5juI7sow2pLk6smN2qEr?customer-id=oc880ko5n4744-xs956a5a7c1c2-dy130fvl8o999 HTTP 301
http://she.lavateraas.sbs/?customer-id=oc880ko5n4744-xs956a5a7c1c2-dy130fvl8o999 HTTP 307
https://she.lavateraas.sbs/?customer-id=oc880ko5n4744-xs956a5a7c1c2-dy130fvl8o999 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

23 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H3	200	Primary Request / Show response she.lavateraas.sbs/ Redirect Chain https://onea.sunflowersad.shop/index.php/campaigns/oc880ko5n4744/track-url/dy130fvl8o999/ae715cc9c7ee306bf81f3b2d41c2fc90ffe0e194 https://facebook-pixel.squareminus.shop/ZTyB5juI7sow2pLk6smN2qEr?customer-id=oc880ko5n4744-xs956a5a7c1c2-dy130fvl8o999 http://she.lavateraas.sbs/?customer-id=oc880ko5n4744-xs956a5a7c1c2-dy130fvl8o999 https://she.lavateraas.sbs/?customer-id=oc880ko5n4744-xs956a5a7c1c2-dy130fvl8o999	29 KB 6 KB	121ms 46ms	Document text/html	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://she.lavateraas.sbs/?customer-id=oc880ko5n4744-xs956a5a7c1c2-dy130fvl8o999 Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.2.24 Resource Hash `6aa343fa9007e356c42ee06e76624f322d812c28f2f1c8ed991994935e6b8055` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 8dd4d3421da74242-AMS content-encoding br content-type text/html; charset=UTF-8 date Mon, 04 Nov 2024 13:07:07 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} priority u=0,i report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9nFrUXXjM8m%2BmXCsjo1XC0anmmLVOWhOezI6%2BB6AtJavKX0UPJxWpFZgV%2BIQVYRntDYYsAj4wEi7TsFLBqs%2Bz1NQNbjX0F9QJL3DFWy2U1VH2sIB%2Fd7V6fZMCNOem%2BkYPxujOyE%3D"}],"group":"cf-nel","max_age":604800} server cloudflare server-timing cfL4;desc="?proto=QUIC&rtt=21567&sent=12&recv=9&lost=0&retrans=0&sent_bytes=4152&recv_bytes=4485&delivery_rate=31131&cwnd=12000&unsent_bytes=0&cid=9b1ec1782ec3678f&ts=60&x=1" cfExtPri cfHdrFlush;dur=0 x-powered-by PHP/7.2.24 Redirect headers Location https://she.lavateraas.sbs/?customer-id=oc880ko5n4744-xs956a5a7c1c2-dy130fvl8o999 Non-Authoritative-Reason HttpsUpgrades
GET H3	200	style.css she.lavateraas.sbs/css/	15 KB 4 KB	32ms 31ms	Stylesheet text/css	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://she.lavateraas.sbs/css/style.css Requested by Host: she.lavateraas.sbs URL: https://she.lavateraas.sbs/?customer-id=oc880ko5n4744-xs956a5a7c1c2-dy130fvl8o999 Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `25f0ba58034d30ccc00d3729101232d003487e5232f9822876b0267a66fdfa8d` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer Response headers content-encoding br cf-cache-status HIT etag W/"3d2a-62607d785c535" age 7014 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yWuUAiJqup5v9bxCnlrFFthlRd3IVrsPNMtzLkAiFVPw7zlkYGi2xFgJA%2FD2Zm3ffSRayOnzUfJ0oOrs1D0Q6hAIojrx4RQp%2B7WmrSTo2HSRRYh08T9ZKtC8tp53k3pp%2BI%2FLLog%3D"}],"group":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=24615&sent=22&recv=18&lost=0&retrans=0&sent_bytes=10139&recv_bytes=6177&delivery_rate=217707&cwnd=12000&unsent_bytes=0&cid=9b1ec1782ec3678f&ts=109&x=1", cfExtPri, cfHdrFlush;dur=0 date Mon, 04 Nov 2024 13:07:07 GMT content-type text/css last-modified Sun, 03 Nov 2024 20:16:22 GMT vary Accept-Encoding priority u=0,i=?0 cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8dd4d3428e064242-AMS server cloudflare
GET H3	200	animate.min.css she.lavateraas.sbs/css/	70 KB 6 KB	54ms 52ms	Stylesheet text/css	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://she.lavateraas.sbs/css/animate.min.css Requested by Host: she.lavateraas.sbs URL: https://she.lavateraas.sbs/?customer-id=oc880ko5n4744-xs956a5a7c1c2-dy130fvl8o999 Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `5fbaeb9f8e25d7e0143bae61d4b1802c16ce7390b96ceb2d498b0d96ff4c853f` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer Response headers content-encoding br cf-cache-status HIT etag W/"11846-62607d77d0ad7" age 7014 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dzbwnwF%2BwaciVAcTgXuQ3JFQ7xQ13LUbDrrqIYQVEQHabLf3tiPaqqSCWsRyTrvSiO1xJfPnfJ3H3G0gQEIjlFBCw08BzZJvbWMl2Ocr0JTYvGxWzpQwC57cDDdB5rT1b2tc09o%3D"}],"group":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=24615&sent=34&recv=18&lost=0&retrans=0&sent_bytes=22136&recv_bytes=6177&delivery_rate=217707&cwnd=12000&unsent_bytes=0&cid=9b1ec1782ec3678f&ts=116&x=1", cfExtPri, cfHdrFlush;dur=12 date Mon, 04 Nov 2024 13:07:07 GMT content-type text/css last-modified Sun, 03 Nov 2024 20:16:22 GMT vary Accept-Encoding priority u=0,i=?0 cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8dd4d3428e094242-AMS server cloudflare
GET H2	200	all.js Show response use.fontawesome.com/releases/v5.15.4/js/	1 MB 426 KB	166ms 77ms	Script application/javascript	2606:4700:3037::ac43:8ef5 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://use.fontawesome.com/releases/v5.15.4/js/all.js Requested by Host: she.lavateraas.sbs URL: https://she.lavateraas.sbs/?customer-id=oc880ko5n4744-xs956a5a7c1c2-dy130fvl8o999 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::ac43:8ef5 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `812ab0e46f86b2ce98ab2425ab2224b90d0845952a1ac0d5abd734b6217e98bf` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Origin https://she.lavateraas.sbs Referer Response headers content-encoding br cf-cache-status HIT etag W/"5e29440867fdb02a48dffded02338c31" age 36105 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q78bV%2B6oc6jI%2FP2mA3%2FeVkvxmUWy%2FUlJn5Ss4F0fcOV7SLmlLAwVKVxJWIPVfv9rVnLGqTTZyWOA2uRcw3KbyXy6XjW%2FEUkzh4MCrfzF%2FslX%2BxWUtwgromy1g0sA2rktYCDPusVj8QHGSMcxCUo%2Fio3u"}],"group":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=TCP&rtt=22452&sent=6&recv=12&lost=0&retrans=0&sent_bytes=4004&recv_bytes=2221&delivery_rate=160235&cwnd=253&unsent_bytes=0&cid=45d42f9e76c4d83c&ts=92&x=0" date Mon, 04 Nov 2024 13:07:07 GMT content-type application/javascript last-modified Fri, 22 Sep 2023 01:45:24 GMT vary Origin, Accept-Encoding cache-control max-age=31556926 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8dd4d3438b750b05-AMS access-control-allow-origin * server cloudflare
GET H3	200	datehead.js Show response she.lavateraas.sbs/js/	2 KB 1 KB	33ms 32ms	Script application/javascript	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://she.lavateraas.sbs/js/datehead.js Requested by Host: she.lavateraas.sbs URL: https://she.lavateraas.sbs/?customer-id=oc880ko5n4744-xs956a5a7c1c2-dy130fvl8o999 Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `3515884df670714dd723c7a0fd9ecfd8cf73aea40d0f3ea9d92608c04b9655eb` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer Response headers content-encoding br cf-cache-status HIT etag W/"6d9-62607d79ffc21" age 7014 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZEOZcf8kicYaarrL6pp9IanBt2pl2bQ6N0o%2BcfcT8h6kzvHbnHqQ34O1aoWlmrN6eWv25d3aD1jf4R%2Bg36gZ6JoRjO89OO1QNP8eNlylRihvN7KSFntIFb7%2BlqCGxrwbW7SZP%2BQ%3D"}],"group":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=24615&sent=26&recv=18&lost=0&retrans=0&sent_bytes=14105&recv_bytes=6177&delivery_rate=217707&cwnd=12000&unsent_bytes=0&cid=9b1ec1782ec3678f&ts=111&x=1", cfExtPri, cfHdrFlush;dur=0 date Mon, 04 Nov 2024 13:07:07 GMT content-type application/javascript last-modified Sun, 03 Nov 2024 20:16:24 GMT vary Accept-Encoding priority u=1,i=?0 cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8dd4d3428e0c4242-AMS server cloudflare
GET H3	200	logo.png she.lavateraas.sbs/images/	8 KB 9 KB	39ms 38ms	Image image/png	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://she.lavateraas.sbs/images/logo.png Requested by Host: she.lavateraas.sbs URL: https://she.lavateraas.sbs/?customer-id=oc880ko5n4744-xs956a5a7c1c2-dy130fvl8o999 Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `b1e617a903f71d9dd18155c7d58b363adccb2c7a44791ffee539a374d25710b6` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer Response headers cf-cache-status HIT etag "215f-62607d7515b45" age 7014 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Jg%2B1nfWJ%2FePax%2FaZ3bqr93arRq4DkMKqX0grNvMNM1AgczDO6qZKZxqADJVGIgFV4GhZJCsd7slFI3Z1SfLwoma3yXZW4B4BgMWNurE%2F4aD69clq5%2Bw2JOEMjx4KrWdPKp5zN94%3D"}],"group":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=24615&sent=31&recv=18&lost=0&retrans=0&sent_bytes=18536&recv_bytes=6177&delivery_rate=217707&cwnd=12000&unsent_bytes=0&cid=9b1ec1782ec3678f&ts=113&x=1", cfExtPri, cfHdrFlush;dur=0 date Mon, 04 Nov 2024 13:07:07 GMT content-type image/png last-modified Sun, 03 Nov 2024 20:16:19 GMT vary Accept-Encoding priority u=2,i cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8dd4d3428e0e4242-AMS accept-ranges bytes content-length 8543 server cloudflare
GET H3	200	flaglogo.png she.lavateraas.sbs/images/	2 KB 3 KB	34ms 33ms	Image image/png	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://she.lavateraas.sbs/images/flaglogo.png Requested by Host: she.lavateraas.sbs URL: https://she.lavateraas.sbs/?customer-id=oc880ko5n4744-xs956a5a7c1c2-dy130fvl8o999 Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `9876a7ae2fff3841f6815203eea614d8cd0022ebbe6b9b4d97bfbc53bf422fe4` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer Response headers cf-cache-status HIT etag "998-62607d76b9231" age 7014 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ck21OM6VCqsRIxXj93bjO9pujzTkjxHV6HjcraELdlPCqIg5KALukeB%2Fc%2Bfz7wi74d%2FoHZsooiIyljSZRYcWYqae%2FHlEZQQCM47wQ%2F3pV1HyAFC45qP2Jj1%2BF1VXf8OBwhw%2B6EA%3D"}],"group":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=24615&sent=28&recv=18&lost=0&retrans=0&sent_bytes=15343&recv_bytes=6177&delivery_rate=217707&cwnd=12000&unsent_bytes=0&cid=9b1ec1782ec3678f&ts=111&x=1", cfExtPri, cfHdrFlush;dur=0 date Mon, 04 Nov 2024 13:07:07 GMT content-type image/png last-modified Sun, 03 Nov 2024 20:16:21 GMT vary Accept-Encoding priority u=2,i cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8dd4d3428e0f4242-AMS accept-ranges bytes content-length 2456 server cloudflare
GET H3	200	product.png she.lavateraas.sbs/images/	203 KB 204 KB	49ms 46ms	Image image/png	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://she.lavateraas.sbs/images/product.png Requested by Host: she.lavateraas.sbs URL: https://she.lavateraas.sbs/?customer-id=oc880ko5n4744-xs956a5a7c1c2-dy130fvl8o999 Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `7dee8a0808bb4da85e2b5fa3009a4589c87ee7474108585f7dda8202f67b5825` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer Response headers cf-cache-status HIT etag "32c77-62607d71ce1b5" age 6969 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4sq%2FxEeLMufZSQL%2Fo%2BAYzzOr%2FnLbjMUO4rtjWtYsXZKSeYEWxkFpMn23QLlT9xJnpVDPXBlZYHqPFt7LtovJnRjsLk7PoidKGNBFqJAe1xjmp95EjTJ3Wy83X%2Fc40TuaI51CyI4%3D"}],"group":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=27287&sent=47&recv=31&lost=0&retrans=0&sent_bytes=34151&recv_bytes=7026&delivery_rate=548632&cwnd=19200&unsent_bytes=0&cid=9b1ec1782ec3678f&ts=155&x=1", cfExtPri, cfHdrFlush;dur=0 date Mon, 04 Nov 2024 13:07:07 GMT content-type image/png last-modified Sun, 03 Nov 2024 20:16:15 GMT vary Accept-Encoding priority u=2,i cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8dd4d342ce4f4242-AMS accept-ranges bytes content-length 207991 server cloudflare
GET H3	200	loadingBL.gif she.lavateraas.sbs/images/	118 KB 118 KB	43ms 42ms	Image image/gif	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://she.lavateraas.sbs/images/loadingBL.gif Requested by Host: she.lavateraas.sbs URL: https://she.lavateraas.sbs/?customer-id=oc880ko5n4744-xs956a5a7c1c2-dy130fvl8o999 Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `58669c15b15430de02d4aa06b4e725ad0763e1edcd99f946d998dfa9b350c699` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer Response headers cf-cache-status HIT etag "1d63c-62607d7025ca9" age 6969 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XSzxgHWgDJiB7gv4Rx%2B4L3eErboP1RTxN9gyCkHZXrOpokL9LDAc4NiF1LYDHkUg2AYiVb2aEpwtm8gCZF5YxKkAuLjhvhpuVFH28NMFrnbT8Mja5xG2HtNYmRZxdZkLsJczduQ%3D"}],"group":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=27287&sent=65&recv=37&lost=0&retrans=0&sent_bytes=53398&recv_bytes=8931&delivery_rate=548632&cwnd=19200&unsent_bytes=0&cid=9b1ec1782ec3678f&ts=178&x=1", cfExtPri, cfHdrFlush;dur=8 date Mon, 04 Nov 2024 13:07:07 GMT content-type image/gif last-modified Sun, 03 Nov 2024 20:16:14 GMT vary Accept-Encoding priority u=2,i cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8dd4d342ee704242-AMS accept-ranges bytes content-length 120380 server cloudflare
GET H3	200	prize1.png she.lavateraas.sbs/images/	205 KB 206 KB	61ms 58ms	Image image/png	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://she.lavateraas.sbs/images/prize1.png Requested by Host: she.lavateraas.sbs URL: https://she.lavateraas.sbs/?customer-id=oc880ko5n4744-xs956a5a7c1c2-dy130fvl8o999 Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e9df25f929c635ea6775d4fadbe5697c039ed5132658d35d524830d2c1590c31` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer Response headers cf-cache-status HIT etag "33461-62607d73fdad0" age 6969 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MqdrdJsek5S9E1gky1313bp6ynqDIZoyPUTCRbHK%2F7mT3k4ZZBaEt5IqPqNu0E%2BNB4VWP7JHGLGk362NH%2FIplIs1RVIi0CbRta7ePmBL1glLfE8omw%2Btg3TjKa%2FF8H9r6hPrYDk%3D"}],"group":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=27287&sent=65&recv=37&lost=0&retrans=0&sent_bytes=53398&recv_bytes=8931&delivery_rate=548632&cwnd=19200&unsent_bytes=0&cid=9b1ec1782ec3678f&ts=182&x=1", cfExtPri, cfHdrFlush;dur=19 date Mon, 04 Nov 2024 13:07:07 GMT content-type image/png last-modified Sun, 03 Nov 2024 20:16:18 GMT vary Accept-Encoding priority u=2,i cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8dd4d342fe744242-AMS accept-ranges bytes content-length 210017 server cloudflare
GET H3	200	1.jpg she.lavateraas.sbs/images/	44 KB 45 KB	780ms 778ms	Image image/jpeg	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://she.lavateraas.sbs/images/1.jpg Requested by Host: she.lavateraas.sbs URL: https://she.lavateraas.sbs/?customer-id=oc880ko5n4744-xs956a5a7c1c2-dy130fvl8o999 Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `08cca3a01826c51da3ba67e576c6edc01819ad7d1fac69888e1cb18638b62bd6` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer Response headers cf-cache-status HIT etag "b0d0-62607d75a198c" age 6969 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3XY%2BZGpHJMjCsvglNpkDgY3ICqUx0Y5s3PSjjZFvtbmaBKW22EwQCxhaZQ3Jn5E2ztC6i%2Ftjh35DJH1DkKzG80aHlXF9sgP3nvw5Fkn4P8I1jbhzU7l2CtOCkewxgtk%2BkHHCy5c%3D"}],"group":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=27287&sent=65&recv=37&lost=0&retrans=0&sent_bytes=53398&recv_bytes=8931&delivery_rate=548632&cwnd=19200&unsent_bytes=0&cid=9b1ec1782ec3678f&ts=181&x=1", cfExtPri, cfHdrFlush;dur=20 date Mon, 04 Nov 2024 13:07:07 GMT content-type image/jpeg last-modified Sun, 03 Nov 2024 20:16:19 GMT vary Accept-Encoding priority u=3,i cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8dd4d342fe7a4242-AMS accept-ranges bytes content-length 45264 server cloudflare
GET H3	200	2.jpg she.lavateraas.sbs/images/	45 KB 45 KB	771ms 769ms	Image image/jpeg	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://she.lavateraas.sbs/images/2.jpg Requested by Host: she.lavateraas.sbs URL: https://she.lavateraas.sbs/?customer-id=oc880ko5n4744-xs956a5a7c1c2-dy130fvl8o999 Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `12848411efa2d4d07a355d984599585dcf70a54213f832586e3a59761b349529` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer Response headers cf-cache-status HIT etag "b223-62607d7371c89" age 6969 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MRb8e28jRsrIaNgcM2MKCbcHkPr78vyigAjc7a79qfhKK4p5kc0khtxvWeJ3TyEHsFSwz8eW4pW0qr7LILgQ0nBjpXAUrc2MdOTxke%2BXojMso9a13kVEtO2aU%2FZcr%2FZRNfYT81A%3D"}],"group":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=27287&sent=65&recv=37&lost=0&retrans=0&sent_bytes=53398&recv_bytes=8931&delivery_rate=548632&cwnd=19200&unsent_bytes=0&cid=9b1ec1782ec3678f&ts=182&x=1", cfExtPri, cfHdrFlush;dur=25 date Mon, 04 Nov 2024 13:07:07 GMT content-type image/jpeg last-modified Sun, 03 Nov 2024 20:16:17 GMT vary Accept-Encoding priority u=3,i cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8dd4d342fe7b4242-AMS accept-ranges bytes content-length 45603 server cloudflare
GET H3	200	comm_pic_1.jpg she.lavateraas.sbs/images/	110 KB 111 KB	772ms 769ms	Image image/jpeg	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://she.lavateraas.sbs/images/comm_pic_1.jpg Requested by Host: she.lavateraas.sbs URL: https://she.lavateraas.sbs/?customer-id=oc880ko5n4744-xs956a5a7c1c2-dy130fvl8o999 Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f6aea3c07288caf07a7decf4f1d8d1cbf202394255169570f5205af4a553d899` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer Response headers cf-cache-status HIT etag "1b736-62607d6f99e62" age 6969 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8UInIXUrxmygb3VVGuKLMN5Xy4YLoO8VxsbLSvUCcNoHYfHK%2F9jd1%2FiaCJ2fWd9OQO%2BMvXHin%2FVbqkKuSKghb6alpXgLalSgqp%2BHawZKzhJtrueAYg4tZPFp5KI1PH7aV0M22zE%3D"}],"group":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=27287&sent=65&recv=37&lost=0&retrans=0&sent_bytes=53398&recv_bytes=8931&delivery_rate=548632&cwnd=19200&unsent_bytes=0&cid=9b1ec1782ec3678f&ts=183&x=1", cfExtPri, cfHdrFlush;dur=25 date Mon, 04 Nov 2024 13:07:07 GMT content-type image/jpeg last-modified Sun, 03 Nov 2024 20:16:13 GMT vary Accept-Encoding priority u=3,i cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8dd4d342fe7c4242-AMS accept-ranges bytes content-length 112438 server cloudflare
GET H3	200	3.jpg she.lavateraas.sbs/images/	38 KB 39 KB	772ms 770ms	Image image/jpeg	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://she.lavateraas.sbs/images/3.jpg Requested by Host: she.lavateraas.sbs URL: https://she.lavateraas.sbs/?customer-id=oc880ko5n4744-xs956a5a7c1c2-dy130fvl8o999 Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `80e4781f9a5c59e6dd06e2a0663c83a74a6e7f72b75240e1251d0f47822baaa0` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer Response headers cf-cache-status HIT etag "982d-62607d6f0e01c" age 6969 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Pdu4n6gOt65V08jMsnlsuZ8tVRp2EaI0v0kD0lAr2cB97AQSezBC61WTF5U%2F5sU3qaP0WftvHbzJqdy5Rr%2FyqDc9c8Lk5hP3nUcAnKE4I82sjliLSd%2B5zRAnFtOG%2BMJnT3ncm%2BE%3D"}],"group":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=26071&sent=86&recv=44&lost=13&retrans=13&sent_bytes=73343&recv_bytes=11534&delivery_rate=148272&cwnd=15119&unsent_bytes=0&cid=9b1ec1782ec3678f&ts=213&x=1", cfExtPri, cfHdrFlush;dur=13 date Mon, 04 Nov 2024 13:07:07 GMT content-type image/jpeg last-modified Sun, 03 Nov 2024 20:16:13 GMT vary Accept-Encoding priority u=3,i cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8dd4d3432ea94242-AMS accept-ranges bytes content-length 38957 server cloudflare
GET H3	200	4.jpg she.lavateraas.sbs/images/	38 KB 39 KB	780ms 778ms	Image image/jpeg	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://she.lavateraas.sbs/images/4.jpg Requested by Host: she.lavateraas.sbs URL: https://she.lavateraas.sbs/?customer-id=oc880ko5n4744-xs956a5a7c1c2-dy130fvl8o999 Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d59f849bd004f0145fe46845f941fa5787ef30c4b333839c74085839cdd2eba3` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer Response headers cf-cache-status HIT etag "97bf-62607d725a3e4" age 6969 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QQ2pD0KAf9s6%2BucKTZ0UkmKCWIp4AS4ytv9%2BD9fO4Hgh0olb%2B3a3VuDl4FfIqhWL3Hkgp27oa5Ib3hA4noFroHI5IU1Mr0d3sn1xO%2FPDIX4V2SBGmmJuZjyV0hg7XhqzGt2KWpY%3D"}],"group":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=26071&sent=86&recv=44&lost=13&retrans=13&sent_bytes=73343&recv_bytes=11534&delivery_rate=148272&cwnd=15119&unsent_bytes=0&cid=9b1ec1782ec3678f&ts=213&x=1", cfExtPri, cfHdrFlush;dur=13 date Mon, 04 Nov 2024 13:07:07 GMT content-type image/jpeg last-modified Sun, 03 Nov 2024 20:16:16 GMT vary Accept-Encoding priority u=3,i cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8dd4d3432eab4242-AMS accept-ranges bytes content-length 38847 server cloudflare
GET H3	200	comm_pic_2.jpg she.lavateraas.sbs/images/	112 KB 112 KB	780ms 778ms	Image image/jpeg	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://she.lavateraas.sbs/images/comm_pic_2.jpg Requested by Host: she.lavateraas.sbs URL: https://she.lavateraas.sbs/?customer-id=oc880ko5n4744-xs956a5a7c1c2-dy130fvl8o999 Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `1a62547fc8c0c744eb759f4cb2e5ab9cba00d7b9cb4e611d927858e2177fa9bb` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer Response headers cf-cache-status HIT etag "1be12-62607d7141f86" age 6969 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZILAgSyyaUaFFHpWjQ3wYALsqokpArU09bg74M3n5MGpesyCt9bTwgPObABXgG5ndXO1hJVbgBqLtNXn3qKp2r6pKz5mMbbqZYwy58Jr3%2BGioYWHNrL7ftPSlgxCgh8D4Cv3Igo%3D"}],"group":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=26071&sent=86&recv=44&lost=13&retrans=13&sent_bytes=73343&recv_bytes=11534&delivery_rate=148272&cwnd=15119&unsent_bytes=0&cid=9b1ec1782ec3678f&ts=214&x=1", cfExtPri, cfHdrFlush;dur=12 date Mon, 04 Nov 2024 13:07:07 GMT content-type image/jpeg last-modified Sun, 03 Nov 2024 20:16:15 GMT vary Accept-Encoding priority u=3,i cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8dd4d3432ead4242-AMS accept-ranges bytes content-length 114194 server cloudflare
GET H3	200	5.jpg she.lavateraas.sbs/images/	46 KB 47 KB	775ms 774ms	Image image/jpeg	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://she.lavateraas.sbs/images/5.jpg Requested by Host: she.lavateraas.sbs URL: https://she.lavateraas.sbs/?customer-id=oc880ko5n4744-xs956a5a7c1c2-dy130fvl8o999 Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `36940f375ccd0d827d78f05e0b3296d140efe4e586abc40ffdbb5395e3277f18` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer Response headers cf-cache-status HIT etag "b7ec-62607d762d3ea" age 6969 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=936aTk%2FfrRDJrXd1nZBfB9x1j0zr2jpJQYDMgD8uzq6ND1kvP0gRBRVMV%2B29saSQv7IhBU5DlkoiNSMpJHqEbrBDoopu3FQR44iP4upu82gu2fc6SOx0vOHk70lyrRo7NXTivgQ%3D"}],"group":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=26071&sent=86&recv=44&lost=13&retrans=13&sent_bytes=73343&recv_bytes=11534&delivery_rate=148272&cwnd=15119&unsent_bytes=0&cid=9b1ec1782ec3678f&ts=215&x=1", cfExtPri, cfHdrFlush;dur=11 date Mon, 04 Nov 2024 13:07:07 GMT content-type image/jpeg last-modified Sun, 03 Nov 2024 20:16:20 GMT vary Accept-Encoding priority u=3,i cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8dd4d3432eae4242-AMS accept-ranges bytes content-length 47084 server cloudflare
GET H3	200	f_guarantee.png she.lavateraas.sbs/images/	6 KB 7 KB	776ms 775ms	Image image/png	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://she.lavateraas.sbs/images/f_guarantee.png Requested by Host: she.lavateraas.sbs URL: https://she.lavateraas.sbs/?customer-id=oc880ko5n4744-xs956a5a7c1c2-dy130fvl8o999 Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `bf97443d681d2bc0ca04b707d0d3d443bcf99b1bf4fc0af84ac51286d0b4e02b` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer Response headers cf-cache-status HIT etag "18d0-62607d7489cfe" age 6969 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xUhDdBivxkio23AW5%2Br8PCzZFyZCJ6yahW3%2FQuwEW%2BBAw5VofGGgWgnLxPivkzWd76Od89kOyP5%2FemliHEvWA9wVsMbUndJFnazngcdhwbvToCsO%2BCE6nl%2BOGsj4sk6%2FTb5KRy0%3D"}],"group":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=26071&sent=86&recv=44&lost=13&retrans=13&sent_bytes=73343&recv_bytes=11534&delivery_rate=148272&cwnd=15119&unsent_bytes=0&cid=9b1ec1782ec3678f&ts=213&x=1", cfExtPri, cfHdrFlush;dur=13 date Mon, 04 Nov 2024 13:07:07 GMT content-type image/png last-modified Sun, 03 Nov 2024 20:16:18 GMT vary Accept-Encoding priority u=3,i cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8dd4d3432eaf4242-AMS accept-ranges bytes content-length 6352 server cloudflare
GET H3	200	f_secure_1.png she.lavateraas.sbs/images/	10 KB 10 KB	777ms 776ms	Image image/png	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://she.lavateraas.sbs/images/f_secure_1.png Requested by Host: she.lavateraas.sbs URL: https://she.lavateraas.sbs/?customer-id=oc880ko5n4744-xs956a5a7c1c2-dy130fvl8o999 Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `c6c896e27ff1f1d6cb22ce652dcca916946ce9f003bcb4fe30d1265fcb531a95` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer Response headers cf-cache-status HIT etag "2686-62607d70b6140" age 6969 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dvzBGEtWNXGE3gd9dRDxu4sServAiVBKwmfn01rf%2BazypUkqT9MgMRudYYuU35eF8hQPqUvQAfVKF6TYYA7XROWXY8E%2BO84HdNQOKHhqXhINl%2BEk7If138ZwaqORCq2f0aI1rc4%3D"}],"group":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=26071&sent=86&recv=44&lost=13&retrans=13&sent_bytes=73343&recv_bytes=11534&delivery_rate=148272&cwnd=15119&unsent_bytes=0&cid=9b1ec1782ec3678f&ts=213&x=1", cfExtPri, cfHdrFlush;dur=13 date Mon, 04 Nov 2024 13:07:07 GMT content-type image/png last-modified Sun, 03 Nov 2024 20:16:14 GMT vary Accept-Encoding priority u=3,i cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8dd4d3432eb04242-AMS accept-ranges bytes content-length 9862 server cloudflare
GET H3	200	logo2.png she.lavateraas.sbs/images/	9 KB 10 KB	777ms 776ms	Image image/png	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://she.lavateraas.sbs/images/logo2.png Requested by Host: she.lavateraas.sbs URL: https://she.lavateraas.sbs/?customer-id=oc880ko5n4744-xs956a5a7c1c2-dy130fvl8o999 Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `46d008df1bea7669fe4503b6b2c4426728e44aacf5027308e823fffb2ac74c8a` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer Response headers cf-cache-status HIT etag "245c-62607d72e5e42" age 6969 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fmSR%2Bgubzwf8xZPmYSZYkAWs94%2Fmi6ikduIq3P4lJMHdvGHDiM0%2BmRhbDNCkxRMTXRfHwHuER2HZyZTWZsyR7J5R1ISln82GqxZAtL9PEKqIsJ1jI62lfCGj%2BvgJnHXGRJPtCkE%3D"}],"group":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=26071&sent=86&recv=44&lost=13&retrans=13&sent_bytes=73343&recv_bytes=11534&delivery_rate=148272&cwnd=15119&unsent_bytes=0&cid=9b1ec1782ec3678f&ts=217&x=1", cfExtPri, cfHdrFlush;dur=29 date Mon, 04 Nov 2024 13:07:07 GMT content-type image/png last-modified Sun, 03 Nov 2024 20:16:17 GMT vary Accept-Encoding priority u=3,i cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8dd4d3432eb24242-AMS accept-ranges bytes content-length 9308 server cloudflare
GET H3	200	script.js Show response she.lavateraas.sbs/js/	10 KB 3 KB	60ms 57ms	Script application/javascript	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://she.lavateraas.sbs/js/script.js Requested by Host: she.lavateraas.sbs URL: https://she.lavateraas.sbs/?customer-id=oc880ko5n4744-xs956a5a7c1c2-dy130fvl8o999 Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `ba795d196aba3b3bf80a2341c81d2701b2b9d9e4414a8e91a60992deefd221b2` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer Response headers content-encoding br cf-cache-status HIT etag W/"2848-62607d7973ddb" age 6969 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=39K%2BUCw%2F2HoZjt7yZo8XFSUSZvJi0t4Q%2FjnyYbm%2BB6PEVa1WqkXTm1%2BB0WLjyz8526uN2Ul8rJcklyVNAfp2SoWw51kNJLIHTJuzfrO%2BVcZhluZ5pyW9VK1mMTjSqHrxi%2FxfDIU%3D"}],"group":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=29125&sent=71&recv=39&lost=0&retrans=0&sent_bytes=58224&recv_bytes=9326&delivery_rate=57141&cwnd=21600&unsent_bytes=0&cid=9b1ec1782ec3678f&ts=190&x=1", cfExtPri, cfHdrFlush;dur=11 date Mon, 04 Nov 2024 13:07:07 GMT content-type application/javascript last-modified Sun, 03 Nov 2024 20:16:23 GMT vary Accept-Encoding priority u=2,i=?0 cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8dd4d342fe764242-AMS server cloudflare
GET H3	404	bg.png she.lavateraas.sbs/images/	196 B 196 B	765ms 765ms	Image text/html	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://she.lavateraas.sbs/images/bg.png Requested by Host: she.lavateraas.sbs URL: https://she.lavateraas.sbs/css/style.css Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://she.lavateraas.sbs/css/style.css Response headers cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding br cf-cache-status HIT age 68 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p%2BWVwWJiHcrsEuHnzRx6L0x%2Bm5nMu77KbeYuZL%2F9oawL3PAnt0ZSbA3NGf6gOhOmUNCJVOUfhsHFqcc5HlHAC5ZY9dc6XxDekg95sgBddKM8s%2FxbIFf45i0do2LX5Hh4e%2B9BekQ%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8dd4d3430e874242-AMS alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=27561&sent=74&recv=41&lost=13&retrans=13&sent_bytes=61067&recv_bytes=11398&delivery_rate=85712&cwnd=15119&unsent_bytes=0&cid=9b1ec1782ec3678f&ts=205&x=1", cfExtPri, cfHdrFlush;dur=42 date Mon, 04 Nov 2024 13:07:07 GMT content-type text/html; charset=iso-8859-1 vary Accept-Encoding server cloudflare priority u=3,i
GET H3	404	favicon.ico she.lavateraas.sbs/	196 B 803 B	38ms 37ms	Other text/html	188.114.96.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://she.lavateraas.sbs/favicon.ico Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer Response headers cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding br cf-cache-status HIT age 53 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8JAWb1vZ6TYMzlMI0t9%2BaWcthKpQNltoyYH%2BGpFuBKtcIbBknXetTMYS4cH7QcJZyzjXaP%2BOr9tqItky3f6129HlIGcibADQ3%2FZxv2EkbwimWwg%2FPX6DeEozxFovOAXtPPC6h9s%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8dd4d349cdb64242-AMS alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=22462&sent=1015&recv=187&lost=13&retrans=13&sent_bytes=1093288&recv_bytes=18286&delivery_rate=1672795&cwnd=48719&unsent_bytes=0&cid=9b1ec1782ec3678f&ts=1276&x=1", cfExtPri, cfHdrFlush;dur=0 date Mon, 04 Nov 2024 13:07:08 GMT content-type text/html; charset=iso-8859-1 vary Accept-Encoding server cloudflare priority u=1,i

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Scam (Online)

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			onea.sunflowersad.shop/	1969-12-31 23:59:59	Name: mwsid Value: m9rhua8j58u8g9klm9us5jlk6b

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://she.lavateraas.sbs/?customer-id=oc880ko5n4744-xs956a5a7c1c2-dy130fvl8o999 Message: Error parsing 'integrity' attribute ('oiuas898789askjdkaysudui'). The hash algorithm must be one of 'sha256', 'sha384', or 'sha512', followed by a '-' character.
network	error	URL: https://she.lavateraas.sbs/images/bg.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://she.lavateraas.sbs/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

facebook-pixel.squareminus.shop
onea.sunflowersad.shop
she.lavateraas.sbs
use.fontawesome.com
172.67.200.40
188.114.96.3
2606:4700:3037::ac43:8ef5
08cca3a01826c51da3ba67e576c6edc01819ad7d1fac69888e1cb18638b62bd6
12848411efa2d4d07a355d984599585dcf70a54213f832586e3a59761b349529
1a62547fc8c0c744eb759f4cb2e5ab9cba00d7b9cb4e611d927858e2177fa9bb
25f0ba58034d30ccc00d3729101232d003487e5232f9822876b0267a66fdfa8d
3515884df670714dd723c7a0fd9ecfd8cf73aea40d0f3ea9d92608c04b9655eb
36940f375ccd0d827d78f05e0b3296d140efe4e586abc40ffdbb5395e3277f18
46d008df1bea7669fe4503b6b2c4426728e44aacf5027308e823fffb2ac74c8a
58669c15b15430de02d4aa06b4e725ad0763e1edcd99f946d998dfa9b350c699
5fbaeb9f8e25d7e0143bae61d4b1802c16ce7390b96ceb2d498b0d96ff4c853f
6aa343fa9007e356c42ee06e76624f322d812c28f2f1c8ed991994935e6b8055
7dee8a0808bb4da85e2b5fa3009a4589c87ee7474108585f7dda8202f67b5825
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
80e4781f9a5c59e6dd06e2a0663c83a74a6e7f72b75240e1251d0f47822baaa0
812ab0e46f86b2ce98ab2425ab2224b90d0845952a1ac0d5abd734b6217e98bf
9876a7ae2fff3841f6815203eea614d8cd0022ebbe6b9b4d97bfbc53bf422fe4
b1e617a903f71d9dd18155c7d58b363adccb2c7a44791ffee539a374d25710b6
ba795d196aba3b3bf80a2341c81d2701b2b9d9e4414a8e91a60992deefd221b2
bf97443d681d2bc0ca04b707d0d3d443bcf99b1bf4fc0af84ac51286d0b4e02b
c6c896e27ff1f1d6cb22ce652dcca916946ce9f003bcb4fe30d1265fcb531a95
d59f849bd004f0145fe46845f941fa5787ef30c4b333839c74085839cdd2eba3
e9df25f929c635ea6775d4fadbe5697c039ed5132658d35d524830d2c1590c31
f6aea3c07288caf07a7decf4f1d8d1cbf202394255169570f5205af4a553d899

she.lavateraas.sbs Open in urlscan Pro 188.114.96.3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

23 Requests

100 %HTTPS

33 %IPv6

4 Domains

4 Subdomains

2 IPs

2 Countries

1450 kBTransfer

2289 kBSize

1 Cookies

1 Outgoing links

Page URL History

Redirected requests

23 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

16 JavaScript Global Variables

1 Cookies

3 Console Messages

Indicators

she.lavateraas.sbs Open in urlscan Pro
188.114.96.3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

23
Requests

100 %
HTTPS

33 %
IPv6

4
Domains

4
Subdomains

2
IPs

2
Countries

1450 kB
Transfer

2289 kB
Size

1
Cookies

23 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!