urlscan.io logo urlscan.io
SecurityTrails logo

win.gettheelevator.com Open in urlscan Pro
2a09:8280:1:d278:5448:dc98:c3db:7cb7  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://elevator.cmail20.com/t/t-l-qtuuudl-jljinuyll-jh/
Effective URL: https://win.gettheelevator.com/ppy?utm_source=GetTheElevatordotcom
Submission: On May 11 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 2 countries across 8 domains to perform 19 HTTP transactions. The main IP is 2a09:8280:1:d278:5448:dc98:c3db:7cb7, located in United States and belongs to FLY, US. The main domain is win.gettheelevator.com.
TLS certificate: Issued by R3 on March 29th 2022. Valid for: 3 months.
This is the only time win.gettheelevator.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 18.196.121.95 16509 (AMAZON-02)
3 2a09:8280:1:d... 40509 (FLY)
5 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 18.66.242.33 16509 (AMAZON-02)
4 18.64.115.49 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
1 52.204.242.176 14618 (AMAZON-AES)
2 18.205.222.128 14618 (AMAZON-AES)
19 8
1    18.196.121.95 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-196-121-95.eu-central-1.compute.amazonaws.com
elevator.cmail20.com
3    2a09:8280:1:d278:5448:dc98:c3db:7cb7 (United States)

ASN40509 (FLY, US)
win.gettheelevator.com
options.kickoffpages.com
5    2606:4700::6812:1734 (United States)

ASN13335 (CLOUDFLARENET, US)
kit.fontawesome.com
ka-p.fontawesome.com
1    2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    18.66.242.33 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-242-33.dus51.r.cloudfront.net
d1y0v6ricksqp.cloudfront.net
4    18.64.115.49 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-64-115-49.txl50.r.cloudfront.net
cdn.kickoffpages.com
2    2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    52.204.242.176 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-204-242-176.compute-1.amazonaws.com
api.kickofflabs.com
2    18.205.222.128 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-205-222-128.compute-1.amazonaws.com
leads.kickofflabs.com
Apex Domain
Subdomains		 Transfer
6 kickoffpages.com
cdn.kickoffpages.com — Cisco Umbrella Rank: 428745
options.kickoffpages.com — Cisco Umbrella Rank: 652869
215 KB
5 fontawesome.com
kit.fontawesome.com — Cisco Umbrella Rank: 1636
ka-p.fontawesome.com — Cisco Umbrella Rank: 4277
136 KB
3 kickofflabs.com
api.kickofflabs.com — Cisco Umbrella Rank: 628979
leads.kickofflabs.com — Cisco Umbrella Rank: 664444
2 KB
2 gstatic.com
fonts.gstatic.com
32 KB
1 cloudfront.net
d1y0v6ricksqp.cloudfront.net
11 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 46
1 KB
1 gettheelevator.com
win.gettheelevator.com
6 KB
1 cmail20.com
elevator.cmail20.com — Cisco Umbrella Rank: 647844
252 B
19 8
Domain Requested by
4 ka-p.fontawesome.com kit.fontawesome.com
4 cdn.kickoffpages.com win.gettheelevator.com
2 leads.kickofflabs.com cdn.kickoffpages.com
2 options.kickoffpages.com cdn.kickoffpages.com
2 fonts.gstatic.com fonts.googleapis.com
1 api.kickofflabs.com
1 d1y0v6ricksqp.cloudfront.net win.gettheelevator.com
1 fonts.googleapis.com win.gettheelevator.com
1 kit.fontawesome.com win.gettheelevator.com
1 win.gettheelevator.com
1 elevator.cmail20.com 1 redirects
19 11

This site contains no links.

Subject Issuer Validity Valid
win.gettheelevator.com
R3		 2022-03-29 -
2022-06-27		 3 months crt.sh
*.fontawesome.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-12-01 -
2023-01-01		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2022-04-18 -
2022-07-11		 3 months crt.sh
*.cloudfront.net
Amazon		 2022-02-01 -
2023-01-31		 a year crt.sh
cdn.kickoffpages.com
Amazon		 2021-09-06 -
2022-10-05		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2022-04-18 -
2022-07-11		 3 months crt.sh
*.kickoffpages.com
R3		 2022-04-01 -
2022-06-30		 3 months crt.sh
api.kickofflabs.com
R3		 2022-05-04 -
2022-08-02		 3 months crt.sh
leads.kickofflabs.com
R3		 2022-05-04 -
2022-08-02		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://win.gettheelevator.com/ppy?utm_source=GetTheElevatordotcom
Frame ID: 14D080119EC3C5D9BF4D10DDC7BFE56D
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Win a $3200 Bottle of Pappy Van Winkle Bourbon

Page URL History Show full URLs

  1. https://elevator.cmail20.com/t/t-l-qtuuudl-jljinuyll-jh/ HTTP 302
    https://win.gettheelevator.com/ppy?utm_source=GetTheElevatordotcom Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • kit\.fontawesome\.com/([0-9a-z]+).js

Page Statistics

19
Requests

100 %
HTTPS

44 %
IPv6

8
Domains

11
Subdomains

8
IPs

2
Countries

402 kB
Transfer

1462 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://elevator.cmail20.com/t/t-l-qtuuudl-jljinuyll-jh/ HTTP 302
    https://win.gettheelevator.com/ppy?utm_source=GetTheElevatordotcom Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request ppy
win.gettheelevator.com/
Redirect Chain
  • https://elevator.cmail20.com/t/t-l-qtuuudl-jljinuyll-jh/
  • https://win.gettheelevator.com/ppy?utm_source=GetTheElevatordotcom
14 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://win.gettheelevator.com/ppy?utm_source=GetTheElevatordotcom
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a09:8280:1:d278:5448:dc98:c3db:7cb7 , United States, ASN40509 (FLY, US),
Reverse DNS
Software
Fly/3edcda02 (2022-05-10) /
Resource Hash
5226888ae3629383eced57d2726af10fda976ebf2b8b7596659aecb76dc30683
Security Headers
Name Value
Content-Security-Policy default-src https: wss: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=15552000;
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
content-encoding
gzip
content-security-policy
default-src https: wss: data: 'unsafe-inline' 'unsafe-eval'
content-type
text/html;charset=utf-8
date
Wed, 11 May 2022 09:08:25 GMT
fly-request-id
01G2S60V8GV1RS1899C7CYEJS4-ams
k-id
11
k-protect
on
referrer-policy
no-referrer-when-downgrade
server
Fly/3edcda02 (2022-05-10)
strict-transport-security
max-age=15552000;
via
1.1 vegur, 2 fly.io
x-content-type-options
nosniff
x-fly-region
ams
x-xss-protection
1; mode=block

Redirect headers

Connection
keep-alive
Content-Length
167
Content-Type
text/html
Date
Wed, 11 May 2022 09:08:25 GMT
Location
https://win.gettheelevator.com/ppy?utm_source=GetTheElevatordotcom
Server
_waflopenresty/1.11.2.2
413baa29c3.js
kit.fontawesome.com/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://kit.fontawesome.com/413baa29c3.js
Requested by
Host: win.gettheelevator.com
URL: https://win.gettheelevator.com/ppy?utm_source=GetTheElevatordotcom
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5a4f44c3fce1e269f848b904c3b60361f4c13093f1f4f5ac6712f33b12a47481
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload

Request headers

Referer
https://win.gettheelevator.com/ppy?utm_source=GetTheElevatordotcom
Origin
https://win.gettheelevator.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 11 May 2022 09:08:26 GMT
content-encoding
gzip
cf-cache-status
MISS
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
origin, accept-encoding, access-control-request-headers, access-control-request-method
access-control-allow-methods
GET, OPTIONS
content-type
text/javascript
access-control-allow-origin
*
access-control-max-age
3000
cache-control
max-age=60, public, must-revalidate
strict-transport-security
max-age=31536000; preload
cf-ray
7099c51ea90b9bce-FRA
access-control-allow-headers
accept, accept-langauge, content-language, content-type, fa-kit-token
x-request-id
Fu4Bz_n61bqA6kxRyv9C
css
fonts.googleapis.com/ 		5 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans|Roboto:900&display=swap
Requested by
Host: win.gettheelevator.com
URL: https://win.gettheelevator.com/ppy?utm_source=GetTheElevatordotcom
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
190313afa651044cb3e722f3089122334ad6347215def4588d08297feb125fd5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://win.gettheelevator.com/ppy?utm_source=GetTheElevatordotcom
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 11 May 2022 09:08:26 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Wed, 11 May 2022 09:08:26 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 11 May 2022 09:08:26 GMT
bootstrap.min.css
d1y0v6ricksqp.cloudfront.net/css/bootstrap/3.4.1_simple/ 		56 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://d1y0v6ricksqp.cloudfront.net/css/bootstrap/3.4.1_simple/bootstrap.min.css
Requested by
Host: win.gettheelevator.com
URL: https://win.gettheelevator.com/ppy?utm_source=GetTheElevatordotcom
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.66.242.33 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-242-33.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2246212770d7ee65ae37c08cf280be33a1cf5a1fe0409d5aac3ae8a964907ce9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://win.gettheelevator.com/ppy?utm_source=GetTheElevatordotcom
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Wed, 11 May 2022 03:30:14 GMT
Content-Encoding
gzip
Connection
keep-alive
Last-Modified
Fri, 03 Apr 2020 10:15:09 GMT
Server
AmazonS3
Age
20293
ETag
W/"e0ff97da4feada5cdc71e2df2060b4c3"
Vary
Accept-Encoding
X-Cache
Hit from cloudfront
Content-Type
text/css
Via
1.1 ed18d8ae19db26837eda53bbf8f03c08.cloudfront.net (CloudFront)
Cache-Control
max-age=43200
Transfer-Encoding
chunked
X-Amz-Cf-Pop
DUS51-P1
X-Amz-Cf-Id
sCE9g8hXKg7YP4P1It2VGe1RAaBtJ4R26pPfPLpSEC8oNxkX5yvX5g==
kickofflabs.css
cdn.kickoffpages.com/droppable_theme_styles/1.2/ 		160 KB
24 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.kickoffpages.com/droppable_theme_styles/1.2/kickofflabs.css
Requested by
Host: win.gettheelevator.com
URL: https://win.gettheelevator.com/ppy?utm_source=GetTheElevatordotcom
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.64.115.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-64-115-49.txl50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e9ec107bcbbd5be35076a670a1352645dbe808a64809e854204b32eacf4a7e8b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://win.gettheelevator.com/ppy?utm_source=GetTheElevatordotcom
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Wed, 11 May 2022 08:57:10 GMT
Content-Encoding
gzip
Connection
keep-alive
Last-Modified
Tue, 10 May 2022 21:51:11 GMT
Server
AmazonS3
Age
935
ETag
W/"4a9d802772a0114ba15f78502b276f56"
Vary
Accept-Encoding
X-Cache
Hit from cloudfront
Content-Type
text/css
Via
1.1 29da4b53f2ce7517cad842851fd7a428.cloudfront.net (CloudFront)
Cache-Control
max-age=3600
Transfer-Encoding
chunked
X-Amz-Cf-Pop
TXL50-P4
X-Amz-Cf-Id
DfoRG0l2QarUPz9H5AWsRIhGmcMX6jvAj5rpOgImkMrTk6G7qkiQjw==
ELV-Logo-600wide.png
cdn.kickoffpages.com/assets/180746/0186fe12-b2c3-4af4-9bb8-019615ced83e/yuci65cgb181ytne3s11/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.kickoffpages.com/assets/180746/0186fe12-b2c3-4af4-9bb8-019615ced83e/yuci65cgb181ytne3s11/ELV-Logo-600wide.png
Requested by
Host: win.gettheelevator.com
URL: https://win.gettheelevator.com/ppy?utm_source=GetTheElevatordotcom
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.64.115.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-64-115-49.txl50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f8d792d70c4ede731f587928a8e7662794c8898aff4d0f7ef551426196776f61

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://win.gettheelevator.com/ppy?utm_source=GetTheElevatordotcom
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Wed, 20 Apr 2022 13:21:38 GMT
Via
1.1 29da4b53f2ce7517cad842851fd7a428.cloudfront.net (CloudFront)
Connection
keep-alive
Last-Modified
Tue, 19 Apr 2022 15:23:47 GMT
Server
AmazonS3
Age
1799209
ETag
"483c6e8426ac493d34c5f80b3dbf8afd"
X-Cache
Hit from cloudfront
Content-Type
image/png
Cache-Control
public, max-age=2592000
X-Amz-Cf-Pop
TXL50-P4
Accept-Ranges
bytes
Content-Length
3577
X-Amz-Cf-Id
sATnPwBDEL1d_Nj6fdj6aUtPFK2AJo4uecGU8olTxDNclz5ZZrih-g==
pappy-800.jpg
cdn.kickoffpages.com/assets/180746/0faadc24-23aa-4f89-8e75-afdcfe7ea520/d8arkw8fzgoz6srndu7c/ 		104 KB
105 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.kickoffpages.com/assets/180746/0faadc24-23aa-4f89-8e75-afdcfe7ea520/d8arkw8fzgoz6srndu7c/pappy-800.jpg
Requested by
Host: win.gettheelevator.com
URL: https://win.gettheelevator.com/ppy?utm_source=GetTheElevatordotcom
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.64.115.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-64-115-49.txl50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
16f8b53d6ba2ffb7036a64e24c840f5a0022d1a0b1b2feb9d2b199c820f8659f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://win.gettheelevator.com/ppy?utm_source=GetTheElevatordotcom
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Wed, 20 Apr 2022 13:21:38 GMT
Via
1.1 29da4b53f2ce7517cad842851fd7a428.cloudfront.net (CloudFront)
Connection
keep-alive
Last-Modified
Tue, 19 Apr 2022 15:22:38 GMT
Server
AmazonS3
Age
1799209
ETag
"2d74bafdace77d259f0e6deff8dc6e9e"
X-Cache
Hit from cloudfront
Content-Type
image/jpeg
Cache-Control
public, max-age=2592000
X-Amz-Cf-Pop
TXL50-P4
Accept-Ranges
bytes
Content-Length
106928
X-Amz-Cf-Id
ppAWAOxYyJnRfd78dsZ93qiPrGP51sELp9x9PkbTC_05wlqdD2bCyg==
kol.js
cdn.kickoffpages.com/2.1.0/ 		275 KB
73 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.kickoffpages.com/2.1.0/kol.js
Requested by
Host: win.gettheelevator.com
URL: https://win.gettheelevator.com/ppy?utm_source=GetTheElevatordotcom
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.64.115.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-64-115-49.txl50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
5c18143e04c87be1cc4e9b3e7a5aefc36ba74a17b8118c7fb8d35d4535f66243

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://win.gettheelevator.com/ppy?utm_source=GetTheElevatordotcom
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Wed, 11 May 2022 08:28:00 GMT
Content-Encoding
gzip
Connection
keep-alive
Last-Modified
Tue, 10 May 2022 17:20:29 GMT
Server
AmazonS3
Age
2427
ETag
W/"29db9704b47b38e74c9c52550d9da6ca"
Vary
Accept-Encoding
X-Cache
Hit from cloudfront
Content-Type
text/javascript
Via
1.1 4786bcd6a5ee692459814ef0ab252684.cloudfront.net (CloudFront)
Cache-Control
max-age=3600
Transfer-Encoding
chunked
X-Amz-Cf-Pop
TXL50-P4
X-Amz-Cf-Id
TFNuJOJfIkl_Zs62RzrZwfXc_o-2Pa803QK2wAXwknUDSd69iLJbqA==
pro.min.css
ka-p.fontawesome.com/releases/v6.1.1/css/ 		678 KB
115 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ka-p.fontawesome.com/releases/v6.1.1/css/pro.min.css?token=413baa29c3
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/413baa29c3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
233892c1230257a59c75c85e3757af3ad91c610379ce6c8d878198cb158a9f63

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://win.gettheelevator.com/ppy?utm_source=GetTheElevatordotcom
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 11 May 2022 09:08:26 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Tue, 22 Mar 2022 15:20:26 GMT
server
cloudflare
age
78417
etag
"6239e93a-1cbb1"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
7099c51f2a4e9bce-FRA
content-length
117681
pro-v4-shims.min.css
ka-p.fontawesome.com/releases/v6.1.1/css/ 		25 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ka-p.fontawesome.com/releases/v6.1.1/css/pro-v4-shims.min.css?token=413baa29c3
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/413baa29c3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
66a4d1f3bbcfa4e08869f5312bacc46e3df02f5bc1ea5a4835ce10c9fb1c25e7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://win.gettheelevator.com/ppy?utm_source=GetTheElevatordotcom
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 11 May 2022 09:08:26 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Tue, 22 Mar 2022 15:20:25 GMT
server
cloudflare
age
47939
etag
"6239e939-1070"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
7099c51f2a4f9bce-FRA
content-length
4208
pro-v5-font-face.min.css
ka-p.fontawesome.com/releases/v6.1.1/css/ 		65 KB
10 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ka-p.fontawesome.com/releases/v6.1.1/css/pro-v5-font-face.min.css?token=413baa29c3
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/413baa29c3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
041ac3fde06808cfaae62c19c87dd0df3497cfa51d33e41dce44432fa4102af5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://win.gettheelevator.com/ppy?utm_source=GetTheElevatordotcom
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 11 May 2022 09:08:26 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Tue, 22 Mar 2022 15:20:25 GMT
server
cloudflare
age
47939
etag
"6239e939-2642"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
7099c51f2a4b9bce-FRA
content-length
9794
pro-v4-font-face.min.css
ka-p.fontawesome.com/releases/v6.1.1/css/ 		11 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ka-p.fontawesome.com/releases/v6.1.1/css/pro-v4-font-face.min.css?token=413baa29c3
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/413baa29c3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a83f3e7c2acee6c1be9609cbb7d0dc70c9bf539f2653399547de62208bb559ae

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://win.gettheelevator.com/ppy?utm_source=GetTheElevatordotcom
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 11 May 2022 09:08:26 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Tue, 22 Mar 2022 15:20:25 GMT
server
cloudflare
age
47939
etag
"6239e939-8a7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31556926
accept-ranges
bytes
cf-ray
7099c51f2a519bce-FRA
content-length
2215
KFOlCnqEu92Fr1MmYUtfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans|Roboto:900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0e868ca932480407e63d27e8e868cb1514581142928b9be15ec9039bf5fe348f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://win.gettheelevator.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Fri, 06 May 2022 13:17:51 GMT
x-content-type-options
nosniff
age
417035
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15724
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:37 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Sat, 06 May 2023 13:17:51 GMT
memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
fonts.gstatic.com/s/opensans/v28/ 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v28/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans|Roboto:900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cce577471c2586f3e0c2518fff84a970d33f61491fb8c629341b86f238cf07c0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://win.gettheelevator.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 10 May 2022 22:46:04 GMT
x-content-type-options
nosniff
age
37342
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16692
x-xss-protection
0
last-modified
Tue, 01 Mar 2022 22:06:45 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 10 May 2023 22:46:04 GMT
/
options.kickoffpages.com/162395/ 		21 KB
8 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://options.kickoffpages.com/162395/
Requested by
Host: cdn.kickoffpages.com
URL: https://cdn.kickoffpages.com/2.1.0/kol.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a09:8280:1:d278:5448:dc98:c3db:7cb7 , United States, ASN40509 (FLY, US),
Reverse DNS
Software
Fly/3edcda02 (2022-05-10) /
Resource Hash
2273b9982b28a5ba69b6c6bd9ba45410a0ce5b18a2ff61f930421a1ad0766a82
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept
application/json
Referer
https://win.gettheelevator.com/ppy?utm_source=GetTheElevatordotcom
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
content-type
application/json

Response headers

date
Wed, 11 May 2022 09:08:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
fly-request-id
01G2S60WGAR3XTVB9V8D3BYAAN-ams
server
Fly/3edcda02 (2022-05-10)
x-fly-region
ams
content-type
application/json
access-control-allow-origin
*
via
1.1 vegur, 2 fly.io
/
options.kickoffpages.com/162395/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://options.kickoffpages.com/162395/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a09:8280:1:d278:5448:dc98:c3db:7cb7 , United States, ASN40509 (FLY, US),
Reverse DNS
Software
Fly/3edcda02 (2022-05-10) /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src https: wss: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=15552000;
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://win.gettheelevator.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

access-control-allow-headers
Authorization, Content-Type, Accept
access-control-allow-origin
*
allow
GET, OPTIONS
content-length
0
content-security-policy
default-src https: wss: data: 'unsafe-inline' 'unsafe-eval'
content-type
text/html;charset=utf-8
date
Wed, 11 May 2022 09:08:26 GMT
fly-request-id
01G2S60W34YA11HJEBB51905S6-ams
k-id
11
k-protect
on
referrer-policy
no-referrer-when-downgrade
server
Fly/3edcda02 (2022-05-10)
strict-transport-security
max-age=15552000;
via
1.1 vegur, 2 fly.io
x-content-type-options
nosniff
x-fly-region
ams
x-xss-protection
1; mode=block
f9c6c924-f944-4e6b-8350-e1b48b6539ff
api.kickofflabs.com/stats/b/ 		35 B
271 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://api.kickofflabs.com/stats/b/f9c6c924-f944-4e6b-8350-e1b48b6539ff?rid=7353541b-835c-4dc9-8dc5-76bd4cbf4c0f&uid=dc31751d-c860-4767-9c46-6bc8e28111f4&sid=f3e27081-0c51-4887-85da-6b90e6893d7c&kid=false&url=https%3A%2F%2Fwin.gettheelevator.com%2Fppy%3Futm_source%3DGetTheElevatordotcom&lid=162395&language=en-US&%5Bcustom%5Dtheme=basic_droppable&%5Bcustom%5DpageType=signup_page&source=koljs.356397&if=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.204.242.176 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-204-242-176.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://win.gettheelevator.com/ppy?utm_source=GetTheElevatordotcom
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Wed, 11 May 2022 09:08:27 GMT
Via
1.1 vegur
X-Content-Type-Options
nosniff
Last-Modified
Mon, 11 Apr 2022 13:29:21 GMT
Server
Cowboy
Content-Type
image/gif
Connection
keep-alive
Content-Length
35
dc31751d-c860-4767-9c46-6bc8e28111f4
leads.kickofflabs.com/anon/162395/ 		469 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://leads.kickofflabs.com/anon/162395/dc31751d-c860-4767-9c46-6bc8e28111f4?in=true
Requested by
Host: cdn.kickoffpages.com
URL: https://cdn.kickoffpages.com/2.1.0/kol.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.205.222.128 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-205-222-128.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
c24f0fe334172bae81303f4b69cb8730bd278238be435f3493281133c617d336
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept
application/json
Referer
https://win.gettheelevator.com/ppy?utm_source=GetTheElevatordotcom
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
content-type
application/json

Response headers

Date
Wed, 11 May 2022 09:08:27 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Access-Control-Allow-Origin
*
Transfer-Encoding
chunked
Access-Control-Allow-Methods
GET, POST, OPTIONS
Connection
keep-alive
Vary
Accept-Encoding
X-Xss-Protection
0
X-Request-Id
a81735b9-2723-474d-84c2-ff009f64c232
X-Runtime
0.031721
Referrer-Policy
strict-origin
Server
Cowboy
X-Frame-Options
SAMEORIGIN
Etag
W/"4242270e2a2e174422bc39b456b7ab3f"
X-Download-Options
noopen
Access-Control-Max-Age
1728000
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
application/json; charset=utf-8
Via
1.1 vegur
Expires
Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control
no-cache, no-store
Pragma
no-cache
dc31751d-c860-4767-9c46-6bc8e28111f4
leads.kickofflabs.com/anon/162395/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://leads.kickofflabs.com/anon/162395/dc31751d-c860-4767-9c46-6bc8e28111f4?in=true
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.205.222.128 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-205-222-128.compute-1.amazonaws.com
Software
Cowboy /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://win.gettheelevator.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Access-Control-Allow-Headers
X-Requested-With, X-Prototype-Version, Content-Type
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Origin
*
Access-Control-Max-Age
1728000
Cache-Control
no-cache, no-store
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/plain; charset=utf-8
Date
Wed, 11 May 2022 09:08:26 GMT
Etag
W/"c4a8e7df650d0bb509f392bd47c05d98"
Expires
Fri, 01 Jan 1990 00:00:00 GMT
Pragma
no-cache
Referrer-Policy
strict-origin
Server
Cowboy
Strict-Transport-Security
max-age=31536000; includeSubDomains
Transfer-Encoding
chunked
Vary
Accept-Encoding
Via
1.1 vegur
X-Content-Type-Options
nosniff
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
X-Permitted-Cross-Domain-Policies
none
X-Request-Id
77b1096d-9645-4512-9455-12c9005544ef
X-Runtime
0.002822
X-Xss-Protection
0

Verdicts & Comments Add Verdict or Comment

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails object| FontAwesomeKitConfig boolean| kol_skip_font_awesome object| KOLSettings object| kol_oauth_options object| kolOptions function| setKolInputValue function| runKolInstantSignup function| setImmediate function| clearImmediate function| KOL object| _kol boolean| _kolDebuggingEnabled object| __kol_analytics

2 Cookies

Domain/Path Name / Value
win.gettheelevator.com/ Name: kola.162395
Value: dc31751d-c860-4767-9c46-6bc8e28111f4
win.gettheelevator.com/ Name: kola.162395.session
Value: f3e27081-0c51-4887-85da-6b90e6893d7c

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src https: wss: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=15552000;
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.kickofflabs.com
cdn.kickoffpages.com
d1y0v6ricksqp.cloudfront.net
elevator.cmail20.com
fonts.googleapis.com
fonts.gstatic.com
ka-p.fontawesome.com
kit.fontawesome.com
leads.kickofflabs.com
options.kickoffpages.com
win.gettheelevator.com
18.196.121.95
18.205.222.128
18.64.115.49
18.66.242.33
2606:4700::6812:1734
2a00:1450:4001:802::2003
2a00:1450:4001:810::200a
2a09:8280:1:d278:5448:dc98:c3db:7cb7
52.204.242.176
041ac3fde06808cfaae62c19c87dd0df3497cfa51d33e41dce44432fa4102af5
0e868ca932480407e63d27e8e868cb1514581142928b9be15ec9039bf5fe348f
16f8b53d6ba2ffb7036a64e24c840f5a0022d1a0b1b2feb9d2b199c820f8659f
190313afa651044cb3e722f3089122334ad6347215def4588d08297feb125fd5
2246212770d7ee65ae37c08cf280be33a1cf5a1fe0409d5aac3ae8a964907ce9
2273b9982b28a5ba69b6c6bd9ba45410a0ce5b18a2ff61f930421a1ad0766a82
233892c1230257a59c75c85e3757af3ad91c610379ce6c8d878198cb158a9f63
5226888ae3629383eced57d2726af10fda976ebf2b8b7596659aecb76dc30683
5a4f44c3fce1e269f848b904c3b60361f4c13093f1f4f5ac6712f33b12a47481
5c18143e04c87be1cc4e9b3e7a5aefc36ba74a17b8118c7fb8d35d4535f66243
66a4d1f3bbcfa4e08869f5312bacc46e3df02f5bc1ea5a4835ce10c9fb1c25e7
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
a83f3e7c2acee6c1be9609cbb7d0dc70c9bf539f2653399547de62208bb559ae
c24f0fe334172bae81303f4b69cb8730bd278238be435f3493281133c617d336
cce577471c2586f3e0c2518fff84a970d33f61491fb8c629341b86f238cf07c0
e9ec107bcbbd5be35076a670a1352645dbe808a64809e854204b32eacf4a7e8b
f8d792d70c4ede731f587928a8e7662794c8898aff4d0f7ef551426196776f61