urlscan.io logo urlscan.io
SecurityTrails logo

candan.friecheyi.lat Open in urlscan Pro
188.114.97.3  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://ltgmyz.shalomautohits.com/M2hFMUhVTWlGUW5hNnNvOUx1ODdabHNvbktMUVJ0QmRkdTQ1c2hrLzAwMDJ3WndYSGVNSU4rZGY3NzlUd29aeTBOLzRwTVJC...
Effective URL: https://candan.friecheyi.lat/zifs/lcuk/josn/oayvb?5ad777d770c2a7a1be928d37e224d5b1
Submission: On October 04 via manual from FR — Scanned from FR
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 6 domains to perform 24 HTTP transactions. The main IP is 188.114.97.3, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is candan.friecheyi.lat.
TLS certificate: Issued by WE1 on September 16th 2024. Valid for: 3 months.
This is the only time candan.friecheyi.lat was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Scam (Online)

Domain & IP information

IP Address AS Autonomous System
1 1 23.239.30.116 63949 (AKAMAI-LI...)
1 193.25.219.34 8100 (ASN-QUADR...)
1 2 188.114.96.3 13335 (CLOUDFLAR...)
1 22 188.114.97.3 13335 (CLOUDFLAR...)
1 2606:4700:303... 13335 (CLOUDFLAR...)
24 4
1    23.239.30.116 (Richardson, United States)

ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: 23-239-30-116.ip.linodeusercontent.com
ltgmyz.shalomautohits.com
1    193.25.219.34 (Ashburn, United States)

ASN8100 (ASN-QUADRANET-GLOBAL, US)
antrolander.com
2    188.114.96.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)
playedlevel.click
trk-elevostra.com
22    188.114.97.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)
candan.friecheyi.lat
event.trk-elevostra.com
1    2606:4700:3036::6815:1b98 (United States)

ASN13335 (CLOUDFLARENET, US)
use.fontawesome.com
Apex Domain
Subdomains		 Transfer
19 friecheyi.lat
candan.friecheyi.lat
154 KB
4 trk-elevostra.com
trk-elevostra.com — Cisco Umbrella Rank: 437114
event.trk-elevostra.com — Cisco Umbrella Rank: 451075
3 KB
1 fontawesome.com
use.fontawesome.com — Cisco Umbrella Rank: 1222
426 KB
1 playedlevel.click
playedlevel.click
693 B
1 antrolander.com
antrolander.com
421 B
1 shalomautohits.com
ltgmyz.shalomautohits.com
371 B
24 6
Domain Requested by
19 candan.friecheyi.lat 1 redirects antrolander.com
candan.friecheyi.lat
3 event.trk-elevostra.com trk-elevostra.com
1 trk-elevostra.com candan.friecheyi.lat
1 use.fontawesome.com candan.friecheyi.lat
1 playedlevel.click 1 redirects
1 antrolander.com
1 ltgmyz.shalomautohits.com 1 redirects
24 7

This site contains no links.

Subject Issuer Validity Valid
antrolander.com
R10		 2024-08-14 -
2024-11-12		 3 months crt.sh
friecheyi.lat
WE1		 2024-09-16 -
2024-12-15		 3 months crt.sh
use.fontawesome.com
WE1		 2024-09-09 -
2024-12-09		 3 months crt.sh
trk-elevostra.com
WE1		 2024-08-11 -
2024-11-09		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://candan.friecheyi.lat/zifs/lcuk/josn/oayvb?5ad777d770c2a7a1be928d37e224d5b1
Frame ID: 7A6D08824AB1968E1B81610ECAB4FB6E
Requests: 21 HTTP requests in this frame

Frame: https://candan.friecheyi.lat/cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/main.js
Frame ID: 7629CBC15386DD56F7F1E7C33272525C
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

[1] Récompense en attente - AXA - Nous voulons votre avis!

Page URL History Show full URLs

  1. http://ltgmyz.shalomautohits.com/M2hFMUhVTWlGUW5hNnNvOUx1ODdabHNvbktMUVJ0QmRkdTQ1c2hrLzAwMDJ3WndYSGVNSU4rZGY3... HTTP 307
    https://ltgmyz.shalomautohits.com/M2hFMUhVTWlGUW5hNnNvOUx1ODdabHNvbktMUVJ0QmRkdTQ1c2hrLzAwMDJ3WndYSGVNSU4rZGY3... HTTP 307
    http://ltgmyz.shalomautohits.com/M2hFMUhVTWlGUW5hNnNvOUx1ODdabHNvbktMUVJ0QmRkdTQ1c2hrLzAwMDJ3WndYSGVNSU4rZGY3... HTTP 302
    https://antrolander.com/0/0/0/a46a0f38b38ea86438917fd4085b0b2e/2/1218_66655/15315_1_2506727_md Page URL
  2. https://playedlevel.click/?id=297&s1=350238&s2=1236734464&s3=7649&s4=4598&p=fr5yasweps3a HTTP 302
    https://candan.friecheyi.lat/zifs/lcuk/josn/oayvb?5ad777d770c2a7a1be928d37e224d5b1 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link [^>]+(?:/([\d.]+)/)?animate\.(?:min\.)?css
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

24
Requests

96 %
HTTPS

20 %
IPv6

6
Domains

7
Subdomains

4
IPs

2
Countries

583 kB
Transfer

1433 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://ltgmyz.shalomautohits.com/M2hFMUhVTWlGUW5hNnNvOUx1ODdabHNvbktMUVJ0QmRkdTQ1c2hrLzAwMDJ3WndYSGVNSU4rZGY3NzlUd29aeTBOLzRwTVJCdS9pSWtHcnlPUUxlZ096WEFmb1VIU1doZzM3WldyMUUxWHJBRFhJMk05TE1xNTMxVzBPbVM5a0xPQVRPVzJEVlUya3RVblFYUmU0Q1NBPT0_ HTTP 307
    https://ltgmyz.shalomautohits.com/M2hFMUhVTWlGUW5hNnNvOUx1ODdabHNvbktMUVJ0QmRkdTQ1c2hrLzAwMDJ3WndYSGVNSU4rZGY3NzlUd29aeTBOLzRwTVJCdS9pSWtHcnlPUUxlZ096WEFmb1VIU1doZzM3WldyMUUxWHJBRFhJMk05TE1xNTMxVzBPbVM5a0xPQVRPVzJEVlUya3RVblFYUmU0Q1NBPT0_ HTTP 307
    http://ltgmyz.shalomautohits.com/M2hFMUhVTWlGUW5hNnNvOUx1ODdabHNvbktMUVJ0QmRkdTQ1c2hrLzAwMDJ3WndYSGVNSU4rZGY3NzlUd29aeTBOLzRwTVJCdS9pSWtHcnlPUUxlZ096WEFmb1VIU1doZzM3WldyMUUxWHJBRFhJMk05TE1xNTMxVzBPbVM5a0xPQVRPVzJEVlUya3RVblFYUmU0Q1NBPT0_ HTTP 302
    https://antrolander.com/0/0/0/a46a0f38b38ea86438917fd4085b0b2e/2/1218_66655/15315_1_2506727_md Page URL
  2. https://playedlevel.click/?id=297&s1=350238&s2=1236734464&s3=7649&s4=4598&p=fr5yasweps3a HTTP 302
    https://candan.friecheyi.lat/zifs/lcuk/josn/oayvb?5ad777d770c2a7a1be928d37e224d5b1 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://ltgmyz.shalomautohits.com/M2hFMUhVTWlGUW5hNnNvOUx1ODdabHNvbktMUVJ0QmRkdTQ1c2hrLzAwMDJ3WndYSGVNSU4rZGY3NzlUd29aeTBOLzRwTVJCdS9pSWtHcnlPUUxlZ096WEFmb1VIU1doZzM3WldyMUUxWHJBRFhJMk05TE1xNTMxVzBPbVM5a0xPQVRPVzJEVlUya3RVblFYUmU0Q1NBPT0_ HTTP 307
  • https://ltgmyz.shalomautohits.com/M2hFMUhVTWlGUW5hNnNvOUx1ODdabHNvbktMUVJ0QmRkdTQ1c2hrLzAwMDJ3WndYSGVNSU4rZGY3NzlUd29aeTBOLzRwTVJCdS9pSWtHcnlPUUxlZ096WEFmb1VIU1doZzM3WldyMUUxWHJBRFhJMk05TE1xNTMxVzBPbVM5a0xPQVRPVzJEVlUya3RVblFYUmU0Q1NBPT0_ HTTP 307
  • http://ltgmyz.shalomautohits.com/M2hFMUhVTWlGUW5hNnNvOUx1ODdabHNvbktMUVJ0QmRkdTQ1c2hrLzAwMDJ3WndYSGVNSU4rZGY3NzlUd29aeTBOLzRwTVJCdS9pSWtHcnlPUUxlZ096WEFmb1VIU1doZzM3WldyMUUxWHJBRFhJMk05TE1xNTMxVzBPbVM5a0xPQVRPVzJEVlUya3RVblFYUmU0Q1NBPT0_ HTTP 302
  • https://antrolander.com/0/0/0/a46a0f38b38ea86438917fd4085b0b2e/2/1218_66655/15315_1_2506727_md
Request Chain 12
  • https://candan.friecheyi.lat/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://candan.friecheyi.lat/cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/main.js

24 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
15315_1_2506727_md
antrolander.com/0/0/0/a46a0f38b38ea86438917fd4085b0b2e/2/1218_66655/
Redirect Chain
  • http://ltgmyz.shalomautohits.com/M2hFMUhVTWlGUW5hNnNvOUx1ODdabHNvbktMUVJ0QmRkdTQ1c2hrLzAwMDJ3WndYSGVNSU4rZGY3NzlUd29aeTBOLzRwTVJCdS9pSWtHcnlPUUxlZ096WEFmb1VIU1doZzM3WldyMUUxWHJBRFhJMk05TE1xNTMxVzBP...
  • https://ltgmyz.shalomautohits.com/M2hFMUhVTWlGUW5hNnNvOUx1ODdabHNvbktMUVJ0QmRkdTQ1c2hrLzAwMDJ3WndYSGVNSU4rZGY3NzlUd29aeTBOLzRwTVJCdS9pSWtHcnlPUUxlZ096WEFmb1VIU1doZzM3WldyMUUxWHJBRFhJMk05TE1xNTMxVzB...
  • http://ltgmyz.shalomautohits.com/M2hFMUhVTWlGUW5hNnNvOUx1ODdabHNvbktMUVJ0QmRkdTQ1c2hrLzAwMDJ3WndYSGVNSU4rZGY3NzlUd29aeTBOLzRwTVJCdS9pSWtHcnlPUUxlZ096WEFmb1VIU1doZzM3WldyMUUxWHJBRFhJMk05TE1xNTMxVzBP...
  • https://antrolander.com/0/0/0/a46a0f38b38ea86438917fd4085b0b2e/2/1218_66655/15315_1_2506727_md
151 B
421 B 		Document
General
Check archive.org
Download Go to
Full URL
https://antrolander.com/0/0/0/a46a0f38b38ea86438917fd4085b0b2e/2/1218_66655/15315_1_2506727_md
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
193.25.219.34 Ashburn, United States, ASN8100 (ASN-QUADRANET-GLOBAL, US),
Reverse DNS
Software
nginx/1.12.2 /
Resource Hash
6aa03d0b206343c5c678b1cfb10f776563b345c7fc9e21fdfe7de35ac21df173

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Fri, 04 Oct 2024 07:16:26 GMT
server
nginx/1.12.2
vary
Accept-Encoding

Redirect headers

Connection
Keep-Alive
Content-Length
1631
Content-Type
text/html; charset=UTF-8
Date
Fri, 04 Oct 2024 07:16:24 GMT
Keep-Alive
timeout=5, max=100
Location
https://antrolander.com/0/0/0/a46a0f38b38ea86438917fd4085b0b2e/2/1218_66655/15315_1_2506727_md
Server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.33
X-Powered-By
PHP/7.1.33
Primary Request oayvb
candan.friecheyi.lat/zifs/lcuk/josn/
Redirect Chain
  • https://playedlevel.click/?id=297&s1=350238&s2=1236734464&s3=7649&s4=4598&p=fr5yasweps3a
  • https://candan.friecheyi.lat/zifs/lcuk/josn/oayvb?5ad777d770c2a7a1be928d37e224d5b1
31 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://candan.friecheyi.lat/zifs/lcuk/josn/oayvb?5ad777d770c2a7a1be928d37e224d5b1
Requested by
Host: antrolander.com
URL: https://antrolander.com/0/0/0/a46a0f38b38ea86438917fd4085b0b2e/2/1218_66655/15315_1_2506727_md
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3233440ed3f4fda193b3e4e7ddee3fd65c6da9cb8b6e2ccba3854a3d6951a7ef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://antrolander.com/0/0/0/a46a0f38b38ea86438917fd4085b0b2e/2/1218_66655/15315_1_2506727_md
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
8cd362f62e13b89d-AMS
content-encoding
br
content-type
text/html; charset=UTF-8
date
Fri, 04 Oct 2024 07:16:27 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QF%2BC5YCKr8ee%2F5pn6EovWlZjtoNRfli6u7DjGwH7Ts4Q9HzVZQZX8%2BM7XmzStCHQMa0oXJSU%2FlSyfuVQUCKyHavYa8VY2wSZoIUiSXvJb3lmhCKs2LwfUV%2F68Z5LOhA3aXwSastsyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
speculation-rules
"/cdn-cgi/speculation"
vary
Accept-Encoding,User-Agent
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache, no-store, must-revalidate, max-age=0
cf-cache-status
DYNAMIC
cf-ray
8cd362f1eaf89e4f-CDG
content-type
text/html; charset=UTF-8
date
Fri, 04 Oct 2024 07:16:27 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
location
https://candan.friecheyi.lat/zifs/lcuk/josn/oayvb?5ad777d770c2a7a1be928d37e224d5b1
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RKUqc9%2BqPf%2Buoa68B8TISuVj7m%2Fp4Y%2ByqtzKmj%2FUMWby79MUag4KbwmXIydLg%2BJ27U%2BRl3iNyQpPr4z%2FAm5zOKPWSUWo1LcwRoSE%2BChkb%2FepYZQgQtZvof5IjH%2Fo%2BYd%2FgA6xHw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
speculation-rules
"/cdn-cgi/speculation"
vary
User-Agent
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
speculation
candan.friecheyi.lat/cdn-cgi/ 		128 B
557 B 		Other
General
Check archive.org
Download Go to
Full URL
https://candan.friecheyi.lat/cdn-cgi/speculation
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://candan.friecheyi.lat
Referer
https://candan.friecheyi.lat/zifs/lcuk/josn/oayvb?5ad777d770c2a7a1be928d37e224d5b1

Response headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6b%2Fzv5G7sbhQSajU8okx%2F9fv5PUJprd%2FIxguHjsFex6V3L%2BY25lq%2B%2BKDaxb82H9MQApGWp%2BhmZTIRML6TSMp%2FSOQME1PBozAimd8tmPEXW3pObeK1Nv5MANa7SmXLk3sf8JSHlTt7A%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8cd362f8f958b89d-AMS
access-control-allow-origin
https://candan.friecheyi.lat
content-length
128
date
Fri, 04 Oct 2024 07:16:27 GMT
content-type
application/speculationrules+json
vary
Origin, Accept-Encoding
server
cloudflare
style.min.css
candan.friecheyi.lat/master/us217/ 		10 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://candan.friecheyi.lat/master/us217/style.min.css
Requested by
Host: candan.friecheyi.lat
URL: https://candan.friecheyi.lat/zifs/lcuk/josn/oayvb?5ad777d770c2a7a1be928d37e224d5b1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6caf13740d5c60ca2000ea3d29617163e6c72636984aaa0fa0721c24f758d6a8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://candan.friecheyi.lat/zifs/lcuk/josn/oayvb?5ad777d770c2a7a1be928d37e224d5b1

Response headers

cache-control
public, max-age=604800
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-cache-status
MISS
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o7nWtIkEvVSouwMhZRsXqLIkdqvI65jCgVX9a8bJoaCPDs8appl8V2tRasZ2T5T37NzsuBNp871opmTphnF0H5YbTyJWf0XWRDLImvR1n4Mfb1N%2B6gZwgVNMdxAsR1Yq%2Bic6gU3r6w%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
cf-ray
8cd362f8f95db89d-AMS
expires
Fri, 11 Oct 2024 07:16:27 GMT
date
Fri, 04 Oct 2024 07:16:28 GMT
x-xss-protection
1; mode=block
content-type
text/css
last-modified
Thu, 05 Sep 2024 16:52:30 GMT
vary
Accept-Encoding,User-Agent
server
cloudflare
x-frame-options
SAMEORIGIN
animate.min.css
candan.friecheyi.lat/master/us217/ 		70 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://candan.friecheyi.lat/master/us217/animate.min.css
Requested by
Host: candan.friecheyi.lat
URL: https://candan.friecheyi.lat/zifs/lcuk/josn/oayvb?5ad777d770c2a7a1be928d37e224d5b1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fbaeb9f8e25d7e0143bae61d4b1802c16ce7390b96ceb2d498b0d96ff4c853f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://candan.friecheyi.lat/zifs/lcuk/josn/oayvb?5ad777d770c2a7a1be928d37e224d5b1

Response headers

cache-control
public, max-age=604800
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-cache-status
MISS
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IxVaUoa5RcUOnHgwv%2BkFn5tIUJJByCA8CDYA0nbCukdFokOZIK2mFR%2FWqk%2F0gvdu44Wg8NgxW0Dztz3LUN9Idk4tDUEhbV75CwQlCsvT1MmYhQUwyuIBqiotNmPEFf8olWEAu9EO8w%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
cf-ray
8cd362f8f95eb89d-AMS
expires
Fri, 11 Oct 2024 07:16:27 GMT
date
Fri, 04 Oct 2024 07:16:28 GMT
x-xss-protection
1; mode=block
content-type
text/css
last-modified
Thu, 05 Sep 2024 16:49:32 GMT
vary
Accept-Encoding,User-Agent
server
cloudflare
x-frame-options
SAMEORIGIN
_modal.css
candan.friecheyi.lat/master/terms/css/ 		856 B
766 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://candan.friecheyi.lat/master/terms/css/_modal.css
Requested by
Host: candan.friecheyi.lat
URL: https://candan.friecheyi.lat/zifs/lcuk/josn/oayvb?5ad777d770c2a7a1be928d37e224d5b1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c13143d30386f99ed1f568d31d682054bec5dd0b74be1d5d98ec27eb81cd670c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://candan.friecheyi.lat/zifs/lcuk/josn/oayvb?5ad777d770c2a7a1be928d37e224d5b1

Response headers

cache-control
public, max-age=604800
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-cache-status
MISS
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CQAgueW2uTMZ7Lykf0EiA2btQyu%2F8AWIH5t4Ad1hWET2cERsIsyySBr4mrV%2Ffhso4p4Izz4vHznAkXh1xulXbc6J3XpucGLXO8AD%2F0WNOMxv4ETGNMGoNdSTiokdITwDW8O9BVZv5w%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
cf-ray
8cd362f8f95fb89d-AMS
expires
Fri, 11 Oct 2024 07:16:28 GMT
date
Fri, 04 Oct 2024 07:16:28 GMT
x-xss-protection
1; mode=block
content-type
text/css
last-modified
Tue, 06 Aug 2024 13:51:59 GMT
vary
Accept-Encoding,User-Agent
server
cloudflare
x-frame-options
SAMEORIGIN
all.js
use.fontawesome.com/releases/v5.15.4/js/ 		1 MB
426 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://use.fontawesome.com/releases/v5.15.4/js/all.js
Requested by
Host: candan.friecheyi.lat
URL: https://candan.friecheyi.lat/zifs/lcuk/josn/oayvb?5ad777d770c2a7a1be928d37e224d5b1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::6815:1b98 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
812ab0e46f86b2ce98ab2425ab2224b90d0845952a1ac0d5abd734b6217e98bf

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://candan.friecheyi.lat
Referer
https://candan.friecheyi.lat/

Response headers

cache-control
max-age=31556926
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-cache-status
HIT
etag
W/"5e29440867fdb02a48dffded02338c31"
age
313759
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iXNNFQqsB8zBq2nk4TssNd%2BTWKVG6vxgRt1TGS%2B2ZCD2HEnDzGWSu16uDApBiS2jkiggVD3dc3G5Dy0QB1MmNo3NDdIsT2atnE4BIlgBndFsZT1H4Op7%2B29YeQ2l5JbRDvWt6qnbOqm3wL4f4hYfTCcb"}],"group":"cf-nel","max_age":604800}
cf-ray
8cd362fcaf230479-CDG
access-control-allow-origin
*
date
Fri, 04 Oct 2024 07:16:28 GMT
content-type
application/javascript
last-modified
Fri, 22 Sep 2023 01:45:24 GMT
vary
Origin, Accept-Encoding
server
cloudflare
frdatehead.js
candan.friecheyi.lat/master/us217/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://candan.friecheyi.lat/master/us217/frdatehead.js
Requested by
Host: candan.friecheyi.lat
URL: https://candan.friecheyi.lat/zifs/lcuk/josn/oayvb?5ad777d770c2a7a1be928d37e224d5b1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7e4de6c3b6ae05268f9978693d92bbe4446b12a5ff6742cac043c1add3f8d76c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://candan.friecheyi.lat/zifs/lcuk/josn/oayvb?5ad777d770c2a7a1be928d37e224d5b1

Response headers

cache-control
public, max-age=604800
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-cache-status
MISS
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lxEPStGBrFOKry8gz9rqAd3o5b13Csr0GMyxQ%2BioFEFX%2FnhmT%2FFoLV7zYOP0vKiE1svezvR58mmdzRotDNp4kc8NJ3VaHb2HdEdA%2F2yxk20QNRhtSVM2AyMes8hZxjqUNX5Yy7CDpw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
cf-ray
8cd362f8f961b89d-AMS
expires
Fri, 11 Oct 2024 07:16:28 GMT
date
Fri, 04 Oct 2024 07:16:28 GMT
x-xss-protection
1; mode=block
content-type
application/javascript
last-modified
Tue, 17 Sep 2024 13:36:55 GMT
vary
Accept-Encoding,User-Agent
server
cloudflare
x-frame-options
SAMEORIGIN
msg.js
candan.friecheyi.lat/inc/ 		943 B
895 B 		Script
General
Check archive.org
Download Go to
Full URL
https://candan.friecheyi.lat/inc/msg.js?d76fde9dc6f6ad8ba384811b1923d2eb
Requested by
Host: candan.friecheyi.lat
URL: https://candan.friecheyi.lat/zifs/lcuk/josn/oayvb?5ad777d770c2a7a1be928d37e224d5b1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
19f7dd15af70121da291e6df75452886b47a5d0e074f2ed422be30e8ec5d9671
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://candan.friecheyi.lat/zifs/lcuk/josn/oayvb?5ad777d770c2a7a1be928d37e224d5b1

Response headers

cache-control
public, max-age=604800
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-cache-status
MISS
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=afeazSIVHskuRdz%2FicTsNqCuVnyflaN3fDtixYlGeJi7E7H3M8cZLVEvJNtcueHBxz%2FylxUH%2FatoK28qseKkpgkkOCUCO9ZKAl%2FmoO7F0O5dCw0iql8UsK2NqRfl%2B7LkBqJLMVOGGA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
cf-ray
8cd362f8f963b89d-AMS
expires
Fri, 11 Oct 2024 07:16:27 GMT
date
Fri, 04 Oct 2024 07:16:28 GMT
x-xss-protection
1; mode=block
content-type
application/javascript
last-modified
Fri, 21 Jun 2024 16:01:34 GMT
vary
Accept-Encoding,User-Agent
server
cloudflare
x-frame-options
SAMEORIGIN
frscript.js
candan.friecheyi.lat/master/us217/ 		10 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://candan.friecheyi.lat/master/us217/frscript.js?v=1
Requested by
Host: candan.friecheyi.lat
URL: https://candan.friecheyi.lat/zifs/lcuk/josn/oayvb?5ad777d770c2a7a1be928d37e224d5b1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f92638fb57584976610b745de705d7c28cbeaebb5d80532c83e005d45633066a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://candan.friecheyi.lat/zifs/lcuk/josn/oayvb?5ad777d770c2a7a1be928d37e224d5b1

Response headers

cache-control
public, max-age=604800
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-cache-status
MISS
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m1Eo5jRpClworSQ5Yn9GEGeA12Piz%2FGsFBaGk00lLp2encTS%2ByOKkV56eYoiSv%2FTy2qTiBwZeggEz2zYSJsskvq%2BTEZ2lXr3G5YvCFsuyyavQsi908bfi1CIpE74euYq8mVBa6%2F0Vg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
cf-ray
8cd362f8f964b89d-AMS
expires
Fri, 11 Oct 2024 07:16:28 GMT
date
Fri, 04 Oct 2024 07:16:28 GMT
x-xss-protection
1; mode=block
content-type
application/javascript
last-modified
Fri, 13 Sep 2024 21:37:18 GMT
vary
Accept-Encoding,User-Agent
server
cloudflare
x-frame-options
SAMEORIGIN
_modal.js
candan.friecheyi.lat/master/terms/js/ 		1 KB
899 B 		Script
General
Check archive.org
Download Go to
Full URL
https://candan.friecheyi.lat/master/terms/js/_modal.js?v=7
Requested by
Host: candan.friecheyi.lat
URL: https://candan.friecheyi.lat/zifs/lcuk/josn/oayvb?5ad777d770c2a7a1be928d37e224d5b1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
46d905535d1c01dce9ae142489d9b063640d239444eadf5e86ed2911764238c2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://candan.friecheyi.lat/zifs/lcuk/josn/oayvb?5ad777d770c2a7a1be928d37e224d5b1

Response headers

cache-control
public, max-age=604800
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
cf-cache-status
MISS
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z6sap7MyD2cdqtb1EP2lMZHAdUf%2B6K6pm%2BCjzhMRM1GvrhPnUcgDiKFpOZMqILiM8hzb9C12x5jTips5ftb%2BHhpaAKXXnotxKolM5qSp9GCXIiVmvIctL0kel1U65PNHuL8l%2B2En8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
cf-ray
8cd362f8f967b89d-AMS
expires
Fri, 11 Oct 2024 07:16:28 GMT
date
Fri, 04 Oct 2024 07:16:28 GMT
x-xss-protection
1; mode=block
content-type
application/javascript
last-modified
Tue, 06 Aug 2024 14:09:18 GMT
vary
Accept-Encoding,User-Agent
server
cloudflare
x-frame-options
SAMEORIGIN
v9e118mez8
trk-elevostra.com/scripts/push/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://trk-elevostra.com/scripts/push/v9e118mez8
Requested by
Host: candan.friecheyi.lat
URL: https://candan.friecheyi.lat/inc/msg.js?d76fde9dc6f6ad8ba384811b1923d2eb
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0023a8f8391b10006ee27598323de8d0e3d019755e8f7a16e88464b1aef00b39
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://candan.friecheyi.lat/

Response headers

content-encoding
gzip
cf-cache-status
HIT
age
1692
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BPHzzDxAvGbkCc2fNSZ8Xg0PCPPH%2BK9X2l98OziRFtkBm2klggOpNhTAAmAMRicRfPXrgoQcRMOKJftqzmMETThN6Ts9Odm3TK9iTsfKWKVPzwIGd%2BHAqlY00Pbut0LjicATiA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
expires
0
date
Fri, 04 Oct 2024 07:16:28 GMT
content-type
application/javascript;charset=UTF-8
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified
Fri, 04 Oct 2024 06:48:16 GMT
x-frame-options
SAMEORIGIN
content-security-policy
default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
cache-control
max-age=14400, must-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
cf-ray
8cd362fcad87b88b-AMS
permissions-policy
camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
accept-ranges
bytes
content-length
2519
x-xss-protection
1; mode=block
server
cloudflare
bg.jpg
candan.friecheyi.lat/master/us217/ 		20 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://candan.friecheyi.lat/master/us217/bg.jpg
Requested by
Host: candan.friecheyi.lat
URL: https://candan.friecheyi.lat/master/us217/style.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f28a85a0489527b0fdab6e9a3afa29d69436b0bfc39c8e92813e75043e131aaa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://candan.friecheyi.lat/master/us217/style.min.css

Response headers

cf-cache-status
MISS
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RB18BCOsHa2yYmiL7FV96oq%2BSMwvcycsE%2B%2B7QgE1d8BpXZnk4DAVA%2Bbv6FEg%2BelODdCaV%2FMglemzLdW0w%2FZKV%2FeWsQYUulzDXgZm7dEiLaac7TZA6baRK72zrqWYB%2FI2Nb83M%2FkhFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
expires
Fri, 11 Oct 2024 07:16:28 GMT
date
Fri, 04 Oct 2024 07:16:28 GMT
content-type
image/jpeg
last-modified
Thu, 05 Sep 2024 16:49:31 GMT
vary
User-Agent, Accept-Encoding
x-frame-options
SAMEORIGIN
cache-control
public, max-age=604800
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8cd362fc8e57b89d-AMS
accept-ranges
bytes
content-length
20407
x-xss-protection
1; mode=block
server
cloudflare
main.js
candan.friecheyi.lat/cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/ Frame 7629
Redirect Chain
  • https://candan.friecheyi.lat/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://candan.friecheyi.lat/cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/main.js?
8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://candan.friecheyi.lat/cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/main.js?
Requested by
Host: candan.friecheyi.lat
URL: https://candan.friecheyi.lat/zifs/lcuk/josn/oayvb?5ad777d770c2a7a1be928d37e224d5b1
Protocol
H3
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
12b139d7b9469623c8affe4fda4775d736def70b676916a6fbf6b51ae00d80af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

cache-control
max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UG%2FYv2XftRkHnIjcqbCQne0muW%2BRbOB%2BdZa%2F%2B4V6kA4KCaZEVcFU6hal20w3Kk4vcDxn0CsxbtEVcaS%2FsooQjNduT%2B8A76kV8njIu7AK%2FdEgsippOrJrrQJr62U%2BNucIxTtcvpoDxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
cf-ray
8cd362fe28c8b89d-AMS
date
Fri, 04 Oct 2024 07:16:28 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
cloudflare

Redirect headers

cache-control
max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
location
/cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/main.js?
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e%2FLGc4NFRPiVWJ6I73yVdvQKc4sAVW1pfjxdFhcDV7qdvxdfszq%2Frmj7Kler74wQJE5bkeqbM6nispCscfG0hfNj4iOZh1WymXKosIWUWr2peNZ%2BUj%2ByKy6xRAG56zq5kdImauyk6A%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8cd362fdc83eb89d-AMS
access-control-allow-origin
*
content-length
0
date
Fri, 04 Oct 2024 07:16:28 GMT
vary
Accept-Encoding
server
cloudflare
54bb1eb68af08a823c66eddb38a37760.png
candan.friecheyi.lat/master/us217/ 		16 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://candan.friecheyi.lat/master/us217/54bb1eb68af08a823c66eddb38a37760.png
Requested by
Host: candan.friecheyi.lat
URL: https://candan.friecheyi.lat/zifs/lcuk/josn/oayvb?5ad777d770c2a7a1be928d37e224d5b1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4895d0a0340799544cb23d4c6cb6289de3abaca6a41b1d28df80c7dd84c36a04
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://candan.friecheyi.lat/zifs/lcuk/josn/oayvb?5ad777d770c2a7a1be928d37e224d5b1

Response headers

cf-cache-status
MISS
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rVdYCH%2BEG7Y9JBJ4As5tjjwXNqV50QhVirbl7U3mIjADNBAi258AhnK7%2BzBj%2FWVicUaT1QOzmevEG9GuwxPgDhZ7iaoahM9kRWvbrWNqkzlYwaLQIyLY%2F36B7rhHo7WpqQiktK%2BidA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
expires
Fri, 11 Oct 2024 07:16:28 GMT
date
Fri, 04 Oct 2024 07:16:29 GMT
content-type
image/png
last-modified
Fri, 13 Sep 2024 20:57:13 GMT
vary
User-Agent, Accept-Encoding
x-frame-options
SAMEORIGIN
cache-control
public, max-age=604800
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8cd362fdf875b89d-AMS
accept-ranges
bytes
content-length
16543
x-xss-protection
1; mode=block
server
cloudflare
cbc99b1cf6f260aed84224cda0fba8c7.png
candan.friecheyi.lat/master/fr34/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://candan.friecheyi.lat/master/fr34/cbc99b1cf6f260aed84224cda0fba8c7.png
Requested by
Host: candan.friecheyi.lat
URL: https://candan.friecheyi.lat/zifs/lcuk/josn/oayvb?5ad777d770c2a7a1be928d37e224d5b1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b3113ea4c069eb2490e183654582950843447528e0a9d0c5299ee5d40ffb32f3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://candan.friecheyi.lat/zifs/lcuk/josn/oayvb?5ad777d770c2a7a1be928d37e224d5b1

Response headers

cf-cache-status
MISS
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZHaIWnH9MI%2Bs9W19GwQAeYBJzqwJ6AA7dovehGRmcaNyJQQbxJc67meQtBZZaedQziaHL3TS%2Fkvnbmv4gJ74vY80RZI9rBAKbcpUHKUnZ8AVe5Rpa059NzJTsuYMQIqd8aND1usV8g%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
expires
Fri, 11 Oct 2024 07:16:28 GMT
date
Fri, 04 Oct 2024 07:16:28 GMT
content-type
image/png
last-modified
Tue, 10 Sep 2024 18:14:41 GMT
vary
User-Agent, Accept-Encoding
x-frame-options
SAMEORIGIN
cache-control
public, max-age=604800
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8cd362fdf877b89d-AMS
accept-ranges
bytes
content-length
2184
x-xss-protection
1; mode=block
server
cloudflare
product.png
candan.friecheyi.lat/master/us217/ 		68 KB
69 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://candan.friecheyi.lat/master/us217/product.png
Requested by
Host: candan.friecheyi.lat
URL: https://candan.friecheyi.lat/zifs/lcuk/josn/oayvb?5ad777d770c2a7a1be928d37e224d5b1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
880bbc2874c289a5ae1c676116ac56a9bb7cb885467131fe8d2edcb90550f9ac
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://candan.friecheyi.lat/zifs/lcuk/josn/oayvb?5ad777d770c2a7a1be928d37e224d5b1

Response headers

cf-cache-status
MISS
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GcD2xBHJzqwZCXrf8i8I6u%2FbZNkNpKMsWPzqdCpGhFSw8hEKhwIIlcQNRkYDTsEK4dXIZNVUL%2BV726yJ8OkXq%2BrR7ZsdLhyvQ7%2BVaHsO9LuUwj6M5h50jLYHEoTMnCZgBcFvTC3O%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
expires
Fri, 11 Oct 2024 07:16:28 GMT
date
Fri, 04 Oct 2024 07:16:29 GMT
content-type
image/png
last-modified
Thu, 05 Sep 2024 16:49:32 GMT
vary
User-Agent, Accept-Encoding
x-frame-options
SAMEORIGIN
cache-control
public, max-age=604800
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8cd362fdf879b89d-AMS
accept-ranges
bytes
content-length
70077
x-xss-protection
1; mode=block
server
cloudflare
f_guarantee.png
candan.friecheyi.lat/master/us217/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://candan.friecheyi.lat/master/us217/f_guarantee.png
Requested by
Host: candan.friecheyi.lat
URL: https://candan.friecheyi.lat/zifs/lcuk/josn/oayvb?5ad777d770c2a7a1be928d37e224d5b1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bf97443d681d2bc0ca04b707d0d3d443bcf99b1bf4fc0af84ac51286d0b4e02b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://candan.friecheyi.lat/zifs/lcuk/josn/oayvb?5ad777d770c2a7a1be928d37e224d5b1

Response headers

cf-cache-status
MISS
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3SN3PEuVnimt5%2BsDsgepTl5UMAppulMnZxmQNdV%2F%2FvMhI8deOIkPx%2BjgK1I8sdFn5NLelYMp3egM1gdoQ7utAivLg1pnAVxfsM%2FXnkZNKlWx2ucAgPRnaX0FpIIFPzbOI%2Br87EGJHQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
expires
Fri, 11 Oct 2024 07:16:28 GMT
date
Fri, 04 Oct 2024 07:16:28 GMT
content-type
image/png
last-modified
Thu, 05 Sep 2024 16:49:31 GMT
vary
User-Agent, Accept-Encoding
x-frame-options
SAMEORIGIN
cache-control
public, max-age=604800
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8cd362fdf87ab89d-AMS
accept-ranges
bytes
content-length
6352
x-xss-protection
1; mode=block
server
cloudflare
f_secure_1.png
candan.friecheyi.lat/master/us217/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://candan.friecheyi.lat/master/us217/f_secure_1.png
Requested by
Host: candan.friecheyi.lat
URL: https://candan.friecheyi.lat/zifs/lcuk/josn/oayvb?5ad777d770c2a7a1be928d37e224d5b1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c6c896e27ff1f1d6cb22ce652dcca916946ce9f003bcb4fe30d1265fcb531a95
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://candan.friecheyi.lat/zifs/lcuk/josn/oayvb?5ad777d770c2a7a1be928d37e224d5b1

Response headers

cf-cache-status
MISS
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JWaQD4JWf1hjrSkdRbryDARdulOCzTOEg%2FV9UnV1ojp5vhXqDt4seV0AdUqfkLJdS1U8WjUWsCjBc2L7K%2BbT6U8EY%2BXuax18yzicKYbnObFR5yCASmzrc8db62EtSzJB8YDUxDTEcA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
expires
Fri, 11 Oct 2024 07:16:28 GMT
date
Fri, 04 Oct 2024 07:16:28 GMT
content-type
image/png
last-modified
Thu, 05 Sep 2024 16:49:31 GMT
vary
User-Agent, Accept-Encoding
x-frame-options
SAMEORIGIN
cache-control
public, max-age=604800
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8cd362fdf87cb89d-AMS
accept-ranges
bytes
content-length
9862
x-xss-protection
1; mode=block
server
cloudflare
8cd362f62e13b89d
candan.friecheyi.lat/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame 7629 		0
904 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://candan.friecheyi.lat/cdn-cgi/challenge-platform/h/g/jsd/r/8cd362f62e13b89d
Requested by
Host: candan.friecheyi.lat
URL: https://candan.friecheyi.lat/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
application/json
Referer

Response headers

cf-ray
8cd362ff39dfb89d-AMS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-length
0
date
Fri, 04 Oct 2024 07:16:28 GMT
content-type
text/plain; charset=UTF-8
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VsR%2B6QJjSkvhxkf0SMesAEKVSmjNJwZVt7BhQs27LenOxnkr5%2FryejBh10ghP3tI6IhBnMXiHpm1diDe8%2BkeCarRU2%2BtkBUV4aQzOfll1K3aCADys2%2BvImRSNt1XJjgUe61oWgv2aA%3D%3D"}],"group":"cf-nel","max_age":604800}
v9e118mez8
event.trk-elevostra.com/register/event_log/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://event.trk-elevostra.com/register/event_log/v9e118mez8
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://candan.friecheyi.lat
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-expose-headers
Authorization, Link, X-Total-Count, X-pushPlatformApp-alert, X-pushPlatformApp-error, X-pushPlatformApp-params
access-control-max-age
1800
cache-control
no-cache, no-store, max-age=0, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
8cd362ffe98ab909-AMS
content-length
0
content-security-policy
default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
date
Fri, 04 Oct 2024 07:16:29 GMT
expires
0
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
permissions-policy
camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Tcfnrautz4%2BDQBUJy8%2BUzWaM%2FyM6R2N0IHdgz8BSQ0975USzfl5wCJ2T6rXCjEdRQYJlODfty3kVgbw7cB%2FFErRj85dfFlOj9O1WD2JWXFsJCFv5Sqr2%2B6Y%2Fh2DWnVv%2FA4vA4Y8L6NtxXA%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
v9e118mez8
event.trk-elevostra.com/register/event_log/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://event.trk-elevostra.com/register/event_log/v9e118mez8
Requested by
Host: trk-elevostra.com
URL: https://trk-elevostra.com/scripts/push/v9e118mez8
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-type
application/json
Referer
https://candan.friecheyi.lat/

Response headers

access-control-expose-headers
Authorization, Link, X-Total-Count, X-pushPlatformApp-alert, X-pushPlatformApp-error, X-pushPlatformApp-params
x-pushplatformapp-alert
pushPlatformApp.pushSubscription.deleted
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VuDevbql4s9wwi2Nfa3BEGX5eGCl0Sv6qgrBY2%2Brwl8Rs1kB%2FpwFeZwZIoCfG2sjg4SS%2F1K2pxmCFcpTJ8rMxzmtmKNt4JnR61M%2Bm%2F3XXGqUM77EKphF4tZjeOtde4CumCDXKf2i4kshLA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
expires
0
alt-svc
h3=":443"; ma=86400
date
Fri, 04 Oct 2024 07:16:29 GMT
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
SAMEORIGIN
content-security-policy
default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
cache-control
no-cache, no-store, max-age=0, must-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
cf-ray
8cd363028cc2b909-AMS
permissions-policy
camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
x-pushplatformapp-params
access-control-allow-origin
*
content-length
0
x-xss-protection
1; mode=block
server
cloudflare
favicon.ico
candan.friecheyi.lat/ 		0
489 B 		Other
General
Check archive.org
Download Go to
Full URL
https://candan.friecheyi.lat/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://candan.friecheyi.lat/zifs/lcuk/josn/oayvb?5ad777d770c2a7a1be928d37e224d5b1

Response headers

cf-cache-status
HIT
age
46418
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8NU9aCx%2Fg6encAYQNMRwuyE73EuMuPxyWl3YAtm7hV78lWjXXT81vl%2FY3pXGHDMrjXXM%2B%2B1715RM3OnJUxz74ojR0pbq0XwuM06yXy8Ol9qlep07f81pSdiIBy3hVAUc5mAENClHsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
expires
Thu, 10 Oct 2024 18:22:51 GMT
date
Fri, 04 Oct 2024 07:16:29 GMT
content-type
image/x-icon
last-modified
Tue, 11 Jun 2024 20:46:17 GMT
vary
User-Agent, Accept-Encoding
x-frame-options
SAMEORIGIN
cache-control
public, max-age=604800
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8cd363043839b89d-AMS
accept-ranges
bytes
content-length
0
x-xss-protection
1; mode=block
server
cloudflare
v9e118mez8
event.trk-elevostra.com/register/event_log/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://event.trk-elevostra.com/register/event_log/v9e118mez8
Requested by
Host: trk-elevostra.com
URL: https://trk-elevostra.com/scripts/push/v9e118mez8
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-type
application/json
Referer
https://candan.friecheyi.lat/

Response headers

access-control-expose-headers
Authorization, Link, X-Total-Count, X-pushPlatformApp-alert, X-pushPlatformApp-error, X-pushPlatformApp-params
x-pushplatformapp-alert
pushPlatformApp.pushSubscription.deleted
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sROEDbgwLS5kusQHnw6LWt%2Fw0YUK40FY0zOwtCEPOMpozl1RNQy6ur1ckfNR4hHx17XXM%2BK0kQNBVfMc%2FKGTdod3bR2Tg2rEm4pxvg7DK0UtrwCW43zG8bT8rW5EmKgOlFLOt6OJ5l7AUA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
expires
0
date
Fri, 04 Oct 2024 07:16:30 GMT
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
x-frame-options
SAMEORIGIN
content-security-policy
default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
cache-control
no-cache, no-store, max-age=0, must-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
cf-ray
8cd363073a47b909-AMS
permissions-policy
camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
x-pushplatformapp-params
access-control-allow-origin
*
content-length
0
x-xss-protection
1; mode=block
server
cloudflare

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Scam (Online)

45 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| datehax function| datenhax function| datenhay function| startTimer function| change object| MYCALL string| s1 string| s2 string| esource string| pshpub string| pshdomain object| answers number| lastQnum function| toNext object| states object| dones object| loadImg object| loadBgCol function| drawloader number| qn number| dsq object| modal object| modalContent object| termsText object| btn object| span function| urlBase64ToUint8Array function| pullUrlParams function| push_subscribe function| push_subscribe_promise function| setIfNull function| logPushEvent function| push_unsubscribe function| push_init function| setSessionId function| setUtm function| getSessionId function| getUrlVars function| getDomainName function| getStore function| setAttributes object| ___FONT_AWESOME___ object| FontAwesomeConfig object| FontAwesome

4 Cookies

Domain/Path Name / Value
antrolander.com/ Name: uid7649
Value: 1236734464-20241004031626-4d574f90dff4c3d7c2cab2a007d9cb3f-4636
playedlevel.click/ Name: PHPSESSID
Value: 2ae83c8eee7a9330fa5918a3cd28caf5
candan.friecheyi.lat/ Name: PHPSESSID
Value: 47c4e48f86f51b1e0afca75f312ff0c0
.friecheyi.lat/ Name: cf_clearance
Value: 4QtG.9qwO4.P2cleslrVm9n5eisybJULRqB9pT4O7Dw-1728026188-1.2.1.1-wNCogOUhcv5TkKeWt33Q.4abIirb5vfonWIr6WKhx2r1lETfQXYKPvQVFwyB1lEt_RobcLSQiB2gYDdDGZQw_uRhae34sIA4rGsAcvtRCd9wV.2try7zeAhtHsRDo7EJ0BYv3k2JhA5cB8fuCAWZZKDa6eQmB_dslKRMGBouVK4HSj5OpWGe1lRYtoi.uSDqKoGArHIBEs1k6njnsLKFxS5wrWCuxBP9dtj.FuY2INCQBwHk49.ZXPDMsp9TakJlSbAi_xBqn535SOFfzayDu8ExnKmxeOJARvW8.qhP3PfgCvkw9nD.2AnANDGCv09giKL30G_j.Hqbg4bPwKS0edKLVg_mKcfcYKl_qUk0613vbUj7LLOxu2jwhCXKc5xv

1 Console Messages

Source Level URL
Text
other error URL: https://candan.friecheyi.lat/zifs/lcuk/josn/oayvb?5ad777d770c2a7a1be928d37e224d5b1
Message:
Chrome currently does not support the Push API in incognito mode (https://crbug.com/401439). There is deliberately no way to feature-detect this, since incognito mode needs to be undetectable by websites.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

antrolander.com
candan.friecheyi.lat
event.trk-elevostra.com
ltgmyz.shalomautohits.com
playedlevel.click
trk-elevostra.com
use.fontawesome.com
188.114.96.3
188.114.97.3
193.25.219.34
23.239.30.116
2606:4700:3036::6815:1b98
0023a8f8391b10006ee27598323de8d0e3d019755e8f7a16e88464b1aef00b39
11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d
12b139d7b9469623c8affe4fda4775d736def70b676916a6fbf6b51ae00d80af
19f7dd15af70121da291e6df75452886b47a5d0e074f2ed422be30e8ec5d9671
3233440ed3f4fda193b3e4e7ddee3fd65c6da9cb8b6e2ccba3854a3d6951a7ef
46d905535d1c01dce9ae142489d9b063640d239444eadf5e86ed2911764238c2
4895d0a0340799544cb23d4c6cb6289de3abaca6a41b1d28df80c7dd84c36a04
5fbaeb9f8e25d7e0143bae61d4b1802c16ce7390b96ceb2d498b0d96ff4c853f
6aa03d0b206343c5c678b1cfb10f776563b345c7fc9e21fdfe7de35ac21df173
6caf13740d5c60ca2000ea3d29617163e6c72636984aaa0fa0721c24f758d6a8
7e4de6c3b6ae05268f9978693d92bbe4446b12a5ff6742cac043c1add3f8d76c
812ab0e46f86b2ce98ab2425ab2224b90d0845952a1ac0d5abd734b6217e98bf
880bbc2874c289a5ae1c676116ac56a9bb7cb885467131fe8d2edcb90550f9ac
b3113ea4c069eb2490e183654582950843447528e0a9d0c5299ee5d40ffb32f3
bf97443d681d2bc0ca04b707d0d3d443bcf99b1bf4fc0af84ac51286d0b4e02b
c13143d30386f99ed1f568d31d682054bec5dd0b74be1d5d98ec27eb81cd670c
c6c896e27ff1f1d6cb22ce652dcca916946ce9f003bcb4fe30d1265fcb531a95
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f28a85a0489527b0fdab6e9a3afa29d69436b0bfc39c8e92813e75043e131aaa
f92638fb57584976610b745de705d7c28cbeaebb5d80532c83e005d45633066a