urlscan.io logo urlscan.io
SecurityTrails logo

promo.level.travel Open in urlscan Pro
185.165.123.206  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://m.citibank.level.travel/
Effective URL: https://promo.level.travel/wlalert
Submission: On April 04 via api from JP
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 3 domains to perform 18 HTTP transactions. The main IP is 185.165.123.206, located in Russian Federation and belongs to VARITI-AS, RU. The main domain is promo.level.travel.
TLS certificate: Issued by R3 on March 23rd 2021. Valid for: 3 months.
This is the only time promo.level.travel was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2 45.154.74.43 42072 (POZITIS-R...)
1 185.165.123.206 64432 (VARITI-AS)
2 178.248.236.28 197068 (QRATOR)
1 2a00:1450:400... 15169 (GOOGLE)
18 4
Domain Requested by
2 ws.tildacdn.com promo.level.travel
2 m.citibank.level.travel 2 redirects
1 fonts.googleapis.com ws.tildacdn.com
1 promo.level.travel
0 static.tildacdn.com Failed promo.level.travel
18 5

This site contains no links.

Subject Issuer Validity Valid
promo.level.travel
R3		 2021-03-23 -
2021-06-21		 3 months crt.sh
*.tildacdn.com
Sectigo RSA Domain Validation Secure Server CA		 2021-02-19 -
2022-03-19		 a year crt.sh
upload.video.google.com
GTS CA 1O1		 2021-03-16 -
2021-06-08		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://promo.level.travel/wlalert
Frame ID: F8B6D9E9517467B89ECC503F02A03F9F
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://m.citibank.level.travel/ HTTP 301
    https://m.citibank.level.travel/ HTTP 302
    https://promo.level.travel/wlalert Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

18
Requests

22 %
HTTPS

25 %
IPv6

3
Domains

5
Subdomains

4
IPs

3
Countries

90 kB
Transfer

561 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://m.citibank.level.travel/ HTTP 301
    https://m.citibank.level.travel/ HTTP 302
    https://promo.level.travel/wlalert Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set wlalert
promo.level.travel/
Redirect Chain
  • http://m.citibank.level.travel/
  • https://m.citibank.level.travel/
  • https://promo.level.travel/wlalert
91 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://promo.level.travel/wlalert
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.165.123.206 , Russian Federation, ASN64432 (VARITI-AS, RU),
Reverse DNS
Software
nginx /
Resource Hash
702ae144ae7385791ff5e3f815616360464b2587e1eac2af1edfe7c92c713df4
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Host
promo.level.travel
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
uuid=d0dfdbc9-de3e-4417-a4b1-0ff0f856131a
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server
nginx
Date
Sun, 04 Apr 2021 16:44:59 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Keep-Alive
timeout=15
Last-Modified
Fri, 05 Mar 2021 12:23:13 GMT
ETag
W/"16d70-5bcc925e01ffc"
X-Frame-Options
SAMEORIGIN
X-Host
promo.level.travel
cache-control
max-age=0 public
Content-Encoding
gzip
X-VARITI-CCR
942218735:4
Set-Cookie
rerf=AAAAAGBp7QsT9gvxAxsNAg==; expires=Tue, 04-May-21 16:44:59 GMT; path=/ ipp_uid=1617554698974/TQRppuqroiwvSH1w/NiFayBcVop0RX0el96/urg==; expires=Tue, 31 Dec 2030 23:59:59 GMT; path=/ ipp_uid1=1617554698974; expires=Tue, 31 Dec 2030 23:59:59 GMT; path=/ ipp_uid2=TQRppuqroiwvSH1w/NiFayBcVop0RX0el96/urg==; expires=Tue, 31 Dec 2030 23:59:59 GMT; path=/
P3P
policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID"

Redirect headers

server
nginx/1.18.0
date
Sun, 04 Apr 2021 16:44:58 GMT
content-type
text/html; charset=utf-8
location
https://promo.level.travel/wlalert
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
x-content-type-options
nosniff
x-download-options
noopen
x-permitted-cross-domain-policies
none
referrer-policy
strict-origin-when-cross-origin
cache-control
no-cache
x-request-id
e374aa2c-8b20-45dc-a5e8-9f4c05d25bc5
x-runtime
0.069840
tilda-grid-3.0.min.css
static.tildacdn.com/css/ 		0
0
tilda-blocks-2.12.css
ws.tildacdn.com/project1296230/ 		285 KB
43 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ws.tildacdn.com/project1296230/tilda-blocks-2.12.css?t=1611053256
Requested by
Host: promo.level.travel
URL: https://promo.level.travel/wlalert
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
178.248.236.28 , Russian Federation, ASN197068 (QRATOR, RU),
Reverse DNS
Software
QRATOR /
Resource Hash
3383da0f1f56cef32d0f184f3ca4683b2dd071b6c2a3f1669181506fcf2ac6d3

Request headers

Referer
https://promo.level.travel/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sun, 04 Apr 2021 16:44:59 GMT
Content-Encoding
gzip
Last-Modified
Thu, 25 Mar 2021 09:18:27 GMT
Server
QRATOR
Transfer-Encoding
chunked
Content-Type
text/css
cache-control
max-age=0, public
X-Host
ws.tildacdn.com
Connection
keep-alive
Keep-Alive
timeout=15
tilda-animation-1.0.min.css
static.tildacdn.com/css/ 		0
0
tilda-menusub-1.0.min.css
static.tildacdn.com/css/ 		0
0
tilda-slds-1.4.min.css
static.tildacdn.com/css/ 		0
0
tilda-zoom-2.0.min.css
static.tildacdn.com/css/ 		0
0
jquery-1.10.2.min.js
static.tildacdn.com/js/ 		0
0
tilda-scripts-2.8.min.js
static.tildacdn.com/js/ 		0
0
tilda-blocks-2.7.js
ws.tildacdn.com/project1296230/ 		177 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ws.tildacdn.com/project1296230/tilda-blocks-2.7.js?t=1611053256
Requested by
Host: promo.level.travel
URL: https://promo.level.travel/wlalert
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
178.248.236.28 , Russian Federation, ASN197068 (QRATOR, RU),
Reverse DNS
Software
QRATOR /
Resource Hash
5b77939d5133307c7288c09f91d2c1cc758a744d38781a4c365f90483dc6af32

Request headers

Referer
https://promo.level.travel/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Sun, 04 Apr 2021 16:44:59 GMT
Content-Encoding
gzip
Last-Modified
Fri, 02 Apr 2021 13:12:27 GMT
Server
QRATOR
Transfer-Encoding
chunked
Content-Type
application/x-javascript
cache-control
max-age=0, public
X-Host
ws.tildacdn.com
Connection
keep-alive
Keep-Alive
timeout=15
lazyload-1.3.min.js
static.tildacdn.com/js/ 		0
0
tilda-animation-1.0.min.js
static.tildacdn.com/js/ 		0
0
tilda-menusub-1.0.min.js
static.tildacdn.com/js/ 		0
0
tilda-slds-1.4.min.js
static.tildacdn.com/js/ 		0
0
hammer.min.js
static.tildacdn.com/js/ 		0
0
tilda-zoom-2.0.min.js
static.tildacdn.com/js/ 		0
0
Frame.png
static.tildacdn.com/tild3336-6134-4431-b133-653065306638/ 		0
0
css
fonts.googleapis.com/ 		8 KB
808 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:300,400,500,600,700&subset=latin,cyrillic
Requested by
Host: ws.tildacdn.com
URL: https://ws.tildacdn.com/project1296230/tilda-blocks-2.12.css?t=1611053256
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
ae31abd20931ac70ca57381ebeed30009c8343f1fb257f0d90e64b6b137262ea
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://ws.tildacdn.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sun, 04 Apr 2021 15:11:06 GMT
server
ESF
date
Sun, 04 Apr 2021 16:44:59 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 04 Apr 2021 16:44:59 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
static.tildacdn.com
URL
https://static.tildacdn.com/css/tilda-grid-3.0.min.css
Domain
static.tildacdn.com
URL
https://static.tildacdn.com/css/tilda-animation-1.0.min.css
Domain
static.tildacdn.com
URL
https://static.tildacdn.com/css/tilda-menusub-1.0.min.css
Domain
static.tildacdn.com
URL
https://static.tildacdn.com/css/tilda-slds-1.4.min.css
Domain
static.tildacdn.com
URL
https://static.tildacdn.com/css/tilda-zoom-2.0.min.css
Domain
static.tildacdn.com
URL
https://static.tildacdn.com/js/jquery-1.10.2.min.js
Domain
static.tildacdn.com
URL
https://static.tildacdn.com/js/tilda-scripts-2.8.min.js
Domain
static.tildacdn.com
URL
https://static.tildacdn.com/js/lazyload-1.3.min.js
Domain
static.tildacdn.com
URL
https://static.tildacdn.com/js/tilda-animation-1.0.min.js
Domain
static.tildacdn.com
URL
https://static.tildacdn.com/js/tilda-menusub-1.0.min.js
Domain
static.tildacdn.com
URL
https://static.tildacdn.com/js/tilda-slds-1.4.min.js
Domain
static.tildacdn.com
URL
https://static.tildacdn.com/js/hammer.min.js
Domain
static.tildacdn.com
URL
https://static.tildacdn.com/js/tilda-zoom-2.0.min.js
Domain
static.tildacdn.com
URL
https://static.tildacdn.com/tild3336-6134-4431-b133-653065306638/Frame.png

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options SAMEORIGIN