ttraaav.underlevel.world Open in urlscan Pro
2606:4700:3030::ac43:b766 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://intactglas.com/0/2/39525/5b78f5f979d938b783449fcd93892fed/10/38286_20/0.9677627894408942
Effective URL:
https://ttraaav.underlevel.world/qmdhg/yjdu/drgv/ytfe?a5ef34c2a04bb0292ac43056a2eda236
Submission: On August 14 via api (August 14th 2024, 7:41:35 am UTC) from US — Scanned from US

Summary HTTP 17 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 5 domains to perform 17 HTTP transactions. The main IP is 2606:4700:3030::ac43:b766, located in United States and belongs to CLOUDFLARENET, US. The main domain is ttraaav.underlevel.world.
TLS certificate: Issued by WE1 on July 26th 2024. Valid for: 3 months.

This is the only time ttraaav.underlevel.world was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Tracking (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1	31.222.255.22 31.222.255.22	49392 (ASBAXETN) (ASBAXETN)
1 1	2606:4700:303... 2606:4700:3032::6815:2ec4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	2606:4700:303... 2606:4700:3030::ac43:b766	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:303... 2606:4700:3036::6815:1b98	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:303... 2606:4700:3036::ac43:961e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700:303... 2606:4700:3035::6815:6008	13335 (CLOUDFLAR...) (CLOUDFLARENET)
17	5

1 31.222.255.22 (Seychelles)

ASN49392 (ASBAXETN, RU)

intactglas.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3032::6815:2ec4 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

notescrable.cfd	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2606:4700:3030::ac43:b766 (United States)

ASN13335 (CLOUDFLARENET, US)

ttraaav.underlevel.world	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3036::6815:1b98 (United States)

ASN13335 (CLOUDFLARENET, US)

use.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3036::ac43:961e (United States)

ASN13335 (CLOUDFLARENET, US)

trk-elevostra.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:3035::6815:6008 (United States)

ASN13335 (CLOUDFLARENET, US)

event.trk-elevostra.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	underlevel.world ttraaav.underlevel.world	327 KB
4	trk-elevostra.com trk-elevostra.com — Cisco Umbrella Rank: 357103 event.trk-elevostra.com — Cisco Umbrella Rank: 369321	3 KB
1	fontawesome.com use.fontawesome.com — Cisco Umbrella Rank: 1950	426 KB
1	notescrable.cfd 1 redirects notescrable.cfd	664 B
1	intactglas.com intactglas.com	589 B
17	5

	Domain	Requested by
11	ttraaav.underlevel.world	intactglas.com ttraaav.underlevel.world
3	event.trk-elevostra.com	trk-elevostra.com
1	trk-elevostra.com	ttraaav.underlevel.world
1	use.fontawesome.com	ttraaav.underlevel.world
1	notescrable.cfd	1 redirects
1	intactglas.com
17	6

This site contains no links.

Subject Issuer	Validity	Valid
intactglas.com R10	`2024-08-02` - `2024-10-31`	3 months	crt.sh
underlevel.world WE1	`2024-07-26` - `2024-10-24`	3 months	crt.sh
use.fontawesome.com Cloudflare Inc ECC CA-3	`2023-10-12` - `2024-10-10`	a year	crt.sh
trk-elevostra.com WE1	`2024-08-11` - `2024-11-09`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://ttraaav.underlevel.world/qmdhg/yjdu/drgv/ytfe?a5ef34c2a04bb0292ac43056a2eda236
Frame ID: 30586048891793E6F02C989EB88037B4
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

(1) Notification

Page URL History Show full URLs

http://intactglas.com/0/2/39525/5b78f5f979d938b783449fcd93892fed/10/38286_20/0.9677627894408942 HTTP 307
https://intactglas.com/0/2/39525/5b78f5f979d938b783449fcd93892fed/10/38286_20/0.9677627894408942 Page URL
https://notescrable.cfd/index2.php?id=209&s1=351983&s2=1216442478&s3=5992&p=us5upstrack7a HTTP 302
https://ttraaav.underlevel.world/qmdhg/yjdu/drgv/ytfe?a5ef34c2a04bb0292ac43056a2eda236 Page URL

Detected technologies

animate.css (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link [^>]+(?:/([\d.]+)/)?animate\.(?:min\.)?css

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

17
Requests

100 %
HTTPS

83 %
IPv6

5
Domains

6
Subdomains

5
IPs

2
Countries

758 kB
Transfer

1608 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://intactglas.com/0/2/39525/5b78f5f979d938b783449fcd93892fed/10/38286_20/0.9677627894408942 HTTP 307
https://intactglas.com/0/2/39525/5b78f5f979d938b783449fcd93892fed/10/38286_20/0.9677627894408942 Page URL
https://notescrable.cfd/index2.php?id=209&s1=351983&s2=1216442478&s3=5992&p=us5upstrack7a HTTP 302
https://ttraaav.underlevel.world/qmdhg/yjdu/drgv/ytfe?a5ef34c2a04bb0292ac43056a2eda236 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://intactglas.com/0/2/39525/5b78f5f979d938b783449fcd93892fed/10/38286_20/0.9677627894408942 HTTP 307
https://intactglas.com/0/2/39525/5b78f5f979d938b783449fcd93892fed/10/38286_20/0.9677627894408942

17 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

0.9677627894408942
intactglas.com/0/2/39525/5b78f5f979d938b783449fcd93892fed/10/38286_20/
Redirect Chain

http://intactglas.com/0/2/39525/5b78f5f979d938b783449fcd93892fed/10/38286_20/0.9677627894408942
https://intactglas.com/0/2/39525/5b78f5f979d938b783449fcd93892fed/10/38286_20/0.9677627894408942

152 B
589 B

890ms
356ms

Document
text/html

31.222.255.22
ASBAXETN

General

Check archive.org

Show headers Download Go to

Full URL

https://intactglas.com/0/2/39525/5b78f5f979d938b783449fcd93892fed/10/38286_20/0.9677627894408942

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

31.222.255.22 , Seychelles, ASN49392 (ASBAXETN, RU),

Reverse DNS

Software

nginx/1.12.2 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=16000000; includeSubDomains; preload;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Wed, 14 Aug 2024 07:41:30 GMT
server: nginx/1.12.2
strict-transport-security: max-age=16000000; includeSubDomains; preload;
transfer-encoding: chunked
vary: Accept-Encoding

Redirect headers

Location: https://intactglas.com/0/2/39525/5b78f5f979d938b783449fcd93892fed/10/38286_20/0.9677627894408942
Non-Authoritative-Reason: HttpsUpgrades

GET
H3

200

Primary Request ytfe Show response
ttraaav.underlevel.world/qmdhg/yjdu/drgv/
Redirect Chain

https://notescrable.cfd/index2.php?id=209&s1=351983&s2=1216442478&s3=5992&p=us5upstrack7a
https://ttraaav.underlevel.world/qmdhg/yjdu/drgv/ytfe?a5ef34c2a04bb0292ac43056a2eda236

39 KB
8 KB

217ms
139ms

Document
text/html

2606:4700:3030::ac43:b766
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ttraaav.underlevel.world/qmdhg/yjdu/drgv/ytfe?a5ef34c2a04bb0292ac43056a2eda236

Requested by

Host: intactglas.com
URL: https://intactglas.com/0/2/39525/5b78f5f979d938b783449fcd93892fed/10/38286_20/0.9677627894408942

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::ac43:b766 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9e23db824a35b4b9a99a0a323c0171ba6653fa14059350df371b18c804d4786a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://intactglas.com/0/2/39525/5b78f5f979d938b783449fcd93892fed/10/38286_20/0.9677627894408942
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8b2f4d8b5876420a-EWR
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 14 Aug 2024 07:41:30 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GU9bJgNvP%2BerSoByYEp9SVpLLyrwzWFs0LZIkabcmTCib7UjBp6J7p4n89ZM8ZZ1A8BmE6UvqJ6m%2Fn3pIaCv8SJhZjteRaTQ3mFzaed0A5GOsxhn97UqJUZ3BZK9RQ6tfHQsZ3nagL5nyUbanCJSm2ARTSRGf2k%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding,User-Agent
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

Redirect headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache, no-store, must-revalidate, max-age=0
cf-cache-status: DYNAMIC
cf-ray: 8b2f4d89f8761801-EWR
content-type: text/html; charset=UTF-8
date: Wed, 14 Aug 2024 07:41:30 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: https://ttraaav.underlevel.world/qmdhg/yjdu/drgv/ytfe?a5ef34c2a04bb0292ac43056a2eda236
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xS%2BS38pelr6%2BFHPFPath1c%2Bj8%2B8kEHxD8pQ%2BkIsPTsc6hlHZLtRkoGSPx97mEDYUsN4Czmmzbynoe3t8L1Ts%2F5GtmEJ9uEKGOGOGh3zZDYJqf0awa%2FvUUzjJ2dMUJn8aXL9MFpatKeziYEgqHsU%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: User-Agent
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H3 200 style.css
ttraaav.underlevel.world/master/us177/ 15 KB
4 KB 35ms
34ms Stylesheet
text/css 2606:4700:3030::ac43:b766
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ttraaav.underlevel.world/master/us177/style.css

Requested by

Host: ttraaav.underlevel.world
URL: https://ttraaav.underlevel.world/qmdhg/yjdu/drgv/ytfe?a5ef34c2a04bb0292ac43056a2eda236

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::ac43:b766 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

11f105a08e89103402777a983b6d8f88cc66c7706f95a348719d70ffe3adada3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ttraaav.underlevel.world/qmdhg/yjdu/drgv/ytfe?a5ef34c2a04bb0292ac43056a2eda236
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 07:41:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 302974
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Thu, 18 Apr 2024 20:46:54 GMT
server: cloudflare
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NZJ8pVfVqH9rwmN1tjMPYoNS4cj7ZVEdeA6GKySHKJcKTfe6j6waN1i%2BBD8QpxD%2FBG43g3nFI4%2Bv%2Bhr9e6yYGw%2FONgmkafmmJl9dgIXYBn5c3RpIVmeqmRGTH27xyal%2B40RdotuZuGgHisJkRC3kZlWs6d%2F8nUY%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
cf-ray: 8b2f4d8c4915420a-EWR
expires: Sat, 17 Aug 2024 19:31:56 GMT

GET
H3 200 animate.min.css
ttraaav.underlevel.world/master/us177/ 57 KB
5 KB 56ms
55ms Stylesheet
text/css 2606:4700:3030::ac43:b766
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ttraaav.underlevel.world/master/us177/animate.min.css

Requested by

Host: ttraaav.underlevel.world
URL: https://ttraaav.underlevel.world/qmdhg/yjdu/drgv/ytfe?a5ef34c2a04bb0292ac43056a2eda236

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::ac43:b766 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4c055e6d0d9ba2b8f1be4719110e92c1b9499ed0759f0d1c48fccd16a7b31dcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ttraaav.underlevel.world/qmdhg/yjdu/drgv/ytfe?a5ef34c2a04bb0292ac43056a2eda236
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 07:41:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 302974
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Thu, 18 Apr 2024 20:46:53 GMT
server: cloudflare
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n7y62m4lSOmtkpfDYDCfnS9p08hvDTXKx0uD3jeLbthTKQ5uCwIltzNcfn2Djv4I%2BhegBy6usVEnkjB0%2FdeB3JDHOuk1P8Yrp%2F8uiZpoByVYZOlDGdiK9KTVi9f6gmwPbCXQisovmf6w3gyClfyqqCuXkKsVyU4%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
cf-ray: 8b2f4d8c4916420a-EWR
expires: Sat, 17 Aug 2024 19:31:56 GMT

GET
H2 200 all.js Show response
use.fontawesome.com/releases/v5.15.4/js/ 1 MB
426 KB 194ms
48ms Script
application/javascript 2606:4700:3036::6815:1b98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.15.4/js/all.js
Requested by: Host: ttraaav.underlevel.world
URL: https://ttraaav.underlevel.world/qmdhg/yjdu/drgv/ytfe?a5ef34c2a04bb0292ac43056a2eda236
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:1b98 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 812ab0e46f86b2ce98ab2425ab2224b90d0845952a1ac0d5abd734b6217e98bf

Request headers

Referer: https://ttraaav.underlevel.world/
Origin: https://ttraaav.underlevel.world
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 07:41:31 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 22 Sep 2023 01:45:24 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 303065
etag: W/"5e29440867fdb02a48dffded02338c31"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JFlWsL62MvYvL3QXVAC0WiXux84%2BTNodOLNGQX75EV0bcgkYqmhidh7lLadPbX9kSIQCMF%2BAYirFNlxMV1uwf3ibROKWbMt959uFLvwkpknpspLsf0%2F9Vah6HxS4oIj8Pf%2Fg5oL7HV%2Bg8BXyNeLHKHr2"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31556926
cf-ray: 8b2f4d8e0f5342b7-EWR
alt-svc: h3=":443"; ma=86400

GET
H3 200 msg.js Show response
ttraaav.underlevel.world/inc/ 943 B
924 B 136ms
135ms Script
application/javascript 2606:4700:3030::ac43:b766
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ttraaav.underlevel.world/inc/msg.js?41ea38fa1e499f73ba207fd0b686ad65

Requested by

Host: ttraaav.underlevel.world
URL: https://ttraaav.underlevel.world/qmdhg/yjdu/drgv/ytfe?a5ef34c2a04bb0292ac43056a2eda236

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::ac43:b766 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

19f7dd15af70121da291e6df75452886b47a5d0e074f2ed422be30e8ec5d9671

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ttraaav.underlevel.world/qmdhg/yjdu/drgv/ytfe?a5ef34c2a04bb0292ac43056a2eda236
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 07:41:31 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 21 Jun 2024 16:01:34 GMT
server: cloudflare
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LHjwtFp3KMuVTmaHykmRYtyhwxZ2uoF1JjeP0Dq8WMQ8g3qNsev959VXUXpTGLs69mQpURwpnlth6pbB4mKGAVhIVG1QULUjqNH3GkAsEGz4Sui%2BQJ1IpAROAl4vs3IgyF%2Bo5UcNybh6VtEZZsK86fNmEzeioAA%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
cf-ray: 8b2f4d8c4917420a-EWR
expires: Wed, 21 Aug 2024 07:41:31 GMT

GET
H3 200 logopp.png
ttraaav.underlevel.world/master/us177/ 50 KB
50 KB 34ms
34ms Image
image/png 2606:4700:3030::ac43:b766
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ttraaav.underlevel.world/master/us177/logopp.png

Requested by

Host: ttraaav.underlevel.world
URL: https://ttraaav.underlevel.world/qmdhg/yjdu/drgv/ytfe?a5ef34c2a04bb0292ac43056a2eda236

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::ac43:b766 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cc9d1599746ab92c71d07d5078adbdc763295f6d64760d9528b1d28245ca97dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ttraaav.underlevel.world/qmdhg/yjdu/drgv/ytfe?a5ef34c2a04bb0292ac43056a2eda236
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 07:41:30 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 302974
alt-svc: h3=":443"; ma=86400
content-length: 50691
x-xss-protection: 1; mode=block
last-modified: Thu, 18 Apr 2024 20:46:53 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent, Accept-Encoding
content-type: image/png
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BJhPQKXnbFITfvXJ3CGSYG9VCrLh%2BLnTtBgzkqTJREwzO6k07kU3%2Bh4l3ONNTouROphJdzZ7yey3MjQZRGJOMJLjRbM7rPD2QDC3cON4enejzNgHde6kv5zWJTQvbjTQdipgU7pkOHL4amJI2oeX0DgieYZp96E%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 8b2f4d8c4918420a-EWR
expires: Sat, 17 Aug 2024 19:31:56 GMT

GET
H3 200 product.jpg
ttraaav.underlevel.world/master/us177/ 67 KB
67 KB 56ms
55ms Image
image/jpeg 2606:4700:3030::ac43:b766
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ttraaav.underlevel.world/master/us177/product.jpg

Requested by

Host: ttraaav.underlevel.world
URL: https://ttraaav.underlevel.world/qmdhg/yjdu/drgv/ytfe?a5ef34c2a04bb0292ac43056a2eda236

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::ac43:b766 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6b86dbbda25715a3533518c22ab3698a4732674fffbf7bde8f18ab8685f249ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ttraaav.underlevel.world/qmdhg/yjdu/drgv/ytfe?a5ef34c2a04bb0292ac43056a2eda236
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 07:41:30 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 302974
alt-svc: h3=":443"; ma=86400
content-length: 68264
x-xss-protection: 1; mode=block
last-modified: Thu, 18 Apr 2024 20:46:55 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent, Accept-Encoding
content-type: image/jpeg
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kn7YaRI1kVqLrD%2BRO3mQIqiyeQM7BpuP3Vvz%2B1DZvGHOKkLE2x4rq%2FnL6vVKUHF78Tl5D8hF6bp0ExHjP17Tsdp7nG96KzQquGn78b48tDFvWJd6YisSV5il5EBwu7aB%2Bwor%2BUmbVqH3gimIWD%2BiFnlWTmEh50U%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 8b2f4d8c491a420a-EWR
expires: Sat, 17 Aug 2024 19:31:56 GMT

GET
H3 200 logo.png
ttraaav.underlevel.world/master/us177/ 75 KB
75 KB 33ms
33ms Image
image/png 2606:4700:3030::ac43:b766
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ttraaav.underlevel.world/master/us177/logo.png

Requested by

Host: ttraaav.underlevel.world
URL: https://ttraaav.underlevel.world/qmdhg/yjdu/drgv/ytfe?a5ef34c2a04bb0292ac43056a2eda236

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::ac43:b766 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f37a1bc4b16b7c892cd9d8d66360ea31a060c56ed322bc52d5efafd48b52568c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ttraaav.underlevel.world/qmdhg/yjdu/drgv/ytfe?a5ef34c2a04bb0292ac43056a2eda236
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 07:41:31 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 302975
alt-svc: h3=":443"; ma=86400
content-length: 76299
x-xss-protection: 1; mode=block
last-modified: Thu, 18 Apr 2024 20:46:55 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent, Accept-Encoding
content-type: image/png
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iyDNPgK8Q07nvQhEwNtdvy6tLiMIDZK3uFzYPk%2B6dRbDgjuInxoT23qQGSMTnJSKJ%2BI3WVdz%2BHwZGYRs71dYxCNxpEPHMpdBWIHPyPZqGatsTkG2GFXQnz2FaXL%2BTQomyHEo%2BuKfKWykyDm8sQxyr8n%2FL80UYMM%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 8b2f4d8cc97f420a-EWR
expires: Sat, 17 Aug 2024 19:31:56 GMT

GET
H3 200 loading.gif
ttraaav.underlevel.world/master/us177/ 107 KB
107 KB 32ms
32ms Image
image/gif 2606:4700:3030::ac43:b766
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ttraaav.underlevel.world/master/us177/loading.gif

Requested by

Host: ttraaav.underlevel.world
URL: https://ttraaav.underlevel.world/qmdhg/yjdu/drgv/ytfe?a5ef34c2a04bb0292ac43056a2eda236

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::ac43:b766 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a09a57db981b13c71ac6a6f4c966656994cef24c3cebfbd816fe1fa5af8c1065

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ttraaav.underlevel.world/qmdhg/yjdu/drgv/ytfe?a5ef34c2a04bb0292ac43056a2eda236
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 07:41:31 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 302975
alt-svc: h3=":443"; ma=86400
content-length: 109494
x-xss-protection: 1; mode=block
last-modified: Thu, 18 Apr 2024 20:46:54 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent, Accept-Encoding
content-type: image/gif
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YfYkRnXxqCtxWwrnr8w9i2vRnA5BmMLnSxAWcuLMyeKHJvHHUaHt7C9ENZC5ixxU9%2BTIWFM%2B599nm1QdaLhgNaGPy3b03ewyfkSBn7a%2BovaNf96weca4%2FYjZ8OSZipLZXh7glc1cOEn1Phq955rScs7w7Z2uVWg%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 8b2f4d8ce998420a-EWR
expires: Sat, 17 Aug 2024 19:31:56 GMT

GET
H3 200 check.png
ttraaav.underlevel.world/master/us177/ 8 KB
9 KB 37ms
36ms Image
image/png 2606:4700:3030::ac43:b766
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ttraaav.underlevel.world/master/us177/check.png

Requested by

Host: ttraaav.underlevel.world
URL: https://ttraaav.underlevel.world/qmdhg/yjdu/drgv/ytfe?a5ef34c2a04bb0292ac43056a2eda236

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::ac43:b766 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

054a0ebcf5acd05cf68a90276f12dc32fbc1b7a7aa864be4ab2d35cd584f55fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ttraaav.underlevel.world/qmdhg/yjdu/drgv/ytfe?a5ef34c2a04bb0292ac43056a2eda236
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 07:41:31 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 302975
alt-svc: h3=":443"; ma=86400
content-length: 8338
x-xss-protection: 1; mode=block
last-modified: Thu, 18 Apr 2024 20:46:53 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent, Accept-Encoding
content-type: image/png
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=utPlRco1WAP7W0IQqUvx%2BGZ%2FClLozDUVWpzF8el06vDAJgfhFz%2Blo5jDFDnEGYb4%2FctOmn%2BqWv4%2BsPaKEQkIW6LL1JCKMkIZV9eYXhYwXccOkxSwnqDyXVnJccynuO0OvvSR0LkMV3k1pROsCahIXzVnzTCuaBs%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 8b2f4d8d29b0420a-EWR
expires: Sat, 17 Aug 2024 19:31:56 GMT

GET
H3 200 script.js Show response
ttraaav.underlevel.world/master/us177/ 13 KB
2 KB 33ms
33ms Script
application/javascript 2606:4700:3030::ac43:b766
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ttraaav.underlevel.world/master/us177/script.js

Requested by

Host: ttraaav.underlevel.world
URL: https://ttraaav.underlevel.world/qmdhg/yjdu/drgv/ytfe?a5ef34c2a04bb0292ac43056a2eda236

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::ac43:b766 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2d52b22d335024aa0efba1dd0a13ebdac87329bf27b3f0b6d7bba7a2522eed33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ttraaav.underlevel.world/qmdhg/yjdu/drgv/ytfe?a5ef34c2a04bb0292ac43056a2eda236
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 07:41:31 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 302975
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Thu, 18 Apr 2024 20:46:54 GMT
server: cloudflare
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3fB30EmS4TivyrmYwviTfmn43qW2NPfflmQUxkWnvYm3dMAw2yRyxxdt7gPsYu2nA1EUdj%2F6JxfQYd5iIVQedWQryXcwhseglbZD4QoyZi2tc8FZMdJGnIyyjR5X2NXvoKgkCztsxXEuDTGSoLVU%2FkTx9ZGz7xg%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
cf-ray: 8b2f4d8d19a6420a-EWR
expires: Sat, 17 Aug 2024 19:31:56 GMT

GET
H3 200 v9e118mez8 Show response
trk-elevostra.com/scripts/push/ 8 KB
3 KB 117ms
31ms Script
application/javascript 2606:4700:3036::ac43:961e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://trk-elevostra.com/scripts/push/v9e118mez8

Requested by

Host: ttraaav.underlevel.world
URL: https://ttraaav.underlevel.world/inc/msg.js?41ea38fa1e499f73ba207fd0b686ad65

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3036::ac43:961e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0023a8f8391b10006ee27598323de8d0e3d019755e8f7a16e88464b1aef00b39

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ttraaav.underlevel.world/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 07:41:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5222
alt-svc: h3=":443"; ma=86400
content-length: 2519
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 14 Aug 2024 06:14:29 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: application/javascript;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ilb4j5MnL7Xmq26Fc7oUplmrishhPnaBtJM7eqtJwK6GGlM1GOjfz4qWAQ9U9Lpkls4%2Bb%2FW6MhG0cL663k1SjUqHIQpodxZXObkKzgLOrAi4BfXZYwW9iD1bj5gI%2BqoUFUnvLrgv7REWyZA5tj2C0A%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400, must-revalidate
permissions-policy: camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
accept-ranges: bytes
cf-ray: 8b2f4d8da881429a-EWR
expires: 0

GET
H3 200 favicon.ico
ttraaav.underlevel.world/ 0
528 B 36ms
35ms Other
image/x-icon 2606:4700:3030::ac43:b766
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ttraaav.underlevel.world/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3030::ac43:b766 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ttraaav.underlevel.world/qmdhg/yjdu/drgv/ytfe?a5ef34c2a04bb0292ac43056a2eda236
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 14 Aug 2024 07:41:31 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 303062
alt-svc: h3=":443"; ma=86400
content-length: 0
x-xss-protection: 1; mode=block
last-modified: Tue, 11 Jun 2024 20:46:17 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent, Accept-Encoding
content-type: image/x-icon
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n8ogkYdXJw%2Fkva5oY7tXv1AeFD5UkqoSw5NF2%2B5%2BkpvsW80wWRebIBBj10dyecbuZIbngWB73wpZC115L1PX5dyK6X2KpZRfYC5F%2BHbotEHFi%2FvOS2ZVKu4XiTsA%2Bcr8DcolZstmtL0ixJ5r%2FZ%2BDKk4uE7Y21j0%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 8b2f4d8f3abe420a-EWR
expires: Sat, 17 Aug 2024 19:30:29 GMT

OPTIONS
H3 200 v9e118mez8
event.trk-elevostra.com/register/event_log/ 0
0 265ms
70ms Preflight 2606:4700:3035::6815:6008
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://event.trk-elevostra.com/register/event_log/v9e118mez8

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:6008 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://ttraaav.underlevel.world
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-expose-headers: Authorization, Link, X-Total-Count, X-pushPlatformApp-alert, X-pushPlatformApp-error, X-pushPlatformApp-params
access-control-max-age: 1800
alt-svc: h3=":443"; ma=86400
cache-control: no-cache, no-store, max-age=0, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8b2f4d908a3e447a-EWR
content-length: 0
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
date: Wed, 14 Aug 2024 07:41:31 GMT
expires: 0
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
permissions-policy: camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zE5e8OApyEugcYcWPNDEPA4j3S7NFK1vNruA6LewZgpaL0ZWL6blPu2Yn%2FE5z6XiglCYK323T4FBvcQtEwvNevlw2ZbsAiIREMTWYmmRmFtus6OiLj%2FlXm3lpPO6LmMHG%2F3bV%2FqpQLZl0MP2Jv0QqYpykU9H%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

POST
H3 200 v9e118mez8
event.trk-elevostra.com/register/event_log/ 0
0 45ms
43ms Fetch 2606:4700:3035::6815:6008
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://event.trk-elevostra.com/register/event_log/v9e118mez8

Requested by

Host: trk-elevostra.com
URL: https://trk-elevostra.com/scripts/push/v9e118mez8

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:6008 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ttraaav.underlevel.world/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-type: application/json

Response headers

x-pushplatformapp-params
date: Wed, 14 Aug 2024 07:41:31 GMT
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-pushplatformapp-alert: pushPlatformApp.pushSubscription.deleted
alt-svc: h3=":443"; ma=86400
content-length: 0
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: SAMEORIGIN
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YgSPNRekHatloJvncO0libptBK9yaCxRux6Fe%2BNXcMNKSITx9KjO42tyNUSaXh%2Bj10mMXAwyndl5QXFF%2Bw%2BQa9CNnwLA3nooExhlI7bmINhzT4g8pYIIA7hTDunJjPDh817mXA7I2n2EJUGpBxwIRWwsrB%2Bzgg%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
access-control-expose-headers: Authorization, Link, X-Total-Count, X-pushPlatformApp-alert, X-pushPlatformApp-error, X-pushPlatformApp-params
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
cf-ray: 8b2f4d90ea72447a-EWR
expires: 0

POST
H3 200 v9e118mez8
event.trk-elevostra.com/register/event_log/ 0
0 67ms
67ms Fetch 2606:4700:3035::6815:6008
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://event.trk-elevostra.com/register/event_log/v9e118mez8

Requested by

Host: trk-elevostra.com
URL: https://trk-elevostra.com/scripts/push/v9e118mez8

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:6008 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ttraaav.underlevel.world/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-type: application/json

Response headers

x-pushplatformapp-params
date: Wed, 14 Aug 2024 07:41:33 GMT
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-pushplatformapp-alert: pushPlatformApp.pushSubscription.deleted
alt-svc: h3=":443"; ma=86400
content-length: 0
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: SAMEORIGIN
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TRjO5ygma1Ha3uEKnShcsLSQK1TF3YSCiiBUao1HAF5ijYR7mf2NyLAWOi75KV9%2F%2B0h6GLg1uvyCef4IsJa86r8bpUQ4qRrb1wWuVB8IQlLWU93%2FfFR7SCrrQPfX2yeOo63AmgvishzKerOVRjGddJIhzAMgKQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
access-control-expose-headers: Authorization, Link, X-Total-Count, X-pushPlatformApp-alert, X-pushPlatformApp-error, X-pushPlatformApp-params
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
cf-ray: 8b2f4d99cec8447a-EWR
expires: 0

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Tracking (Transportation)

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
intactglas.com/	1970-01-20 23:30:13	Name: uid5992 Value: 1216442478-20240814034130-51cd74691425c8c2de45052cead6d772-3905
notescrable.cfd/	1969-12-31 23:59:59	Name: PHPSESSID Value: a3a3df05e227e7bbd8d2659a90eac8cc
ttraaav.underlevel.world/	1969-12-31 23:59:59	Name: PHPSESSID Value: 702a21f10832d9b26db97e6e89717f93

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	error	URL: https://ttraaav.underlevel.world/qmdhg/yjdu/drgv/ytfe?a5ef34c2a04bb0292ac43056a2eda236 Message: Chrome currently does not support the Push API in incognito mode (https://crbug.com/401439). There is deliberately no way to feature-detect this, since incognito mode needs to be undetectable by websites.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=16000000; includeSubDomains; preload;

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

event.trk-elevostra.com
intactglas.com
notescrable.cfd
trk-elevostra.com
ttraaav.underlevel.world
use.fontawesome.com
2606:4700:3030::ac43:b766
2606:4700:3032::6815:2ec4
2606:4700:3035::6815:6008
2606:4700:3036::6815:1b98
2606:4700:3036::ac43:961e
31.222.255.22
0023a8f8391b10006ee27598323de8d0e3d019755e8f7a16e88464b1aef00b39
054a0ebcf5acd05cf68a90276f12dc32fbc1b7a7aa864be4ab2d35cd584f55fd
11f105a08e89103402777a983b6d8f88cc66c7706f95a348719d70ffe3adada3
19f7dd15af70121da291e6df75452886b47a5d0e074f2ed422be30e8ec5d9671
2d52b22d335024aa0efba1dd0a13ebdac87329bf27b3f0b6d7bba7a2522eed33
4c055e6d0d9ba2b8f1be4719110e92c1b9499ed0759f0d1c48fccd16a7b31dcf
6b86dbbda25715a3533518c22ab3698a4732674fffbf7bde8f18ab8685f249ce
812ab0e46f86b2ce98ab2425ab2224b90d0845952a1ac0d5abd734b6217e98bf
9e23db824a35b4b9a99a0a323c0171ba6653fa14059350df371b18c804d4786a
a09a57db981b13c71ac6a6f4c966656994cef24c3cebfbd816fe1fa5af8c1065
cc9d1599746ab92c71d07d5078adbdc763295f6d64760d9528b1d28245ca97dd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f37a1bc4b16b7c892cd9d8d66360ea31a060c56ed322bc52d5efafd48b52568c

ttraaav.underlevel.world Open in urlscan Pro 2606:4700:3030::ac43:b766 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

100 %HTTPS

83 %IPv6

5 Domains

6 Subdomains

5 IPs

2 Countries

758 kBTransfer

1608 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

26 JavaScript Global Variables

3 Cookies

1 Console Messages

Security Headers

Indicators

ttraaav.underlevel.world Open in urlscan Pro
2606:4700:3030::ac43:b766 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

100 %
HTTPS

83 %
IPv6

5
Domains

6
Subdomains

5
IPs

2
Countries

758 kB
Transfer

1608 kB
Size

3
Cookies

17 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!