www.whatsbelowme.com Open in urlscan Pro
172.67.210.64 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://whatsbelowme.com/
Effective URL:
https://www.whatsbelowme.com/
Submission: On June 03 via api (June 3rd 2024, 5:01:20 am UTC) from US — Scanned from DE

Summary HTTP 22 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 10 IPs in 3 countries across 7 domains to perform 22 HTTP transactions. The main IP is 172.67.210.64, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.whatsbelowme.com.
TLS certificate: Issued by GTS CA 1P5 on May 30th 2024. Valid for: 3 months.

This is the only time www.whatsbelowme.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 4	172.67.210.64 172.67.210.64	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a04:4e42::729 2a04:4e42::729	54113 (FASTLY) (FASTLY)
6	2606:4700::68... 2606:4700::6812:bb1f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:26d... 2600:9000:26da:4e00:1d:3be7:ae40:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:235... 2600:9000:235a:8400:14:222b:cd00:93a1	16509 (AMAZON-02) (AMAZON-02)
4	18.158.96.115 18.158.96.115	16509 (AMAZON-02) (AMAZON-02)
1	2602:816:5001... 2602:816:5001::39	54113 (FASTLY) (FASTLY)
3	185.221.87.23 185.221.87.23	54113 (FASTLY) (FASTLY)
1	2606:4700:10:... 2606:4700:10::6816:3bb5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
22	10

4 172.67.210.64 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

whatsbelowme.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.whatsbelowme.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42::729 (United States)

ASN54113 (FASTLY, US)

js.sentry-cdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6812:bb1f (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:26da:4e00:1d:3be7:ae40:93a1 (United States)

ASN16509 (AMAZON-02, US)

eu.posthog.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:235a:8400:14:222b:cd00:93a1 (United States)

ASN16509 (AMAZON-02, US)

dcqucr3r6j7lg.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.158.96.115 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-158-96-115.eu-central-1.compute.amazonaws.com

eu.i.posthog.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2602:816:5001::39 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.221.87.23 (Ireland)

ASN54113 (FASTLY, US)

bam.eu01.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:3bb5 (United States)

ASN13335 (CLOUDFLARENET, US)

eu-assets.i.posthog.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	posthog.com eu.posthog.com — Cisco Umbrella Rank: 41240 eu.i.posthog.com — Cisco Umbrella Rank: 43958 eu-assets.i.posthog.com — Cisco Umbrella Rank: 141093	77 KB
6	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 310	153 KB
4	whatsbelowme.com 1 redirects whatsbelowme.com www.whatsbelowme.com	617 KB
3	nr-data.net bam.eu01.nr-data.net — Cisco Umbrella Rank: 10131	1 KB
1	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 636	34 KB
1	cloudfront.net dcqucr3r6j7lg.cloudfront.net	5 MB
1	sentry-cdn.com js.sentry-cdn.com — Cisco Umbrella Rank: 6483	2 KB
22	7

	Domain	Requested by
6	cdn.jsdelivr.net	www.whatsbelowme.com
4	eu.i.posthog.com	www.whatsbelowme.com
3	bam.eu01.nr-data.net	www.whatsbelowme.com
3	www.whatsbelowme.com	www.whatsbelowme.com
1	eu-assets.i.posthog.com	www.whatsbelowme.com
1	js-agent.newrelic.com	www.whatsbelowme.com
1	dcqucr3r6j7lg.cloudfront.net	www.whatsbelowme.com
1	eu.posthog.com	www.whatsbelowme.com
1	js.sentry-cdn.com	www.whatsbelowme.com
1	whatsbelowme.com	1 redirects
22	10

This site contains links to these domains. Also see Links.

Domain
see.whatsbelowme.com

Subject Issuer	Validity	Valid
whatsbelowme.com GTS CA 1P5	`2024-05-30` - `2024-08-28`	3 months	crt.sh
*.sentry-cdn.com GlobalSign Atlas R3 DV TLS CA 2023 Q3	`2023-08-01` - `2024-09-01`	a year	crt.sh
*.jsdelivr.net Sectigo RSA Domain Validation Secure Server CA	`2024-05-04` - `2025-05-04`	a year	crt.sh
eu.posthog.com Amazon RSA 2048 M03	`2023-08-09` - `2024-09-07`	a year	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2023-10-10` - `2024-09-19`	a year	crt.sh
*.i.posthog.com Amazon RSA 2048 M02	`2024-01-15` - `2025-02-12`	a year	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA 2024 Q1	`2024-03-21` - `2025-04-22`	a year	crt.sh
*.eu01.nr-data.net DigiCert TLS RSA SHA256 2020 CA1	`2023-11-03` - `2024-10-01`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.whatsbelowme.com/
Frame ID: 370CAA084A3E91B195CD78EA7811FCC9
Requests: 22 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Ever wonder whats below you when looking out the window seat of a plane?

Page URL History Show full URLs

https://whatsbelowme.com/ HTTP 301
https://www.whatsbelowme.com/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery-ui.*\.js

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

22
Requests

95 %
HTTPS

67 %
IPv6

7
Domains

10
Subdomains

10
IPs

3
Countries

6011 kB
Transfer

6743 kB
Size

1
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://see.whatsbelowme.com/
Title: View App

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://whatsbelowme.com/ HTTP 301
https://www.whatsbelowme.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

22 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3

200

Primary Request / Show response
www.whatsbelowme.com/
Redirect Chain

https://whatsbelowme.com/
https://www.whatsbelowme.com/

73 KB
25 KB

1204ms
1016ms

Document
text/html

172.67.210.64
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.whatsbelowme.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.210.64 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / cloud66

Resource Hash

ab34b0be2689f93a4c98d0ba2c6705914b5fb1160fa1a1933848b8563132ac4f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: max-age=0, private, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 88dd1fba2ae11b9f-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Mon, 03 Jun 2024 05:01:13 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dDvYEuKd6n88zX6h2EmDSelzP5PPWmnsvnoWj3zBwsRg0SIlaU%2BPTwxgbFKPxorqELkMxpIrn%2FvHj6CZwHGmqbTeU7czMe7N4L%2F8R7rg19hjkmRAgX1GDUxoBhwSQFg5pYIU1B8iDw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=63072000; includeSubDomains
vary: Accept-Encoding, Origin
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-powered-by: cloud66
x-request-id: 1d064e21-610c-49bd-b94a-f9f9f144ef21
x-runtime: 0.864905
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=86400
cache-control: max-age=3600
cf-ray: 88dd1fb8d9e51b9f-FRA
content-length: 167
content-type: text/html
date: Mon, 03 Jun 2024 05:01:12 GMT
expires: Mon, 03 Jun 2024 06:01:12 GMT
location: https://www.whatsbelowme.com/
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V9k85TkP%2B8Na0082LmerSMQLpkACbjrj55%2B74oFY%2BdK9iZ1Fk1%2FUqHLzNQHirjS%2FyrY2TboukwCExThnxjyZHzztJP24bw0OQ%2FsDxqhUHR4H9BgR29MSRIYYlQ2Sb8Gh17r1"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H2 200 d44641415aafcff87c4c5f563645e723.min.js Show response
js.sentry-cdn.com/ 3 KB
2 KB 86ms
34ms Script
text/javascript 2a04:4e42::729
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.sentry-cdn.com/d44641415aafcff87c4c5f563645e723.min.js

Requested by

Host: www.whatsbelowme.com
URL: https://www.whatsbelowme.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42::729 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

fb1e01700bb40efa2faf8fc14c121e985d1e165a09ee3481be35f9a25eb22a59

Security Headers

Name	Value
Content-Security-Policy	object-src 'none'; base-uri 'none'; img-src * blob: data:; frame-src app.pendo.io demo.arcade.software js.stripe.com sentry.io; font-src * data:; style-src * 'unsafe-inline'; worker-src blob:; script-src 'self' 'unsafe-inline' 'report-sample' s1.sentry-cdn.com js.sentry-cdn.com browser.sentry-cdn.com statuspage-production.s3.amazonaws.com static.zdassets.com aui-cdn.atlassian.com connect-cdn.atl-paas.net js.stripe.com 'strict-dynamic' cdn.pendo.io data.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5634074999128064.storage.googleapis.com; frame-ancestors 'self' .sentry.io; default-src 'none'; connect-src 'self' .algolia.net .algolianet.com .algolia.io sentry.io .sentry.io s1.sentry-cdn.com o1.ingest.sentry.io api2.amplitude.com app.pendo.io data.pendo.io reload.getsentry.net t687h3m0nh65.statuspage.io sentry.zendesk.com ekr.zdassets.com maps.googleapis.com; media-src ; report-uri https://o1.ingest.sentry.io/api/54785/security/?sentry_key=f724a8a027db45f5b21507e7142ff78e&sentry_release=ac7d88ed13d8f5d720e864db8f7f7a73ee46500f
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.whatsbelowme.com/
Origin: https://www.whatsbelowme.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: object-src 'none'; base-uri 'none'; img-src * blob: data:; frame-src app.pendo.io demo.arcade.software js.stripe.com sentry.io; font-src * data:; style-src * 'unsafe-inline'; worker-src blob:; script-src 'self' 'unsafe-inline' 'report-sample' s1.sentry-cdn.com js.sentry-cdn.com browser.sentry-cdn.com statuspage-production.s3.amazonaws.com static.zdassets.com aui-cdn.atlassian.com connect-cdn.atl-paas.net js.stripe.com 'strict-dynamic' cdn.pendo.io data.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5634074999128064.storage.googleapis.com; frame-ancestors 'self' *.sentry.io; default-src 'none'; connect-src 'self' *.algolia.net *.algolianet.com *.algolia.io sentry.io *.sentry.io s1.sentry-cdn.com o1.ingest.sentry.io api2.amplitude.com app.pendo.io data.pendo.io reload.getsentry.net t687h3m0nh65.statuspage.io sentry.zendesk.com ekr.zdassets.com maps.googleapis.com; media-src *; report-uri https://o1.ingest.sentry.io/api/54785/security/?sentry_key=f724a8a027db45f5b21507e7142ff78e&sentry_release=ac7d88ed13d8f5d720e864db8f7f7a73ee46500f
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 03 Jun 2024 05:01:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains
age: 33787
x-envoy-upstream-service-time: 54
content-length: 1276
x-xss-protection: 1; mode=block
x-served-by: getsentry-web-default-profiling-production-848cbd4cd-8fb2w, cache-chi-kigq8000168-CHI, cache-fra-etou8220148-FRA
x-frame-options: deny
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
content-language: en
cache-control: public, max-age=3600, s-maxage=60, stale-while-revalidate=315360000, stale-if-error=315360000
x-envoy-attempt-count: 1
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/ 190 KB
27 KB 90ms
36ms Stylesheet
text/css 2606:4700::6812:bb1f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/bootstrap.min.css

Requested by

Host: www.whatsbelowme.com
URL: https://www.whatsbelowme.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bb1f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c0bcf7898fdc3b87babca678cd19a8e3ef570e931c80a3afbffcc453738c951a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.whatsbelowme.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 05:01:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 7046896
x-jsd-version: 5.2.3
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27506
x-served-by: cache-fra-eddf8230122-FRA, cache-lga21962-LGA
x-jsd-version-type: version
server: cloudflare
etag: W/"2f955-d5HdHzFzoNYsw5wh0q1x/I2tDnI"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RhmmOHdVbTDsgtq9VZNfos%2BRhtK9WM7PDuelBUfok1NLqa3ZJljY02mC7yArYY%2FBe%2F3YQlgAPS3yGDVyLm3kdRpCWC5rqJggshGIvoTjXY8eq4y%2BZLl0kMKAE31zw7z2MDadVVmDYftAHJahGlQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 88dd1fc25b329152-FRA

GET
H2 200 theme.min.css
cdn.jsdelivr.net/npm/jquery-ui@1.13.2/themes/base/ 14 KB
3 KB 87ms
33ms Stylesheet
text/css 2606:4700::6812:bb1f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/jquery-ui@1.13.2/themes/base/theme.min.css

Requested by

Host: www.whatsbelowme.com
URL: https://www.whatsbelowme.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bb1f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccfe03188f277c70e0a527b95757d65f3174c9ec11bcbc2a8e9e47592eb037e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.whatsbelowme.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 05:01:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 2389347
x-jsd-version: 1.13.2
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 2779
x-served-by: cache-fra-etou8220146-FRA, cache-lga21976-LGA
x-jsd-version-type: version
server: cloudflare
etag: W/"3837-NSuksrjC9MDw45hKMr6bk1Fk27A"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OI6%2BvOmeD6QYs7RQsApHc4FfEzI6GrsNdpvody6HrOCZXOMKxi9K9aCw6LapaFdA9Hi7%2FmLjcZtCQbeLCTqnqznwhz22fSYVfNaBgBX4%2FzqAf7wfjiL2ZK2WsnmTV9g02Y4vv5Zf7ON2qMAMjH4%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 88dd1fc25b319152-FRA

GET
H2 200 jquery.min.js Show response
cdn.jsdelivr.net/npm/jquery@3.7.1/dist/ 85 KB
30 KB 140ms
86ms Script
application/javascript 2606:4700::6812:bb1f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/jquery@3.7.1/dist/jquery.min.js

Requested by

Host: www.whatsbelowme.com
URL: https://www.whatsbelowme.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bb1f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.whatsbelowme.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 05:01:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 7033194
x-jsd-version: 3.7.1
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 30405
x-served-by: cache-fra-eddf8230077-FRA, cache-lga21966-LGA
x-jsd-version-type: version
server: cloudflare
etag: W/"155ed-7khZLR//lS/PBs4LZm7UeFSTr9w"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AaLFp770fp8jCTGhZEe0VPGQ2Nsr%2B7RHm%2FctTYVi41w1p7Jk3D2TzCF3Daj%2B%2Bn0AOS%2FIi76HEmnDI6F4r66PAEtMasVMDzhwgxa%2BYHzXaK3BBI8YsfPC%2FQ8LXcmgO444p773iGKWT0AmQn95rDk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 88dd1fc25b339152-FRA

GET
H2 200 rails-ujs.min.js Show response
cdn.jsdelivr.net/npm/rails-ujs@5.2.8-1/lib/assets/compiled/ 14 KB
5 KB 89ms
35ms Script
application/javascript 2606:4700::6812:bb1f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/rails-ujs@5.2.8-1/lib/assets/compiled/rails-ujs.min.js

Requested by

Host: www.whatsbelowme.com
URL: https://www.whatsbelowme.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bb1f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

45928d474a7fea58c0272120b0ee8c976e8fcf4bc4a5932df08a7ed491bc7d9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.whatsbelowme.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 05:01:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 515843
x-jsd-version: 5.2.8-1
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 4520
x-served-by: cache-fra-eddf8230137-FRA, cache-lga21950-LGA
x-jsd-version-type: version
server: cloudflare
etag: W/"3613-x5EdjpmP6PfZ1I9tDlecjkt1YOg"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9TV2Un18p%2FK19%2FqkRbjb39JkkuxgdSXn%2B03SpnyPDIv5U7g3oMoVdy1bmOfmQ%2BowVuo6uGonreyyWnYIYog%2FP05%2FD%2BlvPiK6lspvAcRuaS%2BbgXVNHsxGWtCrDFixXYNvXsXdzOx0j7Ri6ZLFgGE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 88dd1fc25b359152-FRA

GET
H2 200 bootstrap.min.js Show response
cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/js/ 59 KB
17 KB 91ms
37ms Script
application/javascript 2606:4700::6812:bb1f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/js/bootstrap.min.js

Requested by

Host: www.whatsbelowme.com
URL: https://www.whatsbelowme.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bb1f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9bcd4d0f29dc6556ebeeff44eaa0965f0c7f7308ee58394708cce2f698cca1b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.whatsbelowme.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 05:01:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 2564241
x-jsd-version: 5.2.3
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 17319
x-served-by: cache-fra-eddf8230041-FRA, cache-lga21928-LGA
x-jsd-version-type: version
server: cloudflare
etag: W/"ebf4-hH3/iZtbz47kNOOJ4qkQuh26128"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lLK9iltdYDAHJCl1i90PRgZpmUdHKp9IhE5yM5DmNj9CQ5kaHzLjO7IpUBSRVs3F2J6D5Y8U1nRAhFuoeLQuSgcD%2FNvK1hhLP0NYmyGdiBl%2FPkgEem1m3QI5iLtu53HAAkfaRNnbUesrTBP1IHI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 88dd1fc25b379152-FRA

GET
H2 200 jquery-ui.min.js Show response
cdn.jsdelivr.net/npm/jquery-ui@1.13.2/dist/ 249 KB
70 KB 92ms
39ms Script
application/javascript 2606:4700::6812:bb1f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/jquery-ui@1.13.2/dist/jquery-ui.min.js

Requested by

Host: www.whatsbelowme.com
URL: https://www.whatsbelowme.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bb1f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9528ca634fecad433d044ddd3e6f9ce1f068d5d932dafdbb19d8e6daea1968bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.whatsbelowme.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 05:01:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 2553787
x-jsd-version: 1.13.2
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 71258
x-served-by: cache-fra-etou8220092-FRA, cache-lga21978-LGA
x-jsd-version-type: version
server: cloudflare
etag: W/"3e46c-XymjJMiv+x/bJq1FZLHgRDcr7tI"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DsKR6i5zwpRA%2FltiTjxeqUoPqMTGpW1rF4iXkPrHzklmfN8keKZ5IP0UVuZMj2lzWkttUt8j%2BHk2QPwKft9uv5EIrp5VDF0kCZJmSC9ArmDkKNEcixjbJJ4fDnhWNO1fXomWy9FsaNhtakRB7Js%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 88dd1fc25b369152-FRA

GET
H3 200 look.webp
www.whatsbelowme.com/ 590 KB
591 KB 167ms
166ms Image
image/webp 172.67.210.64
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.whatsbelowme.com/look.webp
Requested by: Host: www.whatsbelowme.com
URL: https://www.whatsbelowme.com/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.210.64 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / cloud66
Resource Hash: 9f383b99b0dac789cdeeccadedd6b2d1c8746e9c994e2d96ce122e79875f619c

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.whatsbelowme.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 05:01:14 GMT
cf-cache-status: MISS
last-modified: Thu, 30 May 2024 23:36:17 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "66590d71-939c6"
x-powered-by: cloud66
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8GLv%2BPZYZHnJZe7Fmbi1soWvjhNr8iX1Y0BvAXoI2UDJIr8n8LdFJ332tFdMNptLXBxAAVVdWD1%2BWF2Emxej%2Fpmo5U6y6XBItheSMwbJY87hvILc0yuBn902ufEYgJwGUk%2BRgRJ7RQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 88dd1fc209261b9f-FRA
alt-svc: h3=":443"; ma=86400
content-length: 604614

GET
H2 200 array.js Show response
eu.posthog.com/static/ 128 KB
38 KB 113ms
31ms Script
text/javascript 2600:9000:26da:4e00:1d:3be7:ae40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eu.posthog.com/static/array.js
Requested by: Host: www.whatsbelowme.com
URL: https://www.whatsbelowme.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26da:4e00:1d:3be7:ae40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d7128e1f128ce0ef83cea53eea7909c6ab5caea381833b88ff14011c5ff7e3dd

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.whatsbelowme.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: 33NP891Lmn6IhDnexfnmVxGn1TmL9Zu4
content-encoding: br
via: 1.1 0a93e5f50864322b5cd49038d9c83154.cloudfront.net (CloudFront)
date: Mon, 03 Jun 2024 05:01:14 GMT
last-modified: Wed, 29 May 2024 18:31:04 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-P4
age: 6
x-amz-server-side-encryption: AES256
etag: W/"84dcfb7a119228bbfd75acbcddbd041e"
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: text/javascript
x-amz-cf-id: jCVtPXqqWNAuxhr8aWfY8ztUenKffG6ogDS6jTSibvww8DkgbExxTw==

GET
H2 200 5mb.png Show response
dcqucr3r6j7lg.cloudfront.net/public/ 5 MB
5 MB 132ms
56ms XHR
image/png 2600:9000:235a:8400:14:222b:cd00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dcqucr3r6j7lg.cloudfront.net/public/5mb.png?nocache=1717390874107
Requested by: Host: www.whatsbelowme.com
URL: https://www.whatsbelowme.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:235a:8400:14:222b:cd00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c036cbb7553a909f8b8877d4461924307f27ecb66cff928eeeafd569c3887e29

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.whatsbelowme.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sun, 02 Jun 2024 19:07:21 GMT
via: 1.1 eb8dd67e239abea324e36244f60eec4c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P9
age: 35633
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 5242880
last-modified: Thu, 30 May 2024 16:23:19 GMT
server: AmazonS3
etag: "5f363e0e58a95f06cbe9bbc662c5dfb6"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: *
accept-ranges: bytes
x-amz-cf-id: YWogf055MXJAl8bhuBTOOy6OIDxjlrIshAgNUuVcgjX-MsvR1Y7vGQ==

POST
H2 200 / Show response
eu.i.posthog.com/decide/ 785 B
807 B 162ms
88ms XHR
application/json 18.158.96.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://eu.i.posthog.com/decide/?v=3&ip=1&_=1717390874246&ver=1.136.1&compression=base64

Requested by

Host: www.whatsbelowme.com
URL: https://www.whatsbelowme.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.158.96.115 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-158-96-115.eu-central-1.compute.amazonaws.com

Software

envoy /

Resource Hash

722309fab42e4e17ca5c643d5e2c5d5959fea00d81b88cf80cb06fc46f80a155

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://www.whatsbelowme.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 03 Jun 2024 05:01:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
referrer-policy: same-origin
server: envoy
cross-origin-opener-policy: same-origin
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://www.whatsbelowme.com
access-control-allow-credentials: true
x-envoy-upstream-service-time: 9
access-control-allow-headers: X-Requested-With,Content-Type

GET
H2 200 nr-spa-1.260.1.min.js Show response
js-agent.newrelic.com/ 106 KB
34 KB 71ms
20ms Script
application/javascript 2602:816:5001::39
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/nr-spa-1.260.1.min.js

Requested by

Host: www.whatsbelowme.com
URL: https://www.whatsbelowme.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2602:816:5001::39 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

f941e01a27c4568da7a81f5cb516b5d2056b14b88cccf3c53f647bde767e0919

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.whatsbelowme.com/
Origin: https://www.whatsbelowme.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: Yrbdc1GL627m.B3Rf5_UelmBfBfYfLKU
content-encoding: br
via: 1.1 varnish
date: Mon, 03 Jun 2024 05:01:14 GMT
strict-transport-security: max-age=300
x-amz-request-id: C18Q9GZGDB76CJP0
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 34121
x-amz-id-2: I4CtaVD3/eXa3oqlW9MTF7VBxUZO5h7vaoHIdfibg6XM7vGmbEkSqaX1jOHmNKquyhCQ3Dp/eO8=
x-served-by: cache-fra-eddf8230029-FRA
last-modified: Mon, 20 May 2024 17:44:49 GMT
server: AmazonS3
etag: "1221654800ab387071aa9e0bf5b47dde"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=86400, stale-if-error=86400
accept-ranges: bytes
x-cache-hits: 1002784

POST
H2 200 / Show response
eu.i.posthog.com/e/ 13 B
416 B 137ms
65ms XHR
application/json 18.158.96.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://eu.i.posthog.com/e/?ip=1&_=1717390874253&ver=1.136.1&compression=base64

Requested by

Host: www.whatsbelowme.com
URL: https://www.whatsbelowme.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.158.96.115 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-158-96-115.eu-central-1.compute.amazonaws.com

Software

envoy /

Resource Hash

7d4afed20a912db310862a5294bcf8fb6269c76a292908ddc1fbd496456eff56

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://www.whatsbelowme.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 03 Jun 2024 05:01:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
referrer-policy: same-origin
server: envoy
cross-origin-opener-policy: same-origin
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://www.whatsbelowme.com
access-control-allow-credentials: true
x-envoy-upstream-service-time: 8
access-control-allow-headers: X-Requested-With,Content-Type

GET
H3 404 favicon.ico
www.whatsbelowme.com/ 0
542 B 158ms
157ms Other
text/html 172.67.210.64
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.whatsbelowme.com/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.210.64 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / cloud66

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.whatsbelowme.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-runtime: 0.003693
date: Mon, 03 Jun 2024 05:01:14 GMT
strict-transport-security: max-age=63072000; includeSubDomains
content-encoding: br
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: cloud66
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GbNm%2FJ3wNJYhm9xAyrAVQ7%2FMCTkW6GoT9cKx2rkFgWlEi7d475T8G1sH5%2B5pDk0ko0oLQpADlgiF8VLB1TA%2BMeWfJB56yMVqattgdUQA0dbkRqGhM35yF4vr6OTJa2r92rWOoe%2B0wg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cache-control: max-age=14400
cf-ray: 88dd1fc43b6e1b9f-FRA
alt-svc: h3=":443"; ma=86400
x-request-id: dbd18334-1945-4c7c-b0db-c70bcca4d419

POST
H/1.1 200 NRJS-5847aa87788025b7434 Show response
bam.eu01.nr-data.net/1/ 150 B
662 B 113ms
35ms XHR
text/plain 185.221.87.23
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.eu01.nr-data.net/1/NRJS-5847aa87788025b7434?a=538600739&sa=1&v=1.260.1&t=Unnamed%20Transaction&rst=1941&ck=0&s=45965db7a2ab6776&ref=https://www.whatsbelowme.com/&ptid=f759af8a848b7d96&af=err,xhr,stn,ins,spa&be=1269&fe=581&dc=434&fsh=1&perf=%7B%22timing%22:%7B%22of%22:1717390872403,%22n%22:0,%22f%22:65,%22dn%22:65,%22dne%22:65,%22c%22:65,%22s%22:65,%22ce%22:65,%22rq%22:253,%22rp%22:1269,%22rpe%22:1295,%22di%22:1702,%22ds%22:1702,%22de%22:1703,%22dc%22:1849,%22l%22:1849,%22le%22:1850%7D,%22navigation%22:%7B%7D%7D&fp=1762&fcp=1762
Requested by: Host: www.whatsbelowme.com
URL: https://www.whatsbelowme.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 185.221.87.23 , Ireland, ASN54113 (FASTLY, US),
Reverse DNS
Software: istio-envoy /
Resource Hash: d26e232d4748053f5faf5df69c73034c98d45fb96998535acc6d3a3b01790bd0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://www.whatsbelowme.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
content-type: text/plain

Response headers

date: Mon, 03 Jun 2024 05:01:14 GMT
server: istio-envoy
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
content-type: text/plain
access-control-allow-origin: https://www.whatsbelowme.com
access-control-expose-headers: Date
access-control-allow-credentials: true
x-envoy-upstream-service-time: 3
cross-origin-resource-policy: cross-origin
Connection: keep-alive
timing-allow-origin: https://www.whatsbelowme.com
Content-Length: 150
x-served-by: cache-fra-eddf8230067-FRA

GET
H2 200 recorder.js Show response
eu-assets.i.posthog.com/static/ 106 KB
37 KB 94ms
31ms Script
text/javascript 2606:4700:10::6816:3bb5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://eu-assets.i.posthog.com/static/recorder.js?v=1.136.1

Requested by

Host: www.whatsbelowme.com
URL: https://www.whatsbelowme.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3bb5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2e3162e829424015959c6daefceba95ab982cc6f4002f69387e05be6368c91ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://www.whatsbelowme.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 03 Jun 2024 05:01:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 236
x-envoy-upstream-service-time: 23
referrer-policy: same-origin
last-modified: Sun, 02 Jun 2024 21:00:04 GMT
server: cloudflare
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
vary: Cookie, Accept-Encoding
content-type: text/javascript; charset="utf-8"
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 88dd1fc59b419743-FRA

POST
H/1.1 200 blobs Show response
bam.eu01.nr-data.net/browser/ 24 B
347 B 35ms
35ms XHR
image/gif 185.221.87.23
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.eu01.nr-data.net/browser/blobs?browser_monitoring_key=NRJS-5847aa87788025b7434&type=BrowserSessionChunk&app_id=538600739&protocol_version=0&timestamp=1717390872000&attributes=entityGuid%3DNDAyMTEwMHxCUk9XU0VSfEFQUExJQ0FUSU9OfDUzODYwMDczOQ%26harvestId%3D45965db7a2ab6776_f759af8a848b7d96_1%26trace.firstTimestamp%3D1717390872000%26trace.lastTimestamp%3D1717390873850%26trace.nodes%3D26%26trace.originTimestamp%3D1717390872000%26agentVersion%3D1.260.1%26firstSessionHarvest%3Dtrue%26ptid%3Df759af8a848b7d96%26session%3D45965db7a2ab6776
Requested by: Host: www.whatsbelowme.com
URL: https://www.whatsbelowme.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 185.221.87.23 , Ireland, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://www.whatsbelowme.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
content-type: text/plain

Response headers

date: Mon, 03 Jun 2024 05:01:14 GMT
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
content-type: image/gif
access-control-allow-origin: https://www.whatsbelowme.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 24
x-served-by: cache-fra-eddf8230067-FRA

POST
H/1.1 200 NRJS-5847aa87788025b7434 Show response
bam.eu01.nr-data.net/events/1/ 24 B
342 B 55ms
40ms XHR
image/gif 185.221.87.23
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.eu01.nr-data.net/events/1/NRJS-5847aa87788025b7434?a=538600739&sa=1&v=1.260.1&t=Unnamed%20Transaction&rst=2081&ck=0&s=45965db7a2ab6776&ref=https://www.whatsbelowme.com/&ptid=f759af8a848b7d96
Requested by: Host: www.whatsbelowme.com
URL: https://www.whatsbelowme.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 185.221.87.23 , Ireland, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://www.whatsbelowme.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
content-type: text/plain

Response headers

date: Mon, 03 Jun 2024 05:01:14 GMT
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
content-type: image/gif
access-control-allow-origin: https://www.whatsbelowme.com
access-control-allow-credentials: true
Connection: close
Content-Length: 24
x-served-by: cache-fra-eddf8230067-FRA

GET
BLOB 200
OK 63bd40b5-faed-404e-8a9a-877695908279
https://www.whatsbelowme.com/ 5 KB
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.whatsbelowme.com/63bd40b5-faed-404e-8a9a-877695908279
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a1e7a2468cbdd5dfb966d59f1e8ef3e014b389885ad5bded6cceae037015994c

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Length: 5169
Content-Type: application/javascript

POST
H2 200 / Show response
eu.i.posthog.com/e/ 13 B
415 B 31ms
30ms XHR
application/json 18.158.96.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://eu.i.posthog.com/e/?ip=1&_=1717390877250&ver=1.136.1&compression=gzip-js

Requested by

Host: www.whatsbelowme.com
URL: https://www.whatsbelowme.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.158.96.115 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-158-96-115.eu-central-1.compute.amazonaws.com

Software

envoy /

Resource Hash

7d4afed20a912db310862a5294bcf8fb6269c76a292908ddc1fbd496456eff56

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://www.whatsbelowme.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 03 Jun 2024 05:01:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
referrer-policy: same-origin
server: envoy
cross-origin-opener-policy: same-origin
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://www.whatsbelowme.com
access-control-allow-credentials: true
x-envoy-upstream-service-time: 7
access-control-allow-headers: X-Requested-With,Content-Type

POST
H2 200 / Show response
eu.i.posthog.com/s/ 13 B
416 B 39ms
38ms XHR
application/json 18.158.96.115
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://eu.i.posthog.com/s/?ip=1&_=1717390877254&ver=1.136.1&compression=gzip-js

Requested by

Host: www.whatsbelowme.com
URL: https://www.whatsbelowme.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.158.96.115 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-158-96-115.eu-central-1.compute.amazonaws.com

Software

envoy /

Resource Hash

7d4afed20a912db310862a5294bcf8fb6269c76a292908ddc1fbd496456eff56

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://www.whatsbelowme.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 03 Jun 2024 05:01:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
referrer-policy: same-origin
server: envoy
cross-origin-opener-policy: same-origin
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: https://www.whatsbelowme.com
access-control-allow-credentials: true
x-envoy-upstream-service-time: 16
access-control-allow-headers: X-Requested-With,Content-Type

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.whatsbelowme.com/	1969-12-31 23:59:59	Name: _whats_below_me_session Value: 6koOmdSkk%2F5sbH%2BqH%2BxT1prpHue%2Bj%2FRdQe8Ak8xtM9BNp%2BhQl4OAlGSKyDEi0zxr4682ZGSm3cu0fJFmg%2FMZ%2FRxDokZLHh6CWAF1V7ow6npPl7Kn9kEUngpsjD%2FUyo%2BeOTMkDAmYNGtQyfTpoC1N2p6aUSh84EHTm3M%2FlG%2B81phnYPA10BYt4BQeJpce438MzfC%2BWu7uXpuKIirHKCoaU5IviFUqvxmdcnxnJZjRIjm9GDZRQz7cXOGMHelTgMELUQtv5lQPvzMLc24q8%2B89HpwRa%2FH4NHi%2BzfPwWmKX%2BwZvVFEdgbUfqMTZGUgZpz5tIduwuoi1inzRVd0%3D--C4w2kdtg5C0fiFrm--eVkMHksMaLVlJ0p%2FB0AMig%3D%3D

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.whatsbelowme.com/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bam.eu01.nr-data.net
cdn.jsdelivr.net
dcqucr3r6j7lg.cloudfront.net
eu-assets.i.posthog.com
eu.i.posthog.com
eu.posthog.com
js-agent.newrelic.com
js.sentry-cdn.com
whatsbelowme.com
www.whatsbelowme.com
172.67.210.64
18.158.96.115
185.221.87.23
2600:9000:235a:8400:14:222b:cd00:93a1
2600:9000:26da:4e00:1d:3be7:ae40:93a1
2602:816:5001::39
2606:4700:10::6816:3bb5
2606:4700::6812:bb1f
2a04:4e42::729
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
2e3162e829424015959c6daefceba95ab982cc6f4002f69387e05be6368c91ad
45928d474a7fea58c0272120b0ee8c976e8fcf4bc4a5932df08a7ed491bc7d9d
722309fab42e4e17ca5c643d5e2c5d5959fea00d81b88cf80cb06fc46f80a155
7d4afed20a912db310862a5294bcf8fb6269c76a292908ddc1fbd496456eff56
9528ca634fecad433d044ddd3e6f9ce1f068d5d932dafdbb19d8e6daea1968bd
9bcd4d0f29dc6556ebeeff44eaa0965f0c7f7308ee58394708cce2f698cca1b0
9f383b99b0dac789cdeeccadedd6b2d1c8746e9c994e2d96ce122e79875f619c
a1e7a2468cbdd5dfb966d59f1e8ef3e014b389885ad5bded6cceae037015994c
ab34b0be2689f93a4c98d0ba2c6705914b5fb1160fa1a1933848b8563132ac4f
c036cbb7553a909f8b8877d4461924307f27ecb66cff928eeeafd569c3887e29
c0bcf7898fdc3b87babca678cd19a8e3ef570e931c80a3afbffcc453738c951a
ccfe03188f277c70e0a527b95757d65f3174c9ec11bcbc2a8e9e47592eb037e7
d26e232d4748053f5faf5df69c73034c98d45fb96998535acc6d3a3b01790bd0
d7128e1f128ce0ef83cea53eea7909c6ab5caea381833b88ff14011c5ff7e3dd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f941e01a27c4568da7a81f5cb516b5d2056b14b88cccf3c53f647bde767e0919
fb1e01700bb40efa2faf8fc14c121e985d1e165a09ee3481be35f9a25eb22a59
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a

www.whatsbelowme.com Open in urlscan Pro 172.67.210.64 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

22 Requests

95 %HTTPS

67 %IPv6

7 Domains

10 Subdomains

10 IPs

3 Countries

6011 kBTransfer

6743 kBSize

1 Cookies

1 Outgoing links

Page URL History

Redirected requests

22 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

1 Cookies

1 Console Messages

Security Headers

Indicators

www.whatsbelowme.com Open in urlscan Pro
172.67.210.64 Public Scan

Screenshot
Live screenshot

Full Image

22
Requests

95 %
HTTPS

67 %
IPv6

7
Domains

10
Subdomains

10
IPs

3
Countries

6011 kB
Transfer

6743 kB
Size

1
Cookies

22 HTTP transactions
0 data transactions