trainstationsignforsale.lat Open in urlscan Pro
2606:4700:3035::6815:28e1 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://cgfvhg.blob.core.windows.net/cjgcgh/ghanilp.html
Effective URL:
https://trainstationsignforsale.lat/?encoded_value=279768Q&sub1=596e74c8c4a54a6e9b9de0a72a21335e&sub2=&sub3=&sub4=&sub5=22090&source...
Submission: On December 18 via manual (December 18th 2024, 4:12:56 pm UTC) from SG — Scanned from US

Summary HTTP 28 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 1 countries across 6 domains to perform 28 HTTP transactions. The main IP is 2606:4700:3035::6815:28e1, located in United States and belongs to CLOUDFLARENET, US. The main domain is trainstationsignforsale.lat.
TLS certificate: Issued by WE1 on December 12th 2024. Valid for: 3 months.

This is the only time trainstationsignforsale.lat was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Scam (Online)

Domain & IP information

	IP Address	AS Autonomous System
2	20.209.187.227 20.209.187.227	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	192.254.71.10 192.254.71.10	31863 (DACEN-2) (DACEN-2)
1 1	2606:4700:303... 2606:4700:3035::ac43:8a42	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 22	2606:4700:303... 2606:4700:3035::6815:28e1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:303... 2606:4700:3036::6815:1b98	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700:303... 2606:4700:3031::ac43:9cc9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
28	5

2 20.209.187.227 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

cgfvhg.blob.core.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.254.71.10 (United States) 1 redirects

ASN31863 (DACEN-2, US)

www.workjamtech.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3035::ac43:8a42 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.mastertrackingdomain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2606:4700:3035::6815:28e1 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

trainstationsignforsale.lat	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3036::6815:1b98 (United States)

ASN13335 (CLOUDFLARENET, US)

use.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:3031::ac43:9cc9 (United States)

ASN13335 (CLOUDFLARENET, US)

trk-quantivex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
event.trk-quantivex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
22	trainstationsignforsale.lat 1 redirects trainstationsignforsale.lat	3 MB
3	trk-quantivex.com trk-quantivex.com event.trk-quantivex.com	4 KB
2	windows.net cgfvhg.blob.core.windows.net	1 KB
1	fontawesome.com use.fontawesome.com — Cisco Umbrella Rank: 1331	439 KB
1	mastertrackingdomain.com 1 redirects www.mastertrackingdomain.com	1 KB
1	workjamtech.com 1 redirects www.workjamtech.com	647 B
28	6

	Domain	Requested by
22	trainstationsignforsale.lat	1 redirects trainstationsignforsale.lat
2	event.trk-quantivex.com	trk-quantivex.com
2	cgfvhg.blob.core.windows.net
1	trk-quantivex.com	trainstationsignforsale.lat
1	use.fontawesome.com	trainstationsignforsale.lat
1	www.mastertrackingdomain.com	1 redirects
1	www.workjamtech.com	1 redirects
28	7

This site contains no links.

Subject Issuer	Validity	Valid
*.blob.core.windows.net Microsoft Azure RSA TLS Issuing CA 08	`2024-10-27` - `2025-04-25`	6 months	crt.sh
trainstationsignforsale.lat WE1	`2024-12-12` - `2025-03-12`	3 months	crt.sh
use.fontawesome.com WE1	`2024-11-07` - `2025-02-06`	3 months	crt.sh
trk-quantivex.com WE1	`2024-12-12` - `2025-03-12`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://trainstationsignforsale.lat/?encoded_value=279768Q&sub1=596e74c8c4a54a6e9b9de0a72a21335e&sub2=&sub3=&sub4=&sub5=22090&source_id=1847&ip=2600%3A803%3Aa88%3A3087%3A%3A87&domain=www.mastertrackingdomain.com
Frame ID: C0E8A37994742353AA7C6F03696393BA
Requests: 27 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

CVS - Survey Rewards

Page URL History Show full URLs

https://cgfvhg.blob.core.windows.net/cjgcgh/ghanilp.html Page URL
https://www.workjamtech.com/3ZSTW5S/XF5T8L1/ HTTP 302
https://www.mastertrackingdomain.com/37HF1RW/2D4K7WJR/?source_id=1847&sub1=596e74c8c4a54a6e9b9de0a72a21335e HTTP 302
https://trainstationsignforsale.lat/rv9hNP7G1d4OJ3eehBTvCWV0CkK7dldghaS/?encoded_value=279768Q&sub1=596e74c8c4a5... HTTP 302
http://trainstationsignforsale.lat/?encoded_value=279768Q&sub1=596e74c8c4a54a6e9b9de0a72a21335e&sub2=&sub3=&sub... HTTP 307
https://trainstationsignforsale.lat/?encoded_value=279768Q&sub1=596e74c8c4a54a6e9b9de0a72a21335e&sub2=&sub3=&sub... Page URL

Detected technologies

animate.css (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link [^>]+(?:/([\d.]+)/)?animate\.(?:min\.)?css

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

28
Requests

96 %
HTTPS

67 %
IPv6

6
Domains

7
Subdomains

5
IPs

1
Countries

3168 kB
Transfer

4006 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://cgfvhg.blob.core.windows.net/cjgcgh/ghanilp.html Page URL
https://www.workjamtech.com/3ZSTW5S/XF5T8L1/ HTTP 302
https://www.mastertrackingdomain.com/37HF1RW/2D4K7WJR/?source_id=1847&sub1=596e74c8c4a54a6e9b9de0a72a21335e HTTP 302
https://trainstationsignforsale.lat/rv9hNP7G1d4OJ3eehBTvCWV0CkK7dldghaS/?encoded_value=279768Q&sub1=596e74c8c4a54a6e9b9de0a72a21335e&sub2=&sub3=&sub4=&sub5=22090&source_id=1847&ip=2600%3A803%3Aa88%3A3087%3A%3A87&domain=www.mastertrackingdomain.com HTTP 302
http://trainstationsignforsale.lat/?encoded_value=279768Q&sub1=596e74c8c4a54a6e9b9de0a72a21335e&sub2=&sub3=&sub4=&sub5=22090&source_id=1847&ip=2600%3A803%3Aa88%3A3087%3A%3A87&domain=www.mastertrackingdomain.com HTTP 307
https://trainstationsignforsale.lat/?encoded_value=279768Q&sub1=596e74c8c4a54a6e9b9de0a72a21335e&sub2=&sub3=&sub4=&sub5=22090&source_id=1847&ip=2600%3A803%3Aa88%3A3087%3A%3A87&domain=www.mastertrackingdomain.com Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

28 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK ghanilp.html
cgfvhg.blob.core.windows.net/cjgcgh/ 175 B
578 B 597ms
182ms Document
text/html 20.209.187.227
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://cgfvhg.blob.core.windows.net/cjgcgh/ghanilp.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 20.209.187.227 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

Content-Length: 175
Content-MD5: GaVwFFvkKp4R7+4xqzTkkQ==
Content-Type: text/html
Date: Wed, 18 Dec 2024 16:12:47 GMT
ETag: 0x8DD1F6D96E5B8DE
Last-Modified: Wed, 18 Dec 2024 14:09:30 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: a8263f3c-701e-0012-5d67-51d26d000000
x-ms-version: 2009-09-19

GET
H2

200

Primary Request / Show response
trainstationsignforsale.lat/
Redirect Chain

https://www.workjamtech.com/3ZSTW5S/XF5T8L1/
https://www.mastertrackingdomain.com/37HF1RW/2D4K7WJR/?source_id=1847&sub1=596e74c8c4a54a6e9b9de0a72a21335e
https://trainstationsignforsale.lat/rv9hNP7G1d4OJ3eehBTvCWV0CkK7dldghaS/?encoded_value=279768Q&sub1=596e74c8c4a54a6e9b9de0a72a21335e&sub2=&sub3=&sub4=&sub5=22090&source_id=1847&ip=2600%3A803%3Aa88%...
http://trainstationsignforsale.lat/?encoded_value=279768Q&sub1=596e74c8c4a54a6e9b9de0a72a21335e&sub2=&sub3=&sub4=&sub5=22090&source_id=1847&ip=2600%3A803%3Aa88%3A3087%3A%3A87&domain=www.mastertrack...
https://trainstationsignforsale.lat/?encoded_value=279768Q&sub1=596e74c8c4a54a6e9b9de0a72a21335e&sub2=&sub3=&sub4=&sub5=22090&source_id=1847&ip=2600%3A803%3Aa88%3A3087%3A%3A87&domain=www.mastertrac...

41 KB
8 KB

128ms
127ms

Document
text/html

2606:4700:3035::6815:28e1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://trainstationsignforsale.lat/?encoded_value=279768Q&sub1=596e74c8c4a54a6e9b9de0a72a21335e&sub2=&sub3=&sub4=&sub5=22090&source_id=1847&ip=2600%3A803%3Aa88%3A3087%3A%3A87&domain=www.mastertrackingdomain.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3035::6815:28e1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

59cc3c44830043af4dad394d4d0100b167e9f889ed89149e53fc9419a8e020c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://cgfvhg.blob.core.windows.net/cjgcgh/ghanilp.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 8f406fce0ad043fa-EWR
content-encoding: zstd
content-type: text/html
date: Wed, 18 Dec 2024 16:12:50 GMT
expires: Wed, 18 Dec 2024 16:12:49 GMT
last-modified: Wed, 11 Dec 2024 12:11:49 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
permissions-policy: interest-cohort=()
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tUIP75cBJ2y%2Be3avtp9sqbt7ijbhMYf0Ze9%2B0nAocCBIrS%2F0G14o20OaS0fBVlK4wM%2BwvIm0ZziuE5BbpPmH%2FRU4YDMsMFr%2B9p8ElusfQqvg13u1AE7FDPeXm79v4gxj8BxUB1gQJH7GvdMb%2FQH%2FZzrJXhrC3Zl%2BXhs%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=TCP&rtt=13283&min_rtt=8439&rtt_var=9967&sent=9&recv=12&lost=0&retrans=0&sent_bytes=5157&recv_bytes=2700&delivery_rate=320527&cwnd=255&unsent_bytes=0&cid=8b10374592e09df0&ts=713&x=0"
strict-transport-security: max-age=31536000; includeSubDomains; preload

Redirect headers

Cross-Origin-Resource-Policy: Cross-Origin
Location: https://trainstationsignforsale.lat/?encoded_value=279768Q&sub1=596e74c8c4a54a6e9b9de0a72a21335e&sub2=&sub3=&sub4=&sub5=22090&source_id=1847&ip=2600%3A803%3Aa88%3A3087%3A%3A87&domain=www.mastertrackingdomain.com
Non-Authoritative-Reason: HSTS

GET
H/1.1 400
One of the request inputs is out of range. favicon.ico
cgfvhg.blob.core.windows.net/ 226 B
485 B 169ms
168ms Other
application/xml 20.209.187.227
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://cgfvhg.blob.core.windows.net/favicon.ico
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 20.209.187.227 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Blob Service Version 1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://cgfvhg.blob.core.windows.net/cjgcgh/ghanilp.html

Response headers

x-ms-request-id: a8264028-701e-0012-3a67-51d26d000000
Content-Length: 226
Date: Wed, 18 Dec 2024 16:12:47 GMT
Content-Type: application/xml
Server: Blob Service Version 1.0 Microsoft-HTTPAPI/2.0

GET
H3 200 style.css
trainstationsignforsale.lat/css/ 17 KB
5 KB 257ms
256ms Stylesheet
text/css 2606:4700:3035::6815:28e1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://trainstationsignforsale.lat/css/style.css

Requested by

Host: trainstationsignforsale.lat
URL: https://trainstationsignforsale.lat/?encoded_value=279768Q&sub1=596e74c8c4a54a6e9b9de0a72a21335e&sub2=&sub3=&sub4=&sub5=22090&source_id=1847&ip=2600%3A803%3Aa88%3A3087%3A%3A87&domain=www.mastertrackingdomain.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:28e1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dabac89609ac35bfe9a59dd32cec2cb6e6adea268094b830e622e45ee1d7942f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://trainstationsignforsale.lat/?encoded_value=279768Q&sub1=596e74c8c4a54a6e9b9de0a72a21335e&sub2=&sub3=&sub4=&sub5=22090&source_id=1847&ip=2600%3A803%3Aa88%3A3087%3A%3A87&domain=www.mastertrackingdomain.com

Response headers

content-encoding: zstd
cf-cache-status: DYNAMIC
etag: W/"67598182-4205"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LdWPJVsNZIHkHDdUJyqSrkIrsjbE8xhxoJBzaMuPU5wEEkrxGxrsFD44h58zzj%2Fk5z5d4rmk4O2A8FiSn6SBG%2Bt0CPr%2FxNytjUvEx0zmwDzU4Q6mE8fdpxYnu1MXY1J%2Fa%2Bp0j3mpAlo7lwYQJl%2F3OZIA4COzt3nwsSQ%3D"}],"group":"cf-nel","max_age":604800}
expires: Wed, 18 Dec 2024 16:12:49 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=113099&min_rtt=89980&rtt_var=42712&sent=14&recv=15&lost=0&retrans=0&sent_bytes=4300&recv_bytes=6610&delivery_rate=175&cwnd=12000&unsent_bytes=0&cid=6f17cec4ebd02f93&ts=742&x=1", cfExtPri, cfHdrFlush;dur=0
date: Wed, 18 Dec 2024 16:12:51 GMT
content-type: text/css
last-modified: Wed, 11 Dec 2024 12:11:46 GMT
priority: u=0,i=?0
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f406fd17ad24328-EWR
permissions-policy: interest-cohort=()
server: cloudflare

GET
H3 200 animate.min.css
trainstationsignforsale.lat/css/ 70 KB
7 KB 281ms
280ms Stylesheet
text/css 2606:4700:3035::6815:28e1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://trainstationsignforsale.lat/css/animate.min.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:28e1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fbaeb9f8e25d7e0143bae61d4b1802c16ce7390b96ceb2d498b0d96ff4c853f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://trainstationsignforsale.lat/?encoded_value=279768Q&sub1=596e74c8c4a54a6e9b9de0a72a21335e&sub2=&sub3=&sub4=&sub5=22090&source_id=1847&ip=2600%3A803%3Aa88%3A3087%3A%3A87&domain=www.mastertrackingdomain.com

Response headers

content-encoding: zstd
cf-cache-status: DYNAMIC
etag: W/"67598182-11846"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=upDNLgDLjWnfcSJhvOV4d9%2BgO2%2BbEsHoz3Z2TB7ve5Mfng64gQiAKApRi7Kbfq1ow1kP1Z7B%2Bt0P4Lcg0c3vL6ErISFmbzZEZq8kPCn%2FuOOWr5MymmYrKLX1iVxCAcL0jfqhqaRfZbTsbO3hLlwHQHBlad9fxdEcnHI%3D"}],"group":"cf-nel","max_age":604800}
expires: Wed, 18 Dec 2024 16:12:49 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=113099&min_rtt=89980&rtt_var=42712&sent=21&recv=15&lost=0&retrans=0&sent_bytes=10234&recv_bytes=6610&delivery_rate=175&cwnd=12000&unsent_bytes=0&cid=6f17cec4ebd02f93&ts=761&x=1", cfExtPri, cfHdrFlush;dur=0
date: Wed, 18 Dec 2024 16:12:51 GMT
content-type: text/css
last-modified: Wed, 11 Dec 2024 12:11:46 GMT
priority: u=0,i=?0
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f406fd17ad34328-EWR
permissions-policy: interest-cohort=()
server: cloudflare

GET
H2 200 all.js Show response
use.fontawesome.com/releases/v5.15.4/js/ 1 MB
439 KB 500ms
68ms Script
application/javascript 2606:4700:3036::6815:1b98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.15.4/js/all.js
Requested by: Host: trainstationsignforsale.lat
URL: https://trainstationsignforsale.lat/?encoded_value=279768Q&sub1=596e74c8c4a54a6e9b9de0a72a21335e&sub2=&sub3=&sub4=&sub5=22090&source_id=1847&ip=2600%3A803%3Aa88%3A3087%3A%3A87&domain=www.mastertrackingdomain.com
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:1b98 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 812ab0e46f86b2ce98ab2425ab2224b90d0845952a1ac0d5abd734b6217e98bf

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://trainstationsignforsale.lat
Referer: https://trainstationsignforsale.lat/

Response headers

content-encoding: zstd
cf-cache-status: HIT
etag: W/"5e29440867fdb02a48dffded02338c31"
age: 618474
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Hb5uP9YF8AVf2ADecnsunqAmcBETwova4hLFVuhPdERrs5BL%2B4B7zArkVEKtbDJDG%2FDGIuAZpq9kn05624eB%2B1L%2FijqRqLewlzvqRi3s%2BM5nWcaOlhR1IxlLqnAy75Zn0qrwoh2OUGvSwRZVJjTrPudo"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=8478&min_rtt=8478&rtt_var=3180&sent=5&recv=6&lost=0&retrans=0&sent_bytes=4017&recv_bytes=2190&delivery_rate=480905&cwnd=253&unsent_bytes=0&cid=9b9e8686b6e90b69&ts=66&x=0"
date: Wed, 18 Dec 2024 16:12:51 GMT
content-type: application/javascript
last-modified: Fri, 22 Sep 2023 01:45:24 GMT
vary: Origin, Accept-Encoding
cache-control: max-age=31556926
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f406fd73e5041fe-EWR
access-control-allow-origin: *
server: cloudflare

GET
H3 200 datehead.js Show response
trainstationsignforsale.lat/js/ 2 KB
2 KB 265ms
264ms Script
application/javascript 2606:4700:3035::6815:28e1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://trainstationsignforsale.lat/js/datehead.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:28e1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e095b91cc9a20149cef660cd11b5ea0dfb7b13b511d2841913984bf78354740b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://trainstationsignforsale.lat/?encoded_value=279768Q&sub1=596e74c8c4a54a6e9b9de0a72a21335e&sub2=&sub3=&sub4=&sub5=22090&source_id=1847&ip=2600%3A803%3Aa88%3A3087%3A%3A87&domain=www.mastertrackingdomain.com

Response headers

content-encoding: zstd
cf-cache-status: DYNAMIC
etag: W/"67598182-999"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P3hoGpMmutacQT11wsXNIY4DNDUpzvyoCkL096GBEBpSEHfhiliepX%2ByJ3aV1KSEl7e%2BrCF2WnA5KiqtgqMJAUEjcqqBKdHOCKqceXLZWXnJ4c3NfVpWQBsxy0ffUy6OZJcW7C%2Ff5OD2m4OjuTl8rebk1XpTleTv%2Bfk%3D"}],"group":"cf-nel","max_age":604800}
expires: Wed, 18 Dec 2024 16:12:49 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=113099&min_rtt=89980&rtt_var=42712&sent=18&recv=15&lost=0&retrans=0&sent_bytes=7748&recv_bytes=6610&delivery_rate=175&cwnd=12000&unsent_bytes=0&cid=6f17cec4ebd02f93&ts=745&x=1", cfExtPri, cfHdrFlush;dur=0
date: Wed, 18 Dec 2024 16:12:51 GMT
content-type: application/javascript
last-modified: Wed, 11 Dec 2024 12:11:46 GMT
priority: u=1,i=?0
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f406fd17ad54328-EWR
permissions-policy: interest-cohort=()
server: cloudflare

GET
H3 200 logo.png
trainstationsignforsale.lat/images/ 27 KB
28 KB 279ms
279ms Image
image/png 2606:4700:3035::6815:28e1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trainstationsignforsale.lat/images/logo.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:28e1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1af56d89c225f7bdf3cbf8792d8dedb3abf0e29c61ae1135bf495d4f5ea9bb3e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://trainstationsignforsale.lat/?encoded_value=279768Q&sub1=596e74c8c4a54a6e9b9de0a72a21335e&sub2=&sub3=&sub4=&sub5=22090&source_id=1847&ip=2600%3A803%3Aa88%3A3087%3A%3A87&domain=www.mastertrackingdomain.com

Response headers

cf-cache-status: DYNAMIC
etag: "67598184-6bd0"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jJTN8qBsbr1n2qriJLr1%2Bd7DJ1fDxIgOzBY%2BZ2j2S0TDlj98KYXYgqBdi4PGgrCOtx6qBssiy1QgiZZ6RcbU1MVPiDCs4pk3nqAWgkuZlEvd4IIBABUCgtqXii6YNfJhX6P7XenaOLmPNYKUlp5D3Snwk53z%2FZHPIVA%3D"}],"group":"cf-nel","max_age":604800}
expires: Wed, 18 Dec 2024 16:12:49 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=113099&min_rtt=89980&rtt_var=42712&sent=20&recv=15&lost=0&retrans=0&sent_bytes=9451&recv_bytes=6610&delivery_rate=175&cwnd=12000&unsent_bytes=0&cid=6f17cec4ebd02f93&ts=757&x=1", cfExtPri, cfHdrFlush;dur=0
date: Wed, 18 Dec 2024 16:12:51 GMT
content-type: image/png
last-modified: Wed, 11 Dec 2024 12:11:48 GMT
priority: u=2,i
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f406fd17ad64328-EWR
permissions-policy: interest-cohort=()
accept-ranges: bytes
content-length: 27600
server: cloudflare

GET
H3 200 flaglogo.png
trainstationsignforsale.lat/images/ 2 KB
2 KB 258ms
257ms Image
image/png 2606:4700:3035::6815:28e1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trainstationsignforsale.lat/images/flaglogo.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:28e1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eb97f1ceb86cf65febe6fc09278d503747f140e18297b6da6ee4bdcd41479f43

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://trainstationsignforsale.lat/?encoded_value=279768Q&sub1=596e74c8c4a54a6e9b9de0a72a21335e&sub2=&sub3=&sub4=&sub5=22090&source_id=1847&ip=2600%3A803%3Aa88%3A3087%3A%3A87&domain=www.mastertrackingdomain.com

Response headers

cf-cache-status: DYNAMIC
etag: "67598184-6f5"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F8z7E%2Fz5XnvXxW%2BpgV%2FxMIXl0ANcCxYX1jFSwJdEb%2BafjjCbr0BCS1iJkA6HRZtZTPK1P0Y2QexGouXjGq5Kq8Ny1S7kV6MItZgkUGY7dxwaN3LUwWfzDpnM%2B3ynfoYjVeUw2gBUPOaEzum93NFQd1pm4woatRk4FEk%3D"}],"group":"cf-nel","max_age":604800}
expires: Wed, 18 Dec 2024 16:12:49 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=113099&min_rtt=89980&rtt_var=42712&sent=14&recv=15&lost=0&retrans=0&sent_bytes=4300&recv_bytes=6610&delivery_rate=175&cwnd=12000&unsent_bytes=0&cid=6f17cec4ebd02f93&ts=742&x=1", cfExtPri, cfHdrFlush;dur=0
date: Wed, 18 Dec 2024 16:12:51 GMT
content-type: image/png
last-modified: Wed, 11 Dec 2024 12:11:48 GMT
priority: u=2,i
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f406fd17ad84328-EWR
permissions-policy: interest-cohort=()
accept-ranges: bytes
content-length: 1781
server: cloudflare

GET
H3 200 product.png
trainstationsignforsale.lat/images/ 894 KB
895 KB 309ms
308ms Image
image/png 2606:4700:3035::6815:28e1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trainstationsignforsale.lat/images/product.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:28e1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9e893a7a7cf9487ef4dfc1c15df823fe19b5f5b34b05dd1d08b09b0eadbd553e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://trainstationsignforsale.lat/?encoded_value=279768Q&sub1=596e74c8c4a54a6e9b9de0a72a21335e&sub2=&sub3=&sub4=&sub5=22090&source_id=1847&ip=2600%3A803%3Aa88%3A3087%3A%3A87&domain=www.mastertrackingdomain.com

Response headers

cf-cache-status: DYNAMIC
etag: "67598183-df81b"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FubUDjqIm490XLJ8Ogic8j5xg1ISifZoDHwXN%2F30soy49BDjAr1gayQwY8aPxDoD%2FcP34eTSOGxGaq5rcj2%2FLSd2s%2BnuNcg2%2BaSaTZv0dO3YQPc%2B1G6u6Rjpq6uUMhkRVENVJRBhM7FSe0YQPih4d0WgbRhiy7JV%2FME%3D"}],"group":"cf-nel","max_age":604800}
expires: Wed, 18 Dec 2024 16:12:50 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=45171&min_rtt=25474&rtt_var=18294&sent=61&recv=37&lost=0&retrans=0&sent_bytes=49770&recv_bytes=8537&delivery_rate=209427&cwnd=24000&unsent_bytes=0&cid=6f17cec4ebd02f93&ts=908&x=1", cfExtPri, cfHdrFlush;dur=0
date: Wed, 18 Dec 2024 16:12:51 GMT
content-type: image/png
last-modified: Wed, 11 Dec 2024 12:11:47 GMT
priority: u=2,i
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f406fd32d9c4328-EWR
permissions-policy: interest-cohort=()
accept-ranges: bytes
content-length: 915483
server: cloudflare

GET
H3 200 loadingBL.gif
trainstationsignforsale.lat/images/ 122 KB
122 KB 491ms
490ms Image
image/gif 2606:4700:3035::6815:28e1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trainstationsignforsale.lat/images/loadingBL.gif

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:28e1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d769b5e89c5845baca4f51f91d02fdf4a4cbeb9db32c30e1c1c1f7a539518216

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://trainstationsignforsale.lat/?encoded_value=279768Q&sub1=596e74c8c4a54a6e9b9de0a72a21335e&sub2=&sub3=&sub4=&sub5=22090&source_id=1847&ip=2600%3A803%3Aa88%3A3087%3A%3A87&domain=www.mastertrackingdomain.com

Response headers

cf-cache-status: DYNAMIC
etag: "67598183-1e64a"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BLfK2dW1vHBTFiltrw%2FaKHGEhi7ctSIzpgwBdiXrqFfHta%2B5tJhHDtAgc6hzaetqr5wntgAfqzGOiP3XgEbPH3N%2FWODYFXBEetV9mxP5Ay6aKM3Pj6f57w3SKFyGLmhzvyO7ysc9WR8u0XIoTaE18u5ip19qoAwBgto%3D"}],"group":"cf-nel","max_age":604800}
expires: Wed, 18 Dec 2024 16:12:50 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=67551&min_rtt=25474&rtt_var=41307&sent=89&recv=52&lost=0&retrans=0&sent_bytes=77440&recv_bytes=15270&delivery_rate=40650&cwnd=27600&unsent_bytes=0&cid=6f17cec4ebd02f93&ts=1106&x=1", cfExtPri, cfHdrFlush;dur=8
date: Wed, 18 Dec 2024 16:12:51 GMT
content-type: image/gif
last-modified: Wed, 11 Dec 2024 12:11:47 GMT
priority: u=2,i
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f406fd3ce894328-EWR
permissions-policy: interest-cohort=()
accept-ranges: bytes
content-length: 124490
server: cloudflare

GET
H3 200 prize1.png
trainstationsignforsale.lat/images/ 893 KB
894 KB 390ms
387ms Image
image/png 2606:4700:3035::6815:28e1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trainstationsignforsale.lat/images/prize1.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:28e1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4c9e3d34a9e2ca1b70ddb80a6ad93e2179edddb3b62d607627bf9c083b3ab240

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://trainstationsignforsale.lat/?encoded_value=279768Q&sub1=596e74c8c4a54a6e9b9de0a72a21335e&sub2=&sub3=&sub4=&sub5=22090&source_id=1847&ip=2600%3A803%3Aa88%3A3087%3A%3A87&domain=www.mastertrackingdomain.com

Response headers

cf-cache-status: DYNAMIC
etag: "67598183-df57e"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FJA3H%2BFhvcSptMIh6oz9UOHISspXMveOL0DokbNE2kk9QYZ77yhb72vnm%2FLyU96Ipm0SI%2Fzg8B7u%2BtN%2Bgg%2Fhsln1aMBJwawLpIg0VSLcQXEKbqvz1hEDOTmfXCy%2BWxqkEKmCeafOHXdnTEJ3lnQeCORbqBo1iO9ECOs%3D"}],"group":"cf-nel","max_age":604800}
expires: Wed, 18 Dec 2024 16:12:50 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=81698&min_rtt=25474&rtt_var=59272&sent=91&recv=53&lost=0&retrans=0&sent_bytes=79411&recv_bytes=15314&delivery_rate=47651&cwnd=28800&unsent_bytes=0&cid=6f17cec4ebd02f93&ts=1171&x=1", cfExtPri, cfHdrFlush;dur=7
date: Wed, 18 Dec 2024 16:12:51 GMT
content-type: image/png
last-modified: Wed, 11 Dec 2024 12:11:47 GMT
priority: u=2,i
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f406fd49fec4328-EWR
permissions-policy: interest-cohort=()
accept-ranges: bytes
content-length: 914814
server: cloudflare

GET
H3 200 1.jpg
trainstationsignforsale.lat/images/ 43 KB
44 KB 397ms
391ms Image
image/jpeg 2606:4700:3035::6815:28e1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trainstationsignforsale.lat/images/1.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:28e1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fa34fa4a45cf0e1071529b887e64627c4d6019ae03f1c1adb18f292585eafad7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://trainstationsignforsale.lat/?encoded_value=279768Q&sub1=596e74c8c4a54a6e9b9de0a72a21335e&sub2=&sub3=&sub4=&sub5=22090&source_id=1847&ip=2600%3A803%3Aa88%3A3087%3A%3A87&domain=www.mastertrackingdomain.com

Response headers

cf-cache-status: DYNAMIC
etag: "67598184-ab55"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LskVrzOnsbFLtwi8beimVWGW43LLuwFn8e%2FtIWTj%2FcjsVFAJc97uJ1%2BdpP0nrc%2BP9NUA8PAzETJhKhhl%2BQx1B%2BLRlIsWdZRfjucevzbL432FanDVH%2FEZlLJzosGLsVQxxQmxHvTpbp%2BfXP66Lf0Ntuxi1UUZGti9R5k%3D"}],"group":"cf-nel","max_age":604800}
expires: Wed, 18 Dec 2024 16:12:50 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=81698&min_rtt=25474&rtt_var=59272&sent=91&recv=53&lost=0&retrans=0&sent_bytes=79411&recv_bytes=15314&delivery_rate=47651&cwnd=28800&unsent_bytes=0&cid=6f17cec4ebd02f93&ts=1176&x=1", cfExtPri, cfHdrFlush;dur=3
date: Wed, 18 Dec 2024 16:12:51 GMT
content-type: image/jpeg
last-modified: Wed, 11 Dec 2024 12:11:48 GMT
priority: u=3,i
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f406fd49ff84328-EWR
permissions-policy: interest-cohort=()
accept-ranges: bytes
content-length: 43861
server: cloudflare

GET
H3 200 2.jpg
trainstationsignforsale.lat/images/ 31 KB
32 KB 397ms
391ms Image
image/jpeg 2606:4700:3035::6815:28e1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trainstationsignforsale.lat/images/2.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:28e1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

385528b5f550aa72947c3906f4d50ae4f478c5eef8cb6526229c88ce43261443

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://trainstationsignforsale.lat/?encoded_value=279768Q&sub1=596e74c8c4a54a6e9b9de0a72a21335e&sub2=&sub3=&sub4=&sub5=22090&source_id=1847&ip=2600%3A803%3Aa88%3A3087%3A%3A87&domain=www.mastertrackingdomain.com

Response headers

cf-cache-status: DYNAMIC
etag: "67598184-7c5d"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RwZmmWKleCREvtuLCq9lYgfNaLD7lrU7X%2Fw8NJX%2Bh6ieRqiZU0OiuRdMew0sVjvnhE%2FHf3nUY9LqJwecu8a1L3aPAl9%2B3gAQ%2FgLbI3Q3N1%2FNAfOb%2FF9MDZYC%2FLQOysnPcYJMA7qBm4oDWTlD%2F9ICx%2BCFANvQOmA%2B0No%3D"}],"group":"cf-nel","max_age":604800}
expires: Wed, 18 Dec 2024 16:12:50 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=81698&min_rtt=25474&rtt_var=59272&sent=91&recv=53&lost=0&retrans=0&sent_bytes=79411&recv_bytes=15314&delivery_rate=47651&cwnd=28800&unsent_bytes=0&cid=6f17cec4ebd02f93&ts=1171&x=1", cfExtPri, cfHdrFlush;dur=8
date: Wed, 18 Dec 2024 16:12:51 GMT
content-type: image/jpeg
last-modified: Wed, 11 Dec 2024 12:11:48 GMT
priority: u=3,i
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f406fd49ffb4328-EWR
permissions-policy: interest-cohort=()
accept-ranges: bytes
content-length: 31837
server: cloudflare

GET
H3 200 comm_pic_1.jpg
trainstationsignforsale.lat/images/ 73 KB
74 KB 576ms
570ms Image
image/jpeg 2606:4700:3035::6815:28e1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trainstationsignforsale.lat/images/comm_pic_1.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:28e1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9e881c84c114503dfcf2681927f47ebfaeaeada94eeed9b0e4f411fea3f48439

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://trainstationsignforsale.lat/?encoded_value=279768Q&sub1=596e74c8c4a54a6e9b9de0a72a21335e&sub2=&sub3=&sub4=&sub5=22090&source_id=1847&ip=2600%3A803%3Aa88%3A3087%3A%3A87&domain=www.mastertrackingdomain.com

Response headers

cf-cache-status: DYNAMIC
etag: "67598184-12460"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3lREiYl6bjn2bjLIa816go6yLfdEXmyyjvHfw5X%2F6RZt2TN2qkrkYnOtlOWvSaJ2tzvOzFsoWkzm8dpYfNBecvoGD0YJEC3uga20fcHwAXpkcsdmTTAmBaf2ID4vr%2Be9U%2B0MHrzy4gVy%2Bo%2FshZGJgl61XwW3pBCgPC0%3D"}],"group":"cf-nel","max_age":604800}
expires: Wed, 18 Dec 2024 16:12:50 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=192930&min_rtt=25474&rtt_var=47584&sent=135&recv=65&lost=0&retrans=0&sent_bytes=115840&recv_bytes=15838&delivery_rate=132405&cwnd=38400&unsent_bytes=0&cid=6f17cec4ebd02f93&ts=1233&x=1", cfExtPri, cfHdrFlush;dur=137
date: Wed, 18 Dec 2024 16:12:51 GMT
content-type: image/jpeg
last-modified: Wed, 11 Dec 2024 12:11:48 GMT
priority: u=3,i
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f406fd49fff4328-EWR
permissions-policy: interest-cohort=()
accept-ranges: bytes
content-length: 74848
server: cloudflare

GET
H3 200 3.jpg
trainstationsignforsale.lat/images/ 64 KB
64 KB 544ms
539ms Image
image/jpeg 2606:4700:3035::6815:28e1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trainstationsignforsale.lat/images/3.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:28e1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5418439e04d58d4e7d335d1bfc325284a1ce21f426c24d69f8de527da97b7b76

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://trainstationsignforsale.lat/?encoded_value=279768Q&sub1=596e74c8c4a54a6e9b9de0a72a21335e&sub2=&sub3=&sub4=&sub5=22090&source_id=1847&ip=2600%3A803%3Aa88%3A3087%3A%3A87&domain=www.mastertrackingdomain.com

Response headers

cf-cache-status: DYNAMIC
etag: "67598184-fed9"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ssxxdmD5hhBQ%2BfknV50aGonflwER8CBYUz992Jq6OZPMalLnhMaShCq9%2FduFZde9Ff%2FduTl1GTofv7HhxWoDodv37UF7Fv6dIhuPElVlHHwjmQDdKKyTYZP7eiyuWgBFmnYK3EMmfq0mC5%2FcjGUNGSgR1zB20n01G4w%3D"}],"group":"cf-nel","max_age":604800}
expires: Wed, 18 Dec 2024 16:12:50 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=189209&min_rtt=25474&rtt_var=53525&sent=130&recv=64&lost=0&retrans=0&sent_bytes=113485&recv_bytes=15794&delivery_rate=126021&cwnd=38400&unsent_bytes=0&cid=6f17cec4ebd02f93&ts=1214&x=1", cfExtPri, cfHdrFlush;dur=0
date: Wed, 18 Dec 2024 16:12:51 GMT
content-type: image/jpeg
last-modified: Wed, 11 Dec 2024 12:11:48 GMT
priority: u=3,i
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f406fd498024328-EWR
permissions-policy: interest-cohort=()
accept-ranges: bytes
content-length: 65241
server: cloudflare

GET
H3 200 4.jpg
trainstationsignforsale.lat/images/ 36 KB
37 KB 1728ms
1723ms Image
image/jpeg 2606:4700:3035::6815:28e1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trainstationsignforsale.lat/images/4.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:28e1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

63aec2631ee77fdb2ccf7c41e0e952e25940fd52211aedd73280fcc0ac3ea3f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://trainstationsignforsale.lat/?encoded_value=279768Q&sub1=596e74c8c4a54a6e9b9de0a72a21335e&sub2=&sub3=&sub4=&sub5=22090&source_id=1847&ip=2600%3A803%3Aa88%3A3087%3A%3A87&domain=www.mastertrackingdomain.com

Response headers

cf-cache-status: DYNAMIC
etag: "67598183-91e0"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Vu1NDCfhRTU87VIqd0E6OX6Rx%2F50xvbrABPvDf5lsIeInOtfAKMj93DpKDZXx4TRJa7rHdSVfzS10cCqRJcBNMZ03x2sTRtV1Xg13s13gS6LwXwOodYKOJSVISZYUtOQPIYGU5FNHImjFJtJR9r00GWHnlmBVq%2FzjBM%3D"}],"group":"cf-nel","max_age":604800}
expires: Wed, 18 Dec 2024 16:12:50 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=192930&min_rtt=25474&rtt_var=47584&sent=135&recv=65&lost=0&retrans=0&sent_bytes=115840&recv_bytes=15838&delivery_rate=132405&cwnd=38400&unsent_bytes=0&cid=6f17cec4ebd02f93&ts=1253&x=1", cfExtPri, cfHdrFlush;dur=137
date: Wed, 18 Dec 2024 16:12:51 GMT
content-type: image/jpeg
last-modified: Wed, 11 Dec 2024 12:11:47 GMT
priority: u=3,i
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f406fd498064328-EWR
permissions-policy: interest-cohort=()
accept-ranges: bytes
content-length: 37344
server: cloudflare

GET
H3 200 comm_pic_2.jpg
trainstationsignforsale.lat/images/ 95 KB
96 KB 397ms
392ms Image
image/jpeg 2606:4700:3035::6815:28e1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trainstationsignforsale.lat/images/comm_pic_2.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:28e1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b0d9b65a64ac267feaef7582d2b81993212f4e1ab4e562fc7daf48ebe1986fe8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://trainstationsignforsale.lat/?encoded_value=279768Q&sub1=596e74c8c4a54a6e9b9de0a72a21335e&sub2=&sub3=&sub4=&sub5=22090&source_id=1847&ip=2600%3A803%3Aa88%3A3087%3A%3A87&domain=www.mastertrackingdomain.com

Response headers

cf-cache-status: DYNAMIC
etag: "67598185-17db4"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A%2B6vXHwBmpyLCUhJjN0KyOsMD3W1qEpk3vpuyzYskdzzISFui5NCUHjxYxQt0GeS64WixzFHwhQIbq1HqrpipSvAkILMpnAENuqxnCAgo%2Bv2O2OmVJ3taKkV92DpP4m5nc9%2BvQeP7XK4Hk6EqNcRxqTDIeWG5EO9qJA%3D"}],"group":"cf-nel","max_age":604800}
expires: Wed, 18 Dec 2024 16:12:50 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=81698&min_rtt=25474&rtt_var=59272&sent=91&recv=53&lost=0&retrans=0&sent_bytes=79411&recv_bytes=15314&delivery_rate=47651&cwnd=28800&unsent_bytes=0&cid=6f17cec4ebd02f93&ts=1177&x=1", cfExtPri, cfHdrFlush;dur=3
date: Wed, 18 Dec 2024 16:12:51 GMT
content-type: image/jpeg
last-modified: Wed, 11 Dec 2024 12:11:49 GMT
priority: u=3,i
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f406fd498074328-EWR
permissions-policy: interest-cohort=()
accept-ranges: bytes
content-length: 97716
server: cloudflare

GET
H3 200 5.jpg
trainstationsignforsale.lat/images/ 44 KB
44 KB 397ms
393ms Image
image/jpeg 2606:4700:3035::6815:28e1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trainstationsignforsale.lat/images/5.jpg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:28e1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c50866e05aca5676441b1cd638692727cac416ff8532a176a85443da3a667edc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://trainstationsignforsale.lat/?encoded_value=279768Q&sub1=596e74c8c4a54a6e9b9de0a72a21335e&sub2=&sub3=&sub4=&sub5=22090&source_id=1847&ip=2600%3A803%3Aa88%3A3087%3A%3A87&domain=www.mastertrackingdomain.com

Response headers

cf-cache-status: DYNAMIC
etag: "67598183-aecb"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9UMakoSfr1oRrz4jx8WycebcZ4nuFDZJA0vv8ihz3JQiBvZN5yoK9KffI234bWsS6WWzCR00XWVMfTFLLF82e8OJNZdkavacVY2ltD6QEdDj4HEkkL%2B3CLAUUeQKhGZkkQPyZLyXbfv1KNO6dkxwDxlu%2FljkwAcCubU%3D"}],"group":"cf-nel","max_age":604800}
expires: Wed, 18 Dec 2024 16:12:50 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=81698&min_rtt=25474&rtt_var=59272&sent=91&recv=53&lost=0&retrans=0&sent_bytes=79411&recv_bytes=15314&delivery_rate=47651&cwnd=28800&unsent_bytes=0&cid=6f17cec4ebd02f93&ts=1171&x=1", cfExtPri, cfHdrFlush;dur=9
date: Wed, 18 Dec 2024 16:12:51 GMT
content-type: image/jpeg
last-modified: Wed, 11 Dec 2024 12:11:47 GMT
priority: u=3,i
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f406fd4980a4328-EWR
permissions-policy: interest-cohort=()
accept-ranges: bytes
content-length: 44747
server: cloudflare

GET
H3 200 f_guarantee.png
trainstationsignforsale.lat/images/ 6 KB
7 KB 1726ms
1723ms Image
image/png 2606:4700:3035::6815:28e1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trainstationsignforsale.lat/images/f_guarantee.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:28e1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bf97443d681d2bc0ca04b707d0d3d443bcf99b1bf4fc0af84ac51286d0b4e02b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://trainstationsignforsale.lat/?encoded_value=279768Q&sub1=596e74c8c4a54a6e9b9de0a72a21335e&sub2=&sub3=&sub4=&sub5=22090&source_id=1847&ip=2600%3A803%3Aa88%3A3087%3A%3A87&domain=www.mastertrackingdomain.com

Response headers

cf-cache-status: DYNAMIC
etag: "67598183-18d0"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F7QFcMmFuxrfkmRro3dXBAwUOkpJ7VwiwkXI5t6HVmxhjcoF91rGw7YZV2nYn7BHWOIPeGtL2ZED313OIq%2FRzX5MJHwiDlqhPOU8NvtKp1%2B%2F0BNe5iJO%2BKEvNtot6tqQVY05fMGIc7MQowDdKhXeMS7ltGmvW90fsEE%3D"}],"group":"cf-nel","max_age":604800}
expires: Wed, 18 Dec 2024 16:12:50 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=192930&min_rtt=25474&rtt_var=47584&sent=135&recv=65&lost=0&retrans=0&sent_bytes=115840&recv_bytes=15838&delivery_rate=132405&cwnd=38400&unsent_bytes=0&cid=6f17cec4ebd02f93&ts=1233&x=1", cfExtPri, cfHdrFlush;dur=159
date: Wed, 18 Dec 2024 16:12:51 GMT
content-type: image/png
last-modified: Wed, 11 Dec 2024 12:11:47 GMT
priority: u=3,i
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f406fd4980e4328-EWR
permissions-policy: interest-cohort=()
accept-ranges: bytes
content-length: 6352
server: cloudflare

GET
H3 200 f_secure_1.png
trainstationsignforsale.lat/images/ 10 KB
10 KB 397ms
394ms Image
image/png 2606:4700:3035::6815:28e1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trainstationsignforsale.lat/images/f_secure_1.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:28e1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c6c896e27ff1f1d6cb22ce652dcca916946ce9f003bcb4fe30d1265fcb531a95

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://trainstationsignforsale.lat/?encoded_value=279768Q&sub1=596e74c8c4a54a6e9b9de0a72a21335e&sub2=&sub3=&sub4=&sub5=22090&source_id=1847&ip=2600%3A803%3Aa88%3A3087%3A%3A87&domain=www.mastertrackingdomain.com

Response headers

cf-cache-status: DYNAMIC
etag: "67598184-2686"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nL0QCv%2B28TErhCoAX4Vs%2BfJHU2S3S1PT0npVmXEOX2Wz%2B2IYEZEU%2BYg9HfIIlrnvuK9gfeGl8w8fYKLgY2NGER3uL7KXUZeMHuz77Pa05yuenFq7yO%2BKzyE9c%2FQWSMApyyPyJFNZ8%2Fi2lktg1yEeDH3kmEodhcdNP6c%3D"}],"group":"cf-nel","max_age":604800}
expires: Wed, 18 Dec 2024 16:12:50 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=81698&min_rtt=25474&rtt_var=59272&sent=91&recv=53&lost=0&retrans=0&sent_bytes=79411&recv_bytes=15314&delivery_rate=47651&cwnd=28800&unsent_bytes=0&cid=6f17cec4ebd02f93&ts=1171&x=1", cfExtPri, cfHdrFlush;dur=11
date: Wed, 18 Dec 2024 16:12:51 GMT
content-type: image/png
last-modified: Wed, 11 Dec 2024 12:11:48 GMT
priority: u=3,i
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f406fd498104328-EWR
permissions-policy: interest-cohort=()
accept-ranges: bytes
content-length: 9862
server: cloudflare

GET
H3 200 logo2.png
trainstationsignforsale.lat/images/ 27 KB
28 KB 538ms
536ms Image
image/png 2606:4700:3035::6815:28e1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trainstationsignforsale.lat/images/logo2.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:28e1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ba244505d433df959ec202d5f1edacfb5a1c8b6a1bba8f2db9b94eac456dab8d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://trainstationsignforsale.lat/?encoded_value=279768Q&sub1=596e74c8c4a54a6e9b9de0a72a21335e&sub2=&sub3=&sub4=&sub5=22090&source_id=1847&ip=2600%3A803%3Aa88%3A3087%3A%3A87&domain=www.mastertrackingdomain.com

Response headers

cf-cache-status: DYNAMIC
etag: "67598184-6bdb"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sEwutsxS60VEhpJUSccapepmKp2yM5aUHlLJ%2FypfVTs1rarlPlgVA4dXh73dmwick37qIppGY0WbLNYrMeNTaixJURswQ8TI61O6AStgtb86WWITCLkwbj2Cl1rndXkhrtMytk7fFlVRZ%2FeSal2glC29iO2mvEgh2tM%3D"}],"group":"cf-nel","max_age":604800}
expires: Wed, 18 Dec 2024 16:12:50 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=174931&min_rtt=25474&rtt_var=75918&sent=121&recv=61&lost=0&retrans=0&sent_bytes=106442&recv_bytes=15662&delivery_rate=212179&cwnd=37200&unsent_bytes=0&cid=6f17cec4ebd02f93&ts=1212&x=1", cfExtPri, cfHdrFlush;dur=1
date: Wed, 18 Dec 2024 16:12:51 GMT
content-type: image/png
last-modified: Wed, 11 Dec 2024 12:11:48 GMT
priority: u=3,i
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f406fd498124328-EWR
permissions-policy: interest-cohort=()
accept-ranges: bytes
content-length: 27611
server: cloudflare

GET
H3 200 script.js Show response
trainstationsignforsale.lat/js/ 11 KB
3 KB 391ms
384ms Script
application/javascript 2606:4700:3035::6815:28e1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://trainstationsignforsale.lat/js/script.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:28e1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f00f3d70c51ff1e44ac76948562892affb4d54fa019a4a331bb961a222420814

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://trainstationsignforsale.lat/?encoded_value=279768Q&sub1=596e74c8c4a54a6e9b9de0a72a21335e&sub2=&sub3=&sub4=&sub5=22090&source_id=1847&ip=2600%3A803%3Aa88%3A3087%3A%3A87&domain=www.mastertrackingdomain.com

Response headers

content-encoding: zstd
cf-cache-status: DYNAMIC
etag: W/"67598182-2de3"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fJp9An9QXGV9Ign5lUTte%2F9HYFBUgeaQxCjAyT3%2BmMp1lmjZEdemE5SysCzdWXpxaePp05NHcxtfZC0hjHZy3ff1lFLYejSB2HpISpsqsIdh407zrLh94Ea5O52hC461LfjP%2FBtJ93BEUNqHdY%2FBjrPbzsh3mtZ2a2s%3D"}],"group":"cf-nel","max_age":604800}
expires: Wed, 18 Dec 2024 16:12:50 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=81698&min_rtt=25474&rtt_var=59272&sent=91&recv=53&lost=0&retrans=0&sent_bytes=79411&recv_bytes=15314&delivery_rate=47651&cwnd=28800&unsent_bytes=0&cid=6f17cec4ebd02f93&ts=1172&x=1", cfExtPri, cfHdrFlush;dur=7
date: Wed, 18 Dec 2024 16:12:51 GMT
content-type: application/javascript
last-modified: Wed, 11 Dec 2024 12:11:46 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f406fd49ff44328-EWR
permissions-policy: interest-cohort=()
server: cloudflare

GET
H3 200 bg.png
trainstationsignforsale.lat/images/ 321 KB
322 KB 539ms
537ms Image
image/png 2606:4700:3035::6815:28e1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trainstationsignforsale.lat/images/bg.png

Requested by

Host: trainstationsignforsale.lat
URL: https://trainstationsignforsale.lat/css/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::6815:28e1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ae9d1e2ffba6c887f32da4c75aa490422d95ac2735ea9894a8d1d4c94466393a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://trainstationsignforsale.lat/css/style.css

Response headers

cf-cache-status: DYNAMIC
etag: "67598185-5034d"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lwb5rkINBB8eaPboMafdRqlYx7FYQnmTBajZdVBTIYi37Dva5Ud%2FmsGNcEvS0o3enBpZIxo91kDbqGwrCJbq%2Fyj%2Fs2nlR4tn1wZJxQANDMBUQtp6eRjbpJVd0PNMczIqdnBVxsb7brQQS5aQSGmnQSgztdO1nM%2B%2BX78%3D"}],"group":"cf-nel","max_age":604800}
expires: Wed, 18 Dec 2024 16:12:50 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=174931&min_rtt=25474&rtt_var=75918&sent=121&recv=61&lost=0&retrans=0&sent_bytes=106442&recv_bytes=15662&delivery_rate=212179&cwnd=37200&unsent_bytes=0&cid=6f17cec4ebd02f93&ts=1212&x=1", cfExtPri, cfHdrFlush;dur=1
date: Wed, 18 Dec 2024 16:12:51 GMT
content-type: image/png
last-modified: Wed, 11 Dec 2024 12:11:49 GMT
priority: u=3,i
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f406fd498134328-EWR
permissions-policy: interest-cohort=()
accept-ranges: bytes
content-length: 328525
server: cloudflare

GET
H3 200 64d5p99gj0 Show response
trk-quantivex.com/scripts/push/script/ 8 KB
4 KB 400ms
133ms Script
application/javascript 2606:4700:3031::ac43:9cc9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://trk-quantivex.com/scripts/push/script/64d5p99gj0?url=trainstationsignforsale.lat

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:9cc9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

820432169bba0ede067fbcbd4c243aa5d10decd08db99ba6f359bc745ee898ff

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://trainstationsignforsale.lat/

Response headers

content-encoding: gzip
cf-cache-status: HIT
age: 6509
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FKrSd%2BWR%2FNy0O3Mes1QZn5hUsNN806GRv7CvOeGUmqOTDw6SHYba3z1ULZ7FMg8HDxR1oGhTLx%2BYBMzXUJGa%2F30aTeKl0gQCY7rzcE1bOlOW6EALa73D6uxmOIJVarMwf9BJ2UalSh823OmCcRNl1g%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: 0
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=162262&min_rtt=160398&rtt_var=37108&sent=12&recv=9&lost=0&retrans=0&sent_bytes=4160&recv_bytes=5502&delivery_rate=20567&cwnd=12000&unsent_bytes=0&cid=a03360706fe44781&ts=204&x=1", cfExtPri, cfHdrFlush;dur=0
date: Wed, 18 Dec 2024 16:12:51 GMT
content-type: application/javascript;charset=UTF-8
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified: Wed, 18 Dec 2024 14:24:22 GMT
x-frame-options: SAMEORIGIN
priority: u=3,i=?0
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
cache-control: max-age=14400, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8f406fd8bd9780cd-EWR
permissions-policy: camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
accept-ranges: bytes
content-length: 2522
x-xss-protection: 1; mode=block
server: cloudflare

GET favicon.ico
trainstationsignforsale.lat/ 0
0

POST
H3 200 q2go4lpydr
event.trk-quantivex.com/register/event_log/ 0
0 132ms
130ms Fetch 2606:4700:3031::ac43:9cc9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://event.trk-quantivex.com/register/event_log/q2go4lpydr

Requested by

Host: trk-quantivex.com
URL: https://trk-quantivex.com/scripts/push/script/64d5p99gj0?url=trainstationsignforsale.lat

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:9cc9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-type: application/json
Referer: https://trainstationsignforsale.lat/

Response headers

access-control-expose-headers: Authorization, Link, X-Total-Count, X-pushPlatformApp-alert, X-pushPlatformApp-error, X-pushPlatformApp-params
x-pushplatformapp-alert: pushPlatformApp.pushSubscription.deleted
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kshQ4TnGq8Ed9R5IOTSxprP2sMwMcDW8fxaSo%2BSky3Nl82aAcBEb8Q522y%2FE74w8b7PhwFJZvkaywNh0tb4ZCIz667esMAlv6aRCjhyjk7sIzn%2F89OgSgnHmo6sznz0yhYa5%2FhTbzqWes%2FhIVyb%2BdJWNs3xfoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: 0
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=103975&min_rtt=89583&rtt_var=33299&sent=15&recv=12&lost=0&retrans=0&sent_bytes=5506&recv_bytes=4910&delivery_rate=15124&cwnd=12000&unsent_bytes=0&cid=633a8baefe6d3798&ts=275&x=1", cfExtPri, cfHdrFlush;dur=0
date: Wed, 18 Dec 2024 16:12:54 GMT
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
priority: u=1,i
x-frame-options: SAMEORIGIN
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
cache-control: no-cache, no-store, max-age=0, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8f406feafae37cf3-EWR
permissions-policy: camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
x-pushplatformapp-params
access-control-allow-origin: *
content-length: 0
x-xss-protection: 1; mode=block
server: cloudflare

OPTIONS
H3 200 q2go4lpydr
event.trk-quantivex.com/register/event_log/ 0
0 395ms
132ms Preflight 2606:4700:3031::ac43:9cc9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://event.trk-quantivex.com/register/event_log/q2go4lpydr

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:9cc9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://trainstationsignforsale.lat
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-expose-headers: Authorization, Link, X-Total-Count, X-pushPlatformApp-alert, X-pushPlatformApp-error, X-pushPlatformApp-params
access-control-max-age: 1800
alt-svc: h3=":443"; ma=86400
cache-control: no-cache, no-store, max-age=0, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8f406fea29807cf3-EWR
content-length: 0
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
date: Wed, 18 Dec 2024 16:12:54 GMT
expires: 0
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
permissions-policy: camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
pragma: no-cache
priority: u=1,i
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dsrZA65mTqAX6gMNkHUdHXj4ksXSLPt%2FeEDgN%2FNDWi4I7A6NUo4yFCEheTwJsrIou1nIgscqOc1rtp%2F2uf5GvYs3tbBfLnx4%2Fwwnr6EeA3yJWqjMP%2BnwdkUbXV5VxSod39XB7dLUFlQDw05Ax7pNx1FyjYxszg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=QUIC&rtt=92041&min_rtt=89583&rtt_var=35349&sent=11&recv=7&lost=0&retrans=0&sent_bytes=4142&recv_bytes=4262&delivery_rate=35276&cwnd=12000&unsent_bytes=0&cid=633a8baefe6d3798&ts=155&x=1" cfExtPri cfHdrFlush;dur=0
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: trainstationsignforsale.lat
URL: https://trainstationsignforsale.lat/favicon.ico

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Scam (Online)

32 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.mastertrackingdomain.com/	1970-01-21 01:50:24	Name: uniqueClick_2D4K7WJR Value: f3d5de6f-08ec-4b2b-a1ca-42fdf26dea6a:1734538369
www.mastertrackingdomain.com/	1970-01-21 03:58:34	Name: transaction_id Value: 8d5e794268cf46f7acce6e3a33b8052c
trainstationsignforsale.lat/	1969-12-31 23:59:59	Name: SESSIONIDS Value: rv9hNP7G1d4OJ3eehBTvCWV0CkK7dldghaS

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://cgfvhg.blob.core.windows.net/favicon.ico Message: Failed to load resource: the server responded with a status of 400 (One of the request inputs is out of range.)
other	error	URL: https://trainstationsignforsale.lat/?encoded_value=279768Q&sub1=596e74c8c4a54a6e9b9de0a72a21335e&sub2=&sub3=&sub4=&sub5=22090&source_id=1847&ip=2600%3A803%3Aa88%3A3087%3A%3A87&domain=www.mastertrackingdomain.com Message: Chrome currently does not support the Push API in incognito mode (https://crbug.com/401439). There is deliberately no way to feature-detect this, since incognito mode needs to be undetectable by websites.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cgfvhg.blob.core.windows.net
event.trk-quantivex.com
trainstationsignforsale.lat
trk-quantivex.com
use.fontawesome.com
www.mastertrackingdomain.com
www.workjamtech.com
trainstationsignforsale.lat
192.254.71.10
20.209.187.227
2606:4700:3031::ac43:9cc9
2606:4700:3035::6815:28e1
2606:4700:3035::ac43:8a42
2606:4700:3036::6815:1b98
1af56d89c225f7bdf3cbf8792d8dedb3abf0e29c61ae1135bf495d4f5ea9bb3e
385528b5f550aa72947c3906f4d50ae4f478c5eef8cb6526229c88ce43261443
4c9e3d34a9e2ca1b70ddb80a6ad93e2179edddb3b62d607627bf9c083b3ab240
5418439e04d58d4e7d335d1bfc325284a1ce21f426c24d69f8de527da97b7b76
59cc3c44830043af4dad394d4d0100b167e9f889ed89149e53fc9419a8e020c1
5fbaeb9f8e25d7e0143bae61d4b1802c16ce7390b96ceb2d498b0d96ff4c853f
63aec2631ee77fdb2ccf7c41e0e952e25940fd52211aedd73280fcc0ac3ea3f7
812ab0e46f86b2ce98ab2425ab2224b90d0845952a1ac0d5abd734b6217e98bf
820432169bba0ede067fbcbd4c243aa5d10decd08db99ba6f359bc745ee898ff
9e881c84c114503dfcf2681927f47ebfaeaeada94eeed9b0e4f411fea3f48439
9e893a7a7cf9487ef4dfc1c15df823fe19b5f5b34b05dd1d08b09b0eadbd553e
ae9d1e2ffba6c887f32da4c75aa490422d95ac2735ea9894a8d1d4c94466393a
b0d9b65a64ac267feaef7582d2b81993212f4e1ab4e562fc7daf48ebe1986fe8
ba244505d433df959ec202d5f1edacfb5a1c8b6a1bba8f2db9b94eac456dab8d
bf97443d681d2bc0ca04b707d0d3d443bcf99b1bf4fc0af84ac51286d0b4e02b
c50866e05aca5676441b1cd638692727cac416ff8532a176a85443da3a667edc
c6c896e27ff1f1d6cb22ce652dcca916946ce9f003bcb4fe30d1265fcb531a95
d769b5e89c5845baca4f51f91d02fdf4a4cbeb9db32c30e1c1c1f7a539518216
dabac89609ac35bfe9a59dd32cec2cb6e6adea268094b830e622e45ee1d7942f
e095b91cc9a20149cef660cd11b5ea0dfb7b13b511d2841913984bf78354740b
eb97f1ceb86cf65febe6fc09278d503747f140e18297b6da6ee4bdcd41479f43
f00f3d70c51ff1e44ac76948562892affb4d54fa019a4a331bb961a222420814
fa34fa4a45cf0e1071529b887e64627c4d6019ae03f1c1adb18f292585eafad7

trainstationsignforsale.lat Open in urlscan Pro 2606:4700:3035::6815:28e1 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

28 Requests

96 %HTTPS

67 %IPv6

6 Domains

7 Subdomains

5 IPs

1 Countries

3168 kBTransfer

4006 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

28 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

trainstationsignforsale.lat Open in urlscan Pro
2606:4700:3035::6815:28e1 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

28
Requests

96 %
HTTPS

67 %
IPv6

6
Domains

7
Subdomains

5
IPs

1
Countries

3168 kB
Transfer

4006 kB
Size

3
Cookies

28 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!