acrostics.knuckleheads.world Open in urlscan Pro
188.114.96.3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://shorturl.at/c7Rde#cl/31397_sd/107/16516335/364/51/296881
Effective URL:
https://acrostics.knuckleheads.world/vdmu/mqgc/kgtt/alqet?5946920d8562f32bf2825ae42a8e7292
Submission: On August 29 via manual (August 29th 2024, 6:25:52 pm UTC) from US — Scanned from AT

Summary HTTP 20 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 8 domains to perform 20 HTTP transactions. The main IP is 188.114.96.3, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is acrostics.knuckleheads.world.
TLS certificate: Issued by WE1 on August 21st 2024. Valid for: 3 months.

This is the only time acrostics.knuckleheads.world was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Scam (Online)

Domain & IP information

	IP Address	AS Autonomous System
2 2	104.26.9.129 104.26.9.129	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	52.217.44.62 52.217.44.62	16509 (AMAZON-02) (AMAZON-02)
1 1	104.21.91.30 104.21.91.30	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	194.31.223.88 194.31.223.88	39521 (TNGNET) (TNGNET)
1 1	104.21.3.187 104.21.3.187	13335 (CLOUDFLAR...) (CLOUDFLARENET)
14	188.114.96.3 188.114.96.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.67.142.245 172.67.142.245	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	188.114.97.3 188.114.97.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
20	5

2 104.26.9.129 (None, ) 2 redirects

ASN13335 (CLOUDFLARENET, US)

shorturl.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.shorturl.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.217.44.62 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1.amazonaws.com

s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.21.91.30 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

termine-flohmarkt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 194.31.223.88 (Hoofddorp, Netherlands)

ASN39521 (TNGNET, NL)

onestpager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.21.3.187 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

enroutespecial.website	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 188.114.96.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

acrostics.knuckleheads.world	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
trk-elevostra.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.142.245 (United States)

ASN13335 (CLOUDFLARENET, US)

use.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 188.114.97.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

event.trk-elevostra.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	knuckleheads.world acrostics.knuckleheads.world	230 KB
4	trk-elevostra.com trk-elevostra.com — Cisco Umbrella Rank: 357103 event.trk-elevostra.com — Cisco Umbrella Rank: 369321	3 KB
2	shorturl.at 2 redirects shorturl.at — Cisco Umbrella Rank: 78705 www.shorturl.at — Cisco Umbrella Rank: 90327	1 KB
1	fontawesome.com use.fontawesome.com — Cisco Umbrella Rank: 1950	426 KB
1	enroutespecial.website 1 redirects enroutespecial.website	659 B
1	onestpager.com onestpager.com	418 B
1	termine-flohmarkt.com 1 redirects termine-flohmarkt.com	516 B
1	amazonaws.com s3.amazonaws.com	550 B
20	8

	Domain	Requested by
13	acrostics.knuckleheads.world	onestpager.com acrostics.knuckleheads.world
3	event.trk-elevostra.com	trk-elevostra.com
1	trk-elevostra.com	acrostics.knuckleheads.world
1	use.fontawesome.com	acrostics.knuckleheads.world
1	enroutespecial.website	1 redirects
1	onestpager.com	s3.amazonaws.com
1	termine-flohmarkt.com	1 redirects
1	s3.amazonaws.com
1	www.shorturl.at	1 redirects
1	shorturl.at	1 redirects
20	10

This site contains no links.

Subject Issuer	Validity	Valid
s3.amazonaws.com Amazon RSA 2048 M01	`2024-05-25` - `2025-05-02`	a year	crt.sh
onestpager.com R11	`2024-08-07` - `2024-11-05`	3 months	crt.sh
knuckleheads.world WE1	`2024-08-21` - `2024-11-19`	3 months	crt.sh
use.fontawesome.com Cloudflare Inc ECC CA-3	`2023-10-12` - `2024-10-10`	a year	crt.sh
trk-elevostra.com WE1	`2024-08-11` - `2024-11-09`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://acrostics.knuckleheads.world/vdmu/mqgc/kgtt/alqet?5946920d8562f32bf2825ae42a8e7292
Frame ID: 6EDEB6DF467EF40ECD90844CEC98DCD5
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Survey Rewards

Page URL History Show full URLs

https://shorturl.at/c7Rde HTTP 301
https://www.shorturl.at/c7Rde HTTP 302
https://s3.amazonaws.com/fdsgwffhgfshrqstrsgtfgsgqrgs/fdsgwffhgfshrqstrsgtfgsgqrgs.com Page URL
http://termine-flohmarkt.com/cl/31397_sd/107/16516335/364/51/296881 HTTP 307
https://termine-flohmarkt.com/cl/31397_sd/107/16516335/364/51/296881 HTTP 302
https://onestpager.com/0/0/0/e15b2e0c8bfffef79f0223e20f27acdb/107/31397_1/51_296881_717151_sd Page URL
https://enroutespecial.website/?id=270&s1=351258&s2=1222244479&s3=7214&p=us5strsweps7a HTTP 302
https://acrostics.knuckleheads.world/vdmu/mqgc/kgtt/alqet?5946920d8562f32bf2825ae42a8e7292 Page URL

Detected technologies

animate.css (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link [^>]+(?:/([\d.]+)/)?animate\.(?:min\.)?css

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

20
Requests

100 %
HTTPS

0 %
IPv6

8
Domains

10
Subdomains

5
IPs

3
Countries

661 kB
Transfer

1525 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://shorturl.at/c7Rde HTTP 301
https://www.shorturl.at/c7Rde HTTP 302
https://s3.amazonaws.com/fdsgwffhgfshrqstrsgtfgsgqrgs/fdsgwffhgfshrqstrsgtfgsgqrgs.com Page URL
http://termine-flohmarkt.com/cl/31397_sd/107/16516335/364/51/296881 HTTP 307
https://termine-flohmarkt.com/cl/31397_sd/107/16516335/364/51/296881 HTTP 302
https://onestpager.com/0/0/0/e15b2e0c8bfffef79f0223e20f27acdb/107/31397_1/51_296881_717151_sd Page URL
https://enroutespecial.website/?id=270&s1=351258&s2=1222244479&s3=7214&p=us5strsweps7a HTTP 302
https://acrostics.knuckleheads.world/vdmu/mqgc/kgtt/alqet?5946920d8562f32bf2825ae42a8e7292 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://shorturl.at/c7Rde HTTP 301
https://www.shorturl.at/c7Rde HTTP 302
https://s3.amazonaws.com/fdsgwffhgfshrqstrsgtfgsgqrgs/fdsgwffhgfshrqstrsgtfgsgqrgs.com

Request Chain 1

http://termine-flohmarkt.com/cl/31397_sd/107/16516335/364/51/296881 HTTP 307
https://termine-flohmarkt.com/cl/31397_sd/107/16516335/364/51/296881 HTTP 302
https://onestpager.com/0/0/0/e15b2e0c8bfffef79f0223e20f27acdb/107/31397_1/51_296881_717151_sd

20 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

fdsgwffhgfshrqstrsgtfgsgqrgs.com
s3.amazonaws.com/fdsgwffhgfshrqstrsgtfgsgqrgs/
Redirect Chain

https://shorturl.at/c7Rde
https://www.shorturl.at/c7Rde
https://s3.amazonaws.com/fdsgwffhgfshrqstrsgtfgsgqrgs/fdsgwffhgfshrqstrsgtfgsgqrgs.com

156 B
550 B

368ms
131ms

Document
text/html

52.217.44.62
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s3.amazonaws.com/fdsgwffhgfshrqstrsgtfgsgqrgs/fdsgwffhgfshrqstrsgtfgsgqrgs.com
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.217.44.62 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1.amazonaws.com
Software: AmazonS3 /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Accept-Ranges: bytes
Content-Length: 156
Content-Type: text/html
Date: Thu, 29 Aug 2024 18:25:45 GMT
ETag: "0a75a0c2702d75babe6a005a10fa8115"
Last-Modified: Thu, 29 Aug 2024 15:53:03 GMT
Server: AmazonS3
x-amz-id-2: smXmdLi9+XlpTyo4bDmB9zpFsvUUTQvG5Qp8eWDqloGRg4NSKBlffG+2F3CaG/tGnummEizlpvQ=
x-amz-request-id: XZJ9YRBXNG98HQMR
x-amz-server-side-encryption: AES256

Redirect headers

cf-cache-status: DYNAMIC
cf-ray: 8bae95d77ea2c2f2-VIE
content-type: text/html; charset=UTF-8
date: Thu, 29 Aug 2024 18:25:43 GMT
location: https://s3.amazonaws.com/fdsgwffhgfshrqstrsgtfgsgqrgs/fdsgwffhgfshrqstrsgtfgsgqrgs.com
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IVz0dgMKnW1224cOAha4Ih6vGSX5wRTKEgJVbmxFt6MO%2B1BWr3q3am75V%2FUyRPQqsDiSctnICu%2FUgh0vDzZxsys3xa5dEJpQjE3TtQZ3pQ8hvj4WCLmaPsKgC22HC9jQUg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-nginx-upstream-cache-status: MISS
x-server-powered-by: Engintron
x-xss-protection: 1; mode=block

GET
H2

200

51_296881_717151_sd Show response
onestpager.com/0/0/0/e15b2e0c8bfffef79f0223e20f27acdb/107/31397_1/
Redirect Chain

http://termine-flohmarkt.com/cl/31397_sd/107/16516335/364/51/296881
https://termine-flohmarkt.com/cl/31397_sd/107/16516335/364/51/296881
https://onestpager.com/0/0/0/e15b2e0c8bfffef79f0223e20f27acdb/107/31397_1/51_296881_717151_sd

149 B
418 B

1150ms
660ms

Document
text/html

194.31.223.88
TNGNET

General

Check archive.org

Show headers Download Go to

Full URL: https://onestpager.com/0/0/0/e15b2e0c8bfffef79f0223e20f27acdb/107/31397_1/51_296881_717151_sd
Requested by: Host: s3.amazonaws.com
URL: https://s3.amazonaws.com/fdsgwffhgfshrqstrsgtfgsgqrgs/fdsgwffhgfshrqstrsgtfgsgqrgs.com
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 194.31.223.88 Hoofddorp, Netherlands, ASN39521 (TNGNET, NL),
Reverse DNS
Software: nginx/1.12.2 /
Resource Hash: f40bb858eb22d90a46bf5b15b88f97377413b7915958b0c40599605753f0e7b5

Request headers

Referer: https://s3.amazonaws.com/fdsgwffhgfshrqstrsgtfgsgqrgs/fdsgwffhgfshrqstrsgtfgsgqrgs.com#cl/31397_sd/107/16516335/364/51/296881
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Thu, 29 Aug 2024 18:25:45 GMT
server: nginx/1.12.2
vary: Accept-Encoding

Redirect headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8bae95db3dd95b7f-VIE
content-type: text/html; charset=UTF-8
date: Thu, 29 Aug 2024 18:25:44 GMT
location: https://onestpager.com/0/0/0/e15b2e0c8bfffef79f0223e20f27acdb/107/31397_1/51_296881_717151_sd
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a%2FbT4fUr07yeevMgvS1PUVvGbY5UDOw7Hk6%2BH%2B1y2Bm5bxZ57sVowpY2n3s1U%2FGOV0kCo1wzpQUT3kXDq%2FQNH0RccPq5Qgc6fp7hUeKjwz6wxtZyfrLidj%2BTUk0IGKkUjGLCRPo7x30%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/7.0.33

GET
H3

200

Primary Request alqet Show response
acrostics.knuckleheads.world/vdmu/mqgc/kgtt/
Redirect Chain

https://enroutespecial.website/?id=270&s1=351258&s2=1222244479&s3=7214&p=us5strsweps7a
https://acrostics.knuckleheads.world/vdmu/mqgc/kgtt/alqet?5946920d8562f32bf2825ae42a8e7292

45 KB
9 KB

470ms
426ms

Document
text/html

188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://acrostics.knuckleheads.world/vdmu/mqgc/kgtt/alqet?5946920d8562f32bf2825ae42a8e7292

Requested by

Host: onestpager.com
URL: https://onestpager.com/0/0/0/e15b2e0c8bfffef79f0223e20f27acdb/107/31397_1/51_296881_717151_sd

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99c112fdb0e7b3176ac212625cab395f334e54e1233c75990d138ab6fdb6f18d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://onestpager.com/0/0/0/e15b2e0c8bfffef79f0223e20f27acdb/107/31397_1/51_296881_717151_sd
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8bae95eb5c6b5b7e-VIE
content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 29 Aug 2024 18:25:47 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YQiUhivC9p9ArOFi%2Be52FNTRA%2Bm%2F3WJ4I4Tr9Sa8LaSc1kj0NamDvLOpQvKt%2Byh6QC9cPO4cPuU1%2BHuB%2B43vAgVSGD6vrrQU4gWBgcKxNSY6kKamQVjx8fraHjZyByzHMvaNd%2F07FV2WPLQxY1QE"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding,User-Agent
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

Redirect headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache, no-store, must-revalidate, max-age=0
cf-cache-status: DYNAMIC
cf-ray: 8bae95e77d465b83-VIE
content-type: text/html; charset=UTF-8
date: Thu, 29 Aug 2024 18:25:46 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: https://acrostics.knuckleheads.world/vdmu/mqgc/kgtt/alqet?5946920d8562f32bf2825ae42a8e7292
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BwzsTLBtGUqfhQst4oiIxYQnqZA%2FK%2BQNIn3hkuxG1eTx4guQEWQ5IrKj3WBK%2FpQQsDwhqpxzb9NCwkvG6bJfpFkgahgRwld0%2F0dqeqAoUN%2FkSw1WdB0%2FdvHBe5pGuib9cTej6qa4xMLR"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: User-Agent
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H3 200 style.css
acrostics.knuckleheads.world/master/us191/ 15 KB
4 KB 461ms
461ms Stylesheet
text/css 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://acrostics.knuckleheads.world/master/us191/style.css

Requested by

Host: acrostics.knuckleheads.world
URL: https://acrostics.knuckleheads.world/vdmu/mqgc/kgtt/alqet?5946920d8562f32bf2825ae42a8e7292

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3e2767fc3e1f1d7d7f1cc1be37b648b899523deaf8db76953718457f903c20f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://acrostics.knuckleheads.world/vdmu/mqgc/kgtt/alqet?5946920d8562f32bf2825ae42a8e7292
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 18:25:47 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 28 May 2024 14:21:19 GMT
server: cloudflare
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0Fx%2BqYZEB9nScAL%2Bl24IxXe7XvUtIjB4lHpdLslz%2BQjkKUq8RtxwqrW4B2%2FYIeDuqy134lnEQfIVQ%2FcW0NBaE%2FYRQvuKNQj3V6zC1ui%2B1hWljK4zbZe2leOY8T3BeOQ4GT8jHGuLwEEgBRmbIYW7"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
cf-ray: 8bae95ee08555b7e-VIE
expires: Thu, 05 Sep 2024 18:25:47 GMT

GET
H3 200 animate.min.css
acrostics.knuckleheads.world/master/us191/ 70 KB
6 KB 464ms
464ms Stylesheet
text/css 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://acrostics.knuckleheads.world/master/us191/animate.min.css

Requested by

Host: acrostics.knuckleheads.world
URL: https://acrostics.knuckleheads.world/vdmu/mqgc/kgtt/alqet?5946920d8562f32bf2825ae42a8e7292

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fbaeb9f8e25d7e0143bae61d4b1802c16ce7390b96ceb2d498b0d96ff4c853f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://acrostics.knuckleheads.world/vdmu/mqgc/kgtt/alqet?5946920d8562f32bf2825ae42a8e7292
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 18:25:47 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 28 May 2024 14:21:19 GMT
server: cloudflare
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rUxdLcK8jdjaGCpYbrA0qQMDrt1iZc%2FBJfkae8hbIrnaepbia6ebG9uM3NNLikxcDPoXmLn6oKEYX3S7gZYpNEuj%2BeawUd1kSg20D2btwAxYJS4dO%2Bv5%2FGZLLCwV6kDd1EXhlai2cOShHYYn4vli"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
cf-ray: 8bae95ee08565b7e-VIE
expires: Thu, 05 Sep 2024 18:25:47 GMT

GET
H2 200 all.js Show response
use.fontawesome.com/releases/v5.15.4/js/ 1 MB
426 KB 269ms
223ms Script
application/javascript 172.67.142.245
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.15.4/js/all.js
Requested by: Host: acrostics.knuckleheads.world
URL: https://acrostics.knuckleheads.world/vdmu/mqgc/kgtt/alqet?5946920d8562f32bf2825ae42a8e7292
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.142.245 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 812ab0e46f86b2ce98ab2425ab2224b90d0845952a1ac0d5abd734b6217e98bf

Request headers

Referer: https://acrostics.knuckleheads.world/
Origin: https://acrostics.knuckleheads.world
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 18:25:47 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 22 Sep 2023 01:45:24 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"5e29440867fdb02a48dffded02338c31"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CAEluHCA%2BnPuUFpaRkxv3mT2Xq7FXjALOEfrf4A8rLXwOKyP8F0a%2F0AqXoxCtx3tPBpHZ%2FgHTR%2BcBh%2B2RiHhejl%2FX1Xp7b%2FWxP%2Bh0KRNmzwnwE5bGf3fSWOi8ijS1EbIFaN9QSsq"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31556926
cf-ray: 8bae95f138d35a4d-VIE
alt-svc: h3=":443"; ma=86400

GET
H3 200 datehead.js Show response
acrostics.knuckleheads.world/master/us191/ 2 KB
1 KB 459ms
459ms Script
application/javascript 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://acrostics.knuckleheads.world/master/us191/datehead.js

Requested by

Host: acrostics.knuckleheads.world
URL: https://acrostics.knuckleheads.world/vdmu/mqgc/kgtt/alqet?5946920d8562f32bf2825ae42a8e7292

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a45cef5e46aa1a339428e2ad060b97029c6e4470bff8b15d6a04c1d614d7b791

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://acrostics.knuckleheads.world/vdmu/mqgc/kgtt/alqet?5946920d8562f32bf2825ae42a8e7292
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 18:25:47 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 28 May 2024 14:21:19 GMT
server: cloudflare
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5kOusnwbqlrm0zBSD1rVjfu8zdf%2Fm8%2BMbljiPOZEZF0d9qyhvoGWTVrwnAkiSzhnB1ci8t994wCQU94ZzNcPTt4ie0gACT7yZh8N%2Fkqs2mDEYXKLRp%2FCKfI5%2BmHq7V04C2AiMukbjfqhjHJQEMfd"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
cf-ray: 8bae95ee08575b7e-VIE
expires: Thu, 05 Sep 2024 18:25:47 GMT

GET
H3 200 msg.js Show response
acrostics.knuckleheads.world/inc/ 943 B
921 B 462ms
462ms Script
application/javascript 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://acrostics.knuckleheads.world/inc/msg.js?2c0aaab448a064174f308a90c85ba52d

Requested by

Host: acrostics.knuckleheads.world
URL: https://acrostics.knuckleheads.world/vdmu/mqgc/kgtt/alqet?5946920d8562f32bf2825ae42a8e7292

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

19f7dd15af70121da291e6df75452886b47a5d0e074f2ed422be30e8ec5d9671

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://acrostics.knuckleheads.world/vdmu/mqgc/kgtt/alqet?5946920d8562f32bf2825ae42a8e7292
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 18:25:47 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 21 Jun 2024 16:01:34 GMT
server: cloudflare
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L%2Fp17IjdUHkpxKcuCCaiwRqD2pdg%2FYeEuQg6WzHKz1IPQ%2BrYC2iuEc%2BdUls2vbPSq9NPORt8h9fvQvYWFRVFgnjgDgzCTd6bwYV1C76JuCODFRrpDsX8IlnlK%2FxnPMpHv5tB3rNXMvBevmr0%2B%2BVw"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
cf-ray: 8bae95ee085b5b7e-VIE
expires: Thu, 05 Sep 2024 18:25:47 GMT

GET
H3 200 script.js Show response
acrostics.knuckleheads.world/master/us191/ 11 KB
3 KB 454ms
453ms Script
application/javascript 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://acrostics.knuckleheads.world/master/us191/script.js

Requested by

Host: acrostics.knuckleheads.world
URL: https://acrostics.knuckleheads.world/vdmu/mqgc/kgtt/alqet?5946920d8562f32bf2825ae42a8e7292

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

72e915d8d9710930c81a7fdd6c50d8047b97f76c70a729bd18dfe7dce5e93280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://acrostics.knuckleheads.world/vdmu/mqgc/kgtt/alqet?5946920d8562f32bf2825ae42a8e7292
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 18:25:47 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 28 May 2024 14:21:19 GMT
server: cloudflare
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Kvnj6i3nti0k2pFrEqiaAwmCaZ5uLCbWChHcLX%2FAnOJpARMzc7Q%2Fb3uoxrangzDO2IKNfb9fMIetoavDk9vOHOHLbES1AkiKtCU%2B9qVHwNPH12FnGO7r8xAYO3z6GIwF8LHx3sgZ76SF38GR3Tfn"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
cf-ray: 8bae95ee085c5b7e-VIE
expires: Thu, 05 Sep 2024 18:25:47 GMT

GET
H3 200 v9e118mez8 Show response
trk-elevostra.com/scripts/push/ 8 KB
3 KB 68ms
32ms Script
application/javascript 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://trk-elevostra.com/scripts/push/v9e118mez8

Requested by

Host: acrostics.knuckleheads.world
URL: https://acrostics.knuckleheads.world/inc/msg.js?2c0aaab448a064174f308a90c85ba52d

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0023a8f8391b10006ee27598323de8d0e3d019755e8f7a16e88464b1aef00b39

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://acrostics.knuckleheads.world/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 18:25:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4673
alt-svc: h3=":443"; ma=86400
content-length: 2519
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 29 Aug 2024 17:07:54 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: application/javascript;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y3Seeow%2BbNGYXGi4S2i2kdWStKoz8v3MC2MG0wevSDQwy1M6M1o%2FygCvMe0Oxr7A%2FTDLx3nhrDkWNQcWhBuRdNvUsy%2B7g2a2vWliL7kp%2B2%2B7NwUZwgeQQunLhcAihU6vhwwwRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400, must-revalidate
permissions-policy: camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
accept-ranges: bytes
cf-ray: 8bae95f13b4e5bae-VIE
expires: 0

GET
H3 200 bg.jpg
acrostics.knuckleheads.world/master/us191/ 80 KB
80 KB 687ms
686ms Image
image/jpeg 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://acrostics.knuckleheads.world/master/us191/bg.jpg

Requested by

Host: acrostics.knuckleheads.world
URL: https://acrostics.knuckleheads.world/master/us191/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ce4adfce68d03582e988696235de9924396dc3c585aa7f29c00c8c11d1c2e7fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://acrostics.knuckleheads.world/master/us191/style.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 18:25:48 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 81626
x-xss-protection: 1; mode=block
last-modified: Tue, 28 May 2024 14:21:19 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent, Accept-Encoding
content-type: image/jpeg
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rEE3u0mc7JW1JMVA0ZMRAssyhaCX%2FNltl3AqHNU5FOQe5ONDFH015%2BOtCPBq1aUqWLsq%2BZDMIEyok5r7Mf1eg%2FnEgaKH07QIupgi9qVNWF4Z48ejxWKrb1WELjHLT0WmTwS8OldzypGQin%2FmdLRJ"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 8bae95f10c2c5b7e-VIE
expires: Thu, 05 Sep 2024 18:25:48 GMT

GET
H3 200 logo.png
acrostics.knuckleheads.world/master/us191/ 17 KB
18 KB 572ms
571ms Image
image/png 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://acrostics.knuckleheads.world/master/us191/logo.png

Requested by

Host: acrostics.knuckleheads.world
URL: https://acrostics.knuckleheads.world/vdmu/mqgc/kgtt/alqet?5946920d8562f32bf2825ae42a8e7292

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

42e62350fb32fd41af399fb846eca09d2dcaa701294f969fd00fdfaa0fc4e48a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://acrostics.knuckleheads.world/vdmu/mqgc/kgtt/alqet?5946920d8562f32bf2825ae42a8e7292
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 18:25:48 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 17892
x-xss-protection: 1; mode=block
last-modified: Tue, 28 May 2024 14:21:19 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent, Accept-Encoding
content-type: image/png
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oVKIrTDuoTcAVLzSYqh0MkRjB9QTlQuHN%2FCQjjgxJ5EEcHdym%2BLvT5XuPWDYsUmvWeTL1vOm%2FLyYEPXMM3iAf8N3Zl2Igi1XwrnNPgURwpHrMDcMbL9xCFcFAG0O7NNsp7iT8b%2FAjOH0PYdkm6hh"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 8bae95f35f615b7e-VIE
expires: Thu, 05 Sep 2024 18:25:48 GMT

GET
H3 200 flaglogo.png
acrostics.knuckleheads.world/master/us191/ 2 KB
2 KB 450ms
449ms Image
image/png 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://acrostics.knuckleheads.world/master/us191/flaglogo.png

Requested by

Host: acrostics.knuckleheads.world
URL: https://acrostics.knuckleheads.world/vdmu/mqgc/kgtt/alqet?5946920d8562f32bf2825ae42a8e7292

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d0153c9609014ff58bf803baebf5e7f076d732144b902a574173d40c02d5b2d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://acrostics.knuckleheads.world/vdmu/mqgc/kgtt/alqet?5946920d8562f32bf2825ae42a8e7292
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 18:25:48 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 1599
x-xss-protection: 1; mode=block
last-modified: Tue, 28 May 2024 14:21:19 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent, Accept-Encoding
content-type: image/png
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KU4pHxX6NL7WomtcKvzAdIS6Z76j9Tt0WxDfTEEexc1rJDkLrWICBFC50QZIXGpl1NaoIQEdjeIo%2BBr1Zf4wePAWvBI6gJgUk9OgG%2Bz8MeW69Oe7k6%2FJvtE%2ByItklMhS%2BEPxrIDKFRyWnuQAtT3n"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 8bae95f35f625b7e-VIE
expires: Thu, 05 Sep 2024 18:25:48 GMT

GET
H3 200 product.png
acrostics.knuckleheads.world/master/us191/ 89 KB
90 KB 719ms
718ms Image
image/png 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://acrostics.knuckleheads.world/master/us191/product.png

Requested by

Host: acrostics.knuckleheads.world
URL: https://acrostics.knuckleheads.world/vdmu/mqgc/kgtt/alqet?5946920d8562f32bf2825ae42a8e7292

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

919d28e776ae8c0f93191abd7022076852fd46aeb3d59fecf0919e64e0ec7729

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://acrostics.knuckleheads.world/vdmu/mqgc/kgtt/alqet?5946920d8562f32bf2825ae42a8e7292
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 18:25:48 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 91512
x-xss-protection: 1; mode=block
last-modified: Tue, 28 May 2024 14:21:19 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent, Accept-Encoding
content-type: image/png
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uWm7xPg%2Fr5cXIymdfKe7OeHLCH%2FCytE3kfeqoXBpVnXJLwegYZvVpqT8YHLF8IplusadgMc1AG8uEslW7YzIYrQnr1j9qdRy0%2FrTxxeENQtecgcUwFjN9Q9QVYCLpDeEv5QJDdQ4r5KlEJ6CwVm2"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 8bae95f35f645b7e-VIE
expires: Thu, 05 Sep 2024 18:25:48 GMT

GET
H3 200 f_guarantee.png
acrostics.knuckleheads.world/master/us191/ 6 KB
7 KB 452ms
452ms Image
image/png 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://acrostics.knuckleheads.world/master/us191/f_guarantee.png

Requested by

Host: acrostics.knuckleheads.world
URL: https://acrostics.knuckleheads.world/vdmu/mqgc/kgtt/alqet?5946920d8562f32bf2825ae42a8e7292

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bf97443d681d2bc0ca04b707d0d3d443bcf99b1bf4fc0af84ac51286d0b4e02b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://acrostics.knuckleheads.world/vdmu/mqgc/kgtt/alqet?5946920d8562f32bf2825ae42a8e7292
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 18:25:48 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 6352
x-xss-protection: 1; mode=block
last-modified: Tue, 28 May 2024 14:21:19 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent, Accept-Encoding
content-type: image/png
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ci8j%2Fo5c98RrBgRiDFT%2FRG%2F0jW5fDoeN%2FUpQ1mqF3DOQAxlKiPFXFHcZLwvUGUDIKYqZCAX4R8nJAftx9phoNsZhh4yNBYhZfxq0jGYxZUrWmn2O7h2BxQS531rB7ZMH03y7XoyzErczv0QeVg2%2B"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 8bae95f35f655b7e-VIE
expires: Thu, 05 Sep 2024 18:25:48 GMT

GET
H3 200 f_secure_1.png
acrostics.knuckleheads.world/master/us191/ 10 KB
10 KB 525ms
524ms Image
image/png 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://acrostics.knuckleheads.world/master/us191/f_secure_1.png

Requested by

Host: acrostics.knuckleheads.world
URL: https://acrostics.knuckleheads.world/vdmu/mqgc/kgtt/alqet?5946920d8562f32bf2825ae42a8e7292

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c6c896e27ff1f1d6cb22ce652dcca916946ce9f003bcb4fe30d1265fcb531a95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://acrostics.knuckleheads.world/vdmu/mqgc/kgtt/alqet?5946920d8562f32bf2825ae42a8e7292
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 18:25:48 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 9862
x-xss-protection: 1; mode=block
last-modified: Tue, 28 May 2024 14:21:19 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent, Accept-Encoding
content-type: image/png
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zuq78F7o7KGf9b%2FksP5ZNoXtnd%2BBSJydjlNcjM44su%2F5kTBhEwK%2FpPr%2FyYLYqwxQyFvuowGJjSjDyrokwpzPsCPbpkKRGMpCghBbc1LsasDGZXU39FvprcI%2B6PBa8%2BBUYvoiHwsyy5t8UVpCgugl"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 8bae95f35f665b7e-VIE
expires: Thu, 05 Sep 2024 18:25:48 GMT

POST
H3 200 v9e118mez8
event.trk-elevostra.com/register/event_log/ 0
0 129ms
128ms Fetch 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://event.trk-elevostra.com/register/event_log/v9e118mez8

Requested by

Host: trk-elevostra.com
URL: https://trk-elevostra.com/scripts/push/v9e118mez8

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://acrostics.knuckleheads.world/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-type: application/json

Response headers

x-pushplatformapp-params
date: Thu, 29 Aug 2024 18:25:48 GMT
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-pushplatformapp-alert: pushPlatformApp.pushSubscription.deleted
alt-svc: h3=":443"; ma=86400
content-length: 0
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: SAMEORIGIN
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nQmXsDvjkEuOIUhq2dXLQCzAQFdMKBnZ%2F6RMD5TTNAzQNj8gjbLNcdtY5BMNfJ%2BQD8xdlO0woOGSn4eOyA6gxB%2FkMnWHQe4xYFQi52XxmNEGAK3LOhnsXPe5qLPdnJHREKYgitM97bUIWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
access-control-expose-headers: Authorization, Link, X-Total-Count, X-pushPlatformApp-alert, X-pushPlatformApp-error, X-pushPlatformApp-params
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
cf-ray: 8bae95f81cf1c31a-VIE
expires: 0

OPTIONS
H3 200 v9e118mez8
event.trk-elevostra.com/register/event_log/ 0
0 473ms
434ms Preflight 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://event.trk-elevostra.com/register/event_log/v9e118mez8

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://acrostics.knuckleheads.world
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-expose-headers: Authorization, Link, X-Total-Count, X-pushPlatformApp-alert, X-pushPlatformApp-error, X-pushPlatformApp-params
access-control-max-age: 1800
alt-svc: h3=":443"; ma=86400
cache-control: no-cache, no-store, max-age=0, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8bae95f56938c31a-VIE
content-length: 0
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
date: Thu, 29 Aug 2024 18:25:48 GMT
expires: 0
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
permissions-policy: camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8647o%2BUau1WrlDmh%2F5TKLyeKAuDWd9XYACfvlYX7lMKtl0isLSax342meVXbLv1U9sC2K0YQEsBX8knduNJxR4P4rv7WoUhb%2F%2BK6JqPvHcH6FDOF7qZQ3FjJI1hU65n0jNzUIGJ%2BPTlO9w%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H3 200 favicon.ico
acrostics.knuckleheads.world/ 0
503 B 453ms
453ms Other
image/x-icon 188.114.96.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://acrostics.knuckleheads.world/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://acrostics.knuckleheads.world/vdmu/mqgc/kgtt/alqet?5946920d8562f32bf2825ae42a8e7292
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 18:25:49 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 0
x-xss-protection: 1; mode=block
last-modified: Tue, 11 Jun 2024 20:46:17 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent, Accept-Encoding
content-type: image/x-icon
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=drf%2BUPUpY4iL0WiEA456W4ili27M4sbOOZjARIbE6EU3OjUc%2BzuXBy7aNRNnlJpNP9GPfwKHyQQxroNV9T2YNvE1egEQySTahqfBFfav8fZ2nn3bhMldhvDwBPHaBw68NVJuxbcKrlpMj208NlEp"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 8bae95f80d225b7e-VIE
expires: Thu, 05 Sep 2024 18:25:49 GMT

POST
H3 200 v9e118mez8
event.trk-elevostra.com/register/event_log/ 0
0 129ms
128ms Fetch 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://event.trk-elevostra.com/register/event_log/v9e118mez8

Requested by

Host: trk-elevostra.com
URL: https://trk-elevostra.com/scripts/push/v9e118mez8

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://acrostics.knuckleheads.world/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-type: application/json

Response headers

x-pushplatformapp-params
date: Thu, 29 Aug 2024 18:25:50 GMT
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-pushplatformapp-alert: pushPlatformApp.pushSubscription.deleted
alt-svc: h3=":443"; ma=86400
content-length: 0
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: SAMEORIGIN
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oTcZYDVYs7ZxuEAiWzcB1O2B%2BD1aQC9DuCcHfyeT7FZLSTxGz9IyD%2BJMxvyFHAAa6gS5iQwMLQpTCMh%2B4AZSgIHRN0RtwIAzYW%2BBrNVXUPtoevlfVS4d5Brpv0N06EQJAI%2BsIK9FmwYWcA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
access-control-expose-headers: Authorization, Link, X-Total-Count, X-pushPlatformApp-alert, X-pushPlatformApp-error, X-pushPlatformApp-params
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
cf-ray: 8bae96014ea0c31a-VIE
expires: 0

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Scam (Online)

39 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
onestpager.com/	1970-01-20 23:52:27	Name: uid7214 Value: 1222244479-20240829142545-51cd74691425c8c2de45052cead6d772-4475
enroutespecial.website/	1969-12-31 23:59:59	Name: PHPSESSID Value: bf37abba40902855bf305550d135f448
acrostics.knuckleheads.world/	1969-12-31 23:59:59	Name: PHPSESSID Value: d5f33dbc4d791f4fea256d83d11d8643

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	error	URL: https://acrostics.knuckleheads.world/vdmu/mqgc/kgtt/alqet?5946920d8562f32bf2825ae42a8e7292 Message: Chrome currently does not support the Push API in incognito mode (https://crbug.com/401439). There is deliberately no way to feature-detect this, since incognito mode needs to be undetectable by websites.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

acrostics.knuckleheads.world
enroutespecial.website
event.trk-elevostra.com
onestpager.com
s3.amazonaws.com
shorturl.at
termine-flohmarkt.com
trk-elevostra.com
use.fontawesome.com
www.shorturl.at
104.21.3.187
104.21.91.30
104.26.9.129
172.67.142.245
188.114.96.3
188.114.97.3
194.31.223.88
52.217.44.62
0023a8f8391b10006ee27598323de8d0e3d019755e8f7a16e88464b1aef00b39
19f7dd15af70121da291e6df75452886b47a5d0e074f2ed422be30e8ec5d9671
3e2767fc3e1f1d7d7f1cc1be37b648b899523deaf8db76953718457f903c20f5
42e62350fb32fd41af399fb846eca09d2dcaa701294f969fd00fdfaa0fc4e48a
5fbaeb9f8e25d7e0143bae61d4b1802c16ce7390b96ceb2d498b0d96ff4c853f
72e915d8d9710930c81a7fdd6c50d8047b97f76c70a729bd18dfe7dce5e93280
812ab0e46f86b2ce98ab2425ab2224b90d0845952a1ac0d5abd734b6217e98bf
919d28e776ae8c0f93191abd7022076852fd46aeb3d59fecf0919e64e0ec7729
99c112fdb0e7b3176ac212625cab395f334e54e1233c75990d138ab6fdb6f18d
a45cef5e46aa1a339428e2ad060b97029c6e4470bff8b15d6a04c1d614d7b791
bf97443d681d2bc0ca04b707d0d3d443bcf99b1bf4fc0af84ac51286d0b4e02b
c6c896e27ff1f1d6cb22ce652dcca916946ce9f003bcb4fe30d1265fcb531a95
ce4adfce68d03582e988696235de9924396dc3c585aa7f29c00c8c11d1c2e7fb
d0153c9609014ff58bf803baebf5e7f076d732144b902a574173d40c02d5b2d7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f40bb858eb22d90a46bf5b15b88f97377413b7915958b0c40599605753f0e7b5

acrostics.knuckleheads.world Open in urlscan Pro 188.114.96.3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

20 Requests

100 %HTTPS

0 %IPv6

8 Domains

10 Subdomains

5 IPs

3 Countries

661 kBTransfer

1525 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

39 JavaScript Global Variables

3 Cookies

1 Console Messages

Indicators

acrostics.knuckleheads.world Open in urlscan Pro
188.114.96.3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

100 %
HTTPS

0 %
IPv6

8
Domains

10
Subdomains

5
IPs

3
Countries

661 kB
Transfer

1525 kB
Size

3
Cookies

20 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!