xelowings.cc Open in urlscan Pro
2a06:98c1:3120::3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.linkedin.com/slink?code=eHWN8uJu#c1218IBZyY45170svcI155682rco1781PaBe63
Effective URL:
https://xelowings.cc/?s1=351392&s2=1029335920&s3=1782&s4=1710&ow=&s10=739
Submission: On July 28 via api (July 28th 2023, 6:22:23 am UTC) from BE — Scanned from DE

Summary HTTP 43 Redirects Behaviour Indicators

Summary

This website contacted 8 IPs in 3 countries across 9 domains to perform 43 HTTP transactions. The main IP is 2a06:98c1:3120::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is xelowings.cc.
TLS certificate: Issued by GTS CA 1P5 on July 27th 2023. Valid for: 3 months.

This is the only time xelowings.cc was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Customer Survey Spam (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a00:1450:400... 2a00:1450:4001:829::2010	15169 (GOOGLE) (GOOGLE)
1 2	162.216.240.72 162.216.240.72	398043 (DYNU) (DYNU)
1	45.12.254.227 45.12.254.227	25369 (BANDWIDTH-AS) (BANDWIDTH-AS)
35	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:808::2008	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
43	8

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2010 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

storage.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.216.240.72 (United States) 1 redirects

ASN398043 (DYNU, US)
PTR: skdevelopers.info

skdevelopers.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 45.12.254.227 (Bulgaria)

ASN25369 (BANDWIDTH-AS, GB)

tillersponge.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

35 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

xelowings.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
trk-essursta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
event.trk-essursta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
30	xelowings.cc xelowings.cc	462 KB
5	trk-essursta.com trk-essursta.com — Cisco Umbrella Rank: 308485 event.trk-essursta.com — Cisco Umbrella Rank: 329275	3 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 72	125 KB
2	skdevelopers.info 1 redirects skdevelopers.info	585 B
2	googleapis.com storage.googleapis.com — Cisco Umbrella Rank: 454 fonts.googleapis.com — Cisco Umbrella Rank: 76	2 KB
1	gstatic.com fonts.gstatic.com	20 KB
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 1851	252 B
1	tillersponge.com tillersponge.com	430 B
1	linkedin.com 1 redirects www.linkedin.com — Cisco Umbrella Rank: 565	3 KB
43	9

	Domain	Requested by
30	xelowings.cc	tillersponge.com xelowings.cc
4	event.trk-essursta.com	trk-essursta.com
2	www.googletagmanager.com	storage.googleapis.com www.googletagmanager.com
2	skdevelopers.info	1 redirects storage.googleapis.com
1	fonts.gstatic.com	fonts.googleapis.com
1	trk-essursta.com	xelowings.cc
1	fonts.googleapis.com	xelowings.cc
1	region1.google-analytics.com	www.googletagmanager.com
1	tillersponge.com	skdevelopers.info
1	storage.googleapis.com
1	www.linkedin.com	1 redirects
43	11

This site contains no links.

Subject Issuer	Validity	Valid
storage.googleapis.com GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh
tillersponge.com R3	`2023-07-07` - `2023-10-05`	3 months	crt.sh
xelowings.cc GTS CA 1P5	`2023-07-27` - `2023-10-25`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh
trk-essursta.com GTS CA 1P5	`2023-06-23` - `2023-09-21`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-07-10` - `2023-10-02`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://xelowings.cc/?s1=351392&s2=1029335920&s3=1782&s4=1710&ow=&s10=739
Frame ID: 7F57856C599A129972AC6B741E998358
Requests: 41 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

[1] Prämie ausstehend - Online Survey - Wir wollen Ihre Meinung!

Page URL History Show full URLs

https://www.linkedin.com/slink?code=eHWN8uJu HTTP 301
https://storage.googleapis.com/sdgdhf874fg5jnv4n/dzzzzas.html Page URL
http://skdevelopers.info/rd/c1218IBZyY45170svcI155682rco1781PaBe63 Page URL
http://skdevelopers.info/track/c1218IBZyY45170svcI155682rco1781PaBe63 HTTP 302
https://tillersponge.com/0/0/0/281d856f80a2bbdb730a16d77f203ac3/999/63-1218/45170-155682-1781 Page URL
https://xelowings.cc/?s1=351392&s2=1029335920&s3=1782&s4=1710&ow=&s10=739 Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

43
Requests

98 %
HTTPS

78 %
IPv6

9
Domains

11
Subdomains

8
IPs

3
Countries

613 kB
Transfer

1475 kB
Size

8
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.linkedin.com/slink?code=eHWN8uJu HTTP 301
https://storage.googleapis.com/sdgdhf874fg5jnv4n/dzzzzas.html Page URL
http://skdevelopers.info/rd/c1218IBZyY45170svcI155682rco1781PaBe63 Page URL
http://skdevelopers.info/track/c1218IBZyY45170svcI155682rco1781PaBe63 HTTP 302
https://tillersponge.com/0/0/0/281d856f80a2bbdb730a16d77f203ac3/999/63-1218/45170-155682-1781 Page URL
https://xelowings.cc/?s1=351392&s2=1029335920&s3=1782&s4=1710&ow=&s10=739 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://www.linkedin.com/slink?code=eHWN8uJu HTTP 301
https://storage.googleapis.com/sdgdhf874fg5jnv4n/dzzzzas.html

Request Chain 2

http://skdevelopers.info/track/c1218IBZyY45170svcI155682rco1781PaBe63 HTTP 302
https://tillersponge.com/0/0/0/281d856f80a2bbdb730a16d77f203ac3/999/63-1218/45170-155682-1781

43 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

dzzzzas.html
storage.googleapis.com/sdgdhf874fg5jnv4n/
Redirect Chain

https://www.linkedin.com/slink?code=eHWN8uJu
https://storage.googleapis.com/sdgdhf874fg5jnv4n/dzzzzas.html

159 B
645 B

189ms
165ms

Document
text/html

2a00:1450:4001:829::2010
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://storage.googleapis.com/sdgdhf874fg5jnv4n/dzzzzas.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:829::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-length: 159
content-type: text/html
date: Fri, 28 Jul 2023 06:22:16 GMT
etag: "6f98eacc32d00a4dea75cfab116f5af6"
expires: Fri, 28 Jul 2023 07:22:16 GMT
last-modified: Tue, 25 Jul 2023 23:29:14 GMT
server: UploadServer
x-goog-generation: 1690327754753295
x-goog-hash: crc32c=QJREOg== md5=b5jqzDLQCk3qdc+rEW9a9g==
x-goog-metageneration: 1
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 159
x-guploader-uploadid: ADPycdt5054tk8846dgPoRVaJC2Tg9lsnk8pwv8RmSrfuQmv2niTGo8fQ3RQnK3zmOIOcQNqfEW_H7j79Or5YIIxgZvI2LUEPgX4

Redirect headers

cache-control: no-cache, no-store
content-encoding: gzip
content-security-policy: default-src 'none'; connect-src 'self' *.licdn.com *.linkedin.com cdn.linkedin.oribi.io dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/ linkedin.sc.omtrdc.net/b/ss/ *.microsoft.com *.adnxs.com; script-src 'report-sample' 'sha256-SSoodjUD3LGm2FfFCVHGqEb8D4UM3OOigidT2UKDcYg=' 'sha256-cKTgdnmO6+hXd85a9wKg1effVfVzenUAtUCyOKY9bQE=' 'sha256-DwtT8+ZZKpxH9pqZNAmJ3GdbLAh5SsYaXR3omTXPCns=' 'sha256-sV9jZa797T0QWBzcU/CNd4tpBhTnh+TFdLnfjlitl28=' 'sha256-aa/Q8CRBDSqTQbCIyioPhZaz+G+dbPyu7BzsjInEmiU=' 'sha256-THuVhwbXPeTR0HszASqMOnIyxqEgvGyBwSPBKBF/iMc=' 'sha256-zTIusdVJJeXz9+iox2a+pdDglzbpRpFVRzEwvW4AONk=' 'sha256-iC8MPqNLw0FDnsBf4DlSkFLNTwhkI85aouiAEB819ic=' 'sha256-2EqrEvcPzl8c6/TSGVvaVMEe7lg700MAz/te4/3kTYY=' 'sha256-y5uW69VItKj51mcc7UD9qfptDVUqicZL+bItEpvVNDw=' 'sha256-DatsFGoJ8gFkzzxo47Ou76WZ+3QBPOQHtBu9p9b3DhA=' 'sha256-k95cyM8gFgPziZe5VQ2IvJvBUVyd5zFt2CokIUwqdHE=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' 'sha256-3RIGhhApBii1KY+aW1xk7kFyoQY8vSVE5DfT7E9SJUc=' 'sha256-9pXOIwF4N0gPltLd3AI69lkCjSC2H/Eb3sc5zdmUyYU=' 'sha256-jou6v/Nleyzoc+LXktAv1Fp8M807dVVxy7E/yzVljHc=' 'sha256-6E4e/3dSvj/8JZT2S2yR91mspqM6MyOpKl5lrhHsZa8=' 'sha256-3woF8BZ54TeXM+czaH3aXoaJsVpiamuAKFsXDykAR/Q=' 'sha256-vIfNcKb8ixJg1cfJIoNNYjWcm0lezj1/XpUNFiZyVsU=' 'sha256-cLsHUHFgT/VGX04cZrJ9xgm4HbzTR7ptutkxK+7BlMk=' 'sha256-BwU8jMnQYUhjOpsDVABpfddV/DlP1ZYrFcTumYw7x54=' 'sha256-wz6ika9i3WU3bpUPdhYDZeO/NrDQniDyiscN0LWnyaY=' 'sha256-wy4DvlEW9PHPIGvQJW6Wv4woBSa/0LJHs8LHsBVVXCs=' 'sha256-065A0cJTDQ+hyKvufSL/flW02hIbgLndOINLRWux6To=' 'sha256-Ga5SLB8hPdWUE8Wb6LgZ05D9Z5vrdLAaPbDBW2m3BI8=' snap.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; img-src data: blob: * android-webview-video-poster:; font-src data: *; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; media-src 'self' *.licdn.com *.lynda.com; worker-src 'self' blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; frame-src 'self' www.youtube.com/embed/ www.youtube-nocookie.com/embed/ lnkd.demdex.net smartlock.google.com accounts.google.com player.vimeo.com *.linkedin.com www.slideshare.net *.megaphone.fm *.omny.fm *.sounder.fm msit.powerbi.com app.powerbi.com linkedin.github.io *.licdn.com *.adnxs.com acdn.adnxs-simple.com radar.cedexis.com; frame-ancestors 'self' *.www.linkedin.com:*; manifest-src 'self'; report-uri https://www.linkedin.com/security/csp?f=default
date: Fri, 28 Jul 2023 06:22:15 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://storage.googleapis.com/sdgdhf874fg5jnv4n/dzzzzas.html
pragma: no-cache
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
x-content-type-options: nosniff
x-frame-options: sameorigin
x-li-fabric: prod-lor1
x-li-pop: afd-prod-lor1-x
x-li-proto: http/2
x-li-uuid: AAYBhhojQIH4HOAE8zDuvA==
x-msedge-ref: Ref A: 4663EC0055794F8B88057AE38528B3D6 Ref B: FRAEDGE1316 Ref C: 2023-07-28T06:22:15Z

GET
H/1.1 200
OK c1218IBZyY45170svcI155682rco1781PaBe63
skdevelopers.info/rd/ 243 B
360 B 337ms
152ms Document
text/html 162.216.240.72
DYNU

General

Check archive.org

Show headers Download Go to

Full URL: http://skdevelopers.info/rd/c1218IBZyY45170svcI155682rco1781PaBe63
Requested by: Host: storage.googleapis.com
URL: https://storage.googleapis.com/sdgdhf874fg5jnv4n/dzzzzas.html
Protocol: HTTP/1.1
Server: 162.216.240.72 , United States, ASN398043 (DYNU, US),
Reverse DNS: skdevelopers.info
Software: /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Content-Length: 243
Content-Type: text/html; charset=utf-8
Date: Fri, 28 Jul 2023 06:22:16 GMT

GET
H/1.1

200
OK

45170-155682-1781
tillersponge.com/0/0/0/281d856f80a2bbdb730a16d77f203ac3/999/63-1218/
Redirect Chain

http://skdevelopers.info/track/c1218IBZyY45170svcI155682rco1781PaBe63
https://tillersponge.com/0/0/0/281d856f80a2bbdb730a16d77f203ac3/999/63-1218/45170-155682-1781

136 B
430 B

1102ms
480ms

Document
text/html

45.12.254.227
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tillersponge.com/0/0/0/281d856f80a2bbdb730a16d77f203ac3/999/63-1218/45170-155682-1781
Requested by: Host: skdevelopers.info
URL: http://skdevelopers.info/rd/c1218IBZyY45170svcI155682rco1781PaBe63
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 45.12.254.227 , Bulgaria, ASN25369 (BANDWIDTH-AS, GB),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Referer: http://skdevelopers.info/rd/c1218IBZyY45170svcI155682rco1781PaBe63
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 136
content-type: text/html; charset=UTF-8
date: Fri, 28 Jul 2023 06:22:18 GMT
server: Apache

Redirect headers

Content-Length: 116
Content-Type: text/html; charset=utf-8
Date: Fri, 28 Jul 2023 06:22:17 GMT
Location: https://tillersponge.com/0/0/0/281d856f80a2bbdb730a16d77f203ac3/999/63-1218/45170-155682-1781

GET
H2 200 Primary Request / Show response
xelowings.cc/ 2 KB
1 KB 551ms
511ms Document
text/html 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://xelowings.cc/?s1=351392&s2=1029335920&s3=1782&s4=1710&ow=&s10=739

Requested by

Host: tillersponge.com
URL: https://tillersponge.com/0/0/0/281d856f80a2bbdb730a16d77f203ac3/999/63-1218/45170-155682-1781

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1c43d59e530b35418bfa325cc462aa2b4b066a10f0da8913b55fd5dd52deab4e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://tillersponge.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7edb06e6f8b4bb71-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Fri, 28 Jul 2023 06:22:19 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qvnm6juwYz9JHbSCm6ktCoqYNON3Cog5n1hNPg0RBq3PFLvNICPTF90WQniLQqk5i3cZuGYFWyuAuhseC5VIPKwGE3ZsTj6WiO9gEzZ%2FxqIh5owSp0MIy5xgHrxR%2F20hu1zINJyCkpKLBiY%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding,User-Agent,User-Agent
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H2 200 b40f39a8824980ac2c2deea269e8c786 Show response
xelowings.cc/ 323 KB
44 KB 574ms
573ms XHR
text/html 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://xelowings.cc/b40f39a8824980ac2c2deea269e8c786?_ax=w

Requested by

Host: xelowings.cc
URL: https://xelowings.cc/?s1=351392&s2=1029335920&s3=1782&s4=1710&ow=&s10=739

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

89670f4b17a43129f0e8ab767d674abe69d10d784f51658338e3b160c83bb22a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xelowings.cc/b40f39a8824980ac2c2deea269e8c786
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 06:22:19 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
server: cloudflare
vary: Accept-Encoding,User-Agent,User-Agent
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LMnMpYNomNvbUMiwB7%2FlIuAnJCvaAI5uGaGsogvtkMLV3pHQHhzeNme7YP3cwCUEJAghnMoyoMh1bgCiQwP1taGhuo0QeitImXNfRbFgI3t0BGNMK1Ka9gJ32uMTKolCD1GsWwhQzyAsddE%3D"}],"group":"cf-nel","max_age":604800}
cache-control: no-store, no-cache, must-revalidate
cf-ray: 7edb06ea3c66bb71-FRA
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H3 200 bootstrap.min.css
xelowings.cc/assets/js/vendor/bootstrap/css/ 141 KB
22 KB 24ms
24ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://xelowings.cc/assets/js/vendor/bootstrap/css/bootstrap.min.css

Requested by

Host: xelowings.cc
URL: https://xelowings.cc/?s1=351392&s2=1029335920&s3=1782&s4=1710&ow=&s10=739

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xelowings.cc/b40f39a8824980ac2c2deea269e8c786
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 06:22:19 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 15119
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 23 Mar 2021 22:52:06 GMT
server: cloudflare
vary: Accept-Encoding,User-Agent,User-Agent
x-frame-options: SAMEORIGIN
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OjOMDf5%2BMfeKoXa1EOyDlZeYJelsTPIWHbkNGqlo4Gcb%2BuJLoaXpg%2Firn5S4OERqpwsU%2FxASu2c3ibj81cQ5WfRH%2BnIGdEMOwizAeKcK3AHRdpdpNjUbzyymXNtKEKBCv7cgkVZDyVZk1tY%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
cf-ray: 7edb06ee8b5e2c4f-FRA
expires: Fri, 04 Aug 2023 02:10:20 GMT

GET
H3 200 all.css
xelowings.cc/assets/vendors/fontawesome/css/ 72 KB
13 KB 17ms
16ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://xelowings.cc/assets/vendors/fontawesome/css/all.css

Requested by

Host: xelowings.cc
URL: https://xelowings.cc/?s1=351392&s2=1029335920&s3=1782&s4=1710&ow=&s10=739

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

462beb0c8ecb2abb15685c31875f268d166313581df110401c2483fab24a46df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xelowings.cc/b40f39a8824980ac2c2deea269e8c786
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 06:22:19 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 15119
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 19 Jul 2021 19:00:02 GMT
server: cloudflare
vary: Accept-Encoding,User-Agent,User-Agent
x-frame-options: SAMEORIGIN
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bZBQC5AsctUs3mmoTbVQ6PCqxXY0gnp8q%2FRdbQqvOpa1c3Fl0o1V7JAVUKQPB4YYckKA%2FHKVJkGseFBuXz3MpdUpdTWa0RINJxtggvBGlg%2BV1ogjMsRsiB5uKErPVFu1W%2BKhMgegRkGutyc%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
cf-ray: 7edb06ee8b5f2c4f-FRA
expires: Fri, 04 Aug 2023 02:10:20 GMT

GET
H3 200 common-hybrid.css
xelowings.cc/assets/css/legacy/dist/ 26 KB
7 KB 365ms
365ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://xelowings.cc/assets/css/legacy/dist/common-hybrid.css?v=801edee27c93d670b627acd3902288d6

Requested by

Host: xelowings.cc
URL: https://xelowings.cc/?s1=351392&s2=1029335920&s3=1782&s4=1710&ow=&s10=739

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6c14b220326d9f859c27025554460a6907b0de3144d9f25afc69287268c69d95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xelowings.cc/b40f39a8824980ac2c2deea269e8c786
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 06:22:20 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 03 Feb 2023 19:29:20 GMT
server: cloudflare
vary: Accept-Encoding,User-Agent,User-Agent
x-frame-options: SAMEORIGIN
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CwkkAQUO4UpAbLNKnxlOStuSTqLlSCYN65KWvDerl3bNGE4z3Lvlm5yMDsCaA2UuNqrvlOjnjNpC7lZNh7i%2Bf8%2FZD0D2TYgfGSbXNTQiEzEuiyojBtOCOIfpkfgYpuyI5n7YAdq7jQ0%2FNmI%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
cf-ray: 7edb06ee9b6e2c4f-FRA
expires: Fri, 04 Aug 2023 06:22:20 GMT

GET
H3 200 1.4.css
xelowings.cc/assets/css/legacy/ 7 KB
2 KB 358ms
357ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://xelowings.cc/assets/css/legacy/1.4.css?v=801edee27c93d670b627acd3902288d6

Requested by

Host: xelowings.cc
URL: https://xelowings.cc/?s1=351392&s2=1029335920&s3=1782&s4=1710&ow=&s10=739

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

50e938e3bf2d2024baf3a8c0b5608d1563ba6338dd40f1905936703e514d64d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xelowings.cc/b40f39a8824980ac2c2deea269e8c786
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 06:22:20 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Thu, 09 Feb 2023 19:04:36 GMT
server: cloudflare
vary: Accept-Encoding,User-Agent,User-Agent
x-frame-options: SAMEORIGIN
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5rL9NQWsW2x1oItXA8ZLqKEIdaF1kQyt7fBWNtcS%2BU11Jy4lq5lA3AdRLhfu3CBIvi81VcXs3U18870vgURoiwP%2FYXdGVP6wDoiwluuBfhn0jaLgXUo5eLb2TCzhpXr4AVUQ4JoFvPy%2FwPI%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
cf-ray: 7edb06ee9b732c4f-FRA
expires: Fri, 04 Aug 2023 06:22:20 GMT

GET
H3 200 msg.v3.js Show response
xelowings.cc/inc/ 2 KB
1 KB 354ms
353ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://xelowings.cc/inc/msg.v3.js?64c35e9b843bd

Requested by

Host: xelowings.cc
URL: https://xelowings.cc/?s1=351392&s2=1029335920&s3=1782&s4=1710&ow=&s10=739

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

448b2102656fc14a1cd8cc0e30a1d41aca27281ed91b00fb7cf5a23c7d8f8749

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xelowings.cc/b40f39a8824980ac2c2deea269e8c786
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 06:22:20 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 11 Jul 2023 21:35:45 GMT
server: cloudflare
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9UNKnlVQI6jOokLbeWHCHbsAwk3mviWsCxpuGYZA3kr7Rwf45fVaiPcmevAFNPF7eTS28FDBkkfaZsEfE2bVYFFC5Q135%2BoBj6FIlYrKHc%2BIAzrQ9dv98mNtHq5AZSKYWPAPIc7CDtk%2FRts%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
cf-ray: 7edb06ee9b762c4f-FRA
expires: Fri, 04 Aug 2023 06:22:20 GMT

GET
H3 200 jquery-3.4.1.min.js Show response
xelowings.cc/assets/js/vendor/ 86 KB
31 KB 26ms
25ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://xelowings.cc/assets/js/vendor/jquery-3.4.1.min.js

Requested by

Host: xelowings.cc
URL: https://xelowings.cc/?s1=351392&s2=1029335920&s3=1782&s4=1710&ow=&s10=739

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4c24dfd28784ad2befb3dafaac6bf1ed4e7cd58cce713d9a0b228d426e812baf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xelowings.cc/b40f39a8824980ac2c2deea269e8c786
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 06:22:19 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 15119
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 23 Mar 2021 22:52:06 GMT
server: cloudflare
vary: Accept-Encoding,User-Agent,User-Agent
x-frame-options: SAMEORIGIN
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4YPFpnIwo5AtTkoy4ieAsxLi1J9sJ3EDwVdEUnFjZBs2g3BIOfJB%2FS%2Fk4jClo%2B8me2hxhcyUw1Kxft6WFFIERWTYH3u6nhZbP6pmlIJhLIFS66baLHH8GeMLDYjWl2xnw52%2Fogswu%2FtjyEo%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
cf-ray: 7edb06ee9b772c4f-FRA
expires: Fri, 04 Aug 2023 02:10:20 GMT

GET
H3 200 bootstrap.min.js Show response
xelowings.cc/assets/js/vendor/bootstrap/js/ 48 KB
14 KB 28ms
27ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://xelowings.cc/assets/js/vendor/bootstrap/js/bootstrap.min.js

Requested by

Host: xelowings.cc
URL: https://xelowings.cc/?s1=351392&s2=1029335920&s3=1782&s4=1710&ow=&s10=739

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xelowings.cc/b40f39a8824980ac2c2deea269e8c786
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 06:22:19 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 15119
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 23 Mar 2021 22:52:06 GMT
server: cloudflare
vary: Accept-Encoding,User-Agent,User-Agent
x-frame-options: SAMEORIGIN
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BpUMBkLKpGAJ1MhLXStiNszPCzM7ztHgOElliKZe6%2B2Skn21msRpSqrGpG4F%2B89AnBEgqlR0CBdeVagiBuGXJVl20iPOrHPxhCr5bgA4KMVKlAjZvIZ76Gr2eM%2Ba3q2EW7D7HVFt3B%2B927U%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
cf-ray: 7edb06ee9b782c4f-FRA
expires: Fri, 04 Aug 2023 02:10:20 GMT

GET
H3 200 functions.js Show response
xelowings.cc/assets/js/ 495 B
738 B 365ms
364ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://xelowings.cc/assets/js/functions.js?v=801edee27c93d670b627acd3902288d6

Requested by

Host: xelowings.cc
URL: https://xelowings.cc/?s1=351392&s2=1029335920&s3=1782&s4=1710&ow=&s10=739

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1889b6974dcdd299f94f8fbf28ac3b73ec7fc5be2dc1686bca0eef1aa0716eac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xelowings.cc/b40f39a8824980ac2c2deea269e8c786
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 06:22:20 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 03 Jul 2023 15:34:56 GMT
server: cloudflare
vary: Accept-Encoding,User-Agent,User-Agent
x-frame-options: SAMEORIGIN
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WoSmtr9jHroEw0hudhqEJgfA%2FibzNeZ0%2Bp%2FOuSz0KXCJZtEzHEy39FxMSZs4SIj3%2Fl7rx0%2FeqapgZDB92ll9I4sExbwKgPEMHoMuvzjIu5ynJhikd5azLQ7MxMTQdKDpJcpHnLEzJ9cuLdM%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
cf-ray: 7edb06ee9b792c4f-FRA
expires: Fri, 04 Aug 2023 06:22:20 GMT

GET
H3 200 intl_functions.js Show response
xelowings.cc/assets/js/ 3 KB
2 KB 366ms
365ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://xelowings.cc/assets/js/intl_functions.js?v=801edee27c93d670b627acd3902288d6

Requested by

Host: xelowings.cc
URL: https://xelowings.cc/?s1=351392&s2=1029335920&s3=1782&s4=1710&ow=&s10=739

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b45697b6ce0983415e685fe5d6d97d4c29add3149d16fcb61a0bad9a82e177d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xelowings.cc/b40f39a8824980ac2c2deea269e8c786
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 06:22:20 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Mon, 26 Sep 2022 20:48:44 GMT
server: cloudflare
vary: Accept-Encoding,User-Agent,User-Agent
x-frame-options: SAMEORIGIN
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=whIUN%2B%2B5tsEHHOGKNgAZraism8Ti4Aoq%2B8KmSjvlCuAISLgNEXGUt1737LyWWmFv%2F0Zc0trOndNgYAiN1%2FY4ijTzfrAhmb42KrYAQ1cx8jVnHx1NjFEa5UhFP%2B1KiviuMyMR0ThEDR4b9t8%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
cf-ray: 7edb06ee9b7a2c4f-FRA
expires: Fri, 04 Aug 2023 06:22:20 GMT

GET
H3 200 common-hybrid.js Show response
xelowings.cc/assets/js/legacy/dist/ 94 KB
21 KB 488ms
487ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://xelowings.cc/assets/js/legacy/dist/common-hybrid.js?v=801edee27c93d670b627acd3902288d6

Requested by

Host: xelowings.cc
URL: https://xelowings.cc/?s1=351392&s2=1029335920&s3=1782&s4=1710&ow=&s10=739

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d34b752ce4887ad732a4f25669a598399162bbb35153f3e3dbf21277b60c37f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xelowings.cc/b40f39a8824980ac2c2deea269e8c786
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 06:22:20 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 07 Jul 2023 17:42:58 GMT
server: cloudflare
vary: Accept-Encoding,User-Agent,User-Agent
x-frame-options: SAMEORIGIN
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jPsbIPvgrYKbHEELWxxcvIABZXU4sOuVGYrk0ShaiLrmgeYm02i4n6EBDfFPxx7eOE%2B4tE5jsHppvHnGiVtd4JywzSTBJLMeq05qF3h8%2FMpx20lsDGPDSAK8vuTJuDVgbMVT0TbngtyLz%2FM%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
cf-ray: 7edb06ee9b7b2c4f-FRA
expires: Fri, 04 Aug 2023 06:22:20 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 119 KB
46 KB 50ms
25ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-M5FVHZX

Requested by

Host: storage.googleapis.com
URL: https://storage.googleapis.com/sdgdhf874fg5jnv4n/dzzzzas.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a3c2e209f23ee701d5d31468893be4e56386855d6854fc0b04ae4679987682de

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xelowings.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 06:22:20 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46371
x-xss-protection: 0
last-modified: Fri, 28 Jul 2023 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 28 Jul 2023 06:22:20 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 227 KB
79 KB 26ms
25ms Script
application/javascript 2a00:1450:4001:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-DKB9VH2QW4&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M5FVHZX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

39a62ceab5ee7c3537412ee45e06a64abf6d8cf37fa501fa07f488e3768b270a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xelowings.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 06:22:20 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 81173
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 28 Jul 2023 06:22:20 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
252 B 38ms
15ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-DKB9VH2QW4&gtm=45je37q0&_p=2031271784&cid=564637006.1690525340&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1690525340&sct=1&seg=0&dl=https%3A%2F%2Fxelowings.cc%2Fb40f39a8824980ac2c2deea269e8c786&dr=https%3A%2F%2Ftillersponge.com%2F&dt=%5B1%5D%20Pr%C3%A4mie%20ausstehend%20-%20Online%20Survey%20-%20Wir%20wollen%20Ihre%20Meinung!&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-DKB9VH2QW4&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xelowings.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 28 Jul 2023 06:22:20 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://xelowings.cc
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 css2
fonts.googleapis.com/ 5 KB
1 KB 41ms
17ms Stylesheet
text/css 2a00:1450:4001:810::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Arimo:wght@500;700&display=swap

Requested by

Host: xelowings.cc
URL: https://xelowings.cc/assets/css/legacy/dist/common-hybrid.css?v=801edee27c93d670b627acd3902288d6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7f436075f0a6abd34dafeb7489ff439f470051d146e1e48484d97d7f4628069b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xelowings.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 28 Jul 2023 06:22:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 28 Jul 2023 06:12:20 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 28 Jul 2023 06:22:20 GMT

GET
H2 200 v9e118mez8 Show response
trk-essursta.com/scripts/push/ 7 KB
3 KB 402ms
361ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://trk-essursta.com/scripts/push/v9e118mez8

Requested by

Host: xelowings.cc
URL: https://xelowings.cc/inc/msg.v3.js?64c35e9b843bd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c65c15e3af0d349af61501f7749076aacef349171d95638bb475f800d8367084

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xelowings.cc/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 06:22:20 GMT
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: DENY
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: application/javascript;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w5QUp1T%2BVkzbgLckYS%2F204hAFTLnWE8ksXg8ID0cdHPJTJr9LottTTtCCkLj6E7Qh7%2B5t9SErlJAGja50V6v7WSNsug72BHN0yhcKuB4VdoUCXKGNSJ8ZnJxuuQEyEmn7wOah5FG0%2BuGiOqlKQfr"}],"group":"cf-nel","max_age":604800}
cache-control: no-cache, no-store, max-age=0, must-revalidate
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; fullscreen 'self'; payment 'none'
cf-ray: 7edb06f16ce03606-FRA
expires: 0

GET
H3 200 EWxsJTLWkAQoIrd.png
xelowings.cc/uploads/archive/company/753/images/ 146 KB
147 KB 29ms
29ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://xelowings.cc/uploads/archive/company/753/images/EWxsJTLWkAQoIrd.png

Requested by

Host: xelowings.cc
URL: https://xelowings.cc/b40f39a8824980ac2c2deea269e8c786

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2e0651724826112ac4a7ae16df7fa46f5aaf603184acd6f161d98ad348a1ac32

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xelowings.cc/b40f39a8824980ac2c2deea269e8c786
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 06:22:20 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 13859
alt-svc: h3=":443"; ma=86400
content-length: 149512
x-xss-protection: 1; mode=block
last-modified: Tue, 13 Dec 2022 13:28:24 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent, Accept-Encoding
content-type: image/png
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FY6Oq%2FiR8VxMv77Zblpmua3Aa5htF2qBzy0m7%2F%2BdHdMyy20JQ8mhGxs8hBOhKvmvsDHG9H1LKzOcl6SXxGUSnDNOyUwF3isM2TWMEogTThy49drmwEbbDWSvHI%2Bg1WS15aRNqoM1z4xkadE%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 7edb06f1eeb22c4f-FRA
expires: Fri, 04 Aug 2023 02:31:21 GMT

GET
H3 200 10f50a2ed745f4573ddd5996c12e78b8.png
xelowings.cc/fim/739-DE/ 8 KB
8 KB 26ms
25ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://xelowings.cc/fim/739-DE/10f50a2ed745f4573ddd5996c12e78b8.png

Requested by

Host: xelowings.cc
URL: https://xelowings.cc/b40f39a8824980ac2c2deea269e8c786

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

329f79c0441a8516e75e17ea8a736903a739d32f97b35af8b5f6ed72a76173d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xelowings.cc/b40f39a8824980ac2c2deea269e8c786
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 06:22:20 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 14047
alt-svc: h3=":443"; ma=86400
content-length: 7881
x-xss-protection: 1; mode=block
last-modified: Fri, 28 Jul 2023 02:27:17 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent,User-Agent, Accept-Encoding
content-type: image/png
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W96qxCnvVn3egdJjK02J1i40u2bzAHswOJWJJx7X%2FOiLe81juK%2BUazC3U%2BgsS7U5IXeLhWH0IDM1e%2BIAecUGQeSTDG3AjIjdQzuv7bjWm8trLhe9Qi3Xqn8tFs3%2FmIuNXu%2FU2XpTa9xx9iM%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 7edb06f1eeb42c4f-FRA
expires: Fri, 04 Aug 2023 02:28:13 GMT

GET
H3 200 796c7a1bcbe33b9551031739f0516f2c.gif
xelowings.cc/fim/739-DE/ 15 KB
16 KB 34ms
32ms Image
image/gif 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://xelowings.cc/fim/739-DE/796c7a1bcbe33b9551031739f0516f2c.gif

Requested by

Host: xelowings.cc
URL: https://xelowings.cc/b40f39a8824980ac2c2deea269e8c786

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9ba6662bdb40bb1a731890fe8a7612ab1724363831a0342e36c2fc4bddd4a7a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xelowings.cc/b40f39a8824980ac2c2deea269e8c786
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 06:22:20 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 14046
alt-svc: h3=":443"; ma=86400
content-length: 15537
x-xss-protection: 1; mode=block
last-modified: Fri, 28 Jul 2023 02:27:17 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent,User-Agent, Accept-Encoding
content-type: image/gif
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B7kL0rj%2FpjSNe0te4%2FR09YZ%2BxkgNYBz8VlIAj3A0lixjsjaCd9I%2B8lAwCtvfsLLuT8sVQycqYFuIIZmeUy8V84KY%2FAJ%2Bpam1HP0TUm4EYJp7TrZhPdSScXQRkXpj4WiBR5hDhsGgQCY5LLA%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 7edb06f1eeb82c4f-FRA
expires: Fri, 04 Aug 2023 02:28:13 GMT

GET
H3 200 07a28a29849366cb1ff86e67268eef3e.png
xelowings.cc/fim/739-DE/ 2 KB
2 KB 17ms
15ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://xelowings.cc/fim/739-DE/07a28a29849366cb1ff86e67268eef3e.png

Requested by

Host: xelowings.cc
URL: https://xelowings.cc/b40f39a8824980ac2c2deea269e8c786

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4494c69afed09e8bb02dc10d4be3adaed00aa6479d838bd8ed1bf3119132004d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xelowings.cc/b40f39a8824980ac2c2deea269e8c786
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 06:22:20 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 14047
alt-svc: h3=":443"; ma=86400
content-length: 1714
x-xss-protection: 1; mode=block
last-modified: Fri, 28 Jul 2023 02:27:17 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent,User-Agent, Accept-Encoding
content-type: image/png
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AD1gd8GyU49kyAOW75qepJdVBUTCKOLvS9Ln9JFHm8XkNkmu%2F2P6DCSiojuXQXQSJwqKTYdw7ttZ94cptKS6K9XBYXwxTMxf9E0Ioka1UxhR4nfSfeivMWmp6kGFzzHH2hsNdgMsW8CvS7Q%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 7edb06f1eeb92c4f-FRA
expires: Fri, 04 Aug 2023 02:28:13 GMT

GET
H3 200 75a71e5bc0af7de0f5719904ed701ef7.jpg
xelowings.cc/fim/739-DE/ 2 KB
2 KB 22ms
20ms Image
image/jpeg 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://xelowings.cc/fim/739-DE/75a71e5bc0af7de0f5719904ed701ef7.jpg

Requested by

Host: xelowings.cc
URL: https://xelowings.cc/b40f39a8824980ac2c2deea269e8c786

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9f2dcc8d291e930f294c0b96fda36589f0b412848578c396b981e62ac9d4aca9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xelowings.cc/b40f39a8824980ac2c2deea269e8c786
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 06:22:20 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 92
alt-svc: h3=":443"; ma=86400
content-length: 1985
x-xss-protection: 1; mode=block
last-modified: Fri, 28 Jul 2023 02:27:17 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent,User-Agent, Accept-Encoding
content-type: image/jpeg
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y2cPaa31cjdA9tzzgjydQHyP2xMCFvVgbsj%2BSZJ6LgsqhvSu1HTzd6mZYjdWRljVV2XkQ2bGfcY04v6a%2FOGgBGXAG1PJZ1GXuuFzgBN2isziUEEzZlW8S7PkJ2jWtNKPjhgNCEGEzUmfFqM%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 7edb06f1eeba2c4f-FRA
expires: Fri, 04 Aug 2023 06:20:48 GMT

GET
H3 200 3854560979988f20d912cb5f5b053506.png
xelowings.cc/fim/739-DE/ 8 KB
8 KB 19ms
17ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://xelowings.cc/fim/739-DE/3854560979988f20d912cb5f5b053506.png

Requested by

Host: xelowings.cc
URL: https://xelowings.cc/b40f39a8824980ac2c2deea269e8c786

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0d79ca3b13098126f0c0fc76aed54a8acf6e645e62eb5f0ff90571141dfe24b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xelowings.cc/b40f39a8824980ac2c2deea269e8c786
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 06:22:20 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 14046
alt-svc: h3=":443"; ma=86400
content-length: 8047
x-xss-protection: 1; mode=block
last-modified: Fri, 28 Jul 2023 02:27:17 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent,User-Agent, Accept-Encoding
content-type: image/png
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JmQkVBiUz1IkOyViPBtvjT2beIufsuUgGqfhKFgc4QjgglJSy%2Fe%2FPQiEojlupdYFX6hGJwiboIhIVxAQPbwLE%2FGGCgs%2FABxTXTPUvaZ5%2Fs8tBrVJ3LBVOoSJmLmN6vMryaf32tP80NolOnc%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 7edb06f1eebd2c4f-FRA
expires: Fri, 04 Aug 2023 02:28:13 GMT

GET
H3 200 aa2eccb5cb5f7c522bb83d8d5ba129ce.jpg
xelowings.cc/fim/739-DE/ 2 KB
2 KB 27ms
25ms Image
image/jpeg 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://xelowings.cc/fim/739-DE/aa2eccb5cb5f7c522bb83d8d5ba129ce.jpg

Requested by

Host: xelowings.cc
URL: https://xelowings.cc/b40f39a8824980ac2c2deea269e8c786

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6b3771113ea2c584837a3b4036f7f8f810c11e8b02f78e98eed712c82618077a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xelowings.cc/b40f39a8824980ac2c2deea269e8c786
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 06:22:20 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 14046
alt-svc: h3=":443"; ma=86400
content-length: 1990
x-xss-protection: 1; mode=block
last-modified: Fri, 28 Jul 2023 02:28:11 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent,User-Agent, Accept-Encoding
content-type: image/jpeg
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2FSaHEdRpI28U%2BPpY5lbqZlEPq%2B2fJTYzLT%2F%2BGR48%2FzMzPS27ZJ9BTdOK%2Fg2eQBH48VDIt94s7S3h3AcTXbmdqI2ewNSOD9ReDD%2B%2BowyiUqTsEgEzkz2kU3b1IKKQKf3ce8oPmBUaV40r5o%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 7edb06f1eebe2c4f-FRA
expires: Fri, 04 Aug 2023 02:28:13 GMT

GET
H3 200 932814686befbc970e158a1902500ee9.jpg
xelowings.cc/fim/739-DE/ 2 KB
2 KB 20ms
18ms Image
image/jpeg 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://xelowings.cc/fim/739-DE/932814686befbc970e158a1902500ee9.jpg

Requested by

Host: xelowings.cc
URL: https://xelowings.cc/b40f39a8824980ac2c2deea269e8c786

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

249fd954ee073b4596065bcf075f3f469029f16cdbf37b60d611407e8e4469ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xelowings.cc/b40f39a8824980ac2c2deea269e8c786
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 06:22:20 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 92
alt-svc: h3=":443"; ma=86400
content-length: 2029
x-xss-protection: 1; mode=block
last-modified: Fri, 28 Jul 2023 02:28:21 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent,User-Agent, Accept-Encoding
content-type: image/jpeg
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hWwq1javrQIWNsV0k4RCpKAqUlHD8fewmgihq%2BSNydpL%2ByMy%2Fg0JrTa2%2BftERnqxOkTM%2Bme22hvStIS5lBdpYWFtBVOEhx2Ez4ayK9lskK1aUtbYTTfzSfWGGRWKN8ithpPNRiUB64Rvq0I%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 7edb06f1eec02c4f-FRA
expires: Fri, 04 Aug 2023 06:20:48 GMT

GET
H3 200 9fc706f9f1de12a246e2e6f375cb36e6.jpg
xelowings.cc/fim/739-DE/ 2 KB
2 KB 20ms
19ms Image
image/jpeg 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://xelowings.cc/fim/739-DE/9fc706f9f1de12a246e2e6f375cb36e6.jpg

Requested by

Host: xelowings.cc
URL: https://xelowings.cc/b40f39a8824980ac2c2deea269e8c786

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

612c58d05c6097b07b839936cd1c605a42165861422f23914b30f09aab06c949

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xelowings.cc/b40f39a8824980ac2c2deea269e8c786
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 06:22:20 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 13859
alt-svc: h3=":443"; ma=86400
content-length: 1993
x-xss-protection: 1; mode=block
last-modified: Fri, 28 Jul 2023 02:27:40 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent,User-Agent, Accept-Encoding
content-type: image/jpeg
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HILjCyrEXFQYggRPac8RO7qR5k9jFq%2BQmKsOEsDhtYzMj3RAvFbYo6nBLh8FkXioMuX%2BM1LDcLu8aAY1AiGPsYxImtyynEt5%2FZDe5J43hjJkj7FnbbfHy0pwgLDpoxCocFsJSeqTSvdKpHU%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 7edb06f1eec12c4f-FRA
expires: Fri, 04 Aug 2023 02:31:21 GMT

GET
H3 200 0c17f79ef89be4def8586bc6ba8a45e7.jpg
xelowings.cc/fim/739-DE/ 2 KB
2 KB 22ms
20ms Image
image/jpeg 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://xelowings.cc/fim/739-DE/0c17f79ef89be4def8586bc6ba8a45e7.jpg

Requested by

Host: xelowings.cc
URL: https://xelowings.cc/b40f39a8824980ac2c2deea269e8c786

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1176f85a0b084f161dbe5192394ad58ce5efd6ccc529079e222f240db83bd4f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xelowings.cc/b40f39a8824980ac2c2deea269e8c786
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 06:22:20 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 14046
alt-svc: h3=":443"; ma=86400
content-length: 1784
x-xss-protection: 1; mode=block
last-modified: Fri, 28 Jul 2023 02:27:40 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent,User-Agent, Accept-Encoding
content-type: image/jpeg
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XBhy99mKrRVVA5LTRFVl0NorefY7OUGzTI5LDByFjd1UVD6%2BQZgAxEc9ba5Y65aAxbjtSm8GiOZu5A9j4Qwrvssx6AQlWVz8LKpAAATYV4hhTOOtlTPUuIAxf8GpFkWLU78SkmKzOy%2BvKb0%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 7edb06f1eec22c4f-FRA
expires: Fri, 04 Aug 2023 02:28:14 GMT

GET
H3 200 93e70e563d4759745c3d270f4e585568.jpg
xelowings.cc/fim/739-DE/ 2 KB
2 KB 22ms
21ms Image
image/jpeg 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://xelowings.cc/fim/739-DE/93e70e563d4759745c3d270f4e585568.jpg

Requested by

Host: xelowings.cc
URL: https://xelowings.cc/b40f39a8824980ac2c2deea269e8c786

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bba8f9db54ccf37520888d62fc42c11c612c45e25feac44395e9ab42b2f966b8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xelowings.cc/b40f39a8824980ac2c2deea269e8c786
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 06:22:20 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 92
alt-svc: h3=":443"; ma=86400
content-length: 1855
x-xss-protection: 1; mode=block
last-modified: Fri, 28 Jul 2023 02:29:43 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent,User-Agent, Accept-Encoding
content-type: image/jpeg
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z17g2w2fC8BMkRLB4PKKOB0YOvKqBpDh09OnOqLiBx4quqQzG2lvQXTGHUu17yHyQ33aqP4z5MWsmQGHFkZ%2BYDbNxQSaYpdABLZuLrjLHHDtTveMbnyPofQnc2%2BJdDkp2%2Bx7HXJ0uefpiSA%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 7edb06f1eec32c4f-FRA
expires: Fri, 04 Aug 2023 06:20:48 GMT

GET
H3 200 17b5c8231cc2206b7f75c01de9a66321.jpg
xelowings.cc/fim/739-DE/ 2 KB
3 KB 368ms
366ms Image
image/jpeg 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://xelowings.cc/fim/739-DE/17b5c8231cc2206b7f75c01de9a66321.jpg

Requested by

Host: xelowings.cc
URL: https://xelowings.cc/b40f39a8824980ac2c2deea269e8c786

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5deddf7c5858ea17a9c6113f84b6624e75e00efaba9a11da2c7aae49ce0d8861

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xelowings.cc/b40f39a8824980ac2c2deea269e8c786
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 06:22:20 GMT
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 2081
x-xss-protection: 1; mode=block
last-modified: Fri, 28 Jul 2023 02:27:40 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent,User-Agent, Accept-Encoding
content-type: image/jpeg
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0knUTu2h%2FCGs%2Ff2x2n%2BKcoGkEmwAPrsX7tH9ZHLKS6TrF9LMlwsFZw4LSStSFGlUdyGRpK%2B%2BH5cZ8%2BEHXx2vCf1s5AZbJOANep5NAwJF4jEfgOI4w1tJDShyOagpl9FDrM1FKbTYjEjG6SY%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 7edb06f1eec42c4f-FRA
expires: Fri, 04 Aug 2023 06:22:20 GMT

GET
H3 200 cd59a109b0e8f81511c60d1ff57f2d89.jpg
xelowings.cc/fim/739-DE/ 2 KB
3 KB 27ms
26ms Image
image/jpeg 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://xelowings.cc/fim/739-DE/cd59a109b0e8f81511c60d1ff57f2d89.jpg

Requested by

Host: xelowings.cc
URL: https://xelowings.cc/b40f39a8824980ac2c2deea269e8c786

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ec006ed8744a3d28521058de2dcf88a3b2b6675af4c094410bdc7026db636d23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xelowings.cc/b40f39a8824980ac2c2deea269e8c786
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 06:22:20 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 92
alt-svc: h3=":443"; ma=86400
content-length: 2258
x-xss-protection: 1; mode=block
last-modified: Fri, 28 Jul 2023 02:33:40 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent,User-Agent, Accept-Encoding
content-type: image/jpeg
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4iONHBzGm5UdHpRlXAEkyrbAoU9Ojp%2FUWTIIYVhXSUoHjbOdPw3x46ypc8Zi4NO1WISbqTql1iOSf3PrEsSpkMgWB8ZI5y4%2FPnM3Vunc4uhKPJYPax0YinQX1h%2FtuynwD%2FNesCjCUp%2BsagU%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 7edb06f1eec52c4f-FRA
expires: Fri, 04 Aug 2023 06:20:48 GMT

GET
H3 200 92e885d6a42b0f8e847df23587381a98.png
xelowings.cc/fim/739-DE/ 5 KB
6 KB 26ms
24ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://xelowings.cc/fim/739-DE/92e885d6a42b0f8e847df23587381a98.png

Requested by

Host: xelowings.cc
URL: https://xelowings.cc/b40f39a8824980ac2c2deea269e8c786

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc4ba5ab1f79419e5c8a06db6d5ed27f78b026617608d8513bdf476bf78e1120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xelowings.cc/b40f39a8824980ac2c2deea269e8c786
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 06:22:20 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 14046
alt-svc: h3=":443"; ma=86400
content-length: 5389
x-xss-protection: 1; mode=block
last-modified: Fri, 28 Jul 2023 02:27:17 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent,User-Agent, Accept-Encoding
content-type: image/png
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1%2F0szWUc4QUnaCzLNdfQFYxjVOwIczd4MKplzDtsMNndoPH2BPS5mGvVK6rUpMySs8Cy89hcqxH3jQXBoks8C4scmpE2cl6tLwY8l5pQo1vctgh%2BnJVmgwWs4pQLtVwh%2FyP5r1SMVV%2FZIpg%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 7edb06f1eec62c4f-FRA
expires: Fri, 04 Aug 2023 02:28:14 GMT

GET
H3 200 b40f39a8824980ac2c2deea269e8c786
xelowings.cc/ 2 KB
2 KB 486ms
485ms Image
text/html 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://xelowings.cc/b40f39a8824980ac2c2deea269e8c786

Requested by

Host: xelowings.cc
URL: https://xelowings.cc/b40f39a8824980ac2c2deea269e8c786

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://xelowings.cc/b40f39a8824980ac2c2deea269e8c786
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 06:22:20 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
server: cloudflare
vary: Accept-Encoding,User-Agent,User-Agent
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CXhxgla01VJiKcDJrktvwtzvqbzz8NVXZaUP1RJhQzlPAVl%2BifF%2BROg4Y97LvNL3S3%2F2apeb%2B2Q%2Fx4Pe42j2HJMFoGtZB0kWIObkfATsOjRNWr7s0zUZxc7jDIO874pQtPWhmZh8Imb3jNk%3D"}],"group":"cf-nel","max_age":604800}
cache-control: no-store, no-cache, must-revalidate
cf-ray: 7edb06f20ed72c4f-FRA
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 P5sMzZCDf9_T_10ZxCE.woff2
fonts.gstatic.com/s/arimo/v28/ 20 KB
20 KB 39ms
8ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/arimo/v28/P5sMzZCDf9_T_10ZxCE.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Arimo:wght@500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a4f5230d39a7a21971fe62ccde2443345638d2beaa369b752820390a687b91b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://xelowings.cc
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Thu, 27 Jul 2023 18:27:06 GMT
x-content-type-options: nosniff
age: 42914
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20040
x-xss-protection: 0
last-modified: Tue, 02 May 2023 14:54:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 26 Jul 2024 18:27:06 GMT

GET
H3 200 fa-solid-900.woff2
xelowings.cc/assets/vendors/fontawesome/webfonts/ 78 KB
79 KB 25ms
18ms Font
font/woff2 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://xelowings.cc/assets/vendors/fontawesome/webfonts/fa-solid-900.woff2

Requested by

Host: xelowings.cc
URL: https://xelowings.cc/assets/vendors/fontawesome/css/all.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6c916669cf923b4f1b2db5c5107c83b6ca205e7ad0dcd840b251e63f0c8d28a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://xelowings.cc/assets/vendors/fontawesome/css/all.css
Origin: https://xelowings.cc
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 06:22:20 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 15119
alt-svc: h3=":443"; ma=86400
content-length: 80252
x-xss-protection: 1; mode=block
last-modified: Mon, 19 Jul 2021 19:00:02 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent,User-Agent, Accept-Encoding
content-type: font/woff2
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5QkQb0%2Fz0GyYjYdAHfJPNugZOXV2M7De2A0LVRcrhBjxMNgHFMUN9SFX6GoDayZ48AYRuaWcwNp5U4ohmp9P0dp5LpwfrECpn7wjgYSR6xawgCfas0pLxdRN1jxetqokuj7fx%2B30SM%2BOcoQ%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 7edb06f21ee42c4f-FRA
expires: Fri, 04 Aug 2023 02:10:21 GMT

GET
H3 200 fa-regular-400.woff2
xelowings.cc/assets/vendors/fontawesome/webfonts/ 13 KB
14 KB 24ms
17ms Font
font/woff2 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://xelowings.cc/assets/vendors/fontawesome/webfonts/fa-regular-400.woff2

Requested by

Host: xelowings.cc
URL: https://xelowings.cc/assets/vendors/fontawesome/css/all.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b3b8c21edfe6c5e402fdc607366fd8d15949a65914f58134733dc68922bc8d61

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://xelowings.cc/assets/vendors/fontawesome/css/all.css
Origin: https://xelowings.cc
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

date: Fri, 28 Jul 2023 06:22:20 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 15119
alt-svc: h3=":443"; ma=86400
content-length: 13588
x-xss-protection: 1; mode=block
last-modified: Mon, 19 Jul 2021 19:00:02 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent,User-Agent, Accept-Encoding
content-type: font/woff2
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xooOrcAI3bWIJ1jIhW8Ze%2FtkGsK%2Bu7J8rUBdwDsF00YowCCid4YIuEfwzNnZJnydcnfosn2d741Il8Otq8yzF%2BU6Mb%2FnltC%2FBkaOOaKTGQVxmb5NVlAYT2SPG4tdAq1218PdJbYmQaSVXms%3D"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 7edb06f21ee62c4f-FRA
expires: Fri, 04 Aug 2023 02:10:21 GMT

POST
H3 200 b40f39a8824980ac2c2deea269e8c786 Show response
xelowings.cc/ 25 B
528 B 530ms
529ms XHR
application/json 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://xelowings.cc/b40f39a8824980ac2c2deea269e8c786

Requested by

Host: xelowings.cc
URL: https://xelowings.cc/inc/msg.v3.js?64c35e9b843bd

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8c17435e1a09ed89d29dab00015da616c16e39da1c5daf5f8c8026dcbcf5836a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://xelowings.cc/b40f39a8824980ac2c2deea269e8c786
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Fri, 28 Jul 2023 06:22:21 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
server: cloudflare
vary: Accept-Encoding,User-Agent,User-Agent
x-frame-options: SAMEORIGIN
content-type: application/json
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CWs9Di78pOgYsIBoqgissSE7JdaJMtg8LoJtpXiUVcFHLRu2p%2Bn2CdsD68hi3277w3wQ23U%2BQx6akQzrucXABsV5pCQAgawfVpuZreGwbcIOiIj2fo1Sq8Xq14t9Gn1ojOipH2Tq7pRt1xA%3D"}],"group":"cf-nel","max_age":604800}
cache-control: no-store, no-cache, must-revalidate
cf-ray: 7edb06f3a8d62c4f-FRA
expires: Thu, 19 Nov 1981 08:52:00 GMT

OPTIONS
H2 200 v9e118mez8
event.trk-essursta.com/register/event_log/ 0
0 406ms
366ms Preflight 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://event.trk-essursta.com/register/event_log/v9e118mez8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://xelowings.cc
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: https://xelowings.cc
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-max-age: 1800
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7edb06f6e9c61c01-FRA
content-length: 0
date: Fri, 28 Jul 2023 06:22:21 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C%2BOwrPPV65v6MsLwFD1sP5o0qCcYO9y6lfvurzdKSFaCxBvq5q%2BoDXwhRfBIICqL95mlJS%2BDR94hB%2Fm1ZfDHxUzAajYkkAgUGLw1UXEzU4VPxjbi06vzGX%2Fbl%2BI58yB%2BrtNqXOdT%2BJVPFkQRHycRZ2AgplKa"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

POST
H2 200 v9e118mez8
event.trk-essursta.com/register/event_log/ 0
0 102ms
102ms Fetch 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://event.trk-essursta.com/register/event_log/v9e118mez8

Requested by

Host: trk-essursta.com
URL: https://trk-essursta.com/scripts/push/v9e118mez8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://xelowings.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-type: application/json

Response headers

expires: 0
date: Fri, 28 Jul 2023 06:22:21 GMT
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-pushplatformapp-alert: pushPlatformApp.pushSubscription.deleted
alt-svc: h3=":443"; ma=86400
content-length: 0
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: DENY
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LxjpHP%2Bky3V4yLoGl7orBMjBk7qDi9SRWcgajUtS1Chiytbcs5haLR2%2F4K5ZSE7zVrIXsXOpjOZ%2F00N6wm3%2FNxktb4OqaDhu3BDXwyqCiMY11ywncZRMtvr84fb6exur%2BLGPU624IS6CvjlLsqFNMe7omvtI"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://xelowings.cc
access-control-expose-headers: Authorization, Link, X-Total-Count
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; fullscreen 'self'; payment 'none'
cf-ray: 7edb06f92cda1c01-FRA
x-pushplatformapp-params

OPTIONS
H2 200 v9e118mez8
event.trk-essursta.com/register/event_log/ 0
0 417ms
378ms Preflight 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://event.trk-essursta.com/register/event_log/v9e118mez8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://xelowings.cc
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: https://xelowings.cc
access-control-expose-headers: Authorization, Link, X-Total-Count
access-control-max-age: 1800
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7edb06f6e9c71c01-FRA
content-length: 0
date: Fri, 28 Jul 2023 06:22:21 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tsy93vtTrdxIy%2F0WcI6kg5IwUqpbBevDT7UeyKvK5bSEczgZUgaBvI7wkmWAbhlDEfmT6hOPIyimzvcDerYsuhGbi2MEC05A8Fu2W8pc6jfw8y5ruEVxy9QEtjN8%2BNrkXW6PAdeCyyttEzNmvx0%2BSxjZoLn4"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

POST
H2 200 v9e118mez8
event.trk-essursta.com/register/event_log/ 0
0 107ms
107ms Fetch 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://event.trk-essursta.com/register/event_log/v9e118mez8

Requested by

Host: trk-essursta.com
URL: https://trk-essursta.com/scripts/push/v9e118mez8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://xelowings.cc/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-type: application/json

Response headers

expires: 0
date: Fri, 28 Jul 2023 06:22:21 GMT
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src https://* data:; font-src 'self' data:
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-pushplatformapp-alert: pushPlatformApp.pushSubscription.deleted
alt-svc: h3=":443"; ma=86400
content-length: 0
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: DENY
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sQU0AEFsstwAA5OSf%2B0H0dkPuBXrmW85vFCksZluHR4qhmwS77gEvuJ9byAwNZ6KY1S357F5SGeIdlPn5Dn%2B3g7nuD9Qx2OmYoWqpv1l59YOJrt%2BHCP%2Fq3CcGdDoGLqYJFDWOCJLWL%2F5sDCkmZgBx56Zbbq%2B"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://xelowings.cc
access-control-expose-headers: Authorization, Link, X-Total-Count
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
feature-policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; fullscreen 'self'; payment 'none'
cf-ray: 7edb06f94cee1c01-FRA
x-pushplatformapp-params

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Customer Survey Spam (Consumer)

128 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.linkedin.com/	1970-01-20 22:21:01	Name: bcookie Value: "v=2&86837642-2361-4005-85e6-d6e46ab7bc4d"
.www.linkedin.com/	1970-01-20 22:21:01	Name: bscookie Value: "v=1&202307280622160d589ca4-cab1-48ac-8ca0-9982b9c153a0AQF0lSLwDDxXKBMrcXcedmQzjJW4GHOt"
.linkedin.com/	1970-01-20 17:54:37	Name: li_gc Value: MTswOzE2OTA1MjUzMzY7MjswMjGmUVgEqjzhTGXooXsX8O0I9eKXsqeKO+wdHzmjyByW3A==
.linkedin.com/	1970-01-20 13:36:51	Name: lidc Value: "b=OGST02:s=O:r=O:a=O:p=O:g=2968:u=1:x=1:i=1690525336:t=1690611736:v=2:sig=AQHgGduGiVtl2VQBhXOam0_lMKwWfqL6"
tillersponge.com/	1970-01-20 14:18:37	Name: uid1782 Value: 1029335920-20230728022218-da17931e85567ff21cda1e057f3c1f71-0
xelowings.cc/	1969-12-31 23:59:59	Name: PHPSESSID Value: c9c7c2e6cba5cafd2d2fa1283c4f5dde
.xelowings.cc/	1970-01-20 23:11:25	Name: _ga_DKB9VH2QW4 Value: GS1.1.1690525340.1.0.1690525340.0.0.0
.xelowings.cc/	1970-01-20 23:11:25	Name: _ga Value: GA1.1.564637006.1690525340

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	error	URL: https://xelowings.cc/b40f39a8824980ac2c2deea269e8c786 Message: Chrome currently does not support the Push API in incognito mode (https://crbug.com/401439). There is deliberately no way to feature-detect this, since incognito mode needs to be undetectable by websites.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

event.trk-essursta.com
fonts.googleapis.com
fonts.gstatic.com
region1.google-analytics.com
skdevelopers.info
storage.googleapis.com
tillersponge.com
trk-essursta.com
www.googletagmanager.com
www.linkedin.com
xelowings.cc
162.216.240.72
2001:4860:4802:32::36
2620:1ec:21::14
2a00:1450:4001:808::2008
2a00:1450:4001:810::200a
2a00:1450:4001:813::2003
2a00:1450:4001:829::2010
2a06:98c1:3120::3
45.12.254.227
0d79ca3b13098126f0c0fc76aed54a8acf6e645e62eb5f0ff90571141dfe24b2
1176f85a0b084f161dbe5192394ad58ce5efd6ccc529079e222f240db83bd4f4
1889b6974dcdd299f94f8fbf28ac3b73ec7fc5be2dc1686bca0eef1aa0716eac
1c43d59e530b35418bfa325cc462aa2b4b066a10f0da8913b55fd5dd52deab4e
249fd954ee073b4596065bcf075f3f469029f16cdbf37b60d611407e8e4469ea
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
2e0651724826112ac4a7ae16df7fa46f5aaf603184acd6f161d98ad348a1ac32
329f79c0441a8516e75e17ea8a736903a739d32f97b35af8b5f6ed72a76173d4
39a62ceab5ee7c3537412ee45e06a64abf6d8cf37fa501fa07f488e3768b270a
448b2102656fc14a1cd8cc0e30a1d41aca27281ed91b00fb7cf5a23c7d8f8749
4494c69afed09e8bb02dc10d4be3adaed00aa6479d838bd8ed1bf3119132004d
462beb0c8ecb2abb15685c31875f268d166313581df110401c2483fab24a46df
4c24dfd28784ad2befb3dafaac6bf1ed4e7cd58cce713d9a0b228d426e812baf
50e938e3bf2d2024baf3a8c0b5608d1563ba6338dd40f1905936703e514d64d6
5deddf7c5858ea17a9c6113f84b6624e75e00efaba9a11da2c7aae49ce0d8861
612c58d05c6097b07b839936cd1c605a42165861422f23914b30f09aab06c949
6b3771113ea2c584837a3b4036f7f8f810c11e8b02f78e98eed712c82618077a
6c14b220326d9f859c27025554460a6907b0de3144d9f25afc69287268c69d95
6c916669cf923b4f1b2db5c5107c83b6ca205e7ad0dcd840b251e63f0c8d28a2
7f436075f0a6abd34dafeb7489ff439f470051d146e1e48484d97d7f4628069b
89670f4b17a43129f0e8ab767d674abe69d10d784f51658338e3b160c83bb22a
8c17435e1a09ed89d29dab00015da616c16e39da1c5daf5f8c8026dcbcf5836a
9ba6662bdb40bb1a731890fe8a7612ab1724363831a0342e36c2fc4bddd4a7a1
9f2dcc8d291e930f294c0b96fda36589f0b412848578c396b981e62ac9d4aca9
a3c2e209f23ee701d5d31468893be4e56386855d6854fc0b04ae4679987682de
a4f5230d39a7a21971fe62ccde2443345638d2beaa369b752820390a687b91b6
b3b8c21edfe6c5e402fdc607366fd8d15949a65914f58134733dc68922bc8d61
b45697b6ce0983415e685fe5d6d97d4c29add3149d16fcb61a0bad9a82e177d5
bba8f9db54ccf37520888d62fc42c11c612c45e25feac44395e9ab42b2f966b8
bc4ba5ab1f79419e5c8a06db6d5ed27f78b026617608d8513bdf476bf78e1120
c65c15e3af0d349af61501f7749076aacef349171d95638bb475f800d8367084
d34b752ce4887ad732a4f25669a598399162bbb35153f3e3dbf21277b60c37f0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
ec006ed8744a3d28521058de2dcf88a3b2b6675af4c094410bdc7026db636d23

xelowings.cc Open in urlscan Pro 2a06:98c1:3120::3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

43 Requests

98 %HTTPS

78 %IPv6

9 Domains

11 Subdomains

8 IPs

3 Countries

613 kBTransfer

1475 kBSize

8 Cookies

0 Outgoing links

Page URL History

Redirected requests

43 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

xelowings.cc Open in urlscan Pro
2a06:98c1:3120::3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

43
Requests

98 %
HTTPS

78 %
IPv6

9
Domains

11
Subdomains

8
IPs

3
Countries

613 kB
Transfer

1475 kB
Size

8
Cookies

43 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!