hjape.kapitonblanket.site Open in urlscan Pro
172.67.166.234 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://intactglas.com/0/2/39525/5b78f5f979d938b783449fcd93892fed/10/38286_20/0.5931861652662003
Effective URL:
https://hjape.kapitonblanket.site/uhptu/unvd/sqdce/zgiua?53c151de7dfb0011b992d821c3296b57
Submission: On August 05 via api (August 5th 2024, 10:31:35 am UTC) from US — Scanned from US

Summary HTTP 17 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 5 domains to perform 17 HTTP transactions. The main IP is 172.67.166.234, located in United States and belongs to CLOUDFLARENET, US. The main domain is hjape.kapitonblanket.site.
TLS certificate: Issued by WE1 on July 21st 2024. Valid for: 3 months.

This is the only time hjape.kapitonblanket.site was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Tracking (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1	155.254.194.13 155.254.194.13	398343 (BAXET-GROUP) (BAXET-GROUP)
1 1	172.67.180.18 172.67.180.18	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	172.67.166.234 172.67.166.234	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:303... 2606:4700:3036::6815:1b98	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	172.67.150.30 172.67.150.30	13335 (CLOUDFLAR...) (CLOUDFLARENET)
17	4

1 155.254.194.13 (Baku, Azerbaijan)

ASN398343 (BAXET-GROUP, US)

intactglas.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.180.18 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

gastrodinner.cfd	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 172.67.166.234 (United States)

ASN13335 (CLOUDFLARENET, US)

hjape.kapitonblanket.site	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3036::6815:1b98 (United States)

ASN13335 (CLOUDFLARENET, US)

use.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.67.150.30 (United States)

ASN13335 (CLOUDFLARENET, US)

trk-elevostra.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
event.trk-elevostra.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	kapitonblanket.site hjape.kapitonblanket.site	327 KB
4	trk-elevostra.com trk-elevostra.com — Cisco Umbrella Rank: 357103 event.trk-elevostra.com — Cisco Umbrella Rank: 369321	3 KB
1	fontawesome.com use.fontawesome.com — Cisco Umbrella Rank: 1950	426 KB
1	gastrodinner.cfd 1 redirects gastrodinner.cfd	641 B
1	intactglas.com intactglas.com	583 B
17	5

	Domain	Requested by
11	hjape.kapitonblanket.site	intactglas.com hjape.kapitonblanket.site
3	event.trk-elevostra.com	trk-elevostra.com
1	trk-elevostra.com	hjape.kapitonblanket.site
1	use.fontawesome.com	hjape.kapitonblanket.site
1	gastrodinner.cfd	1 redirects
1	intactglas.com
17	6

This site contains no links.

Subject Issuer	Validity	Valid
intactglas.com R10	`2024-08-02` - `2024-10-31`	3 months	crt.sh
kapitonblanket.site WE1	`2024-07-21` - `2024-10-19`	3 months	crt.sh
use.fontawesome.com Cloudflare Inc ECC CA-3	`2023-10-12` - `2024-10-10`	a year	crt.sh
trk-elevostra.com WE1	`2024-06-13` - `2024-09-11`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://hjape.kapitonblanket.site/uhptu/unvd/sqdce/zgiua?53c151de7dfb0011b992d821c3296b57
Frame ID: B94C5E5D8C3205251BA9E5E489C1787F
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

(1) Notification

Page URL History Show full URLs

http://intactglas.com/0/2/39525/5b78f5f979d938b783449fcd93892fed/10/38286_20/0.5931861652662003 HTTP 307
https://intactglas.com/0/2/39525/5b78f5f979d938b783449fcd93892fed/10/38286_20/0.5931861652662003 Page URL
https://gastrodinner.cfd/?id=209&s1=351983&s2=1213210842&s3=5992&p=us5upstrack7a HTTP 302
https://hjape.kapitonblanket.site/uhptu/unvd/sqdce/zgiua?53c151de7dfb0011b992d821c3296b57 Page URL

Detected technologies

animate.css (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link [^>]+(?:/([\d.]+)/)?animate\.(?:min\.)?css

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

17
Requests

100 %
HTTPS

20 %
IPv6

5
Domains

6
Subdomains

4
IPs

2
Countries

757 kB
Transfer

1608 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://intactglas.com/0/2/39525/5b78f5f979d938b783449fcd93892fed/10/38286_20/0.5931861652662003 HTTP 307
https://intactglas.com/0/2/39525/5b78f5f979d938b783449fcd93892fed/10/38286_20/0.5931861652662003 Page URL
https://gastrodinner.cfd/?id=209&s1=351983&s2=1213210842&s3=5992&p=us5upstrack7a HTTP 302
https://hjape.kapitonblanket.site/uhptu/unvd/sqdce/zgiua?53c151de7dfb0011b992d821c3296b57 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://intactglas.com/0/2/39525/5b78f5f979d938b783449fcd93892fed/10/38286_20/0.5931861652662003 HTTP 307
https://intactglas.com/0/2/39525/5b78f5f979d938b783449fcd93892fed/10/38286_20/0.5931861652662003

17 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

0.5931861652662003
intactglas.com/0/2/39525/5b78f5f979d938b783449fcd93892fed/10/38286_20/
Redirect Chain

http://intactglas.com/0/2/39525/5b78f5f979d938b783449fcd93892fed/10/38286_20/0.5931861652662003
https://intactglas.com/0/2/39525/5b78f5f979d938b783449fcd93892fed/10/38286_20/0.5931861652662003

143 B
583 B

1020ms
453ms

Document
text/html

155.254.194.13
BAXET-GROUP

General

Check archive.org

Show headers Download Go to

Full URL

https://intactglas.com/0/2/39525/5b78f5f979d938b783449fcd93892fed/10/38286_20/0.5931861652662003

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

155.254.194.13 Baku, Azerbaijan, ASN398343 (BAXET-GROUP, US),

Reverse DNS

Software

nginx/1.12.2 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=16000000; includeSubDomains; preload;

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 05 Aug 2024 10:31:29 GMT
server: nginx/1.12.2
strict-transport-security: max-age=16000000; includeSubDomains; preload;
transfer-encoding: chunked
vary: Accept-Encoding

Redirect headers

Location: https://intactglas.com/0/2/39525/5b78f5f979d938b783449fcd93892fed/10/38286_20/0.5931861652662003
Non-Authoritative-Reason: HttpsUpgrades

GET
H3

200

Primary Request zgiua Show response
hjape.kapitonblanket.site/uhptu/unvd/sqdce/
Redirect Chain

https://gastrodinner.cfd/?id=209&s1=351983&s2=1213210842&s3=5992&p=us5upstrack7a
https://hjape.kapitonblanket.site/uhptu/unvd/sqdce/zgiua?53c151de7dfb0011b992d821c3296b57

39 KB
8 KB

494ms
271ms

Document
text/html

172.67.166.234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hjape.kapitonblanket.site/uhptu/unvd/sqdce/zgiua?53c151de7dfb0011b992d821c3296b57

Requested by

Host: intactglas.com
URL: https://intactglas.com/0/2/39525/5b78f5f979d938b783449fcd93892fed/10/38286_20/0.5931861652662003

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.166.234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

26a2416ada151212e8170f46219cff2420c4c4282042fa4846711a682e609c43

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://intactglas.com/0/2/39525/5b78f5f979d938b783449fcd93892fed/10/38286_20/0.5931861652662003
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8ae61e2baf267e7d-LAX
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 05 Aug 2024 10:31:30 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dHdIf6%2Bledp8C1%2F9zMBIwpAvVx6cCfVP0enum6cddv6SrhV6eig2z4NKE6JphQ2bXVay%2FIHqp1OsEdneA6Y5%2FVZH26SD6Q6PnxmJP0xrdV22Pu2k9%2BjHjBgmzRVqy5pOkmg0H8hRFWwxCE45"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding,User-Agent
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

Redirect headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache, no-store, must-revalidate, max-age=0
cf-cache-status: DYNAMIC
cf-ray: 8ae61e287f2878d7-LAX
content-type: text/html; charset=UTF-8
date: Mon, 05 Aug 2024 10:31:29 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: https://hjape.kapitonblanket.site/uhptu/unvd/sqdce/zgiua?53c151de7dfb0011b992d821c3296b57
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PodAY0xwxFv6YFnDtLgQFLjM46DRlPc7tTmj6qh18CxaZGxooyIt%2F1ljIYHDczJfnBpDxcVEfxmL%2Bsrf07h1CajEUKn9iVsvS1QwutuK16OFY4Lig1srM3RcNJJCn1f0A09Z"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: User-Agent
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H3 200 style.css
hjape.kapitonblanket.site/master/us177/ 15 KB
4 KB 142ms
132ms Stylesheet
text/css 172.67.166.234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hjape.kapitonblanket.site/master/us177/style.css

Requested by

Host: hjape.kapitonblanket.site
URL: https://hjape.kapitonblanket.site/uhptu/unvd/sqdce/zgiua?53c151de7dfb0011b992d821c3296b57

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.166.234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

11f105a08e89103402777a983b6d8f88cc66c7706f95a348719d70ffe3adada3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://hjape.kapitonblanket.site/uhptu/unvd/sqdce/zgiua?53c151de7dfb0011b992d821c3296b57
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 10:31:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 11630
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Thu, 18 Apr 2024 20:46:54 GMT
server: cloudflare
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ip18NG9PVjD0sCo%2BgkOwKHfOYgmTLmPVIwXzyhwrYoNg1SnVlA4fIRW4kKkbny0eIn%2BI5NW1kLhQ19p4JEqFI0ZjfFra2lN%2BOF6T62Jbtz%2B2JoxnnwXANFFplOrTneMJXHEuLSIxz6xtA3j4"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
cf-ray: 8ae61e2dd83e7e7d-LAX
expires: Mon, 12 Aug 2024 07:17:40 GMT

GET
H3 200 animate.min.css
hjape.kapitonblanket.site/master/us177/ 57 KB
5 KB 73ms
72ms Stylesheet
text/css 172.67.166.234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hjape.kapitonblanket.site/master/us177/animate.min.css

Requested by

Host: hjape.kapitonblanket.site
URL: https://hjape.kapitonblanket.site/uhptu/unvd/sqdce/zgiua?53c151de7dfb0011b992d821c3296b57

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.166.234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4c055e6d0d9ba2b8f1be4719110e92c1b9499ed0759f0d1c48fccd16a7b31dcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://hjape.kapitonblanket.site/uhptu/unvd/sqdce/zgiua?53c151de7dfb0011b992d821c3296b57
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 10:31:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 11630
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Thu, 18 Apr 2024 20:46:53 GMT
server: cloudflare
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Ba3%2FSvrgjT1ktPsuJ5ZJceuOcGjvXiLq9KXvmISZho%2BwWZPNkvNUEoazHh8bAiKMuxnEfRalm2ENhEpr5mT7PmdJxkc%2FXWPfUKTGVikk2UIOKV1K%2BRjB%2Fqw8BtIAvZ0mgaon%2BcdC%2BzjuhnMN"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
cf-ray: 8ae61e2dd8417e7d-LAX
expires: Mon, 12 Aug 2024 07:17:40 GMT

GET
H2 200 all.js Show response
use.fontawesome.com/releases/v5.15.4/js/ 1 MB
426 KB 282ms
87ms Script
application/javascript 2606:4700:3036::6815:1b98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.15.4/js/all.js
Requested by: Host: hjape.kapitonblanket.site
URL: https://hjape.kapitonblanket.site/uhptu/unvd/sqdce/zgiua?53c151de7dfb0011b992d821c3296b57
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:1b98 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 812ab0e46f86b2ce98ab2425ab2224b90d0845952a1ac0d5abd734b6217e98bf

Request headers

Referer: https://hjape.kapitonblanket.site/
Origin: https://hjape.kapitonblanket.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 10:31:30 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 22 Sep 2023 01:45:24 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 12263
etag: W/"5e29440867fdb02a48dffded02338c31"
vary: Origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DkutVZUdnkcuXfll46y7bXFq%2FKfO2v5lxExPlx5hkYusM%2Bk3Ev9FlqfiQy%2Bi3djGIt6g5YO%2BsbjiohyODaQnvIr%2BhIR8vFXEmYDlWlHo0DbOtleWiKSVxwRakgb5XgZ6708bp6C8NB%2FdnVVsKOjb3L3V"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31556926
cf-ray: 8ae61e30db001020-LAX
alt-svc: h3=":443"; ma=86400

GET
H3 200 msg.js Show response
hjape.kapitonblanket.site/inc/ 943 B
911 B 269ms
268ms Script
application/javascript 172.67.166.234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hjape.kapitonblanket.site/inc/msg.js?4fee862c01c82390a6f848318617f54b

Requested by

Host: hjape.kapitonblanket.site
URL: https://hjape.kapitonblanket.site/uhptu/unvd/sqdce/zgiua?53c151de7dfb0011b992d821c3296b57

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.166.234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

19f7dd15af70121da291e6df75452886b47a5d0e074f2ed422be30e8ec5d9671

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://hjape.kapitonblanket.site/uhptu/unvd/sqdce/zgiua?53c151de7dfb0011b992d821c3296b57
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 10:31:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 21 Jun 2024 16:01:34 GMT
server: cloudflare
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tWdTz0LAAUXWtQiW0pklMzATmOmtTx6Y61VtOLySYkOszdauaIIl9O1ccHv1OID7cFuGxvWCQiGD%2FVfQiX54NCVsBaSWhcnErvsyhV6nLUdSMXR6%2BCcAmq5EfxcizThAahA0jFce%2FqBqxZoh"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
cf-ray: 8ae61e2dd8427e7d-LAX
expires: Mon, 12 Aug 2024 10:31:30 GMT

GET
H3 200 logopp.png
hjape.kapitonblanket.site/master/us177/ 50 KB
50 KB 133ms
132ms Image
image/png 172.67.166.234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hjape.kapitonblanket.site/master/us177/logopp.png

Requested by

Host: hjape.kapitonblanket.site
URL: https://hjape.kapitonblanket.site/uhptu/unvd/sqdce/zgiua?53c151de7dfb0011b992d821c3296b57

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.166.234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cc9d1599746ab92c71d07d5078adbdc763295f6d64760d9528b1d28245ca97dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://hjape.kapitonblanket.site/uhptu/unvd/sqdce/zgiua?53c151de7dfb0011b992d821c3296b57
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 10:31:30 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 11629
alt-svc: h3=":443"; ma=86400
content-length: 50691
x-xss-protection: 1; mode=block
last-modified: Thu, 18 Apr 2024 20:46:53 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent, Accept-Encoding
content-type: image/png
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wJ2OGv8k%2FPMaH7%2FR0UHB143wuL2jsJoWSZASJH2S0xLbA1oeHn%2BE1oe9OEhmJXlyTdvusdQIxBh6zd%2B3%2BUP6JKWer8OnJyloQwAySdM0q0Ed0XFIRbzOpqLHnQxAe%2FdPWQiiRgsbmvaUIg2Q"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 8ae61e2dd8437e7d-LAX
expires: Mon, 12 Aug 2024 07:17:41 GMT

GET
H3 200 product.jpg
hjape.kapitonblanket.site/master/us177/ 67 KB
67 KB 76ms
75ms Image
image/jpeg 172.67.166.234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hjape.kapitonblanket.site/master/us177/product.jpg

Requested by

Host: hjape.kapitonblanket.site
URL: https://hjape.kapitonblanket.site/uhptu/unvd/sqdce/zgiua?53c151de7dfb0011b992d821c3296b57

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.166.234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6b86dbbda25715a3533518c22ab3698a4732674fffbf7bde8f18ab8685f249ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://hjape.kapitonblanket.site/uhptu/unvd/sqdce/zgiua?53c151de7dfb0011b992d821c3296b57
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 10:31:30 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 11629
alt-svc: h3=":443"; ma=86400
content-length: 68264
x-xss-protection: 1; mode=block
last-modified: Thu, 18 Apr 2024 20:46:55 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent, Accept-Encoding
content-type: image/jpeg
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6gkXDdTa%2BO5nQnHAVJhQGlhPzkvTnGDhthZcUSa%2FiTfUa0J9QRH15vGQpt8KWhXC3Z94VrTS4sKZRSag5hzRPXjaZQnnKhmjosQoQygttyYFWlTTQAD8CRBW%2BYPNpPPB%2FE0JtFbeECpLHA7u"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 8ae61e2dd8457e7d-LAX
expires: Mon, 12 Aug 2024 07:17:41 GMT

GET
H3 200 logo.png
hjape.kapitonblanket.site/master/us177/ 75 KB
75 KB 73ms
73ms Image
image/png 172.67.166.234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hjape.kapitonblanket.site/master/us177/logo.png

Requested by

Host: hjape.kapitonblanket.site
URL: https://hjape.kapitonblanket.site/uhptu/unvd/sqdce/zgiua?53c151de7dfb0011b992d821c3296b57

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.166.234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f37a1bc4b16b7c892cd9d8d66360ea31a060c56ed322bc52d5efafd48b52568c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://hjape.kapitonblanket.site/uhptu/unvd/sqdce/zgiua?53c151de7dfb0011b992d821c3296b57
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 10:31:30 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 11629
alt-svc: h3=":443"; ma=86400
content-length: 76299
x-xss-protection: 1; mode=block
last-modified: Thu, 18 Apr 2024 20:46:55 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent, Accept-Encoding
content-type: image/png
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Czjmf8g8aNO5jgkGRDmVI02NASilGMlWgnQDezWOxjVgfHgLjc2JqLcSOIbCx4ON%2FBbon66MnPB7snFYtIFFrYgLCfBOUIjkubE9nWqLjXw76GWIEgnQjjo53eiZle1XIgLj4ReezFHILKlq"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 8ae61e2f19907e7d-LAX
expires: Mon, 12 Aug 2024 07:17:41 GMT

GET
H3 200 loading.gif
hjape.kapitonblanket.site/master/us177/ 107 KB
107 KB 72ms
72ms Image
image/gif 172.67.166.234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hjape.kapitonblanket.site/master/us177/loading.gif

Requested by

Host: hjape.kapitonblanket.site
URL: https://hjape.kapitonblanket.site/uhptu/unvd/sqdce/zgiua?53c151de7dfb0011b992d821c3296b57

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.166.234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a09a57db981b13c71ac6a6f4c966656994cef24c3cebfbd816fe1fa5af8c1065

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://hjape.kapitonblanket.site/uhptu/unvd/sqdce/zgiua?53c151de7dfb0011b992d821c3296b57
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 10:31:30 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 11629
alt-svc: h3=":443"; ma=86400
content-length: 109494
x-xss-protection: 1; mode=block
last-modified: Thu, 18 Apr 2024 20:46:54 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent, Accept-Encoding
content-type: image/gif
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pqZKfQYr2Nkd1aZV7SO8%2FZyYWii3IN52BX%2BU%2Ff9fao4Ky%2BSnZ0wKueZlbopHosS%2B7LAna7MWdCroZwXs2m7ABDi%2BCkz%2BgQGkwwBiN9URMwd3ARun7oljWbhRqejcSg%2BHkRssH%2BK5%2FdHC9HER"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 8ae61e2f89c17e7d-LAX
expires: Mon, 12 Aug 2024 07:17:41 GMT

GET
H3 200 check.png
hjape.kapitonblanket.site/master/us177/ 8 KB
9 KB 102ms
96ms Image
image/png 172.67.166.234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hjape.kapitonblanket.site/master/us177/check.png

Requested by

Host: hjape.kapitonblanket.site
URL: https://hjape.kapitonblanket.site/uhptu/unvd/sqdce/zgiua?53c151de7dfb0011b992d821c3296b57

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.166.234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

054a0ebcf5acd05cf68a90276f12dc32fbc1b7a7aa864be4ab2d35cd584f55fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://hjape.kapitonblanket.site/uhptu/unvd/sqdce/zgiua?53c151de7dfb0011b992d821c3296b57
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 10:31:30 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 11629
alt-svc: h3=":443"; ma=86400
content-length: 8338
x-xss-protection: 1; mode=block
last-modified: Thu, 18 Apr 2024 20:46:53 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent, Accept-Encoding
content-type: image/png
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RAVLf4PnWFU7LYE9%2F9hoxnXRDEsU4o2O8PZe2%2BSS8DaQpou%2BR9TLCz0DX0YwQ6ldlT2F7eCDfhCx%2BorgWFYrz0ut5a9LxKGz1JnKMGpOvHTv8lbe9wmqR%2FRp3tgrC%2FWEknSG6A4Da1fDbA5Q"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 8ae61e2fa9d97e7d-LAX
expires: Mon, 12 Aug 2024 07:17:41 GMT

GET
H3 200 script.js Show response
hjape.kapitonblanket.site/master/us177/ 13 KB
2 KB 103ms
97ms Script
application/javascript 172.67.166.234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hjape.kapitonblanket.site/master/us177/script.js

Requested by

Host: hjape.kapitonblanket.site
URL: https://hjape.kapitonblanket.site/uhptu/unvd/sqdce/zgiua?53c151de7dfb0011b992d821c3296b57

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.166.234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2d52b22d335024aa0efba1dd0a13ebdac87329bf27b3f0b6d7bba7a2522eed33

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://hjape.kapitonblanket.site/uhptu/unvd/sqdce/zgiua?53c151de7dfb0011b992d821c3296b57
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 10:31:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 11629
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Thu, 18 Apr 2024 20:46:54 GMT
server: cloudflare
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2p0lpN3jjdg4fCcFdmr9fw9GOcnNMFLzgmNOfQpjB%2Bq%2BVaJKFmlC3gk2riucJCEqLnypNwMHySxGjhAymfEKcyeOvUuFwUhpIncQaQjAZNGIB%2B4j4s8ILaAgFxENhbYHGPYnKII0QBaPmLvX"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
cf-ray: 8ae61e2fa9d67e7d-LAX
expires: Mon, 12 Aug 2024 07:17:41 GMT

GET
H3 200 v9e118mez8 Show response
trk-elevostra.com/scripts/push/ 8 KB
3 KB 198ms
72ms Script
application/javascript 172.67.150.30
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://trk-elevostra.com/scripts/push/v9e118mez8

Requested by

Host: hjape.kapitonblanket.site
URL: https://hjape.kapitonblanket.site/inc/msg.js?4fee862c01c82390a6f848318617f54b

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.150.30 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0023a8f8391b10006ee27598323de8d0e3d019755e8f7a16e88464b1aef00b39

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://hjape.kapitonblanket.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 10:31:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4168
alt-svc: h3=":443"; ma=86400
content-length: 2519
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 05 Aug 2024 09:22:02 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: application/javascript;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=trtggqgctlFAcufs1n7CSKua67SLblB5FHNlufRFxaStQMfCjShxOwp1SSAjk9F4l67xE4kRM1kocQOr19NoheZo0fHoMt1PevOKwJ%2Fpfm7o6WOJxd2TJM41hAXkRhX5LVI8Dw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400, must-revalidate
permissions-policy: camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
accept-ranges: bytes
cf-ray: 8ae61e306ad67bc7-LAX
expires: 0

GET
H3 200 favicon.ico
hjape.kapitonblanket.site/ 0
506 B 69ms
68ms Other
image/x-icon 172.67.166.234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://hjape.kapitonblanket.site/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.166.234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://hjape.kapitonblanket.site/uhptu/unvd/sqdce/zgiua?53c151de7dfb0011b992d821c3296b57
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 10:31:31 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 12263
alt-svc: h3=":443"; ma=86400
content-length: 0
x-xss-protection: 1; mode=block
last-modified: Tue, 11 Jun 2024 20:46:17 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: User-Agent, Accept-Encoding
content-type: image/x-icon
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zNnW6itMd9l2rPV8TJC4n8ZYrrN774acJWCjZTazG2RUPiLt0ieJPpTxXBsJMiYkZ98Ngq9uvWpflYDQIrlC6nScoGoP347ZK9ghqIPuNyiTvQx3ZYuVu%2FhPU8%2F%2FtpRSbfKlO3MtpcUe1enk"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 8ae61e331b877e7d-LAX
expires: Mon, 12 Aug 2024 07:07:08 GMT

OPTIONS
H3 200 v9e118mez8
event.trk-elevostra.com/register/event_log/ 0
0 484ms
326ms Preflight 172.67.150.30
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://event.trk-elevostra.com/register/event_log/v9e118mez8

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.150.30 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://hjape.kapitonblanket.site
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-expose-headers: Authorization, Link, X-Total-Count, X-pushPlatformApp-alert, X-pushPlatformApp-error, X-pushPlatformApp-params
access-control-max-age: 1800
alt-svc: h3=":443"; ma=86400
cache-control: no-cache, no-store, max-age=0, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8ae61e3429f27e71-LAX
content-length: 0
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
date: Mon, 05 Aug 2024 10:31:31 GMT
expires: 0
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
permissions-policy: camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gAmmCTq6BcTm71ahu2TSqNNQrQbyiU0mAGxvbUYc1zA5u%2FhcPA5ZytFetKgDG%2BAapwR18j4pNIrY%2FW8gw8nBMrmHqyXx81PooMtSWpIWMIEnjLIxe5wMDSXE6SMwCrxM%2FlhQEA1q0f2OJA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

POST
H3 200 v9e118mez8
event.trk-elevostra.com/register/event_log/ 0
0 140ms
138ms Fetch 172.67.150.30
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://event.trk-elevostra.com/register/event_log/v9e118mez8

Requested by

Host: trk-elevostra.com
URL: https://trk-elevostra.com/scripts/push/v9e118mez8

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.150.30 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://hjape.kapitonblanket.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-type: application/json

Response headers

x-pushplatformapp-params
date: Mon, 05 Aug 2024 10:31:31 GMT
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-pushplatformapp-alert: pushPlatformApp.pushSubscription.deleted
alt-svc: h3=":443"; ma=86400
content-length: 0
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: SAMEORIGIN
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gSWhLkYNndA5wS8Bh1XvNtAKktngRxfSvmvuubGW4JpR87HUFhcmpZFFTVEcVnG4yehGOOV%2BDdVl2x0WGW0W1l6SGJ1Ly4kqBYZwlJiEaYP8e8wJhmICph99kL%2BlltsyaZR2WWqCJDnCng%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
access-control-expose-headers: Authorization, Link, X-Total-Count, X-pushPlatformApp-alert, X-pushPlatformApp-error, X-pushPlatformApp-params
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
cf-ray: 8ae61e363a817e71-LAX
expires: 0

POST
H3 200 v9e118mez8
event.trk-elevostra.com/register/event_log/ 0
0 132ms
131ms Fetch 172.67.150.30
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://event.trk-elevostra.com/register/event_log/v9e118mez8

Requested by

Host: trk-elevostra.com
URL: https://trk-elevostra.com/scripts/push/v9e118mez8

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.150.30 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://hjape.kapitonblanket.site/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-type: application/json

Response headers

x-pushplatformapp-params
date: Mon, 05 Aug 2024 10:31:33 GMT
content-security-policy: default-src 'self'; frame-src 'self' data:; connect-src 'self' https://cdn-media-2020.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline'; img-src * 'self' https://* blob: data:; font-src 'self' data:
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-pushplatformapp-alert: pushPlatformApp.pushSubscription.deleted
alt-svc: h3=":443"; ma=86400
content-length: 0
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: SAMEORIGIN
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6iRcdobqmvPMdQL7BVCbpDSRnj4KWuNKocPbyyNglxiE0ij4GIV%2BI3JoVc%2BuaeieYgbB%2BdUGvuGRZ%2FpnYkdU3X2e%2BQ%2B6sjOvlvB2x486EfFvTlDb3s2sIwffk6ngrwjzomAfnu2aJYqd2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
access-control-expose-headers: Authorization, Link, X-Total-Count, X-pushPlatformApp-alert, X-pushPlatformApp-error, X-pushPlatformApp-params
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: camera=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), sync-xhr=()
cf-ray: 8ae61e3edd267e71-LAX
expires: 0

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Tracking (Transportation)

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
intactglas.com/	1970-01-20 23:17:25	Name: uid5992 Value: 1213210842-20240805063128-6161e12ec8ab1cc551b41963eb798cdb-3905
gastrodinner.cfd/	1969-12-31 23:59:59	Name: PHPSESSID Value: c81570a6e2caea811fe17bd9ecce3414
hjape.kapitonblanket.site/	1969-12-31 23:59:59	Name: PHPSESSID Value: c8ebf7153e53bc51786f43357ad64e86

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	error	URL: https://hjape.kapitonblanket.site/uhptu/unvd/sqdce/zgiua?53c151de7dfb0011b992d821c3296b57 Message: Chrome currently does not support the Push API in incognito mode (https://crbug.com/401439). There is deliberately no way to feature-detect this, since incognito mode needs to be undetectable by websites.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=16000000; includeSubDomains; preload;

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

event.trk-elevostra.com
gastrodinner.cfd
hjape.kapitonblanket.site
intactglas.com
trk-elevostra.com
use.fontawesome.com
155.254.194.13
172.67.150.30
172.67.166.234
172.67.180.18
2606:4700:3036::6815:1b98
0023a8f8391b10006ee27598323de8d0e3d019755e8f7a16e88464b1aef00b39
054a0ebcf5acd05cf68a90276f12dc32fbc1b7a7aa864be4ab2d35cd584f55fd
11f105a08e89103402777a983b6d8f88cc66c7706f95a348719d70ffe3adada3
19f7dd15af70121da291e6df75452886b47a5d0e074f2ed422be30e8ec5d9671
26a2416ada151212e8170f46219cff2420c4c4282042fa4846711a682e609c43
2d52b22d335024aa0efba1dd0a13ebdac87329bf27b3f0b6d7bba7a2522eed33
4c055e6d0d9ba2b8f1be4719110e92c1b9499ed0759f0d1c48fccd16a7b31dcf
6b86dbbda25715a3533518c22ab3698a4732674fffbf7bde8f18ab8685f249ce
812ab0e46f86b2ce98ab2425ab2224b90d0845952a1ac0d5abd734b6217e98bf
a09a57db981b13c71ac6a6f4c966656994cef24c3cebfbd816fe1fa5af8c1065
cc9d1599746ab92c71d07d5078adbdc763295f6d64760d9528b1d28245ca97dd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f37a1bc4b16b7c892cd9d8d66360ea31a060c56ed322bc52d5efafd48b52568c

hjape.kapitonblanket.site Open in urlscan Pro 172.67.166.234 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

100 %HTTPS

20 %IPv6

5 Domains

6 Subdomains

4 IPs

2 Countries

757 kBTransfer

1608 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

26 JavaScript Global Variables

3 Cookies

1 Console Messages

Security Headers

Indicators

hjape.kapitonblanket.site Open in urlscan Pro
172.67.166.234 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

100 %
HTTPS

20 %
IPv6

5
Domains

6
Subdomains

4
IPs

2
Countries

757 kB
Transfer

1608 kB
Size

3
Cookies

17 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!