pub-fff55ee1f1384746a834e5b239120cff.r2.dev Open in urlscan Pro
2606:4700::6812:323 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://trimmer.to/JeTBB
Effective URL:
https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/Truist_secureme_notification_alert.html
Submission: On March 01 via manual (March 1st 2024, 3:03:49 pm UTC) from US — Scanned from DE

Summary HTTP 25 Redirects Links 11 Behaviour Indicators

Summary

This website contacted 6 IPs in 1 countries across 6 domains to perform 25 HTTP transactions. The main IP is 2606:4700::6812:323, located in United States and belongs to CLOUDFLARENET, US. The main domain is pub-fff55ee1f1384746a834e5b239120cff.r2.dev.
TLS certificate: Issued by E1 on February 6th 2024. Valid for: 3 months.

This is the only time pub-fff55ee1f1384746a834e5b239120cff.r2.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Truist Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:303... 2606:4700:3030::6815:24cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 6	2606:4700:303... 2606:4700:3031::ac43:c74b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.244.42.69 104.244.42.69	13414 (TWITTER) (TWITTER)
2	2606:4700::68... 2606:4700::6812:323	13335 (CLOUDFLAR...) (CLOUDFLARENET)
17	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	152.199.19.160 152.199.19.160	15133 (EDGECAST) (EDGECAST)
1	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
25	6

1 2606:4700:3030::6815:24cc (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

trimmer.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:3031::ac43:c74b (United States) 3 redirects

ASN13335 (CLOUDFLARENET, US)

trimmer.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.69 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:323 (United States)

ASN13335 (CLOUDFLARENET, US)

pub-fff55ee1f1384746a834e5b239120cff.r2.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

template-5ql.pages.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 152.199.19.160 (United States)

ASN15133 (EDGECAST, US)

ajax.aspnetcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	pages.dev template-5ql.pages.dev	194 KB
7	trimmer.to 4 redirects trimmer.to	8 KB
2	r2.dev pub-fff55ee1f1384746a834e5b239120cff.r2.dev	359 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 228	5 KB
1	aspnetcdn.com ajax.aspnetcdn.com — Cisco Umbrella Rank: 2467	30 KB
1	t.co t.co — Cisco Umbrella Rank: 674	601 B
25	6

	Domain	Requested by
17	template-5ql.pages.dev	pub-fff55ee1f1384746a834e5b239120cff.r2.dev
7	trimmer.to	4 redirects trimmer.to
2	pub-fff55ee1f1384746a834e5b239120cff.r2.dev	t.co pub-fff55ee1f1384746a834e5b239120cff.r2.dev
1	cdnjs.cloudflare.com	pub-fff55ee1f1384746a834e5b239120cff.r2.dev
1	ajax.aspnetcdn.com	pub-fff55ee1f1384746a834e5b239120cff.r2.dev
1	t.co
25	6

This site contains links to these domains. Also see Links.

Domain
dias.bank.truist.com
www.nmlsconsumeraccess.org
www.finra.org
www.sipc.org
www.nyc.gov
www.truist.com

Subject Issuer	Validity	Valid
trimmer.to Cloudflare Inc ECC CA-3	`2023-12-26` - `2024-12-25`	a year	crt.sh
t.co DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-01-07` - `2025-01-06`	a year	crt.sh
*.r2.dev E1	`2024-02-06` - `2024-05-06`	3 months	crt.sh
template-5ql.pages.dev GTS CA 1P5	`2024-02-04` - `2024-05-04`	3 months	crt.sh
*.vo.msecnd.net DigiCert SHA2 Secure Server CA	`2024-01-30` - `2025-01-30`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/Truist_secureme_notification_alert.html
Frame ID: F38ED03D32B13869CD2103B5CC233FD6
Requests: 22 HTTP requests in this frame

Frame: https://trimmer.to/cdn-cgi/challenge-platform/h/g/scripts/jsd/a0d8959cb7d0/main.js
Frame ID: E2550CF3EC835DE0227D9CB126D49DD1
Requests: 2 HTTP requests in this frame

Frame: https://template-5ql.pages.dev/css/dest5.htm
Frame ID: DC250AF2DEBEF2E9BD8F978DC43C619C
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Truist Online Banking Login | Truist

Page URL History Show full URLs

http://trimmer.to/JeTBB HTTP 301
https://trimmer.to/JeTBB Page URL
https://trimmer.to/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=12961078 HTTP 302
https://trimmer.to/JeTBB HTTP 301
https://t.co/4uSF3USLse Page URL
https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/Truist_secureme_notification_alert.html Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

25
Requests

96 %
HTTPS

71 %
IPv6

6
Domains

6
Subdomains

6
IPs

1
Countries

595 kB
Transfer

867 kB
Size

5
Cookies

11 Outgoing links

These are links going to different origins than the main page.

URL: https://dias.bank.truist.com/selfserv/forgotuserid
Title: Forgot User ID

Search URL Search Domain Scan URL

URL: https://dias.bank.truist.com/selfserv/forgotpwd
Title: Forgot Password

Search URL Search Domain Scan URL

URL: https://dias.bank.truist.com/selfserv/forgotpwd/verify#skip-nav-target
Title: Skip to main content

Search URL Search Domain Scan URL

URL: https://www.nmlsconsumeraccess.org/
Title: Search the NMLS Registry.

Search URL Search Domain Scan URL

URL: https://www.finra.org/#/
Title: FINRA

Search URL Search Domain Scan URL

URL: https://www.sipc.org/
Title: SIPC

Search URL Search Domain Scan URL

URL: http://www.nyc.gov/dca
Title: http://www.nyc.gov/dca

Search URL Search Domain Scan URL

URL: https://www.truist.com/privacy
Title: Privacy

Search URL Search Domain Scan URL

URL: https://www.truist.com/fraud-and-security
Title: Fraud & security

Search URL Search Domain Scan URL

URL: https://www.truist.com/terms-and-conditions
Title: Terms and conditions

Search URL Search Domain Scan URL

URL: https://www.truist.com/accessibility
Title: Accessibility

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://trimmer.to/JeTBB HTTP 301
https://trimmer.to/JeTBB Page URL
https://trimmer.to/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=12961078 HTTP 302
https://trimmer.to/JeTBB HTTP 301
https://t.co/4uSF3USLse Page URL
https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/Truist_secureme_notification_alert.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://trimmer.to/JeTBB HTTP 301
https://trimmer.to/JeTBB

Request Chain 1

https://trimmer.to/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://trimmer.to/cdn-cgi/challenge-platform/h/g/scripts/jsd/a0d8959cb7d0/main.js

Request Chain 2

https://trimmer.to/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=12961078 HTTP 302
https://trimmer.to/JeTBB HTTP 301
https://t.co/4uSF3USLse

25 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

JeTBB Show response
trimmer.to/
Redirect Chain

http://trimmer.to/JeTBB
https://trimmer.to/JeTBB

2 KB
1 KB

370ms
314ms

Document
text/html

2606:4700:3031::ac43:c74b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://trimmer.to/JeTBB
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:c74b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b9be43d6b02b6a6905473e14b0386e3e0f624d1718bafa23bab0f94b6abe622c

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
cf-cache-status: DYNAMIC
cf-edge-cache: no-cache
cf-ray: 85da0909cedcabde-CPH
content-encoding: br
content-type: text/html
date: Fri, 01 Mar 2024 15:03:42 GMT
last-modified: Friday, 01-Mar-2024 15:03:42 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S7mOZchrFXnRjqhkVsi17bQZq0GJIvHQLux7XQlg6rXLU44PtlFhVArFbWZaCjUQCSID5Jjrft7KLifV29Fzg4XPhKfulWkzbXJTE3pDzvaZBV9S7tzefIUxY%2FYJefNGP73eobHCWjTh"}],"group":"cf-nel","max_age":604800}
server: cloudflare

Redirect headers

CF-RAY: 85da09090afc735b-CPH
Cache-Control: max-age=3600
Connection: keep-alive
Date: Fri, 01 Mar 2024 15:03:42 GMT
Expires: Fri, 01 Mar 2024 16:03:42 GMT
Location: https://trimmer.to/JeTBB
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s%2F88q7t4BF%2B83e%2FUzZ0T%2BjLhz18zuNNKNWLCiMRV28t1RMm%2BBO081PwWW1YToAyBXrQZfoVzo4XkLu4InFM5bAUDcI2k0%2FLhGoKDN50w4gpgpQtQe1zlMbuVls301OibiGsJOGhc9wIC"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400

GET
H2

200

main.js
trimmer.to/cdn-cgi/challenge-platform/h/g/scripts/jsd/a0d8959cb7d0/ Frame E255
Redirect Chain

https://trimmer.to/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://trimmer.to/cdn-cgi/challenge-platform/h/g/scripts/jsd/a0d8959cb7d0/main.js

8 KB
4 KB

38ms
38ms

Script
application/javascript

2606:4700:3031::ac43:c74b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://trimmer.to/cdn-cgi/challenge-platform/h/g/scripts/jsd/a0d8959cb7d0/main.js

Protocol

Server

2606:4700:3031::ac43:c74b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 15:03:42 GMT
content-encoding: br
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xHxHttSVTSlMxmuw7jUF00FB0GWT97%2FubtSrsf6Kwz595w3AoRmYK1ZiBpyBap%2BUEnLd8ULJ78RDLufH2kgwgL5AXKnRS%2FnTbFp8Ur8zVthkJAqWypNRg0XoEbC%2Fhsol6jxcFu396NBo"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
cf-ray: 85da090c6b41abde-CPH
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Fri, 01 Mar 2024 15:03:42 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8WZXUE8kIHN2YcPyp%2FA1PL8TPIcb1FLcggcaMOa8ZYJ3VMmTBD0BHs200YjE7PzoiZchIyR%2BONYcyexjdHERjg68DNR0%2BVCc4%2BTgO%2F7lVavg%2Bd9xBg3HNsDfR9pB%2BwRECvRpZaeEgAEd"}],"group":"cf-nel","max_age":604800}
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/a0d8959cb7d0/main.js
access-control-allow-origin: *
cache-control: max-age=300, public
cf-ray: 85da090c3ae4abde-CPH
alt-svc: h3=":443"; ma=86400

GET
H2

200

4uSF3USLse
t.co/
Redirect Chain

https://trimmer.to/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f?wsidchk=12961078
https://trimmer.to/JeTBB
https://t.co/4uSF3USLse

428 B
601 B

207ms
145ms

Document
text/html

104.244.42.69
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://t.co/4uSF3USLse

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.69 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Xss-Protection	0

Request headers

Referer: https://trimmer.to/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private,max-age=300
content-encoding: gzip
content-length: 229
content-type: text/html; charset=utf-8
date: Fri, 01 Mar 2024 15:03:42 GMT
expires: Fri, 01 Mar 2024 15:08:43 GMT
perf: 7469935968
server: tsa_o
strict-transport-security: max-age=0
vary: Origin
x-connection-hash: 10503f380a32b84565e572a831d841e3223b4aa15653f977e3f89107386e1739
x-response-time: 117
x-transaction-id: 48c3d511dd99c43f
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 85da090cf9ca6dea-CPH
content-type: text/html; charset=UTF-8
date: Fri, 01 Mar 2024 15:03:43 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: https://t.co/4uSF3USLse
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ox5vSfY7w0Pq5gabMTG8vpqI5tfB79AQAvgQn35wnR8N9mmxAiBrVJFsPHAhzcluAqF7JX0vdDBUo7SLvSmVpzZRQk4GbMnVdd3QygOdTcD54Hbq7EW%2BuZcn17%2BkXdnaDgxfDdt%2FHwHm"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: PHP/8.1.27
x-robots-tag: noindex
x-turbo-charged-by: LiteSpeed

POST
H3 200 85da0909cedcabde
trimmer.to/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame E255 0
630 B 55ms
53ms XHR
text/plain 2606:4700:3031::ac43:c74b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://trimmer.to/cdn-cgi/challenge-platform/h/g/jsd/r/85da0909cedcabde
Requested by: Host: trimmer.to
URL: https://trimmer.to/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:c74b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 01 Mar 2024 15:03:42 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OKMV%2FKvmaM535Gtufgt8TCN9DSGsg5qUpVpiIPy3ay7jnKAhYxgqz5GKzOB%2FKJl%2BJnIoONoj%2B%2FqzGmGRt9H7tQ4WVGTQM7Id1CafRDhUJonHOykE7uot5zePoaXGiQue6mG%2BkF7aNcNM"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 85da090d09f16dea-CPH
alt-svc: h3=":443"; ma=86400

GET
H/1.1 200
OK Primary Request Truist_secureme_notification_alert.html Show response
pub-fff55ee1f1384746a834e5b239120cff.r2.dev/ 359 KB
359 KB 433ms
347ms Document
text/html 2606:4700::6812:323
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/Truist_secureme_notification_alert.html
Requested by: Host: t.co
URL: https://t.co/4uSF3USLse
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:323 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a513858a2963cc53d939080c9915b8b3813cb3f324050498b5398bf05dd62ad7

Request headers

Referer: https://t.co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
CF-RAY: 85da09119f8bfc73-WAW
Connection: keep-alive
Content-Length: 367362
Content-Type: text/html
Date: Fri, 01 Mar 2024 15:03:43 GMT
ETag: "b728ff7edbc600284f22d5b5a344552f"
Last-Modified: Mon, 26 Feb 2024 13:50:19 GMT
Server: cloudflare
Vary: Accept-Encoding

GET
H2 404 s16901390859996.js
template-5ql.pages.dev/css/ 0
0 222ms
139ms Script
text/plain 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://template-5ql.pages.dev/css/s16901390859996.js
Requested by: Host: pub-fff55ee1f1384746a834e5b239120cff.r2.dev
URL: https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/Truist_secureme_notification_alert.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 15:03:44 GMT
referrer-policy: strict-origin-when-cross-origin
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OpZnkEzVO0otLHdP97wPh9hiAbt5fH3Y5b7TcAZJSkil59ULJlpZ5ZXbQfe4577cZpffxrNpBR9e4Oam%2FV8zXc%2B15k64Q0aMnXxF%2By6zSrL5V5EtbuK59IgToC12MqrovszDB%2BkBZlsxKQ0XMYQgh4Aslp8g"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 85da09145d35737b-CPH
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 404 dbc-min.js
template-5ql.pages.dev/css/ 0
0 199ms
117ms Script
text/plain 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://template-5ql.pages.dev/css/dbc-min.js
Requested by: Host: pub-fff55ee1f1384746a834e5b239120cff.r2.dev
URL: https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/Truist_secureme_notification_alert.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 15:03:44 GMT
referrer-policy: strict-origin-when-cross-origin
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BJ2R%2BMa9zEsCB7iUzZmY8RWlLHwmZLQINRJgJZ8ULbBCNjI4MGdirLIz1ecGNfYO%2BLbprzYn2yeXTN08%2FP4A7MBSmddcyMuY3CoUKD5iAffYYnu6o2eutSu%2Fx7iP%2Bqt9Jd8OsUJaxoaQgbzS0h%2FZke73G%2BIE"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 85da09145d31737b-CPH
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 styles.300dc7a1784cb961.css
template-5ql.pages.dev/css/ 72 KB
10 KB 243ms
161ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://template-5ql.pages.dev/css/styles.300dc7a1784cb961.css

Requested by

Host: pub-fff55ee1f1384746a834e5b239120cff.r2.dev
URL: https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/Truist_secureme_notification_alert.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fdeec756eeb5e1678d56c408ab7b587cffdc028141bb321e6f9fc2ab07434f94

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 15:03:44 GMT
content-encoding: br
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"eb13ef08601aeeb3c144bf9bcca606d2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wQXL3X%2B7Z%2BUQ%2FOpK8fgV0U%2B4ODxvI6FlsSdHzGPgoAKmI58oA5kqPhk5mRI%2BNaQ%2FfP69ajh2tVxWrvhsOgPW3TDOgqkBw3zYlLSvHtepfRdPf3pkz8ZJuhJ5UU%2BwYj7QBHIPlWzZADzOGhoIcja8oZfZb4YM"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 85da09145d2e737b-CPH
alt-svc: h3=":443"; ma=86400

GET
H2 404 launch-866a03735382.min.js
template-5ql.pages.dev/css/ 0
0 216ms
134ms Script
text/plain 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://template-5ql.pages.dev/css/launch-866a03735382.min.js
Requested by: Host: pub-fff55ee1f1384746a834e5b239120cff.r2.dev
URL: https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/Truist_secureme_notification_alert.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 15:03:44 GMT
referrer-policy: strict-origin-when-cross-origin
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=arVQA9hEoELHw1x0SBOHUwnNyiJZhWMV0NsTtJ5dBXxf5RcB9t%2BncI2E4M3Ca5IGr%2BAvfKHpsnROGZ6MTBKfz%2BfWPM%2BpH8d2MphcTa798Ivip%2B%2BZykVh7l3HJGb2sJKZ9bSPSfKGlXDoRIP7nDcYMxRfVZ2M"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 85da09145d34737b-CPH
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 styles_r.css
template-5ql.pages.dev/css/ 156 KB
21 KB 198ms
173ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://template-5ql.pages.dev/css/styles_r.css

Requested by

Host: pub-fff55ee1f1384746a834e5b239120cff.r2.dev
URL: https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/Truist_secureme_notification_alert.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3298955245d7912cfe82f3cb67dc8e40c9ca08a1c0106ac68e4813f721d75523

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 15:03:44 GMT
content-encoding: br
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"30f1c4cf8007ce300dea765ccb8c55d2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mSJm4aNpyOjqzH47FIixnosBeTaXJsbiIQcUMuYEFhbUvHyRG%2B9sEFJLGpKFUaWR2iGBRwNqE74Y0qOxcpTiusbaMUy%2F7hi3S8EUTNfkQswD23MSq8PkTkgZ%2BosQJ%2BoF9RmQJgjezgXlGUC%2B1UkJstonuqQj"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 85da09145d2f737b-CPH
alt-svc: h3=":443"; ma=86400

GET
H2 404 AppMeasurement.min.js
template-5ql.pages.dev/css/ 0
0 57ms
56ms Script
text/plain 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://template-5ql.pages.dev/css/AppMeasurement.min.js
Requested by: Host: pub-fff55ee1f1384746a834e5b239120cff.r2.dev
URL: https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/Truist_secureme_notification_alert.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 15:03:44 GMT
referrer-policy: strict-origin-when-cross-origin
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=icRXXiEEV34ztVPsfLdzzpIdltuVmlc0CP%2BDF6lJ3Xrwfl5B7Epx5WEsKxnHovwubb8jQlKeUsLWcGJpFYZzj6pAd7putcf9qd6IZh6pyWhvPFmaf0VlGaxFqnriQ%2FPn2odMJ5PD97KxdzjFE2HRs8jRsuv1"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 85da09157e89737b-CPH
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 404 AppMeasurement_Module_AudienceManagement.min.js
template-5ql.pages.dev/css/ 0
0 54ms
54ms Script
text/plain 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://template-5ql.pages.dev/css/AppMeasurement_Module_AudienceManagement.min.js
Requested by: Host: pub-fff55ee1f1384746a834e5b239120cff.r2.dev
URL: https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/Truist_secureme_notification_alert.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 15:03:44 GMT
referrer-policy: strict-origin-when-cross-origin
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OZlWmYXFdSTkr40mWXZ0uI3hCmILG2LaPu1CTkhANWYPX%2FFef6Qp4m0kvQ4I%2Fnhx7%2BiI38C%2BG6bCRrzCv7UANt%2F1BAZvfnhyoC3UUk0MSlz86vrgVs1mNC7jqDMkj1s7Wu5RcfaFa8655rlWSUp8zZr3A5LD"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 85da09157e8a737b-CPH
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 404 truist_common.js
template-5ql.pages.dev/css/ 0
0 138ms
116ms Script
text/plain 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://template-5ql.pages.dev/css/truist_common.js
Requested by: Host: pub-fff55ee1f1384746a834e5b239120cff.r2.dev
URL: https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/Truist_secureme_notification_alert.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 15:03:44 GMT
referrer-policy: strict-origin-when-cross-origin
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lNcgssgCT%2FdcM3aypSkrvwxr49aZruMrxI8qo%2F3RoM4277mY7BKPRvaqepyQJl5ClpCzZVI0x%2F2FagOqDrBcSI2tbDv29k0OkP5eFWy2vR9k0saPSWTw3dCDvnL4BGwFETE%2Bc0NiAX%2FfWT629peVxPESpzFh"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 85da09145d33737b-CPH
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 trulogo_horz-trupurple.png
template-5ql.pages.dev/css/ 4 KB
5 KB 167ms
167ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://template-5ql.pages.dev/css/trulogo_horz-trupurple.png

Requested by

Host: pub-fff55ee1f1384746a834e5b239120cff.r2.dev
URL: https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/Truist_secureme_notification_alert.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d2e2e20fc9729fb0389392bde5a8fd1b4cb390dd8689ce7a1c3fe83cc91b0d52

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 15:03:44 GMT
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "a2808519a3688acb0dd1348fb0881fc2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZKkMxDovzF8I%2BD09EHsYs0bXuxGfJEbzPKYbMvJ%2BfQcLE4lgoqSTawSBlhiplxSCmzB5NC4lofhNoVOwW9vEL6lrInJVKims66J20BRCh0MP%2FpEly2HIDT%2BHfG2ICc8b6U%2FRlebaqZxwaTKKL72ga4DysYe7"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 85da09146d47737b-CPH
alt-svc: h3=":443"; ma=86400
content-length: 4376

GET
H2 200 trulogo_horz-white.png
template-5ql.pages.dev/css/ 3 KB
4 KB 188ms
188ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://template-5ql.pages.dev/css/trulogo_horz-white.png

Requested by

Host: pub-fff55ee1f1384746a834e5b239120cff.r2.dev
URL: https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/Truist_secureme_notification_alert.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f87b567095229d6c5298353136c8c7c1b268fe1b8d996b7ab29b07f7ae97ec08

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 15:03:44 GMT
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "89d55f013f501de3ed4c1bf8d099bf4b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZHG24Wvamp51o34FOCMoKQ7SCjIoMuEg6r6ECZC%2BojvQidhh7Ecx8TuSfxMRxMu11hZs2zlKA8oi4Wy5GZJKizb9O6ukgu9hpdN00kxe2SdjZsUV%2B%2FkbNuHgqtc2DudNcND7a7%2F3TZEZU7IMkKWCopaDdI9s"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 85da09146d49737b-CPH
alt-svc: h3=":443"; ma=86400
content-length: 3570

GET
H2 200 tru_lg_hrz_rgb_wht_rev.png
template-5ql.pages.dev/css/ 14 KB
15 KB 68ms
67ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://template-5ql.pages.dev/css/tru_lg_hrz_rgb_wht_rev.png

Requested by

Host: pub-fff55ee1f1384746a834e5b239120cff.r2.dev
URL: https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/Truist_secureme_notification_alert.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d938ee89009d30e5f4abe089c40c5d3ef3b4ae7e1965d451faadb7e61ccc32d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 15:03:44 GMT
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "c757975484e8277806a2c90a9fa1c27a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PAGk7M4DPMrw3aqqSN25SAJXpmTY6kmqGGH1LCqspebB3%2FFlAYFwmhLdtqFxMQocHyGkfwH6%2B0PE8xqtVtJ4RbvfyNGrFLz3M8vVjzV8cZL9hn6cn3zAHoTaewsqAawoPFwtcrokl1811ezLp0EiWDznMZvS"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 85da09157e80737b-CPH
alt-svc: h3=":443"; ma=86400
content-length: 14599

GET
H2 404 runtime.24e47bcca0e5b8df.js
template-5ql.pages.dev/css/ 0
0 157ms
93ms Script
text/plain 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://template-5ql.pages.dev/css/runtime.24e47bcca0e5b8df.js
Requested by: Host: pub-fff55ee1f1384746a834e5b239120cff.r2.dev
URL: https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/Truist_secureme_notification_alert.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/
Origin: https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 15:03:44 GMT
referrer-policy: strict-origin-when-cross-origin
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oX8ueNJZXZuQXhCg0T4JPjEZL9Hd3I2Osx0KJjxjoxifVPanAcLVGzCQBIKZ8Tw6l2gRmVItPXi%2BvyKBcA6Hv%2B%2BuE%2FoEGEs7OZLCyo8HljOvoERkdG0o1AdSZ%2FuUUJcGg9GLy6G%2Fo3YBIgM0GG5V7RadsehP"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 85da0914f8ce8f5c-CPH
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 404 polyfills.87d6b856162b755f.js
template-5ql.pages.dev/css/ 0
0 142ms
79ms Script
text/plain 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://template-5ql.pages.dev/css/polyfills.87d6b856162b755f.js
Requested by: Host: pub-fff55ee1f1384746a834e5b239120cff.r2.dev
URL: https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/Truist_secureme_notification_alert.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/
Origin: https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 15:03:44 GMT
referrer-policy: strict-origin-when-cross-origin
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EFvV%2Fxc0ijuMQ7SPGv8FGKSvBP8Scu6uh0eTaupNttiP0hT662DNFvTCtDqitnh9TNPKcWNAcTTfGrqpWvhSNLHKUYllXX7xncBPdNuUgshChW%2BTnJAlN7%2FA7EgxDi3nTthHz1gqifCu5YFQkrOBmDN1eviZ"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 85da0914f8d38f5c-CPH
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 404 scripts.1c82821384a86f51.js
template-5ql.pages.dev/css/ 0
0 64ms
64ms Script
text/plain 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://template-5ql.pages.dev/css/scripts.1c82821384a86f51.js
Requested by: Host: pub-fff55ee1f1384746a834e5b239120cff.r2.dev
URL: https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/Truist_secureme_notification_alert.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 15:03:44 GMT
referrer-policy: strict-origin-when-cross-origin
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zKk6fZlnQoPwdpuV7GRbeN81M0M0ZjPKsfh8QilsFCkamMm5hDMUx7cmGmxO5r5KEZX0YsXWoBQNDQsASX3TCr6K2LVYk%2F1Bxyag313k5Rc%2FYt4EIP3j6SLk630fXxv%2F%2FXlb3LP7Z3WjeG%2Fq5zVOFettDxVN"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 85da09157e8b737b-CPH
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 404 main.6b2b5be7c0191f9e.js
template-5ql.pages.dev/css/ 0
0 155ms
92ms Script
text/plain 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://template-5ql.pages.dev/css/main.6b2b5be7c0191f9e.js
Requested by: Host: pub-fff55ee1f1384746a834e5b239120cff.r2.dev
URL: https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/Truist_secureme_notification_alert.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/
Origin: https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 15:03:44 GMT
referrer-policy: strict-origin-when-cross-origin
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yEqJOygvet%2B7KRZqzKB8hk0MCLpMCHZ9ZfNlCKJUFZNFURtnynqsfka6w3Mz%2BU3KYq2IH5Wr0EyTrn6FVWwKyBPcsODpAHSk1RVw30WLm5C46Qny5dU8vjTlAVZjAWxjSLFdvKkNW%2FBOeD3ZftqzWm77P0IS"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 85da0914f8d58f5c-CPH
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 jquery-3.3.1.min.js Show response
ajax.aspnetcdn.com/ajax/jQuery/ 85 KB
30 KB 154ms
37ms Script
application/javascript 152.199.19.160
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js

Requested by

Host: pub-fff55ee1f1384746a834e5b239120cff.r2.dev
URL: https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/Truist_secureme_notification_alert.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.160 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (ska/F6AE) /

Resource Hash

160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 15:03:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 28238860
x-cache: HIT
content-length: 30394
x-xss-protection: 1; mode=block
last-modified: Mon, 22 Jan 2018 19:27:49 GMT
server: ECAcc (ska/F6AE)
etag: "80288516b793d31:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 jquery.mask.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/ 20 KB
5 KB 109ms
42ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jquery.mask.js

Requested by

Host: pub-fff55ee1f1384746a834e5b239120cff.r2.dev
URL: https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/Truist_secureme_notification_alert.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 15:03:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 142041
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 4517
last-modified: Mon, 04 May 2020 16:11:47 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec3-4e98"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vr3NP5qdR0pFGpzqbTaJ94ldRb8rhpilPBEPT1lZxHTkaSIYKUW3Dw47l6y24DjDY7K7DMDx0Q76ricsh7P54mEygnoR7GBcePhb%2FmNvwzQZMOa2A8hhQlo8nxL8BD7FW4b7S4dkQa%2FHiR7nizXrfOwJ"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 85da0915e8eb3bcf-WAW
expires: Wed, 19 Feb 2025 15:03:44 GMT

GET
H/1.1 404
Not Found tru-core-icon-sprite.svg
pub-fff55ee1f1384746a834e5b239120cff.r2.dev/assets/ 0
0 319ms
319ms Other
text/html 2606:4700::6812:323
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/assets/tru-core-icon-sprite.svg
Requested by: Host: pub-fff55ee1f1384746a834e5b239120cff.r2.dev
URL: https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/Truist_secureme_notification_alert.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:323 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/Truist_secureme_notification_alert.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date: Fri, 01 Mar 2024 15:03:44 GMT
Server: cloudflare
Connection: keep-alive
CF-RAY: 85da09157cc5fc73-WAW
Content-Length: 27242
Vary: Accept-Encoding
Content-Type: text/html

GET
H2 200 dest5.htm Show response
template-5ql.pages.dev/css/ Frame DC25 7 KB
3 KB 104ms
104ms Document
text/html 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://template-5ql.pages.dev/css/dest5.htm

Requested by

Host: pub-fff55ee1f1384746a834e5b239120cff.r2.dev
URL: https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/Truist_secureme_notification_alert.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ec49b86b06d2f7c62d5f4c7ce1aff7e7158550db6c0048565345b67152bc7604

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=0, must-revalidate
cf-ray: 85da09157e8f737b-CPH
content-encoding: br
content-type: text/html; charset=utf-8
date: Fri, 01 Mar 2024 15:03:44 GMT
etag: W/"c9a6a5516041464e2bdccd453a92db76"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OfWZSgn%2F7ds5e%2FY0mlvF%2B3yDdqAIbvJ9NNOiOoU5KRz%2BGl9HpD33jRjmNxzcqteqZ8%2FQ%2B%2Bls9RSGzs%2FVBZtMM2dTEGSziWQAytoWNxo0rNWACSfHssJKJpUavJCyYtSziLb4WDsKnvZRRoWwkU0Hr%2FjWJXkS"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff

GET
H2 200 father-son.png
template-5ql.pages.dev/css/ 137 KB
137 KB 121ms
121ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://template-5ql.pages.dev/css/father-son.png

Requested by

Host: pub-fff55ee1f1384746a834e5b239120cff.r2.dev
URL: https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/Truist_secureme_notification_alert.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2fb0edc4309fcb422b5a0a0649b316449435e6a4f9ae2f3dc294d4c207028d25

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 15:03:44 GMT
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "df94d8486a71e57db0e1edb4bdd1053c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p%2Bfo%2FQq2VrzDSACimwTNbwo%2F9xwE4u6CGkX%2FhwU1EfROs0GaAp7nlSr6%2BDcNLDdOhN1p8XkArW%2F34LAA2p2057x7kQj%2B04uJhYi8Gq57a3B7ZusiTFChatfRXMAGcGqP5cefZezu3PgHT99FZcsyAy9IzVr5"}],"group":"cf-nel","max_age":604800}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 85da09157e93737b-CPH
alt-svc: h3=":443"; ma=86400
content-length: 140237

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Truist Bank (Banking)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.trimmer.to/	1970-01-20 19:31:37	Name: wschkid Value: ca68da7ab51dbdb3910f346a1b8e9b1a6e311814.1709391822.1
.trimmer.to/	1970-01-21 03:34:01	Name: cf_clearance Value: oVmVWg7zmj2_AwUm9LnI6JmEDZjkVXjq43ScUmk_jA8-1709305422-1.0.1.1-TqWGyMZDqo1z7zeNh3MY7OsvBZ2WpuFgomEa4.y8A7AeMSZPg89josM66ntqw1qKDzJhPCNHADyMPJWlbFunmg
trimmer.to/	1969-12-31 23:59:59	Name: PHPSESSID Value: gi0opa8uu31jg6d02gu70u0m46
trimmer.to/	1970-01-20 18:48:26	Name: short_4317 Value: 1
.t.co/	1970-01-21 04:18:39	Name: muc Value: 5d6f3c93-269c-40da-a234-10fcdc453304

14 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://template-5ql.pages.dev/css/truist_common.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://template-5ql.pages.dev/css/dbc-min.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://template-5ql.pages.dev/css/launch-866a03735382.min.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://template-5ql.pages.dev/css/s16901390859996.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://template-5ql.pages.dev/css/polyfills.87d6b856162b755f.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://template-5ql.pages.dev/css/main.6b2b5be7c0191f9e.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://template-5ql.pages.dev/css/runtime.24e47bcca0e5b8df.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://template-5ql.pages.dev/css/AppMeasurement_Module_AudienceManagement.min.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://template-5ql.pages.dev/css/AppMeasurement.min.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://template-5ql.pages.dev/css/scripts.1c82821384a86f51.js Message: Failed to load resource: the server responded with a status of 404 ()
other	warning	URL: https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/Truist_secureme_notification_alert.html Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/Truist_secureme_notification_alert.html Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/Truist_secureme_notification_alert.html Message: Third-party cookie will be blocked. Learn more in the Issues tab.
network	error	URL: https://pub-fff55ee1f1384746a834e5b239120cff.r2.dev/assets/tru-core-icon-sprite.svg#Checkmark-Low Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.aspnetcdn.com
cdnjs.cloudflare.com
pub-fff55ee1f1384746a834e5b239120cff.r2.dev
t.co
template-5ql.pages.dev
trimmer.to
104.244.42.69
152.199.19.160
2606:4700:3030::6815:24cc
2606:4700:3031::ac43:c74b
2606:4700::6811:180e
2606:4700::6812:323
2a06:98c1:3120::3
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
2fb0edc4309fcb422b5a0a0649b316449435e6a4f9ae2f3dc294d4c207028d25
3298955245d7912cfe82f3cb67dc8e40c9ca08a1c0106ac68e4813f721d75523
a513858a2963cc53d939080c9915b8b3813cb3f324050498b5398bf05dd62ad7
b9be43d6b02b6a6905473e14b0386e3e0f624d1718bafa23bab0f94b6abe622c
be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44
d2e2e20fc9729fb0389392bde5a8fd1b4cb390dd8689ce7a1c3fe83cc91b0d52
d938ee89009d30e5f4abe089c40c5d3ef3b4ae7e1965d451faadb7e61ccc32d9
ec49b86b06d2f7c62d5f4c7ce1aff7e7158550db6c0048565345b67152bc7604
f87b567095229d6c5298353136c8c7c1b268fe1b8d996b7ab29b07f7ae97ec08
fdeec756eeb5e1678d56c408ab7b587cffdc028141bb321e6f9fc2ab07434f94

pub-fff55ee1f1384746a834e5b239120cff.r2.dev Open in urlscan Pro 2606:4700::6812:323 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

25 Requests

96 %HTTPS

71 %IPv6

6 Domains

6 Subdomains

6 IPs

1 Countries

595 kBTransfer

867 kBSize

5 Cookies

11 Outgoing links

Page URL History

Redirected requests

25 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

pub-fff55ee1f1384746a834e5b239120cff.r2.dev Open in urlscan Pro
2606:4700::6812:323 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

25
Requests

96 %
HTTPS

71 %
IPv6

6
Domains

6
Subdomains

6
IPs

1
Countries

595 kB
Transfer

867 kB
Size

5
Cookies

25 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!