pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev Open in urlscan Pro
2606:4700::6812:223 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev/sawdaasa.html
Submission: On May 29 via automatic, source openphish (May 29th 2024, 1:05:34 am UTC) — Scanned from DE

Summary HTTP 35 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 8 IPs in 1 countries across 6 domains to perform 35 HTTP transactions. The main IP is 2606:4700::6812:223, located in United States and belongs to CLOUDFLARENET, US. The main domain is pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev.
TLS certificate: Issued by E1 on April 5th 2024. Valid for: 3 months.

This is the only time pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: USAA (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	2606:4700::68... 2606:4700::6812:223	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:303... 2606:4700:3031::ac43:806c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1		() ()
15	2606:4700:310... 2606:4700:310c::ac42:2f35	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	152.199.19.160 152.199.19.160	15133 (EDGECAST) (EDGECAST)
1	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	2606:4700:310... 2606:4700:310c::ac42:2ccb	13335 (CLOUDFLAR...) (CLOUDFLARENET)
35	8

1 2606:4700::6812:223 (United States)

ASN13335 (CLOUDFLARENET, US)

pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3031::ac43:806c (United States)

ASN13335 (CLOUDFLARENET, US)

z0c3u.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 (None, )

ASN- ()

pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2606:4700:310c::ac42:2f35 (United States)

ASN13335 (CLOUDFLARENET, US)

sdsfsfsfs.pages.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 152.199.19.160 (United States)

ASN15133 (EDGECAST, US)

ajax.aspnetcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:310c::ac42:2ccb (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

sdsfsfsfs.pages.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	pages.dev 1 redirects sdsfsfsfs.pages.dev	437 KB
2	z0c3u.com z0c3u.com	114 KB
2	r2.dev pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev	862 B
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 237	5 KB
1	aspnetcdn.com ajax.aspnetcdn.com — Cisco Umbrella Rank: 2465	30 KB
0	usaa.com Failed content.usaa.com Failed
35	6

	Domain	Requested by
17	sdsfsfsfs.pages.dev	1 redirects pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev
2	z0c3u.com	pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev
2	pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev	z0c3u.com
1	cdnjs.cloudflare.com	pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev
1	ajax.aspnetcdn.com	pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev
0	content.usaa.com Failed	sdsfsfsfs.pages.dev
35	6

This site contains links to these domains. Also see Links.

Domain
www.usaa.com

Subject Issuer	Validity	Valid
*.r2.dev E1	`2024-04-05` - `2024-07-04`	3 months	crt.sh
z0c3u.com GTS CA 1P5	`2024-04-18` - `2024-07-17`	3 months	crt.sh
sdsfsfsfs.pages.dev E1	`2024-05-01` - `2024-07-30`	3 months	crt.sh
*.vo.msecnd.net DigiCert SHA2 Secure Server CA	`2024-01-30` - `2025-01-30`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev/sawdaasa.html
Frame ID: 7186CC2F3CB31E9E01E16CE4122EE518
Requests: 36 HTTP requests in this frame

Frame: https://sdsfsfsfs.pages.dev/files/a
Frame ID: 061BD2594C03718F263E16A73D58D21B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Member Account Login | USAA

Detected technologies

React (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+data-react

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

35
Requests

63 %
HTTPS

71 %
IPv6

6
Domains

6
Subdomains

8
IPs

1
Countries

586 kB
Transfer

1826 kB
Size

0
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://www.usaa.com/
Title: USAA logo. Redirects to USAA home. USAA logo

Search URL Search Domain Scan URL

URL: https://www.usaa.com/join/get-started/
Title: Join USAA

Search URL Search Domain Scan URL

URL: https://www.usaa.com/inet/ent_proof/proofingEvent?action=Init&event=registration
Title: Register for access

Search URL Search Domain Scan URL

URL: https://www.usaa.com/inet/wc/security_center?0&wa_ref=logon_jump_security_center
Title: Security Center

Search URL Search Domain Scan URL

URL: https://www.usaa.com/privacy
Title: Privacy Center

Search URL Search Domain Scan URL

URL: https://www.usaa.com/inet/pages/accessibility_at_usaa_main?wa_ref=pub_subglobal_footer_accessibility
Title: Accessibility at USAA

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 21

https://sdsfsfsfs.pages.dev/files/a.html HTTP 308
https://sdsfsfsfs.pages.dev/files/a

35 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request sawdaasa.html Show response
pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev/ 553 B
862 B 229ms
194ms Document
text/html 2606:4700::6812:223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev/sawdaasa.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4583fe18f2562ebedcde2df3cafcf399f5a6f309c7bb18e3cbebb5a5e5402a4b

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Accept-Ranges: bytes
CF-RAY: 88b2938e9b9f8ffe-FRA
Connection: keep-alive
Content-Length: 553
Content-Type: text/html
Date: Wed, 29 May 2024 01:05:29 GMT
ETag: "fd7cbdcbb558facce850ea1b4415e660"
Last-Modified: Tue, 28 May 2024 08:25:58 GMT
Server: cloudflare
Vary: Accept-Encoding

GET
H3 200 jquery.js Show response
z0c3u.com/secure4/ 284 KB
84 KB 83ms
43ms Script
text/javascript 2606:4700:3031::ac43:806c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://z0c3u.com/secure4/jquery.js
Requested by: Host: pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev
URL: https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev/sawdaasa.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:806c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f2a84bc4f4cb8ae04162f42f1f3ebed1e05725d9b5bf666b885356c7698a071f

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 01:05:29 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Tue, 28 May 2024 07:49:45 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lU%2BSywFBiZ8%2FPBUSj1s%2BhfSU4iZ5teMz%2FMyhNfxYgZTHWVmkocuJ11mdw3093ec%2FaGMSecUyV9k8dc3sV%2FpbNU5It1BkjJ9W%2FwcrWEJ%2BejKgHl22rtyc2YbIeNtRmdZXTSX5ZXy2zPs%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=14400
cf-ray: 88b293901a1f18c7-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 basic.js Show response
z0c3u.com/secure4/ 87 KB
30 KB 76ms
36ms Script
text/javascript 2606:4700:3031::ac43:806c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://z0c3u.com/secure4/basic.js
Requested by: Host: pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev
URL: https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev/sawdaasa.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:806c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2a0f5f1981d6e4409272296f297b595391ffde956f398e008b3e8579a373c81e

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 01:05:29 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Tue, 28 May 2024 08:00:01 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0Ft8nBh%2BF0XLTcegev3mfjL8dTei7S2trxBCaqMWPL7w9l6ONApLzob9eGeH4OMmT%2BMzexCrYn7mOT%2FBjcCeWvxsEDCL491tcmXu9tEMWMbwIJpERuwtTbPI1ZyNlsXuFplOtKU2l5s%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=14400
cf-ray: 88b293901a2118c7-FRA
alt-svc: h3=":443"; ma=86400

GET
BLOB 200
OK aa5f5ed5-a3e5-4024-8b06-ef3f59f64c95 Show response
https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev/ 65 KB
0 Document
text/html

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev/aa5f5ed5-a3e5-4024-8b06-ef3f59f64c95
Requested by: Host: z0c3u.com
URL: https://z0c3u.com/secure4/basic.js
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 774633a60a8f00ded010e1b905f7e1604afa60173b09001fd4f50adc50ea2f81

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Content-Length: 66509
Content-Type: text/html

GET favicon.ico
pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev/ 0
0

GET
H3 404 tag.js
sdsfsfsfs.pages.dev/files/ 0
0 76ms
36ms Script
text/plain 2606:4700:310c::ac42:2f35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sdsfsfsfs.pages.dev/files/tag.js
Requested by: Host: pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev
URL: blob:https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev/aa5f5ed5-a3e5-4024-8b06-ef3f59f64c95
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:310c::ac42:2f35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 01:05:29 GMT
referrer-policy: strict-origin-when-cross-origin
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kooDhWPNdNBWwM5R4bk7iL13vm%2FJM%2FeNji4vVjCIIPqGjSnvmWE4eEL2YdCVYB6P%2BUZ%2BTShdxvC%2BvEslj5k3e0wIf0DhDZ%2BZzXoLnueb4Y4tOGfMCTZwQyoHQ%2FKA511Efg6XsjEb%2FS8KRWujhxl5GBLL"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cache-control: no-store
cf-ray: 88b29390ea2d9742-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 200 linkid.js Show response
sdsfsfsfs.pages.dev/files/ 2 KB
1 KB 111ms
72ms Script
application/javascript 2606:4700:310c::ac42:2f35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sdsfsfsfs.pages.dev/files/linkid.js

Requested by

Host: pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev
URL: blob:https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev/aa5f5ed5-a3e5-4024-8b06-ef3f59f64c95

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:310c::ac42:2f35 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 01:05:29 GMT
content-encoding: br
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"62b17de4acdbadbf88db0e117c063392"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OwVsOaaSOHWJjs9%2FWiNmFWiGLGKmjxMANZDVTUDusb4ujr3o3FODHWet7q5q9jrg%2FbVjecSimRcBvmv26IeQCXMvLOePA1TMN6jdvzyIv7OcvXsttoyWs%2FsN5nAhY9NaZzUHs6upDwvKuYB5OWXlfOWc"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 88b29390ea2f9742-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 analytics.js Show response
sdsfsfsfs.pages.dev/files/ 49 KB
21 KB 41ms
40ms Script
application/javascript 2606:4700:310c::ac42:2f35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sdsfsfsfs.pages.dev/files/analytics.js

Requested by

Host: pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev
URL: blob:https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev/aa5f5ed5-a3e5-4024-8b06-ef3f59f64c95

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:310c::ac42:2f35 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 01:05:29 GMT
content-encoding: br
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"211ef6eac473f7f2ae6b2f14cf64cb42"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ORQCURbDG5IYkWMArLYIpPjlbhRCGbYJ3RnmJZ76W%2FL7q5DCsieKFamdFJXFmTw2V4G7w81qvbhPJf7RiL7RSjyAqnYSMaK8W0DTEyqGKuwQPgGve584S0v1bRIF7V8ctUmCsomriPBPYhmHqP9Jgih6"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 88b293911a4c9742-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 ent-unified-logon-web.562afa512e4a38e235af.css
sdsfsfsfs.pages.dev/files/ 105 KB
19 KB 88ms
49ms Stylesheet
text/css 2606:4700:310c::ac42:2f35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sdsfsfsfs.pages.dev/files/ent-unified-logon-web.562afa512e4a38e235af.css

Requested by

Host: pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev
URL: blob:https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev/aa5f5ed5-a3e5-4024-8b06-ef3f59f64c95

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:310c::ac42:2f35 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f426675307979177d431528d09aef43dd4979d5c52b64c8310432769c54d12a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 01:05:29 GMT
content-encoding: br
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"d10e33d84e6534da954ebf7287adf3df"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s10AE7dO0tz9ldaItV55%2BqGMJ31JVF%2FVpT1yVDGtGFp%2FJ%2Bl8gcfXsPPTRae%2BaS3BUrvbL0a%2F3IUHAPn3duJlBnUEa0Ykg1CMrfQGs%2FbxizPk4CbCuY%2BTQJllmISqnJmPKtIF5CtuDlFCO69RrJSSLfmY"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 88b29390ea299742-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 404 utag.js
sdsfsfsfs.pages.dev/files/ 0
0 43ms
42ms Script
text/plain 2606:4700:310c::ac42:2f35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sdsfsfsfs.pages.dev/files/utag.js
Requested by: Host: pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev
URL: blob:https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev/aa5f5ed5-a3e5-4024-8b06-ef3f59f64c95
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:310c::ac42:2f35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 01:05:29 GMT
referrer-policy: strict-origin-when-cross-origin
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A%2FimO02QzJPtIJmvX9C0Av%2B89TuMAeCI%2BML9N0OYKo9ConpR1a5buwKMMSSCOHdwrV6UJUrEfYgarB9XX9TqKAOm%2FQ962h%2FC5SVVJUujFZ5yQLksQGBFlEcG2lozQ%2Fcv%2BKD%2FUeIjFwg2uAROqH6c%2BzY4"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cache-control: no-store
cf-ray: 88b293911a4d9742-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 200 ent-unified-logon-web.js Show response
sdsfsfsfs.pages.dev/files/ 273 B
652 B 43ms
42ms Script
application/javascript 2606:4700:310c::ac42:2f35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sdsfsfsfs.pages.dev/files/ent-unified-logon-web.js

Requested by

Host: pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev
URL: blob:https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev/aa5f5ed5-a3e5-4024-8b06-ef3f59f64c95

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:310c::ac42:2f35 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

12823479e57e579d5eb7af45a060336db24bfb84bf0af53a1099d6ca016973f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 01:05:29 GMT
content-encoding: br
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"4c995d16f192388a2f58a2d9acc7d8f2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=51Nv8NUd%2F7JZjXfB5OK92HrJ%2Bav6TMh69SbRWnpfGoPuIUHHY9LtnpXngw7iBHKO5qp2BLWXHkE7VeEb3HuN1rn7Nc%2BO4XKEsUKxmxEu8NhW6nBebe%2BHua%2F9LMyk%2BD3Bmx%2F%2BZny2xlcNnSxc4mFykI0w"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 88b293911a4e9742-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 404 utag.318.js
sdsfsfsfs.pages.dev/files/ 0
0 44ms
43ms Script
text/plain 2606:4700:310c::ac42:2f35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sdsfsfsfs.pages.dev/files/utag.318.js
Requested by: Host: pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev
URL: blob:https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev/aa5f5ed5-a3e5-4024-8b06-ef3f59f64c95
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:310c::ac42:2f35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 01:05:29 GMT
referrer-policy: strict-origin-when-cross-origin
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wn%2FnBwUk%2BQpZGv60LEiks27q2%2FBnjFFSWKU0iM3xzbXqJBApWJNNy7wZozqburBA3uFeVnfYDhKndWMEkZsdtsZs40BGagfQQykg%2BoKggGeDj3f64QatpDDbyYPpKIcJo2rYkrIeQ4IRdS2ApauRaI%2FZ"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cache-control: no-store
cf-ray: 88b293911a4f9742-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 404 utag.272.js
sdsfsfsfs.pages.dev/files/ 0
0 45ms
43ms Script
text/plain 2606:4700:310c::ac42:2f35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sdsfsfsfs.pages.dev/files/utag.272.js
Requested by: Host: pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev
URL: blob:https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev/aa5f5ed5-a3e5-4024-8b06-ef3f59f64c95
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:310c::ac42:2f35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 01:05:29 GMT
referrer-policy: strict-origin-when-cross-origin
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5uUiJ9ZvAhiYR8%2Bqn1b003Yf6tUcuY2qVpGy07c63pUpRgys4QGmZSKGCwCaq6PeUYtUBLt5B8GKMOBXxsNIBw7GLf8QsXWENkOYo6%2BVZst49JEE97A7JbgAqKKTbTTa%2FWNEv3i0pP6ipjecz4O42%2Bfv"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cache-control: no-store
cf-ray: 88b293911a519742-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 404 utag.233.js
sdsfsfsfs.pages.dev/files/ 0
0 45ms
43ms Script
text/plain 2606:4700:310c::ac42:2f35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sdsfsfsfs.pages.dev/files/utag.233.js
Requested by: Host: pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev
URL: blob:https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev/aa5f5ed5-a3e5-4024-8b06-ef3f59f64c95
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:310c::ac42:2f35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 01:05:29 GMT
referrer-policy: strict-origin-when-cross-origin
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NTdNPpQkYu%2BLhEyBoyAnjDUsiZXEp7tMS9Yo3%2BlEBelL5snWLVHTHGAAFgFFY%2FF3%2FbbJP3ReJbxfO2DzzlN6g8SZcYQ%2B7CH72lBSK%2BujXIjEChO7aHqR6oYLxAvD7FPY5YvSTfxWTLWMiASk1xzgzgF8"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cache-control: no-store
cf-ray: 88b293911a529742-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 404 utag.288.js
sdsfsfsfs.pages.dev/files/ 0
0 45ms
44ms Script
text/plain 2606:4700:310c::ac42:2f35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sdsfsfsfs.pages.dev/files/utag.288.js
Requested by: Host: pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev
URL: blob:https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev/aa5f5ed5-a3e5-4024-8b06-ef3f59f64c95
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:310c::ac42:2f35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 01:05:29 GMT
referrer-policy: strict-origin-when-cross-origin
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=je8E3er%2FbRMdNsQ8fhgG9VG7mbA0ZjuvJmGShnsYX8tPFbuvBHAYGLIFDWHU72cvS9uM%2BOmelBK7DfeoaGDPNZvrMG8eRW2ovFc4CGLBJgPEoBcgJ5BIfy00ZR1LxW29Wb5UoPaNcf%2BPs2DW4GaHClvo"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cache-control: no-store
cf-ray: 88b293911a539742-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 404 utag.417.js
sdsfsfsfs.pages.dev/files/ 0
0 45ms
44ms Script
text/plain 2606:4700:310c::ac42:2f35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sdsfsfsfs.pages.dev/files/utag.417.js
Requested by: Host: pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev
URL: blob:https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev/aa5f5ed5-a3e5-4024-8b06-ef3f59f64c95
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:310c::ac42:2f35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 01:05:29 GMT
referrer-policy: strict-origin-when-cross-origin
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g2inoKLxipNQmH18tJODgxQ6YwVWymGHxtjhDme5vofCyIimn1M2wxvb4%2FHplVOIFdCFyKXbQ2dB2BTHZ3YxJx0GI13ez%2B9hGg7mVWlNXIPcqwhrtg7nLVTdkPthVm7cEpSbCnCmA7i33Gj5hpKyTpvj"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cache-control: no-store
cf-ray: 88b293911a549742-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 404 utag.327.js
sdsfsfsfs.pages.dev/files/ 0
0 46ms
44ms Script
text/plain 2606:4700:310c::ac42:2f35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sdsfsfsfs.pages.dev/files/utag.327.js
Requested by: Host: pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev
URL: blob:https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev/aa5f5ed5-a3e5-4024-8b06-ef3f59f64c95
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:310c::ac42:2f35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 01:05:29 GMT
referrer-policy: strict-origin-when-cross-origin
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FNa3aGVS8nZbG84uly0L%2F4q24qRGXNfzZjqaBO05ysHoOvwIqaIZDprZk%2F6a6AhgfOYD2v4UnShmtGMD9I6rW3utWwDwEtOsVuPuTjMqPCyqAyxvurnbScc%2FocwnhLBQrvlBVwH7d9buR5YHI2pVZWEr"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cache-control: no-store
cf-ray: 88b293911a559742-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 404 react!react-dom.min.js
sdsfsfsfs.pages.dev/files/ 0
0 76ms
37ms Script
text/plain 2606:4700:310c::ac42:2f35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sdsfsfsfs.pages.dev/files/react!react-dom.min.js
Requested by: Host: pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev
URL: blob:https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev/aa5f5ed5-a3e5-4024-8b06-ef3f59f64c95
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:310c::ac42:2f35 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 01:05:29 GMT
referrer-policy: strict-origin-when-cross-origin
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PfuqWKKsZiwAe0c6UWeE6KCbp6kwuXMVkagQPhaV0ItRYAKYfNE4ewG6ybUmZ0dFGjbwX8Od3QgiCsGMSX0iPzLlqAjJR4GDbDl3Q6K4sRvlP%2BdyBbCKAZl2MyLdPKUl7Oxu9al97zyM0sDhjbZBipig"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cache-control: no-store
cf-ray: 88b29390ea2b9742-FRA
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 200 ent-unified-logon-web.ec39118119936b90266f.js Show response
sdsfsfsfs.pages.dev/files/ 925 KB
203 KB 90ms
51ms Script
application/javascript 2606:4700:310c::ac42:2f35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sdsfsfsfs.pages.dev/files/ent-unified-logon-web.ec39118119936b90266f.js

Requested by

Host: pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev
URL: blob:https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev/aa5f5ed5-a3e5-4024-8b06-ef3f59f64c95

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:310c::ac42:2f35 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef0b9dd38994625b89c173b39924691ff6e38fd2dbd1b2f2f178db36a22a5577

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 01:05:29 GMT
content-encoding: br
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"4ea0b1ea9a8a1336022ed3ff91f2c6fb"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ku3wj45QvrXRzWjkeHCIfc9cFrryWCUIKrsI4k8OuIqaR5jMHwzdnf8izsxew3OFM9mif58Zx28KexFR7kp6%2F3YKDYIR8Pt5GIOA1Wr%2FkP0lDJYEEliW%2FlkWMHo8uiRHObTDzXN2%2BNJXXp5xaq35M3mZ"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 88b29390ea2c9742-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 MfAjsB Show response
sdsfsfsfs.pages.dev/files/ 191 KB
192 KB 82ms
43ms Script
application/octet-stream 2606:4700:310c::ac42:2f35
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sdsfsfsfs.pages.dev/files/MfAjsB

Requested by

Host: pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev
URL: blob:https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev/aa5f5ed5-a3e5-4024-8b06-ef3f59f64c95

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:310c::ac42:2f35 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6a9384bc8a102c2a5028d05506f54d1f56ebee75b1642fdf2e053dc8d8bc924d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 01:05:29 GMT
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "c4db7a5443cb20ee66cd0bb839bf201b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EHa3XKXg2w5dix94AhfozbxW1N7pm7LrPeKrjliiKKwCjN03GuHraEe3IdhVT3bZJEulnL%2BVl0sLO%2FHeewGg36nSBKKGzqxfb1nD4UFePywsMianbNx4100Zc%2Br5RdSGlRwdeUfy4wfoe2x9EaBgSeEf"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 88b29390ea329742-FRA
alt-svc: h3=":443"; ma=86400
content-length: 195950

GET
H2 200 jquery-3.3.1.min.js Show response
ajax.aspnetcdn.com/ajax/jQuery/ 85 KB
30 KB 46ms
7ms Script
application/javascript 152.199.19.160
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js

Requested by

Host: pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev
URL: blob:https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev/aa5f5ed5-a3e5-4024-8b06-ef3f59f64c95

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.160 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CE1) /

Resource Hash

160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 01:05:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5606404
x-cache: HIT
content-length: 30394
x-xss-protection: 1; mode=block
last-modified: Mon, 22 Jan 2018 19:27:49 GMT
server: ECAcc (frc/4CE1)
etag: "80288516b793d31:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
timing-allow-origin: *

GET
H3 200 jquery.mask.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/ 20 KB
5 KB 26ms
14ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jquery.mask.js

Requested by

Host: pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev
URL: blob:https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev/aa5f5ed5-a3e5-4024-8b06-ef3f59f64c95

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 01:05:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 540902
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 4517
last-modified: Mon, 04 May 2020 16:11:47 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec3-4e98"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ICl19kJsk2HYgvprtLAdjJZvfm2YZIt1%2Fq7W6NFCLACiZxLcJahV6SLIsJcboyQNH2krNExHxKfk68xT%2FaNLmX4T8Nu6rAvIqPhGqbYWQhbmj30NDWodhWws0hNguB2Vhdqba%2F67AP6RNONbGS7ZiuYQ"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 88b29390beeb3a96-FRA
expires: Mon, 19 May 2025 01:05:29 GMT

GET
H3

200

a
sdsfsfsfs.pages.dev/files/ Frame 061B
Redirect Chain

https://sdsfsfsfs.pages.dev/files/a.html
https://sdsfsfsfs.pages.dev/files/a

0
0

33ms
33ms

Document
text/html

2606:4700:310c::ac42:2ccb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sdsfsfsfs.pages.dev/files/a

Requested by

Host: pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev
URL: blob:https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev/aa5f5ed5-a3e5-4024-8b06-ef3f59f64c95

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:310c::ac42:2ccb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=0, must-revalidate
cf-ray: 88b293911a7471c5-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Wed, 29 May 2024 01:05:29 GMT
etag: W/"0c29a7704d3fb52b02ff9ca9bc77430c"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gnp5mQM9dHOLH0oK%2Bl2V2toSn1A3r50%2FOZVNpW%2B7HFNJtbAfCYG6%2BkVQRL1P4GPEjzkkNJzDVHFhYGTJjASQGnMVVSL5a6igleZTVtOSlAvwtKFeP73%2BDw4XHigaQ6im1jnVfhkHVpPkzhT1LvN%2BU6GJ"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff

Redirect headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
cf-ray: 88b29390ea2371c5-FRA
content-length: 0
date: Wed, 29 May 2024 01:05:29 GMT
location: /files/a
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JUPV%2BaDgiJoTgk05T8peG8YivV2tz9IJ5jn769qyRhKOYu5Srpj2b3wmis%2Bra17NpSU0YDwRgmCHPG1uhMyakTmLym3evTiVMmjqr4yamXdt95%2Ba4cuqA%2FOhgm5MIQPbQBXsOGPV%2FDEkqFRd7y3559ct"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
DATA 200
OK truncated
/ 12 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ddb4133f601fa817524466b7bad394bb2330decf57c99762ba9c2cbd34e9e0e2

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 155 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ceec846322efec91a63ccd7c7d369661a99347961bc00e4396d528d9b080f31c

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET 9C7F15704715916A9.woff2
content.usaa.com/mcontent/static_assets/Fonts/ 0
0

GET E83D71A074DF776F4.woff2
content.usaa.com/mcontent/static_assets/Fonts/ 0
0

GET F68DD4439278D0467.woff2
content.usaa.com/mcontent/static_assets/Fonts/ 0
0

GET 12C383965421BC56F.woff2
content.usaa.com/mcontent/static_assets/Fonts/ 0
0

GET 9ECBC8FFB535D0532.woff2
content.usaa.com/mcontent/static_assets/Fonts/ 0
0

GET C1B705B7AD8D5B4C6.woff2
content.usaa.com/mcontent/static_assets/Fonts/ 0
0

GET E83D71A074DF776F4.woff
content.usaa.com/mcontent/static_assets/Fonts/ 0
0

GET F68DD4439278D0467.woff
content.usaa.com/mcontent/static_assets/Fonts/ 0
0

GET 9ECBC8FFB535D0532.woff
content.usaa.com/mcontent/static_assets/Fonts/ 0
0

GET 9C7F15704715916A9.woff
content.usaa.com/mcontent/static_assets/Fonts/ 0
0

GET 12C383965421BC56F.woff
content.usaa.com/mcontent/static_assets/Fonts/ 0
0

GET C1B705B7AD8D5B4C6.woff
content.usaa.com/mcontent/static_assets/Fonts/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev
URL: https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev/favicon.ico

Domain: content.usaa.com
URL: https://content.usaa.com/mcontent/static_assets/Fonts/9C7F15704715916A9.woff2

Domain: content.usaa.com
URL: https://content.usaa.com/mcontent/static_assets/Fonts/E83D71A074DF776F4.woff2

Domain: content.usaa.com
URL: https://content.usaa.com/mcontent/static_assets/Fonts/F68DD4439278D0467.woff2

Domain: content.usaa.com
URL: https://content.usaa.com/mcontent/static_assets/Fonts/12C383965421BC56F.woff2

Domain: content.usaa.com
URL: https://content.usaa.com/mcontent/static_assets/Fonts/9ECBC8FFB535D0532.woff2

Domain: content.usaa.com
URL: https://content.usaa.com/mcontent/static_assets/Fonts/C1B705B7AD8D5B4C6.woff2

Domain: content.usaa.com
URL: https://content.usaa.com/mcontent/static_assets/Fonts/E83D71A074DF776F4.woff

Domain: content.usaa.com
URL: https://content.usaa.com/mcontent/static_assets/Fonts/F68DD4439278D0467.woff

Domain: content.usaa.com
URL: https://content.usaa.com/mcontent/static_assets/Fonts/9ECBC8FFB535D0532.woff

Domain: content.usaa.com
URL: https://content.usaa.com/mcontent/static_assets/Fonts/9C7F15704715916A9.woff

Domain: content.usaa.com
URL: https://content.usaa.com/mcontent/static_assets/Fonts/12C383965421BC56F.woff

Domain: content.usaa.com
URL: https://content.usaa.com/mcontent/static_assets/Fonts/C1B705B7AD8D5B4C6.woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: USAA (Banking)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

34 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://sdsfsfsfs.pages.dev/files/tag.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://sdsfsfsfs.pages.dev/files/react!react-dom.min.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://sdsfsfsfs.pages.dev/files/utag.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://sdsfsfsfs.pages.dev/files/utag.318.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://sdsfsfsfs.pages.dev/files/utag.272.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://sdsfsfsfs.pages.dev/files/utag.233.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://sdsfsfsfs.pages.dev/files/utag.288.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://sdsfsfsfs.pages.dev/files/utag.417.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://sdsfsfsfs.pages.dev/files/utag.327.js Message: Failed to load resource: the server responded with a status of 404 ()
security	error	URL: blob:https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev/aa5f5ed5-a3e5-4024-8b06-ef3f59f64c95 Message: Refused to execute script from 'https://sdsfsfsfs.pages.dev/files/MfAjsB' because its MIME type ('application/octet-stream') is not executable, and strict MIME type checking is enabled.
javascript	error	URL: blob:https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev/aa5f5ed5-a3e5-4024-8b06-ef3f59f64c95 Message: Access to font at 'https://content.usaa.com/mcontent/static_assets/Fonts/E83D71A074DF776F4.woff2' from origin 'https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://content.usaa.com/mcontent/static_assets/Fonts/E83D71A074DF776F4.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: blob:https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev/aa5f5ed5-a3e5-4024-8b06-ef3f59f64c95 Message: Access to font at 'https://content.usaa.com/mcontent/static_assets/Fonts/F68DD4439278D0467.woff2' from origin 'https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://content.usaa.com/mcontent/static_assets/Fonts/F68DD4439278D0467.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: blob:https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev/aa5f5ed5-a3e5-4024-8b06-ef3f59f64c95 Message: Access to font at 'https://content.usaa.com/mcontent/static_assets/Fonts/9ECBC8FFB535D0532.woff2' from origin 'https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://content.usaa.com/mcontent/static_assets/Fonts/9ECBC8FFB535D0532.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: blob:https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev/aa5f5ed5-a3e5-4024-8b06-ef3f59f64c95 Message: Access to font at 'https://content.usaa.com/mcontent/static_assets/Fonts/9C7F15704715916A9.woff2' from origin 'https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://content.usaa.com/mcontent/static_assets/Fonts/9C7F15704715916A9.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: blob:https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev/aa5f5ed5-a3e5-4024-8b06-ef3f59f64c95 Message: Access to font at 'https://content.usaa.com/mcontent/static_assets/Fonts/12C383965421BC56F.woff2' from origin 'https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://content.usaa.com/mcontent/static_assets/Fonts/12C383965421BC56F.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: blob:https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev/aa5f5ed5-a3e5-4024-8b06-ef3f59f64c95 Message: Access to font at 'https://content.usaa.com/mcontent/static_assets/Fonts/C1B705B7AD8D5B4C6.woff2' from origin 'https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://content.usaa.com/mcontent/static_assets/Fonts/C1B705B7AD8D5B4C6.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: blob:https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev/aa5f5ed5-a3e5-4024-8b06-ef3f59f64c95 Message: Access to font at 'https://content.usaa.com/mcontent/static_assets/Fonts/E83D71A074DF776F4.woff' from origin 'https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://content.usaa.com/mcontent/static_assets/Fonts/E83D71A074DF776F4.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: blob:https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev/aa5f5ed5-a3e5-4024-8b06-ef3f59f64c95 Message: Access to font at 'https://content.usaa.com/mcontent/static_assets/Fonts/F68DD4439278D0467.woff' from origin 'https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://content.usaa.com/mcontent/static_assets/Fonts/F68DD4439278D0467.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: blob:https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev/aa5f5ed5-a3e5-4024-8b06-ef3f59f64c95 Message: Access to font at 'https://content.usaa.com/mcontent/static_assets/Fonts/9ECBC8FFB535D0532.woff' from origin 'https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://content.usaa.com/mcontent/static_assets/Fonts/9ECBC8FFB535D0532.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: blob:https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev/aa5f5ed5-a3e5-4024-8b06-ef3f59f64c95 Message: Access to font at 'https://content.usaa.com/mcontent/static_assets/Fonts/9C7F15704715916A9.woff' from origin 'https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://content.usaa.com/mcontent/static_assets/Fonts/9C7F15704715916A9.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: blob:https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev/aa5f5ed5-a3e5-4024-8b06-ef3f59f64c95 Message: Access to font at 'https://content.usaa.com/mcontent/static_assets/Fonts/12C383965421BC56F.woff' from origin 'https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://content.usaa.com/mcontent/static_assets/Fonts/12C383965421BC56F.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: blob:https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev/aa5f5ed5-a3e5-4024-8b06-ef3f59f64c95 Message: Access to font at 'https://content.usaa.com/mcontent/static_assets/Fonts/C1B705B7AD8D5B4C6.woff' from origin 'https://pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://content.usaa.com/mcontent/static_assets/Fonts/C1B705B7AD8D5B4C6.woff Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.aspnetcdn.com
cdnjs.cloudflare.com
content.usaa.com
pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev
sdsfsfsfs.pages.dev
z0c3u.com
content.usaa.com
pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev

152.199.19.160
2606:4700:3031::ac43:806c
2606:4700:310c::ac42:2ccb
2606:4700:310c::ac42:2f35
2606:4700::6811:180e
2606:4700::6812:223
12823479e57e579d5eb7af45a060336db24bfb84bf0af53a1099d6ca016973f2
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
2a0f5f1981d6e4409272296f297b595391ffde956f398e008b3e8579a373c81e
4583fe18f2562ebedcde2df3cafcf399f5a6f309c7bb18e3cbebb5a5e5402a4b
6a9384bc8a102c2a5028d05506f54d1f56ebee75b1642fdf2e053dc8d8bc924d
774633a60a8f00ded010e1b905f7e1604afa60173b09001fd4f50adc50ea2f81
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44
ceec846322efec91a63ccd7c7d369661a99347961bc00e4396d528d9b080f31c
ddb4133f601fa817524466b7bad394bb2330decf57c99762ba9c2cbd34e9e0e2
ef0b9dd38994625b89c173b39924691ff6e38fd2dbd1b2f2f178db36a22a5577
f2a84bc4f4cb8ae04162f42f1f3ebed1e05725d9b5bf666b885356c7698a071f
f426675307979177d431528d09aef43dd4979d5c52b64c8310432769c54d12a0

pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev Open in urlscan Pro 2606:4700::6812:223 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

35 Requests

63 %HTTPS

71 %IPv6

6 Domains

6 Subdomains

8 IPs

1 Countries

586 kBTransfer

1826 kBSize

0 Cookies

6 Outgoing links

Redirected requests

35 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

10 JavaScript Global Variables

0 Cookies

34 Console Messages

Indicators

pub-ae0a1df8e37f4ff7a9493554c9f11118.r2.dev Open in urlscan Pro
2606:4700::6812:223 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

35
Requests

63 %
HTTPS

71 %
IPv6

6
Domains

6
Subdomains

8
IPs

1
Countries

586 kB
Transfer

1826 kB
Size

0
Cookies

35 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!