pub-56e6ac597826439f92295441cd031159.r2.dev Open in urlscan Pro
2606:4700::6812:323 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://pub-56e6ac597826439f92295441cd031159.r2.dev/ax24.html
Effective URL:
https://pub-56e6ac597826439f92295441cd031159.r2.dev/ax24.html
Submission: On June 15 via api (June 15th 2024, 12:28:00 am UTC) from LU — Scanned from DE

Summary HTTP 22 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 3 countries across 6 domains to perform 22 HTTP transactions. The main IP is 2606:4700::6812:323, located in United States and belongs to CLOUDFLARENET, US. The main domain is pub-56e6ac597826439f92295441cd031159.r2.dev.
TLS certificate: Issued by E1 on June 3rd 2024. Valid for: 3 months.

This is the only time pub-56e6ac597826439f92295441cd031159.r2.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: American Express (Financial) Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 11	2606:4700::68... 2606:4700::6812:323	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	104.18.10.207 104.18.10.207	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.17.24.14 104.17.24.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	23.37.49.89 23.37.49.89	16625 (AKAMAI-AS) (AKAMAI-AS)
1	67.20.76.77 67.20.76.77	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
1	95.100.68.84 95.100.68.84	16625 (AKAMAI-AS) (AKAMAI-AS)
22	7

11 2606:4700::6812:323 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

pub-56e6ac597826439f92295441cd031159.r2.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.18.10.207 (None, )

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.17.24.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.37.49.89 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-49-89.deploy.static.akamaitechnologies.com

www.aexp-static.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.20.76.77 (United States)

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: host2009.hostmonster.com

nylcom.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 95.100.68.84 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a95-100-68-84.deploy.static.akamaitechnologies.com

www.americanexpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	r2.dev 1 redirects pub-56e6ac597826439f92295441cd031159.r2.dev	280 KB
4	aexp-static.com www.aexp-static.com — Cisco Umbrella Rank: 13258	4 KB
4	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1267	61 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 265	30 KB
1	americanexpress.com www.americanexpress.com — Cisco Umbrella Rank: 14630	2 KB
1	nylcom.com nylcom.com	669 B
22	6

	Domain	Requested by
11	pub-56e6ac597826439f92295441cd031159.r2.dev	1 redirects pub-56e6ac597826439f92295441cd031159.r2.dev
4	www.aexp-static.com	pub-56e6ac597826439f92295441cd031159.r2.dev
4	maxcdn.bootstrapcdn.com	pub-56e6ac597826439f92295441cd031159.r2.dev maxcdn.bootstrapcdn.com
2	cdnjs.cloudflare.com	pub-56e6ac597826439f92295441cd031159.r2.dev
1	www.americanexpress.com
1	nylcom.com	pub-56e6ac597826439f92295441cd031159.r2.dev
22	6

This site contains no links.

Subject Issuer	Validity	Valid
*.r2.dev E1	`2024-06-03` - `2024-09-01`	3 months	crt.sh
bootstrapcdn.com GTS CA 1P5	`2024-05-25` - `2024-08-23`	3 months	crt.sh
cdnjs.cloudflare.com E1	`2024-06-02` - `2024-08-31`	3 months	crt.sh
m.americanexpress.com DigiCert SHA2 Extended Validation Server CA	`2024-03-06` - `2025-03-06`	a year	crt.sh
cpcalendars.apcmaterials.com R3	`2024-05-16` - `2024-08-14`	3 months	crt.sh
www.americanexpress.com DigiCert SHA2 Extended Validation Server CA	`2023-08-03` - `2024-08-01`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://pub-56e6ac597826439f92295441cd031159.r2.dev/ax24.html
Frame ID: 7860DB7F1E8E74861B715E4EC590892C
Requests: 27 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Page URL History Show full URLs

http://pub-56e6ac597826439f92295441cd031159.r2.dev/ax24.html HTTP 307
https://pub-56e6ac597826439f92295441cd031159.r2.dev/ax24.html Page URL
https://pub-56e6ac597826439f92295441cd031159.r2.dev/cdn-cgi/phish-bypass?atok=yGY2.OaEX4J_3E4nxCnkpavbrHwi5FKxn_N6NyzdXBo-171841... HTTP 301
https://pub-56e6ac597826439f92295441cd031159.r2.dev/ax24.html Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Amex Express Checkout (Payment processors) Expand

Overall confidence: 100%
Detected patterns

aexp-static\.com

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

22
Requests

100 %
HTTPS

17 %
IPv6

6
Domains

6
Subdomains

7
IPs

3
Countries

377 kB
Transfer

631 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://pub-56e6ac597826439f92295441cd031159.r2.dev/ax24.html HTTP 307
https://pub-56e6ac597826439f92295441cd031159.r2.dev/ax24.html Page URL
https://pub-56e6ac597826439f92295441cd031159.r2.dev/cdn-cgi/phish-bypass?atok=yGY2.OaEX4J_3E4nxCnkpavbrHwi5FKxn_N6NyzdXBo-1718411271-0.0.1.1-%2Fax24.html HTTP 301
https://pub-56e6ac597826439f92295441cd031159.r2.dev/ax24.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://pub-56e6ac597826439f92295441cd031159.r2.dev/ax24.html HTTP 307
https://pub-56e6ac597826439f92295441cd031159.r2.dev/ax24.html

22 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

ax24.html Show response
pub-56e6ac597826439f92295441cd031159.r2.dev/
Redirect Chain

http://pub-56e6ac597826439f92295441cd031159.r2.dev/ax24.html
https://pub-56e6ac597826439f92295441cd031159.r2.dev/ax24.html

4 KB
5 KB

204ms
48ms

Document
text/html

2606:4700::6812:323
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pub-56e6ac597826439f92295441cd031159.r2.dev/ax24.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:323 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

31e1c65a20d5f56f041ff922e46c82eb0ef4c08c9c582233f0eed7d1a319476d

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.29 Safari/537.36

Response headers

CF-RAY: 893e6fcd7b566ae8-FRA
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Date: Sat, 15 Jun 2024 00:27:51 GMT
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN

Redirect headers

Cross-Origin-Resource-Policy: Cross-Origin
Location: https://pub-56e6ac597826439f92295441cd031159.r2.dev/ax24.html
Non-Authoritative-Reason: HSTS

GET
H/1.1 200
OK cf.errors.css
pub-56e6ac597826439f92295441cd031159.r2.dev/cdn-cgi/styles/ 23 KB
5 KB 42ms
41ms Stylesheet
text/css 2606:4700::6812:323
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pub-56e6ac597826439f92295441cd031159.r2.dev/cdn-cgi/styles/cf.errors.css

Requested by

Host: pub-56e6ac597826439f92295441cd031159.r2.dev
URL: https://pub-56e6ac597826439f92295441cd031159.r2.dev/ax24.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:323 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://pub-56e6ac597826439f92295441cd031159.r2.dev/ax24.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.29 Safari/537.36

Response headers

Date: Sat, 15 Jun 2024 00:27:51 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Tue, 11 Jun 2024 17:31:42 GMT
Server: cloudflare
ETag: W/"666889fe-5df3"
Transfer-Encoding: chunked
X-Frame-Options: DENY
Content-Type: text/css
Vary: Accept-Encoding
Cache-Control: max-age=7200, public
Connection: keep-alive
CF-RAY: 893e6fcdcb836ae8-FRA
Expires: Sat, 15 Jun 2024 02:27:51 GMT

GET
H/1.1 200
OK icon-exclamation.png
pub-56e6ac597826439f92295441cd031159.r2.dev/cdn-cgi/images/ 452 B
889 B 41ms
41ms Image
image/png 2606:4700::6812:323
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pub-56e6ac597826439f92295441cd031159.r2.dev/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: pub-56e6ac597826439f92295441cd031159.r2.dev
URL: https://pub-56e6ac597826439f92295441cd031159.r2.dev/cdn-cgi/styles/cf.errors.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:323 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://pub-56e6ac597826439f92295441cd031159.r2.dev/cdn-cgi/styles/cf.errors.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.29 Safari/537.36

Response headers

Date: Sat, 15 Jun 2024 00:27:51 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 11 Jun 2024 17:31:42 GMT
Server: cloudflare
ETag: "666889fe-1c4"
X-Frame-Options: DENY
Vary: Accept-Encoding
Content-Type: image/png
Cache-Control: max-age=7200, public
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 893e6fce1ba46ae8-FRA
Content-Length: 452
Expires: Sat, 15 Jun 2024 02:27:51 GMT

GET
H/1.1 404
Not Found favicon.ico
pub-56e6ac597826439f92295441cd031159.r2.dev/ 27 KB
27 KB 636ms
636ms Other
text/html 2606:4700::6812:323
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-56e6ac597826439f92295441cd031159.r2.dev/favicon.ico
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:323 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 570a6631252b8a52df4de0e953ae77dbdf524dfc3637cda2840494a0d2b49499

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://pub-56e6ac597826439f92295441cd031159.r2.dev/ax24.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.29 Safari/537.36

Response headers

Date: Sat, 15 Jun 2024 00:27:52 GMT
Server: cloudflare
Connection: keep-alive
CF-RAY: 893e6fce5bc46ae8-FRA
Content-Length: 27242
Vary: Accept-Encoding
Content-Type: text/html

GET
H/1.1

200
OK

Primary Request ax24.html Show response
pub-56e6ac597826439f92295441cd031159.r2.dev/
Redirect Chain

https://pub-56e6ac597826439f92295441cd031159.r2.dev/cdn-cgi/phish-bypass?atok=yGY2.OaEX4J_3E4nxCnkpavbrHwi5FKxn_N6NyzdXBo-1718411271-0.0.1.1-%2Fax24.html
https://pub-56e6ac597826439f92295441cd031159.r2.dev/ax24.html

40 KB
41 KB

337ms
337ms

Document
text/html

2606:4700::6812:323
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-56e6ac597826439f92295441cd031159.r2.dev/ax24.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:323 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bc8ea2b3b149cb458eba86ad69c67eca9e95857b114a97117af82854b3407fd6

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://pub-56e6ac597826439f92295441cd031159.r2.dev/ax24.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.29 Safari/537.36

Response headers

Accept-Ranges: bytes
CF-RAY: 893e6fe5b8ca6ae8-FRA
Connection: keep-alive
Content-Length: 41419
Content-Type: text/html
Date: Sat, 15 Jun 2024 00:27:55 GMT
ETag: "ebd1f34cd1c0895040e781da53893f5d"
Last-Modified: Mon, 13 May 2024 16:39:11 GMT
Server: cloudflare
Vary: Accept-Encoding

Redirect headers

CF-RAY: 893e6fe568ab6ae8-FRA
Cache-Control: private, no-cache
Connection: keep-alive
Content-Length: 167
Content-Type: text/html
Date: Sat, 15 Jun 2024 00:27:55 GMT
Location: https://pub-56e6ac597826439f92295441cd031159.r2.dev/ax24.html
Server: cloudflare
X-Content-Type-Options: nosniff
X-Frame-Options: DENY

GET
H3 200 bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/ 118 KB
24 KB 78ms
40ms Stylesheet
text/css 104.18.10.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css

Requested by

Host: pub-56e6ac597826439f92295441cd031159.r2.dev
URL: https://pub-56e6ac597826439f92295441cd031159.r2.dev/ax24.html

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.10.207 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://pub-56e6ac597826439f92295441cd031159.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.29 Safari/537.36

Response headers

date: Sat, 15 Jun 2024 00:27:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 940
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 3741473
cdn-cachedat: 10/31/2023 19:15:06
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
cdn-proxyver: 1.04
cdn-requestpullcode: 200
server: cloudflare
etag: W/"ec3bb52a00e176a7181d454dffaea219"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: c83fee2ffb8cb55535eaeb2520d7c34a
timing-allow-origin: *
cdn-requestcountrycode: US
cdn-status: 200
cf-ray: 893e6fe809716a73-TXL
cdn-requestpullsuccess: True

GET
H3 200 bootstrap-social.min.css
cdnjs.cloudflare.com/ajax/libs/bootstrap-social/5.1.1/ 24 KB
3 KB 104ms
50ms Stylesheet
text/css 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/bootstrap-social/5.1.1/bootstrap-social.min.css

Requested by

Host: pub-56e6ac597826439f92295441cd031159.r2.dev
URL: https://pub-56e6ac597826439f92295441cd031159.r2.dev/ax24.html

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ac530b45ba80cad0fd89cff7ed19f3af661ccbf465a71139407e7687b568219a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://pub-56e6ac597826439f92295441cd031159.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.29 Safari/537.36

Response headers

date: Sat, 15 Jun 2024 00:27:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 109043
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 2428
last-modified: Mon, 04 May 2020 16:06:38 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03d8e-5f1b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SIZZNxZ%2F8Oc0tHwLVZg9NBEnuUx5DQu5zq%2B0yeO0Aty%2FMLHACNMixqGP1eDXgicsLofHEHtJ6LQxOZXyu8XrMATT7aaNFJLO2y5VDJMwJmfJEXrn16ix9i%2FpcguIyLZsD%2FFmSmZk"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 893e6fe82e52bb4d-FRA
expires: Thu, 05 Jun 2025 00:27:55 GMT

GET
H3 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/ 30 KB
7 KB 107ms
69ms Stylesheet
text/css 104.18.10.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Host: pub-56e6ac597826439f92295441cd031159.r2.dev
URL: https://pub-56e6ac597826439f92295441cd031159.r2.dev/ax24.html

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.10.207 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://pub-56e6ac597826439f92295441cd031159.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.29 Safari/537.36

Response headers

date: Sat, 15 Jun 2024 00:27:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 1078
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 3724223
cdn-cachedat: 03/18/2024 12:28:12
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-proxyver: 1.04
cdn-requestpullcode: 200
server: cloudflare
etag: W/"269550530cc127b6aa5a35925a7de6ce"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 5e4d53437a90cba0ca0545e9504ae32b
timing-allow-origin: *
cdn-requestcountrycode: DE
cdn-status: 200
cf-ray: 893e6fe809706a73-TXL
cdn-requestpullsuccess: True

GET
H/1.1 200
OK style.css
pub-56e6ac597826439f92295441cd031159.r2.dev/ 6 KB
7 KB 278ms
277ms Stylesheet
text/css 2606:4700::6812:323
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-56e6ac597826439f92295441cd031159.r2.dev/style.css
Requested by: Host: pub-56e6ac597826439f92295441cd031159.r2.dev
URL: https://pub-56e6ac597826439f92295441cd031159.r2.dev/ax24.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:323 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: eb4225ad647b28f1619e0b186c7734504ba0ba5d2c3e62d7acc8d4627e4d6e3a

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://pub-56e6ac597826439f92295441cd031159.r2.dev/ax24.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.29 Safari/537.36

Response headers

Date: Sat, 15 Jun 2024 00:27:55 GMT
Last-Modified: Mon, 13 May 2024 16:08:01 GMT
Server: cloudflare
ETag: "9c1630aad362164a728421e23e40f049"
Vary: Accept-Encoding
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 893e6fe7da3d6ae8-FRA
Content-Length: 6375

GET
H2 200 dls-logo-bluebox-solid.svg
www.aexp-static.com/cdaas/one/statics/axp-static-assets/1.8.0/package/dist/img/logos/ 2 KB
1 KB 213ms
50ms Image
image/svg+xml 23.37.49.89
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.aexp-static.com/cdaas/one/statics/axp-static-assets/1.8.0/package/dist/img/logos/dls-logo-bluebox-solid.svg
Requested by: Host: pub-56e6ac597826439f92295441cd031159.r2.dev
URL: https://pub-56e6ac597826439f92295441cd031159.r2.dev/ax24.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.49.89 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-49-89.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 028f643755987211bf2f3add6c62ae1870a888cf2f4fe3040a4fac7dce2543ab

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://pub-56e6ac597826439f92295441cd031159.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.29 Safari/537.36

Response headers

date: Sat, 15 Jun 2024 00:27:55 GMT
content-encoding: gzip
last-modified: Thu, 31 Oct 2019 17:37:19 GMT
etag: W/"5dbb1bcf-962"
vary: Origin, Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31536000, must-revalidate
timing-allow-origin: *
content-length: 989

GET
H2 200 dls-logo-stack.svg
www.aexp-static.com/cdaas/one/statics/axp-static-assets/1.8.0/package/dist/img/logos/ 2 KB
922 B 236ms
73ms Image
image/svg+xml 23.37.49.89
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.aexp-static.com/cdaas/one/statics/axp-static-assets/1.8.0/package/dist/img/logos/dls-logo-stack.svg
Requested by: Host: pub-56e6ac597826439f92295441cd031159.r2.dev
URL: https://pub-56e6ac597826439f92295441cd031159.r2.dev/ax24.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.49.89 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-49-89.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fc69234936c0df004440641a5df9ee1e3c3532df5780984f0f636e85e8788519

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://pub-56e6ac597826439f92295441cd031159.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.29 Safari/537.36

Response headers

date: Sat, 15 Jun 2024 00:27:55 GMT
content-encoding: gzip
last-modified: Thu, 31 Oct 2019 17:37:19 GMT
etag: W/"5dbb1bcf-66e"
vary: Origin, Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31536000, must-revalidate
timing-allow-origin: *
content-length: 743

GET
H/1.1 200
OK cid.png
pub-56e6ac597826439f92295441cd031159.r2.dev/ 76 KB
76 KB 1565ms
1483ms Image
image/png 2606:4700::6812:323
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pub-56e6ac597826439f92295441cd031159.r2.dev/cid.png
Requested by: Host: pub-56e6ac597826439f92295441cd031159.r2.dev
URL: https://pub-56e6ac597826439f92295441cd031159.r2.dev/ax24.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:323 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fa12fb8f6ec391542590fd0b159fb06e9cabdd2556950955beffa5a742b7c5ea

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://pub-56e6ac597826439f92295441cd031159.r2.dev/ax24.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.29 Safari/537.36

Response headers

Date: Sat, 15 Jun 2024 00:27:57 GMT
Last-Modified: Mon, 13 May 2024 16:41:32 GMT
Server: cloudflare
ETag: "d23290f143c6dd74326679579b570878"
Vary: Accept-Encoding
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 893e6fe86a6fbbf1-FRA
Content-Length: 77643

GET
H/1.1 200
OK csc.png
pub-56e6ac597826439f92295441cd031159.r2.dev/ 45 KB
45 KB 1152ms
1070ms Image
image/png 2606:4700::6812:323
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pub-56e6ac597826439f92295441cd031159.r2.dev/csc.png
Requested by: Host: pub-56e6ac597826439f92295441cd031159.r2.dev
URL: https://pub-56e6ac597826439f92295441cd031159.r2.dev/ax24.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:323 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: acf07d1efd42984fc3b2adfa31cbcef2f2a508f5105fde68bc56b3e80dcfc826

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://pub-56e6ac597826439f92295441cd031159.r2.dev/ax24.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.29 Safari/537.36

Response headers

Date: Sat, 15 Jun 2024 00:27:56 GMT
Last-Modified: Mon, 13 May 2024 16:41:32 GMT
Server: cloudflare
ETag: "1ab8baa1b1b50862c0ef8cba837905ce"
Vary: Accept-Encoding
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 893e6fe86e022bb9-FRA
Content-Length: 45906

GET
H/1.1 200
OK banner2.png
pub-56e6ac597826439f92295441cd031159.r2.dev/ 73 KB
74 KB 1209ms
1126ms Image
image/png 2606:4700::6812:323
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pub-56e6ac597826439f92295441cd031159.r2.dev/banner2.png
Requested by: Host: pub-56e6ac597826439f92295441cd031159.r2.dev
URL: https://pub-56e6ac597826439f92295441cd031159.r2.dev/ax24.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:323 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e5cf0014d53b47dfd3733e4be099ffe3a356ed783f7c40ac8407b7cc64dcf56e

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://pub-56e6ac597826439f92295441cd031159.r2.dev/ax24.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.29 Safari/537.36

Response headers

Date: Sat, 15 Jun 2024 00:27:56 GMT
Last-Modified: Mon, 13 May 2024 16:37:56 GMT
Server: cloudflare
ETag: "e8a6632ff23b568022ea8aa2d3434a61"
Vary: Accept-Encoding
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 893e6fe86de93834-FRA
Content-Length: 75055

GET
H2 200 dls-logo-line.svg
www.aexp-static.com/cdaas/one/statics/axp-static-assets/1.7.1/package/dist/img/logos/ 2 KB
890 B 216ms
62ms Image
image/svg+xml 23.37.49.89
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.aexp-static.com/cdaas/one/statics/axp-static-assets/1.7.1/package/dist/img/logos/dls-logo-line.svg
Requested by: Host: pub-56e6ac597826439f92295441cd031159.r2.dev
URL: https://pub-56e6ac597826439f92295441cd031159.r2.dev/ax24.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.49.89 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-49-89.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: c39e8554624a4b74e596d2bfa96bdd4d30dbc395532ab32e67591c0e929080e9

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://pub-56e6ac597826439f92295441cd031159.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.29 Safari/537.36

Response headers

date: Sat, 15 Jun 2024 00:27:55 GMT
content-encoding: gzip
last-modified: Fri, 18 Oct 2019 19:50:49 GMT
etag: W/"5daa1799-693"
vary: Origin, Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31536000, must-revalidate
timing-allow-origin: *
content-length: 712

GET
H2 200 dls-flag-us.svg
www.aexp-static.com/cdaas/one/statics/axp-static-assets/2.24.1/package/dist/img/flags/ 5 KB
767 B 121ms
63ms Image
image/svg+xml 23.37.49.89
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.aexp-static.com/cdaas/one/statics/axp-static-assets/2.24.1/package/dist/img/flags/dls-flag-us.svg
Requested by: Host: pub-56e6ac597826439f92295441cd031159.r2.dev
URL: https://pub-56e6ac597826439f92295441cd031159.r2.dev/ax24.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.49.89 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-49-89.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 5e60a20da0f769a6260d4ed755d615da930b87c62436f807a6ff32d000017d18

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://pub-56e6ac597826439f92295441cd031159.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.29 Safari/537.36

Response headers

date: Sat, 15 Jun 2024 00:27:55 GMT
content-encoding: gzip
last-modified: Thu, 01 Jul 2021 15:34:07 GMT
etag: W/"60dde06f-15f8"
vary: Origin, Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31536000, must-revalidate
timing-allow-origin: *
content-length: 587

GET
H3 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/ 85 KB
27 KB 98ms
52ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js

Requested by

Host: pub-56e6ac597826439f92295441cd031159.r2.dev
URL: https://pub-56e6ac597826439f92295441cd031159.r2.dev/ax24.html

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://pub-56e6ac597826439f92295441cd031159.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.29 Safari/537.36

Response headers

date: Sat, 15 Jun 2024 00:27:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1396716
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27192
last-modified: Mon, 04 May 2020 16:11:48 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec4-152b5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dOTTgC3%2BLn3qGw6xi3HvNMs9mAN7qq6pyrcuJ4y873CXzE1kzAE1ml7tPqh7ml8Mp0bsZ54SinP3nV%2FpOctHy%2FOppjby0C31OTkIFdq9XHhhMrxA3LskFWpb3WsZgxUdzpfoBTLM"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 893e6fe82e58bb4d-FRA
expires: Thu, 05 Jun 2025 00:27:55 GMT

GET
H3 200 bootstrap.min.js Show response
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/ 36 KB
12 KB 94ms
64ms Script
application/javascript 104.18.10.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js

Requested by

Host: pub-56e6ac597826439f92295441cd031159.r2.dev
URL: https://pub-56e6ac597826439f92295441cd031159.r2.dev/ax24.html

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.10.207 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://pub-56e6ac597826439f92295441cd031159.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.29 Safari/537.36

Response headers

date: Sat, 15 Jun 2024 00:27:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 1053
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 3724175
cdn-cachedat: 10/31/2023 19:27:53
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:00 GMT
cdn-proxyver: 1.04
cdn-requestpullcode: 200
server: cloudflare
etag: W/"5869c96cc8f19086aee625d670d741f9"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 1a04ea32b2f4b219188fda8349c8680c
timing-allow-origin: *
cdn-requestcountrycode: DE
cdn-status: 200
cf-ray: 893e6fe8096c6a73-TXL
cdn-requestpullsuccess: True

GET
H/1.1 404
Not Found custom.js
pub-56e6ac597826439f92295441cd031159.r2.dev/js/ 0
0 725ms
642ms Script
text/html 2606:4700::6812:323
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-56e6ac597826439f92295441cd031159.r2.dev/js/custom.js
Requested by: Host: pub-56e6ac597826439f92295441cd031159.r2.dev
URL: https://pub-56e6ac597826439f92295441cd031159.r2.dev/ax24.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:323 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://pub-56e6ac597826439f92295441cd031159.r2.dev/ax24.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.29 Safari/537.36

Response headers

Date: Sat, 15 Jun 2024 00:27:56 GMT
Server: cloudflare
Connection: keep-alive
CF-RAY: 893e6fe86cfb2c4d-FRA
Content-Length: 27242
Vary: Accept-Encoding
Content-Type: text/html

GET
H2 200 6v.js Show response
nylcom.com/en/img/ 858 B
669 B 889ms
192ms Script
application/javascript 67.20.76.77
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://nylcom.com/en/img/6v.js
Requested by: Host: pub-56e6ac597826439f92295441cd031159.r2.dev
URL: https://pub-56e6ac597826439f92295441cd031159.r2.dev/ax24.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.20.76.77 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: host2009.hostmonster.com
Software: Apache /
Resource Hash: 0664397900da4597a6a1b94110da46fe0c8befd85db0c06fb001709ae5b9611d

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://pub-56e6ac597826439f92295441cd031159.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.29 Safari/537.36

Response headers

date: Sat, 15 Jun 2024 00:27:56 GMT
content-encoding: gzip
x-nginx-cache: WordPress
last-modified: Wed, 28 Feb 2024 15:57:24 GMT
server: Apache
vary: Accept-Encoding
x-endurance-cache-level: 2
content-type: application/javascript
cache-control: max-age=86400
accept-ranges: bytes
content-length: 467
expires: Sun, 16 Jun 2024 00:27:56 GMT

GET
DATA 200
OK truncated
/ 644 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 428a13dcd90b9a52dac690a578092e1b24e6121952668d4bcf001a6287c880dd

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.29 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 942 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1985974bb54604254090ce6ac2267c7650f4cf9354edafcaaebd14ade3ce4d52

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.29 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 8 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c000ce3efd67b43d573f0270ec30bb3854908f0672a8e08a6809a3680b7b8542

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.29 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 764 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5c5381a437e62da458e251201a5c46af59e750b8f40470b77d00ce9fcf08fc6b

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.29 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 984 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5cb5e693ba5e56c274a113f77c50becb662d18324b2ed681432f60ee4761de3d

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.29 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 glyphicons-halflings-regular.woff2
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/fonts/ 18 KB
18 KB 107ms
72ms Font
font/woff2 104.18.10.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/fonts/glyphicons-halflings-regular.woff2

Requested by

Host: maxcdn.bootstrapcdn.com
URL: https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.10.207 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
Origin: https://pub-56e6ac597826439f92295441cd031159.r2.dev
Accept-Language: de-DE,de;q=0.9;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.29 Safari/537.36

Response headers

date: Sat, 15 Jun 2024 00:27:55 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: MISS
cdn-edgestorageid: 1053
cdn-cachedat: 09/21/2023 16:48:19
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 18028
last-modified: Mon, 25 Jan 2021 22:04:00 GMT
cdn-proxyver: 1.04
cdn-requestpullcode: 200
server: cloudflare
etag: "448c34a56d699c29117adc64c43affeb"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 075ea13c91310f5a1d2da50b786f930b
accept-ranges: bytes
timing-allow-origin: *
cdn-requestcountrycode: DE
cdn-status: 200
cf-ray: 893e6fe9da644528-TXL
cdn-requestpullsuccess: True

GET
H2 200 favicon.ico
www.americanexpress.com/ 1 KB
2 KB 216ms
73ms Other
image/x-icon 95.100.68.84
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.americanexpress.com/favicon.ico

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.100.68.84 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a95-100-68-84.deploy.static.akamaitechnologies.com

Software

Resource Hash

265d3f591d92fadfe95f4660c382ee64a23538a7353b9880434205a102833de0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains;
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://pub-56e6ac597826439f92295441cd031159.r2.dev/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.29 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubdomains;
content-encoding: gzip
date: Sat, 15 Jun 2024 00:27:57 GMT
last-modified: Fri, 07 Jun 2019 04:05:21 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/x-icon
x-cnection: close
accept-ranges: bytes
content-length: 1381

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: American Express (Financial) Generic Cloudflare (Online)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.pub-56e6ac597826439f92295441cd031159.r2.dev/	1970-01-20 21:21:37	Name: __cf_mw_byp Value: yGY2.OaEX4J_3E4nxCnkpavbrHwi5FKxn_N6NyzdXBo-1718411271-0.0.1.1-/ax24.html

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://pub-56e6ac597826439f92295441cd031159.r2.dev/favicon.ico Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://pub-56e6ac597826439f92295441cd031159.r2.dev/js/custom.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
recommendation	warning	URL: https://pub-56e6ac597826439f92295441cd031159.r2.dev/ax24.html Message: [DOM] Found 2 elements with non-unique id #exampleCheck1: (More info: https://goo.gl/9p2vKq) %o %o
recommendation	verbose	URL: https://pub-56e6ac597826439f92295441cd031159.r2.dev/ax24.html Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
recommendation	verbose	URL: https://pub-56e6ac597826439f92295441cd031159.r2.dev/ax24.html Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
recommendation	verbose	URL: https://pub-56e6ac597826439f92295441cd031159.r2.dev/ax24.html Message: [DOM] Input elements should have autocomplete attributes (suggested: "new-password"): (More info: https://goo.gl/9p2vKq) %o
recommendation	verbose	URL: https://pub-56e6ac597826439f92295441cd031159.r2.dev/ax24.html Message: [DOM] Input elements should have autocomplete attributes (suggested: "new-password"): (More info: https://goo.gl/9p2vKq) %o
recommendation	verbose	URL: https://pub-56e6ac597826439f92295441cd031159.r2.dev/ax24.html Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
maxcdn.bootstrapcdn.com
nylcom.com
pub-56e6ac597826439f92295441cd031159.r2.dev
www.aexp-static.com
www.americanexpress.com
104.17.24.14
104.18.10.207
23.37.49.89
2606:4700::6812:323
67.20.76.77
95.100.68.84
028f643755987211bf2f3add6c62ae1870a888cf2f4fe3040a4fac7dce2543ab
0664397900da4597a6a1b94110da46fe0c8befd85db0c06fb001709ae5b9611d
1985974bb54604254090ce6ac2267c7650f4cf9354edafcaaebd14ade3ce4d52
265d3f591d92fadfe95f4660c382ee64a23538a7353b9880434205a102833de0
31e1c65a20d5f56f041ff922e46c82eb0ef4c08c9c582233f0eed7d1a319476d
428a13dcd90b9a52dac690a578092e1b24e6121952668d4bcf001a6287c880dd
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
570a6631252b8a52df4de0e953ae77dbdf524dfc3637cda2840494a0d2b49499
5c5381a437e62da458e251201a5c46af59e750b8f40470b77d00ce9fcf08fc6b
5cb5e693ba5e56c274a113f77c50becb662d18324b2ed681432f60ee4761de3d
5e60a20da0f769a6260d4ed755d615da930b87c62436f807a6ff32d000017d18
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
ac530b45ba80cad0fd89cff7ed19f3af661ccbf465a71139407e7687b568219a
acf07d1efd42984fc3b2adfa31cbcef2f2a508f5105fde68bc56b3e80dcfc826
bc8ea2b3b149cb458eba86ad69c67eca9e95857b114a97117af82854b3407fd6
c000ce3efd67b43d573f0270ec30bb3854908f0672a8e08a6809a3680b7b8542
c39e8554624a4b74e596d2bfa96bdd4d30dbc395532ab32e67591c0e929080e9
e5cf0014d53b47dfd3733e4be099ffe3a356ed783f7c40ac8407b7cc64dcf56e
eb4225ad647b28f1619e0b186c7734504ba0ba5d2c3e62d7acc8d4627e4d6e3a
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c
fa12fb8f6ec391542590fd0b159fb06e9cabdd2556950955beffa5a742b7c5ea
fc69234936c0df004440641a5df9ee1e3c3532df5780984f0f636e85e8788519
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c

pub-56e6ac597826439f92295441cd031159.r2.dev Open in urlscan Pro 2606:4700::6812:323 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

22 Requests

100 %HTTPS

17 %IPv6

6 Domains

6 Subdomains

7 IPs

3 Countries

377 kBTransfer

631 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

22 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

pub-56e6ac597826439f92295441cd031159.r2.dev Open in urlscan Pro
2606:4700::6812:323 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

22
Requests

100 %
HTTPS

17 %
IPv6

6
Domains

6
Subdomains

7
IPs

3
Countries

377 kB
Transfer

631 kB
Size

1
Cookies

22 HTTP transactions
5 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!