usmk.nzrwgp.cyou Open in urlscan Pro
2606:4700:3032::ac43:cd07 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://usmk.nzrwgp.cyou/
Effective URL:
https://usmk.nzrwgp.cyou/df0fc7/Ik2H0UAtA_bAPsXrNhwAAubCs?JgA3c-gA-S/AwthAnqVaIMPPe0AE_/AAErXT2AA4?HbPN0AXt9lA
Submission: On May 29 via manual (May 29th 2024, 3:24:17 pm UTC) from US — Scanned from DE

Summary HTTP 37 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 1 countries across 2 domains to perform 37 HTTP transactions. The main IP is 2606:4700:3032::ac43:cd07, located in United States and belongs to CLOUDFLARENET, US. The main domain is usmk.nzrwgp.cyou.
TLS certificate: Issued by E1 on May 21st 2024. Valid for: 3 months.

This is the only time usmk.nzrwgp.cyou was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: USPS (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1 2	2606:4700:303... 2606:4700:3032::ac43:cd07	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a04:4e42::649 2a04:4e42::649	54113 (FASTLY) (FASTLY)
18	172.67.205.7 172.67.205.7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
37	4

2 2606:4700:3032::ac43:cd07 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

usmk.nzrwgp.cyou	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 172.67.205.7 (United States)

ASN13335 (CLOUDFLARENET, US)

usmk.nzrwgp.cyou	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
20	nzrwgp.cyou 1 redirects usmk.nzrwgp.cyou	53 KB
2	jquery.com code.jquery.com — Cisco Umbrella Rank: 776	30 KB
37	2

	Domain	Requested by
20	usmk.nzrwgp.cyou	1 redirects usmk.nzrwgp.cyou code.jquery.com
2	code.jquery.com	usmk.nzrwgp.cyou
37	2

This site contains no links.

Subject Issuer	Validity	Valid
nzrwgp.cyou E1	`2024-05-21` - `2024-08-19`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://usmk.nzrwgp.cyou/df0fc7/Ik2H0UAtA_bAPsXrNhwAAubCs?JgA3c-gA-S/AwthAnqVaIMPPe0AE_/AAErXT2AA4?HbPN0AXt9lA
Frame ID: 63C48B5C48FF5A0BBC921032CD17E53D
Requests: 37 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://usmk.nzrwgp.cyou/ HTTP 307
https://usmk.nzrwgp.cyou/ HTTP 307
http://usmk.nzrwgp.cyou/ HTTP 307
https://usmk.nzrwgp.cyou/ HTTP 302
https://usmk.nzrwgp.cyou/df0fc7/Ik2H0UAtA_bAPsXrNhwAAubCs?JgA3c-gA-S/AwthAnqVaIMPPe0AE_/AAErXT2AA4?Hb... Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

37
Requests

57 %
HTTPS

67 %
IPv6

2
Domains

2
Subdomains

4
IPs

1
Countries

82 kB
Transfer

374 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://usmk.nzrwgp.cyou/ HTTP 307
https://usmk.nzrwgp.cyou/ HTTP 307
http://usmk.nzrwgp.cyou/ HTTP 307
https://usmk.nzrwgp.cyou/ HTTP 302
https://usmk.nzrwgp.cyou/df0fc7/Ik2H0UAtA_bAPsXrNhwAAubCs?JgA3c-gA-S/AwthAnqVaIMPPe0AE_/AAErXT2AA4?HbPN0AXt9lA Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

37 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request Ik2H0UAtA_bAPsXrNhwAAubCs Show response usmk.nzrwgp.cyou/df0fc7/ Redirect Chain http://usmk.nzrwgp.cyou/ https://usmk.nzrwgp.cyou/ http://usmk.nzrwgp.cyou/ https://usmk.nzrwgp.cyou/ https://usmk.nzrwgp.cyou/df0fc7/Ik2H0UAtA_bAPsXrNhwAAubCs?JgA3c-gA-S/AwthAnqVaIMPPe0AE_/AAErXT2AA4?HbPN0AXt9lA	3 KB 1 KB	319ms 318ms	Document text/html	2606:4700:3032::ac43:cd07 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://usmk.nzrwgp.cyou/df0fc7/Ik2H0UAtA_bAPsXrNhwAAubCs?JgA3c-gA-S/AwthAnqVaIMPPe0AE_/AAErXT2AA4?HbPN0AXt9lA Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3032::ac43:cd07 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / ASP.NET Resource Hash `cd24f3e6e19416f7b60e0d19ffcb35340ad8fb1f39b2acdee72072862b1dfdcd` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Response headers alt-svc h3=":443"; ma=86400 cache-control private cf-cache-status DYNAMIC cf-ray 88b77d746f0d9742-FRA content-encoding br content-type text/html; charset=utf-8 date Wed, 29 May 2024 15:24:13 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Fo0SJrOATPWwNNLFZk6t0nochIlt7mTrAfp7btBYsHOpoPJVikk%2F%2Fda%2FoR8YpuCmaUgf06CsBTR3vRwLGEklUFu3I5zD7CGTaB1XUvLMHpVGBiAfxVyh1XbrpNrYILtibNdADDUudfzoUs2jjXD2"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding x-aspnet-version 4.0.30319 x-aspnetmvc-version 5.2 x-powered-by ASP.NET Redirect headers alt-svc h3=":443"; ma=86400 cache-control private cf-cache-status DYNAMIC cf-ray 88b77d65da119742-FRA content-type text/html; charset=utf-8 date Wed, 29 May 2024 15:24:12 GMT location /df0fc7/Ik2H0UAtA_bAPsXrNhwAAubCs?JgA3c-gA-S/AwthAnqVaIMPPe0AE_/AAErXT2AA4?HbPN0AXt9lA nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uXVZvW%2BfaNuD3GBtCAaESDcq6bqiBBdpM%2BvEDwdedQ4DppLn9DR5Gxwl%2FIKLkWe%2B6NNWRz3Gog%2B83kOlEYpDvX%2BxFX4BmgDqFdYDuDDIooUptr9fLX%2FwcpI0tOBHz8iTZC3cfqLmIlcQVnSws9p6"}],"group":"cf-nel","max_age":604800} server cloudflare x-aspnet-version 4.0.30319 x-aspnetmvc-version 5.2 x-powered-by ASP.NET
GET H2	200	jquery-3.0.0.min.js Show response code.jquery.com/	84 KB 30 KB	151ms 48ms	Script application/javascript	2a04:4e42::649 FASTLY
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.0.0.min.js Requested by Host: usmk.nzrwgp.cyou URL: https://usmk.nzrwgp.cyou/df0fc7/Ik2H0UAtA_bAPsXrNhwAAubCs?JgA3c-gA-S/AwthAnqVaIMPPe0AE_/AAErXT2AA4?HbPN0AXt9lA Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42::649 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash `266bcea0bb58b26aa5b16c5aee60d22ccc1ae9d67daeb21db6bad56119c3447d` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://usmk.nzrwgp.cyou/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 29 May 2024 15:24:13 GMT content-encoding gzip via 1.1 varnish, 1.1 varnish age 22194054 x-cache HIT, HIT content-length 29995 x-served-by cache-lga13625-LGA, cache-mxp6967-MXP last-modified Fri, 18 Oct 1991 12:00:00 GMT server nginx x-timer S1716996253.294189,VS0,VE0 etag W/"28feccc0-15145" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=604800 accept-ranges bytes x-cache-hits 21, 3912
GET H3	200	Iod56SPlAAABAbJ1ryA56yaoZGHAxS7 Show response usmk.nzrwgp.cyou/df0fc7/	5 KB 3 KB	963ms 962ms	Script application/javascript	172.67.205.7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://usmk.nzrwgp.cyou/df0fc7/Iod56SPlAAABAbJ1ryA56yaoZGHAxS7?A-b/Ak5EyG8-yA4SzX/4St6gGArtIAs_APTAcLH7AF.js Requested by Host: usmk.nzrwgp.cyou URL: https://usmk.nzrwgp.cyou/df0fc7/Ik2H0UAtA_bAPsXrNhwAAubCs?JgA3c-gA-S/AwthAnqVaIMPPe0AE_/AAErXT2AA4?HbPN0AXt9lA Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.205.7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / ASP.NET Resource Hash `bb8206216bc3ec32298afaa8607498ab18c45fd1a8e675ff2019d4c7d09d6f8a` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://usmk.nzrwgp.cyou/df0fc7/Ik2H0UAtA_bAPsXrNhwAAubCs?JgA3c-gA-S/AwthAnqVaIMPPe0AE_/AAErXT2AA4?HbPN0AXt9lA Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 29 May 2024 15:24:14 GMT content-encoding gzip cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by ASP.NET vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2zb5Qprhs7KexvKE1lOsx2uWfrn3LKoyTE0%2FD5zvjHAayVSfPEKNKdIbC81TUjCJQSMayN9UF89G2uEVevOLK%2FRmnVX8gXjp0IFbpb62P3cDaaDScbqlWW8qI6XG9sx79SZ1"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 cf-ray 88b77d766ca31b36-FRA alt-svc h3=":443"; ma=86400 content-length 2957
POST H3	200	0NSvYHNuAAAhAZDe4SAwni5xGoUATYp Show response usmk.nzrwgp.cyou/df0fc7/	16 B 594 B	831ms 831ms	XHR application/json	172.67.205.7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://usmk.nzrwgp.cyou/df0fc7/0NSvYHNuAAAhAZDe4SAwni5xGoUATYp?A/gkA8TEFClziA5B3n4/zrRghA9fIAspAiaA_QHCAo Requested by Host: code.jquery.com URL: https://code.jquery.com/jquery-3.0.0.min.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.205.7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / ASP.NET Resource Hash `c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Accept / Referer https://usmk.nzrwgp.cyou/df0fc7/Ik2H0UAtA_bAPsXrNhwAAubCs?JgA3c-gA-S/AwthAnqVaIMPPe0AE_/AAErXT2AA4?HbPN0AXt9lA X-Requested-With XMLHttpRequest sec-ch-ua-platform "Win32" Response headers date Wed, 29 May 2024 15:24:14 GMT content-encoding gzip x-aspnetmvc-version 5.2 cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-aspnet-version 4.0.30319 server cloudflare x-powered-by ASP.NET report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6npF83y%2B38MHuZSnQzYSHHP%2FOlv4MjF7%2Baj3gnYpgFn1iWyjCGJgYzFdD%2Ft3V9%2FC2Mt9z5RL7%2BtgqEwRM8uWD2PMh6PO0vuBOcuZzc%2FwBaezFSbK6gJIYjOVnVduuDO9F4Kl"}],"group":"cf-nel","max_age":604800} content-type application/json; charset=utf-8 cache-control private cf-ray 88b77d7c7da91b36-FRA alt-svc h3=":443"; ma=86400 content-length 36
GET H3	200	7IPAAIAA usmk.nzrwgp.cyou/df0fc7/	31 KB 6 KB	978ms 978ms	Other image/x-icon	172.67.205.7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://usmk.nzrwgp.cyou/df0fc7/7IPAAIAA?yoC?AX5A90wAZA4HN/AAAN8/sYA5EqAzOGAXEqr7EhU9A.ico Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.205.7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / ASP.NET Resource Hash `67fbe8ef9020e5c776aadf6801a1fef8dc563e2e4dc9ddc740af8010c0c38943` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://usmk.nzrwgp.cyou/df0fc7/Ik2H0UAtA_bAPsXrNhwAAubCs?JgA3c-gA-S/AwthAnqVaIMPPe0AE_/AAErXT2AA4?HbPN0AXt9lA Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 29 May 2024 15:24:15 GMT content-encoding br cf-cache-status DYNAMIC last-modified Thu, 30 Nov 2023 12:13:25 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"8d495b9e8623da1:0" x-powered-by ASP.NET vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zer1h%2FF4vqT5OOfCSIFIunHSLJEXRm8YTPPK8YFu9Ok%2F%2FjU6H3NccaZ4c7WjIhtKTCFeGeC0dBO7qkreARCYb%2BcbjxHCDEwZW4rP6ot3uz11g%2BrI4uOz00oi4Z4xvneKrSxp"}],"group":"cf-nel","max_age":604800} content-type image/x-icon cf-ray 88b77d7c7dac1b36-FRA alt-svc h3=":443"; ma=86400
POST H3	200	AVAaXnAifA-Bv3OtAEu Show response usmk.nzrwgp.cyou/df0fc7/A4HogVAAwFAsIqA4lJAcPAPF/AQAvt/	14 B 489 B	253ms 253ms	XHR application/json	172.67.205.7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://usmk.nzrwgp.cyou/df0fc7/A4HogVAAwFAsIqA4lJAcPAPF/AQAvt/AVAaXnAifA-Bv3OtAEu Requested by Host: code.jquery.com URL: https://code.jquery.com/jquery-3.0.0.min.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.205.7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / ASP.NET Resource Hash `34a3c185e0269cb9dc4c0ab13a9abf104b5656422c8cbab7e8cda689e61c5e93` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Accept application/json, text/javascript, /; q=0.01 Referer https://usmk.nzrwgp.cyou/df0fc7/Ik2H0UAtA_bAPsXrNhwAAubCs?JgA3c-gA-S/AwthAnqVaIMPPe0AE_/AAErXT2AA4?HbPN0AXt9lA X-Requested-With XMLHttpRequest sec-ch-ua-platform "Win32" Response headers date Wed, 29 May 2024 15:24:15 GMT x-aspnetmvc-version 5.2 cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-aspnet-version 4.0.30319 server cloudflare x-powered-by ASP.NET report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xiuPkEnFPMpKaCVgj0t9mGHZdm%2FWvokzYZEa6ghRpGvRCk4rDTlCTfUf%2B%2BkBFHS%2BzCxC9f9gu1hfDSHlOnFRwaABSBfmVRc6%2F2JWpUOHrMzoiG6e6aFCPuYU416l7dtylHsw"}],"group":"cf-nel","max_age":604800} content-type application/json; charset=utf-8 cache-control private cf-ray 88b77d82bedd1b36-FRA alt-svc h3=":443"; ma=86400 content-length 14
GET H3	200	FNOAAIAA Show response usmk.nzrwgp.cyou/df0fc7/	141 KB 24 KB	478ms 474ms	XHR text/html	172.67.205.7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://usmk.nzrwgp.cyou/df0fc7/FNOAAIAA?8DM?AHGAz7QAbA4Ht/ACBeg/s6AUEIAX51AHEsfr-NZcA Requested by Host: code.jquery.com URL: https://code.jquery.com/jquery-3.0.0.min.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.205.7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / ASP.NET Resource Hash `896ede122b30232c4ceef0e0c6ecda8e2a68586d5f63c1def2d9bd528a2f2ff4` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Accept / Referer https://usmk.nzrwgp.cyou/df0fc7/Ik2H0UAtA_bAPsXrNhwAAubCs?JgA3c-gA-S/AwthAnqVaIMPPe0AE_/AAErXT2AA4?HbPN0AXt9lA X-Requested-With XMLHttpRequest sec-ch-ua-platform "Win32" Response headers date Wed, 29 May 2024 15:24:15 GMT content-encoding br x-aspnetmvc-version 5.2 cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-aspnet-version 4.0.30319 server cloudflare x-powered-by ASP.NET vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BoszsxRniO%2Bk3115oLbKJGaAYAYNX0Gf%2FXQxM1UoQQcjSxtROxhXTPaMRchwhl4RWPi%2BqD4s4WE5ofyaiHqvbOVuVYMdQdn76M582na75ItLCJhoD6MS%2Bi%2FGtCOtbbNyCx2M"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=utf-8 cache-control private cf-ray 88b77d8458f21b36-FRA alt-svc h3=":443"; ma=86400
GET H3	200	34 usmk.nzrwgp.cyou/df0fc7/	3 KB 2 KB	1735ms 1735ms	Stylesheet text/css	172.67.205.7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://usmk.nzrwgp.cyou/df0fc7/34?iCxedQmAF26A_64mm9vOwAdyAWLATnHMsAAeMI_u/JRYb5ArwgwgkXiDJA/AT6CObvrjifEgPa4EFL1Ac5AAANW7hETAA8b.css Requested by Host: usmk.nzrwgp.cyou URL: https://usmk.nzrwgp.cyou/df0fc7/Iod56SPlAAABAbJ1ryA56yaoZGHAxS7?A-b/Ak5EyG8-yA4SzX/4St6gGArtIAs_APTAcLH7AF.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.205.7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / ASP.NET Resource Hash `a7d943ad938b415e24a1a577d86992bf1046b007df99d1adac6a51af926da708` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://usmk.nzrwgp.cyou/df0fc7/Ik2H0UAtA_bAPsXrNhwAAubCs?JgA3c-gA-S/AwthAnqVaIMPPe0AE_/AAErXT2AA4?HbPN0AXt9lA Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 29 May 2024 15:24:17 GMT content-encoding gzip cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by ASP.NET vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P%2FeavlmwtbbziIQsAfVkN6bua%2F8SOM3ZtBXL6FgnQMrGYs6pV%2BVEonAyB2OITMT997tG0SKXtV39HYb30B6QLXZCG7U7R%2FWiK%2BbL%2FFuCByuKYIS3fr%2BfpZdtgHVDBQQW0p%2B2"}],"group":"cf-nel","max_age":604800} content-type text/css; charset=utf-8 cf-ray 88b77d883e6a1b36-FRA alt-svc h3=":443"; ma=86400 content-length 1220
GET		34 usmk.nzrwgp.cyou/df0fc7/	0 0

GET H3	200	34 usmk.nzrwgp.cyou/df0fc7/	1 KB 1 KB	1736ms 1736ms	Stylesheet text/css	172.67.205.7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://usmk.nzrwgp.cyou/df0fc7/34?6CSWdrmAFEFA_66mm9gRoAhyASLATnHRsAAeMI_s/fFAnzAb-9w-KXYpmAAT6S_a/6rNsfEg38EiQF1AOdAAARW7YEDBA2m.css Requested by Host: usmk.nzrwgp.cyou URL: https://usmk.nzrwgp.cyou/df0fc7/Iod56SPlAAABAbJ1ryA56yaoZGHAxS7?A-b/Ak5EyG8-yA4SzX/4St6gGArtIAs_APTAcLH7AF.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.205.7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / ASP.NET Resource Hash `4eea0024561238ba7b2c33f11e9122b0a1431095bd931bc8675b2b790fd012ef` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://usmk.nzrwgp.cyou/df0fc7/Ik2H0UAtA_bAPsXrNhwAAubCs?JgA3c-gA-S/AwthAnqVaIMPPe0AE_/AAErXT2AA4?HbPN0AXt9lA Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 29 May 2024 15:24:17 GMT content-encoding gzip cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by ASP.NET vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SA%2Bi1ej%2Fe7aQFEccNyFr7k%2Bw5QPMVbKWr8Eu7ID0lxXOqXCpfzejfJA9GYhbBup5W55eg4pan0D2CG1M1S8zzTITV4wcHl5BlPoPzTmfFWcKI16CDJmxq60x%2FvoAoQpHJzTa"}],"group":"cf-nel","max_age":604800} content-type text/css; charset=utf-8 cf-ray 88b77d883e6e1b36-FRA alt-svc h3=":443"; ma=86400 content-length 716
GET H3	200	34 usmk.nzrwgp.cyou/df0fc7/	2 KB 1 KB	1751ms 1751ms	Stylesheet text/css	172.67.205.7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://usmk.nzrwgp.cyou/df0fc7/34?LCtUYQmAFHPA_6mmm90fTAfyAKLATnHOsAAeMI_7/e8gwTAt2iw9MXc4vA/AT6lmuqrfcGEgtrmwZa1A3FAAAPW7xEjSA7j.css Requested by Host: usmk.nzrwgp.cyou URL: https://usmk.nzrwgp.cyou/df0fc7/Iod56SPlAAABAbJ1ryA56yaoZGHAxS7?A-b/Ak5EyG8-yA4SzX/4St6gGArtIAs_APTAcLH7AF.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.205.7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / ASP.NET Resource Hash `faf2df4a94681db80bdb3b0c1108b19ed1a4dbcc7fb05859de784d0a8405acd4` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://usmk.nzrwgp.cyou/df0fc7/Ik2H0UAtA_bAPsXrNhwAAubCs?JgA3c-gA-S/AwthAnqVaIMPPe0AE_/AAErXT2AA4?HbPN0AXt9lA Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 29 May 2024 15:24:17 GMT content-encoding gzip cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by ASP.NET vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=31M9wJvk9s4Z%2FAVY%2FT1WbYnCiQ2Asnx8Csaoes%2Bj%2F0N5q%2FErEz2kR1y49Jow4oDF1zGlik9Jm4dTaq88MF7Cat3D6eN3zxnY0CjBQEBMTaeu7xPq8C083s0DiK3fziE%2Bh4C1"}],"group":"cf-nel","max_age":604800} content-type text/css; charset=utf-8 cf-ray 88b77d883e701b36-FRA alt-svc h3=":443"; ma=86400 content-length 900
GET H2	200	jquery-3.0.0.min.js Show response code.jquery.com/	84 KB 0	0ms 0ms	Script application/javascript	2a04:4e42::649 FASTLY
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.0.0.min.js Requested by Host: usmk.nzrwgp.cyou URL: https://usmk.nzrwgp.cyou/df0fc7/Iod56SPlAAABAbJ1ryA56yaoZGHAxS7?A-b/Ak5EyG8-yA4SzX/4St6gGArtIAs_APTAcLH7AF.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42::649 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash `266bcea0bb58b26aa5b16c5aee60d22ccc1ae9d67daeb21db6bad56119c3447d` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://usmk.nzrwgp.cyou/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" sec-ch-ua-platform "Win32" Response headers date Wed, 29 May 2024 15:24:13 GMT content-encoding gzip via 1.1 varnish, 1.1 varnish age 22194054 x-cache HIT, HIT content-length 29995 x-served-by cache-lga13625-LGA, cache-mxp6967-MXP last-modified Fri, 18 Oct 1991 12:00:00 GMT server nginx x-timer S1716996253.294189,VS0,VE0 etag W/"28feccc0-15145" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=604800 accept-ranges bytes x-cache-hits 21, 3912
GET H3	200	34 usmk.nzrwgp.cyou/df0fc7/	3 KB 2 KB	1710ms 1709ms	Image image/svg+xml	172.67.205.7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://usmk.nzrwgp.cyou/df0fc7/34?sC46bZmAFfMA_6ymm9Ly6A7yAJLATnHtsAAeMI_T/fTOO3AmVywKoXBImA/AT6cY_wr1y1Eg8KLdNi1A0-AAA6W7GET-A1_.svg Requested by Host: usmk.nzrwgp.cyou URL: https://usmk.nzrwgp.cyou/df0fc7/Iod56SPlAAABAbJ1ryA56yaoZGHAxS7?A-b/Ak5EyG8-yA4SzX/4St6gGArtIAs_APTAcLH7AF.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.205.7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / ASP.NET Resource Hash `4b5aaf0dc8f59e71849219fae0a225aeb3914bebcc363753f22b5713627b0094` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://usmk.nzrwgp.cyou/df0fc7/Ik2H0UAtA_bAPsXrNhwAAubCs?JgA3c-gA-S/AwthAnqVaIMPPe0AE_/AAErXT2AA4?HbPN0AXt9lA Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 29 May 2024 15:24:17 GMT content-encoding br cf-cache-status DYNAMIC last-modified Sun, 12 May 2024 10:05:56 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"cd9685fb53a4da1:0" x-powered-by ASP.NET vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jboH22svqpVILmytqB3rQTGGM3u7qPQQbcv40VJRzRWk3O0RtZnrv5Ck2WJansVo6VjVAYgN3rTJhZJ0Xhwt7IdpaR19LHVR%2F%2Fn67HMMh9vWQh2Jj0prqaZz1R%2Fpw6SFWcv%2B"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cf-ray 88b77d883e721b36-FRA alt-svc h3=":443"; ma=86400
GET H3	200	34 usmk.nzrwgp.cyou/df0fc7/	546 B 742 B	1692ms 1691ms	Image image/svg+xml	172.67.205.7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://usmk.nzrwgp.cyou/df0fc7/34?xCsoW4mAFIEA_6xmm946jAzyAGLATnHAsAAeMI_d/XlnS6ArzHw8iXE4_A/AT6kD9SrllYEg_JVCeZ1AmOAAAXW7xEjmAQB.svg Requested by Host: usmk.nzrwgp.cyou URL: https://usmk.nzrwgp.cyou/df0fc7/Iod56SPlAAABAbJ1ryA56yaoZGHAxS7?A-b/Ak5EyG8-yA4SzX/4St6gGArtIAs_APTAcLH7AF.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.205.7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / ASP.NET Resource Hash `b95f434286744e3dbaf5bc56f41d4ce2640da3038461502f7ac243a5931e9435` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://usmk.nzrwgp.cyou/df0fc7/Ik2H0UAtA_bAPsXrNhwAAubCs?JgA3c-gA-S/AwthAnqVaIMPPe0AE_/AAErXT2AA4?HbPN0AXt9lA Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 29 May 2024 15:24:17 GMT content-encoding br cf-cache-status DYNAMIC last-modified Sun, 12 May 2024 10:05:56 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"c8bd85fb53a4da1:0" x-powered-by ASP.NET vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Di8i0cgdx2hrI%2BtaYsJxHk5uILlQJwSJUQwiZPuqh42qCaWEadXs%2Ff4AbBy88ODNuvbbwTdRxvToy%2Bya2%2BqYkERh0qUOVPABoBYTWMyDFPhYbWZDwvvvHPntKl0JAzAXANg2"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cf-ray 88b77d883e751b36-FRA alt-svc h3=":443"; ma=86400
GET H3	200	34 usmk.nzrwgp.cyou/df0fc7/	2 KB 1 KB	1819ms 1817ms	Image image/svg+xml	172.67.205.7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://usmk.nzrwgp.cyou/df0fc7/34?FC-ceOmAFokA_61mm9H8qAMyAXLATnHRsAAeMI_9/nAos5A_pOw6WXcjQAAT6O-/YVrF-rEg3q5pvA1A3PAAA3W7OEjaAMm.svg Requested by Host: usmk.nzrwgp.cyou URL: https://usmk.nzrwgp.cyou/df0fc7/Iod56SPlAAABAbJ1ryA56yaoZGHAxS7?A-b/Ak5EyG8-yA4SzX/4St6gGArtIAs_APTAcLH7AF.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.205.7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / ASP.NET Resource Hash `9685d6241f41ac71741d0ee9b242779f640cd3b1e64bb9bbcfb8798c5be503b2` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://usmk.nzrwgp.cyou/df0fc7/Ik2H0UAtA_bAPsXrNhwAAubCs?JgA3c-gA-S/AwthAnqVaIMPPe0AE_/AAErXT2AA4?HbPN0AXt9lA Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 29 May 2024 15:24:17 GMT content-encoding br cf-cache-status DYNAMIC last-modified Sun, 12 May 2024 10:05:56 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"ade485fb53a4da1:0" x-powered-by ASP.NET vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zvo5fkeOWxrTPxZrAXNxUDNb69cRf7AXR2of3%2FcLZ%2F7duPRXSTjBO7mSmVQz70i6%2BUDHOK8RpKxQd%2BynMbcsZWTt%2FruffNbCoAXMbOC9YAd%2FIy0EwW%2BFcU%2BBiixkEw%2F0HQ3c"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cf-ray 88b77d883e771b36-FRA alt-svc h3=":443"; ma=86400
GET H3	200	34 usmk.nzrwgp.cyou/df0fc7/	1 KB 1 KB	1761ms 1759ms	Image image/svg+xml	172.67.205.7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://usmk.nzrwgp.cyou/df0fc7/34?ECUNUZmAFYyA_6omm9ne5AMyAsLATnHEsAAeMI_o/MUoHqAvHnwSeXb0nA/AT6_M3grgYrEgrbaucN1A0OAAAkW78EDlAPv.svg Requested by Host: usmk.nzrwgp.cyou URL: https://usmk.nzrwgp.cyou/df0fc7/Iod56SPlAAABAbJ1ryA56yaoZGHAxS7?A-b/Ak5EyG8-yA4SzX/4St6gGArtIAs_APTAcLH7AF.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.205.7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / ASP.NET Resource Hash `c8b13b10e28b6b420151db578831a416b7c1805d7672eeb57e69dc697fda1e27` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://usmk.nzrwgp.cyou/df0fc7/Ik2H0UAtA_bAPsXrNhwAAubCs?JgA3c-gA-S/AwthAnqVaIMPPe0AE_/AAErXT2AA4?HbPN0AXt9lA Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 29 May 2024 15:24:17 GMT content-encoding br cf-cache-status DYNAMIC last-modified Sun, 12 May 2024 10:05:56 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"697583fb53a4da1:0" x-powered-by ASP.NET vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Jp8PadHYUe%2BRdvDyBAZAvOHpqz9dqka%2BRYyYRqtw2VSJ7iqarIkw9edihDUfBOKuGjhNiRobYqF7wOpl1%2BRQI7%2B2FzOiPrnckm9s3ZbwmaQceQweyxcZ1sZDef4fG%2BJw7OFS"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cf-ray 88b77d883e781b36-FRA alt-svc h3=":443"; ma=86400
GET H3	200	34 usmk.nzrwgp.cyou/df0fc7/	2 KB 1 KB	1843ms 1840ms	Image image/svg+xml	172.67.205.7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://usmk.nzrwgp.cyou/df0fc7/34?UCvDeumAFzaA_65mm9gxQA3yAjLATnHVsAAeMI_I/sVXJeAZ8BwWlXsHjA/AT6w_qtrTQ1EgJbHi-W1AixAAA9W7DEzMA_U.svg Requested by Host: usmk.nzrwgp.cyou URL: https://usmk.nzrwgp.cyou/df0fc7/Iod56SPlAAABAbJ1ryA56yaoZGHAxS7?A-b/Ak5EyG8-yA4SzX/4St6gGArtIAs_APTAcLH7AF.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.205.7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / ASP.NET Resource Hash `58ad849f3ea489d0b2ee4f0dd1e4fd0b613a5248fd6b127a4479646ce4735593` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://usmk.nzrwgp.cyou/df0fc7/Ik2H0UAtA_bAPsXrNhwAAubCs?JgA3c-gA-S/AwthAnqVaIMPPe0AE_/AAErXT2AA4?HbPN0AXt9lA Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 29 May 2024 15:24:17 GMT content-encoding br cf-cache-status DYNAMIC last-modified Sun, 12 May 2024 10:05:56 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"f02185fb53a4da1:0" x-powered-by ASP.NET vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E5za%2FQ5wJubwrTnYyXFltquZcxPIh823RIO51xadSnxsY0uNzOBkBhQIASjosYCoA1ZtP6hY%2B7WW2j7Z4sKDwPKlgjZoUKUCt1IYzSwKrTGzn2aC6DOYl89la7niDsgFpcMX"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cf-ray 88b77d883e791b36-FRA alt-svc h3=":443"; ma=86400
GET H3	200	34 usmk.nzrwgp.cyou/df0fc7/	2 KB 1 KB	1752ms 1750ms	Image image/svg+xml	172.67.205.7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://usmk.nzrwgp.cyou/df0fc7/34?eCNTU1mAFJDA_6rmm9K2NAYyAkLATnHlsAAeMI_c/ZEtKTAC6zwESX4PNA/AT6Tb6FrYrhEgo9NhEb1AfgAAAcW71EjTA3E.svg Requested by Host: usmk.nzrwgp.cyou URL: https://usmk.nzrwgp.cyou/df0fc7/Iod56SPlAAABAbJ1ryA56yaoZGHAxS7?A-b/Ak5EyG8-yA4SzX/4St6gGArtIAs_APTAcLH7AF.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.205.7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / ASP.NET Resource Hash `87f26b59587d5549f99b77e77519bf17b625c6a693931f54f62accac834e6ff1` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://usmk.nzrwgp.cyou/df0fc7/Ik2H0UAtA_bAPsXrNhwAAubCs?JgA3c-gA-S/AwthAnqVaIMPPe0AE_/AAErXT2AA4?HbPN0AXt9lA Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 29 May 2024 15:24:17 GMT content-encoding br cf-cache-status DYNAMIC last-modified Sun, 12 May 2024 10:05:56 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"36ea83fb53a4da1:0" x-powered-by ASP.NET vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zA%2BEdfCIN9rse4hn%2FLr8NnuvFrug0xbCCzHFTIauS8%2BAaRi8kddhRjS6go%2Fg5uFDyXmX%2FnK9lfhfmPeaZC8ZOP0eVIJz3U%2BSsm9EFeL%2Fs05Dr6twJmFS2FJlqMq5bJMDUFCI"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cf-ray 88b77d883e7a1b36-FRA alt-svc h3=":443"; ma=86400
GET H3	200	34 usmk.nzrwgp.cyou/df0fc7/	3 KB 2 KB	1755ms 1753ms	Image image/svg+xml	172.67.205.7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://usmk.nzrwgp.cyou/df0fc7/34?LCt1UJmAFQhA_6Pmm9pkQAKyAfLATnHIsAAeMI_V/r6gPJAXysw72XY-wA/AT6nq-ZrW2BEgwS4rBk1AtsAAALW7jETjAk0.svg Requested by Host: usmk.nzrwgp.cyou URL: https://usmk.nzrwgp.cyou/df0fc7/Iod56SPlAAABAbJ1ryA56yaoZGHAxS7?A-b/Ak5EyG8-yA4SzX/4St6gGArtIAs_APTAcLH7AF.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.205.7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / ASP.NET Resource Hash `87d11356a8f76ef3af3c6d46bc4958cf3746e9a5b69e81d1df952b274319f539` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://usmk.nzrwgp.cyou/df0fc7/Ik2H0UAtA_bAPsXrNhwAAubCs?JgA3c-gA-S/AwthAnqVaIMPPe0AE_/AAErXT2AA4?HbPN0AXt9lA Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 29 May 2024 15:24:17 GMT content-encoding br cf-cache-status DYNAMIC last-modified Sun, 12 May 2024 10:05:56 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"41c383fb53a4da1:0" x-powered-by ASP.NET vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nyDeDVarltRunnuXkZhNuQnPz6%2BVcJCKOG54ogsgNGA5sfdkIAnzXNqT6cWF%2FjiZyJjR%2BGuyKIK3NABOTlUlUOhFQS0asdrNiyeFjBkuGMN%2FFichATnDAvDYiSq21UhpLBIk"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cf-ray 88b77d883e7c1b36-FRA alt-svc h3=":443"; ma=86400
GET H3	200	34 usmk.nzrwgp.cyou/df0fc7/	1 KB 998 B	1714ms 1712ms	Image image/svg+xml	172.67.205.7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://usmk.nzrwgp.cyou/df0fc7/34?sChibUmAFL0A_68mm9fIjAHyAcLATnHysAAeMI_8/A7hNJABqDwb8XM2bA/AT60kINrc3FEgX4hOWb1AsWAAAOW7PEjTARH.svg Requested by Host: usmk.nzrwgp.cyou URL: https://usmk.nzrwgp.cyou/df0fc7/Iod56SPlAAABAbJ1ryA56yaoZGHAxS7?A-b/Ak5EyG8-yA4SzX/4St6gGArtIAs_APTAcLH7AF.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.205.7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / ASP.NET Resource Hash `0b68e5b64999ab2e6d137a1886410cc9e8bed0b3863aacd838a3eb008f2bb516` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://usmk.nzrwgp.cyou/df0fc7/Ik2H0UAtA_bAPsXrNhwAAubCs?JgA3c-gA-S/AwthAnqVaIMPPe0AE_/AAErXT2AA4?HbPN0AXt9lA Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 29 May 2024 15:24:17 GMT content-encoding br cf-cache-status DYNAMIC last-modified Sun, 12 May 2024 10:05:56 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"323884fb53a4da1:0" x-powered-by ASP.NET vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s3RE8UBv8hgr0P36BX21AKnDCXtinpBS%2FIUNSzPcjdFvKwN4HkbKTft4igZfwW4Pbe1QzJ52KyNgnRsjnCJ3HrM9CG2%2FUJn2tb%2FnSsqrrNIcOZ%2BVRHNoLWr2fo0pDJy0QyPc"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cf-ray 88b77d883e7f1b36-FRA alt-svc h3=":443"; ma=86400
GET		34 usmk.nzrwgp.cyou/df0fc7/	0 0

GET H3	200	34 usmk.nzrwgp.cyou/df0fc7/	2 KB 1 KB	1745ms 1743ms	Image image/svg+xml	172.67.205.7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://usmk.nzrwgp.cyou/df0fc7/34?dCz4aNmAFnCA_6mmm95enAuyARLATnHJsAAeMI_o/yqfrtAn01wy3Xp2iA/AT6LKL0rMM2EgtxH5J11AbWAAAdW7PEDoAlx.svg Requested by Host: usmk.nzrwgp.cyou URL: https://usmk.nzrwgp.cyou/df0fc7/Iod56SPlAAABAbJ1ryA56yaoZGHAxS7?A-b/Ak5EyG8-yA4SzX/4St6gGArtIAs_APTAcLH7AF.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.205.7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / ASP.NET Resource Hash `edbb6a59137018b9a8229184aac04a2661787564cdf4484229bee96d7c11e771` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://usmk.nzrwgp.cyou/df0fc7/Ik2H0UAtA_bAPsXrNhwAAubCs?JgA3c-gA-S/AwthAnqVaIMPPe0AE_/AAErXT2AA4?HbPN0AXt9lA Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 29 May 2024 15:24:17 GMT content-encoding br cf-cache-status DYNAMIC last-modified Sun, 12 May 2024 10:05:56 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"155f84fb53a4da1:0" x-powered-by ASP.NET vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oC4ewsvS%2BjpUWCuas9zJ1Ln%2Fu6kIOR3UqZsAgpwPCCPV3X7Epx5JgTd%2FSJiokR1uH%2FyX6JL7WVLZwIw7J%2F96kP5iTF0Ke6DCMWzRr%2FeN0CjmPNhx8VGAbt5hlLOKo9O1SmGJ"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cf-ray 88b77d883e821b36-FRA alt-svc h3=":443"; ma=86400
GET		34 usmk.nzrwgp.cyou/df0fc7/	0 0

GET H3	200	34 usmk.nzrwgp.cyou/df0fc7/	1 KB 1 KB	1714ms 1713ms	Image image/svg+xml	172.67.205.7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://usmk.nzrwgp.cyou/df0fc7/34?sCp7UkmAFRrA_6Tmm9JawA3yACLATnH_sAAeMI_t/JeUMbAce6wc3XRP2A/AT6aqsMr_L6Eg1xdz6P1AEMAAAjW7oEDzAgP.svg Requested by Host: usmk.nzrwgp.cyou URL: https://usmk.nzrwgp.cyou/df0fc7/Iod56SPlAAABAbJ1ryA56yaoZGHAxS7?A-b/Ak5EyG8-yA4SzX/4St6gGArtIAs_APTAcLH7AF.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.205.7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / ASP.NET Resource Hash `2d45f10e1a6925e9500a4fb6e0223ce4ddfb492a914472ca8229fa01e3f94afa` Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://usmk.nzrwgp.cyou/df0fc7/Ik2H0UAtA_bAPsXrNhwAAubCs?JgA3c-gA-S/AwthAnqVaIMPPe0AE_/AAErXT2AA4?HbPN0AXt9lA Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 29 May 2024 15:24:17 GMT content-encoding br cf-cache-status DYNAMIC last-modified Sun, 12 May 2024 10:05:56 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"e54885fb53a4da1:0" x-powered-by ASP.NET vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PO3Hirpa0CDXjf%2B3Qt%2BG2KrVUGtBKHquYnoOd2Arjmq0eW%2F9CDtyDN1pUfSZTGVWXEFP4rmn3Rskgo2VhOGO9V73HjDlT4WqqgSgNiMVT9r5PJREusYANdOibp%2Buye7B2W%2B4"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cf-ray 88b77d883e871b36-FRA alt-svc h3=":443"; ma=86400
GET		34 usmk.nzrwgp.cyou/df0fc7/	0 0

GET		34 usmk.nzrwgp.cyou/df0fc7/	0 0

GET		34 usmk.nzrwgp.cyou/df0fc7/	0 0

GET		34 usmk.nzrwgp.cyou/df0fc7/	0 0

GET		34 usmk.nzrwgp.cyou/df0fc7/	0 0

GET		34 usmk.nzrwgp.cyou/df0fc7/	0 0

GET		34 usmk.nzrwgp.cyou/df0fc7/	0 0

GET		34 usmk.nzrwgp.cyou/df0fc7/	0 0

GET		34 usmk.nzrwgp.cyou/df0fc7/	0 0

GET		34 usmk.nzrwgp.cyou/df0fc7/	0 0

GET		34 usmk.nzrwgp.cyou/df0fc7/	0 0

GET		34 usmk.nzrwgp.cyou/df0fc7/	0 0

GET		34 usmk.nzrwgp.cyou/df0fc7/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: usmk.nzrwgp.cyou
URL: https://usmk.nzrwgp.cyou/df0fc7/34?JCaNcemAFaYA_6Jmm9a_gAPyAiLATnHLsAAeMI_i/Gv5WBAqETw_0XuJ7A/AT6kZEkr0OPEg8JcBEM1A4CAAAvW7MEDcAUW.css

Domain: usmk.nzrwgp.cyou
URL: https://usmk.nzrwgp.cyou/df0fc7/34?5CNJeLmAFYfA_6Vmm9ZScAJyAqLATnHWsAAeMI_g/VpuUfAtA_wzOXZXDA/AT6Fv5ZrADDEge0OOoT1AyiAAA8W7hETqA6o.svg

Domain: usmk.nzrwgp.cyou
URL: https://usmk.nzrwgp.cyou/df0fc7/34?CCRvTOmAFChA_6Fmm9TSYA5yA6LATnHCsAAeMI_4/8SZtUAHxiwTEX69SA/AT6rzl-rxrPEgOIwr_r1ASRAAAYW77EjTAvU.svg

Domain: usmk.nzrwgp.cyou
URL: https://usmk.nzrwgp.cyou/df0fc7/34?RChRaDmAFdgA_6jmm9K66AYyAOLATnHisAAeMI_1/3pwmHAIoSwz6Xeg8A/AT6dhDermgkEgG6c2_t1AuPAAAGW7EEDCAmU.svg

Domain: usmk.nzrwgp.cyou
URL: https://usmk.nzrwgp.cyou/df0fc7/34?MCDJbamAFlpA_6imm9NlaAeyAKLATnHesAAeMI_Y/4t634Akzmw3AXmrJA/AT60Zf7rzRdEgvaZlHF1AGZAAA7W7_Ez9AWw.svg

Domain: usmk.nzrwgp.cyou
URL: https://usmk.nzrwgp.cyou/df0fc7/34?ECNdflmAFTbA_6lmm9yd_A_yAZLATnHmsAAeMI_rxK/B7fADZ6wiKXHJWAAT/6GkIsruFYEgjJ8DJT1AbsAAAxW7AEDIA_W.svg

Domain: usmk.nzrwgp.cyou
URL: https://usmk.nzrwgp.cyou/df0fc7/34?TCsPYamAFiEA_6kmm9Cx2AryA_LATnH7sAAeMI_9p_F/1VAuAsw3lXSfsAAT6/8F3arfxQEg-U94071ABkAAAzW7VEDMAxU.svg

Domain: usmk.nzrwgp.cyou
URL: https://usmk.nzrwgp.cyou/df0fc7/34?kCV2WymAFUvA_6Mmm9nl2AFyApLATnH9sAAeMI_S/XZsrrALSgw5eXOO1A/AT6FLVtrSq5Eg0MHY7W1AISAAAIW7IEzoARj.png

Domain: usmk.nzrwgp.cyou
URL: https://usmk.nzrwgp.cyou/df0fc7/34?3CzFYZmAFBIA_6Fmm9y6pAuyArLATnHssAAeMI_b/xCr6TAAW7wfSXs9DA/AT6bNUgr0t9EgyMFycn1Au7AAA3W7uETNACA.png

Domain: usmk.nzrwgp.cyou
URL: https://usmk.nzrwgp.cyou/df0fc7/34?1CdkVOmAFv7A_6lmm9I3MAayA5LATnHhsAAeMI_C/WdhRsAsGiwqDXwQsA/AT6cxZDrMAMEgyjUJkk1AhLAAAQW7MEDoAnX.png

Domain: usmk.nzrwgp.cyou
URL: https://usmk.nzrwgp.cyou/df0fc7/34?5C-VU1mAF7GA_62mm9H5UAbyAnLATnH1sAAeMI_R/Wul4FAuI6wlKXmhfA/AT6UmlRrUzMEg9NJGHP1AtlAAAsW7PETTA7R.png

Domain: usmk.nzrwgp.cyou
URL: https://usmk.nzrwgp.cyou/df0fc7/34?5CTJfpmAF5WA_6Jmm937GA2yAPLATnH-sAAeMI_b/ThlsRA1KCw3AXx8MA/AT6VM_fr97dEgDazuQE1AKKAAAEW7BEDlAdY.png

Domain: usmk.nzrwgp.cyou
URL: https://usmk.nzrwgp.cyou/df0fc7/34?xCKfYMmAFcqA_6Dmm9ohFAtyA7LATnHssAAeMI_z/SKL7XA55jwfWXKhiA/AT6wit2rPMHEgPGJ57w1AZ7AAAqW7PEziAkr.png

Domain: usmk.nzrwgp.cyou
URL: https://usmk.nzrwgp.cyou/df0fc7/34?-CiEesmAFq_A_6vmm9b04AYyAhLATnHtsAAeMI_VsxoxGA/pWpw0-XtX1AAT6HwAs/rAuTEgjs3GZL1AKzAAACW7fEDmAjL.png

Domain: usmk.nzrwgp.cyou
URL: https://usmk.nzrwgp.cyou/df0fc7/34?TCCzazmAF_hA_69mm9W8XAbyAaLATnHXsAAeMI_gFr4g_A/9fTwtxXfLNAAT68hj/RrBbmEg8GVF1t1AP7AAAHW7-EjLAKV.png

Domain: usmk.nzrwgp.cyou
URL: https://usmk.nzrwgp.cyou/df0fc7/34?IC6HfSmAFlfA_6Ymm91UFAOyAJLATnHWsAAeMI_i/CCDyuAnpyw7DXUfoA/AT6DTIsr1lOEg2oycua1A18AAA6W74EjUAzE.png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: USPS (Transportation)

46 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
usmk.nzrwgp.cyou/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: xnbymvv0qyrmksylkkfdirio
usmk.nzrwgp.cyou/	1969-12-31 23:59:59	Name: RdStr Value: xnbymvv0qyrmksylkkfdirio
usmk.nzrwgp.cyou/	1970-01-20 20:56:39	Name: HasCheckClientInfoCookie Value: ae19357104ec72ba1f0719771ab750b1

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://usmk.nzrwgp.cyou/df0fc7/Iod56SPlAAABAbJ1ryA56yaoZGHAxS7?A-b/Ak5EyG8-yA4SzX/4St6gGArtIAs_APTAcLH7AF.js(Line 125) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-3.0.0.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://usmk.nzrwgp.cyou/df0fc7/Iod56SPlAAABAbJ1ryA56yaoZGHAxS7?A-b/Ak5EyG8-yA4SzX/4St6gGArtIAs_APTAcLH7AF.js(Line 125) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-3.0.0.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
usmk.nzrwgp.cyou
usmk.nzrwgp.cyou
172.67.205.7
2606:4700:3032::ac43:cd07
2a04:4e42::649
0b68e5b64999ab2e6d137a1886410cc9e8bed0b3863aacd838a3eb008f2bb516
266bcea0bb58b26aa5b16c5aee60d22ccc1ae9d67daeb21db6bad56119c3447d
2d45f10e1a6925e9500a4fb6e0223ce4ddfb492a914472ca8229fa01e3f94afa
34a3c185e0269cb9dc4c0ab13a9abf104b5656422c8cbab7e8cda689e61c5e93
4b5aaf0dc8f59e71849219fae0a225aeb3914bebcc363753f22b5713627b0094
4eea0024561238ba7b2c33f11e9122b0a1431095bd931bc8675b2b790fd012ef
58ad849f3ea489d0b2ee4f0dd1e4fd0b613a5248fd6b127a4479646ce4735593
67fbe8ef9020e5c776aadf6801a1fef8dc563e2e4dc9ddc740af8010c0c38943
87d11356a8f76ef3af3c6d46bc4958cf3746e9a5b69e81d1df952b274319f539
87f26b59587d5549f99b77e77519bf17b625c6a693931f54f62accac834e6ff1
896ede122b30232c4ceef0e0c6ecda8e2a68586d5f63c1def2d9bd528a2f2ff4
9685d6241f41ac71741d0ee9b242779f640cd3b1e64bb9bbcfb8798c5be503b2
a7d943ad938b415e24a1a577d86992bf1046b007df99d1adac6a51af926da708
b95f434286744e3dbaf5bc56f41d4ce2640da3038461502f7ac243a5931e9435
bb8206216bc3ec32298afaa8607498ab18c45fd1a8e675ff2019d4c7d09d6f8a
c8b13b10e28b6b420151db578831a416b7c1805d7672eeb57e69dc697fda1e27
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
cd24f3e6e19416f7b60e0d19ffcb35340ad8fb1f39b2acdee72072862b1dfdcd
edbb6a59137018b9a8229184aac04a2661787564cdf4484229bee96d7c11e771
faf2df4a94681db80bdb3b0c1108b19ed1a4dbcc7fb05859de784d0a8405acd4

usmk.nzrwgp.cyou Open in urlscan Pro 2606:4700:3032::ac43:cd07 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

37 Requests

57 %HTTPS

67 %IPv6

2 Domains

2 Subdomains

4 IPs

1 Countries

82 kBTransfer

374 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

37 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

46 JavaScript Global Variables

3 Cookies

2 Console Messages

Indicators

usmk.nzrwgp.cyou Open in urlscan Pro
2606:4700:3032::ac43:cd07 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

37
Requests

57 %
HTTPS

67 %
IPv6

2
Domains

2
Subdomains

4
IPs

1
Countries

82 kB
Transfer

374 kB
Size

3
Cookies

37 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!