pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev Open in urlscan Pro
2606:4700::6812:223 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev/thoraasa.html
Submission: On May 29 via manual (May 29th 2024, 7:26:26 am UTC) from HU — Scanned from CH

Summary HTTP 35 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 8 IPs in 2 countries across 6 domains to perform 35 HTTP transactions. The main IP is 2606:4700::6812:223, located in United States and belongs to CLOUDFLARENET, US. The main domain is pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev.
TLS certificate: Issued by E1 on April 5th 2024. Valid for: 3 months.

This is the only time pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: USAA (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	2606:4700::68... 2606:4700::6812:223	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	172.67.159.66 172.67.159.66	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1		() ()
15	172.66.44.203 172.66.44.203	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	152.199.19.160 152.199.19.160	15133 (EDGECAST) (EDGECAST)
1	104.17.25.14 104.17.25.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	172.66.47.53 172.66.47.53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
35	8

1 2606:4700::6812:223 (United States)

ASN13335 (CLOUDFLARENET, US)

pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.67.159.66 (United States)

ASN13335 (CLOUDFLARENET, US)

it3mak3.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 (None, )

ASN- ()

pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 172.66.44.203 (United States)

ASN13335 (CLOUDFLARENET, US)

sdsfsfsfs.pages.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 152.199.19.160 (United States)

ASN15133 (EDGECAST, US)

ajax.aspnetcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.25.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.66.47.53 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

sdsfsfsfs.pages.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	pages.dev 1 redirects sdsfsfsfs.pages.dev	437 KB
2	it3mak3.com it3mak3.com	114 KB
2	r2.dev pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev	866 B
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 237	5 KB
1	aspnetcdn.com ajax.aspnetcdn.com — Cisco Umbrella Rank: 2465	38 KB
0	usaa.com Failed content.usaa.com Failed
35	6

	Domain	Requested by
17	sdsfsfsfs.pages.dev	1 redirects pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev
2	it3mak3.com	pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev
2	pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev	it3mak3.com
1	cdnjs.cloudflare.com	pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev
1	ajax.aspnetcdn.com	pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev
0	content.usaa.com Failed	sdsfsfsfs.pages.dev
35	6

This site contains links to these domains. Also see Links.

Domain
www.usaa.com

Subject Issuer	Validity	Valid
*.r2.dev E1	`2024-04-05` - `2024-07-04`	3 months	crt.sh
it3mak3.com GTS CA 1P5	`2024-04-15` - `2024-07-14`	3 months	crt.sh
sdsfsfsfs.pages.dev E1	`2024-05-01` - `2024-07-30`	3 months	crt.sh
*.vo.msecnd.net DigiCert SHA2 Secure Server CA	`2024-01-30` - `2025-01-30`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev/thoraasa.html
Frame ID: 779992B64A2238BD93201C63BBBA41CC
Requests: 36 HTTP requests in this frame

Frame: https://sdsfsfsfs.pages.dev/files/a
Frame ID: CA3F017B8239770DE82515B4B9448B88
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Member Account Login | USAA

Detected technologies

React (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+data-react

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

35
Requests

63 %
HTTPS

14 %
IPv6

6
Domains

6
Subdomains

8
IPs

2
Countries

595 kB
Transfer

1826 kB
Size

0
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://www.usaa.com/
Title: USAA logo. Redirects to USAA home. USAA logo

Search URL Search Domain Scan URL

URL: https://www.usaa.com/join/get-started/
Title: Join USAA

Search URL Search Domain Scan URL

URL: https://www.usaa.com/inet/ent_proof/proofingEvent?action=Init&event=registration
Title: Register for access

Search URL Search Domain Scan URL

URL: https://www.usaa.com/inet/wc/security_center?0&wa_ref=logon_jump_security_center
Title: Security Center

Search URL Search Domain Scan URL

URL: https://www.usaa.com/privacy
Title: Privacy Center

Search URL Search Domain Scan URL

URL: https://www.usaa.com/inet/pages/accessibility_at_usaa_main?wa_ref=pub_subglobal_footer_accessibility
Title: Accessibility at USAA

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 21

https://sdsfsfsfs.pages.dev/files/a.html HTTP 308
https://sdsfsfsfs.pages.dev/files/a

35 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request thoraasa.html Show response
pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev/ 557 B
866 B 349ms
258ms Document
text/html 2606:4700::6812:223
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev/thoraasa.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:223 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bd957daca95a8fcbed22dd4cc14ccbc70404aab577c0ba25d21b037411508ecd

Request headers

Accept-Language: de-CH,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Accept-Ranges: bytes
CF-RAY: 88b4c17029fcb77f-AMS
Connection: keep-alive
Content-Length: 557
Content-Type: text/html
Date: Wed, 29 May 2024 07:26:20 GMT
ETag: "02981f51f49585f4324de13acb2bbae5"
Last-Modified: Tue, 28 May 2024 08:24:48 GMT
Server: cloudflare
Vary: Accept-Encoding

GET
H3 200 jquery.js Show response
it3mak3.com/secure7/ 284 KB
84 KB 142ms
77ms Script
text/javascript 172.67.159.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://it3mak3.com/secure7/jquery.js
Requested by: Host: pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev
URL: https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev/thoraasa.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.159.66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f2a84bc4f4cb8ae04162f42f1f3ebed1e05725d9b5bf666b885356c7698a071f

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev/
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 07:26:20 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Tue, 28 May 2024 02:43:33 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mFSzpxMZgE8bU0IeM4jAjpNku2vC2cGWlYOxg3vuQCdzwu5n79pW3USQiwxjxIr7TExP4V0ePy%2BiwZL%2B%2Fo2okKuHjPuzOmZ5uq8f%2BzaynJA%2FxEYjE%2FGTDwPkptfchA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=14400
cf-ray: 88b4c1723d263649-FRA
alt-svc: h3=":443"; ma=86400

GET
H3 200 basic.js Show response
it3mak3.com/secure7/ 87 KB
30 KB 120ms
56ms Script
text/javascript 172.67.159.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://it3mak3.com/secure7/basic.js
Requested by: Host: pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev
URL: https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev/thoraasa.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.159.66 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d384a06075aec35eb7e7bb10f1beda8d8373514357ed8c1a618cd5839e63ef5d

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev/
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 07:26:20 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Tue, 28 May 2024 02:43:22 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8lbmTxqUuMT%2FxN3FIPx20CogqBa2ajqzhx4isBmV5SgF6DrAix6P7wbwxBoSL9fu9O7dSVgzku2JOhMFUaWTBp2U2iZryYRmquLxL0TGc5zpmp7j%2BvkgrgD3IgVBcw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=14400
cf-ray: 88b4c1723d283649-FRA
alt-svc: h3=":443"; ma=86400

GET
BLOB 200
OK 9607f7fb-ea3b-4b06-a409-1fa80d0f913a Show response
https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev/ 65 KB
0 Document
text/html

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev/9607f7fb-ea3b-4b06-a409-1fa80d0f913a
Requested by: Host: it3mak3.com
URL: https://it3mak3.com/secure7/basic.js
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8b5889431730aa313eea3401445ce0990e1db03ec784090fd999a1402a30557b

Request headers

Accept-Language: de-CH,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Content-Length: 66519
Content-Type: text/html

GET favicon.ico
pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev/ 0
0

GET
H3 404 tag.js
sdsfsfsfs.pages.dev/files/ 0
0 111ms
64ms Script
text/plain 172.66.44.203
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sdsfsfsfs.pages.dev/files/tag.js
Requested by: Host: pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev
URL: blob:https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev/9607f7fb-ea3b-4b06-a409-1fa80d0f913a
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.66.44.203 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 07:26:20 GMT
referrer-policy: strict-origin-when-cross-origin
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rZ%2BXWIcYMXORYG1v5Ei26E6xAFd5d2AenvZHcE7sYrG%2BmOYuytyrQYpxjUeu%2FCrzBA9g%2FD3k4%2BH0PlIzG5A%2F5KqKLrukCmVesQCxYzEgLxQh0bDx9g6SgpmWKH3oeX7ovPD1hs1U"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cache-control: no-store
cf-ray: 88b4c17379a84c3a-MXP
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 200 linkid.js Show response
sdsfsfsfs.pages.dev/files/ 2 KB
1 KB 224ms
178ms Script
application/javascript 172.66.44.203
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sdsfsfsfs.pages.dev/files/linkid.js

Requested by

Host: pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev
URL: blob:https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev/9607f7fb-ea3b-4b06-a409-1fa80d0f913a

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.44.203 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 07:26:20 GMT
content-encoding: br
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"62b17de4acdbadbf88db0e117c063392"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=14tOvOqfQOg%2BxR57%2BG2QhWpFIZHv0cEND5ZxfxFvy0kAKQcV%2BJ3H4oj8EMRbIT%2F%2B88qgBo1lf4d5Ir%2BtmycPtSz7mq1idgF0ixv%2Fb4dF2FT8gWhqZeVAuhvDTidpqLgU20kgijw0"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 88b4c17379a94c3a-MXP
alt-svc: h3=":443"; ma=86400

GET
H3 200 analytics.js Show response
sdsfsfsfs.pages.dev/files/ 49 KB
21 KB 118ms
117ms Script
application/javascript 172.66.44.203
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sdsfsfsfs.pages.dev/files/analytics.js

Requested by

Host: pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev
URL: blob:https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev/9607f7fb-ea3b-4b06-a409-1fa80d0f913a

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.44.203 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 07:26:20 GMT
content-encoding: br
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"211ef6eac473f7f2ae6b2f14cf64cb42"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bZu9Gq42v99uvA2WEWMKyvkbUM5fSvEGNaOujwSG%2F2fFr6HVEqBtE6sX00%2FnUxbZYZn9bvz8KrBWnkZWF3WKni9XWsSkWjAWc2r%2FK59diVpMdktKYkX7vjBo3kGS5EIkiF7ZF3me"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 88b4c173ea4c4c3a-MXP
alt-svc: h3=":443"; ma=86400

GET
H3 200 ent-unified-logon-web.562afa512e4a38e235af.css
sdsfsfsfs.pages.dev/files/ 105 KB
19 KB 227ms
180ms Stylesheet
text/css 172.66.44.203
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sdsfsfsfs.pages.dev/files/ent-unified-logon-web.562afa512e4a38e235af.css

Requested by

Host: pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev
URL: blob:https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev/9607f7fb-ea3b-4b06-a409-1fa80d0f913a

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.44.203 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f426675307979177d431528d09aef43dd4979d5c52b64c8310432769c54d12a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 07:26:20 GMT
content-encoding: br
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"d10e33d84e6534da954ebf7287adf3df"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1e0kWdtmXRLSfgh5oqUZ2hqW%2BjBWmXAfVPJzd6dL%2FTBePvXaA2vrrATzFozRmWI%2F6Yjl34rpDqH60tsvsChWSoE2OIfnfMju8VFRajxG8dEx2PKBhxP%2F%2BnylTLGEj4qnhvRJx1gQ"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 88b4c17379af4c3a-MXP
alt-svc: h3=":443"; ma=86400

GET
H3 404 utag.js
sdsfsfsfs.pages.dev/files/ 0
0 119ms
119ms Script
text/plain 172.66.44.203
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sdsfsfsfs.pages.dev/files/utag.js
Requested by: Host: pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev
URL: blob:https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev/9607f7fb-ea3b-4b06-a409-1fa80d0f913a
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.66.44.203 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 07:26:20 GMT
referrer-policy: strict-origin-when-cross-origin
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pDGl4bMCcF9PaLFuc78ssM09OdSb2igiosSSrzJ7XcDa2uaq8e0Q%2FSxYO47MdQM2OfQxWlkiT2ogKOb3qMc%2BrstUTs2RSCxI2lsAxAYW%2B8QmHq8uB%2Bg1Ye8m9hUo7DJCSJ5FXz2s"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cache-control: no-store
cf-ray: 88b4c173ea534c3a-MXP
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 200 ent-unified-logon-web.js Show response
sdsfsfsfs.pages.dev/files/ 273 B
633 B 119ms
119ms Script
application/javascript 172.66.44.203
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sdsfsfsfs.pages.dev/files/ent-unified-logon-web.js

Requested by

Host: pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev
URL: blob:https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev/9607f7fb-ea3b-4b06-a409-1fa80d0f913a

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.44.203 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

12823479e57e579d5eb7af45a060336db24bfb84bf0af53a1099d6ca016973f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 07:26:20 GMT
content-encoding: br
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"4c995d16f192388a2f58a2d9acc7d8f2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FnDwmYPkuDGLnJ54VH%2FK4WXySwLiXNqyWrJ9F%2BQ0v660VyahYUWZ27ypqm%2FLL9uRHEb8rJSWDzLTReIkbqVPLSh4n9lsL3ZpVc4yAuK9YEfzqczrnCN7eTbct6BZ0jhZAHDkSM70"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 88b4c173ea574c3a-MXP
alt-svc: h3=":443"; ma=86400

GET
H3 404 utag.318.js
sdsfsfsfs.pages.dev/files/ 0
0 120ms
120ms Script
text/plain 172.66.44.203
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sdsfsfsfs.pages.dev/files/utag.318.js
Requested by: Host: pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev
URL: blob:https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev/9607f7fb-ea3b-4b06-a409-1fa80d0f913a
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.66.44.203 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 07:26:20 GMT
referrer-policy: strict-origin-when-cross-origin
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=saYjlCHwojbAjvnY46WRfEV8eDZSlw8aa8bUEr%2BDvHh7%2FrYlySYCCgjMBRstUieTfDh4UyK%2FrEJcwWtgFcro2q55q2brDYhunS3fYo7lv6r%2BDMfJu3ZjqmHY4iFu8kVeVJWb6FqK"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cache-control: no-store
cf-ray: 88b4c173ea5a4c3a-MXP
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 404 utag.272.js
sdsfsfsfs.pages.dev/files/ 0
0 120ms
120ms Script
text/plain 172.66.44.203
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sdsfsfsfs.pages.dev/files/utag.272.js
Requested by: Host: pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev
URL: blob:https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev/9607f7fb-ea3b-4b06-a409-1fa80d0f913a
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.66.44.203 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 07:26:20 GMT
referrer-policy: strict-origin-when-cross-origin
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lq8rvgKK9t9juUCyfJrppRDQWGIinAL0yT6dcoaYFPyxG7NUSojW0y21G3Nup82A0vylUkEMriu2hy%2Fxw64R5vQbW9p%2FqPnJ%2BXkpPBxpESZFYY3Quo18%2BneErRDCAz33xvqmizz%2B"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cache-control: no-store
cf-ray: 88b4c173ea5d4c3a-MXP
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 404 utag.233.js
sdsfsfsfs.pages.dev/files/ 0
0 121ms
120ms Script
text/plain 172.66.44.203
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sdsfsfsfs.pages.dev/files/utag.233.js
Requested by: Host: pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev
URL: blob:https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev/9607f7fb-ea3b-4b06-a409-1fa80d0f913a
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.66.44.203 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 07:26:20 GMT
referrer-policy: strict-origin-when-cross-origin
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F9yVpNEYVow0p%2B6WqjUTf8Y%2BXkmb%2FDUaL0jTKPWcyqB0RSVinrWr7L24XmY3FBz5zVaDROWf2%2FB7CcWuAbK9HfpC2PfuL128KHDIliNI2I6ULSOcCAGv0TyogkRY4yX6GOX%2B7xVV"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cache-control: no-store
cf-ray: 88b4c173ea614c3a-MXP
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 404 utag.288.js
sdsfsfsfs.pages.dev/files/ 0
0 121ms
121ms Script
text/plain 172.66.44.203
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sdsfsfsfs.pages.dev/files/utag.288.js
Requested by: Host: pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev
URL: blob:https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev/9607f7fb-ea3b-4b06-a409-1fa80d0f913a
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.66.44.203 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 07:26:20 GMT
referrer-policy: strict-origin-when-cross-origin
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vICN%2Bb2Y2uLmoIuIec9mq7UYGXCIKhznpaObjZxEWDzKMHE4cFceq%2BRDHYFdqzQSwh5NZisLwaKpCWsBXN8ZwWT56wMusF2TZJukvctSggy2uKXTdw1wSKy8kWxDc3nMxpwiR5Pf"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cache-control: no-store
cf-ray: 88b4c173ea644c3a-MXP
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 404 utag.417.js
sdsfsfsfs.pages.dev/files/ 0
0 121ms
121ms Script
text/plain 172.66.44.203
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sdsfsfsfs.pages.dev/files/utag.417.js
Requested by: Host: pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev
URL: blob:https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev/9607f7fb-ea3b-4b06-a409-1fa80d0f913a
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.66.44.203 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 07:26:20 GMT
referrer-policy: strict-origin-when-cross-origin
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q8W7SFWjO7owtEqvkJL2jJaVPiBtDyaMGLCraMfSHFXTug%2Fmz2brfPB6Mpm9GNW%2B4jdqzoDHbGUUtphjd%2FYbgT8qHCMsq9WAjF87wPkItdf9E%2FUhJ5KaFP8a3rNsuVje3HrgSqua"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cache-control: no-store
cf-ray: 88b4c173ea684c3a-MXP
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 404 utag.327.js
sdsfsfsfs.pages.dev/files/ 0
0 122ms
121ms Script
text/plain 172.66.44.203
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sdsfsfsfs.pages.dev/files/utag.327.js
Requested by: Host: pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev
URL: blob:https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev/9607f7fb-ea3b-4b06-a409-1fa80d0f913a
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.66.44.203 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 07:26:20 GMT
referrer-policy: strict-origin-when-cross-origin
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hBXqrfR9BAD329l5Mr98PrhOEUYbNA11V1a8ycet%2FsbNiYx6PW%2FJaUWtsOcVeikhNY%2BTIuFj7K3dYFIIETmgFuI4YaP6FUAxwxHrZ1GOgJo8BBER93tnCGK5LFJENh0TlSchR7Ih"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cache-control: no-store
cf-ray: 88b4c173ea6b4c3a-MXP
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 404 react!react-dom.min.js
sdsfsfsfs.pages.dev/files/ 0
0 117ms
71ms Script
text/plain 172.66.44.203
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sdsfsfsfs.pages.dev/files/react!react-dom.min.js
Requested by: Host: pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev
URL: blob:https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev/9607f7fb-ea3b-4b06-a409-1fa80d0f913a
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.66.44.203 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 07:26:20 GMT
referrer-policy: strict-origin-when-cross-origin
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eIHIOuXjx0N1Jemef4%2BI%2BHetJNM%2BTvsDbqjVXNwLBfuHZywjD%2BQSqVX24PotY39yWddhGUQGq659prA4oQt7LZUA3dqmH5JlI2Cm8KDiY0k6rzUMkefqBX6htdN3huoGvGW1XIJh"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cache-control: no-store
cf-ray: 88b4c17379a64c3a-MXP
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 200 ent-unified-logon-web.ec39118119936b90266f.js Show response
sdsfsfsfs.pages.dev/files/ 925 KB
203 KB 130ms
84ms Script
application/javascript 172.66.44.203
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sdsfsfsfs.pages.dev/files/ent-unified-logon-web.ec39118119936b90266f.js

Requested by

Host: pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev
URL: blob:https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev/9607f7fb-ea3b-4b06-a409-1fa80d0f913a

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.44.203 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef0b9dd38994625b89c173b39924691ff6e38fd2dbd1b2f2f178db36a22a5577

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 07:26:20 GMT
content-encoding: br
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"4ea0b1ea9a8a1336022ed3ff91f2c6fb"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v5PXhD%2F%2BRdeqC81HBoIvFXkaTzzkEOl7baUjalJDNEfuGS%2Bdc9HRJWR5zP2xWeriBFXu7sHRPeN6MxVlksAAM9UCPA6%2BJq39LSFlX9pOH5qPaH1fXr1%2FFJ5AySSWirilwjtpUgsS"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 88b4c17379a44c3a-MXP
alt-svc: h3=":443"; ma=86400

GET
H3 200 MfAjsB Show response
sdsfsfsfs.pages.dev/files/ 191 KB
192 KB 120ms
74ms Script
application/octet-stream 172.66.44.203
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sdsfsfsfs.pages.dev/files/MfAjsB

Requested by

Host: pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev
URL: blob:https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev/9607f7fb-ea3b-4b06-a409-1fa80d0f913a

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.44.203 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6a9384bc8a102c2a5028d05506f54d1f56ebee75b1642fdf2e053dc8d8bc924d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 07:26:20 GMT
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: "c4db7a5443cb20ee66cd0bb839bf201b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x5aUCD3WtNpJRRHepg8v%2FMdiuBlRmdcoaAY9zYyZBGR3Voz2o2QYRdnBxSFWvbCE13TSN%2B%2FWMLldlRjLCCdU1KI1ZbYFnWSdr5kbmqmrBYItTALphp4VRjHbIROaCPrbCySgV2jQ"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
cf-ray: 88b4c17379a74c3a-MXP
alt-svc: h3=":443"; ma=86400
content-length: 195950

GET
H2 200 jquery-3.3.1.min.js Show response
ajax.aspnetcdn.com/ajax/jQuery/ 85 KB
38 KB 97ms
22ms Script
application/javascript 152.199.19.160
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.3.1.min.js

Requested by

Host: pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev
URL: blob:https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev/9607f7fb-ea3b-4b06-a409-1fa80d0f913a

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.160 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (muc/331F) /

Resource Hash

160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 07:26:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5634479
x-cache: HIT
content-length: 38892
x-xss-protection: 1; mode=block
last-modified: Mon, 22 Jan 2018 19:27:49 GMT
server: ECAcc (muc/331F)
etag: "af301a17b793d31:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
timing-allow-origin: *

GET
H3 200 jquery.mask.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/ 20 KB
5 KB 73ms
46ms Script
application/javascript 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jquery.mask.js

Requested by

Host: pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev
URL: blob:https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev/9607f7fb-ea3b-4b06-a409-1fa80d0f913a

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language: de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 29 May 2024 07:26:20 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 555202
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 4517
last-modified: Mon, 04 May 2020 16:11:47 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec3-4e98"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Eo6HTbdWyYs6X8mgo6ojsC79gIi2SWnYT19CLi42ubBfo7vzEc9jK6MU19gegxqPYrIwfqqeRVnDID0hlGh0%2FI3E2xCeMaYU%2Fa0hN5U53KEzk1lAeI%2BQXytd4Qj8sT9MQag0dV3F"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 88b4c1736ed30e7b-MXP
expires: Mon, 19 May 2025 07:26:20 GMT

GET
H3

200

a
sdsfsfsfs.pages.dev/files/ Frame CA3F
Redirect Chain

https://sdsfsfsfs.pages.dev/files/a.html
https://sdsfsfsfs.pages.dev/files/a

0
0

62ms
62ms

Document
text/html

172.66.47.53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sdsfsfsfs.pages.dev/files/a

Requested by

Host: pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev
URL: blob:https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev/9607f7fb-ea3b-4b06-a409-1fa80d0f913a

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.47.53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-CH,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=0, must-revalidate
cf-ray: 88b4c173e830bac9-MXP
content-encoding: br
content-type: text/html; charset=utf-8
date: Wed, 29 May 2024 07:26:20 GMT
etag: W/"0c29a7704d3fb52b02ff9ca9bc77430c"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tqKurUJBbQfhZXz0IFGy71A2CteSg6BSX9y7CmMYm4YGPoIxH4gcKZj1utTB%2BVlHTCgTOdh6Dveiawxhx3eSl9lB7C3wQrpjIWsNn6P0AH8yAJrEKKpG%2FwhMciC6hrJ7z%2B8ynobp"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-content-type-options: nosniff

Redirect headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
cf-ray: 88b4c1738fbcbac9-MXP
content-length: 0
date: Wed, 29 May 2024 07:26:20 GMT
location: /files/a
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3DNhVsZvBV93fYMLYtIralod6MidRr6e18tt0SikDd9hr0sP%2BM9vArlY2dtOSMuyuwiqwYr1CKQ5VYOLr3dlgp7p1B8dNlQMT9%2BMJBsiVzQ6DQMXShlcAh1gF6Qv%2BdLyGf8TTWov"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
DATA 200
OK truncated
/ 12 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ddb4133f601fa817524466b7bad394bb2330decf57c99762ba9c2cbd34e9e0e2

Request headers

Accept-Language: de-CH,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 155 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ceec846322efec91a63ccd7c7d369661a99347961bc00e4396d528d9b080f31c

Request headers

Accept-Language: de-CH,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf8

GET 9C7F15704715916A9.woff2
content.usaa.com/mcontent/static_assets/Fonts/ 0
0

GET E83D71A074DF776F4.woff2
content.usaa.com/mcontent/static_assets/Fonts/ 0
0

GET F68DD4439278D0467.woff2
content.usaa.com/mcontent/static_assets/Fonts/ 0
0

GET 12C383965421BC56F.woff2
content.usaa.com/mcontent/static_assets/Fonts/ 0
0

GET 9ECBC8FFB535D0532.woff2
content.usaa.com/mcontent/static_assets/Fonts/ 0
0

GET C1B705B7AD8D5B4C6.woff2
content.usaa.com/mcontent/static_assets/Fonts/ 0
0

GET 9ECBC8FFB535D0532.woff
content.usaa.com/mcontent/static_assets/Fonts/ 0
0

GET C1B705B7AD8D5B4C6.woff
content.usaa.com/mcontent/static_assets/Fonts/ 0
0

GET 12C383965421BC56F.woff
content.usaa.com/mcontent/static_assets/Fonts/ 0
0

GET F68DD4439278D0467.woff
content.usaa.com/mcontent/static_assets/Fonts/ 0
0

GET E83D71A074DF776F4.woff
content.usaa.com/mcontent/static_assets/Fonts/ 0
0

GET 9C7F15704715916A9.woff
content.usaa.com/mcontent/static_assets/Fonts/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev
URL: https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev/favicon.ico

Domain: content.usaa.com
URL: https://content.usaa.com/mcontent/static_assets/Fonts/9C7F15704715916A9.woff2

Domain: content.usaa.com
URL: https://content.usaa.com/mcontent/static_assets/Fonts/E83D71A074DF776F4.woff2

Domain: content.usaa.com
URL: https://content.usaa.com/mcontent/static_assets/Fonts/F68DD4439278D0467.woff2

Domain: content.usaa.com
URL: https://content.usaa.com/mcontent/static_assets/Fonts/12C383965421BC56F.woff2

Domain: content.usaa.com
URL: https://content.usaa.com/mcontent/static_assets/Fonts/9ECBC8FFB535D0532.woff2

Domain: content.usaa.com
URL: https://content.usaa.com/mcontent/static_assets/Fonts/C1B705B7AD8D5B4C6.woff2

Domain: content.usaa.com
URL: https://content.usaa.com/mcontent/static_assets/Fonts/9ECBC8FFB535D0532.woff

Domain: content.usaa.com
URL: https://content.usaa.com/mcontent/static_assets/Fonts/C1B705B7AD8D5B4C6.woff

Domain: content.usaa.com
URL: https://content.usaa.com/mcontent/static_assets/Fonts/12C383965421BC56F.woff

Domain: content.usaa.com
URL: https://content.usaa.com/mcontent/static_assets/Fonts/F68DD4439278D0467.woff

Domain: content.usaa.com
URL: https://content.usaa.com/mcontent/static_assets/Fonts/E83D71A074DF776F4.woff

Domain: content.usaa.com
URL: https://content.usaa.com/mcontent/static_assets/Fonts/9C7F15704715916A9.woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: USAA (Banking)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

34 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://sdsfsfsfs.pages.dev/files/tag.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://sdsfsfsfs.pages.dev/files/react!react-dom.min.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://sdsfsfsfs.pages.dev/files/utag.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://sdsfsfsfs.pages.dev/files/utag.318.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://sdsfsfsfs.pages.dev/files/utag.272.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://sdsfsfsfs.pages.dev/files/utag.233.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://sdsfsfsfs.pages.dev/files/utag.288.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://sdsfsfsfs.pages.dev/files/utag.417.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://sdsfsfsfs.pages.dev/files/utag.327.js Message: Failed to load resource: the server responded with a status of 404 ()
security	error	URL: blob:https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev/9607f7fb-ea3b-4b06-a409-1fa80d0f913a Message: Refused to execute script from 'https://sdsfsfsfs.pages.dev/files/MfAjsB' because its MIME type ('application/octet-stream') is not executable, and strict MIME type checking is enabled.
javascript	error	URL: blob:https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev/9607f7fb-ea3b-4b06-a409-1fa80d0f913a Message: Access to font at 'https://content.usaa.com/mcontent/static_assets/Fonts/9ECBC8FFB535D0532.woff2' from origin 'https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://content.usaa.com/mcontent/static_assets/Fonts/9ECBC8FFB535D0532.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: blob:https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev/9607f7fb-ea3b-4b06-a409-1fa80d0f913a Message: Access to font at 'https://content.usaa.com/mcontent/static_assets/Fonts/C1B705B7AD8D5B4C6.woff2' from origin 'https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://content.usaa.com/mcontent/static_assets/Fonts/C1B705B7AD8D5B4C6.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: blob:https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev/9607f7fb-ea3b-4b06-a409-1fa80d0f913a Message: Access to font at 'https://content.usaa.com/mcontent/static_assets/Fonts/12C383965421BC56F.woff2' from origin 'https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://content.usaa.com/mcontent/static_assets/Fonts/12C383965421BC56F.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: blob:https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev/9607f7fb-ea3b-4b06-a409-1fa80d0f913a Message: Access to font at 'https://content.usaa.com/mcontent/static_assets/Fonts/F68DD4439278D0467.woff2' from origin 'https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://content.usaa.com/mcontent/static_assets/Fonts/F68DD4439278D0467.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: blob:https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev/9607f7fb-ea3b-4b06-a409-1fa80d0f913a Message: Access to font at 'https://content.usaa.com/mcontent/static_assets/Fonts/E83D71A074DF776F4.woff2' from origin 'https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://content.usaa.com/mcontent/static_assets/Fonts/E83D71A074DF776F4.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: blob:https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev/9607f7fb-ea3b-4b06-a409-1fa80d0f913a Message: Access to font at 'https://content.usaa.com/mcontent/static_assets/Fonts/9C7F15704715916A9.woff2' from origin 'https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://content.usaa.com/mcontent/static_assets/Fonts/9C7F15704715916A9.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: blob:https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev/9607f7fb-ea3b-4b06-a409-1fa80d0f913a Message: Access to font at 'https://content.usaa.com/mcontent/static_assets/Fonts/9ECBC8FFB535D0532.woff' from origin 'https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://content.usaa.com/mcontent/static_assets/Fonts/9ECBC8FFB535D0532.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: blob:https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev/9607f7fb-ea3b-4b06-a409-1fa80d0f913a Message: Access to font at 'https://content.usaa.com/mcontent/static_assets/Fonts/C1B705B7AD8D5B4C6.woff' from origin 'https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://content.usaa.com/mcontent/static_assets/Fonts/C1B705B7AD8D5B4C6.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: blob:https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev/9607f7fb-ea3b-4b06-a409-1fa80d0f913a Message: Access to font at 'https://content.usaa.com/mcontent/static_assets/Fonts/F68DD4439278D0467.woff' from origin 'https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://content.usaa.com/mcontent/static_assets/Fonts/F68DD4439278D0467.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: blob:https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev/9607f7fb-ea3b-4b06-a409-1fa80d0f913a Message: Access to font at 'https://content.usaa.com/mcontent/static_assets/Fonts/12C383965421BC56F.woff' from origin 'https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://content.usaa.com/mcontent/static_assets/Fonts/12C383965421BC56F.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: blob:https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev/9607f7fb-ea3b-4b06-a409-1fa80d0f913a Message: Access to font at 'https://content.usaa.com/mcontent/static_assets/Fonts/9C7F15704715916A9.woff' from origin 'https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://content.usaa.com/mcontent/static_assets/Fonts/9C7F15704715916A9.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: blob:https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev/9607f7fb-ea3b-4b06-a409-1fa80d0f913a Message: Access to font at 'https://content.usaa.com/mcontent/static_assets/Fonts/E83D71A074DF776F4.woff' from origin 'https://pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://content.usaa.com/mcontent/static_assets/Fonts/E83D71A074DF776F4.woff Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.aspnetcdn.com
cdnjs.cloudflare.com
content.usaa.com
it3mak3.com
pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev
sdsfsfsfs.pages.dev
content.usaa.com
pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev

104.17.25.14
152.199.19.160
172.66.44.203
172.66.47.53
172.67.159.66
2606:4700::6812:223
12823479e57e579d5eb7af45a060336db24bfb84bf0af53a1099d6ca016973f2
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
6a9384bc8a102c2a5028d05506f54d1f56ebee75b1642fdf2e053dc8d8bc924d
8b5889431730aa313eea3401445ce0990e1db03ec784090fd999a1402a30557b
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
bd957daca95a8fcbed22dd4cc14ccbc70404aab577c0ba25d21b037411508ecd
be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44
ceec846322efec91a63ccd7c7d369661a99347961bc00e4396d528d9b080f31c
d384a06075aec35eb7e7bb10f1beda8d8373514357ed8c1a618cd5839e63ef5d
ddb4133f601fa817524466b7bad394bb2330decf57c99762ba9c2cbd34e9e0e2
ef0b9dd38994625b89c173b39924691ff6e38fd2dbd1b2f2f178db36a22a5577
f2a84bc4f4cb8ae04162f42f1f3ebed1e05725d9b5bf666b885356c7698a071f
f426675307979177d431528d09aef43dd4979d5c52b64c8310432769c54d12a0

pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev Open in urlscan Pro 2606:4700::6812:223 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

35 Requests

63 %HTTPS

14 %IPv6

6 Domains

6 Subdomains

8 IPs

2 Countries

595 kBTransfer

1826 kBSize

0 Cookies

6 Outgoing links

Redirected requests

35 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

10 JavaScript Global Variables

0 Cookies

34 Console Messages

Indicators

pub-b75dc1ab4ec742a5aba7f6e6bbc0960a.r2.dev Open in urlscan Pro
2606:4700::6812:223 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

35
Requests

63 %
HTTPS

14 %
IPv6

6
Domains

6
Subdomains

8
IPs

2
Countries

595 kB
Transfer

1826 kB
Size

0
Cookies

35 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!