roninchat.pages.dev Open in urlscan Pro
172.66.44.195 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://roninchat.pages.dev/import-account/
Effective URL:
https://roninchat.pages.dev/import-account/
Submission: On October 24 via api (October 24th 2024, 6:21:54 am UTC) from LU — Scanned from DE

Summary HTTP 21 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 7 domains to perform 21 HTTP transactions. The main IP is 172.66.44.195, located in United States and belongs to CLOUDFLARENET, US. The main domain is roninchat.pages.dev.
TLS certificate: Issued by WE1 on September 30th 2024. Valid for: 3 months.

This is the only time roninchat.pages.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
4 17	172.66.44.195 172.66.44.195	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a00:1450:400... 2a00:1450:4001:802::2008	15169 (GOOGLE) (GOOGLE)
1	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1 1	142.250.184.226 142.250.184.226	15169 (GOOGLE) (GOOGLE)
1 1	142.250.185.196 142.250.185.196	15169 (GOOGLE) (GOOGLE)
1	172.217.18.99 172.217.18.99	15169 (GOOGLE) (GOOGLE)
21	5

17 172.66.44.195 (United States) 4 redirects

ASN13335 (CLOUDFLARENET, US)

roninchat.pages.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:802::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.226 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.196 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.18.99 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s42-in-f3.1e100.net

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	pages.dev 4 redirects roninchat.pages.dev	123 KB
5	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	343 KB
1	google.de www.google.de — Cisco Umbrella Rank: 11271	64 B
1	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 3	24 B
1	doubleclick.net 1 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 42	22 B
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 3643
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 89	3 KB
21	7

	Domain	Requested by
17	roninchat.pages.dev	4 redirects roninchat.pages.dev
5	www.googletagmanager.com	roninchat.pages.dev www.googletagmanager.com
1	www.google.de	roninchat.pages.dev
1	www.google.com	1 redirects
1	googleads.g.doubleclick.net	1 redirects
1	region1.google-analytics.com	www.googletagmanager.com
1	www.googleadservices.com	www.googletagmanager.com
21	7

This site contains no links.

Subject Issuer	Validity	Valid
roninchat.pages.dev WE1	`2024-09-30` - `2024-12-29`	3 months	crt.sh
*.google-analytics.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
*.googleadservices.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://roninchat.pages.dev/import-account/
Frame ID: 9EB3224A40B4183848D9DBE0B0A9DF54
Requests: 20 HTTP requests in this frame

Frame: https://www.googletagmanager.com/static/service_worker/4al0/sw_iframe.html?origin=https%3A%2F%2Froninchat.pages.dev
Frame ID: 549A7A8231640B488DEF49E58BC614D7
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Ronin

Page URL History Show full URLs

http://roninchat.pages.dev/import-account/ HTTP 307
https://roninchat.pages.dev/import-account/ Page URL
https://roninchat.pages.dev/cdn-cgi/phish-bypass?atok=t4LGQx04IuP_HctUwQm028Cp.JLUdsN0nL9jOT1pTWE-172975... HTTP 301
https://roninchat.pages.dev/import-account/ Page URL

Detected technologies

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

21
Requests

81 %
HTTPS

29 %
IPv6

7
Domains

7
Subdomains

5
IPs

2
Countries

468 kB
Transfer

1955 kB
Size

5
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://roninchat.pages.dev/import-account/ HTTP 307
https://roninchat.pages.dev/import-account/ Page URL
https://roninchat.pages.dev/cdn-cgi/phish-bypass?atok=t4LGQx04IuP_HctUwQm028Cp.JLUdsN0nL9jOT1pTWE-1729750904-0.0.1.1-%2Fimport-account%2F HTTP 301
https://roninchat.pages.dev/import-account/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://roninchat.pages.dev/import-account/ HTTP 307
https://roninchat.pages.dev/import-account/

Request Chain 9

https://roninchat.pages.dev/fonts/Inter-Regular.html HTTP 308
https://roninchat.pages.dev/fonts/Inter-Regular

Request Chain 11

https://roninchat.pages.dev/fonts/Inter-Bold.html HTTP 308
https://roninchat.pages.dev/fonts/Inter-Bold

Request Chain 12

https://roninchat.pages.dev/fonts/Inter-SemiBold.html HTTP 308
https://roninchat.pages.dev/fonts/Inter-SemiBold

Request Chain 18

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/306974076/?random=1582191409&cv=11&fst=1729750910044&bg=ffffff&guid=ON&async=1&gtm=45be4al0za200zb852899156&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101686685~101794737~101823848&u_w=1600&u_h=1200&url=https%3A%2F%2Froninchat.pages.dev%2Fimport-account%2F&ref=https%3A%2F%2Froninchat.pages.dev%2Fimport-account%2F&label=T7bICOT7kfECEPyasJIB&hn=www.googleadservices.com&frm=0&tiba=Ronin&gtm_ee=1&npa=1&pscdl=noapi&auid=445596988.1729750910&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=CA&capi=1&data=event%3Dconversion&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECSid0cmlnZ2VyLCBldmVudC1zb3VyY2U7bmF2aWdhdGlvbi1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMIwIqzpLCmiQMVRImDBx0eWx_XMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhxodHRwczovL3JvbmluY2hhdC5wYWdlcy5kZXYvQlhDaEVJOEwzaXVBWVFxc0h4b1BpNTlabnlBUkl0QUlYRVI0WUZKWEkxRTUxaTdERzJBMHFhVU1wY0QtQkI2d0c3dDJjOFlJWlM1T1Z2cDJyOXB5NWZSeFUt HTTP 302
https://www.google.com/pagead/1p-conversion/306974076/?random=1582191409&cv=11&fst=1729750910044&bg=ffffff&guid=ON&async=1&gtm=45be4al0za200zb852899156&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101686685~101794737~101823848&u_w=1600&u_h=1200&url=https%3A%2F%2Froninchat.pages.dev%2Fimport-account%2F&ref=https%3A%2F%2Froninchat.pages.dev%2Fimport-account%2F&label=T7bICOT7kfECEPyasJIB&hn=www.googleadservices.com&frm=0&tiba=Ronin&gtm_ee=1&npa=1&pscdl=noapi&auid=445596988.1729750910&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=CA&capi=1&data=event%3Dconversion&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECSid0cmlnZ2VyLCBldmVudC1zb3VyY2U7bmF2aWdhdGlvbi1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMIwIqzpLCmiQMVRImDBx0eWx_XMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhxodHRwczovL3JvbmluY2hhdC5wYWdlcy5kZXYvQlhDaEVJOEwzaXVBWVFxc0h4b1BpNTlabnlBUkl0QUlYRVI0WUZKWEkxRTUxaTdERzJBMHFhVU1wY0QtQkI2d0c3dDJjOFlJWlM1T1Z2cDJyOXB5NWZSeFUt&is_vtc=1&cid=CAQSGwDpaXnf_-9JYlajQAC_jRHjfuRjdoKoky0UxQ&random=2733001380 HTTP 302
https://www.google.de/pagead/1p-conversion/306974076/?random=1582191409&cv=11&fst=1729750910044&bg=ffffff&guid=ON&async=1&gtm=45be4al0za200zb852899156&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101686685~101794737~101823848&u_w=1600&u_h=1200&url=https%3A%2F%2Froninchat.pages.dev%2Fimport-account%2F&ref=https%3A%2F%2Froninchat.pages.dev%2Fimport-account%2F&label=T7bICOT7kfECEPyasJIB&hn=www.googleadservices.com&frm=0&tiba=Ronin&gtm_ee=1&npa=1&pscdl=noapi&auid=445596988.1729750910&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=CA&capi=1&data=event%3Dconversion&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECSid0cmlnZ2VyLCBldmVudC1zb3VyY2U7bmF2aWdhdGlvbi1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMIwIqzpLCmiQMVRImDBx0eWx_XMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhxodHRwczovL3JvbmluY2hhdC5wYWdlcy5kZXYvQlhDaEVJOEwzaXVBWVFxc0h4b1BpNTlabnlBUkl0QUlYRVI0WUZKWEkxRTUxaTdERzJBMHFhVU1wY0QtQkI2d0c3dDJjOFlJWlM1T1Z2cDJyOXB5NWZSeFUt&is_vtc=1&cid=CAQSGwDpaXnf_-9JYlajQAC_jRHjfuRjdoKoky0UxQ&random=2733001380&ipr=y

21 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3

403

/ Show response
roninchat.pages.dev/import-account/
Redirect Chain

http://roninchat.pages.dev/import-account/
https://roninchat.pages.dev/import-account/

4 KB
2 KB

82ms
33ms

Document
text/html

172.66.44.195
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://roninchat.pages.dev/import-account/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.44.195 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

78b8d44e2c7f3273f37c4f48dbb0c357fe10e9fc15c9c847d68af0fa048cb3c7

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.18 Safari/537.36

Response headers

cf-ray: 8d77de4fe87662c4-HAM
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Thu, 24 Oct 2024 06:21:44 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I9pag5ZZndyPMu2cdx8FSRyBvXPdGoF1GRvpXN%2FlSwlVSmBWTYAb0hVy7WOok5vIiI9XtgkzSO%2FMlxWGyIR7CgOitAotbZp%2BRHcAOi9o%2BD2p%2FHwlmI7JwsjqgEWtJM3yn9VQKlLf"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

Redirect headers

Cross-Origin-Resource-Policy: Cross-Origin
Location: https://roninchat.pages.dev/import-account/
Non-Authoritative-Reason: HSTS

GET
H3 200 cf.errors.css
roninchat.pages.dev/cdn-cgi/styles/ 23 KB
5 KB 32ms
31ms Stylesheet
text/css 172.66.44.195
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://roninchat.pages.dev/cdn-cgi/styles/cf.errors.css

Requested by

Host: roninchat.pages.dev
URL: https://roninchat.pages.dev/import-account/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.44.195 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.18 Safari/537.36
Referer: https://roninchat.pages.dev/import-account/

Response headers

vary: Accept-Encoding
cache-control: max-age=7200, public
content-encoding: gzip
etag: W/"6712b228-5df3"
x-content-type-options: nosniff
cf-ray: 8d77de50389c62c4-HAM
expires: Thu, 24 Oct 2024 08:21:44 GMT
date: Thu, 24 Oct 2024 06:21:44 GMT
content-type: text/css
last-modified: Fri, 18 Oct 2024 19:08:24 GMT
server: cloudflare
x-frame-options: DENY

GET
H3 200 icon-exclamation.png
roninchat.pages.dev/cdn-cgi/images/ 452 B
634 B 30ms
30ms Image
image/png 172.66.44.195
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://roninchat.pages.dev/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: roninchat.pages.dev
URL: https://roninchat.pages.dev/cdn-cgi/styles/cf.errors.css

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.44.195 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.18 Safari/537.36
Referer: https://roninchat.pages.dev/cdn-cgi/styles/cf.errors.css

Response headers

vary: Accept-Encoding
cache-control: max-age=7200, public
etag: "6712b228-1c4"
x-content-type-options: nosniff
cf-ray: 8d77de5068c062c4-HAM
expires: Thu, 24 Oct 2024 08:21:44 GMT
accept-ranges: bytes
content-length: 452
date: Thu, 24 Oct 2024 06:21:44 GMT
content-type: image/png
last-modified: Fri, 18 Oct 2024 19:08:24 GMT
server: cloudflare
x-frame-options: DENY

GET
H3 403 favicon.ico
roninchat.pages.dev/ 4 KB
2 KB 34ms
34ms Other
text/html 172.66.44.195
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://roninchat.pages.dev/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.44.195 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e12a518483fd2e4b796633ce4363789678f853fab3acb0035d990d398f2d7f4e

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.18 Safari/537.36
Referer: https://roninchat.pages.dev/import-account/

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vjWxIY%2Bz9xu9Wc2jK2hnjN3vghU3Mlbp38QAv1ZDD9pYAkLm%2FZ%2BZtY7N0dl52zXluP%2BZgiLDoibMZL7ZGBhbDurPy7Y57mUpvj9ycsm5vwZYqsTDWCMHDE4xYSZos3swvUJGM149"}],"group":"cf-nel","max_age":604800}
cf-ray: 8d77de5098e262c4-HAM
date: Thu, 24 Oct 2024 06:21:44 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: cloudflare
x-frame-options: SAMEORIGIN

GET
H3

200

Primary Request / Show response
roninchat.pages.dev/import-account/
Redirect Chain

https://roninchat.pages.dev/cdn-cgi/phish-bypass?atok=t4LGQx04IuP_HctUwQm028Cp.JLUdsN0nL9jOT1pTWE-1729750904-0.0.1.1-%2Fimport-account%2F
https://roninchat.pages.dev/import-account/

31 KB
9 KB

216ms
216ms

Document
text/html

172.66.44.195
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://roninchat.pages.dev/import-account/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.44.195 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

75d4a2fb769972b3efb218af92e73e79b022e4558bc484a20da039162b48d93c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://roninchat.pages.dev/import-account/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.18 Safari/537.36

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=0, must-revalidate
cf-ray: 8d77de6ffe2162c4-HAM
content-encoding: br
content-type: text/html; charset=utf-8
date: Thu, 24 Oct 2024 06:21:49 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority: u=0,i
referrer-policy: strict-origin-when-cross-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xrjxiLWUwgjMYY1RVHCvrSgL%2FVUWrD%2FNjcWoifgCXFP6hOPnkij3QukTrKLXuAp9OcXYWE0P%2F3WJw8sKYUWMY7P0hvI88pzfUw6lPO2K6ly54QeKVtg8mUd%2F%2FHTLwlTb9as4VvqC"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=QUIC&rtt=32202&sent=28&recv=21&lost=0&retrans=0&sent_bytes=14702&recv_bytes=6891&delivery_rate=542&cwnd=12000&unsent_bytes=0&cid=cbe9e9b1e589664a&ts=5348&x=1" cfExtPri cfHdrFlush;dur=0
vary: Accept-Encoding
x-content-type-options: nosniff

Redirect headers

cache-control: private, no-cache
cf-ray: 8d77de6fcdf462c4-HAM
content-length: 167
content-type: text/html
date: Thu, 24 Oct 2024 06:21:49 GMT
location: https://roninchat.pages.dev/import-account/
server: cloudflare
x-content-type-options: nosniff
x-frame-options: DENY

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 242 KB
88 KB 202ms
65ms Script
application/javascript 2a00:1450:4001:802::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-306974076

Requested by

Host: roninchat.pages.dev
URL: https://roninchat.pages.dev/import-account/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

18757e9785230a74bc1b52abafd1b9ff4043c047bf51645f96ec1ded8489a0ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.18 Safari/537.36
Referer: https://roninchat.pages.dev/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Thu, 24 Oct 2024 06:21:49 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 24 Oct 2024 06:21:49 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 24 Oct 2024 06:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 89236
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 index.css
roninchat.pages.dev/ 831 KB
64 KB 141ms
140ms Stylesheet
text/css 172.66.44.195
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://roninchat.pages.dev/index.css

Requested by

Host: roninchat.pages.dev
URL: https://roninchat.pages.dev/import-account/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.44.195 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc4066052e859471e5cdc97652f22911a1f2bbd37584edf2c2e772683c2d5559

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.18 Safari/537.36
Referer: https://roninchat.pages.dev/import-account/

Response headers

content-encoding: br
etag: W/"f06907cce209b03492c2882afc6d9e91"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BQmZHya8eSFvy%2FGcYmVOVuZW6p6KyISCAhb5uAzjlla8S5X2hTyBPZ33cQIrq1hIJ9BAe484o7LERtSVt%2Ft%2BdQVsUFeXdGvqSzqNLzJFMZg6wnqKf%2FXxfwfR0odZsIdN6QO%2BCcvg"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=30132&sent=68&recv=33&lost=0&retrans=0&sent_bytes=58078&recv_bytes=8544&delivery_rate=172803&cwnd=22800&unsent_bytes=0&cid=cbe9e9b1e589664a&ts=5491&x=1", cfExtPri, cfHdrFlush;dur=0
date: Thu, 24 Oct 2024 06:21:49 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
priority: u=0,i=?0
cache-control: public, max-age=0, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8d77de716efb62c4-HAM
access-control-allow-origin: *
server: cloudflare

GET
H3 200 jquery.min.js Show response
roninchat.pages.dev/ajax/libs/jquery/2.1.3/ 82 KB
31 KB 75ms
74ms Script
application/javascript 172.66.44.195
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://roninchat.pages.dev/ajax/libs/jquery/2.1.3/jquery.min.js

Requested by

Host: roninchat.pages.dev
URL: https://roninchat.pages.dev/import-account/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.44.195 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2051d61446d4dbffb03727031022a08c84528ab44d203a7669c101e5fbdd5515

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.18 Safari/537.36
Referer: https://roninchat.pages.dev/import-account/

Response headers

content-encoding: br
etag: W/"5f3608e85e0678b8c2510311cf0b572d"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Hw3PI9ObzPlYTrtQpKM5eHyIjlaF94LPuiTC2MvXyW%2FIY479SDa1cvrSARYTqSgPOYIkiXnYTnOKGzXzPFuxVCCH4Exr3Uwes5HuR3dulIq09WHfb4BxD2LBUrmANYPyTpNCIwKc"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=30309&sent=40&recv=28&lost=0&retrans=0&sent_bytes=25926&recv_bytes=8329&delivery_rate=319876&cwnd=12000&unsent_bytes=0&cid=cbe9e9b1e589664a&ts=5432&x=1", cfExtPri, cfHdrFlush;dur=0
date: Thu, 24 Oct 2024 06:21:49 GMT
content-type: application/javascript
vary: Accept-Encoding
priority: u=1,i=?0
cache-control: public, max-age=0, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8d77de716eff62c4-HAM
access-control-allow-origin: *
server: cloudflare

GET
H3 200 efdd139fe41f6d28007785ffe529d683.webp
roninchat.pages.dev/ 1 KB
2 KB 71ms
71ms Image
image/webp 172.66.44.195
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://roninchat.pages.dev/efdd139fe41f6d28007785ffe529d683.webp

Requested by

Host: roninchat.pages.dev
URL: https://roninchat.pages.dev/import-account/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.44.195 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5dbd6fada03289fda543fb39dada70a6c01bbd72a5634bd90e19e4051cc60c4e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.18 Safari/537.36
Referer: https://roninchat.pages.dev/import-account/

Response headers

etag: "c4122d8b5cdf56f79f25bbf8dc049d9e"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dWhGRlv2RyjHACYzxoUT9P2fLZgyLR92jtu5VgRb6TB3W9zdldeYU1jtBN8NfV0QLqWPFbiWN4RFLOD5uPPPRbK%2FUw8MvWxVuov6xAiRbgZY2XdOAA549h%2Fja4IJQ2zqe%2ByeDFBp"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=30309&sent=38&recv=28&lost=0&retrans=0&sent_bytes=23758&recv_bytes=8329&delivery_rate=319876&cwnd=12000&unsent_bytes=0&cid=cbe9e9b1e589664a&ts=5431&x=1", cfExtPri, cfHdrFlush;dur=0
date: Thu, 24 Oct 2024 06:21:49 GMT
content-type: image/webp
vary: Accept-Encoding
priority: u=2,i
cache-control: public, max-age=0, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8d77de716f0062c4-HAM
access-control-allow-origin: *
content-length: 1432
server: cloudflare

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 190 KB
68 KB 213ms
79ms Script
application/javascript 2a00:1450:4001:802::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5NL3CMH

Requested by

Host: roninchat.pages.dev
URL: https://roninchat.pages.dev/import-account/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

dd498221c8c9de48307b39ed3d073f315ebd4e56211c7cdd530dd8ee2c716bcf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.18 Safari/537.36
Referer: https://roninchat.pages.dev/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires: Thu, 24 Oct 2024 06:21:49 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 24 Oct 2024 06:21:49 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 24 Oct 2024 06:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 69805
x-xss-protection: 0
server: Google Tag Manager

GET
H3

200

Inter-Regular
roninchat.pages.dev/fonts/
Redirect Chain

https://roninchat.pages.dev/fonts/Inter-Regular.html
https://roninchat.pages.dev/fonts/Inter-Regular

708 B
1010 B

71ms
71ms

Font
text/html

172.66.44.195
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://roninchat.pages.dev/fonts/Inter-Regular

Requested by

Host: roninchat.pages.dev
URL: https://roninchat.pages.dev/import-account/

Protocol

Server

172.66.44.195 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.18 Safari/537.36
Referer: https://roninchat.pages.dev/import-account/

Response headers

cache-control: public, max-age=0, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DHL7bZoApiPDlo4E5v6QB3w97Y3shq0ziMDEwkL7NgC5o2i4m0Hfp3FYEfLBT6q%2BOQ4UwanC2ls11GfDpzLu%2BgEmsD7%2BW7aXoF2S7%2FbsSXLZrrDIYVr7UM9hDCulyTYo6zl9eCpL"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8d77de73182f62c4-HAM
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=29544&sent=138&recv=72&lost=0&retrans=0&sent_bytes=129029&recv_bytes=12874&delivery_rate=62384&cwnd=68700&unsent_bytes=0&cid=cbe9e9b1e589664a&ts=5700&x=1", cfExtPri, cfHdrFlush;dur=0
date: Thu, 24 Oct 2024 06:21:49 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
server: cloudflare
priority: u=0,i=?0

Redirect headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
location: /fonts/Inter-Regular
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vwGEVw9OhGZHedsdFEPB3SVROBnP910MThiwgPQflx1wrN6p%2B4%2BuJcdPR46EAjQ0J4r8RFBQAPJvwHhZfI8kwFHl1qL85jvFNgo3nD0K73aCeG3adZr8OGxirFZy61ADR9xbXoJX"}],"group":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8d77de72d80362c4-HAM
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 0
server-timing: cfL4;desc="?proto=QUIC&rtt=29816&sent=130&recv=69&lost=0&retrans=0&sent_bytes=125309&recv_bytes=11634&delivery_rate=1305948&cwnd=68700&unsent_bytes=0&cid=cbe9e9b1e589664a&ts=5630&x=1", cfExtPri, cfHdrFlush;dur=0
date: Thu, 24 Oct 2024 06:21:49 GMT
vary: Accept-Encoding
server: cloudflare
priority: u=0,i=?0

GET
H3 200 0fa701475eab3f1a6bd063a8460faa92.svg
roninchat.pages.dev/ 3 KB
2 KB 66ms
65ms Image
image/svg+xml 172.66.44.195
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://roninchat.pages.dev/0fa701475eab3f1a6bd063a8460faa92.svg

Requested by

Host: roninchat.pages.dev
URL: https://roninchat.pages.dev/import-account/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.44.195 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

87d3b6b437264b126d0af02873575b3970dbe4fef07bef94e298d57b98db71b8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.18 Safari/537.36
Referer: https://roninchat.pages.dev/import-account/

Response headers

content-encoding: br
etag: W/"d5f4e65e6c26ca931657a5cffc9f0dce"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bkyTvYysLYmtbnZ0o8QvoBzvqmNLSNjJtZDbOrTXj%2BpHtKpZGH6QMKox8s%2BNHnX4xPwIx47o%2B4dJvnpj5dOopLfGTODZej2LfFSQXdSzwkV5fbfWvoxRRZyuesbpZ891wg%2FGRG32"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=29816&sent=132&recv=69&lost=0&retrans=0&sent_bytes=126636&recv_bytes=11634&delivery_rate=1305948&cwnd=68700&unsent_bytes=0&cid=cbe9e9b1e589664a&ts=5636&x=1", cfExtPri, cfHdrFlush;dur=0
date: Thu, 24 Oct 2024 06:21:49 GMT
content-type: image/svg+xml
vary: Accept-Encoding
priority: u=3,i
cache-control: public, max-age=0, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8d77de72bfe762c4-HAM
access-control-allow-origin: *
server: cloudflare

GET
H3

200

Inter-Bold
roninchat.pages.dev/fonts/
Redirect Chain

https://roninchat.pages.dev/fonts/Inter-Bold.html
https://roninchat.pages.dev/fonts/Inter-Bold

708 B
1011 B

62ms
62ms

Font
text/html

172.66.44.195
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://roninchat.pages.dev/fonts/Inter-Bold

Requested by

Host: roninchat.pages.dev
URL: https://roninchat.pages.dev/import-account/

Protocol

Server

172.66.44.195 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.18 Safari/537.36
Referer: https://roninchat.pages.dev/import-account/

Response headers

cache-control: public, max-age=0, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lmvJ89LX%2BA2Orpsa%2F5UiugKeH%2FCkQBgeykTBw1P8E1u47J32i9gDBMjQ3t7L8yLd3snWvqxAvt%2BVKiObl4ELwby2R0i4vwJB9rjfg5rMpZZhni2twJ%2FLuYMSVOb7x6WpBlcGJW5j"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8d77de73283a62c4-HAM
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=29544&sent=139&recv=72&lost=0&retrans=0&sent_bytes=130057&recv_bytes=12874&delivery_rate=62384&cwnd=68700&unsent_bytes=0&cid=cbe9e9b1e589664a&ts=5701&x=1", cfExtPri, cfHdrFlush;dur=0
date: Thu, 24 Oct 2024 06:21:49 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
server: cloudflare
priority: u=0,i=?0

Redirect headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
location: /fonts/Inter-Bold
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hxntXyAYmjZxDG1Ga00kPtzdJDLZCDk3Ee9ip8f0bUsjWjohYitHURV6dXj59aN1APjE0csvM9IFuookowYvBeZ%2BhKPeWx6X1uwl%2FnYX14NBVi9swCMphZ8pyNzke5N1bjvEeQhF"}],"group":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8d77de72d80662c4-HAM
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 0
server-timing: cfL4;desc="?proto=QUIC&rtt=29816&sent=134&recv=69&lost=0&retrans=0&sent_bytes=128297&recv_bytes=11634&delivery_rate=1305948&cwnd=68700&unsent_bytes=0&cid=cbe9e9b1e589664a&ts=5636&x=1", cfExtPri, cfHdrFlush;dur=0
date: Thu, 24 Oct 2024 06:21:49 GMT
vary: Accept-Encoding
server: cloudflare
priority: u=0,i=?0

GET
H3

200

Inter-SemiBold
roninchat.pages.dev/fonts/
Redirect Chain

https://roninchat.pages.dev/fonts/Inter-SemiBold.html
https://roninchat.pages.dev/fonts/Inter-SemiBold

708 B
1012 B

66ms
66ms

Font
text/html

172.66.44.195
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://roninchat.pages.dev/fonts/Inter-SemiBold

Requested by

Host: roninchat.pages.dev
URL: https://roninchat.pages.dev/import-account/

Protocol

Server

172.66.44.195 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.18 Safari/537.36
Referer: https://roninchat.pages.dev/import-account/

Response headers

cache-control: public, max-age=0, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lGDE2YNT7fB43pAV54QtRFePVWi3T3D3Gjsb2vynAmF%2BOR21JRgN1%2FdbZt6EknMoIsE82%2FwAhUXxAQIIL3vKuEqEBQiTtrFKB1WgmFNZ%2F%2Bpj5LgzhxSMfcc6HIQkfi8Qu11QNP2P"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8d77de73283562c4-HAM
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=29544&sent=141&recv=72&lost=0&retrans=0&sent_bytes=131120&recv_bytes=12874&delivery_rate=62384&cwnd=68700&unsent_bytes=0&cid=cbe9e9b1e589664a&ts=5702&x=1", cfExtPri, cfHdrFlush;dur=0
date: Thu, 24 Oct 2024 06:21:49 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
server: cloudflare
priority: u=0,i=?0

Redirect headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
location: /fonts/Inter-SemiBold
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dwzM3XljZL72SoUNVbp8JP8LbwLxTb91H%2BOE5oF7RGYMAKeib4KO83VIIEcl%2FWcKCqFeF6Iw5aBy3%2B6hS0Gb72ybVpU%2BytspP2XUQmfX6Z3pOhFY8Tyk8MDJcVO4G9ueUQuh%2Bzxs"}],"group":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8d77de72d80762c4-HAM
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 0
server-timing: cfL4;desc="?proto=QUIC&rtt=29816&sent=131&recv=69&lost=0&retrans=0&sent_bytes=125970&recv_bytes=11634&delivery_rate=1305948&cwnd=68700&unsent_bytes=0&cid=cbe9e9b1e589664a&ts=5632&x=1", cfExtPri, cfHdrFlush;dur=0
date: Thu, 24 Oct 2024 06:21:49 GMT
vary: Accept-Encoding
server: cloudflare
priority: u=0,i=?0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 291 KB
100 KB 66ms
66ms Script
application/javascript 2a00:1450:4001:802::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-7GC14E1ERL&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5NL3CMH

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7502030030b273330d6a50bdf5019d4b752077cdef3dc772892b652db5494f15

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.18 Safari/537.36
Referer: https://roninchat.pages.dev/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Thu, 24 Oct 2024 06:21:50 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 24 Oct 2024 06:21:50 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 102272
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 242 KB
87 KB 70ms
70ms Script
application/javascript 2a00:1450:4001:802::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-306974076&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5NL3CMH

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b4c394bab8b938307aa28c8d0c7b56e4313d5ef527c398c3873822b65e6bd7fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.18 Safari/537.36
Referer: https://roninchat.pages.dev/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Thu, 24 Oct 2024 06:21:50 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 24 Oct 2024 06:21:50 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 24 Oct 2024 06:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 89116
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 / Show response
www.googleadservices.com/pagead/conversion/306974076/ 5 KB
3 KB 160ms
72ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/306974076/?random=1729750910044&cv=11&fst=1729750910044&bg=ffffff&guid=ON&async=1&gtm=45be4al0za200zb852899156&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101686685~101794737~101823848&u_w=1600&u_h=1200&url=https%3A%2F%2Froninchat.pages.dev%2Fimport-account%2F&ref=https%3A%2F%2Froninchat.pages.dev%2Fimport-account%2F&label=T7bICOT7kfECEPyasJIB&hn=www.googleadservices.com&frm=0&tiba=Ronin&gtm_ee=1&npa=1&pscdl=noapi&auid=445596988.1729750910&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=CA&capi=1&data=event%3Dconversion&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-306974076

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

21276d1e706b46f6f6730745d746592fe6a144f83a1eeedcff91c66de1fcf1f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.18 Safari/537.36
Referer: https://roninchat.pages.dev/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
content-encoding: br
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 2628
date: Thu, 24 Oct 2024 06:21:50 GMT
x-xss-protection: 0
content-type: text/javascript; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H2 200 sw_iframe.html
www.googletagmanager.com/static/service_worker/4al0/ Frame 549A 0
0 164ms
57ms Document
text/html 2a00:1450:4001:802::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/static/service_worker/4al0/sw_iframe.html?origin=https%3A%2F%2Froninchat.pages.dev

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-306974076

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.18 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 1476
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/analytics-container-tag-serving
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="analytics-container-tag-serving"
cross-origin-resource-policy: cross-origin
date: Thu, 24 Oct 2024 06:21:50 GMT
expires: Fri, 24 Oct 2025 06:21:50 GMT
last-modified: Mon, 21 Oct 2024 16:58:00 GMT
report-to: {"group":"analytics-container-tag-serving","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving"}]}
server: sffe
service-worker-allowed: /static/service_worker
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 204 collect
region1.google-analytics.com/g/ 0
0 128ms
38ms Fetch
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-7GC14E1ERL&gtm=45je4al0v873112491za200zb852899156&_p=1729750909653&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101686685~101794737~101823847&cid=1848060940.1729750910&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1729750910&sct=1&seg=0&dl=https%3A%2F%2Froninchat.pages.dev%2Fimport-account%2F&dr=https%3A%2F%2Froninchat.pages.dev%2Fimport-account%2F&dt=Ronin&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=815
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-7GC14E1ERL&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.18 Safari/537.36
Referer: https://roninchat.pages.dev/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://roninchat.pages.dev
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 24 Oct 2024 06:21:50 GMT
content-type: text/plain
server: Golfe2

GET
H3

200

/
www.google.de/pagead/1p-conversion/306974076/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/306974076/?random=1582191409&cv=11&fst=1729750910044&bg=ffffff&guid=ON&async=1&gtm=45be4al0za200zb852899156&gcd=13l3l3l2l1l1&dma_cps...
https://www.google.com/pagead/1p-conversion/306974076/?random=1582191409&cv=11&fst=1729750910044&bg=ffffff&guid=ON&async=1&gtm=45be4al0za200zb852899156&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_ex...
https://www.google.de/pagead/1p-conversion/306974076/?random=1582191409&cv=11&fst=1729750910044&bg=ffffff&guid=ON&async=1&gtm=45be4al0za200zb852899156&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp...

42 B
64 B

125ms
69ms

Image
image/gif

172.217.18.99
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-conversion/306974076/?random=1582191409&cv=11&fst=1729750910044&bg=ffffff&guid=ON&async=1&gtm=45be4al0za200zb852899156&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101686685~101794737~101823848&u_w=1600&u_h=1200&url=https%3A%2F%2Froninchat.pages.dev%2Fimport-account%2F&ref=https%3A%2F%2Froninchat.pages.dev%2Fimport-account%2F&label=T7bICOT7kfECEPyasJIB&hn=www.googleadservices.com&frm=0&tiba=Ronin&gtm_ee=1&npa=1&pscdl=noapi&auid=445596988.1729750910&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=CA&capi=1&data=event%3Dconversion&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECSid0cmlnZ2VyLCBldmVudC1zb3VyY2U7bmF2aWdhdGlvbi1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMIwIqzpLCmiQMVRImDBx0eWx_XMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhxodHRwczovL3JvbmluY2hhdC5wYWdlcy5kZXYvQlhDaEVJOEwzaXVBWVFxc0h4b1BpNTlabnlBUkl0QUlYRVI0WUZKWEkxRTUxaTdERzJBMHFhVU1wY0QtQkI2d0c3dDJjOFlJWlM1T1Z2cDJyOXB5NWZSeFUt&is_vtc=1&cid=CAQSGwDpaXnf_-9JYlajQAC_jRHjfuRjdoKoky0UxQ&random=2733001380&ipr=y

Requested by

Host: roninchat.pages.dev
URL: https://roninchat.pages.dev/import-account/

Protocol

Server

172.217.18.99 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.18 Safari/537.36
Referer: https://roninchat.pages.dev/

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Thu, 24 Oct 2024 06:21:50 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
location: https://www.google.de/pagead/1p-conversion/306974076/?random=1582191409&cv=11&fst=1729750910044&bg=ffffff&guid=ON&async=1&gtm=45be4al0za200zb852899156&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101686685~101794737~101823848&u_w=1600&u_h=1200&url=https%3A%2F%2Froninchat.pages.dev%2Fimport-account%2F&ref=https%3A%2F%2Froninchat.pages.dev%2Fimport-account%2F&label=T7bICOT7kfECEPyasJIB&hn=www.googleadservices.com&frm=0&tiba=Ronin&gtm_ee=1&npa=1&pscdl=noapi&auid=445596988.1729750910&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=CA&capi=1&data=event%3Dconversion&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgjCybECSid0cmlnZ2VyLCBldmVudC1zb3VyY2U7bmF2aWdhdGlvbi1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMIwIqzpLCmiQMVRImDBx0eWx_XMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhxodHRwczovL3JvbmluY2hhdC5wYWdlcy5kZXYvQlhDaEVJOEwzaXVBWVFxc0h4b1BpNTlabnlBUkl0QUlYRVI0WUZKWEkxRTUxaTdERzJBMHFhVU1wY0QtQkI2d0c3dDJjOFlJWlM1T1Z2cDJyOXB5NWZSeFUt&is_vtc=1&cid=CAQSGwDpaXnf_-9JYlajQAC_jRHjfuRjdoKoky0UxQ&random=2733001380&ipr=y
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Thu, 24 Oct 2024 06:21:50 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 favicon.ico
roninchat.pages.dev/ 1 KB
2 KB 66ms
66ms Other
text/plain 172.66.44.195
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://roninchat.pages.dev/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.44.195 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e3db8e4cc92dbf5075427e2e6b20e8574036feb747cf585a0ee723ec7c545ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.18 Safari/537.36
Referer: https://roninchat.pages.dev/import-account/

Response headers

etag: "9d12ff3c7ea569862cd9ee70ed7be430"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f6QMTTa3QcwGzN6g%2BZ7Ok5gVT0dbOGMFmazuPmI%2FhNSsVh%2FFVQsJ8bGSGl%2BcUlIjVZKaMbgjSpuD3FoSzfq84Zr%2FmUbuyNXnBB8vLZ4%2FVfTQPT2iqbydEfgO0fxPlrqL45sBsD1a"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=29537&sent=144&recv=74&lost=0&retrans=0&sent_bytes=132204&recv_bytes=13450&delivery_rate=44791&cwnd=68700&unsent_bytes=0&cid=cbe9e9b1e589664a&ts=6521&x=1", cfExtPri, cfHdrFlush;dur=0
date: Thu, 24 Oct 2024 06:21:50 GMT
content-type: null
vary: Accept-Encoding
priority: u=1,i
cache-control: public, max-age=0, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8d77de783c3562c4-HAM
access-control-allow-origin: *
content-length: 1150
server: cloudflare

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.roninchat.pages.dev/	1970-01-21 00:30:37	Name: __cf_mw_byp Value: t4LGQx04IuP_HctUwQm028Cp.JLUdsN0nL9jOT1pTWE-1729750904-0.0.1.1-/import-account/
.roninchat.pages.dev/	1970-01-21 02:38:46	Name: _gcl_au Value: 1.1.445596988.1729750910
.roninchat.pages.dev/	1970-01-21 10:05:10	Name: _ga Value: GA1.1.1848060940.1729750910
.roninchat.pages.dev/	1970-01-21 10:05:10	Name: _ga_7GC14E1ERL Value: GS1.1.1729750910.1.0.1729750910.0.0.0
.doubleclick.net/	1970-01-21 00:29:11	Name: test_cookie Value: CheckForPermission

11 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://roninchat.pages.dev/import-account/ Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://roninchat.pages.dev/favicon.ico Message: Failed to load resource: the server responded with a status of 403 ()
recommendation	verbose	URL: https://roninchat.pages.dev/import-account/ Message: [DOM] Password field is not contained in a form: (More info: https://goo.gl/9p2vKq) %o
recommendation	verbose	URL: https://roninchat.pages.dev/import-account/ Message: [DOM] Password field is not contained in a form: (More info: https://goo.gl/9p2vKq) %o
recommendation	verbose	URL: https://roninchat.pages.dev/import-account/ Message: [DOM] Password field is not contained in a form: (More info: https://goo.gl/9p2vKq) %o
other	warning	URL: https://roninchat.pages.dev/import-account/ Message: Failed to decode downloaded font: https://roninchat.pages.dev/fonts/Inter-Regular.html
other	warning	URL: https://roninchat.pages.dev/import-account/ Message: OTS parsing error: invalid sfntVersion: 1008813135
other	warning	URL: https://roninchat.pages.dev/import-account/ Message: Failed to decode downloaded font: https://roninchat.pages.dev/fonts/Inter-Bold.html
other	warning	URL: https://roninchat.pages.dev/import-account/ Message: OTS parsing error: invalid sfntVersion: 1008813135
other	warning	URL: https://roninchat.pages.dev/import-account/ Message: Failed to decode downloaded font: https://roninchat.pages.dev/fonts/Inter-SemiBold.html
other	warning	URL: https://roninchat.pages.dev/import-account/ Message: OTS parsing error: invalid sfntVersion: 1008813135

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

googleads.g.doubleclick.net
region1.google-analytics.com
roninchat.pages.dev
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
142.250.184.226
142.250.185.196
142.250.186.98
172.217.18.99
172.66.44.195
2001:4860:4802:34::36
2a00:1450:4001:802::2008
18757e9785230a74bc1b52abafd1b9ff4043c047bf51645f96ec1ded8489a0ed
2051d61446d4dbffb03727031022a08c84528ab44d203a7669c101e5fbdd5515
21276d1e706b46f6f6730745d746592fe6a144f83a1eeedcff91c66de1fcf1f0
37a4e56c497e170de6e152bc479624eb8d7ccb35bad5a190f2fdb17ac699cffa
5dbd6fada03289fda543fb39dada70a6c01bbd72a5634bd90e19e4051cc60c4e
7502030030b273330d6a50bdf5019d4b752077cdef3dc772892b652db5494f15
75d4a2fb769972b3efb218af92e73e79b022e4558bc484a20da039162b48d93c
78b8d44e2c7f3273f37c4f48dbb0c357fe10e9fc15c9c847d68af0fa048cb3c7
7e3db8e4cc92dbf5075427e2e6b20e8574036feb747cf585a0ee723ec7c545ca
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
87d3b6b437264b126d0af02873575b3970dbe4fef07bef94e298d57b98db71b8
b4c394bab8b938307aa28c8d0c7b56e4313d5ef527c398c3873822b65e6bd7fc
bc4066052e859471e5cdc97652f22911a1f2bbd37584edf2c2e772683c2d5559
dd498221c8c9de48307b39ed3d073f315ebd4e56211c7cdd530dd8ee2c716bcf
e12a518483fd2e4b796633ce4363789678f853fab3acb0035d990d398f2d7f4e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

roninchat.pages.dev Open in urlscan Pro 172.66.44.195 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

21 Requests

81 %HTTPS

29 %IPv6

7 Domains

7 Subdomains

5 IPs

2 Countries

468 kBTransfer

1955 kBSize

5 Cookies

0 Outgoing links

Page URL History

Redirected requests

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

14 JavaScript Global Variables

5 Cookies

11 Console Messages

Security Headers

Indicators

roninchat.pages.dev Open in urlscan Pro
172.66.44.195 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

21
Requests

81 %
HTTPS

29 %
IPv6

7
Domains

7
Subdomains

5
IPs

2
Countries

468 kB
Transfer

1955 kB
Size

5
Cookies

21 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!