abameronoceroma.com Open in urlscan Pro
2606:4700:3031::ac43:dcc4 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://cl.gy/wOETL
Effective URL:
https://abameronoceroma.com/NRMTL/MLDKTR/NBCLDM/OMRLDI/
Submission: On September 26 via manual (September 26th 2024, 10:46:40 am UTC) from DE — Scanned from DE

Summary HTTP 32 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 1 countries across 4 domains to perform 32 HTTP transactions. The main IP is 2606:4700:3031::ac43:dcc4, located in United States and belongs to CLOUDFLARENET, US. The main domain is abameronoceroma.com.
TLS certificate: Issued by WE1 on September 25th 2024. Valid for: 3 months.

This is the only time abameronoceroma.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 4	35.212.63.232 35.212.63.232	15169 (GOOGLE) (GOOGLE)
2	2600:9000:223... 2600:9000:223d:8000:5:acf3:db40:21	16509 (AMAZON-02) (AMAZON-02)
2	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 18	2606:4700:303... 2606:4700:3031::ac43:dcc4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
32	5

4 35.212.63.232 (Washington, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 232.63.212.35.bc.googleusercontent.com

cl.gy	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:223d:8000:5:acf3:db40:21 (United States)

ASN16509 (AMAZON-02, US)

d1rozh26tys225.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

a1noumeroma.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2606:4700:3031::ac43:dcc4 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

abameronoceroma.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	abameronoceroma.com 2 redirects abameronoceroma.com	41 KB
4	cl.gy 1 redirects cl.gy	6 KB
2	a1noumeroma.com a1noumeroma.com	1 KB
2	cloudfront.net d1rozh26tys225.cloudfront.net	4 KB
32	4

	Domain	Requested by
18	abameronoceroma.com	2 redirects abameronoceroma.com cl.gy
4	cl.gy	1 redirects cl.gy
2	a1noumeroma.com	cl.gy
2	d1rozh26tys225.cloudfront.net	cl.gy
32	4

This site contains no links.

Subject Issuer	Validity	Valid
*.cl.gy R10	`2024-09-07` - `2024-12-06`	3 months	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2024-07-30` - `2025-07-03`	a year	crt.sh
a1noumeroma.com WE1	`2024-09-24` - `2024-12-23`	3 months	crt.sh
abameronoceroma.com WE1	`2024-09-25` - `2024-12-24`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://abameronoceroma.com/NRMTL/MLDKTR/NBCLDM/OMRLDI/
Frame ID: 07BE1817816F2D2A8C36FFA254E02185
Requests: 20 HTTP requests in this frame

Frame: https://abameronoceroma.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/main.js
Frame ID: FD5C5ACD5E1033235BA528B5DBF66B2F
Requests: 2 HTTP requests in this frame

Frame: https://abameronoceroma.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Frame ID: CEECB1A2CB00376A9639170AA3E0334C
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

403 Forbidden

Page URL History Show full URLs

https://cl.gy/wOETL Page URL
https://cl.gy/.well-known/sgcaptcha/?r=%2FwOETL&y=ipr:45.141.152.77:1727347592.765 Page URL
https://cl.gy/.well-known/sgcaptcha/?r=%2FwOETL&sol=MjA6MTcyNzM0NzU5MjowZDNlMmNmYTpjZDY2Nj... Page URL
https://cl.gy/wOETL HTTP 301
https://a1noumeroma.com/ilioe Page URL
https://abameronoceroma.com/NRMTL/MLDKTR/NBCLDM/OMRLDI/ Page URL
https://abameronoceroma.com/cdn-cgi/phish-bypass?atok=U4T6JCWwdvCxpPwwm4HF0ySOMOcOCOxoTwj1dav7VEk-172734... HTTP 301
https://abameronoceroma.com/NRMTL/MLDKTR/NBCLDM/OMRLDI/ Page URL
https://abameronoceroma.com/NRMTL/MLDKTR/NBCLDM/OMRLDI/ Page URL

Page Statistics

32
Requests

66 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

5
IPs

1
Countries

51 kB
Transfer

85 kB
Size

20
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://cl.gy/wOETL Page URL
https://cl.gy/.well-known/sgcaptcha/?r=%2FwOETL&y=ipr:45.141.152.77:1727347592.765 Page URL
https://cl.gy/.well-known/sgcaptcha/?r=%2FwOETL&sol=MjA6MTcyNzM0NzU5MjowZDNlMmNmYTpjZDY2NjI3NjQ2MTVkMWUzYTZjNWZkNmM2NTk5NTAzYzNjOTQ2M2Q3YWJiNmUwMTk1MDEzNGM2YTllNzk4NmIzOgINp2Y%3D&s=1878:812453 Page URL
https://cl.gy/wOETL HTTP 301
https://a1noumeroma.com/ilioe Page URL
https://abameronoceroma.com/NRMTL/MLDKTR/NBCLDM/OMRLDI/ Page URL
https://abameronoceroma.com/cdn-cgi/phish-bypass?atok=U4T6JCWwdvCxpPwwm4HF0ySOMOcOCOxoTwj1dav7VEk-1727347596-0.0.1.1-%2FNRMTL%2FMLDKTR%2FNBCLDM%2FOMRLDI%2F HTTP 301
https://abameronoceroma.com/NRMTL/MLDKTR/NBCLDM/OMRLDI/ Page URL
https://abameronoceroma.com/NRMTL/MLDKTR/NBCLDM/OMRLDI/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 13

https://cl.gy/wOETL HTTP 301
https://a1noumeroma.com/ilioe

Request Chain 21

https://abameronoceroma.com/cdn-cgi/phish-bypass?atok=U4T6JCWwdvCxpPwwm4HF0ySOMOcOCOxoTwj1dav7VEk-1727347596-0.0.1.1-%2FNRMTL%2FMLDKTR%2FNBCLDM%2FOMRLDI%2F HTTP 301
https://abameronoceroma.com/NRMTL/MLDKTR/NBCLDM/OMRLDI/

Request Chain 24

https://abameronoceroma.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://abameronoceroma.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/main.js

32 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 202 wOETL Show response
cl.gy/ 173 B
423 B 706ms
100ms Document
text/html 35.212.63.232
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cl.gy/wOETL
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.212.63.232 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 232.63.212.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 3196565caf8d6f739db85e55a04e34d4a09bda69b7f30dde4695617bf779401b

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control: no-store,no-cache,max-age=0
content-length: 173
content-type: text/html
date: Thu, 26 Sep 2024 10:46:32 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
host-header: 8441280b0c35cbc1147f8ba998a563a7
server: nginx
sg-captcha: challenge
x-proxy-cache-info: DT:1
x-robots-tag: noindex

GET
H2 200 / Show response
cl.gy/.well-known/sgcaptcha/ 12 KB
5 KB 101ms
101ms Document
text/html 35.212.63.232
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cl.gy/.well-known/sgcaptcha/?r=%2FwOETL&y=ipr:45.141.152.77:1727347592.765
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.212.63.232 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 232.63.212.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 4e7e713a6680209960bf827daa48fee54a2c4803f9922f3b954243af7dd06aea

Request headers

Referer: https://cl.gy/wOETL
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control: no-store,no-cache,max-age=0
content-encoding: br
content-type: text/html
date: Thu, 26 Sep 2024 10:46:32 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
host-header: 8441280b0c35cbc1147f8ba998a563a7
server: nginx
sg-captcha: challenge
vary: Accept-Encoding
x-proxy-cache-info: DT:1
x-robots-tag: noindex

GET
H2 200 robot-suspicion.svg
d1rozh26tys225.cloudfront.net/ 5 KB
3 KB 27ms
6ms Image
image/svg+xml 2600:9000:223d:8000:5:acf3:db40:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d1rozh26tys225.cloudfront.net/robot-suspicion.svg
Requested by: Host: cl.gy
URL: https://cl.gy/.well-known/sgcaptcha/?r=%2FwOETL&y=ipr:45.141.152.77:1727347592.765
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223d:8000:5:acf3:db40:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ddb4a8fe630cda4853312bf576429166ca074167ec93d38b24fc80d166f52a34

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cl.gy/

Response headers

x-amz-cf-pop: FRA56-P3
content-encoding: gzip
etag: W/"bf95026d64faa61f93dcec8be1040417"
age: 34450
via: 1.1 68eb499493257a6d0620a0f6abdc78ca.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: LhavN4EwhlZUg1kTJF286scKzeWrufwnk_36y5vG69H6HoS9CzUv5g==
date: Thu, 26 Sep 2024 01:12:23 GMT
content-type: image/svg+xml
vary: Accept-Encoding
server: AmazonS3
last-modified: Wed, 16 Aug 2023 13:41:23 GMT
x-amz-server-side-encryption: AES256

GET
H2 200 loader.svg
d1rozh26tys225.cloudfront.net/ 846 B
1 KB 27ms
8ms Image
image/svg+xml 2600:9000:223d:8000:5:acf3:db40:21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d1rozh26tys225.cloudfront.net/loader.svg
Requested by: Host: cl.gy
URL: https://cl.gy/.well-known/sgcaptcha/?r=%2FwOETL&y=ipr:45.141.152.77:1727347592.765
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223d:8000:5:acf3:db40:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: daed5f030b7d78e92c71aa05601d7bc94a8c59f4037363666f02e5611fc5de42

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://cl.gy/

Response headers

vary: Accept-Encoding
etag: "8946b767a9a283b2a0f3a62fd915020c"
age: 25610
via: 1.1 68eb499493257a6d0620a0f6abdc78ca.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 846
x-amz-cf-id: xQqWGPeLnR14A9DTRyeooBB-N47eTfeolovEfhPJQpowcgQ1DOf5uw==
date: Thu, 26 Sep 2024 03:39:43 GMT
content-type: image/svg+xml
last-modified: Wed, 16 Aug 2023 13:41:22 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P3
x-amz-server-side-encryption: AES256

GET 99ff9fde-f421-45f2-8ad4-ed214e3bc665
https://cl.gy/ Frame 0
0

GET
H2 202 / Show response
cl.gy/.well-known/sgcaptcha/ 310 B
690 B 101ms
100ms Document
text/html 35.212.63.232
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cl.gy/.well-known/sgcaptcha/?r=%2FwOETL&sol=MjA6MTcyNzM0NzU5MjowZDNlMmNmYTpjZDY2NjI3NjQ2MTVkMWUzYTZjNWZkNmM2NTk5NTAzYzNjOTQ2M2Q3YWJiNmUwMTk1MDEzNGM2YTllNzk4NmIzOgINp2Y%3D&s=1878:812453
Requested by: Host: cl.gy
URL: https://cl.gy/.well-known/sgcaptcha/?r=%2FwOETL&y=ipr:45.141.152.77:1727347592.765
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 35.212.63.232 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 232.63.212.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 4017d389a976c700ecf1a8ed8198afaab177f479c7bb477379ad51e9a6b294cc

Request headers

Referer: https://cl.gy/.well-known/sgcaptcha/?r=%2FwOETL&y=ipr:45.141.152.77:1727347592.765
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control: no-store,no-cache,max-age=0
content-length: 310
content-type: text/html
date: Thu, 26 Sep 2024 10:46:34 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
host-header: 8441280b0c35cbc1147f8ba998a563a7
server: nginx
sg-captcha: challenge
x-proxy-cache-info: DT:1
x-robots-tag: noindex

GET
H3

404

ilioe Show response
a1noumeroma.com/
Redirect Chain

https://cl.gy/wOETL
https://a1noumeroma.com/ilioe

211 B
641 B

120ms
86ms

Document
text/html

2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a1noumeroma.com/ilioe
Requested by: Host: cl.gy
URL: https://cl.gy/.well-known/sgcaptcha/?r=%2FwOETL&sol=MjA6MTcyNzM0NzU5MjowZDNlMmNmYTpjZDY2NjI3NjQ2MTVkMWUzYTZjNWZkNmM2NTk5NTAzYzNjOTQ2M2Q3YWJiNmUwMTk1MDEzNGM2YTllNzk4NmIzOgINp2Y%3D&s=1878:812453
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a5a4c995f95f408b85604113f9dc3930619c0a4ac868b152e100ac0da08b26ad

Request headers

Referer: https://cl.gy/.well-known/sgcaptcha/?r=%2FwOETL&sol=MjA6MTcyNzM0NzU5MjowZDNlMmNmYTpjZDY2NjI3NjQ2MTVkMWUzYTZjNWZkNmM2NTk5NTAzYzNjOTQ2M2Q3YWJiNmUwMTk1MDEzNGM2YTllNzk4NmIzOgINp2Y%3D&s=1878:812453
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cf-cache-status: DYNAMIC
cf-ray: 8c92abca6ed59244-FRA
content-encoding: br
content-type: text/html
date: Thu, 26 Sep 2024 10:46:35 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pIv9vIBQnt91MrZZmlebkcDPSWoTP3TuZrbonT0Z%2FybQewg%2FPNkxjl3XgdLkwBepU3vDd4kPCBektvB%2B5r8pJV3%2FI9uOa8pQFrVJ8EBfogsRBVirW1oo2eXlntukH4Cx%2FWs0zNHDSkJ1vGQCOX0%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
speculation-rules: "/cdn-cgi/speculation"
vary: Accept-Encoding,User-Agent
x-turbo-charged-by: LiteSpeed

Redirect headers

cache-control: no-store, no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 26 Sep 2024 10:46:35 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
host-header: 6b7412fb82ca5edfd0917e3957f05d89
location: https://a1noumeroma.com/ilioe
pragma: no-cache
server: nginx
x-httpd-modphp: 1
x-proxy-cache: MISS
x-proxy-cache-info: 0301 NC:000000 UP:SKIP_CACHE_SET_COOKIE

GET
H3 200 speculation
a1noumeroma.com/cdn-cgi/ 128 B
556 B 17ms
16ms Other
application/speculationrules+json 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a1noumeroma.com/cdn-cgi/speculation
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://a1noumeroma.com
Referer: https://a1noumeroma.com/ilioe

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zJG22BcZfraCcccKT%2BPRx4GMzklnUCQEB99IbM0xhSei9tQr%2BLutI%2FV9hwOj%2BWp3as3fuTdPgcZ%2BQqknHCXkYL6i6M1gTeo%2BG4nbcQMA%2Bu0jDHZ8k6KVIljg%2BgL9LAtM2div0Izdh6edeFz6U9Y%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8c92abcaffaf9244-FRA
access-control-allow-origin: https://a1noumeroma.com
content-length: 128
date: Thu, 26 Sep 2024 10:46:36 GMT
content-type: application/speculationrules+json
vary: Origin, Accept-Encoding
server: cloudflare

GET
H3 200 / Show response
abameronoceroma.com/NRMTL/MLDKTR/NBCLDM/OMRLDI/ 4 KB
2 KB 50ms
21ms Document
text/html 2606:4700:3031::ac43:dcc4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://abameronoceroma.com/NRMTL/MLDKTR/NBCLDM/OMRLDI/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:dcc4 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8d5c7271ee401e91e0931c2e84128b99e55ed731a840214db9bb42c62a2ae250

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://a1noumeroma.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cf-ray: 8c92abcb4e668fef-FRA
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Thu, 26 Sep 2024 10:46:36 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Og3p2yJrz2snAVV%2BWksrgepMLq0MEX6%2BMeq3%2BNgdwzeKNVeq%2BqkibaaRooAiImOfr5BHvwurENd%2BjpXU7BvI%2FmxQlRJDFDUA6rHUKuBmw8zdYzNzkSWu3D3oiDyUiLepsDZIWS6t9KqjTl7WWR5bA9Ks"}],"group":"cf-nel","max_age":604800}
server: cloudflare
speculation-rules: "/cdn-cgi/speculation"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET favicon.ico
a1noumeroma.com/ 0
0

GET
H3 200 speculation
abameronoceroma.com/cdn-cgi/ 128 B
555 B 13ms
13ms Other
application/speculationrules+json 2606:4700:3031::ac43:dcc4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://abameronoceroma.com/cdn-cgi/speculation
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:dcc4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://abameronoceroma.com
Referer: https://abameronoceroma.com/NRMTL/MLDKTR/NBCLDM/OMRLDI/

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lSdcB1oE%2FOaMovfVA2ywflyfK3iqwhAa4traOKgqL%2BIDD3uBRTuOXNbkEy6mHP%2Bl87W11hdUGxwoYByLr1kL2DTYHJaZoUJCHxEsjsMxDgT7Mtr2eeMESaxr2eOgnQzfYCqERSYoYSPszsHqrkvZSKxR"}],"group":"cf-nel","max_age":604800}
cf-ray: 8c92abcb7e8e8fef-FRA
access-control-allow-origin: https://abameronoceroma.com
content-length: 128
date: Thu, 26 Sep 2024 10:46:36 GMT
content-type: application/speculationrules+json
vary: Origin, Accept-Encoding
server: cloudflare

GET
H3 200 cf.errors.css
abameronoceroma.com/cdn-cgi/styles/ 23 KB
5 KB 11ms
11ms Stylesheet
text/css 2606:4700:3031::ac43:dcc4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://abameronoceroma.com/cdn-cgi/styles/cf.errors.css

Requested by

Host: abameronoceroma.com
URL: https://abameronoceroma.com/NRMTL/MLDKTR/NBCLDM/OMRLDI/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:dcc4 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://abameronoceroma.com/NRMTL/MLDKTR/NBCLDM/OMRLDI/

Response headers

vary: Accept-Encoding
cache-control: max-age=7200, public
content-encoding: gzip
etag: W/"66f31df3-5df3"
x-content-type-options: nosniff
cf-ray: 8c92abcb7e8f8fef-FRA
expires: Thu, 26 Sep 2024 12:46:36 GMT
date: Thu, 26 Sep 2024 10:46:36 GMT
content-type: text/css
last-modified: Tue, 24 Sep 2024 20:15:47 GMT
server: cloudflare
x-frame-options: DENY

GET
H3 200 icon-exclamation.png
abameronoceroma.com/cdn-cgi/images/ 452 B
635 B 18ms
18ms Image
image/png 2606:4700:3031::ac43:dcc4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://abameronoceroma.com/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: abameronoceroma.com
URL: https://abameronoceroma.com/cdn-cgi/styles/cf.errors.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:dcc4 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://abameronoceroma.com/cdn-cgi/styles/cf.errors.css

Response headers

vary: Accept-Encoding
cache-control: max-age=7200, public
etag: "66f31df3-1c4"
x-content-type-options: nosniff
cf-ray: 8c92abcc4f288fef-FRA
expires: Thu, 26 Sep 2024 12:46:36 GMT
accept-ranges: bytes
content-length: 452
date: Thu, 26 Sep 2024 10:46:36 GMT
content-type: image/png
last-modified: Tue, 24 Sep 2024 20:15:47 GMT
server: cloudflare
x-frame-options: DENY

GET
H3 503 favicon.ico
abameronoceroma.com/ 6 KB
7 KB 182ms
182ms Other
text/html 2606:4700:3031::ac43:dcc4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://abameronoceroma.com/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:dcc4 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc7d0fe0123010065cb5f5d75ac1da3a191238231f3d64291f471b8e9f2af194

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://abameronoceroma.com/NRMTL/MLDKTR/NBCLDM/OMRLDI/

Response headers

cache-control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: BYPASS
pragma: no-cache
speculation-rules: "/cdn-cgi/speculation"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JkpWdyRuZrqsSXI6y5%2FEg31%2FYu4%2FL38ehSXJrOX%2FdpeCnd6pyBetbkfOBYRoHLnXNF73JKUMTBSB%2FdGVBM43vg%2BFwmhV%2BMT0DjhuuW7igW8lNl%2FSR8%2BfTTLXInJUWwTiylL8RRfPXQGrb9ALMjfr%2BNWn"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff, nosniff
cf-ray: 8c92abcc7f4f8fef-FRA
expires: 0
date: Thu, 26 Sep 2024 10:46:36 GMT
x-xss-protection: 1; mode=block, 1; mode=block
content-type: text/html; charset=utf-8
vary: Accept-Encoding
server: cloudflare
x-frame-options: SAMEORIGIN

GET
H3

503

/ Show response
abameronoceroma.com/NRMTL/MLDKTR/NBCLDM/OMRLDI/
Redirect Chain

https://abameronoceroma.com/cdn-cgi/phish-bypass?atok=U4T6JCWwdvCxpPwwm4HF0ySOMOcOCOxoTwj1dav7VEk-1727347596-0.0.1.1-%2FNRMTL%2FMLDKTR%2FNBCLDM%2FOMRLDI%2F
https://abameronoceroma.com/NRMTL/MLDKTR/NBCLDM/OMRLDI/

7 KB
8 KB

182ms
182ms

Document
text/html

2606:4700:3031::ac43:dcc4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://abameronoceroma.com/NRMTL/MLDKTR/NBCLDM/OMRLDI/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:dcc4 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

241af7b2b4bb9760bb0f0c3c1ed8a38aff9e71978f66ead1f345d5fda324b9d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block 1; mode=block

Request headers

Referer: https://abameronoceroma.com/NRMTL/MLDKTR/NBCLDM/OMRLDI/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-cache-status: DYNAMIC
cf-ray: 8c92abce68fd8fef-FRA
content-type: text/html; charset=utf-8
date: Thu, 26 Sep 2024 10:46:36 GMT
expires: 0
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Koa4WV7vvpPv9VueGeqFLWWYHLNkBzN%2BDcYIxGFGb87w7LVNlF8wB8QoFFpnwftFQZvET1Cyq%2BIvUvNF8MQYB1PWEqBA%2BZDJx9xQwnvDTnxch0FrBks3mmjH%2FwMOrCGT4CzWehso2jpdPv83pCiRGDpn"}],"group":"cf-nel","max_age":604800}
server: cloudflare
speculation-rules: "/cdn-cgi/speculation"
x-content-type-options: nosniff nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block 1; mode=block

Redirect headers

cache-control: private, no-cache
cf-ray: 8c92abce58ee8fef-FRA
content-length: 167
content-type: text/html
date: Thu, 26 Sep 2024 10:46:36 GMT
location: https://abameronoceroma.com/NRMTL/MLDKTR/NBCLDM/OMRLDI/
server: cloudflare
x-content-type-options: nosniff
x-frame-options: DENY

GET
H3 200 speculation
abameronoceroma.com/cdn-cgi/ 128 B
567 B 15ms
15ms Other
application/speculationrules+json 2606:4700:3031::ac43:dcc4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://abameronoceroma.com/cdn-cgi/speculation
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:dcc4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://abameronoceroma.com
Referer: https://abameronoceroma.com/NRMTL/MLDKTR/NBCLDM/OMRLDI/

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c5SchmChTMNHLjmoLtdux39Y%2FnOvP2cIJbxtomDKP72cl%2Fa%2BnyCHhLYxGQFAnlLNgGEK57x38D6gJQ%2B1KcTWbLWrvJ91qiA%2BmVb%2Fw3%2FzcG4pA%2BrWS%2BN%2FFx6T0Di%2BqCQYoJlBOrsMqi%2FEXL0YmPAJ0lYa"}],"group":"cf-nel","max_age":604800}
cf-ray: 8c92abcf8a0b8fef-FRA
access-control-allow-origin: https://abameronoceroma.com
content-length: 128
date: Thu, 26 Sep 2024 10:46:36 GMT
content-type: application/speculationrules+json
vary: Origin, Accept-Encoding
server: cloudflare

POST
H3 204 /
abameronoceroma.com/NRMTL/MLDKTR/NBCLDM/OMRLDI/ 0
925 B 108ms
107ms XHR
text/plain 2606:4700:3031::ac43:dcc4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://abameronoceroma.com/NRMTL/MLDKTR/NBCLDM/OMRLDI/

Requested by

Host: cl.gy
URL: https://cl.gy/wOETL

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:dcc4 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

X-Requested-TimeStamp-Combination
Referer: https://abameronoceroma.com/NRMTL/MLDKTR/NBCLDM/OMRLDI/
X-Requested-TimeStamp
X-Requested-Type-Combination: GET
wBRY0uc-Iw9iZkr-iVCQSItowI: 45332949
BH9PhpsoGIswxkRxKtNjUBRFQtc: 2F4rPhpVgMiVQysfoi5YWKe6pe8
X-Requested-with: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
X-Requested-Type: GET
Content-type: application/x-www-form-urlencoded
X-Requested-TimeStamp-Expire

Response headers

cache-control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-server-powered-by: Engintron
cf-cache-status: DYNAMIC
pragma: no-cache
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IBI7ZlbXn0wVVYdTtHhpRtpKTtbPS%2B01a%2BceOvjg1t%2BAvn7ag0Cm3uZMCjLAlgF%2F5W8KUzRSOLeVreES13eUZPlR6x0DswXvVfrq8tup20GtbULsl88O8AUP4u0nkTCI9FERES9CLFVd%2FiVPm38VtSmu"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff, nosniff
cf-ray: 8c92abcfaa208fef-FRA
expires: 0
date: Thu, 26 Sep 2024 10:46:36 GMT
x-xss-protection: 1; mode=block, 1; mode=block
server: cloudflare
x-frame-options: SAMEORIGIN

GET
H3

200

main.js Show response
abameronoceroma.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/ Frame FD5C
Redirect Chain

https://abameronoceroma.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://abameronoceroma.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/main.js?

8 KB
4 KB

20ms
20ms

Script
application/javascript

2606:4700:3031::ac43:dcc4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://abameronoceroma.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/main.js?

Protocol

Server

2606:4700:3031::ac43:dcc4 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6b85b21b613033459bb1b749861d12f400fb5b28e907c0ec74caedd21dce2ea4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

cache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=95zb8pf7z5GE8jEXFRuricv7sczLtgm2xUXAXiLkGwabMk9ddyomQOoAZQDvii4YpIN7M4qOzn9rsJ%2BpX12C8gHZ1ruxCLJR%2F2Q9orKV7nHVINCc6Io%2B4nXBT4PpztMwpC5XPW6aMdLYHd9qrdIYwHPu"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
cf-ray: 8c92abcfca398fef-FRA
date: Thu, 26 Sep 2024 10:46:36 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: cloudflare

Redirect headers

cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/ec4b873d446c/main.js?
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p5TV%2Bpi5%2FVQ1m4whs1%2F3KXF6wAFBCX1I2YX5M8b0QH6a3%2F2SVH%2F%2FEOR4HGdIs1WpMK8vDVd1SJGHKPJY6lDBykbtdUzTn1IGAD2jnDr%2Bi1Up3%2F7gNWzK%2BuFw1dGgONRIGFWSIBTqW5ciKFX4N1fimLpx"}],"group":"cf-nel","max_age":604800}
cf-ray: 8c92abcfaa218fef-FRA
access-control-allow-origin: *
content-length: 0
date: Thu, 26 Sep 2024 10:46:36 GMT
vary: Accept-Encoding
server: cloudflare

GET
H3 503 favicon.ico
abameronoceroma.com/ 6 KB
7 KB 114ms
114ms Other
text/html 2606:4700:3031::ac43:dcc4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://abameronoceroma.com/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:dcc4 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://abameronoceroma.com/NRMTL/MLDKTR/NBCLDM/OMRLDI/

Response headers

cache-control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: BYPASS
pragma: no-cache
speculation-rules: "/cdn-cgi/speculation"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tv%2FootypdlM%2BjVQDYW8HptJxyKoys2lyogclFXBs9TRHrmGxGAyHMiFae2ga%2BI1vdXCUObogsw%2BTeg4bmOY7a5PQEpI79ZdV1x80Ob1U5MIAxoNhTD%2FumGuTyS52uk2JE5epPr3QiqXOyRnoDh6Etou4"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff, nosniff
cf-ray: 8c92abcfaa228fef-FRA
expires: 0
date: Thu, 26 Sep 2024 10:46:36 GMT
x-xss-protection: 1; mode=block, 1; mode=block
content-type: text/html; charset=utf-8
vary: Accept-Encoding
server: cloudflare
x-frame-options: SAMEORIGIN

POST
H3 200 8c92abce68fd8fef
abameronoceroma.com/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame FD5C 0
916 B 23ms
19ms XHR
text/plain 2606:4700:3031::ac43:dcc4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://abameronoceroma.com/cdn-cgi/challenge-platform/h/g/jsd/r/8c92abce68fd8fef
Requested by: Host: abameronoceroma.com
URL: https://abameronoceroma.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:dcc4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/json
Referer

Response headers

cf-ray: 8c92abd03aab8fef-FRA
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-length: 0
date: Thu, 26 Sep 2024 10:46:36 GMT
content-type: text/plain; charset=UTF-8
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L90VbioklvmJwJNKFksh1b4w7QsZiGX9zzL4IWZTFVCfdVXB7wIc8wWAjf7S8gMwjCXt6fbJE0knpiaZP5D3iLbCdCJrIx5Yk57dew9FDRmxugX3pPxiXpODoIGposCrTtY5JjlVztCgaTaUP3WtAGuG"}],"group":"cf-nel","max_age":604800}

GET
H3 403 Primary Request / Show response
abameronoceroma.com/NRMTL/MLDKTR/NBCLDM/OMRLDI/ 1 KB
971 B 102ms
102ms Document
text/html 2606:4700:3031::ac43:dcc4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://abameronoceroma.com/NRMTL/MLDKTR/NBCLDM/OMRLDI/

Requested by

Host: cl.gy
URL: https://cl.gy/wOETL

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:dcc4 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc2899a8883d75acc3134dd8a0356496d72569be9b46c423473e5ec1bdffdfa6

Security Headers

Name	Value
X-Content-Type-Options	nosniff nosniff
X-Xss-Protection	1; mode=block 1; mode=block

Request headers

Referer: https://abameronoceroma.com/NRMTL/MLDKTR/NBCLDM/OMRLDI/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cf-cache-status: DYNAMIC
cf-ray: 8c92abd05ac88fef-FRA
content-encoding: br
content-type: text/html
date: Thu, 26 Sep 2024 10:46:36 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kKAsuladzL%2FIFkkYuwJIWeRQMWFecqP8aA5iYQObGq8oahaYgsqndurro%2Fx%2B%2BSYUgFlXQQBGzyh%2F8sk2m03K8F%2BozC7w7vjTMEUzz%2FkKroR1FFUgRiPbqAmlQ7yZDcFqNKIFibGxNT3SITkSDzooItGI"}],"group":"cf-nel","max_age":604800}
server: cloudflare
speculation-rules: "/cdn-cgi/speculation"
vary: Accept-Encoding
x-content-type-options: nosniff nosniff
x-xss-protection: 1; mode=block 1; mode=block

GET
H3 200 speculation
abameronoceroma.com/cdn-cgi/ 128 B
565 B 14ms
14ms Other
application/speculationrules+json 2606:4700:3031::ac43:dcc4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://abameronoceroma.com/cdn-cgi/speculation
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:dcc4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://abameronoceroma.com
Referer: https://abameronoceroma.com/NRMTL/MLDKTR/NBCLDM/OMRLDI/

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PAZINBLbNQssZpBQCvnKJKGbH1Bxeq%2B48q0B9Lefr%2BiAAhhUTz3LogxMQIVz9fdnRk92CRp%2FHRAdJTCJ4VRxpF2uxrB%2B7wa%2Fipux%2BrMm034JWjxj0wLVrV%2FPFEi3SnnDWlX%2FAvjPwX%2Fjd4J44mBILZVN"}],"group":"cf-nel","max_age":604800}
cf-ray: 8c92abd10b808fef-FRA
access-control-allow-origin: https://abameronoceroma.com
content-length: 128
date: Thu, 26 Sep 2024 10:46:36 GMT
content-type: application/speculationrules+json
vary: Origin, Accept-Encoding
server: cloudflare

GET
H3 200 main.js Show response
abameronoceroma.com/cdn-cgi/challenge-platform/scripts/jsd/ Frame CEEC 8 KB
0 20ms
20ms Script
application/javascript 2606:4700:3031::ac43:dcc4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://abameronoceroma.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

Requested by

Host: cl.gy
URL: https://cl.gy/wOETL

Protocol

Server

2606:4700:3031::ac43:dcc4 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6b85b21b613033459bb1b749861d12f400fb5b28e907c0ec74caedd21dce2ea4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

cache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=95zb8pf7z5GE8jEXFRuricv7sczLtgm2xUXAXiLkGwabMk9ddyomQOoAZQDvii4YpIN7M4qOzn9rsJ%2BpX12C8gHZ1ruxCLJR%2F2Q9orKV7nHVINCc6Io%2B4nXBT4PpztMwpC5XPW6aMdLYHd9qrdIYwHPu"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
cf-ray: 8c92abcfca398fef-FRA
date: Thu, 26 Sep 2024 10:46:36 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: cloudflare

POST
H3 200 8c92abd05ac88fef Show response
abameronoceroma.com/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame CEEC 0
923 B 25ms
20ms XHR
text/plain 2606:4700:3031::ac43:dcc4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://abameronoceroma.com/cdn-cgi/challenge-platform/h/g/jsd/r/8c92abd05ac88fef
Requested by: Host: abameronoceroma.com
URL: https://abameronoceroma.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:dcc4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/json
Referer

Response headers

cf-ray: 8c92abd15be08fef-FRA
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-length: 0
date: Thu, 26 Sep 2024 10:46:37 GMT
content-type: text/plain; charset=UTF-8
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gh5DPloMhXWQzh7s8CtiWHhsgYe6JpYElXgrdPVsOP1xL%2B4CheGyY21I5iJUinh28FWfVnhkA7B7vLdPbMebVG1z%2BE81ThcZUmD%2BehEjXnh57xMgBMdQEaIrKPWgK%2BBmW5UoCmGGJpzsNgMdY397sr%2BH"}],"group":"cf-nel","max_age":604800}

GET
H3 403 favicon.ico
abameronoceroma.com/ 548 B
651 B 83ms
82ms Other
text/html 2606:4700:3031::ac43:dcc4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://abameronoceroma.com/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3031::ac43:dcc4 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

25fb23868ebf48348f9e438e00cb9b9d9b3a054f32482a781c762cc4f9cc6393

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://abameronoceroma.com/NRMTL/MLDKTR/NBCLDM/OMRLDI/

Response headers

cache-control: public, max-age=315360000, stale-while-revalidate=315360000, stale-if-error=315360000, immutable
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-cache-status: MISS
pragma: public
speculation-rules: "/cdn-cgi/speculation"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aW3tRnaBrXiayy%2FqFTVXjzij1EtRkpe5F3p2zTLIelzEImWJSxKHutinaWVIcdU4orkrVW3g9ao%2FfxFodkzove4c3T4708nKzTrDE0jmmYaRWqOgmJD9Rn7NMjHBEMWOs6wh92huUiq8zuMrsijGu988"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff, nosniff
cf-ray: 8c92abd15be48fef-FRA
date: Thu, 26 Sep 2024 10:46:37 GMT
x-xss-protection: 1; mode=block, 1; mode=block
content-type: text/html
vary: Accept-Encoding
server: cloudflare

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cl.gy
URL: blob:https://cl.gy/99ff9fde-f421-45f2-8ad4-ed214e3bc665

Domain: cl.gy
URL: blob:https://cl.gy/99ff9fde-f421-45f2-8ad4-ed214e3bc665

Domain: cl.gy
URL: blob:https://cl.gy/99ff9fde-f421-45f2-8ad4-ed214e3bc665

Domain: cl.gy
URL: blob:https://cl.gy/99ff9fde-f421-45f2-8ad4-ed214e3bc665

Domain: cl.gy
URL: blob:https://cl.gy/99ff9fde-f421-45f2-8ad4-ed214e3bc665

Domain: cl.gy
URL: blob:https://cl.gy/99ff9fde-f421-45f2-8ad4-ed214e3bc665

Domain: cl.gy
URL: blob:https://cl.gy/99ff9fde-f421-45f2-8ad4-ed214e3bc665

Domain: cl.gy
URL: blob:https://cl.gy/99ff9fde-f421-45f2-8ad4-ed214e3bc665

Domain: a1noumeroma.com
URL: https://a1noumeroma.com/favicon.ico

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0

20 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.cl.gy/	1970-01-21 00:32:19	Name: _I_ Value: 42c976393b4e8637d87fc671c2b648ea0c1ac20cc2c196ce09feaa6ccf9803d0-1727347594
cl.gy/	1969-12-31 23:59:59	Name: PHPSESSID Value: eacce062ac5f41e243b5e4dc66a3c7be
cl.gy/	1970-01-20 23:49:08	Name: short_148007 Value: 1
abameronoceroma.com/	1970-01-20 23:50:33	Name: Q_c2R5ODMVovz91i7SA2Pqz0MaI Value: 3epNnW3Hm30kinf9FCUGjvwGjH4
abameronoceroma.com/	1970-01-20 23:50:33	Name: FKfi7ccl7-wm_OVLjGqcOruX3Vo Value: 1727347595
abameronoceroma.com/	1970-01-20 23:50:33	Name: K1OA1REWQzFItKuSJlVPptf66Bg Value: 1727433995
abameronoceroma.com/	1970-01-20 23:50:33	Name: IYc_sqVh13HmfeV-7jD1J_eYn3A Value: 4zuzqXmWUrQ9YHVO_MDebELArXQ
abameronoceroma.com/	1970-01-20 23:50:33	Name: S3FTSGfZJkdVjNHTfcXqS0vh0LA Value: rsqQ8AGJdd0sXnO29BCjpWQ2nM0
.abameronoceroma.com/	1970-01-20 23:50:33	Name: __cf_mw_byp Value: U4T6JCWwdvCxpPwwm4HF0ySOMOcOCOxoTwj1dav7VEk-1727347596-0.0.1.1-/NRMTL/MLDKTR/NBCLDM/OMRLDI/
abameronoceroma.com/	1970-01-20 23:50:33	Name: kydSUoN0WIhKIPdjE_rWRjnQ5pc Value: TpykgdLwu9mgucLAAzZMXCrzGq0
abameronoceroma.com/	1970-01-20 23:50:33	Name: 4QIBjb0hkwvXj7OKsT2N1tWCQ6s Value: 1727347596
abameronoceroma.com/	1970-01-20 23:50:33	Name: bO3J0MvABDahRUcmm2srmo6cYzI Value: 1727433996
abameronoceroma.com/	1970-01-20 23:50:33	Name: 0JQ4pBHdoVRsUWgTZfntJl1E8-0 Value: 0FM7VJNhfRSFBj_nhcJYcaXEjgQ
abameronoceroma.com/	1970-01-20 23:50:33	Name: V1kc9EFF9Lzi9n3vH0g_xRwMVAs Value: KTixcSIWmQmrDEfEse8FcTa4hKs
abameronoceroma.com/	1970-01-20 23:50:33	Name: KpQsPF9m8v-N5UyzD2FSntgzi_E Value: cHtpQMiy4f2v1WctU8IOVvooiBI
abameronoceroma.com/	1970-01-20 23:50:33	Name: 3PjKm1Rp8GTG6IcRpmCeCePv-04 Value: 1727347596
abameronoceroma.com/	1970-01-20 23:50:33	Name: yaN0z85bU_ywTganOj_aiH1vZEc Value: 1727433996
abameronoceroma.com/	1970-01-20 23:50:33	Name: 64fFgTtB2fYtnm7DmamjKthwq5Y Value: 8pkh7jiY9q4KJRd-je-ADgVbvhw
abameronoceroma.com/	1970-01-20 23:50:33	Name: _civ9nc6D8hsEJ_GaQ0jouejfzQ Value: q6Vw1AvVPBU5EyImxVbyiQnHRAw
.abameronoceroma.com/	1970-01-21 08:34:43	Name: cf_clearance Value: GvRW3iy1q8I6B2T2UIEUnRJmKgsoBY2.8KhI9StJ25E-1727347597-1.2.1.1-0PTZXaw3UJN6scpgSJq3pHKjQ41ubt4ZeYeS3.kEpt9El2ZkUKE2vEyT1AZbL6femmxQk4jyiyDlM6Zc7ZA2GgknPwFNAUXfApXfrunJKwL4VELRYCU90YXXIVaCDKw3jyarRfsuy2UZq.08E2fTEO7VTROlnRsvN4oJvN0TxtPDDxXw9U4hzpl3seV14k3OTzTvGsv8LA7tVcA1YwYk2kf0VWafM8rSvydPNNTXji6tdDnhzZcB4SZlmRH53e2QGUb4Zu3Q0UhlQy8qyILC_zHxg3V4sxZP5QItBFAXg5irblCG0btDB5KvDp4nxC2kAuLM95PZciWLOEu7ml.R0NKRIrxC8GSzgOyW7lHfps4r7.FVtba22r84EzXri3qq

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://a1noumeroma.com/ilioe Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://abameronoceroma.com/favicon.ico Message: Failed to load resource: the server responded with a status of 503 ()
network	error	URL: https://abameronoceroma.com/NRMTL/MLDKTR/NBCLDM/OMRLDI/ Message: Failed to load resource: the server responded with a status of 503 ()
network	error	URL: https://abameronoceroma.com/favicon.ico Message: Failed to load resource: the server responded with a status of 503 ()
network	error	URL: https://abameronoceroma.com/NRMTL/MLDKTR/NBCLDM/OMRLDI/ Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://abameronoceroma.com/favicon.ico Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a1noumeroma.com
abameronoceroma.com
cl.gy
d1rozh26tys225.cloudfront.net
a1noumeroma.com
cl.gy
2600:9000:223d:8000:5:acf3:db40:21
2606:4700:3031::ac43:dcc4
2a06:98c1:3121::3
35.212.63.232
11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d
241af7b2b4bb9760bb0f0c3c1ed8a38aff9e71978f66ead1f345d5fda324b9d6
25fb23868ebf48348f9e438e00cb9b9d9b3a054f32482a781c762cc4f9cc6393
3196565caf8d6f739db85e55a04e34d4a09bda69b7f30dde4695617bf779401b
4017d389a976c700ecf1a8ed8198afaab177f479c7bb477379ad51e9a6b294cc
4e7e713a6680209960bf827daa48fee54a2c4803f9922f3b954243af7dd06aea
6b85b21b613033459bb1b749861d12f400fb5b28e907c0ec74caedd21dce2ea4
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
8d5c7271ee401e91e0931c2e84128b99e55ed731a840214db9bb42c62a2ae250
a5a4c995f95f408b85604113f9dc3930619c0a4ac868b152e100ac0da08b26ad
bc2899a8883d75acc3134dd8a0356496d72569be9b46c423473e5ec1bdffdfa6
daed5f030b7d78e92c71aa05601d7bc94a8c59f4037363666f02e5611fc5de42
dc7d0fe0123010065cb5f5d75ac1da3a191238231f3d64291f471b8e9f2af194
ddb4a8fe630cda4853312bf576429166ca074167ec93d38b24fc80d166f52a34
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

abameronoceroma.com Open in urlscan Pro 2606:4700:3031::ac43:dcc4 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

32 Requests

66 %HTTPS

75 %IPv6

4 Domains

4 Subdomains

5 IPs

1 Countries

51 kBTransfer

85 kBSize

20 Cookies

0 Outgoing links

Page URL History

Redirected requests

32 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

20 Cookies

6 Console Messages

Indicators

abameronoceroma.com Open in urlscan Pro
2606:4700:3031::ac43:dcc4 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

32
Requests

66 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

5
IPs

1
Countries

51 kB
Transfer

85 kB
Size

20
Cookies

32 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!