credittun.top Open in urlscan Pro
2a06:98c1:3120::3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://lihi2.cc/8OlYg
Effective URL:
https://credittun.top/xx/
Submission: On November 25 via manual (November 25th 2022, 8:39:05 am UTC) from DE — Scanned from DE

Summary HTTP 37 Redirects Behaviour Indicators

Summary

This website contacted 8 IPs in 2 countries across 5 domains to perform 37 HTTP transactions. The main IP is 2a06:98c1:3120::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is credittun.top.
TLS certificate: Issued by GTS CA 1P5 on November 22nd 2022. Valid for: 3 months.

This is the only time credittun.top was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Deutsche Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	35.244.149.249 35.244.149.249	15169 (GOOGLE) (GOOGLE)
22	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:802::200a	15169 (GOOGLE) (GOOGLE)
6	2600:1901:0:c... 2600:1901:0:c07c::	15169 (GOOGLE) (GOOGLE)
2	2600:1901:0:5... 2600:1901:0:5987::	15169 (GOOGLE) (GOOGLE)
2	2600:1901:0:2... 2600:1901:0:256b::	15169 (GOOGLE) (GOOGLE)
2	2600:1901:0:7... 2600:1901:0:7903::	15169 (GOOGLE) (GOOGLE)
1	34.95.108.180 34.95.108.180	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2600:9000:21f... 2600:9000:21f3:8200:13:46b5:7d80:93a1	16509 (AMAZON-02) (AMAZON-02)
37	8

1 35.244.149.249 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 249.149.244.35.bc.googleusercontent.com

lihi2.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

credittun.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:1901:0:c07c:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

api.usercentrics.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1901:0:5987:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

app.usercentrics.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1901:0:256b:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

aggregator.service.usercentrics.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1901:0:7903:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

graphql.usercentrics.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.95.108.180 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 180.108.95.34.bc.googleusercontent.com

uct.service.usercentrics.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:21f3:8200:13:46b5:7d80:93a1 (United States)

ASN16509 (AMAZON-02, US)

www.deutsche-bank.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
22	credittun.top credittun.top	508 KB
13	usercentrics.eu api.usercentrics.eu — Cisco Umbrella Rank: 11918 app.usercentrics.eu — Cisco Umbrella Rank: 11905 aggregator.service.usercentrics.eu — Cisco Umbrella Rank: 13664 graphql.usercentrics.eu — Cisco Umbrella Rank: 14643 uct.service.usercentrics.eu — Cisco Umbrella Rank: 18345	19 KB
1	deutsche-bank.de www.deutsche-bank.de — Cisco Umbrella Rank: 224081	1 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 52	1 KB
1	lihi2.cc 1 redirects lihi2.cc — Cisco Umbrella Rank: 862768	707 B
37	5

	Domain	Requested by
22	credittun.top	credittun.top
6	api.usercentrics.eu	credittun.top
2	graphql.usercentrics.eu	credittun.top
2	aggregator.service.usercentrics.eu	credittun.top
2	app.usercentrics.eu	credittun.top
1	www.deutsche-bank.de
1	uct.service.usercentrics.eu
1	fonts.googleapis.com	credittun.top
1	lihi2.cc	1 redirects
37	9

This site contains no links.

Subject Issuer	Validity	Valid
*.credittun.top GTS CA 1P5	`2022-11-22` - `2023-02-20`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh
api.usercentrics.eu GTS CA 1D4	`2022-10-14` - `2023-01-12`	3 months	crt.sh
app.usercentrics.eu GTS CA 1D4	`2022-10-16` - `2023-01-14`	3 months	crt.sh
aggregator.service.usercentrics.eu GTS CA 1D4	`2022-10-06` - `2023-01-04`	3 months	crt.sh
graphql.usercentrics.eu GTS CA 1D4	`2022-10-17` - `2023-01-15`	3 months	crt.sh
uct.service.usercentrics.eu GTS CA 1D4	`2022-10-06` - `2023-01-04`	3 months	crt.sh
www.deutsche-bank.de DigiCert EV RSA CA G2	`2022-11-15` - `2023-11-14`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://credittun.top/xx/
Frame ID: 19FC877515A67BE241CD80836D0F9D13
Requests: 30 HTTP requests in this frame

Frame: https://credittun.top/xx/assets/cross-domain-bridge.html
Frame ID: 4AA9AA7D131FAF592F32685E8C3569BE
Requests: 1 HTTP requests in this frame

Frame: https://app.usercentrics.eu/browser-sdk/4.16.0/cross-domain-bridge.html
Frame ID: AF9B52B9B24E0533F6C2851C97A56252
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Onlinebanking and Brokerage Deutsche Bank

Page URL History Show full URLs

https://lihi2.cc/8OlYg HTTP 302
https://credittun.top/xx/ Page URL

Detected technologies

Prototype (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

(?:prototype|protoaculous)(?:-([\d.]*[\d]))?.*\.js

Page Statistics

37
Requests

100 %
HTTPS

78 %
IPv6

5
Domains

9
Subdomains

8
IPs

2
Countries

530 kB
Transfer

2007 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://lihi2.cc/8OlYg HTTP 302
https://credittun.top/xx/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

37 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
credittun.top/xx/
Redirect Chain

https://lihi2.cc/8OlYg
https://credittun.top/xx/

10 KB
4 KB

126ms
75ms

Document
text/html

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://credittun.top/xx/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 51840ddb5e736e869275117e05238b844866ccdf7641d237f875525d2bc2a381

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 76f9124429b87a42-DUS
content-encoding: br
content-type: text/html; charset=UTF-8
date: Fri, 25 Nov 2022 08:39:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kwUNEw6oXe1Qj6sWKm%2FBo%2FNWwg9lySiXTL6wHlsPoiySCcBzhQPHdD70j8wfRMxlMP%2BK5Ua3n7MOEpxIFBbIDpD6Zfq7R8KC%2FcHlo%2FVZ3XYZBCAwkEs8x20FudbW4rcKxmyDUcmSjxY%2F4Aq%2F"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, private
content-type: text/html; charset=UTF-8
date: Fri, 25 Nov 2022 08:39:00 GMT
location: https://credittun.top/xx/
server: nginx/1.14.0 (Ubuntu)
via: 1.1 google

GET
H2 200 prototype.js.download Show response
credittun.top/xx/assets/ 195 KB
48 KB 65ms
62ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://credittun.top/xx/assets/prototype.js.download
Requested by: Host: credittun.top
URL: https://credittun.top/xx/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4449265edb6b39d65017149d01aeeb1f79d6e11ed313cbc2bf097ef14fbbed3d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credittun.top/xx/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 08:39:00 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Mon, 21 Nov 2022 11:46:32 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"30c7a-5edf99b517600-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4Rra%2FWcQh0VNX0D42PJc3kpN34QbabxffaZevAiBKuwS3h2cVdd3upCVbDMCEP%2F8i4m9HpO8UJMyEw%2FU%2F7ws8ZaadIEeZZcG7GAj43eFIOiNd%2BBrA0keZ4sZBhEu%2BhzMKBrN9ZH3VSQMPwBL"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cf-ray: 76f91244ba827a42-DUS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 global.js.download Show response
credittun.top/xx/assets/ 24 KB
8 KB 90ms
88ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://credittun.top/xx/assets/global.js.download
Requested by: Host: credittun.top
URL: https://credittun.top/xx/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ee6fef6ff7fabff3bcbe87b4a109585e2442aaa96860d1ed1a8d0a3c75214eba

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credittun.top/xx/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 08:39:00 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Mon, 21 Nov 2022 11:46:32 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"5ffa-5edf99b517600-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ACm6Yzs6ABuuLKuSQjMiD7iAc1uZT3MjQYC9WDbFqowRuHKoJ7ed%2BMZBFz5tenT1uAodTDCSDaYYvmy02YKTql5hxjA0MuoOLEyB%2Fe0ZH4o7vr1k74krj7b5DIVBXrWSvHeShy%2Bq9FPOTxZq"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cf-ray: 76f91244ba867a42-DUS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 polyfills.es5.js.download Show response
credittun.top/xx/assets/ 435 KB
89 KB 109ms
106ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://credittun.top/xx/assets/polyfills.es5.js.download
Requested by: Host: credittun.top
URL: https://credittun.top/xx/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 71135efed1022d62d2d805d6383ffe2d07dfb09cea04d6889655d9e4dfa540e0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credittun.top/xx/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 08:39:00 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Mon, 21 Nov 2022 11:46:32 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"6cc6d-5edf99b517600-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DRgiITI757bKeflC7opPVR%2FpHbTNl0NmWuacpojwnFu26G%2BdPsPDa3AVwub7k2r109%2FrvohUSrDv%2FYrt%2B%2Fnb%2BND2Es4Dw3Vw0g1p%2Fv%2FP02JxN1GX2Xtao3bH80%2B7DGLTMpbLZgRgJTB1ZAH3"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cf-ray: 76f91244ba877a42-DUS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 native-shim.js.download Show response
credittun.top/xx/assets/ 2 KB
1 KB 91ms
89ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://credittun.top/xx/assets/native-shim.js.download
Requested by: Host: credittun.top
URL: https://credittun.top/xx/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3bf7b013d798a458b822b2c4e46a65fa2b3af38ab3ae9f594e954f0b344da2e6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credittun.top/xx/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 08:39:00 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Mon, 21 Nov 2022 11:46:32 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"861-5edf99b517600-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zu4Y0YUZmnn4jr3XixC7%2FoyOaPUqvzpeyidV6dR8d%2BTDqy%2B6k0QxacBdK6RPdZzzvcrFNfZiwpA5OD5JQ3L%2BIRlHV2%2BvWJqtKKMvoiRDeS0ULCZLHmTRyyGCZ99BksHKZ2bzfH7lzElFJIIu"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cf-ray: 76f91244ba897a42-DUS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 custom-elements.min.js.download Show response
credittun.top/xx/assets/ 19 KB
6 KB 100ms
98ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://credittun.top/xx/assets/custom-elements.min.js.download
Requested by: Host: credittun.top
URL: https://credittun.top/xx/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b86d62cd6db965295cd25c44221ae2f91e9a84aebdff867b32619dcdc6354391

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credittun.top/xx/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 08:39:00 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Mon, 21 Nov 2022 11:46:32 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"4bdd-5edf99b517600-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aNeERvYrImHNfyahGjb2oE45pboslbtSYrmjooEHED2saQ0J5AOFfWtGz8z31jToW%2F%2BZIxTUAPJ%2BUbVA4%2BRksSmBwxRAvPKxKkZPzRl5ym20cVcL%2B2VpCbauZJcP%2FElWmRfO%2BPMozqBA2iPu"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cf-ray: 76f91244ba8e7a42-DUS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 cms_snippets.es5.js.download Show response
credittun.top/xx/assets/ 40 KB
11 KB 89ms
87ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://credittun.top/xx/assets/cms_snippets.es5.js.download
Requested by: Host: credittun.top
URL: https://credittun.top/xx/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 60f2c6d5a8cfd513ba53986bfbb2f40b73097b4cf2048dec99f96970a68e2575

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credittun.top/xx/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 08:39:00 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Mon, 21 Nov 2022 11:46:32 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"9e5d-5edf99b517600-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kKc4uPvBvL8%2FcxWEWJiZvtvynUdOwsg0RD1tt%2FLOj4rrJ%2FZH78%2FmEhDszYd3cP0DsE6x0475uWAIbI5PLtvcsqW4YVayZ%2Fz9769VyLhl0o%2BdHE3KWdfu%2Bxk4N6oE9Mqxd0p2W36C7AJE%2FaA%2B"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cf-ray: 76f91244ba8f7a42-DUS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 db-eccs-pws-pwcc-clientlib-trxm.css
credittun.top/xx/assets/ 104 KB
15 KB 118ms
117ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://credittun.top/xx/assets/db-eccs-pws-pwcc-clientlib-trxm.css
Requested by: Host: credittun.top
URL: https://credittun.top/xx/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 80e83185b609626b3977ae01dd2ca79b4e36e962454959f21162dc66352d978e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credittun.top/xx/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 08:39:00 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Mon, 21 Nov 2022 11:46:32 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"19e11-5edf99b517600-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R2uiErV3cvr6XUJULu5Fx3i69vH1A1tVkY4y2oQxBCUljDPynwkvrdSo780YY2YWVUSjdvYxilzMoTq5zq2TpQCnH0kUyxEWRVEIDs5EIjZI%2F2nH9Qboa4pH1rkq9aHf%2FAu4vV8xpugmmbGo"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 76f91244ba837a42-DUS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 usercentrics-3.6.0.js.download Show response
credittun.top/xx/assets/ 600 KB
163 KB 59ms
58ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://credittun.top/xx/assets/usercentrics-3.6.0.js.download
Requested by: Host: credittun.top
URL: https://credittun.top/xx/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0053c654aec205ce4b9f4b0c9288f30c1b0b82142bff6864345584cb4b419325

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credittun.top/xx/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 08:39:00 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Mon, 21 Nov 2022 11:46:32 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"95ffd-5edf99b517600-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CXPskzt%2Fb%2BOyV5MWYrB9Qrn7%2BFkVn5PPmAi3zKhv37RSch2o0R7gX1awe76UdKv8sTmEhLr7SyubLs%2BLxkjgKFNQdh6H2rGZt%2F0wFi3Gq6Fpe6Y9m8DYe96OdiLhyv7vUib1sn02Z7%2BSTYe5"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cf-ray: 76f9124609d1bbfe-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 base.css
credittun.top/xx/assets/ 333 KB
53 KB 164ms
164ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://credittun.top/xx/assets/base.css
Requested by: Host: credittun.top
URL: https://credittun.top/xx/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 38c94fac1bfc95bc65e0ca957a52b96d50fce672f783885b7653f2adec4cb00e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credittun.top/xx/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 08:39:00 GMT
content-encoding: br
cf-cache-status: EXPIRED
last-modified: Mon, 21 Nov 2022 13:29:22 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"53257-5edfb0b143080-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TZxqR8BJEXrIe6Ap3iN30hD4UnKn3gK1e03GCZnQGy7rP5xGlP7MrOwc9%2BB66D7Snzv9lhhO035d2nOBCxWsXKHBTG0qq1fRlDe7%2BDXhHhlQVIy4YECFTsmewoEuAv6gVLSyOV%2FvDht5oFVK"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 76f91244ba847a42-DUS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 logo_db.gif
credittun.top/xx/assets/ 2 KB
2 KB 24ms
23ms Image
image/gif 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://credittun.top/xx/assets/logo_db.gif
Requested by: Host: credittun.top
URL: https://credittun.top/xx/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 102d5e9253625aeb5d47ad0350763b534b95a92a240f353e8bd9bb43ef1722c2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credittun.top/xx/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 08:39:00 GMT
cf-cache-status: HIT
last-modified: Mon, 21 Nov 2022 11:46:33 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 26
etag: "774-5edf99b60b840"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=emp6K9OA8EvVfoRbODb5j5n9VMoPsEEwqRaUUEQy6KFJWrZB0DveKPWYzsXXM2b44u2aa7W8WRHQ0MZXCNGWfT6QeQ8ZSaKLOfTh%2B0x%2BrFE5LJ3%2FrZFSTIxrhzcxoXyURw82OP50LPSFus%2BC"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 76f9124609d5bbfe-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1908

GET
H3 200 autotab.js.download Show response
credittun.top/xx/assets/ 706 B
895 B 65ms
65ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://credittun.top/xx/assets/autotab.js.download
Requested by: Host: credittun.top
URL: https://credittun.top/xx/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 748210c9dfa18aab5950bfc5d81d1a34c6f008bd347372b7defc0471e93e2e81

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credittun.top/xx/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 08:39:00 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Mon, 21 Nov 2022 11:46:33 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"2c2-5edf99b60b840-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c4guHANHogwJyyu5DhBw6Kp1d%2BfhBJ3h69%2BJRHTCJJiDalOjP868pmWaIgk2W7K42KpKJi0ffA38xUItdriyqKoUUySSAoHomX1iBQqPuJLhO7tmQZRu7JLoqSwQDPpz8LY%2BsFWn2jUF04%2Fw"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cf-ray: 76f91245d959bbfe-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 fingerprintLoginUi.js.download Show response
credittun.top/xx/assets/ 1 KB
940 B 48ms
48ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://credittun.top/xx/assets/fingerprintLoginUi.js.download
Requested by: Host: credittun.top
URL: https://credittun.top/xx/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2feb12ed2624d8a59bb18c116b8bf12c1f38a9611ce94353c65450d46ed57433

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credittun.top/xx/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 08:39:00 GMT
content-encoding: br
cf-cache-status: DYNAMIC
last-modified: Mon, 21 Nov 2022 11:46:33 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"5c4-5edf99b60b840-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P56Z6sYQwTmGEktiWB3p4XcvXa12p91sc2L8zfEDxYEIpI9%2B3ZaRovrZCt8jKw%2B7Zs6MWGaRSRg5JNAWx42CIbkg4s4deUnLU%2BAMAOnKLXH7FwGY0Iq2gUBi7mHmSd2ptX%2BEH%2FFN1Mp16Rgj"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cf-ray: 76f91245f98ebbfe-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 ic_help.gif
credittun.top/xx/assets/ 356 B
840 B 22ms
21ms Image
image/gif 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://credittun.top/xx/assets/ic_help.gif
Requested by: Host: credittun.top
URL: https://credittun.top/xx/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e5fa586c418c08dce89bb46bfa91597e880cdb2cd405a7da519bafb1c2ff5ae1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credittun.top/xx/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 08:39:00 GMT
cf-cache-status: HIT
last-modified: Mon, 21 Nov 2022 11:46:33 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 26
etag: "164-5edf99b60b840"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8MDteeD9I86HcmJG2epRiuvWXRJScCuIP6DZNKnf%2B7Dn8WgKzPLWd8Ilg%2BkRgzqBdYsMKle4CUp6PhJLAz8Wk1CNrsnikBCNMIzkP5g%2FnN3MWwGv31KSyti%2F4ImMGwoocK3fqMPaO%2BDYVjWQ"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 76f9124609d6bbfe-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 356

GET
H2 200 css
fonts.googleapis.com/ 3 KB
1 KB 136ms
49ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans

Requested by

Host: credittun.top
URL: https://credittun.top/xx/assets/base.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8d683e97a1f23650a3e38cf3621b924ccf692f2a4204d193335ceddeb9b65353

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credittun.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 25 Nov 2022 08:39:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 25 Nov 2022 07:02:29 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 25 Nov 2022 08:39:00 GMT

GET
H3 200 print.css
credittun.top/xx/assets/ 12 KB
4 KB 19ms
19ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://credittun.top/xx/assets/print.css
Requested by: Host: credittun.top
URL: https://credittun.top/xx/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9ad8478925b9c5d28672c14ad7b15aa406d0f6dd0f16946652c32248b4f4ba2c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credittun.top/xx/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 08:39:00 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 21 Nov 2022 11:46:32 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 26
etag: W/"30f5-5edf99b517600-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yij0wEXPHR0gc%2FBbJS%2BMqymsd9269SEQ5oabLfNmF%2Fwzb2%2FTnrmeKgdfQVhqeWG1x4BGICW0o8Flcc%2BeQg3yBN%2BVUvc6v0X4Nz0g5ILEOghZw7QS1InRQHdFROsjZx7e25ICd82Yj7%2FSTRwo"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 76f9124609d9bbfe-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 bg_headerContainer.svg
credittun.top/xx/assets/ 24 KB
9 KB 20ms
20ms Image
image/svg+xml 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://credittun.top/xx/assets/bg_headerContainer.svg
Requested by: Host: credittun.top
URL: https://credittun.top/xx/assets/base.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6d8e151c9a4662eed5ed30c64a2ae9feaa84748d92286849c9093b68724634bd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credittun.top/xx/assets/base.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 08:39:00 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 21 Nov 2022 11:51:01 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 25
etag: W/"6002-5edf9ab5a1340"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f3WjcnPJMLcyDRrxU6VVQpiQhAX1kgG8kW1uHjjeA28WBAZyzljtV0juUdTVh6FM%2B%2Fngan2dkHTYHxL%2BPS%2BB25%2F%2BWOtgIdw6927BsCltwa6GQsIrzhoucPd7tKFSbqSqXsfqD7sE6K51stcJ"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 76f91246eba8bbfe-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 pfbicons.woff
credittun.top/xx/assets/ 57 KB
57 KB 18ms
16ms Font
font/woff 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://credittun.top/xx/assets/pfbicons.woff
Requested by: Host: credittun.top
URL: https://credittun.top/xx/assets/base.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ddccf75b6a6b536c7a92cb5dcc1b9e0f07fe40118ab9f16e729d71aa367988ca

Request headers

Referer: https://credittun.top/xx/assets/base.css
Origin: https://credittun.top
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 08:39:00 GMT
cf-cache-status: HIT
last-modified: Mon, 21 Nov 2022 12:06:08 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 7130
etag: "e2b8-5edf9e169cc00"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ki8vFooFhqGLqftEUSRNoRgC2mgoeu%2F3B1U0A9dWNW%2FFUS0yCSaD8%2F3z9uaytAVj3aFPGhiio797230nkMYGH%2BwxNYxAMHx6mvzJ1WFVYp1GpE33h2KJkOdIZK4kcrD2hByJp8ofSAWmaiyW"}],"group":"cf-nel","max_age":604800}
content-type: font/woff
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 76f91246ebbdbbfe-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 58040

GET
H3 200 cross-domain-bridge.html Show response
credittun.top/xx/assets/ Frame 4AA9 5 KB
2 KB 66ms
66ms Document
text/html 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://credittun.top/xx/assets/cross-domain-bridge.html
Requested by: Host: credittun.top
URL: https://credittun.top/xx/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0f2df376e08515919c94760d337c71b8cf48e0df327cd8223b5eb534730eabdb

Request headers

Referer: https://credittun.top/xx/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 76f91246fbd8bbfe-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Fri, 25 Nov 2022 08:39:01 GMT
last-modified: Mon, 21 Nov 2022 11:46:33 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qmLr%2BXapE8RrZ32iKv2kLAhadaWeoyUEtNviBAH3r11MkbzZyG7blcGqZfvAh0V7vGJ1mCUcTNsHssNhXLhGlrNG%2FwoWBPS1G1Rjn3mKE0xGFMtswFpqXislYjoaq%2BbL7iWQlI9ljFBScGdG"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H3 200 bg_phishingDistractor.png
credittun.top/xx/assets/ 541 B
541 B 19ms
18ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://credittun.top/xx/assets/bg_phishingDistractor.png
Requested by: Host: credittun.top
URL: https://credittun.top/xx/assets/base.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credittun.top/xx/assets/base.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 08:39:00 GMT
cf-cache-status: HIT
last-modified: Mon, 21 Nov 2022 11:51:11 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 25
etag: "21d-5edf9abf2a9c0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T1oa6aoJvJYFB3AJ2Tq%2Be2tTk%2BstmuoGuDwP1oD0cNLZTnCDISZ5qxgS5s7RUuiKQ%2BQj88vj3HY3LMz7R1px%2BA2GnS555l3YEsmJE3TlZQ0LUs2LKoT2TxQUbAv3Z%2Fn2lbyKkSn9aI%2BROsF6"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 76f91246fbddbbfe-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 541

GET
H3 200 bt_primary_default.png
credittun.top/xx/assets/ 396 B
396 B 22ms
21ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://credittun.top/xx/assets/bt_primary_default.png
Requested by: Host: credittun.top
URL: https://credittun.top/xx/assets/base.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credittun.top/xx/assets/base.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 08:39:00 GMT
cf-cache-status: HIT
last-modified: Mon, 21 Nov 2022 11:51:20 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 25
etag: "18c-5edf9ac7bfe00"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z%2BpON%2BdCS8v4aJtJtIdbHxHZXFSm12KMrXERkvFJPXyeieMOmw542Fo3Djd5pOalFOMNwhiTuCgP62%2FBje6Q%2B97OSbw49Kd54UIxfHQix5QfZWfl7UEvyletCiOsl2OvcfY%2FxVjBGJq9htwr"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 76f91246fbdebbfe-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 396

GET
H3 200 logo_verimi.svg
credittun.top/xx/assets/ 893 B
961 B 20ms
19ms Image
image/svg+xml 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://credittun.top/xx/assets/logo_verimi.svg
Requested by: Host: credittun.top
URL: https://credittun.top/xx/assets/base.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 04dc44d70bab5f51ac523dd363d6dbeb91c227ca4617d2498ed4856468a57903

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credittun.top/xx/assets/base.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 08:39:00 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 21 Nov 2022 11:51:36 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 26
etag: W/"37d-5edf9ad702200"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pp5IisgUeKAsCLr6dKMEen%2BsjNJ8W21X0AEkQRP%2BZxDsPOFuKGB%2Byylu3GxYYwyqpYnDwmcAs7QkKF8T3cp1iCs3VL%2F1WGNEWwbOkPqr7Mr9%2Bc%2BhQKE%2FgH68kx1hRLr74mHX1ak6sup4VpBj"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 76f91246fbe0bbfe-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 pfbicons.ttf
credittun.top/xx/assets/ 57 KB
32 KB 18ms
18ms Font
font/ttf 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://credittun.top/xx/assets/pfbicons.ttf
Requested by: Host: credittun.top
URL: https://credittun.top/xx/assets/base.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7f7156b4df52fbd5e6d52360559842a57cbc8522f27337ae65c847ef77f65486

Request headers

Referer: https://credittun.top/xx/assets/base.css
Origin: https://credittun.top
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 08:39:00 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 21 Nov 2022 12:06:44 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 25
etag: W/"e26c-5edf9e38f1d00"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I3KvfHi3VWlNJ5LK2qjPY8pW%2BG6cdtaTTbH4fVziTU9nFWFNn3CzzZuG1t5Wja4saQdhwcOi8yh%2BLyFkHzmuVFx6bRTjR21%2B7JhtQh0Ylu8oTPR%2BqLZtcwvcMTKeUOlBsX4uWWfWH4R7liUn"}],"group":"cf-nel","max_age":604800}
content-type: font/ttf
cache-control: max-age=14400
cf-ray: 76f912471c0fbbfe-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

OPTIONS
H2 200 languages.json
api.usercentrics.eu/settings/hFeT9yF-a/latest/ Frame 0
0 113ms
45ms Preflight
text/html 2600:1901:0:c07c::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.usercentrics.eu/settings/hFeT9yF-a/latest/languages.json

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:0:c07c:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

UploadServer /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://credittun.top
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE
access-control-allow-origin: *
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 25 Nov 2022 08:39:01 GMT
expires: Fri, 25 Nov 2022 08:39:01 GMT
server: UploadServer
strict-transport-security: max-age=7776000
x-client-geo-location: DE,DEHE
x-guploader-uploadid: ADPycdtCJ3fjf31dS4RqSURhrg1SYUzk40ES8Moy0gn5dxzUTp9BG4n2hvLso2ByKuGZO1XaeSLYGquQnQfzN9dOKr8oWw

GET
H3 200 languages.json Show response
api.usercentrics.eu/settings/hFeT9yF-a/latest/ 66 B
104 B 100ms
31ms Fetch
application/json 2600:1901:0:c07c::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.usercentrics.eu/settings/hFeT9yF-a/latest/languages.json

Requested by

Host: credittun.top
URL: https://credittun.top/xx/assets/usercentrics-3.6.0.js.download

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:1901:0:c07c:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

UploadServer /

Resource Hash

eb3f4cf387fca0337770c0919834536dca1fc6c95ec5d142c46537a0f20ec14b

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

Referer: https://credittun.top/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
content-type: application/json

Response headers

date: Fri, 25 Nov 2022 08:39:00 GMT
content-encoding: gzip
strict-transport-security: max-age=7776000
age: 1
x-client-geo-location: DE,DEHE
x-guploader-uploadid: ADPycdsxAV3d1lmlxrnmnLxzemtUh89LwIWdnNJyZaoTF2vErpAgz3RX17HhQQ6bTtfKS3yPdde_O1dPdr25ntJjJEUy4nhbK17V
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 71
last-modified: Mon, 07 Nov 2022 13:24:23 GMT
server: UploadServer
etag: "645afc9e7aa2c884f8a470fd78671460"
vary: Accept-Encoding
x-goog-generation: 1667827463212503
x-goog-hash: crc32c=VEQXGw==, md5=ZFr8nnqiyIT4pHD9eGcUYA==
access-control-allow-origin: *
access-control-expose-headers: *, Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=1800, s-maxage=10
x-goog-stored-content-length: 71
accept-ranges: bytes
content-type: application/json
expires: Fri, 25 Nov 2022 08:39:10 GMT

GET
H3 200 en.json Show response
api.usercentrics.eu/settings/hFeT9yF-a/latest/ 26 KB
8 KB 33ms
32ms Fetch
application/json 2600:1901:0:c07c::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.usercentrics.eu/settings/hFeT9yF-a/latest/en.json

Requested by

Host: credittun.top
URL: https://credittun.top/xx/assets/usercentrics-3.6.0.js.download

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:1901:0:c07c:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

UploadServer /

Resource Hash

fcf0680931ef591a00a3bca373d65953aff3d0e75049f8182d6f39c29a011111

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

Referer: https://credittun.top/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
content-type: application/json

Response headers

date: Fri, 25 Nov 2022 08:38:53 GMT
content-encoding: gzip
strict-transport-security: max-age=7776000
age: 8
x-client-geo-location: DE,DEHE
x-guploader-uploadid: ADPycdudZzf3-ITRExyUsB8-QH1BYJ1LGAgG-U7SWQnGGkbUoOfjgcZnkfwxxmbYJnqnQzPo7S_I8m114YQ_wYwoENJdPg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7657
last-modified: Mon, 07 Nov 2022 13:24:23 GMT
server: UploadServer
etag: "f04134c581bb4694877a196f28ae43bc"
vary: Accept-Encoding
x-goog-generation: 1667827463211467
x-goog-hash: crc32c=g0nTVA==, md5=8EE0xYG7RpSHehlvKK5DvA==
access-control-allow-origin: *
access-control-expose-headers: *, Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=1800, s-maxage=10
x-goog-stored-content-length: 7657
accept-ranges: bytes
content-type: application/json
expires: Fri, 25 Nov 2022 08:39:03 GMT

OPTIONS
H3 200 en.json
api.usercentrics.eu/settings/hFeT9yF-a/latest/ Frame 0
0 44ms
44ms Preflight
text/html 2600:1901:0:c07c::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.usercentrics.eu/settings/hFeT9yF-a/latest/en.json

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:1901:0:c07c:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

UploadServer /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://credittun.top
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE
access-control-allow-origin: *
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 25 Nov 2022 08:39:01 GMT
expires: Fri, 25 Nov 2022 08:39:01 GMT
server: UploadServer
strict-transport-security: max-age=7776000
x-client-geo-location: DE,DEHE
x-guploader-uploadid: ADPycdt9r7itZnPH1ABUzIwSOgY2WWK7RunlIDIZFfjvZPDsWjEDhVqMJEw2b3qqm3O2taGVegVcv4Hup3lYPVxLTibe

GET
H2 200 cross-domain-bridge.html Show response
app.usercentrics.eu/browser-sdk/4.16.0/ Frame AF9B 5 KB
2 KB 101ms
32ms Document
text/html 2600:1901:0:5987::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://app.usercentrics.eu/browser-sdk/4.16.0/cross-domain-bridge.html

Requested by

Host: credittun.top
URL: https://credittun.top/xx/assets/usercentrics-3.6.0.js.download

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:0:5987:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

UploadServer /

Resource Hash

8563f915516318c564b1a4b4d4005778294178cfac736d0ed7dd5afa86d4cd50

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

Referer: https://credittun.top/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: Content-Type Content-Length Transfer-Encoding
age: 691128
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=2592000, no-transform
content-encoding: gzip
content-length: 1123
content-type: text/html
date: Thu, 17 Nov 2022 08:40:13 GMT
etag: "590318360dd4b7eddf1f8ec23baed619"
expires: Sat, 17 Dec 2022 08:40:13 GMT
last-modified: Tue, 18 Oct 2022 08:39:16 GMT
server: UploadServer
strict-transport-security: max-age=7776000
x-goog-generation: 1666082356317203
x-goog-hash: crc32c=nhP8Ug== md5=WQMYNg3Ut+3fH47CO67WGQ==
x-goog-metageneration: 2
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 1123
x-guploader-uploadid: ADPycdt1fypMAzgNHYZ7GhVf-iiopD_GoqRF_cGrqflbBEnzJi8hvBblL0meVMlhF3pfVIiygdWK9juG5P5-YW9J_JTA-w

GET
H3 200 1px.png
app.usercentrics.eu/session/ 489 B
551 B 104ms
34ms Image
image/png 2600:1901:0:5987::
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://app.usercentrics.eu/session/1px.png?settingsId=hFeT9yF-a

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:1901:0:5987:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

UploadServer /

Resource Hash

009a4cf1623ff76804e55d59a17f680f77d8c76ada674500997ff44cc7ac0741

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credittun.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 08:10:14 GMT
content-encoding: gzip
strict-transport-security: max-age=7776000
age: 1727
x-guploader-uploadid: ADPycdvTt5S8VktNijwjGSWUWDEbWk-YfYQHrxUcMDt646Q12CHADh-y-NDV_IwP4OW_piHm1NjpnzQGWzl0L3hgLH2Fq6TpFlRZ
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 522
last-modified: Fri, 08 May 2020 09:06:13 GMT
server: UploadServer
etag: "3702ada73b8951017b8451cbd6a96523"
x-goog-generation: 1588928773413784
x-goog-hash: crc32c=pFwm0Q==, md5=NwKtpzuJUQF7hFHL1qllIw==
content-type: image/png
cache-control: public,max-age=1800,no-transform
x-goog-stored-content-length: 522
accept-ranges: bytes
expires: Fri, 25 Nov 2022 08:40:14 GMT

GET
H3 200 translations-en.json Show response
api.usercentrics.eu/translations/ 7 KB
2 KB 32ms
32ms Fetch
application/json 2600:1901:0:c07c::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.usercentrics.eu/translations/translations-en.json

Requested by

Host: credittun.top
URL: https://credittun.top/xx/assets/usercentrics-3.6.0.js.download

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:1901:0:c07c:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

UploadServer /

Resource Hash

a860acff478ef9d91d38024f21089d81a426da5d59c4847f3c5c33d061e1659f

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

Referer: https://credittun.top/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
content-type: application/json

Response headers

date: Fri, 25 Nov 2022 05:42:15 GMT
content-encoding: gzip
strict-transport-security: max-age=7776000
age: 10606
x-client-geo-location: DE,DEHE
x-guploader-uploadid: ADPycdvWslZq47v-I12chyPoMzQnmhh7aeFKucoh4ehUOmfe0xJqIT_k4UikMvYYv4WwVUkRtdws5MauFc4qxdnBBfdPpg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2305
last-modified: Mon, 21 Nov 2022 10:38:06 GMT
server: UploadServer
etag: "b2ddc9c3832854924c07b315d47869de"
vary: Accept-Encoding
x-goog-generation: 1659013975131951
x-goog-hash: crc32c=x3i0og==, md5=st3Jw4MoVJJMB7MV1Hhp3g==
access-control-allow-origin: *
access-control-expose-headers: *, Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: public, max-age=86400, s-maxage=86400
x-goog-stored-content-length: 2305
accept-ranges: bytes
content-type: application/json
expires: Sat, 26 Nov 2022 05:42:15 GMT

OPTIONS
H3 200 translations-en.json
api.usercentrics.eu/translations/ Frame 0
0 47ms
46ms Preflight
text/html 2600:1901:0:c07c::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.usercentrics.eu/translations/translations-en.json

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:1901:0:c07c:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

UploadServer /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://credittun.top
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE
access-control-allow-origin: *
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 25 Nov 2022 08:39:01 GMT
expires: Fri, 25 Nov 2022 08:39:01 GMT
server: UploadServer
strict-transport-security: max-age=7776000
x-client-geo-location: DE,DEHE
x-guploader-uploadid: ADPycduT7vxBZmlBwXkK_kKzO_uE9XuGVvTE9RgQOF7nW349tV8wQxiX9r65qXye8KJBl6KlRvpLTj02g6JrkZqBXJdARkNMHwl_

GET
H3 200 en Show response
aggregator.service.usercentrics.eu/aggregate/ 42 KB
6 KB 103ms
35ms Fetch
application/json 2600:1901:0:256b::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://aggregator.service.usercentrics.eu/aggregate/en?templates=8L9bkqYbV@9.6.2,AkH3-hdIF@3.0.3,B1SI9Nsus-Q@8.5.2,BJf5EjOi-X@12.5.6,BJz7qNsdj-7@15.7.12,H1Vl5NidjWX@40.17.38,HyiV94juoW7@8.3.2,Hysgc4odiZ7@13.6.5,IrHlMsvFk@1.0.23,QmkqgbGhi@1.1.2,S1_9Vsuj-Q@15.7.11,ko1w5PpFl@23.12.19,oMRbgWzWH@1.0.4
Requested by: Host: credittun.top
URL: https://credittun.top/xx/assets/usercentrics-3.6.0.js.download
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2600:1901:0:256b:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: 03f90a5e592706520af41a8fc94aad3a9b7d5af5b835854fd235a327f62256af

Request headers

Referer: https://credittun.top/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
content-type: application/json

Response headers

date: Wed, 23 Nov 2022 05:15:38 GMT
content-encoding: br
via: 1.1 google
server: Google Frontend
age: 185003
etag: "1o5wewk"
vary: Accept-Encoding, accept-encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-cloud-trace-context: 1b0516aa2e65b318d5b5e1addfaf8f78
cache-control: public,max-age=604800
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6336

OPTIONS
H2 204 en
aggregator.service.usercentrics.eu/aggregate/ Frame 0
0 116ms
40ms Preflight
text/html 2600:1901:0:256b::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://aggregator.service.usercentrics.eu/aggregate/en?templates=8L9bkqYbV@9.6.2,AkH3-hdIF@3.0.3,B1SI9Nsus-Q@8.5.2,BJf5EjOi-X@12.5.6,BJz7qNsdj-7@15.7.12,H1Vl5NidjWX@40.17.38,HyiV94juoW7@8.3.2,Hysgc4odiZ7@13.6.5,IrHlMsvFk@1.0.23,QmkqgbGhi@1.1.2,S1_9Vsuj-Q@15.7.11,ko1w5PpFl@23.12.19,oMRbgWzWH@1.0.4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:256b:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://credittun.top
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: *
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Fri, 25 Nov 2022 08:39:01 GMT
server: Google Frontend
vary: Origin, Access-Control-Request-Headers
via: 1.1 google
x-cloud-trace-context: db5d1e0aa959c0ddd78f2d1a3ff0391c

OPTIONS
H2 204 graphql
graphql.usercentrics.eu/ Frame 0
0 110ms
36ms Preflight 2600:1901:0:7903::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://graphql.usercentrics.eu/graphql
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:7903:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: access-control-allow-origin,content-type,x-request-id
Access-Control-Request-Method: POST
Origin: https://credittun.top
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

access-control-allow-headers: access-control-allow-origin,content-type,x-request-id
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Fri, 25 Nov 2022 08:39:01 GMT
vary: Access-Control-Request-Headers
via: 1.1 google
x-powered-by: Express

POST
H3 200 graphql Show response
graphql.usercentrics.eu/ 1 KB
590 B 106ms
39ms Fetch
application/json 2600:1901:0:7903::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://graphql.usercentrics.eu/graphql
Requested by: Host: credittun.top
URL: https://credittun.top/xx/assets/usercentrics-3.6.0.js.download
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2600:1901:0:7903:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: / Express
Resource Hash: 26ac62bb7498f52ac10cf2938811885f41cc81b4d18c3da5e9206439d260a93f

Request headers

Access-Control-Allow-Origin: *
Accept: application/json
Referer: https://credittun.top/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
X-Request-ID: 74ad8d52-5601-4d89-82b7-7ba3ee1e8bf1
content-type: application/json

Response headers

date: Fri, 25 Nov 2022 08:39:01 GMT
content-encoding: gzip
via: 1.1 google
x-powered-by: Express
etag: W/"442-SjvIdd3TnLhBfPoREj98TnUs0ww"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 uct
uct.service.usercentrics.eu/ 35 B
277 B 125ms
51ms Image
image/gif 34.95.108.180
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://uct.service.usercentrics.eu/uct?v=1&sid=hFeT9yF-a&t=1&abv=&r=https%3A%2F%2Fcredittun.top%2Fxx%2F&cb=1669365541789

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.95.108.180 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

180.108.95.34.bc.googleusercontent.com

Software

Google Frontend / Express

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credittun.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date: Fri, 25 Nov 2022 08:39:01 GMT
via: 1.1 google
strict-transport-security: max-age=7776000
server: Google Frontend
x-powered-by: Express
content-type: image/gif
x-cloud-trace-context: e168d1de96fe7a846b0a60d4b55e5d58
cache-control: no-store
function-execution-id: jo9almk907gc
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35

GET
H2 200 deutsche_bank_logo_retina.gif
www.deutsche-bank.de/dam/deutschebank/de/shared/logo/ 854 B
1 KB 48ms
11ms Image
image/gif 2600:9000:21f3:8200:13:46b5:7d80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.deutsche-bank.de/dam/deutschebank/de/shared/logo/deutsche_bank_logo_retina.gif

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21f3:8200:13:46b5:7d80:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

81e601a8a1848ba07173f974a88cc2f6a50f0d23105d9327a30e1c9c28f8adb9

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://*.deutsche-bank.de
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN, allow-from https://meine.deutsche-bank.de

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://credittun.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-dispatcher: dispatcher1eucentral1
date: Fri, 25 Nov 2022 08:39:01 GMT
x-dispatcher-version: 1.4.7
x-content-type-options: nosniff
content-security-policy: frame-ancestors https://*.deutsche-bank.de
via: 1.1 06d36e78e8dfd9468327f09115761a9e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
x-vhost: deutsche-bank
x-cache: Miss from cloudfront
content-disposition: inline
content-length: 854
last-modified: Wed, 21 Feb 2018 08:38:06 GMT
server: Apache
etag: "356-565b4d8995780"
vary: Host
x-frame-options: SAMEORIGIN, allow-from https://meine.deutsche-bank.de
content-type: image/gif
accept-ranges: bytes
x-amz-cf-id: VHCkK1NG5FfTlpFPDFj5M63tkDqfDDCTELC9MPmECLq7yiPw-tUyWA==

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Deutsche Bank (Banking)

91 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
lihi2.cc/	1970-01-20 17:18:45	Name: redirect_id Value: eyJpdiI6ImQrYmlEUWYzR0FkYmZHMFR2alU4XC9BPT0iLCJ2YWx1ZSI6IkJZeXZFeWhlelhmYnh2bGlQZW9aQlliRllZZjNYcmdsWlNPZWoyZkdkYnVZMDJXaUlVaFRnd3R3TUViTlRpTloiLCJtYWMiOiI3MDRhOGU0MGYxYjRlNmRhN2ExNjI3YzEwNDBkOWZjMTE0OGM4MTI2NjExZjYwZmUzODJmNzgwOGZiY2YzMDFjIn0%3D
lihi2.cc/	1970-01-20 07:42:45	Name: lihi_session Value: eyJpdiI6Im9aV2FSQ0ZzOU5ldnVXbG1aZzludkE9PSIsInZhbHVlIjoiWFdXb09mR0lDMFhBck43UHY1eHUzOUh3ZlwvK0NKZ041dmdqMWdmTnVxcGFGZ044eE9xTTBUMEFlNWJQbXN4S04iLCJtYWMiOiJiZjEzMTg4OWM3YWUwY2I4NTgzN2U5NjRkYTg1ZTVlODVlY2JmZTBjNGYzMzA3YTE1MDkxZTE1M2RkNTVjNzRmIn0%3D
credittun.top/	1970-01-20 09:52:21	Name: font-sizer Value: %7B%22font-size%22%3A%22fs-small%22%7D

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://credittun.top/xx/ Message: Failed to decode downloaded font: https://credittun.top/xx/assets/pfbicons.woff
other	warning	URL: https://credittun.top/xx/ Message: OTS parsing error: incorrect file size in WOFF header
other	warning	URL: https://credittun.top/xx/ Message: Failed to decode downloaded font: https://credittun.top/xx/assets/pfbicons.ttf
other	warning	URL: https://credittun.top/xx/ Message: OTS parsing error: post: table overruns end of file

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aggregator.service.usercentrics.eu
api.usercentrics.eu
app.usercentrics.eu
credittun.top
fonts.googleapis.com
graphql.usercentrics.eu
lihi2.cc
uct.service.usercentrics.eu
www.deutsche-bank.de
2600:1901:0:256b::
2600:1901:0:5987::
2600:1901:0:7903::
2600:1901:0:c07c::
2600:9000:21f3:8200:13:46b5:7d80:93a1
2a00:1450:4001:802::200a
2a06:98c1:3120::3
34.95.108.180
35.244.149.249
0053c654aec205ce4b9f4b0c9288f30c1b0b82142bff6864345584cb4b419325
009a4cf1623ff76804e55d59a17f680f77d8c76ada674500997ff44cc7ac0741
03f90a5e592706520af41a8fc94aad3a9b7d5af5b835854fd235a327f62256af
04dc44d70bab5f51ac523dd363d6dbeb91c227ca4617d2498ed4856468a57903
0f2df376e08515919c94760d337c71b8cf48e0df327cd8223b5eb534730eabdb
102d5e9253625aeb5d47ad0350763b534b95a92a240f353e8bd9bb43ef1722c2
26ac62bb7498f52ac10cf2938811885f41cc81b4d18c3da5e9206439d260a93f
2feb12ed2624d8a59bb18c116b8bf12c1f38a9611ce94353c65450d46ed57433
38c94fac1bfc95bc65e0ca957a52b96d50fce672f783885b7653f2adec4cb00e
3bf7b013d798a458b822b2c4e46a65fa2b3af38ab3ae9f594e954f0b344da2e6
4449265edb6b39d65017149d01aeeb1f79d6e11ed313cbc2bf097ef14fbbed3d
51840ddb5e736e869275117e05238b844866ccdf7641d237f875525d2bc2a381
60f2c6d5a8cfd513ba53986bfbb2f40b73097b4cf2048dec99f96970a68e2575
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6d8e151c9a4662eed5ed30c64a2ae9feaa84748d92286849c9093b68724634bd
71135efed1022d62d2d805d6383ffe2d07dfb09cea04d6889655d9e4dfa540e0
748210c9dfa18aab5950bfc5d81d1a34c6f008bd347372b7defc0471e93e2e81
7f7156b4df52fbd5e6d52360559842a57cbc8522f27337ae65c847ef77f65486
80e83185b609626b3977ae01dd2ca79b4e36e962454959f21162dc66352d978e
81e601a8a1848ba07173f974a88cc2f6a50f0d23105d9327a30e1c9c28f8adb9
8563f915516318c564b1a4b4d4005778294178cfac736d0ed7dd5afa86d4cd50
8d683e97a1f23650a3e38cf3621b924ccf692f2a4204d193335ceddeb9b65353
9ad8478925b9c5d28672c14ad7b15aa406d0f6dd0f16946652c32248b4f4ba2c
a860acff478ef9d91d38024f21089d81a426da5d59c4847f3c5c33d061e1659f
b86d62cd6db965295cd25c44221ae2f91e9a84aebdff867b32619dcdc6354391
ddccf75b6a6b536c7a92cb5dcc1b9e0f07fe40118ab9f16e729d71aa367988ca
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5fa586c418c08dce89bb46bfa91597e880cdb2cd405a7da519bafb1c2ff5ae1
eb3f4cf387fca0337770c0919834536dca1fc6c95ec5d142c46537a0f20ec14b
ee6fef6ff7fabff3bcbe87b4a109585e2442aaa96860d1ed1a8d0a3c75214eba
fcf0680931ef591a00a3bca373d65953aff3d0e75049f8182d6f39c29a011111

credittun.top Open in urlscan Pro 2a06:98c1:3120::3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

37 Requests

100 %HTTPS

78 %IPv6

5 Domains

9 Subdomains

8 IPs

2 Countries

530 kBTransfer

2007 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

37 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

credittun.top Open in urlscan Pro
2a06:98c1:3120::3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

37
Requests

100 %
HTTPS

78 %
IPv6

5
Domains

9
Subdomains

8
IPs

2
Countries

530 kB
Transfer

2007 kB
Size

3
Cookies

37 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!