shy-math-0394.jken4529.workers.dev Open in urlscan Pro
2606:4700:3037::ac43:95e6  Malicious Activity! Public Scan

Submitted URL: http://shy-math-0394.jken4529.workers.dev/
Effective URL: https://shy-math-0394.jken4529.workers.dev/
Submission: On December 16 via api from US — Scanned from CA

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 12 HTTP transactions. The main IP is 2606:4700:3037::ac43:95e6, located in United States and belongs to CLOUDFLARENET, US. The main domain is shy-math-0394.jken4529.workers.dev.
TLS certificate: Issued by WE1 on November 30th 2024. Valid for: 3 months.
This is the only time shy-math-0394.jken4529.workers.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

IP Address AS Autonomous System
1 12 2606:4700:303... 13335 (CLOUDFLAR...)
1 2600:1408:c40... 20940 (AKAMAI-AS...)
12 3
Apex Domain
Subdomains
Transfer
12 workers.dev
shy-math-0394.jken4529.workers.dev
762 KB
1 bing.com
r.bing.com — Cisco Umbrella Rank: 467
8 KB
12 2
Domain Requested by
12 shy-math-0394.jken4529.workers.dev 1 redirects shy-math-0394.jken4529.workers.dev
1 r.bing.com shy-math-0394.jken4529.workers.dev
12 2
Subject Issuer Validity Valid
jken4529.workers.dev
WE1
2024-11-30 -
2025-02-28
3 months crt.sh
r.bing.com
Microsoft Azure ECC TLS Issuing CA 04
2024-06-24 -
2025-06-19
a year crt.sh

This page contains 1 frames:

Primary Page: https://shy-math-0394.jken4529.workers.dev/
Frame ID: FC300EAFB33E82A6429ED7FC99646228
Requests: 15 HTTP requests in this frame

Screenshot

Page Title

site;ManilaEnvelope.online - Search

Page URL History Show full URLs

  1. http://shy-math-0394.jken4529.workers.dev/ HTTP 307
    https://shy-math-0394.jken4529.workers.dev/ Page URL
  2. https://shy-math-0394.jken4529.workers.dev/cdn-cgi/phish-bypass?atok=JyIU8StbS6FmU9wDxJQdlEFK4wKtP5amcAin2tOYM9U-173434... HTTP 301
    https://shy-math-0394.jken4529.workers.dev/ Page URL

Page Statistics

12
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

770 kB
Transfer

2298 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://shy-math-0394.jken4529.workers.dev/ HTTP 307
    https://shy-math-0394.jken4529.workers.dev/ Page URL
  2. https://shy-math-0394.jken4529.workers.dev/cdn-cgi/phish-bypass?atok=JyIU8StbS6FmU9wDxJQdlEFK4wKtP5amcAin2tOYM9U-1734346463-0.0.1.1-%2F HTTP 301
    https://shy-math-0394.jken4529.workers.dev/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://shy-math-0394.jken4529.workers.dev/ HTTP 307
  • https://shy-math-0394.jken4529.workers.dev/

12 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
shy-math-0394.jken4529.workers.dev/
Redirect Chain
  • http://shy-math-0394.jken4529.workers.dev/
  • https://shy-math-0394.jken4529.workers.dev/
4 KB
2 KB
Document
General
Full URL
https://shy-math-0394.jken4529.workers.dev/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::ac43:95e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
87739a927b236f664a3b4c82f52bdd0b8281cd18df8f0000c0dde4f869d3d3cd
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cf-ray
8f2e22977d284299-EWR
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Mon, 16 Dec 2024 10:54:23 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cZuHEGA9TXsAWCFe0KAP4rrHsHFM4pjzvSCbpchtMxbXUDHOGIeQqZTT36pHVMRPYB6i%2F4y2FPV6g9ZoP2xMM%2BBDqdFEE72bnI%2Fdjqw5TAYY2K4LTPc%2F5sS09IuNMg7j8y6QSARrRRgyIp1WQclJcVjC%2BvUCTwZnPt0JRb9g2MZJ"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-frame-options
SAMEORIGIN

Redirect headers

Cross-Origin-Resource-Policy
Cross-Origin
Location
https://shy-math-0394.jken4529.workers.dev/
Non-Authoritative-Reason
HSTS
cf.errors.css
shy-math-0394.jken4529.workers.dev/cdn-cgi/styles/
23 KB
5 KB
Stylesheet
General
Full URL
https://shy-math-0394.jken4529.workers.dev/cdn-cgi/styles/cf.errors.css
Requested by
Host: shy-math-0394.jken4529.workers.dev
URL: https://shy-math-0394.jken4529.workers.dev/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::ac43:95e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://shy-math-0394.jken4529.workers.dev/

Response headers

vary
Accept-Encoding
cache-control
max-age=7200, public
content-encoding
gzip
etag
W/"67531899-5df3"
x-content-type-options
nosniff
cf-ray
8f2e22984dc34299-EWR
expires
Mon, 16 Dec 2024 12:54:24 GMT
date
Mon, 16 Dec 2024 10:54:24 GMT
content-type
text/css
last-modified
Fri, 06 Dec 2024 15:30:33 GMT
server
cloudflare
x-frame-options
DENY
icon-exclamation.png
shy-math-0394.jken4529.workers.dev/cdn-cgi/images/
452 B
635 B
Image
General
Full URL
https://shy-math-0394.jken4529.workers.dev/cdn-cgi/images/icon-exclamation.png?1376755637
Requested by
Host: shy-math-0394.jken4529.workers.dev
URL: https://shy-math-0394.jken4529.workers.dev/cdn-cgi/styles/cf.errors.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::ac43:95e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://shy-math-0394.jken4529.workers.dev/cdn-cgi/styles/cf.errors.css

Response headers

vary
Accept-Encoding
cache-control
max-age=7200, public
etag
"67531899-1c4"
x-content-type-options
nosniff
cf-ray
8f2e22991e9b4299-EWR
expires
Mon, 16 Dec 2024 12:54:24 GMT
accept-ranges
bytes
content-length
452
date
Mon, 16 Dec 2024 10:54:24 GMT
content-type
image/png
last-modified
Fri, 06 Dec 2024 15:30:33 GMT
server
cloudflare
x-frame-options
DENY
favicon.ico
shy-math-0394.jken4529.workers.dev/
337 KB
105 KB
Other
General
Full URL
https://shy-math-0394.jken4529.workers.dev/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::ac43:95e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6552fb7291c2effb3362c110c03fc4c141130ae98ffdf393644db656d455b8c6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://shy-math-0394.jken4529.workers.dev/

Response headers

x-eventid
676006e0592b41eab2d8e4c9f1fe8055
content-encoding
zstd
cf-cache-status
DYNAMIC
report-to
{"group":"csp-endpoint","max_age":86400,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingcsp"}]}, {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingserp&ndcParam=QWthbWFp"}]}, {"group":"crossorigin-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingserp"}]}
expires
Mon, 16 Dec 2024 10:53:24 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=47202&min_rtt=42247&rtt_var=7790&sent=24&recv=17&lost=0&retrans=0&sent_bytes=12116&recv_bytes=5745&delivery_rate=10659&cwnd=12000&unsent_bytes=0&cid=0c06ad581b51a44d&ts=657&x=1", cfExtPri, cfHdrFlush;dur=0
p3p
CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
date
Mon, 16 Dec 2024 10:54:24 GMT
content-type
text/html; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
'require-corp; report-to=\"crossorigin-errors\"'
priority
u=1,i
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private, max-age=0
nel
{"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0,"include_subdomains":true}
x-cdn-traceid
0.94ca2c17.1734346464.f1f6173
content-security-policy-report-only
script-src https: 'strict-dynamic' 'report-sample' 'wasm-unsafe-eval' 'nonce-hkwGj9D5PZzGcc4iq9KPR1bXGr+CIoAhMRHauILvEAg='; base-uri 'self';report-to csp-endpoint
cf-ray
8f2e22998ee14299-EWR
useragentreductionoptout
A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
cross-origin-opener-policy-report-only
'same-origin; report-to=\"crossorigin-errors\"'
server
cloudflare
Primary Request /
shy-math-0394.jken4529.workers.dev/
Redirect Chain
  • https://shy-math-0394.jken4529.workers.dev/cdn-cgi/phish-bypass?atok=JyIU8StbS6FmU9wDxJQdlEFK4wKtP5amcAin2tOYM9U-1734346463-0.0.1.1-%2F
  • https://shy-math-0394.jken4529.workers.dev/
380 KB
115 KB
Document
General
Full URL
https://shy-math-0394.jken4529.workers.dev/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::ac43:95e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
78d3d6ec57fc4ebd7ae20c0c1ac0002adfa51d4b53b068dceafaa01456c1695a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://shy-math-0394.jken4529.workers.dev/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
private, max-age=0
cf-cache-status
DYNAMIC
cf-ray
8f2e22b7c8164299-EWR
content-encoding
zstd
content-security-policy-report-only
script-src https: 'strict-dynamic' 'report-sample' 'wasm-unsafe-eval' 'nonce-+d0Gali1h7lZiEm1k/H1PPuUOYutxd1ERva5P1jeLx8='; base-uri 'self';report-to csp-endpoint
content-type
text/html; charset=utf-8
cross-origin-embedder-policy-report-only
'require-corp; report-to=\"crossorigin-errors\"'
cross-origin-opener-policy-report-only
'same-origin; report-to=\"crossorigin-errors\"'
date
Mon, 16 Dec 2024 10:54:29 GMT
expires
Mon, 16 Dec 2024 10:53:29 GMT
nel
{"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0,"include_subdomains":true}
p3p
CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
priority
u=0,i
report-to
{"group":"csp-endpoint","max_age":86400,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingcsp"}]} {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingserp&ndcParam=QWthbWFp"}]} {"group":"crossorigin-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingserp"}]}
server
cloudflare
server-timing
cfL4;desc="?proto=QUIC&rtt=49508&min_rtt=42247&rtt_var=4299&sent=124&recv=65&lost=0&retrans=0&sent_bytes=122616&recv_bytes=8811&delivery_rate=567&cwnd=82800&unsent_bytes=0&cid=0c06ad581b51a44d&ts=5453&x=1" cfExtPri cfHdrFlush;dur=0
strict-transport-security
max-age=31536000; includeSubDomains; preload
useragentreductionoptout
A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
vary
Accept-Encoding
x-cdn-traceid
0.abca2c17.1734346469.20b07d6
x-eventid
676006e5de574627a97ae3998b37116f

Redirect headers

cache-control
private, no-cache
cf-ray
8f2e22b3ad014299-EWR
content-length
167
content-type
text/html
date
Mon, 16 Dec 2024 10:54:28 GMT
location
https://shy-math-0394.jken4529.workers.dev/
server
cloudflare
x-content-type-options
nosniff
x-frame-options
DENY
truncated
/
68 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
643ac89572093a4c907c1af802b3d354453c64d545dc3f1be1ce689046064511

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://shy-math-0394.jken4529.workers.dev/

Response headers

Content-Type
image/png
fG0ED-g2hQtFeYLODcS6OhxKtIg.png
shy-math-0394.jken4529.workers.dev/rp/
29 KB
29 KB
Image
General
Full URL
https://shy-math-0394.jken4529.workers.dev/rp/fG0ED-g2hQtFeYLODcS6OhxKtIg.png
Requested by
Host: shy-math-0394.jken4529.workers.dev
URL: https://shy-math-0394.jken4529.workers.dev/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::ac43:95e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://shy-math-0394.jken4529.workers.dev/

Response headers

x-eventid
676006e529b44645b715e45c96bbef14
content-encoding
zstd
cf-cache-status
DYNAMIC
report-to
{"group":"csp-endpoint","max_age":86400,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingcsp"}]}, {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingserp&ndcParam=QWthbWFp"}]}, {"group":"crossorigin-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingserp"}]}
expires
Mon, 16 Dec 2024 10:53:29 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=48013&min_rtt=42203&rtt_var=4776&sent=230&recv=78&lost=0&retrans=0&sent_bytes=242722&recv_bytes=9823&delivery_rate=1893531&cwnd=105600&unsent_bytes=0&cid=0c06ad581b51a44d&ts=6219&x=1", cfExtPri, cfHdrFlush;dur=0
p3p
CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
date
Mon, 16 Dec 2024 10:54:29 GMT
content-type
text/html; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
'require-corp; report-to=\"crossorigin-errors\"'
priority
u=3,i
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private, max-age=0
nel
{"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0,"include_subdomains":true}
x-cdn-traceid
0.93ca2c17.1734346469.fc6f9d1
content-security-policy-report-only
script-src https: 'strict-dynamic' 'report-sample' 'wasm-unsafe-eval' 'nonce-/jccgQKZk6WzbIp3Zh1aGOGksP8x5QCrYH9ffeNRES0='; base-uri 'self';report-to csp-endpoint
cf-ray
8f2e22bcbbb64299-EWR
useragentreductionoptout
A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
cross-origin-opener-policy-report-only
'same-origin; report-to=\"crossorigin-errors\"'
server
cloudflare
q5aD1AV90JU_ebJwNMO9qDc6a04.br.css
r.bing.com/rp/
0
8 KB
Other
General
Full URL
https://r.bing.com/rp/q5aD1AV90JU_ebJwNMO9qDc6a04.br.css
Requested by
Host: shy-math-0394.jken4529.workers.dev
URL: https://shy-math-0394.jken4529.workers.dev/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:c400:c::17cd:688c Ashburn, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://shy-math-0394.jken4529.workers.dev
Referer
https://shy-math-0394.jken4529.workers.dev/

Response headers

content-md5
09A8OwHRChNdihojZS9Lrw==
content-encoding
br
x-ms-version
2009-09-19
etag
0x8DD1B3FE646CAD7
x-ms-lease-status
unlocked
report-to
{"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]}
expires
Wed, 18 Dec 2024 17:32:34 GMT
alt-svc
h3=":443"; ma=93600
date
Mon, 16 Dec 2024 10:54:30 GMT
content-type
text/css
last-modified
Fri, 13 Dec 2024 06:32:21 GMT
cache-control
public, no-transform, max-age=196684
timing-allow-origin
*
nel
{"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
x-ms-request-id
5ee000a7-801e-001b-7885-4d7cdb000000
access-control-allow-origin
*
content-length
7352
akamai-grn
0.98dcda17.1734346470.51638947
x-ms-blob-type
BlockBlob
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
truncated
/
451 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9f1c83050e631181faba12531ec4ac630c18d50baf5f56b3c4bddcb515b9791e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://shy-math-0394.jken4529.workers.dev/

Response headers

Content-Type
image/png
truncated
/
184 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
749994ab30bbaefb0633e8aa9ebda4df1f816672f93a309b34f0551ca5fb32de

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://shy-math-0394.jken4529.workers.dev/

Response headers

Content-Type
image/png
l
shy-math-0394.jken4529.workers.dev/fd/ls/
64 KB
64 KB
Image
General
Full URL
https://shy-math-0394.jken4529.workers.dev/fd/ls/l?IG=88180D7439044A009A2960A1B6D5FEE2&Type=Event.CPT&DATA={%22pp%22:{%22S%22:%22L%22,%22FC%22:33,%22BC%22:33,%22SE%22:-1,%22TC%22:-1,%22H%22:104,%22BP%22:484,%22CT%22:484,%22IL%22:3},%22ad%22:[-1,-1,1600,1200,1600,2860,1],%22net%22:%22undefined%22}&P=SERP&DA=BNZE01
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::ac43:95e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://shy-math-0394.jken4529.workers.dev/

Response headers

x-eventid
676006e6fa5a44809fb96d2c9ff0417a
content-encoding
zstd
cf-cache-status
DYNAMIC
report-to
{"group":"csp-endpoint","max_age":86400,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingcsp"}]}, {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingserp&ndcParam=QWthbWFp"}]}, {"group":"crossorigin-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingserp"}]}
expires
Mon, 16 Dec 2024 10:53:30 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=50072&min_rtt=42203&rtt_var=2939&sent=339&recv=93&lost=0&retrans=0&sent_bytes=362589&recv_bytes=12822&delivery_rate=150606&cwnd=116400&unsent_bytes=0&cid=0c06ad581b51a44d&ts=6701&x=1", cfExtPri, cfHdrFlush;dur=0
p3p
CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
date
Mon, 16 Dec 2024 10:54:30 GMT
content-type
text/html; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
'require-corp; report-to=\"crossorigin-errors\"'
priority
u=3,i
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private, max-age=0
nel
{"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0,"include_subdomains":true}
x-cdn-traceid
0.9aca2c17.1734346470.1204ef8b
content-security-policy-report-only
script-src https: 'strict-dynamic' 'report-sample' 'wasm-unsafe-eval' 'nonce-5133seK/QH9D60/9QgH2NMrKloBHN2BaX6/9OjU9Wls='; base-uri 'self';report-to csp-endpoint
cf-ray
8f2e22bf9d9c4299-EWR
useragentreductionoptout
A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
cross-origin-opener-policy-report-only
'same-origin; report-to=\"crossorigin-errors\"'
server
cloudflare
favicon-trans-bg-blue-mg.ico
shy-math-0394.jken4529.workers.dev/sa/simg/
362 KB
111 KB
Other
General
Full URL
https://shy-math-0394.jken4529.workers.dev/sa/simg/favicon-trans-bg-blue-mg.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::ac43:95e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
53d7d21a9ca0cbce6790642a18229bec62c8ba29af5ec36dbc1f7f1d71324a6c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://shy-math-0394.jken4529.workers.dev/

Response headers

x-eventid
676006e689734f9aa70eb127b3ebe21c
content-encoding
zstd
cf-cache-status
DYNAMIC
report-to
{"group":"csp-endpoint","max_age":86400,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingcsp"}]}, {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingserp&ndcParam=QWthbWFp"}]}, {"group":"crossorigin-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingserp"}]}
expires
Mon, 16 Dec 2024 10:53:30 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=50072&min_rtt=42203&rtt_var=2939&sent=342&recv=93&lost=0&retrans=0&sent_bytes=365350&recv_bytes=12822&delivery_rate=150606&cwnd=116400&unsent_bytes=0&cid=0c06ad581b51a44d&ts=6704&x=1", cfExtPri, cfHdrFlush;dur=0
p3p
CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
date
Mon, 16 Dec 2024 10:54:30 GMT
content-type
text/html; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
'require-corp; report-to=\"crossorigin-errors\"'
priority
u=1,i
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private, max-age=0
nel
{"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0,"include_subdomains":true}
x-cdn-traceid
0.a6ca2c17.1734346470.a46bfc
content-security-policy-report-only
script-src https: 'strict-dynamic' 'report-sample' 'wasm-unsafe-eval' 'nonce-Dtf4ahzz8/7Wo67TMIAwFZHvwRQJ6A3zqZio8dqG2Eo='; base-uri 'self';report-to csp-endpoint
cf-ray
8f2e22bf9d9e4299-EWR
useragentreductionoptout
A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
cross-origin-opener-policy-report-only
'same-origin; report-to=\"crossorigin-errors\"'
server
cloudflare
lsp.aspx
shy-math-0394.jken4529.workers.dev/fd/ls/
364 KB
110 KB
Ping
General
Full URL
https://shy-math-0394.jken4529.workers.dev/fd/ls/lsp.aspx?
Requested by
Host: shy-math-0394.jken4529.workers.dev
URL: https://shy-math-0394.jken4529.workers.dev/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::ac43:95e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d809e4a45c0ce0254e4005764f31d334da0465a6d289a680881612a7964e491c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://shy-math-0394.jken4529.workers.dev/

Response headers

x-eventid
676006e61e774b45b02a2a199f8eef99
content-encoding
zstd
cf-cache-status
DYNAMIC
report-to
{"group":"csp-endpoint","max_age":86400,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingcsp"}]}, {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingserp&ndcParam=QWthbWFp"}]}, {"group":"crossorigin-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingserp"}]}
expires
Mon, 16 Dec 2024 10:53:30 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=50072&min_rtt=42203&rtt_var=2939&sent=336&recv=93&lost=0&retrans=0&sent_bytes=359834&recv_bytes=12822&delivery_rate=150606&cwnd=116400&unsent_bytes=0&cid=0c06ad581b51a44d&ts=6696&x=1", cfExtPri, cfHdrFlush;dur=0
p3p
CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
date
Mon, 16 Dec 2024 10:54:30 GMT
content-type
text/html; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
'require-corp; report-to=\"crossorigin-errors\"'
priority
u=4,i
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private, max-age=0
nel
{"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0,"include_subdomains":true}
x-cdn-traceid
0.87ca2c17.1734346470.b4341d
content-security-policy-report-only
script-src https: 'strict-dynamic' 'report-sample' 'wasm-unsafe-eval' 'nonce-rO5p4WgeadOP/p7WcbYFklAT9CMAB5Vve/NMGnMcGqU='; base-uri 'self';report-to csp-endpoint
cf-ray
8f2e22bf9d9f4299-EWR
useragentreductionoptout
A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
cross-origin-opener-policy-report-only
'same-origin; report-to=\"crossorigin-errors\"'
server
cloudflare
-EZ3_E7ynAvG4WDjTxZ9rUpEwcA.br.js
shy-math-0394.jken4529.workers.dev/rp/
364 KB
110 KB
Script
General
Full URL
https://shy-math-0394.jken4529.workers.dev/rp/-EZ3_E7ynAvG4WDjTxZ9rUpEwcA.br.js
Requested by
Host: shy-math-0394.jken4529.workers.dev
URL: https://shy-math-0394.jken4529.workers.dev/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::ac43:95e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fcbb832d744936c93da6eead4079b6a0bef6f8b4953934ea5c0e21fd56c759d1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://shy-math-0394.jken4529.workers.dev
Referer
https://shy-math-0394.jken4529.workers.dev/

Response headers

x-eventid
676006e61df94316944c80b40bed3506
content-encoding
zstd
cf-cache-status
DYNAMIC
report-to
{"group":"csp-endpoint","max_age":86400,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingcsp"}]}, {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingserp&ndcParam=QWthbWFp"}]}, {"group":"crossorigin-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingserp"}]}
expires
Mon, 16 Dec 2024 10:53:30 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=50072&min_rtt=42203&rtt_var=2939&sent=345&recv=93&lost=0&retrans=0&sent_bytes=368103&recv_bytes=12822&delivery_rate=150606&cwnd=116400&unsent_bytes=0&cid=0c06ad581b51a44d&ts=6720&x=1", cfExtPri, cfHdrFlush;dur=0
p3p
CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
date
Mon, 16 Dec 2024 10:54:30 GMT
content-type
text/html; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
'require-corp; report-to=\"crossorigin-errors\"'
priority
u=3,i=?0
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private, max-age=0
nel
{"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0,"include_subdomains":true}
x-cdn-traceid
0.abca2c17.1734346470.20b0daf
content-security-policy-report-only
script-src https: 'strict-dynamic' 'report-sample' 'wasm-unsafe-eval' 'nonce-EjoiZAfkCJN3bQLc+6N9ydx8QZFhzyzPpCaKU/AwCt8='; base-uri 'self';report-to csp-endpoint
cf-ray
8f2e22bfada24299-EWR
useragentreductionoptout
A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
cross-origin-opener-policy-report-only
'same-origin; report-to=\"crossorigin-errors\"'
server
cloudflare
lsp.aspx
shy-math-0394.jken4529.workers.dev/fd/ls/
368 KB
111 KB
XHR
General
Full URL
https://shy-math-0394.jken4529.workers.dev/fd/ls/lsp.aspx?
Requested by
Host: shy-math-0394.jken4529.workers.dev
URL: https://shy-math-0394.jken4529.workers.dev/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::ac43:95e6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c3f1cbacfa6ca814c37bfb756b7ee0caf3332a2aef3415d64742116001054f55
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/xml
Referer
https://shy-math-0394.jken4529.workers.dev/

Response headers

x-eventid
676006e665aa4db48da4de964c3c1e2b
content-encoding
zstd
cf-cache-status
DYNAMIC
report-to
{"group":"csp-endpoint","max_age":86400,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingcsp"}]}, {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingserp&ndcParam=QWthbWFp"}]}, {"group":"crossorigin-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingserp"}]}
expires
Mon, 16 Dec 2024 10:53:31 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=44509&min_rtt=41428&rtt_var=2470&sent=734&recv=138&lost=0&retrans=0&sent_bytes=821186&recv_bytes=15704&delivery_rate=3034948&cwnd=282300&unsent_bytes=0&cid=0c06ad581b51a44d&ts=7341&x=1", cfExtPri, cfHdrFlush;dur=0
p3p
CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
date
Mon, 16 Dec 2024 10:54:31 GMT
content-type
text/html; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
'require-corp; report-to=\"crossorigin-errors\"'
priority
u=1,i
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private, max-age=0
nel
{"report_to":"network-errors","max_age":604800,"success_fraction":0.01,"failure_fraction":1.0,"include_subdomains":true}
x-cdn-traceid
0.97ca2c17.1734346470.123bc6d3
content-security-policy-report-only
script-src https: 'strict-dynamic' 'report-sample' 'wasm-unsafe-eval' 'nonce-Lpp9j4PrGiA40a4qK07vQqNq/EXPFqEl3/ReD1nkrw8='; base-uri 'self';report-to csp-endpoint
cf-ray
8f2e22c2cfe84299-EWR
useragentreductionoptout
A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
cross-origin-opener-policy-report-only
'same-origin; report-to=\"crossorigin-errors\"'
server
cloudflare

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

92 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| si_ST function| si_T object| _G string| curUrl function| __assign function| logE function| CSPIF object| ignErr object| ignCSPErr number| maxErr function| ignoreCurrentError function| regexEsc function| ignoreCSPLog object| amd function| define function| require object| _w object| _d function| _ge function| _qs function| sb_st function| sb_rst function| sb_ct function| sb_gt function| sj_gx function| lb object| clc object| SerpMode number| wlc_d number| wlc_t object| perf object| RightRailMetricModule function| sj_log object| BM string| adrule object| sb_de object| CSPEL function| jsErrorHandler function| CSPEH function| sj_ce object| sj_cook function| sk_merge object| ChatMergeLogHelper string| bbe function| fb_is object| rms object| sj_evt function| sj_jb function| sj_wf function| sj_pd function| sj_sp function| sj_be function| sj_go function| sj_ev function| sj_ue function| sj_et object| Log function| sj_mo function| sj_so function| si_sbwu object| ClTrCo function| si_ct function| si_PP boolean| isFRPEvaluated boolean| isRightRailPaintEvaluated function| FallBackToDefaultProfilePic object| NetworkPerformance number| AwayTimeThreshold object| MicLoad object| SBI object| Identity object| DynScopesDropdownRE object| AM object| APD object| APC object| APC2 object| APN string| data_iid object| SmartEvent function| ge_cl function| sa_cl boolean| IDBbOv function| _0x48a5 function| _0xa662 object| sj_b object| EntityPreviewConfig object| img_p function| sa_preactloader function| sa_preactcompsloader function| sa_loader object| frpPreviousEntry number| ERC

2 Cookies

Domain/Path Name / Value
shy-math-0394.jken4529.workers.dev/ Name: MUIDB
Value: 139D57FA4B6769D80A4142AD4A336873
.shy-math-0394.jken4529.workers.dev/ Name: __cf_mw_byp
Value: JyIU8StbS6FmU9wDxJQdlEFK4wKtP5amcAin2tOYM9U-1734346463-0.0.1.1-/

1 Console Messages

Source Level URL
Text
network error URL: https://shy-math-0394.jken4529.workers.dev/
Message:
Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options SAMEORIGIN