shy-math-0394.jken4529.workers.dev
Open in
urlscan Pro
2606:4700:3037::ac43:95e6
Malicious Activity!
Public Scan
Effective URL: https://shy-math-0394.jken4529.workers.dev/
Submission: On December 16 via api from US — Scanned from CA
Summary
TLS certificate: Issued by WE1 on November 30th 2024. Valid for: 3 months.
This is the only time shy-math-0394.jken4529.workers.dev was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Cloudflare (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 12 | 2606:4700:303... 2606:4700:3037::ac43:95e6 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2600:1408:c40... 2600:1408:c400:c::17cd:688c | 20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.) | |
12 | 3 |
ASN13335 (CLOUDFLARENET, US)
shy-math-0394.jken4529.workers.dev |
ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
r.bing.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
workers.dev
1 redirects
shy-math-0394.jken4529.workers.dev |
762 KB |
1 |
bing.com
r.bing.com — Cisco Umbrella Rank: 467 |
8 KB |
12 | 2 |
Domain | Requested by | |
---|---|---|
12 | shy-math-0394.jken4529.workers.dev |
1 redirects
shy-math-0394.jken4529.workers.dev
|
1 | r.bing.com |
shy-math-0394.jken4529.workers.dev
|
12 | 2 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
jken4529.workers.dev WE1 |
2024-11-30 - 2025-02-28 |
3 months | crt.sh |
r.bing.com Microsoft Azure ECC TLS Issuing CA 04 |
2024-06-24 - 2025-06-19 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://shy-math-0394.jken4529.workers.dev/
Frame ID: FC300EAFB33E82A6429ED7FC99646228
Requests: 15 HTTP requests in this frame
Screenshot
Page Title
site;ManilaEnvelope.online - SearchPage URL History Show full URLs
-
http://shy-math-0394.jken4529.workers.dev/
HTTP 307
https://shy-math-0394.jken4529.workers.dev/ Page URL
-
https://shy-math-0394.jken4529.workers.dev/cdn-cgi/phish-bypass?atok=JyIU8StbS6FmU9wDxJQdlEFK4wKtP5amcAin2tOYM9U-173434...
HTTP 301
https://shy-math-0394.jken4529.workers.dev/ Page URL
Page Statistics
33 Outgoing links
These are links going to different origins than the main page.
Title: Amazonhttps://www.amazon.com/manila-envelopes/s?k=manila+envelopes
Search URL Search Domain Scan URL
Title: Mead Letter Size Mailing Envelopes, Press-It Seal-It Self Adhesive Closure, All-Purpose 24-l…
Search URL Search Domain Scan URL
Title: Mr. Pen- Clasp Envelopes,18 Pack, 9x12, Brown Kraft, Letter Size Envelopes, Brown Envelo…
Search URL Search Domain Scan URL
Title: Amazon Basics 9 x 12-Inch Clasp Kraft Envelopes, Gummed, 100-Pack
Search URL Search Domain Scan URL
Title: Paper Office Envelopes | In Stock – Ships Today
Search URL Search Domain Scan URL
Title: Granite Woods Printinghttps://gwprint.com/large-envelopes/manil…
Search URL Search Domain Scan URL
Title: Staples Canadahttps://www.staples.ca/collections/envelopes-8810
Search URL Search Domain Scan URL
Title: Amazonhttps://www.amazon.ca/manila-envelopes/s?k=manila+envelopes
Search URL Search Domain Scan URL
Title: Mead Letter Size Mailing Envelopes, Clasp Closure, All-Purpose 32-lb Paper, 9" X 12", Brow…
Search URL Search Domain Scan URL
Title: ACSTEP 100Pack Manila Envelopes 9x12 Big Brown Kraft Catalog Vanilla Envelopes Self S…
Search URL Search Domain Scan URL
Title: Hilroy 76146 Kraft Envelopes, 9x12-Inch, 100-Count
Search URL Search Domain Scan URL
Title: Envelopes.comhttps://www.envelopes.com/seo/manila-envelope
Search URL Search Domain Scan URL
Title: Blake Envelopeshttps://blake-envelopes.com/envelopes/manilla-envelopes
Search URL Search Domain Scan URL
Title: What is a manila envelope?Manila envelopes are tan-colored envelopes used for sending mail and transporting documents. They are commonly used in offices. The name 'manila envelope' comes from the fact that they are made from Manila hemp.How Many Stamps for a Manila Envelope (Report/Prices 2023) - Awajis.…awajis.com
Search URL Search Domain Scan URL
Title: Office Depot OfficeMaxhttps://www.officedepot.com/b/catalog-envelopes/Color--Manila/N-514…
Search URL Search Domain Scan URL
Title: Etsyhttps://www.etsy.com/market/manila_envelopes
Search URL Search Domain Scan URL
Title: thepostalsupplies.comhttps://www.thepostalsupplies.com/store/Manilla-Peal-and-Seal-Envel…
Search URL Search Domain Scan URL
Title: Great Customer Support | As Fast as Same-Day with Prime
Search URL Search Domain Scan URL
Title: Calendars & Planners
Search URL Search Domain Scan URL
Title: Paper
Search URL Search Domain Scan URL
Title: Ink & Toner
Search URL Search Domain Scan URL
Title: Custom Envelopes | Pre-Printed Return Address
Search URL Search Domain Scan URL
Title: Google Trusted Stores
Search URL Search Domain Scan URL
Title: Custom Envelope Designs
Search URL Search Domain Scan URL
Title: Business Envelopes
Search URL Search Domain Scan URL
Title: Coloured Envelopes
Search URL Search Domain Scan URL
Title: Get Graphic Design Help
Search URL Search Domain Scan URL
Title: Privacy and Cookies
Search URL Search Domain Scan URL
Title: Legal
Search URL Search Domain Scan URL
Title: Advertise
Search URL Search Domain Scan URL
Title: Help
Search URL Search Domain Scan URL
Title: Learn more about third party cookies
Search URL Search Domain Scan URL
Title: Microsoft Privacy Policy
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://shy-math-0394.jken4529.workers.dev/
HTTP 307
https://shy-math-0394.jken4529.workers.dev/ Page URL
-
https://shy-math-0394.jken4529.workers.dev/cdn-cgi/phish-bypass?atok=JyIU8StbS6FmU9wDxJQdlEFK4wKtP5amcAin2tOYM9U-1734346463-0.0.1.1-%2F
HTTP 301
https://shy-math-0394.jken4529.workers.dev/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://shy-math-0394.jken4529.workers.dev/ HTTP 307
- https://shy-math-0394.jken4529.workers.dev/
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
/
shy-math-0394.jken4529.workers.dev/ Redirect Chain
|
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
cf.errors.css
shy-math-0394.jken4529.workers.dev/cdn-cgi/styles/ |
23 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
icon-exclamation.png
shy-math-0394.jken4529.workers.dev/cdn-cgi/images/ |
452 B 635 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.ico
shy-math-0394.jken4529.workers.dev/ |
337 KB 105 KB |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Primary Request
/
shy-math-0394.jken4529.workers.dev/ Redirect Chain
|
380 KB 115 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
68 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
fG0ED-g2hQtFeYLODcS6OhxKtIg.png
shy-math-0394.jken4529.workers.dev/rp/ |
29 KB 29 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
q5aD1AV90JU_ebJwNMO9qDc6a04.br.css
r.bing.com/rp/ |
0 8 KB |
Other
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
451 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
184 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
l
shy-math-0394.jken4529.workers.dev/fd/ls/ |
64 KB 64 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon-trans-bg-blue-mg.ico
shy-math-0394.jken4529.workers.dev/sa/simg/ |
362 KB 111 KB |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
lsp.aspx
shy-math-0394.jken4529.workers.dev/fd/ls/ |
364 KB 110 KB |
Ping
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
-EZ3_E7ynAvG4WDjTxZ9rUpEwcA.br.js
shy-math-0394.jken4529.workers.dev/rp/ |
364 KB 110 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
lsp.aspx
shy-math-0394.jken4529.workers.dev/fd/ls/ |
368 KB 111 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Cloudflare (Online)92 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| si_ST function| si_T object| _G string| curUrl function| __assign function| logE function| CSPIF object| ignErr object| ignCSPErr number| maxErr function| ignoreCurrentError function| regexEsc function| ignoreCSPLog object| amd function| define function| require object| _w object| _d function| _ge function| _qs function| sb_st function| sb_rst function| sb_ct function| sb_gt function| sj_gx function| lb object| clc object| SerpMode number| wlc_d number| wlc_t object| perf object| RightRailMetricModule function| sj_log object| BM string| adrule object| sb_de object| CSPEL function| jsErrorHandler function| CSPEH function| sj_ce object| sj_cook function| sk_merge object| ChatMergeLogHelper string| bbe function| fb_is object| rms object| sj_evt function| sj_jb function| sj_wf function| sj_pd function| sj_sp function| sj_be function| sj_go function| sj_ev function| sj_ue function| sj_et object| Log function| sj_mo function| sj_so function| si_sbwu object| ClTrCo function| si_ct function| si_PP boolean| isFRPEvaluated boolean| isRightRailPaintEvaluated function| FallBackToDefaultProfilePic object| NetworkPerformance number| AwayTimeThreshold object| MicLoad object| SBI object| Identity object| DynScopesDropdownRE object| AM object| APD object| APC object| APC2 object| APN string| data_iid object| SmartEvent function| ge_cl function| sa_cl boolean| IDBbOv function| _0x48a5 function| _0xa662 object| sj_b object| EntityPreviewConfig object| img_p function| sa_preactloader function| sa_preactcompsloader function| sa_loader object| frpPreviousEntry number| ERC2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
shy-math-0394.jken4529.workers.dev/ | Name: MUIDB Value: 139D57FA4B6769D80A4142AD4A336873 |
|
.shy-math-0394.jken4529.workers.dev/ | Name: __cf_mw_byp Value: JyIU8StbS6FmU9wDxJQdlEFK4wKtP5amcAin2tOYM9U-1734346463-0.0.1.1-/ |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
r.bing.com
shy-math-0394.jken4529.workers.dev
2600:1408:c400:c::17cd:688c
2606:4700:3037::ac43:95e6
53d7d21a9ca0cbce6790642a18229bec62c8ba29af5ec36dbc1f7f1d71324a6c
643ac89572093a4c907c1af802b3d354453c64d545dc3f1be1ce689046064511
6552fb7291c2effb3362c110c03fc4c141130ae98ffdf393644db656d455b8c6
749994ab30bbaefb0633e8aa9ebda4df1f816672f93a309b34f0551ca5fb32de
78d3d6ec57fc4ebd7ae20c0c1ac0002adfa51d4b53b068dceafaa01456c1695a
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
87739a927b236f664a3b4c82f52bdd0b8281cd18df8f0000c0dde4f869d3d3cd
9f1c83050e631181faba12531ec4ac630c18d50baf5f56b3c4bddcb515b9791e
c3f1cbacfa6ca814c37bfb756b7ee0caf3332a2aef3415d64742116001054f55
d809e4a45c0ce0254e4005764f31d334da0465a6d289a680881612a7964e491c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
fcbb832d744936c93da6eead4079b6a0bef6f8b4953934ea5c0e21fd56c759d1