id-thunder-3a75.ugtreceson.workers.dev Open in urlscan Pro
2606:4700:3037::ac43:8292  Malicious Activity! Public Scan

12 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request 17acf79b-e12b-448a-b4e8-e2c5d0c32ae7 id-thunder-3a75.ugtreceson.workers.dev/	869 KB 280 KB	517ms 85ms	Document text/html	2606:4700:3037::ac43:8292 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://id-thunder-3a75.ugtreceson.workers.dev/17acf79b-e12b-448a-b4e8-e2c5d0c32ae7 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::ac43:8292 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 accept-language en-US,en;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-ray 8300081d4d936aed-BUF content-encoding br content-type text/html;charset=UTF-8 date Mon, 04 Dec 2023 00:46:19 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Uayf6gCG2B998XhxVJxhSi%2BhSLnVEk%2FX1d%2Bj70ThLcqAvYR3YHa0lTjItCbLLBA48MmZmamvh15o0lUE7qIV0qSaTW33XNtz3NjyqdoCL6DkbOdJ1CNt1ZWnFY95iusaSCLEy6AK%2FsCu1wVVlgMbJXcdyisGCzwx2fReHyuIz%2BE%2F80gQyA%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H2	200	jquery-3.4.1.min.js code.jquery.com/	86 KB 30 KB	274ms 83ms	Script application/javascript	2a04:4e42::649 FASTLY
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.4.1.min.js Requested by Host: id-thunder-3a75.ugtreceson.workers.dev URL: https://id-thunder-3a75.ugtreceson.workers.dev/17acf79b-e12b-448a-b4e8-e2c5d0c32ae7 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42::649 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash Request headers accept-language en-US,en;q=0.9 Referer https://id-thunder-3a75.ugtreceson.workers.dev/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers date Mon, 04 Dec 2023 00:46:20 GMT content-encoding gzip via 1.1 varnish, 1.1 varnish age 6848579 x-cache HIT, HIT content-length 30638 x-served-by cache-lga21965-LGA, cache-nyc-kteb1890022-NYC last-modified Fri, 18 Oct 1991 12:00:00 GMT server nginx x-timer S1701650780.010737,VS0,VE0 etag W/"28feccc0-15851" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=604800 accept-ranges bytes x-cache-hits 413, 77443
GET BLOB	200 OK	a2e2fee1-5bc3-4cc0-916e-4d7423dc14b5 Show response https://id-thunder-3a75.ugtreceson.workers.dev/	651 KB 0		Document text/html
General Check archive.org Show headers Download Go to Full URL blob:https://id-thunder-3a75.ugtreceson.workers.dev/a2e2fee1-5bc3-4cc0-916e-4d7423dc14b5 Requested by Host: id-thunder-3a75.ugtreceson.workers.dev URL: https://id-thunder-3a75.ugtreceson.workers.dev/17acf79b-e12b-448a-b4e8-e2c5d0c32ae7 Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 1e7f3c05149c71105fb0f29c114b9ab0daaf6db4639aea823b4da4ae76f0b36b Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 accept-language en-US,en;q=0.9 Response headers Content-Length 666285 Content-Type text/html
GET H2	200	fonts-remote.min.css riionlnatthl.web.app/	3 KB 370 B	529ms 267ms	Stylesheet text/css	2620:0:890::100 FASTLY
General Check archive.org Show headers Download Go to Full URL https://riionlnatthl.web.app/fonts-remote.min.css Requested by Host: id-thunder-3a75.ugtreceson.workers.dev URL: https://id-thunder-3a75.ugtreceson.workers.dev/17acf79b-e12b-448a-b4e8-e2c5d0c32ae7 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2620:0:890::100 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 032d8b49c68572a6136937e3f8f4fb10d94eefaf95418e557f44f1f04b715ba8 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers x-served-by cache-ewr18128-EWR strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding br date Mon, 04 Dec 2023 00:46:21 GMT last-modified Thu, 24 Aug 2023 14:01:16 GMT x-timer S1701650781.028197,VS0,VE169 etag "efa51a131b9d531cb7ed7d23de65e6b166359fa0cc4bbe27c3538f0494be927f-br" vary x-fh-requested-host, accept-encoding x-cache MISS content-type text/css; charset=utf-8 cache-control max-age=3600 accept-ranges bytes alt-svc h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 content-length 236 x-cache-hits 0
GET H2	200	styles-light.min.css riionlnatthl.web.app/	45 KB 10 KB	538ms 275ms	Stylesheet text/css	2620:0:890::100 FASTLY
General Check archive.org Show headers Download Go to Full URL https://riionlnatthl.web.app/styles-light.min.css Requested by Host: id-thunder-3a75.ugtreceson.workers.dev URL: https://id-thunder-3a75.ugtreceson.workers.dev/17acf79b-e12b-448a-b4e8-e2c5d0c32ae7 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2620:0:890::100 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash f087c79b54ced888350a539e10ce79e6376fe68e1f24786073475712410677b7 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers x-served-by cache-ewr18128-EWR strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding br date Mon, 04 Dec 2023 00:46:21 GMT last-modified Thu, 24 Aug 2023 14:01:16 GMT x-timer S1701650781.028386,VS0,VE180 etag "6a4b8d0ca4a5d8c71c34fed0ec9bc705ef9e5e6efa624729546799b24ff15ad3-br" vary x-fh-requested-host, accept-encoding x-cache MISS content-type text/css; charset=utf-8 cache-control max-age=3600 accept-ranges bytes alt-svc h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 content-length 9727 x-cache-hits 0
GET H2	200	jquery-3.4.1.min.js Show response code.jquery.com/	86 KB 30 KB	95ms 94ms	Script application/javascript	2a04:4e42::649 FASTLY
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.4.1.min.js Requested by Host: id-thunder-3a75.ugtreceson.workers.dev URL: https://id-thunder-3a75.ugtreceson.workers.dev/17acf79b-e12b-448a-b4e8-e2c5d0c32ae7 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42::649 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a Request headers Referer accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers date Mon, 04 Dec 2023 00:46:20 GMT content-encoding gzip via 1.1 varnish, 1.1 varnish age 6848580 x-cache HIT, HIT content-length 30638 x-served-by cache-lga21965-LGA, cache-nyc-kteb1890022-NYC last-modified Fri, 18 Oct 1991 12:00:00 GMT server nginx x-timer S1701650781.827124,VS0,VE0 etag W/"28feccc0-15851" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=604800 accept-ranges bytes x-cache-hits 413, 77444
GET H2	200	data-layer.jpg riionlnatthl.web.app/	269 B 518 B	423ms 238ms	Image image/jpeg	2620:0:890::100 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://riionlnatthl.web.app/data-layer.jpg Requested by Host: id-thunder-3a75.ugtreceson.workers.dev URL: https://id-thunder-3a75.ugtreceson.workers.dev/17acf79b-e12b-448a-b4e8-e2c5d0c32ae7 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2620:0:890::100 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 4f6c8fe3d9d39c232c48874cb05e4b88fc313b703b4671333badf8c96ff9b130 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers x-served-by cache-ewr18128-EWR strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding gzip date Mon, 04 Dec 2023 00:46:21 GMT last-modified Thu, 24 Aug 2023 14:01:16 GMT x-timer S1701650781.028175,VS0,VE142 etag "78a93c794121e8844e29632dba9e4f583d6883d9d9af8f2be230acc5a2be2960" vary x-fh-requested-host, accept-encoding x-cache MISS content-type image/jpeg cache-control max-age=3600 accept-ranges bytes alt-svc h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 content-length 164 x-cache-hits 0
GET H2	200	0214c1dbd6e5109ad60a848425a8c655.png riionlnatthl.web.app/	75 KB 74 KB	559ms 386ms	Image image/png	2620:0:890::100 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://riionlnatthl.web.app/0214c1dbd6e5109ad60a848425a8c655.png Requested by Host: id-thunder-3a75.ugtreceson.workers.dev URL: blob:https://id-thunder-3a75.ugtreceson.workers.dev/a2e2fee1-5bc3-4cc0-916e-4d7423dc14b5 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2620:0:890::100 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash 8f76b4202a5a66eaba4bd9a372bb302287dab1f7b897a141a9f0bb9a10b1018d Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers x-served-by cache-ewr18128-EWR strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding gzip date Mon, 04 Dec 2023 00:46:21 GMT last-modified Thu, 24 Aug 2023 14:01:16 GMT x-timer S1701650781.027958,VS0,VE291 etag "711e580a1ca47f8b311d44cbe0c930398c157bfdf4c9a16233c26d54a7aee848" vary x-fh-requested-host, accept-encoding x-cache MISS content-type image/png cache-control max-age=3600 accept-ranges bytes alt-svc h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 content-length 75650 x-cache-hits 0
GET H2	200	a6eabf890bd17fbbea28fb13064329ba.jpg sdx.xfinity.com/cms/data/cima/bin-202006/	132 KB 133 KB	394ms 78ms	Image image/jpeg	2600:141b:1c00:2296::1b62 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://sdx.xfinity.com/cms/data/cima/bin-202006/a6eabf890bd17fbbea28fb13064329ba.jpg Requested by Host: id-thunder-3a75.ugtreceson.workers.dev URL: blob:https://id-thunder-3a75.ugtreceson.workers.dev/a2e2fee1-5bc3-4cc0-916e-4d7423dc14b5 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:141b:1c00:2296::1b62 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AmazonS3 / Resource Hash dbdc913afccda63f7888675987f5bd3f341e71ca311f4999e1e557d1ad7d2cda Security Headers Name Value Strict-Transport-Security max-age=86400 Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers x-amz-version-id null date Mon, 04 Dec 2023 00:46:21 GMT strict-transport-security max-age=86400 x-amz-cf-pop EWR52-C1 content-length 135396 last-modified Thu, 11 Jun 2020 13:28:42 GMT server AmazonS3 etag "441b7b6801b67205a3cfcf5549ad7d9d" access-control-max-age 3000 access-control-allow-methods GET content-type image/jpeg access-control-allow-origin * cache-control max-age=600 x-amz-meta-noderef Jjohn accept-ranges bytes x-amz-cf-id Mt3eqawhk8XwQrVlFFVfm-IiEYQNrCyy9_wU7CuQuhGIyrJGvW8xKA==
GET DATA	200 OK	truncated /	933 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 4bd9c8ed57b1dd8fddcc2910170e9b81b40f7b628e272924e88a98f45ebb9aea Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	3 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 58fd862aaa51daaa186ee3fecfd805c0f8eea09146e9c7deb44a3f30a1ad01b5 Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers Content-Type image/svg+xml
GET H2	200	XfinityStandard-Regular.woff2 static.cimcontent.net/fonts/latest/Xfinity_Standard/	26 KB 26 KB	511ms 227ms	Font font/woff2	2600:141b:1c00:22a3::30d4 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://static.cimcontent.net/fonts/latest/Xfinity_Standard/XfinityStandard-Regular.woff2 Requested by Host: riionlnatthl.web.app URL: https://riionlnatthl.web.app/fonts-remote.min.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:141b:1c00:22a3::30d4 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AmazonS3 / Resource Hash 138c0ead0fbcd09dd455df9870920e8725b367fbf02ac0cef0c62874000ab176 Request headers Referer https://riionlnatthl.web.app/ Origin https://id-thunder-3a75.ugtreceson.workers.dev accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers x-amz-version-id kLBQWhXkUwwuS0hOSKJ2GQ_XrNE.oQFF date Mon, 04 Dec 2023 00:46:21 GMT last-modified Fri, 24 Jan 2020 21:23:01 GMT server AmazonS3 x-amz-cf-pop EWR53-C2 etag "e3e79cd377b28c1e7ffea64b194136cf" content-type font/woff2 access-control-allow-origin * cache-control max-age=952549 accept-ranges bytes content-length 26768 x-amz-cf-id 2rwJyStmhXGU5ZBnVCuP4XcdZXXDbjm1lNdsp5WV2nX1dz2Ox-xIZw==
GET H2	200	XfinityStandard-Bold.woff2 static.cimcontent.net/fonts/latest/Xfinity_Standard/	26 KB 27 KB	524ms 256ms	Font font/woff2	2600:141b:1c00:22a3::30d4 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://static.cimcontent.net/fonts/latest/Xfinity_Standard/XfinityStandard-Bold.woff2 Requested by Host: riionlnatthl.web.app URL: https://riionlnatthl.web.app/fonts-remote.min.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:141b:1c00:22a3::30d4 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AmazonS3 / Resource Hash 020e9e48d93ba9d27e827e8246dd9f855c388ff4697ba14d647fcc4d9b1ccdef Request headers Referer https://riionlnatthl.web.app/ Origin https://id-thunder-3a75.ugtreceson.workers.dev accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers x-amz-version-id LDG6wJQl1INH_wTGu7a9uUI1eheA5q.9 date Mon, 04 Dec 2023 00:46:21 GMT last-modified Fri, 24 Jan 2020 21:23:01 GMT server AmazonS3 x-amz-cf-pop EWR53-C2 etag "4cf223c306de5325b4939d9d4ea2c5a5" content-type font/woff2 access-control-allow-origin * cache-control max-age=1025168 accept-ranges bytes content-length 26896 x-amz-cf-id vLDsdx1mCZzOYgqBnCqs2WUK7keMBDdvyxQ6hRXkuhVQ4PycvjDRqA==
GET H2	200	XfinityStandard-Medium.woff2 static.cimcontent.net/fonts/latest/Xfinity_Standard/	27 KB 27 KB	345ms 77ms	Font font/woff2	2600:141b:1c00:22a3::30d4 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://static.cimcontent.net/fonts/latest/Xfinity_Standard/XfinityStandard-Medium.woff2 Requested by Host: riionlnatthl.web.app URL: https://riionlnatthl.web.app/fonts-remote.min.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:141b:1c00:22a3::30d4 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AmazonS3 / Resource Hash 2a031939885bb7efba89d423c9ee7c0fe2bab465f18db63f40a9ae2bd7bc0228 Request headers Referer https://riionlnatthl.web.app/ Origin https://id-thunder-3a75.ugtreceson.workers.dev accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers x-amz-version-id 6t4RA2DS89tdf_2IK5vrc9JAOKCy9A40 date Mon, 04 Dec 2023 00:46:21 GMT last-modified Fri, 24 Jan 2020 21:23:01 GMT server AmazonS3 x-amz-cf-pop EWR53-C2 etag "13709eac065721ba8cd0e2d1b6fa8026" content-type font/woff2 access-control-allow-origin * cache-control max-age=1024286 accept-ranges bytes content-length 27152 x-amz-cf-id 2PzAIG7cN80kXDmdPIFRbaIyTHeeKQa2wb2ZdxTGZWKfZGiMNsllAA==
GET H2	200	XfinityStandard-Light.woff2 static.cimcontent.net/fonts/latest/Xfinity_Standard/	27 KB 27 KB	435ms 168ms	Font font/woff2	2600:141b:1c00:22a3::30d4 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://static.cimcontent.net/fonts/latest/Xfinity_Standard/XfinityStandard-Light.woff2 Requested by Host: riionlnatthl.web.app URL: https://riionlnatthl.web.app/fonts-remote.min.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:141b:1c00:22a3::30d4 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software AmazonS3 / Resource Hash fc6cd95261064c28600405c9c8dd51813abf8367e85b6e00f0f3031a8338988a Request headers Referer https://riionlnatthl.web.app/ Origin https://id-thunder-3a75.ugtreceson.workers.dev accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36 Response headers x-amz-version-id wnCwOacXycelzt78IMkr55wWB9WkMd2W date Mon, 04 Dec 2023 00:46:21 GMT last-modified Fri, 24 Jan 2020 21:23:01 GMT server AmazonS3 x-amz-cf-pop EWR53-C2 etag "f05d3ebe80809d82ab14d62a79da544e" content-type font/woff2 access-control-allow-origin * cache-control max-age=1010692 accept-ranges bytes content-length 27420 x-amz-cf-id lrXc_cEIyZM4mTkrYc4efgdcWcsyA9Oai9bWypx5LtBBwt8bCExLOA==

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Xfinity (Consumer)

113 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| _0x84a8 function| _0x157afb function| _0x4188 function| _0x3e18be function| _0x1051 function| _0x780d string| s string| m object| runtimeData string| version_ function| _0x45da08 function| _0x3a3c function| _0x20d4 function| _0x4c0de1 function| _0x3fb7be function| _0x1cf1 function| _0x278f function| _0x51f1 function| _0x4377 function| _0x195053 function| _0x3c3d function| _0x2a0b function| _0x447e function| _0x3bc8 function| _0x21a424 function| _0xe856 function| _0x3654 function| _0x455896 function| _0x51d1 function| _0x17f5 function| _0x2671f4 function| _0x2a68 function| _0x3888 function| _0x1a1a function| _0x24ee function| $ function| jQuery function| iiii6y4cA56Nc1o2nfu6se6iiii function| lLLI6Y4Ca56Nc1o2nfu6se6iiii function| llli6y4ca56nc1o2nfu6se6iiii function| iiii6y4ca56nc1o2nfu6se6iiii function| llii6y4ca56nc1o2nfu6se6iiii object| rusVa0 function| fzm5jK object| rRwCOJ number| sYPiXX object| dr3eTV string| d8o51I string| lYs4mtW string| TZj8mj string| UiMmgz string| DUpYn2S string| YTdcK6 string| I04bRUR string| TkrJEwS string| L792EmH string| Vm3GItq string| pkf8TS string| XPnCfz string| ZhC9xE string| WWtX2xx string| aZB7qY7 string| YIswNJ string| bVtyh5a string| Uux86S string| i4HpGmC string| mmQPdrf string| OMLKiYM string| Cxl4tJF string| TvbctS string| A1QIjY string| f9w_h2 string| zq2FRD string| nc5bCF string| JE0SDO string| zZqnWbg string| EkfXJ4U string| Lh95Bqo string| IHwvwmr string| ueOohn string| ED8f7hY string| dRbPke string| rL_UasH string| FYULbZY string| QgQ2fyz string| r8FuPkc string| juv7zX string| tU0KkKr string| YdxioI string| rEJj2in string| Lv0Q_4 string| mIrxB1 string| kL4ADXA string| E5ntAGx string| kX7_5X string| Ti6zt2F string| j7qTWL string| FDI0jgG string| ZDrCBK object| QZVNWx7 object| DrkQyQA object| zHJCXu object| M4REj32 function| fnaB1C1 function| TqDX3p function| V0lULR function| bOrk4v function| wHYFRa function| _CnUiQS function| i4YAQH function| EoFHu4V function| lllll6y4ca56nc1o2nfu6se6llll

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	(Line 22) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-3.4.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	(Line 22) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-3.4.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
id-thunder-3a75.ugtreceson.workers.dev
riionlnatthl.web.app
sdx.xfinity.com
static.cimcontent.net

2600:141b:1c00:2296::1b62
2600:141b:1c00:22a3::30d4
2606:4700:3037::ac43:8292
2620:0:890::100
2a04:4e42::649
020e9e48d93ba9d27e827e8246dd9f855c388ff4697ba14d647fcc4d9b1ccdef
032d8b49c68572a6136937e3f8f4fb10d94eefaf95418e557f44f1f04b715ba8
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
138c0ead0fbcd09dd455df9870920e8725b367fbf02ac0cef0c62874000ab176
1e7f3c05149c71105fb0f29c114b9ab0daaf6db4639aea823b4da4ae76f0b36b
2a031939885bb7efba89d423c9ee7c0fe2bab465f18db63f40a9ae2bd7bc0228
4bd9c8ed57b1dd8fddcc2910170e9b81b40f7b628e272924e88a98f45ebb9aea
4f6c8fe3d9d39c232c48874cb05e4b88fc313b703b4671333badf8c96ff9b130
58fd862aaa51daaa186ee3fecfd805c0f8eea09146e9c7deb44a3f30a1ad01b5
8f76b4202a5a66eaba4bd9a372bb302287dab1f7b897a141a9f0bb9a10b1018d
dbdc913afccda63f7888675987f5bd3f341e71ca311f4999e1e557d1ad7d2cda
f087c79b54ced888350a539e10ce79e6376fe68e1f24786073475712410677b7
fc6cd95261064c28600405c9c8dd51813abf8367e85b6e00f0f3031a8338988a