id-thunder-3a75.ugtreceson.workers.dev Open in urlscan Pro
2606:4700:3037::ac43:8292  Malicious Activity! Public Scan

URL: https://id-thunder-3a75.ugtreceson.workers.dev/17acf79b-e12b-448a-b4e8-e2c5d0c32ae7
Submission: On December 04 via api from US — Scanned from US

Summary

This website contacted 7 IPs in 1 countries across 5 domains to perform 13 HTTP transactions. The main IP is 2606:4700:3037::ac43:8292, located in United States and belongs to CLOUDFLARENET, US. The main domain is id-thunder-3a75.ugtreceson.workers.dev.
TLS certificate: Issued by GTS CA 1P5 on October 22nd 2023. Valid for: 3 months.
This is the only time id-thunder-3a75.ugtreceson.workers.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Xfinity (Consumer)

Domain & IP information

IP Address AS Autonomous System
1 2606:4700:303... 13335 (CLOUDFLAR...)
2 2a04:4e42::649 54113 (FASTLY)
1 ()
4 2620:0:890::100 54113 (FASTLY)
1 2600:141b:1c0... 20940 (AKAMAI-ASN1)
4 2600:141b:1c0... 20940 (AKAMAI-ASN1)
13 7
Apex Domain
Subdomains
Transfer
4 cimcontent.net
static.cimcontent.net — Cisco Umbrella Rank: 27018
107 KB
4 web.app
riionlnatthl.web.app
85 KB
2 jquery.com
code.jquery.com — Cisco Umbrella Rank: 735
60 KB
2 workers.dev
id-thunder-3a75.ugtreceson.workers.dev
280 KB
1 xfinity.com
sdx.xfinity.com — Cisco Umbrella Rank: 62105
133 KB
13 5
Domain Requested by
4 static.cimcontent.net riionlnatthl.web.app
4 riionlnatthl.web.app id-thunder-3a75.ugtreceson.workers.dev
2 code.jquery.com id-thunder-3a75.ugtreceson.workers.dev
2 id-thunder-3a75.ugtreceson.workers.dev id-thunder-3a75.ugtreceson.workers.dev
1 sdx.xfinity.com id-thunder-3a75.ugtreceson.workers.dev
13 5
Subject Issuer Validity Valid
ugtreceson.workers.dev
GTS CA 1P5
2023-10-22 -
2024-01-20
3 months crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA
2023-07-11 -
2024-07-14
a year crt.sh
web.app
GTS CA 1D4
2023-11-13 -
2024-02-11
3 months crt.sh
www.xfinity.comcast.net
COMODO RSA Organization Validation Secure Server CA
2023-08-30 -
2024-08-29
a year crt.sh
static.cimcontent.net
COMODO RSA Organization Validation Secure Server CA
2023-03-30 -
2024-03-29
a year crt.sh

This page contains 1 frames:

Primary Page: https://id-thunder-3a75.ugtreceson.workers.dev/17acf79b-e12b-448a-b4e8-e2c5d0c32ae7
Frame ID: EEF1E94E4D9C828A8D72987EE91B8CAF
Requests: 15 HTTP requests in this frame

Screenshot

Page Title

Sign in to Xfinity

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

13
Requests

100 %
HTTPS

83 %
IPv6

5
Domains

5
Subdomains

7
IPs

1
Countries

664 kB
Transfer

2056 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request 17acf79b-e12b-448a-b4e8-e2c5d0c32ae7
id-thunder-3a75.ugtreceson.workers.dev/
869 KB
280 KB
Document
General
Full URL
https://id-thunder-3a75.ugtreceson.workers.dev/17acf79b-e12b-448a-b4e8-e2c5d0c32ae7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:8292 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-ray
8300081d4d936aed-BUF
content-encoding
br
content-type
text/html;charset=UTF-8
date
Mon, 04 Dec 2023 00:46:19 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Uayf6gCG2B998XhxVJxhSi%2BhSLnVEk%2FX1d%2Bj70ThLcqAvYR3YHa0lTjItCbLLBA48MmZmamvh15o0lUE7qIV0qSaTW33XNtz3NjyqdoCL6DkbOdJ1CNt1ZWnFY95iusaSCLEy6AK%2FsCu1wVVlgMbJXcdyisGCzwx2fReHyuIz%2BE%2F80gQyA%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
jquery-3.4.1.min.js
code.jquery.com/
86 KB
30 KB
Script
General
Full URL
https://code.jquery.com/jquery-3.4.1.min.js
Requested by
Host: id-thunder-3a75.ugtreceson.workers.dev
URL: https://id-thunder-3a75.ugtreceson.workers.dev/17acf79b-e12b-448a-b4e8-e2c5d0c32ae7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
https://id-thunder-3a75.ugtreceson.workers.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Mon, 04 Dec 2023 00:46:20 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
6848579
x-cache
HIT, HIT
content-length
30638
x-served-by
cache-lga21965-LGA, cache-nyc-kteb1890022-NYC
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1701650780.010737,VS0,VE0
etag
W/"28feccc0-15851"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
413, 77443
a2e2fee1-5bc3-4cc0-916e-4d7423dc14b5
https://id-thunder-3a75.ugtreceson.workers.dev/
651 KB
0
Document
General
Full URL
blob:https://id-thunder-3a75.ugtreceson.workers.dev/a2e2fee1-5bc3-4cc0-916e-4d7423dc14b5
Requested by
Host: id-thunder-3a75.ugtreceson.workers.dev
URL: https://id-thunder-3a75.ugtreceson.workers.dev/17acf79b-e12b-448a-b4e8-e2c5d0c32ae7
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1e7f3c05149c71105fb0f29c114b9ab0daaf6db4639aea823b4da4ae76f0b36b

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Content-Length
666285
Content-Type
text/html
fonts-remote.min.css
riionlnatthl.web.app/
3 KB
370 B
Stylesheet
General
Full URL
https://riionlnatthl.web.app/fonts-remote.min.css
Requested by
Host: id-thunder-3a75.ugtreceson.workers.dev
URL: https://id-thunder-3a75.ugtreceson.workers.dev/17acf79b-e12b-448a-b4e8-e2c5d0c32ae7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:0:890::100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
032d8b49c68572a6136937e3f8f4fb10d94eefaf95418e557f44f1f04b715ba8
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-served-by
cache-ewr18128-EWR
strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
date
Mon, 04 Dec 2023 00:46:21 GMT
last-modified
Thu, 24 Aug 2023 14:01:16 GMT
x-timer
S1701650781.028197,VS0,VE169
etag
"efa51a131b9d531cb7ed7d23de65e6b166359fa0cc4bbe27c3538f0494be927f-br"
vary
x-fh-requested-host, accept-encoding
x-cache
MISS
content-type
text/css; charset=utf-8
cache-control
max-age=3600
accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
236
x-cache-hits
0
styles-light.min.css
riionlnatthl.web.app/
45 KB
10 KB
Stylesheet
General
Full URL
https://riionlnatthl.web.app/styles-light.min.css
Requested by
Host: id-thunder-3a75.ugtreceson.workers.dev
URL: https://id-thunder-3a75.ugtreceson.workers.dev/17acf79b-e12b-448a-b4e8-e2c5d0c32ae7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:0:890::100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
f087c79b54ced888350a539e10ce79e6376fe68e1f24786073475712410677b7
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-served-by
cache-ewr18128-EWR
strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
date
Mon, 04 Dec 2023 00:46:21 GMT
last-modified
Thu, 24 Aug 2023 14:01:16 GMT
x-timer
S1701650781.028386,VS0,VE180
etag
"6a4b8d0ca4a5d8c71c34fed0ec9bc705ef9e5e6efa624729546799b24ff15ad3-br"
vary
x-fh-requested-host, accept-encoding
x-cache
MISS
content-type
text/css; charset=utf-8
cache-control
max-age=3600
accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
9727
x-cache-hits
0
jquery-3.4.1.min.js
code.jquery.com/
86 KB
30 KB
Script
General
Full URL
https://code.jquery.com/jquery-3.4.1.min.js
Requested by
Host: id-thunder-3a75.ugtreceson.workers.dev
URL: https://id-thunder-3a75.ugtreceson.workers.dev/17acf79b-e12b-448a-b4e8-e2c5d0c32ae7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Mon, 04 Dec 2023 00:46:20 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
6848580
x-cache
HIT, HIT
content-length
30638
x-served-by
cache-lga21965-LGA, cache-nyc-kteb1890022-NYC
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1701650781.827124,VS0,VE0
etag
W/"28feccc0-15851"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
413, 77444
data-layer.jpg
riionlnatthl.web.app/
269 B
518 B
Image
General
Full URL
https://riionlnatthl.web.app/data-layer.jpg
Requested by
Host: id-thunder-3a75.ugtreceson.workers.dev
URL: https://id-thunder-3a75.ugtreceson.workers.dev/17acf79b-e12b-448a-b4e8-e2c5d0c32ae7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:0:890::100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
4f6c8fe3d9d39c232c48874cb05e4b88fc313b703b4671333badf8c96ff9b130
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-served-by
cache-ewr18128-EWR
strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
gzip
date
Mon, 04 Dec 2023 00:46:21 GMT
last-modified
Thu, 24 Aug 2023 14:01:16 GMT
x-timer
S1701650781.028175,VS0,VE142
etag
"78a93c794121e8844e29632dba9e4f583d6883d9d9af8f2be230acc5a2be2960"
vary
x-fh-requested-host, accept-encoding
x-cache
MISS
content-type
image/jpeg
cache-control
max-age=3600
accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
164
x-cache-hits
0
0214c1dbd6e5109ad60a848425a8c655.png
riionlnatthl.web.app/
75 KB
74 KB
Image
General
Full URL
https://riionlnatthl.web.app/0214c1dbd6e5109ad60a848425a8c655.png
Requested by
Host: id-thunder-3a75.ugtreceson.workers.dev
URL: blob:https://id-thunder-3a75.ugtreceson.workers.dev/a2e2fee1-5bc3-4cc0-916e-4d7423dc14b5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:0:890::100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
8f76b4202a5a66eaba4bd9a372bb302287dab1f7b897a141a9f0bb9a10b1018d
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-served-by
cache-ewr18128-EWR
strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
gzip
date
Mon, 04 Dec 2023 00:46:21 GMT
last-modified
Thu, 24 Aug 2023 14:01:16 GMT
x-timer
S1701650781.027958,VS0,VE291
etag
"711e580a1ca47f8b311d44cbe0c930398c157bfdf4c9a16233c26d54a7aee848"
vary
x-fh-requested-host, accept-encoding
x-cache
MISS
content-type
image/png
cache-control
max-age=3600
accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
75650
x-cache-hits
0
a6eabf890bd17fbbea28fb13064329ba.jpg
sdx.xfinity.com/cms/data/cima/bin-202006/
132 KB
133 KB
Image
General
Full URL
https://sdx.xfinity.com/cms/data/cima/bin-202006/a6eabf890bd17fbbea28fb13064329ba.jpg
Requested by
Host: id-thunder-3a75.ugtreceson.workers.dev
URL: blob:https://id-thunder-3a75.ugtreceson.workers.dev/a2e2fee1-5bc3-4cc0-916e-4d7423dc14b5
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:2296::1b62 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AmazonS3 /
Resource Hash
dbdc913afccda63f7888675987f5bd3f341e71ca311f4999e1e557d1ad7d2cda
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-amz-version-id
null
date
Mon, 04 Dec 2023 00:46:21 GMT
strict-transport-security
max-age=86400
x-amz-cf-pop
EWR52-C1
content-length
135396
last-modified
Thu, 11 Jun 2020 13:28:42 GMT
server
AmazonS3
etag
"441b7b6801b67205a3cfcf5549ad7d9d"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=600
x-amz-meta-noderef
Jjohn
accept-ranges
bytes
x-amz-cf-id
Mt3eqawhk8XwQrVlFFVfm-IiEYQNrCyy9_wU7CuQuhGIyrJGvW8xKA==
truncated
/
933 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4bd9c8ed57b1dd8fddcc2910170e9b81b40f7b628e272924e88a98f45ebb9aea

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
3 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
58fd862aaa51daaa186ee3fecfd805c0f8eea09146e9c7deb44a3f30a1ad01b5

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type
image/svg+xml
XfinityStandard-Regular.woff2
static.cimcontent.net/fonts/latest/Xfinity_Standard/
26 KB
26 KB
Font
General
Full URL
https://static.cimcontent.net/fonts/latest/Xfinity_Standard/XfinityStandard-Regular.woff2
Requested by
Host: riionlnatthl.web.app
URL: https://riionlnatthl.web.app/fonts-remote.min.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:22a3::30d4 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AmazonS3 /
Resource Hash
138c0ead0fbcd09dd455df9870920e8725b367fbf02ac0cef0c62874000ab176

Request headers

Referer
https://riionlnatthl.web.app/
Origin
https://id-thunder-3a75.ugtreceson.workers.dev
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-amz-version-id
kLBQWhXkUwwuS0hOSKJ2GQ_XrNE.oQFF
date
Mon, 04 Dec 2023 00:46:21 GMT
last-modified
Fri, 24 Jan 2020 21:23:01 GMT
server
AmazonS3
x-amz-cf-pop
EWR53-C2
etag
"e3e79cd377b28c1e7ffea64b194136cf"
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=952549
accept-ranges
bytes
content-length
26768
x-amz-cf-id
2rwJyStmhXGU5ZBnVCuP4XcdZXXDbjm1lNdsp5WV2nX1dz2Ox-xIZw==
XfinityStandard-Bold.woff2
static.cimcontent.net/fonts/latest/Xfinity_Standard/
26 KB
27 KB
Font
General
Full URL
https://static.cimcontent.net/fonts/latest/Xfinity_Standard/XfinityStandard-Bold.woff2
Requested by
Host: riionlnatthl.web.app
URL: https://riionlnatthl.web.app/fonts-remote.min.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:22a3::30d4 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AmazonS3 /
Resource Hash
020e9e48d93ba9d27e827e8246dd9f855c388ff4697ba14d647fcc4d9b1ccdef

Request headers

Referer
https://riionlnatthl.web.app/
Origin
https://id-thunder-3a75.ugtreceson.workers.dev
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-amz-version-id
LDG6wJQl1INH_wTGu7a9uUI1eheA5q.9
date
Mon, 04 Dec 2023 00:46:21 GMT
last-modified
Fri, 24 Jan 2020 21:23:01 GMT
server
AmazonS3
x-amz-cf-pop
EWR53-C2
etag
"4cf223c306de5325b4939d9d4ea2c5a5"
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=1025168
accept-ranges
bytes
content-length
26896
x-amz-cf-id
vLDsdx1mCZzOYgqBnCqs2WUK7keMBDdvyxQ6hRXkuhVQ4PycvjDRqA==
XfinityStandard-Medium.woff2
static.cimcontent.net/fonts/latest/Xfinity_Standard/
27 KB
27 KB
Font
General
Full URL
https://static.cimcontent.net/fonts/latest/Xfinity_Standard/XfinityStandard-Medium.woff2
Requested by
Host: riionlnatthl.web.app
URL: https://riionlnatthl.web.app/fonts-remote.min.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:22a3::30d4 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2a031939885bb7efba89d423c9ee7c0fe2bab465f18db63f40a9ae2bd7bc0228

Request headers

Referer
https://riionlnatthl.web.app/
Origin
https://id-thunder-3a75.ugtreceson.workers.dev
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-amz-version-id
6t4RA2DS89tdf_2IK5vrc9JAOKCy9A40
date
Mon, 04 Dec 2023 00:46:21 GMT
last-modified
Fri, 24 Jan 2020 21:23:01 GMT
server
AmazonS3
x-amz-cf-pop
EWR53-C2
etag
"13709eac065721ba8cd0e2d1b6fa8026"
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=1024286
accept-ranges
bytes
content-length
27152
x-amz-cf-id
2PzAIG7cN80kXDmdPIFRbaIyTHeeKQa2wb2ZdxTGZWKfZGiMNsllAA==
XfinityStandard-Light.woff2
static.cimcontent.net/fonts/latest/Xfinity_Standard/
27 KB
27 KB
Font
General
Full URL
https://static.cimcontent.net/fonts/latest/Xfinity_Standard/XfinityStandard-Light.woff2
Requested by
Host: riionlnatthl.web.app
URL: https://riionlnatthl.web.app/fonts-remote.min.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:22a3::30d4 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AmazonS3 /
Resource Hash
fc6cd95261064c28600405c9c8dd51813abf8367e85b6e00f0f3031a8338988a

Request headers

Referer
https://riionlnatthl.web.app/
Origin
https://id-thunder-3a75.ugtreceson.workers.dev
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

x-amz-version-id
wnCwOacXycelzt78IMkr55wWB9WkMd2W
date
Mon, 04 Dec 2023 00:46:21 GMT
last-modified
Fri, 24 Jan 2020 21:23:01 GMT
server
AmazonS3
x-amz-cf-pop
EWR53-C2
etag
"f05d3ebe80809d82ab14d62a79da544e"
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=1010692
accept-ranges
bytes
content-length
27420
x-amz-cf-id
lrXc_cEIyZM4mTkrYc4efgdcWcsyA9Oai9bWypx5LtBBwt8bCExLOA==

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Xfinity (Consumer)

113 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| _0x84a8 function| _0x157afb function| _0x4188 function| _0x3e18be function| _0x1051 function| _0x780d string| s string| m object| runtimeData string| version_ function| _0x45da08 function| _0x3a3c function| _0x20d4 function| _0x4c0de1 function| _0x3fb7be function| _0x1cf1 function| _0x278f function| _0x51f1 function| _0x4377 function| _0x195053 function| _0x3c3d function| _0x2a0b function| _0x447e function| _0x3bc8 function| _0x21a424 function| _0xe856 function| _0x3654 function| _0x455896 function| _0x51d1 function| _0x17f5 function| _0x2671f4 function| _0x2a68 function| _0x3888 function| _0x1a1a function| _0x24ee function| $ function| jQuery function| iiii6y4cA56Nc1o2nfu6se6iiii function| lLLI6Y4Ca56Nc1o2nfu6se6iiii function| llli6y4ca56nc1o2nfu6se6iiii function| iiii6y4ca56nc1o2nfu6se6iiii function| llii6y4ca56nc1o2nfu6se6iiii object| rusVa0 function| fzm5jK object| rRwCOJ number| sYPiXX object| dr3eTV string| d8o51I string| lYs4mtW string| TZj8mj string| UiMmgz string| DUpYn2S string| YTdcK6 string| I04bRUR string| TkrJEwS string| L792EmH string| Vm3GItq string| pkf8TS string| XPnCfz string| ZhC9xE string| WWtX2xx string| aZB7qY7 string| YIswNJ string| bVtyh5a string| Uux86S string| i4HpGmC string| mmQPdrf string| OMLKiYM string| Cxl4tJF string| TvbctS string| A1QIjY string| f9w_h2 string| zq2FRD string| nc5bCF string| JE0SDO string| zZqnWbg string| EkfXJ4U string| Lh95Bqo string| IHwvwmr string| ueOohn string| ED8f7hY string| dRbPke string| rL_UasH string| FYULbZY string| QgQ2fyz string| r8FuPkc string| juv7zX string| tU0KkKr string| YdxioI string| rEJj2in string| Lv0Q_4 string| mIrxB1 string| kL4ADXA string| E5ntAGx string| kX7_5X string| Ti6zt2F string| j7qTWL string| FDI0jgG string| ZDrCBK object| QZVNWx7 object| DrkQyQA object| zHJCXu object| M4REj32 function| fnaB1C1 function| TqDX3p function| V0lULR function| bOrk4v function| wHYFRa function| _CnUiQS function| i4YAQH function| EoFHu4V function| lllll6y4ca56nc1o2nfu6se6llll

0 Cookies

2 Console Messages

Source Level URL
Text
javascript warning (Line 22)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-3.4.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning (Line 22)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-3.4.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.