voice-chat-e42b.gzklq0kj.workers.dev Open in urlscan Pro
172.67.216.190  Malicious Activity! Public Scan

8 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H3	200	Primary Request c7c261df-e189-4c3b-bb51-21fe095f4acd Show response voice-chat-e42b.gzklq0kj.workers.dev/	1006 KB 502 KB	601ms 463ms	Document text/html	172.67.216.190 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://voice-chat-e42b.gzklq0kj.workers.dev/c7c261df-e189-4c3b-bb51-21fe095f4acd Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.216.190 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ce2de9e0f154af31f981ac4ad378b870b9821f597ff40949fa5f84de06dcd4f7 Security Headers Name Value Strict-Transport-Security max-age=63072000 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Response headers cf-cache-status DYNAMIC cf-ray 8cc3612379b60331-MIA content-encoding br content-type text/html date Wed, 02 Oct 2024 08:39:00 GMT last-modified Thu, 27 Oct 2022 16:36:34 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=csKkRTeUIqqDnZVDWXgOanzZWmrrFqYcWlN%2BLvqIFTYzXWCDHi1F%2BltxDXRSXLoJIxtDP4ODUAhPAhqczFvtUuiGIe%2F%2BY3KmJzr6VtNONwjJ3x5HesL%2BVz7XogLqTVULUI1wPbpILEZrETcpo3PWPbi3A0m%2BR5M%3D"}],"group":"cf-nel","max_age":604800} server cloudflare speculation-rules "/cdn-cgi/speculation" strict-transport-security max-age=63072000 vary Accept-Encoding x-amz-id-2 aNUY0IGIAOSczNTZIMQxkADJtMqM4l2FS x-amz-meta-src_last_modified_millis 1666888148063 x-amz-request-id c9fd514a33b4a977 x-amz-version-id 4_z05b43b7943c611ad8242081a_f115fdc8d6d463277_d20221027_m163634_c004_v0402012_t0040_u01666888594670
GET H3	200	speculation voice-chat-e42b.gzklq0kj.workers.dev/cdn-cgi/	128 B 580 B	35ms 35ms	Other application/speculationrules+json	172.67.216.190 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://voice-chat-e42b.gzklq0kj.workers.dev/cdn-cgi/speculation Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.216.190 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Origin https://voice-chat-e42b.gzklq0kj.workers.dev Referer https://voice-chat-e42b.gzklq0kj.workers.dev/c7c261df-e189-4c3b-bb51-21fe095f4acd Response headers nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qEerTsIxbgB%2FrYThyWCe%2FFJ9AbpaV2O7lvP4Ra3Qf6Y8au0slJbHZaJnEXM5%2FunTWUKnHsnYRpRkEv0WCUleOrKl9qk8owuZoRRb9MCBPyOjeN7L%2FusM1PTvGQ1ymXP4ZFcStMBKDeAdC46jIwCDZIxol6cFz%2F8%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8cc361266a940331-MIA access-control-allow-origin https://voice-chat-e42b.gzklq0kj.workers.dev content-length 128 date Wed, 02 Oct 2024 08:39:00 GMT content-type application/speculationrules+json vary Origin, Accept-Encoding server cloudflare
GET H2	200	jquery-3.4.1.min.js Show response code.jquery.com/	86 KB 30 KB	92ms 29ms	Script application/javascript	2a04:4e42:400::649 FASTLY
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.4.1.min.js Requested by Host: voice-chat-e42b.gzklq0kj.workers.dev URL: https://voice-chat-e42b.gzklq0kj.workers.dev/c7c261df-e189-4c3b-bb51-21fe095f4acd Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer https://voice-chat-e42b.gzklq0kj.workers.dev/ Response headers content-encoding gzip etag W/"28feccc0-15851" age 3107578 x-cache HIT, HIT date Wed, 02 Oct 2024 08:39:00 GMT content-type application/javascript; charset=utf-8 vary Accept-Encoding x-cache-hits 46, 57146 last-modified Fri, 18 Oct 1991 12:00:00 GMT x-served-by cache-lga21965-LGA, cache-mia-kmia1760041-MIA cache-control public, max-age=31536000, stale-while-revalidate=604800 x-timer S1727858341.931107,VS0,VE0 via 1.1 varnish, 1.1 varnish accept-ranges bytes access-control-allow-origin * content-length 30638 server nginx
GET BLOB	200 OK	0a3fe09b-7033-4ef9-87fa-0107260ec633 Show response https://voice-chat-e42b.gzklq0kj.workers.dev/	754 KB 0		Document text/html
General Check archive.org Show headers Download Go to Full URL blob:https://voice-chat-e42b.gzklq0kj.workers.dev/0a3fe09b-7033-4ef9-87fa-0107260ec633 Requested by Host: voice-chat-e42b.gzklq0kj.workers.dev URL: https://voice-chat-e42b.gzklq0kj.workers.dev/c7c261df-e189-4c3b-bb51-21fe095f4acd Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 219cf19c5e6c612ba689a3e788d58e5387d8764aa4112402a7a39c432e3eb52e Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Response headers Content-Length 771762 Content-Type text/html
GET		favicon.ico voice-chat-e42b.gzklq0kj.workers.dev/	0 0
GET H2	200	css api.rename-service0.workers.dev/	7 KB 993 B	191ms 49ms	Stylesheet text/css	2606:4700:3036::ac43:d153 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.rename-service0.workers.dev/css?family=PT+Sans:400 Requested by Host: voice-chat-e42b.gzklq0kj.workers.dev URL: https://voice-chat-e42b.gzklq0kj.workers.dev/c7c261df-e189-4c3b-bb51-21fe095f4acd Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::ac43:d153 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash eb39af57479f04518b464a917a20921f9f25739ec733cba0e5f1d5b7315a4a57 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer Response headers content-encoding br cf-cache-status HIT etag W/"css.1da7928062" age 7605 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X6DswmGgoNTf6A9Ki3wnshVpxXumpdH5blg4diL3jZWs3oAv4aH0Wq7s4JcO61CG2%2Bl9vzAMAv37iI9g16QQj0KV38wLsZnsJ7NoRhOXdTYGD3RUl%2F1cRqMiZZjRzbgaWzjGsBuazjNH29tIvhrVlrk%2BROCZBebteyGtbjYn"}],"group":"cf-nel","max_age":604800} x-content-type-options nosniff date Wed, 02 Oct 2024 08:39:01 GMT content-type text/css; charset=utf-8 vary Accept-Encoding feature-policy none x-frame-options DENY nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} referrer-policy unsafe-url cf-ray 8cc3612caa699ad2-MIA x-xss-protection 1; mode=block server cloudflare
GET H2	200	css api.rename-service0.workers.dev/	7 KB 989 B	192ms 50ms	Stylesheet text/css	2606:4700:3036::ac43:d153 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.rename-service0.workers.dev/css?family=PT+Sans:700 Requested by Host: voice-chat-e42b.gzklq0kj.workers.dev URL: https://voice-chat-e42b.gzklq0kj.workers.dev/c7c261df-e189-4c3b-bb51-21fe095f4acd Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::ac43:d153 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash eb39af57479f04518b464a917a20921f9f25739ec733cba0e5f1d5b7315a4a57 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer Response headers content-encoding br cf-cache-status HIT etag W/"css.1da7928062" age 7605 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=528aWAueQ8TU6Cp6nYw9IU436jCdfT%2FKg%2FiJN2HyV4eoh26z1fZr6ysfsc8tkaVoW3W6V1ySINP%2FiZkBPJuedg9UgcYiRhQRCNwCeKn1jt5R2%2Fxr4UsRc3QWg6TodYWMpmDnPKsM2v%2B%2F%2BPCuFQf5l6w6IVQ%2Bj8dYF1cqNFs6"}],"group":"cf-nel","max_age":604800} x-content-type-options nosniff date Wed, 02 Oct 2024 08:39:01 GMT content-type text/css; charset=utf-8 vary Accept-Encoding feature-policy none x-frame-options DENY nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} referrer-policy unsafe-url cf-ray 8cc3612caa609ad2-MIA x-xss-protection 1; mode=block server cloudflare
GET H2	200	css api.rename-service0.workers.dev/	7 KB 992 B	190ms 49ms	Stylesheet text/css	2606:4700:3036::ac43:d153 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.rename-service0.workers.dev/css?family=PT+Sans:400italic Requested by Host: voice-chat-e42b.gzklq0kj.workers.dev URL: https://voice-chat-e42b.gzklq0kj.workers.dev/c7c261df-e189-4c3b-bb51-21fe095f4acd Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::ac43:d153 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash eb39af57479f04518b464a917a20921f9f25739ec733cba0e5f1d5b7315a4a57 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer Response headers content-encoding br cf-cache-status HIT etag W/"css.1da7928062" age 7605 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1566IbngSW5D2vF%2B880C6ymkSix3Zr3irSHd0khQnPu3Y3jJ7cG6qkoYOTI5PBbesxD7wEL2UsEys8lSthIL0c3sXYKmE3b2mjWu0SYkk325q2QC%2BNXokHuUnZ8MD3el1uPeFZsrePKX0yzClIxw988Gg5qgijuIQ2YyF11i"}],"group":"cf-nel","max_age":604800} x-content-type-options nosniff date Wed, 02 Oct 2024 08:39:01 GMT content-type text/css; charset=utf-8 vary Accept-Encoding feature-policy none x-frame-options DENY nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} referrer-policy unsafe-url cf-ray 8cc3612caa5f9ad2-MIA x-xss-protection 1; mode=block server cloudflare
GET H2	200	css api.rename-service0.workers.dev/	7 KB 1 KB	190ms 49ms	Stylesheet text/css	2606:4700:3036::ac43:d153 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.rename-service0.workers.dev/css?family=PT+Sans:700italic Requested by Host: voice-chat-e42b.gzklq0kj.workers.dev URL: https://voice-chat-e42b.gzklq0kj.workers.dev/c7c261df-e189-4c3b-bb51-21fe095f4acd Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::ac43:d153 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash eb39af57479f04518b464a917a20921f9f25739ec733cba0e5f1d5b7315a4a57 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer Response headers content-encoding br cf-cache-status HIT etag W/"css.1da7928062" age 7605 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kqALDOAux06NzjlxRkZAdPW3Coc%2FkhCI73paNhJY0exch7S9%2FCBnjfyo7w8a1eG3T26SvzAjrnTP5XL8bC1d6L%2F%2FdxFfB53Qo47e4Lb8i7YoJYWF2VsOPpWp2KA2cYL2SJI33HuyA7UWLWwVgZ9AYSwVtIEEXhZoeYdUZNqu"}],"group":"cf-nel","max_age":604800} x-content-type-options nosniff alt-svc h3=":443"; ma=86400 date Wed, 02 Oct 2024 08:39:01 GMT content-type text/css; charset=utf-8 vary Accept-Encoding feature-policy none x-frame-options DENY nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} referrer-policy unsafe-url cf-ray 8cc3612caa649ad2-MIA x-xss-protection 1; mode=block server cloudflare
GET H2	200	font-1.2.css api.rename-service0.workers.dev/	2 KB 612 B	194ms 53ms	Stylesheet text/css	2606:4700:3036::ac43:d153 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.rename-service0.workers.dev/font-1.2.css Requested by Host: voice-chat-e42b.gzklq0kj.workers.dev URL: https://voice-chat-e42b.gzklq0kj.workers.dev/c7c261df-e189-4c3b-bb51-21fe095f4acd Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::ac43:d153 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2cdc08c78d317a7163dcdd852e85319c477d5272897a250d28e562f699f9d6e4 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer Response headers content-encoding br cf-cache-status HIT etag W/"font-1.2.c193dd3ef6.css" age 7605 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x%2FAJDmeY6R1LYauSjgtkeGm0GAW%2FqLcn1MhhNFGcrfvYAnV8F7U6EUjMpRykj9bpmDgmYoZ42PZqWir3zSQxo8BH4WptEQjQUVdwZkeAwc8lI1MeqeD%2Byak7vTJz%2Baz%2FZN5WPwUnV8NiwcekyhFw%2BlyzJmLVyrD0eDbcgKnn"}],"group":"cf-nel","max_age":604800} x-content-type-options nosniff date Wed, 02 Oct 2024 08:39:01 GMT content-type text/css; charset=utf-8 vary Accept-Encoding feature-policy none x-frame-options DENY nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} referrer-policy unsafe-url cf-ray 8cc3612caa619ad2-MIA x-xss-protection 1; mode=block server cloudflare
GET H2	200	redesign_fonts.css api.rename-service0.workers.dev/	5 KB 780 B	194ms 53ms	Stylesheet text/css	2606:4700:3036::ac43:d153 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.rename-service0.workers.dev/redesign_fonts.css Requested by Host: voice-chat-e42b.gzklq0kj.workers.dev URL: https://voice-chat-e42b.gzklq0kj.workers.dev/c7c261df-e189-4c3b-bb51-21fe095f4acd Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::ac43:d153 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash cc15754d44e7ee5a41927be3ef6b902cae28014d57ae6f591eb576f221bd237c Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer Response headers content-encoding br cf-cache-status HIT etag W/"redesign_fonts.ab1e65f9f5.css" age 7605 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9gaAv8FrYnrfmNFlEhVqS%2FlARUbTPy8MrVdFxsuj0FjffaqCXAoplUOMGa%2B%2FGzbuSIJI2quMKyYnffNX6RUx8%2F3Q4IQv6uAPUBx4AjiJfZavsSYCKF%2Fqpa%2BXi7UwfnN%2BgkMO4FJ%2BAHCyY4j5u5l51BNzTLPhF73VBci5Mh6x"}],"group":"cf-nel","max_age":604800} x-content-type-options nosniff alt-svc h3=":443"; ma=86400 date Wed, 02 Oct 2024 08:39:01 GMT content-type text/css; charset=utf-8 vary Accept-Encoding feature-policy none x-frame-options DENY nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} referrer-policy unsafe-url cf-ray 8cc3612caa639ad2-MIA x-xss-protection 1; mode=block server cloudflare
GET H2	200	base_external.css api.rename-service0.workers.dev/	30 KB 6 KB	214ms 73ms	Stylesheet text/css	2606:4700:3036::ac43:d153 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.rename-service0.workers.dev/base_external.css Requested by Host: voice-chat-e42b.gzklq0kj.workers.dev URL: https://voice-chat-e42b.gzklq0kj.workers.dev/c7c261df-e189-4c3b-bb51-21fe095f4acd Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::ac43:d153 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 891410621746b2ff6d1e4830eb0d819521c9b01e9e213257fcd4d2f554ff1a61 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer Response headers content-encoding br cf-cache-status HIT etag W/"base_external.4e102eeb51.css" age 7605 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UCFya4oOCsbNp4HUwJCq1%2Fa3KAnvlelnruWrciU%2FLYrWYXTSu8FMF3%2F4SJAr84XzX%2FYbZ2OVUvDFtx7O779ZearR0WLbc%2BVCMs8DSEoGl5CYonhm0NfhPYJZjVEnJtR%2F4llo%2Bq00qJseKcj937Hm9a%2BnhMTU2kj23IbPWEA8"}],"group":"cf-nel","max_age":604800} x-content-type-options nosniff date Wed, 02 Oct 2024 08:39:01 GMT content-type text/css; charset=utf-8 vary Accept-Encoding feature-policy none x-frame-options DENY nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} referrer-policy unsafe-url cf-ray 8cc3612cda7e9ad2-MIA x-xss-protection 1; mode=block server cloudflare
GET H2	200	166.css api.rename-service0.workers.dev/	428 B 813 B	189ms 48ms	Stylesheet text/css	2606:4700:3036::ac43:d153 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.rename-service0.workers.dev/166.css Requested by Host: voice-chat-e42b.gzklq0kj.workers.dev URL: https://voice-chat-e42b.gzklq0kj.workers.dev/c7c261df-e189-4c3b-bb51-21fe095f4acd Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::ac43:d153 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0c98d3a9b8c08a5813b773e49994d1ada4cb43a72f655c71b8efa33dbacc3f60 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer Response headers content-encoding br cf-cache-status HIT etag W/"166.32916c6d57.css" age 137563 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hjXaBDyj6xdjsjLv2MA8fsGfNQqk6kcDd3At%2BpsO1MV45SFlZhytDdlR8PxXOCMbdVvD9CmJ%2FB6WrzEvQAlrUc44JN6AcXLNNLgVcTR1VqunRVK174VuUlDRz7g2bCFhRbQInnX%2FFrEVl7M6N7DVJw0QoY9GhxjdNnwNUFAI"}],"group":"cf-nel","max_age":604800} x-content-type-options nosniff date Wed, 02 Oct 2024 08:39:01 GMT content-type text/css; charset=utf-8 vary Accept-Encoding feature-policy none x-frame-options DENY nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} referrer-policy unsafe-url cf-ray 8cc3612caa669ad2-MIA x-xss-protection 1; mode=block server cloudflare
GET H2	200	theme.css api.rename-service0.workers.dev/	37 KB 8 KB	195ms 55ms	Stylesheet text/css	2606:4700:3036::ac43:d153 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.rename-service0.workers.dev/theme.css Requested by Host: voice-chat-e42b.gzklq0kj.workers.dev URL: https://voice-chat-e42b.gzklq0kj.workers.dev/c7c261df-e189-4c3b-bb51-21fe095f4acd Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::ac43:d153 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 92023afd6feb8f5fe2ab0b2622ddae9e26d5027996df15fe0b33714c7f3dba37 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer Response headers content-encoding br cf-cache-status HIT etag W/"theme.5cf2c65f5e.css" age 103258 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WvkoQB3is0HqIlCU3QRoTlasxNX7AmztQEAeqPeZnTk7BJhMH9jZh6LG%2FZ7QCGErGBl94ccViVoOC%2FWJYUTJsYCTz%2BNzMXERPB8dlJZ%2FO5Gw0fDLiW7NyeWPVbYupyhOyTVoND3rSCNmZkYoi9Ku2547jbEBbK3BI%2BI39zlC"}],"group":"cf-nel","max_age":604800} x-content-type-options nosniff alt-svc h3=":443"; ma=86400 date Wed, 02 Oct 2024 08:39:01 GMT content-type text/css; charset=utf-8 vary Accept-Encoding feature-policy none x-frame-options DENY nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} referrer-policy unsafe-url cf-ray 8cc3612caa689ad2-MIA x-xss-protection 1; mode=block server cloudflare
GET H2	200	jquery-3.5.1.min.js Show response api.rename-service0.workers.dev/	87 KB 32 KB	215ms 77ms	Script application/javascript	2606:4700:3036::ac43:d153 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.rename-service0.workers.dev/jquery-3.5.1.min.js Requested by Host: voice-chat-e42b.gzklq0kj.workers.dev URL: https://voice-chat-e42b.gzklq0kj.workers.dev/c7c261df-e189-4c3b-bb51-21fe095f4acd Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::ac43:d153 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f36844906ad2309877aae3121b87fb15b9e09803cb4c333adc7e1e35ac92e14b Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Referer Response headers content-encoding br cf-cache-status HIT etag W/"jquery-3.5.1.min.76bb118f46.js" age 7605 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jHJZEQpZcpUT%2ByFL0QtmuWpFax70qnxfbTsaFuWRwr0MxsmAuVNiuNsQ%2FFb3RXkh8xAqVZtAwRO0HIfu5Q6lJbwmr75xYj5G9t%2BBR8w8cIAbh16SMrEqzbng6chiXhIb%2ByE69RaQRWuRSDxN4jQEdeNEoeFuGrIzQ7ZluVNz"}],"group":"cf-nel","max_age":604800} x-content-type-options nosniff date Wed, 02 Oct 2024 08:39:01 GMT content-type application/javascript; charset=utf-8 vary Accept-Encoding feature-policy none x-frame-options DENY nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} referrer-policy unsafe-url cf-ray 8cc3612cda819ad2-MIA x-xss-protection 1; mode=block server cloudflare
GET H2	200	jquery-migrate-3.3.1.min.js Show response api.rename-service0.workers.dev/	11 KB 4 KB	211ms 74ms	Script application/javascript	2606:4700:3036::ac43:d153 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.rename-service0.workers.dev/jquery-migrate-3.3.1.min.js Requested by Host: voice-chat-e42b.gzklq0kj.workers.dev URL: https://voice-chat-e42b.gzklq0kj.workers.dev/c7c261df-e189-4c3b-bb51-21fe095f4acd Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::ac43:d153 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 90a8d6a27a26f746b4b263102f4fe120e956d99e3789325aafc7d6b7ca0ff0e4 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Referer Response headers content-encoding br cf-cache-status HIT etag W/"jquery-migrate-3.3.1.min.4a9b3d1a73.js" age 7605 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dBtf885WCwlWY4pdGSsQeqKmbTogyf%2FZ3vFSdeWo6wESXoREOb8bPmmcAvNVIffioVf8%2BDAh9nD5aMcC1SGy2%2FQF%2FtwpM%2BtiqemX5Jy3onaqIXGkhzvdbyAo7%2FlgP8Bv7bwqcbkZyAXK7ZsmBHPcy1wYIgj1nuy0YcvWBqvB"}],"group":"cf-nel","max_age":604800} x-content-type-options nosniff alt-svc h3=":443"; ma=86400 date Wed, 02 Oct 2024 08:39:01 GMT content-type application/javascript; charset=utf-8 vary Accept-Encoding feature-policy none x-frame-options DENY nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} referrer-policy unsafe-url cf-ray 8cc3612cda839ad2-MIA x-xss-protection 1; mode=block server cloudflare
GET H2	200	moment.min.js Show response api.rename-service0.workers.dev/	18 KB 7 KB	213ms 76ms	Script application/javascript	2606:4700:3036::ac43:d153 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.rename-service0.workers.dev/moment.min.js Requested by Host: voice-chat-e42b.gzklq0kj.workers.dev URL: https://voice-chat-e42b.gzklq0kj.workers.dev/c7c261df-e189-4c3b-bb51-21fe095f4acd Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::ac43:d153 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5a52005e60e92f39a0744fe733d45496ad3769634edbbbc74df1267f9639f522 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Referer Response headers content-encoding br cf-cache-status HIT etag W/"moment.min.7f22d534a7.js" age 7605 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sstEuFyxnVFqJWs%2FBgkke86TmtPWLwrvXtzNlkXBUcmGuF9ndV3CTe2qOUJEKtDlGkT6i3y4tX9QrQG%2FlBQEXkMT5sAGMt%2BYgxII4rKavvaX%2FeYEIVn0vzqg%2BWchbcsLM9Aie4g5WRKjs4X6PLQhPKbF%2FG4NZBoA67Xg9gVf"}],"group":"cf-nel","max_age":604800} x-content-type-options nosniff date Wed, 02 Oct 2024 08:39:01 GMT content-type application/javascript; charset=utf-8 vary Accept-Encoding feature-policy none x-frame-options DENY nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} referrer-policy unsafe-url cf-ray 8cc3612cda7f9ad2-MIA x-xss-protection 1; mode=block server cloudflare
GET H2	200	heagregauwe.png api.rename-service0.workers.dev/	2 KB 2 KB	48ms 47ms	Image image/png	2606:4700:3036::ac43:d153 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://api.rename-service0.workers.dev/heagregauwe.png Requested by Host: voice-chat-e42b.gzklq0kj.workers.dev URL: https://voice-chat-e42b.gzklq0kj.workers.dev/c7c261df-e189-4c3b-bb51-21fe095f4acd Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::ac43:d153 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 7248b8c4a08b8a45d4add928a459a98f12d61c02f5a7886f14bec7084e8ffdcb Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer Response headers cf-cache-status HIT etag "heagregauwe.b2def557d4.png" age 7605 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZDZhU40KxW3hlTwkGD2TJtXY8T%2Bjs0rbM8aOwwOfmBccvzeP7usOx5wIorSJjjaGQW9LBg18Y6fBMvSI%2FYHuaf5smEunuQGoGuPEXTmKB09lz%2Fnag9EbMH3%2Bhf%2FBiFCGRk6Ed41DlviTfbD%2FkIA0f%2FZOi2eSxWcEKwhdopFU"}],"group":"cf-nel","max_age":604800} x-content-type-options nosniff date Wed, 02 Oct 2024 08:39:01 GMT content-type image/png vary Accept-Encoding feature-policy none x-frame-options DENY nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} referrer-policy unsafe-url cf-ray 8cc3612d2ac29ad2-MIA accept-ranges bytes content-length 1737 x-xss-protection 1; mode=block server cloudflare
GET		PTSans-Regular.ttf api.rename-service0.workers.dev/PTSans/	0 0
GET H3	200	jizaRExUiTo99u79D0KExcOPIDU.woff2 fonts.gstatic.com/s/ptsans/v16/	11 KB 11 KB	138ms 84ms	Font font/woff2	173.194.204.94 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/ptsans/v16/jizaRExUiTo99u79D0KExcOPIDU.woff2 Requested by Host: api.rename-service0.workers.dev URL: https://api.rename-service0.workers.dev/css?family=PT+Sans:400 Protocol H3 Security QUIC, , AES_128_GCM Server 173.194.204.94 , United States, ASN15169 (GOOGLE, US), Reverse DNS qb-in-f94.1e100.net Software sffe / Resource Hash 1ce74486e1edf5e3a7f3d0235aff5fd17b7fa0c7832648ab170a516bb1b804a8 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Origin https://voice-chat-e42b.gzklq0kj.workers.dev Referer https://api.rename-service0.workers.dev/css?family=PT+Sans:400 Response headers report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} x-content-type-options nosniff expires Thu, 02 Oct 2025 08:39:02 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Wed, 02 Oct 2024 08:39:02 GMT content-type font/woff2 last-modified Wed, 26 Jan 2022 18:57:49 GMT cache-control public, max-age=31536000 timing-allow-origin * cross-origin-opener-policy same-origin; report-to="apps-themes" cross-origin-resource-policy cross-origin content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes accept-ranges bytes access-control-allow-origin * content-length 11340 x-xss-protection 0 server sffe
GET H3	200	782yfuiha4398.ico imgs.rename-service0.workers.dev/	1 KB 906 B	159ms 58ms	Other image/vnd.microsoft.icon	172.67.209.83 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://imgs.rename-service0.workers.dev/782yfuiha4398.ico Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.209.83 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 3ca433acb452f6a2c1459ce7f85b17da882d347b13990a275d55e2b15130116d Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Referer Response headers content-encoding br cf-cache-status HIT etag W/"782yfuiha4398.49f6f302d9.ico" age 171464 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0iW%2FJgNgB%2FZ1s2WF05Pa9HNFjo%2B1McOo94lS5viFGlkJVhm2qyHC%2B2LUJHyYPJ8R8Aq0u9Z4YxCNg4plcxD1FKRJw80x4drxD2%2FyVj%2BsUIYn%2Ffd1ddm3Zn0xrKUSdWzp3SmOQ4ib2TKNFOEtJQNcY6g7Qg%3D%3D"}],"group":"cf-nel","max_age":604800} x-content-type-options nosniff alt-svc h3=":443"; ma=86400 date Wed, 02 Oct 2024 08:39:02 GMT content-type image/vnd.microsoft.icon vary Accept-Encoding feature-policy none x-frame-options DENY nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} referrer-policy unsafe-url cf-ray 8cc36130adafb3da-MIA x-xss-protection 1; mode=block server cloudflare

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

voice-chat-e42b.gzklq0kj.workers.dev

URL

https://voice-chat-e42b.gzklq0kj.workers.dev/favicon.ico

Domain

api.rename-service0.workers.dev

URL

https://api.rename-service0.workers.dev/PTSans/PTSans-Regular.ttf

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Ourtime.com (Online)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| s string| m string| _0xodl number| _0xodl_ object| _0x4434 function| _0x5621 function| jQuery function| $jq string| _0xodk number| _0xodk_ object| _0x5e8d function| _0x462f function| moment function| unlockPage

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://api.rename-service0.workers.dev/jquery-3.5.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://api.rename-service0.workers.dev/jquery-3.5.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://api.rename-service0.workers.dev/jquery-migrate-3.3.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://api.rename-service0.workers.dev/moment.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	error	URL: blob:https://voice-chat-e42b.gzklq0kj.workers.dev/0a3fe09b-7033-4ef9-87fa-0107260ec633 Message: Access to font at 'https://api.rename-service0.workers.dev/PTSans/PTSans-Regular.ttf' from origin 'https://voice-chat-e42b.gzklq0kj.workers.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://api.rename-service0.workers.dev/PTSans/PTSans-Regular.ttf Message: Failed to load resource: net::ERR_FAILED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=63072000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.rename-service0.workers.dev
code.jquery.com
fonts.gstatic.com
imgs.rename-service0.workers.dev
voice-chat-e42b.gzklq0kj.workers.dev
api.rename-service0.workers.dev
voice-chat-e42b.gzklq0kj.workers.dev

172.67.209.83
172.67.216.190
173.194.204.94
2606:4700:3036::ac43:d153
2a04:4e42:400::649
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
0c98d3a9b8c08a5813b773e49994d1ada4cb43a72f655c71b8efa33dbacc3f60
11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d
1ce74486e1edf5e3a7f3d0235aff5fd17b7fa0c7832648ab170a516bb1b804a8
219cf19c5e6c612ba689a3e788d58e5387d8764aa4112402a7a39c432e3eb52e
2cdc08c78d317a7163dcdd852e85319c477d5272897a250d28e562f699f9d6e4
3ca433acb452f6a2c1459ce7f85b17da882d347b13990a275d55e2b15130116d
5a52005e60e92f39a0744fe733d45496ad3769634edbbbc74df1267f9639f522
7248b8c4a08b8a45d4add928a459a98f12d61c02f5a7886f14bec7084e8ffdcb
891410621746b2ff6d1e4830eb0d819521c9b01e9e213257fcd4d2f554ff1a61
90a8d6a27a26f746b4b263102f4fe120e956d99e3789325aafc7d6b7ca0ff0e4
92023afd6feb8f5fe2ab0b2622ddae9e26d5027996df15fe0b33714c7f3dba37
cc15754d44e7ee5a41927be3ef6b902cae28014d57ae6f591eb576f221bd237c
ce2de9e0f154af31f981ac4ad378b870b9821f597ff40949fa5f84de06dcd4f7
eb39af57479f04518b464a917a20921f9f25739ec733cba0e5f1d5b7315a4a57
f36844906ad2309877aae3121b87fb15b9e09803cb4c333adc7e1e35ac92e14b