shiny-mountain-deed.zoi81lc2.workers.dev Open in urlscan Pro
188.114.97.3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://shiny-mountain-deed.zoi81lc2.workers.dev/d4ac7d98-6751-4197-88fc-4310f116b2c5,n/a,https:/openphish.com/feed.txt,5-sep-24,low,medium
Effective URL:
https://shiny-mountain-deed.zoi81lc2.workers.dev/d4ac7d98-6751-4197-88fc-4310f116b2c5,n/a,https:/openphish.com/feed.txt,5-sep-24,low,medium
Submission: On September 05 via api (September 5th 2024, 11:56:36 pm UTC) from US — Scanned from NL

Summary HTTP 27 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 8 IPs in 3 countries across 4 domains to perform 27 HTTP transactions. The main IP is 188.114.97.3, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is shiny-mountain-deed.zoi81lc2.workers.dev.
TLS certificate: Issued by WE1 on August 6th 2024. Valid for: 3 months.

This is the only time shiny-mountain-deed.zoi81lc2.workers.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Ourtime.com (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	188.114.97.3 188.114.97.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	172.64.144.247 172.64.144.247	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a04:4e42:400... 2a04:4e42:400::649	54113 (FASTLY) (FASTLY)
1		() ()
15	2606:4700:303... 2606:4700:3034::6815:4d99	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
1	172.67.209.83 172.67.209.83	13335 (CLOUDFLAR...) (CLOUDFLARENET)
27	8

1 188.114.97.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

shiny-mountain-deed.zoi81lc2.workers.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.64.144.247 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)

codesandbox.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:400::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 (None, )

ASN- ()

shiny-mountain-deed.zoi81lc2.workers.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2606:4700:3034::6815:4d99 (United States)

ASN13335 (CLOUDFLARENET, US)

api.rename-service0.workers.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.209.83 (United States)

ASN13335 (CLOUDFLARENET, US)

imgs.rename-service0.workers.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	workers.dev shiny-mountain-deed.zoi81lc2.workers.dev api.rename-service0.workers.dev imgs.rename-service0.workers.dev	504 KB
3	codesandbox.io codesandbox.io — Cisco Umbrella Rank: 209528	48 KB
1	gstatic.com fonts.gstatic.com	12 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 1211	30 KB
27	4

	Domain	Requested by
15	api.rename-service0.workers.dev	shiny-mountain-deed.zoi81lc2.workers.dev api.rename-service0.workers.dev
3	codesandbox.io	shiny-mountain-deed.zoi81lc2.workers.dev codesandbox.io
2	shiny-mountain-deed.zoi81lc2.workers.dev	shiny-mountain-deed.zoi81lc2.workers.dev
1	imgs.rename-service0.workers.dev
1	fonts.gstatic.com	api.rename-service0.workers.dev
1	code.jquery.com	shiny-mountain-deed.zoi81lc2.workers.dev
27	6

This site contains links to these domains. Also see Links.

Domain
www.ourtime.com
www.match.com
www.matchmediagroup.com
www.chemistry.com
www.blackpeoplemeet.com
www.bbpeoplemeet.com

Subject Issuer	Validity	Valid
zoi81lc2.workers.dev WE1	`2024-08-06` - `2024-11-04`	3 months	crt.sh
codesandbox.io E5	`2024-08-20` - `2024-11-18`	3 months	crt.sh
*.jquery.com Sectigo ECC Domain Validation Secure Server CA	`2024-06-25` - `2025-06-25`	a year	crt.sh
rename-service0.workers.dev WE1	`2024-08-02` - `2024-10-31`	3 months	crt.sh
*.gstatic.com WR2	`2024-08-12` - `2024-11-04`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://shiny-mountain-deed.zoi81lc2.workers.dev/d4ac7d98-6751-4197-88fc-4310f116b2c5,n/a,https:/openphish.com/feed.txt,5-sep-24,low,medium
Frame ID: F17E6342BD3248FFD1AB3433C2D181AD
Requests: 27 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

OurTime.com - The 50+ Single Network

Page URL History Show full URLs

http://shiny-mountain-deed.zoi81lc2.workers.dev/d4ac7d98-6751-4197-88fc-4310f116b2c5,n/a,https:/openphish.com/feed.txt,5-sep... HTTP 307
https://shiny-mountain-deed.zoi81lc2.workers.dev/d4ac7d98-6751-4197-88fc-4310f116b2c5,n/a,https:/openphish.com/feed.txt,5-sep... Page URL

Detected technologies

Moment.js (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

moment(?:\.min)?\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

otSDKStub\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

27
Requests

85 %
HTTPS

43 %
IPv6

4
Domains

6
Subdomains

8
IPs

3
Countries

594 kB
Transfer

4988 kB
Size

1
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: https://www.ourtime.com/?notrack
Title: home

Search URL Search Domain Scan URL

URL: https://www.ourtime.com/v3/billing/
Title: billing

Search URL Search Domain Scan URL

URL: https://www.match.com/cp/careers/CurrentOpenings.html
Title: careers

Search URL Search Domain Scan URL

URL: https://www.matchmediagroup.com/
Title: advertise with us

Search URL Search Domain Scan URL

URL: https://www.match.com/
Title: Match.com

Search URL Search Domain Scan URL

URL: https://www.chemistry.com/
Title: Chemistry.com

Search URL Search Domain Scan URL

URL: https://www.blackpeoplemeet.com/?notrack
Title: Black Singles

Search URL Search Domain Scan URL

URL: https://www.bbpeoplemeet.com/?notrack
Title: Big and Beautiful

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://shiny-mountain-deed.zoi81lc2.workers.dev/d4ac7d98-6751-4197-88fc-4310f116b2c5,n/a,https:/openphish.com/feed.txt,5-sep-24,low,medium HTTP 307
https://shiny-mountain-deed.zoi81lc2.workers.dev/d4ac7d98-6751-4197-88fc-4310f116b2c5,n/a,https:/openphish.com/feed.txt,5-sep-24,low,medium Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

27 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3

200

Primary Request feed.txt,5-sep-24,low,medium Show response
shiny-mountain-deed.zoi81lc2.workers.dev/d4ac7d98-6751-4197-88fc-4310f116b2c5,n/a,https:/openphish.com/
Redirect Chain

http://shiny-mountain-deed.zoi81lc2.workers.dev/d4ac7d98-6751-4197-88fc-4310f116b2c5,n/a,https:/openphish.com/feed.txt,5-sep-24,low,medium
https://shiny-mountain-deed.zoi81lc2.workers.dev/d4ac7d98-6751-4197-88fc-4310f116b2c5,n/a,https:/openphish.com/feed.txt,5-sep-24,low,medium

2 MB
394 KB

860ms
812ms

Document
text/html

188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://shiny-mountain-deed.zoi81lc2.workers.dev/d4ac7d98-6751-4197-88fc-4310f116b2c5,n/a,https:/openphish.com/feed.txt,5-sep-24,low,medium
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d83c1971da9a52e3b35726a04195fdfdcabe9fb0bdfb632fb76920bd42642fc2

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cf-ray: 8bea27faccc4d272-FRA
content-encoding: br
content-type: text/html;charset=UTF-8
date: Thu, 05 Sep 2024 23:56:30 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t3cGVHMYZnH%2FRpbCW30658K%2FhYsyZhelvl1w6KBF94oZHww4FatwdOJwYuBD5XByvZZ1btpe4k9J4OoJI2Om0mq6SU8By6SxK8eHEFQwIt8RK33QG1jpKMe0fIsaA0PV7Hzl9Vo5Rf3U0OTuiMXOuZ1wZwxMlGWCUOTk"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

Redirect headers

Cross-Origin-Resource-Policy: Cross-Origin
Location: https://shiny-mountain-deed.zoi81lc2.workers.dev/d4ac7d98-6751-4197-88fc-4310f116b2c5,n/a,https:/openphish.com/feed.txt,5-sep-24,low,medium
Non-Authoritative-Reason: HSTS

GET
H3 200 sse-hooks.e15ace8ccace5398a721ffec81f121de.js Show response
codesandbox.io/public/sse-hooks/ 173 KB
44 KB 82ms
34ms Script
application/javascript 172.64.144.247
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://codesandbox.io/public/sse-hooks/sse-hooks.e15ace8ccace5398a721ffec81f121de.js
Requested by: Host: shiny-mountain-deed.zoi81lc2.workers.dev
URL: https://shiny-mountain-deed.zoi81lc2.workers.dev/d4ac7d98-6751-4197-88fc-4310f116b2c5,n/a,https:/openphish.com/feed.txt,5-sep-24,low,medium
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.144.247 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 71020e37a4c15f51bf8379008061cef1a85b5c4be6ceb9f323cf4512ad04280c

Request headers

Referer: https://shiny-mountain-deed.zoi81lc2.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 23:56:30 GMT
content-encoding: gzip
via: 1.1 google
cf-cache-status: HIT
age: 5574667
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 03 Jul 2024 11:23:22 GMT
server: cloudflare
etag: W/"668534aa-2b210"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 8bea28006e14bb5c-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 banner.d9cb10a38.js Show response
codesandbox.io/static/js/ 4 KB
2 KB 123ms
75ms Script
application/javascript 172.64.144.247
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://codesandbox.io/static/js/banner.d9cb10a38.js
Requested by: Host: shiny-mountain-deed.zoi81lc2.workers.dev
URL: https://shiny-mountain-deed.zoi81lc2.workers.dev/d4ac7d98-6751-4197-88fc-4310f116b2c5,n/a,https:/openphish.com/feed.txt,5-sep-24,low,medium
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.144.247 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 74850bad3411bc2540a6928159967088a555cb990e9569065a878e9e8a864830

Request headers

Referer: https://shiny-mountain-deed.zoi81lc2.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 23:56:30 GMT
content-encoding: gzip
via: 1.1 google
cf-cache-status: HIT
age: 15236527
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 22 Nov 2023 10:23:27 GMT
server: cloudflare
etag: W/"655dd69f-efa"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 8bea28006e15bb5c-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery-3.4.1.min.js
code.jquery.com/ 86 KB
30 KB 192ms
67ms Script
application/javascript 2a04:4e42:400::649
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.4.1.min.js
Requested by: Host: shiny-mountain-deed.zoi81lc2.workers.dev
URL: https://shiny-mountain-deed.zoi81lc2.workers.dev/d4ac7d98-6751-4197-88fc-4310f116b2c5,n/a,https:/openphish.com/feed.txt,5-sep-24,low,medium
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://shiny-mountain-deed.zoi81lc2.workers.dev/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 23:56:30 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
age: 5674327
x-cache: HIT, HIT
content-length: 30638
x-served-by: cache-lga21965-LGA, cache-mad22081-MAD
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
x-timer: S1725580590.259371,VS0,VE0
etag: W/"28feccc0-15851"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=604800
accept-ranges: bytes
x-cache-hits: 198932, 149054

GET
H3 200 watermark-button.eeb14a97b.js
codesandbox.io/static/js/ 3 KB
2 KB 95ms
71ms Script
application/javascript 172.64.144.247
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://codesandbox.io/static/js/watermark-button.eeb14a97b.js
Requested by: Host: shiny-mountain-deed.zoi81lc2.workers.dev
URL: https://shiny-mountain-deed.zoi81lc2.workers.dev/d4ac7d98-6751-4197-88fc-4310f116b2c5,n/a,https:/openphish.com/feed.txt,5-sep-24,low,medium
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.144.247 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://shiny-mountain-deed.zoi81lc2.workers.dev/
Origin: https://shiny-mountain-deed.zoi81lc2.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 23:56:30 GMT
content-encoding: gzip
via: 1.1 google
cf-cache-status: HIT
age: 59645
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 02 Sep 2024 07:23:20 GMT
server: cloudflare
etag: W/"66d567e8-ac1"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 8bea2800df7b085b-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET phishing
codesandbox.io/api/v1/sandboxes/shiny-mountain-deed/ 0
0

GET
BLOB 200
OK 3689aefc-93fb-4bb3-bb5f-1178871c7a8f Show response
https://shiny-mountain-deed.zoi81lc2.workers.dev/ 2 MB
0 Document
text/html

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://shiny-mountain-deed.zoi81lc2.workers.dev/3689aefc-93fb-4bb3-bb5f-1178871c7a8f
Requested by: Host: shiny-mountain-deed.zoi81lc2.workers.dev
URL: https://shiny-mountain-deed.zoi81lc2.workers.dev/d4ac7d98-6751-4197-88fc-4310f116b2c5,n/a,https:/openphish.com/feed.txt,5-sep-24,low,medium
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: feef649b1c3ad9cf3288bab5a38333144a9d4b4a979f3a86efd7811ab7a2cded

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Length: 1921398
Content-Type: text/html

GET favicon.ico
shiny-mountain-deed.zoi81lc2.workers.dev/ 0
0

GET
H2 200 otSDKStub.js Show response
api.rename-service0.workers.dev/ 19 KB
7 KB 117ms
41ms Script
application/javascript 2606:4700:3034::6815:4d99
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.rename-service0.workers.dev/otSDKStub.js

Requested by

Host: shiny-mountain-deed.zoi81lc2.workers.dev
URL: https://shiny-mountain-deed.zoi81lc2.workers.dev/d4ac7d98-6751-4197-88fc-4310f116b2c5,n/a,https:/openphish.com/feed.txt,5-sep-24,low,medium

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:4d99 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

11b947e74a7ba8f1d433b84ab7a719799ec0662a9035a8b4a2ab4d7d1eb2d681

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Thu, 05 Sep 2024 23:56:31 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 122207
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: unsafe-url
server: cloudflare
etag: W/"otSDKStub.3b2ba3d591.js"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript; charset=utf-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FjIrDd4Lbvs2ZY0fPFUFQRFiZCBL5SSVlob%2FMhjzE0NQ7E5Sju%2FobPRZwRhKtVzRnQPPUYdquUMWod47vx7FM3ZgXWxV3pzx4kQN2%2BKTk2g%2BGQ2tZHD6bxrF2THh%2FjBlWaaKw8rV9mg2A4%2FXcsMCQnXsp4wSycXzl4RZSu8Y"}],"group":"cf-nel","max_age":604800}
feature-policy: none
cf-ray: 8bea2807fdf118f9-FRA

GET
H2 200 js Show response
api.rename-service0.workers.dev/ 94 KB
37 KB 113ms
42ms Script
application/javascript 2606:4700:3034::6815:4d99
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.rename-service0.workers.dev/js?id=UA-1817027-45

Requested by

Host: shiny-mountain-deed.zoi81lc2.workers.dev
URL: https://shiny-mountain-deed.zoi81lc2.workers.dev/d4ac7d98-6751-4197-88fc-4310f116b2c5,n/a,https:/openphish.com/feed.txt,5-sep-24,low,medium

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:4d99 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2cfb61c5b4464a49bf1a1867ab3c06ad790468ab0d6b3dec415a5929b20dac85

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Thu, 05 Sep 2024 23:56:31 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 57178
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: unsafe-url
server: cloudflare
etag: W/"js.28fa744248"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript; charset=utf-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1DuoDtyPaeF7MDYX98mYoTDTEHgPxufh52wKRYEoAx1FdPtrlglFBSRaYOzWxonQkrd%2BBfHeVE9aObz9buIHPhQeD%2Bm6nX9faZpZHtWuYRUyP4k6AACtTRkof0ZkGAeETVDT2cqQzJLAINk%2FHVoCB%2FBCoBGWRA%2F%2BUdjLCazH"}],"group":"cf-nel","max_age":604800}
feature-policy: none
cf-ray: 8bea2807fdef18f9-FRA

GET
H2 200 jquery-3.5.1.min.js Show response
api.rename-service0.workers.dev/ 87 KB
32 KB 110ms
39ms Script
application/javascript 2606:4700:3034::6815:4d99
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.rename-service0.workers.dev/jquery-3.5.1.min.js

Requested by

Host: shiny-mountain-deed.zoi81lc2.workers.dev
URL: https://shiny-mountain-deed.zoi81lc2.workers.dev/d4ac7d98-6751-4197-88fc-4310f116b2c5,n/a,https:/openphish.com/feed.txt,5-sep-24,low,medium

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:4d99 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f36844906ad2309877aae3121b87fb15b9e09803cb4c333adc7e1e35ac92e14b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Thu, 05 Sep 2024 23:56:31 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 122207
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: unsafe-url
server: cloudflare
etag: W/"jquery-3.5.1.min.76bb118f46.js"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript; charset=utf-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NorhpvOz1wFBF1Hm0zc%2Fsydz%2FqmjqM0V5eji3zV1zDYwjBI71CYaNT%2FQbyDj%2FmkPq1%2BhBK0HymaoywUOV0biIgISp4Y%2BU7r0hOyxzaqmSC14II%2BrOzR%2BMEM1Q%2BtxoUT%2Fg%2B%2Fq967DPSUhzq0Y0UtNqCEV95VeFbGYdyslpBF4"}],"group":"cf-nel","max_age":604800}
feature-policy: none
cf-ray: 8bea2807fdf418f9-FRA

GET
H2 200 jquery-migrate-3.3.1.min.js Show response
api.rename-service0.workers.dev/ 11 KB
4 KB 112ms
42ms Script
application/javascript 2606:4700:3034::6815:4d99
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.rename-service0.workers.dev/jquery-migrate-3.3.1.min.js

Requested by

Host: shiny-mountain-deed.zoi81lc2.workers.dev
URL: https://shiny-mountain-deed.zoi81lc2.workers.dev/d4ac7d98-6751-4197-88fc-4310f116b2c5,n/a,https:/openphish.com/feed.txt,5-sep-24,low,medium

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:4d99 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

90a8d6a27a26f746b4b263102f4fe120e956d99e3789325aafc7d6b7ca0ff0e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Thu, 05 Sep 2024 23:56:31 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 33413
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: unsafe-url
server: cloudflare
etag: W/"jquery-migrate-3.3.1.min.4a9b3d1a73.js"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript; charset=utf-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fqTyhwiwwdx7S7SY%2BSDtZeLvjRz6h6cizDGYxT28WLSddDjyJuKnshAwh%2BinzHW2AHxxB8BsT963eTPJfNkY3Xda4IJO5eDdZHg2iwHzA4P%2Fwo%2F%2BvOL8W1B9OdrJOar9qYZzmrbZvH8vdG5Kw2678yHPMv393pT0oRT%2B3ZLh"}],"group":"cf-nel","max_age":604800}
feature-policy: none
cf-ray: 8bea2807fdf218f9-FRA

GET
H2 200 moment.min.js Show response
api.rename-service0.workers.dev/ 18 KB
7 KB 112ms
42ms Script
application/javascript 2606:4700:3034::6815:4d99
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.rename-service0.workers.dev/moment.min.js

Requested by

Host: shiny-mountain-deed.zoi81lc2.workers.dev
URL: https://shiny-mountain-deed.zoi81lc2.workers.dev/d4ac7d98-6751-4197-88fc-4310f116b2c5,n/a,https:/openphish.com/feed.txt,5-sep-24,low,medium

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:4d99 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a52005e60e92f39a0744fe733d45496ad3769634edbbbc74df1267f9639f522

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Thu, 05 Sep 2024 23:56:31 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 122207
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: unsafe-url
server: cloudflare
etag: W/"moment.min.7f22d534a7.js"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript; charset=utf-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5aEvIB0ASAQ6Hx9d4KCy0G%2F66H6Dx7A3%2FPWz5L2Gjd%2BbVBwIiN02oUf3px3L4E6SZ0REDOm%2FTJiTAeGADcQvsOzb6vZx4yQNjnpVvozpPHjNF0MayuN9%2FuDy8eUslI%2BJaNIPwD2174Kue408Z%2F9GacaPtB1rpSGj6dibIc2n"}],"group":"cf-nel","max_age":604800}
feature-policy: none
cf-ray: 8bea2807fdf018f9-FRA

GET
H2 200 heagregauwe.png
api.rename-service0.workers.dev/ 2 KB
2 KB 35ms
34ms Image
image/png 2606:4700:3034::6815:4d99
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://api.rename-service0.workers.dev/heagregauwe.png

Requested by

Host: shiny-mountain-deed.zoi81lc2.workers.dev
URL: https://shiny-mountain-deed.zoi81lc2.workers.dev/d4ac7d98-6751-4197-88fc-4310f116b2c5,n/a,https:/openphish.com/feed.txt,5-sep-24,low,medium

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:4d99 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7248b8c4a08b8a45d4add928a459a98f12d61c02f5a7886f14bec7084e8ffdcb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 23:56:31 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7148
alt-svc: h3=":443"; ma=86400
content-length: 1737
x-xss-protection: 1; mode=block
referrer-policy: unsafe-url
server: cloudflare
etag: "heagregauwe.b2def557d4.png"
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/png
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RnW%2FNkLOaz6mr667lkn39C9KK7ONKvjT9kIJZWIWzgXrD%2BkXCscg7A63BMFAX7qznMTtNaaCzV%2BL%2BK8dNNr7d7JDh04GiIWW0LQwZckVX7OgHWaePz%2F5oXK9jEMhGssUddXXgo23gBXeUvqDtm%2FYfAqVJ1sQ9bgy42YqiRzP"}],"group":"cf-nel","max_age":604800}
feature-policy: none
accept-ranges: bytes
cf-ray: 8bea28086e3618f9-FRA

GET .json
api.rename-service0.workers.dev/otSDKStub.js/consent// 0
0

GET
H2 200 css
api.rename-service0.workers.dev/ 7 KB
1 KB 44ms
43ms Stylesheet
text/css 2606:4700:3034::6815:4d99
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.rename-service0.workers.dev/css?family=PT+Sans:400

Requested by

Host: shiny-mountain-deed.zoi81lc2.workers.dev
URL: blob:https://shiny-mountain-deed.zoi81lc2.workers.dev/3689aefc-93fb-4bb3-bb5f-1178871c7a8f

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:4d99 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eb39af57479f04518b464a917a20921f9f25739ec733cba0e5f1d5b7315a4a57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 23:56:31 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 113242
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: unsafe-url
server: cloudflare
etag: W/"css.1da7928062"
vary: Accept-Encoding
x-frame-options: DENY
content-type: text/css; charset=utf-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AkiIFQoOQD6P3b6SXfuNDErKsvOLy8%2B5HAjRomi6WzHOBMqNIgzUYa7Lq55WdTEwYv4cwTDIXanDZkf0KlMxpB6kGrrgdjYWlvQ1Ex1W2YqTX8BNjhq0EN3sY6U14ecyaX1meoqQpe0kOh%2BPY9OSuY9b%2FKNwv5lNRfsaKgFU"}],"group":"cf-nel","max_age":604800}
feature-policy: none
cf-ray: 8bea28087e3c18f9-FRA

GET
H2 200 css
api.rename-service0.workers.dev/ 7 KB
1 KB 44ms
42ms Stylesheet
text/css 2606:4700:3034::6815:4d99
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.rename-service0.workers.dev/css?family=PT+Sans:700

Requested by

Host: shiny-mountain-deed.zoi81lc2.workers.dev
URL: blob:https://shiny-mountain-deed.zoi81lc2.workers.dev/3689aefc-93fb-4bb3-bb5f-1178871c7a8f

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:4d99 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eb39af57479f04518b464a917a20921f9f25739ec733cba0e5f1d5b7315a4a57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 23:56:31 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 113242
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: unsafe-url
server: cloudflare
etag: W/"css.1da7928062"
vary: Accept-Encoding
x-frame-options: DENY
content-type: text/css; charset=utf-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k76tQqoQgFs%2Fc7SWNQYZlQIN8lPLIlHM%2Fk7FZHdJfnQHi9ttHL2rolsqXz0Sg50uqu6Id5xVEMDgmHQsZSMqgksjv5S9QTf%2Bl69iP22zN1ZAYx3cskXAH%2Bx26K%2FeHZ1FMJ5v%2Bkcc1rXv6VZ4MTG3UsuMUJMu3OfjvpAyn8Vw"}],"group":"cf-nel","max_age":604800}
feature-policy: none
cf-ray: 8bea28087e3e18f9-FRA

GET
H2 200 css
api.rename-service0.workers.dev/ 7 KB
1012 B 44ms
43ms Stylesheet
text/css 2606:4700:3034::6815:4d99
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.rename-service0.workers.dev/css?family=PT+Sans:400italic

Requested by

Host: shiny-mountain-deed.zoi81lc2.workers.dev
URL: blob:https://shiny-mountain-deed.zoi81lc2.workers.dev/3689aefc-93fb-4bb3-bb5f-1178871c7a8f

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:4d99 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eb39af57479f04518b464a917a20921f9f25739ec733cba0e5f1d5b7315a4a57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 23:56:31 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 113242
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: unsafe-url
server: cloudflare
etag: W/"css.1da7928062"
vary: Accept-Encoding
x-frame-options: DENY
content-type: text/css; charset=utf-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=orC1%2BMXol29AoI98gS80wq%2BeRi843Ab1owvI6Xat84NKIlVdK%2BSGeiuwYRqeOenC8Zwt2VuUecgfaDuWnIz8rOYlC6Au6B5x9ScZ0ZkQdzCzh8K3jLdvX3YOjhy6mP6F2NP8DMp4IZyP4cHNeC64BJOm0htXdLMlOPLaQsnA"}],"group":"cf-nel","max_age":604800}
feature-policy: none
cf-ray: 8bea28087e4018f9-FRA

GET
H2 200 css
api.rename-service0.workers.dev/ 7 KB
1009 B 44ms
43ms Stylesheet
text/css 2606:4700:3034::6815:4d99
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.rename-service0.workers.dev/css?family=PT+Sans:700italic

Requested by

Host: shiny-mountain-deed.zoi81lc2.workers.dev
URL: blob:https://shiny-mountain-deed.zoi81lc2.workers.dev/3689aefc-93fb-4bb3-bb5f-1178871c7a8f

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:4d99 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eb39af57479f04518b464a917a20921f9f25739ec733cba0e5f1d5b7315a4a57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 23:56:31 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 113242
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: unsafe-url
server: cloudflare
etag: W/"css.1da7928062"
vary: Accept-Encoding
x-frame-options: DENY
content-type: text/css; charset=utf-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3ViglT%2BufVwF1vR9s%2F1HZg9tYJpHTXvtLRyfqNTc6gKn%2FhGVlNtUY9%2F4Atz98dXl6SQFLdqMYut7Zhh1GSyaR1LOFzS3JZRAhFZ6xa9RLZo10XGL3XdV%2BQ2j0bgwVP9z0oCdF0gnOKkkrI0B7u2kMZd5wVFSLBkk4gHEhfEs"}],"group":"cf-nel","max_age":604800}
feature-policy: none
cf-ray: 8bea28087e4118f9-FRA

GET
H2 200 font-1.2.css
api.rename-service0.workers.dev/ 2 KB
616 B 46ms
45ms Stylesheet
text/css 2606:4700:3034::6815:4d99
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.rename-service0.workers.dev/font-1.2.css

Requested by

Host: shiny-mountain-deed.zoi81lc2.workers.dev
URL: blob:https://shiny-mountain-deed.zoi81lc2.workers.dev/3689aefc-93fb-4bb3-bb5f-1178871c7a8f

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:4d99 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2cdc08c78d317a7163dcdd852e85319c477d5272897a250d28e562f699f9d6e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 23:56:31 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 104592
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: unsafe-url
server: cloudflare
etag: W/"font-1.2.c193dd3ef6.css"
vary: Accept-Encoding
x-frame-options: DENY
content-type: text/css; charset=utf-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HWW3n57sXKlGFQgZhwUeYJoFDysGZ%2BqiQcj1zf6I%2BCbc7WJhMkbh5W%2B%2BgEPgTtI8c6hWwBSboApStcSri9zAXSl%2BWADIJJqFkIXtC0BOD3JUl%2BV0I3k3rZVrmSsGym8Tzj0EbaLV75agOL4xvHxoAOcTnbLy%2FT%2FCohBp%2BU9U"}],"group":"cf-nel","max_age":604800}
feature-policy: none
cf-ray: 8bea28087e4218f9-FRA

GET
H2 200 redesign_fonts.css
api.rename-service0.workers.dev/ 5 KB
766 B 45ms
44ms Stylesheet
text/css 2606:4700:3034::6815:4d99
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.rename-service0.workers.dev/redesign_fonts.css

Requested by

Host: shiny-mountain-deed.zoi81lc2.workers.dev
URL: blob:https://shiny-mountain-deed.zoi81lc2.workers.dev/3689aefc-93fb-4bb3-bb5f-1178871c7a8f

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:4d99 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cc15754d44e7ee5a41927be3ef6b902cae28014d57ae6f591eb576f221bd237c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 23:56:31 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7148
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: unsafe-url
server: cloudflare
etag: W/"redesign_fonts.ab1e65f9f5.css"
vary: Accept-Encoding
x-frame-options: DENY
content-type: text/css; charset=utf-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Eduk6v6%2F8xiVcSPG8AiLJUAVYAw%2B4ePbKNYtqHaA1Q70l5UyQJz8nnxSsOydh3fvL3wP%2FdkKDsbZFLWd9%2BEwJKcyAMufyGB%2FhfN4PZ35p10m4gKAS95pQD3XyUykESiQynKpL1R2qYOwVRjtZ284EtcyQoTEgF96ZQYO8J04"}],"group":"cf-nel","max_age":604800}
feature-policy: none
cf-ray: 8bea28087e4318f9-FRA

GET
H2 200 base_external.css
api.rename-service0.workers.dev/ 30 KB
6 KB 45ms
44ms Stylesheet
text/css 2606:4700:3034::6815:4d99
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.rename-service0.workers.dev/base_external.css

Requested by

Host: shiny-mountain-deed.zoi81lc2.workers.dev
URL: blob:https://shiny-mountain-deed.zoi81lc2.workers.dev/3689aefc-93fb-4bb3-bb5f-1178871c7a8f

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:4d99 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

891410621746b2ff6d1e4830eb0d819521c9b01e9e213257fcd4d2f554ff1a61

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 23:56:31 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7148
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: unsafe-url
server: cloudflare
etag: W/"base_external.4e102eeb51.css"
vary: Accept-Encoding
x-frame-options: DENY
content-type: text/css; charset=utf-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xEO0Sk%2BsPyaDAvzNTD6OBpCV9684r5MMWIxuK%2FHrddM4etjXM6OU31JSEfH1iUMuZ4bqMjqSlphvMkZy7YS38F2zFo%2FJOiBEGBuAd3QbDjS9QMcYJ60ETvehk2TpGKulMyNa9QyiAz7%2BWyCcLmAhjSXvjZRVlwtzawHRYogS"}],"group":"cf-nel","max_age":604800}
feature-policy: none
cf-ray: 8bea28087e4418f9-FRA

GET
H2 200 166.css
api.rename-service0.workers.dev/ 428 B
563 B 46ms
45ms Stylesheet
text/css 2606:4700:3034::6815:4d99
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.rename-service0.workers.dev/166.css

Requested by

Host: shiny-mountain-deed.zoi81lc2.workers.dev
URL: blob:https://shiny-mountain-deed.zoi81lc2.workers.dev/3689aefc-93fb-4bb3-bb5f-1178871c7a8f

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:4d99 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c98d3a9b8c08a5813b773e49994d1ada4cb43a72f655c71b8efa33dbacc3f60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 23:56:31 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7148
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: unsafe-url
server: cloudflare
etag: W/"166.32916c6d57.css"
vary: Accept-Encoding
x-frame-options: DENY
content-type: text/css; charset=utf-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3ehAGzt3eBOKdvQjbOz5Zkn7xIUVmKP0TR012YoJKss67I9CqqETjDZJGP8Nru06p7AG06PBSe5kqcNb%2F8VAaO767Lawg4sJM%2BjYIj8CoavlQH0sAWn5datEuWYBKwnBx%2BfJhBR7bthqOvxnFd1uGCJJm6CFCPh%2FpEc1akPh"}],"group":"cf-nel","max_age":604800}
feature-policy: none
cf-ray: 8bea28087e4518f9-FRA

GET
H2 200 theme.css
api.rename-service0.workers.dev/ 37 KB
8 KB 92ms
91ms Stylesheet
text/css 2606:4700:3034::6815:4d99
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.rename-service0.workers.dev/theme.css

Requested by

Host: shiny-mountain-deed.zoi81lc2.workers.dev
URL: blob:https://shiny-mountain-deed.zoi81lc2.workers.dev/3689aefc-93fb-4bb3-bb5f-1178871c7a8f

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::6815:4d99 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

92023afd6feb8f5fe2ab0b2622ddae9e26d5027996df15fe0b33714c7f3dba37

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 23:56:31 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: unsafe-url
server: cloudflare
etag: W/"theme.5cf2c65f5e.css"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TLwEtJnU6WnpQlIKSpy%2BLLr6DkBb1h5%2BLmZOF8kx04EdHjGyHh2pihJdIeIH9iepJf6EVuYeFdZjvokQBdi03vhTydt5VDeOwCMxoEx6fuA%2BoaZHTbNnbl%2Fa3qp2U4IsFar%2FiaaNzV9K9luF6TnKKjBcTqgwttmC7912WCIZ"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
vary: Accept-Encoding
feature-policy: none
cf-ray: 8bea28087e4818f9-FRA

GET PTSans-Regular.ttf
api.rename-service0.workers.dev/PTSans/ 0
0

GET
H2 200 jizaRExUiTo99u79D0KExcOPIDU.woff2
fonts.gstatic.com/s/ptsans/v16/ 11 KB
12 KB 68ms
20ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v16/jizaRExUiTo99u79D0KExcOPIDU.woff2

Requested by

Host: api.rename-service0.workers.dev
URL: https://api.rename-service0.workers.dev/css?family=PT+Sans:400

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ce74486e1edf5e3a7f3d0235aff5fd17b7fa0c7832648ab170a516bb1b804a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://api.rename-service0.workers.dev/css?family=PT+Sans:400
Origin: https://shiny-mountain-deed.zoi81lc2.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Wed, 04 Sep 2024 02:43:02 GMT
x-content-type-options: nosniff
age: 162809
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11340
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 18:57:49 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 04 Sep 2025 02:43:02 GMT

GET
H3 200 782yfuiha4398.ico
imgs.rename-service0.workers.dev/ 1 KB
907 B 146ms
107ms Other
image/vnd.microsoft.icon 172.67.209.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://imgs.rename-service0.workers.dev/782yfuiha4398.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.209.83 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3ca433acb452f6a2c1459ce7f85b17da882d347b13990a275d55e2b15130116d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 23:56:31 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: unsafe-url
server: cloudflare
etag: W/"782yfuiha4398.49f6f302d9.ico"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6DPBU8zKVdl0vJ5r%2BWnZ3zZo%2FQE6LL%2FuWgkmAtlk%2BGYSARgVf53MKKdWIeJA7V7Iyudyb35w2D7SDqnHI579XP4pUtqHOIXdMAYBuWjPLDLX6qE%2B3lQnsFKBsSF4vNNiNXE%2BNQ4%2FprWUt4gWOWP6jfZmgw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/vnd.microsoft.icon
vary: Accept-Encoding
feature-policy: none
cf-ray: 8bea280aab473627-FRA

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: codesandbox.io
URL: https://codesandbox.io/api/v1/sandboxes/shiny-mountain-deed/phishing

Domain: shiny-mountain-deed.zoi81lc2.workers.dev
URL: https://shiny-mountain-deed.zoi81lc2.workers.dev/favicon.ico

Domain: api.rename-service0.workers.dev
URL: https://api.rename-service0.workers.dev/otSDKStub.js/consent//.json

Domain: api.rename-service0.workers.dev
URL: https://api.rename-service0.workers.dev/PTSans/PTSans-Regular.ttf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Ourtime.com (Online)

89 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.codesandbox.io/	1969-12-31 23:59:59	Name: _cfuvid Value: Z7kQULZV0DOTLQUKNJuJSf1ejbJ8vdJAZiIHEkOyeQo-1725580590163-0.0.1.1-604800000

12 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://shiny-mountain-deed.zoi81lc2.workers.dev/d4ac7d98-6751-4197-88fc-4310f116b2c5,n/a,https:/openphish.com/feed.txt,5-sep-24,low,medium(Line 41) Message: Access to fetch at 'https://codesandbox.io/api/v1/sandboxes/shiny-mountain-deed/phishing' from origin 'https://shiny-mountain-deed.zoi81lc2.workers.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
network	error	URL: https://codesandbox.io/api/v1/sandboxes/shiny-mountain-deed/phishing Message: Failed to load resource: net::ERR_FAILED
javascript	warning	(Line 22) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://api.rename-service0.workers.dev/otSDKStub.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	(Line 22) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://api.rename-service0.workers.dev/otSDKStub.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	(Line 22) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://api.rename-service0.workers.dev/js?id=UA-1817027-45, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	(Line 22) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://api.rename-service0.workers.dev/jquery-3.5.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	(Line 22) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://api.rename-service0.workers.dev/jquery-migrate-3.3.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	(Line 22) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://api.rename-service0.workers.dev/moment.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	error	URL: blob:https://shiny-mountain-deed.zoi81lc2.workers.dev/3689aefc-93fb-4bb3-bb5f-1178871c7a8f(Line 2) Message: Access to XMLHttpRequest at 'https://api.rename-service0.workers.dev/otSDKStub.js/consent//.json' from origin 'https://shiny-mountain-deed.zoi81lc2.workers.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://api.rename-service0.workers.dev/otSDKStub.js/consent//.json Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: blob:https://shiny-mountain-deed.zoi81lc2.workers.dev/3689aefc-93fb-4bb3-bb5f-1178871c7a8f Message: Access to font at 'https://api.rename-service0.workers.dev/PTSans/PTSans-Regular.ttf' from origin 'https://shiny-mountain-deed.zoi81lc2.workers.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://api.rename-service0.workers.dev/PTSans/PTSans-Regular.ttf Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.rename-service0.workers.dev
code.jquery.com
codesandbox.io
fonts.gstatic.com
imgs.rename-service0.workers.dev
shiny-mountain-deed.zoi81lc2.workers.dev
api.rename-service0.workers.dev
codesandbox.io
shiny-mountain-deed.zoi81lc2.workers.dev

172.64.144.247
172.67.209.83
188.114.97.3
2606:4700:3034::6815:4d99
2a00:1450:4001:82a::2003
2a04:4e42:400::649
0c98d3a9b8c08a5813b773e49994d1ada4cb43a72f655c71b8efa33dbacc3f60
11b947e74a7ba8f1d433b84ab7a719799ec0662a9035a8b4a2ab4d7d1eb2d681
1ce74486e1edf5e3a7f3d0235aff5fd17b7fa0c7832648ab170a516bb1b804a8
2cdc08c78d317a7163dcdd852e85319c477d5272897a250d28e562f699f9d6e4
2cfb61c5b4464a49bf1a1867ab3c06ad790468ab0d6b3dec415a5929b20dac85
3ca433acb452f6a2c1459ce7f85b17da882d347b13990a275d55e2b15130116d
5a52005e60e92f39a0744fe733d45496ad3769634edbbbc74df1267f9639f522
71020e37a4c15f51bf8379008061cef1a85b5c4be6ceb9f323cf4512ad04280c
7248b8c4a08b8a45d4add928a459a98f12d61c02f5a7886f14bec7084e8ffdcb
74850bad3411bc2540a6928159967088a555cb990e9569065a878e9e8a864830
891410621746b2ff6d1e4830eb0d819521c9b01e9e213257fcd4d2f554ff1a61
90a8d6a27a26f746b4b263102f4fe120e956d99e3789325aafc7d6b7ca0ff0e4
92023afd6feb8f5fe2ab0b2622ddae9e26d5027996df15fe0b33714c7f3dba37
cc15754d44e7ee5a41927be3ef6b902cae28014d57ae6f591eb576f221bd237c
d83c1971da9a52e3b35726a04195fdfdcabe9fb0bdfb632fb76920bd42642fc2
eb39af57479f04518b464a917a20921f9f25739ec733cba0e5f1d5b7315a4a57
f36844906ad2309877aae3121b87fb15b9e09803cb4c333adc7e1e35ac92e14b
feef649b1c3ad9cf3288bab5a38333144a9d4b4a979f3a86efd7811ab7a2cded

shiny-mountain-deed.zoi81lc2.workers.dev Open in urlscan Pro 188.114.97.3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

27 Requests

85 %HTTPS

43 %IPv6

4 Domains

6 Subdomains

8 IPs

3 Countries

594 kBTransfer

4988 kBSize

1 Cookies

8 Outgoing links

Page URL History

Redirected requests

27 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

89 JavaScript Global Variables

1 Cookies

12 Console Messages

Indicators

shiny-mountain-deed.zoi81lc2.workers.dev Open in urlscan Pro
188.114.97.3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

27
Requests

85 %
HTTPS

43 %
IPv6

4
Domains

6
Subdomains

8
IPs

3
Countries

594 kB
Transfer

4988 kB
Size

1
Cookies

27 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!