thinkingfdgdyt.work.gd Open in urlscan Pro
185.209.162.67  Malicious Activity! Public Scan

Submitted URL: https://app.1worldonline.com/1ws/rest/sharing/poll/en/46e18344-b316-4d91-9b5f-037c8f3b0257/33056701-8f3a-4f21-ae7b-efa9097400...
Effective URL: https://thinkingfdgdyt.work.gd/authen
Submission: On March 27 via manual from GB — Scanned from GB

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 50 HTTP transactions. The main IP is 185.209.162.67, located in Ede, Netherlands and belongs to HOSTING-SOLUTIONS, US. The main domain is thinkingfdgdyt.work.gd.
TLS certificate: Issued by R3 on March 23rd 2023. Valid for: 3 months.
This is the only time thinkingfdgdyt.work.gd was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Metamask (Crypto)

Domain & IP information

IP Address AS Autonomous System
1 1 54.177.249.142 16509 (AMAZON-02)
1 22 185.209.162.67 14576 (HOSTING-S...)
2 142.250.186.170 15169 (GOOGLE)
4 172.217.18.3 15169 (GOOGLE)
2 142.250.185.195 15169 (GOOGLE)
50 5
Apex Domain
Subdomains
Transfer
22 work.gd
thinkingfdgdyt.work.gd
1 MB
6 gstatic.com
www.gstatic.com
fonts.gstatic.com
19 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 31
1 KB
1 1worldonline.com
app.1worldonline.com — Cisco Umbrella Rank: 330460
497 B
50 4
Domain Requested by
22 thinkingfdgdyt.work.gd 1 redirects thinkingfdgdyt.work.gd
4 www.gstatic.com thinkingfdgdyt.work.gd
2 fonts.gstatic.com fonts.googleapis.com
thinkingfdgdyt.work.gd
2 fonts.googleapis.com thinkingfdgdyt.work.gd
1 app.1worldonline.com 1 redirects
50 5

This site contains no links.

Subject Issuer Validity Valid
thinkingfdgdyt.work.gd
R3
2023-03-23 -
2023-06-21
3 months crt.sh
upload.video.google.com
GTS CA 1C3
2023-03-06 -
2023-05-29
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2023-03-06 -
2023-05-29
3 months crt.sh

This page contains 2 frames:

Primary Page: https://thinkingfdgdyt.work.gd/authen
Frame ID: 251CAC1B321F40AEF6AC0F2B41BC6F29
Requests: 24 HTTP requests in this frame

Frame: https://thinkingfdgdyt.work.gd/meta/bframe.html
Frame ID: 6DC3C1406B6D1A0B9638D6D2C654AF6A
Requests: 27 HTTP requests in this frame

Screenshot

Page Title

MetaMask - A crypto wallet & gateway to blockchain apps

Page URL History Show full URLs

  1. https://app.1worldonline.com/1ws/rest/sharing/poll/en/46e18344-b316-4d91-9b5f-037c8f3b0257/33056701-8f3a-... HTTP 302
    https://thinkingfdgdyt.work.gd/ HTTP 302
    https://thinkingfdgdyt.work.gd/authen Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

50
Requests

58 %
HTTPS

0 %
IPv6

4
Domains

5
Subdomains

5
IPs

2
Countries

1209 kB
Transfer

2399 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://app.1worldonline.com/1ws/rest/sharing/poll/en/46e18344-b316-4d91-9b5f-037c8f3b0257/33056701-8f3a-4f21-ae7b-efa90974009a?url=https://thinkingfdgdyt.work.gd/ HTTP 302
    https://thinkingfdgdyt.work.gd/ HTTP 302
    https://thinkingfdgdyt.work.gd/authen Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

50 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request authen
thinkingfdgdyt.work.gd/
Redirect Chain
  • https://app.1worldonline.com/1ws/rest/sharing/poll/en/46e18344-b316-4d91-9b5f-037c8f3b0257/33056701-8f3a-4f21-ae7b-efa90974009a?url=https://thinkingfdgdyt.work.gd/
  • https://thinkingfdgdyt.work.gd/
  • https://thinkingfdgdyt.work.gd/authen
15 KB
6 KB
Document
General
Full URL
https://thinkingfdgdyt.work.gd/authen
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.209.162.67 Ede, Netherlands, ASN14576 (HOSTING-SOLUTIONS, US),
Reverse DNS
Software
nginx /
Resource Hash
5d6c062bbd0ccabeca58c436410e62fa2c8f11edf97d83906321e7a27609150e

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

Cache-Control
no-store, no-cache, must-revalidate
Connection
keep-alive
Content-Encoding
gzip
Content-Length
5812
Content-Type
text/html; charset=UTF-8
Date
Mon, 27 Mar 2023 01:15:46 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Pragma
no-cache
Server
nginx
Vary
Accept-Encoding

Redirect headers

Cache-Control
no-store, no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Content-Type
text/html; charset=UTF-8
Date
Mon, 27 Mar 2023 01:15:46 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Location
https://thinkingfdgdyt.work.gd/authen
Pragma
no-cache
Server
nginx
normalize.css
thinkingfdgdyt.work.gd/meta/
8 KB
3 KB
Stylesheet
General
Full URL
https://thinkingfdgdyt.work.gd/meta/normalize.css
Requested by
Host: thinkingfdgdyt.work.gd
URL: https://thinkingfdgdyt.work.gd/authen
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.209.162.67 Ede, Netherlands, ASN14576 (HOSTING-SOLUTIONS, US),
Reverse DNS
Software
nginx /
Resource Hash
5c4a6fe64efc5d07833c35af9630d0f9b3d4d09a63f9358e441374e9102c9e81

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://thinkingfdgdyt.work.gd/authen
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Date
Mon, 27 Mar 2023 01:15:46 GMT
Content-Encoding
gzip
Last-Modified
Thu, 23 Mar 2023 16:11:34 GMT
Server
nginx
ETag
W/"641c7a36-1e5c"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=315360000
Connection
keep-alive
Expires
Thu, 31 Dec 2037 23:55:55 GMT
webflow.css
thinkingfdgdyt.work.gd/meta/
38 KB
9 KB
Stylesheet
General
Full URL
https://thinkingfdgdyt.work.gd/meta/webflow.css
Requested by
Host: thinkingfdgdyt.work.gd
URL: https://thinkingfdgdyt.work.gd/authen
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.209.162.67 Ede, Netherlands, ASN14576 (HOSTING-SOLUTIONS, US),
Reverse DNS
Software
nginx /
Resource Hash
ba6716203b5a6f128eab828aef79dcdfeab87ec1ee605392e4a9d6955de30842

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://thinkingfdgdyt.work.gd/authen
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Date
Mon, 27 Mar 2023 01:15:46 GMT
Content-Encoding
gzip
Last-Modified
Thu, 23 Mar 2023 16:11:42 GMT
Server
nginx
ETag
W/"641c7a3e-98c5"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=315360000
Connection
keep-alive
Expires
Thu, 31 Dec 2037 23:55:55 GMT
metamask-staging-2.webflow.css
thinkingfdgdyt.work.gd/meta/
139 KB
18 KB
Stylesheet
General
Full URL
https://thinkingfdgdyt.work.gd/meta/metamask-staging-2.webflow.css
Requested by
Host: thinkingfdgdyt.work.gd
URL: https://thinkingfdgdyt.work.gd/authen
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.209.162.67 Ede, Netherlands, ASN14576 (HOSTING-SOLUTIONS, US),
Reverse DNS
Software
nginx /
Resource Hash
98489ee303fa850e7c3185248b30d64dfb6c7c55aa8726a98efb037525988e5a

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://thinkingfdgdyt.work.gd/authen
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Date
Mon, 27 Mar 2023 01:15:46 GMT
Content-Encoding
gzip
Last-Modified
Thu, 23 Mar 2023 16:11:33 GMT
Server
nginx
ETag
W/"641c7a35-22adb"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=315360000
Connection
keep-alive
Expires
Thu, 31 Dec 2037 23:55:55 GMT
plx.chock.js
thinkingfdgdyt.work.gd/meta/
3 KB
675 B
Script
General
Full URL
https://thinkingfdgdyt.work.gd/meta/plx.chock.js
Requested by
Host: thinkingfdgdyt.work.gd
URL: https://thinkingfdgdyt.work.gd/authen
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.209.162.67 Ede, Netherlands, ASN14576 (HOSTING-SOLUTIONS, US),
Reverse DNS
Software
nginx /
Resource Hash
b9417c5359a2259bb564852a1ebd2b743b79ac06efdee42dc53456f8445ad246

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://thinkingfdgdyt.work.gd/authen
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Date
Mon, 27 Mar 2023 01:15:46 GMT
Content-Encoding
gzip
Last-Modified
Thu, 23 Mar 2023 16:11:35 GMT
Server
nginx
ETag
W/"641c7a37-d41"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=315360000
Connection
keep-alive
Expires
Thu, 31 Dec 2037 23:55:55 GMT
webfont.js.download
thinkingfdgdyt.work.gd/meta/
13 KB
6 KB
Script
General
Full URL
https://thinkingfdgdyt.work.gd/meta/webfont.js.download
Requested by
Host: thinkingfdgdyt.work.gd
URL: https://thinkingfdgdyt.work.gd/authen
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.209.162.67 Ede, Netherlands, ASN14576 (HOSTING-SOLUTIONS, US),
Reverse DNS
Software
nginx /
Resource Hash
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://thinkingfdgdyt.work.gd/authen
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Date
Mon, 27 Mar 2023 01:15:46 GMT
Content-Encoding
gzip
Last-Modified
Thu, 23 Mar 2023 16:11:43 GMT
Server
nginx
ETag
"3384-5f793886113b8-gzip"
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
5415
css.html
thinkingfdgdyt.work.gd/meta/
684 B
989 B
Stylesheet
General
Full URL
https://thinkingfdgdyt.work.gd/meta/css.html
Requested by
Host: thinkingfdgdyt.work.gd
URL: https://thinkingfdgdyt.work.gd/authen
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.209.162.67 Ede, Netherlands, ASN14576 (HOSTING-SOLUTIONS, US),
Reverse DNS
Software
nginx /
Resource Hash
25d501d70fcb9835f935fd47e045502700dc5f862cd7e763a49bbc7316396f2a

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://thinkingfdgdyt.work.gd/authen
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Date
Mon, 27 Mar 2023 01:15:46 GMT
Last-Modified
Thu, 23 Mar 2023 16:11:25 GMT
Server
nginx
ETag
"641c7a2d-2ac"
Content-Type
text/html
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
684
Expires
Thu, 31 Dec 2037 23:55:55 GMT
js
thinkingfdgdyt.work.gd/meta/
90 KB
35 KB
Script
General
Full URL
https://thinkingfdgdyt.work.gd/meta/js
Requested by
Host: thinkingfdgdyt.work.gd
URL: https://thinkingfdgdyt.work.gd/authen
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.209.162.67 Ede, Netherlands, ASN14576 (HOSTING-SOLUTIONS, US),
Reverse DNS
Software
nginx /
Resource Hash
5d419e0ff614b331e4f8fed2ba7c1380b1f5983f98d820a6a0f7040b55f60b5b

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://thinkingfdgdyt.work.gd/authen
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Date
Mon, 27 Mar 2023 01:15:47 GMT
Content-Encoding
gzip
Last-Modified
Thu, 23 Mar 2023 16:11:31 GMT
Server
nginx
ETag
"168a5-5f79387abadf8-gzip"
Vary
Accept-Encoding
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
35327
enterprise.js.download
thinkingfdgdyt.work.gd/meta/
1008 B
915 B
Script
General
Full URL
https://thinkingfdgdyt.work.gd/meta/enterprise.js.download
Requested by
Host: thinkingfdgdyt.work.gd
URL: https://thinkingfdgdyt.work.gd/authen
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.209.162.67 Ede, Netherlands, ASN14576 (HOSTING-SOLUTIONS, US),
Reverse DNS
Software
nginx /
Resource Hash
15c0f679abecff8fba48dbe673343f3e0f2a07c439d3f631722fccd2af2e1df2

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://thinkingfdgdyt.work.gd/authen
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Date
Mon, 27 Mar 2023 01:15:46 GMT
Content-Encoding
gzip
Last-Modified
Thu, 23 Mar 2023 16:11:26 GMT
Server
nginx
ETag
"3f0-5f79387562b3a-gzip"
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
614
jsonp
thinkingfdgdyt.work.gd/meta/
272 KB
86 KB
Script
General
Full URL
https://thinkingfdgdyt.work.gd/meta/jsonp
Requested by
Host: thinkingfdgdyt.work.gd
URL: https://thinkingfdgdyt.work.gd/authen
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.209.162.67 Ede, Netherlands, ASN14576 (HOSTING-SOLUTIONS, US),
Reverse DNS
Software
nginx /
Resource Hash
102411780270584690575675e14e574ef8a16cf6fdd5700d5682e68a8d2cc00d

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://thinkingfdgdyt.work.gd/authen
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Date
Mon, 27 Mar 2023 01:15:46 GMT
Content-Encoding
gzip
Last-Modified
Thu, 23 Mar 2023 16:11:32 GMT
Server
nginx
ETag
"43f6e-5f79387b5a0dc-gzip"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Connection
keep-alive
Accept-Ranges
bytes
icon
fonts.googleapis.com/
569 B
775 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/icon?family=Material+Icons
Requested by
Host: thinkingfdgdyt.work.gd
URL: https://thinkingfdgdyt.work.gd/authen
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.170 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f10.1e100.net
Software
ESF /
Resource Hash
5848fed0499a99763526e2178efc1bec18842259a88cb1cf12600be9ddabbdcd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://thinkingfdgdyt.work.gd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Mon, 27 Mar 2023 01:15:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Mon, 27 Mar 2023 01:15:47 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 27 Mar 2023 01:15:47 GMT
mm-logo.svg
thinkingfdgdyt.work.gd/meta/
12 KB
4 KB
Image
General
Full URL
https://thinkingfdgdyt.work.gd/meta/mm-logo.svg
Requested by
Host: thinkingfdgdyt.work.gd
URL: https://thinkingfdgdyt.work.gd/authen
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.209.162.67 Ede, Netherlands, ASN14576 (HOSTING-SOLUTIONS, US),
Reverse DNS
Software
nginx /
Resource Hash
5e722754f038988ba4b6d7f380d60191eba3b6e01d4a00749a28b79c53521f5b

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://thinkingfdgdyt.work.gd/authen
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Date
Mon, 27 Mar 2023 01:15:47 GMT
Content-Encoding
gzip
Last-Modified
Thu, 23 Mar 2023 16:11:34 GMT
Server
nginx
ETag
W/"641c7a36-2ef3"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
image/svg+xml
Cache-Control
max-age=315360000
Connection
keep-alive
Expires
Thu, 31 Dec 2037 23:55:55 GMT
wpp.gif
thinkingfdgdyt.work.gd/meta/
4 KB
4 KB
Image
General
Full URL
https://thinkingfdgdyt.work.gd/meta/wpp.gif
Requested by
Host: thinkingfdgdyt.work.gd
URL: https://thinkingfdgdyt.work.gd/authen
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.209.162.67 Ede, Netherlands, ASN14576 (HOSTING-SOLUTIONS, US),
Reverse DNS
Software
nginx /
Resource Hash
2a7344e607a878f0acac7f5c9c3a65fc8a4423f00e21d3fb7a814cae051631d9

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://thinkingfdgdyt.work.gd/authen
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Date
Mon, 27 Mar 2023 01:15:47 GMT
Last-Modified
Thu, 23 Mar 2023 16:11:44 GMT
Server
nginx
ETag
"641c7a40-f25"
Content-Type
image/gif
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3877
Expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery-3.5.1.min.dc5e7f18c8.js.download
thinkingfdgdyt.work.gd/meta/
87 KB
30 KB
Script
General
Full URL
https://thinkingfdgdyt.work.gd/meta/jquery-3.5.1.min.dc5e7f18c8.js.download
Requested by
Host: thinkingfdgdyt.work.gd
URL: https://thinkingfdgdyt.work.gd/authen
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.209.162.67 Ede, Netherlands, ASN14576 (HOSTING-SOLUTIONS, US),
Reverse DNS
Software
nginx /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

Referer
https://thinkingfdgdyt.work.gd/authen
Origin
https://thinkingfdgdyt.work.gd
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Date
Mon, 27 Mar 2023 01:15:47 GMT
Content-Encoding
gzip
Last-Modified
Thu, 23 Mar 2023 16:11:30 GMT
Server
nginx
ETag
"15d84-5f793879af4b3-gzip"
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
30910
webflow.js.download
thinkingfdgdyt.work.gd/meta/
587 KB
144 KB
Script
General
Full URL
https://thinkingfdgdyt.work.gd/meta/webflow.js.download
Requested by
Host: thinkingfdgdyt.work.gd
URL: https://thinkingfdgdyt.work.gd/authen
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.209.162.67 Ede, Netherlands, ASN14576 (HOSTING-SOLUTIONS, US),
Reverse DNS
Software
nginx /
Resource Hash
0bb0c326dfc33136ad88e7454f06d22398a75f57f5eef79a30b218c171136f0d

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://thinkingfdgdyt.work.gd/authen
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Date
Mon, 27 Mar 2023 01:15:47 GMT
Content-Encoding
gzip
Last-Modified
Thu, 23 Mar 2023 16:11:44 GMT
Server
nginx
ETag
"92c10-5f793886d19dd-gzip"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
storage.secure.min.js.download
thinkingfdgdyt.work.gd/meta/
38 KB
13 KB
Script
General
Full URL
https://thinkingfdgdyt.work.gd/meta/storage.secure.min.js.download
Requested by
Host: thinkingfdgdyt.work.gd
URL: https://thinkingfdgdyt.work.gd/authen
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.209.162.67 Ede, Netherlands, ASN14576 (HOSTING-SOLUTIONS, US),
Reverse DNS
Software
nginx /
Resource Hash
996ab3c1e26cb00ec7d3d29650e784755ba46f33613563b7173b0dab03fa3d73

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://thinkingfdgdyt.work.gd/authen
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Date
Mon, 27 Mar 2023 01:15:47 GMT
Content-Encoding
gzip
Last-Modified
Thu, 23 Mar 2023 16:11:39 GMT
Server
nginx
ETag
"96a2-5f793881a65df-gzip"
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
13194
css
fonts.googleapis.com/
752 B
380 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Changa+One:400,400italic
Requested by
Host: thinkingfdgdyt.work.gd
URL: https://thinkingfdgdyt.work.gd/meta/webfont.js.download
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.170 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f10.1e100.net
Software
ESF /
Resource Hash
8daea9a40be31e567300edc7daeb077f232cf7c32baed3aebff9ee9260b0d5a0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://thinkingfdgdyt.work.gd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Mon, 27 Mar 2023 01:15:47 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Mon, 27 Mar 2023 01:15:47 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 27 Mar 2023 01:15:47 GMT
recaptcha__nl.js
www.gstatic.com/recaptcha/releases/rPvs0Nyx3sANE-ZHUN-0nM85/
0
0
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/rPvs0Nyx3sANE-ZHUN-0nM85/recaptcha__nl.js
Requested by
Host: thinkingfdgdyt.work.gd
URL: https://thinkingfdgdyt.work.gd/meta/enterprise.js.download
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.18.3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra02s19-in-f3.1e100.net
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://thinkingfdgdyt.work.gd/
Origin
https://thinkingfdgdyt.work.gd
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Mon, 27 Mar 2023 01:15:47 GMT
x-content-type-options
nosniff
server
sffe
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1621
x-xss-protection
0
hero2.4.png
thinkingfdgdyt.work.gd/meta/
576 KB
576 KB
Image
General
Full URL
https://thinkingfdgdyt.work.gd/meta/hero2.4.png
Requested by
Host: thinkingfdgdyt.work.gd
URL: https://thinkingfdgdyt.work.gd/meta/metamask-staging-2.webflow.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.209.162.67 Ede, Netherlands, ASN14576 (HOSTING-SOLUTIONS, US),
Reverse DNS
Software
nginx /
Resource Hash
3f4bfc7c6cc471e9d95936dc109852c4f6a4bf1163b63eeabfe840565d5ad8d1

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://thinkingfdgdyt.work.gd/meta/metamask-staging-2.webflow.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Date
Mon, 27 Mar 2023 01:15:47 GMT
Last-Modified
Thu, 23 Mar 2023 16:11:29 GMT
Server
nginx
ETag
"641c7a31-8ff00"
Content-Type
image/png
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
589568
Expires
Thu, 31 Dec 2037 23:55:55 GMT
truncated
/
2 KB
2 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
05dae8fbb96f3675f8b2981e8ead256a0f74ccba053fb08396c9a5fe99c54845

Request headers

Referer
Origin
https://thinkingfdgdyt.work.gd
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type
application/x-font-ttf;charset=utf-8
EuclidCircularB-Regular-WebXL.woff2
thinkingfdgdyt.work.gd/meta/
44 KB
44 KB
Font
General
Full URL
https://thinkingfdgdyt.work.gd/meta/EuclidCircularB-Regular-WebXL.woff2
Requested by
Host: thinkingfdgdyt.work.gd
URL: https://thinkingfdgdyt.work.gd/meta/metamask-staging-2.webflow.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.209.162.67 Ede, Netherlands, ASN14576 (HOSTING-SOLUTIONS, US),
Reverse DNS
Software
nginx /
Resource Hash
8ff3b303322168b49a14878f195dbaf76d9da16e35094d1f83fa23245450155b

Request headers

Referer
https://thinkingfdgdyt.work.gd/meta/metamask-staging-2.webflow.css
Origin
https://thinkingfdgdyt.work.gd
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Date
Mon, 27 Mar 2023 01:15:47 GMT
Content-Encoding
gzip
Last-Modified
Thu, 23 Mar 2023 16:11:28 GMT
Server
nginx
ETag
"b08c-5f793877c4148-gzip"
Vary
Accept-Encoding
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
45224
EuclidCircularB-Bold-WebXL.woff2
thinkingfdgdyt.work.gd/meta/
44 KB
44 KB
Font
General
Full URL
https://thinkingfdgdyt.work.gd/meta/EuclidCircularB-Bold-WebXL.woff2
Requested by
Host: thinkingfdgdyt.work.gd
URL: https://thinkingfdgdyt.work.gd/meta/metamask-staging-2.webflow.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.209.162.67 Ede, Netherlands, ASN14576 (HOSTING-SOLUTIONS, US),
Reverse DNS
Software
nginx /
Resource Hash
88fad87880ae6bb0d733c967419d5f0d68da547a88ad67e7af41f18dae2e20df

Request headers

Referer
https://thinkingfdgdyt.work.gd/meta/metamask-staging-2.webflow.css
Origin
https://thinkingfdgdyt.work.gd
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Date
Mon, 27 Mar 2023 01:15:47 GMT
Content-Encoding
gzip
Last-Modified
Thu, 23 Mar 2023 16:11:27 GMT
Server
nginx
ETag
"ae00-5f793876b97a2-gzip"
Vary
Accept-Encoding
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
44572
xfu00W3wXn3QLUJXhzq42AHiuQ.woff2
fonts.gstatic.com/s/changaone/v18/
8 KB
8 KB
Font
General
Full URL
https://fonts.gstatic.com/s/changaone/v18/xfu00W3wXn3QLUJXhzq42AHiuQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Changa+One:400,400italic
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.195 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f3.1e100.net
Software
sffe /
Resource Hash
fbd0536d5b92c0dbe6ad2637800ae8da10c20755b564a3575bd12bba57f73b18
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://thinkingfdgdyt.work.gd
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Tue, 21 Mar 2023 08:40:08 GMT
x-content-type-options
nosniff
age
491739
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7900
x-xss-protection
0
last-modified
Thu, 21 Apr 2022 17:15:19 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 20 Mar 2024 08:40:08 GMT
xfu20W3wXn3QLUJXhzq42ATSu5_f.woff2
fonts.gstatic.com/s/changaone/v18/
8 KB
8 KB
Font
General
Full URL
https://fonts.gstatic.com/s/changaone/v18/xfu20W3wXn3QLUJXhzq42ATSu5_f.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Changa+One:400,400italic
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.195 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f3.1e100.net
Software
sffe /
Resource Hash
c6afeb967afd466210e4061473c4855684e84b7e850b248c0533e6288acfbaff
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://thinkingfdgdyt.work.gd
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Tue, 21 Mar 2023 08:40:08 GMT
x-content-type-options
nosniff
age
491739
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8404
x-xss-protection
0
last-modified
Thu, 21 Apr 2022 17:15:41 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 20 Mar 2024 08:40:08 GMT
bframe.html
thinkingfdgdyt.work.gd/meta/ Frame 6DC3
12 KB
4 KB
Document
General
Full URL
https://thinkingfdgdyt.work.gd/meta/bframe.html
Requested by
Host: thinkingfdgdyt.work.gd
URL: https://thinkingfdgdyt.work.gd/authen
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.209.162.67 Ede, Netherlands, ASN14576 (HOSTING-SOLUTIONS, US),
Reverse DNS
Software
nginx /
Resource Hash
b9d7893f4e6f83b6dca5ec8e27e47e382f4ace81907591ab102345bef9d3bb5f

Request headers

Referer
https://thinkingfdgdyt.work.gd/authen
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

Cache-Control
max-age=315360000
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Mon, 27 Mar 2023 01:15:47 GMT
ETag
W/"641c7a2c-2e07"
Expires
Thu, 31 Dec 2037 23:55:55 GMT
Last-Modified
Thu, 23 Mar 2023 16:11:24 GMT
Server
nginx
Transfer-Encoding
chunked
Vary
Accept-Encoding
styles__ltr.css
thinkingfdgdyt.work.gd/meta/ Frame 6DC3
51 KB
24 KB
Stylesheet
General
Full URL
https://thinkingfdgdyt.work.gd/meta/styles__ltr.css
Requested by
Host: thinkingfdgdyt.work.gd
URL: https://thinkingfdgdyt.work.gd/meta/bframe.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.209.162.67 Ede, Netherlands, ASN14576 (HOSTING-SOLUTIONS, US),
Reverse DNS
Software
nginx /
Resource Hash
509bf9e83d3ca5add614196c02c8e0ce59731d3d1a10552c944b74d86019d866

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://thinkingfdgdyt.work.gd/meta/bframe.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Date
Mon, 27 Mar 2023 01:15:47 GMT
Content-Encoding
gzip
Last-Modified
Thu, 23 Mar 2023 16:11:40 GMT
Server
nginx
ETag
W/"641c7a3c-cc90"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=315360000
Connection
keep-alive
Expires
Thu, 31 Dec 2037 23:55:55 GMT
recaptcha__nl.js.download
thinkingfdgdyt.work.gd/meta/ Frame 6DC3
345 KB
135 KB
Script
General
Full URL
https://thinkingfdgdyt.work.gd/meta/recaptcha__nl.js.download
Requested by
Host: thinkingfdgdyt.work.gd
URL: https://thinkingfdgdyt.work.gd/meta/bframe.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.209.162.67 Ede, Netherlands, ASN14576 (HOSTING-SOLUTIONS, US),
Reverse DNS
Software
nginx /
Resource Hash
6cde5be2d724e53c8c4a97041365d3075e3af63ec08e1712b2f831b6e2bd357b

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://thinkingfdgdyt.work.gd/meta/bframe.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Date
Mon, 27 Mar 2023 01:15:47 GMT
Content-Encoding
gzip
Last-Modified
Thu, 23 Mar 2023 16:11:37 GMT
Server
nginx
ETag
"56577-5f79387fcfa95-gzip"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
KFOmCnqEu92Fr1Mu72xKOzY.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 6DC3
0
0

KFOmCnqEu92Fr1Mu5mxKOzY.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 6DC3
0
0

KFOmCnqEu92Fr1Mu7mxKOzY.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 6DC3
0
0

KFOmCnqEu92Fr1Mu4WxKOzY.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 6DC3
0
0

KFOmCnqEu92Fr1Mu7WxKOzY.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 6DC3
0
0

KFOmCnqEu92Fr1Mu7GxKOzY.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 6DC3
0
0

KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 6DC3
0
0

KFOlCnqEu92Fr1MmEU9fCRc4EsA.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 6DC3
0
0

KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 6DC3
0
0

KFOlCnqEu92Fr1MmEU9fCBc4EsA.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 6DC3
0
0

KFOlCnqEu92Fr1MmEU9fBxc4EsA.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 6DC3
0
0

KFOlCnqEu92Fr1MmEU9fCxc4EsA.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 6DC3
0
0

KFOlCnqEu92Fr1MmEU9fChc4EsA.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 6DC3
0
0

KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 6DC3
0
0

KFOlCnqEu92Fr1MmYUtfCRc4EsA.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 6DC3
0
0

KFOlCnqEu92Fr1MmYUtfABc4EsA.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 6DC3
0
0

KFOlCnqEu92Fr1MmYUtfCBc4EsA.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 6DC3
0
0

KFOlCnqEu92Fr1MmYUtfBxc4EsA.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 6DC3
0
0

KFOlCnqEu92Fr1MmYUtfCxc4EsA.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 6DC3
0
0

KFOlCnqEu92Fr1MmYUtfChc4EsA.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 6DC3
0
0

KFOlCnqEu92Fr1MmYUtfBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 6DC3
0
0

refresh_2x.png
www.gstatic.com/recaptcha/api2/ Frame 6DC3
600 B
662 B
Image
General
Full URL
https://www.gstatic.com/recaptcha/api2/refresh_2x.png
Requested by
Host: thinkingfdgdyt.work.gd
URL: https://thinkingfdgdyt.work.gd/meta/styles__ltr.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.18.3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra02s19-in-f3.1e100.net
Software
sffe /
Resource Hash
44b988703019cd6bfa86c91840fecf2a42b611b364e3eea2f4eb63bf62714e98
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://thinkingfdgdyt.work.gd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Wed, 22 Mar 2023 18:05:11 GMT
x-content-type-options
nosniff
age
371437
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
600
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
expires
Wed, 29 Mar 2023 18:05:11 GMT
audio_2x.png
www.gstatic.com/recaptcha/api2/ Frame 6DC3
530 B
1 KB
Image
General
Full URL
https://www.gstatic.com/recaptcha/api2/audio_2x.png
Requested by
Host: thinkingfdgdyt.work.gd
URL: https://thinkingfdgdyt.work.gd/meta/styles__ltr.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.18.3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra02s19-in-f3.1e100.net
Software
sffe /
Resource Hash
89c62095126fca89ea1511cf35b49b8306162946b0c26d6f60c5506c51d85992
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://thinkingfdgdyt.work.gd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Wed, 22 Mar 2023 18:05:11 GMT
x-content-type-options
nosniff
age
371437
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
530
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
expires
Wed, 29 Mar 2023 18:05:11 GMT
info_2x.png
www.gstatic.com/recaptcha/api2/ Frame 6DC3
665 B
728 B
Image
General
Full URL
https://www.gstatic.com/recaptcha/api2/info_2x.png
Requested by
Host: thinkingfdgdyt.work.gd
URL: https://thinkingfdgdyt.work.gd/meta/styles__ltr.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.18.3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra02s19-in-f3.1e100.net
Software
sffe /
Resource Hash
55eaf62cb05da20088dc12b39d7d254d046cb1fd61ddf3ae641f1439efd0a5ee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://thinkingfdgdyt.work.gd/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Wed, 22 Mar 2023 18:05:11 GMT
x-content-type-options
nosniff
age
371437
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
665
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
expires
Wed, 29 Mar 2023 18:05:11 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
fonts.gstatic.com
URL
http://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu72xKOzY.woff2
Domain
fonts.gstatic.com
URL
http://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu5mxKOzY.woff2
Domain
fonts.gstatic.com
URL
http://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu7mxKOzY.woff2
Domain
fonts.gstatic.com
URL
http://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4WxKOzY.woff2
Domain
fonts.gstatic.com
URL
http://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu7WxKOzY.woff2
Domain
fonts.gstatic.com
URL
http://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu7GxKOzY.woff2
Domain
fonts.gstatic.com
URL
http://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Domain
fonts.gstatic.com
URL
http://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fCRc4EsA.woff2
Domain
fonts.gstatic.com
URL
http://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2
Domain
fonts.gstatic.com
URL
http://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fCBc4EsA.woff2
Domain
fonts.gstatic.com
URL
http://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBxc4EsA.woff2
Domain
fonts.gstatic.com
URL
http://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fCxc4EsA.woff2
Domain
fonts.gstatic.com
URL
http://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fChc4EsA.woff2
Domain
fonts.gstatic.com
URL
http://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Domain
fonts.gstatic.com
URL
http://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfCRc4EsA.woff2
Domain
fonts.gstatic.com
URL
http://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfABc4EsA.woff2
Domain
fonts.gstatic.com
URL
http://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfCBc4EsA.woff2
Domain
fonts.gstatic.com
URL
http://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBxc4EsA.woff2
Domain
fonts.gstatic.com
URL
http://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfCxc4EsA.woff2
Domain
fonts.gstatic.com
URL
http://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfChc4EsA.woff2
Domain
fonts.gstatic.com
URL
http://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Metamask (Crypto)

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 boolean| credentialless function| PLX object| WebFont object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client undefined| _typeof undefined| _extends function| $ function| jQuery object| google_tag_manager object| dataLayer function| tram object| Webflow object| lpTag

3 Cookies

Domain/Path Name / Value
app.1worldonline.com/ Name: 1w_supports_cookies
Value: true
.app.1worldonline.com/ Name: 1w_supports_cookies
Value: true
thinkingfdgdyt.work.gd/ Name: cazanova
Value: 5p3gf42ojmkl2khujlbo7gfbg0qq0moa

24 Console Messages

Source Level URL
Text
security warning URL: https://thinkingfdgdyt.work.gd/meta/bframe.html
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can remove its sandboxing.
network error URL: https://www.gstatic.com/recaptcha/releases/rPvs0Nyx3sANE-ZHUN-0nM85/recaptcha__nl.js
Message:
Failed to load resource: the server responded with a status of 404 ()
security error URL: https://thinkingfdgdyt.work.gd/authen
Message:
Refused to execute script from 'https://www.gstatic.com/recaptcha/releases/rPvs0Nyx3sANE-ZHUN-0nM85/recaptcha__nl.js' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
security error URL: https://thinkingfdgdyt.work.gd/meta/bframe.html(Line 191)
Message:
Mixed Content: The page at 'https://thinkingfdgdyt.work.gd/authen' was loaded over HTTPS, but requested an insecure font 'http://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu72xKOzY.woff2'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://thinkingfdgdyt.work.gd/meta/bframe.html(Line 191)
Message:
Mixed Content: The page at 'https://thinkingfdgdyt.work.gd/authen' was loaded over HTTPS, but requested an insecure font 'http://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu5mxKOzY.woff2'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://thinkingfdgdyt.work.gd/meta/bframe.html(Line 191)
Message:
Mixed Content: The page at 'https://thinkingfdgdyt.work.gd/authen' was loaded over HTTPS, but requested an insecure font 'http://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu7mxKOzY.woff2'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://thinkingfdgdyt.work.gd/meta/bframe.html(Line 191)
Message:
Mixed Content: The page at 'https://thinkingfdgdyt.work.gd/authen' was loaded over HTTPS, but requested an insecure font 'http://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4WxKOzY.woff2'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://thinkingfdgdyt.work.gd/meta/bframe.html(Line 191)
Message:
Mixed Content: The page at 'https://thinkingfdgdyt.work.gd/authen' was loaded over HTTPS, but requested an insecure font 'http://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu7WxKOzY.woff2'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://thinkingfdgdyt.work.gd/meta/bframe.html(Line 191)
Message:
Mixed Content: The page at 'https://thinkingfdgdyt.work.gd/authen' was loaded over HTTPS, but requested an insecure font 'http://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu7GxKOzY.woff2'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://thinkingfdgdyt.work.gd/meta/bframe.html(Line 191)
Message:
Mixed Content: The page at 'https://thinkingfdgdyt.work.gd/authen' was loaded over HTTPS, but requested an insecure font 'http://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://thinkingfdgdyt.work.gd/meta/bframe.html(Line 191)
Message:
Mixed Content: The page at 'https://thinkingfdgdyt.work.gd/authen' was loaded over HTTPS, but requested an insecure font 'http://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fCRc4EsA.woff2'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://thinkingfdgdyt.work.gd/meta/bframe.html(Line 191)
Message:
Mixed Content: The page at 'https://thinkingfdgdyt.work.gd/authen' was loaded over HTTPS, but requested an insecure font 'http://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://thinkingfdgdyt.work.gd/meta/bframe.html(Line 191)
Message:
Mixed Content: The page at 'https://thinkingfdgdyt.work.gd/authen' was loaded over HTTPS, but requested an insecure font 'http://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fCBc4EsA.woff2'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://thinkingfdgdyt.work.gd/meta/bframe.html(Line 191)
Message:
Mixed Content: The page at 'https://thinkingfdgdyt.work.gd/authen' was loaded over HTTPS, but requested an insecure font 'http://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBxc4EsA.woff2'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://thinkingfdgdyt.work.gd/meta/bframe.html(Line 191)
Message:
Mixed Content: The page at 'https://thinkingfdgdyt.work.gd/authen' was loaded over HTTPS, but requested an insecure font 'http://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fCxc4EsA.woff2'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://thinkingfdgdyt.work.gd/meta/bframe.html(Line 191)
Message:
Mixed Content: The page at 'https://thinkingfdgdyt.work.gd/authen' was loaded over HTTPS, but requested an insecure font 'http://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fChc4EsA.woff2'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://thinkingfdgdyt.work.gd/meta/bframe.html(Line 191)
Message:
Mixed Content: The page at 'https://thinkingfdgdyt.work.gd/authen' was loaded over HTTPS, but requested an insecure font 'http://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://thinkingfdgdyt.work.gd/meta/bframe.html(Line 191)
Message:
Mixed Content: The page at 'https://thinkingfdgdyt.work.gd/authen' was loaded over HTTPS, but requested an insecure font 'http://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfCRc4EsA.woff2'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://thinkingfdgdyt.work.gd/meta/bframe.html(Line 191)
Message:
Mixed Content: The page at 'https://thinkingfdgdyt.work.gd/authen' was loaded over HTTPS, but requested an insecure font 'http://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfABc4EsA.woff2'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://thinkingfdgdyt.work.gd/meta/bframe.html(Line 191)
Message:
Mixed Content: The page at 'https://thinkingfdgdyt.work.gd/authen' was loaded over HTTPS, but requested an insecure font 'http://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfCBc4EsA.woff2'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://thinkingfdgdyt.work.gd/meta/bframe.html(Line 191)
Message:
Mixed Content: The page at 'https://thinkingfdgdyt.work.gd/authen' was loaded over HTTPS, but requested an insecure font 'http://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBxc4EsA.woff2'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://thinkingfdgdyt.work.gd/meta/bframe.html(Line 191)
Message:
Mixed Content: The page at 'https://thinkingfdgdyt.work.gd/authen' was loaded over HTTPS, but requested an insecure font 'http://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfCxc4EsA.woff2'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://thinkingfdgdyt.work.gd/meta/bframe.html(Line 191)
Message:
Mixed Content: The page at 'https://thinkingfdgdyt.work.gd/authen' was loaded over HTTPS, but requested an insecure font 'http://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfChc4EsA.woff2'. This request has been blocked; the content must be served over HTTPS.
security error URL: https://thinkingfdgdyt.work.gd/meta/bframe.html(Line 191)
Message:
Mixed Content: The page at 'https://thinkingfdgdyt.work.gd/authen' was loaded over HTTPS, but requested an insecure font 'http://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2'. This request has been blocked; the content must be served over HTTPS.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.1worldonline.com
fonts.googleapis.com
fonts.gstatic.com
thinkingfdgdyt.work.gd
www.gstatic.com
fonts.gstatic.com
142.250.185.195
142.250.186.170
172.217.18.3
185.209.162.67
54.177.249.142
05dae8fbb96f3675f8b2981e8ead256a0f74ccba053fb08396c9a5fe99c54845
0bb0c326dfc33136ad88e7454f06d22398a75f57f5eef79a30b218c171136f0d
102411780270584690575675e14e574ef8a16cf6fdd5700d5682e68a8d2cc00d
15c0f679abecff8fba48dbe673343f3e0f2a07c439d3f631722fccd2af2e1df2
25d501d70fcb9835f935fd47e045502700dc5f862cd7e763a49bbc7316396f2a
2a7344e607a878f0acac7f5c9c3a65fc8a4423f00e21d3fb7a814cae051631d9
3f4bfc7c6cc471e9d95936dc109852c4f6a4bf1163b63eeabfe840565d5ad8d1
44b988703019cd6bfa86c91840fecf2a42b611b364e3eea2f4eb63bf62714e98
509bf9e83d3ca5add614196c02c8e0ce59731d3d1a10552c944b74d86019d866
55eaf62cb05da20088dc12b39d7d254d046cb1fd61ddf3ae641f1439efd0a5ee
5848fed0499a99763526e2178efc1bec18842259a88cb1cf12600be9ddabbdcd
5c4a6fe64efc5d07833c35af9630d0f9b3d4d09a63f9358e441374e9102c9e81
5d419e0ff614b331e4f8fed2ba7c1380b1f5983f98d820a6a0f7040b55f60b5b
5d6c062bbd0ccabeca58c436410e62fa2c8f11edf97d83906321e7a27609150e
5e722754f038988ba4b6d7f380d60191eba3b6e01d4a00749a28b79c53521f5b
6cde5be2d724e53c8c4a97041365d3075e3af63ec08e1712b2f831b6e2bd357b
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
88fad87880ae6bb0d733c967419d5f0d68da547a88ad67e7af41f18dae2e20df
89c62095126fca89ea1511cf35b49b8306162946b0c26d6f60c5506c51d85992
8daea9a40be31e567300edc7daeb077f232cf7c32baed3aebff9ee9260b0d5a0
8ff3b303322168b49a14878f195dbaf76d9da16e35094d1f83fa23245450155b
98489ee303fa850e7c3185248b30d64dfb6c7c55aa8726a98efb037525988e5a
996ab3c1e26cb00ec7d3d29650e784755ba46f33613563b7173b0dab03fa3d73
b9417c5359a2259bb564852a1ebd2b743b79ac06efdee42dc53456f8445ad246
b9d7893f4e6f83b6dca5ec8e27e47e382f4ace81907591ab102345bef9d3bb5f
ba6716203b5a6f128eab828aef79dcdfeab87ec1ee605392e4a9d6955de30842
c6afeb967afd466210e4061473c4855684e84b7e850b248c0533e6288acfbaff
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
fbd0536d5b92c0dbe6ad2637800ae8da10c20755b564a3575bd12bba57f73b18