cold-firefly-51a4.7f8y7gpb.workers.dev Open in urlscan Pro
172.67.196.84  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H3	200	Primary Request / Show response cold-firefly-51a4.7f8y7gpb.workers.dev/	8 MB 1 MB	185ms 119ms	Document text/html	172.67.196.84 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cold-firefly-51a4.7f8y7gpb.workers.dev/ Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.196.84 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash cfd0298bc181fc1035cde58207eefe237d960e255816faa8f5ca84db319248d8 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers alt-svc h3=":443"; ma=86400 cf-ray 8c1e335beee4ac6c-YYZ content-encoding br content-type text/html;charset=UTF-8 date Thu, 12 Sep 2024 07:31:54 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fgSKmPIGRgcz7hR4a0Nx%2BR%2FEcwsWNqkmR%2BQP68slV4PgCLsd2Eog9Z1c8bfysbRjyaGLt%2Bn2OTnXIWsjBDtrHJcX9lkg5VMFeRBR6Lr8x%2ByzSvDnqdUCDhiWs6rgaAK25BEy1W8z0miNyPbzWYMJDzF0X4Kg%2BHCReg%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H2	200	jquery-3.4.1.min.js Show response code.jquery.com/	86 KB 30 KB	67ms 16ms	Script application/javascript	2a04:4e42:600::649 FASTLY
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.4.1.min.js Requested by Host: cold-firefly-51a4.7f8y7gpb.workers.dev URL: https://cold-firefly-51a4.7f8y7gpb.workers.dev/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:600::649 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a Request headers Referer https://cold-firefly-51a4.7f8y7gpb.workers.dev/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Thu, 12 Sep 2024 07:31:55 GMT content-encoding gzip via 1.1 varnish, 1.1 varnish age 3719556 x-cache HIT, HIT cross-origin-resource-policy cross-origin content-length 30638 x-served-by cache-lga21965-LGA, cache-yul1970031-YUL last-modified Fri, 18 Oct 1991 12:00:00 GMT server nginx x-timer S1726126315.039039,VS0,VE0 etag W/"28feccc0-15851" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=604800 accept-ranges bytes x-cache-hits 141255, 15256
GET BLOB	200 OK	7a180528-d5a6-455c-aa02-735e597ac258 Show response https://cold-firefly-51a4.7f8y7gpb.workers.dev/	6 MB 0		Document text/html
General Check archive.org Show headers Download Go to Full URL blob:https://cold-firefly-51a4.7f8y7gpb.workers.dev/7a180528-d5a6-455c-aa02-735e597ac258 Requested by Host: cold-firefly-51a4.7f8y7gpb.workers.dev URL: https://cold-firefly-51a4.7f8y7gpb.workers.dev/ Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 006d13446a73f1316d98e97d3f25636ce45e4b8ef784c8302a5f05b75d2c0f5e Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers Content-Length 5966154 Content-Type text/html
GET		favicon.ico cold-firefly-51a4.7f8y7gpb.workers.dev/	0 0
GET H2	200	jquery.min.js Show response ajax.googleapis.com/ajax/libs/jquery/2.2.4/	84 KB 30 KB	97ms 25ms	Script text/javascript	2607:f8b0:4006:81e::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js Requested by Host: cold-firefly-51a4.7f8y7gpb.workers.dev URL: https://cold-firefly-51a4.7f8y7gpb.workers.dev/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:81e::200a , United States, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers date Thu, 12 Sep 2024 06:12:28 GMT content-encoding gzip x-content-type-options nosniff age 4770 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 30028 x-xss-protection 0 last-modified Tue, 03 Mar 2020 19:15:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="hosted-libraries-pushers" vary Accept-Encoding report-to {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]} content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=2592000 accept-ranges bytes timing-allow-origin * expires Fri, 12 Sep 2025 06:12:28 GMT
GET H2	200	jquery-3.1.1.min.js Show response code.jquery.com/	85 KB 30 KB	24ms 24ms	Script application/javascript	2a04:4e42:600::649 FASTLY
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.1.1.min.js Requested by Host: cold-firefly-51a4.7f8y7gpb.workers.dev URL: https://cold-firefly-51a4.7f8y7gpb.workers.dev/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:600::649 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash 85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers date Thu, 12 Sep 2024 07:31:58 GMT content-encoding gzip via 1.1 varnish, 1.1 varnish age 2248897 x-cache HIT, HIT cross-origin-resource-policy cross-origin content-length 30070 x-served-by cache-lga21947-LGA, cache-yul1970031-YUL last-modified Fri, 18 Oct 1991 12:00:00 GMT server nginx x-timer S1726126318.040709,VS0,VE0 etag W/"28feccc0-152b5" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=604800 accept-ranges bytes x-cache-hits 29176, 2999
GET H2	200	jquery-3.3.1.js Show response code.jquery.com/	265 KB 79 KB	57ms 16ms	Script application/javascript	2a04:4e42:600::649 FASTLY
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.3.1.js Requested by Host: cold-firefly-51a4.7f8y7gpb.workers.dev URL: https://cold-firefly-51a4.7f8y7gpb.workers.dev/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:600::649 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash d8aa24ecc6cecb1a60515bc093f1c9da38a0392612d9ab8ae0f7f36e6eee1fad Request headers Referer Origin https://cold-firefly-51a4.7f8y7gpb.workers.dev User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers date Thu, 12 Sep 2024 07:31:58 GMT content-encoding gzip via 1.1 varnish, 1.1 varnish age 2586380 x-cache HIT, HIT cross-origin-resource-policy cross-origin content-length 80268 x-served-by cache-lga21980-LGA, cache-yul1970045-YUL last-modified Fri, 18 Oct 1991 12:00:00 GMT server nginx x-timer S1726126318.091384,VS0,VE0 etag W/"28feccc0-42587" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=604800 accept-ranges bytes x-cache-hits 2907, 17285
GET H2	200	css fonts.googleapis.com/	1 KB 903 B	131ms 44ms	Stylesheet text/css	2607:f8b0:4006:81e::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Archivo+Narrow&display=swap Requested by Host: cold-firefly-51a4.7f8y7gpb.workers.dev URL: https://cold-firefly-51a4.7f8y7gpb.workers.dev/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:81e::200a , United States, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash aae65c231008861c6430ebe296c926e728c4d2ccb1492f86e42d760e9b67d9a5 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers strict-transport-security max-age=31536000 date Thu, 12 Sep 2024 07:31:58 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Thu, 12 Sep 2024 06:23:01 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Thu, 12 Sep 2024 07:31:58 GMT
GET H2	200	licenses.css gnupubcsrell.web.app/	231 KB 18 KB	242ms 156ms	Stylesheet text/css	2620:0:890::100 FASTLY
General Check archive.org Show headers Download Go to Full URL https://gnupubcsrell.web.app/licenses.css Requested by Host: cold-firefly-51a4.7f8y7gpb.workers.dev URL: https://cold-firefly-51a4.7f8y7gpb.workers.dev/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2620:0:890::100 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash a031fefa66ad90bfc60b91569ae5e2c9570d15d5c03ed05cd09614fda2a3fdd9 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers x-cache-hits 0 strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding br date Thu, 12 Sep 2024 07:31:58 GMT last-modified Mon, 17 Oct 2022 11:44:03 GMT x-timer S1726126318.139481,VS0,VE139 etag "79f88e11ec44c8116f386d9e34559a130e323e9724d9045ae102d5e6af2e1225-br" vary x-fh-requested-host, accept-encoding x-cache MISS content-type text/css; charset=utf-8 cache-control max-age=3600 accept-ranges bytes alt-svc h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 content-length 18083 x-served-by cache-yul1970035-YUL
GET H2	200	gnufree.css gnupubcsrell.web.app/	2 KB 728 B	103ms 17ms	Stylesheet text/css	2620:0:890::100 FASTLY
General Check archive.org Show headers Download Go to Full URL https://gnupubcsrell.web.app/gnufree.css Requested by Host: cold-firefly-51a4.7f8y7gpb.workers.dev URL: https://cold-firefly-51a4.7f8y7gpb.workers.dev/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2620:0:890::100 , United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash ae728bfe46bf1f4d967361e2ba62cf64bf141b96614b97fb343809e030faaec0 Security Headers Name Value Strict-Transport-Security max-age=31556926; includeSubDomains; preload Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers x-cache-hits 0 strict-transport-security max-age=31556926; includeSubDomains; preload content-encoding br date Thu, 12 Sep 2024 07:31:58 GMT last-modified Mon, 17 Oct 2022 11:44:03 GMT x-timer S1726126318.139457,VS0,VE1 etag "d9834886ba930fd7d5958f436ed289ab215eec8c01ad0d7c28a12df7cd1a1ebb-br" vary x-fh-requested-host, accept-encoding x-cache HIT content-type text/css; charset=utf-8 cache-control max-age=3600 accept-ranges bytes alt-svc h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400 content-length 364 x-served-by cache-yul1970035-YUL
GET H2	200	favicon_a_eupayfgghqiai7k9sol6lg2.ico aadcdn.msauth.net/ests/2.1/content/images/	17 KB 17 KB	155ms 60ms	Image image/x-icon	2620:1ec:29:1::40 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico Requested by Host: cold-firefly-51a4.7f8y7gpb.workers.dev URL: https://cold-firefly-51a4.7f8y7gpb.workers.dev/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2620:1ec:29:1::40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21 Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Thu, 12 Sep 2024 07:31:58 GMT x-cache TCP_HIT x-fd-int-roxy-purgeid 4554691 content-length 17174 x-ms-lease-status unlocked last-modified Fri, 02 Nov 2018 20:25:25 GMT etag 0x8D6410152A9D7E1 x-azure-ref 20240912T073158Z-154fc9b58c86rqlxggk9qkgcvn000000096g0000000015e2 content-type image/x-icon access-control-allow-origin * x-ms-request-id ce537ed0-201e-004b-2cee-fd48ba000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=604800 x-ms-version 2009-09-19 accept-ranges bytes
GET H2	200	jquery-3.2.1.slim.min.js Show response code.jquery.com/	68 KB 23 KB	56ms 18ms	Script application/javascript	2a04:4e42:600::649 FASTLY
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.2.1.slim.min.js Requested by Host: cold-firefly-51a4.7f8y7gpb.workers.dev URL: https://cold-firefly-51a4.7f8y7gpb.workers.dev/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:600::649 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash 9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398 Request headers Referer Origin https://cold-firefly-51a4.7f8y7gpb.workers.dev User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers date Thu, 12 Sep 2024 07:31:58 GMT content-encoding gzip via 1.1 varnish, 1.1 varnish age 3887908 x-cache HIT, HIT cross-origin-resource-policy cross-origin content-length 23856 x-served-by cache-lga21963-LGA, cache-yul1970045-YUL last-modified Fri, 18 Oct 1991 12:00:00 GMT server nginx x-timer S1726126318.091464,VS0,VE0 etag W/"28feccc0-10fdd" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=604800 accept-ranges bytes x-cache-hits 76551, 32792
GET H3	200	popper.min.js Show response cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/	19 KB 7 KB	67ms 31ms	Script application/javascript	104.17.24.14 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js Requested by Host: cold-firefly-51a4.7f8y7gpb.workers.dev URL: https://cold-firefly-51a4.7f8y7gpb.workers.dev/ Protocol H3 Security QUIC, , AES_128_GCM Server 104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers Referer Origin https://cold-firefly-51a4.7f8y7gpb.workers.dev User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers date Thu, 12 Sep 2024 07:31:58 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=15780000 age 63221 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 6157 last-modified Mon, 04 May 2020 16:15:37 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb03fa9-4af4" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Mz7bOIxhoFv1ZH5V2LraR4H4JzCGNQC3VHX2EW8RATUIC%2FJ%2Bbo8WZ16y6xIsVuWM6yfr5y4BoVLgM6A7hWp0rS5MQ%2B9d6zXiruB1BCPQ54q5GCT%2FDb7bax2Baa07lXjAq%2Bb4ylUS"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 accept-ranges bytes timing-allow-origin * cf-ray 8c1e3370184fa214-YYZ expires Tue, 02 Sep 2025 07:31:58 GMT
GET H3	200	bootstrap.min.js Show response maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/	48 KB 15 KB	74ms 37ms	Script application/javascript	104.18.10.207 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js Requested by Host: cold-firefly-51a4.7f8y7gpb.workers.dev URL: https://cold-firefly-51a4.7f8y7gpb.workers.dev/ Protocol H3 Security QUIC, , AES_128_GCM Server 104.18.10.207 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer Origin https://cold-firefly-51a4.7f8y7gpb.workers.dev User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers date Thu, 12 Sep 2024 07:31:58 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT cdn-edgestorageid 1067 strict-transport-security max-age=31536000; includeSubDomains; preload age 23560 cdn-cachedat 04/02/2024 02:05:57 cdn-pullzone 252412 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 last-modified Mon, 25 Jan 2021 22:04:04 GMT cdn-proxyver 1.04 cdn-requestpullcode 200 server cloudflare etag W/"14d449eb8876fa55e1ef3c2cc52b0c17" vary Accept-Encoding, Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cdn-cache HIT cdn-uid b1941f61-b576-4f40-80de-5677acb38f74 cache-control public, max-age=31919000 cdn-requestid cb3201d8e93adf4d54e82f62e13ac032 timing-allow-origin * cdn-requestcountrycode US cdn-status 200 cf-ray 8c1e33701fd7ab72-YYZ cdn-requestpullsuccess True
GET H2	200	all.css use.fontawesome.com/releases/v5.7.0/css/	53 KB 12 KB	111ms 34ms	Stylesheet text/css	2606:4700:3036::6815:1b98 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://use.fontawesome.com/releases/v5.7.0/css/all.css Requested by Host: cold-firefly-51a4.7f8y7gpb.workers.dev URL: blob:https://cold-firefly-51a4.7f8y7gpb.workers.dev/7a180528-d5a6-455c-aa02-735e597ac258 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::6815:1b98 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash afdc6bf2de981ffd7d370b76f44e7580572f197efbe214b9cfa4005d189d8eae Request headers Referer Origin https://cold-firefly-51a4.7f8y7gpb.workers.dev User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Thu, 12 Sep 2024 07:31:58 GMT content-encoding br cf-cache-status HIT last-modified Fri, 22 Sep 2023 01:45:47 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 23560 etag W/"251d28bd755f5269a4531df8a81d5664" vary Origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AWNsw3yjxypHV0qlZeVbM7PaMXGQcPacXJYm%2BROzgAD7999Kf2nRfD11yL7Cs4oIhUxLZOfRL5KevZh%2BLVK9kOI0qwNDefntfIU4wg0w631ui%2FgWpNM4ImAloyHxmcjeyzf0SUsts8XPx%2BD9R00gOb%2BQ"}],"group":"cf-nel","max_age":604800} content-type text/css access-control-allow-origin * cache-control max-age=31556926 cf-ray 8c1e3371a929abd9-YYZ alt-svc h3=":443"; ma=86400
GET H2	200	favicon_a_eupayfgghqiai7k9sol6lg2.ico aadcdn.msauth.net/ests/2.1/content/images/	17 KB 0	2ms 2ms	Image image/x-icon	2620:1ec:29:1::40 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico Requested by Host: cold-firefly-51a4.7f8y7gpb.workers.dev URL: blob:https://cold-firefly-51a4.7f8y7gpb.workers.dev/7a180528-d5a6-455c-aa02-735e597ac258 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2620:1ec:29:1::40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21 Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Thu, 12 Sep 2024 07:31:58 GMT x-cache TCP_HIT x-fd-int-roxy-purgeid 4554691 content-length 17174 x-ms-lease-status unlocked last-modified Fri, 02 Nov 2018 20:25:25 GMT etag 0x8D6410152A9D7E1 x-azure-ref 20240912T073158Z-154fc9b58c86rqlxggk9qkgcvn000000096g0000000015e2 content-type image/x-icon access-control-allow-origin * x-ms-request-id ce537ed0-201e-004b-2cee-fd48ba000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=604800 x-ms-version 2009-09-19 accept-ranges bytes
GET H2	200	2_bc3d32a696895f78c19df6c717586a5d.svg aadcdn.msauth.net/shared/1.0/content/images/backgrounds/	2 KB 1 KB	26ms 25ms	Image image/svg+xml	2620:1ec:29:1::40 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg Requested by Host: gnupubcsrell.web.app URL: https://gnupubcsrell.web.app/licenses.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2620:1ec:29:1::40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68 Request headers Referer https://gnupubcsrell.web.app/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers x-ms-blob-type BlockBlob date Thu, 12 Sep 2024 07:31:58 GMT content-encoding gzip x-cache TCP_HIT x-fd-int-roxy-purgeid 4554691 content-length 673 x-ms-lease-status unlocked last-modified Wed, 12 Feb 2020 22:01:30 GMT etag 0x8D7B0071D86E386 x-azure-ref 20240912T073158Z-154fc9b58c86rqlxggk9qkgcvn000000096g0000000015e4 content-type image/svg+xml access-control-allow-origin * x-ms-request-id e0694695-001e-0026-320c-008b4e000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 accept-ranges bytes
GET H2	200	fa-solid-900.woff2 use.fontawesome.com/releases/v5.7.0/webfonts/	73 KB 73 KB	33ms 31ms	Font font/woff2	2606:4700:3036::6815:1b98 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://use.fontawesome.com/releases/v5.7.0/webfonts/fa-solid-900.woff2 Requested by Host: use.fontawesome.com URL: https://use.fontawesome.com/releases/v5.7.0/css/all.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::6815:1b98 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 658cf43db24e9d4c57890e958aa74656a13139754de24f19e706f0a355279e4d Request headers Referer https://use.fontawesome.com/releases/v5.7.0/css/all.css Origin https://cold-firefly-51a4.7f8y7gpb.workers.dev User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Thu, 12 Sep 2024 07:31:58 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 23559 alt-svc h3=":443"; ma=86400 content-length 74316 last-modified Fri, 22 Sep 2023 01:45:49 GMT server cloudflare etag "52134b924fd61958f88323845deffc64" vary Origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XfPZxhyGaBQEi5VJlSkONRKH%2BfCPb7tY7YjA92C9c3MWUEjPMqGKKv5kO9p%2BNSMZhlyZGmxb1mQRapZpx5cv5lm9V0SET2AGFx2T4Vnd5KTCx9XhNJpfALHsEdD0OXgVQkOW5AqxePUXoHw3s56K0KUY"}],"group":"cf-nel","max_age":604800} content-type font/woff2 access-control-allow-origin * cache-control max-age=31556926 accept-ranges bytes cf-ray 8c1e33724961abd9-YYZ
GET H2	200	jquery.min.js Show response ajax.googleapis.com/ajax/libs/jquery/2.2.4/	84 KB 0	1ms 0ms	Script text/javascript	2607:f8b0:4006:81e::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js Requested by Host: cold-firefly-51a4.7f8y7gpb.workers.dev URL: blob:https://cold-firefly-51a4.7f8y7gpb.workers.dev/7a180528-d5a6-455c-aa02-735e597ac258 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4006:81e::200a , United States, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 Response headers date Thu, 12 Sep 2024 06:12:28 GMT content-encoding gzip x-content-type-options nosniff age 4770 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 30028 x-xss-protection 0 last-modified Tue, 03 Mar 2020 19:15:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="hosted-libraries-pushers" vary Accept-Encoding report-to {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]} content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=2592000 accept-ranges bytes timing-allow-origin * expires Fri, 12 Sep 2025 06:12:28 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

cold-firefly-51a4.7f8y7gpb.workers.dev

URL

https://cold-firefly-51a4.7f8y7gpb.workers.dev/favicon.ico

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online) Microsoft (Consumer)

129 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| s string| m string| _0xodn number| _0xodn_ object| _0x3edd function| _0x1d52 function| $ function| jQuery string| _0xodj number| _0xodj_ object| _0x5c6b function| _0x20c0 string| _0xodq number| _0xodq_ object| _0x2bc2 function| _0x5e45 string| _0xod7 number| _0xod7_ object| _0x36e9 function| _0x1832 string| _0xodr number| _0xodr_ object| _0x2c2e function| _0x53ea string| _0xodi number| _0xodi_ object| _0xc6d8 function| _0x2586 string| _0xodI number| _0xodI_ object| _0x9a70 function| _0xcd47 function| Popper object| bootstrap function| llLL6y4CA56nC1o2nfu6se6iii function| iIiI6y4CA56nC1o2nfu6se6iiii object| dL2_WEq function| lLUYzR object| iTcvFlH number| X5VxSa object| Uohvrj string| hzB63R string| qfM167 string| Ony9_h string| kthPdU string| BKpel3 string| bxCaLUi string| QMpqPUU string| XB_qVaw string| GBW2aUh string| OgTzzD1 string| HRGX0D string| WlNJHhI string| nPvKUQ2 string| KEcxhFn string| CR_hVo string| rctPok string| x7Np7AF string| b_xaTd2 string| BAxzwah string| wpPUo25 string| GlFjIR string| l7p0fdN string| ii23b3 string| BSLtyt string| AKXoxb string| kObiaR string| g07VXE string| VZKRBl string| XJmsC8 string| z6WfonF string| v3R3cY string| Mt50Z6 string| MuMoV7s string| FWRgk6N string| yDi8Yz string| lkxJUA string| FafGnGy string| tOYazL string| KqRzIE string| jT5Tn0 string| GusLZbb string| DVjrNbB string| YEHZxG8 string| mPHHEwL string| DJlRSv string| m65vCf8 string| ZFU_HWC string| MEeGzY4 string| ufOaoN string| d8pmAT string| FdYXFUF string| O1cq4o string| FH6KFe1 string| RaBTk9A string| mYzykG string| CcEqnN9 string| aknLMC string| TJijXRx string| dC9HGWh string| GQR247M string| kGa3J_ string| M9JoBVD string| PVAbLQ1 string| PcHs05q string| F9RVdo string| R6sVK0 string| eBIUDg string| tUxsRzV string| eiGBhSF string| EdL1q0 object| cY0wtI1 object| BNXKoU object| K_DSAal object| fVxwNJt function| gNfGwa function| du4guc4 function| Zo_rnU function| XN_Tnz function| llll6y4ca56nc1o2nfu6se6iii function| llll6y4ca56nc1o2nfu6se6lii function| gq6MSo function| S4A81o0 function| llli6y4ca56nc1o2nfu6se6iiii function| VqkMzp function| EqIiebK function| YEYkDj function| YeeMgsm function| llll6y4ca56nc1o2nfu6se6iiii

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	(Line 1) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	(Line 1) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	(Line 1) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-3.1.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-3.3.1.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-3.2.1.slim.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aadcdn.msauth.net
ajax.googleapis.com
cdnjs.cloudflare.com
code.jquery.com
cold-firefly-51a4.7f8y7gpb.workers.dev
fonts.googleapis.com
gnupubcsrell.web.app
maxcdn.bootstrapcdn.com
use.fontawesome.com
cold-firefly-51a4.7f8y7gpb.workers.dev

104.17.24.14
104.18.10.207
172.67.196.84
2606:4700:3036::6815:1b98
2607:f8b0:4006:81e::200a
2620:0:890::100
2620:1ec:29:1::40
2a04:4e42:600::649
006d13446a73f1316d98e97d3f25636ce45e4b8ef784c8302a5f05b75d2c0f5e
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
658cf43db24e9d4c57890e958aa74656a13139754de24f19e706f0a355279e4d
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398
a031fefa66ad90bfc60b91569ae5e2c9570d15d5c03ed05cd09614fda2a3fdd9
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
aae65c231008861c6430ebe296c926e728c4d2ccb1492f86e42d760e9b67d9a5
ae728bfe46bf1f4d967361e2ba62cf64bf141b96614b97fb343809e030faaec0
afdc6bf2de981ffd7d370b76f44e7580572f197efbe214b9cfa4005d189d8eae
cfd0298bc181fc1035cde58207eefe237d960e255816faa8f5ca84db319248d8
d8aa24ecc6cecb1a60515bc093f1c9da38a0392612d9ab8ae0f7f36e6eee1fad
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b