secure-mode-0f73.0k3d76dx.workers.dev Open in urlscan Pro
104.21.67.12 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://secure-mode-0f73.0k3d76dx.workers.dev/e955a5c7-dc7e-4387-b1a0-ec1ce07d5822
Submission: On January 02 via api (January 2nd 2024, 11:18:23 am UTC) from US — Scanned from US

Summary HTTP 22 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 6 IPs in 2 countries across 3 domains to perform 22 HTTP transactions. The main IP is 104.21.67.12, located in and belongs to CLOUDFLARENET, US. The main domain is secure-mode-0f73.0k3d76dx.workers.dev.
TLS certificate: Issued by GTS CA 1P5 on December 1st 2023. Valid for: 3 months.

This is the only time secure-mode-0f73.0k3d76dx.workers.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Ourtime.com (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	104.21.67.12 104.21.67.12	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	172.64.154.107 172.64.154.107	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.2.137 151.101.2.137	54113 (FASTLY) (FASTLY)
1		() ()
15	172.67.209.83 172.67.209.83	13335 (CLOUDFLAR...) (CLOUDFLARENET)
22	6

1 104.21.67.12 (None, )

ASN13335 (CLOUDFLARENET, US)

secure-mode-0f73.0k3d76dx.workers.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.64.154.107 (United States)

ASN13335 (CLOUDFLARENET, US)

codesandbox.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.2.137 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 (None, )

ASN- ()

secure-mode-0f73.0k3d76dx.workers.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 172.67.209.83 (United States)

ASN13335 (CLOUDFLARENET, US)

api.rename-service0.workers.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	workers.dev secure-mode-0f73.0k3d76dx.workers.dev api.rename-service0.workers.dev	1 MB
3	codesandbox.io codesandbox.io — Cisco Umbrella Rank: 223757	48 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 1219	30 KB
22	3

	Domain	Requested by
15	api.rename-service0.workers.dev	secure-mode-0f73.0k3d76dx.workers.dev
3	codesandbox.io	secure-mode-0f73.0k3d76dx.workers.dev codesandbox.io
2	secure-mode-0f73.0k3d76dx.workers.dev	secure-mode-0f73.0k3d76dx.workers.dev
1	code.jquery.com	secure-mode-0f73.0k3d76dx.workers.dev
22	4

This site contains links to these domains. Also see Links.

Domain
www.ourtime.com
www.match.com
www.matchmediagroup.com
www.chemistry.com
www.blackpeoplemeet.com
www.bbpeoplemeet.com

Subject Issuer	Validity	Valid
0k3d76dx.workers.dev GTS CA 1P5	`2023-12-01` - `2024-02-29`	3 months	crt.sh
codesandbox.io E1	`2023-12-28` - `2024-03-27`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh
rename-service0.workers.dev GTS CA 1P5	`2023-12-10` - `2024-03-09`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://secure-mode-0f73.0k3d76dx.workers.dev/e955a5c7-dc7e-4387-b1a0-ec1ce07d5822
Frame ID: EF8B21AC40AEAB8DAB1E436819461529
Requests: 22 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

OurTime.com - The 50+ Single Network

Detected technologies

Moment.js (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

moment(?:\.min)?\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

otSDKStub\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

22
Requests

95 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

6
IPs

2
Countries

1351 kB
Transfer

12153 kB
Size

1
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: https://www.ourtime.com/?notrack
Title: home

Search URL Search Domain Scan URL

URL: https://www.ourtime.com/v3/billing/
Title: billing

Search URL Search Domain Scan URL

URL: https://www.match.com/cp/careers/CurrentOpenings.html
Title: careers

Search URL Search Domain Scan URL

URL: https://www.matchmediagroup.com/
Title: advertise with us

Search URL Search Domain Scan URL

URL: https://www.match.com/
Title: Match.com

Search URL Search Domain Scan URL

URL: https://www.chemistry.com/
Title: Chemistry.com

Search URL Search Domain Scan URL

URL: https://www.blackpeoplemeet.com/?notrack
Title: Black Singles

Search URL Search Domain Scan URL

URL: https://www.bbpeoplemeet.com/?notrack
Title: Big and Beautiful

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

22 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request e955a5c7-dc7e-4387-b1a0-ec1ce07d5822 secure-mode-0f73.0k3d76dx.workers.dev/	7 MB 1 MB	2029ms 1936ms	Document text/html	104.21.67.12 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://secure-mode-0f73.0k3d76dx.workers.dev/e955a5c7-dc7e-4387-b1a0-ec1ce07d5822 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.67.12 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 accept-language en-US,en;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cache-control private, max-age=0, no-cache, no-store cf-cache-status DYNAMIC cf-ray 83f29987cb3836c0-YYZ content-encoding br content-type text/html date Tue, 02 Jan 2024 11:18:11 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4pDdivkAmj8jD4cus1cwmjxO4J2daAE77SYZ35onoEWNJn3a68tP6KQMlsxJetoMpEiOS48TXNEc08qLrg4kGynBV1hfbXs8ROuEOqfWHTwKBz%2FIMGrSz%2BchoXDzznIHT8S6gEYr9tcpdgNNee71vp58grO6c5yV"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding via 1.1 google x-request-id F6aDrXQWez7dxeofbPOH
GET H2	200	sse-hooks.350c89a8d06431c89209943b3882c89f.js Show response codesandbox.io/public/sse-hooks/	172 KB 45 KB	116ms 51ms	Script application/javascript	172.64.154.107 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://codesandbox.io/public/sse-hooks/sse-hooks.350c89a8d06431c89209943b3882c89f.js Requested by Host: secure-mode-0f73.0k3d76dx.workers.dev URL: https://secure-mode-0f73.0k3d76dx.workers.dev/e955a5c7-dc7e-4387-b1a0-ec1ce07d5822 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.64.154.107 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `59f17efc9fc32fc73c0451ed936286b0e690dc43282472a9d70ab785c68d4c98` Request headers accept-language en-US,en;q=0.9 Referer https://secure-mode-0f73.0k3d76dx.workers.dev/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Tue, 02 Jan 2024 11:18:11 GMT via 1.1 google content-encoding br cf-cache-status HIT age 2160303 alt-svc h3=":443"; ma=86400 last-modified Fri, 08 Dec 2023 11:11:17 GMT server cloudflare etag W/"6572f9d5-2b197" vary Accept-Encoding access-control-allow-methods GET content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 cf-ray 83f299946fc139cc-YYZ expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	banner.d9cb10a38.js Show response codesandbox.io/static/js/	4 KB 2 KB	111ms 47ms	Script application/javascript	172.64.154.107 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://codesandbox.io/static/js/banner.d9cb10a38.js Requested by Host: secure-mode-0f73.0k3d76dx.workers.dev URL: https://secure-mode-0f73.0k3d76dx.workers.dev/e955a5c7-dc7e-4387-b1a0-ec1ce07d5822 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.64.154.107 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `74850bad3411bc2540a6928159967088a555cb990e9569065a878e9e8a864830` Request headers accept-language en-US,en;q=0.9 Referer https://secure-mode-0f73.0k3d76dx.workers.dev/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Tue, 02 Jan 2024 11:18:11 GMT via 1.1 google content-encoding br cf-cache-status HIT age 2863954 alt-svc h3=":443"; ma=86400 last-modified Mon, 27 Nov 2023 09:17:00 GMT server cloudflare etag W/"65645e8c-efa" vary Accept-Encoding access-control-allow-methods GET content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 cf-ray 83f299946fc039cc-YYZ expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	jquery-3.4.1.min.js Show response code.jquery.com/	86 KB 30 KB	96ms 30ms	Script application/javascript	151.101.2.137 FASTLY
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.4.1.min.js Requested by Host: secure-mode-0f73.0k3d76dx.workers.dev URL: https://secure-mode-0f73.0k3d76dx.workers.dev/e955a5c7-dc7e-4387-b1a0-ec1ce07d5822 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.2.137 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash `0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a` Request headers accept-language en-US,en;q=0.9 Referer https://secure-mode-0f73.0k3d76dx.workers.dev/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Tue, 02 Jan 2024 11:18:11 GMT content-encoding gzip via 1.1 varnish, 1.1 varnish age 9393691 x-cache HIT, HIT content-length 30638 x-served-by cache-lga21965-LGA, cache-yyz4576-YYZ last-modified Fri, 18 Oct 1991 12:00:00 GMT server nginx x-timer S1704194292.903558,VS0,VE0 etag W/"28feccc0-15851" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=604800 accept-ranges bytes x-cache-hits 407, 178597
GET		phishing codesandbox.io/api/v1/sandboxes/secure-mode-0f73/	0 0

GET H3	200	watermark-button.eeb14a97b.js codesandbox.io/static/js/	3 KB 2 KB	40ms 40ms	Script application/javascript	172.64.154.107 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://codesandbox.io/static/js/watermark-button.eeb14a97b.js Requested by Host: secure-mode-0f73.0k3d76dx.workers.dev URL: https://secure-mode-0f73.0k3d76dx.workers.dev/e955a5c7-dc7e-4387-b1a0-ec1ce07d5822 Protocol H3 Security QUIC, , AES_128_GCM Server 172.64.154.107 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://secure-mode-0f73.0k3d76dx.workers.dev/ Origin https://secure-mode-0f73.0k3d76dx.workers.dev accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Tue, 02 Jan 2024 11:18:12 GMT via 1.1 google content-encoding br cf-cache-status HIT age 383989 alt-svc h3=":443"; ma=86400 last-modified Fri, 08 Dec 2023 11:11:12 GMT server cloudflare etag W/"6572f9d0-ac1" vary Accept-Encoding access-control-allow-methods GET content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 cf-ray 83f299996e32711c-YYZ expires Thu, 31 Dec 2037 23:55:55 GMT
GET BLOB	200 OK	f4610ab0-c824-4c4b-922b-3b13e9abb047 Show response https://secure-mode-0f73.0k3d76dx.workers.dev/	5 MB 0		Document text/html
General Check archive.org Show headers Download Go to Full URL blob:https://secure-mode-0f73.0k3d76dx.workers.dev/f4610ab0-c824-4c4b-922b-3b13e9abb047 Requested by Host: secure-mode-0f73.0k3d76dx.workers.dev URL: https://secure-mode-0f73.0k3d76dx.workers.dev/e955a5c7-dc7e-4387-b1a0-ec1ce07d5822 Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash `8ac8b6e059665d05f7d6a65bb6a2ed1cdbf6178293370b20964fbb7c1dbdc737` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 accept-language en-US,en;q=0.9 Response headers Content-Length 5216462 Content-Type text/html
GET H2	500	otSDKStub.js api.rename-service0.workers.dev/	0 0	72ms 32ms	Script text/plain	172.67.209.83 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.rename-service0.workers.dev/otSDKStub.js Requested by Host: secure-mode-0f73.0k3d76dx.workers.dev URL: https://secure-mode-0f73.0k3d76dx.workers.dev/e955a5c7-dc7e-4387-b1a0-ec1ce07d5822 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.209.83 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers date Tue, 02 Jan 2024 11:18:14 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DBrUnLRU4LlgeXdKP4PQFxbc1igTCg%2BoSMY7DGg2z3BqkejU1A1KqLsyr6SNI%2FP6isVkPjUYQApKRgrg4PjO7PBbaOHRk4LZhfDEJRmNGEnX6XO8Ib4rpCeyjrGfJCnLoz7HJd%2BM0JmZccoK%2FgRqHQjT"}],"group":"cf-nel","max_age":604800} content-type text/plain;charset=UTF-8 cf-ray 83f299a28b684bbb-BUF alt-svc h3=":443"; ma=86400 content-length 36
GET H2	500	js api.rename-service0.workers.dev/	0 0	30ms 28ms	Script text/plain	172.67.209.83 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.rename-service0.workers.dev/js?id=UA-1817027-45 Requested by Host: secure-mode-0f73.0k3d76dx.workers.dev URL: https://secure-mode-0f73.0k3d76dx.workers.dev/e955a5c7-dc7e-4387-b1a0-ec1ce07d5822 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.209.83 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers date Tue, 02 Jan 2024 11:18:14 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q5V8CY8Zr0SNEFteM448tbeNJ0UOG1x%2BFZTRFIhkMO36qOIFU%2FBQPtczN8BIiXV2s2j6WkpG88lb9ZM%2FkHjgyZOkkOGYMd2hjt5gFX28tdreFKpkk6MDAaqfrPrLklC4I4nIrZmrsW%2FVJyHXOr8ZN6DM"}],"group":"cf-nel","max_age":604800} content-type text/plain;charset=UTF-8 cf-ray 83f299a29b724bbb-BUF alt-svc h3=":443"; ma=86400 content-length 36
GET H2	500	jquery-3.5.1.min.js api.rename-service0.workers.dev/	0 0	31ms 30ms	Script text/plain	172.67.209.83 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.rename-service0.workers.dev/jquery-3.5.1.min.js Requested by Host: secure-mode-0f73.0k3d76dx.workers.dev URL: https://secure-mode-0f73.0k3d76dx.workers.dev/e955a5c7-dc7e-4387-b1a0-ec1ce07d5822 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.209.83 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers date Tue, 02 Jan 2024 11:18:14 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2rvZc%2BKehyGaJbkujwb0bBaGGfTCewTLW5%2BRLzshn9Ju%2F55HLNICIbrxXW7i3bxz151RQoocCIrOqNuVPcXzaattGihYEhVRizPKXk3imM9VAZcDA4xwS%2BYmm%2B6u4x37rZtQcUkGd762MlgVQJs9oiG7"}],"group":"cf-nel","max_age":604800} content-type text/plain;charset=UTF-8 cf-ray 83f299a29b734bbb-BUF alt-svc h3=":443"; ma=86400 content-length 36
GET H2	500	jquery-migrate-3.3.1.min.js api.rename-service0.workers.dev/	0 0	30ms 29ms	Script text/plain	172.67.209.83 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.rename-service0.workers.dev/jquery-migrate-3.3.1.min.js Requested by Host: secure-mode-0f73.0k3d76dx.workers.dev URL: https://secure-mode-0f73.0k3d76dx.workers.dev/e955a5c7-dc7e-4387-b1a0-ec1ce07d5822 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.209.83 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers date Tue, 02 Jan 2024 11:18:14 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BF7QSNLWNCuG578dJSj3uryeLQOlG3is8QFS%2BEBwuAbHxhgtX2REFRRsx%2B19EoGwzo42b2NelkyQGHDBE%2FX26l1%2Bmj5cwMNU%2BI93lwvJ7wl%2BT0mRnhhxX%2BRw1ECvzftPW1fAdTSg9zSp6R6x%2F6BvJ2Fy"}],"group":"cf-nel","max_age":604800} content-type text/plain;charset=UTF-8 cf-ray 83f299a29b744bbb-BUF alt-svc h3=":443"; ma=86400 content-length 36
GET H2	500	moment.min.js api.rename-service0.workers.dev/	0 0	32ms 31ms	Script text/plain	172.67.209.83 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.rename-service0.workers.dev/moment.min.js Requested by Host: secure-mode-0f73.0k3d76dx.workers.dev URL: https://secure-mode-0f73.0k3d76dx.workers.dev/e955a5c7-dc7e-4387-b1a0-ec1ce07d5822 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.209.83 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers date Tue, 02 Jan 2024 11:18:14 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K8wIziHXwGHJV827fcuuFiZN6ABrEcarvxD60IimdGuImKe6ewg8K8DZCLG3rUz9rGvj%2FTVlwjYNoBE00PnpdBJ3ylYJ0VtVok5BJnu04bhE5TAsJiwRqHVurYg%2BByQt74abFOIUtxZPtFZVq2Be39qo"}],"group":"cf-nel","max_age":604800} content-type text/plain;charset=UTF-8 cf-ray 83f299a29b764bbb-BUF alt-svc h3=":443"; ma=86400 content-length 36
GET H2	500	heagregauwe.png api.rename-service0.workers.dev/	36 B 36 B	30ms 29ms	Image text/plain	172.67.209.83 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://api.rename-service0.workers.dev/heagregauwe.png Requested by Host: secure-mode-0f73.0k3d76dx.workers.dev URL: https://secure-mode-0f73.0k3d76dx.workers.dev/e955a5c7-dc7e-4387-b1a0-ec1ce07d5822 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.209.83 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f59cd25938eafdfa23acc5e69625d1b31f6dde981ba835c700ed3dd3dc2474e2` Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Tue, 02 Jan 2024 11:18:14 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OO4CLILHsR624v%2FW3W0RcmP6nDXzDwhHKr762qIpsxPcrMK%2FJLnMJZ5tsjZnivaZYPSDNCCcANppduKCPudV06RxNhcRHu6YHfHyihlw3aXooWm9R8CEb7uSI8ZYad4RLyCA2YyWmC1P2Bk86gfkB%2FFu"}],"group":"cf-nel","max_age":604800} content-type text/plain;charset=UTF-8 cf-ray 83f299a35ba34bbb-BUF alt-svc h3=":443"; ma=86400 content-length 36
GET H2	500	css api.rename-service0.workers.dev/	0 0	36ms 33ms	Stylesheet text/plain	172.67.209.83 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.rename-service0.workers.dev/css?family=PT+Sans:400 Requested by Host: secure-mode-0f73.0k3d76dx.workers.dev URL: blob:https://secure-mode-0f73.0k3d76dx.workers.dev/f4610ab0-c824-4c4b-922b-3b13e9abb047 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.209.83 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Tue, 02 Jan 2024 11:18:14 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3nKhuXUu7L62PivorfWWES2epTECWy4JYD%2BREpBBjsM9qx25fIQQ2Cg1AUsY%2FCrojFIIZ43%2F0HKJb%2Fww%2BCtvMUMTEtaTQI%2FNElqL5lFZbWjpFmOJYASqMp5AvgjO8%2B%2BGJlhJT1KcMBsKQ84yTajPB0c7"}],"group":"cf-nel","max_age":604800} content-type text/plain;charset=UTF-8 cf-ray 83f299a36ba74bbb-BUF alt-svc h3=":443"; ma=86400 content-length 36
GET H2	500	css api.rename-service0.workers.dev/	0 0	32ms 30ms	Stylesheet text/plain	172.67.209.83 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.rename-service0.workers.dev/css?family=PT+Sans:700 Requested by Host: secure-mode-0f73.0k3d76dx.workers.dev URL: blob:https://secure-mode-0f73.0k3d76dx.workers.dev/f4610ab0-c824-4c4b-922b-3b13e9abb047 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.209.83 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Tue, 02 Jan 2024 11:18:14 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jHq6nzftXMlc1gdpLfWVeXNzuNbzcEzHlLiCCAydLalrs5R7GZ%2F5PyOkkGLbtTUQKhhutPQsARkivzugccHbK3MTjAEq6vfcUeuhGasN8EZD5pXa%2FjPJP0SId65KZHFdZKJ3BP%2BKGbjsuWfRWjg6p9Wg"}],"group":"cf-nel","max_age":604800} content-type text/plain;charset=UTF-8 cf-ray 83f299a36ba84bbb-BUF alt-svc h3=":443"; ma=86400 content-length 36
GET H2	500	css api.rename-service0.workers.dev/	0 0	37ms 35ms	Stylesheet text/plain	172.67.209.83 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.rename-service0.workers.dev/css?family=PT+Sans:400italic Requested by Host: secure-mode-0f73.0k3d76dx.workers.dev URL: blob:https://secure-mode-0f73.0k3d76dx.workers.dev/f4610ab0-c824-4c4b-922b-3b13e9abb047 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.209.83 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Tue, 02 Jan 2024 11:18:14 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gNR3IIYSQ8kJaiRuAHq1j%2BGybPRs%2FJ9SmAyqdLmAofT6%2BT6yzYp0CFX7456ju7%2BYElg%2FgQMamNjDOOvs4xOFxKikD00Ms9MiWceFo%2FR2bNsuqmD18HlOCndcPqVR5HOg%2BUaNv8rDnSvdGNTq%2FxxPPMEa"}],"group":"cf-nel","max_age":604800} content-type text/plain;charset=UTF-8 cf-ray 83f299a36ba94bbb-BUF alt-svc h3=":443"; ma=86400 content-length 36
GET H2	500	css api.rename-service0.workers.dev/	0 0	30ms 28ms	Stylesheet text/plain	172.67.209.83 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.rename-service0.workers.dev/css?family=PT+Sans:700italic Requested by Host: secure-mode-0f73.0k3d76dx.workers.dev URL: blob:https://secure-mode-0f73.0k3d76dx.workers.dev/f4610ab0-c824-4c4b-922b-3b13e9abb047 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.209.83 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Tue, 02 Jan 2024 11:18:14 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DOteRTSWFOfz0keXs5O3QlyCPK4jJMh89qXViSE42nwzL4tgHsRs3plDiomaUAOQJPrmXthE4%2F1s1kqvWIUTzFx%2B35E8uc4p8AiGSn4BpUa%2Fjg52LODe5aGDn9YmPbpwimIFm7VDaoDQyicUMq7vmIGj"}],"group":"cf-nel","max_age":604800} content-type text/plain;charset=UTF-8 cf-ray 83f299a36baa4bbb-BUF alt-svc h3=":443"; ma=86400 content-length 36
GET H2	500	font-1.2.css api.rename-service0.workers.dev/	0 0	34ms 32ms	Stylesheet text/plain	172.67.209.83 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.rename-service0.workers.dev/font-1.2.css Requested by Host: secure-mode-0f73.0k3d76dx.workers.dev URL: blob:https://secure-mode-0f73.0k3d76dx.workers.dev/f4610ab0-c824-4c4b-922b-3b13e9abb047 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.209.83 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Tue, 02 Jan 2024 11:18:14 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A53uQ6OkmQdp4BWZbpqPrDoEPCHCrFhoHVZ7IdiPAEGFj3Bng8Z5BxbA%2FjEfmqrew55JjWrNQJmVpBFqRTQAfgXmkNC4ie35cAZr0Fdla79XX%2BjsvKiOWrWKddRcb8uw21N6nJcRbFVzMYvV2Ntpnppq"}],"group":"cf-nel","max_age":604800} content-type text/plain;charset=UTF-8 cf-ray 83f299a36bab4bbb-BUF alt-svc h3=":443"; ma=86400 content-length 36
GET H2	500	redesign_fonts.css api.rename-service0.workers.dev/	0 0	32ms 30ms	Stylesheet text/plain	172.67.209.83 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.rename-service0.workers.dev/redesign_fonts.css Requested by Host: secure-mode-0f73.0k3d76dx.workers.dev URL: blob:https://secure-mode-0f73.0k3d76dx.workers.dev/f4610ab0-c824-4c4b-922b-3b13e9abb047 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.209.83 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Tue, 02 Jan 2024 11:18:14 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qK2pspIjeq4kU5Z%2BQWmAAecvGUbs%2BPkbpkup3A4RNUd8ZlrBx3aODpko4LmMW2hRWZNm1s8V0a31eU9%2FEte4LM21co3cJoCJJaD7zWjtvHHrayS0pC7qDNktcgpwySv71UcEip9sAP1UzC%2F0%2Bil4KB%2Bk"}],"group":"cf-nel","max_age":604800} content-type text/plain;charset=UTF-8 cf-ray 83f299a36bac4bbb-BUF alt-svc h3=":443"; ma=86400 content-length 36
GET H2	500	base_external.css api.rename-service0.workers.dev/	0 0	30ms 29ms	Stylesheet text/plain	172.67.209.83 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.rename-service0.workers.dev/base_external.css Requested by Host: secure-mode-0f73.0k3d76dx.workers.dev URL: blob:https://secure-mode-0f73.0k3d76dx.workers.dev/f4610ab0-c824-4c4b-922b-3b13e9abb047 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.209.83 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Tue, 02 Jan 2024 11:18:14 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sMHQ2bebopKeFctgMsUUbKB66FhGaMHvbptMhmAf37p2Znw4%2BqRtihOLmnE0q99Q1UHro%2BafZE9r3uY1s8WkOdiYCHqR5gSJ1nNaG7ghJw0gPL30wnyhf9ii5x8iVr5%2BtIhhcMJyVI9cG%2F8ZyxxVNZNo"}],"group":"cf-nel","max_age":604800} content-type text/plain;charset=UTF-8 cf-ray 83f299a36bad4bbb-BUF alt-svc h3=":443"; ma=86400 content-length 36
GET H2	500	166.css api.rename-service0.workers.dev/	0 0	32ms 31ms	Stylesheet text/plain	172.67.209.83 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.rename-service0.workers.dev/166.css Requested by Host: secure-mode-0f73.0k3d76dx.workers.dev URL: blob:https://secure-mode-0f73.0k3d76dx.workers.dev/f4610ab0-c824-4c4b-922b-3b13e9abb047 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.209.83 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Tue, 02 Jan 2024 11:18:14 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j4kMkdC8wy2v3XAg%2BoncSAsmxDcKkDahsE5lAm1yLN3RssB01w3zMsdLouNrUhH7SpAm5gbXIVcZt6hUJD%2FuVQuyOIIbdHR3yZkzp9lICRHtlA3Vd%2BAalzP94bxtOjmmBpF47GhjZRiA9ZCMZRFKxkSI"}],"group":"cf-nel","max_age":604800} content-type text/plain;charset=UTF-8 cf-ray 83f299a36bae4bbb-BUF alt-svc h3=":443"; ma=86400 content-length 36
GET H2	500	theme.css api.rename-service0.workers.dev/	0 0	35ms 34ms	Stylesheet text/plain	172.67.209.83 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.rename-service0.workers.dev/theme.css Requested by Host: secure-mode-0f73.0k3d76dx.workers.dev URL: blob:https://secure-mode-0f73.0k3d76dx.workers.dev/f4610ab0-c824-4c4b-922b-3b13e9abb047 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 172.67.209.83 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Tue, 02 Jan 2024 11:18:14 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8jH80B4z19K5U2sBTBss4WnbRRokzCg4Z0zfTiRDdOJe69cPi%2B5nkTE1Yk%2B3xKeQzbR9Z9oV3sT8dz8UmXuEdvp5ef3VhtmNxCZDFvjdjr7zCBxf9z3gWyWtC%2BaF6LONiw%2FS6I2DtbbMlElc%2Bq6KAh8t"}],"group":"cf-nel","max_age":604800} content-type text/plain;charset=UTF-8 cf-ray 83f299a36baf4bbb-BUF alt-svc h3=":443"; ma=86400 content-length 36

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: codesandbox.io
URL: https://codesandbox.io/api/v1/sandboxes/secure-mode-0f73/phishing

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Ourtime.com (Online)

101 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.codesandbox.io/	1969-12-31 23:59:59	Name: _cfuvid Value: JGM8.ou8XX4Z1VoWtS72AfBjTbdjuuHPzmMfWBjGKB8-1704194291920-0-604800000

23 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://secure-mode-0f73.0k3d76dx.workers.dev/e955a5c7-dc7e-4387-b1a0-ec1ce07d5822(Line 25) Message: Access to fetch at 'https://codesandbox.io/api/v1/sandboxes/secure-mode-0f73/phishing' from origin 'https://secure-mode-0f73.0k3d76dx.workers.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
network	error	URL: https://codesandbox.io/api/v1/sandboxes/secure-mode-0f73/phishing Message: Failed to load resource: net::ERR_FAILED
javascript	warning	(Line 1) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://api.rename-service0.workers.dev/otSDKStub.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	(Line 1) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://api.rename-service0.workers.dev/otSDKStub.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	(Line 1) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://api.rename-service0.workers.dev/js?id=UA-1817027-45, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	(Line 1) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://api.rename-service0.workers.dev/jquery-3.5.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	(Line 1) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://api.rename-service0.workers.dev/jquery-migrate-3.3.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	(Line 1) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://api.rename-service0.workers.dev/moment.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://api.rename-service0.workers.dev/otSDKStub.js Message: Failed to load resource: the server responded with a status of 500 ()
network	error	URL: https://api.rename-service0.workers.dev/js?id=UA-1817027-45 Message: Failed to load resource: the server responded with a status of 500 ()
network	error	URL: https://api.rename-service0.workers.dev/jquery-3.5.1.min.js Message: Failed to load resource: the server responded with a status of 500 ()
network	error	URL: https://api.rename-service0.workers.dev/jquery-migrate-3.3.1.min.js Message: Failed to load resource: the server responded with a status of 500 ()
network	error	URL: https://api.rename-service0.workers.dev/moment.min.js Message: Failed to load resource: the server responded with a status of 500 ()
network	error	URL: https://api.rename-service0.workers.dev/heagregauwe.png Message: Failed to load resource: the server responded with a status of 500 ()
network	error	URL: https://api.rename-service0.workers.dev/css?family=PT+Sans:700italic Message: Failed to load resource: the server responded with a status of 500 ()
network	error	URL: https://api.rename-service0.workers.dev/base_external.css Message: Failed to load resource: the server responded with a status of 500 ()
network	error	URL: https://api.rename-service0.workers.dev/css?family=PT+Sans:700 Message: Failed to load resource: the server responded with a status of 500 ()
network	error	URL: https://api.rename-service0.workers.dev/redesign_fonts.css Message: Failed to load resource: the server responded with a status of 500 ()
network	error	URL: https://api.rename-service0.workers.dev/166.css Message: Failed to load resource: the server responded with a status of 500 ()
network	error	URL: https://api.rename-service0.workers.dev/font-1.2.css Message: Failed to load resource: the server responded with a status of 500 ()
network	error	URL: https://api.rename-service0.workers.dev/css?family=PT+Sans:400 Message: Failed to load resource: the server responded with a status of 500 ()
network	error	URL: https://api.rename-service0.workers.dev/theme.css Message: Failed to load resource: the server responded with a status of 500 ()
network	error	URL: https://api.rename-service0.workers.dev/css?family=PT+Sans:400italic Message: Failed to load resource: the server responded with a status of 500 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.rename-service0.workers.dev
code.jquery.com
codesandbox.io
secure-mode-0f73.0k3d76dx.workers.dev
codesandbox.io

104.21.67.12
151.101.2.137
172.64.154.107
172.67.209.83
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
59f17efc9fc32fc73c0451ed936286b0e690dc43282472a9d70ab785c68d4c98
74850bad3411bc2540a6928159967088a555cb990e9569065a878e9e8a864830
8ac8b6e059665d05f7d6a65bb6a2ed1cdbf6178293370b20964fbb7c1dbdc737
f59cd25938eafdfa23acc5e69625d1b31f6dde981ba835c700ed3dd3dc2474e2

secure-mode-0f73.0k3d76dx.workers.dev Open in urlscan Pro 104.21.67.12 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

22 Requests

95 %HTTPS

0 %IPv6

3 Domains

4 Subdomains

6 IPs

2 Countries

1351 kBTransfer

12153 kBSize

1 Cookies

8 Outgoing links

Redirected requests

22 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

101 JavaScript Global Variables

1 Cookies

23 Console Messages

Indicators

secure-mode-0f73.0k3d76dx.workers.dev Open in urlscan Pro
104.21.67.12 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

22
Requests

95 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

6
IPs

2
Countries

1351 kB
Transfer

12153 kB
Size

1
Cookies

22 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!