muddy-union-b50e.saisaotrnrb2892.workers.dev Open in urlscan Pro
2606:4700:3035::6815:4f44  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
4 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H3	200	Primary Request / Show response muddy-union-b50e.saisaotrnrb2892.workers.dev/	3 MB 569 KB	374ms 338ms	Document text/html	2606:4700:3035::6815:4f44 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://muddy-union-b50e.saisaotrnrb2892.workers.dev/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:4f44 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 3a13c2f59c796c5a6ac56bea399b27d9a2b20df54a832f1c202d98a96d215945 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers alt-svc h3=":443"; ma=86400 cf-ray 893a842a4a7c1961-FRA content-encoding br content-type text/html;charset=UTF-8 date Fri, 14 Jun 2024 13:02:42 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QxPFue6%2BZtDLPnu0YxDQTcGRA%2BtrtICKlZJZazkX%2FJNZW0qGYEfmAKakrhULUbtkvaWPJOvCRigxPJRhOSMAeYJxwWaaD%2BFwBOaMjIaCsg%2FCnMGpw6dBbv%2BBaB82nMU24wGxYXdRxeq4E9iQ%2BjgHQyXeeKjWoS7crsvWbztL%2B%2F9MOF4sEM6m60HGLA%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H3	200	sse-hooks.7a01a0f7b828579aff40884fc77e13bc.js Show response codesandbox.io/public/sse-hooks/	172 KB 44 KB	57ms 28ms	Script application/javascript	2606:4700:4400::ac40:9a6b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://codesandbox.io/public/sse-hooks/sse-hooks.7a01a0f7b828579aff40884fc77e13bc.js Requested by Host: muddy-union-b50e.saisaotrnrb2892.workers.dev URL: https://muddy-union-b50e.saisaotrnrb2892.workers.dev/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:4400::ac40:9a6b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 7c6a569fb784b0325cb43340ff96072f6283d2dc904f8af1a047f69cdafe4c54 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://muddy-union-b50e.saisaotrnrb2892.workers.dev/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 14 Jun 2024 13:02:42 GMT content-encoding gzip via 1.1 google cf-cache-status HIT age 8017293 alt-svc h3=":443"; ma=86400 last-modified Wed, 28 Feb 2024 15:36:48 GMT server cloudflare etag W/"65df5310-2b1a3" vary Accept-Encoding access-control-allow-methods GET content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 cf-ray 893a842cabc53641-FRA expires Thu, 31 Dec 2037 23:55:55 GMT
GET H3	200	banner.d9cb10a38.js Show response codesandbox.io/static/js/	4 KB 2 KB	75ms 47ms	Script application/javascript	2606:4700:4400::ac40:9a6b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://codesandbox.io/static/js/banner.d9cb10a38.js Requested by Host: muddy-union-b50e.saisaotrnrb2892.workers.dev URL: https://muddy-union-b50e.saisaotrnrb2892.workers.dev/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:4400::ac40:9a6b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 74850bad3411bc2540a6928159967088a555cb990e9569065a878e9e8a864830 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://muddy-union-b50e.saisaotrnrb2892.workers.dev/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 14 Jun 2024 13:02:42 GMT content-encoding gzip via 1.1 google cf-cache-status HIT age 243104 alt-svc h3=":443"; ma=86400 last-modified Mon, 18 Mar 2024 11:14:01 GMT server cloudflare etag W/"65f821f9-efa" vary Accept-Encoding access-control-allow-methods GET content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 cf-ray 893a842cabc73641-FRA expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	jquery-3.4.1.min.js Show response code.jquery.com/	86 KB 30 KB	35ms 7ms	Script application/javascript	2a04:4e42:200::649 FASTLY
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.4.1.min.js Requested by Host: muddy-union-b50e.saisaotrnrb2892.workers.dev URL: https://muddy-union-b50e.saisaotrnrb2892.workers.dev/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://muddy-union-b50e.saisaotrnrb2892.workers.dev/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 14 Jun 2024 13:02:42 GMT content-encoding gzip via 1.1 varnish, 1.1 varnish age 10288659 x-cache HIT, HIT content-length 30638 x-served-by cache-lga21965-LGA, cache-fra-eddf8230136-FRA last-modified Fri, 18 Oct 1991 12:00:00 GMT server nginx x-timer S1718370163.660334,VS0,VE0 etag W/"28feccc0-15851" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=604800 accept-ranges bytes x-cache-hits 45, 398101
GET H3	200	watermark-button.eeb14a97b.js codesandbox.io/static/js/	3 KB 2 KB	44ms 29ms	Script application/javascript	2606:4700:4400::ac40:9a6b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://codesandbox.io/static/js/watermark-button.eeb14a97b.js Requested by Host: muddy-union-b50e.saisaotrnrb2892.workers.dev URL: https://muddy-union-b50e.saisaotrnrb2892.workers.dev/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:4400::ac40:9a6b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://muddy-union-b50e.saisaotrnrb2892.workers.dev/ Origin https://muddy-union-b50e.saisaotrnrb2892.workers.dev Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 14 Jun 2024 13:02:42 GMT content-encoding gzip via 1.1 google cf-cache-status HIT age 20366 alt-svc h3=":443"; ma=86400 last-modified Mon, 10 Jun 2024 15:06:23 GMT server cloudflare etag W/"6667166f-ac1" vary Accept-Encoding access-control-allow-methods GET content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 cf-ray 893a842cdb6503d0-FRA expires Thu, 31 Dec 2037 23:55:55 GMT
GET		phishing codesandbox.io/api/v1/sandboxes/muddy-union-b50e/	0 0
GET BLOB	200 OK	04533831-95b5-4268-9d95-2d464b146ab2 Show response https://muddy-union-b50e.saisaotrnrb2892.workers.dev/	2 MB 0		Document text/html
General Check archive.org Show headers Download Go to Full URL blob:https://muddy-union-b50e.saisaotrnrb2892.workers.dev/04533831-95b5-4268-9d95-2d464b146ab2 Requested by Host: muddy-union-b50e.saisaotrnrb2892.workers.dev URL: https://muddy-union-b50e.saisaotrnrb2892.workers.dev/ Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash d438c7c619f4cd22885df4b6ec265048fa584021bdd50b2e6757b8f41e48646b Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers Content-Length 2543986 Content-Type text/html
GET		favicon.ico muddy-union-b50e.saisaotrnrb2892.workers.dev/	0 0
GET H2	200	css fonts.googleapis.com/	0 0	32ms 32ms	Other text/css	2a00:1450:4001:800::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Open+Sans:600 Requested by Host: muddy-union-b50e.saisaotrnrb2892.workers.dev URL: https://muddy-union-b50e.saisaotrnrb2892.workers.dev/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 14 Jun 2024 13:02:43 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Fri, 14 Jun 2024 11:28:07 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Fri, 14 Jun 2024 13:02:43 GMT
GET H2	200	css fonts.googleapis.com/	6 KB 2 KB	41ms 17ms	Stylesheet text/css	2a00:1450:4001:800::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Open+Sans:600 Requested by Host: muddy-union-b50e.saisaotrnrb2892.workers.dev URL: https://muddy-union-b50e.saisaotrnrb2892.workers.dev/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash b4e544b010077ceacf159dfdf566b37d06f8ab3c151e9561720e392b8f1ea38e Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000 date Fri, 14 Jun 2024 13:02:43 GMT content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 x-xss-protection 0 last-modified Fri, 14 Jun 2024 11:28:07 GMT server ESF cross-origin-opener-policy same-origin-allow-popups x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Fri, 14 Jun 2024 13:02:43 GMT
GET H3	200	bootstrap.min.css maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/	141 KB 25 KB	41ms 24ms	Stylesheet text/css	2606:4700::6812:bcf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css Requested by Host: muddy-union-b50e.saisaotrnrb2892.workers.dev URL: https://muddy-union-b50e.saisaotrnrb2892.workers.dev/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer Origin https://muddy-union-b50e.saisaotrnrb2892.workers.dev Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Fri, 14 Jun 2024 13:02:43 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT cdn-edgestorageid 1048 strict-transport-security max-age=31536000; includeSubDomains; preload age 16047 cdn-cachedat 03/18/2024 12:51:41 cdn-pullzone 252412 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 last-modified Mon, 25 Jan 2021 22:04:04 GMT cdn-proxyver 1.04 cdn-requestpullcode 200 server cloudflare etag W/"450fc463b8b1a349df717056fbb3e078" vary Accept-Encoding content-type text/css; charset=utf-8 access-control-allow-origin * cdn-cache HIT cdn-uid b1941f61-b576-4f40-80de-5677acb38f74 cache-control public, max-age=31919000 cdn-requestid 61ee3d30a9bbf7054d95c84a3a71db7d timing-allow-origin * cdn-requestcountrycode DE cdn-status 200 cf-ray 893a84325a973a72-FRA cdn-requestpullsuccess True
GET H2	200	docx.png spoppe-b.azureedge.net/files/fabric-cdn-prod_20211104.001/assets/item-types/32_2x/	975 B 1 KB	149ms 18ms	Image image/png	2606:2800:133:206e:1315:22a5:2006:24fd EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://spoppe-b.azureedge.net/files/fabric-cdn-prod_20211104.001/assets/item-types/32_2x/docx.png Requested by Host: muddy-union-b50e.saisaotrnrb2892.workers.dev URL: https://muddy-union-b50e.saisaotrnrb2892.workers.dev/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2606:2800:133:206e:1315:22a5:2006:24fd , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECAcc (ama/48E0) / Resource Hash c98a51021441557bc974e25392d183705fbf3347345aa7e5adc7cae3ded0165a Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-ms-blob-type BlockBlob date Fri, 14 Jun 2024 13:02:43 GMT content-md5 bz9a6CCeQGty0fVxe1rznA== age 7104098 x-cache HIT content-length 975 x-ms-lease-status unlocked last-modified Thu, 04 Nov 2021 18:04:16 GMT server ECAcc (ama/48E0) etag 0x8D99FBD8407CB66 content-type image/png access-control-allow-origin * x-ms-request-id ea3b3ad1-d01e-0066-06be-7d64ff000000 access-control-expose-headers x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Content-Language,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding cache-control public, max-age=31536000 x-ms-version 2009-09-19 accept-ranges bytes
GET H2	200	jquery-3.2.1.slim.min.js Show response code.jquery.com/	68 KB 24 KB	26ms 7ms	Script application/javascript	2a04:4e42:200::649 FASTLY
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.2.1.slim.min.js Requested by Host: muddy-union-b50e.saisaotrnrb2892.workers.dev URL: https://muddy-union-b50e.saisaotrnrb2892.workers.dev/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash 9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Origin https://muddy-union-b50e.saisaotrnrb2892.workers.dev Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Referer sec-ch-ua-platform "Win32" Response headers date Fri, 14 Jun 2024 13:02:43 GMT content-encoding gzip via 1.1 varnish, 1.1 varnish age 3652784 x-cache HIT, HIT content-length 23856 x-served-by cache-lga21963-LGA, cache-fra-eddf8230119-FRA last-modified Fri, 18 Oct 1991 12:00:00 GMT server nginx x-timer S1718370164.582087,VS0,VE0 etag W/"28feccc0-10fdd" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=604800 accept-ranges bytes x-cache-hits 13, 96958
GET H3	200	popper.min.js Show response cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/	19 KB 7 KB	41ms 29ms	Script application/javascript	2606:4700::6811:180e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js Requested by Host: muddy-union-b50e.saisaotrnrb2892.workers.dev URL: https://muddy-union-b50e.saisaotrnrb2892.workers.dev/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Origin https://muddy-union-b50e.saisaotrnrb2892.workers.dev Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Referer sec-ch-ua-platform "Win32" Response headers date Fri, 14 Jun 2024 13:02:43 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=15780000 age 419031 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 6157 last-modified Mon, 04 May 2020 16:15:37 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb03fa9-4af4" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=COvLxYGSM7SkKdKEuVI55NJQwlXoQ4qPBGJ%2BakldJLQDScQ7FEs%2BB1tKUa5RJwTxiKFhHHQgm%2F83sa%2BkcSuzYRkv69odOHcJIp8mNAgJJiLoRrtbzdBSplI26hD18uOd5Q1JdhbOXMF5LNUOnoE5xmEW"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 accept-ranges bytes timing-allow-origin * cf-ray 893a84325e0d1ad4-FRA expires Wed, 04 Jun 2025 13:02:43 GMT
GET H3	200	bootstrap.min.js Show response maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/	48 KB 15 KB	47ms 32ms	Script application/javascript	2606:4700::6812:bcf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js Requested by Host: muddy-union-b50e.saisaotrnrb2892.workers.dev URL: https://muddy-union-b50e.saisaotrnrb2892.workers.dev/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Origin https://muddy-union-b50e.saisaotrnrb2892.workers.dev Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Referer sec-ch-ua-platform "Win32" Response headers date Fri, 14 Jun 2024 13:02:43 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT cdn-edgestorageid 1048 strict-transport-security max-age=31536000; includeSubDomains; preload age 20365 cdn-cachedat 03/18/2024 12:46:36 cdn-pullzone 252412 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 last-modified Mon, 25 Jan 2021 22:04:04 GMT cdn-proxyver 1.04 cdn-requestpullcode 200 server cloudflare etag W/"14d449eb8876fa55e1ef3c2cc52b0c17" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cdn-cache HIT cdn-uid b1941f61-b576-4f40-80de-5677acb38f74 cache-control public, max-age=31919000 cdn-requestid 60b4067fac07d28976674b7b423994b0 timing-allow-origin * cdn-requestcountrycode DE cdn-status 200 cf-ray 893a84326a993a72-FRA cdn-requestpullsuccess True
GET H2	200	jquery.min.js Show response ajax.googleapis.com/ajax/libs/jquery/2.2.4/	84 KB 30 KB	39ms 10ms	Script text/javascript	2a00:1450:4001:811::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js Requested by Host: muddy-union-b50e.saisaotrnrb2892.workers.dev URL: https://muddy-union-b50e.saisaotrnrb2892.workers.dev/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" sec-ch-ua-platform "Win32" Response headers date Fri, 14 Jun 2024 12:51:42 GMT content-encoding gzip x-content-type-options nosniff age 661 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 30028 x-xss-protection 0 last-modified Tue, 03 Mar 2020 19:15:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="hosted-libraries-pushers" vary Accept-Encoding report-to {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]} content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=2592000 accept-ranges bytes timing-allow-origin * expires Sat, 14 Jun 2025 12:51:42 GMT
GET H3	200	bootstrap.min.js Show response stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/	50 KB 16 KB	30ms 15ms	Script application/javascript	2606:4700::6812:bcf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js Requested by Host: muddy-union-b50e.saisaotrnrb2892.workers.dev URL: https://muddy-union-b50e.saisaotrnrb2892.workers.dev/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" sec-ch-ua-platform "Win32" Response headers date Fri, 14 Jun 2024 13:02:43 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status HIT cdn-edgestorageid 723 strict-transport-security max-age=31536000; includeSubDomains; preload age 8012496 cdn-cachedat 11/15/2021 23:30:00 cdn-pullzone 252412 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 last-modified Mon, 25 Jan 2021 22:04:06 GMT cdn-proxyver 1.0 cdn-requestpullcode 200 server cloudflare vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cdn-cache HIT cdn-uid b1941f61-b576-4f40-80de-5677acb38f74 cache-control public, max-age=31919000 cdn-requestid a35b0179a28ed953258d0fb41376a09c timing-allow-origin * cdn-requestcountrycode DE cdn-status 200 cf-ray 893a84325e4692a7-FRA cdn-requestpullsuccess True
GET DATA	200 OK	truncated /	20 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash cf5916e86bb18875db4e12ee5e799cce7b23bc1cd1ad721fb65d3879de629bec Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	3 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 825de044d5ac6442a094ff95099f9f67e9249a8110a2fbd57128285776632adb Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	4 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 274172358322c9b6f0ba6dcbb2e7723aaa4effb6d8b487887dde04004339a48f Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/jpeg
GET DATA	200 OK	truncated /	2 KB 2 KB		Font application/octet-stream
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 29b7a9358abdc68c51db5a5af4a4f4e2e041a67527adee2366b1f84f116fe9a5 Request headers Referer Origin https://muddy-union-b50e.saisaotrnrb2892.workers.dev Accept-Language de-DE,de;q=0.9;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type application/octet-stream

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

codesandbox.io

URL

https://codesandbox.io/api/v1/sandboxes/muddy-union-b50e/phishing

Domain

muddy-union-b50e.saisaotrnrb2892.workers.dev

URL

https://muddy-union-b50e.saisaotrnrb2892.workers.dev/favicon.ico

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online) Sharepoint (Online) Microsoft (Consumer)

141 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage string| s string| m function| $ function| jQuery function| Popper object| bootstrap function| llii6Y4Ca56nC1o2nfu6se6iiii function| LLLL6y4Ca56nC1o2nfu6se6lii function| llii6y4ca56nc1o2nfu6se6iiii object| xguboUF function| YBjcCv object| LhRsVqd number| i8tFJrR object| XCjoRQ string| E6vSzq string| h_RubAL string| THRkGin string| ovGYOK string| D5HKsc string| K_jjbw string| ZI7whp0 string| QrTU0j string| KWzL3Z string| dgvM7oq string| JxQmWSZ string| GEwuR9 string| Nhuj8Mm string| DgV7QoZ string| gcqPvS string| C37jjQ string| SR2gVyv string| iR8Jer string| e4vi652 string| CY4lYKH string| qSixlu string| dZAFumY string| wntmpox string| hIuORLW string| C7BG7vV string| fYjlVF string| AaaHMk string| IduMkUF string| sWfiAK string| kwkK6Gh string| ZWthC4t string| N0qNxV string| AzMnfE string| DPNXr2 string| zpUkKzB string| UYXj4ys string| R0xHSrC string| I9k4cNB string| IT9EOg string| _B3zXcM string| ftXGbf string| FnSwP1 string| pkAZJhU string| Xlyk0Z string| vIYKLui string| XOfAuwn string| wlOIcYU string| swDfhxF string| QTvTv1 string| McAkhw string| fE7ehD string| R24Kp4F string| GKSlHy string| uecCX0T string| jLbAsb string| mCsWiyX string| hZlKIi string| ywvgaB string| HVVCeQ string| bi23Ot string| GKYHcG string| OrN6qc string| C6HoXAp string| LWtKSx object| gDhvQ4I object| pT3LB8 object| H4E86HK object| htqMyaf function| d96jBWZ function| DfU6ig object| TWflAmF number| Xz04krG number| w4Vh8q number| o4lHgtC number| xlixL9 function| h5qLg8 string| RC052vS string| Q03wUG string| Rssi9dc string| f1O3yfN string| vhdCmd string| JNWN0C string| owj3Jsi string| gu5E7mM string| pP8Z7eV string| sYJrFx string| lHA9t_V string| Fk3X1r string| qIOtiga string| XaakF_ string| fq_IUy string| dUBpjq string| HMwUcJ string| _82RGa5 string| hbap50d string| jVjHuP string| Dh1_K4 string| AfNYbSu string| fWZ3LcL string| xJDtOm string| VQf9C8 string| ToUNhn_ string| Ll4Jusf string| CoamHk string| HAXEXxp string| tP1fwvu string| Y5hDblm string| n1ZqrXu string| CxQjnX string| vn4SZ9N string| q5tyhgp string| cZpRH8 undefined| p6bNhCf function| qQtUR7R function| UdPVJyu function| DRvlkW function| ltoz5SA function| llll6y4ca56nc1o2nfu6se6lli function| Ao9P1z function| j6iO6t function| bAwuJ9w function| rDBtrce function| llli6y4ca56nc1o2nfu6se6iiii function| iiii6y4ca56nc1o2nfu6se6iiii

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.codesandbox.io/	1969-12-31 23:59:59	Name: _cfuvid Value: VgCrjMBJYjV7enaUv6LC0dA3Cuihj69h9n0nQX2uHiI-1718370162684-0.0.1.1-604800000

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://muddy-union-b50e.saisaotrnrb2892.workers.dev/(Line 40) Message: Access to fetch at 'https://codesandbox.io/api/v1/sandboxes/muddy-union-b50e/phishing' from origin 'https://muddy-union-b50e.saisaotrnrb2892.workers.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
network	error	URL: https://codesandbox.io/api/v1/sandboxes/muddy-union-b50e/phishing Message: Failed to load resource: net::ERR_FAILED
javascript	warning	(Line 22) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-3.2.1.slim.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	(Line 22) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	(Line 22) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	(Line 22) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	(Line 22) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
cdnjs.cloudflare.com
code.jquery.com
codesandbox.io
fonts.googleapis.com
maxcdn.bootstrapcdn.com
muddy-union-b50e.saisaotrnrb2892.workers.dev
spoppe-b.azureedge.net
stackpath.bootstrapcdn.com
codesandbox.io
muddy-union-b50e.saisaotrnrb2892.workers.dev

2606:2800:133:206e:1315:22a5:2006:24fd
2606:4700:3035::6815:4f44
2606:4700:4400::ac40:9a6b
2606:4700::6811:180e
2606:4700::6812:bcf
2a00:1450:4001:800::200a
2a00:1450:4001:811::200a
2a04:4e42:200::649
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
274172358322c9b6f0ba6dcbb2e7723aaa4effb6d8b487887dde04004339a48f
29b7a9358abdc68c51db5a5af4a4f4e2e041a67527adee2366b1f84f116fe9a5
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
3a13c2f59c796c5a6ac56bea399b27d9a2b20df54a832f1c202d98a96d215945
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
74850bad3411bc2540a6928159967088a555cb990e9569065a878e9e8a864830
7c6a569fb784b0325cb43340ff96072f6283d2dc904f8af1a047f69cdafe4c54
825de044d5ac6442a094ff95099f9f67e9249a8110a2fbd57128285776632adb
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
b4e544b010077ceacf159dfdf566b37d06f8ab3c151e9561720e392b8f1ea38e
c98a51021441557bc974e25392d183705fbf3347345aa7e5adc7cae3ded0165a
cf5916e86bb18875db4e12ee5e799cce7b23bc1cd1ad721fb65d3879de629bec
d438c7c619f4cd22885df4b6ec265048fa584021bdd50b2e6757b8f41e48646b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b