urlscan.io logo urlscan.io
SecurityTrails logo

shiny-meadow-251e.nsiaammnvotrse5636.workers.dev Open in urlscan Pro
104.21.6.4  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://shiny-meadow-251e.nsiaammnvotrse5636.workers.dev/972ac4dd-a470-495e-ad25-f2eaa8e3cb2a
Submission: On January 23 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 2 countries across 4 domains to perform 25 HTTP transactions. The main IP is 104.21.6.4, located in and belongs to CLOUDFLARENET, US. The main domain is shiny-meadow-251e.nsiaammnvotrse5636.workers.dev.
TLS certificate: Issued by E1 on November 29th 2023. Valid for: 3 months.
This is the only time shiny-meadow-251e.nsiaammnvotrse5636.workers.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Ourtime.com (Online)

Domain & IP information

IP Address AS Autonomous System
1 104.21.6.4 13335 (CLOUDFLAR...)
3 104.18.33.149 13335 (CLOUDFLAR...)
1 151.101.2.137 54113 (FASTLY)
1 ()
15 104.21.77.153 13335 (CLOUDFLAR...)
1 142.251.40.163 15169 (GOOGLE)
25 7
1    104.21.6.4 (None, )

ASN13335 (CLOUDFLARENET, US)
shiny-meadow-251e.nsiaammnvotrse5636.workers.dev
3    104.18.33.149 (None, )

ASN13335 (CLOUDFLARENET, US)
codesandbox.io
1    151.101.2.137 (United States)

ASN54113 (FASTLY, US)
code.jquery.com
1    (None, )

ASN- ()
shiny-meadow-251e.nsiaammnvotrse5636.workers.dev
15    104.21.77.153 (None, )

ASN13335 (CLOUDFLARENET, US)
api.rename-service0.workers.dev
1    142.251.40.163 (United States)

ASN15169 (GOOGLE, US)
PTR: lga25s81-in-f3.1e100.net
fonts.gstatic.com
Apex Domain
Subdomains		 Transfer
17 workers.dev
shiny-meadow-251e.nsiaammnvotrse5636.workers.dev
api.rename-service0.workers.dev
571 KB
3 codesandbox.io
codesandbox.io — Cisco Umbrella Rank: 85741
48 KB
1 gstatic.com
fonts.gstatic.com
12 KB
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 760
30 KB
25 4
Domain Requested by
15 api.rename-service0.workers.dev shiny-meadow-251e.nsiaammnvotrse5636.workers.dev
api.rename-service0.workers.dev
3 codesandbox.io shiny-meadow-251e.nsiaammnvotrse5636.workers.dev
codesandbox.io
2 shiny-meadow-251e.nsiaammnvotrse5636.workers.dev shiny-meadow-251e.nsiaammnvotrse5636.workers.dev
1 fonts.gstatic.com api.rename-service0.workers.dev
1 code.jquery.com shiny-meadow-251e.nsiaammnvotrse5636.workers.dev
25 5
Subject Issuer Validity Valid
nsiaammnvotrse5636.workers.dev
E1		 2023-11-29 -
2024-02-27		 3 months crt.sh
codesandbox.io
E1		 2023-12-28 -
2024-03-27		 3 months crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2023-07-11 -
2024-07-14		 a year crt.sh
rename-service0.workers.dev
GTS CA 1P5		 2023-12-10 -
2024-03-09		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-12-11 -
2024-03-04		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://shiny-meadow-251e.nsiaammnvotrse5636.workers.dev/972ac4dd-a470-495e-ad25-f2eaa8e3cb2a
Frame ID: 98F1E00373BCC648A5E2600BA9550CFA
Requests: 25 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

OurTime.com - The 50+ Single Network

Detected technologies

Overall confidence: 100%
Detected patterns
  • moment(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • otSDKStub\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

25
Requests

88 %
HTTPS

0 %
IPv6

4
Domains

5
Subdomains

7
IPs

2
Countries

661 kB
Transfer

5605 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

25 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 972ac4dd-a470-495e-ad25-f2eaa8e3cb2a
shiny-meadow-251e.nsiaammnvotrse5636.workers.dev/ 		3 MB
462 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://shiny-meadow-251e.nsiaammnvotrse5636.workers.dev/972ac4dd-a470-495e-ad25-f2eaa8e3cb2a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.6.4 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2a4fb3a4ecfbcf10e3948c14e8a40520432b8676282a70a79dcb6b9f99157a7b

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-ray
849c63c8bc65db9a-LAX
content-encoding
br
content-type
text/html;charset=UTF-8
date
Tue, 23 Jan 2024 01:51:11 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2OKFv%2FnjzPEyxKUOnyyPJcWwwLgx%2BpTifdpQCL8dksPqmAExugNplKV4ECcfxQOEnI8ordgS3EkyeZbCwd%2FTvdbQ8hL073aIZmDSlxzKuBqLYRof4e4HzN4%2F4YLkRPjyhx0okgMPYwp%2B09Kx9tMzxIPOOzxrI8ibR44SYpaKMI0SX70%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
sse-hooks.350c89a8d06431c89209943b3882c89f.js
codesandbox.io/public/sse-hooks/ 		172 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://codesandbox.io/public/sse-hooks/sse-hooks.350c89a8d06431c89209943b3882c89f.js
Requested by
Host: shiny-meadow-251e.nsiaammnvotrse5636.workers.dev
URL: https://shiny-meadow-251e.nsiaammnvotrse5636.workers.dev/972ac4dd-a470-495e-ad25-f2eaa8e3cb2a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.33.149 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
https://shiny-meadow-251e.nsiaammnvotrse5636.workers.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 01:51:12 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
age
3939099
alt-svc
h3=":443"; ma=86400
last-modified
Fri, 08 Dec 2023 11:11:17 GMT
server
cloudflare
etag
W/"6572f9d5-2b197"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=315360000
cf-ray
849c63e41d8b5307-LAX
expires
Thu, 31 Dec 2037 23:55:55 GMT
banner.d9cb10a38.js
codesandbox.io/static/js/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://codesandbox.io/static/js/banner.d9cb10a38.js
Requested by
Host: shiny-meadow-251e.nsiaammnvotrse5636.workers.dev
URL: https://shiny-meadow-251e.nsiaammnvotrse5636.workers.dev/972ac4dd-a470-495e-ad25-f2eaa8e3cb2a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.33.149 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
74850bad3411bc2540a6928159967088a555cb990e9569065a878e9e8a864830

Request headers

accept-language
en-US,en;q=0.9
Referer
https://shiny-meadow-251e.nsiaammnvotrse5636.workers.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 01:51:12 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
age
4637171
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 27 Nov 2023 09:17:00 GMT
server
cloudflare
etag
W/"65645e8c-efa"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=315360000
cf-ray
849c63e41d8c5307-LAX
expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery-3.4.1.min.js
code.jquery.com/ 		86 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.4.1.min.js
Requested by
Host: shiny-meadow-251e.nsiaammnvotrse5636.workers.dev
URL: https://shiny-meadow-251e.nsiaammnvotrse5636.workers.dev/972ac4dd-a470-495e-ad25-f2eaa8e3cb2a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Request headers

accept-language
en-US,en;q=0.9
Referer
https://shiny-meadow-251e.nsiaammnvotrse5636.workers.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 01:51:12 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
1291754
x-cache
HIT, HIT
content-length
30638
x-served-by
cache-lga21923-LGA, cache-bur-kbur8200077-BUR
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1705974672.033309,VS0,VE0
etag
W/"28feccc0-15851"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
11, 59422
watermark-button.eeb14a97b.js
codesandbox.io/static/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://codesandbox.io/static/js/watermark-button.eeb14a97b.js
Requested by
Host: shiny-meadow-251e.nsiaammnvotrse5636.workers.dev
URL: https://shiny-meadow-251e.nsiaammnvotrse5636.workers.dev/972ac4dd-a470-495e-ad25-f2eaa8e3cb2a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.33.149 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://shiny-meadow-251e.nsiaammnvotrse5636.workers.dev/
Origin
https://shiny-meadow-251e.nsiaammnvotrse5636.workers.dev
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 01:51:12 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
age
260655
alt-svc
h3=":443"; ma=86400
last-modified
Fri, 08 Dec 2023 11:11:12 GMT
server
cloudflare
etag
W/"6572f9d0-ac1"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=315360000
cf-ray
849c63e67a147c3e-LAX
expires
Thu, 31 Dec 2037 23:55:55 GMT
phishing
codesandbox.io/api/v1/sandboxes/shiny-meadow-251e/ 		0
0
bc9fb69d-509a-494d-9237-6f684e590ab5
https://shiny-meadow-251e.nsiaammnvotrse5636.workers.dev/ 		2 MB
0 		Document
General
Check archive.org
Download Go to
Full URL
blob:https://shiny-meadow-251e.nsiaammnvotrse5636.workers.dev/bc9fb69d-509a-494d-9237-6f684e590ab5
Requested by
Host: shiny-meadow-251e.nsiaammnvotrse5636.workers.dev
URL: https://shiny-meadow-251e.nsiaammnvotrse5636.workers.dev/972ac4dd-a470-495e-ad25-f2eaa8e3cb2a
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
632d2e3168b1df83405b42e72c001e5842017ed5a0fb223f6ac13d6cc3b6a2f3

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Content-Length
2192706
Content-Type
text/html
otSDKStub.js
api.rename-service0.workers.dev/ 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.rename-service0.workers.dev/otSDKStub.js
Requested by
Host: shiny-meadow-251e.nsiaammnvotrse5636.workers.dev
URL: https://shiny-meadow-251e.nsiaammnvotrse5636.workers.dev/972ac4dd-a470-495e-ad25-f2eaa8e3cb2a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.77.153 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
11b947e74a7ba8f1d433b84ab7a719799ec0662a9035a8b4a2ab4d7d1eb2d681
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Tue, 23 Jan 2024 01:51:14 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
unsafe-url
server
cloudflare
etag
W/"otSDKStub.3b2ba3d591.js"
x-frame-options
DENY
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cp1G9gA%2B%2FwGbQAgizDbVYWnbl2Nnbhu8xTLqoESOGxZFr%2Bd5Tzj8okO4ukLTiKQLx4dqW2ADoaQQsORKX8T0vel6s0wFV7w%2FYmpswX7tn6QsmvCrigm68hX0bfcTeQ2jH%2FSHgmkjwBkKfrBXvyEhyAHt"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
feature-policy
none
cf-ray
849c63f22f6e2f5f-LAX
js
api.rename-service0.workers.dev/ 		94 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.rename-service0.workers.dev/js?id=UA-1817027-45
Requested by
Host: shiny-meadow-251e.nsiaammnvotrse5636.workers.dev
URL: https://shiny-meadow-251e.nsiaammnvotrse5636.workers.dev/972ac4dd-a470-495e-ad25-f2eaa8e3cb2a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.77.153 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2cfb61c5b4464a49bf1a1867ab3c06ad790468ab0d6b3dec415a5929b20dac85
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Tue, 23 Jan 2024 01:51:14 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
unsafe-url
server
cloudflare
etag
W/"js.28fa744248"
x-frame-options
DENY
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kw5fY9C%2FSmOl6wESuMNWXEYLwS4qsVb7y241C6fEqshQ634zyeHGtt6lBxUA0E8xkZCq0ii7m8OVfzTvqqHs9Eulchz7P%2FMFqw%2BJNmrchVo6BgZWTbob6%2Fl%2FFvGK8AVXY8Js82dkCL1gwpwCFVF9VQt%2F"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
feature-policy
none
cf-ray
849c63f23f752f5f-LAX
jquery-3.5.1.min.js
api.rename-service0.workers.dev/ 		87 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.rename-service0.workers.dev/jquery-3.5.1.min.js
Requested by
Host: shiny-meadow-251e.nsiaammnvotrse5636.workers.dev
URL: https://shiny-meadow-251e.nsiaammnvotrse5636.workers.dev/972ac4dd-a470-495e-ad25-f2eaa8e3cb2a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.77.153 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f36844906ad2309877aae3121b87fb15b9e09803cb4c333adc7e1e35ac92e14b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Tue, 23 Jan 2024 01:51:14 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
unsafe-url
server
cloudflare
etag
W/"jquery-3.5.1.min.76bb118f46.js"
x-frame-options
DENY
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qcPjfYwBmIa98rAe09h%2FFbBmDBXWEZAAEI2BXLV%2BIeTl475NDW%2BLDyUYtJVU%2FkWG058BWzM4HUMd4jfb8LWAAsS%2BCIM%2B%2FNuaelfRg9fPQbuUqVWeXltgFQ6nSnFzdzs83GZjTaYt1Ip9kBnVkVZUoNCA"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
feature-policy
none
cf-ray
849c63f23f712f5f-LAX
jquery-migrate-3.3.1.min.js
api.rename-service0.workers.dev/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.rename-service0.workers.dev/jquery-migrate-3.3.1.min.js
Requested by
Host: shiny-meadow-251e.nsiaammnvotrse5636.workers.dev
URL: https://shiny-meadow-251e.nsiaammnvotrse5636.workers.dev/972ac4dd-a470-495e-ad25-f2eaa8e3cb2a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.77.153 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
90a8d6a27a26f746b4b263102f4fe120e956d99e3789325aafc7d6b7ca0ff0e4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Tue, 23 Jan 2024 01:51:14 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
unsafe-url
server
cloudflare
etag
W/"jquery-migrate-3.3.1.min.4a9b3d1a73.js"
x-frame-options
DENY
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a8GWq2NmOL%2Bd7y3PI3Css44%2FgwSGBRLSrhng4aUotPCbwMrFvl1%2FHAFVZ60C4CF3HHfazCvA43z81Crh6WaeNfS8CK%2FPdW%2BXsQ1aXARVLuJgbxMk6iKnr5%2B73jOjAmc4j9jbpOBt2rSd3lgTvjB2HavT"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
feature-policy
none
cf-ray
849c63f23f7a2f5f-LAX
moment.min.js
api.rename-service0.workers.dev/ 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://api.rename-service0.workers.dev/moment.min.js
Requested by
Host: shiny-meadow-251e.nsiaammnvotrse5636.workers.dev
URL: https://shiny-meadow-251e.nsiaammnvotrse5636.workers.dev/972ac4dd-a470-495e-ad25-f2eaa8e3cb2a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.77.153 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5a52005e60e92f39a0744fe733d45496ad3769634edbbbc74df1267f9639f522
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Tue, 23 Jan 2024 01:51:14 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
unsafe-url
server
cloudflare
etag
W/"moment.min.7f22d534a7.js"
x-frame-options
DENY
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kzLtCyGX%2Bpox8Yn8eAC1z8dSfEejhGhEO%2BrnwYmd%2BHZLMkM%2FwhA68boWUYp78AJ31i1lMMgbgujpgJ94174zdUkyxk9nXFiLquJhz6PqVMhHX5f2N49GH%2FEYSAgedadVpcRMkkR2fYUvqZE2G5YbTlh9"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
feature-policy
none
cf-ray
849c63f23f772f5f-LAX
heagregauwe.png
api.rename-service0.workers.dev/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://api.rename-service0.workers.dev/heagregauwe.png
Requested by
Host: shiny-meadow-251e.nsiaammnvotrse5636.workers.dev
URL: https://shiny-meadow-251e.nsiaammnvotrse5636.workers.dev/972ac4dd-a470-495e-ad25-f2eaa8e3cb2a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.77.153 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7248b8c4a08b8a45d4add928a459a98f12d61c02f5a7886f14bec7084e8ffdcb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 01:51:14 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
content-length
1737
x-xss-protection
1; mode=block
referrer-policy
unsafe-url
server
cloudflare
etag
"heagregauwe.b2def557d4.png"
x-frame-options
DENY
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rhDv4%2Fr7rfwDaoJ9aKhCm%2B8%2BsaOnhwn2rTc2mcHfUZPWdrIRXcnCh%2BkMzCDycYJ6zLdd5PhSO1EeI35sauJPAaBUjzmkXsfb%2BXPEkhymNdtjX%2F%2FGkRrWrmVObtswsMRQXSCIp%2BxDNd619hxcik7%2FuWrM"}],"group":"cf-nel","max_age":604800}
content-type
image/png
vary
Accept-Encoding
feature-policy
none
accept-ranges
bytes
cf-ray
849c63f3ea052f5f-LAX
.json
api.rename-service0.workers.dev/otSDKStub.js/consent// 		0
0
css
api.rename-service0.workers.dev/ 		7 KB
982 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://api.rename-service0.workers.dev/css?family=PT+Sans:400
Requested by
Host: shiny-meadow-251e.nsiaammnvotrse5636.workers.dev
URL: blob:https://shiny-meadow-251e.nsiaammnvotrse5636.workers.dev/bc9fb69d-509a-494d-9237-6f684e590ab5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.77.153 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eb39af57479f04518b464a917a20921f9f25739ec733cba0e5f1d5b7315a4a57
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 01:51:14 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
unsafe-url
server
cloudflare
etag
W/"css.1da7928062"
x-frame-options
DENY
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1dbvT%2F%2FQgTyvPm1WUvgYi3oIOVhQJTnVzqbPzLbnB%2F%2FnTi6d3FH0RDW7QIYWrK%2BsnIPghcrkM23jtLU7uJECniYLHw4OLzaLoL%2Bj%2FT59zPF%2FnGJkFtJn0EQA9Yw3JTwyGAUR%2BVrR1f5SSXekMQm4xmP6"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
vary
Accept-Encoding
feature-policy
none
cf-ray
849c63f45a952f5f-LAX
css
api.rename-service0.workers.dev/ 		7 KB
983 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://api.rename-service0.workers.dev/css?family=PT+Sans:700
Requested by
Host: shiny-meadow-251e.nsiaammnvotrse5636.workers.dev
URL: blob:https://shiny-meadow-251e.nsiaammnvotrse5636.workers.dev/bc9fb69d-509a-494d-9237-6f684e590ab5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.77.153 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eb39af57479f04518b464a917a20921f9f25739ec733cba0e5f1d5b7315a4a57
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 01:51:14 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
unsafe-url
server
cloudflare
etag
W/"css.1da7928062"
x-frame-options
DENY
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=07AojacnIJl65OHSsSG9MXKNBYvElnIl2NrN1U%2Bn%2B2EVPdB0gOnnhi3Xx2uU3YYmrbAQIWS3PJTyiVGf5SuUNyKQ5karfyzpnUlVvLM6bCsReqU%2BeKl%2BUFNYEvrPEiEBv9MkJReFZmcYX4suTB3bAoUS"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
vary
Accept-Encoding
feature-policy
none
cf-ray
849c63f45a982f5f-LAX
css
api.rename-service0.workers.dev/ 		7 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://api.rename-service0.workers.dev/css?family=PT+Sans:400italic
Requested by
Host: shiny-meadow-251e.nsiaammnvotrse5636.workers.dev
URL: blob:https://shiny-meadow-251e.nsiaammnvotrse5636.workers.dev/bc9fb69d-509a-494d-9237-6f684e590ab5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.77.153 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eb39af57479f04518b464a917a20921f9f25739ec733cba0e5f1d5b7315a4a57
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 01:51:14 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
unsafe-url
server
cloudflare
etag
W/"css.1da7928062"
x-frame-options
DENY
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tUvbOSsPQ776OUihos%2BhOMAC%2FXQJqto4ZUFJ%2BgFatraZy6twC9NHLWUqB9xS24PsZ26QBALG3ZJSWQum9mQl16fK2maoVB3yY8UBpz1PLi9GhpWwXrhKc38oPxb7majTFzSSSdGwu1%2BKJ2g%2BUqsHwa0z"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
vary
Accept-Encoding
feature-policy
none
cf-ray
849c63f45a992f5f-LAX
css
api.rename-service0.workers.dev/ 		7 KB
1013 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://api.rename-service0.workers.dev/css?family=PT+Sans:700italic
Requested by
Host: shiny-meadow-251e.nsiaammnvotrse5636.workers.dev
URL: blob:https://shiny-meadow-251e.nsiaammnvotrse5636.workers.dev/bc9fb69d-509a-494d-9237-6f684e590ab5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.77.153 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eb39af57479f04518b464a917a20921f9f25739ec733cba0e5f1d5b7315a4a57
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 01:51:14 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
unsafe-url
server
cloudflare
etag
W/"css.1da7928062"
x-frame-options
DENY
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yIDRWuvKMxhCRXa7Fmt6bf5JltwNIYEg5NAjXv0JhSEdPudpsfyLdSA2ay9LP7PpKvKthBtpmk9dM5plJAp8QAfNEsvNU0NVd9LhK%2FqNBsqfzEJ45JBZsN6x2IwL3Xfa2ErHj8x7cJ7VQnTQGy%2FqtkAL"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
vary
Accept-Encoding
feature-policy
none
cf-ray
849c63f45a9b2f5f-LAX
font-1.2.css
api.rename-service0.workers.dev/ 		2 KB
590 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://api.rename-service0.workers.dev/font-1.2.css
Requested by
Host: shiny-meadow-251e.nsiaammnvotrse5636.workers.dev
URL: blob:https://shiny-meadow-251e.nsiaammnvotrse5636.workers.dev/bc9fb69d-509a-494d-9237-6f684e590ab5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.77.153 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2cdc08c78d317a7163dcdd852e85319c477d5272897a250d28e562f699f9d6e4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 01:51:14 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
unsafe-url
server
cloudflare
etag
W/"font-1.2.c193dd3ef6.css"
x-frame-options
DENY
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yAkPCYTgmSbYTKg2dzOxdGUHwoNZ%2FAG%2F06PJnRf43bwLVwXxllxAdg9YPavafeO9rktpUbAWwPT4W%2FZ0EwEFXIpwsRjCbwQWlNiQv8Aw9%2FSlW7vS1JlOc8zWr425ckRgeFvmRrTMyT4FxGg6wFlKYsVM"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
vary
Accept-Encoding
feature-policy
none
cf-ray
849c63f45a9d2f5f-LAX
redesign_fonts.css
api.rename-service0.workers.dev/ 		5 KB
744 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://api.rename-service0.workers.dev/redesign_fonts.css
Requested by
Host: shiny-meadow-251e.nsiaammnvotrse5636.workers.dev
URL: blob:https://shiny-meadow-251e.nsiaammnvotrse5636.workers.dev/bc9fb69d-509a-494d-9237-6f684e590ab5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.77.153 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cc15754d44e7ee5a41927be3ef6b902cae28014d57ae6f591eb576f221bd237c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 01:51:14 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
unsafe-url
server
cloudflare
etag
W/"redesign_fonts.ab1e65f9f5.css"
x-frame-options
DENY
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cYCwM9T06bo1CIk2XS17cJi9cmHcOIV%2BBi14T5gGez7hk1194I84bIcXrmtjNLsvgsPGOL7QVnUgazXMmfkn7z2zkmR%2BBWVClm9qwN1ksRsTy1Bb11oOPjt41XXjKC4beHVltQLnUYhunqa9sWsXHDmI"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
vary
Accept-Encoding
feature-policy
none
cf-ray
849c63f45a9e2f5f-LAX
base_external.css
api.rename-service0.workers.dev/ 		30 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://api.rename-service0.workers.dev/base_external.css
Requested by
Host: shiny-meadow-251e.nsiaammnvotrse5636.workers.dev
URL: blob:https://shiny-meadow-251e.nsiaammnvotrse5636.workers.dev/bc9fb69d-509a-494d-9237-6f684e590ab5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.77.153 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
891410621746b2ff6d1e4830eb0d819521c9b01e9e213257fcd4d2f554ff1a61
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 01:51:14 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
unsafe-url
server
cloudflare
etag
W/"base_external.4e102eeb51.css"
x-frame-options
DENY
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g8sRRPGZl2SHH33tw4EYVfUv%2BbcDhzNNBVTs00QD4MOIYBt4FwlGq%2FDWFhge0KuziAyigxRZ203Us0OgeKz2wOOQPaPcm2arpPTVFeiIslnbaC5t4qsMjxfHoTQY0SUX6HDlF9XL0bNuxOwT7h21NJ1S"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
vary
Accept-Encoding
feature-policy
none
cf-ray
849c63f45a9f2f5f-LAX
166.css
api.rename-service0.workers.dev/ 		428 B
541 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://api.rename-service0.workers.dev/166.css
Requested by
Host: shiny-meadow-251e.nsiaammnvotrse5636.workers.dev
URL: blob:https://shiny-meadow-251e.nsiaammnvotrse5636.workers.dev/bc9fb69d-509a-494d-9237-6f684e590ab5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.77.153 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0c98d3a9b8c08a5813b773e49994d1ada4cb43a72f655c71b8efa33dbacc3f60
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 01:51:14 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
unsafe-url
server
cloudflare
etag
W/"166.32916c6d57.css"
x-frame-options
DENY
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x5w0Crg2jDLve2x5y%2B5Y%2F5oE28oZU%2FWXe3EuKPdxVqM7pLOPlJmYV6pcQ4vu4kA%2BlU19ZYo6pknkQZbJ%2Fkvf571q70ZqhliwcrBJ9GQgeVs5AdJL%2FyylpybtXPnWzspK8H3kMNFx84q%2Bxkt%2BC2i8nP52"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
vary
Accept-Encoding
feature-policy
none
cf-ray
849c63f45aa02f5f-LAX
theme.css
api.rename-service0.workers.dev/ 		37 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://api.rename-service0.workers.dev/theme.css
Requested by
Host: shiny-meadow-251e.nsiaammnvotrse5636.workers.dev
URL: blob:https://shiny-meadow-251e.nsiaammnvotrse5636.workers.dev/bc9fb69d-509a-494d-9237-6f684e590ab5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.77.153 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
92023afd6feb8f5fe2ab0b2622ddae9e26d5027996df15fe0b33714c7f3dba37
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 01:51:14 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
unsafe-url
server
cloudflare
etag
W/"theme.5cf2c65f5e.css"
x-frame-options
DENY
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=shloIOumNv88bz1ldlORqjHKudLGkU5LYjf%2B1wIut1RfZHCuxG%2BNQOg2jsHM8%2BO4IJT6sjAtR6KOEglIELAEhfNCXLwuWlk%2FBtg0ggwXO1jV0TBW4c17G%2FpmchZ4PIDNJTe1j9KHXkoG6HYBBPXS550c"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
vary
Accept-Encoding
feature-policy
none
cf-ray
849c63f45aa22f5f-LAX
PTSans-Regular.ttf
api.rename-service0.workers.dev/PTSans/ 		0
0
jizaRExUiTo99u79D0KExcOPIDU.woff2
fonts.gstatic.com/s/ptsans/v16/ 		11 KB
12 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/ptsans/v16/jizaRExUiTo99u79D0KExcOPIDU.woff2
Requested by
Host: api.rename-service0.workers.dev
URL: https://api.rename-service0.workers.dev/css?family=PT+Sans:400
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.163 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f3.1e100.net
Software
sffe /
Resource Hash
1ce74486e1edf5e3a7f3d0235aff5fd17b7fa0c7832648ab170a516bb1b804a8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://api.rename-service0.workers.dev/css?family=PT+Sans:400
Origin
https://shiny-meadow-251e.nsiaammnvotrse5636.workers.dev
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Fri, 19 Jan 2024 13:45:15 GMT
x-content-type-options
nosniff
age
302763
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11340
x-xss-protection
0
last-modified
Wed, 26 Jan 2022 18:57:49 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 18 Jan 2025 13:45:15 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
codesandbox.io
URL
https://codesandbox.io/api/v1/sandboxes/shiny-meadow-251e/phishing
Domain
api.rename-service0.workers.dev
URL
https://api.rename-service0.workers.dev/otSDKStub.js/consent//.json
Domain
api.rename-service0.workers.dev
URL
https://api.rename-service0.workers.dev/PTSans/PTSans-Regular.ttf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Ourtime.com (Online)

109 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| s string| m object| OneTrustStub string| OnetrustActiveGroups string| OptanonActiveGroups object| dataLayer function| OptanonWrapper object| _gaq object| google_tag_manager undefined| $ function| jQuery function| $jq function| IiIi6Y4ca56nC1o2nfu6se6iiii function| llll6y4ca56nc1o2nfu6se6lii function| llll6y4ca56nc1o2nfu6se6iii function| llLi6Y4ca56nC1o2nfu6se6iiii string| j18az9 string| H37X9WG string| aBunBy string| eqzzOWc string| S9Ba0kc string| aBuqV4 string| VyZHlFN string| U7EMi2 string| rqMdWw object| rFh_Rs function| jemRCc object| FjP9LdL number| BpHFEn object| TDkaAL9 string| yExwbOU string| CrjGOh string| SQOwCBC string| nFMLsW string| TbE_Yf string| ZZwwSE string| qLWDlYV string| BSICmJ string| zuVobt string| y66uWi string| yzVgx5 string| Yl6kws string| C2Y2ZOE string| cUhUiUd string| py0cKkk string| zgKOSL string| tLfUnf string| k0fovSV string| jod0jQ string| wsu8Sc string| KDXOmU string| R8cbwJ string| sYiB59Q string| cH_g7g string| vWCdETx string| z2f0_i string| MGsS98 string| kPnfbGU string| hYH8clv string| TrIFXFp string| vmdQdR1 string| _b6kafV string| En4qB0 string| HZfemcG string| Nk7CkB string| tKEPsVD string| oHh_9KL string| Ftn6RW string| qQdOeI1 string| f4Ro4Z string| IQ1YCe5 string| kjNRzZ string| g4N73ou string| kiM0XMr string| sGOSq8 string| Gn_Kiy string| qyPEBlW string| _bNeyGB string| ylVQjnE string| OlTCdcj string| ocIGpY string| Rfh1V7T function| lllll6y4ca56nc1o2nfu6se6llll string| J_fljOY string| oJJ69as string| _yEkvt object| mobxmN object| xLs17M0 object| FQv2KG object| N9jUcd_ function| y0shMYU function| cV7eh8 undefined| cxrSLd_ string| _Ue5a7 string| p0BQ2N string| B392qKm string| qWCEdi undefined| pLWsXU4 function| NRJ7nx function| OxZ7hVP function| hzKIcBv function| GClCyl function| xyQTh2H function| ij6hQTy function| nlWYxU function| oBFXhKa function| llll6y4ca56nc1o2nfu6se6lli function| moment function| unlockPage

1 Cookies

Domain/Path Name / Value
.codesandbox.io/ Name: _cfuvid
Value: XosbWiOywaUkm8rjfF156ZBpWJ6Dr1wBNfiOaJ.o2lI-1705974672032-0-604800000

10 Console Messages

Source Level URL
Text
javascript warning (Line 22)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://api.rename-service0.workers.dev/otSDKStub.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning (Line 22)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://api.rename-service0.workers.dev/otSDKStub.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning (Line 22)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://api.rename-service0.workers.dev/js?id=UA-1817027-45, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning (Line 22)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://api.rename-service0.workers.dev/jquery-3.5.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning (Line 22)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://api.rename-service0.workers.dev/jquery-migrate-3.3.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning (Line 22)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://api.rename-service0.workers.dev/moment.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript error URL: blob:https://shiny-meadow-251e.nsiaammnvotrse5636.workers.dev/bc9fb69d-509a-494d-9237-6f684e590ab5(Line 2)
Message:
Access to XMLHttpRequest at 'https://api.rename-service0.workers.dev/otSDKStub.js/consent//.json' from origin 'https://shiny-meadow-251e.nsiaammnvotrse5636.workers.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://api.rename-service0.workers.dev/otSDKStub.js/consent//.json
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: blob:https://shiny-meadow-251e.nsiaammnvotrse5636.workers.dev/bc9fb69d-509a-494d-9237-6f684e590ab5
Message:
Access to font at 'https://api.rename-service0.workers.dev/PTSans/PTSans-Regular.ttf' from origin 'https://shiny-meadow-251e.nsiaammnvotrse5636.workers.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://api.rename-service0.workers.dev/PTSans/PTSans-Regular.ttf
Message:
Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.rename-service0.workers.dev
code.jquery.com
codesandbox.io
fonts.gstatic.com
shiny-meadow-251e.nsiaammnvotrse5636.workers.dev
api.rename-service0.workers.dev
codesandbox.io

104.18.33.149
104.21.6.4
104.21.77.153
142.251.40.163
151.101.2.137
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
0c98d3a9b8c08a5813b773e49994d1ada4cb43a72f655c71b8efa33dbacc3f60
11b947e74a7ba8f1d433b84ab7a719799ec0662a9035a8b4a2ab4d7d1eb2d681
1ce74486e1edf5e3a7f3d0235aff5fd17b7fa0c7832648ab170a516bb1b804a8
2a4fb3a4ecfbcf10e3948c14e8a40520432b8676282a70a79dcb6b9f99157a7b
2cdc08c78d317a7163dcdd852e85319c477d5272897a250d28e562f699f9d6e4
2cfb61c5b4464a49bf1a1867ab3c06ad790468ab0d6b3dec415a5929b20dac85
5a52005e60e92f39a0744fe733d45496ad3769634edbbbc74df1267f9639f522
632d2e3168b1df83405b42e72c001e5842017ed5a0fb223f6ac13d6cc3b6a2f3
7248b8c4a08b8a45d4add928a459a98f12d61c02f5a7886f14bec7084e8ffdcb
74850bad3411bc2540a6928159967088a555cb990e9569065a878e9e8a864830
891410621746b2ff6d1e4830eb0d819521c9b01e9e213257fcd4d2f554ff1a61
90a8d6a27a26f746b4b263102f4fe120e956d99e3789325aafc7d6b7ca0ff0e4
92023afd6feb8f5fe2ab0b2622ddae9e26d5027996df15fe0b33714c7f3dba37
cc15754d44e7ee5a41927be3ef6b902cae28014d57ae6f591eb576f221bd237c
eb39af57479f04518b464a917a20921f9f25739ec733cba0e5f1d5b7315a4a57
f36844906ad2309877aae3121b87fb15b9e09803cb4c333adc7e1e35ac92e14b