0202.472607582.workers.dev Open in urlscan Pro
2606:4700:3034::ac43:9558 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://0202.472607582.workers.dev/
Effective URL:
https://0202.472607582.workers.dev/?wid=1732975611828
Submission: On November 30 via automatic, source openphish (November 30th 2024, 2:06:55 pm UTC) — Scanned from DE

Summary HTTP 24 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 7 IPs in 4 countries across 6 domains to perform 24 HTTP transactions. The main IP is 2606:4700:3034::ac43:9558, located in United States and belongs to CLOUDFLARENET, US. The main domain is 0202.472607582.workers.dev.
TLS certificate: Issued by WE1 on November 14th 2024. Valid for: 3 months.

This is the only time 0202.472607582.workers.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 10	2606:4700:303... 2606:4700:3034::ac43:9558	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	163.181.131.212 163.181.131.212	24429 (TAOBAO Zh...) (TAOBAO Zhejiang Taobao Network Co.)
2	163.181.92.232 163.181.92.232	24429 (TAOBAO Zh...) (TAOBAO Zhejiang Taobao Network Co.)
1	221.204.14.187 221.204.14.187	4837 (CHINA169-...) (CHINA169-BACKBONE CHINA UNICOM China169 Backbone)
1	2408:8719:200... 2408:8719:2000:1:40::1d	4837 (CHINA169-...) (CHINA169-BACKBONE CHINA UNICOM China169 Backbone)
1	47.246.46.230 47.246.46.230	24429 (TAOBAO Zh...) (TAOBAO Zhejiang Taobao Network Co.)
24	7

10 2606:4700:3034::ac43:9558 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

0202.472607582.workers.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 163.181.131.212 (Frankfurt am Main, Germany)

ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN)

unpkg.byted-static.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 163.181.92.232 (Frankfurt am Main, Germany)

ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN)

lf3-short.ibytedapm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 221.204.14.187 (China)

ASN4837 (CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN)
PTR: 187.14.204.221.adsl-pool.sx.cn

mon.zijieapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2408:8719:2000:1:40::1d (China)

ASN4837 (CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN)

mon.zijieapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 47.246.46.230 (Milan, Italy)

ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN)

sf3-cdn-tos.douyinstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	workers.dev 1 redirects 0202.472607582.workers.dev	20 KB
2	zijieapi.com mon.zijieapi.com — Cisco Umbrella Rank: 24563	1022 B
2	ibytedapm.com lf3-short.ibytedapm.com — Cisco Umbrella Rank: 39985	26 KB
1	douyinstatic.com sf3-cdn-tos.douyinstatic.com — Cisco Umbrella Rank: 14238	9 KB
1	byted-static.com unpkg.byted-static.com — Cisco Umbrella Rank: 113129	27 KB
0	bytedance.com Failed ttwid.bytedance.com Failed
24	6

	Domain	Requested by
10	0202.472607582.workers.dev	1 redirects 0202.472607582.workers.dev
2	mon.zijieapi.com	lf3-short.ibytedapm.com
2	lf3-short.ibytedapm.com	0202.472607582.workers.dev lf3-short.ibytedapm.com
1	sf3-cdn-tos.douyinstatic.com
1	unpkg.byted-static.com	0202.472607582.workers.dev
0	ttwid.bytedance.com Failed	lf3-short.ibytedapm.com
24	6

This site contains links to these domains. Also see Links.

Domain
www.cloudflare.com

Subject Issuer	Validity	Valid
472607582.workers.dev WE1	`2024-11-14` - `2025-02-12`	3 months	crt.sh
*.byted-static.com RapidSSL TLS RSA CA G1	`2024-05-21` - `2025-05-21`	a year	crt.sh
*.ibytedapm.com RapidSSL TLS RSA CA G1	`2024-05-21` - `2025-05-21`	a year	crt.sh
*.zijieapi.com RapidSSL TLS RSA CA G1	`2024-05-21` - `2025-05-21`	a year	crt.sh
*.douyinstatic.com RapidSSL TLS RSA CA G1	`2024-05-21` - `2025-05-20`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://0202.472607582.workers.dev/?wid=1732975611828
Frame ID: 887BFE47744C481C557142677995D82C
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Suspected phishing site | Cloudflare

Page URL History Show full URLs

http://0202.472607582.workers.dev/ HTTP 307
https://0202.472607582.workers.dev/ Page URL
https://0202.472607582.workers.dev/cdn-cgi/phish-bypass?atok=4YPwr6sF0tPTj238_Ki8xLZT1qwjD7k0nPNfMXXQfhQ-173297... HTTP 301
https://0202.472607582.workers.dev/ Page URL
https://0202.472607582.workers.dev/?wid=1732975611828 Page URL

Page Statistics

24
Requests

63 %
HTTPS

33 %
IPv6

6
Domains

6
Subdomains

7
IPs

4
Countries

83 kB
Transfer

248 kB
Size

2
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://www.cloudflare.com/learning/access-management/phishing-attack/
Title: Learn More

Search URL Search Domain Scan URL

URL: https://www.cloudflare.com/5xx-error-landing
Title: Cloudflare

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://0202.472607582.workers.dev/ HTTP 307
https://0202.472607582.workers.dev/ Page URL
https://0202.472607582.workers.dev/cdn-cgi/phish-bypass?atok=4YPwr6sF0tPTj238_Ki8xLZT1qwjD7k0nPNfMXXQfhQ-1732975601-0.0.1.1-%2F HTTP 301
https://0202.472607582.workers.dev/ Page URL
https://0202.472607582.workers.dev/?wid=1732975611828 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://0202.472607582.workers.dev/ HTTP 307
https://0202.472607582.workers.dev/

Request Chain 4

https://0202.472607582.workers.dev/cdn-cgi/phish-bypass?atok=4YPwr6sF0tPTj238_Ki8xLZT1qwjD7k0nPNfMXXQfhQ-1732975601-0.0.1.1-%2F HTTP 301
https://0202.472607582.workers.dev/

24 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3

403

/ Show response
0202.472607582.workers.dev/
Redirect Chain

http://0202.472607582.workers.dev/
https://0202.472607582.workers.dev/

4 KB
2 KB

40ms
13ms

Document
text/html

2606:4700:3034::ac43:9558
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://0202.472607582.workers.dev/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3034::ac43:9558 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c4374f82e2265acc0bb808e016c2d99df1bb2c89344760643e25d9a9955c620

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cf-ray: 8eab6642892d912a-FRA
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sat, 30 Nov 2024 14:06:41 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wDGySaTpi6og1Ggpu1MJVSoxsDuwxLoVLhhD4WyJgOKePx5u6oPQgKsjaTNw6zvy7856tDtmm4EDtja3v3y1F90X9CRA%2FuPTb2r3wZs4IX%2B34k5S6YFLtfM2p34cjSi0QEw9HBQO9Dsv00Hk5R2JSoMLNjCwVZNRSw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

Redirect headers

Cross-Origin-Resource-Policy: Cross-Origin
Location: https://0202.472607582.workers.dev/
Non-Authoritative-Reason: HSTS

GET
H3 200 cf.errors.css
0202.472607582.workers.dev/cdn-cgi/styles/ 23 KB
5 KB 11ms
11ms Stylesheet
text/css 2606:4700:3034::ac43:9558
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://0202.472607582.workers.dev/cdn-cgi/styles/cf.errors.css

Requested by

Host: 0202.472607582.workers.dev
URL: https://0202.472607582.workers.dev/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3034::ac43:9558 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://0202.472607582.workers.dev/

Response headers

vary: Accept-Encoding
cache-control: max-age=7200, public
content-encoding: gzip
etag: W/"6740aa36-5df3"
x-content-type-options: nosniff
cf-ray: 8eab66429937912a-FRA
expires: Sat, 30 Nov 2024 16:06:41 GMT
date: Sat, 30 Nov 2024 14:06:41 GMT
content-type: text/css
last-modified: Fri, 22 Nov 2024 15:58:46 GMT
server: cloudflare
x-frame-options: DENY

GET
H3 200 icon-exclamation.png
0202.472607582.workers.dev/cdn-cgi/images/ 452 B
634 B 11ms
11ms Image
image/png 2606:4700:3034::ac43:9558
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://0202.472607582.workers.dev/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: 0202.472607582.workers.dev
URL: https://0202.472607582.workers.dev/cdn-cgi/styles/cf.errors.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3034::ac43:9558 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://0202.472607582.workers.dev/cdn-cgi/styles/cf.errors.css

Response headers

vary: Accept-Encoding
cache-control: max-age=7200, public
etag: "6740aa36-1c4"
x-content-type-options: nosniff
cf-ray: 8eab6642b93c912a-FRA
expires: Sat, 30 Nov 2024 16:06:41 GMT
accept-ranges: bytes
content-length: 452
date: Sat, 30 Nov 2024 14:06:41 GMT
content-type: image/png
last-modified: Fri, 22 Nov 2024 15:58:46 GMT
server: cloudflare
x-frame-options: DENY

GET
H3 403 favicon.ico
0202.472607582.workers.dev/ 4 KB
2 KB 14ms
13ms Other
text/html 2606:4700:3034::ac43:9558
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://0202.472607582.workers.dev/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3034::ac43:9558 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6d27af63a6156a58464b5c4c83325ca3daed1d1475b85d2030fcbfeb4e2a8176

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://0202.472607582.workers.dev/

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Sgy%2B5L6Fegkd%2BfDCPRp28X3mg6fKGiogFX%2B0tS%2BP%2FX06rjPE5spw1AwM7cHL0BaV0ANRoN1tO1BbEB6i9xzRBuMKFtNDGF7u03UrRbyIiMZaPOVqSdNIXUS3nXex3mIiFsmcDXuG%2BsIhvF4fbNb69thuRw6xpfTurA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8eab6642c950912a-FRA
date: Sat, 30 Nov 2024 14:06:41 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: cloudflare
x-frame-options: SAMEORIGIN

GET
H3

200

/ Show response
0202.472607582.workers.dev/
Redirect Chain

https://0202.472607582.workers.dev/cdn-cgi/phish-bypass?atok=4YPwr6sF0tPTj238_Ki8xLZT1qwjD7k0nPNfMXXQfhQ-1732975601-0.0.1.1-%2F
https://0202.472607582.workers.dev/

5 KB
6 KB

766ms
766ms

Document
text/html

2606:4700:3034::ac43:9558
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://0202.472607582.workers.dev/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3034::ac43:9558 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

23cfc8297a65d880a9fd2f36e055497b922a2e1c183fde8d66b94a4b74e6f7a3

Security Headers

Name	Value
Content-Security-Policy	script-src 'unsafe-eval' 'wasm-unsafe-eval' 'report-sample' 'strict-dynamic' 'nonce-XwyzW_0AUGvvvUBOhxzJK' .bytescm.com .bytednsdoc.com .ibytedapm.com .snssdk.com .yhgfb-cn-static.com .bytetos.com .byte-gslb.com .bytegoofy.com .bytecdn.cn .toutiaostatic.com;style-src 'self' 'unsafe-inline' .toutiaoimg.com .bdxiguaimg.com .bytescm.com .bytegoofy.com .douyinstatic.com .toutiao.com .toutiaostatic.com .bytedance.net cdn.bootcss.com;upgrade-insecure-requests;frame-ancestors 'self' .bytedance.net .snssdk.com shiqu.cn .shiqu.cn zhan.vivo.com wukong.vivo.com.cn .feishuapp.cn .toutiao.com .bytescm.com .jiyunhudong.com .bytedance.com *.feishu.cn;report-uri https://mon.zijieapi.com/log/sentry/v2/api/slardar/main/?ev_type=csp&bid=toutiao_web_pc;report-to main-endpoint
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://0202.472607582.workers.dev/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8eab66621e62912a-FRA
content-encoding: zstd
content-security-policy: script-src 'unsafe-eval' 'wasm-unsafe-eval' 'report-sample' 'strict-dynamic' 'nonce-XwyzW_0AUGvvvUBOhxzJK' *.bytescm.com *.bytednsdoc.com *.ibytedapm.com *.snssdk.com *.yhgfb-cn-static.com *.bytetos.com *.byte-gslb.com *.bytegoofy.com *.bytecdn.cn *.toutiaostatic.com;style-src 'self' 'unsafe-inline' *.toutiaoimg.com *.bdxiguaimg.com *.bytescm.com *.bytegoofy.com *.douyinstatic.com *.toutiao.com *.toutiaostatic.com *.bytedance.net cdn.bootcss.com;upgrade-insecure-requests;frame-ancestors 'self' *.bytedance.net *.snssdk.com shiqu.cn *.shiqu.cn zhan.vivo.com wukong.vivo.com.cn *.feishuapp.cn *.toutiao.com *.bytescm.com *.jiyunhudong.com *.bytedance.com *.feishu.cn;report-uri https://mon.zijieapi.com/log/sentry/v2/api/slardar/main/?ev_type=csp&bid=toutiao_web_pc;report-to main-endpoint
content-security-policy-report-only: script-src 'unsafe-eval' 'wasm-unsafe-eval' 'report-sample' 'strict-dynamic' 'nonce-XwyzW_0AUGvvvUBOhxzJK' *.bytescm.com *.bytednsdoc.com *.ibytedapm.com *.snssdk.com *.yhgfb-cn-static.com *.bytetos.com *.byte-gslb.com *.bytegoofy.com *.bytecdn.cn *.toutiaostatic.com;style-src 'self' 'unsafe-inline' *.toutiaoimg.com *.bdxiguaimg.com *.bytescm.com *.bytegoofy.com *.douyinstatic.com *.toutiao.com *.toutiaostatic.com *.bytedance.net cdn.bootcss.com;connect-src 'self' wss: ws: data: blob: http://localhost:* toutiao.govwza.cn *.bytedance.net *.bytedance.com *.snssdk.com *.toutiaostatic.com *.bytescm.com *.toutiao.com *.bytetcc.com *.zijieapi.com *.yhgfb-cn-static.com *.toutiaovod.com *.bytednsdoc.com *.ibytedapm.com *.bytedanceapi.com *.google-analytics.com *.douyinstatic.com *.douyinvod.com *.bytegoofy.com *.bytetos.com *.toutiaoimg.com *.huoshanstatic.com *.idouyinvod.com:* *.volcsiriusbd.com:* *.volcsirius.com:* *.tt.x.bsgslb.cn:* *.dy.zzcdnx.com:* *.qc.bsccdn.net:* *.smtcdns.com:* *.ugslb.com:* *.livehwc3.cn:* *.smtcdns.net:* *.bytefcdnrd.com:* *.ksyungslb.com:* *.ksyungslb2.com:* *.ourdvsss.com:* *.tbcache.com:* *.jomodns.com:* *.douyincdn.com:* *.ixigua.com:* *.bdxigualive.com:* *.pstatp.com:* *.douyinliving.com:* *.picovr.com:* *.huoshanlive.com:* *.ihuoshanlive.com:* *.volccdn.com:* *.bestv.com.cn:* *.bytefcdn.com:* *.qnqcdn.net:* *.jomoxc.com *.jomoxd.com *.a.bdycdn.cn *.hiecheimaetu.com:* *.ppio.cloud:* *.weilayun.com:* *.saxysec.com:* *.saxyit.com:* *.saxydc.com:* *.sjxysec.com:* *.sjxydc.com:* *.vegslb.com:*;upgrade-insecure-requests;frame-ancestors 'self' *.bytedance.net *.snssdk.com shiqu.cn *.shiqu.cn zhan.vivo.com wukong.vivo.com.cn *.feishuapp.cn *.toutiao.com *.bytescm.com *.jiyunhudong.com *.bytedance.com *.feishu.cn;report-uri https://mon.zijieapi.com/log/sentry/v2/api/slardar/main/?ev_type=csp&bid=toutiao_web_pc;report-to main-endpoint
content-type: text/html; charset=utf-8
date: Sat, 30 Nov 2024 14:06:46 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4PGJJn7YJu9T8AF7ngU%2BJ6dtwUwceYlXUEuWeCWKxOdETFGX7Vbpzvbtqwg3tjQazKPQ%2Fh%2FPaWpT%2Fzp1pyRM9NRYNoz9YJ622OoJwSGA0ypI4ucushOvsS0gT%2F8TtFWcRTNcNkRR1fZ86BjtGZHz%2B21gEgQ7%2BUi0bA%3D%3D"}],"group":"cf-nel","max_age":604800}
reporting-endpoints: main-endpoint="https://mon.zijieapi.com/monitor_browser/collect/batch/security/?bid=toutiao_web_pc", default="https://mon.zijieapi.com/monitor_browser/collect/batch/security/?bid=toutiao_web_pc"
server: cloudflare
server-timing: inner; dur=24,tt_agw; dur=22 cdn-cache; desc=MISS, edge; dur=0, origin; dur=674 cfL4;desc="?proto=QUIC&rtt=7991&min_rtt=5896&rtt_var=1466&sent=28&recv=21&lost=0&retrans=0&sent_bytes=14859&recv_bytes=6753&delivery_rate=915&cwnd=12000&unsent_bytes=0&cid=94a8803262460586&ts=5826&x=1" cfHdrFlush;dur=0
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-agw-info: m1llE9-gqKrqDjgtTBneMDkxOXarkkfEy7e0sqMVBz6vO7ZRWOz5ai0QmrGAeDKK8-ChleKHx-dQ2P58U-EnwB2P_F1N6ZIhlJOkVuglo1JTxlvQrpH1laL82F28OxfnE3yvlAj8dYfrTtl8DRbXQg9iieD8SWyunkQZ
x-akamai-request-id: 6209884
x-cache: TCP_MISS from a2-16-79-7.deploy.akamaitechnologies.com (AkamaiGHost/11.7.1-5564540792473a75b19a89fcf1e2a34b) (-)
x-content-type-options: nosniff
x-download-options: noopen
x-origin-response-time: 674,2.16.79.7
x-tt-agw-login: 0
x-tt-logid: 20241130220646C358463E1B7E8B832BB7
x-tt-trace-host: 01ae3485c412db67097a2fefa88ba0f97215f302ce29d38c1d2140c968427c9bf6a74d442bdbe1e59f68af3f197d3bab342f29a6d42a08dcd8834d3fdad01553f59b72998c2f1191380aacdb9f898eed2646115a825541d33d4dc9c1b70352b473ff40d90d638bdf18702ae72b4a90bcfa57d3fd23021eeb217dcb5136e7cbe509
x-tt-trace-id: 00-241130220646C358463E1B7E8B832BB7-41B603CE7F7BB94D-00
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-xss-protection: 1; mode=block

Redirect headers

cache-control: private, no-cache
cf-ray: 8eab66620e58912a-FRA
content-length: 167
content-type: text/html
date: Sat, 30 Nov 2024 14:06:46 GMT
location: https://0202.472607582.workers.dev/
server: cloudflare
x-content-type-options: nosniff
x-frame-options: DENY

GET
H2 200 index.umd.production.js Show response
unpkg.byted-static.com/byted-ucenter/ttwid-js/1.0.1/dist/ 102 KB
27 KB 3074ms
14ms Script
application/javascript 163.181.131.212
TAOBAO Zhejiang T...

General

Check archive.org

Show headers Download Go to

Full URL: https://unpkg.byted-static.com/byted-ucenter/ttwid-js/1.0.1/dist/index.umd.production.js
Requested by: Host: 0202.472607582.workers.dev
URL: https://0202.472607582.workers.dev/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 163.181.131.212 Frankfurt am Main, Germany, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN),
Reverse DNS
Software: Tengine /
Resource Hash: 8ca93806242fcf868f434ee49ae71ec7c72e86a8f946f42567a0746cd5b1491a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://0202.472607582.workers.dev/

Response headers

x-request-ip: fdbd:dc02:22:585::27
content-md5: tSH+3Yv8+H8EPSD59VGDlw==
x-bdcdn-cache-status: TCP_MISS
content-encoding: gzip
etag: W/"b521fedd8bfcf87f043d20f9f5518397"
age: 1091420
x-tos-request-id: 2b606d3a749d69e5673a749d-fdbdgdc01gbg615gg39-ad314c3
server-timing: cdn-cache;desc=HIT,edge;dur=2
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
date: Sun, 17 Nov 2024 22:56:29 GMT
x-kfc-cachekey: http://pinner-imgserver.byted.org/unpkg/byted-ucenter/ttwid-js/1.0.1/dist/index.umd.production.js
content-type: application/javascript
vary: Accept-Encoding
last-modified: Tue, 29 Mar 2022 14:33:02 GMT
x-tos-storage-class: STANDARD
x-tt-trace-host: 0129675677cfc08912a901477035ecc219dd6da43d832986bed20b12db8857651fff25bc01dd928a0cc57da7a0723aba4c8bab8069bd878fae6135586a317e36878f4c52eb10301238a3d490bac2de1d1b8c4bfb33fbb6b056763708a8ccbb937f
cache-control: max-age=3153600
x-swift-cachetime: 2575047
timing-allow-origin: *
x-tt-trace-tag: id=03;cdn-cache=hit;type=static
via: fdbd:dc01:2b:33a::25, ens-cache9.l2de3[0,0,206-0,H], ens-cache9.l2de3[3,0], ens-cache5.de7[0,0,200-0,H], ens-cache7.de7[2,0]
ali-swift-global-savetime: 1731884189
x-tos-response-time: Sun, 17 Nov 2024 22:56:29 GMT
x-swift-savetime: Sun, 24 Nov 2024 15:39:02 GMT
access-control-allow-origin: *
x-tt-trace-id: 00-241118065629F513F7E4BD48E90B3ADE-588BFB568229F6D6-00
eagleid: a3b5839b17329756099243377e
x-response-cache: edge_hit
server: Tengine
x-response-cinfo: fdbd:dc02:22:585::27
x-tt-logid: 20241118065629F513F7E4BD48E90B3ADE

GET
H2 200 browser.cn.js Show response
lf3-short.ibytedapm.com/slardar/fe/sdk-web/ 43 KB
16 KB 506ms
29ms Script
application/javascript 163.181.92.232
TAOBAO Zhejiang T...

General

Check archive.org

Show headers Download Go to

Full URL: https://lf3-short.ibytedapm.com/slardar/fe/sdk-web/browser.cn.js?bid=toutiao_web_pc&globalName=Slardar
Requested by: Host: 0202.472607582.workers.dev
URL: https://0202.472607582.workers.dev/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 163.181.92.232 Frankfurt am Main, Germany, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN),
Reverse DNS
Software: Tengine /
Resource Hash: 69ca6d77ca4dcceb2d2c4ab97718971aa6b0bb61c3d820089f1883b0c00cc8a4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://0202.472607582.workers.dev
Referer: https://0202.472607582.workers.dev/

Response headers

content-md5: BesFGkkvlNEDerGUqG2Mpw==
content-encoding: br
etag: W/"05eb051a492f94d1037ab194a86d8ca7"
age: 95
x-tos-request-id: 59ebb24b1b98b5f5674b1b98-a9b49cb
server-timing: cdn-cache;desc=HIT,edge;dur=6
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
content-type: application/javascript
last-modified: Thu, 21 Nov 2024 06:09:45 GMT
x-server: goofy
x-tt-trace-host: 01d983e8125b7cd33d4f1bea1e7d92975d2db550782417dbbbe9debcb1cd2bd5ee71574f11ac9ed68f68f681ea53e625ea08cfdf87c73437e53e9a3a6e2ebe0c881e1d222c980a99c817533b16325f6a29fa93433d2e2539152361c0e30d680135
cache-control: max-age=300
access-control-request-methods: OPTIONS, HEAD, GET
x-swift-cachetime: 300
ali-swift-global-savetime: 1732975512
x-swift-savetime: Sat, 30 Nov 2024 14:05:12 GMT
x-tt-trace-id: 00-2411302205122C45DDA4B99D4409B9FE-301868663D41163F-00
content-length: 15780
eagleid: a3b55c9c17329756073533199e
x-response-cache: edge_hit
server: Tengine
access-control-allow-methods: OPTIONS, HEAD, GET
date: Sat, 30 Nov 2024 14:05:12 GMT
x-tos-storage-class: STANDARD
vary: Accept-Encoding
timing-allow-origin: *
x-tt-trace-tag: id=03;cdn-cache=hit;type=static
via: ens-cache1.l2de3[0,0,304-0,H], ens-cache7.l2de3[1,0], ens-cache13.de5[0,-1,200-0,H], ens-cache8.de5[6,0]
x-tos-response-time: Sat, 30 Nov 2024 14:05:12 GMT
x-tos-hash-crc64ecma: 11649619949111119170
access-control-allow-origin: *
x-tt-logid: 202411302205122C45DDA4B99D4409B9FE

OPTIONS
H2 200 browser-settings
mon.zijieapi.com/monitor_web/settings/ 0
0 2890ms
190ms Preflight
application/json 221.204.14.187
CHINA169-BACKBONE...

General

Check archive.org

Show headers Download Go to

Full URL: https://mon.zijieapi.com/monitor_web/settings/browser-settings?bid=toutiao_web_pc&store=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 221.204.14.187 , China, ASN4837 (CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN),
Reverse DNS: 187.14.204.221.adsl-pool.sx.cn
Software: TLB /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://0202.472607582.workers.dev
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type
access-control-allow-origin: https://0202.472607582.workers.dev
access-control-max-age: 600
access-control-request-method: POST,GET,OPTIONS
cache-control: public, max-age=600
content-encoding: br
content-type: application/json; charset=utf-8
date: Sat, 30 Nov 2024 14:06:50 GMT
server: TLB
server-timing: inner; dur=12 cdn-cache;desc=miss, edge;dur=1, origin;dur=23
vary: Accept-Encoding Origin
x-tt-logid: 20241130220650529D2DD4BD0D8B0B909A
x-tt-trace-host: 01ca5754d83224ad6ee886f811f6500308b93648a5f76a31371d8c6c1c64ea8f40c87d00372ae0714d68b99745706249e54eea5e69868ef91bde182a2dfe4f44defc9492394a78a993507a1ef49a3e02e45d0aa8d0c982db6094c69fca0cc31001be15229389cc8e2745fa211a648fd13c
x-tt-trace-id: 00-241130220650529D2DD4BD0D8B0B909A-384B5AC93EE8AC4C-00
x-tt-trace-tag: id=11;cdn-cache=miss;type=dyn

GET
H2 200 browser-settings Show response
mon.zijieapi.com/monitor_web/settings/ 1 KB
1022 B 932ms
320ms XHR
application/json 2408:8719:2000:1:40::1d
CHINA169-BACKBONE...

General

Check archive.org

Show headers Download Go to

Full URL: https://mon.zijieapi.com/monitor_web/settings/browser-settings?bid=toutiao_web_pc&store=1
Requested by: Host: lf3-short.ibytedapm.com
URL: https://lf3-short.ibytedapm.com/slardar/fe/sdk-web/browser.cn.js?bid=toutiao_web_pc&globalName=Slardar
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2408:8719:2000:1:40::1d , China, ASN4837 (CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN),
Reverse DNS
Software: TLB /
Resource Hash: 8f7064f82072bd8e171dcc2f036764d3bad8a218e4b901328070619ef9212a83

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://0202.472607582.workers.dev/

Response headers

access-control-max-age: 600
content-encoding: br
access-control-request-method: POST,GET,OPTIONS
server-timing: inner; dur=9, cdn-cache;desc=miss, edge;dur=1, origin;dur=27
date: Sat, 30 Nov 2024 14:06:51 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding, Origin
x-tt-trace-host: 019d38162307117989349c819e78bb6d442c68bfe61dc9e287a86dec091109379e67e01472ab4206f4281b1b5350e26c62e48620f4da52e567e49ccf3d3e42ec74c98a3c25daa06352508c036bf7c4d6f45dbee5fb5129f8e26f12d97e6e10c1fc69ab59e2c297c2793769d603d29eb652
access-control-allow-headers: Content-Type
cache-control: public, max-age=600
x-tt-trace-tag: id=11;cdn-cache=miss;type=dyn
access-control-allow-credentials: true
access-control-allow-origin: https://0202.472607582.workers.dev
x-tt-trace-id: 00-241130220651CD155143AF460D402F68-21BAF46EA54B7D28-00
x-tt-logid: 20241130220651CD155143AF460D402F68
server: TLB

POST /
ttwid.bytedance.com/ttwid/union/register/ 0
0

GET
H2 200 common-monitors.1.14.1.js Show response
lf3-short.ibytedapm.com/slardar/fe/sdk-web/plugins/ 23 KB
10 KB 19ms
19ms Script
application/javascript 163.181.92.232
TAOBAO Zhejiang T...

General

Check archive.org

Show headers Download Go to

Full URL: https://lf3-short.ibytedapm.com/slardar/fe/sdk-web/plugins/common-monitors.1.14.1.js
Requested by: Host: lf3-short.ibytedapm.com
URL: https://lf3-short.ibytedapm.com/slardar/fe/sdk-web/browser.cn.js?bid=toutiao_web_pc&globalName=Slardar
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 163.181.92.232 Frankfurt am Main, Germany, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN),
Reverse DNS
Software: Tengine /
Resource Hash: 0fc080cd485b4e2f53ba8058bc21fb2d13e7aab8c1b933e16b2eab622b2ec1a6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://0202.472607582.workers.dev
Referer: https://0202.472607582.workers.dev/

Response headers

content-md5: PDIJt+aHotOQA8cqCpyxRA==
content-encoding: br
etag: W/"3c3209b7e687a2d39003c72a0a9cb144"
age: 139
x-tos-request-id: f9d8234b1b6e8581674b1b6e-a8c82a2
server-timing: cdn-cache;desc=HIT,edge;dur=1
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
content-type: application/javascript
last-modified: Thu, 21 Nov 2024 06:09:45 GMT
x-server: goofy
x-tt-trace-host: 013154b002d4a71cecd7f9b313613f0c6a07f1d3cfea195481a087639efc4d721fe091de77247faf04bbc08125d77fa25128abb5166ab2f2b5aa2bf61791566caac1fcde840a3b16795ff0a0298ead58119bfffab51832a039b22cc8085244cac2
cache-control: max-age=300
access-control-request-methods: OPTIONS, HEAD, GET
x-swift-cachetime: 300
ali-swift-global-savetime: 1732975470
x-swift-savetime: Sat, 30 Nov 2024 14:04:30 GMT
x-tt-trace-id: 00-24113022043017A1954DE475684CF362-23F68ED2484DD3C3-00
content-length: 9291
eagleid: a3b55c9c17329756099594763e
x-response-cache: edge_hit
server: Tengine
access-control-allow-methods: OPTIONS, HEAD, GET
date: Sat, 30 Nov 2024 14:04:30 GMT
x-tos-storage-class: STANDARD
vary: Accept-Encoding
timing-allow-origin: *
x-tt-trace-tag: id=03;cdn-cache=hit;type=static
via: ens-cache16.l2de3[242,243,304-0,M], ens-cache12.l2de3[245,0], ens-cache7.de5[0,0,200-0,H], ens-cache8.de5[1,0]
x-tos-response-time: Sat, 30 Nov 2024 14:04:30 GMT
x-tos-hash-crc64ecma: 1467762376278308747
access-control-allow-origin: *
x-tt-logid: 2024113022043017A1954DE475684CF362

GET
H2 200 toutiao_favicon.ico
sf3-cdn-tos.douyinstatic.com/obj/eden-cn/uhbfnupkbps/ 8 KB
9 KB 1005ms
31ms Other
image/vnd.microsoft.icon 47.246.46.230
TAOBAO Zhejiang T...

General

Check archive.org

Show headers Download Go to

Full URL: https://sf3-cdn-tos.douyinstatic.com/obj/eden-cn/uhbfnupkbps/toutiao_favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 47.246.46.230 Milan, Italy, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN),
Reverse DNS
Software: Tengine /
Resource Hash: dc7b9705741e9fbc9a1a201cdc29d5e4de01329d09403df0a537f3c9599e0f85

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://0202.472607582.workers.dev/

Response headers

x-request-ip: fdbd:dc02:19:483::163
content-md5: bSQP3ZBtDIvp/g12+a/ZIA==
x-bdcdn-cache-status: TCP_MISS
etag: "6d240fdd906d0c8be9fe0d76f9afd920"
age: 2353550
x-tos-request-id: 9d821227326c5b226727326c-a9e9124-a181885
server-timing: cdn-cache;desc=HIT,edge;dur=1
x-cache: HIT TCP_MEM_HIT dirn:-2:-2
content-type: image/vnd.microsoft.icon
last-modified: Fri, 13 May 2022 02:54:54 GMT
x-tt-trace-host: 016c2a5c2400a23658c2b8d4dc5655327d9d7f55aa6df742f3fc7194f60bcd4057e5b9088d97f57ce9e2fcf50444862c5c334609cd6227b39658e703838210183a97c6c9e91ba322259faaed99266185228b482c41dea2539c25a676faa28f574a
cache-control: max-age=2592000
x-swift-cachetime: 2591970
ali-swift-global-savetime: 1730622060
x-swift-savetime: Sun, 03 Nov 2024 08:21:30 GMT
accept-ranges: bytes
x-tt-trace-id: 00-241103162100D3F344566147AFB74714-3A71B65D450A64A8-00
content-length: 7888
eagleid: 2ff62ea117329756109317203e
x-response-cache: edge_hit
server: Tengine
x-response-cinfo: 138.199.38.134
access-control-allow-methods: GET, POST, OPTIONS, HEAD
date: Sun, 03 Nov 2024 08:21:00 GMT
x-kfc-cachekey: http://sf3-cdn-tos.douyinstatic.com/eden-cn/uhbfnupkbps/toutiao_favicon.ico
x-tos-storage-class: STANDARD
access-control-allow-headers: *
timing-allow-origin: *
x-tt-trace-tag: id=03;cdn-cache=hit;type=static
via: fdbd:dc02:d:590::20, ens-cache3.l2de3[0,0,304-0,H], ens-cache16.l2de3[1,0], ens-cache16.l2de3[2,0], ens-cache1.it4[0,0,200-0,H], ens-cache13.it4[1,0]
x-tos-response-time: Sun, 03 Nov 2024 08:21:00 GMT
access-control-allow-origin: *
x-tt-logid: 20241103162100D3F344566147AFB74714

POST /
ttwid.bytedance.com/ttwid/union/register/ 0
0

GET
H3 403 Primary Request / Show response
0202.472607582.workers.dev/ 4 KB
2 KB 12ms
12ms Document
text/html 2606:4700:3034::ac43:9558
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://0202.472607582.workers.dev/?wid=1732975611828

Requested by

Host: 0202.472607582.workers.dev
URL: https://0202.472607582.workers.dev/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3034::ac43:9558 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

912ca0955962c90fe7ca73b5f223e4555061407c7bff14130e88eac17a684407

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://0202.472607582.workers.dev/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cf-ray: 8eab6685fb2c912a-FRA
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sat, 30 Nov 2024 14:06:51 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4TB95sQ%2F7bQt%2FOT3UrysUcWGau1t3QElCB0ivpg2rhUiIW4xnT01M1LrZLGDF7QGctUiOJ4NHXYcE7ZsGiwMHj4T2W9Ia890Rew4vqLweETbVzZIzSwqNzRuajtbFdH0Kc%2FIRoz6BqOfOorX5k%2BgB1kOri%2F4rHhYBQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

POST /
mon.zijieapi.com/monitor_browser/collect/batch/ 0
0

GET
H3 200 cf.errors.css
0202.472607582.workers.dev/cdn-cgi/styles/ 23 KB
0 0ms
0ms Stylesheet
text/css 2606:4700:3034::ac43:9558
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://0202.472607582.workers.dev/cdn-cgi/styles/cf.errors.css

Requested by

Host: 0202.472607582.workers.dev
URL: https://0202.472607582.workers.dev/?wid=1732975611828

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3034::ac43:9558 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://0202.472607582.workers.dev/?wid=1732975611828

Response headers

vary: Accept-Encoding
cache-control: max-age=7200, public
content-encoding: gzip
etag: W/"6740aa36-5df3"
x-content-type-options: nosniff
cf-ray: 8eab66429937912a-FRA
expires: Sat, 30 Nov 2024 16:06:41 GMT
date: Sat, 30 Nov 2024 14:06:41 GMT
content-type: text/css
last-modified: Fri, 22 Nov 2024 15:58:46 GMT
server: cloudflare
x-frame-options: DENY

GET
H3 200 icon-exclamation.png
0202.472607582.workers.dev/cdn-cgi/images/ 452 B
0 0ms
0ms Image
image/png 2606:4700:3034::ac43:9558
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://0202.472607582.workers.dev/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: 0202.472607582.workers.dev
URL: https://0202.472607582.workers.dev/cdn-cgi/styles/cf.errors.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3034::ac43:9558 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://0202.472607582.workers.dev/cdn-cgi/styles/cf.errors.css

Response headers

vary: Accept-Encoding
cache-control: max-age=7200, public
etag: "6740aa36-1c4"
x-content-type-options: nosniff
cf-ray: 8eab6642b93c912a-FRA
expires: Sat, 30 Nov 2024 16:06:41 GMT
accept-ranges: bytes
content-length: 452
date: Sat, 30 Nov 2024 14:06:41 GMT
content-type: image/png
last-modified: Fri, 22 Nov 2024 15:58:46 GMT
server: cloudflare
x-frame-options: DENY

GET
H3 403 favicon.ico
0202.472607582.workers.dev/ 4 KB
2 KB 12ms
12ms Other
text/html 2606:4700:3034::ac43:9558
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://0202.472607582.workers.dev/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3034::ac43:9558 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8ef93c3cdaf8d2a3e363efe67a765f2bc4f8da042f8bc6d36ae40ff31507b273

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://0202.472607582.workers.dev/?wid=1732975611828

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TEeq%2F0wKACBcIQrFwjEor%2Bb1VwjU91wN5zX1EiFcJIlT%2B7Eib2r%2FeZ9JJewpFZhk98s7mGUtojiVBWxQ8ZzxZYGqVeikbiHTZ0iaFOcDC0mJJ8fYUTTcmzVc2UP74Kvh146SNv3bwKzS0lOwtR%2B4O3ZFkgmc0hgYJQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8eab66861b34912a-FRA
date: Sat, 30 Nov 2024 14:06:51 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: cloudflare
x-frame-options: SAMEORIGIN

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: ttwid.bytedance.com
URL: https://ttwid.bytedance.com/ttwid/union/register/

Domain: ttwid.bytedance.com
URL: https://ttwid.bytedance.com/ttwid/union/register/

Domain: ttwid.bytedance.com
URL: https://ttwid.bytedance.com/ttwid/union/register/

Domain: mon.zijieapi.com
URL: https://mon.zijieapi.com/monitor_browser/collect/batch/?biz_id=toutiao_web_pc

Domain: mon.zijieapi.com
URL: https://mon.zijieapi.com/monitor_browser/collect/batch/?biz_id=toutiao_web_pc

Domain: mon.zijieapi.com
URL: https://mon.zijieapi.com/monitor_browser/collect/batch/?biz_id=toutiao_web_pc

Domain: mon.zijieapi.com
URL: https://mon.zijieapi.com/monitor_browser/collect/batch/?biz_id=toutiao_web_pc

Domain: mon.zijieapi.com
URL: https://mon.zijieapi.com/monitor_browser/collect/batch/?biz_id=toutiao_web_pc

Domain: mon.zijieapi.com
URL: https://mon.zijieapi.com/monitor_browser/collect/batch/?biz_id=toutiao_web_pc

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| _cf_translation

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.0202.472607582.workers.dev/	1970-01-21 01:24:22	Name: __cf_mw_byp Value: 4YPwr6sF0tPTj238_Ki8xLZT1qwjD7k0nPNfMXXQfhQ-1732975601-0.0.1.1-/
			.bytedance.com/	1970-01-21 10:08:31	Name: ttwid Value: 1%7CB4GmP39VfuXBaQWHi1h0hUWWCayvZbYaHLt0dvzn9xk%7C1732975611%7C0b7195bc2c03c0217aef8e511badc6a1edda963c807f9b35b0125b357bffcb5a

11 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://0202.472607582.workers.dev/ Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://0202.472607582.workers.dev/favicon.ico Message: Failed to load resource: the server responded with a status of 403 ()
security	error	URL: https://0202.472607582.workers.dev/ Message: The Content Security Policy directive 'upgrade-insecure-requests' is ignored when delivered in a report-only policy.
javascript	error	URL: https://0202.472607582.workers.dev/ Message: Access to XMLHttpRequest at 'https://ttwid.bytedance.com/ttwid/union/register/' from origin 'https://0202.472607582.workers.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://ttwid.bytedance.com/ttwid/union/register/ Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://0202.472607582.workers.dev/ Message: Access to XMLHttpRequest at 'https://ttwid.bytedance.com/ttwid/union/register/' from origin 'https://0202.472607582.workers.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://ttwid.bytedance.com/ttwid/union/register/ Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://0202.472607582.workers.dev/ Message: Access to XMLHttpRequest at 'https://ttwid.bytedance.com/ttwid/union/register/' from origin 'https://0202.472607582.workers.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://ttwid.bytedance.com/ttwid/union/register/ Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://0202.472607582.workers.dev/?wid=1732975611828 Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://0202.472607582.workers.dev/favicon.ico Message: Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0202.472607582.workers.dev
lf3-short.ibytedapm.com
mon.zijieapi.com
sf3-cdn-tos.douyinstatic.com
ttwid.bytedance.com
unpkg.byted-static.com
mon.zijieapi.com
ttwid.bytedance.com
163.181.131.212
163.181.92.232
221.204.14.187
2408:8719:2000:1:40::1d
2606:4700:3034::ac43:9558
47.246.46.230
0fc080cd485b4e2f53ba8058bc21fb2d13e7aab8c1b933e16b2eab622b2ec1a6
23cfc8297a65d880a9fd2f36e055497b922a2e1c183fde8d66b94a4b74e6f7a3
5c4374f82e2265acc0bb808e016c2d99df1bb2c89344760643e25d9a9955c620
69ca6d77ca4dcceb2d2c4ab97718971aa6b0bb61c3d820089f1883b0c00cc8a4
6d27af63a6156a58464b5c4c83325ca3daed1d1475b85d2030fcbfeb4e2a8176
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
8ca93806242fcf868f434ee49ae71ec7c72e86a8f946f42567a0746cd5b1491a
8ef93c3cdaf8d2a3e363efe67a765f2bc4f8da042f8bc6d36ae40ff31507b273
8f7064f82072bd8e171dcc2f036764d3bad8a218e4b901328070619ef9212a83
912ca0955962c90fe7ca73b5f223e4555061407c7bff14130e88eac17a684407
dc7b9705741e9fbc9a1a201cdc29d5e4de01329d09403df0a537f3c9599e0f85
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

0202.472607582.workers.dev Open in urlscan Pro 2606:4700:3034::ac43:9558 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

24 Requests

63 %HTTPS

33 %IPv6

6 Domains

6 Subdomains

7 IPs

4 Countries

83 kBTransfer

248 kBSize

2 Cookies

2 Outgoing links

Page URL History

Redirected requests

24 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

2 Cookies

11 Console Messages

Security Headers

Indicators

0202.472607582.workers.dev Open in urlscan Pro
2606:4700:3034::ac43:9558 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

24
Requests

63 %
HTTPS

33 %
IPv6

6
Domains

6
Subdomains

7
IPs

4
Countries

83 kB
Transfer

248 kB
Size

2
Cookies

24 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!