wandering-bush-0eb4.walici1425.workers.dev Open in urlscan Pro
104.21.31.203  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H3	200	Primary Request / Show response wandering-bush-0eb4.walici1425.workers.dev/	24 KB 7 KB	81ms 43ms	Document text/html	104.21.31.203 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wandering-bush-0eb4.walici1425.workers.dev/ Protocol H3 Security QUIC, , AES_128_GCM Server 104.21.31.203 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 1591f3ae5405bec3a4e3e3ef1fdbc5ef9af87ff2348a5ac2a8346ddc645c43b8 Request headers Accept-Language en-CA,en;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers alt-svc h3=":443"; ma=86400 cf-ray 8925fe7ec849abae-YYZ content-encoding br content-type text/html;charset=UTF-8 date Wed, 12 Jun 2024 01:16:11 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9MTWo8WCwdJ%2Bb4neBDr%2FL925zouhutQhvdGtkUsa5WkACtEopbpQ38Ek%2FqxWgogCxJ%2BePJ4%2BCvjoEVk5UaPr2F6DlSZSrjownHr4SwqOYcN%2B2tvvK71yAy8u8Om9tOFGN0C4RqJlrtsJpMLqFU2zRK9w0XD5fYmxqMO5Iuo%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H2	200	wet%2Ffont-awesome.min.css firebasestorage.googleapis.com/v0/b/inst-gmal.appspot.com/o/	30 KB 31 KB	444ms 339ms	Stylesheet text/css	173.194.204.95 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://firebasestorage.googleapis.com/v0/b/inst-gmal.appspot.com/o/wet%2Ffont-awesome.min.css?alt=media&token=566ab116-1d7e-4562-9d62-ac2f950a5769&_gl=1*yz1unx*_ga*MTk2MzM1NzQ2OC4xNjYwNjA0MjY2*_ga_CW55HF8NVT*MTY5NjM4MDE4Ni4yNC4xLjE2OTYzODA1NTguNjAuMC4w Requested by Host: wandering-bush-0eb4.walici1425.workers.dev URL: https://wandering-bush-0eb4.walici1425.workers.dev/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 173.194.204.95 , United States, ASN15169 (GOOGLE, US), Reverse DNS qb-in-f95.1e100.net Software UploadServer / Resource Hash 799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://wandering-bush-0eb4.walici1425.workers.dev/ Accept-Language en-CA,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 12 Jun 2024 01:16:12 GMT x-guploader-uploadid ABPtcPp1w38QskKLkRuTJZ_icXcC65YNmcDR5vL61tSUH6RmOWzyE0bFpOhyZ47VgbpJ3Afmw9Y x-goog-storage-class STANDARD x-goog-metageneration 1 x-goog-stored-content-encoding identity content-disposition inline; filename*=utf-8''font-awesome.min.css alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 31000 last-modified Wed, 04 Oct 2023 00:44:49 GMT server UploadServer etag "269550530cc127b6aa5a35925a7de6ce" x-goog-generation 1696380289203027 content-type text/css x-goog-hash crc32c=xXYmoQ==, md5=JpVQUwzBJ7aqWjWSWn3mzg== cache-control private, max-age=0 x-goog-stored-content-length 31000 x-goog-meta-firebasestoragedownloadtokens 566ab116-1d7e-4562-9d62-ac2f950a5769 accept-ranges bytes expires Wed, 12 Jun 2024 01:16:12 GMT
GET H2	200	wet%2Fstyle.css firebasestorage.googleapis.com/v0/b/inst-gmal.appspot.com/o/	9 KB 9 KB	416ms 312ms	Stylesheet text/css	173.194.204.95 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://firebasestorage.googleapis.com/v0/b/inst-gmal.appspot.com/o/wet%2Fstyle.css?alt=media&token=19e751f1-5fc7-4bbc-89f7-31a9ec12880a&_gl=1*1bh9fmt*_ga*MTk2MzM1NzQ2OC4xNjYwNjA0MjY2*_ga_CW55HF8NVT*MTY5NjM4MDE4Ni4yNC4xLjE2OTYzODA1OTMuMjUuMC4w Requested by Host: wandering-bush-0eb4.walici1425.workers.dev URL: https://wandering-bush-0eb4.walici1425.workers.dev/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 173.194.204.95 , United States, ASN15169 (GOOGLE, US), Reverse DNS qb-in-f95.1e100.net Software UploadServer / Resource Hash 7f3dd3c5c2e305bfca480c3d1f64c4780f56e43a4514378ca60e33dd01ee1e4b Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://wandering-bush-0eb4.walici1425.workers.dev/ Accept-Language en-CA,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 12 Jun 2024 01:16:12 GMT x-guploader-uploadid ABPtcPqUT5VwPRiEDC5BUqQRHTuezOM2ePlBPx9HK8R6vUGpfZFR2ybn-QjaZlRsYUwQjw4DIIk x-goog-storage-class STANDARD x-goog-metageneration 1 x-goog-stored-content-encoding identity content-disposition inline; filename*=utf-8''style.css alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 8770 last-modified Wed, 04 Oct 2023 00:44:49 GMT server UploadServer etag "950060ec5d4f58a5b0110bf0c296ae4d" x-goog-generation 1696380289032915 content-type text/css x-goog-hash crc32c=XPywpw==, md5=lQBg7F1PWKWwEQvwwpauTQ== cache-control private, max-age=0 x-goog-stored-content-length 8770 x-goog-meta-firebasestoragedownloadtokens 19e751f1-5fc7-4bbc-89f7-31a9ec12880a accept-ranges bytes expires Wed, 12 Jun 2024 01:16:12 GMT
GET H2	200	wet%2Fform.min.css firebasestorage.googleapis.com/v0/b/inst-gmal.appspot.com/o/	10 KB 11 KB	462ms 358ms	Stylesheet text/css	173.194.204.95 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://firebasestorage.googleapis.com/v0/b/inst-gmal.appspot.com/o/wet%2Fform.min.css?alt=media&token=2a6647d8-437a-4a1b-88d3-af7d73475746&_gl=1*n4rssp*_ga*MTk2MzM1NzQ2OC4xNjYwNjA0MjY2*_ga_CW55HF8NVT*MTY5NjM4MDE4Ni4yNC4xLjE2OTYzODA1NzQuNDQuMC4w Requested by Host: wandering-bush-0eb4.walici1425.workers.dev URL: https://wandering-bush-0eb4.walici1425.workers.dev/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 173.194.204.95 , United States, ASN15169 (GOOGLE, US), Reverse DNS qb-in-f95.1e100.net Software UploadServer / Resource Hash 4145c2d9025418d78e3faf00ff88cfb9f829dff968a21984483a0479c9926653 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://wandering-bush-0eb4.walici1425.workers.dev/ Accept-Language en-CA,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 12 Jun 2024 01:16:12 GMT x-guploader-uploadid ABPtcPrEYuQhpLaYfXBu1KRmnxuWTTr2d70gn9z8k4BAIOWqtZhQQDIlLzfeCP_CGGxwM7D2jqU x-goog-storage-class STANDARD x-goog-metageneration 1 x-goog-stored-content-encoding identity content-disposition inline; filename*=utf-8''form.min.css alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 10554 last-modified Wed, 04 Oct 2023 00:44:48 GMT server UploadServer etag "e4d9a04d095e0ef4a6492413099bd64f" x-goog-generation 1696380288515380 content-type text/css x-goog-hash crc32c=LG7mzw==, md5=5NmgTQleDvSmSSQTCZvWTw== cache-control private, max-age=0 x-goog-stored-content-length 10554 x-goog-meta-firebasestoragedownloadtokens 2a6647d8-437a-4a1b-88d3-af7d73475746 accept-ranges bytes expires Wed, 12 Jun 2024 01:16:12 GMT
GET H2	200	jquery.min.js Show response ajax.googleapis.com/ajax/libs/jquery/2.2.4/	84 KB 30 KB	134ms 42ms	Script text/javascript	173.194.207.95 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js Requested by Host: wandering-bush-0eb4.walici1425.workers.dev URL: https://wandering-bush-0eb4.walici1425.workers.dev/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 173.194.207.95 , United States, ASN15169 (GOOGLE, US), Reverse DNS qk-in-f95.1e100.net Software sffe / Resource Hash 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://wandering-bush-0eb4.walici1425.workers.dev/ Accept-Language en-CA,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sun, 09 Jun 2024 21:20:47 GMT content-encoding gzip x-content-type-options nosniff age 186925 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 30028 x-xss-protection 0 last-modified Tue, 03 Mar 2020 19:15:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="hosted-libraries-pushers" vary Accept-Encoding report-to {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]} content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=2592000 accept-ranges bytes timing-allow-origin * expires Mon, 09 Jun 2025 21:20:47 GMT
GET H2	200	jquery-3.1.1.min.js Show response code.jquery.com/	85 KB 29 KB	62ms 17ms	Script application/javascript	151.101.130.137 FASTLY
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.1.1.min.js Requested by Host: wandering-bush-0eb4.walici1425.workers.dev URL: https://wandering-bush-0eb4.walici1425.workers.dev/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.130.137 San Francisco, United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash 85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://wandering-bush-0eb4.walici1425.workers.dev/ Accept-Language en-CA,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 12 Jun 2024 01:16:12 GMT content-encoding gzip via 1.1 varnish, 1.1 varnish age 23354372 x-cache HIT, HIT content-length 30070 x-served-by cache-lga21947-LGA, cache-yyz4577-YYZ last-modified Fri, 18 Oct 1991 12:00:00 GMT server nginx x-timer S1718154972.060689,VS0,VE0 etag W/"28feccc0-152b5" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=604800 accept-ranges bytes x-cache-hits 69, 8185
GET H2	200	jquery-3.3.1.js Show response code.jquery.com/	265 KB 79 KB	61ms 17ms	Script application/javascript	151.101.130.137 FASTLY
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.3.1.js Requested by Host: wandering-bush-0eb4.walici1425.workers.dev URL: https://wandering-bush-0eb4.walici1425.workers.dev/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.130.137 San Francisco, United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash d8aa24ecc6cecb1a60515bc093f1c9da38a0392612d9ab8ae0f7f36e6eee1fad Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://wandering-bush-0eb4.walici1425.workers.dev/ Accept-Language en-CA,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 12 Jun 2024 01:16:12 GMT content-encoding gzip via 1.1 varnish, 1.1 varnish age 23352770 x-cache HIT, HIT content-length 80268 x-served-by cache-lga21980-LGA, cache-yyz4577-YYZ last-modified Fri, 18 Oct 1991 12:00:00 GMT server nginx x-timer S1718154972.060703,VS0,VE0 etag W/"28feccc0-42587" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=604800 accept-ranges bytes x-cache-hits 10711, 5848
GET H2	200	wet%2Flogo2.png firebasestorage.googleapis.com/v0/b/inst-gmal.appspot.com/o/	2 KB 2 KB	460ms 357ms	Image image/png	173.194.204.95 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://firebasestorage.googleapis.com/v0/b/inst-gmal.appspot.com/o/wet%2Flogo2.png?alt=media&token=f365314e-14b1-4e6a-bf8d-4b1bdca2a3a5&_gl=1*1exvfa9*_ga*MTk2MzM1NzQ2OC4xNjYwNjA0MjY2*_ga_CW55HF8NVT*MTY5NjM4MDE4Ni4yNC4xLjE2OTYzODA2MzAuNjAuMC4w Requested by Host: wandering-bush-0eb4.walici1425.workers.dev URL: https://wandering-bush-0eb4.walici1425.workers.dev/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 173.194.204.95 , United States, ASN15169 (GOOGLE, US), Reverse DNS qb-in-f95.1e100.net Software UploadServer / Resource Hash 70082a7cc390868b292ae6f945ff423a39ba1fd12654d25e75b0af360995da2c Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://wandering-bush-0eb4.walici1425.workers.dev/ Accept-Language en-CA,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 12 Jun 2024 01:16:12 GMT x-guploader-uploadid ABPtcPpVe6vYSox08ahAYLRqrcT0v3FTwTQG9o7zFr2e3pSkxhhhyarlGPE0mfFzHh3wkNdX4X8 x-goog-storage-class STANDARD x-goog-metageneration 1 x-goog-stored-content-encoding identity content-disposition inline; filename*=utf-8''logo2.png alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 1843 last-modified Wed, 04 Oct 2023 00:44:58 GMT server UploadServer etag "52880984256fab6c33992e2d5d9d95db" x-goog-generation 1696380298717062 content-type image/png x-goog-hash crc32c=RzabpA==, md5=UogJhCVvq2wzmS4tXZ2V2w== cache-control private, max-age=0 x-goog-stored-content-length 1843 x-goog-meta-firebasestoragedownloadtokens f365314e-14b1-4e6a-bf8d-4b1bdca2a3a5 accept-ranges bytes expires Wed, 12 Jun 2024 01:16:12 GMT
GET H2	200	wet%2Flogo.png firebasestorage.googleapis.com/v0/b/inst-gmal.appspot.com/o/	8 KB 8 KB	469ms 366ms	Image image/png	173.194.204.95 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://firebasestorage.googleapis.com/v0/b/inst-gmal.appspot.com/o/wet%2Flogo.png?alt=media&token=bb02e628-2596-49d8-b1fd-fb1637362cd0&_gl=1*109o9xw*_ga*MTk2MzM1NzQ2OC4xNjYwNjA0MjY2*_ga_CW55HF8NVT*MTY5NjM4MDE4Ni4yNC4xLjE2OTYzODA2NzMuMTcuMC4w Requested by Host: wandering-bush-0eb4.walici1425.workers.dev URL: https://wandering-bush-0eb4.walici1425.workers.dev/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 173.194.204.95 , United States, ASN15169 (GOOGLE, US), Reverse DNS qb-in-f95.1e100.net Software UploadServer / Resource Hash 72d11555972a6f3b75c19057d0fb0013ea2bb592b6a011e79ed87afcbd2bbfe6 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://wandering-bush-0eb4.walici1425.workers.dev/ Accept-Language en-CA,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 12 Jun 2024 01:16:12 GMT x-guploader-uploadid ABPtcPotiJE2oacAl4fGzYdUkwVmqhIy0q0vbtH6Ec0P8idmiseX_NGdg_j4FDu39B2cn38yXMs x-goog-storage-class STANDARD x-goog-metageneration 1 x-goog-stored-content-encoding identity content-disposition inline; filename*=utf-8''logo.png alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 8007 last-modified Wed, 04 Oct 2023 00:44:58 GMT server UploadServer etag "7d95537aeab6448757c1652cf3d0cff6" x-goog-generation 1696380298316791 content-type image/png x-goog-hash crc32c=VqLL6Q==, md5=fZVTeuq2RIdXwWUs89DP9g== cache-control private, max-age=0 x-goog-stored-content-length 8007 x-goog-meta-firebasestoragedownloadtokens bb02e628-2596-49d8-b1fd-fb1637362cd0 accept-ranges bytes expires Wed, 12 Jun 2024 01:16:12 GMT
GET H3	200	popper.min.js Show response cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/	19 KB 7 KB	57ms 28ms	Script application/javascript	104.17.24.14 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js Requested by Host: wandering-bush-0eb4.walici1425.workers.dev URL: https://wandering-bush-0eb4.walici1425.workers.dev/ Protocol H3 Security QUIC, , AES_128_GCM Server 104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://wandering-bush-0eb4.walici1425.workers.dev/ Accept-Language en-CA,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 12 Jun 2024 01:16:12 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=15780000 age 1140560 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 6157 last-modified Mon, 04 May 2020 16:15:37 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb03fa9-4af4" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O6dlUNiv3bK6Pby%2F%2Bq%2BjMMhLR1ScqeQcjJjzFYpnqVDHJEc5eiy4iKfLdGOA3p48%2B6KPVZCHMtD1xXy9WAfN6UFPpNV5n%2BeCNy1VxpUF9RVO%2FSI8lsAaEoLuuoWFtXcTdvQidw8u"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 accept-ranges bytes timing-allow-origin * cf-ray 8925fe822c0954c7-YYZ expires Mon, 02 Jun 2025 01:16:12 GMT
GET H3	200	bootstrap.min.js Show response maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/	48 KB 15 KB	56ms 30ms	Script application/javascript	104.18.10.207 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js Requested by Host: wandering-bush-0eb4.walici1425.workers.dev URL: https://wandering-bush-0eb4.walici1425.workers.dev/ Protocol H3 Security QUIC, , AES_128_GCM Server 104.18.10.207 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://wandering-bush-0eb4.walici1425.workers.dev/ Accept-Language en-CA,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 12 Jun 2024 01:16:12 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status HIT cdn-edgestorageid 845 strict-transport-security max-age=31536000; includeSubDomains; preload age 9012292 cdn-cachedat 10/31/2023 18:51:41 cdn-pullzone 252412 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 last-modified Mon, 25 Jan 2021 22:04:04 GMT cdn-proxyver 1.04 cdn-requestpullcode 200 server cloudflare etag W/"14d449eb8876fa55e1ef3c2cc52b0c17" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cdn-cache HIT cdn-uid b1941f61-b576-4f40-80de-5677acb38f74 cache-control public, max-age=31919000 cdn-requestid 6d508af260410c2c2a36e3a1cdbed504 timing-allow-origin * cdn-requestcountrycode US cdn-status 200 cf-ray 8925fe824fe7ab60-YYZ cdn-requestpullsuccess True
GET H2	200	jquery-3.2.1.slim.min.js Show response code.jquery.com/	68 KB 23 KB	21ms 19ms	Script application/javascript	151.101.130.137 FASTLY
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.2.1.slim.min.js Requested by Host: wandering-bush-0eb4.walici1425.workers.dev URL: https://wandering-bush-0eb4.walici1425.workers.dev/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.130.137 San Francisco, United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash 9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://wandering-bush-0eb4.walici1425.workers.dev/ Accept-Language en-CA,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 12 Jun 2024 01:16:12 GMT content-encoding gzip via 1.1 varnish, 1.1 varnish age 3437593 x-cache HIT, HIT content-length 23856 x-served-by cache-lga21963-LGA, cache-yyz4577-YYZ last-modified Fri, 18 Oct 1991 12:00:00 GMT server nginx x-timer S1718154973.524435,VS0,VE0 etag W/"28feccc0-10fdd" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=604800 accept-ranges bytes x-cache-hits 34, 20140
GET H3	200	bootstrap.min.js Show response stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/	50 KB 16 KB	54ms 35ms	Script application/javascript	104.18.10.207 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js Requested by Host: wandering-bush-0eb4.walici1425.workers.dev URL: https://wandering-bush-0eb4.walici1425.workers.dev/ Protocol H3 Security QUIC, , AES_128_GCM Server 104.18.10.207 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://wandering-bush-0eb4.walici1425.workers.dev/ Accept-Language en-CA,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 12 Jun 2024 01:16:12 GMT content-encoding gzip x-content-type-options nosniff cf-cache-status HIT cdn-edgestorageid 976 strict-transport-security max-age=31536000; includeSubDomains; preload age 3742531 cdn-cachedat 09/03/2022 05:38:18 cdn-pullzone 252412 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 last-modified Mon, 25 Jan 2021 22:04:06 GMT cdn-proxyver 1.02 cdn-requestpullcode 200 server cloudflare etag W/"67176c242e1bdc20603c878dee836df3" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cdn-cache HIT cdn-uid b1941f61-b576-4f40-80de-5677acb38f74 cache-control public, max-age=31919000 cdn-requestid c481a00ec7a45a9e7242eaefa5b2f00b timing-allow-origin * cdn-requestcountrycode US cdn-status 200 cf-ray 8925fe826803ab60-YYZ cdn-requestpullsuccess True
GET H2	206	wet%2Fvideo-02.mp4 firebasestorage.googleapis.com/v0/b/inst-gmal.appspot.com/o/	2 MB 2 MB	311ms 310ms	Media video/mp4	173.194.204.95 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://firebasestorage.googleapis.com/v0/b/inst-gmal.appspot.com/o/wet%2Fvideo-02.mp4?alt=media&token=97f4df60-e198-4a83-9e25-fe7637502289&_gl=1*1c904v2*_ga*MTk2MzM1NzQ2OC4xNjYwNjA0MjY2*_ga_CW55HF8NVT*MTY5NjM4MDE4Ni4yNC4xLjE2OTYzODA2NTMuMzcuMC4w Requested by Host: wandering-bush-0eb4.walici1425.workers.dev URL: https://wandering-bush-0eb4.walici1425.workers.dev/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 173.194.204.95 , United States, ASN15169 (GOOGLE, US), Reverse DNS qb-in-f95.1e100.net Software UploadServer / Resource Hash 4b614662d1be74f6a964c1e8318e83f4d0a9135acb424b21f2b43484c494807d Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Accept-Encoding identity;q=1, *;q=0 Accept-Language en-CA,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Referer https://wandering-bush-0eb4.walici1425.workers.dev/ Range bytes=0- sec-ch-ua-platform "Win32" Response headers date Wed, 12 Jun 2024 01:16:12 GMT x-guploader-uploadid ABPtcPrMybsYmox_qLFsvS7OTDWbdmWAZFI4lBzacW3LGSWmlmecmh1mfpzR-fSJ-U1KOtBC950 x-goog-storage-class STANDARD Content-Range bytes 0-1843142/1843143 x-goog-metageneration 1 x-goog-stored-content-encoding identity content-disposition inline; filename*=utf-8''video-02.mp4 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Content-Length 1843143 last-modified Wed, 04 Oct 2023 00:45:04 GMT server UploadServer etag "0f6d74007296c76fd98f4cb41c46ebd2" x-goog-generation 1696380304466227 content-type video/mp4 x-goog-hash crc32c=G51SBA==, md5=D210AHKWx2/Zj0y0HEbr0g== cache-control private, max-age=0 x-goog-stored-content-length 1843143 x-goog-meta-firebasestoragedownloadtokens 97f4df60-e198-4a83-9e25-fe7637502289 accept-ranges bytes expires Wed, 12 Jun 2024 01:16:12 GMT
GET H2	200	/ Show response api.ipify.org/	22 B 155 B	93ms 41ms	XHR application/json	104.26.12.205 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://api.ipify.org/?format=json Requested by Host: ajax.googleapis.com URL: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.26.12.205 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8f6922ed0cbf7971f65a03fed92ec1b75bf963f462a947be7930b85a7aba1f23 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Accept application/json, text/javascript, */*; q=0.01 Referer https://wandering-bush-0eb4.walici1425.workers.dev/ Accept-Language en-CA,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 12 Jun 2024 01:16:12 GMT cf-cache-status DYNAMIC server cloudflare vary Origin content-type application/json access-control-allow-origin * cf-ray 8925fe832e6baae6-YYZ content-length 22
GET H3	200	favicon.ico wandering-bush-0eb4.walici1425.workers.dev/	24 KB 7 KB	36ms 35ms	Other text/html	104.21.31.203 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wandering-bush-0eb4.walici1425.workers.dev/favicon.ico Protocol H3 Security QUIC, , AES_128_GCM Server 104.21.31.203 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 1591f3ae5405bec3a4e3e3ef1fdbc5ef9af87ff2348a5ac2a8346ddc645c43b8 Request headers sec-ch-ua "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125" Referer https://wandering-bush-0eb4.walici1425.workers.dev/ Accept-Language en-CA,en;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 12 Jun 2024 01:16:13 GMT content-encoding br nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6sG4QxphiogBlDuRilDDc9ZALNi9%2BTjkbO4VuT%2BF9KtM7XPUrkVXh0IwqvtMKKdMxghkqepEihFU5wEimBUV1F%2FbhCUg3QcbxG0BFwW5pWtdXONtD5DXvay%2B8WNVSt3tSSK3BqhrS3oDPZUknlxh7QpK8NiV5WurEv0hroY%3D"}],"group":"cf-nel","max_age":604800} content-type text/html;charset=UTF-8 cf-ray 8925fe854809abae-YYZ alt-svc h3=":443"; ma=86400

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online) WeTransfer (Online)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| Popper object| bootstrap object| _0xcbb3 string| f string| rc undefined| rdrt undefined| domain_redirect string| userIP

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://wandering-bush-0eb4.walici1425.workers.dev/ Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
api.ipify.org
cdnjs.cloudflare.com
code.jquery.com
firebasestorage.googleapis.com
maxcdn.bootstrapcdn.com
stackpath.bootstrapcdn.com
wandering-bush-0eb4.walici1425.workers.dev
104.17.24.14
104.18.10.207
104.21.31.203
104.26.12.205
151.101.130.137
173.194.204.95
173.194.207.95
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
1591f3ae5405bec3a4e3e3ef1fdbc5ef9af87ff2348a5ac2a8346ddc645c43b8
4145c2d9025418d78e3faf00ff88cfb9f829dff968a21984483a0479c9926653
4b614662d1be74f6a964c1e8318e83f4d0a9135acb424b21f2b43484c494807d
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
70082a7cc390868b292ae6f945ff423a39ba1fd12654d25e75b0af360995da2c
72d11555972a6f3b75c19057d0fb0013ea2bb592b6a011e79ed87afcbd2bbfe6
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7f3dd3c5c2e305bfca480c3d1f64c4780f56e43a4514378ca60e33dd01ee1e4b
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
8f6922ed0cbf7971f65a03fed92ec1b75bf963f462a947be7930b85a7aba1f23
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
d8aa24ecc6cecb1a60515bc093f1c9da38a0392612d9ab8ae0f7f36e6eee1fad
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b