![](/screenshots/52aeea04-d66f-4177-abdb-6437fc1c8aa4.png)
damp-pine-9b71.kxy3oc4m.workers.dev
Open in
urlscan Pro
2a06:98c1:3121::3
Malicious Activity!
Public Scan
Effective URL: https://damp-pine-9b71.kxy3oc4m.workers.dev/66c29fad-aba2-4b2b-bc61-c8d19267b937/
Submission: On June 23 via automatic, source openphish — Scanned from NL
Summary
TLS certificate: Issued by WE1 on June 18th 2024. Valid for: 3 months.
This is the only time damp-pine-9b71.kxy3oc4m.workers.dev was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: OneDrive (Online) Adobe (Consumer) Generic (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2a06:98c1:312... 2a06:98c1:3121::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2606:4700:440... 2606:4700:4400::ac40:9a6b | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 2a04:4e42:200... 2a04:4e42:200::649 | 54113 (FASTLY) (FASTLY) | |
1 | 172.64.154.107 172.64.154.107 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | () () | ||
2 | 2a00:1450:400... 2a00:1450:4001:827::200a | 15169 (GOOGLE) (GOOGLE) | |
2 | 104.18.10.207 104.18.10.207 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:810::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2606:4700:440... 2606:4700:4400::6812:2844 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2620:0:890::100 2620:0:890::100 | 54113 (FASTLY) (FASTLY) | |
1 | 162.19.58.156 162.19.58.156 | 16276 (OVH) (OVH) | |
1 | 104.17.24.14 104.17.24.14 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 172.67.139.119 172.67.139.119 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
21 | 14 |
ASN13335 (CLOUDFLARENET, US)
damp-pine-9b71.kxy3oc4m.workers.dev |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
fontawesome.com
kit.fontawesome.com — Cisco Umbrella Rank: 2060 ka-f.fontawesome.com — Cisco Umbrella Rank: 5357 |
23 KB |
3 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 469 fonts.googleapis.com — Cisco Umbrella Rank: 83 |
31 KB |
3 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 816 |
83 KB |
3 |
codesandbox.io
codesandbox.io — Cisco Umbrella Rank: 120837 |
48 KB |
2 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1286 |
39 KB |
2 |
workers.dev
damp-pine-9b71.kxy3oc4m.workers.dev |
1 MB |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 268 |
7 KB |
1 |
ibb.co
i.ibb.co — Cisco Umbrella Rank: 10821 |
1 KB |
1 |
web.app
pastukalmau.web.app |
6 KB |
21 | 9 |
Domain | Requested by | |
---|---|---|
3 | code.jquery.com |
damp-pine-9b71.kxy3oc4m.workers.dev
|
3 | codesandbox.io |
damp-pine-9b71.kxy3oc4m.workers.dev
codesandbox.io |
2 | ka-f.fontawesome.com |
kit.fontawesome.com
|
2 | maxcdn.bootstrapcdn.com |
damp-pine-9b71.kxy3oc4m.workers.dev
|
2 | ajax.googleapis.com |
damp-pine-9b71.kxy3oc4m.workers.dev
|
2 | damp-pine-9b71.kxy3oc4m.workers.dev |
damp-pine-9b71.kxy3oc4m.workers.dev
|
1 | cdnjs.cloudflare.com |
damp-pine-9b71.kxy3oc4m.workers.dev
|
1 | i.ibb.co |
damp-pine-9b71.kxy3oc4m.workers.dev
|
1 | pastukalmau.web.app |
damp-pine-9b71.kxy3oc4m.workers.dev
|
1 | kit.fontawesome.com |
damp-pine-9b71.kxy3oc4m.workers.dev
|
1 | fonts.googleapis.com |
damp-pine-9b71.kxy3oc4m.workers.dev
|
21 | 11 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
kxy3oc4m.workers.dev WE1 |
2024-06-18 - 2024-09-16 |
3 months | crt.sh |
codesandbox.io E6 |
2024-06-22 - 2024-09-20 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
upload.video.google.com WR2 |
2024-06-03 - 2024-08-26 |
3 months | crt.sh |
bootstrapcdn.com GTS CA 1P5 |
2024-05-25 - 2024-08-23 |
3 months | crt.sh |
*.fontawesome.com DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2023-12-04 - 2025-01-03 |
a year | crt.sh |
web.app WR4 |
2024-05-21 - 2024-08-19 |
3 months | crt.sh |
ibb.co R10 |
2024-06-21 - 2024-09-19 |
3 months | crt.sh |
cdnjs.cloudflare.com E1 |
2024-06-02 - 2024-08-31 |
3 months | crt.sh |
ka-f.fontawesome.com GTS CA 1P5 |
2024-05-03 - 2024-08-01 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://damp-pine-9b71.kxy3oc4m.workers.dev/66c29fad-aba2-4b2b-bc61-c8d19267b937/
Frame ID: C76BD1C24EA008CB73B0679090BA098F
Requests: 26 HTTP requests in this frame
Screenshot
![](/screenshots/52aeea04-d66f-4177-abdb-6437fc1c8aa4.png)
Page URL History Show full URLs
-
http://damp-pine-9b71.kxy3oc4m.workers.dev/66c29fad-aba2-4b2b-bc61-c8d19267b937/
HTTP 307
https://damp-pine-9b71.kxy3oc4m.workers.dev/66c29fad-aba2-4b2b-bc61-c8d19267b937/ Page URL
Detected technologies
![](/vendor/wappa/icons/Bootstrap.png)
Detected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
![](/vendor/wappa/icons/Font Awesome.png)
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- kit\.fontawesome\.com/([0-9a-z]+).js
![](/vendor/wappa/icons/Popper.png)
Detected patterns
- /popper\.js/([0-9.]+)
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://damp-pine-9b71.kxy3oc4m.workers.dev/66c29fad-aba2-4b2b-bc61-c8d19267b937/
HTTP 307
https://damp-pine-9b71.kxy3oc4m.workers.dev/66c29fad-aba2-4b2b-bc61-c8d19267b937/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
damp-pine-9b71.kxy3oc4m.workers.dev/66c29fad-aba2-4b2b-bc61-c8d19267b937/ Redirect Chain
|
9 MB 1 MB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sse-hooks.7a01a0f7b828579aff40884fc77e13bc.js
codesandbox.io/public/sse-hooks/ |
172 KB 44 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
banner.d9cb10a38.js
codesandbox.io/static/js/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.4.1.min.js
code.jquery.com/ |
86 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
watermark-button.eeb14a97b.js
codesandbox.io/static/js/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
phishing
codesandbox.io/api/v1/sandboxes/damp-pine-9b71/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
3b0a2113-ffe9-428a-aa5a-abf5f16ab1b3
https://damp-pine-9b71.kxy3oc4m.workers.dev/ |
7 MB 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
favicon.ico
damp-pine-9b71.kxy3oc4m.workers.dev/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ |
84 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.1.1.min.js
code.jquery.com/ |
85 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/ |
141 KB 25 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
422 B 734 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
585b051251.js
kit.fontawesome.com/ |
12 KB 5 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
boostyles.css
pastukalmau.web.app/ |
112 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gmail1.png
i.ibb.co/1Rvzzk8/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.2.1.slim.min.js
code.jquery.com/ |
68 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/ |
19 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/ |
48 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
free.min.css
ka-f.fontawesome.com/releases/v5.15.4/css/ |
59 KB 13 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
free-v4-shims.min.css
ka-f.fontawesome.com/releases/v5.15.4/css/ |
26 KB 5 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
30 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
771 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
18 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
21 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
157 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ |
84 KB 0 |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- codesandbox.io
- URL
- https://codesandbox.io/api/v1/sandboxes/damp-pine-9b71/phishing
- Domain
- damp-pine-9b71.kxy3oc4m.workers.dev
- URL
- https://damp-pine-9b71.kxy3oc4m.workers.dev/favicon.ico
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: OneDrive (Online) Adobe (Consumer) Generic (Online)151 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
undefined| event object| fence object| sharedStorage string| s string| m function| $ function| jQuery object| FontAwesomeKitConfig string| _0xod8 number| _0xod8_ object| _0x31ed function| _0x3d69 string| _0xoda number| _0xoda_ object| _0x2a55 function| _0x293b string| _0xodS number| _0xodS_ object| _0x3011 function| _0x7eaa function| Popper object| bootstrap function| liiI6y4ca56NC1o2nfu6se6iiii function| LLLl6y4ca56NC1o2nfu6se6iii string| OXVf6PB object| djfRW8l function| UlppGQ object| nnSGnkZ number| YgbBx8 object| rFepBE string| E2qh9fe string| Rau4YG string| SRWhIH8 string| OsT_CxU string| q7X6Nx string| jocDxN string| iVTGYp string| Flo28kV string| e2Ok5_ string| Ypl9JmV string| E5ZDgo string| Svsin8e string| meyh6s string| KMaYfR string| CKiMtF string| myUuNS0 string| pgrsQoP string| _fpvR_ string| WGNvnOl string| UCVyXq8 string| liF3xOh string| cvR_L2 string| Irmz4BX string| xEDCBG string| MYAUN9 string| fC2HCMT string| UMm4LN string| KfUgWS string| PWzg3sW string| Me7M4wE string| Q3kr9l string| e0K9e7L string| cwaGnFM string| WNXmgRv string| R9IBGd string| PXP2bm string| KRNp6C string| DOI0fIv string| NlUcDiz string| pFLSZJ string| Frsof8 string| YGeW5w string| bA_UmD string| sm_g5dq string| EilzcV string| U2HMNDO string| q8NV2_a string| fOYcEsD string| eJex_J string| vZJqFU string| c7qk9w string| gJ3L7kb string| urX1YSN string| U5N0ws string| HYx5Mb string| UB8AZS string| kJTgSh5 string| A9Y_6s2 string| W_p_0El string| dk2bMU string| wx5EYW string| MTbG8N5 string| vAUZjs string| nAcoJj string| folstR3 string| TlGDVn string| A0osuUr string| KM6Dbw3 string| t82ljSK string| xsaGUd string| Whq49q string| SYQFXW string| lSR566 string| QiX45G8 string| NaigdVW string| NEoEzNB string| EY7LhJ string| _6ST7b string| TBNUM7P string| dv71qa string| lj62Il string| AS4yus string| isJExA1 string| dLF6bWj string| ryiS4m string| QMzuln string| LzJzrb string| gC156F string| DrChls string| JYWemhb string| M1dYwFL string| Gc0EOU string| EAEROcy string| SfxH_a string| HvdNEx string| b1UxMB2 string| lBkpCVG string| sPAzLp string| z4OoYQb string| h4ayFdG string| fecT0o function| iiii6y4ca56nc1o2nfu6se6iiii string| or30lW object| yWLLi4l object| CkK9QS object| QV8md_k object| Z2sSIa function| loVmmgG function| ZByyzPW undefined| gDo7R9 function| CaUxzo function| CxdQIo function| tFnYYB function| llii6y4ca56nc1o2nfu6se6iiii function| JkIgZLF function| lllll6y4ca56nc1o2nfu6se6llll function| x6P7htQ function| LUfLwt function| LpskrC function| OnxCQ0m function| llll6y4ca56nc1o2nfu6se6lii1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.codesandbox.io/ | Name: _cfuvid Value: T3p3XQdWFz_GQoxgqxZoYN1P21xpkwhh71sdXPQ6bBk-1719147999573-0.0.1.1-604800000 |
11 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
cdnjs.cloudflare.com
code.jquery.com
codesandbox.io
damp-pine-9b71.kxy3oc4m.workers.dev
fonts.googleapis.com
i.ibb.co
ka-f.fontawesome.com
kit.fontawesome.com
maxcdn.bootstrapcdn.com
pastukalmau.web.app
codesandbox.io
damp-pine-9b71.kxy3oc4m.workers.dev
104.17.24.14
104.18.10.207
162.19.58.156
172.64.154.107
172.67.139.119
2606:4700:4400::6812:2844
2606:4700:4400::ac40:9a6b
2620:0:890::100
2a00:1450:4001:810::200a
2a00:1450:4001:827::200a
2a04:4e42:200::649
2a06:98c1:3121::3
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
26c62dbdf527b8dcbf378ea62f129cbbba3b244730687909ba21ecd729c9d2e6
2bc55cccef92ca55d0d6fa4fc66bf1064ec6b35d8bcd2b75eb561dea0f4bbe72
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
3a9b144d6482b78afc4e0a940a1d3c22240f14fa535b808cf4dab9635339569f
57898461712a639d119bdf88b7145919dcc8956c7a271d2e4a1084b29eae6785
5c7048cd8ab1bb1c4c43a630fb6072f88e677514ead595b451496c7196b2c6ce
63e3696c5e5e8b037e28e8fbef871184b0d1d60a7314c965b1426d9cce84dd69
699f1474d4c70e7810b805d7fbaa00a0db43ebc16e10c92fbfd27d56ca8f7875
6dea47458a4cd7cd7312cc780a53c62e0c8b3ccc8d0b13c1ac0ea6e3dfcecea8
7829f065e0e10c8466f3d57766e0719421b7b652f6a1082f21b98702f1b28a30
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398
a1f75d6278713a84a8f28a392c77ca8a6a7c32bf14314d4a34a6ce2f06cfdf7a
a2f26b68a6c8810c1aeb4048c938f835a86ba83756a7a440f989b967e78f3ba8
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
d3313ef22afbf2e1b708ceef5e824ef12a338d51e497390376ec78f487021ae3
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
fc5128dfdcdfa0c3a9967a6d2f19399d7bf1aaae6ad7571b96b03915a1f30dda