urlscan.io logo urlscan.io
SecurityTrails logo

damp-pine-9b71.kxy3oc4m.workers.dev Open in urlscan Pro
2a06:98c1:3121::3  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://damp-pine-9b71.kxy3oc4m.workers.dev/66c29fad-aba2-4b2b-bc61-c8d19267b937/
Effective URL: https://damp-pine-9b71.kxy3oc4m.workers.dev/66c29fad-aba2-4b2b-bc61-c8d19267b937/
Submission: On June 23 via automatic, source openphish — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 14 IPs in 4 countries across 9 domains to perform 21 HTTP transactions. The main IP is 2a06:98c1:3121::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is damp-pine-9b71.kxy3oc4m.workers.dev.
TLS certificate: Issued by WE1 on June 18th 2024. Valid for: 3 months.
This is the only time damp-pine-9b71.kxy3oc4m.workers.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: OneDrive (Online) Adobe (Consumer) Generic (Online)

Domain & IP information

IP Address AS Autonomous System
1 2a06:98c1:312... 13335 (CLOUDFLAR...)
2 2606:4700:440... 13335 (CLOUDFLAR...)
3 2a04:4e42:200... 54113 (FASTLY)
1 172.64.154.107 13335 (CLOUDFLAR...)
1 ()
2 2a00:1450:400... 15169 (GOOGLE)
2 104.18.10.207 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700:440... 13335 (CLOUDFLAR...)
1 2620:0:890::100 54113 (FASTLY)
1 162.19.58.156 16276 (OVH)
1 104.17.24.14 13335 (CLOUDFLAR...)
2 172.67.139.119 13335 (CLOUDFLAR...)
21 14
1    2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)
damp-pine-9b71.kxy3oc4m.workers.dev
2    2606:4700:4400::ac40:9a6b (United States)

ASN13335 (CLOUDFLARENET, US)
codesandbox.io
3    2a04:4e42:200::649 (United States)

ASN54113 (FASTLY, US)
code.jquery.com
1    172.64.154.107 (None, )

ASN13335 (CLOUDFLARENET, US)
codesandbox.io
1    (None, )

ASN- ()
damp-pine-9b71.kxy3oc4m.workers.dev
2    2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
2    104.18.10.207 (None, )

ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com
1    2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2606:4700:4400::6812:2844 (United States)

ASN13335 (CLOUDFLARENET, US)
kit.fontawesome.com
1    2620:0:890::100 (United States)

ASN54113 (FASTLY, US)
pastukalmau.web.app
1    162.19.58.156 (France)

ASN16276 (OVH, FR)
PTR: ns3096358.ip-162-19-58.eu
i.ibb.co
1    104.17.24.14 (None, )

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
2    172.67.139.119 (United States)

ASN13335 (CLOUDFLARENET, US)
ka-f.fontawesome.com
Apex Domain
Subdomains		 Transfer
3 fontawesome.com
kit.fontawesome.com — Cisco Umbrella Rank: 2060
ka-f.fontawesome.com — Cisco Umbrella Rank: 5357
23 KB
3 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 469
fonts.googleapis.com — Cisco Umbrella Rank: 83
31 KB
3 jquery.com
code.jquery.com — Cisco Umbrella Rank: 816
83 KB
3 codesandbox.io
codesandbox.io — Cisco Umbrella Rank: 120837
48 KB
2 bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1286
39 KB
2 workers.dev
damp-pine-9b71.kxy3oc4m.workers.dev
1 MB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 268
7 KB
1 ibb.co
i.ibb.co — Cisco Umbrella Rank: 10821
1 KB
1 web.app
pastukalmau.web.app
6 KB
21 9
Domain Requested by
3 code.jquery.com damp-pine-9b71.kxy3oc4m.workers.dev
3 codesandbox.io damp-pine-9b71.kxy3oc4m.workers.dev
codesandbox.io
2 ka-f.fontawesome.com kit.fontawesome.com
2 maxcdn.bootstrapcdn.com damp-pine-9b71.kxy3oc4m.workers.dev
2 ajax.googleapis.com damp-pine-9b71.kxy3oc4m.workers.dev
2 damp-pine-9b71.kxy3oc4m.workers.dev damp-pine-9b71.kxy3oc4m.workers.dev
1 cdnjs.cloudflare.com damp-pine-9b71.kxy3oc4m.workers.dev
1 i.ibb.co damp-pine-9b71.kxy3oc4m.workers.dev
1 pastukalmau.web.app damp-pine-9b71.kxy3oc4m.workers.dev
1 kit.fontawesome.com damp-pine-9b71.kxy3oc4m.workers.dev
1 fonts.googleapis.com damp-pine-9b71.kxy3oc4m.workers.dev
21 11

This site contains no links.

Subject Issuer Validity Valid
kxy3oc4m.workers.dev
WE1		 2024-06-18 -
2024-09-16		 3 months crt.sh
codesandbox.io
E6		 2024-06-22 -
2024-09-20		 3 months crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2023-07-11 -
2024-07-14		 a year crt.sh
upload.video.google.com
WR2		 2024-06-03 -
2024-08-26		 3 months crt.sh
bootstrapcdn.com
GTS CA 1P5		 2024-05-25 -
2024-08-23		 3 months crt.sh
*.fontawesome.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-12-04 -
2025-01-03		 a year crt.sh
web.app
WR4		 2024-05-21 -
2024-08-19		 3 months crt.sh
ibb.co
R10		 2024-06-21 -
2024-09-19		 3 months crt.sh
cdnjs.cloudflare.com
E1		 2024-06-02 -
2024-08-31		 3 months crt.sh
ka-f.fontawesome.com
GTS CA 1P5		 2024-05-03 -
2024-08-01		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://damp-pine-9b71.kxy3oc4m.workers.dev/66c29fad-aba2-4b2b-bc61-c8d19267b937/
Frame ID: C76BD1C24EA008CB73B0679090BA098F
Requests: 26 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://damp-pine-9b71.kxy3oc4m.workers.dev/66c29fad-aba2-4b2b-bc61-c8d19267b937/ HTTP 307
    https://damp-pine-9b71.kxy3oc4m.workers.dev/66c29fad-aba2-4b2b-bc61-c8d19267b937/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • kit\.fontawesome\.com/([0-9a-z]+).js
Overall confidence: 100%
Detected patterns
  • /popper\.js/([0-9.]+)
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

21
Requests

90 %
HTTPS

54 %
IPv6

9
Domains

11
Subdomains

14
IPs

4
Countries

1704 kB
Transfer

17155 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://damp-pine-9b71.kxy3oc4m.workers.dev/66c29fad-aba2-4b2b-bc61-c8d19267b937/ HTTP 307
    https://damp-pine-9b71.kxy3oc4m.workers.dev/66c29fad-aba2-4b2b-bc61-c8d19267b937/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
damp-pine-9b71.kxy3oc4m.workers.dev/66c29fad-aba2-4b2b-bc61-c8d19267b937/
Redirect Chain
  • http://damp-pine-9b71.kxy3oc4m.workers.dev/66c29fad-aba2-4b2b-bc61-c8d19267b937/
  • https://damp-pine-9b71.kxy3oc4m.workers.dev/66c29fad-aba2-4b2b-bc61-c8d19267b937/
9 MB
1 MB 		Document
General
Check archive.org
Download Go to
Full URL
https://damp-pine-9b71.kxy3oc4m.workers.dev/66c29fad-aba2-4b2b-bc61-c8d19267b937/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
699f1474d4c70e7810b805d7fbaa00a0db43ebc16e10c92fbfd27d56ca8f7875

Request headers

Accept-Language
nl-NL,nl;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cf-ray
8984b24ddfed3621-FRA
content-encoding
br
content-type
text/html;charset=UTF-8
date
Sun, 23 Jun 2024 13:06:38 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EOKFHuFwn5t6BlzT2Q0WHqbAaVMuj9BJZePtXldTBINx73CZ%2Flld5L2d3%2BH1zD7%2BfipDPXbR5d4T%2BLkzzl4k481RdWyRsCUYm%2F6gFjthfv4zEI8QdqgeaMr3G6jTuawJ2BP0O7IPS28HJyFqW5s09D%2Fip1zzRDjpTtLhIgn5ZvLXpg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

Cross-Origin-Resource-Policy
Cross-Origin
Location
https://damp-pine-9b71.kxy3oc4m.workers.dev/66c29fad-aba2-4b2b-bc61-c8d19267b937/
Non-Authoritative-Reason
HSTS
sse-hooks.7a01a0f7b828579aff40884fc77e13bc.js
codesandbox.io/public/sse-hooks/ 		172 KB
44 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://codesandbox.io/public/sse-hooks/sse-hooks.7a01a0f7b828579aff40884fc77e13bc.js
Requested by
Host: damp-pine-9b71.kxy3oc4m.workers.dev
URL: https://damp-pine-9b71.kxy3oc4m.workers.dev/66c29fad-aba2-4b2b-bc61-c8d19267b937/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9a6b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://damp-pine-9b71.kxy3oc4m.workers.dev/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 23 Jun 2024 13:06:39 GMT
content-encoding
gzip
via
1.1 google
cf-cache-status
HIT
age
8795130
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 28 Feb 2024 15:36:48 GMT
server
cloudflare
etag
W/"65df5310-2b1a3"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=315360000
cf-ray
8984b25529f24d74-FRA
expires
Thu, 31 Dec 2037 23:55:55 GMT
banner.d9cb10a38.js
codesandbox.io/static/js/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://codesandbox.io/static/js/banner.d9cb10a38.js
Requested by
Host: damp-pine-9b71.kxy3oc4m.workers.dev
URL: https://damp-pine-9b71.kxy3oc4m.workers.dev/66c29fad-aba2-4b2b-bc61-c8d19267b937/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9a6b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://damp-pine-9b71.kxy3oc4m.workers.dev/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 23 Jun 2024 13:06:39 GMT
content-encoding
gzip
via
1.1 google
cf-cache-status
HIT
age
1020941
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 18 Mar 2024 11:14:01 GMT
server
cloudflare
etag
W/"65f821f9-efa"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=315360000
cf-ray
8984b25529f54d74-FRA
expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery-3.4.1.min.js
code.jquery.com/ 		86 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.4.1.min.js
Requested by
Host: damp-pine-9b71.kxy3oc4m.workers.dev
URL: https://damp-pine-9b71.kxy3oc4m.workers.dev/66c29fad-aba2-4b2b-bc61-c8d19267b937/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://damp-pine-9b71.kxy3oc4m.workers.dev/
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 23 Jun 2024 13:06:39 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
11066496
x-cache
HIT, HIT
content-length
30638
x-served-by
cache-lga21965-LGA, cache-mad2200094-MAD
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1719148000.552059,VS0,VE0
etag
W/"28feccc0-15851"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
14, 195652
watermark-button.eeb14a97b.js
codesandbox.io/static/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://codesandbox.io/static/js/watermark-button.eeb14a97b.js
Requested by
Host: damp-pine-9b71.kxy3oc4m.workers.dev
URL: https://damp-pine-9b71.kxy3oc4m.workers.dev/66c29fad-aba2-4b2b-bc61-c8d19267b937/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.64.154.107 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://damp-pine-9b71.kxy3oc4m.workers.dev/
Origin
https://damp-pine-9b71.kxy3oc4m.workers.dev
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 23 Jun 2024 13:06:39 GMT
content-encoding
gzip
via
1.1 google
cf-cache-status
HIT
age
65951
alt-svc
h3=":443"; ma=86400
last-modified
Tue, 18 Jun 2024 13:37:37 GMT
server
cloudflare
etag
W/"66718da1-ac1"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=315360000
cf-ray
8984b2552de4361e-FRA
expires
Thu, 31 Dec 2037 23:55:55 GMT
phishing
codesandbox.io/api/v1/sandboxes/damp-pine-9b71/ 		0
0
3b0a2113-ffe9-428a-aa5a-abf5f16ab1b3
https://damp-pine-9b71.kxy3oc4m.workers.dev/ 		7 MB
0 		Document
General
Check archive.org
Download Go to
Full URL
blob:https://damp-pine-9b71.kxy3oc4m.workers.dev/3b0a2113-ffe9-428a-aa5a-abf5f16ab1b3
Requested by
Host: damp-pine-9b71.kxy3oc4m.workers.dev
URL: https://damp-pine-9b71.kxy3oc4m.workers.dev/66c29fad-aba2-4b2b-bc61-c8d19267b937/
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5c7048cd8ab1bb1c4c43a630fb6072f88e677514ead595b451496c7196b2c6ce

Request headers

Accept-Language
nl-NL,nl;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Content-Length
6988378
Content-Type
text/html
favicon.ico
damp-pine-9b71.kxy3oc4m.workers.dev/ 		0
0
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ 		84 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Requested by
Host: damp-pine-9b71.kxy3oc4m.workers.dev
URL: https://damp-pine-9b71.kxy3oc4m.workers.dev/66c29fad-aba2-4b2b-bc61-c8d19267b937/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 22 Jun 2024 08:14:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
103955
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
30028
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 22 Jun 2025 08:14:08 GMT
jquery-3.1.1.min.js
code.jquery.com/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.1.1.min.js
Requested by
Host: damp-pine-9b71.kxy3oc4m.workers.dev
URL: https://damp-pine-9b71.kxy3oc4m.workers.dev/66c29fad-aba2-4b2b-bc61-c8d19267b937/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 23 Jun 2024 13:06:43 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
2877647
x-cache
HIT, HIT
content-length
30070
x-served-by
cache-lga21947-LGA, cache-mad2200094-MAD
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1719148004.901159,VS0,VE0
etag
W/"28feccc0-152b5"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
40015, 23923
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/ 		141 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
Requested by
Host: damp-pine-9b71.kxy3oc4m.workers.dev
URL: https://damp-pine-9b71.kxy3oc4m.workers.dev/66c29fad-aba2-4b2b-bc61-c8d19267b937/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.10.207 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Origin
https://damp-pine-9b71.kxy3oc4m.workers.dev
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 23 Jun 2024 13:06:43 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
1048
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
3910
cdn-cachedat
03/18/2024 12:51:41
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:04:04 GMT
cdn-proxyver
1.04
cdn-requestpullcode
200
server
cloudflare
etag
W/"450fc463b8b1a349df717056fbb3e078"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
337efb673b141c7d176be707fa54e6d7
timing-allow-origin
*
cdn-requestcountrycode
DE
cdn-status
200
cf-ray
8984b2708b556922-FRA
cdn-requestpullsuccess
True
css
fonts.googleapis.com/ 		422 B
734 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Yellowtail&display=swap
Requested by
Host: damp-pine-9b71.kxy3oc4m.workers.dev
URL: https://damp-pine-9b71.kxy3oc4m.workers.dev/66c29fad-aba2-4b2b-bc61-c8d19267b937/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2bc55cccef92ca55d0d6fa4fc66bf1064ec6b35d8bcd2b75eb561dea0f4bbe72
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Sun, 23 Jun 2024 13:06:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sun, 23 Jun 2024 13:06:44 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 23 Jun 2024 13:06:44 GMT
585b051251.js
kit.fontawesome.com/ 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://kit.fontawesome.com/585b051251.js
Requested by
Host: damp-pine-9b71.kxy3oc4m.workers.dev
URL: https://damp-pine-9b71.kxy3oc4m.workers.dev/66c29fad-aba2-4b2b-bc61-c8d19267b937/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2844 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a1f75d6278713a84a8f28a392c77ca8a6a7c32bf14314d4a34a6ce2f06cfdf7a

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Origin
https://damp-pine-9b71.kxy3oc4m.workers.dev
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"
Referer
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 23 Jun 2024 13:06:44 GMT
content-encoding
gzip
cf-cache-status
HIT
server
cloudflare
age
2
vary
origin, accept-encoding, access-control-request-headers, access-control-request-method
access-control-max-age
3000
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
*
content-type
text/javascript
cache-control
max-age=60, public, stale-while-revalidate=30
cf-ray
8984b2712c0a68fe-FRA
access-control-allow-headers
accept, accept-langauge, content-language, content-type, fa-kit-token
x-request-id
F9skqw7aFyEsqqKo11Sh
boostyles.css
pastukalmau.web.app/ 		112 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://pastukalmau.web.app/boostyles.css
Requested by
Host: damp-pine-9b71.kxy3oc4m.workers.dev
URL: https://damp-pine-9b71.kxy3oc4m.workers.dev/66c29fad-aba2-4b2b-bc61-c8d19267b937/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:0:890::100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
d3313ef22afbf2e1b708ceef5e824ef12a338d51e497390376ec78f487021ae3
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-served-by
cache-mad22057-MAD
strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
date
Sun, 23 Jun 2024 13:06:44 GMT
last-modified
Sun, 23 Oct 2022 18:58:34 GMT
x-timer
S1719148004.419772,VS0,VE1
etag
"26a4c7c63e296f01a1529bb9844079162424cc2225ebefde6d8a7b21acc1855f-br"
vary
x-fh-requested-host, accept-encoding
x-cache
HIT
content-type
text/css; charset=utf-8
cache-control
max-age=3600
accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
6276
x-cache-hits
1
gmail1.png
i.ibb.co/1Rvzzk8/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.ibb.co/1Rvzzk8/gmail1.png
Requested by
Host: damp-pine-9b71.kxy3oc4m.workers.dev
URL: https://damp-pine-9b71.kxy3oc4m.workers.dev/66c29fad-aba2-4b2b-bc61-c8d19267b937/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.19.58.156 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3096358.ip-162-19-58.eu
Software
nginx /
Resource Hash
63e3696c5e5e8b037e28e8fbef871184b0d1d60a7314c965b1426d9cce84dd69

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 23 Jun 2024 13:06:44 GMT
server
nginx
content-length
1031
content-type
image/png
jquery-3.2.1.slim.min.js
code.jquery.com/ 		68 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.2.1.slim.min.js
Requested by
Host: damp-pine-9b71.kxy3oc4m.workers.dev
URL: https://damp-pine-9b71.kxy3oc4m.workers.dev/66c29fad-aba2-4b2b-bc61-c8d19267b937/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Origin
https://damp-pine-9b71.kxy3oc4m.workers.dev
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"
Referer
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 23 Jun 2024 13:06:44 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
4430625
x-cache
HIT, HIT
content-length
23856
x-served-by
cache-lga21963-LGA, cache-mad22069-MAD
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1719148004.031835,VS0,VE0
etag
W/"28feccc0-10fdd"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
186880, 42178
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/ 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Requested by
Host: damp-pine-9b71.kxy3oc4m.workers.dev
URL: https://damp-pine-9b71.kxy3oc4m.workers.dev/66c29fad-aba2-4b2b-bc61-c8d19267b937/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Origin
https://damp-pine-9b71.kxy3oc4m.workers.dev
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"
Referer
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 23 Jun 2024 13:06:43 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
245862
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
6157
last-modified
Mon, 04 May 2020 16:15:37 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03fa9-4af4"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Igp5XzUr6UDpMJnPEMdzujArk2c74nO%2FFxGqEM6oRKHhc22ZWZQI6inZtFZoZ9LqFN47SwEQn1hEiBo7ZqEa4y4%2F1gjsv8Ld7Zr0%2Ft8T5BtWZkUj6dOTKt0bEqSjgqH005wcsAdH"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
8984b2708ee737c8-FRA
expires
Fri, 13 Jun 2025 13:06:43 GMT
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/ 		48 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Requested by
Host: damp-pine-9b71.kxy3oc4m.workers.dev
URL: https://damp-pine-9b71.kxy3oc4m.workers.dev/66c29fad-aba2-4b2b-bc61-c8d19267b937/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.10.207 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Origin
https://damp-pine-9b71.kxy3oc4m.workers.dev
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"
Referer
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 23 Jun 2024 13:06:43 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
1067
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
57205
cdn-cachedat
04/02/2024 02:05:57
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:04:04 GMT
cdn-proxyver
1.04
cdn-requestpullcode
200
server
cloudflare
etag
W/"14d449eb8876fa55e1ef3c2cc52b0c17"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
5f16f1493a3e6cbe906c1757a47bcdb6
timing-allow-origin
*
cdn-requestcountrycode
US
cdn-status
200
cf-ray
8984b2708b536922-FRA
cdn-requestpullsuccess
True
free.min.css
ka-f.fontawesome.com/releases/v5.15.4/css/ 		59 KB
13 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=585b051251
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/585b051251.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.139.119 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fc5128dfdcdfa0c3a9967a6d2f19399d7bf1aaae6ad7571b96b03915a1f30dda

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 23 Jun 2024 13:06:44 GMT
content-encoding
gzip
via
1.1 d3a48a8630785a2a858cfdeb83e66c24.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
AMS1-P2
age
65952
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 04 Aug 2021 18:53:09 GMT
server
cloudflare
etag
W/"a12ec7ebe75a4d59a5dd6b79e2ba2e16"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=subczLzB5wzSXUXOlOOzFm3OV7G6g8N%2BA9mMpQrSWkf4XF3AsfG1Iz2pbPs02rBZ9cFEe7TlQQ9EYR4tAOgGI5w4dG43Huqr%2Byt2jVK%2FL8C8ssif1x9ETqmfhuhSYhf%2BLbxO8KMlRg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=31556926
vary
Accept-Encoding
cf-ray
8984b27399c73651-FRA
access-control-allow-headers
fa-kit-token
x-amz-cf-id
Mgz6ZclnR-HG-UhKmhgXOgPbwq9xoK1b8-TyuO3K23cIsbUPt2f0KQ==
free-v4-shims.min.css
ka-f.fontawesome.com/releases/v5.15.4/css/ 		26 KB
5 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=585b051251
Requested by
Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/585b051251.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.139.119 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6dea47458a4cd7cd7312cc780a53c62e0c8b3ccc8d0b13c1ac0ea6e3dfcecea8

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 23 Jun 2024 13:06:44 GMT
content-encoding
gzip
via
1.1 89a6fa6293c9b0bbce683ad0b9f7f538.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
VIE50-P1
age
527388
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 04 Aug 2021 18:53:09 GMT
server
cloudflare
etag
W/"76f34b71fc9fb641507ff6a822cc07f5"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=twaVZkj%2BTAzIXBVQm560fQjTwWeg2R3QgCOKmystHnmdb6S%2FEALVg7KSXAuj%2FWirmV71u7lAvl5L0AaojeEwoXncI0Ju5X3Gu1kRiIQNMZjrNwDlR7iFEdl91zqnZHfUfrTrVq3DIw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=31556926
vary
Accept-Encoding
cf-ray
8984b27399cb3651-FRA
access-control-allow-headers
fa-kit-token
x-amz-cf-id
lkr-KGvX0HcyPUEK0p7F2rWPaBYAyL9XaoZqqbNZoE3oGuWo5nl74w==
truncated
/ 		30 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
26c62dbdf527b8dcbf378ea62f129cbbba3b244730687909ba21ecd729c9d2e6

Request headers

Accept-Language
nl-NL,nl;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		771 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
57898461712a639d119bdf88b7145919dcc8956c7a271d2e4a1084b29eae6785

Request headers

Accept-Language
nl-NL,nl;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		18 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a2f26b68a6c8810c1aeb4048c938f835a86ba83756a7a440f989b967e78f3ba8

Request headers

Accept-Language
nl-NL,nl;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		21 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3a9b144d6482b78afc4e0a940a1d3c22240f14fa535b808cf4dab9635339569f

Request headers

Accept-Language
nl-NL,nl;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		157 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7829f065e0e10c8466f3d57766e0719421b7b652f6a1082f21b98702f1b28a30

Request headers

Accept-Language
nl-NL,nl;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/jpeg
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ 		84 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Requested by
Host: damp-pine-9b71.kxy3oc4m.workers.dev
URL: blob:https://damp-pine-9b71.kxy3oc4m.workers.dev/3b0a2113-ffe9-428a-aa5a-abf5f16ab1b3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 22 Jun 2024 08:14:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
103955
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
30028
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 22 Jun 2025 08:14:08 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
codesandbox.io
URL
https://codesandbox.io/api/v1/sandboxes/damp-pine-9b71/phishing
Domain
damp-pine-9b71.kxy3oc4m.workers.dev
URL
https://damp-pine-9b71.kxy3oc4m.workers.dev/favicon.ico

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: OneDrive (Online) Adobe (Consumer) Generic (Online)

151 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage string| s string| m function| $ function| jQuery object| FontAwesomeKitConfig string| _0xod8 number| _0xod8_ object| _0x31ed function| _0x3d69 string| _0xoda number| _0xoda_ object| _0x2a55 function| _0x293b string| _0xodS number| _0xodS_ object| _0x3011 function| _0x7eaa function| Popper object| bootstrap function| liiI6y4ca56NC1o2nfu6se6iiii function| LLLl6y4ca56NC1o2nfu6se6iii string| OXVf6PB object| djfRW8l function| UlppGQ object| nnSGnkZ number| YgbBx8 object| rFepBE string| E2qh9fe string| Rau4YG string| SRWhIH8 string| OsT_CxU string| q7X6Nx string| jocDxN string| iVTGYp string| Flo28kV string| e2Ok5_ string| Ypl9JmV string| E5ZDgo string| Svsin8e string| meyh6s string| KMaYfR string| CKiMtF string| myUuNS0 string| pgrsQoP string| _fpvR_ string| WGNvnOl string| UCVyXq8 string| liF3xOh string| cvR_L2 string| Irmz4BX string| xEDCBG string| MYAUN9 string| fC2HCMT string| UMm4LN string| KfUgWS string| PWzg3sW string| Me7M4wE string| Q3kr9l string| e0K9e7L string| cwaGnFM string| WNXmgRv string| R9IBGd string| PXP2bm string| KRNp6C string| DOI0fIv string| NlUcDiz string| pFLSZJ string| Frsof8 string| YGeW5w string| bA_UmD string| sm_g5dq string| EilzcV string| U2HMNDO string| q8NV2_a string| fOYcEsD string| eJex_J string| vZJqFU string| c7qk9w string| gJ3L7kb string| urX1YSN string| U5N0ws string| HYx5Mb string| UB8AZS string| kJTgSh5 string| A9Y_6s2 string| W_p_0El string| dk2bMU string| wx5EYW string| MTbG8N5 string| vAUZjs string| nAcoJj string| folstR3 string| TlGDVn string| A0osuUr string| KM6Dbw3 string| t82ljSK string| xsaGUd string| Whq49q string| SYQFXW string| lSR566 string| QiX45G8 string| NaigdVW string| NEoEzNB string| EY7LhJ string| _6ST7b string| TBNUM7P string| dv71qa string| lj62Il string| AS4yus string| isJExA1 string| dLF6bWj string| ryiS4m string| QMzuln string| LzJzrb string| gC156F string| DrChls string| JYWemhb string| M1dYwFL string| Gc0EOU string| EAEROcy string| SfxH_a string| HvdNEx string| b1UxMB2 string| lBkpCVG string| sPAzLp string| z4OoYQb string| h4ayFdG string| fecT0o function| iiii6y4ca56nc1o2nfu6se6iiii string| or30lW object| yWLLi4l object| CkK9QS object| QV8md_k object| Z2sSIa function| loVmmgG function| ZByyzPW undefined| gDo7R9 function| CaUxzo function| CxdQIo function| tFnYYB function| llii6y4ca56nc1o2nfu6se6iiii function| JkIgZLF function| lllll6y4ca56nc1o2nfu6se6llll function| x6P7htQ function| LUfLwt function| LpskrC function| OnxCQ0m function| llll6y4ca56nc1o2nfu6se6lii

1 Cookies

Domain/Path Name / Value
.codesandbox.io/ Name: _cfuvid
Value: T3p3XQdWFz_GQoxgqxZoYN1P21xpkwhh71sdXPQ6bBk-1719147999573-0.0.1.1-604800000

11 Console Messages

Source Level URL
Text
javascript error URL: https://damp-pine-9b71.kxy3oc4m.workers.dev/66c29fad-aba2-4b2b-bc61-c8d19267b937/
Message:
Access to fetch at 'https://codesandbox.io/api/v1/sandboxes/damp-pine-9b71/phishing' from origin 'https://damp-pine-9b71.kxy3oc4m.workers.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
network error URL: https://codesandbox.io/api/v1/sandboxes/damp-pine-9b71/phishing
Message:
Failed to load resource: net::ERR_FAILED
javascript warning (Line 1)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning (Line 1)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning (Line 1)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-3.1.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning (Line 1)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://kit.fontawesome.com/585b051251.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning (Line 1)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-3.2.1.slim.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning (Line 1)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning (Line 1)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning (Line 1)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network error URL: https://i.ibb.co/1Rvzzk8/gmail1.png
Message:
Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
cdnjs.cloudflare.com
code.jquery.com
codesandbox.io
damp-pine-9b71.kxy3oc4m.workers.dev
fonts.googleapis.com
i.ibb.co
ka-f.fontawesome.com
kit.fontawesome.com
maxcdn.bootstrapcdn.com
pastukalmau.web.app
codesandbox.io
damp-pine-9b71.kxy3oc4m.workers.dev

104.17.24.14
104.18.10.207
162.19.58.156
172.64.154.107
172.67.139.119
2606:4700:4400::6812:2844
2606:4700:4400::ac40:9a6b
2620:0:890::100
2a00:1450:4001:810::200a
2a00:1450:4001:827::200a
2a04:4e42:200::649
2a06:98c1:3121::3
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
26c62dbdf527b8dcbf378ea62f129cbbba3b244730687909ba21ecd729c9d2e6
2bc55cccef92ca55d0d6fa4fc66bf1064ec6b35d8bcd2b75eb561dea0f4bbe72
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
3a9b144d6482b78afc4e0a940a1d3c22240f14fa535b808cf4dab9635339569f
57898461712a639d119bdf88b7145919dcc8956c7a271d2e4a1084b29eae6785
5c7048cd8ab1bb1c4c43a630fb6072f88e677514ead595b451496c7196b2c6ce
63e3696c5e5e8b037e28e8fbef871184b0d1d60a7314c965b1426d9cce84dd69
699f1474d4c70e7810b805d7fbaa00a0db43ebc16e10c92fbfd27d56ca8f7875
6dea47458a4cd7cd7312cc780a53c62e0c8b3ccc8d0b13c1ac0ea6e3dfcecea8
7829f065e0e10c8466f3d57766e0719421b7b652f6a1082f21b98702f1b28a30
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398
a1f75d6278713a84a8f28a392c77ca8a6a7c32bf14314d4a34a6ce2f06cfdf7a
a2f26b68a6c8810c1aeb4048c938f835a86ba83756a7a440f989b967e78f3ba8
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66
d3313ef22afbf2e1b708ceef5e824ef12a338d51e497390376ec78f487021ae3
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
fc5128dfdcdfa0c3a9967a6d2f19399d7bf1aaae6ad7571b96b03915a1f30dda