urlscan.io logo urlscan.io
SecurityTrails logo

tiny-darkness-a6b0.7n8o27al.workers.dev Open in urlscan Pro
104.21.7.147  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://tiny-darkness-a6b0.7n8o27al.workers.dev/345fb46a-3008-4b9e-8732-baf089daf733
Effective URL: https://tiny-darkness-a6b0.7n8o27al.workers.dev/345fb46a-3008-4b9e-8732-baf089daf733
Submission: On January 22 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 2 countries across 5 domains to perform 26 HTTP transactions. The main IP is 104.21.7.147, located in and belongs to CLOUDFLARENET, US. The main domain is tiny-darkness-a6b0.7n8o27al.workers.dev.
TLS certificate: Issued by GTS CA 1P5 on December 28th 2023. Valid for: 3 months.
This is the only time tiny-darkness-a6b0.7n8o27al.workers.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Ourtime.com (Online)

Domain & IP information

IP Address AS Autonomous System
1 104.21.7.147 13335 (CLOUDFLAR...)
3 172.64.154.107 13335 (CLOUDFLAR...)
1 151.101.2.137 54113 (FASTLY)
1 ()
1 142.250.65.206 15169 (GOOGLE)
17 172.67.209.83 13335 (CLOUDFLAR...)
1 142.250.80.35 15169 (GOOGLE)
26 8
1    104.21.7.147 (None, )

ASN13335 (CLOUDFLARENET, US)
tiny-darkness-a6b0.7n8o27al.workers.dev
3    172.64.154.107 (United States)

ASN13335 (CLOUDFLARENET, US)
codesandbox.io
1    151.101.2.137 (United States)

ASN54113 (FASTLY, US)
code.jquery.com
1    (None, )

ASN- ()
tiny-darkness-a6b0.7n8o27al.workers.dev
1    142.250.65.206 (United States)

ASN15169 (GOOGLE, US)
PTR: lga25s72-in-f14.1e100.net
www.google-analytics.com
17    172.67.209.83 (United States)

ASN13335 (CLOUDFLARENET, US)
imgs.rename-service0.workers.dev
1    142.250.80.35 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s34-in-f3.1e100.net
www.gstatic.com
Apex Domain
Subdomains		 Transfer
19 workers.dev
tiny-darkness-a6b0.7n8o27al.workers.dev
imgs.rename-service0.workers.dev
711 KB
3 codesandbox.io
codesandbox.io — Cisco Umbrella Rank: 85741
48 KB
1 gstatic.com
www.gstatic.com
7 KB
1 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 27
21 KB
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 760
30 KB
26 5
Domain Requested by
17 imgs.rename-service0.workers.dev tiny-darkness-a6b0.7n8o27al.workers.dev
3 codesandbox.io tiny-darkness-a6b0.7n8o27al.workers.dev
codesandbox.io
2 tiny-darkness-a6b0.7n8o27al.workers.dev tiny-darkness-a6b0.7n8o27al.workers.dev
1 www.gstatic.com tiny-darkness-a6b0.7n8o27al.workers.dev
1 www.google-analytics.com tiny-darkness-a6b0.7n8o27al.workers.dev
1 code.jquery.com tiny-darkness-a6b0.7n8o27al.workers.dev
26 6

This site contains links to these domains. Also see Links.

Domain
www.ourtime.com
www.peoplemedia.com
Subject Issuer Validity Valid
7n8o27al.workers.dev
GTS CA 1P5		 2023-12-28 -
2024-03-27		 3 months crt.sh
codesandbox.io
E1		 2023-12-28 -
2024-03-27		 3 months crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2023-07-11 -
2024-07-14		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-12-11 -
2024-03-04		 3 months crt.sh
rename-service0.workers.dev
GTS CA 1P5		 2023-12-10 -
2024-03-09		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-12-11 -
2024-03-04		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://tiny-darkness-a6b0.7n8o27al.workers.dev/345fb46a-3008-4b9e-8732-baf089daf733
Frame ID: DB5EED4188CA05CF1F6E05B7949D2232
Requests: 28 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

OurTime - Confirm Your Identity

Page URL History Show full URLs

  1. http://tiny-darkness-a6b0.7n8o27al.workers.dev/345fb46a-3008-4b9e-8732-baf089daf733 HTTP 307
    https://tiny-darkness-a6b0.7n8o27al.workers.dev/345fb46a-3008-4b9e-8732-baf089daf733 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /firebasejs/([\d.]+)/firebase
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • moment(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • otSDKStub\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

26
Requests

96 %
HTTPS

0 %
IPv6

5
Domains

6
Subdomains

8
IPs

2
Countries

817 kB
Transfer

6857 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://tiny-darkness-a6b0.7n8o27al.workers.dev/345fb46a-3008-4b9e-8732-baf089daf733 HTTP 307
    https://tiny-darkness-a6b0.7n8o27al.workers.dev/345fb46a-3008-4b9e-8732-baf089daf733 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

26 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 345fb46a-3008-4b9e-8732-baf089daf733
tiny-darkness-a6b0.7n8o27al.workers.dev/
Redirect Chain
  • http://tiny-darkness-a6b0.7n8o27al.workers.dev/345fb46a-3008-4b9e-8732-baf089daf733
  • https://tiny-darkness-a6b0.7n8o27al.workers.dev/345fb46a-3008-4b9e-8732-baf089daf733
4 MB
711 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tiny-darkness-a6b0.7n8o27al.workers.dev/345fb46a-3008-4b9e-8732-baf089daf733
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.7.147 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4cbe417dfed087a06126c079e37998b237f5a68f098b731a2d719f7e4b9a6288

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-ray
849b11c94be743cd-EWR
content-encoding
br
content-type
text/html;charset=UTF-8
date
Mon, 22 Jan 2024 22:00:26 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lPpnedgDzeiVJxafu41hBmfs7auqdzm%2BiMfYqea%2BzUfmqqsdcqTcTgpARxwgaOQ3UNeTPS1UnT4YWCIr9bIT8ENK8g4ZS2YrlrBS6Whc0LjaVhoo%2FL1IAdjHUNowkSyN58PzdtQVM0VGUc2XhDRJhUsGeHkLq1bhYOE%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

Cross-Origin-Resource-Policy
Cross-Origin
Location
https://tiny-darkness-a6b0.7n8o27al.workers.dev/345fb46a-3008-4b9e-8732-baf089daf733
Non-Authoritative-Reason
HSTS
sse-hooks.350c89a8d06431c89209943b3882c89f.js
codesandbox.io/public/sse-hooks/ 		172 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://codesandbox.io/public/sse-hooks/sse-hooks.350c89a8d06431c89209943b3882c89f.js
Requested by
Host: tiny-darkness-a6b0.7n8o27al.workers.dev
URL: https://tiny-darkness-a6b0.7n8o27al.workers.dev/345fb46a-3008-4b9e-8732-baf089daf733
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.154.107 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
59f17efc9fc32fc73c0451ed936286b0e690dc43282472a9d70ab785c68d4c98

Request headers

accept-language
en-US,en;q=0.9
Referer
https://tiny-darkness-a6b0.7n8o27al.workers.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 22 Jan 2024 22:00:27 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
age
3926879
alt-svc
h3=":443"; ma=86400
last-modified
Fri, 08 Dec 2023 11:11:17 GMT
server
cloudflare
etag
W/"6572f9d5-2b197"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=315360000
cf-ray
849b11e41af27c90-EWR
expires
Thu, 31 Dec 2037 23:55:55 GMT
banner.d9cb10a38.js
codesandbox.io/static/js/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://codesandbox.io/static/js/banner.d9cb10a38.js
Requested by
Host: tiny-darkness-a6b0.7n8o27al.workers.dev
URL: https://tiny-darkness-a6b0.7n8o27al.workers.dev/345fb46a-3008-4b9e-8732-baf089daf733
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.154.107 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
74850bad3411bc2540a6928159967088a555cb990e9569065a878e9e8a864830

Request headers

accept-language
en-US,en;q=0.9
Referer
https://tiny-darkness-a6b0.7n8o27al.workers.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 22 Jan 2024 22:00:27 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
age
4717304
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 27 Nov 2023 09:17:00 GMT
server
cloudflare
etag
W/"65645e8c-efa"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=315360000
cf-ray
849b11e41af57c90-EWR
expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery-3.4.1.min.js
code.jquery.com/ 		86 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.4.1.min.js
Requested by
Host: tiny-darkness-a6b0.7n8o27al.workers.dev
URL: https://tiny-darkness-a6b0.7n8o27al.workers.dev/345fb46a-3008-4b9e-8732-baf089daf733
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.2.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Request headers

accept-language
en-US,en;q=0.9
Referer
https://tiny-darkness-a6b0.7n8o27al.workers.dev/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 22 Jan 2024 22:00:27 GMT
content-encoding
gzip
via
1.1 varnish
age
1277911
x-cache
HIT
content-length
30638
x-served-by
cache-lga21937-LGA
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1705960828.994390,VS0,VE0
etag
W/"28feccc0-15851"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
156327
watermark-button.eeb14a97b.js
codesandbox.io/static/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://codesandbox.io/static/js/watermark-button.eeb14a97b.js
Requested by
Host: tiny-darkness-a6b0.7n8o27al.workers.dev
URL: https://tiny-darkness-a6b0.7n8o27al.workers.dev/345fb46a-3008-4b9e-8732-baf089daf733
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.154.107 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1c9937bb6f9d154f49699393da35aaa6d5fb9218daa1ec4cba7b4ee097d0d65b

Request headers

Referer
https://tiny-darkness-a6b0.7n8o27al.workers.dev/
Origin
https://tiny-darkness-a6b0.7n8o27al.workers.dev
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 22 Jan 2024 22:00:27 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
age
76604
alt-svc
h3=":443"; ma=86400
last-modified
Fri, 08 Dec 2023 11:11:12 GMT
server
cloudflare
etag
W/"6572f9d0-ac1"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=315360000
cf-ray
849b11e41c2443aa-EWR
expires
Thu, 31 Dec 2037 23:55:55 GMT
phishing
codesandbox.io/api/v1/sandboxes/tiny-darkness-a6b0/ 		0
0
855b3c5b-9dfd-40c2-a073-abbcca31e467
https://tiny-darkness-a6b0.7n8o27al.workers.dev/ 		3 MB
0 		Document
General
Check archive.org
Download Go to
Full URL
blob:https://tiny-darkness-a6b0.7n8o27al.workers.dev/855b3c5b-9dfd-40c2-a073-abbcca31e467
Requested by
Host: tiny-darkness-a6b0.7n8o27al.workers.dev
URL: https://tiny-darkness-a6b0.7n8o27al.workers.dev/345fb46a-3008-4b9e-8732-baf089daf733
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8dee5707ab316608551f6448bec05a645623662df82b83a000244f313654a727

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Content-Length
2856198
Content-Type
text/html
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: tiny-darkness-a6b0.7n8o27al.workers.dev
URL: https://tiny-darkness-a6b0.7n8o27al.workers.dev/345fb46a-3008-4b9e-8732-baf089daf733
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.65.206 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s72-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 22 Jan 2024 21:51:43 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
526
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Mon, 22 Jan 2024 23:51:43 GMT
analytics.js
imgs.rename-service0.workers.dev/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.rename-service0.workers.dev/analytics.js
Requested by
Host: tiny-darkness-a6b0.7n8o27al.workers.dev
URL: https://tiny-darkness-a6b0.7n8o27al.workers.dev/345fb46a-3008-4b9e-8732-baf089daf733
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.209.83 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers
fbevents.js
imgs.rename-service0.workers.dev/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.rename-service0.workers.dev/fbevents.js
Requested by
Host: tiny-darkness-a6b0.7n8o27al.workers.dev
URL: https://tiny-darkness-a6b0.7n8o27al.workers.dev/345fb46a-3008-4b9e-8732-baf089daf733
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.209.83 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers
otSDKStub.js
imgs.rename-service0.workers.dev/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.rename-service0.workers.dev/otSDKStub.js
Requested by
Host: tiny-darkness-a6b0.7n8o27al.workers.dev
URL: https://tiny-darkness-a6b0.7n8o27al.workers.dev/345fb46a-3008-4b9e-8732-baf089daf733
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.209.83 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers
css-3.css
imgs.rename-service0.workers.dev/ 		0
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://imgs.rename-service0.workers.dev/css-3.css
Requested by
Host: tiny-darkness-a6b0.7n8o27al.workers.dev
URL: https://tiny-darkness-a6b0.7n8o27al.workers.dev/345fb46a-3008-4b9e-8732-baf089daf733
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.209.83 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers
css-1.css
imgs.rename-service0.workers.dev/ 		0
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://imgs.rename-service0.workers.dev/css-1.css
Requested by
Host: tiny-darkness-a6b0.7n8o27al.workers.dev
URL: https://tiny-darkness-a6b0.7n8o27al.workers.dev/345fb46a-3008-4b9e-8732-baf089daf733
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.209.83 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers
css-2.css
imgs.rename-service0.workers.dev/ 		0
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://imgs.rename-service0.workers.dev/css-2.css
Requested by
Host: tiny-darkness-a6b0.7n8o27al.workers.dev
URL: https://tiny-darkness-a6b0.7n8o27al.workers.dev/345fb46a-3008-4b9e-8732-baf089daf733
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.209.83 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers
css.css
imgs.rename-service0.workers.dev/ 		0
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://imgs.rename-service0.workers.dev/css.css
Requested by
Host: tiny-darkness-a6b0.7n8o27al.workers.dev
URL: https://tiny-darkness-a6b0.7n8o27al.workers.dev/345fb46a-3008-4b9e-8732-baf089daf733
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.209.83 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers
font-1.2.css
imgs.rename-service0.workers.dev/ 		0
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://imgs.rename-service0.workers.dev/font-1.2.css
Requested by
Host: tiny-darkness-a6b0.7n8o27al.workers.dev
URL: https://tiny-darkness-a6b0.7n8o27al.workers.dev/345fb46a-3008-4b9e-8732-baf089daf733
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.209.83 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers
redesign_fonts.css
imgs.rename-service0.workers.dev/ 		0
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://imgs.rename-service0.workers.dev/redesign_fonts.css
Requested by
Host: tiny-darkness-a6b0.7n8o27al.workers.dev
URL: https://tiny-darkness-a6b0.7n8o27al.workers.dev/345fb46a-3008-4b9e-8732-baf089daf733
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.209.83 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers
base_external.css
imgs.rename-service0.workers.dev/ 		0
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://imgs.rename-service0.workers.dev/base_external.css
Requested by
Host: tiny-darkness-a6b0.7n8o27al.workers.dev
URL: https://tiny-darkness-a6b0.7n8o27al.workers.dev/345fb46a-3008-4b9e-8732-baf089daf733
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.209.83 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers
theme.css
imgs.rename-service0.workers.dev/ 		0
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://imgs.rename-service0.workers.dev/theme.css
Requested by
Host: tiny-darkness-a6b0.7n8o27al.workers.dev
URL: https://tiny-darkness-a6b0.7n8o27al.workers.dev/345fb46a-3008-4b9e-8732-baf089daf733
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.209.83 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers
jquery-3.5.1.min.js
imgs.rename-service0.workers.dev/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.rename-service0.workers.dev/jquery-3.5.1.min.js
Requested by
Host: tiny-darkness-a6b0.7n8o27al.workers.dev
URL: https://tiny-darkness-a6b0.7n8o27al.workers.dev/345fb46a-3008-4b9e-8732-baf089daf733
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.209.83 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers
moment.min.js
imgs.rename-service0.workers.dev/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.rename-service0.workers.dev/moment.min.js
Requested by
Host: tiny-darkness-a6b0.7n8o27al.workers.dev
URL: https://tiny-darkness-a6b0.7n8o27al.workers.dev/345fb46a-3008-4b9e-8732-baf089daf733
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.209.83 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers
otBannerSdk.js
imgs.rename-service0.workers.dev/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.rename-service0.workers.dev/otBannerSdk.js
Requested by
Host: tiny-darkness-a6b0.7n8o27al.workers.dev
URL: https://tiny-darkness-a6b0.7n8o27al.workers.dev/345fb46a-3008-4b9e-8732-baf089daf733
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.209.83 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers
js.js
imgs.rename-service0.workers.dev/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.rename-service0.workers.dev/js.js
Requested by
Host: tiny-darkness-a6b0.7n8o27al.workers.dev
URL: https://tiny-darkness-a6b0.7n8o27al.workers.dev/345fb46a-3008-4b9e-8732-baf089daf733
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.209.83 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers
fuasd8943fasdtryes.js
imgs.rename-service0.workers.dev/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://imgs.rename-service0.workers.dev/fuasd8943fasdtryes.js
Requested by
Host: tiny-darkness-a6b0.7n8o27al.workers.dev
URL: https://tiny-darkness-a6b0.7n8o27al.workers.dev/345fb46a-3008-4b9e-8732-baf089daf733
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.209.83 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers
fsai8h43afsdfasfasdf329023.gif
imgs.rename-service0.workers.dev/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://imgs.rename-service0.workers.dev/fsai8h43afsdfasfasdf329023.gif
Requested by
Host: tiny-darkness-a6b0.7n8o27al.workers.dev
URL: https://tiny-darkness-a6b0.7n8o27al.workers.dev/345fb46a-3008-4b9e-8732-baf089daf733
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.209.83 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers
firebase-app.js
www.gstatic.com/firebasejs/8.0.2/ 		20 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/firebasejs/8.0.2/firebase-app.js
Requested by
Host: tiny-darkness-a6b0.7n8o27al.workers.dev
URL: https://tiny-darkness-a6b0.7n8o27al.workers.dev/345fb46a-3008-4b9e-8732-baf089daf733
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.80.35 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s34-in-f3.1e100.net
Software
sffe /
Resource Hash
c9466a6d400491fb07de2dd7fbd8aa9f73e6ccb352ed868f17bf1453177b564d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Fri, 19 Jan 2024 13:15:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
290677
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6546
x-xss-protection
0
last-modified
Fri, 13 Nov 2020 00:33:12 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="firebase-js"
vary
Accept-Encoding
report-to
{"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 18 Jan 2025 13:15:52 GMT
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7248b8c4a08b8a45d4add928a459a98f12d61c02f5a7886f14bec7084e8ffdcb

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type
image/jpg
truncated
/ 		9 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d841754163f6d3f7a257af53c78c476857b03f211f41f931204a840770a089bb

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type
image/jpg

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
codesandbox.io
URL
https://codesandbox.io/api/v1/sandboxes/tiny-darkness-a6b0/phishing

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Ourtime.com (Online)

106 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| s string| m object| google_tag_data function| ga object| gaplugins function| unlockPage function| lLLll6y4CA56nc1o2nfu6se6llll function| llLl6y4cA56Nc1o2nfu6se6lii string| emd1ODj string| qaaAzm string| QI2JKUw string| z_e0Az6 string| t42NLe0 string| aC0abH string| j1vmH_F string| sNKnUY undefined| eokiPK object| jHE4Cfo function| EshzXF object| upti_bq number| pDn0Yqd object| ObD22Id string| nngA7HZ string| ImrtvI string| mj94ZT string| OTtAZm string| s3Gdxq string| glB6RUR string| KU1Yf1 string| MPI_Kd3 string| UM4ubEI string| ACSWnqL string| wEczYu string| s5Szls string| vfZOgG string| GAMXHnw string| uIAaq3i string| xsi6iI string| sKoJKpc string| FiH07EI string| erYI9cC string| A5HkhS string| WcDpRFy string| s9rdmQ string| HRlWjp string| na6pdS string| NOkQ6zO string| UbWsyxc string| eyj_uFr string| NZa6Q7i string| Cq1YSpQ string| rwOdS01 string| ZXPnxKZ string| _as4E1 string| IjLB0Q string| x6uI30i string| sF7MjRt string| HVpbQn string| LQn8EU string| F6Yjk6 string| K0V_iA string| UiWmWD string| wB3Z9D string| MgexK6v string| TNEqvp string| bDcB92j string| Td26MY string| eFyzBxc string| iaYpqp string| cwktw_ string| C_i22l string| EAKnKq string| WVwveI string| IO9QZu string| b75B4h string| lYzR7pK string| JRaJyw5 string| mo9PLNp string| cktlYk string| NtdFCZh string| rAC6oZ function| lllll6y4ca56nc1o2nfu6se6llll object| DYaB5a0 object| T0Whd45 object| YHhBN3 object| pRbcU4L function| AlZPgyu function| fLzJ2Dk undefined| n9_otNH string| Nm5lIL string| w5VHMY function| llll6y4ca56nc1o2nfu6se6iiii function| iXcm9eK function| cvwZqls function| XLTY0sQ function| QLB_8HC function| UbvzdHD function| wJoR1b function| Vjm0WWm function| llli6y4ca56nc1o2nfu6se6iiii function| ppDAiW function| llii6y4ca56nc1o2nfu6se6iiii function| gtag object| dataLayer object| Adomik object| firebase

1 Cookies

Domain/Path Name / Value
.codesandbox.io/ Name: _cfuvid
Value: nAPd.Ma1HMNVEAXdAs8QbeKcj6nDQf61y0cr5Xv.H9k-1705960827552-0-604800000

25 Console Messages

Source Level URL
Text
javascript error URL: https://tiny-darkness-a6b0.7n8o27al.workers.dev/345fb46a-3008-4b9e-8732-baf089daf733
Message:
Access to fetch at 'https://codesandbox.io/api/v1/sandboxes/tiny-darkness-a6b0/phishing' from origin 'https://tiny-darkness-a6b0.7n8o27al.workers.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
network error URL: https://codesandbox.io/api/v1/sandboxes/tiny-darkness-a6b0/phishing
Message:
Failed to load resource: net::ERR_FAILED
javascript warning
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://imgs.rename-service0.workers.dev/otSDKStub.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://imgs.rename-service0.workers.dev/otSDKStub.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning (Line 22)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://imgs.rename-service0.workers.dev/jquery-3.5.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning (Line 22)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://imgs.rename-service0.workers.dev/moment.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning (Line 22)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://imgs.rename-service0.workers.dev/fuasd8943fasdtryes.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning (Line 22)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.gstatic.com/firebasejs/8.0.2/firebase-app.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network error URL: https://imgs.rename-service0.workers.dev/css.css
Message:
Failed to load resource: the server responded with a status of 429 ()
network error URL: https://imgs.rename-service0.workers.dev/fuasd8943fasdtryes.js
Message:
Failed to load resource: the server responded with a status of 429 ()
network error URL: https://imgs.rename-service0.workers.dev/redesign_fonts.css
Message:
Failed to load resource: the server responded with a status of 429 ()
network error URL: https://imgs.rename-service0.workers.dev/theme.css
Message:
Failed to load resource: the server responded with a status of 429 ()
network error URL: https://imgs.rename-service0.workers.dev/base_external.css
Message:
Failed to load resource: the server responded with a status of 429 ()
network error URL: https://imgs.rename-service0.workers.dev/css-2.css
Message:
Failed to load resource: the server responded with a status of 429 ()
network error URL: https://imgs.rename-service0.workers.dev/moment.min.js
Message:
Failed to load resource: the server responded with a status of 429 ()
network error URL: https://imgs.rename-service0.workers.dev/otSDKStub.js
Message:
Failed to load resource: the server responded with a status of 429 ()
network error URL: https://imgs.rename-service0.workers.dev/css-3.css
Message:
Failed to load resource: the server responded with a status of 429 ()
network error URL: https://imgs.rename-service0.workers.dev/analytics.js
Message:
Failed to load resource: the server responded with a status of 429 ()
network error URL: https://imgs.rename-service0.workers.dev/jquery-3.5.1.min.js
Message:
Failed to load resource: the server responded with a status of 429 ()
network error URL: https://imgs.rename-service0.workers.dev/font-1.2.css
Message:
Failed to load resource: the server responded with a status of 429 ()
network error URL: https://imgs.rename-service0.workers.dev/css-1.css
Message:
Failed to load resource: the server responded with a status of 429 ()
network error URL: https://imgs.rename-service0.workers.dev/fbevents.js
Message:
Failed to load resource: the server responded with a status of 429 ()
network error URL: https://imgs.rename-service0.workers.dev/otBannerSdk.js
Message:
Failed to load resource: the server responded with a status of 429 ()
network error URL: https://imgs.rename-service0.workers.dev/js.js
Message:
Failed to load resource: the server responded with a status of 429 ()
network error URL: https://imgs.rename-service0.workers.dev/fsai8h43afsdfasfasdf329023.gif
Message:
Failed to load resource: the server responded with a status of 429 ()