falling-flower-f7b4.larena8.workers.dev Open in urlscan Pro
172.67.160.198  Public Scan

Submitted URL: https://jn6pm.codesandbox.io/?aabb=dsfg1&en=34esdz
Effective URL: https://falling-flower-f7b4.larena8.workers.dev/?bbre=ozxiuduzx
Submission Tags: phishing
Submission: On October 15 via api from AU — Scanned from DE

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 8 HTTP transactions. The main IP is 172.67.160.198, located in United States and belongs to CLOUDFLARENET, US. The main domain is falling-flower-f7b4.larena8.workers.dev.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on August 1st 2021. Valid for: a year.
This is the only time falling-flower-f7b4.larena8.workers.dev was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
3 104.18.22.207 13335 (CLOUDFLAR...)
2 104.18.23.207 13335 (CLOUDFLAR...)
1 104.16.94.65 13335 (CLOUDFLAR...)
1 172.67.160.198 13335 (CLOUDFLAR...)
1 172.67.145.59 13335 (CLOUDFLAR...)
8 5
Domain Requested by
4 codesandbox.io jn6pm.codesandbox.io
codesandbox.io
1 kifot.wancdnapp.page jn6pm.codesandbox.io
1 falling-flower-f7b4.larena8.workers.dev jn6pm.codesandbox.io
1 static.cloudflareinsights.com jn6pm.codesandbox.io
1 jn6pm.codesandbox.io
8 5

This site contains no links.

Subject Issuer Validity Valid
codesandbox.io
Cloudflare Inc ECC CA-3
2021-05-19 -
2022-05-18
a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2021-06-11 -
2022-06-10
a year crt.sh

This page contains 1 frames:

Primary Page: https://falling-flower-f7b4.larena8.workers.dev/?bbre=ozxiuduzx
Frame ID: 210F4A62C4F1D6024E4EEE783D13EF06
Requests: 8 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://jn6pm.codesandbox.io/?aabb=dsfg1&en=34esdz Page URL
  2. https://falling-flower-f7b4.larena8.workers.dev/?bbre=ozxiuduzx Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Page Statistics

8
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

5
Subdomains

5
IPs

2
Countries

61 kB
Transfer

203 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://jn6pm.codesandbox.io/?aabb=dsfg1&en=34esdz Page URL
  2. https://falling-flower-f7b4.larena8.workers.dev/?bbre=ozxiuduzx Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
jn6pm.codesandbox.io/
6 KB
4 KB
Document
General
Full URL
https://jn6pm.codesandbox.io/?aabb=dsfg1&en=34esdz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.22.207 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e16ddf575a70a7f2a05ddd65093edb3388ee84a7c2754671acfaebbdb94969ed

Request headers

:method
GET
:authority
jn6pm.codesandbox.io
:scheme
https
:path
/?aabb=dsfg1&en=34esdz
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
phishfarmer
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
phishfarmer
Accept-Language
de-DE,de;q=0.9

Response headers

date
Fri, 15 Oct 2021 03:10:06 GMT
content-type
text/html
vary
Accept-Encoding
cache-control
private, max-age=0, no-cache, no-store
x-request-id
Fq4VjD3EiXn4w-E8hcLi
set-cookie
signedIn=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT; max-age=0; HttpOnly
via
1.1 google
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
69e5da3cbe035bdd-FRA
content-encoding
br
sse-hooks.f648b14c15c640a14a557113a991cb8d.js
codesandbox.io/public/sse-hooks/
172 KB
44 KB
Script
General
Full URL
https://codesandbox.io/public/sse-hooks/sse-hooks.f648b14c15c640a14a557113a991cb8d.js
Requested by
Host: jn6pm.codesandbox.io
URL: https://jn6pm.codesandbox.io/?aabb=dsfg1&en=34esdz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.22.207 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
185f316eb86d0b318b19a5cae0e8fe3cf0c56d327786fbe27b6652769463ea73

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jn6pm.codesandbox.io/
User-Agent
phishfarmer

Response headers

date
Fri, 15 Oct 2021 03:10:06 GMT
via
1.1 google
cf-cache-status
HIT
age
15111370
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Thu, 22 Apr 2021 14:00:04 GMT
server
cloudflare
etag
W/"60818164-2aeac"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=315360000
cf-ray
69e5da3d3e825bdd-FRA
expires
Thu, 31 Dec 2037 23:55:55 GMT
banner.be879265d.js
codesandbox.io/static/js/
4 KB
2 KB
Script
General
Full URL
https://codesandbox.io/static/js/banner.be879265d.js
Requested by
Host: jn6pm.codesandbox.io
URL: https://jn6pm.codesandbox.io/?aabb=dsfg1&en=34esdz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.22.207 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3adcc764bec65346b5a72de77f2f5688c2484ab587d2d093eb5e2327d608af60

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jn6pm.codesandbox.io/
User-Agent
phishfarmer

Response headers

date
Fri, 15 Oct 2021 03:10:06 GMT
via
1.1 google
cf-cache-status
HIT
age
14801984
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Mon, 26 Apr 2021 19:22:26 GMT
server
cloudflare
etag
W/"608712f2-f3a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=315360000
cf-ray
69e5da3d3e845bdd-FRA
expires
Thu, 31 Dec 2037 23:55:55 GMT
watermark-button.be960f43b.js
codesandbox.io/static/js/
3 KB
2 KB
Script
General
Full URL
https://codesandbox.io/static/js/watermark-button.be960f43b.js
Requested by
Host: jn6pm.codesandbox.io
URL: https://jn6pm.codesandbox.io/?aabb=dsfg1&en=34esdz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.23.207 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://jn6pm.codesandbox.io/
Origin
https://jn6pm.codesandbox.io
Accept-Language
de-DE,de;q=0.9
User-Agent
phishfarmer

Response headers

date
Fri, 15 Oct 2021 03:10:06 GMT
via
1.1 google
cf-cache-status
HIT
age
184291
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
last-modified
Tue, 12 Oct 2021 13:31:08 GMT
server
cloudflare
etag
W/"61658e1c-ae8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=315360000
cf-ray
69e5da3d5e2b3258-FRA
expires
Thu, 31 Dec 2037 23:55:55 GMT
beacon.min.js
static.cloudflareinsights.com/
13 KB
5 KB
Script
General
Full URL
https://static.cloudflareinsights.com/beacon.min.js
Requested by
Host: jn6pm.codesandbox.io
URL: https://jn6pm.codesandbox.io/?aabb=dsfg1&en=34esdz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.94.65 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jn6pm.codesandbox.io/
User-Agent
phishfarmer

Response headers

date
Fri, 15 Oct 2021 03:10:07 GMT
content-encoding
gzip
last-modified
Wed, 22 Sep 2021 16:39:17 GMT
server
cloudflare
etag
W/2021.9.0
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
cf-ray
69e5da3d9a3dd6dd-FRA
phishing
codesandbox.io/api/v1/sandboxes/jn6pm/
33 B
320 B
Fetch
General
Full URL
https://codesandbox.io/api/v1/sandboxes/jn6pm/phishing
Requested by
Host: codesandbox.io
URL: https://codesandbox.io/static/js/banner.be879265d.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.23.207 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://jn6pm.codesandbox.io/
User-Agent
phishfarmer

Response headers

date
Fri, 15 Oct 2021 03:10:07 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://jn6pm.codesandbox.io
cache-control
private, max-age=0, no-cache, no-store
access-control-allow-credentials
true
cf-ray
69e5da3d8e433258-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length
33
x-request-id
Fq4VjET3vQ99UWs2Si9k
Primary Request /
falling-flower-f7b4.larena8.workers.dev/
5 KB
3 KB
Document
General
Full URL
https://falling-flower-f7b4.larena8.workers.dev/?bbre=ozxiuduzx
Requested by
Host: jn6pm.codesandbox.io
URL: https://jn6pm.codesandbox.io/?aabb=dsfg1&en=34esdz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.160.198 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ca8765e649ee1f07290a69d3ffe0c3385fde8053b07b7c6884dd9a77a5942756

Request headers

:method
GET
:authority
falling-flower-f7b4.larena8.workers.dev
:scheme
https
:path
/?bbre=ozxiuduzx
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
phishfarmer
accept-language
de-DE,de;q=0.9
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://jn6pm.codesandbox.io/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
phishfarmer
Accept-Language
de-DE,de;q=0.9
Referer
https://jn6pm.codesandbox.io/

Response headers

date
Fri, 15 Oct 2021 03:10:07 GMT
content-type
text/html;charset=UTF-8
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DsjCS%2BHgPXcZkkKOYtmIxewLm0X8w3%2Fms7rAln1fkosqNMGXcIgtj6rjuHw7OAGQAUtdhf%2BxOOm3tJ9lmMyjApiaPfxh5i3WJPcVOfMWSdw5%2BH5yeu2n4xIHsz8vEYSAuTTMlGD7n5xyZxKLvdqR%2BY3%2BQKvyj%2FpZujM%3D"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
server
cloudflare
cf-ray
69e5da3dda234120-PRG
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
6155ec6ea0b7493efa549c79.js
kifot.wancdnapp.page/
39 B
849 B
Script
General
Full URL
https://kifot.wancdnapp.page/6155ec6ea0b7493efa549c79.js
Requested by
Host: jn6pm.codesandbox.io
URL: https://jn6pm.codesandbox.io/?aabb=dsfg1&en=34esdz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.145.59 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7beb55cca030bc6e34cdfc660c2602eb867f40ea8e4d6204a7418962fd1ee81f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://falling-flower-f7b4.larena8.workers.dev/
User-Agent
phishfarmer

Response headers

date
Fri, 15 Oct 2021 03:10:07 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-cache-status
BYPASS
access-control-allow-methods
GET, POST, DELETE, PUT, PATCH, OPTIONS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
172800
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fBWzNNAWP1wUkdZwJxEY0RMraI%2BJJhA13PQapKVp2jyD7CE9aMVUfMzmqU35%2B7fiiYjGmvuHa5d6xeIayEYzmjF%2F3ETFpbrdBwj%2FOtwuAlljU5ZgjArW%2Bhqhfn3vozEemz07lZwSVg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=utf-8
access-control-allow-origin
kifot.wancdnapp.page
access-control-allow-credentials
true
cf-ray
69e5da414e73277c-PRG
access-control-allow-headers
authkey , authvalue, Authorization, User-Agent, Keep-Alive, Content-Type, X-Requested-With

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect boolean| originAgentCluster object| _0x171c function| _0x5224 function| _0x571c15 string| emfromgetnbrtoo object| script34ssd string| xz1634267407

0 Cookies