epz7b.codesandbox.io
Open in
urlscan Pro
2606:4700::6812:16cf
Malicious Activity!
Public Scan
Submission Tags: falconsandbox
Submission: On November 21 via api from US
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 19th 2020. Valid for: a year.
This is the only time epz7b.codesandbox.io was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Facebook (Social Network)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 | 2606:4700::68... 2606:4700::6812:16cf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700::68... 2606:4700::6812:17cf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700::68... 2606:4700::6810:5f41 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 3 | 94.242.61.143 94.242.61.143 | 43317 (FISHNET-AS) (FISHNET-AS) | |
1 | 2606:4700:20:... 2606:4700:20::681a:64 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 2 | 67.202.94.86 67.202.94.86 | 32748 (STEADFAST) (STEADFAST) | |
1 | 2606:4700:10:... 2606:4700:10::6816:4aab | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
10 | 8 |
ASN13335 (CLOUDFLARENET, US)
epz7b.codesandbox.io | |
codesandbox.io |
ASN43317 (FISHNET-AS, RU)
PTR: server3.server-sz.com
ohhalexnew.shop |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
codesandbox.io
epz7b.codesandbox.io codesandbox.io |
9 KB |
3 |
amung.us
1 redirects
whos.amung.us widgets.amung.us |
2 KB |
3 |
ohhalexnew.shop
1 redirects
ohhalexnew.shop |
500 KB |
1 |
geojs.io
get.geojs.io |
975 B |
1 |
cloudflareinsights.com
static.cloudflareinsights.com |
4 KB |
10 | 5 |
Domain | Requested by | |
---|---|---|
3 | ohhalexnew.shop |
1 redirects
epz7b.codesandbox.io
|
2 | whos.amung.us | 1 redirects |
2 | codesandbox.io |
epz7b.codesandbox.io
|
2 | epz7b.codesandbox.io |
static.cloudflareinsights.com
|
1 | widgets.amung.us | |
1 | get.geojs.io |
epz7b.codesandbox.io
|
1 | static.cloudflareinsights.com |
epz7b.codesandbox.io
|
10 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
codesandbox.io Cloudflare Inc ECC CA-3 |
2020-06-19 - 2021-06-19 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-07-11 - 2021-07-11 |
a year | crt.sh |
ohhalexnew.shop cPanel, Inc. Certification Authority |
2020-11-16 - 2021-02-14 |
3 months | crt.sh |
whos.amung.us Sectigo RSA Domain Validation Secure Server CA |
2020-05-21 - 2022-05-21 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://epz7b.codesandbox.io/
Frame ID: 5F9F70F45161463B24969CE50AADE535
Requests: 12 HTTP requests in this frame
Screenshot
Detected technologies
CloudFlare (CDN) ExpandDetected patterns
- headers server /^cloudflare$/i
Google Cloud (CDN) Expand
Detected patterns
- headers via /^1\.1 google$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 4- https://ohhalexnew.shop/location HTTP 301
- https://ohhalexnew.shop/location/
- https://whos.amung.us/widget/mg6z22mgce HTTP 307
- https://widgets.amung.us/classic/00/92.png
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
epz7b.codesandbox.io/ |
5 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sse-hooks.js
codesandbox.io/public/sse-hooks/ |
20 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
watermark-button.ccc763f75.js
codesandbox.io/static/js/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
beacon.min.js
static.cloudflareinsights.com/ |
10 KB 4 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
ohhalexnew.shop/ |
717 KB 499 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
/
ohhalexnew.shop/location/ Redirect Chain
|
1 KB 529 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
geo.json
get.geojs.io/v1/ip/ |
304 B 975 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
92.png
widgets.amung.us/classic/00/ Redirect Chain
|
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
xxx
whos.amung.us/widget/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
51 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
performance
epz7b.codesandbox.io/cdn-cgi/beacon/ |
0 95 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Facebook (Social Network)30 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| _0x69d3 object| _0x30ab object| bannedips string| ip object| handleips function| addScript function| sh boolean| IS_MOBILE number| limit_bot string| object string| type string| OUTPUT object| ___ object| params number| tt undefined| to_object string| a function| checking function| creatingInput function| searchingForms1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.codesandbox.io/ | Name: __cfduid Value: d46160c51ec3e2fb77c43f591c7a732ad1605998294 |
6 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
codesandbox.io
epz7b.codesandbox.io
get.geojs.io
ohhalexnew.shop
static.cloudflareinsights.com
whos.amung.us
widgets.amung.us
2606:4700:10::6816:4aab
2606:4700:20::681a:64
2606:4700::6810:5f41
2606:4700::6812:16cf
2606:4700::6812:17cf
67.202.94.86
94.242.61.143
1137c9698743959bbb479a8bf47e98f731d8a15f5396ecf095f732e260372a24
1230532f79456753fb73f559ece9b95c17cfb36325dc313a3eda5ac22dfd9a2b
28b610e657f5a256c08f18fc8112ccc7f89f140955c321b4b090e6714efe3c6a
428c5386ad5d59c857238598dfbe823cab53914e2d0fe08fb5503583ee22e403
5c73ff2eb14e2ff375c3f01f89b398443e303bce67862b9ee9c38eaeeadf2bc1
6c815bbbdfb029af8eea8ed2376600a75383cd06c74b937952a499d1cb5e1a39
7281941fed81ed9caf5728727e05da4a94b442c36796e1a5b1d6106f242ed11f
8cb2990f5245dae9e885a30beeb973a579c2bebd1ad141838b2bcdea85a9cd1f
9f8a51a3627d47f033bb3e8baee3ab6b74a07781b930a5204b1ede5f1975b55e
c62be9886850890d99c1208dbdbfbe0694d029442967ac8e06a5e5a26834d885
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855