mayconfrim.eu-central-1.linodeobjects.com
Open in
urlscan Pro
2a01:7e01::f03c:92ff:fee2:1f17
Malicious Activity!
Public Scan
Effective URL: https://mayconfrim.eu-central-1.linodeobjects.com/MoneyBagMAy.html
Submission: On May 03 via manual from CH — Scanned from DE
Summary
TLS certificate: Issued by R3 on April 24th 2023. Valid for: 3 months.
This is the only time mayconfrim.eu-central-1.linodeobjects.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 2 | 37.252.171.52 37.252.171.52 | 29990 (ASN-APPNEX) (ASN-APPNEX) | |
20 | 2606:4700::68... 2606:4700::6812:672 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700::68... 2606:4700::6810:3965 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 103.50.163.40 103.50.163.40 | 394695 (PUBLIC-DO...) (PUBLIC-DOMAIN-REGISTRY) | |
1 | 2400:52e0:1e0... 2400:52e0:1e00::1081:1 | 200325 (BUNNYCDN) (BUNNYCDN) | |
2 | 2606:4700::68... 2606:4700::6812:772 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 148.251.96.176 148.251.96.176 | 24940 (HETZNER-AS) (HETZNER-AS) | |
1 | 2a01:7e01::f0... 2a01:7e01::f03c:92ff:fee2:1f17 | 63949 (AKAMAI-LI...) (AKAMAI-LINODE-AP Akamai Connected Cloud) | |
2 | 194.9.179.132 194.9.179.132 | 8100 (ASN-QUADR...) (ASN-QUADRANET-GLOBAL) | |
31 | 9 |
ASN29990 (ASN-APPNEX, US)
PTR: 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
secure.adnxs.com |
ASN13335 (CLOUDFLARENET, US)
w0lsjw.codesandbox.io | |
codesandbox.io |
ASN13335 (CLOUDFLARENET, US)
prod-packager-packages.codesandbox.io |
ASN24940 (HETZNER-AS, DE)
PTR: static.176.96.251.148.clients.your-server.de
col.csbops.io |
ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
mayconfrim.eu-central-1.linodeobjects.com |
ASN8100 (ASN-QUADRANET-GLOBAL, US)
PTR: 194.9.179.132.deltahost-ptr
lmoautn.bossequlty.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
22 |
codesandbox.io
w0lsjw.codesandbox.io codesandbox.io — Cisco Umbrella Rank: 161420 prod-packager-packages.codesandbox.io — Cisco Umbrella Rank: 398098 |
2 MB |
2 |
bossequlty.com
lmoautn.bossequlty.com |
162 KB |
2 |
csbops.io
col.csbops.io — Cisco Umbrella Rank: 420352 |
|
2 |
adnxs.com
2 redirects
secure.adnxs.com — Cisco Umbrella Rank: 604 |
2 KB |
1 |
linodeobjects.com
mayconfrim.eu-central-1.linodeobjects.com |
97 KB |
1 |
jsdelivr.com
data.jsdelivr.com — Cisco Umbrella Rank: 276206 |
1 KB |
1 |
myatshome.com
myatshome.com |
162 B |
1 |
cloudflareinsights.com
static.cloudflareinsights.com — Cisco Umbrella Rank: 1274 |
|
31 | 8 |
Domain | Requested by | |
---|---|---|
16 | codesandbox.io |
w0lsjw.codesandbox.io
codesandbox.io |
4 | w0lsjw.codesandbox.io |
w0lsjw.codesandbox.io
|
2 | lmoautn.bossequlty.com |
w0lsjw.codesandbox.io
lmoautn.bossequlty.com |
2 | col.csbops.io |
codesandbox.io
|
2 | prod-packager-packages.codesandbox.io |
codesandbox.io
|
2 | secure.adnxs.com | 2 redirects |
1 | mayconfrim.eu-central-1.linodeobjects.com | |
1 | data.jsdelivr.com |
codesandbox.io
|
1 | myatshome.com |
w0lsjw.codesandbox.io
|
1 | static.cloudflareinsights.com |
w0lsjw.codesandbox.io
|
31 | 10 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
codesandbox.io Cloudflare Inc ECC CA-3 |
2023-03-19 - 2024-03-18 |
a year | crt.sh |
*.sandpack-static-server.codesandbox.io E1 |
2023-04-05 - 2023-07-04 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-04-10 - 2024-04-09 |
a year | crt.sh |
myatshome.com R3 |
2023-03-21 - 2023-06-19 |
3 months | crt.sh |
data.jsdelivr.com R3 |
2023-03-24 - 2023-06-22 |
3 months | crt.sh |
col.csbops.io R3 |
2023-03-10 - 2023-06-08 |
3 months | crt.sh |
eu-central-1.linodeobjects.com R3 |
2023-04-24 - 2023-07-23 |
3 months | crt.sh |
bossequlty.com R3 |
2023-05-03 - 2023-08-01 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://mayconfrim.eu-central-1.linodeobjects.com/MoneyBagMAy.html
Frame ID: 7C36187DAE2DD461BC5862600CAAAEF1
Requests: 27 HTTP requests in this frame
Frame:
https://lmoautn.bossequlty.com/?username=YmVuZWRpY3RlLmJvdXJAc3dpc3NsaWZlLWFtLmNvbQ%3D%3D%2522%5D&x=c
Frame ID: 3AD7CB65511A39F86943048A33C0A607
Requests: 4 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://secure.adnxs.com/seg?redir=https%3A%2F%2Fw0lsjw.codesandbox.io%2Fhh-benedicte.bour%23YmVuZWRp...
HTTP 307
https://secure.adnxs.com/bounce?%2Fseg%3Fredir%3Dhttps%253A%252F%252Fw0lsjw.codesandbox.io%252Fhh-ben... HTTP 302
https://w0lsjw.codesandbox.io/hh-benedicte.bour Page URL
- https://mayconfrim.eu-central-1.linodeobjects.com/MoneyBagMAy.html Page URL
Detected technologies
Cloudflare Browser Insights (Analytics) ExpandDetected patterns
- static\.cloudflareinsights\.com/beacon(?:\.min)?\.js
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://secure.adnxs.com/seg?redir=https%3A%2F%2Fw0lsjw.codesandbox.io%2Fhh-benedicte.bour%23YmVuZWRpY3RlLmJvdXJAc3dpc3NsaWZlLWFtLmNvbQ==%22]
HTTP 307
https://secure.adnxs.com/bounce?%2Fseg%3Fredir%3Dhttps%253A%252F%252Fw0lsjw.codesandbox.io%252Fhh-benedicte.bour%2523YmVuZWRpY3RlLmJvdXJAc3dpc3NsaWZlLWFtLmNvbQ%3D%3D%2522%5D HTTP 302
https://w0lsjw.codesandbox.io/hh-benedicte.bour Page URL
- https://mayconfrim.eu-central-1.linodeobjects.com/MoneyBagMAy.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://secure.adnxs.com/seg?redir=https%3A%2F%2Fw0lsjw.codesandbox.io%2Fhh-benedicte.bour%23YmVuZWRpY3RlLmJvdXJAc3dpc3NsaWZlLWFtLmNvbQ==%22] HTTP 307
- https://secure.adnxs.com/bounce?%2Fseg%3Fredir%3Dhttps%253A%252F%252Fw0lsjw.codesandbox.io%252Fhh-benedicte.bour%2523YmVuZWRpY3RlLmJvdXJAc3dpc3NsaWZlLWFtLmNvbQ%3D%3D%2522%5D HTTP 302
- https://w0lsjw.codesandbox.io/hh-benedicte.bour
31 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
hh-benedicte.bour
w0lsjw.codesandbox.io/ Redirect Chain
|
7 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendors~app~embed~sandbox~sandbox-startup.7424373eb.chunk.js
codesandbox.io/static/js/ |
9 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendors~app~embed~sandbox-startup.b754f8b0e.chunk.js
codesandbox.io/static/js/ |
17 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
default~app~embed~sandbox~sandbox-startup.9bc169785.chunk.js
codesandbox.io/static/js/ |
15 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sandbox-startup.e9e0d3246.js
codesandbox.io/static/js/ |
10 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
browserfs.min.js
codesandbox.io/static/browserfs12/ |
232 KB 59 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendors~app~codemirror-editor~monaco-editor~sandbox.ad4e6d3c4.chunk.js
codesandbox.io/static/js/ |
25 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
common-sandbox.d3049e87f.chunk.js
codesandbox.io/static/js/ |
169 KB 45 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendors~app~sandbox.aca52037e.chunk.js
codesandbox.io/static/js/ |
64 KB 19 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vendors~sandbox.3bd3135bd.chunk.js
codesandbox.io/static/js/ |
416 KB 114 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
default~app~embed~sandbox.bcd9d117e.chunk.js
codesandbox.io/static/js/ |
70 KB 17 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sandbox.02c55caa5.js
codesandbox.io/static/js/ |
324 KB 74 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
banner.0b5d84a2b.js
codesandbox.io/static/js/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
watermark-button.f4f9aed52.js
codesandbox.io/static/js/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
v52afc6f149f6479b8c77fa569edb01181681764108816
static.cloudflareinsights.com/beacon.min.js/ |
19 KB 0 |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
babel.7.20.13.min.js
codesandbox.io/static/js/ |
0 526 KB |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
babel-transpiler.920587c4.worker.js
w0lsjw.codesandbox.io/ |
891 KB 250 KB |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
w0lsjw
codesandbox.io/api/v1/sandboxes/ Frame |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
w0lsjw
codesandbox.io/api/v1/sandboxes/ |
5 KB 6 KB |
Fetch
application/vnd.github.v3+json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
phishing
codesandbox.io/api/v1/sandboxes/w0lsjw/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
YmVuZWRpY3RlLmJvdXJAc3dpc3NsaWZlLWFtLmNvbQ==%22]
myatshome.com/.brodo//lobatan/ |
0 162 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
runtime
data.jsdelivr.com/v1/package/npm/@babel/ |
2 KB 1 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2.2.1.json
prod-packager-packages.codesandbox.io/v2/packages/node-libs-browser/ |
81 KB 16 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
babel-transpiler.920587c4.worker.js
w0lsjw.codesandbox.io/ |
891 KB 250 KB |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
babel-transpiler.920587c4.worker.js
w0lsjw.codesandbox.io/ |
891 KB 250 KB |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
7.21.5.json
prod-packager-packages.codesandbox.io/v2/packages/@babel/runtime/ |
30 KB 4 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
sandpack
col.csbops.io/data/ |
0 0 |
Fetch
|
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H2 |
sandpack
col.csbops.io/data/ Frame |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
MoneyBagMAy.html
mayconfrim.eu-central-1.linodeobjects.com/ |
96 KB 97 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
lmoautn.bossequlty.com/ Frame 3AD7 |
412 KB 162 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 3AD7 |
858 B 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 3AD7 |
40 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
/
lmoautn.bossequlty.com/ Frame 3AD7 |
201 B 343 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- codesandbox.io
- URL
- https://codesandbox.io/api/v1/sandboxes/w0lsjw/phishing
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 boolean| credentialless function| qqrdtj4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.adnxs.com/ | Name: uuid2 Value: 4287552560397933666 |
|
.adnxs.com/ | Name: anj Value: dTM7k!M4/8CxrEQF']wIg2E>yN)v4<!@wnf-Te9(>wL5L!!'@h$^^6z |
|
codesandbox.io/ | Name: jf9248hHFEQIU42jf298 Value: 0531fc33-663e-46cc-b4d2-0294f99c3870 |
|
.codesandbox.io/ | Name: _cfuvid Value: KZmYvLzKpYdWkxu.dOWxmkm8s9FZ_7nfnawGfKFLRNQ-1683112942818-0-604800000 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
codesandbox.io
col.csbops.io
data.jsdelivr.com
lmoautn.bossequlty.com
mayconfrim.eu-central-1.linodeobjects.com
myatshome.com
prod-packager-packages.codesandbox.io
secure.adnxs.com
static.cloudflareinsights.com
w0lsjw.codesandbox.io
codesandbox.io
103.50.163.40
148.251.96.176
194.9.179.132
2400:52e0:1e00::1081:1
2606:4700::6810:3965
2606:4700::6812:672
2606:4700::6812:772
2a01:7e01::f03c:92ff:fee2:1f17
37.252.171.52
19b8ee66ab60c45d5d24988d090b61c938b44c2ee9a5f8558335b27a2f315072
1e39052e5c70a1dbfea16c3f5ec9993b121d2d733ee6306ecc08ce7289bffb07
2361110739f038d4be93a0230d02cbcdfeda318e38db335cd11f5d9c27447ca7
49882b4768f3155504bf1919726c430d358deeab783a6b5db9197b9999193ce8
5b041eb5d635852456d8bdf68c7e420746126d89f5aca6deabd5c767772433c7
62483db86f3ba9581159a53ce478b67f4b1814e3ec0948dc60fabeeca10faff7
64c2019b369b4f3b45009d1740f4c7ae0856bb2608aea7d7628b78f43cecb3fa
683fbdef88b2ebf85e44c498687952697f4093fb1ff40f884eb6a2f3c74d0bb7
78b82c6afb211fa1efb6acbf50cb85fc5132eb6d27ec5c6ba24f83734b4f1c43
7bf6b132fbe907abcd767888059d89a3c64f42013f2467e25b34c29af76b3469
7d16a81451dc4157397d6d615f7a38d5986df5d2667aae6a934b77b9f4e792b9
a335f401b85be6f166de7a45b6f15d9d0684d85976d177dffa6acdd48cf2a81e
ac2cb47114b7cf6174deb9f2e17a915f79c11edce186f37cd194870a28db5bb1
ca193a9429f1150583c7d75da769cedf965ff40741ac6876e0fa997f3aae792f
ca8f23c22709d3e885448f79507b823a149a67060eb42515092f7be2909d87a1
cfcfbff1f73b7a8f4a0a6207e31583a643ddf15c4805e8a07dfce291989025b8
d12238e4ef0a070d35f498ddf8b9e594bad68b318999dfc5db289b2b26c2f529
f2ebe2b5520aeeab39ce0b25f54a14f1bd44306952fe9569186afbf36faa095a
f74bf2cf5a8225beb66712ff4e859c5d4ba9c24123e6de2f427b4b9fde408928
f7e268dfa4954dcf4df79734773620fc1fa28fa41c5df32cd0153747a56586ba