69mmb0.csb.app Open in urlscan Pro
2606:4700::6812:703 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://69mmb0.csb.app/
Submission: On April 05 via api (April 5th 2023, 1:04:23 pm UTC) from JP — Scanned from JP

Summary HTTP 12 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 6 IPs in 2 countries across 5 domains to perform 12 HTTP transactions. The main IP is 2606:4700::6812:703, located in United States and belongs to CLOUDFLARENET, US. The main domain is 69mmb0.csb.app.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on January 30th 2023. Valid for: a year.

This is the only time 69mmb0.csb.app was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 6	2606:4700::68... 2606:4700::6812:703	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700::68... 2606:4700::6812:772	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:4d60	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	23.33.33.211 23.33.33.211	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	200.150.155.228 200.150.155.228	26592 (EQUINIX B...) (EQUINIX BRASIL)
12	6

6 2606:4700::6812:703 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

69mmb0.csb.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6812:772 (United States)

ASN13335 (CLOUDFLARENET, US)

codesandbox.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:4d60 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.leroymerlin.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.33.33.211 (United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-33-33-211.deploy.static.akamaitechnologies.com

http2.mlstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 200.150.155.228 (Brazil)

ASN26592 (EQUINIX BRASIL, BR)
PTR: ortobom.com.br

www.ortobom.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	csb.app 1 redirects 69mmb0.csb.app	552 KB
4	codesandbox.io codesandbox.io — Cisco Umbrella Rank: 88773	49 KB
1	ortobom.com.br www.ortobom.com.br	84 KB
1	mlstatic.com http2.mlstatic.com — Cisco Umbrella Rank: 18892	8 KB
1	leroymerlin.com.br cdn.leroymerlin.com.br — Cisco Umbrella Rank: 550942	7 KB
12	5

	Domain	Requested by
6	69mmb0.csb.app	1 redirects 69mmb0.csb.app
4	codesandbox.io	69mmb0.csb.app codesandbox.io
1	www.ortobom.com.br	69mmb0.csb.app
1	http2.mlstatic.com	69mmb0.csb.app
1	cdn.leroymerlin.com.br	69mmb0.csb.app
12	5

This site contains links to these domains. Also see Links.

Domain
www.leroymerlin.com.br
www.buscape.com.br
www.americanas.com.br
produto.mercadolivre.com.br
www.magazineluiza.com.br
www.ortobom.com.br

Subject Issuer	Validity	Valid
csb.app Cloudflare Inc ECC CA-3	`2023-01-30` - `2024-01-29`	a year	crt.sh
*.sandpack-static-server.codesandbox.io R3	`2023-03-31` - `2023-06-29`	3 months	crt.sh
*.leroymerlin.com.br GeoTrust RSA CA 2018	`2022-10-10` - `2023-11-10`	a year	crt.sh
*.mlstatic.com DigiCert TLS RSA SHA256 2020 CA1	`2022-06-06` - `2023-06-08`	a year	crt.sh
*.ortobom.com.br AlphaSSL CA - SHA256 - G4	`2023-03-22` - `2024-04-22`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://69mmb0.csb.app/
Frame ID: 58775368E5C794C5D4F336C8186114B4
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Busque pelo seu preço

Page URL History Show full URLs

https://69mmb0.csb.app/ Page URL
https://69mmb0.csb.app/cdn-cgi/phish-bypass?atok=pvY_t53Itc13_d6J4mRjrp_3qyxG117yMO.D6bhTBNM-168069... HTTP 301
https://69mmb0.csb.app/ Page URL

Page Statistics

12
Requests

100 %
HTTPS

60 %
IPv6

5
Domains

5
Subdomains

6
IPs

2
Countries

699 kB
Transfer

1558 kB
Size

3
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://www.leroymerlin.com.br/ar-condicionado-split-9000btus-frio-220v-series-a1-tcl_90991005?store_code=11&gclid=CjwKCAjwrJ-hBhB7EiwAuyBVXSAZKX8mmZ53hIyGsCBlVeT8ULEnfYucE6SfF5adGunsZ5GiQRBxshoCWrAQAvD_BwE
Title: Leroy Merlin: Clique Aqui!

Search URL Search Domain Scan URL

URL: https://www.buscape.com.br/ar-condicionado/ar-condicionado-split-tcl-9000-btus-frio-tac-09csa1
Title: BuscaPé: Clique Aqui!

Search URL Search Domain Scan URL

URL: https://www.americanas.com.br/produto/4087944142?epar=bp_pl_px_go_pmax_clima_3p_split_pb_2&opn=YSMESP&WT.srch=1&offerId=641b26ae401db3b86bdb3efa&gclsrc=aw.ds&gclid=CjwKCAjwrJ-hBhB7EiwAuyBVXX6mghV5NWIJXXl4OWaCparGLETKfUjPgZKx9YVB3pUotvhGwm9JyxoCn0MQAvD_BwE
Title: Americanas: Clique Aqui!

Search URL Search Domain Scan URL

URL: https://www.americanas.com.br/produto/7265842342?epar=bp_pl_px_go_pmax_im_3p_pa_2&opn=YSMESP&WT.srch=1&offerId=6419f72d401db3b86b73ba1e&gclsrc=aw.ds&gclid=CjwKCAjwrJ-hBhB7EiwAuyBVXRVa--sA3vffc_VY1dXc4sUy6FGEFCbNKCVIPYcv9QsRGI7jd_rxYBoCd3AQAvD_BwE
Title: Americanas: Clique Aqui!

Search URL Search Domain Scan URL

URL: https://produto.mercadolivre.com.br/MLB-2819720071-violao-giannini-eletrico-aco-gsf1d-ceq-profissional-cutaway-_JM#position=8&search_layout=grid&type=item&tracking_id=15c670ba-29a9-420c-a1b8-38d14b017659
Title: Mercado Livre: Clique Aqui!

Search URL Search Domain Scan URL

URL: https://www.magazineluiza.com.br/violao-giannini-aco-gsf-1d-ceq-mini-jumbo-eletroacustico/p/dj9b49b59a/im/isvi/
Title: Magalu: Clique Aqui!

Search URL Search Domain Scan URL

URL: https://www.ortobom.com.br/Kit/19471102
Title: Ortobom: Clique Aqui!

Search URL Search Domain Scan URL

URL: https://www.americanas.com.br/produto/7236778871?pfm_carac=colchao-fashion-orto-superpocket-ortobom&pfm_index=1&pfm_page=search&pfm_pos=grid&pfm_type=search_page&offerId=6401abf1401db3b86b07da2e
Title: Americanas: Clique Aqui!

Search URL Search Domain Scan URL

URL: https://www.magazineluiza.com.br/colchao-ortobom-casal-iso-superpocket-138x188x25-molas-pocket-ensacadas/p/bk65703de9/co/ccbc/?&seller_id=multicomercio2&utm_source=google&utm_medium=pla&utm_campaign=&partner_id=69101&gclid=Cj0KCQjwz6ShBhCMARIsAH9A0qWx54THpSTLu1X2i_tx75ux2eRHK4HA0C0iljh4S96Ghld4GSGvEOoaAovyEALw_wcB&gclsrc=aw.ds
Title: Magalu: Clique Aqui!

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://69mmb0.csb.app/ Page URL
https://69mmb0.csb.app/cdn-cgi/phish-bypass?atok=pvY_t53Itc13_d6J4mRjrp_3qyxG117yMO.D6bhTBNM-1680699851-0-%2F HTTP 301
https://69mmb0.csb.app/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
69mmb0.csb.app/ 4 KB
2 KB 25ms
9ms Document
text/html 2606:4700::6812:703
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://69mmb0.csb.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:703 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

181ff662396e517252b704421f152f6d80777586405fd50ccf9e0794edb25814

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: jp-JP,jp;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-ray: 7b31fed85e2e25e6-NRT
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Wed, 05 Apr 2023 13:04:11 GMT
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H2 200 cf.errors.css
69mmb0.csb.app/cdn-cgi/styles/ 24 KB
5 KB 4ms
3ms Stylesheet
text/css 2606:4700::6812:703
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://69mmb0.csb.app/cdn-cgi/styles/cf.errors.css

Requested by

Host: 69mmb0.csb.app
URL: https://69mmb0.csb.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:703 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1103290e25ebda2712abe344a87facbac00ddaba712729be9fe5feef807bf91b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://69mmb0.csb.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 05 Apr 2023 13:04:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 21 Mar 2023 12:30:57 GMT
server: cloudflare
etag: W/"6419a381-5e44"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=7200, public
cf-ray: 7b31fed86e4325e6-NRT
expires: Wed, 05 Apr 2023 15:04:11 GMT

GET
H3 200 icon-exclamation.png
69mmb0.csb.app/cdn-cgi/images/ 452 B
670 B 3ms
3ms Image
image/png 2606:4700::6812:703
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://69mmb0.csb.app/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: 69mmb0.csb.app
URL: https://69mmb0.csb.app/cdn-cgi/styles/cf.errors.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:703 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://69mmb0.csb.app/cdn-cgi/styles/cf.errors.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 05 Apr 2023 13:04:11 GMT
x-content-type-options: nosniff
last-modified: Tue, 21 Mar 2023 12:30:57 GMT
server: cloudflare
etag: "6419a381-1c4"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=7200, public
accept-ranges: bytes
cf-ray: 7b31fed88cede378-NRT
content-length: 452
expires: Wed, 05 Apr 2023 15:04:11 GMT

GET
H3

200

Primary Request / Show response
69mmb0.csb.app/
Redirect Chain

https://69mmb0.csb.app/cdn-cgi/phish-bypass?atok=pvY_t53Itc13_d6J4mRjrp_3qyxG117yMO.D6bhTBNM-1680699851-0-%2F
https://69mmb0.csb.app/

720 KB
543 KB

304ms
304ms

Document
text/html

2606:4700::6812:703
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://69mmb0.csb.app/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:703 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b31f2e75e8ee6f388d2a7a9121ad2cbb6a7e337f14896bd7501a85d14b972981

Request headers

Referer: https://69mmb0.csb.app/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language: jp-JP,jp;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: private, max-age=0, no-cache, no-store
cf-cache-status: DYNAMIC
cf-ray: 7b31fef818a5e378-NRT
content-encoding: br
content-type: text/html
date: Wed, 05 Apr 2023 13:04:16 GMT
server: cloudflare
vary: Accept-Encoding
via: 1.1 google
x-request-id: F1MLnXKC8nfvj-IDh4zn

Redirect headers

cache-control: private, no-cache
cf-ray: 7b31fef818a1e378-NRT
content-length: 167
content-type: text/html
date: Wed, 05 Apr 2023 13:04:16 GMT
location: https://69mmb0.csb.app/
server: cloudflare
x-content-type-options: nosniff
x-frame-options: DENY

GET
H2 200 sse-hooks.f742b80f43c5a2e0e619b0d97b5886cd.js Show response
codesandbox.io/public/sse-hooks/ 172 KB
45 KB 41ms
21ms Script
application/javascript 2606:4700::6812:772
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://codesandbox.io/public/sse-hooks/sse-hooks.f742b80f43c5a2e0e619b0d97b5886cd.js
Requested by: Host: 69mmb0.csb.app
URL: https://69mmb0.csb.app/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:772 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7b792d9cff94a4f92d164ec7233833c903b4fdbaef13e37a0dc4258b8312ca83

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://69mmb0.csb.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 05 Apr 2023 13:04:17 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
age: 4844
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Sat, 13 Aug 2022 13:00:47 GMT
server: cloudflare
etag: W/"62f7a07f-2aeb3"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 7b31fefa3f1c0b8b-NRT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 banner.0b5d84a2b.js Show response
codesandbox.io/static/js/ 4 KB
2 KB 35ms
15ms Script
application/javascript 2606:4700::6812:772
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://codesandbox.io/static/js/banner.0b5d84a2b.js
Requested by: Host: 69mmb0.csb.app
URL: https://69mmb0.csb.app/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:772 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 683fbdef88b2ebf85e44c498687952697f4093fb1ff40f884eb6a2f3c74d0bb7

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://69mmb0.csb.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 05 Apr 2023 13:04:17 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
age: 2583190
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 06 Mar 2023 08:37:20 GMT
server: cloudflare
etag: W/"6405a640-f37"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 7b31fefa3f1d0b8b-NRT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 style.css
69mmb0.csb.app/ 2 KB
951 B 829ms
827ms Stylesheet
text/css 2606:4700::6812:703
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://69mmb0.csb.app/style.css
Requested by: Host: 69mmb0.csb.app
URL: https://69mmb0.csb.app/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:703 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bccd33f105f509ca4e9f9a8d9b2cd5de0a70c4ec85ecf86bc75328dc39a6c901

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://69mmb0.csb.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 05 Apr 2023 13:04:17 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: MISS
last-modified: Wed, 05 Apr 2023 13:04:17 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
cache-control: private, max-age=0, no-cache, no-store
cf-ray: 7b31fefa1ac4e378-NRT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-request-id: F1MLnZtOwQVET5kLcT6j

GET
H3 200 phishing Show response
codesandbox.io/api/v1/sandboxes/69mmb0/ 33 B
498 B 284ms
277ms Fetch
application/vnd.github.v3+json 2606:4700::6812:772
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://codesandbox.io/api/v1/sandboxes/69mmb0/phishing
Requested by: Host: codesandbox.io
URL: https://codesandbox.io/static/js/banner.0b5d84a2b.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:772 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2d91020394c232a07e303c0caff12346b174a759ed94de8bb0eac6c8b60e2660

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://69mmb0.csb.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 05 Apr 2023 13:04:17 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
vary: origin
content-type: application/vnd.github.v3+json; charset=utf-8
access-control-allow-origin: https://69mmb0.csb.app
cache-control: private, max-age=0, no-cache, no-store
access-control-allow-credentials: true
cf-ray: 7b31fefa7ad6f6e5-NRT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 33
x-request-id: F1MLnYjbecryc74J2J4E

GET
DATA 200
OK truncated
/ 533 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8f82c25ff6941113bd4b077b5acaa5f5a9044231cd17712d8fd7c0a5cad3df40

Request headers

accept-language: jp-JP,jp;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 ar_condicionado_split_9000btus_frio_220v_tcl_90991005_8cf3_300x300.jpg
cdn.leroymerlin.com.br/products/ 7 KB
7 KB 130ms
115ms Image
image/avif 2606:4700::6811:4d60
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.leroymerlin.com.br/products/ar_condicionado_split_9000btus_frio_220v_tcl_90991005_8cf3_300x300.jpg

Requested by

Host: 69mmb0.csb.app
URL: https://69mmb0.csb.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:4d60 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c05e3c7dcc97773cfea0002a0d0c880d3b2adb773c38493166b15428b6eec059

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
X-Content-Type-Options	nosniff

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://69mmb0.csb.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 05 Apr 2023 13:04:18 GMT
via: 1.1 cbcdad470c77a1c616dcee033bb0c082.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
content-length: 6843
cf-resized: internal=ok/h q=0 n=22+744 c=0+0 v=2023.3.5 l=6843
last-modified: Wed, 13 Jan 2021 13:19:50 GMT
cf-bgj: imgq:85,h2pri
server: cloudflare
etag: "cf9EkIP6M8VzLoib8HXMHdWgLd1gWqs-rDoNB_ezzVDw:b49437c8a9f970594710bb9dea5f9931"
vary: Accept, Accept-Encoding
warning: cf-images 299 "cache-control is too restrictive"
content-type: image/avif
cache-control: private, max-age=0
accept-ranges: bytes
cf-ray: 7b31ff018d8df5b3-NRT

GET
H2 200 D_NQ_NP_773591-MLB51716168313_092022-O.webp
http2.mlstatic.com/ 6 KB
8 KB 326ms
3ms Image
image/webp 23.33.33.211
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://http2.mlstatic.com/D_NQ_NP_773591-MLB51716168313_092022-O.webp

Requested by

Host: 69mmb0.csb.app
URL: https://69mmb0.csb.app/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.33.33.211 , United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-33-33-211.deploy.static.akamaitechnologies.com

Software

Tengine /

Resource Hash

6d0ab806c1fece8d09456fe5d116dc558f65c0b4195b37c6a48f1a536e65b700

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://69mmb0.csb.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

x-version: O
accept-encoding: gzip
x-check-cacheable: YES
x-cdn: a
x-d2id: b521f608-67c1-4cf5-874d-7728f982b1fa
x-progressive: false
content-security-policy-report-only: script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.gstatic.com https://www.google.com https://adservice.google.com https://www.googleadservices.com https://*.mlstatic.com https://js-agent.newrelic.com https://*.hotjar.com https://*.nr-data.net https://www.google-analytics.com https://analytics.tiktok.com https://connect.facebook.net https://*.googlesyndication.com https://tags.creativecdn.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.datadoghq-browser-agent.com https://maps.googleapis.com https://ssl.google-analytics.com https://static.meli.com https://*.mercadolibre.com https://*.mercadopago.com; report-to endpoint-csp; report-uri https://events.mercadolibre.com/csp/reports
x-smartcrop: false
reporting-endpoints: endpoint-csp="https://events.mercadolibre.com/csp/v2/reports"
x-version2x: false
x-site: MLB
referrer-policy: no-referrer-when-downgrade
x-extension: webp
etag: "3842145479"
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
x-container: 773591
x-id: MLB51716168313_092022
date: Wed, 05 Apr 2023 13:04:18 GMT
x-content-type-options: nosniff
x-envoy-upstream-service-time: 92
alt-svc: h3=":443"; ma=93600,h3-29=":443"; ma=93600,h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
content-length: 6654
x-square: false
x-request-id: b521f608-67c1-4cf5-874d-7728f982b1fa
x-xss-protection: 1; mode=block
last-modified: Tue Sep 27 15:14:34 UTC 2022
server: Tengine
x-server: 172.19.0.7:58258
timing-allow-origin: *
x-request-device-id: b521f608-67c1-4cf5-874d-7728f982b1fa

GET
H/1.1 200
OK Photo
www.ortobom.com.br/Content/ 83 KB
84 KB 2997ms
394ms Image
image/jpeg 200.150.155.228
EQUINIX BRASIL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.ortobom.com.br/Content/Photo?id=19602&w=1000&h=1000
Requested by: Host: 69mmb0.csb.app
URL: https://69mmb0.csb.app/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 200.150.155.228 , Brazil, ASN26592 (EQUINIX BRASIL, BR),
Reverse DNS: ortobom.com.br
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 088f1a36343753f0ee376c6ea25522846192ba6119ede9989af5832261a4b182

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://69mmb0.csb.app/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Date: Wed, 05 Apr 2023 13:01:38 GMT
X-AspNetMvc-Version: 5.2
Last-Modified: Wed, 05 Apr 2023 13:01:39 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: *
Content-Type: jpeg
Cache-Control: public, max-age=86400
Content-Length: 85238
Expires: Thu, 06 Apr 2023 13:01:39 GMT

GET
H3 200 watermark-button.f4f9aed52.js Show response
codesandbox.io/static/js/ 3 KB
2 KB 443ms
443ms Script
application/javascript 2606:4700::6812:772
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://codesandbox.io/static/js/watermark-button.f4f9aed52.js
Requested by: Host: 69mmb0.csb.app
URL: https://69mmb0.csb.app/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:772 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f74bf2cf5a8225beb66712ff4e859c5d4ba9c24123e6de2f427b4b9fde408928

Request headers

Referer: https://69mmb0.csb.app/
Origin: https://69mmb0.csb.app
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date: Wed, 05 Apr 2023 13:04:18 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 03 Apr 2023 07:40:49 GMT
server: cloudflare
etag: W/"642a8301-ae5"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 7b31ff017816f6e5-NRT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 31 Dec 2037 23:55:55 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 boolean| credentialless

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.69mmb0.csb.app/	1970-01-20 10:53:06	Name: __cf_mw_byp Value: pvY_t53Itc13_d6J4mRjrp_3qyxG117yMO.D6bhTBNM-1680699851-0-/
.codesandbox.io/	1969-12-31 23:59:59	Name: _cfuvid Value: exRVrE9o06LY2SHiBrARp4X43.FBj5R6_EZRdO12.DM-1680699857007-0-604800000
.leroymerlin.com.br/	1970-01-20 10:51:41	Name: __cf_bm Value: MPgtzfOmWDXb7JyVfj8LB.dGYC_Rw0JP8zimtjQNjUU-1680699858-0-AeGlzwR51VkVLNXLILDwGIVAAECdxZNQ3d8a0bE7SxyPueBIPxQp0knJj6Yy1+QMfY4FTQWhS7mEn4H6aadOXHs=

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

69mmb0.csb.app
cdn.leroymerlin.com.br
codesandbox.io
http2.mlstatic.com
www.ortobom.com.br
200.150.155.228
23.33.33.211
2606:4700::6811:4d60
2606:4700::6812:703
2606:4700::6812:772
088f1a36343753f0ee376c6ea25522846192ba6119ede9989af5832261a4b182
1103290e25ebda2712abe344a87facbac00ddaba712729be9fe5feef807bf91b
181ff662396e517252b704421f152f6d80777586405fd50ccf9e0794edb25814
2d91020394c232a07e303c0caff12346b174a759ed94de8bb0eac6c8b60e2660
683fbdef88b2ebf85e44c498687952697f4093fb1ff40f884eb6a2f3c74d0bb7
6d0ab806c1fece8d09456fe5d116dc558f65c0b4195b37c6a48f1a536e65b700
7b792d9cff94a4f92d164ec7233833c903b4fdbaef13e37a0dc4258b8312ca83
8f82c25ff6941113bd4b077b5acaa5f5a9044231cd17712d8fd7c0a5cad3df40
b31f2e75e8ee6f388d2a7a9121ad2cbb6a7e337f14896bd7501a85d14b972981
bccd33f105f509ca4e9f9a8d9b2cd5de0a70c4ec85ecf86bc75328dc39a6c901
c05e3c7dcc97773cfea0002a0d0c880d3b2adb773c38493166b15428b6eec059
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
f74bf2cf5a8225beb66712ff4e859c5d4ba9c24123e6de2f427b4b9fde408928

69mmb0.csb.app Open in urlscan Pro 2606:4700::6812:703 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

12 Requests

100 %HTTPS

60 %IPv6

5 Domains

5 Subdomains

6 IPs

2 Countries

699 kBTransfer

1558 kBSize

3 Cookies

9 Outgoing links

Page URL History

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

3 Cookies

Security Headers

Indicators

69mmb0.csb.app Open in urlscan Pro
2606:4700::6812:703 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

100 %
HTTPS

60 %
IPv6

5
Domains

5
Subdomains

6
IPs

2
Countries

699 kB
Transfer

1558 kB
Size

3
Cookies

12 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!