urlscan.io logo urlscan.io
SecurityTrails logo

keadlebps.com Open in urlscan Pro
162.241.115.55  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://clickserve.dartsearch.net/link/click?&ds_a_cid=680760384&ds_a_cai%20d=12694754542&ds_a_agid=123477218634&ds_a_fiid=&ds_a_l...
Effective URL: https://keadlebps.com/office/PS-620700d94e211
Submission: On February 12 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 5 domains to perform 19 HTTP transactions. The main IP is 162.241.115.55, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is keadlebps.com.
TLS certificate: Issued by R3 on February 6th 2022. Valid for: 3 months.
This is the only time keadlebps.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
2 2 2a00:1450:400... 15169 (GOOGLE)
1 1 172.217.23.102 15169 (GOOGLE)
7 2606:4700::68... 13335 (CLOUDFLAR...)
3 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 9 162.241.115.55 46606 (UNIFIEDLA...)
19 4
2    2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
clickserve.dartsearch.net
1    172.217.23.102 (United States)

ASN15169 (GOOGLE, US)
PTR: mil04s23-in-f102.1e100.net
ad.doubleclick.net
7    2606:4700::6812:17cf (United States)

ASN13335 (CLOUDFLARENET, US)
q2ghq.codesandbox.io
codesandbox.io
3    2606:4700::6812:16cf (United States)

ASN13335 (CLOUDFLARENET, US)
codesandbox.io
1    2606:4700::6810:5e41 (United States)

ASN13335 (CLOUDFLARENET, US)
static.cloudflareinsights.com
9    162.241.115.55 (United States)

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 162-241-115-55.unifiedlayer.com
keadlebps.com
Apex Domain
Subdomains		 Transfer
10 codesandbox.io
q2ghq.codesandbox.io
codesandbox.io — Cisco Umbrella Rank: 84807
2 MB
9 keadlebps.com
keadlebps.com
71 KB
2 dartsearch.net
clickserve.dartsearch.net — Cisco Umbrella Rank: 3427
1 KB
1 cloudflareinsights.com
static.cloudflareinsights.com — Cisco Umbrella Rank: 1184
5 KB
1 doubleclick.net
ad.doubleclick.net — Cisco Umbrella Rank: 167
791 B
19 5
Domain Requested by
9 keadlebps.com 1 redirects q2ghq.codesandbox.io
keadlebps.com
5 codesandbox.io q2ghq.codesandbox.io
codesandbox.io
5 q2ghq.codesandbox.io q2ghq.codesandbox.io
2 clickserve.dartsearch.net 2 redirects
1 static.cloudflareinsights.com q2ghq.codesandbox.io
1 ad.doubleclick.net 1 redirects
19 6

This site contains no links.

Subject Issuer Validity Valid
codesandbox.io
Cloudflare Inc ECC CA-3		 2021-05-19 -
2022-05-18		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-06-11 -
2022-06-10		 a year crt.sh
cpcontacts.keadlebps.com
R3		 2022-02-06 -
2022-05-07		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://keadlebps.com/office/PS-620700d94e211
Frame ID: 7D3BBF61B5DA02896404089D58D98355
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

E46B89022EBF9B16C8A06C8711C8F75F620700D971D9E

Page URL History Show full URLs

  1. http://clickserve.dartsearch.net/link/click?&ds_a_cid=680760384&ds_a_cai%20d=12694754542&ds_a_agid=1234772186... HTTP 301
    https://clickserve.dartsearch.net/link/click?&ds_a_cid=680760384&ds_a_cai%20d=12694754542&ds_a_agid=1234772186... HTTP 302
    https://ad.doubleclick.net/ddm/clk/492846694;299712857;l;u=ds&sv1=0&sv2=3289252266751921&sv3=2883406774... HTTP 302
    https://q2ghq.codesandbox.io/?dg=natasha.lowitt%20@barclays.com&ds_a_cai%20d=12694754542&d%20s_e_adid=512... Page URL
  2. https://keadlebps.com/office/$natasha.lowitt%20@barclays.com HTTP 302
    https://keadlebps.com/office/PS-620700d94e211 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Page Statistics

19
Requests

100 %
HTTPS

67 %
IPv6

5
Domains

6
Subdomains

4
IPs

2
Countries

1978 kB
Transfer

6703 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://clickserve.dartsearch.net/link/click?&ds_a_cid=680760384&ds_a_cai%20d=12694754542&ds_a_agid=123477218634&ds_a_fiid=&ds_a_lid=&&d%20s_e_adid=512650395034&ds_e_matchtype=&ds_e_device=c&ds_e_network=&am%20p;&ds_url_v=2&ds_dest_url=https://q2ghq.codesandbox.io?dg=natasha.lowitt%20@barclays.com HTTP 301
    https://clickserve.dartsearch.net/link/click?&ds_a_cid=680760384&ds_a_cai%20d=12694754542&ds_a_agid=123477218634&ds_a_fiid=&ds_a_lid=&&d%20s_e_adid=512650395034&ds_e_matchtype=&ds_e_device=c&ds_e_network=&am%20p;&ds_url_v=2&ds_dest_url=https://q2ghq.codesandbox.io?dg=natasha.lowitt%20@barclays.com HTTP 302
    https://ad.doubleclick.net/ddm/clk/492846694;299712857;l;u=ds&sv1=0&sv2=3289252266751921&sv3=288340677430780441&gclid=CNi33-P1-PUCFTNEHQkdo8gACA;%3fhttps://q2ghq.codesandbox.io?dg=natasha.lowitt%20@barclays.com&ds_a_cai%20d=12694754542&d%20s_e_adid=512650395034&am%20p; HTTP 302
    https://q2ghq.codesandbox.io/?dg=natasha.lowitt%20@barclays.com&ds_a_cai%20d=12694754542&d%20s_e_adid=512650395034&am%20p;&gclid=CNi33-P1-PUCFTNEHQkdo8gACA Page URL
  2. https://keadlebps.com/office/$natasha.lowitt%20@barclays.com HTTP 302
    https://keadlebps.com/office/PS-620700d94e211 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://clickserve.dartsearch.net/link/click?&ds_a_cid=680760384&ds_a_cai%20d=12694754542&ds_a_agid=123477218634&ds_a_fiid=&ds_a_lid=&&d%20s_e_adid=512650395034&ds_e_matchtype=&ds_e_device=c&ds_e_network=&am%20p;&ds_url_v=2&ds_dest_url=https://q2ghq.codesandbox.io?dg=natasha.lowitt%20@barclays.com HTTP 301
  • https://clickserve.dartsearch.net/link/click?&ds_a_cid=680760384&ds_a_cai%20d=12694754542&ds_a_agid=123477218634&ds_a_fiid=&ds_a_lid=&&d%20s_e_adid=512650395034&ds_e_matchtype=&ds_e_device=c&ds_e_network=&am%20p;&ds_url_v=2&ds_dest_url=https://q2ghq.codesandbox.io?dg=natasha.lowitt%20@barclays.com HTTP 302
  • https://ad.doubleclick.net/ddm/clk/492846694;299712857;l;u=ds&sv1=0&sv2=3289252266751921&sv3=288340677430780441&gclid=CNi33-P1-PUCFTNEHQkdo8gACA;%3fhttps://q2ghq.codesandbox.io?dg=natasha.lowitt%20@barclays.com&ds_a_cai%20d=12694754542&d%20s_e_adid=512650395034&am%20p; HTTP 302
  • https://q2ghq.codesandbox.io/?dg=natasha.lowitt%20@barclays.com&ds_a_cai%20d=12694754542&d%20s_e_adid=512650395034&am%20p;&gclid=CNi33-P1-PUCFTNEHQkdo8gACA

19 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
q2ghq.codesandbox.io/
Redirect Chain
  • http://clickserve.dartsearch.net/link/click?&ds_a_cid=680760384&ds_a_cai%20d=12694754542&ds_a_agid=123477218634&ds_a_fiid=&ds_a_lid=&&d%20s_e_adid=512650395034&ds_e_matchtype=&ds_e_device=c&ds_e_ne...
  • https://clickserve.dartsearch.net/link/click?&ds_a_cid=680760384&ds_a_cai%20d=12694754542&ds_a_agid=123477218634&ds_a_fiid=&ds_a_lid=&&d%20s_e_adid=512650395034&ds_e_matchtype=&ds_e_device=c&ds_e_n...
  • https://ad.doubleclick.net/ddm/clk/492846694;299712857;l;u=ds&sv1=0&sv2=3289252266751921&sv3=288340677430780441&gclid=CNi33-P1-PUCFTNEHQkdo8gACA;%3fhttps://q2ghq.codesandbox.io?dg=natasha.lowitt%20...
  • https://q2ghq.codesandbox.io/?dg=natasha.lowitt%20@barclays.com&ds_a_cai%20d=12694754542&d%20s_e_adid=512650395034&am%20p;&gclid=CNi33-P1-PUCFTNEHQkdo8gACA
2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://q2ghq.codesandbox.io/?dg=natasha.lowitt%20@barclays.com&ds_a_cai%20d=12694754542&d%20s_e_adid=512650395034&am%20p;&gclid=CNi33-P1-PUCFTNEHQkdo8gACA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:17cf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c0d41dc11e5034397fa110923aeebf5a44d5c0c6682368715463bf2be0d61d08

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

date
Sat, 12 Feb 2022 00:35:33 GMT
content-type
text/html
vary
Accept-Encoding
cache-control
private, max-age=0, no-cache, no-store
x-request-id
FtLiwT0dl_dwP60xtWLD
via
1.1 google
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
6dc1bcd6595d374a-MXP
content-encoding
br

Redirect headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
location
https://q2ghq.codesandbox.io?dg=natasha.lowitt%20@barclays.com&ds_a_cai%20d=12694754542&d%20s_e_adid=512650395034&am%20p;&gclid=CNi33-P1-PUCFTNEHQkdo8gACA
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
date
Sat, 12 Feb 2022 00:35:33 GMT
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
vendors~app~embed~sandbox~sandbox-startup.bcc15d438.chunk.js
codesandbox.io/static/js/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://codesandbox.io/static/js/vendors~app~embed~sandbox~sandbox-startup.bcc15d438.chunk.js
Requested by
Host: q2ghq.codesandbox.io
URL: https://q2ghq.codesandbox.io/?dg=natasha.lowitt%20@barclays.com&ds_a_cai%20d=12694754542&d%20s_e_adid=512650395034&am%20p;&gclid=CNi33-P1-PUCFTNEHQkdo8gACA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:16cf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
04d7aba76ea78655e33e814070d24579da91f68a78a2c026c6d58d5cda8aec3f

Request headers

Referer
https://q2ghq.codesandbox.io/
Origin
https://q2ghq.codesandbox.io
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Sat, 12 Feb 2022 00:35:33 GMT
via
1.1 google
cf-cache-status
MISS
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 07 Feb 2022 14:08:59 GMT
server
cloudflare
etag
W/"620127fb-2312"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=315360000
cf-ray
6dc1bcd73abf59dd-MXP
expires
Thu, 31 Dec 2037 23:55:55 GMT
vendors~app~embed~sandbox-startup.6e3433fd3.chunk.js
codesandbox.io/static/js/ 		17 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://codesandbox.io/static/js/vendors~app~embed~sandbox-startup.6e3433fd3.chunk.js
Requested by
Host: q2ghq.codesandbox.io
URL: https://q2ghq.codesandbox.io/?dg=natasha.lowitt%20@barclays.com&ds_a_cai%20d=12694754542&d%20s_e_adid=512650395034&am%20p;&gclid=CNi33-P1-PUCFTNEHQkdo8gACA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:16cf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d3be0565dc1bba02e688b13332bfc3dafdc61d71df04aa347f3e435bd8291a14

Request headers

Referer
https://q2ghq.codesandbox.io/
Origin
https://q2ghq.codesandbox.io
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Sat, 12 Feb 2022 00:35:33 GMT
via
1.1 google
cf-cache-status
MISS
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 07 Feb 2022 14:08:59 GMT
server
cloudflare
etag
W/"620127fb-423b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=315360000
cf-ray
6dc1bcd73ac059dd-MXP
expires
Thu, 31 Dec 2037 23:55:55 GMT
sandbox-startup.fbd015eab.js
codesandbox.io/static/js/ 		24 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://codesandbox.io/static/js/sandbox-startup.fbd015eab.js
Requested by
Host: q2ghq.codesandbox.io
URL: https://q2ghq.codesandbox.io/?dg=natasha.lowitt%20@barclays.com&ds_a_cai%20d=12694754542&d%20s_e_adid=512650395034&am%20p;&gclid=CNi33-P1-PUCFTNEHQkdo8gACA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:16cf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
033c6bb7b2d019990c6d72496cd20a921e0b740fe0d4baee48019aaf9aec975d

Request headers

Referer
https://q2ghq.codesandbox.io/
Origin
https://q2ghq.codesandbox.io
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Sat, 12 Feb 2022 00:35:33 GMT
via
1.1 google
cf-cache-status
MISS
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 07 Feb 2022 14:08:59 GMT
server
cloudflare
etag
W/"620127fb-5ef5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=315360000
cf-ray
6dc1bcd73ac159dd-MXP
expires
Thu, 31 Dec 2037 23:55:55 GMT
browserfs.min.js
codesandbox.io/static/browserfs12/ 		232 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://codesandbox.io/static/browserfs12/browserfs.min.js
Requested by
Host: q2ghq.codesandbox.io
URL: https://q2ghq.codesandbox.io/?dg=natasha.lowitt%20@barclays.com&ds_a_cai%20d=12694754542&d%20s_e_adid=512650395034&am%20p;&gclid=CNi33-P1-PUCFTNEHQkdo8gACA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:17cf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
62483db86f3ba9581159a53ce478b67f4b1814e3ec0948dc60fabeeca10faff7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://q2ghq.codesandbox.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Sat, 12 Feb 2022 00:35:33 GMT
via
1.1 google
cf-cache-status
HIT
age
25475121
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Thu, 22 Apr 2021 14:00:04 GMT
server
cloudflare
etag
W/"60818164-39fc5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=315360000
cf-ray
6dc1bcd6e9ee374a-MXP
expires
Thu, 31 Dec 2037 23:55:55 GMT
api.js
q2ghq.codesandbox.io/cdn-cgi/bm/cv/669835187/ 		35 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://q2ghq.codesandbox.io/cdn-cgi/bm/cv/669835187/api.js
Requested by
Host: q2ghq.codesandbox.io
URL: https://q2ghq.codesandbox.io/?dg=natasha.lowitt%20@barclays.com&ds_a_cai%20d=12694754542&d%20s_e_adid=512650395034&am%20p;&gclid=CNi33-P1-PUCFTNEHQkdo8gACA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:17cf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://q2ghq.codesandbox.io/?dg=natasha.lowitt%20@barclays.com&ds_a_cai%20d=12694754542&d%20s_e_adid=512650395034&am%20p;&gclid=CNi33-P1-PUCFTNEHQkdo8gACA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Sat, 12 Feb 2022 00:35:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=604800, public
cf-ray
6dc1bcd79ac2374a-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
v652eace1692a40cfa3763df669d7439c1639079717194
static.cloudflareinsights.com/beacon.min.js/ 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194
Requested by
Host: q2ghq.codesandbox.io
URL: https://q2ghq.codesandbox.io/?dg=natasha.lowitt%20@barclays.com&ds_a_cai%20d=12694754542&d%20s_e_adid=512650395034&am%20p;&gclid=CNi33-P1-PUCFTNEHQkdo8gACA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5e41 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://q2ghq.codesandbox.io/
Origin
https://q2ghq.codesandbox.io
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Sat, 12 Feb 2022 00:35:33 GMT
content-encoding
gzip
last-modified
Thu, 09 Dec 2021 19:55:17 GMT
server
cloudflare
etag
W/2021.12.0
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
cf-ray
6dc1bcd7b9e19078-FRA
babel.7.12.12.min.js
codesandbox.io/static/js/ 		0
359 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://codesandbox.io/static/js/babel.7.12.12.min.js
Requested by
Host: codesandbox.io
URL: https://codesandbox.io/static/js/sandbox-startup.fbd015eab.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:17cf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://q2ghq.codesandbox.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Sat, 12 Feb 2022 00:35:33 GMT
via
1.1 google
cf-cache-status
HIT
age
6124216
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Thu, 02 Dec 2021 16:41:17 GMT
server
cloudflare
etag
W/"61a8f72d-190ba2"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=315360000
cf-ray
6dc1bcd8ccdd5a25-MXP
expires
Thu, 31 Dec 2037 23:55:55 GMT
Primary Request PS-620700d94e211
keadlebps.com/office/
Redirect Chain
  • https://keadlebps.com/office/$natasha.lowitt%20@barclays.com
  • https://keadlebps.com/office/PS-620700d94e211
38 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://keadlebps.com/office/PS-620700d94e211
Requested by
Host: q2ghq.codesandbox.io
URL: https://q2ghq.codesandbox.io/?dg=natasha.lowitt%20@barclays.com&ds_a_cai%20d=12694754542&d%20s_e_adid=512650395034&am%20p;&gclid=CNi33-P1-PUCFTNEHQkdo8gACA
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.241.115.55 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
162-241-115-55.unifiedlayer.com
Software
Apache /
Resource Hash
b69a7e291d9e0a3b738387666b0305d30bc087101c2f7c0bc667b1b955ee7af8

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://q2ghq.codesandbox.io/?dg=natasha.lowitt%20@barclays.com&ds_a_cai%20d=12694754542&d%20s_e_adid=512650395034&am%20p;&gclid=CNi33-P1-PUCFTNEHQkdo8gACA

Response headers

Date
Sat, 12 Feb 2022 00:35:37 GMT
Server
Apache
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Pragma
no-cache
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
3022
Keep-Alive
timeout=5, max=99
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8

Redirect headers

Date
Sat, 12 Feb 2022 00:35:34 GMT
Server
Apache
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Pragma
no-cache
Location
./PS-620700d94e211
Content-Length
0
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
babel-transpiler.9ffe416e.worker.js
q2ghq.codesandbox.io/ 		2 MB
486 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://q2ghq.codesandbox.io/babel-transpiler.9ffe416e.worker.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:17cf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://q2ghq.codesandbox.io/?dg=natasha.lowitt%20@barclays.com&ds_a_cai%20d=12694754542&d%20s_e_adid=512650395034&am%20p;&gclid=CNi33-P1-PUCFTNEHQkdo8gACA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

cf-ray
6dc1bcd7bafd374a-MXP
date
Sat, 12 Feb 2022 00:35:33 GMT
via
1.1 google
cf-cache-status
REVALIDATED
last-modified
Mon, 07 Feb 2022 14:08:59 GMT
server
cloudflare
etag
W/"620127fb-1fb464"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
babel-transpiler.9ffe416e.worker.js
q2ghq.codesandbox.io/ 		2 MB
485 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://q2ghq.codesandbox.io/babel-transpiler.9ffe416e.worker.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:17cf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://q2ghq.codesandbox.io/?dg=natasha.lowitt%20@barclays.com&ds_a_cai%20d=12694754542&d%20s_e_adid=512650395034&am%20p;&gclid=CNi33-P1-PUCFTNEHQkdo8gACA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

cf-ray
6dc1bcd7bb6c5a25-MXP
date
Sat, 12 Feb 2022 00:35:33 GMT
via
1.1 google
cf-cache-status
REVALIDATED
last-modified
Mon, 07 Feb 2022 14:08:59 GMT
server
cloudflare
etag
W/"620127fb-1fb464"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
babel-transpiler.9ffe416e.worker.js
q2ghq.codesandbox.io/ 		2 MB
485 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://q2ghq.codesandbox.io/babel-transpiler.9ffe416e.worker.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:17cf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://q2ghq.codesandbox.io/?dg=natasha.lowitt%20@barclays.com&ds_a_cai%20d=12694754542&d%20s_e_adid=512650395034&am%20p;&gclid=CNi33-P1-PUCFTNEHQkdo8gACA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

cf-ray
6dc1bcd7bb6d5a25-MXP
date
Sat, 12 Feb 2022 00:35:33 GMT
via
1.1 google
cf-cache-status
REVALIDATED
last-modified
Mon, 07 Feb 2022 14:08:59 GMT
server
cloudflare
etag
W/"620127fb-1fb464"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
968bca27812f4b989007776c61d1f9e0fbd10c6ee5820
keadlebps.com/office/APP-XL7Y57/ 		103 KB
18 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://keadlebps.com/office/APP-XL7Y57/968bca27812f4b989007776c61d1f9e0fbd10c6ee5820
Requested by
Host: keadlebps.com
URL: https://keadlebps.com/office/PS-620700d94e211
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.241.115.55 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
162-241-115-55.unifiedlayer.com
Software
Apache /
Resource Hash
a7057bebfff43e7281ca31da00d40bd88c8d02d1576b9c45891dd56a3853269a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://keadlebps.com/office/PS-620700d94e211
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Sat, 12 Feb 2022 00:35:37 GMT
Content-Encoding
gzip
Last-Modified
Fri, 20 Aug 2021 19:23:18 GMT
Server
Apache
Vary
Accept-Encoding
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
18548
0901b07fd8c819e8e060122f41c679b7eb6629d85acf7
keadlebps.com/office/o/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://keadlebps.com/office/o/0901b07fd8c819e8e060122f41c679b7eb6629d85acf7
Requested by
Host: keadlebps.com
URL: https://keadlebps.com/office/PS-620700d94e211
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.241.115.55 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
162-241-115-55.unifiedlayer.com
Software
Apache /
Resource Hash
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://keadlebps.com/office/PS-620700d94e211
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Sat, 12 Feb 2022 00:35:37 GMT
Content-Encoding
gzip
Last-Modified
Sat, 23 Nov 2019 23:10:04 GMT
Server
Apache
Vary
Accept-Encoding
Content-Type
image/svg+xml
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
1435
00781e2a6bcc6796611f2c7700de9e5ff880419928bbd
keadlebps.com/office/e/ 		513 B
568 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://keadlebps.com/office/e/00781e2a6bcc6796611f2c7700de9e5ff880419928bbd
Requested by
Host: keadlebps.com
URL: https://keadlebps.com/office/PS-620700d94e211
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.241.115.55 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
162-241-115-55.unifiedlayer.com
Software
Apache /
Resource Hash
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://keadlebps.com/office/PS-620700d94e211
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Sat, 12 Feb 2022 00:35:37 GMT
Content-Encoding
gzip
Last-Modified
Sun, 24 Nov 2019 06:44:20 GMT
Server
Apache
Vary
Accept-Encoding
Content-Type
image/svg+xml
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
Content-Length
276
10d0a79206ef09d8889425bfef0117b17269ec87cb66c
keadlebps.com/office/jq/ 		84 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://keadlebps.com/office/jq/10d0a79206ef09d8889425bfef0117b17269ec87cb66c
Requested by
Host: keadlebps.com
URL: https://keadlebps.com/office/PS-620700d94e211
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.241.115.55 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
162-241-115-55.unifiedlayer.com
Software
Apache /
Resource Hash
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://keadlebps.com/office/PS-620700d94e211
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Sat, 12 Feb 2022 00:35:37 GMT
Content-Encoding
gzip
Last-Modified
Mon, 17 May 2021 20:23:14 GMT
Server
Apache
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
29822
66e9806a2959e00dff40f7de1c77167b1cb189cb80822
keadlebps.com/office/boot/ 		50 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://keadlebps.com/office/boot/66e9806a2959e00dff40f7de1c77167b1cb189cb80822
Requested by
Host: keadlebps.com
URL: https://keadlebps.com/office/PS-620700d94e211
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.241.115.55 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
162-241-115-55.unifiedlayer.com
Software
Apache /
Resource Hash
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://keadlebps.com/office/PS-620700d94e211
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Sat, 12 Feb 2022 00:35:37 GMT
Content-Encoding
gzip
Last-Modified
Mon, 17 May 2021 20:23:24 GMT
Server
Apache
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
14085
096cc8987de70f7f217be09166f8d8052a40b61cb129e
keadlebps.com/office/jm/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://keadlebps.com/office/jm/096cc8987de70f7f217be09166f8d8052a40b61cb129e
Requested by
Host: keadlebps.com
URL: https://keadlebps.com/office/PS-620700d94e211
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.241.115.55 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
162-241-115-55.unifiedlayer.com
Software
Apache /
Resource Hash
fb23209dbc5709c625b8103fdbc6914f5cb8df714c88e4dbc99f22cd18ebcde7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://keadlebps.com/office/PS-620700d94e211
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Sat, 12 Feb 2022 00:35:37 GMT
Content-Encoding
gzip
Last-Modified
Fri, 03 Sep 2021 22:38:14 GMT
Server
Apache
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
1260
api-fe9c6767b0d8111bdc7f29e00156a98e870f92c0624b8
keadlebps.com/office/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://keadlebps.com/office/api-fe9c6767b0d8111bdc7f29e00156a98e870f92c0624b8?email=natasha.lowitt%20@barclays.com&data=logo
Requested by
Host: keadlebps.com
URL: https://keadlebps.com/office/PS-620700d94e211
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.241.115.55 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS
162-241-115-55.unifiedlayer.com
Software
Apache /
Resource Hash
175986272200fb72da9a598d30016bbda9ddcaa9e6e3f07eb94bc74196d4b805

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://keadlebps.com/office/PS-620700d94e211
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma
no-cache
Date
Sat, 12 Feb 2022 00:35:38 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
Content-Type
image/jpeg;
Cache-Control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Connection
Keep-Alive
Keep-Alive
timeout=5, max=99
Content-Length
1261
Expires
Thu, 19 Nov 1981 08:52:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone function| $ function| jQuery object| bootstrap string| email string| url function| sleep

3 Cookies

Domain/Path Name / Value
.doubleclick.net/ Name: IDE
Value: AHWqTUn7WeNaoFVp5frfLT03wLx3mJXj31GJXLGuC7YsuekQU2kT1Day9FGYsi-LSTs
.doubleclick.net/ Name: FLC
Value: CKCupAIQ2YL1jgEY5vyA6wEoybSRBTDVgZyQBg
keadlebps.com/ Name: PHPSESSID
Value: 87261da55130dd9c265f8e36473cbdbc