04q2q.csb.app Open in urlscan Pro
2606:4700::6812:1a72  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response 04q2q.csb.app/	11 KB 5 KB	92ms 63ms	Document text/html	2606:4700::6812:1a72 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://04q2q.csb.app/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1a72 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0bf6786cdbf622dd779c4b04a03f86ffaab9bba1d895e025d4ea5cb09066caf8 Request headers :method GET :authority 04q2q.csb.app :scheme https :path / pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 19 Nov 2020 19:19:19 GMT content-type text/html set-cookie __cfduid=d128e1081ef6013c173aef95f86c7b8d01605813559; expires=Sat, 19-Dec-20 19:19:19 GMT; path=/; domain=.csb.app; HttpOnly; SameSite=Lax signedIn=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT; max-age=0; HttpOnly vary Accept-Encoding cache-control private, max-age=0, no-cache, no-store x-request-id Fkj-7JeB85w12uAIwItE via 1.1 google cf-cache-status DYNAMIC cf-request-id 06838b77bc000005d864956000000001 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" server cloudflare cf-ray 5f4c48392b8005d8-FRA content-encoding br
GET H2	200	sse-hooks.js Show response codesandbox.io/public/sse-hooks/	20 KB 6 KB	65ms 39ms	Script application/javascript	2606:4700::6812:16cf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://codesandbox.io/public/sse-hooks/sse-hooks.js Requested by Host: 04q2q.csb.app URL: https://04q2q.csb.app/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:16cf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8cb2990f5245dae9e885a30beeb973a579c2bebd1ad141838b2bcdea85a9cd1f Request headers Referer https://04q2q.csb.app/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 19 Nov 2020 19:19:19 GMT via 1.1 google cf-cache-status HIT age 1353208 content-encoding br cf-request-id 06838b78220000c27234128000000001 last-modified Tue, 03 Nov 2020 11:01:37 GMT server cloudflare etag W/"5fa13891-4e2f" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding access-control-allow-methods GET content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 cf-ray 5f4c4839cc53c272-FRA expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	microsofts-logo-gets-a-makeover.jpg zdnet2.cbsistatic.com/hub/i/r/2014/08/27/0d77a99a-2da9-11e4-9e6a-00505685119a/resize/1200x900/02acdb68a1edf918b42c3fabf4843745/	25 KB 19 KB	25ms 7ms	Image image/jpeg	2a04:4e42:1b::444 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://zdnet2.cbsistatic.com/hub/i/r/2014/08/27/0d77a99a-2da9-11e4-9e6a-00505685119a/resize/1200x900/02acdb68a1edf918b42c3fabf4843745/microsofts-logo-gets-a-makeover.jpg Requested by Host: 04q2q.csb.app URL: https://04q2q.csb.app/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a04:4e42:1b::444 , Ascension Island, ASN54113 (FASTLY, US), Reverse DNS Software ContentServer / Resource Hash bcf34c350cca7190789d2646ed8e0fef5fa8e3489fefa25690081de58a259519 Security Headers Name Value Content-Security-Policy default-src https://*.zdnet.com:* Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://04q2q.csb.app/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 19 Nov 2020 19:19:19 GMT content-encoding gzip x-content-type-options nosniff age 860613 vary Accept-Encoding, Accept content-length 19391 x-xss-protection 1; mode=block last-modified Thu, 03 Sep 2020 04:50:33 GMT server ContentServer x-frame-options SAMEORIGIN etag W/"a4f254b9f519b832699c7cfa394db1ec" strict-transport-security max-age=31536000 content-type image/jpeg access-control-allow-origin * cache-control max-age=31536000 content-security-policy default-src https://*.zdnet.com:* accept-ranges bytes timing-allow-origin * expires Fri, 08 Jan 2021 20:15:46 GMT
GET H2	200	confirm-button-png-2-png-image-confirm-png-968_251.png img.pngio.com/	30 KB 31 KB	96ms 62ms	Image image/png	2606:4700:3035::6812:34ea CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://img.pngio.com/confirm-button-png-2-png-image-confirm-png-968_251.png Requested by Host: 04q2q.csb.app URL: https://04q2q.csb.app/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::6812:34ea , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 4a66ae4c1a3eb9aababe856275c62180b6ee02d6e6ee450515d06efd89124031 Security Headers Name Value Content-Security-Policy block-all-mixed-content X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block, 1; mode=block Request headers Referer https://04q2q.csb.app/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers content-security-policy block-all-mixed-content x-content-type-options nosniff cf-cache-status MISS nel {"report_to":"cf-nel","max_age":604800} x-amz-request-id 1648FEECA25AD765 content-length 31054 cf-request-id 06838b786c0000bf190f96a000000001 last-modified Wed, 01 Jan 2020 11:08:16 GMT server cloudflare x-frame-options SAMEORIGIN date Thu, 19 Nov 2020 19:19:19 GMT expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Origin, Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=dgsYCLkztbjpoiTTsefhS%2BIZikubMuVgpNQvxvLWG2dZxAfc9ahv2weY73P63rSpO0ubVplp3cnHvOl1cFUUUebnl7efiWkbbPI5c7d6SF%2F%2F7gv43jldt7Jr"}],"group":"cf-nel","max_age":604800} content-type image/png x-xss-protection 1; mode=block, 1; mode=block cache-control max-age=14400 etag "ce62ad2348a90e3da537bcf585d0f93c-1" accept-ranges bytes cf-ray 5f4c483a4c2fbf19-FRA
GET H2	200	watermark-button.ccc763f75.js Show response codesandbox.io/static/js/	3 KB 2 KB	70ms 52ms	Script application/javascript	2606:4700::6812:16cf CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://codesandbox.io/static/js/watermark-button.ccc763f75.js Requested by Host: 04q2q.csb.app URL: https://04q2q.csb.app/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:16cf , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5c73ff2eb14e2ff375c3f01f89b398443e303bce67862b9ee9c38eaeeadf2bc1 Request headers Origin https://04q2q.csb.app Referer https://04q2q.csb.app/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 19 Nov 2020 19:19:19 GMT via 1.1 google cf-cache-status HIT age 15543 content-encoding br cf-request-id 06838b78370000bf14a4323000000001 last-modified Wed, 18 Nov 2020 18:46:06 GMT server cloudflare etag W/"5fb56bee-ae8" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding access-control-allow-methods GET content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 cf-ray 5f4c4839f836bf14-FRA expires Thu, 31 Dec 2037 23:55:55 GMT

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.csb.app/	1970-01-19 14:46:45	Name: __cfduid Value: d128e1081ef6013c173aef95f86c7b8d01605813559

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

04q2q.csb.app
codesandbox.io
img.pngio.com
zdnet2.cbsistatic.com
2606:4700:3035::6812:34ea
2606:4700::6812:16cf
2606:4700::6812:1a72
2a04:4e42:1b::444
0bf6786cdbf622dd779c4b04a03f86ffaab9bba1d895e025d4ea5cb09066caf8
4a66ae4c1a3eb9aababe856275c62180b6ee02d6e6ee450515d06efd89124031
5c73ff2eb14e2ff375c3f01f89b398443e303bce67862b9ee9c38eaeeadf2bc1
8cb2990f5245dae9e885a30beeb973a579c2bebd1ad141838b2bcdea85a9cd1f
bcf34c350cca7190789d2646ed8e0fef5fa8e3489fefa25690081de58a259519