shop-llibre.com Open in urlscan Pro
172.67.189.110 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://shop-llibre.com/
Submission: On December 11 via api (December 11th 2024, 2:35:32 pm UTC) from US — Scanned from IT

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 11 HTTP transactions. The main IP is 172.67.189.110, located in United States and belongs to CLOUDFLARENET, US. The main domain is shop-llibre.com.
TLS certificate: Issued by WE1 on December 11th 2024. Valid for: 3 months.

This is the only time shop-llibre.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: MercadoLibre (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1 6	172.67.189.110 172.67.189.110	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	104.17.25.14 104.17.25.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	199.232.192.193 199.232.192.193	54113 (FASTLY) (FASTLY)
1	2.19.224.32 2.19.224.32	16625 (AKAMAI-AS) (AKAMAI-AS)
11	4

6 172.67.189.110 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

shop-llibre.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.17.25.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.232.192.193 (United States)

ASN54113 (FASTLY, US)

i.imgur.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.19.224.32 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-19-224-32.deploy.static.akamaitechnologies.com

res.cloudinary.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	shop-llibre.com 1 redirects shop-llibre.com	10 KB
4	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 225	49 KB
1	cloudinary.com res.cloudinary.com — Cisco Umbrella Rank: 2559	1 MB
1	imgur.com i.imgur.com — Cisco Umbrella Rank: 8961	205 KB
11	4

	Domain	Requested by
6	shop-llibre.com	1 redirects shop-llibre.com
4	cdnjs.cloudflare.com	shop-llibre.com
1	res.cloudinary.com	shop-llibre.com
1	i.imgur.com	shop-llibre.com
11	4

This site contains no links.

Subject Issuer	Validity	Valid
shop-llibre.com WE1	`2024-12-11` - `2025-03-11`	3 months	crt.sh
cdnjs.cloudflare.com WE1	`2024-11-26` - `2025-02-24`	3 months	crt.sh
*.imgur.com Sectigo RSA Domain Validation Secure Server CA	`2024-02-15` - `2025-02-14`	a year	crt.sh
*.cloudinary.com Go Daddy Secure Certificate Authority - G2	`2023-12-18` - `2025-01-13`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://shop-llibre.com/
Frame ID: 154B14C932A44019835A97E920CED623
Requests: 9 HTTP requests in this frame

Frame: https://shop-llibre.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/f9063374b04d/main.js
Frame ID: 8CB092A280C2E5ECC3DB14E45FC0C1E9
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

SHOP

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Popper (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

<script [^>]*src="[^"]*/popper\.js/([0-9.]+)
/popper\.js/([0-9.]+)

Page Statistics

11
Requests

91 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

1718 kB
Transfer

1966 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6

https://shop-llibre.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://shop-llibre.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/f9063374b04d/main.js

11 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
shop-llibre.com/ 6 KB
3 KB 1037ms
421ms Document
text/html 172.67.189.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://shop-llibre.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.189.110 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b77e7c8aa927985b3f72bc1b98f44188a3e2c6511ffc1ef65277c6f46502a5e7

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8f063373792018cf-FRA
content-encoding: zstd
content-type: text/html; charset=utf-8
date: Wed, 11 Dec 2024 14:35:24 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sTJvsHrKBL49DuNMM3krPWDpM7M7Q6rnYU4kuInQchXdyromo4cu6uEIEE2c%2Fc14Cv7hVc8GLRFYbcEA7HmauoCYwKJZevoI7wYIAW9u266lD2YkvhIJxzQmRNF9PBltQqA%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=TCP&rtt=22717&min_rtt=19637&rtt_var=8972&sent=8&recv=10&lost=0&retrans=0&sent_bytes=3939&recv_bytes=2288&delivery_rate=187000&cwnd=254&unsent_bytes=0&cid=274ee6cb94edd4d9&ts=611&x=0"
vary: Accept-Encoding

GET
H2 200 bootstrap.min.css
cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/5.1.0/css/ 159 KB
18 KB 631ms
71ms Stylesheet
text/css 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/5.1.0/css/bootstrap.min.css

Requested by

Host: shop-llibre.com
URL: https://shop-llibre.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cfc391e34328c09f0680ae8ff3d63e86224ae7e71c973147ccb84540b2fdd9b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://shop-llibre.com/

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "610aba41-4412"
age: 727777
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hqtu4qyUvaEpwYoyXqcKZw%2BMkHyy0jy4jlsDmakNaa4KtxR0p%2FwMmx2XcS8tKt78UCB9%2BwgHCrDdt5BzXXwH4a%2BBM947pfmbkdBzzGM2WfeoQZNVD8KouHd6HwJ0PnKRuDdpk%2F1W"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Mon, 01 Dec 2025 14:35:25 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 11 Dec 2024 14:35:25 GMT
content-type: text/css; charset=utf-8
last-modified: Wed, 04 Aug 2021 16:03:13 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8f06337a9e0d3a88-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 17426
server: cloudflare

GET
H2 200 all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/ 58 KB
11 KB 686ms
127ms Stylesheet
text/css 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css

Requested by

Host: shop-llibre.com
URL: https://shop-llibre.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99464ceb71bc9bbdcc72275faefe44f98eb5cbb6b5d8ee665b87b35376f1a96e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://shop-llibre.com/

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "613fa20b-28de"
age: 1071952
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uN1lPKmDAGxMYsmZZnp3sY1idjgXSapgW7bbmcmNMCMACPAl55I6xmJz6cCnln9UH7x511sdhgQQytQ31uko4O9SOEUuB5B18F6GyD50JHhiw17UqQPCl1Pq0zUTfGOiHNuYLnM%2B"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Mon, 01 Dec 2025 14:35:25 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 11 Dec 2024 14:35:25 GMT
content-type: text/css; charset=utf-8
last-modified: Mon, 13 Sep 2021 19:10:03 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8f06337a9e0b3a88-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 10462
server: cloudflare

GET
H2 404 style.css
shop-llibre.com/css-js/ 0
0 425ms
421ms Stylesheet
text/html 172.67.189.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://shop-llibre.com/css-js/style.css
Requested by: Host: shop-llibre.com
URL: https://shop-llibre.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.189.110 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://shop-llibre.com/

Response headers

cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1aRLUZSfdpjLWjeXN9nnalSM0FqZsv1b8pM%2BdOtpQl7a74dh5Qe49sud%2FqRt7gw9RX1YyTwroKyQTjsATi0XhaExlaiScIZwHxU%2FWVS2TS7y0MAIHElhp%2FMG0m5pC3JIO78%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8f0633771d9918cf-FRA
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=21760&min_rtt=19637&rtt_var=5227&sent=16&recv=14&lost=0&retrans=0&sent_bytes=7407&recv_bytes=2440&delivery_rate=453338&cwnd=257&unsent_bytes=0&cid=274ee6cb94edd4d9&ts=1201&x=0"
date: Wed, 11 Dec 2024 14:35:25 GMT
content-type: text/html
vary: Accept-Encoding
server: cloudflare

GET
H2 200 qTC7Dvr.png
i.imgur.com/ 205 KB
205 KB 371ms
149ms Image
image/png 199.232.192.193
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.imgur.com/qTC7Dvr.png

Requested by

Host: shop-llibre.com
URL: https://shop-llibre.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.192.193 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

cat factory 1.0 /

Resource Hash

d837e71d04dd0d9ba60c4da966376c32d7b471a598dd24d96c35096c1e450d43

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://shop-llibre.com/

Response headers

etag: "e654485f0b053ff6df0eb8602a8e5370"
age: 7789
access-control-allow-methods: GET, OPTIONS
x-content-type-options: nosniff
x-cache: Miss from cloudfront, HIT, MISS
x-amz-cf-id: 19o2-salTVtDvONcJa_mld6q7oQomJTzHhIdcM4E4mmVoqd2fLbWNg==
date: Wed, 11 Dec 2024 14:35:24 GMT
content-type: image/png
last-modified: Wed, 11 Dec 2024 12:25:36 GMT
x-cache-hits: 16, 0
x-served-by: cache-iad-kjyo7100139-IAD, cache-mxp6968-MXP
strict-transport-security: max-age=300
cache-control: public, max-age=31536000
x-timer: S1733927725.869624,VS0,VE102
accept-ranges: bytes
access-control-allow-origin: *
content-length: 209571
x-amz-cf-pop: IAD89-P1
server: cat factory 1.0
x-amz-server-side-encryption: AES256

GET
H2 200 popper.min.js Show response
cdnjs.cloudflare.com/ajax/libs/popper.js/2.9.2/umd/ 18 KB
6 KB 674ms
116ms Script
application/javascript 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/popper.js/2.9.2/umd/popper.min.js

Requested by

Host: shop-llibre.com
URL: https://shop-llibre.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a07c69f9061eb12e39a031358a4f567f30a002ad6182639ac84fd1bda2f6e65

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://shop-llibre.com/

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "6065f4e2-48a2"
age: 1159010
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r791OsXaHeWMoS738AUMChThtPGoimFHH3f7QOEEMV8HzLpd2hPUupU5LcAVtX%2BrUwV5waasrt7ztD8zAQkTp6XbTo95KMA9rArqqxgSUEzyEW8frqH0er2CnHpj2ctvoU78b0st"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Mon, 01 Dec 2025 14:35:25 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 11 Dec 2024 14:35:25 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 01 Apr 2021 16:29:22 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8f06337a9e0e3a88-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 6002
server: cloudflare

GET
H2 200 bootstrap.min.js Show response
cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/5.1.0/js/ 58 KB
14 KB 603ms
105ms Script
application/javascript 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/5.1.0/js/bootstrap.min.js

Requested by

Host: shop-llibre.com
URL: https://shop-llibre.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7382e5e9e48883a128b6193ca4258017c684f76dc4bed535d69aa3072f8d8cd3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://shop-llibre.com/

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "610aba41-3748"
age: 909625
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0rV%2BiO%2FdPAl3EsXkhWYgC3UPtMlOZ6nEi9v%2BeB9OOz9vMCiAOe7XcB2PExsJPjs83foyEzJqITgHCH9NsrxSJykG6l9EtWkUOXA2EcZT44F84UQjXlw96%2BpkPM%2BlsAsbQkA976Yd"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Mon, 01 Dec 2025 14:35:25 GMT
alt-svc: h3=":443"; ma=86400
date: Wed, 11 Dec 2024 14:35:25 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 04 Aug 2021 16:03:13 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8f06337a9e0f3a88-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 14152
server: cloudflare

GET
H2

200

main.js Show response
shop-llibre.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/f9063374b04d/ Frame 8CB0
Redirect Chain

https://shop-llibre.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://shop-llibre.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/f9063374b04d/main.js?

9 KB
5 KB

58ms
58ms

Script
application/javascript

172.67.189.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://shop-llibre.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/f9063374b04d/main.js?

Requested by

Host: shop-llibre.com
URL: https://shop-llibre.com/

Protocol

Server

172.67.189.110 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6d470e0e6bcd332cc211ef7144140424d8752c64896311fbade0bba77147c66f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

cache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O%2By8ZHq9e4LeQME5Gi88QkRKZCHD6jj3V8P1TKALyrAEOdQaMlASX%2FgRrEnAlROEIgXmCvyRTMEiq5QCQ4W3HJip0aCw9o6Y4DhAZqeMx3Kz1TusaN5GDC9WBYGsFqH%2F5Jk%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
cf-ray: 8f06337bdb4118cf-FRA
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=24207&min_rtt=19312&rtt_var=8869&sent=21&recv=17&lost=0&retrans=0&sent_bytes=8786&recv_bytes=2629&delivery_rate=453338&cwnd=257&unsent_bytes=0&cid=274ee6cb94edd4d9&ts=1614&x=0"
date: Wed, 11 Dec 2024 14:35:25 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: cloudflare

Redirect headers

cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/f9063374b04d/main.js?
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4L%2FFeYvScsZ1NtyOYtHlgqO90y0KJs0Fenw6IWiLFyL802x4ql7mxtWryUl28Qr8te%2B0UJUY8Nkf%2Fa7C0r6ctLvqE95L9Zqbfn0Uy0splL0O%2BOAOJOuhcYUn95ExiFjF5qE%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8f06337b8af118cf-FRA
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 0
server-timing: cfL4;desc="?proto=TCP&rtt=21464&min_rtt=19312&rtt_var=4512&sent=20&recv=16&lost=0&retrans=0&sent_bytes=8256&recv_bytes=2533&delivery_rate=453338&cwnd=257&unsent_bytes=0&cid=274ee6cb94edd4d9&ts=1553&x=0"
date: Wed, 11 Dec 2024 14:35:25 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 p0dysuq95vwnmresa2pt.jpg
res.cloudinary.com/dx1zztojj/image/upload/v1726204992/ 1 MB
1 MB 655ms
136ms Image
image/jpeg 2.19.224.32
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://res.cloudinary.com/dx1zztojj/image/upload/v1726204992/p0dysuq95vwnmresa2pt.jpg

Requested by

Host: shop-llibre.com
URL: https://shop-llibre.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2.19.224.32 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-19-224-32.deploy.static.akamaitechnologies.com

Software

Cloudinary /

Resource Hash

488942d581f1001414dfa78520b21c417a6bb61d1af405b306eaa3283484a4d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://shop-llibre.com/

Response headers

strict-transport-security: max-age=604800
x-request-id: c1821683f1c5cb56b6d038c3d55f1ca9
cache-control: public, no-transform, immutable, max-age=2592000
access-control-expose-headers: Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Robots-Tag,X-Content-Type-Options
timing-allow-origin: *
etag: "964b55167a0ccd127b620af8d732b30f"
x-content-type-options: nosniff
accept-ranges: bytes
access-control-allow-origin: *
server-timing: cld-akam;dur=84;start=2024-12-11T14:35:25.873Z;desc=miss,rtt;dur=27,content-info;desc="width=1920,height=1280,bytes=1487984,o=1,ef=(17)",cloudinary;dur=106;start=2024-12-09T08:49:11.008Z
content-length: 1487984
date: Wed, 11 Dec 2024 14:35:25 GMT
content-type: image/jpeg
last-modified: Fri, 13 Sep 2024 05:23:14 GMT
server: Cloudinary

POST
H2 200 8f063373792018cf Show response
shop-llibre.com/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame 8CB0 0
1 KB 108ms
101ms XHR
text/plain 172.67.189.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://shop-llibre.com/cdn-cgi/challenge-platform/h/g/jsd/r/8f063373792018cf
Requested by: Host: shop-llibre.com
URL: https://shop-llibre.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.189.110 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: application/json
Referer

Response headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tU01X6yLniJCPOGeMRuTg8cXGeonhzD9klCXzqb2TU2kW7OZPud7dkDOlD1NN31vo%2B06UvRnGwdpobucGVcxdDo7Duu4PirJFxgI6lVFUOcCcOuk6%2FWGzaEkbBfPkxMF0ZY%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8f06337cecb018cf-FRA
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=23032&min_rtt=19073&rtt_var=7026&sent=36&recv=33&lost=0&retrans=0&sent_bytes=13619&recv_bytes=18983&delivery_rate=602588&cwnd=257&unsent_bytes=0&cid=274ee6cb94edd4d9&ts=1818&x=0"
content-length: 0
date: Wed, 11 Dec 2024 14:35:25 GMT
content-type: text/plain; charset=UTF-8
server: cloudflare

GET
H2 404 favicon.ico
shop-llibre.com/ 445 B
810 B 395ms
394ms Other
text/html 172.67.189.110
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://shop-llibre.com/favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.189.110 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 65a565df0e2169949e07dde9165f318cda1e0c2b4233ce83cd9b15b358a06c36

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://shop-llibre.com/

Response headers

cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: zstd
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aeC%2BC5bwHsEOuxuuxTaMOZJUxapuq6%2BqYngLm1RgzfJWvuERMt3pxKGQC5R6lqsD0y9Kt106rGKWsUtBtHm0QeGUm%2FvstBjrtBt6F4aAGwlMoU0rYpC7567KPOt0KIwD6zc%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8f063381da3f18cf-FRA
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=28309&min_rtt=19073&rtt_var=15823&sent=38&recv=35&lost=0&retrans=0&sent_bytes=14710&recv_bytes=19467&delivery_rate=602588&cwnd=257&unsent_bytes=0&cid=274ee6cb94edd4d9&ts=2896&x=0"
date: Wed, 11 Dec 2024 14:35:26 GMT
content-type: text/html
vary: Accept-Encoding
server: cloudflare

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: MercadoLibre (Consumer)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| Popper number| uidEvent object| bootstrap

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			shop-llibre.com/	1969-12-31 23:59:59	Name: s7b29b545 Value: 3hur8uqoqor2mjkjeoj1hmiim6
			.shop-llibre.com/	1970-01-21 10:24:23	Name: cf_clearance Value: soJvcQxYdkkh_0Xw5oF8gNzvRXCIX3iXXVogemlOFtE-1733927725-1.2.1.1-0_KPLABhmYvLtORltIgKT.b15Di5Gv0nU8Nf_mlylpsjY.vNgz_9XssX7.xEf3IdkKR_Q445d9MfNk4JPgkNG2WTWW8BhocqN52VakBQ6O7cWeV4PzZCs8B5HYwEauHzhr4nft_Csg3XFzZhhcpNZbupziHZH8p4.iECyVufbsT3mgAn_egZrKCAYlcWrGufnxm0NbiljvVSqb2.4G.V4XR8r2cnFB81h38k2QxJdrzeHbPoYVaNHb7sgYJFT8Iv7czZ7PZeHeAC3DrDs31Bup3b8Q6YBzcptCCeROIeBT8Erk_HXEEzT1Sc01rC3FthWESUCgU.pEpi.ZFoV2FPmsX7qYGIaC4Xg0t0ln5N3a3jxXxWVNwHGxf1xNXCWIxf

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://shop-llibre.com/css-js/style.css Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://shop-llibre.com/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
i.imgur.com
res.cloudinary.com
shop-llibre.com
104.17.25.14
172.67.189.110
199.232.192.193
2.19.224.32
488942d581f1001414dfa78520b21c417a6bb61d1af405b306eaa3283484a4d7
5a07c69f9061eb12e39a031358a4f567f30a002ad6182639ac84fd1bda2f6e65
65a565df0e2169949e07dde9165f318cda1e0c2b4233ce83cd9b15b358a06c36
6d470e0e6bcd332cc211ef7144140424d8752c64896311fbade0bba77147c66f
7382e5e9e48883a128b6193ca4258017c684f76dc4bed535d69aa3072f8d8cd3
99464ceb71bc9bbdcc72275faefe44f98eb5cbb6b5d8ee665b87b35376f1a96e
b77e7c8aa927985b3f72bc1b98f44188a3e2c6511ffc1ef65277c6f46502a5e7
cfc391e34328c09f0680ae8ff3d63e86224ae7e71c973147ccb84540b2fdd9b8
d837e71d04dd0d9ba60c4da966376c32d7b471a598dd24d96c35096c1e450d43
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

shop-llibre.com Open in urlscan Pro 172.67.189.110 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

11 Requests

91 %HTTPS

0 %IPv6

4 Domains

4 Subdomains

4 IPs

3 Countries

1718 kBTransfer

1966 kBSize

2 Cookies

0 Outgoing links

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

2 Cookies

2 Console Messages

Indicators

shop-llibre.com Open in urlscan Pro
172.67.189.110 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

91 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

1718 kB
Transfer

1966 kB
Size

2
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!