nj7lw.csb.app Open in urlscan Pro
2606:4700:4400::ac40:9457 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://nj7lw.csb.app/WACTH-VIDEO-35.86.95.105
Submission: On January 02 via api (January 2nd 2024, 3:22:28 am UTC) from US — Scanned from US

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 9 HTTP transactions. The main IP is 2606:4700:4400::ac40:9457, located in United States and belongs to CLOUDFLARENET, US. The main domain is nj7lw.csb.app.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on December 30th 2023. Valid for: a year.

This is the only time nj7lw.csb.app was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

	IP Address	AS Autonomous System
1	2606:4700:440... 2606:4700:4400::ac40:9457	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700:440... 2606:4700:4400::ac40:9a6b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	142.44.241.213 142.44.241.213	16276 (OVH) (OVH)
2 4	2606:4700:10:... 2606:4700:10::6816:4aab	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	5

1 2606:4700:4400::ac40:9457 (United States)

ASN13335 (CLOUDFLARENET, US)

nj7lw.csb.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:4400::ac40:9a6b (United States)

ASN13335 (CLOUDFLARENET, US)

codesandbox.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.44.241.213 (Canada)

ASN16276 (OVH, FR)
PTR: vps-33ad3f24.vps.ovh.ca

play.coro0.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:10::6816:4aab (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

whos.amung.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
widgets.amung.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	amung.us 2 redirects whos.amung.us — Cisco Umbrella Rank: 11176 widgets.amung.us — Cisco Umbrella Rank: 19555	3 KB
4	codesandbox.io codesandbox.io — Cisco Umbrella Rank: 223757	49 KB
2	coro0.com play.coro0.com	717 KB
1	csb.app nj7lw.csb.app	646 B
9	4

	Domain	Requested by
4	codesandbox.io	nj7lw.csb.app codesandbox.io
2	widgets.amung.us
2	whos.amung.us	2 redirects
2	play.coro0.com	nj7lw.csb.app
1	nj7lw.csb.app
9	5

This site contains no links.

Subject Issuer	Validity	Valid
csb.app Cloudflare Inc ECC CA-3	`2023-12-30` - `2024-12-29`	a year	crt.sh
codesandbox.io E1	`2023-12-28` - `2024-03-27`	3 months	crt.sh
play.coro0.com cPanel, Inc. Certification Authority	`2023-12-20` - `2024-03-19`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://nj7lw.csb.app/WACTH-VIDEO-35.86.95.105
Frame ID: CFE34E85449A0CF76D0327BD70A87B1F
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

WACTH-VIDEO-5.181.234.132

Page Statistics

9
Requests

78 %
HTTPS

75 %
IPv6

4
Domains

5
Subdomains

5
IPs

2
Countries

769 kB
Transfer

951 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 7

https://whos.amung.us/widget/luigi2020 HTTP 307
https://widgets.amung.us/classic/00/2.png

Request Chain 8

https://whos.amung.us/widget/cororico2020 HTTP 307
https://widgets.amung.us/classic/00/2.png

9 HTTP transactions
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request WACTH-VIDEO-35.86.95.105 Show response nj7lw.csb.app/	805 B 646 B	402ms 343ms	Document text/html	2606:4700:4400::ac40:9457 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://nj7lw.csb.app/WACTH-VIDEO-35.86.95.105 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9457 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a6c72f3efcab274e7cfe5c3980ac14365e62f46189c065684cef36bf903c47c9` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 accept-language en-US,en;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cache-control private, max-age=0, no-cache, no-store cf-cache-status DYNAMIC cf-ray 83efe0949b101a0f-EWR content-encoding br content-type text/html date Tue, 02 Jan 2024 03:22:23 GMT server cloudflare vary Accept-Encoding via 1.1 google x-request-id F6Zpttt0yfzeWU2B3gIk
GET H2	200	sse-hooks.350c89a8d06431c89209943b3882c89f.js Show response codesandbox.io/public/sse-hooks/	172 KB 45 KB	147ms 31ms	Script application/javascript	2606:4700:4400::ac40:9a6b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://codesandbox.io/public/sse-hooks/sse-hooks.350c89a8d06431c89209943b3882c89f.js Requested by Host: nj7lw.csb.app URL: https://nj7lw.csb.app/WACTH-VIDEO-35.86.95.105 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9a6b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `59f17efc9fc32fc73c0451ed936286b0e690dc43282472a9d70ab785c68d4c98` Request headers accept-language en-US,en;q=0.9 Referer https://nj7lw.csb.app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Tue, 02 Jan 2024 03:22:23 GMT via 1.1 google content-encoding br cf-cache-status HIT age 2131795 alt-svc h3=":443"; ma=86400 last-modified Fri, 08 Dec 2023 11:11:17 GMT server cloudflare etag W/"6572f9d5-2b197" vary Accept-Encoding access-control-allow-methods GET content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 cf-ray 83efe0978b888c1d-EWR expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	banner.d9cb10a38.js Show response codesandbox.io/static/js/	4 KB 2 KB	146ms 30ms	Script application/javascript	2606:4700:4400::ac40:9a6b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://codesandbox.io/static/js/banner.d9cb10a38.js Requested by Host: nj7lw.csb.app URL: https://nj7lw.csb.app/WACTH-VIDEO-35.86.95.105 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9a6b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `74850bad3411bc2540a6928159967088a555cb990e9569065a878e9e8a864830` Request headers accept-language en-US,en;q=0.9 Referer https://nj7lw.csb.app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Tue, 02 Jan 2024 03:22:23 GMT via 1.1 google content-encoding br cf-cache-status HIT age 2922220 alt-svc h3=":443"; ma=86400 last-modified Mon, 27 Nov 2023 09:17:00 GMT server cloudflare etag W/"65645e8c-efa" vary Accept-Encoding access-control-allow-methods GET content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 cf-ray 83efe0978b878c1d-EWR expires Thu, 31 Dec 2037 23:55:55 GMT
GET H/1.1	200 OK	/ Show response play.coro0.com/	716 KB 717 KB	301ms 144ms	Script application/javascript	142.44.241.213 OVH
General Check archive.org Show headers Download Go to Full URL https://play.coro0.com/?api=1&lan=fbnew2020&ht=2&counter0=luigi2020 Requested by Host: nj7lw.csb.app URL: https://nj7lw.csb.app/WACTH-VIDEO-35.86.95.105 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 142.44.241.213 , Canada, ASN16276 (OVH, FR), Reverse DNS vps-33ad3f24.vps.ovh.ca Software nginx / Resource Hash `0b326a2eb46933764cef9ce83b0dbc970ca5c6197edab86ed5f34c3e095401f8` Request headers accept-language en-US,en;q=0.9 Referer https://nj7lw.csb.app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers Pragma no-cache Date Tue, 02 Jan 2024 03:22:23 GMT Server nginx Transfer-Encoding chunked Vary Accept-Encoding Content-Type application/javascript Cache-Control no-store, no-cache, must-revalidate Connection keep-alive Expires Thu, 19 Nov 1981 08:52:00 GMT
GET H2	200	watermark-button.eeb14a97b.js Show response codesandbox.io/static/js/	3 KB 2 KB	136ms 21ms	Script application/javascript	2606:4700:4400::ac40:9a6b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://codesandbox.io/static/js/watermark-button.eeb14a97b.js Requested by Host: nj7lw.csb.app URL: https://nj7lw.csb.app/WACTH-VIDEO-35.86.95.105 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9a6b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `1c9937bb6f9d154f49699393da35aaa6d5fb9218daa1ec4cba7b4ee097d0d65b` Request headers Referer https://nj7lw.csb.app/ Origin https://nj7lw.csb.app accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Tue, 02 Jan 2024 03:22:23 GMT via 1.1 google content-encoding br cf-cache-status HIT age 35497 alt-svc h3=":443"; ma=86400 last-modified Thu, 21 Dec 2023 13:40:12 GMT server cloudflare etag W/"6584403c-ac1" vary Accept-Encoding access-control-allow-methods GET content-type application/javascript access-control-allow-origin * cache-control max-age=315360000 cf-ray 83efe0978d8dc463-EWR expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	phishing Show response codesandbox.io/api/v1/sandboxes/nj7lw/	33 B 400 B	128ms 125ms	Fetch application/json	2606:4700:4400::ac40:9a6b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://codesandbox.io/api/v1/sandboxes/nj7lw/phishing Requested by Host: codesandbox.io URL: https://codesandbox.io/static/js/banner.d9cb10a38.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:4400::ac40:9a6b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2d91020394c232a07e303c0caff12346b174a759ed94de8bb0eac6c8b60e2660` Request headers accept-language en-US,en;q=0.9 Referer https://nj7lw.csb.app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Tue, 02 Jan 2024 03:22:23 GMT via 1.1 google cf-cache-status DYNAMIC server cloudflare vary origin content-type application/json; charset=utf-8 access-control-allow-origin https://nj7lw.csb.app cache-control private, max-age=0, no-cache, no-store access-control-allow-credentials true cf-ray 83efe097edf1c463-EWR alt-svc h3=":443"; ma=86400 content-length 33 x-request-id F6Zptu3G277TR_wdfw-n
GET H/1.1	404 Not Found	location play.coro0.com/	0 0	28ms 27ms	Script text/html	142.44.241.213 OVH
General Check archive.org Show headers Download Go to Full URL https://play.coro0.com/location Requested by Host: nj7lw.csb.app URL: https://nj7lw.csb.app/WACTH-VIDEO-35.86.95.105 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 142.44.241.213 , Canada, ASN16276 (OVH, FR), Reverse DNS vps-33ad3f24.vps.ovh.ca Software / Resource Hash Request headers accept-language en-US,en;q=0.9 Referer https://nj7lw.csb.app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers
GET DATA	200 OK	truncated /	1 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `1230532f79456753fb73f559ece9b95c17cfb36325dc313a3eda5ac22dfd9a2b` Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers Content-Type image/png
GET H2	200	2.png widgets.amung.us/classic/00/ Redirect Chain https://whos.amung.us/widget/luigi2020 https://widgets.amung.us/classic/00/2.png	1 KB 2 KB	30ms 19ms	Image image/png	2606:4700:10::6816:4aab CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://widgets.amung.us/classic/00/2.png Protocol H2 Server 2606:4700:10::6816:4aab , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `9f8edd3ed559df45e389eb4ce81ed33ae75d33037024653a350b5ba26b4a2651` Request headers accept-language en-US,en;q=0.9 Referer https://nj7lw.csb.app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Tue, 02 Jan 2024 03:22:24 GMT cf-cache-status HIT last-modified Sun, 13 Jun 2010 09:03:09 GMT server cloudflare age 2644354 etag "4c149ecd-570" vary Accept-Encoding content-type image/png access-control-allow-origin * cache-control max-age=2678400 accept-ranges bytes cf-ray 83efe09c3e0d43c5-EWR alt-svc h3=":443"; ma=86400 content-length 1392 expires Sun, 03 Dec 2023 12:49:50 GMT Redirect headers date Tue, 02 Jan 2024 03:22:24 GMT cf-cache-status DYNAMIC server cloudflare content-type text/html; charset=UTF-8 location https://widgets.amung.us/classic/00/2.png cache-control no-cache, no-store, must-revalidate cf-ray 83efe09beda543c5-EWR alt-svc h3=":443"; ma=86400
GET H2	200	2.png widgets.amung.us/classic/00/ Redirect Chain https://whos.amung.us/widget/cororico2020 https://widgets.amung.us/classic/00/2.png	1 KB 1 KB	32ms 21ms	Image image/png	2606:4700:10::6816:4aab CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://widgets.amung.us/classic/00/2.png Protocol H2 Server 2606:4700:10::6816:4aab , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `9f8edd3ed559df45e389eb4ce81ed33ae75d33037024653a350b5ba26b4a2651` Request headers accept-language en-US,en;q=0.9 Referer https://nj7lw.csb.app/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Tue, 02 Jan 2024 03:22:24 GMT cf-cache-status HIT last-modified Sun, 13 Jun 2010 09:03:09 GMT server cloudflare age 2644354 etag "4c149ecd-570" vary Accept-Encoding content-type image/png access-control-allow-origin * cache-control max-age=2678400 accept-ranges bytes cf-ray 83efe09c3e1143c5-EWR alt-svc h3=":443"; ma=86400 content-length 1392 expires Sun, 03 Dec 2023 12:49:50 GMT Redirect headers date Tue, 02 Jan 2024 03:22:24 GMT cf-cache-status DYNAMIC server cloudflare content-type text/html; charset=UTF-8 location https://widgets.amung.us/classic/00/2.png cache-control no-cache, no-store, must-revalidate cf-ray 83efe09beda443c5-EWR alt-svc h3=":443"; ma=86400
GET DATA	200 OK	truncated /	51 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `7281941fed81ed9caf5728727e05da4a94b442c36796e1a5b1d6106f242ed11f` Request headers accept-language en-US,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers Content-Type image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.codesandbox.io/	1969-12-31 23:59:59	Name: _cfuvid Value: 3q8UMVCleBvzEQFG6p_qtg5Eaw2pS0JnTCxs9eUvaJI-1704165743304-0-604800000

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://play.coro0.com/location Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

codesandbox.io
nj7lw.csb.app
play.coro0.com
whos.amung.us
widgets.amung.us
142.44.241.213
2606:4700:10::6816:4aab
2606:4700:4400::ac40:9457
2606:4700:4400::ac40:9a6b
0b326a2eb46933764cef9ce83b0dbc970ca5c6197edab86ed5f34c3e095401f8
1230532f79456753fb73f559ece9b95c17cfb36325dc313a3eda5ac22dfd9a2b
1c9937bb6f9d154f49699393da35aaa6d5fb9218daa1ec4cba7b4ee097d0d65b
2d91020394c232a07e303c0caff12346b174a759ed94de8bb0eac6c8b60e2660
59f17efc9fc32fc73c0451ed936286b0e690dc43282472a9d70ab785c68d4c98
7281941fed81ed9caf5728727e05da4a94b442c36796e1a5b1d6106f242ed11f
74850bad3411bc2540a6928159967088a555cb990e9569065a878e9e8a864830
9f8edd3ed559df45e389eb4ce81ed33ae75d33037024653a350b5ba26b4a2651
a6c72f3efcab274e7cfe5c3980ac14365e62f46189c065684cef36bf903c47c9

nj7lw.csb.app Open in urlscan Pro 2606:4700:4400::ac40:9457 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

9 Requests

78 %HTTPS

75 %IPv6

4 Domains

5 Subdomains

5 IPs

2 Countries

769 kBTransfer

951 kBSize

1 Cookies

0 Outgoing links

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

12 JavaScript Global Variables

1 Cookies

1 Console Messages

Indicators

nj7lw.csb.app Open in urlscan Pro
2606:4700:4400::ac40:9457 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

78 %
HTTPS

75 %
IPv6

4
Domains

5
Subdomains

5
IPs

2
Countries

769 kB
Transfer

951 kB
Size

1
Cookies

9 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!