offlinestorageconsoleowe.web.app Open in urlscan Pro
151.101.1.195 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://recs.richrelevance.com/rrserver/api/find/v1/track/click/c85912f892c73e30?a=c85912f892c73e30&vg=ea8fdc53-72c1-4b4e-7e1b-...
Effective URL:
https://offlinestorageconsoleowe.web.app/n414d494a444f414b534d534f534b4f534b534f444453414153414d494a444f414b534d534f5.html
Submission Tags: falconsandbox
Submission: On October 30 via api (October 30th 2020, 6:47:55 pm UTC) from US

Summary HTTP 17 Redirects Behaviour Indicators

Summary

This website contacted 11 IPs in 4 countries across 12 domains to perform 17 HTTP transactions. The main IP is 151.101.1.195, located in United States and belongs to FASTLY, US. The main domain is offlinestorageconsoleowe.web.app.
TLS certificate: Issued by GTS CA 1O1 on April 15th 2020. Valid for: a year.

This is the only time offlinestorageconsoleowe.web.app was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
1 1	50.31.236.5 50.31.236.5	23352 (SERVERCEN...) (SERVERCENTRAL)
1	2606:4700::68... 2606:4700::6812:1a72	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6812:17cf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:81f::200a	15169 (GOOGLE) (GOOGLE)
2	2001:4de0:ac1... 2001:4de0:ac19::1:b:1a	20446 (HIGHWINDS3) (HIGHWINDS3)
1 2	2606:4700::68... 2606:4700::6810:7eaf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	51.210.112.129 51.210.112.129	16276 (OVH) (OVH)
3	2606:4700::68... 2606:4700::6810:135e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.1.195 151.101.1.195	54113 (FASTLY) (FASTLY)
1	152.199.23.37 152.199.23.37	15133 (EDGECAST) (EDGECAST)
1	2620:1ec:bdf::10 2620:1ec:bdf::10	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
17	11

1 50.31.236.5 (Chicago, United States) 1 redirects

ASN23352 (SERVERCENTRAL, US)
PTR: unknown.servercentral.net

recs.richrelevance.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1a72 (United States)

ASN13335 (CLOUDFLARENET, US)

qqhj9.csb.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:17cf (United States)

ASN13335 (CLOUDFLARENET, US)

codesandbox.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4de0:ac19::1:b:1a (Netherlands)

ASN20446 (HIGHWINDS3, US)

stackpath.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:7eaf (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.210.112.129 (France)

ASN16276 (OVH, FR)
PTR: i.ibb.co

i.ibb.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:135e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.1.195 (United States)

ASN54113 (FASTLY, US)

offlinestorageconsoleowe.web.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 152.199.23.37 (United States)

ASN15133 (EDGECAST, US)

aadcdn.msftauth.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:bdf::10 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

aadcdn.msauth.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	cloudflare.com cdnjs.cloudflare.com	41 KB
2	unpkg.com 1 redirects unpkg.com	5 KB
2	bootstrapcdn.com stackpath.bootstrapcdn.com	35 KB
2	codesandbox.io codesandbox.io	8 KB
1	msauth.net aadcdn.msauth.net	876 B
1	msftauth.net aadcdn.msftauth.net	2 KB
1	web.app offlinestorageconsoleowe.web.app	4 KB
1	ibb.co i.ibb.co	29 KB
1	googleapis.com fonts.googleapis.com	465 B
1	csb.app qqhj9.csb.app	4 KB
1	richrelevance.com 1 redirects recs.richrelevance.com	237 B
0	jquery.com Failed code.jquery.com Failed
17	12

	Domain	Requested by
3	cdnjs.cloudflare.com	qqhj9.csb.app offlinestorageconsoleowe.web.app
2	unpkg.com	1 redirects qqhj9.csb.app
2	stackpath.bootstrapcdn.com	qqhj9.csb.app offlinestorageconsoleowe.web.app
2	codesandbox.io	qqhj9.csb.app
1	aadcdn.msauth.net	offlinestorageconsoleowe.web.app
1	aadcdn.msftauth.net	offlinestorageconsoleowe.web.app
1	offlinestorageconsoleowe.web.app	qqhj9.csb.app
1	i.ibb.co	qqhj9.csb.app
1	fonts.googleapis.com	qqhj9.csb.app
1	qqhj9.csb.app
1	recs.richrelevance.com	1 redirects
0	code.jquery.com Failed	qqhj9.csb.app
17	12

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-06-14` - `2021-06-14`	a year	crt.sh
codesandbox.io Cloudflare Inc ECC CA-3	`2020-06-19` - `2021-06-19`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2020-10-06` - `2020-12-29`	3 months	crt.sh
*.bootstrapcdn.com Sectigo RSA Domain Validation Secure Server CA	`2020-09-22` - `2021-10-12`	a year	crt.sh
ibb.co Let's Encrypt Authority X3	`2020-10-02` - `2020-12-31`	3 months	crt.sh
web.app GTS CA 1O1	`2020-04-15` - `2021-04-14`	a year	crt.sh
aadcdn.msftauth.net DigiCert SHA2 Secure Server CA	`2020-07-09` - `2021-07-09`	a year	crt.sh
aadcdn.msauth.net DigiCert SHA2 Secure Server CA	`2020-10-09` - `2021-10-09`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://offlinestorageconsoleowe.web.app/n414d494a444f414b534d534f534b4f534b534f444453414153414d494a444f414b534d534f5.html
Frame ID: CD3B4B3BF9B0DF759A50B093D78FC08B
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://recs.richrelevance.com/rrserver/api/find/v1/track/click/c85912f892c73e30?a=c85912f892c73e30&vg=ea8f... HTTP 301
https://qqhj9.csb.app/ Page URL
https://offlinestorageconsoleowe.web.app/n414d494a444f414b534d534f534b4f534b534f444453414153414d494a444f414b534d534f5... Page URL

Page Statistics

17
Requests

82 %
HTTPS

64 %
IPv6

12
Domains

12
Subdomains

11
IPs

4
Countries

128 kB
Transfer

419 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://recs.richrelevance.com/rrserver/api/find/v1/track/click/c85912f892c73e30?a=c85912f892c73e30&vg=ea8fdc53-72c1-4b4e-7e1b-cf5d12a2f649&pti=2&pa=find&hpi=0&stn=PersonalizedProductSearchAndBrowse&stid=184&rti=2&sgs&u&mvtId=-1&mvtTs=1598978594446&uguid=ea88dc53-72c1-4b4e-7e1b-cf5d12a2f649&channelId=WEB&s=0%3Abf427450-ea53-11ea-8e87-3f2fa233444b&pg=-1&page=621&query=stronda&lang=pt&searchConfigId=5b44b8a0947195000ef22caf&searchType=CATALOG&p=13361&ind=14881&ct=https%3A%2F%2Fqqhj9.csb.app&redirect=true HTTP 301
https://qqhj9.csb.app/ Page URL
https://offlinestorageconsoleowe.web.app/n414d494a444f414b534d534f534b4f534b534f444453414153414d494a444f414b534d534f5.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://recs.richrelevance.com/rrserver/api/find/v1/track/click/c85912f892c73e30?a=c85912f892c73e30&vg=ea8fdc53-72c1-4b4e-7e1b-cf5d12a2f649&pti=2&pa=find&hpi=0&stn=PersonalizedProductSearchAndBrowse&stid=184&rti=2&sgs&u&mvtId=-1&mvtTs=1598978594446&uguid=ea88dc53-72c1-4b4e-7e1b-cf5d12a2f649&channelId=WEB&s=0%3Abf427450-ea53-11ea-8e87-3f2fa233444b&pg=-1&page=621&query=stronda&lang=pt&searchConfigId=5b44b8a0947195000ef22caf&searchType=CATALOG&p=13361&ind=14881&ct=https%3A%2F%2Fqqhj9.csb.app&redirect=true HTTP 301
https://qqhj9.csb.app/

Request Chain 5

https://unpkg.com/axios/dist/axios.min.js HTTP 302
https://unpkg.com/axios@0.21.0/dist/axios.min.js

17 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

/ Show response
qqhj9.csb.app/
Redirect Chain

http://recs.richrelevance.com/rrserver/api/find/v1/track/click/c85912f892c73e30?a=c85912f892c73e30&vg=ea8fdc53-72c1-4b4e-7e1b-cf5d12a2f649&pti=2&pa=find&hpi=0&stn=PersonalizedProductSearchAndBrowse...
https://qqhj9.csb.app/

18 KB
4 KB

107ms
72ms

Document
text/html

2606:4700::6812:1a72
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://qqhj9.csb.app/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1a72 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 66264684344fb4a14dfb2651512ea16be9e052622f64d97359aaa14b057f20da

Request headers

:method: GET
:authority: qqhj9.csb.app
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Fri, 30 Oct 2020 18:47:18 GMT
content-type: text/html
set-cookie: __cfduid=ded3e4fc025d02a4bf15d8dde3114a6bf1604083637; expires=Sun, 29-Nov-20 18:47:17 GMT; path=/; domain=.csb.app; HttpOnly; SameSite=Lax signedIn=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT; max-age=0; HttpOnly
vary: Accept-Encoding
cache-control: private, max-age=0, no-cache, no-store
x-request-id: FkLZkeov7cMi6mDNR5Rm
via: 1.1 google
cf-cache-status: DYNAMIC
cf-request-id: 061c6ef6ce00002b5916a13000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 5ea74dd14d3a2b59-FRA
content-encoding: br

Redirect headers

Date: Fri, 30 Oct 2020 18:47:17 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Location: https://qqhj9.csb.app
Content-Type: application/json
Content-Length: 0

GET
H2 200 sse-hooks.js Show response
codesandbox.io/public/sse-hooks/ 19 KB
6 KB 55ms
28ms Script
application/javascript 2606:4700::6812:17cf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://codesandbox.io/public/sse-hooks/sse-hooks.js
Requested by: Host: qqhj9.csb.app
URL: https://qqhj9.csb.app/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:17cf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a13187861c1245d64ffde332a7eae352fc98ad2e7ecf9a84d1dccc7b9a1f859e

Request headers

Referer: https://qqhj9.csb.app/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 18:47:18 GMT
via: 1.1 google
cf-cache-status: HIT
age: 5782525
status: 200
content-encoding: br
cf-request-id: 061c6ef73d00001782eb210000000001
last-modified: Fri, 21 Aug 2020 12:41:31 GMT
server: cloudflare
etag: W/"5f3fc0fb-4bdc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 5ea74dd1ff4c1782-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 icon
fonts.googleapis.com/ 574 B
465 B 16ms
14ms Stylesheet
text/css 2a00:1450:4001:81f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/icon?family=Material+Icons

Requested by

Host: qqhj9.csb.app
URL: https://qqhj9.csb.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f43ed67b5dbe01a3b359d5af3077afe6543a88bc32088c322171335e09b39e76

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://qqhj9.csb.app/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 30 Oct 2020 18:47:18 GMT
server: ESF
date: Fri, 30 Oct 2020 18:47:18 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 30 Oct 2020 18:47:18 GMT

GET
H2 200 bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/ 138 KB
21 KB 28ms
9ms Stylesheet
text/css 2001:4de0:ac19::1:b:1a
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css

Requested by

Host: qqhj9.csb.app
URL: https://qqhj9.csb.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4de0:ac19::1:b:1a , Netherlands, ASN20446 (HIGHWINDS3, US),

Reverse DNS

Software

Resource Hash

7928b5ab63c6e89ee0ee26f5ef201a58c72baf91abb688580a1aa26eb57b3c11

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://qqhj9.csb.app/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 18:47:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 12 Dec 2018 18:34:11 GMT
status: 200
etag: "1544639651"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 21050

GET jquery-3.1.1.slim.min.js
code.jquery.com/ 0
0

GET
H2

200

axios.min.js Show response
unpkg.com/axios@0.21.0/dist/
Redirect Chain

https://unpkg.com/axios/dist/axios.min.js
https://unpkg.com/axios@0.21.0/dist/axios.min.js

14 KB
5 KB

19ms
18ms

Script
application/javascript

2606:4700::6810:7eaf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/axios@0.21.0/dist/axios.min.js

Requested by

Host: qqhj9.csb.app
URL: https://qqhj9.csb.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7eaf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

38f9f561f70487d5b6a701758924bec83934f7db588fea654ab092e84b1af4d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://qqhj9.csb.app/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 18:47:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 613069
status: 200
vary: Accept-Encoding
cf-request-id: 061c6ef72f0000d6c92185f000000001
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
server: cloudflare
etag: W/"379d-OlRa4MjtGXtBYRzsitdxTSE6gs0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-cloud-trace-context: ac19abec3b54c150c7f6a31320791e83
cache-control: public, max-age=31536000
cf-ray: 5ea74dd1e94fd6c9-FRA

Redirect headers

date: Fri, 30 Oct 2020 18:47:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 564
status: 302
vary: Accept, Accept-Encoding
content-length: 53
cf-request-id: 061c6ef71b0000d6c9ad041000000001
access-control-allow-origin: *
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/plain; charset=utf-8
location: /axios@0.21.0/dist/axios.min.js
x-cloud-trace-context: 8097306224f5868e9b81bfad212c03ba
cache-control: public, s-maxage=600, max-age=60
cf-ray: 5ea74dd1c8f2d6c9-FRA

GET
H2 200 ms-outout.png
i.ibb.co/Fsfrfnq/ 29 KB
29 KB 168ms
55ms Image
image/png 51.210.112.129
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.ibb.co/Fsfrfnq/ms-outout.png
Requested by: Host: qqhj9.csb.app
URL: https://qqhj9.csb.app/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 51.210.112.129 , France, ASN16276 (OVH, FR),
Reverse DNS: i.ibb.co
Software: nginx /
Resource Hash: e8ee249ed5d03ec065f82aa1d24fc263c468f1e67ee4cc9552f016e1ee1a2aef

Request headers

Referer: https://qqhj9.csb.app/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 18:47:18 GMT
last-modified: Fri, 07 Feb 2020 15:45:20 GMT
server: nginx
status: 200
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 29570
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 popper.min.js Show response
cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.3/umd/ 20 KB
7 KB 15ms
15ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.3/umd/popper.min.js

Requested by

Host: qqhj9.csb.app
URL: https://qqhj9.csb.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f7cbc01a310318defd4e31e4616543e2cf3baef5a47562c73ece4c0b716f157e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000

Request headers

Referer: https://qqhj9.csb.app/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 18:47:18 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 772351
x-via: cfworker/kv
status: 200
content-length: 6451
cf-request-id: 061c6ef75300002fa53cade000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:15:37 GMT
server: cloudflare
etag: "5eb03fa9-4f71"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=8RWqt9BJQNmrY8HsZQD7E29xPeRgl76uiQvOouthX0l%2F3HPYUKqbsf1LV51QNJhCN0oRqWouh3ctqcMY0fg8bWGxPr%2BDQosoRxErfeG%2F7Nh0S4pGZjKiBqwujk09dvmOKg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 5ea74dd21aa92fa5-FRA
expires: Wed, 20 Oct 2021 18:47:18 GMT

GET
H2 200 bootstrap.min.js Show response
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/ 50 KB
14 KB 9ms
8ms Script
text/javascript 2001:4de0:ac19::1:b:1a
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL

https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js

Requested by

Host: qqhj9.csb.app
URL: https://qqhj9.csb.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4de0:ac19::1:b:1a , Netherlands, ASN20446 (HIGHWINDS3, US),

Reverse DNS

Software

Resource Hash

56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://qqhj9.csb.app/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 18:47:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 12 Dec 2018 18:33:54 GMT
status: 200
etag: "1544639634"
vary: Accept-Encoding
x-cache: HIT
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 14090

GET
H2 200 watermark-button.ccc763f75.js Show response
codesandbox.io/static/js/ 3 KB
2 KB 80ms
63ms Script
application/javascript 2606:4700::6812:17cf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://codesandbox.io/static/js/watermark-button.ccc763f75.js
Requested by: Host: qqhj9.csb.app
URL: https://qqhj9.csb.app/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:17cf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5c73ff2eb14e2ff375c3f01f89b398443e303bce67862b9ee9c38eaeeadf2bc1

Request headers

Origin: https://qqhj9.csb.app
Referer: https://qqhj9.csb.app/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 18:47:18 GMT
via: 1.1 google
cf-cache-status: HIT
age: 12458
status: 200
content-encoding: br
cf-request-id: 061c6ef78500002b29e3a36000000001
last-modified: Fri, 30 Oct 2020 12:13:43 GMT
server: cloudflare
etag: W/"5f9c0377-ae8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=315360000
cf-ray: 5ea74dd26fba2b29-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 Primary Request n414d494a444f414b534d534f534b4f534b534f444453414153414d494a444f414b534d534f5.html Show response
offlinestorageconsoleowe.web.app/ 20 KB
4 KB 157ms
47ms Document
text/html 151.101.1.195
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://offlinestorageconsoleowe.web.app/n414d494a444f414b534d534f534b4f534b534f444453414153414d494a444f414b534d534f5.html

Requested by

Host: qqhj9.csb.app
URL: https://qqhj9.csb.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.195 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

9999f542b354dd9e8439cc5cd2f07914fc57cb06b5bdc8f175a08f62fda91c5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

:method: GET
:authority: offlinestorageconsoleowe.web.app
:scheme: https
:path: /n414d494a444f414b534d534f534b4f534b534f444453414153414d494a444f414b534d534f5.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://qqhj9.csb.app/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://qqhj9.csb.app/

Response headers

status: 200
cache-control: max-age=3600
content-encoding: br
content-type: text/html; charset=utf-8
etag: "92a174f0dbabce6cc4a14d788820867972a2a61584b5180051240a788ca514cc-br"
last-modified: Thu, 29 Oct 2020 13:34:04 GMT
strict-transport-security: max-age=31556926; includeSubDomains; preload
accept-ranges: bytes
date: Fri, 30 Oct 2020 18:47:48 GMT
x-served-by: cache-hhn4040-HHN
x-cache: HIT
x-cache-hits: 1
x-timer: S1604083668.183780,VS0,VE1
vary: x-fh-requested-host, accept-encoding
content-length: 3695

GET bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/ 0
0

GET
H2 200 microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
aadcdn.msftauth.net/ests/2.1/content/images/ 4 KB
2 KB 200ms
48ms Image
image/svg+xml 152.199.23.37
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aadcdn.msftauth.net/ests/2.1/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
Requested by: Host: offlinestorageconsoleowe.web.app
URL: https://offlinestorageconsoleowe.web.app/n414d494a444f414b534d534f534b4f534b534f444453414153414d494a444f414b534d534f5.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.23.37 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (ama/8ADC) /
Resource Hash: 04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a

Request headers

Referer: https://offlinestorageconsoleowe.web.app/n414d494a444f414b534d534f534b4f534b534f444453414153414d494a444f414b534d534f5.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 30 Oct 2020 18:47:48 GMT
content-encoding: gzip
content-md5: nzaLxFgP7ZB3dfMcaybWzw==
age: 594122
x-cache: HIT
status: 200
content-length: 1435
x-ms-lease-status: unlocked
last-modified: Fri, 02 Nov 2018 20:25:22 GMT
server: ECAcc (ama/8ADC)
etag: 0x8D64101507E84BD
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: ee410ff3-701e-009b-3c85-a94da7000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=604800
x-ms-version: 2009-09-19
accept-ranges: bytes

GET
H2 200 picker_verify_sms_27a6d18b56f46818420e60a773c36d4e.svg
aadcdn.msauth.net/ests/2.1/content/images/ 250 B
876 B 59ms
19ms Image
image/svg+xml 2620:1ec:bdf::10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aadcdn.msauth.net/ests/2.1/content/images/picker_verify_sms_27a6d18b56f46818420e60a773c36d4e.svg
Requested by: Host: offlinestorageconsoleowe.web.app
URL: https://offlinestorageconsoleowe.web.app/n414d494a444f414b534d534f534b4f534b534f444453414153414d494a444f414b534d534f5.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:bdf::10 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 8ed8f3acb9b87f99e42c74463d4e2be96ee85b8a87cd6eb874295ace420a5904

Request headers

Referer: https://offlinestorageconsoleowe.web.app/n414d494a444f414b534d534f534b4f534b534f444453414153414d494a444f414b534d534f5.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 30 Oct 2020 18:47:47 GMT
content-encoding: gzip
x-azure-ref-originshield: 03F+aXwAAAABqSq5y5foGRqL8n1XmaXwCTE9OMjFFREdFMTUwNwAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
content-md5: Ibdh8rH9N/WH1yIgI7CSdg==
x-cache: TCP_HIT
status: 200
content-length: 199
x-ms-lease-status: unlocked
last-modified: Fri, 02 Nov 2018 20:25:48 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag: 0x8D64101604B094A
x-azure-ref: 01F+cXwAAAAAbjiODwjVHTLeVEJCOAwfGQlJVMzBFREdFMDQyMQAzOWExMmY3ZS04OTlmLTQ2Y2YtYTZkMC0yNGJiYmEyN2Q5NTY=
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: b9d06aca-c01e-0023-4b85-a9db46000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=604800
x-ms-version: 2009-09-19

GET
H2 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/ 85 KB
27 KB 13ms
11ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js

Requested by

Host: offlinestorageconsoleowe.web.app
URL: https://offlinestorageconsoleowe.web.app/n414d494a444f414b534d534f534b4f534b534f444453414153414d494a444f414b534d534f5.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000

Request headers

Origin: https://offlinestorageconsoleowe.web.app
Referer: https://offlinestorageconsoleowe.web.app/n414d494a444f414b534d534f534b4f534b534f444453414153414d494a444f414b534d534f5.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 18:47:48 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 772380
x-via: cfworker/kv
status: 200
content-length: 27192
cf-request-id: 061c6f6d03000005ed72279000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:11:48 GMT
server: cloudflare
etag: "5eb03ec4-152b5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=0MgL%2BlwBs3FrOKCWfiOHiBFmStvKowPukJjYv681q1QGu4iM%2FSA%2BUZxQRXiDdl5gAQd0S44ca542hZQC5qnbIettGdIW74Og6GeW2Q6X8Ni9xdAzoHMut6TDZooUOzkI2A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 5ea74e8e6c0b05ed-FRA
expires: Wed, 20 Oct 2021 18:47:48 GMT

GET
H2 200 popper.min.js Show response
cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/ 21 KB
7 KB 17ms
16ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js

Requested by

Host: offlinestorageconsoleowe.web.app
URL: https://offlinestorageconsoleowe.web.app/n414d494a444f414b534d534f534b4f534b534f444453414153414d494a444f414b534d534f5.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

66f3a07e1fa9b64a686b66381e4458dbc8abf3dbbff954720c4eec07b84411c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000

Request headers

Origin: https://offlinestorageconsoleowe.web.app
Referer: https://offlinestorageconsoleowe.web.app/n414d494a444f414b534d534f534b4f534b534f444453414153414d494a444f414b534d534f5.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 30 Oct 2020 18:47:48 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 772375
x-via: cfworker/kv
status: 200
content-length: 6646
cf-request-id: 061c6f6d04000005ed2d2f3000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:15:37 GMT
server: cloudflare
etag: "5eb03fa9-520c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=4f3kyqQMRceGeIrSW8mUH8W%2BZ%2FBMPwX%2FYdQhRq0u%2FHq2FrSZY2M6aIEs55M8EBXbp0FuHwtJsn3nh%2BOOuw%2BcEeeghsTOxGJitmr71GT6NNjk6ltP9veW3mzgHwqvw0DHwQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 5ea74e8e6c0f05ed-FRA
expires: Wed, 20 Oct 2021 18:47:48 GMT

GET bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: code.jquery.com
URL: https://code.jquery.com/jquery-3.1.1.slim.min.js

Domain: stackpath.bootstrapcdn.com
URL: https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css

Domain: stackpath.bootstrapcdn.com
URL: https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aadcdn.msauth.net
aadcdn.msftauth.net
cdnjs.cloudflare.com
code.jquery.com
codesandbox.io
fonts.googleapis.com
i.ibb.co
offlinestorageconsoleowe.web.app
qqhj9.csb.app
recs.richrelevance.com
stackpath.bootstrapcdn.com
unpkg.com
code.jquery.com
stackpath.bootstrapcdn.com
151.101.1.195
152.199.23.37
2001:4de0:ac19::1:b:1a
2606:4700::6810:135e
2606:4700::6810:7eaf
2606:4700::6812:17cf
2606:4700::6812:1a72
2620:1ec:bdf::10
2a00:1450:4001:81f::200a
50.31.236.5
51.210.112.129
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
38f9f561f70487d5b6a701758924bec83934f7db588fea654ab092e84b1af4d0
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
5c73ff2eb14e2ff375c3f01f89b398443e303bce67862b9ee9c38eaeeadf2bc1
66264684344fb4a14dfb2651512ea16be9e052622f64d97359aaa14b057f20da
66f3a07e1fa9b64a686b66381e4458dbc8abf3dbbff954720c4eec07b84411c2
7928b5ab63c6e89ee0ee26f5ef201a58c72baf91abb688580a1aa26eb57b3c11
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
8ed8f3acb9b87f99e42c74463d4e2be96ee85b8a87cd6eb874295ace420a5904
9999f542b354dd9e8439cc5cd2f07914fc57cb06b5bdc8f175a08f62fda91c5e
a13187861c1245d64ffde332a7eae352fc98ad2e7ecf9a84d1dccc7b9a1f859e
e8ee249ed5d03ec065f82aa1d24fc263c468f1e67ee4cc9552f016e1ee1a2aef
f43ed67b5dbe01a3b359d5af3077afe6543a88bc32088c322171335e09b39e76
f7cbc01a310318defd4e31e4616543e2cf3baef5a47562c73ece4c0b716f157e

offlinestorageconsoleowe.web.app Open in urlscan Pro 151.101.1.195 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Page Statistics

17 Requests

82 %HTTPS

64 %IPv6

12 Domains

12 Subdomains

11 IPs

4 Countries

128 kBTransfer

419 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

0 Cookies

Indicators

offlinestorageconsoleowe.web.app Open in urlscan Pro
151.101.1.195 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

82 %
HTTPS

64 %
IPv6

12
Domains

12
Subdomains

11
IPs

4
Countries

128 kB
Transfer

419 kB
Size

0
Cookies

17 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!