![](/screenshots/0d9ef279-ef65-466c-a3df-54e1d5926ed2.png)
0.redstringline.com
Open in
urlscan Pro
188.166.68.96
Malicious Activity!
Public Scan
Effective URL: https://0.redstringline.com/?p=mi4tsyrqmu5gi3bpg4ztqny&sub2=coolheart
Submission: On July 25 via automatic, source openphish — Scanned from DE
Summary
TLS certificate: Issued by R3 on June 30th 2022. Valid for: 3 months.
This is the only time 0.redstringline.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Made in China (Supplychain)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
8 | 66.33.213.115 66.33.213.115 | 26347 (DREAMHOST-AS) (DREAMHOST-AS) | |
1 | 2606:4700::68... 2606:4700::6812:acf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700::68... 2606:4700::6812:bcf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 101.99.95.147 101.99.95.147 | 201133 (VERDINA) (VERDINA) | |
3 | 104.18.20.229 104.18.20.229 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 2 | 91.211.91.104 91.211.91.104 | 206638 (HOSTFORY) (HOSTFORY) | |
3 | 188.166.68.96 188.166.68.96 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
23 | 8 |
ASN26347 (DREAMHOST-AS, US)
PTR: apache2-dap.bulldog.dreamhost.com
acnewleafhandbook.com |
ASN14061 (DIGITALOCEAN-ASN, US)
redstringline.com | |
0.redstringline.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
acnewleafhandbook.com
acnewleafhandbook.com |
152 KB |
4 |
cofounderspecials.com
1 redirects
trick.cofounderspecials.com door.cofounderspecials.com Failed |
5 KB |
3 |
redstringline.com
redstringline.com Failed 0.redstringline.com |
81 KB |
3 |
micstatic.com
www.micstatic.com — Cisco Umbrella Rank: 113072 pylon.micstatic.com Failed |
35 KB |
2 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 737 stackpath.bootstrapcdn.com — Cisco Umbrella Rank: 2151 |
29 KB |
0 |
made-in-china.com
Failed
www.made-in-china.com Failed |
|
23 | 6 |
Domain | Requested by | |
---|---|---|
8 | acnewleafhandbook.com |
acnewleafhandbook.com
|
3 | www.micstatic.com |
acnewleafhandbook.com
|
2 | 0.redstringline.com |
acnewleafhandbook.com
|
2 | door.cofounderspecials.com |
trick.cofounderspecials.com
|
2 | trick.cofounderspecials.com |
acnewleafhandbook.com
trick.cofounderspecials.com |
1 | redstringline.com |
door.cofounderspecials.com
|
1 | stackpath.bootstrapcdn.com |
acnewleafhandbook.com
|
1 | maxcdn.bootstrapcdn.com |
acnewleafhandbook.com
|
0 | pylon.micstatic.com Failed |
www.micstatic.com
|
0 | www.made-in-china.com Failed |
www.micstatic.com
|
23 | 10 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.acnewleafhandbook.com R3 |
2022-07-11 - 2022-10-09 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-01-29 - 2023-01-29 |
a year | crt.sh |
trick.cofounderspecials.com R3 |
2022-07-24 - 2022-10-22 |
3 months | crt.sh |
*.micstatic.com DigiCert TLS RSA SHA256 2020 CA1 |
2021-12-02 - 2023-01-02 |
a year | crt.sh |
door.cofounderspecials.com R3 |
2022-07-25 - 2022-10-23 |
3 months | crt.sh |
redstringline.com R3 |
2022-06-30 - 2022-09-28 |
3 months | crt.sh |
This page contains 2 frames:
Frame:
https://0.redstringline.com/?auf=ga3tomjshe5diojygyxtomzyg4xtemzpge3dkobxgu2tcojz&s=1&sub1=&sub2=coolheart&sub3=&sub4=&cpc=0&cpm=0
Frame ID: 395B906D2C0FACA7E3E92DB9AD562F75
Requests: 24 HTTP requests in this frame
Frame:
https://www.made-in-china.com/faw-store.html
Frame ID: 9D0E675D63E482B2B5928B2CB5E74D10
Requests: 1 HTTP requests in this frame
Screenshot
![](/screenshots/0d9ef279-ef65-466c-a3df-54e1d5926ed2.png)
Page URL History Show full URLs
- https://acnewleafhandbook.com/ft/index.html Page URL
-
https://door.cofounderspecials.com/way.php?pid=553246&kid=685&uid=456389&mid=689332
HTTP 302
https://door.cofounderspecials.com/way.php?cid=436757&lid=88443&tid=65478433 Page URL
- https://redstringline.com/?p=mi4tsyrqmu5gi3bpg4ztqny&sub2=coolheart Page URL
- https://0.redstringline.com/?p=mi4tsyrqmu5gi3bpg4ztqny&sub2=coolheart Page URL
Detected technologies
![](/vendor/wappa/icons/Bootstrap.png)
Detected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://acnewleafhandbook.com/ft/index.html Page URL
-
https://door.cofounderspecials.com/way.php?pid=553246&kid=685&uid=456389&mid=689332
HTTP 302
https://door.cofounderspecials.com/way.php?cid=436757&lid=88443&tid=65478433 Page URL
- https://redstringline.com/?p=mi4tsyrqmu5gi3bpg4ztqny&sub2=coolheart Page URL
- https://0.redstringline.com/?p=mi4tsyrqmu5gi3bpg4ztqny&sub2=coolheart Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 18- https://door.cofounderspecials.com/way.php?pid=553246&kid=685&uid=456389&mid=689332 HTTP 302
- https://door.cofounderspecials.com/way.php?cid=436757&lid=88443&tid=65478433
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
index.html
acnewleafhandbook.com/ft/ |
16 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
acnewleafhandbook.com/ft/js/ |
86 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.1.1.min.js
acnewleafhandbook.com/ft/js/ |
85 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.3.1.js
acnewleafhandbook.com/ft/js/ |
19 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logon_40922b23.css
acnewleafhandbook.com/ft/css/ |
126 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sign-default-buyer.jpg
acnewleafhandbook.com/ft/images/ |
58 KB 58 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.2.1.slim.min.js
acnewleafhandbook.com/ft/js/ |
97 B 179 B |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
popper.min.js
acnewleafhandbook.com/ft/js/ |
97 B 137 B |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/ |
48 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/ |
50 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
track.js
trick.cofounderspecials.com/ |
6 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo_d0822075.png
www.micstatic.com/common/img/logo-2019/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
micon_3425a96d.woff2
www.micstatic.com/common/font/micon/micon-2/ |
25 KB 25 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
faw.1.0.0.js
www.micstatic.com/common/js/libs/faw/ |
12 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
way.js
trick.cofounderspecials.com/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
faw-store.html
www.made-in-china.com/ Frame 9D0E |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
probe.min.js
pylon.micstatic.com/gb/js/assets/probe/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
way.php
door.cofounderspecials.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
way.php
door.cofounderspecials.com/ Redirect Chain
|
820 B 554 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
redstringline.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
redstringline.com/ |
28 KB 28 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
13 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
0.redstringline.com/ |
52 KB 52 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
7 KB 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
0.redstringline.com/ |
0 264 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- www.made-in-china.com
- URL
- https://www.made-in-china.com/faw-store.html
- Domain
- pylon.micstatic.com
- URL
- https://pylon.micstatic.com/gb/js/assets/probe/probe.min.js?r=1634120031144
- Domain
- door.cofounderspecials.com
- URL
- https://door.cofounderspecials.com/way.php?pid=553246&kid=685&uid=456389&mid=689332
- Domain
- redstringline.com
- URL
- https://redstringline.com/?p=mi4tsyrqmu5gi3bpg4ztqny&sub2=coolheart
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Made in China (Supplychain)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
acnewleafhandbook.com/ | Name: servicewaysss Value: yes |
|
.redstringline.com/ | Name: uuid Value: c4c005da-81e6-48e1-8c19-1f796c9e42cb |
|
.0.redstringline.com/ | Name: uuid Value: c4c005da-81e6-48e1-8c19-1f796c9e42cb |
|
0.redstringline.com/ | Name: uuid Value: c4c005da-81e6-48e1-8c19-1f796c9e42cb |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
0.redstringline.com
acnewleafhandbook.com
door.cofounderspecials.com
maxcdn.bootstrapcdn.com
pylon.micstatic.com
redstringline.com
stackpath.bootstrapcdn.com
trick.cofounderspecials.com
www.made-in-china.com
www.micstatic.com
door.cofounderspecials.com
pylon.micstatic.com
redstringline.com
www.made-in-china.com
101.99.95.147
104.18.20.229
188.166.68.96
2606:4700::6812:acf
2606:4700::6812:bcf
66.33.213.115
91.211.91.104
0bde201583d626aeb8100e033b19854d33de3b98ac083441c71012bd8ba15210
1179d91e241cbea26748f5c37c22e29e7536e7ebdef99a5e0588f52d224097fb
13092800253619e1ce13ad7e28673e40452f3fed09037e2058166273fbaf434d
18a097b5625eaee94db4a26223016d2f31b7b5f5529bc599ea183f551e5c13d3
1b82935f6c173cfb253d9ac3b0d43ed8faf6fa97e2b1016918ee3600ff3de263
27b05c2cd5603876cf934d151c35b0edd60ea8f78791553e37533e266e416392
488ea251bdaf29ab45c94699fef89ad3368bfef0c0f24b671dcbefd4e474679d
4df8cca6c99a24a33c327873b74c3e7b2a0fa1e40b83808448167e094fba73aa
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
6600e628d105299a9954bb85edc818356f1ec6136ba5d503dc39b2b3de8526c7
844419cc2fe07888ab11bb6dd264a3d66225851ad62645dfc3044657e9963af3
a1c95b6fb809e633322e011fe013c565faeb61264527ce028d53387fba3b4924
b2aeebb909a7aed0177bec639a61d659e637d76c9ceb19e7f52c6bafe8160501
c997e1408678728bd3549aab53d224742c998406b150cc51fe65b845a0611315
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3dd2de586fd816ff8d4abf31db24132838abdfe4a527ebf9cdcdba7cd261ac5
e65e86fddc1b72935d9b37afd5e5589ca9ee4eecf1878acb3ab8a6074ffdf64d
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b
fc866e700468e2bd3c224d7020dff638261bae728e95b1fc6baf9ebaff904087