![](/screenshots/4fa1f14c-ae8e-49e6-a9f9-6f982a9bc5b9.png)
qzewlkkopmnh-d45e60.ingress-erytho.ewp.live
Open in
urlscan Pro
63.250.43.133
Malicious Activity!
Public Scan
Effective URL: https://qzewlkkopmnh-d45e60.ingress-erytho.ewp.live/wp-admin/css/colors/light/fedEd2023/wp-plugin/LoginServices/index.php?execution=e2s1
Submission: On July 28 via manual from CH — Scanned from FR
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on May 9th 2023. Valid for: a year.
This is the only time qzewlkkopmnh-d45e60.ingress-erytho.ewp.live was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Fedex (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2606:4700:303... 2606:4700:3038::6815:ead6 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 2 | 63.250.43.133 63.250.43.133 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
1 | 2a02:26f0:350... 2a02:26f0:3500:18::1724:a298 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 2a00:1450:400... 2a00:1450:4001:81c::200e | 15169 (GOOGLE) (GOOGLE) | |
2 | 2606:4700::68... 2606:4700::6811:180e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
6 | 5 |
ASN22612 (NAMECHEAP-NET, US)
PTR: ingress-erytho.easywp.com
qzewlkkopmnh-d45e60.ingress-erytho.ewp.live |
ASN20940 (AKAMAI-ASN1, NL)
www.fedex.com |
ASN15169 (GOOGLE, US)
encrypted-tbn0.gstatic.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
2 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 265 |
38 KB |
2 |
ewp.live
1 redirects
qzewlkkopmnh-d45e60.ingress-erytho.ewp.live |
480 KB |
1 |
gstatic.com
encrypted-tbn0.gstatic.com |
7 KB |
1 |
fedex.com
www.fedex.com — Cisco Umbrella Rank: 7574 |
18 KB |
1 |
urlz.fr
1 redirects
urlz.fr — Cisco Umbrella Rank: 936729 |
533 B |
6 | 5 |
Domain | Requested by | |
---|---|---|
2 | cdnjs.cloudflare.com |
qzewlkkopmnh-d45e60.ingress-erytho.ewp.live
|
2 | qzewlkkopmnh-d45e60.ingress-erytho.ewp.live | 1 redirects |
1 | encrypted-tbn0.gstatic.com |
qzewlkkopmnh-d45e60.ingress-erytho.ewp.live
|
1 | www.fedex.com |
qzewlkkopmnh-d45e60.ingress-erytho.ewp.live
|
1 | urlz.fr | 1 redirects |
6 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.facebook.com |
www.youtube.com |
www.linkedin.com |
www.instagram.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.ingress-erytho.ewp.live Sectigo RSA Domain Validation Secure Server CA |
2023-05-09 - 2024-05-25 |
a year | crt.sh |
www.fedex.com Sectigo RSA Organization Validation Secure Server CA |
2023-05-18 - 2024-05-17 |
a year | crt.sh |
*.gstatic.com GTS CA 1C3 |
2023-07-10 - 2023-10-02 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-07-03 - 2024-07-02 |
a year | crt.sh |
This page contains 1 frames:
Frame:
https://qzewlkkopmnh-d45e60.ingress-erytho.ewp.live/wp-admin/css/colors/light/fedEd2023/wp-plugin/LoginServices/main/login.php
Frame ID: 39FFECEC0AC972B26C65386FEA796496
Requests: 11 HTTP requests in this frame
Screenshot
![](/screenshots/4fa1f14c-ae8e-49e6-a9f9-6f982a9bc5b9.png)
Page Title
FedEx Express | Express-Lieferungen, Kurier- und Versand-Services | Ă–sterreichUmzug - PostAGPage URL History Show full URLs
-
https://urlz.fr/mV7P
HTTP 302
https://qzewlkkopmnh-d45e60.ingress-erytho.ewp.live/wp-admin/css/colors/light/fedEd2023/wp-plugin/ HTTP 302
https://qzewlkkopmnh-d45e60.ingress-erytho.ewp.live/wp-admin/css/colors/light/fedEd2023/wp-plugin/LoginServices/index.php?execut... Page URL
Detected technologies
Detected patterns
- \.php(?:$|\?)
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
4 Outgoing links
These are links going to different origins than the main page.
Title: Post auf facebook
Search URL Search Domain Scan URL
Title: Post auf YouTube
Search URL Search Domain Scan URL
Title: Post auf LinkedIn
Search URL Search Domain Scan URL
Title: Post auf Instagram
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://urlz.fr/mV7P
HTTP 302
https://qzewlkkopmnh-d45e60.ingress-erytho.ewp.live/wp-admin/css/colors/light/fedEd2023/wp-plugin/ HTTP 302
https://qzewlkkopmnh-d45e60.ingress-erytho.ewp.live/wp-admin/css/colors/light/fedEd2023/wp-plugin/LoginServices/index.php?execution=e2s1 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
6 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
index.php
qzewlkkopmnh-d45e60.ingress-erytho.ewp.live/wp-admin/css/colors/light/fedEd2023/wp-plugin/LoginServices/ Redirect Chain
|
1 MB 479 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
www.fedex.com/content/dam/fedex-com/logos/ |
18 KB 18 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
images
encrypted-tbn0.gstatic.com/ |
7 KB 7 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
21 KB 21 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
108 KB 108 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
21 KB 21 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
21 KB 21 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.1.0/ |
84 KB 27 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
imask.min.js
cdnjs.cloudflare.com/ajax/libs/imask/3.4.0/ |
45 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
534 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
login.php
qzewlkkopmnh-d45e60.ingress-erytho.ewp.live/wp-admin/css/colors/light/fedEd2023/wp-plugin/LoginServices/main/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- qzewlkkopmnh-d45e60.ingress-erytho.ewp.live
- URL
- https://qzewlkkopmnh-d45e60.ingress-erytho.ewp.live/wp-admin/css/colors/light/fedEd2023/wp-plugin/LoginServices/main/login.php
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Fedex (Transportation)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| date number| year number| month number| day function| $ function| jQuery object| __core-js_shared__ object| core function| IMask0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=15768000 |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
encrypted-tbn0.gstatic.com
qzewlkkopmnh-d45e60.ingress-erytho.ewp.live
urlz.fr
www.fedex.com
qzewlkkopmnh-d45e60.ingress-erytho.ewp.live
2606:4700:3038::6815:ead6
2606:4700::6811:180e
2a00:1450:4001:81c::200e
2a02:26f0:3500:18::1724:a298
63.250.43.133
281442cf45996ccfa2562eab455e17d37f070b15fad6faa1f90db74b6fa0ab5d
393e5d863ece0797f0dab33b8c34fe7f87b648997c67c125c5df8bf212950b2c
702b9e051e82b32038ffdb33a4f7eb5f7b38f4cf6f514e4182d8898f4eb0b7fb
807a777c53cc9669f111b6fda6b6a509d3b2add3281039a5894f9770dd5618ae
8b76b3502583edddf22df0b9c6ee640053a2cdfeaa113ceff3ea9b61d1f6410d
92ccff15c08a6f16916e3ee6356f4a19e16451acbba3b364df2c34ba84670698
933bff0361186c08db1d4359090544c77cf38d9e6fde710c61d67bb2dbb6a832
99f7cd905d160e4bf4408195b22a893a45661a8855a0841e207d5bafe7411d90
a3b9b469d31790096180616fae0155d3af8088924ef1d724bfd085ff3d12f075
e1a6432e8aff5d2e64ebbcb411139e62ac9225ac7ea6a4cc904965c8ab83a4ed