www.crossstitchstudio.com
Open in
urlscan Pro
199.79.63.144
Malicious Activity!
Public Scan
Effective URL: https://www.crossstitchstudio.com/stera/ferbupstracking/
Submission: On August 03 via api from DE
Summary
TLS certificate: Issued by R3 on June 21st 2021. Valid for: 3 months.
This is the only time www.crossstitchstudio.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: UPS (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 2 | 103.205.143.165 103.205.143.165 | 132335 (NETWORK-L...) (NETWORK-LEAPSWITCH-IN LeapSwitch Networks Pvt Ltd) | |
8 | 199.79.63.144 199.79.63.144 | 394695 (PUBLIC-DO...) (PUBLIC-DOMAIN-REGISTRY) | |
1 | 2606:4700:20:... 2606:4700:20::681a:407 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 67.202.94.94 67.202.94.94 | 32748 (STEADFAST) (STEADFAST) | |
11 | 5 |
ASN132335 (NETWORK-LEAPSWITCH-IN LeapSwitch Networks Pvt Ltd, IN)
PTR: autonomyadoption.com
redcedarmarket.com |
ASN394695 (PUBLIC-DOMAIN-REGISTRY, US)
PTR: md-55.webhostbox.net
www.crossstitchstudio.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
crossstitchstudio.com
www.crossstitchstudio.com |
323 KB |
2 |
redcedarmarket.com
1 redirects
redcedarmarket.com |
597 B |
1 |
amung.us
whos.amung.us |
144 B |
1 |
waust.at
waust.at |
7 KB |
11 | 4 |
Domain | Requested by | |
---|---|---|
8 | www.crossstitchstudio.com |
www.crossstitchstudio.com
|
2 | redcedarmarket.com | 1 redirects |
1 | whos.amung.us |
waust.at
|
1 | waust.at |
www.crossstitchstudio.com
|
11 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
whos.amung.us |
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.crossstitchstudio.autorevew.com R3 |
2021-06-21 - 2021-09-19 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-09-04 - 2021-09-04 |
a year | crt.sh |
whos.amung.us Sectigo RSA Domain Validation Secure Server CA |
2020-05-21 - 2022-05-21 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.crossstitchstudio.com/stera/ferbupstracking/
Frame ID: 1E4E67B4C12EEDC505BFBA1DA80B4DD3
Requests: 13 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://redcedarmarket.com/tecadam
HTTP 301
http://redcedarmarket.com/tecadam/ Page URL
- https://www.crossstitchstudio.com/stera/ferbupstracking/ Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: 5
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://redcedarmarket.com/tecadam
HTTP 301
http://redcedarmarket.com/tecadam/ Page URL
- https://www.crossstitchstudio.com/stera/ferbupstracking/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://redcedarmarket.com/tecadam HTTP 301
- http://redcedarmarket.com/tecadam/
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
redcedarmarket.com/tecadam/ Redirect Chain
|
101 B 342 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
www.crossstitchstudio.com/stera/ferbupstracking/ |
34 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ups_004.css
www.crossstitchstudio.com/stera/ferbupstracking/assets/ |
133 KB 32 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ups.css
www.crossstitchstudio.com/stera/ferbupstracking/assets/ |
203 KB 99 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ups_002.css
www.crossstitchstudio.com/stera/ferbupstracking/assets/ |
648 KB 129 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ups_003.css
www.crossstitchstudio.com/stera/ferbupstracking/assets/ |
68 KB 14 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
UPS_logo.svg
www.crossstitchstudio.com/stera/ferbupstracking/assets/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.5.1.min.js
www.crossstitchstudio.com/stera/ferbupstracking/assets/ |
87 KB 38 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
d.js
waust.at/ |
13 KB 7 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
social.jpg
www.crossstitchstudio.com/stera/ferbupstracking/assets/ |
0 50 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
33 KB 33 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
whos.amung.us/pingjs/ |
28 B 144 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: UPS (Transportation)33 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery object| _wau string| wau_w_col string| wau_w_siz object| WAU_ren function| WAU_dynamic function| WAU_dynamic_request function| WAU_r_d function| WAU_insert function| WAU_la function| WAU_addCommas function| WAU_lrd function| WAU_lrs function| WAU_cps function| docReady string| ztoday string| ytoday string| ntoday object| x string| x1 string| x21 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.crossstitchstudio.com/ | Name: PHPSESSID Value: 7df6b86cfcd0991c8f4a1b421c3539a4 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
redcedarmarket.com
waust.at
whos.amung.us
www.crossstitchstudio.com
103.205.143.165
199.79.63.144
2606:4700:20::681a:407
67.202.94.94
0f0106c6afb929fbd0dac5661e29ab37da0f67dc4ca5acc40058bdecc4843671
10a1815b356f850e04c8bdec04edf534b4df1ce29b38cb75f0538f90fa75afb0
1e020fdc4c2189607c5f90806564a6b12a6a24d20bf586f964965244b62ef8d3
25358f6dd69d4fd2a171cef26890c3fa64a144b3535355553821995027e7dc66
5655a8d691a31bf46ffb807e09321a6084857d6aa67f4ef6656b687b5fac0996
688ba89f703040d4fa5ecb4e8219b87a1ae47aae7815ef1ecf17e9ae469dfe16
6f4587fb64cd2e7ce26ba21941c80f3ab8d28c257b73d04a87c949b32e4cde2d
8fb1850e00c24b83e04ea4f41fe5774cff1d476a293fa7b35cba97827eb194cd
a9a72111b2c9ad844638140ba430e0fe363e557adf8c48b0249dec84edaf65eb
b6f911ba8158fafaac0e01b5c737957f9a334697c5fd7d935a68795e9d9e1c00
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f69212c8dda9c7b958d463b414eb08a681de0ddebe7b7f5d222c33c6861bacaa
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d