securityaffairs.com Open in urlscan Pro
2606:4700:3031::ac43:8cd3 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://securityaffairs.com/165607/cyber-crime/crystalray-operations-scaled-10x.html
Submission: On July 12 via api (July 12th 2024, 2:10:40 am UTC) from TR — Scanned from DE

Summary HTTP 78 Redirects Links 18 Behaviour Indicators

Summary

This website contacted 15 IPs in 3 countries across 11 domains to perform 78 HTTP transactions. The main IP is 2606:4700:3031::ac43:8cd3, located in United States and belongs to CLOUDFLARENET, US. The main domain is securityaffairs.com. The Cisco Umbrella rank of the primary domain is 418204.
TLS certificate: Issued by WE1 on June 11th 2024. Valid for: 3 months.

This is the only time securityaffairs.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
52	2606:4700:303... 2606:4700:3031::ac43:8cd3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	18.173.205.53 18.173.205.53	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:830::2008	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
2	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC)
2	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2a00:1450:400... 2a00:1450:4001:81c::200a	15169 (GOOGLE) (GOOGLE)
1	2600:9000:206... 2600:9000:206f:8a00:c:abe:f440:93a1	16509 (AMAZON-02) (AMAZON-02)
1	3.69.40.101 3.69.40.101	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c00::9a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82b::2001	15169 (GOOGLE) (GOOGLE)
78	15

52 2606:4700:3031::ac43:8cd3 (United States)

ASN13335 (CLOUDFLARENET, US)

securityaffairs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.173.205.53 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-205-53.fra56.r.cloudfront.net

platform-api.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i1.wp.com

i0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81c::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:206f:8a00:c:abe:f440:93a1 (United States)

ASN16509 (AMAZON-02, US)

buttons-config.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.69.40.101 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-69-40-101.eu-central-1.compute.amazonaws.com

l.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
52	securityaffairs.com securityaffairs.com — Cisco Umbrella Rank: 418204	3 MB
8	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 143 tpc.googlesyndication.com — Cisco Umbrella Rank: 180	215 KB
4	wp.com i0.wp.com — Cisco Umbrella Rank: 3964 stats.wp.com — Cisco Umbrella Rank: 3237 pixel.wp.com — Cisco Umbrella Rank: 3179	36 KB
4	sharethis.com platform-api.sharethis.com — Cisco Umbrella Rank: 4724 buttons-config.sharethis.com — Cisco Umbrella Rank: 5526 l.sharethis.com — Cisco Umbrella Rank: 5337	94 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 72	185 KB
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2681
1	google.de www.google.de — Cisco Umbrella Rank: 9452	63 B
1	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 133	247 B
1	google.com region1.analytics.google.com — Cisco Umbrella Rank: 3541
1	gstatic.com fonts.gstatic.com	48 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 74	2 KB
78	11

	Domain	Requested by
52	securityaffairs.com	securityaffairs.com
6	pagead2.googlesyndication.com	securityaffairs.com pagead2.googlesyndication.com
2	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com
2	i0.wp.com	securityaffairs.com
2	www.googletagmanager.com	securityaffairs.com
2	platform-api.sharethis.com	securityaffairs.com
1	region1.google-analytics.com	www.googletagmanager.com
1	www.google.de	securityaffairs.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	region1.analytics.google.com	www.googletagmanager.com
1	pixel.wp.com	securityaffairs.com
1	fonts.gstatic.com	fonts.googleapis.com
1	l.sharethis.com	platform-api.sharethis.com
1	buttons-config.sharethis.com	platform-api.sharethis.com
1	fonts.googleapis.com	securityaffairs.com
1	stats.wp.com	securityaffairs.com
78	16

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
resecurity.com
sysdig.com
projectdiscovery.io
github.com
i0.wp.com
nvd.nist.gov
www.linkedin.com
infosec.exchange
securityaffairs.co

Subject Issuer	Validity	Valid
securityaffairs.com WE1	`2024-06-11` - `2024-09-09`	3 months	crt.sh
sharethis.com Amazon RSA 2048 M03	`2024-04-19` - `2025-05-17`	a year	crt.sh
*.google-analytics.com WR2	`2024-06-24` - `2024-09-16`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-06-24` - `2024-09-16`	3 months	crt.sh
*.wp.com Sectigo ECC Domain Validation Secure Server CA	`2023-11-28` - `2024-12-28`	a year	crt.sh
upload.video.google.com WR2	`2024-06-24` - `2024-09-16`	3 months	crt.sh
*.gstatic.com WR2	`2024-06-24` - `2024-09-16`	3 months	crt.sh
*.google.de WR2	`2024-06-24` - `2024-09-16`	3 months	crt.sh
tpc.googlesyndication.com WR2	`2024-06-24` - `2024-09-16`	3 months	crt.sh

This page contains 4 frames:

Primary Page: https://securityaffairs.com/165607/cyber-crime/crystalray-operations-scaled-10x.html
Frame ID: 2FAD0908194C0A39349742B0D44750D0
Requests: 75 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/html/r20240709/r20110914/zrt_lookup_fy2021.html
Frame ID: 80E98AE78F274FED6FBA7805E3E9EB34
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/ads?ltd_cs=1&client=ca-pub-4918072057181794&output=html&adk=1812271804&adf=3025194257&abgtt=6&lmt=1720750236&plat=1%3A16777216%2C3%3A16%2C4%3A16%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fsecurityaffairs.com%2F165607%2Fcyber-crime%2Fcrystalray-operations-scaled-10x.html&pra=5&wgl=1&easpi=0&aihb=0&asro=0&ailel=32~27~29~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~30&aiael=32~27~29~1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~30&aifxl=32_7~27_8~29_18~30_19&aiixl=32_9~27_3~29_5~30_6&aslmct=0.7&asamct=0.7&aisaib=1&itsi=-1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1720750236453&bpp=3&bdt=499&idt=205&shv=r20240709&mjsv=m202407080101&ptt=9&saldr=aa&abxe=1&eoidce=1&nras=1&correlator=6463846838261&frm=20&pv=2&ga_vid=1615989705.1720750237&ga_sid=1720750237&ga_hid=1687089377&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C42532523%2C95334509%2C95334527%2C95334830%2C95337094%2C31078663%2C31078668%2C31078670&oid=2&pvsid=2641613847905843&tmod=1650662560&uas=0&nvt=1&fsapi=1&fc=1920&brdim=1570%2C1170%2C1570%2C1170%2C1600%2C0%2C1600%2C1285%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&nt=1&ifi=1&uci=a!1&fsb=1&dtd=226
Frame ID: AF722C8C771C3810A0B945853280EE19
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 72FD10A21BE2532C72D81A8E0E798AE0
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

CrystalRay operations have scaled 10x to over 1,500 victims