www.usnordstromrack.shop
Open in
urlscan Pro
172.67.173.249
Malicious Activity!
Public Scan
Submission: On January 24 via manual from US
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on November 23rd 2020. Valid for: a year.
This is the only time www.usnordstromrack.shop was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Fake Shop (Fashion)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
22 | 172.67.173.249 172.67.173.249 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 122.228.91.87 122.228.91.87 | 134771 (CHINATELE...) (CHINATELECOM-ZHEJIANG-WENZHOU-IDC WENZHOU) | |
1 | 183.131.207.66 183.131.207.66 | 136190 (CHINATELE...) (CHINATELECOM-ZHEJIANG-JINHUA-IDC JINHUA) | |
24 | 4 |
ASN134771 (CHINATELECOM-ZHEJIANG-WENZHOU-IDC WENZHOU, ZHEJIANG Province, P.R.China., CN)
js.users.51.la |
ASN136190 (CHINATELECOM-ZHEJIANG-JINHUA-IDC JINHUA, ZHEJIANG Province, P.R.China., CN)
ia.51.la |
Apex Domain Subdomains |
Transfer | |
---|---|---|
22 |
usnordstromrack.shop
www.usnordstromrack.shop |
170 KB |
2 |
51.la
js.users.51.la ia.51.la |
3 KB |
24 | 2 |
Domain | Requested by | |
---|---|---|
22 | www.usnordstromrack.shop |
www.usnordstromrack.shop
|
1 | ia.51.la |
www.usnordstromrack.shop
|
1 | js.users.51.la |
www.usnordstromrack.shop
|
24 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-11-23 - 2021-11-22 |
a year | crt.sh |
*.users.51.la GlobalSign GCC R3 DV TLS CA 2020 |
2020-08-27 - 2022-04-19 |
2 years | crt.sh |
*.51.la GlobalSign GCC R3 DV TLS CA 2020 |
2020-08-27 - 2022-05-16 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.usnordstromrack.shop/orders_ddfd34c65ca94a530b916f8486edfeff
Frame ID: DE8427756FA63C3746A75556F9344048
Requests: 25 HTTP requests in this frame
Screenshot
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
CloudFlare (CDN) Expand
Detected patterns
- headers server /^cloudflare$/i
OWL Carousel (Widgets) Expand
Detected patterns
- html /<link [^>]*href="[^"]+owl\.carousel(?:\.min)?\.css/i
- script /owl\.carousel.*\.js/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
- html /<link [^>]*href="[^"]+owl\.carousel(?:\.min)?\.css/i
- script /owl\.carousel.*\.js/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
24 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
orders_ddfd34c65ca94a530b916f8486edfeff
www.usnordstromrack.shop/ |
42 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
www.usnordstromrack.shop/js/jquery/bootstrap-3.3.7/css/ |
45 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font_375202_rffro0w6xuutmx6r.css
www.usnordstromrack.shop/js/jquery/ |
19 KB 13 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style-fonts.css
www.usnordstromrack.shop/includes/templates/qn_pg01/css/ |
803 B 478 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style-ie.css
www.usnordstromrack.shop/includes/templates/qn_pg01/css/ |
1 KB 815 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style_owl.carousel.min.css
www.usnordstromrack.shop/includes/templates/qn_pg01/css/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles.css
www.usnordstromrack.shop/includes/templates/qn_pg01/css/ |
70 KB 14 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
www.usnordstromrack.shop/js/jquery/ |
91 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
base.js
www.usnordstromrack.shop/js/jquery/ |
3 KB 911 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
validate.js
www.usnordstromrack.shop/js/jquery/ |
20 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tabs.js
www.usnordstromrack.shop/js/jquery/ |
373 B 505 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jscript_noscroll.js
www.usnordstromrack.shop/includes/templates/qn_pg01/js/ |
2 KB 842 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jscript_owl.carousel.min.js
www.usnordstromrack.shop/includes/templates/qn_pg01/js/ |
39 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jscript_touchSlider.js
www.usnordstromrack.shop/includes/templates/qn_pg01/js/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
www.usnordstromrack.shop/includes/templates/qn_pg01/images/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
paypal.gif
www.usnordstromrack.shop/images/payment/ |
9 KB 9 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
09b6973e0d7100ca81a2de56d950f32a.jpg
www.usnordstromrack.shop/images/cache/0/9/ |
3 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
footer-right.png
www.usnordstromrack.shop/includes/templates/qn_pg01/images/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
20997301.js
js.users.51.la/ |
5 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
down.png
www.usnordstromrack.shop/includes/templates/qn_pg01/images/ |
207 B 501 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pfdintextpro-regular.woff
www.usnordstromrack.shop/includes/templates/qn_pg01/css/ |
25 KB 25 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
11 KB 11 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
i_msg-success.gif
www.usnordstromrack.shop/includes/templates/qn_pg01/images/ |
1 KB 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pfdintextpro-medium.woff
www.usnordstromrack.shop/includes/templates/qn_pg01/css/ |
26 KB 27 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
go1
ia.51.la/ |
0 254 B |
Image
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Fake Shop (Fashion)21 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery function| popWin function| setLocation function| setPLocation function| decorateGeneric function| decorateList function| decorateDataList function| decorateTable function| TouchSlide function| hideCategory object| jQuery190058660608532091563 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.usnordstromrack.shop/ | Name: __51laig__ Value: 1 |
|
www.usnordstromrack.shop/ | Name: __51cke__ Value: |
|
www.usnordstromrack.shop/ | Name: __tins__20997301 Value: %7B%22sid%22%3A%201611522363314%2C%20%22vd%22%3A%201%2C%20%22expires%22%3A%201611524163314%7D |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ia.51.la
js.users.51.la
www.usnordstromrack.shop
122.228.91.87
172.67.173.249
183.131.207.66
02bf568f6ef31ee7b116b9577962188d94f24b62d1b616e33e42a9da3ed21ccb
03f9afd614ee37a5eca69647317c5ac37f0ee24fdafcfad641b8664e5d0aa796
0ad5b365b92aefa251c4c572a5e3d5b778acd81666ecb0d92842a4078d3dbc03
0b178e330a8c382e2911c8e51b65ecd836a09d9538be1f40d3fb5499cda00b57
16b87b6524f1b7c3e4e8ebde71268ab0e6e37e2fdefb4452ef47c27c37477e11
452207668490304c70d64d5b8973865ee4effad48e6cff1a3d5aa89c3880effc
5723e39c0316483bbe0bbf4719778336a4a62647ca194786521a795f1d2b4d3b
60a973fee3d4fd469ee70f2df2e2caa21fee6672a8138b48eb727021fc7b84cf
6f7a1c16234b4190cd398f474a05e0845567690ec337a18e166ee33749888289
83553d22ccd56e5576d544f6ba93475c712b3c02d312893eea2acc16de5fcf91
8acac9b46ff7139f00ecbae4b5492907f39dc911598cbb6961dc7b42355c4203
9addda8ff695cbece2414c7c7b81ffd3b7173c2844be96846ed8c65d7843b7b8
a372effab3cefaa9cc3101a2f59fe463b13806878e976b4b502d5ff1b371e6f3
b1030ea3308286b797d9104961e2b64ca680fc9e1673c3a68dcfd5ccc26ac85e
b3ac0e210cfcba2b2c52e1edb9b2905efcb3f78bab9d2977fe614593e7dd49d3
c42a2602c83756ec1a345defbfb378702d2cc65bbeaa19c872d7f84c3595eb8a
d0d7cc414c1b9ec941210c0c08f5e4b0650b8a9be6b6b309e623d698f3aea115
d90322a12b16f2d0ffcef3c3af4e0846bafdff25dd601aa8a0b907683c90caba
ddb3fed3b6c90bf9f0a06c28783f60038088f5c284dd26f8fbc529f17f9cab81
decbc6e4fae1a6fdd1d89f7fddac2530e91a6e606e71aa2a3c6c80ed5c171185
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ee9e4a2bfd2c7b46886c255f87fdc8c6e8c0b764c68c3fe7ff2416628b35f590
ef0096e57c6b0e3903d16e4c5cc172b9d6c680dd63b2d74b061b99c4309891ad
f985e7d7aa871c19747c2fc976dea220a0f8fbd334cc03115b202d053753e663
fbf090c09481172872d498943649f38702370e6aa3c90e250476214ae2d34dcb