Submitted URL: https://wickedcuteboutique.com/
Effective URL: https://www.wickedcuteboutique.com/
Submission Tags: phishingrod
Submission: On September 03 via api from DE — Scanned from DE

Summary

This website contacted 3 IPs in 2 countries across 5 domains to perform 7 HTTP transactions. The main IP is 38.207.5.82, located in Chai Wan, Hong Kong and belongs to MYCLOUD-AS-AP LUOGELANG FRANCE LIMITED, HK. The main domain is www.wickedcuteboutique.com.
TLS certificate: Issued by E5 on September 2nd 2024. Valid for: 3 months.
This is the only time www.wickedcuteboutique.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 3 38.207.5.82 135097 (MYCLOUD-A...)
3 202.79.172.42 152194 (CTGSERVER...)
7 3
Apex Domain
Subdomains
Transfer
3 wickedcuteboutique.com
wickedcuteboutique.com
www.wickedcuteboutique.com
2 KB
2 jifa001.com
www.jifa001.com
1 KB
1 jifa003.com
jifa003.com
1010 B
0 51.la Failed
sdk.51.la Failed
0 baidu.com Failed
hm.baidu.com Failed
7 5
Domain Requested by
2 www.jifa001.com www.wickedcuteboutique.com
www.jifa001.com
2 www.wickedcuteboutique.com 1 redirects
1 jifa003.com www.wickedcuteboutique.com
1 wickedcuteboutique.com 1 redirects
0 sdk.51.la Failed www.wickedcuteboutique.com
0 hm.baidu.com Failed jifa003.com
7 6
Subject Issuer Validity Valid
wickedcuteboutique.com
E5
2024-09-02 -
2024-12-01
3 months crt.sh
jifa003.com
R10
2024-08-25 -
2024-11-23
3 months crt.sh

This page contains 2 frames:

Primary Page: https://www.wickedcuteboutique.com/
Frame ID: B7670981F4F1614B03C95B555732560E
Requests: 6 HTTP requests in this frame

Frame: https://www.jifa001.com/go/ky2.html
Frame ID: 643BF5D11F3041A5DEFC0F5AF14F55A6
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

亚搏娱乐【中国】有限公司-官网

Page URL History Show full URLs

  1. https://wickedcuteboutique.com/ HTTP 301
    http://www.wickedcuteboutique.com/ HTTP 307
    https://www.wickedcuteboutique.com/ HTTP 307
    http://www.wickedcuteboutique.com/ HTTP 301
    https://www.wickedcuteboutique.com/ Page URL

Page Statistics

7
Requests

57 %
HTTPS

0 %
IPv6

5
Domains

6
Subdomains

3
IPs

2
Countries

3 kB
Transfer

5 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://wickedcuteboutique.com/ HTTP 301
    http://www.wickedcuteboutique.com/ HTTP 307
    https://www.wickedcuteboutique.com/ HTTP 307
    http://www.wickedcuteboutique.com/ HTTP 301
    https://www.wickedcuteboutique.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
www.wickedcuteboutique.com/
Redirect Chain
  • https://wickedcuteboutique.com/
  • http://www.wickedcuteboutique.com/
  • https://www.wickedcuteboutique.com/
  • http://www.wickedcuteboutique.com/
  • https://www.wickedcuteboutique.com/
2 KB
1 KB
Document
General
Full URL
https://www.wickedcuteboutique.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
38.207.5.82 Chai Wan, Hong Kong, ASN135097 (MYCLOUD-AS-AP LUOGELANG FRANCE LIMITED, HK),
Reverse DNS
Software
nginx/1.14.2 /
Resource Hash
2091e9265ca360dc71e8ec138a5628bfdca2013b89165dbcb9815b71e9260004

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Tue, 03 Sep 2024 00:07:30 GMT
server
nginx/1.14.2
vary
Accept-Encoding

Redirect headers

Connection
keep-alive
Content-Length
185
Content-Type
text/html
Date
Tue, 03 Sep 2024 00:07:27 GMT
Location
https://www.wickedcuteboutique.com/
Server
nginx/1.14.2
ky.js
jifa003.com/js/23/9/j/
1 KB
1010 B
Script
General
Full URL
https://jifa003.com/js/23/9/j/ky.js
Requested by
Host: www.wickedcuteboutique.com
URL: https://www.wickedcuteboutique.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
202.79.172.42 , Singapore, ASN152194 (CTGSERVERLIMITED-AS-AP CTG Server Limited, HK),
Reverse DNS
Software
nginx /
Resource Hash
2db855e8ba3f624c8f7406aabec089c55c2834cb3c33a49fea4dfc53dc3dd6d9

Request headers

Referer
https://www.wickedcuteboutique.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Tue, 03 Sep 2024 00:07:32 GMT
Content-Encoding
gzip
Last-Modified
Mon, 26 Feb 2024 07:38:44 GMT
Server
nginx
ETag
W/"65dc4004-5d9"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
keep-alive
ky.js
www.jifa001.com/js/
2 KB
1 KB
Script
General
Full URL
https://www.jifa001.com/js/ky.js
Requested by
Host: www.wickedcuteboutique.com
URL: https://www.wickedcuteboutique.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
202.79.172.42 , Singapore, ASN152194 (CTGSERVERLIMITED-AS-AP CTG Server Limited, HK),
Reverse DNS
Software
nginx /
Resource Hash
2a4f058f5d70e3755b7a07c76736edba7ee869e534cb6d5d571d0cb6c5662d8c

Request headers

Referer
https://www.wickedcuteboutique.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Tue, 03 Sep 2024 00:07:32 GMT
Content-Encoding
gzip
Last-Modified
Fri, 01 Dec 2023 07:52:27 GMT
Server
nginx
ETag
W/"656990bb-6c1"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
keep-alive
hm.js
hm.baidu.com/
0
0

hm.js
hm.baidu.com/
0
0

ky2.html
www.jifa001.com/go/ Frame 643B
0
0
Document
General
Full URL
https://www.jifa001.com/go/ky2.html
Requested by
Host: www.jifa001.com
URL: https://www.jifa001.com/js/ky.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
202.79.172.42 , Singapore, ASN152194 (CTGSERVERLIMITED-AS-AP CTG Server Limited, HK),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Referer
https://www.wickedcuteboutique.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Tue, 03 Sep 2024 00:07:34 GMT
ETag
W/"6645a60e-f6e"
Last-Modified
Thu, 16 May 2024 06:22:06 GMT
Server
nginx
Transfer-Encoding
chunked
Vary
Accept-Encoding
js-sdk-pro.min.js
sdk.51.la/
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
hm.baidu.com
URL
https://hm.baidu.com/hm.js?928e308f9c5573be67e569cf51250d86
Domain
hm.baidu.com
URL
https://hm.baidu.com/hm.js?433f39914c55d17679a89f0df1df6ebb
Domain
sdk.51.la
URL
https://sdk.51.la/js-sdk-pro.min.js

Verdicts & Comments Add Verdict or Comment

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 string| l_a_n_g_age string| sen_type string| c_d1 string| c_d2 object| _hmt function| isMobile string| url function| getIosVersion string| u function| randomNum object| LA

0 Cookies

2 Console Messages

Source Level URL
Text
javascript warning
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.jifa001.com/js/ky.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://www.jifa001.com/js/ky.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.