dalas-1main.paiza-user-basic.cloud Open in urlscan Pro
133.130.116.241 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://dhl-net.web.app/
Effective URL:
https://dalas-1main.paiza-user-basic.cloud/wp-includes/Requests/-/ILS/
Submission: On December 04 via api (December 4th 2022, 2:03:33 am UTC) from JP — Scanned from JP

Summary HTTP 9 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 9 HTTP transactions. The main IP is 133.130.116.241, located in Japan and belongs to INTERQ GMO Internet,Inc, JP. The main domain is dalas-1main.paiza-user-basic.cloud.
TLS certificate: Issued by R3 on October 9th 2022. Valid for: 3 months.

This is the only time dalas-1main.paiza-user-basic.cloud was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DHL (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1	2620:0:890::100 2620:0:890::100	54113 (FASTLY) (FASTLY)
3	133.130.116.241 133.130.116.241	7506 (INTERQ GM...) (INTERQ GMO Internet)
3	2600:9000:215... 2600:9000:2157:8800:15:285b:5440:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700:e2:... 2606:4700:e2::ac40:850f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	4

1 2620:0:890::100 (United States)

ASN54113 (FASTLY, US)

dhl-net.web.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 133.130.116.241 (Japan)

ASN7506 (INTERQ GMO Internet,Inc, JP)
PTR: v133-130-116-241.a047.g.tyo1.static.cnode.io

dalas-1main.paiza-user-basic.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:2157:8800:15:285b:5440:93a1 (United States)

ASN16509 (AMAZON-02, US)

assets.pay2.secured-by-ingenico.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:e2::ac40:850f (United States)

ASN13335 (CLOUDFLARENET, US)

use.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	secured-by-ingenico.com assets.pay2.secured-by-ingenico.com — Cisco Umbrella Rank: 472790	33 KB
3	paiza-user-basic.cloud dalas-1main.paiza-user-basic.cloud	87 KB
2	fontawesome.com use.fontawesome.com — Cisco Umbrella Rank: 908	84 KB
1	web.app dhl-net.web.app	484 B
9	4

	Domain	Requested by
3	assets.pay2.secured-by-ingenico.com	dalas-1main.paiza-user-basic.cloud assets.pay2.secured-by-ingenico.com
3	dalas-1main.paiza-user-basic.cloud	dalas-1main.paiza-user-basic.cloud
2	use.fontawesome.com	dalas-1main.paiza-user-basic.cloud use.fontawesome.com
1	dhl-net.web.app
9	4

This site contains links to these domains. Also see Links.

Domain
www.dhl.ch
payment.pay2.secured-by-ingenico.com

Subject Issuer	Validity	Valid
web.app GTS CA 1D4	`2022-10-19` - `2023-01-17`	3 months	crt.sh
paiza-user.cloud R3	`2022-10-09` - `2023-01-07`	3 months	crt.sh
assets.secured-by-ingenico.com Amazon	`2022-09-18` - `2023-10-16`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-06` - `2023-06-05`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://dalas-1main.paiza-user-basic.cloud/wp-includes/Requests/-/ILS/
Frame ID: 8367E36A0A0552205B044D81665A0213
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

MasterCard - Zusätzliche Informationen

Page URL History Show full URLs

https://dhl-net.web.app/ Page URL
https://dalas-1main.paiza-user-basic.cloud/wp-includes/Requests/-/ILS/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

9
Requests

100 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

205 kB
Transfer

474 kB
Size

7
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: http://www.dhl.ch/de.html
Title: Home page

Search URL Search Domain Scan URL

URL: http://www.dhl.ch/de/rechtliche_hinweise.html#t_c
Title: Terms of Use

Search URL Search Domain Scan URL

URL: https://payment.pay2.secured-by-ingenico.com/checkout/6742-3c6ca89d905040d3ae7e1a5d4871fa92:64be154f-0626-4068-993f-cb3ec16ebe73:3063e5608e0e4797938d333e66912794/privacy.html
Title: Privacy Policy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://dhl-net.web.app/ Page URL
https://dalas-1main.paiza-user-basic.cloud/wp-includes/Requests/-/ILS/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
dhl-net.web.app/ 172 B
484 B 224ms
211ms Document
text/html 2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://dhl-net.web.app/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

f83d356c02728e0458e843bf4d600dc9c2d6a22c0d60d5fe41c3ee3900203279

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
accept-language: jp-JP,jp;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control: max-age=3600
content-encoding: br
content-length: 113
content-type: text/html; charset=utf-8
date: Sun, 04 Dec 2022 02:03:28 GMT
etag: "df18c6b7b26c85786ea8c2499415e45811c6e3882c116b5b345567afd1167e18-br"
last-modified: Sat, 03 Dec 2022 11:47:58 GMT
strict-transport-security: max-age=31556926; includeSubDomains; preload
vary: x-fh-requested-host, accept-encoding
x-cache: MISS
x-cache-hits: 0
x-served-by: cache-nrt-rjtf7700045-NRT
x-timer: S1670119409.528980,VS0,VE205

GET
H/1.1 200
OK Primary Request / Show response
dalas-1main.paiza-user-basic.cloud/wp-includes/Requests/-/ILS/ 39 KB
7 KB 2350ms
2342ms Document
text/html 133.130.116.241
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL

https://dalas-1main.paiza-user-basic.cloud/wp-includes/Requests/-/ILS/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

133.130.116.241 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),

Reverse DNS

v133-130-116-241.a047.g.tyo1.static.cnode.io

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

3a074cbf28306959975d1098288252da9ff5226110ee1c43e6e028d200855efe

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' http://localhost:3333 http://localhost:9000 http://localhost:3000 paiza.cloud .paiza.cloud paiza.jp .paiza.jp .paiza-user.cloud .paiza-user2.cloud .paiza-user-demo.cloud .paiza-user-free.cloud .paiza-user-lite.cloud .paiza-user-basic.cloud *.paiza-user-learning.cloud

Request headers

Referer: https://dhl-net.web.app/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
accept-language: jp-JP,jp;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 6595
Content-Security-Policy: frame-ancestors 'self' http://localhost:3333 http://localhost:9000 http://localhost:3000 paiza.cloud *.paiza.cloud paiza.jp *.paiza.jp *.paiza-user.cloud *.paiza-user2.cloud *.paiza-user-demo.cloud *.paiza-user-free.cloud *.paiza-user-lite.cloud *.paiza-user-basic.cloud *.paiza-user-learning.cloud
Content-Type: text/html; charset=UTF-8
Date: Sun, 04 Dec 2022 02:03:31 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Server: nginx/1.14.0 (Ubuntu)
Vary: Accept-Encoding

GET
H/1.1 200
OK ruxitagentjs_ICA2SVfqrux_10219210719121502.js.download Show response
dalas-1main.paiza-user-basic.cloud/wp-includes/Requests/-/ILS/files/ 206 KB
79 KB 17ms
15ms Script
application/javascript 133.130.116.241
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL

https://dalas-1main.paiza-user-basic.cloud/wp-includes/Requests/-/ILS/files/ruxitagentjs_ICA2SVfqrux_10219210719121502.js.download

Requested by

Host: dalas-1main.paiza-user-basic.cloud
URL: https://dalas-1main.paiza-user-basic.cloud/wp-includes/Requests/-/ILS/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

133.130.116.241 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),

Reverse DNS

v133-130-116-241.a047.g.tyo1.static.cnode.io

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

4e1ee10a401c38e620a515a306d9ee7279e0b65ac2cd21e428bc1cb0cd1fa29e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' http://localhost:3333 http://localhost:9000 http://localhost:3000 paiza.cloud .paiza.cloud paiza.jp .paiza.jp .paiza-user.cloud .paiza-user2.cloud .paiza-user-demo.cloud .paiza-user-free.cloud .paiza-user-lite.cloud .paiza-user-basic.cloud *.paiza-user-learning.cloud

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://dalas-1main.paiza-user-basic.cloud/wp-includes/Requests/-/ILS/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

Date: Sun, 04 Dec 2022 02:03:31 GMT
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self' http://localhost:3333 http://localhost:9000 http://localhost:3000 paiza.cloud *.paiza.cloud paiza.jp *.paiza.jp *.paiza-user.cloud *.paiza-user2.cloud *.paiza-user-demo.cloud *.paiza-user-free.cloud *.paiza-user-lite.cloud *.paiza-user-basic.cloud *.paiza-user-learning.cloud
Last-Modified: Sat, 03 Dec 2022 11:42:51 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "33612-5eeeaf440bf7c-gzip"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes

GET
H2 200 html-header.css
assets.pay2.secured-by-ingenico.com/templates/generic/responsive/wro/ 91 KB
17 KB 28ms
4ms Stylesheet
text/css 2600:9000:2157:8800:15:285b:5440:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.pay2.secured-by-ingenico.com/templates/generic/responsive/wro/html-header.css?hash=798bdc858747c8c656e8e9cd5897f58615b99ac5
Requested by: Host: dalas-1main.paiza-user-basic.cloud
URL: https://dalas-1main.paiza-user-basic.cloud/wp-includes/Requests/-/ILS/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2157:8800:15:285b:5440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Apache/2.4.54 (Unix) OpenSSL/1.1.1p /
Resource Hash: 822fa933a4d3cac163035454dd92c0244ded67d56137b9d6c06442d1bd0bdd9b

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://dalas-1main.paiza-user-basic.cloud/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Thu, 01 Dec 2022 06:29:05 GMT
content-encoding: gzip
via: 1.1 60c50cffacae235c43f510af74c11cda.cloudfront.net (CloudFront)
last-modified: Tue, 22 Nov 2022 15:24:00 GMT
server: Apache/2.4.54 (Unix) OpenSSL/1.1.1p
x-amz-cf-pop: NRT12-C3
age: 243265
etag: "320ae4a50eb58b5889a076523b93ae74c8ebfba1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css;charset=UTF-8
cache-control: public, max-age=315360000
content-length: 16685
x-amz-cf-id: 3tTaM7rhQL9orIljx5bioEsXRmNpg0_kUqRB6ZBzGPwixuwtWQbDdw==
expires: Wed, 22 Nov 2023 15:24:00 GMT

GET
H2 200 all.css
use.fontawesome.com/releases/v5.5.0/css/ 50 KB
12 KB 708ms
694ms Stylesheet
text/css 2606:4700:e2::ac40:850f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.5.0/css/all.css
Requested by: Host: dalas-1main.paiza-user-basic.cloud
URL: https://dalas-1main.paiza-user-basic.cloud/wp-includes/Requests/-/ILS/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:850f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9e4cac65c7a5ee0bd0743afefcabdd3e73854e1284ac9ac433813d6231f550f2

Request headers

Referer: https://dalas-1main.paiza-user-basic.cloud/
Origin: https://dalas-1main.paiza-user-basic.cloud
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Sun, 04 Dec 2022 02:03:31 GMT
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: XC61NDFFXHKD0WK6
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2: u6TnAI53bPlzPOHCGJ5EaILk/DA+YtW+uI8kFoQ7jIMu/py++/yZX6BDwu/z3apTtI8Bha5QHxU=
last-modified: Wed, 30 Jun 2021 15:43:32 GMT
server: cloudflare
etag: W/"1cc6c92172d124fbd305ba3d8e263333"
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xMTfSO2wMvgMlDUixXjTYt1E%2Ba%2FLLadi%2F2LUCQBCIWymA3lMdocwzJO5iV8hU9Ei8wYEko0SxjnR8kZPnXKR7nJxekq86nu7vT3abstQOSpsJmQKYLTDxxMDP%2F%2FJjvMpAEw5y63er262iay04gjeyknP"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31556926
cf-ray: 7740f74fcd18af85-NRT

GET
H2 200 DHL_rgb_300x66.png
assets.pay2.secured-by-ingenico.com/assets/6742/1e0d56b535f2690df49197fbde5a60b5d3c7c4e0/ 7 KB
8 KB 4ms
4ms Image
image/png 2600:9000:2157:8800:15:285b:5440:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.pay2.secured-by-ingenico.com/assets/6742/1e0d56b535f2690df49197fbde5a60b5d3c7c4e0/DHL_rgb_300x66.png?size=300x66
Requested by: Host: dalas-1main.paiza-user-basic.cloud
URL: https://dalas-1main.paiza-user-basic.cloud/wp-includes/Requests/-/ILS/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2157:8800:15:285b:5440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Apache/2.4.54 (Unix) OpenSSL/1.1.1p /
Resource Hash: 3762059e0b188a72b2873a5758701799ab8000390207406500ae68ca25b2e2ff

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://dalas-1main.paiza-user-basic.cloud/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Sun, 04 Dec 2022 01:01:11 GMT
via: 1.1 60c50cffacae235c43f510af74c11cda.cloudfront.net (CloudFront)
last-modified: Wed, 07 Apr 2021 14:52:14 GMT
server: Apache/2.4.54 (Unix) OpenSSL/1.1.1p
x-amz-cf-pop: NRT12-C3
age: 3740
etag: 1e0d56b535f2690df49197fbde5a60b5d3c7c4e0
x-cache: Hit from cloudfront
content-type: image/png
cache-control: public, max-age=31536000000
content-length: 7338
x-amz-cf-id: -JjAOdplDn8qBDNDpvKCrS6guzLVfHcfV1zh6DEQ-EmRKzMytxMTQQ==
expires: Mon, 04 Dec 2023 01:01:11 GMT

GET
H2 200 icons.woff
assets.pay2.secured-by-ingenico.com/templates/generic/responsive/global/fonts/icons/ 9 KB
9 KB 17ms
4ms Font
application/font-woff 2600:9000:2157:8800:15:285b:5440:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.pay2.secured-by-ingenico.com/templates/generic/responsive/global/fonts/icons/icons.woff?mn9aw4
Requested by: Host: assets.pay2.secured-by-ingenico.com
URL: https://assets.pay2.secured-by-ingenico.com/templates/generic/responsive/wro/html-header.css?hash=798bdc858747c8c656e8e9cd5897f58615b99ac5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2157:8800:15:285b:5440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Apache/2.4.54 (Unix) OpenSSL/1.1.1p /
Resource Hash: 97fbe33023fe314b0f76128757e5cb818dee430cd0985e4c418b6bb4b93df78b

Request headers

Referer: https://assets.pay2.secured-by-ingenico.com/templates/generic/responsive/wro/html-header.css?hash=798bdc858747c8c656e8e9cd5897f58615b99ac5
Origin: https://dalas-1main.paiza-user-basic.cloud
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Sun, 04 Dec 2022 01:01:13 GMT
via: 1.1 3713468e68e20152a89ab133cc836320.cloudfront.net (CloudFront)
last-modified: Mon, 21 Nov 2022 14:32:24 GMT
server: Apache/2.4.54 (Unix) OpenSSL/1.1.1p
x-amz-cf-pop: NRT12-C3
age: 3738
etag: W/"+1yoEtZ+vAQBZ5CUhtM0LA=="
vary: Origin
x-cache: Hit from cloudfront
content-type: application/font-woff
access-control-allow-origin: https://dalas-1main.paiza-user-basic.cloud
cache-control: public, max-age=31536000000
access-control-allow-credentials: true
x-amz-cf-id: PN36SC9osY9Ftc2PinVokbAY62Rmjei-5sbNgVodtLXNezNCwzr9Bw==
expires: Mon, 04 Dec 2023 01:01:13 GMT

GET
H2 200 fa-solid-900.woff2
use.fontawesome.com/releases/v5.5.0/webfonts/ 72 KB
73 KB 369ms
369ms Font
font/woff2 2606:4700:e2::ac40:850f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://use.fontawesome.com/releases/v5.5.0/webfonts/fa-solid-900.woff2
Requested by: Host: use.fontawesome.com
URL: https://use.fontawesome.com/releases/v5.5.0/css/all.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:850f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7798165ee5a3c6809310d8261dcbe7c8d0c12d795b7b09a71af3eb86ec8f33f2

Request headers

Referer: https://use.fontawesome.com/releases/v5.5.0/css/all.css
Origin: https://dalas-1main.paiza-user-basic.cloud
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36

Response headers

date: Sun, 04 Dec 2022 02:03:32 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: XC665JCX47V0DDYK
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 73852
x-amz-id-2: lxdO+eoH6NVdfguOtwpdXtZSSYJrn3g6AGnjVew5kn8Zr4RPP/iNZEyIoN8TcEBTgwPKpKr91M0=
last-modified: Wed, 30 Jun 2021 15:43:51 GMT
server: cloudflare
etag: "fb493903265cad425ccdf8e04fc2de61"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: font/woff2
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4YPUSTDmKHMf4pUBcxwsVL%2BkCIKtb4GsjgThTTe5ed69Uh5fii7FQc8iplrR%2Fxzeo5LW%2FhuUBTq0t%2FwfBlJVqJna%2BSilIK142ZpPnkMN3DPKoqH4grbJ3fciUHEZobhSSc1ttxPB5tzJf9GwiUlTnPHh"}],"group":"cf-nel","max_age":604800}
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
cache-control: max-age=31556926
accept-ranges: bytes
cf-ray: 7740f7542965af85-NRT

POST
H/1.1 404
Not Found rb_b296011e-7abb-4056-b0aa-84f4b18e2840 Show response
dalas-1main.paiza-user-basic.cloud/ 296 B
799 B 5ms
5ms XHR
text/html 133.130.116.241
INTERQ GMO Internet

General

Check archive.org

Show headers Download Go to

Full URL

https://dalas-1main.paiza-user-basic.cloud/rb_b296011e-7abb-4056-b0aa-84f4b18e2840?type=js3&sn=v_4_srv_-2D27_sn_AN56Q5C7I13F9BL188EMDHAAUHOQS3LE&svrid=-27&flavor=post&vi=BNCMQRSFPPRLCJMRVIORHHWIMFGNSOHV-0&modifiedSince=1631269093345&rf=https%3A%2F%2Fdalas-1main.paiza-user-basic.cloud%2Fwp-includes%2FRequests%2F-%2FILS%2F&bp=3&app=68fc6a26fcbdc3b0&crc=1639386815&en=yyd8k2pf&end=1

Requested by

Host: dalas-1main.paiza-user-basic.cloud
URL: https://dalas-1main.paiza-user-basic.cloud/wp-includes/Requests/-/ILS/files/ruxitagentjs_ICA2SVfqrux_10219210719121502.js.download

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

133.130.116.241 , Japan, ASN7506 (INTERQ GMO Internet,Inc, JP),

Reverse DNS

v133-130-116-241.a047.g.tyo1.static.cnode.io

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

f730927c58ebd42c5a183c10de438b1a44babf91a0c6e8803f4a94afe2b90363

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' http://localhost:3333 http://localhost:9000 http://localhost:3000 paiza.cloud .paiza.cloud paiza.jp .paiza.jp .paiza-user.cloud .paiza-user2.cloud .paiza-user-demo.cloud .paiza-user-free.cloud .paiza-user-lite.cloud .paiza-user-basic.cloud *.paiza-user-learning.cloud

Request headers

Referer: https://dalas-1main.paiza-user-basic.cloud/wp-includes/Requests/-/ILS/
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.71 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Sun, 04 Dec 2022 02:03:32 GMT
Content-Security-Policy: frame-ancestors 'self' http://localhost:3333 http://localhost:9000 http://localhost:3000 paiza.cloud *.paiza.cloud paiza.jp *.paiza.jp *.paiza-user.cloud *.paiza-user2.cloud *.paiza-user-demo.cloud *.paiza-user-free.cloud *.paiza-user-lite.cloud *.paiza-user-basic.cloud *.paiza-user-learning.cloud
Content-Encoding: gzip
Server: nginx/1.14.0 (Ubuntu)
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DHL (Transportation)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange object| dT_ object| dtrum

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
dalas-1main.paiza-user-basic.cloud/	1969-12-31 23:59:59	Name: PHPSESSID Value: 2rjok1j071ik8ijqk9bb97rvbd
.paiza-user-basic.cloud/	1969-12-31 23:59:59	Name: dtCookie Value: v_4_srv_-2D27_sn_AN56Q5C7I13F9BL188EMDHAAUHOQS3LE
.paiza-user-basic.cloud/	1969-12-31 23:59:59	Name: rxVisitor Value: 16701194112139S31E47G29BL95VNMHQMS5BP3EDGE3NI
.paiza-user-basic.cloud/	1969-12-31 23:59:59	Name: dtSa Value: -
.paiza-user-basic.cloud/	1969-12-31 23:59:59	Name: dtLatC Value: 5
.paiza-user-basic.cloud/	1969-12-31 23:59:59	Name: rxvt Value: 1670121211867\|1670119411215
.paiza-user-basic.cloud/	1969-12-31 23:59:59	Name: dtPC Value: -27$319411210_669h-vBNCMQRSFPPRLCJMRVIORHHWIMFGNSOHV-0e1

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://dalas-1main.paiza-user-basic.cloud/rb_b296011e-7abb-4056-b0aa-84f4b18e2840?type=js3&sn=v_4_srv_-2D27_sn_AN56Q5C7I13F9BL188EMDHAAUHOQS3LE&svrid=-27&flavor=post&vi=BNCMQRSFPPRLCJMRVIORHHWIMFGNSOHV-0&modifiedSince=1631269093345&rf=https%3A%2F%2Fdalas-1main.paiza-user-basic.cloud%2Fwp-includes%2FRequests%2F-%2FILS%2F&bp=3&app=68fc6a26fcbdc3b0&crc=1639386815&en=yyd8k2pf&end=1 Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.pay2.secured-by-ingenico.com
dalas-1main.paiza-user-basic.cloud
dhl-net.web.app
use.fontawesome.com
133.130.116.241
2600:9000:2157:8800:15:285b:5440:93a1
2606:4700:e2::ac40:850f
2620:0:890::100
3762059e0b188a72b2873a5758701799ab8000390207406500ae68ca25b2e2ff
3a074cbf28306959975d1098288252da9ff5226110ee1c43e6e028d200855efe
4e1ee10a401c38e620a515a306d9ee7279e0b65ac2cd21e428bc1cb0cd1fa29e
7798165ee5a3c6809310d8261dcbe7c8d0c12d795b7b09a71af3eb86ec8f33f2
822fa933a4d3cac163035454dd92c0244ded67d56137b9d6c06442d1bd0bdd9b
97fbe33023fe314b0f76128757e5cb818dee430cd0985e4c418b6bb4b93df78b
9e4cac65c7a5ee0bd0743afefcabdd3e73854e1284ac9ac433813d6231f550f2
f730927c58ebd42c5a183c10de438b1a44babf91a0c6e8803f4a94afe2b90363
f83d356c02728e0458e843bf4d600dc9c2d6a22c0d60d5fe41c3ee3900203279

dalas-1main.paiza-user-basic.cloud Open in urlscan Pro 133.130.116.241 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

9 Requests

100 %HTTPS

75 %IPv6

4 Domains

4 Subdomains

4 IPs

2 Countries

205 kBTransfer

474 kBSize

7 Cookies

3 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

7 Cookies

1 Console Messages

Security Headers

Indicators

dalas-1main.paiza-user-basic.cloud Open in urlscan Pro
133.130.116.241 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

100 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

205 kB
Transfer

474 kB
Size

7
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!