report-uber.com Open in urlscan Pro
185.174.174.220  Malicious Activity! Public Scan

URL: http://report-uber.com/
Submission: On April 16 via manual from US

Summary

This website contacted 6 IPs in 3 countries across 5 domains to perform 13 HTTP transactions. The main IP is 185.174.174.220, located in Ukraine and belongs to ITLDC-NL, UA. The main domain is report-uber.com.
This is the only time report-uber.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Uber (Transportation)

Domain & IP information

Domain Requested by
6 mazipan.github.io report-uber.com
mazipan.github.io
4 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com mazipan.github.io
1 report-uber.com
0 trip-uber.eu Failed report-uber.com
13 5

This site contains links to these domains. Also see Links.

Domain
www.trip-uber.eu
Subject Issuer Validity Valid
www.github.com
DigiCert SHA2 High Assurance Server CA
2020-05-06 -
2022-04-14
2 years crt.sh
upload.video.google.com
GTS CA 1O1
2021-03-16 -
2021-06-08
3 months crt.sh
*.gstatic.com
GTS CA 1O1
2021-03-23 -
2021-06-15
3 months crt.sh

This page contains 1 frames:

Primary Page: http://report-uber.com/
Frame ID: 63BE92930696CE5EDE54CD78A189E202
Requests: 13 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Overall confidence: 100%
Detected patterns
  • html /<[^>]+data-react/i

Page Statistics

13
Requests

85 %
HTTPS

60 %
IPv6

5
Domains

5
Subdomains

6
IPs

3
Countries

42 kB
Transfer

59 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
report-uber.com/
2 KB
1 KB
Document
General
Full URL
http://report-uber.com/
Protocol
HTTP/1.1
Server
185.174.174.220 , Ukraine, ASN21100 (ITLDC-NL, UA),
Reverse DNS
220-cp6nl.hyperhost.ua
Software
nginx /
Resource Hash
32ed694505a97763d5312f8b15b123b50408f1063314f4fcb99f352ff0350141
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
report-uber.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Server
nginx
Date
Fri, 16 Apr 2021 15:46:56 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
Last-Modified
Thu, 18 Mar 2021 01:07:38 GMT
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
X-Nginx-Cache-Status
MISS
X-Server-Powered-By
Engintron
Content-Encoding
gzip
normalize.41f8bcf8.css
mazipan.github.io/login-page-css/
1 KB
683 B
Stylesheet
General
Full URL
https://mazipan.github.io/login-page-css/normalize.41f8bcf8.css
Requested by
Host: report-uber.com
URL: http://report-uber.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.199.108.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
cdn-185-199-108-153.github.com
Software
GitHub.com /
Resource Hash
8984a0e491a1016cd9284d6821c6a3d82efebccb212b1896a73206f963569e3d

Request headers

Referer
http://report-uber.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fastly-request-id
991f4df47c126b07a1fb77208b4959aea2e5c36f
date
Fri, 16 Apr 2021 15:46:56 GMT
content-encoding
gzip
age
0
x-cache
MISS
content-length
543
x-served-by
cache-hhn4080-HHN
access-control-allow-origin
*
last-modified
Wed, 06 Jan 2021 22:15:05 GMT
server
GitHub.com
x-github-request-id
696A:2EA6:30929A:319F82:6079B170
x-timer
S1618588016.259395,VS0,VE91
etag
W/"5ff63669-459"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
via
1.1 varnish
expires
Fri, 16 Apr 2021 15:56:56 GMT
cache-control
max-age=600
accept-ranges
bytes
x-proxy-cache
MISS
x-cache-hits
0
additional.79ec92a1.css
mazipan.github.io/login-page-css/
624 B
506 B
Stylesheet
General
Full URL
https://mazipan.github.io/login-page-css/additional.79ec92a1.css
Requested by
Host: report-uber.com
URL: http://report-uber.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.199.108.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
cdn-185-199-108-153.github.com
Software
GitHub.com /
Resource Hash
4567754593707197b95d2a34aa44a8f4d83960009b6dd583d33e3dd4976f7ed7

Request headers

Referer
http://report-uber.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fastly-request-id
3b336c76421dc752dafa7bbb4548725087ee4d9c
date
Fri, 16 Apr 2021 15:46:56 GMT
content-encoding
gzip
age
0
x-cache
MISS
content-length
366
x-served-by
cache-hhn4080-HHN
access-control-allow-origin
*
last-modified
Wed, 06 Jan 2021 22:15:05 GMT
server
GitHub.com
x-github-request-id
8BEE:2FA9:329A8F:350518:6079B170
x-timer
S1618588016.259626,VS0,VE87
etag
W/"5ff63669-270"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
via
1.1 varnish
expires
Fri, 16 Apr 2021 15:56:56 GMT
cache-control
max-age=600
accept-ranges
bytes
x-proxy-cache
MISS
x-cache-hits
0
style.68b13908.css
mazipan.github.io/login-page-css/
4 KB
2 KB
Stylesheet
General
Full URL
https://mazipan.github.io/login-page-css/style.68b13908.css
Requested by
Host: report-uber.com
URL: http://report-uber.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.199.108.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
cdn-185-199-108-153.github.com
Software
GitHub.com /
Resource Hash
516b2c007cce3cd432037c6197ac7bd6fe6008b2fbd8a88183c4c222d7d57a8c

Request headers

Referer
http://report-uber.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fastly-request-id
904aa5116552ad4a6c57b7993fca751be7d96a19
date
Fri, 16 Apr 2021 15:46:56 GMT
content-encoding
gzip
age
0
x-cache
MISS
content-length
1296
x-served-by
cache-hhn4080-HHN
access-control-allow-origin
*
last-modified
Wed, 06 Jan 2021 22:15:05 GMT
server
GitHub.com
x-github-request-id
2366:CE41:34D2C2:373FE5:6079B170
x-timer
S1618588016.259618,VS0,VE94
etag
W/"5ff63669-118b"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
via
1.1 varnish
expires
Fri, 16 Apr 2021 15:56:56 GMT
cache-control
max-age=600
accept-ranges
bytes
x-proxy-cache
MISS
x-cache-hits
0
Ubr_Logo_White_RGB-da68b0cf59.svg
trip-uber.eu/
0
0

next.ce8c3dd8.svg
mazipan.github.io/login-page-css/
575 B
493 B
Image
General
Full URL
https://mazipan.github.io/login-page-css/next.ce8c3dd8.svg
Requested by
Host: report-uber.com
URL: http://report-uber.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.199.108.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
cdn-185-199-108-153.github.com
Software
GitHub.com /
Resource Hash
538dd2c8e2bb427ddc81c9227e9b22947f15194a4c4aebe72e0a46919f909b15

Request headers

Referer
http://report-uber.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fastly-request-id
17ca23e5292327d38d635222b0958a557055ae8a
date
Fri, 16 Apr 2021 15:46:56 GMT
content-encoding
gzip
age
0
x-cache
MISS
content-length
342
x-served-by
cache-hhn4080-HHN
access-control-allow-origin
*
last-modified
Wed, 06 Jan 2021 22:15:05 GMT
server
GitHub.com
x-github-request-id
CB62:13322:1C63A4:1D048B:6079B170
x-timer
S1618588016.259625,VS0,VE87
etag
W/"5ff63669-23f"
vary
Accept-Encoding
content-type
image/svg+xml
via
1.1 varnish
expires
Fri, 16 Apr 2021 15:56:56 GMT
cache-control
max-age=600
accept-ranges
bytes
x-proxy-cache
MISS
x-cache-hits
0
css2
fonts.googleapis.com/
4 KB
642 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Poppins:wght@300;400;500;600&display=swap
Requested by
Host: mazipan.github.io
URL: https://mazipan.github.io/login-page-css/style.68b13908.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
0f334da460abbd2499d5f315918eddc40a343949f7f041a1a56b8aff122974ee
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://mazipan.github.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 16 Apr 2021 14:29:35 GMT
server
ESF
date
Fri, 16 Apr 2021 15:46:56 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 16 Apr 2021 15:46:56 GMT
batik.e48f741e.png
mazipan.github.io/login-page-css/
2 KB
2 KB
Image
General
Full URL
https://mazipan.github.io/login-page-css/batik.e48f741e.png
Requested by
Host: mazipan.github.io
URL: https://mazipan.github.io/login-page-css/style.68b13908.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.199.108.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
cdn-185-199-108-153.github.com
Software
GitHub.com /
Resource Hash
6ce43c7accefa88ab03769c04f254855a5ecd65262930b1bf5cd32e07838c1cb

Request headers

Referer
https://mazipan.github.io/login-page-css/style.68b13908.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fastly-request-id
97a0c4f59e6eb9a57619b2f9b8696371dd6b91aa
date
Fri, 16 Apr 2021 15:46:56 GMT
via
1.1 varnish
age
0
x-cache
MISS
content-length
2037
x-served-by
cache-hhn4080-HHN
last-modified
Wed, 06 Jan 2021 22:15:05 GMT
server
GitHub.com
x-github-request-id
764A:76EF:360C1:3806E:6079B170
x-timer
S1618588016.399223,VS0,VE83
etag
"5ff63669-7f5"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
expires
Fri, 16 Apr 2021 15:56:56 GMT
cache-control
max-age=600
accept-ranges
bytes
x-origin-cache
HIT
x-proxy-cache
MISS
x-cache-hits
0
pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/
8 KB
8 KB
Font
General
Full URL
https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:wght@300;400;500;600&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3834f0a520d623453cdb6b03b88331bc0394367eb18809f1037ea18c699ebded
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
http://report-uber.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 11 Apr 2021 10:03:38 GMT
x-content-type-options
nosniff
last-modified
Thu, 05 Nov 2020 22:01:23 GMT
server
sffe
age
452598
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7848
x-xss-protection
0
expires
Mon, 11 Apr 2022 10:03:38 GMT
pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v15/
8 KB
8 KB
Font
General
Full URL
https://fonts.gstatic.com/s/poppins/v15/pxiEyp8kv8JHgFVrJJfecg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:wght@300;400;500;600&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
41e46faff74c6a77d581689ec35eb040f6c96d17f4d2c5b25dccd42ed498b01c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
http://report-uber.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 11 Apr 2021 10:03:38 GMT
x-content-type-options
nosniff
last-modified
Thu, 05 Nov 2020 22:02:01 GMT
server
sffe
age
452598
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7900
x-xss-protection
0
expires
Mon, 11 Apr 2022 10:03:38 GMT
bottom.ce47b0aa.svg
mazipan.github.io/login-page-css/
13 KB
3 KB
Image
General
Full URL
https://mazipan.github.io/login-page-css/bottom.ce47b0aa.svg
Requested by
Host: mazipan.github.io
URL: https://mazipan.github.io/login-page-css/style.68b13908.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.199.108.153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
cdn-185-199-108-153.github.com
Software
GitHub.com /
Resource Hash
1b47d690b84bab6e30936f63915985a97d496ff331422b3f6e32f1bd00312bf5

Request headers

Referer
https://mazipan.github.io/login-page-css/style.68b13908.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-fastly-request-id
ced1f73c0380c65795b05a1591dff875a27278f3
date
Fri, 16 Apr 2021 15:46:56 GMT
content-encoding
gzip
age
0
x-cache
MISS
content-length
3323
x-served-by
cache-hhn4080-HHN
access-control-allow-origin
*
last-modified
Wed, 06 Jan 2021 22:15:05 GMT
server
GitHub.com
x-github-request-id
EB32:ADE2:7B54C:86D4B:6079B170
x-timer
S1618588016.399345,VS0,VE89
etag
W/"5ff63669-3369"
vary
Accept-Encoding
content-type
image/svg+xml
via
1.1 varnish
expires
Fri, 16 Apr 2021 15:56:56 GMT
cache-control
max-age=600
accept-ranges
bytes
x-proxy-cache
MISS
x-cache-hits
0
pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/
8 KB
8 KB
Font
General
Full URL
https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:wght@300;400;500;600&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d7ba57e3ccc2e3b2bdf8cc9e613194b802607682bf473293c2e3e29de82c9491
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
http://report-uber.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sun, 11 Apr 2021 10:03:38 GMT
x-content-type-options
nosniff
last-modified
Thu, 05 Nov 2020 22:01:55 GMT
server
sffe
age
452598
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7776
x-xss-protection
0
expires
Mon, 11 Apr 2022 10:03:38 GMT
pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v15/
8 KB
8 KB
Font
General
Full URL
https://fonts.gstatic.com/s/poppins/v15/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:wght@300;400;500;600&display=swap
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b93b9165269362989e2855d0bf0ae232d7193a45c43627b2d03b26d7eb98263b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
http://report-uber.com
Referer
https://fonts.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 15 Apr 2021 02:03:02 GMT
x-content-type-options
nosniff
last-modified
Thu, 05 Nov 2020 22:02:10 GMT
server
sffe
age
135834
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7988
x-xss-protection
0
expires
Fri, 15 Apr 2022 02:03:02 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
trip-uber.eu
URL
https://trip-uber.eu/Ubr_Logo_White_RGB-da68b0cf59.svg

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Uber (Transportation)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block