indusrivervalley.org Open in urlscan Pro
2606:4700:3035::ac43:c792 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://rotf.lol/israelpos
Effective URL:
https://indusrivervalley.org/redirect/ar/
Submission: On January 28 via manual (January 28th 2023, 4:12:07 pm UTC) from IL — Scanned from NL

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 14 HTTP transactions. The main IP is 2606:4700:3035::ac43:c792, located in United States and belongs to CLOUDFLARENET, US. The main domain is indusrivervalley.org.
TLS certificate: Issued by GTS CA 1P5 on December 20th 2022. Valid for: 3 months.

This is the only time indusrivervalley.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Israel Post (Transporation)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
13	2606:4700:303... 2606:4700:3035::ac43:c792	13335 (CLOUDFLAR...) (CLOUDFLARENET)
14	2

1 2a06:98c1:3121::3 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

rotf.lol	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2606:4700:3035::ac43:c792 (United States)

ASN13335 (CLOUDFLARENET, US)

indusrivervalley.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	indusrivervalley.org indusrivervalley.org	110 KB
1	rotf.lol 1 redirects rotf.lol — Cisco Umbrella Rank: 772406	634 B
14	2

	Domain	Requested by
13	indusrivervalley.org	indusrivervalley.org
1	rotf.lol	1 redirects
14	2

This site contains no links.

Subject Issuer	Validity	Valid
*.indusrivervalley.org GTS CA 1P5	`2022-12-20` - `2023-03-20`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://indusrivervalley.org/redirect/ar/
Frame ID: 262799BD4423034F0C45A1FA832AA527
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

שירות הדואר הישראלי

Page URL History Show full URLs

https://rotf.lol/israelpos HTTP 301
https://indusrivervalley.org/redirect/ar/ Page URL

Page Statistics

14
Requests

93 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

110 kB
Transfer

172 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://rotf.lol/israelpos HTTP 301
https://indusrivervalley.org/redirect/ar/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
indusrivervalley.org/redirect/ar/
Redirect Chain

https://rotf.lol/israelpos
https://indusrivervalley.org/redirect/ar/

4 KB
2 KB

397ms
155ms

Document
text/html

2606:4700:3035::ac43:c792
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://indusrivervalley.org/redirect/ar/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:c792 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7fbd5eb92e6146753c21a5b43617adbd64c49a328d92d16b149844287e3385e7

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 790b01e418139c0c-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sat, 28 Jan 2023 16:12:02 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oUcUFzU7vslgEnMllfcaQpwQOyfVzM8ptLgQW0I9Mk8Pq5u1S2r2y%2Btvgq34W8JG8k8AS%2Fsh9EOiP1JABSyvoQSZ%2BRFqspAhlTAm1E7D4d6sENXqkBfWTQFPxDxd4DD%2F7AhCpd49uNA1JlY7GdtOfyvf%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: max-age=0, public, s-max-age=900, stale-if-error: 86400
cf-cache-status: DYNAMIC
cf-ray: 790b01e0688b0bc5-AMS
content-type: text/html; charset=UTF-8
date: Sat, 28 Jan 2023 16:12:02 GMT
location: https://indusrivervalley.org/redirect/ar/
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: unsafe-url
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hXY7jZ%2Fjj50S6U0p4eEkLAfn2GotrJvw0cDxPHkrzJo1F9EgdlNqmwHzgeSlpkTzsYg9qrg7F7Q%2Bmncb%2BhS32APsk9fRIkHSBntsPztGvchJY9vMFVlQrpQPnNNNFYpB0iuR6aXHIg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
x-powered-by: PHP/8.1.10
x-xss-protection: 1; mode=block

GET
H2 200 main.css
indusrivervalley.org/redirect/ar/inc/ 1 KB
857 B 91ms
90ms Stylesheet
text/css 2606:4700:3035::ac43:c792
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://indusrivervalley.org/redirect/ar/inc/main.css
Requested by: Host: indusrivervalley.org
URL: https://indusrivervalley.org/redirect/ar/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:c792 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ad79673c9e4d4b18c65b4f1db5404f41941deb982ea8cb37d5753a8d82307c2f

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://indusrivervalley.org/redirect/ar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sat, 28 Jan 2023 16:12:02 GMT
content-encoding: br
cf-cache-status: REVALIDATED
cf-bgj: minify
last-modified: Fri, 22 Jul 2022 14:56:48 GMT
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=1467
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hhy%2FN2ooyNVCMV71g5jPu4zHnpigv2wfNyRahAGvfbVV2XduLYYdqmsOqMC31Tcz7A7Z7bOspTqy1LW35w9Wa6UTcKQUt1I8X4pVygqSF6r7lba7EAoqdGE%2Btk7xUv8XkyB%2Bw%2BDZrg5csXGMeRImo9taIw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 790b01e52ad59c0c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 cora.png
indusrivervalley.org/redirect/ar/inc/ 641 B
1003 B 88ms
87ms Image
image/png 2606:4700:3035::ac43:c792
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://indusrivervalley.org/redirect/ar/inc/cora.png
Requested by: Host: indusrivervalley.org
URL: https://indusrivervalley.org/redirect/ar/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:c792 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bd80bbe4f601eb38a50867880a0460a940f08acbdbadfc22c38873be8be58ed6

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://indusrivervalley.org/redirect/ar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sat, 28 Jan 2023 16:12:02 GMT
cf-cache-status: REVALIDATED
last-modified: Fri, 22 Jul 2022 12:06:14 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=anp7bcbJ6e7JkY29DEq3z26WejilTLLjTOHZ415kdivGVaoxKk0wDC0ebhlYufS%2FwEWysN1RtCpdGsFvPMvfxcBPSKer39CHOqGG5ReCymLgpOV77XOy8RvjRYlO9xFK2PH81%2F9AKA2Pvs2889Sil49evQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 790b01e52ad89c0c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 641

GET
H2 200 post.png
indusrivervalley.org/redirect/ar/inc/ 5 KB
6 KB 154ms
149ms Image
image/png 2606:4700:3035::ac43:c792
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://indusrivervalley.org/redirect/ar/inc/post.png
Requested by: Host: indusrivervalley.org
URL: https://indusrivervalley.org/redirect/ar/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:c792 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7cff082fe3676f7e02428c7d1b72b5daf671c05eb60e4e53ddd10267080111f0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://indusrivervalley.org/redirect/ar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sat, 28 Jan 2023 16:12:02 GMT
cf-cache-status: REVALIDATED
last-modified: Fri, 22 Jul 2022 11:51:40 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CWEMXSvWC8g2bMC8lVBPBc8CtGvNrCL9p%2Fa7xp492BcAMehT%2BziaHCwDXtl9%2Ba8iwi%2FAU5vfzCtLYczR%2BnpqiWnrHE19XWkHozLW%2BKV0xwfWN%2FSoJXFMhRlR8pIEDh%2FuewDRUN3vvQUqSIOPkWHXBtUmlw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 790b01e54b319c0c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5437

GET
H2 200 99.png
indusrivervalley.org/redirect/ar/inc/ 5 KB
6 KB 167ms
162ms Image
image/png 2606:4700:3035::ac43:c792
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://indusrivervalley.org/redirect/ar/inc/99.png
Requested by: Host: indusrivervalley.org
URL: https://indusrivervalley.org/redirect/ar/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:c792 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 32cb3c5c141802399b8c1d60bca37c971ab660f1bb22e32e7084bd4778a0a0b0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://indusrivervalley.org/redirect/ar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sat, 28 Jan 2023 16:12:02 GMT
cf-cache-status: REVALIDATED
last-modified: Fri, 22 Jul 2022 12:35:36 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eNah8gYrG8Zq1qiwJ%2BY0raaHlr%2FTw%2FJQpIi3IlGA1C%2FCEL6lb25WrE3tDcak1rNiByF4UcR9tcUy6z1viLrta8MgX670wDFhAwkvWQiWBnGOjSIma0GaE1ZqzMYr6q1D4Qui0KR%2Fu%2BrN6MA57u8z%2BtrKOA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 790b01e54b359c0c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5493

GET
H2 200 t60.png
indusrivervalley.org/redirect/ar/inc/ 57 KB
58 KB 113ms
108ms Image
image/png 2606:4700:3035::ac43:c792
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://indusrivervalley.org/redirect/ar/inc/t60.png
Requested by: Host: indusrivervalley.org
URL: https://indusrivervalley.org/redirect/ar/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:c792 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6dbd37899c2653b6e7ce1f32ecfd72854cf26b235e7f82e83c80397e7390791d

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://indusrivervalley.org/redirect/ar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sat, 28 Jan 2023 16:12:02 GMT
cf-cache-status: REVALIDATED
last-modified: Fri, 22 Jul 2022 13:19:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=96hjt8GYhTupsJL7sC%2FhVKVmagw2sAZgSWBclVOuRyRnziNzbGtFLwfBVn%2B2v5gs25Y7glyxVag9xiYe6IcWlZLY1LyRv%2B4jfnbSB%2FXzarGrvRMaPfOXGoLdLO71VJC8SR8HlW0DnliXe7yn7mIc6aZeJQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 790b01e54b389c0c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 58694

GET
H2 200 jq.js Show response
indusrivervalley.org/redirect/ar/inc// 87 KB
32 KB 157ms
151ms Script
application/javascript 2606:4700:3035::ac43:c792
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://indusrivervalley.org/redirect/ar/inc//jq.js
Requested by: Host: indusrivervalley.org
URL: https://indusrivervalley.org/redirect/ar/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:c792 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 72037311a4dfde4d042df73e31b7cbeafc0bdf2aaa605b69aff3326015a396da

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://indusrivervalley.org/redirect/ar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sat, 28 Jan 2023 16:12:02 GMT
content-encoding: br
cf-cache-status: REVALIDATED
cf-bgj: minify
last-modified: Sun, 17 Jul 2022 05:32:36 GMT
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=89501
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hI6TOKDVOTppXrDxudGZsUMo7U8Idki%2BELaUhYlcRmqX7Q4frt00wMkecNJ6YPOBAJ9zBEuvlJiceegF%2F5eWJT1VryyEmIgiThAzhu9K0ryPzwdi89Hr7dt%2FqrrUfwWGofq1aZmj9nLlIaJr6G%2F4FP%2BRbQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 790b01e54b2c9c0c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 m.js Show response
indusrivervalley.org/redirect/ar/inc// 11 KB
4 KB 113ms
107ms Script
application/javascript 2606:4700:3035::ac43:c792
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://indusrivervalley.org/redirect/ar/inc//m.js
Requested by: Host: indusrivervalley.org
URL: https://indusrivervalley.org/redirect/ar/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::ac43:c792 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 072eb05095eeede132910b564b573b1dd4c53478ea8c44cf2a9d39be56886794

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://indusrivervalley.org/redirect/ar/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sat, 28 Jan 2023 16:12:02 GMT
content-encoding: br
cf-cache-status: REVALIDATED
cf-bgj: minify
last-modified: Sun, 17 Jul 2022 05:32:38 GMT
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=23176
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZCOh1XHPLTS47quKcG5naJB50w%2B7aX%2BF%2FndiIiPJF5F4GHFUnzYZs9iWlwtBiinJbYWgf1MYX44Sr0ChvpXz6FXO7rQMwnF9eDd6TCaxfBOa3uH0OrFe%2BpG9OlyxLc7QPLe%2FLxc30f%2BkzyVGuqgPbG5Gww%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 790b01e54b2d9c0c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 404 h.ttf
indusrivervalley.org/redirect/ar/inc/ 0
0 4242ms
4236ms Font
text/html 2606:4700:3035::ac43:c792
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://indusrivervalley.org/redirect/ar/inc/h.ttf

Requested by

Host: indusrivervalley.org
URL: https://indusrivervalley.org/redirect/ar/inc/main.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::ac43:c792 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://indusrivervalley.org/redirect/ar/inc/main.css
Origin: https://indusrivervalley.org
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date: Sat, 28 Jan 2023 16:12:07 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-xss-protection: 1; mode=block
referrer-policy: unsafe-url
server: cloudflare
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UfoV%2FD4GuBZBfTdzLK9IzSjyB6%2Ftz2lcJl8SbhmYCbHpXq6Duy9BI8dNxU9eI1q2WE0XGFvksSMtY0ZkDfBQug%2BGWkQhhnnvQpXkJKZfbQCdPEqBC9YmWOsSg66j6YgReKc3juda5UOXhioWGOJfUCQuUA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, must-revalidate, max-age=0
cf-ray: 790b01e5fdff163e-FRA
link: <https://indusrivervalley.org/wp-json/>; rel="https://api.w.org/"
expires: Wed, 11 Jan 1984 05:00:00 GMT

POST
H3 500 spy.php Show response
indusrivervalley.org/redirect/ar/ 0
479 B 239ms
239ms XHR
text/html 2606:4700:3035::ac43:c792
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://indusrivervalley.org/redirect/ar/spy.php
Requested by: Host: indusrivervalley.org
URL: https://indusrivervalley.org/redirect/ar/inc//jq.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::ac43:c792 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: */*
Referer: https://indusrivervalley.org/redirect/ar/
X-Requested-With: XMLHttpRequest
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Sat, 28 Jan 2023 16:12:03 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G8vPPgy%2Bw8p%2F7nf1X3bAU%2B2VosvaHJ%2FqtfiTDcdZrlzL5VVdEBB186ndSk2Y7XVBTQBwTFhlSx6z0GCPMh27f7syy0%2ByAd78YjXfce%2B4wyRhDm4WCYTg%2F5Qls4oDWZQl4C4KkhcwKw%2BimGEcbJa4fnIpfA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cf-ray: 790b01e69eee163e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

POST
H3 200 date.php Show response
indusrivervalley.org/redirect/ar/ 21 B
465 B 228ms
228ms XHR
text/html 2606:4700:3035::ac43:c792
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://indusrivervalley.org/redirect/ar/date.php
Requested by: Host: indusrivervalley.org
URL: https://indusrivervalley.org/redirect/ar/inc//jq.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::ac43:c792 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9035ff7b7eaf5e77341f28d85dca60891260ef8e531e07f40cb9c1acab00efbb

Request headers

Accept: */*
Referer: https://indusrivervalley.org/redirect/ar/
X-Requested-With: XMLHttpRequest
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Sat, 28 Jan 2023 16:12:04 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jQIe6sjFEaXfRL40IX%2FQyFc5cW1RNVxSloxdPoO3CJgNAUzYwLsHKJ3qtvKoxokZkTelPj6Cf%2BdQYn3hV6YfRO8aqC0sw7IKWLo292aVANzU2PdP0oE2vf6fZfHIwbbpJh05ZeyUl8gnwvBMxMKOz0%2B22g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cf-ray: 790b01eccf8a163e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

POST
H3 200 date.php Show response
indusrivervalley.org/redirect/ar/ 21 B
465 B 227ms
227ms XHR
text/html 2606:4700:3035::ac43:c792
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://indusrivervalley.org/redirect/ar/date.php
Requested by: Host: indusrivervalley.org
URL: https://indusrivervalley.org/redirect/ar/inc//jq.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::ac43:c792 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 03aec4465760e67eaa777a96bc2f27822d8e7526c6692b39fde02316dc5a9173

Request headers

Accept: */*
Referer: https://indusrivervalley.org/redirect/ar/
X-Requested-With: XMLHttpRequest
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Sat, 28 Jan 2023 16:12:05 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b5YY8M1yfImVtmwSD5PNeReAfS%2BQ2DJrmx6TkEjzmpQMYEfpvV5G9qcfS2Ewv8D3DmpivCCpoNlCgDl1zV87x3HLudYKiR5DdmaPBT5oHbTzRNcb4vuAlheh5%2FRhQxBI9J9zH6nk6ZuDQqDq2V2RBCIOQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cf-ray: 790b01f3083e163e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

POST
H3 200 date.php Show response
indusrivervalley.org/redirect/ar/ 21 B
469 B 323ms
322ms XHR
text/html 2606:4700:3035::ac43:c792
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://indusrivervalley.org/redirect/ar/date.php
Requested by: Host: indusrivervalley.org
URL: https://indusrivervalley.org/redirect/ar/inc//jq.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::ac43:c792 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 897666212b1a6002d15bc6e18bfe26932a605dbc1521c797da5356e728b5da81

Request headers

Accept: */*
Referer: https://indusrivervalley.org/redirect/ar/
X-Requested-With: XMLHttpRequest
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Sat, 28 Jan 2023 16:12:06 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7esbZiuZrKqeGJI4OuUkIa3GUND74R0OwYSCHbfe0Pf%2BZZBlXqX8%2Ft9Laix%2BH5NOQNkuAS70BJ1QeQ16ghsJAktU9B0gdN69eUSoa6Hx9nA4FYG%2FWH1ZZ9Vv8SWZD6rBMZokfnkx2Ax%2FQWTLvY9m9IKEGA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cf-ray: 790b01f94936163e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

POST date.php
indusrivervalley.org/redirect/ar/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: indusrivervalley.org
URL: https://indusrivervalley.org/redirect/ar/date.php

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Israel Post (Transporation)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange function| $ function| jQuery number| c

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://indusrivervalley.org/redirect/ar/spy.php Message: Failed to load resource: the server responded with a status of 500 ()
network	error	URL: https://indusrivervalley.org/redirect/ar/inc/h.ttf Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

indusrivervalley.org
rotf.lol
indusrivervalley.org
2606:4700:3035::ac43:c792
2a06:98c1:3121::3
03aec4465760e67eaa777a96bc2f27822d8e7526c6692b39fde02316dc5a9173
072eb05095eeede132910b564b573b1dd4c53478ea8c44cf2a9d39be56886794
32cb3c5c141802399b8c1d60bca37c971ab660f1bb22e32e7084bd4778a0a0b0
6dbd37899c2653b6e7ce1f32ecfd72854cf26b235e7f82e83c80397e7390791d
72037311a4dfde4d042df73e31b7cbeafc0bdf2aaa605b69aff3326015a396da
7cff082fe3676f7e02428c7d1b72b5daf671c05eb60e4e53ddd10267080111f0
7fbd5eb92e6146753c21a5b43617adbd64c49a328d92d16b149844287e3385e7
897666212b1a6002d15bc6e18bfe26932a605dbc1521c797da5356e728b5da81
9035ff7b7eaf5e77341f28d85dca60891260ef8e531e07f40cb9c1acab00efbb
ad79673c9e4d4b18c65b4f1db5404f41941deb982ea8cb37d5753a8d82307c2f
bd80bbe4f601eb38a50867880a0460a940f08acbdbadfc22c38873be8be58ed6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

indusrivervalley.org Open in urlscan Pro 2606:4700:3035::ac43:c792 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

14 Requests

93 %HTTPS

100 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

110 kBTransfer

172 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

0 Cookies

2 Console Messages

Indicators

indusrivervalley.org Open in urlscan Pro
2606:4700:3035::ac43:c792 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

93 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

110 kB
Transfer

172 kB
Size

0
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!