www.rubazar.pro
Open in
urlscan Pro
87.236.16.22
Malicious Activity!
Public Scan
Effective URL: https://www.rubazar.pro/express/
Submission: On April 19 via api from IE — Scanned from DE
Summary
TLS certificate: Issued by R3 on March 12th 2022. Valid for: 3 months.
This is the only time www.rubazar.pro was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DHL (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 14.102.148.56 14.102.148.56 | 45352 (IPSERVERO...) (IPSERVERONE-AS-AP IP ServerOne Solutions Sdn Bhd) | |
4 | 87.236.16.22 87.236.16.22 | 198610 (BEGET-AS) (BEGET-AS) | |
3 | 2600:9000:21f... 2600:9000:21f3:2000:15:285b:5440:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 2a06:98c1:312... 2a06:98c1:3120::7 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
9 | 3 |
ASN45352 (IPSERVERONE-AS-AP IP ServerOne Solutions Sdn Bhd, MY)
PTR: ns72-mail03.small-dns.com
www.life.edu.my |
ASN198610 (BEGET-AS, RU)
PTR: ssl.tilda.beget.com
www.rubazar.pro |
ASN16509 (AMAZON-02, US)
assets.pay2.secured-by-ingenico.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
rubazar.pro
www.rubazar.pro |
213 KB |
3 |
secured-by-ingenico.com
assets.pay2.secured-by-ingenico.com — Cisco Umbrella Rank: 662664 |
33 KB |
2 |
fontawesome.com
use.fontawesome.com — Cisco Umbrella Rank: 942 |
84 KB |
1 |
life.edu.my
1 redirects
www.life.edu.my |
240 B |
9 | 4 |
Domain | Requested by | |
---|---|---|
4 | www.rubazar.pro |
www.rubazar.pro
|
3 | assets.pay2.secured-by-ingenico.com |
www.rubazar.pro
assets.pay2.secured-by-ingenico.com |
2 | use.fontawesome.com |
www.rubazar.pro
use.fontawesome.com |
1 | www.life.edu.my | 1 redirects |
9 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.dhl.ch |
payment.pay2.secured-by-ingenico.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
rubazar.pro R3 |
2022-03-12 - 2022-06-10 |
3 months | crt.sh |
assets.secured-by-ingenico.com Amazon |
2021-10-19 - 2022-11-16 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-07-07 - 2022-07-06 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.rubazar.pro/express/
Frame ID: 7DD94600F242BFCBE268DF21C229A7B1
Requests: 9 HTTP requests in this frame
Screenshot
Page Title
MasterCard - Zusätzliche InformationenPage URL History Show full URLs
-
http://www.life.edu.my/express/
HTTP 302
https://www.rubazar.pro/express/ Page URL
Detected technologies
Font Awesome (Font Scripts) ExpandDetected patterns
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Page Statistics
3 Outgoing links
These are links going to different origins than the main page.
Title: Startseite
Search URL Search Domain Scan URL
Title: Nutzungsbedingungen
Search URL Search Domain Scan URL
Title: Datenschutzrichtlinie
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://www.life.edu.my/express/
HTTP 302
https://www.rubazar.pro/express/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
www.rubazar.pro/express/ Redirect Chain
|
39 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ruxitagentjs_ICA2SVfqrux_10219210719121502.js.download
www.rubazar.pro/express/files/ |
206 KB 206 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
html-header.css
assets.pay2.secured-by-ingenico.com/templates/generic/responsive/wro/ |
90 KB 17 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.css
use.fontawesome.com/releases/v5.5.0/css/ |
50 KB 12 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
DHL_rgb_300x66.png
assets.pay2.secured-by-ingenico.com/assets/6742/1e0d56b535f2690df49197fbde5a60b5d3c7c4e0/ |
7 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icons.woff
assets.pay2.secured-by-ingenico.com/templates/generic/responsive/global/fonts/icons/ |
9 KB 9 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fa-solid-900.woff2
use.fontawesome.com/releases/v5.5.0/webfonts/ |
72 KB 73 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
rb_b296011e-7abb-4056-b0aa-84f4b18e2840
www.rubazar.pro/ |
74 B 168 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
rb_b296011e-7abb-4056-b0aa-84f4b18e2840
www.rubazar.pro/ |
74 B 168 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DHL (Transportation)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails object| dT_ object| dtrum6 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.rubazar.pro/ | Name: dtCookie Value: v_4_srv_-2D8_sn_CKDIR6D90RBSHU0Q0AV133SB99GM4JHJ |
|
.rubazar.pro/ | Name: rxVisitor Value: 1650402101174BE0URDDONRCD0AC7S3SKTAD1DJNHSHVV |
|
.rubazar.pro/ | Name: dtSa Value: - |
|
.rubazar.pro/ | Name: dtLatC Value: 369 |
|
.rubazar.pro/ | Name: rxvt Value: 1650403901336|1650402101176 |
|
.rubazar.pro/ | Name: dtPC Value: -8$402101169_433h-vEDHUDFPJHCROAHBFWQBQPQKTTHGSCGGA-0e1 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
assets.pay2.secured-by-ingenico.com
use.fontawesome.com
www.life.edu.my
www.rubazar.pro
14.102.148.56
2600:9000:21f3:2000:15:285b:5440:93a1
2a06:98c1:3120::7
87.236.16.22
0d29541c21e3b20994e5cf460a7b4ab14d1097261c876a47ae52bd893e5244b4
3762059e0b188a72b2873a5758701799ab8000390207406500ae68ca25b2e2ff
4e1ee10a401c38e620a515a306d9ee7279e0b65ac2cd21e428bc1cb0cd1fa29e
7798165ee5a3c6809310d8261dcbe7c8d0c12d795b7b09a71af3eb86ec8f33f2
78856f280164e2dcb78ed1ef60fb4bbc303089779b502f6a291c678a454d1ffc
7ac28ced4ffec739ff3ac227e4814d7003012cf2a2178a3e30186fe9d4b8f8d7
97fbe33023fe314b0f76128757e5cb818dee430cd0985e4c418b6bb4b93df78b
9e4cac65c7a5ee0bd0743afefcabdd3e73854e1284ac9ac433813d6231f550f2