www.rubazar.pro Open in urlscan Pro
87.236.16.22 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.life.edu.my/express/
Effective URL:
https://www.rubazar.pro/express/
Submission: On April 19 via api (April 19th 2022, 9:01:46 pm UTC) from IE — Scanned from DE

Summary HTTP 9 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 4 domains to perform 9 HTTP transactions. The main IP is 87.236.16.22, located in Russian Federation and belongs to BEGET-AS, RU. The main domain is www.rubazar.pro.
TLS certificate: Issued by R3 on March 12th 2022. Valid for: 3 months.

This is the only time www.rubazar.pro was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DHL (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1 1	14.102.148.56 14.102.148.56	45352 (IPSERVERO...) (IPSERVERONE-AS-AP IP ServerOne Solutions Sdn Bhd)
4	87.236.16.22 87.236.16.22	198610 (BEGET-AS) (BEGET-AS)
3	2600:9000:21f... 2600:9000:21f3:2000:15:285b:5440:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a06:98c1:312... 2a06:98c1:3120::7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
9	3

1 14.102.148.56 (Malaysia) 1 redirects

ASN45352 (IPSERVERONE-AS-AP IP ServerOne Solutions Sdn Bhd, MY)
PTR: ns72-mail03.small-dns.com

www.life.edu.my	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 87.236.16.22 (Russian Federation)

ASN198610 (BEGET-AS, RU)
PTR: ssl.tilda.beget.com

www.rubazar.pro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:21f3:2000:15:285b:5440:93a1 (United States)

ASN16509 (AMAZON-02, US)

assets.pay2.secured-by-ingenico.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a06:98c1:3120::7 (United States)

ASN13335 (CLOUDFLARENET, US)

use.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	rubazar.pro www.rubazar.pro	213 KB
3	secured-by-ingenico.com assets.pay2.secured-by-ingenico.com — Cisco Umbrella Rank: 662664	33 KB
2	fontawesome.com use.fontawesome.com — Cisco Umbrella Rank: 942	84 KB
1	life.edu.my 1 redirects www.life.edu.my	240 B
9	4

	Domain	Requested by
4	www.rubazar.pro	www.rubazar.pro
3	assets.pay2.secured-by-ingenico.com	www.rubazar.pro assets.pay2.secured-by-ingenico.com
2	use.fontawesome.com	www.rubazar.pro use.fontawesome.com
1	www.life.edu.my	1 redirects
9	4

This site contains links to these domains. Also see Links.

Domain
www.dhl.ch
payment.pay2.secured-by-ingenico.com

Subject Issuer	Validity	Valid
rubazar.pro R3	`2022-03-12` - `2022-06-10`	3 months	crt.sh
assets.secured-by-ingenico.com Amazon	`2021-10-19` - `2022-11-16`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-07` - `2022-07-06`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.rubazar.pro/express/
Frame ID: 7DD94600F242BFCBE268DF21C229A7B1
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

MasterCard - Zusätzliche Informationen

Page URL History Show full URLs

http://www.life.edu.my/express/ HTTP 302
https://www.rubazar.pro/express/ Page URL

Detected technologies

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

9
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

3
IPs

3
Countries

330 kB
Transfer

473 kB
Size

6
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: http://www.dhl.ch/de.html
Title: Startseite

Search URL Search Domain Scan URL

URL: http://www.dhl.ch/de/rechtliche_hinweise.html#t_c
Title: Nutzungsbedingungen

Search URL Search Domain Scan URL

URL: https://payment.pay2.secured-by-ingenico.com/checkout/6742-3c6ca89d905040d3ae7e1a5d4871fa92:64be154f-0626-4068-993f-cb3ec16ebe73:3063e5608e0e4797938d333e66912794/privacy.html
Title: Datenschutzrichtlinie

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.life.edu.my/express/ HTTP 302
https://www.rubazar.pro/express/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response www.rubazar.pro/express/ Redirect Chain http://www.life.edu.my/express/ https://www.rubazar.pro/express/	39 KB 6 KB	474ms 108ms	Document text/html	87.236.16.22 BEGET-AS
General Check archive.org Show headers Download Go to Full URL https://www.rubazar.pro/express/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 87.236.16.22 , Russian Federation, ASN198610 (BEGET-AS, RU), Reverse DNS ssl.tilda.beget.com Software nginx-reuseport/1.21.1 / PHP/7.1.33 Resource Hash `7ac28ced4ffec739ff3ac227e4814d7003012cf2a2178a3e30186fe9d4b8f8d7` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers content-encoding gzip content-type text/html date Tue, 19 Apr 2022 21:01:40 GMT server nginx-reuseport/1.21.1 vary Accept-Encoding x-powered-by PHP/7.1.33 Redirect headers Connection Upgrade, close Content-Length 0 Content-Type text/html Date Tue, 19 Apr 2022 21:01:40 GMT Location https://www.rubazar.pro/express/ Server Apache/2 Upgrade h2,h2c Vary User-Agent
GET H2	200	ruxitagentjs_ICA2SVfqrux_10219210719121502.js.download Show response www.rubazar.pro/express/files/	206 KB 206 KB	55ms 54ms	Script application/javascript	87.236.16.22 BEGET-AS
General Check archive.org Show headers Download Go to Full URL https://www.rubazar.pro/express/files/ruxitagentjs_ICA2SVfqrux_10219210719121502.js.download Requested by Host: www.rubazar.pro URL: https://www.rubazar.pro/express/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 87.236.16.22 , Russian Federation, ASN198610 (BEGET-AS, RU), Reverse DNS ssl.tilda.beget.com Software nginx-reuseport/1.21.1 / Resource Hash `4e1ee10a401c38e620a515a306d9ee7279e0b65ac2cd21e428bc1cb0cd1fa29e` Request headers accept-language de-DE,de;q=0.9 Referer https://www.rubazar.pro/express/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers date Tue, 19 Apr 2022 21:01:40 GMT last-modified Tue, 26 Oct 2021 13:16:26 GMT server nginx-reuseport/1.21.1 accept-ranges bytes etag "33612-5cf4148dfbe80" content-length 210450 content-type application/javascript
GET H2	200	html-header.css assets.pay2.secured-by-ingenico.com/templates/generic/responsive/wro/	90 KB 17 KB	79ms 14ms	Stylesheet text/css	2600:9000:21f3:2000:15:285b:5440:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://assets.pay2.secured-by-ingenico.com/templates/generic/responsive/wro/html-header.css?hash=798bdc858747c8c656e8e9cd5897f58615b99ac5 Requested by Host: www.rubazar.pro URL: https://www.rubazar.pro/express/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:21f3:2000:15:285b:5440:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Apache/2.4.53 (Unix) OpenSSL/1.1.1n / Resource Hash `78856f280164e2dcb78ed1ef60fb4bbc303089779b502f6a291c678a454d1ffc` Request headers accept-language de-DE,de;q=0.9 Referer https://www.rubazar.pro/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers date Tue, 19 Apr 2022 13:22:56 GMT content-encoding gzip last-modified Tue, 19 Apr 2022 11:34:00 GMT server Apache/2.4.53 (Unix) OpenSSL/1.1.1n age 27524 etag "c9c02b6cf46bcdcc01007b735f19a11756134185" vary Accept-Encoding x-cache Hit from cloudfront content-type text/css;charset=UTF-8 via 1.1 ccfe5851ecd4194e2d976fb32dec7538.cloudfront.net (CloudFront) cache-control public, max-age=315360000 x-amz-cf-pop FRA2-C2 content-length 16596 x-amz-cf-id sgGdApUTWcqnKKQlJgTfH8J5As6n2EZCvc3Axh500xzxZ4Oq4O1vFw== expires Wed, 19 Apr 2023 11:34:00 GMT
GET H2	200	all.css use.fontawesome.com/releases/v5.5.0/css/	50 KB 12 KB	119ms 49ms	Stylesheet text/css	2a06:98c1:3120::7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://use.fontawesome.com/releases/v5.5.0/css/all.css Requested by Host: www.rubazar.pro URL: https://www.rubazar.pro/express/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `9e4cac65c7a5ee0bd0743afefcabdd3e73854e1284ac9ac433813d6231f550f2` Request headers Referer https://www.rubazar.pro/ Origin https://www.rubazar.pro accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers date Tue, 19 Apr 2022 21:01:41 GMT content-encoding br vary Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 22022 access-control-allow-methods GET alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 x-amz-request-id G92Z0RE0YHEX67Q2 x-amz-id-2 f/vJcYnv0WG6+LdKpXtvHR1kWEd9iwcXT4cyax25Q9KIJloh9Ro3RwN8sZYlWBtZ9ntDc3d2q6g= last-modified Wed, 30 Jun 2021 15:43:32 GMT server cloudflare etag W/"1cc6c92172d124fbd305ba3d8e263333" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" access-control-max-age 3000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Dk%2F0feZzgkgkzhlX6XQdFVS0110i5UWchrz8i6HCxYmPQ692WYpFhUd2DkE9xE%2BSFVTf6jY0oYZnbyIG83wnCgjnSgoTWCEexbMBMUUONxTLLxyLOavJyhdIAtsh7jbr4tu%2FrOabY%2Bto0kd%2Biqz4Obdf"}],"group":"cf-nel","max_age":604800} content-type text/css access-control-allow-origin * cache-control max-age=31556926 cf-ray 6fe893ab9a354200-AMS
GET H2	200	DHL_rgb_300x66.png assets.pay2.secured-by-ingenico.com/assets/6742/1e0d56b535f2690df49197fbde5a60b5d3c7c4e0/	7 KB 8 KB	20ms 19ms	Image image/png	2600:9000:21f3:2000:15:285b:5440:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://assets.pay2.secured-by-ingenico.com/assets/6742/1e0d56b535f2690df49197fbde5a60b5d3c7c4e0/DHL_rgb_300x66.png?size=300x66 Requested by Host: www.rubazar.pro URL: https://www.rubazar.pro/express/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:21f3:2000:15:285b:5440:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Apache/2.4.53 (Unix) OpenSSL/1.1.1n / Resource Hash `3762059e0b188a72b2873a5758701799ab8000390207406500ae68ca25b2e2ff` Request headers accept-language de-DE,de;q=0.9 Referer https://www.rubazar.pro/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers date Tue, 19 Apr 2022 12:43:53 GMT via 1.1 ccfe5851ecd4194e2d976fb32dec7538.cloudfront.net (CloudFront) last-modified Wed, 07 Apr 2021 14:52:14 GMT server Apache/2.4.53 (Unix) OpenSSL/1.1.1n age 29867 etag 1e0d56b535f2690df49197fbde5a60b5d3c7c4e0 x-cache Hit from cloudfront content-type image/png cache-control public, max-age=31536000000 x-amz-cf-pop FRA2-C2 content-length 7338 x-amz-cf-id VDFWOlSKpWZyZ4JiNmWtSzzW_0d1eHl1P5s2XWm-E28IsbX1MQuVdg== expires Wed, 19 Apr 2023 12:43:54 GMT
GET H2	200	icons.woff assets.pay2.secured-by-ingenico.com/templates/generic/responsive/global/fonts/icons/	9 KB 9 KB	130ms 20ms	Font application/font-woff	2600:9000:21f3:2000:15:285b:5440:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://assets.pay2.secured-by-ingenico.com/templates/generic/responsive/global/fonts/icons/icons.woff?mn9aw4 Requested by Host: assets.pay2.secured-by-ingenico.com URL: https://assets.pay2.secured-by-ingenico.com/templates/generic/responsive/wro/html-header.css?hash=798bdc858747c8c656e8e9cd5897f58615b99ac5 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:21f3:2000:15:285b:5440:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software Apache/2.4.53 (Unix) OpenSSL/1.1.1n / Resource Hash `97fbe33023fe314b0f76128757e5cb818dee430cd0985e4c418b6bb4b93df78b` Request headers Referer https://assets.pay2.secured-by-ingenico.com/templates/generic/responsive/wro/html-header.css?hash=798bdc858747c8c656e8e9cd5897f58615b99ac5 Origin https://www.rubazar.pro accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers date Tue, 19 Apr 2022 14:54:17 GMT via 1.1 cc0ab20766d57035422a2c4c69fe0620.cloudfront.net (CloudFront) last-modified Fri, 18 Mar 2022 16:01:20 GMT server Apache/2.4.53 (Unix) OpenSSL/1.1.1n age 22043 etag W/"+1yoEtZ+vAQBZ5CUhtM0LA==" vary Origin x-cache Hit from cloudfront content-type application/font-woff access-control-allow-origin https://www.rubazar.pro cache-control public, max-age=31536000000 access-control-allow-credentials true x-amz-cf-pop FRA2-C2 x-amz-cf-id 6DJTqVRcUqotwZB5U3E9whykS9wfnB4nqIpL0G-cxHgxYBI-_xqRNg== expires Wed, 19 Apr 2023 14:54:18 GMT
GET H2	200	fa-solid-900.woff2 use.fontawesome.com/releases/v5.5.0/webfonts/	72 KB 73 KB	51ms 50ms	Font font/woff2	2a06:98c1:3120::7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://use.fontawesome.com/releases/v5.5.0/webfonts/fa-solid-900.woff2 Requested by Host: use.fontawesome.com URL: https://use.fontawesome.com/releases/v5.5.0/css/all.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `7798165ee5a3c6809310d8261dcbe7c8d0c12d795b7b09a71af3eb86ec8f33f2` Request headers Referer https://use.fontawesome.com/releases/v5.5.0/css/all.css Origin https://www.rubazar.pro accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers date Tue, 19 Apr 2022 21:01:41 GMT access-control-allow-methods GET vary Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 22021 cf-ray 6fe893acbc034200-AMS alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 73852 x-amz-id-2 E1I+S2aaIiVQ80Q1McRvwI7GtHokJpkZKgxFA+n+WEZNcjw2kJpxXh+yFMCmvwi9IFKzNddWKY0= last-modified Wed, 30 Jun 2021 15:43:51 GMT server cloudflare etag "fb493903265cad425ccdf8e04fc2de61" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" access-control-max-age 3000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9bKTrvZFEmonIDvH2OItyzjQ0r13QNF5abV033Emf0FOBp%2B%2BgUBhCI6lZAdg%2FXZ5mu7%2BjfhAwHN39NWfkF1ytLaAtAxeskAOeu9528oGAdAc%2FoLJKaMlNOid5BU9qLT3eGL%2FvQsxCShzBD%2B9tS3m6B8C"}],"group":"cf-nel","max_age":604800} x-amz-request-id NGWABH1T23NWPTGV access-control-allow-origin * cache-control max-age=31556926 accept-ranges bytes content-type font/woff2
POST H2	200	rb_b296011e-7abb-4056-b0aa-84f4b18e2840 Show response www.rubazar.pro/	74 B 168 B	119ms 119ms	XHR text/html	87.236.16.22 BEGET-AS
General Check archive.org Show headers Download Go to Full URL https://www.rubazar.pro/rb_b296011e-7abb-4056-b0aa-84f4b18e2840?type=js3&sn=v_4_srv_-2D8_sn_CKDIR6D90RBSHU0Q0AV133SB99GM4JHJ&svrid=-8&flavor=post&vi=EDHUDFPJHCROAHBFWQBQPQKTTHGSCGGA-0&modifiedSince=1631269093345&rf=https%3A%2F%2Fwww.rubazar.pro%2Fexpress%2F&bp=3&app=68fc6a26fcbdc3b0&crc=4181843596&en=yyd8k2pf&end=1 Requested by Host: www.rubazar.pro URL: https://www.rubazar.pro/express/files/ruxitagentjs_ICA2SVfqrux_10219210719121502.js.download Protocol H2 Security TLS 1.3, , AES_256_GCM Server 87.236.16.22 , Russian Federation, ASN198610 (BEGET-AS, RU), Reverse DNS ssl.tilda.beget.com Software nginx-reuseport/1.21.1 / PHP/7.1.33 Resource Hash `0d29541c21e3b20994e5cf460a7b4ab14d1097261c876a47ae52bd893e5244b4` Request headers Referer https://www.rubazar.pro/express/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers date Tue, 19 Apr 2022 21:01:42 GMT server nginx-reuseport/1.21.1 x-powered-by PHP/7.1.33 content-length 74 content-type text/html
POST H2	200	rb_b296011e-7abb-4056-b0aa-84f4b18e2840 Show response www.rubazar.pro/	74 B 168 B	220ms 219ms	XHR text/html	87.236.16.22 BEGET-AS
General Check archive.org Show headers Download Go to Full URL https://www.rubazar.pro/rb_b296011e-7abb-4056-b0aa-84f4b18e2840?type=js3&sn=v_4_srv_-2D8_sn_CKDIR6D90RBSHU0Q0AV133SB99GM4JHJ&svrid=-8&flavor=post&vi=EDHUDFPJHCROAHBFWQBQPQKTTHGSCGGA-0&modifiedSince=1631269093345&rf=https%3A%2F%2Fwww.rubazar.pro%2Fexpress%2F&bp=3&app=68fc6a26fcbdc3b0&crc=1404637529&en=yyd8k2pf&end=1 Requested by Host: www.rubazar.pro URL: https://www.rubazar.pro/express/files/ruxitagentjs_ICA2SVfqrux_10219210719121502.js.download Protocol H2 Security TLS 1.3, , AES_256_GCM Server 87.236.16.22 , Russian Federation, ASN198610 (BEGET-AS, RU), Reverse DNS ssl.tilda.beget.com Software nginx-reuseport/1.21.1 / PHP/7.1.33 Resource Hash `0d29541c21e3b20994e5cf460a7b4ab14d1097261c876a47ae52bd893e5244b4` Request headers Referer https://www.rubazar.pro/express/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers date Tue, 19 Apr 2022 21:01:44 GMT server nginx-reuseport/1.21.1 x-powered-by PHP/7.1.33 content-length 74 content-type text/html

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DHL (Transportation)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.rubazar.pro/	1969-12-31 23:59:59	Name: dtCookie Value: v_4_srv_-2D8_sn_CKDIR6D90RBSHU0Q0AV133SB99GM4JHJ
.rubazar.pro/	1969-12-31 23:59:59	Name: rxVisitor Value: 1650402101174BE0URDDONRCD0AC7S3SKTAD1DJNHSHVV
.rubazar.pro/	1969-12-31 23:59:59	Name: dtSa Value: -
.rubazar.pro/	1969-12-31 23:59:59	Name: dtLatC Value: 369
.rubazar.pro/	1969-12-31 23:59:59	Name: rxvt Value: 1650403901336\|1650402101176
.rubazar.pro/	1969-12-31 23:59:59	Name: dtPC Value: -8$402101169_433h-vEDHUDFPJHCROAHBFWQBQPQKTTHGSCGGA-0e1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.pay2.secured-by-ingenico.com
use.fontawesome.com
www.life.edu.my
www.rubazar.pro
14.102.148.56
2600:9000:21f3:2000:15:285b:5440:93a1
2a06:98c1:3120::7
87.236.16.22
0d29541c21e3b20994e5cf460a7b4ab14d1097261c876a47ae52bd893e5244b4
3762059e0b188a72b2873a5758701799ab8000390207406500ae68ca25b2e2ff
4e1ee10a401c38e620a515a306d9ee7279e0b65ac2cd21e428bc1cb0cd1fa29e
7798165ee5a3c6809310d8261dcbe7c8d0c12d795b7b09a71af3eb86ec8f33f2
78856f280164e2dcb78ed1ef60fb4bbc303089779b502f6a291c678a454d1ffc
7ac28ced4ffec739ff3ac227e4814d7003012cf2a2178a3e30186fe9d4b8f8d7
97fbe33023fe314b0f76128757e5cb818dee430cd0985e4c418b6bb4b93df78b
9e4cac65c7a5ee0bd0743afefcabdd3e73854e1284ac9ac433813d6231f550f2

www.rubazar.pro Open in urlscan Pro 87.236.16.22 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

9 Requests

100 %HTTPS

50 %IPv6

4 Domains

4 Subdomains

3 IPs

3 Countries

330 kBTransfer

473 kBSize

6 Cookies

3 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

6 Cookies

Indicators

www.rubazar.pro Open in urlscan Pro
87.236.16.22 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

3
IPs

3
Countries

330 kB
Transfer

473 kB
Size

6
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!