urlscan.io logo urlscan.io
SecurityTrails logo

newrosebombaydyeing.com Open in urlscan Pro
217.21.87.23  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://tameerbazaar.co/wp-content/log/
Effective URL: https://newrosebombaydyeing.com/wp-content/themes/jp/visajp/cadf489a52daebc3e1e986a953d7cb64/log.php
Submission: On June 08 via manual from JP — Scanned from JP
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 2 countries across 2 domains to perform 6 HTTP transactions. The main IP is 217.21.87.23, located in Germany and belongs to AS-HOSTINGER, CY. The main domain is newrosebombaydyeing.com.
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on May 15th 2022. Valid for: 3 months.
This is the only time newrosebombaydyeing.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic (Online) Visa (Financial)

Domain & IP information

IP Address AS Autonomous System
1 1 192.185.16.213 46606 (UNIFIEDLA...)
3 9 217.21.87.23 47583 (AS-HOSTINGER)
6 1
Apex Domain
Subdomains		 Transfer
9 newrosebombaydyeing.com
newrosebombaydyeing.com
10 KB
1 tameerbazaar.co
tameerbazaar.co
117 B
6 2
Domain Requested by
9 newrosebombaydyeing.com 3 redirects newrosebombaydyeing.com
1 tameerbazaar.co 1 redirects
6 2

This site contains no links.

Subject Issuer Validity Valid
newrosebombaydyeing.com
ZeroSSL RSA Domain Secure Site CA		 2022-05-15 -
2022-08-13		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://newrosebombaydyeing.com/wp-content/themes/jp/visajp/cadf489a52daebc3e1e986a953d7cb64/log.php
Frame ID: 3731C75D0860B79D94B57E66842F480B
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

VISA/検証

Page URL History Show full URLs

  1. https://tameerbazaar.co/wp-content/log/ HTTP 302
    https://newrosebombaydyeing.com/wp-content/themes/jp/visajp/ HTTP 302
    https://newrosebombaydyeing.com/wp-content/themes/jp/visajp/cadf489a52daebc3e1e986a953d7cb64?cmd=_identifier... HTTP 301
    https://newrosebombaydyeing.com/wp-content/themes/jp/visajp/cadf489a52daebc3e1e986a953d7cb64/?cmd=_identifie... HTTP 302
    https://newrosebombaydyeing.com/wp-content/themes/jp/visajp/cadf489a52daebc3e1e986a953d7cb64/log.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

6
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

10 kB
Transfer

18 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://tameerbazaar.co/wp-content/log/ HTTP 302
    https://newrosebombaydyeing.com/wp-content/themes/jp/visajp/ HTTP 302
    https://newrosebombaydyeing.com/wp-content/themes/jp/visajp/cadf489a52daebc3e1e986a953d7cb64?cmd=_identifier_Demarrer_ID=9702533282411+_TIme:Wed,Jun,08,2022-12:51am HTTP 301
    https://newrosebombaydyeing.com/wp-content/themes/jp/visajp/cadf489a52daebc3e1e986a953d7cb64/?cmd=_identifier_Demarrer_ID=9702533282411+_TIme:Wed,Jun,08,2022-12:51am HTTP 302
    https://newrosebombaydyeing.com/wp-content/themes/jp/visajp/cadf489a52daebc3e1e986a953d7cb64/log.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request log.php
newrosebombaydyeing.com/wp-content/themes/jp/visajp/cadf489a52daebc3e1e986a953d7cb64/
Redirect Chain
  • https://tameerbazaar.co/wp-content/log/
  • https://newrosebombaydyeing.com/wp-content/themes/jp/visajp/
  • https://newrosebombaydyeing.com/wp-content/themes/jp/visajp/cadf489a52daebc3e1e986a953d7cb64?cmd=_identifier_Demarrer_ID=9702533282411+_TIme:Wed,Jun,08,2022-12:51am
  • https://newrosebombaydyeing.com/wp-content/themes/jp/visajp/cadf489a52daebc3e1e986a953d7cb64/?cmd=_identifier_Demarrer_ID=9702533282411+_TIme:Wed,Jun,08,2022-12:51am
  • https://newrosebombaydyeing.com/wp-content/themes/jp/visajp/cadf489a52daebc3e1e986a953d7cb64/log.php
10 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://newrosebombaydyeing.com/wp-content/themes/jp/visajp/cadf489a52daebc3e1e986a953d7cb64/log.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
217.21.87.23 , Germany, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed / PHP/7.4.26
Resource Hash
ac65e74ad5f541c8fb410820eba47dad7dc2182d64faf95a10af9220a5550652
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-encoding
br
content-length
3154
content-security-policy
upgrade-insecure-requests
content-type
text/html; charset=UTF-8
date
Wed, 08 Jun 2022 00:51:04 GMT
server
LiteSpeed
vary
Accept-Encoding
x-powered-by
PHP/7.4.26

Redirect headers

cache-control
no-cache, no-store, must-revalidate, max-age=0
content-length
0
content-security-policy
upgrade-insecure-requests
content-type
text/html; charset=UTF-8
date
Wed, 08 Jun 2022 00:51:03 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
location
log.php
pragma
no-cache
server
LiteSpeed
x-powered-by
PHP/7.4.26
nttr.css
newrosebombaydyeing.com/wp-content/themes/jp/visajp/cadf489a52daebc3e1e986a953d7cb64/gogo// 		2 KB
471 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://newrosebombaydyeing.com/wp-content/themes/jp/visajp/cadf489a52daebc3e1e986a953d7cb64/gogo//nttr.css
Requested by
Host: newrosebombaydyeing.com
URL: https://newrosebombaydyeing.com/wp-content/themes/jp/visajp/cadf489a52daebc3e1e986a953d7cb64/log.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
217.21.87.23 , Germany, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
73449631b0972e0864a55dde66f738bbb9d51139d6892e6fe840176b69b3cf26
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://newrosebombaydyeing.com/wp-content/themes/jp/visajp/cadf489a52daebc3e1e986a953d7cb64/log.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Wed, 08 Jun 2022 00:51:04 GMT
content-encoding
br
last-modified
Wed, 08 Jun 2022 00:51:03 GMT
server
LiteSpeed
etag
"7a2-629ff277-f48de26d6e34eccb;br"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=604800
content-security-policy
upgrade-insecure-requests
accept-ranges
bytes
content-length
350
expires
Wed, 15 Jun 2022 00:51:04 GMT
association_logo.png
newrosebombaydyeing.com/wp-content/themes/jp/visajp/cadf489a52daebc3e1e986a953d7cb64/gogo// 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://newrosebombaydyeing.com/wp-content/themes/jp/visajp/cadf489a52daebc3e1e986a953d7cb64/gogo//association_logo.png
Requested by
Host: newrosebombaydyeing.com
URL: https://newrosebombaydyeing.com/wp-content/themes/jp/visajp/cadf489a52daebc3e1e986a953d7cb64/log.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
217.21.87.23 , Germany, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
c9953101beaf3aa72e1abcdfafe3dfdbcc73bf08817968ccd112008facaaa5f6
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://newrosebombaydyeing.com/wp-content/themes/jp/visajp/cadf489a52daebc3e1e986a953d7cb64/log.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Wed, 08 Jun 2022 00:51:04 GMT
last-modified
Wed, 08 Jun 2022 00:51:03 GMT
server
LiteSpeed
etag
"c7e-629ff277-e36e21a3f71347fa;;;"
content-type
image/png
cache-control
public, max-age=604800
content-security-policy
upgrade-insecure-requests
accept-ranges
bytes
content-length
3198
expires
Wed, 15 Jun 2022 00:51:04 GMT
ft.gif
newrosebombaydyeing.com/wp-content/themes/jp/visajp/cadf489a52daebc3e1e986a953d7cb64/gogo/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://newrosebombaydyeing.com/wp-content/themes/jp/visajp/cadf489a52daebc3e1e986a953d7cb64/gogo/ft.gif
Requested by
Host: newrosebombaydyeing.com
URL: https://newrosebombaydyeing.com/wp-content/themes/jp/visajp/cadf489a52daebc3e1e986a953d7cb64/log.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
217.21.87.23 , Germany, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
10c4bfe021463ef0571473c12b4cfec001c86c0575389226278cdff962776a75
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://newrosebombaydyeing.com/wp-content/themes/jp/visajp/cadf489a52daebc3e1e986a953d7cb64/log.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Wed, 08 Jun 2022 00:51:04 GMT
last-modified
Wed, 08 Jun 2022 00:51:03 GMT
server
LiteSpeed
etag
"686-629ff277-c818a86502f4a8a6;;;"
content-type
image/gif
cache-control
public, max-age=604800
content-security-policy
upgrade-insecure-requests
accept-ranges
bytes
content-length
1670
expires
Wed, 15 Jun 2022 00:51:04 GMT
spacer.gif
newrosebombaydyeing.com/wp-content/themes/jp/visajp/cadf489a52daebc3e1e986a953d7cb64/gogo// 		43 B
90 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://newrosebombaydyeing.com/wp-content/themes/jp/visajp/cadf489a52daebc3e1e986a953d7cb64/gogo//spacer.gif
Requested by
Host: newrosebombaydyeing.com
URL: https://newrosebombaydyeing.com/wp-content/themes/jp/visajp/cadf489a52daebc3e1e986a953d7cb64/log.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
217.21.87.23 , Germany, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
d3005a63604dec4786aa3e3aa7620601a0f247dd87ecaaef827910e883b02783
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://newrosebombaydyeing.com/wp-content/themes/jp/visajp/cadf489a52daebc3e1e986a953d7cb64/log.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Wed, 08 Jun 2022 00:51:04 GMT
last-modified
Wed, 08 Jun 2022 00:51:03 GMT
server
LiteSpeed
etag
"2b-629ff277-c996673b71a26f3b;;;"
content-type
image/gif
cache-control
public, max-age=604800
content-security-policy
upgrade-insecure-requests
accept-ranges
bytes
content-length
43
expires
Wed, 15 Jun 2022 00:51:04 GMT
help.jpg
newrosebombaydyeing.com/wp-content/themes/jp/visajp/cadf489a52daebc3e1e986a953d7cb64/gogo// 		909 B
959 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://newrosebombaydyeing.com/wp-content/themes/jp/visajp/cadf489a52daebc3e1e986a953d7cb64/gogo//help.jpg
Requested by
Host: newrosebombaydyeing.com
URL: https://newrosebombaydyeing.com/wp-content/themes/jp/visajp/cadf489a52daebc3e1e986a953d7cb64/log.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
217.21.87.23 , Germany, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
b52cecd466081a718a044aff6c67c958813603409ddd02ef3c3141e487b2043f
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://newrosebombaydyeing.com/wp-content/themes/jp/visajp/cadf489a52daebc3e1e986a953d7cb64/log.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Wed, 08 Jun 2022 00:51:04 GMT
last-modified
Wed, 08 Jun 2022 00:51:03 GMT
server
LiteSpeed
etag
"38d-629ff277-1dc4eff61178696d;;;"
content-type
image/jpeg
cache-control
public, max-age=604800
content-security-policy
upgrade-insecure-requests
accept-ranges
bytes
content-length
909
expires
Wed, 15 Jun 2022 00:51:04 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic (Online) Visa (Financial)

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation function| SetFocus function| ForgotPassword function| Help function| Cancel function| SubmitForm boolean| submitClicked

1 Cookies

Domain/Path Name / Value
newrosebombaydyeing.com/ Name: PHPSESSID
Value: fdd602575560fbdafa66f62369d622e1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests