rustorias.net Open in urlscan Pro
2606:4700:3036::ac43:a575  Malicious Activity! Public Scan

URL: https://rustorias.net/steam.html
Submission: On April 19 via api from JP — Scanned from JP

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 11 HTTP transactions. The main IP is 2606:4700:3036::ac43:a575, located in United States and belongs to CLOUDFLARENET, US. The main domain is rustorias.net.
TLS certificate: Issued by GTS CA 1P5 on March 27th 2023. Valid for: 3 months.
This is the only time rustorias.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Steam (Gaming)

Domain & IP information

IP Address AS Autonomous System
11 2606:4700:303... 13335 (CLOUDFLAR...)
11 1
Apex Domain
Subdomains
Transfer
11 rustorias.net
rustorias.net
328 KB
11 1
Domain Requested by
11 rustorias.net rustorias.net
11 1

This site contains no links.

Subject Issuer Validity Valid
*.rustorias.net
GTS CA 1P5
2023-03-27 -
2023-06-25
3 months crt.sh

This page contains 1 frames:

Primary Page: https://rustorias.net/steam.html
Frame ID: 371176C38F60348C836F8DB7E720C400
Requests: 11 HTTP requests in this frame

Screenshot

Page Title

Steam Community

Page Statistics

11
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

328 kB
Transfer

687 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request steam.html
rustorias.net/
468 B
676 B
Document
General
Full URL
https://rustorias.net/steam.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:a575 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e1677f300cc6543a912c98f8bd9ca545975ec5f91692f32140604c91494b89bd

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7ba2433faea22071-NRT
content-encoding
br
content-type
text/html
date
Wed, 19 Apr 2023 04:04:18 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ePrkHT61kDyM9fGm9%2B7fuHLSZwxPCs6LGmyJ3YmhJ61fXX3kdXCrJPo5nv6r%2Bv0BL2H9LXfzj8mVEL4McI1xZXAZRxx0Nty8uYCo4colCahGZ5Xm0K5%2FFBau8p2IH8NAezv0KmEY2WvEQYL%2F"}],"group":"cf-nel","max_age":604800}
server
cloudflare
s.js
rustorias.net/assets/s/
536 KB
174 KB
Script
General
Full URL
https://rustorias.net/assets/s/s.js
Requested by
Host: rustorias.net
URL: https://rustorias.net/steam.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:a575 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6120498916e1430571ec75eda25e0fea8687f4ab8212b6af5a359af8fb52ab66

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://rustorias.net/steam.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 19 Apr 2023 04:04:19 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Wed, 15 Mar 2023 07:28:52 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"641173b4-86051"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WTDtLJ8ZB9DUiLHbkLA38LzFfs3%2BL5uPed5w4n84aEdV5dv8AbR%2B%2FcW13jYIdj13RC4wkAwOKN3fEGdnSoTB5E2T7B6seD0bk4BEiO2yvdfPYe%2FE4PTVw8IWFJoc2f1RhpuFb27FACE3d1Ft"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
7ba243419f672071-NRT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
btn_header_installsteam_download.png
rustorias.net/assets/s/img/
291 B
768 B
Image
General
Full URL
https://rustorias.net/assets/s/img/btn_header_installsteam_download.png
Requested by
Host: rustorias.net
URL: https://rustorias.net/steam.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:a575 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
23341256db7f44b1f3811880fa2bae6b7748bbf6b62c544a162e38cf0d5c5082

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://rustorias.net/steam.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 19 Apr 2023 04:04:20 GMT
cf-cache-status
HIT
last-modified
Wed, 15 Mar 2023 07:28:52 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
1734
etag
"641173b4-123"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h4fgLxxeUXMXEQXZandZAT1SJSp5MUQfChbQnYMVVGBUCrYU6NpaqXFq2XPfhcgRgaYaDHS4aVMUBDxx1gr8jJgRHF79mtzomnPo2w1FVO5jjmjMiYgm1v%2BrKft5GzqB8ZrvX5GfeP%2FQ7QnO"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
7ba243490f3f8099-NRT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
291
btn_arrow_down_padded.png
rustorias.net/assets/s/img/
161 B
676 B
Image
General
Full URL
https://rustorias.net/assets/s/img/btn_arrow_down_padded.png
Requested by
Host: rustorias.net
URL: https://rustorias.net/steam.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:a575 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
93b1fbe4f6245b62bfd4c8c3347abe0fe67ed711315e59bfadaebc9873d8d9b5

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://rustorias.net/steam.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 19 Apr 2023 04:04:20 GMT
cf-cache-status
HIT
last-modified
Wed, 15 Mar 2023 07:28:52 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
1734
etag
"641173b4-a1"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wm9TN99HaVeYOMopIFIpDhrQs2mVrljskqB2VzH7j1w2FcnVLGKoV%2BITbXG6S2tIqUaFt%2FYT8KJEtp1%2FglFTO2%2F%2BoIDZA37mlhbrNGQMKlyvyrd5gPG19hwGx5PYEld3bQWqzeMj2ocRfmdy"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
7ba243490f428099-NRT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
161
MotivaSans-Regular.ttf
rustorias.net/assets/s/fonts/
120 KB
120 KB
Font
General
Full URL
https://rustorias.net/assets/s/fonts/MotivaSans-Regular.ttf
Requested by
Host: rustorias.net
URL: https://rustorias.net/steam.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:a575 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

Request headers

Referer
https://rustorias.net/steam.html
Origin
https://rustorias.net
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 19 Apr 2023 04:04:20 GMT
cf-cache-status
REVALIDATED
last-modified
Wed, 15 Mar 2023 07:28:52 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"641173b4-1df3c"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K7gWFhnPpD6vT61yq21l2490uYl9qPAnUfzUuh1hjLRPbpavLRgpCl%2F345PxraZ6vod5KwhIXoN7jKmZ8f5Wk4%2BZVuLGWmJfSnXg%2F8xFI6%2F0d%2BoBgQXxW3IRBVqK3ialngScPMU6UL3nI5fQ"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
7ba243490f438099-NRT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
122684
header_menu_hamburger.png
rustorias.net/assets/s/img/
4 KB
4 KB
Image
General
Full URL
https://rustorias.net/assets/s/img/header_menu_hamburger.png
Requested by
Host: rustorias.net
URL: https://rustorias.net/steam.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:a575 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fc9e6260a2706ae146282d77e67bc1b74688435f8912ab4c1932641eec28bffa

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://rustorias.net/steam.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 19 Apr 2023 04:04:20 GMT
cf-cache-status
HIT
last-modified
Wed, 15 Mar 2023 07:28:54 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
1734
etag
"641173b6-ec1"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M9jv%2BYi88I%2FEpMOeXTTE19fqaQnTs%2FReLutpWYQMKDedz22pofv3EJe7VxsTfVMzZ6gyzHXuiR0PbfC5RRtSGuGLmyaVawSk%2BwR%2B3ChXEzjIlu6QUD8zNEwTu7HK7tFE0qSYCX%2BoNX%2BSpV5Z"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
7ba243493f548099-NRT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
3777
header_logo.png
rustorias.net/assets/s/img/
11 KB
11 KB
Image
General
Full URL
https://rustorias.net/assets/s/img/header_logo.png
Requested by
Host: rustorias.net
URL: https://rustorias.net/steam.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:a575 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6cb869df089146c12efb5e9c968e911c314842624ba6f052a11346ac734cadc8

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://rustorias.net/steam.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 19 Apr 2023 04:04:20 GMT
cf-cache-status
HIT
last-modified
Wed, 15 Mar 2023 07:28:52 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
1733
etag
"641173b4-2a6f"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mLFk5dB0%2BKQCxyByAyCh7x9WsyJ1X59g1fp%2FfiEU%2FoHt626BSGTZWjixBzMeRakOXu2SFnGqOzqotM2Bh97BldsSDxdtIY7uOJP68MEGG4WiYXL7ttfAW6BNSqpFlgePFNJZipAlck5W6QJQ"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
7ba243493f558099-NRT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
10863
logo_steam.svg
rustorias.net/assets/s/img/
4 KB
2 KB
Image
General
Full URL
https://rustorias.net/assets/s/img/logo_steam.svg
Requested by
Host: rustorias.net
URL: https://rustorias.net/steam.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:a575 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c3a7c646a1305017f22423030cb5a12acc9f96b64013dcef7aeb80567b542cbb

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://rustorias.net/steam.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 19 Apr 2023 04:04:20 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 15 Mar 2023 07:28:54 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
1734
etag
W/"641173b6-e64"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C25hcjSTucmlKgoDa%2FXw%2FcUkb8KKm7rrqMuB8ZR1YdcKRoDkJpr3SV%2FaFdNXG1DDjfw2NXckVXZLtfVfOptCIQGkvBeHWqU2oK4JrQk7SErVfZtJqXK7r5oz3AZ7VDMNEebRRcRClRYPbQGh"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
max-age=14400
cf-ray
7ba243493f568099-NRT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
sits_landing.png
rustorias.net/assets/s/img/
5 KB
6 KB
Image
General
Full URL
https://rustorias.net/assets/s/img/sits_landing.png
Requested by
Host: rustorias.net
URL: https://rustorias.net/steam.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:a575 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
483ed1c78b7394366985110fe15e4aaf941882427515e5dfe7f582827a15378c

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://rustorias.net/steam.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 19 Apr 2023 04:04:20 GMT
cf-cache-status
HIT
last-modified
Wed, 15 Mar 2023 07:28:52 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
1733
etag
"641173b4-1547"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fqPG1WuvFo%2FuOiwVWz9PruFeTFogHQtJ%2F2Gs5oDKdQfI7EkFj95TZtQZYhjEggKNome8YsVtOd6YSgK1CvxgvlZjw3%2FVDqYDt9k1hwSk%2Fb8Sd1XbsNJx4JTzmaiRUPqsy2XUu9GVXo%2Fo2Tj5"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
7ba243493f588099-NRT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
5447
throbber.gif
rustorias.net/assets/s/img/
3 KB
4 KB
Image
General
Full URL
https://rustorias.net/assets/s/img/throbber.gif
Requested by
Host: rustorias.net
URL: https://rustorias.net/steam.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:a575 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0c4d1b66cbed8c0ba7bfe1d047409e80b99684794ba66e9556503890eae17f2d

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://rustorias.net/steam.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 19 Apr 2023 04:04:20 GMT
cf-cache-status
HIT
last-modified
Wed, 15 Mar 2023 07:28:52 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
1733
etag
"641173b4-c88"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j3uTIeSv3chGxaK6eJQng%2BakgUAGu0WxP%2F8zW5fOF11cllCRDzofGyiRZ9of%2BZFtWx%2FguapIlyioY2HTtsxlmMmTGweHjO1OV1lV%2FXE9MhGkM4VUu7%2BWkuDjmRRon9153wVo8Z7e1UQ2CXJ4"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
7ba243493f598099-NRT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
3208
footerLogo_valve.png
rustorias.net/assets/s/img/
4 KB
4 KB
Image
General
Full URL
https://rustorias.net/assets/s/img/footerLogo_valve.png
Requested by
Host: rustorias.net
URL: https://rustorias.net/steam.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:a575 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ae9f6c61e25d15882bf57bde193d10d375bd315c9741cabda11d700fd1bb7dd1

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://rustorias.net/steam.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 19 Apr 2023 04:04:20 GMT
cf-cache-status
REVALIDATED
last-modified
Wed, 15 Mar 2023 07:28:52 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"641173b4-e99"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3yMZm7ngTwdNjnpg%2B243q%2FeybAmooaBMtMutc1xhB8KEHSKrAUpjMrlB2HIiDDRcHR2SXeBqf5SKxGOxwZ9Ww3CrzmN%2BYrvDNcYjKitnXDyICTMBpsCehi8bac10%2B8Gt1sJ4QyvufCOSaWkk"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
7ba243493f5a8099-NRT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
3737

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Steam (Gaming)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless string| $fDomain string| $domainToLogin function| gj_0x3bf0 function| gj_0x2d78 function| $changeLanguage

0 Cookies