![](/screenshots/6b7b83fb-276a-4e2f-bf27-77d59db2b571.png)
kubitz.com.br
Open in
urlscan Pro
2a06:98c1:3120::3
Malicious Activity!
Public Scan
Effective URL: https://kubitz.com.br/service/
Submission: On May 25 via manual from US — Scanned from DE
Summary
TLS certificate: Issued by GTS CA 1P5 on April 10th 2023. Valid for: 3 months.
This is the only time kubitz.com.br was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Metamask (Crypto)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 65.0.219.238 65.0.219.238 | 16509 (AMAZON-02) (AMAZON-02) | |
1 1 | 2.16.187.25 2.16.187.25 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
2 2 | 80.74.151.88 80.74.151.88 | 21069 (ASN-METAN...) (ASN-METANET Routingpeering issues: noc@metanet.ch) | |
11 | 2a06:98c1:312... 2a06:98c1:3120::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:829::200a | 15169 (GOOGLE) (GOOGLE) | |
15 | 3 |
ASN16509 (AMAZON-02, US)
PTR: ec2-65-0-219-238.ap-south-1.compute.amazonaws.com
e-in21.gtolink.in |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-187-25.deploy.static.akamaitechnologies.com
web-in21.mxradon.com |
ASN21069 (ASN-METANET Routingpeering issues: noc@metanet.ch, CH)
PTR: vesta.ch-dns.net
www.audetour.ch | |
audetour.ch |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
kubitz.com.br
kubitz.com.br |
256 KB |
2 |
audetour.ch
2 redirects
www.audetour.ch audetour.ch |
441 B |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 35 |
1 KB |
1 |
mxradon.com
1 redirects
web-in21.mxradon.com — Cisco Umbrella Rank: 203452 |
684 B |
1 |
gtolink.in
1 redirects
e-in21.gtolink.in — Cisco Umbrella Rank: 318540 |
602 B |
15 | 5 |
Domain | Requested by | |
---|---|---|
11 | kubitz.com.br |
kubitz.com.br
|
1 | fonts.googleapis.com |
kubitz.com.br
|
1 | audetour.ch | 1 redirects |
1 | www.audetour.ch | 1 redirects |
1 | web-in21.mxradon.com | 1 redirects |
1 | e-in21.gtolink.in | 1 redirects |
15 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.kubitz.com.br GTS CA 1P5 |
2023-04-10 - 2023-07-09 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-05-08 - 2023-07-31 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://kubitz.com.br/service/
Frame ID: 0883E8D888B14F171AF85192AB9CA91F
Requests: 15 HTTP requests in this frame
Screenshot
![](/screenshots/6b7b83fb-276a-4e2f-bf27-77d59db2b571.png)
Page Title
Upgrade NeededPage URL History Show full URLs
-
http://e-in21.gtolink.in/t/em1/54994/1/cd2210df-5608-4588-898d-f5273145b43b/7f597516fa8a11eda79702342...
HTTP 302
http://web-in21.mxradon.com/t/sc/54994/08a3e0c6-faa0-11ed-a797-02342baa918a?returnTo=http%3a%2f%2fwww.au... HTTP 302
http://www.audetour.ch/e/ser/ HTTP 301
http://audetour.ch/e/ser/ HTTP 302
https://kubitz.com.br/service/ Page URL
Detected technologies
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://e-in21.gtolink.in/t/em1/54994/1/cd2210df-5608-4588-898d-f5273145b43b/7f597516fa8a11eda79702342baa918a
HTTP 302
http://web-in21.mxradon.com/t/sc/54994/08a3e0c6-faa0-11ed-a797-02342baa918a?returnTo=http%3a%2f%2fwww.audetour.ch%2fe%2fser%2f&ce=730 HTTP 302
http://www.audetour.ch/e/ser/ HTTP 301
http://audetour.ch/e/ser/ HTTP 302
https://kubitz.com.br/service/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
kubitz.com.br/service/ Redirect Chain
|
10 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
kubitz.com.br/service/455/ |
87 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.css
kubitz.com.br/service/455/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
webflow.css
kubitz.com.br/service/455/ |
40 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css.css
kubitz.com.br/service/455/ |
110 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo.svg
kubitz.com.br/service/455/ |
12 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
menu.png
kubitz.com.br/service/455/ |
115 B 646 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
chrome.png
kubitz.com.br/service/455/ |
24 KB 25 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
firefox.png
kubitz.com.br/service/455/ |
118 KB 119 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
brave-browser.png
kubitz.com.br/service/455/ |
9 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
microsoft.png
kubitz.com.br/service/455/ |
37 KB 38 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
mm.svg
kubitz.com.br/service/.r/455/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
13 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
EuclidCircularB-Regular-WebXL.woff2
kubitz.com.br/service/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
EuclidCircularB-Bold-WebXL.woff2
kubitz.com.br/service/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- kubitz.com.br
- URL
- https://kubitz.com.br/service/.r/455/mm.svg
- Domain
- kubitz.com.br
- URL
- https://kubitz.com.br/service/fonts/EuclidCircularB-Regular-WebXL.woff2
- Domain
- kubitz.com.br
- URL
- https://kubitz.com.br/service/fonts/EuclidCircularB-Bold-WebXL.woff2
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Metamask (Crypto)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless function| $ function| jQuery4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
e-in21.gtolink.in/ | Name: ASP.NET_SessionId Value: f0blwodqdo5zf5cnz02h3n2l |
|
e-in21.gtolink.in/ | Name: ORG54994 Value: 08a3e0c6-faa0-11ed-a797-02342baa918a |
|
web-in21.mxradon.com/ | Name: ASP.NET_SessionId Value: rpy3tayvmriju2vg2sg4kuqu |
|
web-in21.mxradon.com/ | Name: ORG54994 Value: 08a3e0c6-faa0-11ed-a797-02342baa918a |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
audetour.ch
e-in21.gtolink.in
fonts.googleapis.com
kubitz.com.br
web-in21.mxradon.com
www.audetour.ch
kubitz.com.br
2.16.187.25
2a00:1450:4001:829::200a
2a06:98c1:3120::3
65.0.219.238
80.74.151.88
153bc68bdfdeddd913445584cd5b6b78d6eaf99e05f0883d60804234751e1b14
37fafee4313ce7758bb77494faff9b04812a24981630b1c9c4494ae390310b45
488e2dd6efbdf809de8dbcf89e460fac2f7594607fd03b24d8a951441cd07a53
5bccc9870d6e3da3bc5771259d489b21b29f8efe6191d7dfc1145437a129acb5
5e722754f038988ba4b6d7f380d60191eba3b6e01d4a00749a28b79c53521f5b
6339c2de581da9c508bd39e4ed384e3a503533e07dca07fbf45a15be81fe9df3
7a49b3376004d691c550ea23d5723730f0b5ff16c088580e5fbdd3e5405a80b7
9a2723c21fb1b7dff0e2aa5dc6be24a9670220a17ae21f70fdbc602d1f8acd38
ace3fa97e14c9613723a0aefa0a976a58daf740faa2e4321a4439f7109c7d921
da09bcc6bffef3b3d94c08f29df5eb141e894725ea761129fa4a29cb1662ab0c
f9f8861952913e6fd057410cc19dc91c7230ec9ba22095c41ec0ce1a667eff33
fceeefd5f759eaa9ccaf24c56e8061247b6af7792260eda10e77ce777fe971d8