rustorias.net Open in urlscan Pro
2606:4700:3035::6815:39ba  Malicious Activity! Public Scan

URL: https://rustorias.net/steam.html
Submission: On April 19 via api from JP — Scanned from JP

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 11 HTTP transactions. The main IP is 2606:4700:3035::6815:39ba, located in United States and belongs to CLOUDFLARENET, US. The main domain is rustorias.net.
TLS certificate: Issued by GTS CA 1P5 on March 27th 2023. Valid for: 3 months.
This is the only time rustorias.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Steam (Gaming)

Domain & IP information

IP Address AS Autonomous System
11 2606:4700:303... 13335 (CLOUDFLAR...)
11 1
Apex Domain
Subdomains
Transfer
11 rustorias.net
rustorias.net
328 KB
11 1
Domain Requested by
11 rustorias.net rustorias.net
11 1

This site contains no links.

Subject Issuer Validity Valid
*.rustorias.net
GTS CA 1P5
2023-03-27 -
2023-06-25
3 months crt.sh

This page contains 1 frames:

Primary Page: https://rustorias.net/steam.html
Frame ID: E72141A6FD93C008A414E6257BB9896A
Requests: 11 HTTP requests in this frame

Screenshot

Page Title

Steam Community

Page Statistics

11
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

328 kB
Transfer

687 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request steam.html
rustorias.net/
468 B
674 B
Document
General
Full URL
https://rustorias.net/steam.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::6815:39ba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e1677f300cc6543a912c98f8bd9ca545975ec5f91692f32140604c91494b89bd

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
jp-JP,jp;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7ba296cc8c5580b3-NRT
content-encoding
br
content-type
text/html
date
Wed, 19 Apr 2023 05:01:21 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xbZdoSPIqPxBCF%2BuZObOQ%2BvR0Vrwiob8JCaSr9xCqXZAbM5WF7njiPsrx9U4WG62uKQ2JvfVTtv3psv3%2BGGHXhrHWY7olPFKzOyg12hsMkA2tkog3CC4LCFgm9IEYk9NUbEus13fXxi5uQPa"}],"group":"cf-nel","max_age":604800}
server
cloudflare
s.js
rustorias.net/assets/s/
536 KB
174 KB
Script
General
Full URL
https://rustorias.net/assets/s/s.js
Requested by
Host: rustorias.net
URL: https://rustorias.net/steam.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::6815:39ba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6120498916e1430571ec75eda25e0fea8687f4ab8212b6af5a359af8fb52ab66

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://rustorias.net/steam.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 19 Apr 2023 05:01:21 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 15 Mar 2023 07:28:52 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
5155
etag
W/"641173b4-86051"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8VysNB7B2j1pG1I6vsPy3nVcT4caV050Ph5prey5ndIGWtGwaqYCxxQ6LIdiDsywTyynGa6DnBlVKoG5oKwXULdZeF3PKwXnIxgW0jFoytlPPFXyYF8%2Bf2ZOyjcr5om7PBJcy2tDZ4FrWlQ5"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
7ba296ce7d4b80b3-NRT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
btn_header_installsteam_download.png
rustorias.net/assets/s/img/
291 B
806 B
Image
General
Full URL
https://rustorias.net/assets/s/img/btn_header_installsteam_download.png
Requested by
Host: rustorias.net
URL: https://rustorias.net/steam.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:39ba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
23341256db7f44b1f3811880fa2bae6b7748bbf6b62c544a162e38cf0d5c5082

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://rustorias.net/steam.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 19 Apr 2023 05:01:21 GMT
cf-cache-status
HIT
last-modified
Wed, 15 Mar 2023 07:28:52 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
5158
etag
"641173b4-123"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oq7Gwn9%2BO9u3exw1%2B9aRCOsh8QASufFUbbyIDjBRfAyhEibKCV3MHU7K28toIz9L9tSEQiyBH9WSKXvlxSJA5q8t96atR55hW1sYjzLizb83d1kGklbmmQz%2BG%2FIJATtiBJ4Zk%2BnI9vt3JOPJ"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
7ba296ceff80af2b-NRT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
291
btn_arrow_down_padded.png
rustorias.net/assets/s/img/
161 B
640 B
Image
General
Full URL
https://rustorias.net/assets/s/img/btn_arrow_down_padded.png
Requested by
Host: rustorias.net
URL: https://rustorias.net/steam.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:39ba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
93b1fbe4f6245b62bfd4c8c3347abe0fe67ed711315e59bfadaebc9873d8d9b5

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://rustorias.net/steam.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 19 Apr 2023 05:01:21 GMT
cf-cache-status
HIT
last-modified
Wed, 15 Mar 2023 07:28:52 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
5158
etag
"641173b4-a1"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z8GWDyNkWrmC63Uvdb4ZiAdw%2BTypcgqCKtQvQOxOHsYi1hhsD%2BJGdfGOk5Sm9rzHK1mdSWl9uAmKJ%2F0E0drWAI5V8haEs5xV8iVtkFkYrfk%2BLPutN6AHVK4I6rlzcgwZI44RfbhNu%2BSpU47G"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
7ba296ceff82af2b-NRT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
161
MotivaSans-Regular.ttf
rustorias.net/assets/s/fonts/
120 KB
120 KB
Font
General
Full URL
https://rustorias.net/assets/s/fonts/MotivaSans-Regular.ttf
Requested by
Host: rustorias.net
URL: https://rustorias.net/steam.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:39ba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

Request headers

Referer
https://rustorias.net/steam.html
Origin
https://rustorias.net
accept-language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 19 Apr 2023 05:01:21 GMT
cf-cache-status
MISS
last-modified
Wed, 15 Mar 2023 07:28:52 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"641173b4-1df3c"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jtPf19ZahvorxPuHMgm4jHwf6R0Vi9rUqQonAQzF34kjqJG9N7vQqP%2FPOzvXfj0WHb4gc5NB6pz0IOEfbYKl%2BDn%2BRn4xJ5fsqVkDHyDlSR7WaXNCDa0xdIH77GfzcHVzs7Jf73DFSYCbmBhy"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
7ba296ceff84af2b-NRT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
122684
header_menu_hamburger.png
rustorias.net/assets/s/img/
4 KB
4 KB
Image
General
Full URL
https://rustorias.net/assets/s/img/header_menu_hamburger.png
Requested by
Host: rustorias.net
URL: https://rustorias.net/steam.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:39ba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fc9e6260a2706ae146282d77e67bc1b74688435f8912ab4c1932641eec28bffa

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://rustorias.net/steam.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 19 Apr 2023 05:01:21 GMT
cf-cache-status
REVALIDATED
last-modified
Wed, 15 Mar 2023 07:28:54 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"641173b6-ec1"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rl4rPAcabQZqSTkqqVeYRX4g0MrfS6VVmg%2FvgLttwdvQg7wwKQGtiHCpr39g5KVorLUhKLsufsNqOUW4iKWvIIrDSJQDXX355DQwuY2KNCksqoUbv2BQkwVWDZHS6067PpoJdCkmhSa5QSq7"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
7ba296ceff89af2b-NRT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
3777
header_logo.png
rustorias.net/assets/s/img/
11 KB
11 KB
Image
General
Full URL
https://rustorias.net/assets/s/img/header_logo.png
Requested by
Host: rustorias.net
URL: https://rustorias.net/steam.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:39ba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6cb869df089146c12efb5e9c968e911c314842624ba6f052a11346ac734cadc8

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://rustorias.net/steam.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 19 Apr 2023 05:01:21 GMT
cf-cache-status
MISS
last-modified
Wed, 15 Mar 2023 07:28:52 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"641173b4-2a6f"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6FXoiPNnSCFLKpQ4Vh9LSr3C2XtgZx6VFnJCrW1PT5cRvfgaAKY6gQqy3n%2BrtqS%2BwSsW%2BA5DWs4kZdH3NCsrUXCbpjflHzfMG0CCvw4b9YKchmRZ7CuphpA7%2BYntOGcH7X%2F%2FXPXcztdyH9dt"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
7ba296ceff8baf2b-NRT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
10863
logo_steam.svg
rustorias.net/assets/s/img/
4 KB
2 KB
Image
General
Full URL
https://rustorias.net/assets/s/img/logo_steam.svg
Requested by
Host: rustorias.net
URL: https://rustorias.net/steam.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:39ba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c3a7c646a1305017f22423030cb5a12acc9f96b64013dcef7aeb80567b542cbb

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://rustorias.net/steam.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 19 Apr 2023 05:01:21 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Wed, 15 Mar 2023 07:28:54 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"641173b6-e64"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iLjvJJjocXuoGUn1uu6oAR4hHd7IFlTwLoXbHUIXGgGKOQ8c9nD7N0pLbA4s6erq768%2FeoYZDm1g1F7vGkKayLpFJsnlq6vr3a3mQTmAyDNEX9f1s7nea%2F%2FbnR4H%2FX%2BCP0PLugnZ8dAHaGA7"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
max-age=14400
cf-ray
7ba296ceff8caf2b-NRT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
sits_landing.png
rustorias.net/assets/s/img/
5 KB
6 KB
Image
General
Full URL
https://rustorias.net/assets/s/img/sits_landing.png
Requested by
Host: rustorias.net
URL: https://rustorias.net/steam.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:39ba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
483ed1c78b7394366985110fe15e4aaf941882427515e5dfe7f582827a15378c

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://rustorias.net/steam.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 19 Apr 2023 05:01:21 GMT
cf-cache-status
REVALIDATED
last-modified
Wed, 15 Mar 2023 07:28:52 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"641173b4-1547"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=52VkavzHHOBeAScdWXVTlM7zUWDEmEyN2E0zcpSS2pF%2Fz1XwZ%2Btj93rzzb2ZDlltoSZP3Buv4E2R%2F7RZ7af%2BNigUjJ0y7jM1%2Fgs8gk4eFqX8ZxfAfKrywzIMFxdPs%2BLgVlvwbr4NICFgW%2Bhr"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
7ba296ceff8daf2b-NRT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
5447
throbber.gif
rustorias.net/assets/s/img/
3 KB
4 KB
Image
General
Full URL
https://rustorias.net/assets/s/img/throbber.gif
Requested by
Host: rustorias.net
URL: https://rustorias.net/steam.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:39ba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0c4d1b66cbed8c0ba7bfe1d047409e80b99684794ba66e9556503890eae17f2d

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://rustorias.net/steam.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 19 Apr 2023 05:01:21 GMT
cf-cache-status
REVALIDATED
last-modified
Wed, 15 Mar 2023 07:28:52 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"641173b4-c88"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iHAMXRvQJ7LRbwAk0RVFZFfFy7%2Fq%2FEvxu4JzL9DK09rHG2afshDjztBmsgjTrZnhlWMisvVWCfQZBkdXCEcF4tXwkz7WAaOklWPt0ZIrgFx5f0dVFV7XZYwfx0Q6LEQopUyJIUSxAEtRTkS%2F"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
7ba296ceff8faf2b-NRT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
3208
footerLogo_valve.png
rustorias.net/assets/s/img/
4 KB
4 KB
Image
General
Full URL
https://rustorias.net/assets/s/img/footerLogo_valve.png
Requested by
Host: rustorias.net
URL: https://rustorias.net/steam.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:39ba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ae9f6c61e25d15882bf57bde193d10d375bd315c9741cabda11d700fd1bb7dd1

Request headers

accept-language
jp-JP,jp;q=0.9
Referer
https://rustorias.net/steam.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Wed, 19 Apr 2023 05:01:21 GMT
cf-cache-status
REVALIDATED
last-modified
Wed, 15 Mar 2023 07:28:52 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"641173b4-e99"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dP0HTLczuQV4uKwU%2B%2B0jb6PnM9enugiMmFQU3OGxERAUNPEb5sp7FOfFdmF%2F8SlobR9rhmQZlln%2B3h5Dx2QFf65fgAxbuRLKvVp19PZ8KX59JmcTr5aqpNaifo4wftA0MS4vdWyCsESqwjx3"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
7ba296ceff90af2b-NRT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
3737

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Steam (Gaming)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless string| $fDomain string| $domainToLogin function| gj_0x3bf0 function| gj_0x2d78 function| $changeLanguage

0 Cookies