urlscan.io logo urlscan.io
SecurityTrails logo

rusrobotiks.ru Open in urlscan Pro
185.26.122.44  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://ginalennox.com/.well-known/pki-validation/
Effective URL: https://rusrobotiks.ru/st/login?content=true&form=AccountVerification&sessionid=eced75d4b338ec3eeb55dd60a6edf118eced75d...
Submission Tags: https://phish.report @phish_report Search All
Submission: On April 19 via api from FI — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 4 HTTP transactions. The main IP is 185.26.122.44, located in Russian Federation and belongs to HOSTLAND, RU. The main domain is rusrobotiks.ru.
TLS certificate: Issued by R3 on March 12th 2022. Valid for: 3 months.
This is the only time rusrobotiks.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Shopify (Online)

Domain & IP information

IP Address AS Autonomous System
2 67.43.230.78 36666 (GTCOMM)
1 3 185.26.122.44 62082 (HOSTLAND)
4 3
Apex Domain
Subdomains		 Transfer
3 rusrobotiks.ru
rusrobotiks.ru
582 KB
2 ginalennox.com
ginalennox.com
626 B
4 2
Domain Requested by
3 rusrobotiks.ru 1 redirects rusrobotiks.ru
2 ginalennox.com ginalennox.com
4 2

This site contains no links.

Subject Issuer Validity Valid
ginalennox.com
cPanel, Inc. Certification Authority		 2022-04-03 -
2022-07-02		 3 months crt.sh
www.rusrobotiks.ru
R3		 2022-03-12 -
2022-06-10		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://rusrobotiks.ru/st/login?content=true&form=AccountVerification&sessionid=eced75d4b338ec3eeb55dd60a6edf118eced75d4b338ec3eeb55dd60a6edf118&amp=&idd=eced75d4b338ec3eeb55dd60a6edf118Hx39rgkzM6n7DDXerA8MsgRQTxGvdbdVIg4axpJkv7r8LoncYvZrMRhFoXaC8oxREC1b1LvwSWEEk2Rj
Frame ID: 20627785E1A337186AB58213959C2622
Requests: 6 HTTP requests in this frame

Frame: data://truncated
Frame ID: 37853F1BAE1799E564A829462269A330
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Shopify

Page URL History Show full URLs

  1. https://ginalennox.com/.well-known/pki-validation/ Page URL
  2. https://ginalennox.com/.well-known/pki-validation/login?content=true&form=AccountVerification&sessi... Page URL
  3. https://rusrobotiks.ru/st HTTP 301
    https://rusrobotiks.ru/st/ Page URL
  4. https://rusrobotiks.ru/st/login?content=true&form=AccountVerification&sessionid=eced75d4b338ec3eeb5... Page URL

Page Statistics

4
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

619 kB
Transfer

1627 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://ginalennox.com/.well-known/pki-validation/ Page URL
  2. https://ginalennox.com/.well-known/pki-validation/login?content=true&form=AccountVerification&sessionid=f2099fa07574aeae5fc3d24c0a2ca122f2099fa07574aeae5fc3d24c0a2ca122&amp=&idd=f2099fa07574aeae5fc3d24c0a2ca122NgZ5ujc0l4rowGWd4mByFUpRLzMnH7IvoIAS1NSnRkLn1HB54dEK84BUDohkv0PTIqLKeE75YSt0A55E Page URL
  3. https://rusrobotiks.ru/st HTTP 301
    https://rusrobotiks.ru/st/ Page URL
  4. https://rusrobotiks.ru/st/login?content=true&form=AccountVerification&sessionid=eced75d4b338ec3eeb55dd60a6edf118eced75d4b338ec3eeb55dd60a6edf118&amp=&idd=eced75d4b338ec3eeb55dd60a6edf118Hx39rgkzM6n7DDXerA8MsgRQTxGvdbdVIg4axpJkv7r8LoncYvZrMRhFoXaC8oxREC1b1LvwSWEEk2Rj Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2
  • https://rusrobotiks.ru/st HTTP 301
  • https://rusrobotiks.ru/st/

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
ginalennox.com/.well-known/pki-validation/ 		328 B
467 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ginalennox.com/.well-known/pki-validation/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
67.43.230.78 , Canada, ASN36666 (GTCOMM, CA),
Reverse DNS
cloud21768.mywhc.ca
Software
Apache /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-encoding
gzip
content-length
248
content-type
text/html; charset=UTF-8
date
Tue, 19 Apr 2022 18:00:21 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
server
Apache
vary
Accept-Encoding
login
ginalennox.com/.well-known/pki-validation/ 		128 B
159 B 		Document
General
Check archive.org
Download Go to
Full URL
https://ginalennox.com/.well-known/pki-validation/login?content=true&form=AccountVerification&sessionid=f2099fa07574aeae5fc3d24c0a2ca122f2099fa07574aeae5fc3d24c0a2ca122&amp=&idd=f2099fa07574aeae5fc3d24c0a2ca122NgZ5ujc0l4rowGWd4mByFUpRLzMnH7IvoIAS1NSnRkLn1HB54dEK84BUDohkv0PTIqLKeE75YSt0A55E
Requested by
Host: ginalennox.com
URL: https://ginalennox.com/.well-known/pki-validation/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
67.43.230.78 , Canada, ASN36666 (GTCOMM, CA),
Reverse DNS
cloud21768.mywhc.ca
Software
Apache /
Resource Hash
863b8062b7bf6d0b0c00892e1d486d9214cd5e4f966f72eb2cd1b5bcf43f586d

Request headers

Referer
https://ginalennox.com/.well-known/pki-validation/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-encoding
gzip
content-length
127
content-type
text/html; charset=UTF-8
date
Tue, 19 Apr 2022 18:00:21 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
server
Apache
vary
Accept-Encoding
/
rusrobotiks.ru/st/
Redirect Chain
  • https://rusrobotiks.ru/st
  • https://rusrobotiks.ru/st/
328 B
531 B 		Document
General
Check archive.org
Download Go to
Full URL
https://rusrobotiks.ru/st/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.26.122.44 , Russian Federation, ASN62082 (HOSTLAND, RU),
Reverse DNS
serv44-26.hostland.ru
Software
nginx / PHP/5.6.40
Resource Hash

Request headers

Referer
https://ginalennox.com/.well-known/pki-validation/login?content=true&form=AccountVerification&sessionid=f2099fa07574aeae5fc3d24c0a2ca122f2099fa07574aeae5fc3d24c0a2ca122&amp=&idd=f2099fa07574aeae5fc3d24c0a2ca122NgZ5ujc0l4rowGWd4mByFUpRLzMnH7IvoIAS1NSnRkLn1HB54dEK84BUDohkv0PTIqLKeE75YSt0A55E
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0, public
content-encoding
gzip
content-length
247
content-type
text/html; charset=UTF-8
date
Tue, 19 Apr 2022 18:00:22 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
server
nginx
vary
Accept-Encoding
x-powered-by
PHP/5.6.40

Redirect headers

cache-control
max-age=0
content-encoding
gzip
content-length
193
content-type
text/html; charset=iso-8859-1
date
Tue, 19 Apr 2022 18:00:22 GMT
expires
Tue, 19 Apr 2022 18:00:22 GMT
location
https://rusrobotiks.ru/st/
server
nginx
vary
Accept-Encoding
Primary Request login
rusrobotiks.ru/st/ 		2 MB
581 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://rusrobotiks.ru/st/login?content=true&form=AccountVerification&sessionid=eced75d4b338ec3eeb55dd60a6edf118eced75d4b338ec3eeb55dd60a6edf118&amp=&idd=eced75d4b338ec3eeb55dd60a6edf118Hx39rgkzM6n7DDXerA8MsgRQTxGvdbdVIg4axpJkv7r8LoncYvZrMRhFoXaC8oxREC1b1LvwSWEEk2Rj
Requested by
Host: rusrobotiks.ru
URL: https://rusrobotiks.ru/st/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.26.122.44 , Russian Federation, ASN62082 (HOSTLAND, RU),
Reverse DNS
serv44-26.hostland.ru
Software
nginx / PHP/5.6.40
Resource Hash
7aaebe8d5642efbe8c80984a4aedbade3b01b73b052d2b2015312b0de47599bb

Request headers

Referer
https://rusrobotiks.ru/st/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0, public
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Tue, 19 Apr 2022 18:00:23 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
server
nginx
vary
Accept-Encoding
x-powered-by
PHP/5.6.40
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
31218e858c0c19e74e2c504640631d96bdc143a47314a39c2e9e20cc908f00b8

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		37 KB
37 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7cdcb8dafd2f35ec642986935ed106e2c36f93e2a3143297a98cdcf00351744b

Request headers

Referer
Origin
https://rusrobotiks.ru
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
font/woff2
truncated
/ Frame 3785 		16 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
76d88b182de9fb2fc737373f07d88e8077a4cf241c24aa690d773aaa2c990607

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ Frame 3785 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
25160d1a05da787452b5cb119049bcf4c734b41845b981ab80e0a5b9fb860bf7

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Shopify (Online)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails

2 Cookies

Domain/Path Name / Value
ginalennox.com/ Name: PHPSESSID
Value: ntk901odgc0rmdl9r11qmmbcb0
rusrobotiks.ru/ Name: PHPSESSID
Value: db777eb7546cbc933e9458f926615b20