dumu.islam.ua Open in urlscan Pro
91.223.223.12 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://dumu.islam.ua/redirectcod/ar/
Submission: On November 08 via manual (November 8th 2022, 9:26:46 am UTC) from IL — Scanned from DE

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 13 HTTP transactions. The main IP is 91.223.223.12, located in Ukraine and belongs to HOSTPRO-AS, UA. The main domain is dumu.islam.ua.
TLS certificate: Issued by R3 on November 8th 2022. Valid for: 3 months.

This is the only time dumu.islam.ua was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Israel Post (Transporation)

Domain & IP information

	IP Address		AS Autonomous System
13	91.223.223.12 91.223.223.12		196645 (HOSTPRO-AS) (HOSTPRO-AS)
13	1

13 91.223.223.12 (Ukraine)

ASN196645 (HOSTPRO-AS, UA)
PTR: skm211.hostsila.org

dumu.islam.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	islam.ua dumu.islam.ua	115 KB
13	1

	Domain	Requested by
13	dumu.islam.ua	dumu.islam.ua
13	1

This site contains no links.

Subject Issuer	Validity	Valid
dumu.islam.ua R3	`2022-11-08` - `2023-02-06`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://dumu.islam.ua/redirectcod/ar/
Frame ID: 84B53BE9734C9DF64F30B9B5F7770DAE
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

שירות הדואר הישראלי

Page Statistics

13
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

115 kB
Transfer

184 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response dumu.islam.ua/redirectcod/ar/	4 KB 2 KB	194ms 62ms	Document text/html	91.223.223.12 HOSTPRO-AS
General Check archive.org Show headers Download Go to Full URL https://dumu.islam.ua/redirectcod/ar/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 91.223.223.12 , Ukraine, ASN196645 (HOSTPRO-AS, UA), Reverse DNS skm211.hostsila.org Software nginx / PHP/7.4.33 Resource Hash `a6cb1460ce9b13dfe6e6778c26d8265add65183bf1adb301a5af54597d48548f` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers content-encoding gzip content-length 1494 content-type text/html; charset=UTF-8 date Tue, 08 Nov 2022 09:26:41 GMT server nginx vary Accept-Encoding,User-Agent x-powered-by PHP/7.4.33
GET H2	200	main.css dumu.islam.ua/redirectcod/ar/inc/	1 KB 839 B	48ms 47ms	Stylesheet text/css	91.223.223.12 HOSTPRO-AS
General Check archive.org Show headers Download Go to Full URL https://dumu.islam.ua/redirectcod/ar/inc/main.css Requested by Host: dumu.islam.ua URL: https://dumu.islam.ua/redirectcod/ar/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 91.223.223.12 , Ukraine, ASN196645 (HOSTPRO-AS, UA), Reverse DNS skm211.hostsila.org Software nginx / Resource Hash `592b3f903018354bf9c8466601cf513b2b4afeb8a17fc25fc1600f36d3e40c1e` Request headers accept-language de-DE,de;q=0.9 Referer https://dumu.islam.ua/redirectcod/ar/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers pragma public date Tue, 08 Nov 2022 09:26:42 GMT content-encoding gzip last-modified Fri, 22 Jul 2022 08:56:48 GMT server nginx etag W/"62da6650-5bb" content-type text/css cache-control max-age=2592000, public, must-revalidate, proxy-revalidate expires Thu, 08 Dec 2022 09:26:42 GMT
GET H2	200	cora.png dumu.islam.ua/redirectcod/ar/inc/	641 B 869 B	48ms 48ms	Image image/png	91.223.223.12 HOSTPRO-AS
General Check archive.org Show headers Download Go to Show image Full URL https://dumu.islam.ua/redirectcod/ar/inc/cora.png Requested by Host: dumu.islam.ua URL: https://dumu.islam.ua/redirectcod/ar/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 91.223.223.12 , Ukraine, ASN196645 (HOSTPRO-AS, UA), Reverse DNS skm211.hostsila.org Software nginx / Resource Hash `bd80bbe4f601eb38a50867880a0460a940f08acbdbadfc22c38873be8be58ed6` Request headers accept-language de-DE,de;q=0.9 Referer https://dumu.islam.ua/redirectcod/ar/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers pragma public date Tue, 08 Nov 2022 09:26:42 GMT last-modified Fri, 22 Jul 2022 06:06:14 GMT server nginx etag "62da3e56-281" content-type image/png cache-control max-age=2592000, public, must-revalidate, proxy-revalidate accept-ranges bytes content-length 641 expires Thu, 08 Dec 2022 09:26:42 GMT
GET H2	200	post.png dumu.islam.ua/redirectcod/ar/inc/	5 KB 6 KB	126ms 125ms	Image image/png	91.223.223.12 HOSTPRO-AS
General Check archive.org Show headers Download Go to Show image Full URL https://dumu.islam.ua/redirectcod/ar/inc/post.png Requested by Host: dumu.islam.ua URL: https://dumu.islam.ua/redirectcod/ar/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 91.223.223.12 , Ukraine, ASN196645 (HOSTPRO-AS, UA), Reverse DNS skm211.hostsila.org Software nginx / Resource Hash `7cff082fe3676f7e02428c7d1b72b5daf671c05eb60e4e53ddd10267080111f0` Request headers accept-language de-DE,de;q=0.9 Referer https://dumu.islam.ua/redirectcod/ar/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers pragma public date Tue, 08 Nov 2022 09:26:42 GMT last-modified Fri, 22 Jul 2022 05:51:40 GMT server nginx etag "62da3aec-153d" content-type image/png cache-control max-age=2592000, public, must-revalidate, proxy-revalidate accept-ranges bytes content-length 5437 expires Thu, 08 Dec 2022 09:26:42 GMT
GET H2	200	99.png dumu.islam.ua/redirectcod/ar/inc/	5 KB 6 KB	144ms 144ms	Image image/png	91.223.223.12 HOSTPRO-AS
General Check archive.org Show headers Download Go to Show image Full URL https://dumu.islam.ua/redirectcod/ar/inc/99.png Requested by Host: dumu.islam.ua URL: https://dumu.islam.ua/redirectcod/ar/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 91.223.223.12 , Ukraine, ASN196645 (HOSTPRO-AS, UA), Reverse DNS skm211.hostsila.org Software nginx / Resource Hash `32cb3c5c141802399b8c1d60bca37c971ab660f1bb22e32e7084bd4778a0a0b0` Request headers accept-language de-DE,de;q=0.9 Referer https://dumu.islam.ua/redirectcod/ar/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers pragma public date Tue, 08 Nov 2022 09:26:42 GMT last-modified Fri, 22 Jul 2022 06:35:36 GMT server nginx etag "62da4538-1575" content-type image/png cache-control max-age=2592000, public, must-revalidate, proxy-revalidate accept-ranges bytes content-length 5493 expires Thu, 08 Dec 2022 09:26:42 GMT
GET H2	200	t60.png dumu.islam.ua/redirectcod/ar/inc/	57 KB 58 KB	145ms 144ms	Image image/png	91.223.223.12 HOSTPRO-AS
General Check archive.org Show headers Download Go to Show image Full URL https://dumu.islam.ua/redirectcod/ar/inc/t60.png Requested by Host: dumu.islam.ua URL: https://dumu.islam.ua/redirectcod/ar/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 91.223.223.12 , Ukraine, ASN196645 (HOSTPRO-AS, UA), Reverse DNS skm211.hostsila.org Software nginx / Resource Hash `6dbd37899c2653b6e7ce1f32ecfd72854cf26b235e7f82e83c80397e7390791d` Request headers accept-language de-DE,de;q=0.9 Referer https://dumu.islam.ua/redirectcod/ar/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers pragma public date Tue, 08 Nov 2022 09:26:42 GMT last-modified Fri, 22 Jul 2022 07:19:00 GMT server nginx etag "62da4f64-e546" content-type image/png cache-control max-age=2592000, public, must-revalidate, proxy-revalidate accept-ranges bytes content-length 58694 expires Thu, 08 Dec 2022 09:26:42 GMT
GET H2	200	jq.js Show response dumu.islam.ua/redirectcod/ar/inc//	87 KB 35 KB	79ms 78ms	Script application/javascript	91.223.223.12 HOSTPRO-AS
General Check archive.org Show headers Download Go to Full URL https://dumu.islam.ua/redirectcod/ar/inc//jq.js Requested by Host: dumu.islam.ua URL: https://dumu.islam.ua/redirectcod/ar/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 91.223.223.12 , Ukraine, ASN196645 (HOSTPRO-AS, UA), Reverse DNS skm211.hostsila.org Software nginx / Resource Hash `ee11e902416a1d896f538103110337b39a0e2e2606bc1faf5cd0652914891127` Request headers accept-language de-DE,de;q=0.9 Referer https://dumu.islam.ua/redirectcod/ar/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers pragma public date Tue, 08 Nov 2022 09:26:42 GMT content-encoding gzip last-modified Sat, 16 Jul 2022 23:32:36 GMT server nginx etag W/"62d34a94-15d9d" content-type application/javascript cache-control max-age=2592000, public, must-revalidate, proxy-revalidate expires Thu, 08 Dec 2022 09:26:42 GMT
GET H2	200	m.js Show response dumu.islam.ua/redirectcod/ar/inc//	23 KB 7 KB	98ms 97ms	Script application/javascript	91.223.223.12 HOSTPRO-AS
General Check archive.org Show headers Download Go to Full URL https://dumu.islam.ua/redirectcod/ar/inc//m.js Requested by Host: dumu.islam.ua URL: https://dumu.islam.ua/redirectcod/ar/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 91.223.223.12 , Ukraine, ASN196645 (HOSTPRO-AS, UA), Reverse DNS skm211.hostsila.org Software nginx / Resource Hash `a199620fe981df00a825f78761d3f7c8870f8117daa4a890e08018dec386dae8` Request headers accept-language de-DE,de;q=0.9 Referer https://dumu.islam.ua/redirectcod/ar/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers pragma public date Tue, 08 Nov 2022 09:26:42 GMT content-encoding gzip last-modified Sat, 16 Jul 2022 23:32:38 GMT server nginx etag W/"62d34a96-5a88" content-type application/javascript cache-control max-age=2592000, public, must-revalidate, proxy-revalidate expires Thu, 08 Dec 2022 09:26:42 GMT
GET H2	404	h.ttf dumu.islam.ua/redirectcod/ar/inc/	0 0	1313ms 1313ms	Font text/html	91.223.223.12 HOSTPRO-AS
General Check archive.org Show headers Download Go to Full URL https://dumu.islam.ua/redirectcod/ar/inc/h.ttf Requested by Host: dumu.islam.ua URL: https://dumu.islam.ua/redirectcod/ar/inc/main.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 91.223.223.12 , Ukraine, ASN196645 (HOSTPRO-AS, UA), Reverse DNS skm211.hostsila.org Software nginx / PHP/7.4.33 Resource Hash Request headers Referer https://dumu.islam.ua/redirectcod/ar/inc/main.css Origin https://dumu.islam.ua accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Response headers date Tue, 08 Nov 2022 09:26:43 GMT content-encoding gzip server nginx x-powered-by PHP/7.4.33 vary Accept-Encoding,Cookie,User-Agent content-type text/html; charset=UTF-8 cache-control no-cache, must-revalidate, max-age=0 link <https://dumu.islam.ua/wp-json/>; rel="https://api.w.org/" content-length 22205 expires Wed, 11 Jan 1984 05:00:00 GMT
POST H2	500	spy.php Show response dumu.islam.ua/redirectcod/ar/	0 98 B	58ms 58ms	XHR text/html	91.223.223.12 HOSTPRO-AS
General Check archive.org Show headers Download Go to Full URL https://dumu.islam.ua/redirectcod/ar/spy.php Requested by Host: dumu.islam.ua URL: https://dumu.islam.ua/redirectcod/ar/inc//jq.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 91.223.223.12 , Ukraine, ASN196645 (HOSTPRO-AS, UA), Reverse DNS skm211.hostsila.org Software nginx / PHP/7.4.33 Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Accept / Referer https://dumu.islam.ua/redirectcod/ar/ X-Requested-With XMLHttpRequest accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers date Tue, 08 Nov 2022 09:26:42 GMT server nginx x-powered-by PHP/7.4.33 content-length 0 vary User-Agent content-type text/html; charset=UTF-8
POST H2	200	date.php Show response dumu.islam.ua/redirectcod/ar/	21 B 186 B	59ms 59ms	XHR text/html	91.223.223.12 HOSTPRO-AS
General Check archive.org Show headers Download Go to Full URL https://dumu.islam.ua/redirectcod/ar/date.php Requested by Host: dumu.islam.ua URL: https://dumu.islam.ua/redirectcod/ar/inc//jq.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 91.223.223.12 , Ukraine, ASN196645 (HOSTPRO-AS, UA), Reverse DNS skm211.hostsila.org Software nginx / PHP/7.4.33 Resource Hash `c3cd8ce34f114a6289ba8dd2450258c982b7689f07055be5d6a8d264d98dccda` Request headers Accept / Referer https://dumu.islam.ua/redirectcod/ar/ X-Requested-With XMLHttpRequest accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers date Tue, 08 Nov 2022 09:26:43 GMT content-encoding gzip server nginx x-powered-by PHP/7.4.33 content-length 41 vary Accept-Encoding,User-Agent content-type text/html; charset=UTF-8
POST H2	200	date.php Show response dumu.islam.ua/redirectcod/ar/	21 B 186 B	58ms 58ms	XHR text/html	91.223.223.12 HOSTPRO-AS
General Check archive.org Show headers Download Go to Full URL https://dumu.islam.ua/redirectcod/ar/date.php Requested by Host: dumu.islam.ua URL: https://dumu.islam.ua/redirectcod/ar/inc//jq.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 91.223.223.12 , Ukraine, ASN196645 (HOSTPRO-AS, UA), Reverse DNS skm211.hostsila.org Software nginx / PHP/7.4.33 Resource Hash `578685d19e9e8f0a5511b0b8848ccbf667db0cd2aa5ae467d41362818073dd07` Request headers Accept / Referer https://dumu.islam.ua/redirectcod/ar/ X-Requested-With XMLHttpRequest accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers date Tue, 08 Nov 2022 09:26:44 GMT content-encoding gzip server nginx x-powered-by PHP/7.4.33 content-length 41 vary Accept-Encoding,User-Agent content-type text/html; charset=UTF-8
POST H2	200	date.php Show response dumu.islam.ua/redirectcod/ar/	21 B 186 B	58ms 58ms	XHR text/html	91.223.223.12 HOSTPRO-AS
General Check archive.org Show headers Download Go to Full URL https://dumu.islam.ua/redirectcod/ar/date.php Requested by Host: dumu.islam.ua URL: https://dumu.islam.ua/redirectcod/ar/inc//jq.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 91.223.223.12 , Ukraine, ASN196645 (HOSTPRO-AS, UA), Reverse DNS skm211.hostsila.org Software nginx / PHP/7.4.33 Resource Hash `f0c72d7d2e100588d1e4cd7277c054206a5aa0da3391bfa9fed408a864fa1b7a` Request headers Accept / Referer https://dumu.islam.ua/redirectcod/ar/ X-Requested-With XMLHttpRequest accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers date Tue, 08 Nov 2022 09:26:45 GMT content-encoding gzip server nginx x-powered-by PHP/7.4.33 content-length 41 vary Accept-Encoding,User-Agent content-type text/html; charset=UTF-8

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Israel Post (Transporation)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			dumu.islam.ua/	1970-01-20 16:03:55	Name: qtrans_front_language Value: ru

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://dumu.islam.ua/redirectcod/ar/spy.php Message: Failed to load resource: the server responded with a status of 500 ()
network	error	URL: https://dumu.islam.ua/redirectcod/ar/inc/h.ttf Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

dumu.islam.ua
91.223.223.12
32cb3c5c141802399b8c1d60bca37c971ab660f1bb22e32e7084bd4778a0a0b0
578685d19e9e8f0a5511b0b8848ccbf667db0cd2aa5ae467d41362818073dd07
592b3f903018354bf9c8466601cf513b2b4afeb8a17fc25fc1600f36d3e40c1e
6dbd37899c2653b6e7ce1f32ecfd72854cf26b235e7f82e83c80397e7390791d
7cff082fe3676f7e02428c7d1b72b5daf671c05eb60e4e53ddd10267080111f0
a199620fe981df00a825f78761d3f7c8870f8117daa4a890e08018dec386dae8
a6cb1460ce9b13dfe6e6778c26d8265add65183bf1adb301a5af54597d48548f
bd80bbe4f601eb38a50867880a0460a940f08acbdbadfc22c38873be8be58ed6
c3cd8ce34f114a6289ba8dd2450258c982b7689f07055be5d6a8d264d98dccda
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ee11e902416a1d896f538103110337b39a0e2e2606bc1faf5cd0652914891127
f0c72d7d2e100588d1e4cd7277c054206a5aa0da3391bfa9fed408a864fa1b7a

dumu.islam.ua Open in urlscan Pro 91.223.223.12 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

13 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

115 kBTransfer

184 kBSize

1 Cookies

0 Outgoing links

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

12 JavaScript Global Variables

1 Cookies

2 Console Messages

Indicators

dumu.islam.ua Open in urlscan Pro
91.223.223.12 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

115 kB
Transfer

184 kB
Size

1
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!