flayer2.ru.com
Open in
urlscan Pro
2606:4700:3034::ac43:96b3
Malicious Activity!
Public Scan
Effective URL: https://flayer2.ru.com/W0iMyrEr0hotline0JP087/index.html
Submission: On February 17 via api from US — Scanned from US
Summary
TLS certificate: Issued by GTS CA 1P5 on February 16th 2024. Valid for: 3 months.
This is the only time flayer2.ru.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Tech Support Scam (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
16 | 2606:4700:303... 2606:4700:3034::ac43:96b3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a04:4e42:200... 2a04:4e42:200::485 | 54113 (FASTLY) (FASTLY) | |
1 | 2606:4700::68... 2606:4700::6811:180e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2606:4700::68... 2606:4700::6812:bcf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 15.204.213.5 15.204.213.5 | 16276 (OVH) (OVH) | |
21 | 5 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
16 |
ru.com
flayer2.ru.com |
4 MB |
2 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1217 |
72 KB |
1 |
ipwho.is
ipwho.is — Cisco Umbrella Rank: 90496 |
1006 B |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 257 |
27 KB |
1 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 353 |
26 KB |
21 | 5 |
Domain | Requested by | |
---|---|---|
16 | flayer2.ru.com |
flayer2.ru.com
|
2 | maxcdn.bootstrapcdn.com |
flayer2.ru.com
maxcdn.bootstrapcdn.com |
1 | ipwho.is |
flayer2.ru.com
|
1 | cdnjs.cloudflare.com |
flayer2.ru.com
|
1 | cdn.jsdelivr.net |
flayer2.ru.com
|
21 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
flayer2.ru.com GTS CA 1P5 |
2024-02-16 - 2024-05-16 |
3 months | crt.sh |
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2023 Q3 |
2023-09-27 - 2024-10-28 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-07-03 - 2024-07-02 |
a year | crt.sh |
bootstrapcdn.com GTS CA 1P5 |
2024-01-28 - 2024-04-27 |
3 months | crt.sh |
ipwho.is GoGetSSL ECC DV CA |
2023-04-05 - 2024-04-05 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://flayer2.ru.com/W0iMyrEr0hotline0JP087/index.html
Frame ID: 2DFC8DA97A96E186E4D2CB753D27A03F
Requests: 21 HTTP requests in this frame
Screenshot
Page Title
オンライン Windows Defender ヘルプ センターPage URL History Show full URLs
- https://flayer2.ru.com/ Page URL
- https://flayer2.ru.com/W0iMyrEr0hotline0JP087/index.html Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Font Awesome (Font Scripts) Expand
Detected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jsDelivr (CDN) Expand
Detected patterns
- //cdn\.jsdelivr\.net/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://flayer2.ru.com/ Page URL
- https://flayer2.ru.com/W0iMyrEr0hotline0JP087/index.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
flayer2.ru.com/ |
551 KB 201 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
index.html
flayer2.ru.com/W0iMyrEr0hotline0JP087/ |
7 MB 3 MB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
cGiKNUjCBvzEqy.css
flayer2.ru.com/W0iMyrEr0hotline0JP087/ |
13 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
LexsFExtlLUQ.js
flayer2.ru.com/W0iMyrEr0hotline0JP087/ |
925 B 813 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
KAUkkuVONuyNVE.js
flayer2.ru.com/W0iMyrEr0hotline0JP087/ |
87 B 537 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/css/ |
158 KB 26 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/ |
82 KB 27 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/ |
27 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
fISGLIYSZsChn.js
flayer2.ru.com/W0iMyrEr0hotline0JP087/ |
82 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jRIoqLazMHIN.png
flayer2.ru.com/W0iMyrEr0hotline0JP087/ |
479 KB 479 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ooUwaCrAmwac.png
flayer2.ru.com/W0iMyrEr0hotline0JP087/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
sZcuHBGjOwjqwR.png
flayer2.ru.com/W0iMyrEr0hotline0JP087/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
YnTWGhSkoZjaAI.png
flayer2.ru.com/W0iMyrEr0hotline0JP087/ |
12 KB 13 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
DdHXshbFqJvoKD.png
flayer2.ru.com/W0iMyrEr0hotline0JP087/ |
377 KB 378 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
gDqwnddLxjxEL.png
flayer2.ru.com/W0iMyrEr0hotline0JP087/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
ipwho.is/ |
734 B 1006 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
sndcjGaGCKKgzzX.mp3
flayer2.ru.com/W0iMyrEr0hotline0JP087/ |
96 KB 0 |
Media
audio/mpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ooUwaCrAmwac.png
flayer2.ru.com/W0iMyrEr0hotline0JP087/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
DdHXshbFqJvoKD.png
flayer2.ru.com/W0iMyrEr0hotline0JP087/ |
377 KB 378 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
VrfzQxfRtdHJr.mp4
flayer2.ru.com/W0iMyrEr0hotline0JP087/ |
8 KB 9 KB |
Media
video/mp4 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
fontawesome-webfont.woff2
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/fonts/ |
65 KB 66 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Tech Support Scam (Consumer)39 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| _0xWtHOKIYOGNGAy object| _0xejLTROGLbLcm undefined| _0xdnmhXdoPtttM object| _0xPONhJollTqZSrnd undefined| _0xZRANsNLYTq function| _0xlanlBzwCSzhp function| startScan function| playSound object| date string| current_date string| current_time string| date_time function| $ function| jQuery function| _0xuRroQbxffg object| _0xYcYdgvnUcvYvN object| _0xdVKcSsKWfiRc object| _0xeJHDtatReRhTNcU undefined| _0xKDyAAQVqWHHSHO object| elem function| _0xpgpjqeoJCXPv function| _0xvzgRkLJqzdNhtPv undefined| _0xlJOyqzgHnJumGqs object| _0xGMDFVlIzDQS function| _0xQEnWbEkwYKCp function| _0xbXJtBqPyJkwGgR undefined| _0xjVxrveMrBKkt function| _0xQizqkjlhhSt function| _0xtZHrabiEtMXMPt function| _0xHVhOVbVJJyQ object| _0xaTEVlKQWjOENL undefined| _0xMNBYfscZdlu function| _0xFYzgRuEvGI object| t string| ipadd string| city string| country string| isp string| currtime0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.jsdelivr.net
cdnjs.cloudflare.com
flayer2.ru.com
ipwho.is
maxcdn.bootstrapcdn.com
15.204.213.5
2606:4700:3034::ac43:96b3
2606:4700::6811:180e
2606:4700::6812:bcf
2a04:4e42:200::485
0589be7715d2320e559eae6bd26f3528e97450c70293da2e1e8ce45f77f99ab1
2051d61446d4dbffb03727031022a08c84528ab44d203a7669c101e5fbdd5515
316e6a6737bd296ab30aca2ef7fa36f119d15786a2432d01e31fdc130272f15c
3e194f01c82b4d1ed2b7c414e8a2ca6be75003c76c09f539c29ea1fb5d306b51
441f996d10674814d7b63cfbef1798535a52b32c9eb73fdc1d48711c9cb2830e
46b5242c5eb6b3b71ef2606f2d0d700142ae58b53c6d018e6bf06bab62437e1b
46ebb2640aac2186a7cf13f528c03648fa9a498910289cdad41ba87b9770eb14
4ffcc598ee6cff4692c1cea272cd8a2f195f6dec32473e94370d6cdcfa5fe601
70b240708894db13b6b2280fc081429e4b4229bea6adecf1a3cc137d768c00f8
798d2c2bb2a5db5003eec31b71f8dcaf256be00db5ee25c0061d45042db1a6ac
b67a7c07a045d7cb0f2e216a557aec0d99405e17c36d1a6b1ff3e2733aa35348
c3ad6aa1c03fd108854f008cfec2753ba623e1470a4d61798b5d8c050e474868
ddd92f10ad162c7449eff0acaf40598c05b1111739587edb75e5326b6697c5d5
ddf37afe70278772b2524e9f0cf9b601ce697c4a70de4c6711aa2380d78c9b8d
e0c90d1692be2429d952cb1343a3e66f877b3c631a134768fde2f4417a439a01
ea4bc1169a865b478dd2fd83020e8adf4bdb1f3b3cfeb4af882e4224d40aa171
ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995