![](/screenshots/b919d6f2-19b2-4e7d-bce8-f9546d2e2ac3.png)
ukrainely.help
Open in
urlscan Pro
2606:4700:3036::ac43:d7c9
Malicious Activity!
Public Scan
Effective URL: https://ukrainely.help/
Submission: On February 07 via api from US — Scanned from DE
Summary
TLS certificate: Issued by GTS CA 1P5 on January 30th 2023. Valid for: 3 months.
This is the only time ukrainely.help was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Cloudflare (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 5 | 2606:4700:303... 2606:4700:3035::6815:45ef | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
10 | 2606:4700:303... 2606:4700:3036::ac43:d7c9 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:830::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:400d:806::2008 | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a00:1450:400... 2a00:1450:400d:80a::2003 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2001:4860:480... 2001:4860:4802:32::36 | 15169 (GOOGLE) (GOOGLE) | |
18 | 6 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
ukrainely.help
2 redirects
ukrainely.help |
205 KB |
2 |
gstatic.com
fonts.gstatic.com |
52 KB |
1 |
google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 2456 |
253 B |
1 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 40 |
76 KB |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 34 |
1001 B |
18 | 5 |
Domain | Requested by | |
---|---|---|
15 | ukrainely.help |
2 redirects
ukrainely.help
|
2 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | region1.google-analytics.com |
www.googletagmanager.com
|
1 | www.googletagmanager.com |
ukrainely.help
|
1 | fonts.googleapis.com |
ukrainely.help
|
18 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
twitter.com |
www.instagram.com |
www.facebook.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.ukrainely.help GTS CA 1P5 |
2023-01-30 - 2023-04-30 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-01-31 - 2023-04-25 |
3 months | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2023-01-09 - 2023-04-03 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2023-01-09 - 2023-04-03 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://ukrainely.help/
Frame ID: 34D9E8F9B8897605C84E00B0A31D239B
Requests: 18 HTTP requests in this frame
Screenshot
![](/screenshots/b919d6f2-19b2-4e7d-bce8-f9546d2e2ac3.png)
Page Title
Ukrainely - Допомога УкраїнцямPage URL History Show full URLs
- http://ukrainely.help/ Page URL
-
http://ukrainely.help/cdn-cgi/phish-bypass?atok=yStjMl92YKG.iHv2.dIVNZXgZblRne5EcHfGYkhSqIc-167576...
HTTP 301
http://ukrainely.help/ HTTP 301
https://ukrainely.help/ Page URL
Detected technologies
Detected patterns
![](/vendor/wappa/icons/Google Font API.png)
Detected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
![](/vendor/wappa/icons/Google Tag Manager.png)
Detected patterns
- googletagmanager\.com/gtag/js
Page Statistics
3 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://ukrainely.help/ Page URL
-
http://ukrainely.help/cdn-cgi/phish-bypass?atok=yStjMl92YKG.iHv2.dIVNZXgZblRne5EcHfGYkhSqIc-1675769281-0-%2F
HTTP 301
http://ukrainely.help/ HTTP 301
https://ukrainely.help/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
ukrainely.help/ |
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cf.errors.css
ukrainely.help/cdn-cgi/styles/ |
24 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-exclamation.png
ukrainely.help/cdn-cgi/images/ |
452 B 889 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
ukrainely.help/ Redirect Chain
|
7 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
5 KB 1001 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
ukrainely.help/template/ukrainely/css/ |
34 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.webp
ukrainely.help/template/ukrainely/images/ |
5 KB 5 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
twitter-light.webp
ukrainely.help/template/ukrainely/images/ |
2 KB 2 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
instagram-light.webp
ukrainely.help/template/ukrainely/images/ |
3 KB 3 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
facebook-light.webp
ukrainely.help/template/ukrainely/images/ |
2 KB 2 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
families.webp
ukrainely.help/template/ukrainely/images/ |
62 KB 63 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
refugees.webp
ukrainely.help/template/ukrainely/images/ |
48 KB 48 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
military.webp
ukrainely.help/template/ukrainely/images/ |
58 KB 58 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo-dark.webp
ukrainely.help/template/ukrainely/images/ |
5 KB 5 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
217 KB 76 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
JTUSjIg1_i6t8kCHKm459W1hyzbi.woff2
fonts.gstatic.com/s/montserrat/v25/ |
21 KB 21 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v25/ |
30 KB 31 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
region1.google-analytics.com/g/ |
0 253 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Cloudflare (Online)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontentvisibilityautostatechange function| gtag object| dataLayer object| google_tag_manager object| google_tag_data function| onYouTubeIframeAPIReady object| gaGlobal4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.ukrainely.help/ | Name: __cf_mw_byp Value: yStjMl92YKG.iHv2.dIVNZXgZblRne5EcHfGYkhSqIc-1675769281-0-/ |
|
.ukrainely.help/ | Name: UKRAINELY Value: dVdFdnlscS9Tcjh3SkZaQ2l2UVVOc1dJUGNMQ2JmV09FWk1KWTZkYmFnUT0%3D |
|
.ukrainely.help/ | Name: _ga_GB8DGEQ3RJ Value: GS1.1.1675769286.1.0.1675769286.0.0.0 |
|
.ukrainely.help/ | Name: _ga Value: GA1.1.1997274404.1675769286 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
fonts.googleapis.com
fonts.gstatic.com
region1.google-analytics.com
ukrainely.help
www.googletagmanager.com
2001:4860:4802:32::36
2606:4700:3035::6815:45ef
2606:4700:3036::ac43:d7c9
2a00:1450:4001:830::200a
2a00:1450:400d:806::2008
2a00:1450:400d:80a::2003
009114364a2f1ee2a0c3d136601e6bd9cfe50fa43101ef40281e5f518b2017d6
1103290e25ebda2712abe344a87facbac00ddaba712729be9fe5feef807bf91b
140935eb0143db6a90f5ac2828543c4610b4512bda1b20fb8daa346038983ce6
31036d1211600178bc3f1653876f78269469a86dbfe9fb75253801f78d3506cd
3998e817e7251df197b514fccc97ff2522e569c3c10ded6cf98fd0cab4040f44
399f842aa6c48fae2c33fe020e3caee282aa72ba9c367d9cc42c396223b16de4
516d311bb70b88268bbf4ceeb640106574e21cae864db38d1a6d09585ba65292
9a00def6cbd94c53ba53a0cd232a66b57d6a815d8858435e6a5b1db1e4859587
9d5699e852522b91aa65d3915b24cae86521c7ec72fa554c419e81e0a4a6bc7b
a1d5f2c58888ed34177bb71c6922380915a56d57c1a1324a1677ecdf8b2ccb55
a579ee99529b1473fedebd7c8bce6418893ec6c9b07427512bb1ed0cb83c9b6c
a8447cdec51e85d9e93971a0d4a53bcf6085d70bf1d201662837d2fb953422c7
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
c164812eecf206539f7e707e66fffca53fa09d09733cab374b2c40eef1bc4258
ca4562cee5bd64b4f6d54c824c3a7e3b8ca7dfd655a1fe0b49c9e9afd8619206
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ed07eba605ce9288f817d057bd43c23d2f2e5fe05f2824e4840dbec9cd4b7866
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016