adflyk.com - urlscan.io

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 3 HTTP transactions. The main IP is 54.38.123.245, located in France and belongs to OVH, FR. The main domain is adflyk.com.

This is the only time adflyk.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Vkontakte (Social Network)

Domain & IP information

	IP Address		AS Autonomous System
3	54.38.123.245 54.38.123.245		16276 (OVH) (OVH)
3	2

3 54.38.123.245 (France)

ASN16276 (OVH, FR)
PTR: ip245.ip-54-38-123.eu

adflyk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	adflyk.com adflyk.com	365 KB
3	1

	Domain	Requested by
3	adflyk.com	adflyk.com
3	1

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://adflyk.com/xauth/6537781
Frame ID: 5041DEF0C5519D38DE406935B36D3593
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

LiteSpeed (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /^LiteSpeed$/i

Page Statistics

3
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

551 kB
Transfer

730 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions
3 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Cookie set 6537781 Show response adflyk.com/xauth/	73 KB 9 KB	244ms 192ms	Document text/html	54.38.123.245 OVH
General Check archive.org Show headers Download Go to Full URL http://adflyk.com/xauth/6537781 Protocol HTTP/1.1 Server 54.38.123.245 , France, ASN16276 (OVH, FR), Reverse DNS ip245.ip-54-38-123.eu Software LiteSpeed / Resource Hash `9ed3b75ee974cee1b874efdd97754a70cccff67c0e73214dbf86b339ea41c947` Request headers Host adflyk.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Set-Cookie PHPSESSID=fdgfu5q8i28limn9vqrd3e0pn0; path=/ Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate Pragma no-cache Content-Type text/html; charset=UTF-8 Content-Encoding gzip Vary Accept-Encoding Content-Length 9075 Date Wed, 10 Jun 2020 22:55:28 GMT Server LiteSpeed Connection Keep-Alive
GET H/1.1	200 OK	fonts_cnt.css adflyk.com/assets/go/css/	470 KB 355 KB	22ms 22ms	Stylesheet text/css	54.38.123.245 OVH
General Check archive.org Show headers Download Go to Full URL http://adflyk.com/assets/go/css/fonts_cnt.css?15345345345 Requested by Host: adflyk.com URL: http://adflyk.com/xauth/6537781 Protocol HTTP/1.1 Server 54.38.123.245 , France, ASN16276 (OVH, FR), Reverse DNS ip245.ip-54-38-123.eu Software LiteSpeed / Resource Hash `a7dedd1dd24ac0ca3aea423ab09b6dc87b345f1bee3c3c8c3dd69a7b98f39ef3` Request headers Referer http://adflyk.com/xauth/6537781 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 10 Jun 2020 22:55:28 GMT Content-Encoding gzip Last-Modified Tue, 05 May 2020 18:38:50 GMT Server LiteSpeed Etag "75837-5eb1b2ba-28006c;gz" Vary Accept-Encoding Content-Type text/css Cache-Control public, max-age=604800 Connection Keep-Alive Accept-Ranges bytes Content-Length 362845 Expires Wed, 17 Jun 2020 22:55:28 GMT
GET H/1.1	200 OK	logo.png adflyk.com/assets/go/img/	462 B 786 B	21ms 21ms	Image image/png	54.38.123.245 OVH
General Check archive.org Show headers Download Go to Show image Full URL http://adflyk.com/assets/go/img/logo.png Requested by Host: adflyk.com URL: http://adflyk.com/xauth/6537781 Protocol HTTP/1.1 Server 54.38.123.245 , France, ASN16276 (OVH, FR), Reverse DNS ip245.ip-54-38-123.eu Software LiteSpeed / Resource Hash `7274d450ff709e09bf4a9ef26028f433eeaae8f19cce8835a139ff3f8a95aac1` Request headers Referer http://adflyk.com/xauth/6537781 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 10 Jun 2020 22:55:28 GMT Last-Modified Tue, 05 May 2020 18:38:51 GMT Server LiteSpeed Etag "1ce-5eb1b2bb-280070;;;" Content-Type image/png Cache-Control public, max-age=604800 Connection Keep-Alive Accept-Ranges bytes Content-Length 462 Expires Wed, 17 Jun 2020 22:55:28 GMT
GET DATA	200 OK	truncated /	62 KB 62 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `cc7b26ac53700f78f8a452be6d14f14943e88dceb14edf64cddceba6e66f3f5e` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer http://adflyk.com/assets/go/css/fonts_cnt.css?15345345345 Origin http://adflyk.com Response headers Content-Type font/woff2
GET DATA	200 OK	truncated /	62 KB 62 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `761c95dd192a81733d024d9f644d9b531c358f0f0ea83e9fd6211b6bd424873d` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer http://adflyk.com/assets/go/css/fonts_cnt.css?15345345345 Origin http://adflyk.com Response headers Content-Type font/woff2
GET DATA	200 OK	truncated /	62 KB 62 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `5efafd26d85f9d6c3340aa7b81aff0a4d9fe27d8f9ec9885565afb9fa2097d91` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer http://adflyk.com/assets/go/css/fonts_cnt.css?15345345345 Origin http://adflyk.com Response headers Content-Type font/woff2

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Vkontakte (Social Network)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| watch

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			adflyk.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: fdgfu5q8i28limn9vqrd3e0pn0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adflyk.com
54.38.123.245
5efafd26d85f9d6c3340aa7b81aff0a4d9fe27d8f9ec9885565afb9fa2097d91
7274d450ff709e09bf4a9ef26028f433eeaae8f19cce8835a139ff3f8a95aac1
761c95dd192a81733d024d9f644d9b531c358f0f0ea83e9fd6211b6bd424873d
9ed3b75ee974cee1b874efdd97754a70cccff67c0e73214dbf86b339ea41c947
a7dedd1dd24ac0ca3aea423ab09b6dc87b345f1bee3c3c8c3dd69a7b98f39ef3
cc7b26ac53700f78f8a452be6d14f14943e88dceb14edf64cddceba6e66f3f5e

adflyk.com Open in urlscan Pro 54.38.123.245 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

3 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

551 kBTransfer

730 kBSize

1 Cookies

0 Outgoing links

Redirected requests

3 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

1 Cookies

Indicators

adflyk.com Open in urlscan Pro
54.38.123.245 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

3
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

551 kB
Transfer

730 kB
Size

1
Cookies

3 HTTP transactions
3 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!