forflyviagens.com.br
Open in
urlscan Pro
209.133.201.74
Malicious Activity!
Public Scan
Submission Tags: @ipnigh
Submission: On May 03 via api from GB
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on February 27th 2020. Valid for: 3 months.
This is the only time forflyviagens.com.br was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Email (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
8 | 209.133.201.74 209.133.201.74 | 29802 (HVC-AS) (HVC-AS) | |
1 | 217.69.139.59 217.69.139.59 | 47764 (MAILRU-AS...) (MAILRU-AS Mail.Ru) | |
9 | 3 |
ASN29802 (HVC-AS, US)
PTR: cpanel2.molservidores.com
forflyviagens.com.br |
ASN47764 (MAILRU-AS Mail.Ru, RU)
PTR: portal.mail.ru
portal.mail.ru |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
forflyviagens.com.br
forflyviagens.com.br |
900 KB |
1 |
mail.ru
portal.mail.ru |
|
9 | 2 |
Domain | Requested by | |
---|---|---|
8 | forflyviagens.com.br |
forflyviagens.com.br
|
1 | portal.mail.ru |
forflyviagens.com.br
|
9 | 2 |
Subject Issuer | Validity | Valid | |
---|---|---|---|
forflyviagens.com.br cPanel, Inc. Certification Authority |
2020-02-27 - 2020-05-27 |
3 months | crt.sh |
*.mail.ru GeoTrust RSA CA 2018 |
2017-12-15 - 2020-12-14 |
3 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://forflyviagens.com.br/feed/mail.ru/index.html?email=nobody@mycraftmail.com
Frame ID: 553978D8914E955A5DAECD6D91F0795C
Requests: 10 HTTP requests in this frame
3 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: Забыли пароль?
Search URL Search Domain Scan URL
Title: Регистрация в Почте
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index.html
forflyviagens.com.br/feed/mail.ru/ |
27 KB 27 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.min.css
forflyviagens.com.br/feed/mail.ru/sign_in_files/ |
224 KB 224 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
authGate.js.download
forflyviagens.com.br/feed/mail.ru/sign_in_files/ |
24 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app.js.download
forflyviagens.com.br/feed/mail.ru/sign_in_files/ |
401 KB 402 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
external.min.js.download
forflyviagens.com.br/feed/mail.ru/sign_in_files/ |
219 KB 219 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo2x.png
forflyviagens.com.br/feed/mail.ru/sign_in_files/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
d22345996.gif
forflyviagens.com.br/feed/mail.ru/sign_in_files/ |
43 B 301 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
counter
forflyviagens.com.br/feed/mail.ru/sign_in_files/ |
43 B 276 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
27 KB 27 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Domains
portal.mail.ru/ |
0 0 |
Script
application/json |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Email (Online)19 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| requirejs function| require function| define object| __window function| $ function| jQuery function| i18n function| key function| Pilot object| fest function| lego function| setTimeoutLog function| setIntervalLog object| logger object| octolog object| jQuery183020871330695742296 undefined| jQuery183020871330695742296_15885330456110 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
forflyviagens.com.br
portal.mail.ru
209.133.201.74
217.69.139.59
24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db
2ee8fd939d37fab0f66abcdb76aedca32bb5c9a2a7df87108057570f65c6bc3d
62c552801951513becbb3711fd25b974fcd3f5c4fdde4d41f8da36bd5dc3fd13
8284bd160e1c439d7ca4c7eb8408f468a1b0be6523f04b5ea3ebd4e19b7b3a73
ad19554f24f52c8069ac20c3016506a3c856f4071490597f936aae975d62e277
bc265b5c52350d03cce1f1f93245c9d869f0b7606eaa928fcf679e1d551ccd52
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
e19300ef2584b5d6943f00c1b88783cae77002ed05a1ba3fe054c62cc47e361b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ebd109c9dc20771ccc839cc319992b911f5e96c1add52a22c9f8b803c8b11273