urlscan.io logo urlscan.io
SecurityTrails logo

blueticksupporthelpservice.com Open in urlscan Pro
185.115.41.253  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://blueticksupporthelpservice.com/
Submission: On January 20 via automatic, source certstream-suspicious
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 4 HTTP transactions. The main IP is 185.115.41.253, located in Turkey and belongs to ASNETIYI, TR. The main domain is blueticksupporthelpservice.com.
TLS certificate: Issued by R3 on January 20th 2021. Valid for: 3 months.
This is the only time blueticksupporthelpservice.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Instagram (Social Network)

Domain & IP information

IP Address AS Autonomous System
1 185.115.41.253 201928 (ASNETIYI)
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 2 2606:4700:303... 13335 (CLOUDFLAR...)
1 51.68.36.8 16276 (OVH)
4 4
Domain Requested by
1 i.gifer.com blueticksupporthelpservice.com
1 resimyukle.xyz blueticksupporthelpservice.com
1 i.resimyukle.xyz 1 redirects
1 i.hizliresim.com blueticksupporthelpservice.com
1 blueticksupporthelpservice.com
4 5

This site contains no links.

Subject Issuer Validity Valid
*.blueticksupporthelpservice.com
R3		 2021-01-20 -
2021-04-20		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2020-07-24 -
2021-07-24		 a year crt.sh
gifer.com
R3		 2021-01-08 -
2021-04-08		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://blueticksupporthelpservice.com/
Frame ID: 929E14991EFD26DDB338CD6546AA3B58
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Statistics

4
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

5
Subdomains

4
IPs

3
Countries

911 kB
Transfer

916 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • https://i.resimyukle.xyz/eyW8Jb.jpg HTTP 302
  • https://resimyukle.xyz/d//eyW8Jb.jpg

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
blueticksupporthelpservice.com/ 		6 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://blueticksupporthelpservice.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.115.41.253 , Turkey, ASN201928 (ASNETIYI, TR),
Reverse DNS
static.185.115.41.253.netiyi.com
Software
Wafbone / PHP/7.2.34
Resource Hash
93d043cd48173043877264d129fa7018a6aac9fb77ae608334e19837ddfe8509

Request headers

:method
GET
:authority
blueticksupporthelpservice.com
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 20 Jan 2021 11:49:03 GMT
content-type
text/html; charset=UTF-8
x-powered-by
PHP/7.2.34
content-encoding
gzip
vary
Accept-Encoding
server
Wafbone
SxHVA8.png
i.hizliresim.com/ 		341 KB
342 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.hizliresim.com/SxHVA8.png
Requested by
Host: blueticksupporthelpservice.com
URL: https://blueticksupporthelpservice.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3038::6815:e9d1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3133ccf94d5abc2cb9d578667cc2f65d0f5fd38639e1c018d86a7fb5fa3ed8eb

Request headers

Referer
https://blueticksupporthelpservice.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 20 Jan 2021 11:49:03 GMT
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
234321
cf-bgj
csam-hash
x-amz-request-id
B31EA50FEF27FA3E
x-amz-id-2
DcccHn24mu0Acz2yQGZty5DKv2dqhz1TkLr7GQh3AjqREgq8oyXDbzrsygMTpchQgQYQ6YkJj1ft
last-modified
Sun, 22 Nov 2020 16:52:43 GMT
server
cloudflare
etag
W/"4b854d0b0a6ee8937cef842dc893bf39"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=9aMcFPSv2qHJe9wj4RYPrj7rcmgqUAiWWq5to3rOzPdRxISA16xtCH023U3OjNeqpCLcpOMJPPn%2BVP9C4HJeWdWNGiJTaDmwuNDleZYlm3tV6AMlDEuJuIoTYPhw"}],"group":"cf-nel","max_age":604800}
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=604800
cf-request-id
07c13987220000c2d666b3e000000001
cf-ray
614891eb69e9c2d6-FRA
expires
Sun, 24 Jan 2021 18:43:42 GMT
eyW8Jb.jpg
resimyukle.xyz/d//
Redirect Chain
  • https://i.resimyukle.xyz/eyW8Jb.jpg
  • https://resimyukle.xyz/d//eyW8Jb.jpg
151 KB
152 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://resimyukle.xyz/d//eyW8Jb.jpg
Requested by
Host: blueticksupporthelpservice.com
URL: https://blueticksupporthelpservice.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::6815:5f90 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ed8599f3b730d742d4b205c057aed982738b85a3262bfb3efd9175209a98aa66
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://blueticksupporthelpservice.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 20 Jan 2021 11:49:04 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"report_to":"cf-nel","max_age":604800}
refresh
0; url=https://resimyukle.xyz/i/eyW8Jb
content-length
154895
cf-request-id
07c13987870000bea6d6aeb000000001
server
cloudflare
x-frame-options
DENY
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=AYNf8ay3pYEzSC6wFaDTAfewXI8jIcQBAXYwv9%2BgnjU8FWH%2BjAWXThDHVguL%2FrPocOtKo4jO6WB9h%2FkzqEe9xtUJClLBklXXgaY2Qm14TTkvkPuEEv4lMI847w%3D%3D"}]}
content-type
image/jpeg
x-xss-protection
1; mode=block
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
614891ec0c3fbea6-FRA

Redirect headers

date
Wed, 20 Jan 2021 11:49:03 GMT
x-content-type-options
nosniff
cf-cache-status
BYPASS
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
DENY
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=gN0ok6TRJG1E5v71PLY0dJJoaUFPIahm4%2B%2Ftnbneg%2BwoVQIHkD7ryz3nrtWzcMaICzbEGfGRUNLhRQudh4E%2Fs5hVMDAoZHbDZIJLknyiklwm9Fro7HM6KYKEqTOY"}]}
content-type
text/html
location
https://resimyukle.xyz/d//eyW8Jb.jpg
x-xss-protection
1; mode=block
cf-ray
614891eb8be2bea6-FRA
vary
Accept-Encoding
cf-request-id
07c13987370000bea6dc0e4000000001
3O4HI.gif
i.gifer.com/ 		418 KB
415 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.gifer.com/3O4HI.gif
Requested by
Host: blueticksupporthelpservice.com
URL: https://blueticksupporthelpservice.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
51.68.36.8 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3121917.ip-51-68-36.eu
Software
nginx /
Resource Hash
6364f8ae43e00b02c1cfcb4c62f4d8bd7b2871b36056877908798dbd6f89b279
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Referer
https://blueticksupporthelpservice.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 20 Jan 2021 11:49:03 GMT
content-encoding
gzip
last-modified
Mon, 30 Nov 2020 22:57:54 GMT
server
nginx
etag
W/"5fc578f2-6861e"
vary
Accept-Encoding, Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000
strict-transport-security
max-age=604800
expires
Thu, 31 Dec 2037 23:55:55 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Instagram (Social Network)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated

0 Cookies