web.ryen.org
Open in
urlscan Pro
94.16.110.241
Malicious Activity!
Public Scan
Submission Tags: krdtest
Submission: On December 17 via api from JP — Scanned from JP
Summary
TLS certificate: Issued by R3 on December 16th 2021. Valid for: 3 months.
This is the only time web.ryen.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Telegram (Instant Messenger)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 | 94.16.110.241 94.16.110.241 | 197540 (NETCUP-AS...) (NETCUP-AS netcup GmbH) | |
2 | 2001:67c:4e8:... 2001:67c:4e8:1033:4:100:0:a | 62041 (TELEGRAM) (TELEGRAM) | |
7 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
ryen.org
web.ryen.org |
165 KB |
1 |
telegram.me
telegram.me |
359 B |
1 |
t.me
t.me |
359 B |
7 | 3 |
Domain | Requested by | |
---|---|---|
5 | web.ryen.org |
web.ryen.org
|
1 | telegram.me |
web.ryen.org
|
1 | t.me |
web.ryen.org
|
7 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
web.ryen.org R3 |
2021-12-16 - 2022-03-16 |
3 months | crt.sh |
*.t.me Go Daddy Secure Certificate Authority - G2 |
2021-10-06 - 2022-11-07 |
a year | crt.sh |
*.telegram.me Go Daddy Secure Certificate Authority - G2 |
2021-09-21 - 2022-10-23 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://web.ryen.org/
Frame ID: A2BC62A948C764C7020D8794955CCFE9
Requests: 9 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
web.ryen.org/ |
2 KB 731 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.672a2048719211213a92.js
web.ryen.org/ |
198 KB 62 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.4842bc3dd57f5c122046.css
web.ryen.org/ |
56 KB 12 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
66 B 0 |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
307 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
_websync_
t.me/ |
4 B 359 B |
Script
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
_websync_
telegram.me/ |
4 B 359 B |
Script
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
927.0bf5b9b4792554dd7b86.js
web.ryen.org/ |
317 KB 82 KB |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
915.1250d328f7ab7f94b36e.js
web.ryen.org/ |
32 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Telegram (Instant Messenger)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| webpackChunktelegram_t function| QrCreator0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
t.me
telegram.me
web.ryen.org
2001:67c:4e8:1033:4:100:0:a
94.16.110.241
14455fe57ba7934b91ee60f09a1a0259f1a480c652bbc6dbfddc340825efb990
1e253d3f513bbf831c7e7da3e513cf8d4177f7f398c1fad87809d393a58c1697
69e1a618a15dc727c1c8d101c14b65b5ea15f0602b8d651dcf65d1a34aa1fb1d
6fce8d9d5a0d07a645edc9fb023e8d0d4f6f1d51961fb58a28bebfbd32ff3d53
822b97271f2079f7f37e52663c0b6403e6519c260489afc01d3d1bf37eaf8f13
9b7febf2e892c67c7297a261e9143d6b6ea7374d5d7e1d5ac6ef751c0e216295
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b
b71c20271d9c80d1a71aa0ab9935281c4fa8ac404533f1a0747d7fb03fc68e79