4k2a.captcha.wowcontent.site.stage.cabinet.infrapu.sh Open in urlscan Pro
104.248.194.63 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://captcha.wowcontent.site.stage.cabinet.infrapu.sh/
Effective URL:
https://4k2a.captcha.wowcontent.site.stage.cabinet.infrapu.sh/?r=1
Submission Tags: phishingrod
Submission: On March 13 via api (March 13th 2024, 2:52:03 am UTC) from DE — Scanned from NL

Summary HTTP 7 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 7 HTTP transactions. The main IP is 104.248.194.63, located in Amsterdam, Netherlands and belongs to DIGITALOCEAN-ASN, US. The main domain is 4k2a.captcha.wowcontent.site.stage.cabinet.infrapu.sh.
TLS certificate: Issued by R3 on January 13th 2024. Valid for: 3 months.

This is the only time 4k2a.captcha.wowcontent.site.stage.cabinet.infrapu.sh was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
4	104.248.194.63 104.248.194.63	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	168.119.25.64 168.119.25.64	24940 (HETZNER-AS) (HETZNER-AS)
1	45.133.44.53 45.133.44.53	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
1	168.119.25.62 168.119.25.62	24940 (HETZNER-AS) (HETZNER-AS)
7	5

4 104.248.194.63 (Amsterdam, Netherlands)

ASN14061 (DIGITALOCEAN-ASN, US)

captcha.wowcontent.site.stage.cabinet.infrapu.sh	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
4k2a.captcha.wowcontent.site.stage.cabinet.infrapu.sh	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 168.119.25.64 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.64.25.119.168.clients.your-server.de

metricswpsh.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 45.133.44.53 (Philadelphia, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)

js.wpshsdk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 168.119.25.62 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.62.25.119.168.clients.your-server.de

admangrauc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	infrapu.sh captcha.wowcontent.site.stage.cabinet.infrapu.sh 4k2a.captcha.wowcontent.site.stage.cabinet.infrapu.sh	207 KB
1	admangrauc.com admangrauc.com — Cisco Umbrella Rank: 128416	201 B
1	wpshsdk.com js.wpshsdk.com — Cisco Umbrella Rank: 18964	238 B
1	metricswpsh.com metricswpsh.com — Cisco Umbrella Rank: 36621
7	4

	Domain	Requested by
2	4k2a.captcha.wowcontent.site.stage.cabinet.infrapu.sh	captcha.wowcontent.site.stage.cabinet.infrapu.sh 4k2a.captcha.wowcontent.site.stage.cabinet.infrapu.sh
2	captcha.wowcontent.site.stage.cabinet.infrapu.sh	captcha.wowcontent.site.stage.cabinet.infrapu.sh
1	admangrauc.com
1	js.wpshsdk.com	4k2a.captcha.wowcontent.site.stage.cabinet.infrapu.sh
1	metricswpsh.com	4k2a.captcha.wowcontent.site.stage.cabinet.infrapu.sh
7	5

This site contains no links.

Subject Issuer	Validity	Valid
stage.cabinet.infrapu.sh R3	`2024-01-13` - `2024-04-12`	3 months	crt.sh
notification.tubecup.net R3	`2024-02-09` - `2024-05-09`	3 months	crt.sh
js.wpshsdk.com R3	`2024-01-20` - `2024-04-19`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://4k2a.captcha.wowcontent.site.stage.cabinet.infrapu.sh/?r=1
Frame ID: ED42898310AAD17BF22FF5260820033E
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://captcha.wowcontent.site.stage.cabinet.infrapu.sh/ Page URL
https://4k2a.captcha.wowcontent.site.stage.cabinet.infrapu.sh/?r=1 Page URL

Detected technologies

Nuxt.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<div [^>]*id="__nuxt"

Page Statistics

7
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

5
Subdomains

5
IPs

3
Countries

207 kB
Transfer

538 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://captcha.wowcontent.site.stage.cabinet.infrapu.sh/ Page URL
https://4k2a.captcha.wowcontent.site.stage.cabinet.infrapu.sh/?r=1 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
3 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ captcha.wowcontent.site.stage.cabinet.infrapu.sh/	246 KB 94 KB	409ms 77ms	Document text/html	104.248.194.63 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://captcha.wowcontent.site.stage.cabinet.infrapu.sh/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 104.248.194.63 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software nginx/1.18.0 / PHP/7.4.33 Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 accept-language nl-NL,nl;q=0.9 Response headers bla captcha.wowcontent.site.stage.cabinet.infrapu.sh content-encoding gzip content-type text/html; charset=UTF-8 date Wed, 13 Mar 2024 02:51:59 GMT server nginx/1.18.0 x-powered-by PHP/7.4.33
GET H2	200	captcha.css captcha.wowcontent.site.stage.cabinet.infrapu.sh/assets/styles/	9 KB 9 KB	320ms 320ms	Stylesheet text/css	104.248.194.63 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://captcha.wowcontent.site.stage.cabinet.infrapu.sh/assets/styles/captcha.css Requested by Host: captcha.wowcontent.site.stage.cabinet.infrapu.sh URL: https://captcha.wowcontent.site.stage.cabinet.infrapu.sh/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 104.248.194.63 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software nginx/1.18.0 / Resource Hash Request headers accept-language nl-NL,nl;q=0.9 Referer https://captcha.wowcontent.site.stage.cabinet.infrapu.sh/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 Response headers date Wed, 13 Mar 2024 02:51:59 GMT last-modified Tue, 12 Mar 2024 08:56:04 GMT server nginx/1.18.0 bla captcha.wowcontent.site.stage.cabinet.infrapu.sh etag "65f018a4-2435" content-type text/css accept-ranges bytes content-length 9269
GET H2	200	Primary Request / Show response 4k2a.captcha.wowcontent.site.stage.cabinet.infrapu.sh/	246 KB 94 KB	416ms 71ms	Document text/html	104.248.194.63 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://4k2a.captcha.wowcontent.site.stage.cabinet.infrapu.sh/?r=1 Requested by Host: captcha.wowcontent.site.stage.cabinet.infrapu.sh URL: https://captcha.wowcontent.site.stage.cabinet.infrapu.sh/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 104.248.194.63 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software nginx/1.18.0 / PHP/7.4.33 Resource Hash `080c74336a20e156a8573364e23f199ecf4f2bb6d9fb17dcd6115c43ace79177` Request headers Referer https://captcha.wowcontent.site.stage.cabinet.infrapu.sh/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 accept-language nl-NL,nl;q=0.9 Response headers bla 4k2a.captcha.wowcontent.site.stage.cabinet.infrapu.sh content-encoding gzip content-type text/html; charset=UTF-8 date Wed, 13 Mar 2024 02:51:59 GMT server nginx/1.18.0 x-powered-by PHP/7.4.33
GET H2	200	captcha.css 4k2a.captcha.wowcontent.site.stage.cabinet.infrapu.sh/assets/styles/	9 KB 9 KB	61ms 61ms	Stylesheet text/css	104.248.194.63 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://4k2a.captcha.wowcontent.site.stage.cabinet.infrapu.sh/assets/styles/captcha.css Requested by Host: 4k2a.captcha.wowcontent.site.stage.cabinet.infrapu.sh URL: https://4k2a.captcha.wowcontent.site.stage.cabinet.infrapu.sh/?r=1 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 104.248.194.63 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software nginx/1.18.0 / Resource Hash `0d3052df53fb528269653ab6900571ada40df7dd80af28505da6d1d05dfc0fdc` Request headers accept-language nl-NL,nl;q=0.9 Referer https://4k2a.captcha.wowcontent.site.stage.cabinet.infrapu.sh/?r=1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 Response headers date Wed, 13 Mar 2024 02:51:59 GMT last-modified Tue, 12 Mar 2024 08:56:04 GMT server nginx/1.18.0 bla 4k2a.captcha.wowcontent.site.stage.cabinet.infrapu.sh etag "65f018a4-2435" content-type text/css accept-ranges bytes content-length 9269
GET DATA	200 OK	truncated /	24 KB 0		Image image/jpeg
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `6cbf5ff9c2945171c3f93c38e9c67d4b98fb5354a3c95cf4910259780c1fb9b0` Request headers accept-language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 Response headers Content-Type image/jpeg
GET DATA	200 OK	truncated /	1 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `a72fd7760f623c9fd5fee0bd98df809a347471902fc479bcdae38681c1a071d1` Request headers accept-language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	3 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `ca7a07233506b5529a951fd2c4580757f5606d874b8a2b0a153d14a418b201ef` Request headers accept-language nl-NL,nl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 Response headers Content-Type image/png
GET H2	200	track metricswpsh.com/in/	0 0	112ms 25ms	Fetch	168.119.25.64 HETZNER-AS
General Check archive.org Show headers Download Go to Full URL https://metricswpsh.com/in/track?data=eyJ0YWdfaWQiOjB9 Requested by Host: 4k2a.captcha.wowcontent.site.stage.cabinet.infrapu.sh URL: https://4k2a.captcha.wowcontent.site.stage.cabinet.infrapu.sh/?r=1 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 168.119.25.64 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.64.25.119.168.clients.your-server.de Software nginx/1.18.0 / Resource Hash Request headers accept-language nl-NL,nl;q=0.9 Referer https://4k2a.captcha.wowcontent.site.stage.cabinet.infrapu.sh/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 Response headers pragma no-cache date Wed, 13 Mar 2024 02:51:59 GMT server nginx/1.18.0 vary Origin access-control-allow-methods * access-control-allow-origin * cache-control no-transform, no-cache, no-store, must-revalidate access-control-allow-headers Content-Type content-length 0
GET H2	200	wp-banners.js Show response js.wpshsdk.com/npc/sdk/	0 238 B	60ms 16ms	Script application/javascript	45.133.44.53 ADVANCEDHOSTERS-AS
General Check archive.org Show headers Download Go to Full URL https://js.wpshsdk.com/npc/sdk/wp-banners.js Requested by Host: 4k2a.captcha.wowcontent.site.stage.cabinet.infrapu.sh URL: https://4k2a.captcha.wowcontent.site.stage.cabinet.infrapu.sh/?r=1 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 45.133.44.53 Philadelphia, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL), Reverse DNS Software nginx/1.18.0 / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language nl-NL,nl;q=0.9 Referer https://4k2a.captcha.wowcontent.site.stage.cabinet.infrapu.sh/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 Response headers expires Wed, 13 Mar 2024 02:56:59 GMT date Wed, 13 Mar 2024 02:51:59 GMT last-modified Sat, 15 Jul 2023 12:01:31 GMT server nginx/1.18.0 etag "64b28a9b-0" content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=300 accept-ranges bytes content-length 0 x-proxy-cache HIT
GET H2	200	subscription-offers admangrauc.com/in/	0 201 B	109ms 31ms	Image text/plain	168.119.25.62 HETZNER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://admangrauc.com/in/subscription-offers?href=https%3A%2F%2F4k2a.captcha.wowcontent.site.stage.cabinet.infrapu.sh%2F%3Fr%3D1&tcid=0&spot_id=&site=landing&source_id=0&test_ab=a&template_name=captcha&utm_source=null&utm_medium=null&utm_campaign=null&utm_content=null&spotId=&adFormat=push&clickId=null Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 168.119.25.62 , Germany, ASN24940 (HETZNER-AS, DE), Reverse DNS static.62.25.119.168.clients.your-server.de Software nginx/1.18.0 / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language nl-NL,nl;q=0.9 Referer https://4k2a.captcha.wowcontent.site.stage.cabinet.infrapu.sh/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36 Response headers pragma no-cache date Wed, 13 Mar 2024 02:51:59 GMT server nginx/1.18.0 vary Origin access-control-allow-methods * access-control-allow-origin * cache-control no-transform, no-cache, no-store, must-revalidate access-control-allow-headers Content-Type content-length 0

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

4k2a.captcha.wowcontent.site.stage.cabinet.infrapu.sh
admangrauc.com
captcha.wowcontent.site.stage.cabinet.infrapu.sh
js.wpshsdk.com
metricswpsh.com
104.248.194.63
168.119.25.62
168.119.25.64
45.133.44.53
080c74336a20e156a8573364e23f199ecf4f2bb6d9fb17dcd6115c43ace79177
0d3052df53fb528269653ab6900571ada40df7dd80af28505da6d1d05dfc0fdc
6cbf5ff9c2945171c3f93c38e9c67d4b98fb5354a3c95cf4910259780c1fb9b0
a72fd7760f623c9fd5fee0bd98df809a347471902fc479bcdae38681c1a071d1
ca7a07233506b5529a951fd2c4580757f5606d874b8a2b0a153d14a418b201ef
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

4k2a.captcha.wowcontent.site.stage.cabinet.infrapu.sh Open in urlscan Pro 104.248.194.63 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

7 Requests

100 %HTTPS

0 %IPv6

4 Domains

5 Subdomains

5 IPs

3 Countries

207 kBTransfer

538 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

0 Cookies

Indicators

4k2a.captcha.wowcontent.site.stage.cabinet.infrapu.sh Open in urlscan Pro
104.248.194.63 Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

5
Subdomains

5
IPs

3
Countries

207 kB
Transfer

538 kB
Size

0
Cookies

7 HTTP transactions
3 data transactions