urlscan.io logo urlscan.io
SecurityTrails logo

qujat.kz Open in urlscan Pro
77.245.105.165  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://qrcodes.pro/m8XNTP
Effective URL: https://qujat.kz/riminellen/
Submission: On May 23 via api from GB — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 2 countries across 9 domains to perform 20 HTTP transactions. The main IP is 77.245.105.165, located in Astana, Kazakhstan and belongs to KTC-AS, KZ. The main domain is qujat.kz.
TLS certificate: Issued by R3 on April 28th 2023. Valid for: 3 months.
This is the only time qujat.kz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Viseca (Financial)

Domain & IP information

1    143.204.146.24 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-146-24.ewr52.r.cloudfront.net
qrcodes.pro
1    2607:f8b0:4006:821::2008 (Flushing, United States)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2a03:2880:f011:8:face:b00c:0:1 (Lithia Springs, United States)

ASN32934 (FACEBOOK, US)
connect.facebook.net
11    77.245.105.165 (Astana, Kazakhstan)

ASN35104 (KTC-AS, KZ)
qujat.kz
1    2607:f8b0:400c:c0a::9a (Charleston, United States)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
1    2607:f8b0:4006:820::2004 (Flushing, United States)

ASN15169 (GOOGLE, US)
www.google.com
1    2606:4700::6812:1734 (United States)

ASN13335 (CLOUDFLARENET, US)
pro.fontawesome.com
1    2607:f8b0:400c:c1a::5f (Charleston, United States)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
3    2607:f8b0:400c:c0c::5e (Charleston, United States)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
Apex Domain
Subdomains		 Transfer
11 qujat.kz
qujat.kz
353 KB
3 gstatic.com
fonts.gstatic.com
30 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 35
909 B
1 fontawesome.com
pro.fontawesome.com — Cisco Umbrella Rank: 4513
29 KB
1 google.com
www.google.com — Cisco Umbrella Rank: 2
456 B
1 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 34
2 KB
1 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 157
28 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 40
53 KB
1 qrcodes.pro
qrcodes.pro — Cisco Umbrella Rank: 385248
2 KB
20 9
Domain Requested by
11 qujat.kz 1 redirects qrcodes.pro
qujat.kz
3 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com qujat.kz
1 pro.fontawesome.com qujat.kz
1 www.google.com
1 googleads.g.doubleclick.net www.googletagmanager.com
1 connect.facebook.net qrcodes.pro
1 www.googletagmanager.com qrcodes.pro
1 qrcodes.pro
20 9

This site contains no links.

Subject Issuer Validity Valid
qr.tapnscan.me
Amazon RSA 2048 M02		 2023-02-24 -
2023-09-06		 6 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-04-24 -
2023-07-17		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2023-03-01 -
2023-05-30		 3 months crt.sh
qujat.kz
R3		 2023-04-28 -
2023-07-27		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-04-24 -
2023-07-17		 3 months crt.sh
www.google.com
GTS CA 1C3		 2023-04-24 -
2023-07-17		 3 months crt.sh
*.fontawesome.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-11-22 -
2023-12-23		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2023-05-08 -
2023-07-31		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-05-08 -
2023-07-31		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://qujat.kz/riminellen/
Frame ID: 1170D5E108CC363FD00892D80639ED62
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Login | one Digital Service

Page URL History Show full URLs

  1. https://qrcodes.pro/m8XNTP Page URL
  2. https://qujat.kz/riminellen HTTP 301
    https://qujat.kz/riminellen/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

20
Requests

100 %
HTTPS

78 %
IPv6

9
Domains

9
Subdomains

9
IPs

2
Countries

497 kB
Transfer

788 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://qrcodes.pro/m8XNTP Page URL
  2. https://qujat.kz/riminellen HTTP 301
    https://qujat.kz/riminellen/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
m8XNTP
qrcodes.pro/ 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://qrcodes.pro/m8XNTP
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.146.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-146-24.ewr52.r.cloudfront.net
Software
nginx /
Resource Hash
67a62d8da9ab4f0e4afe153c066841947c9bad9e1512ed0d4f521250676e5fd4

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language
en-US,en;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Authorization, Content-Type, x-csrftoken
access-control-allow-methods
POST, GET, PUT, DELETE, OPTIONS, PATCH
access-control-allow-origin
*
cache-control
private, max-age=1
content-encoding
br
content-language
en
content-type
text/html; charset=utf-8
date
Tue, 23 May 2023 09:33:53 GMT
server
nginx
vary
Accept-Encoding,Accept-Language,Cookie
via
1.1 57a894c75d329d29ecabaa7a88eb80a4.cloudfront.net (CloudFront)
x-amz-cf-id
lAWvkzEzeQBLjf0KZtMhlE50cenNxNQfxOUL90JrjKJm9Zwd6dGuIg==
x-amz-cf-pop
EWR52-C2
x-cache
Miss from cloudfront
js
www.googletagmanager.com/gtag/ 		136 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-None
Requested by
Host: qrcodes.pro
URL: https://qrcodes.pro/m8XNTP
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:821::2008 Flushing, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://qrcodes.pro/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Tue, 23 May 2023 09:33:54 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
53384
x-xss-protection
0
last-modified
Tue, 23 May 2023 09:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 23 May 2023 09:33:54 GMT
fbevents.js
connect.facebook.net/en_US/ 		106 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: qrcodes.pro
URL: https://qrcodes.pro/m8XNTP
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f011:8:face:b00c:0:1 Lithia Springs, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://qrcodes.pro/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Tue, 23 May 2023 09:33:54 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
27497
x-fb-rlafr
0
x-xss-protection
0
pragma
public
x-fb-debug
RFtT824Ct3Kt6i1odIFHv26hEMnwQh1BNpTKttxAMaYVB/yxR8nPfIyOVXCpCL8PEMT6kRDKi+hXcf1S0Na2eg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-fb-trip-id
1679558926
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), midi=(), screen-wake-lock=(), serial=(), usb=()
expires
Sat, 01 Jan 2000 00:00:00 GMT
Primary Request /
qujat.kz/riminellen/
Redirect Chain
  • https://qujat.kz/riminellen
  • https://qujat.kz/riminellen/
6 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://qujat.kz/riminellen/
Requested by
Host: qrcodes.pro
URL: https://qrcodes.pro/m8XNTP
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
77.245.105.165 Astana, Kazakhstan, ASN35104 (KTC-AS, KZ),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
ff99dfd7f9b9e5f70cdec6de536b12aee90e324bf55c54032de4a0b500cb044a

Request headers

Referer
https://qrcodes.pro/m8XNTP
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language
en-US,en;q=0.9

Response headers

Cache-Control
no-store, no-cache, must-revalidate
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Tue, 23 May 2023 09:33:56 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Pragma
no-cache
Server
nginx/1.10.3 (Ubuntu)
Transfer-Encoding
chunked

Redirect headers

Connection
keep-alive
Content-Length
194
Content-Type
text/html
Date
Tue, 23 May 2023 09:33:54 GMT
Location
https://qujat.kz/riminellen/
Server
nginx/1.10.3 (Ubuntu)
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/None/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/None/?random=1684834434197&cv=11&fst=1684834434197&bg=ffffff&guid=ON&async=1&gtm=45be35h0&u_w=1600&u_h=1200&url=https%3A%2F%2Fqrcodes.pro%2Fm8XNTP&hn=www.googleadservices.com&frm=0&auid=232070126.1684834434&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-None
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400c:c0a::9a Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://qrcodes.pro/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

pragma
no-cache
date
Tue, 23 May 2023 09:33:54 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1161
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/None/ 		42 B
456 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/None/?random=1684834434197&cv=11&fst=1684832400000&bg=ffffff&guid=ON&async=1&gtm=45be35h0&u_w=1600&u_h=1200&url=https%3A%2F%2Fqrcodes.pro%2Fm8XNTP&frm=0&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3041564467&rmt_tld=0&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:820::2004 Flushing, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://qrcodes.pro/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

pragma
no-cache
date
Tue, 23 May 2023 09:33:54 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
bootstrap.css
qujat.kz/riminellen/css/ 		188 KB
189 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://qujat.kz/riminellen/css/bootstrap.css
Requested by
Host: qujat.kz
URL: https://qujat.kz/riminellen/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
77.245.105.165 Astana, Kazakhstan, ASN35104 (KTC-AS, KZ),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
0c159070e198b7ed2a9162d6c9751f5914ff62803914d8512d60b1f5ffde4334

Request headers

accept-language
en-US,en;q=0.9
Referer
https://qujat.kz/riminellen/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date
Tue, 23 May 2023 09:33:56 GMT
Last-Modified
Mon, 07 Dec 2020 10:50:12 GMT
Server
nginx/1.10.3 (Ubuntu)
ETag
"5fce08e4-2f1f7"
Content-Type
text/css
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
193015
Expires
Thu, 31 Dec 2037 23:55:55 GMT
test.css
qujat.kz/riminellen/css/ 		2 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://qujat.kz/riminellen/css/test.css
Requested by
Host: qujat.kz
URL: https://qujat.kz/riminellen/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
77.245.105.165 Astana, Kazakhstan, ASN35104 (KTC-AS, KZ),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
c2cd0bbcc494213ca684429a5a6f4ab68cdddd6e1a9abd1895371229b7d72cd9

Request headers

accept-language
en-US,en;q=0.9
Referer
https://qujat.kz/riminellen/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date
Tue, 23 May 2023 09:33:56 GMT
Last-Modified
Mon, 16 Aug 2021 16:03:36 GMT
Server
nginx/1.10.3 (Ubuntu)
ETag
"611a8c58-94c"
Content-Type
text/css
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2380
Expires
Thu, 31 Dec 2037 23:55:55 GMT
hover.css
qujat.kz/riminellen/css/ 		0
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://qujat.kz/riminellen/css/hover.css
Requested by
Host: qujat.kz
URL: https://qujat.kz/riminellen/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
77.245.105.165 Astana, Kazakhstan, ASN35104 (KTC-AS, KZ),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
https://qujat.kz/riminellen/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date
Tue, 23 May 2023 09:33:57 GMT
Content-Encoding
gzip
Server
nginx/1.10.3 (Ubuntu)
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
html5shiv.min.js
qujat.kz/riminellen/js/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qujat.kz/riminellen/js/html5shiv.min.js
Requested by
Host: qujat.kz
URL: https://qujat.kz/riminellen/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
77.245.105.165 Astana, Kazakhstan, ASN35104 (KTC-AS, KZ),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
dc9cbf19b48bae0d28f72e59e67d6ec34ab1644087ec2e8e42954180d1586b48

Request headers

accept-language
en-US,en;q=0.9
Referer
https://qujat.kz/riminellen/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date
Tue, 23 May 2023 09:33:57 GMT
Last-Modified
Mon, 21 Aug 2017 16:37:38 GMT
Server
nginx/1.10.3 (Ubuntu)
ETag
"599b0c52-aaa"
Content-Type
application/javascript; charset=UTF-8
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2730
Expires
Thu, 31 Dec 2037 23:55:55 GMT
respond.min.js
qujat.kz/riminellen/js/ 		4 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qujat.kz/riminellen/js/respond.min.js
Requested by
Host: qujat.kz
URL: https://qujat.kz/riminellen/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
77.245.105.165 Astana, Kazakhstan, ASN35104 (KTC-AS, KZ),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
1944a255577a8ed66ae984c6f6356281ff6f29dc84a2af6f1facf258c7dab62e

Request headers

accept-language
en-US,en;q=0.9
Referer
https://qujat.kz/riminellen/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date
Tue, 23 May 2023 09:33:57 GMT
Last-Modified
Fri, 27 Jan 2017 00:50:18 GMT
Server
nginx/1.10.3 (Ubuntu)
ETag
"588a994a-11f1"
Content-Type
application/javascript; charset=UTF-8
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
4593
Expires
Thu, 31 Dec 2037 23:55:55 GMT
all.css
pro.fontawesome.com/releases/v5.10.0/css/ 		153 KB
29 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://pro.fontawesome.com/releases/v5.10.0/css/all.css
Requested by
Host: qujat.kz
URL: https://qujat.kz/riminellen/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1734 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2af905d92cfd34b5413126a54f639da408166cbbcb54318e413ad5e10b5bf6ec

Request headers

Referer
https://qujat.kz/
Origin
https://qujat.kz
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Tue, 23 May 2023 09:33:57 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Mon, 28 Jun 2021 16:54:32 GMT
server
cloudflare
x-amz-request-id
GX6Z0M3VE31VPTDY
etag
W/"aa1272633e7e552395d147a499bad186"
access-control-max-age
3000
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET
access-control-allow-origin
*
content-type
text/css
cache-control
max-age=31556926
cf-ray
7cbc4cdf0e76d163-BUF
x-amz-id-2
Hz39SKsPAJhB0kQgLu6z2GEJ+7UYobvIBREwwYq7j9W2GWNGn4j4K0cE1F4MEgpovomi+3IzP/Q=
one-small.svg
qujat.kz/riminellen/image/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://qujat.kz/riminellen/image/one-small.svg
Requested by
Host: qujat.kz
URL: https://qujat.kz/riminellen/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
77.245.105.165 Astana, Kazakhstan, ASN35104 (KTC-AS, KZ),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
8b1ac825153c2c2e7321901e800fdaf9ca16e65aaf28d362698400ac3642b18b

Request headers

accept-language
en-US,en;q=0.9
Referer
https://qujat.kz/riminellen/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date
Tue, 23 May 2023 09:33:58 GMT
Last-Modified
Sun, 15 Aug 2021 08:43:20 GMT
Server
nginx/1.10.3 (Ubuntu)
ETag
"6118d3a8-536"
Content-Type
image/svg+xml
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1334
menu.png
qujat.kz/riminellen/image/ 		151 B
471 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://qujat.kz/riminellen/image/menu.png
Requested by
Host: qujat.kz
URL: https://qujat.kz/riminellen/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
77.245.105.165 Astana, Kazakhstan, ASN35104 (KTC-AS, KZ),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
9dce19b4ba46ea70dfca5952318972c5f3fcd6c5601f8f823733dc619bc266f6

Request headers

accept-language
en-US,en;q=0.9
Referer
https://qujat.kz/riminellen/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date
Tue, 23 May 2023 09:33:58 GMT
Last-Modified
Sun, 15 Aug 2021 10:31:30 GMT
Server
nginx/1.10.3 (Ubuntu)
ETag
"6118ed02-97"
Content-Type
image/png
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
151
Expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery-3.5.1.min.js
qujat.kz/riminellen/js/ 		87 KB
88 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qujat.kz/riminellen/js/jquery-3.5.1.min.js
Requested by
Host: qujat.kz
URL: https://qujat.kz/riminellen/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
77.245.105.165 Astana, Kazakhstan, ASN35104 (KTC-AS, KZ),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

accept-language
en-US,en;q=0.9
Referer
https://qujat.kz/riminellen/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date
Tue, 23 May 2023 09:33:57 GMT
Last-Modified
Mon, 23 Nov 2020 19:18:24 GMT
Server
nginx/1.10.3 (Ubuntu)
ETag
"5fbc0b00-15d84"
Content-Type
application/javascript; charset=UTF-8
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
89476
Expires
Thu, 31 Dec 2037 23:55:55 GMT
bootstrap.min.js
qujat.kz/riminellen/js/ 		61 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qujat.kz/riminellen/js/bootstrap.min.js
Requested by
Host: qujat.kz
URL: https://qujat.kz/riminellen/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
77.245.105.165 Astana, Kazakhstan, ASN35104 (KTC-AS, KZ),
Reverse DNS
Software
nginx/1.10.3 (Ubuntu) /
Resource Hash
2909d4fa86cf09191e768576e1a6eab7f2635a2627549c45d29595ffac9c0da9

Request headers

accept-language
en-US,en;q=0.9
Referer
https://qujat.kz/riminellen/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date
Tue, 23 May 2023 09:33:58 GMT
Last-Modified
Mon, 07 Dec 2020 10:50:12 GMT
Server
nginx/1.10.3 (Ubuntu)
ETag
"5fce08e4-f3cb"
Content-Type
application/javascript; charset=UTF-8
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
62411
Expires
Thu, 31 Dec 2037 23:55:55 GMT
css2
fonts.googleapis.com/ 		5 KB
909 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Tajawal:wght@200;300;400;500;700;800&display=swap
Requested by
Host: qujat.kz
URL: https://qujat.kz/riminellen/css/test.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400c:c1a::5f Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
5d88e186bdfd7549215b164a9a03f8abbdbd35ced220ab00f2675920852539ef
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://qujat.kz/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

strict-transport-security
max-age=31536000
date
Tue, 23 May 2023 09:33:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
content-security-policy-report-only
require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/bcfae741e379a885f2ab2cf83ebe6d32
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
expires
Tue, 23 May 2023 09:33:57 GMT
Iurf6YBj_oCad4k1l8KiHrFpiZtK6Gw.woff2
fonts.gstatic.com/s/tajawal/v9/ 		10 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/tajawal/v9/Iurf6YBj_oCad4k1l8KiHrFpiZtK6Gw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Tajawal:wght@200;300;400;500;700;800&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400c:c0c::5e Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7d45287e6cc618a5ab8bce1b549ca76baeb978027529d937a6e08affcd7bca74
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://qujat.kz
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Thu, 18 May 2023 04:56:18 GMT
x-content-type-options
nosniff
age
448660
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9840
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 16:11:33 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 17 May 2024 04:56:18 GMT
Iurf6YBj_oCad4k1l4qkHrFpiZtK6Gw.woff2
fonts.gstatic.com/s/tajawal/v9/ 		10 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/tajawal/v9/Iurf6YBj_oCad4k1l4qkHrFpiZtK6Gw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Tajawal:wght@200;300;400;500;700;800&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400c:c0c::5e Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4bbd242fb906848860c703666d177a40fa9cb4205ec31aff8fa0ac21c141a4e3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://qujat.kz
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Fri, 19 May 2023 09:36:09 GMT
x-content-type-options
nosniff
age
345469
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9976
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 16:11:36 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 18 May 2024 09:36:09 GMT
Iura6YBj_oCad4k1nzGBC5xLhLE.woff2
fonts.gstatic.com/s/tajawal/v9/ 		10 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/tajawal/v9/Iura6YBj_oCad4k1nzGBC5xLhLE.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Tajawal:wght@200;300;400;500;700;800&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400c:c0c::5e Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
575b94e667eb4ee5d0ebb00823d7d0b7148068f5474b94aacd3deb659751c3f0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://qujat.kz
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Fri, 19 May 2023 11:32:23 GMT
x-content-type-options
nosniff
age
338495
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
10204
x-xss-protection
0
last-modified
Wed, 27 Apr 2022 16:00:32 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 18 May 2024 11:32:23 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Viseca (Financial)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| html5 object| respond function| $ function| jQuery number| uidEvent object| bootstrap

6 Cookies

Domain/Path Name / Value
qrcodes.pro/ Name: visitor-id
Value: 1684834434RQgzQR
qrcodes.pro/ Name: mappable_id
Value: 1684834434RQgzQR_1684834434
qrcodes.pro/ Name: access_token
Value: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJtYXBwYWJsZUlEIjoiMTY4NDgzNDQzNFJRZ3pRUl8xNjg0ODM0NDM0IiwidGltZXN0YW1wIjoxNjg0ODM0NDM0MDE2LCJpYXQiOjE2ODQ4MzQ0MDQsImV4cCI6MTY4NDgzNDczNH0.LGk5gjIngoBIjnKV6fBLAecqqJjmImOe4449uXPTGu4
.qrcodes.pro/ Name: _gcl_au
Value: 1.1.232070126.1684834434
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
qujat.kz/ Name: PHPSESSID
Value: ucg0qjjfsffof3u5ducu6d2b97

1 Console Messages

Source Level URL
Text
network error URL: https://qujat.kz/riminellen/css/hover.css
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

connect.facebook.net
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
pro.fontawesome.com
qrcodes.pro
qujat.kz
www.google.com
www.googletagmanager.com
143.204.146.24
2606:4700::6812:1734
2607:f8b0:4006:820::2004
2607:f8b0:4006:821::2008
2607:f8b0:400c:c0a::9a
2607:f8b0:400c:c0c::5e
2607:f8b0:400c:c1a::5f
2a03:2880:f011:8:face:b00c:0:1
77.245.105.165
0c159070e198b7ed2a9162d6c9751f5914ff62803914d8512d60b1f5ffde4334
1944a255577a8ed66ae984c6f6356281ff6f29dc84a2af6f1facf258c7dab62e
2909d4fa86cf09191e768576e1a6eab7f2635a2627549c45d29595ffac9c0da9
2af905d92cfd34b5413126a54f639da408166cbbcb54318e413ad5e10b5bf6ec
4bbd242fb906848860c703666d177a40fa9cb4205ec31aff8fa0ac21c141a4e3
575b94e667eb4ee5d0ebb00823d7d0b7148068f5474b94aacd3deb659751c3f0
5d88e186bdfd7549215b164a9a03f8abbdbd35ced220ab00f2675920852539ef
67a62d8da9ab4f0e4afe153c066841947c9bad9e1512ed0d4f521250676e5fd4
7d45287e6cc618a5ab8bce1b549ca76baeb978027529d937a6e08affcd7bca74
8b1ac825153c2c2e7321901e800fdaf9ca16e65aaf28d362698400ac3642b18b
9dce19b4ba46ea70dfca5952318972c5f3fcd6c5601f8f823733dc619bc266f6
c2cd0bbcc494213ca684429a5a6f4ab68cdddd6e1a9abd1895371229b7d72cd9
dc9cbf19b48bae0d28f72e59e67d6ec34ab1644087ec2e8e42954180d1586b48
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
ff99dfd7f9b9e5f70cdec6de536b12aee90e324bf55c54032de4a0b500cb044a