qwyuov.tk
Open in
urlscan Pro
137.74.47.232
Malicious Activity!
Public Scan
Effective URL: http://qwyuov.tk/&%25&%25&&/login.php?cmd=login_submit&id=897e169186870a5c22be666d8106f7a6897e169186870a5c22be666...
Submission: On June 26 via manual from NZ
Summary
This is the only time qwyuov.tk was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: OneDrive (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 10 | 137.74.47.232 137.74.47.232 | 16276 (OVH) (OVH) | |
8 | 1 |
Domain | Requested by | |
---|---|---|
10 | qwyuov.tk |
2 redirects
qwyuov.tk
|
8 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
1970-01-01 - 1970-01-01 |
a few seconds | crt.sh |
This page contains 1 frames:
Primary Page:
http://qwyuov.tk/&%25&%25&&/login.php?cmd=login_submit&id=897e169186870a5c22be666d8106f7a6897e169186870a5c22be666d8106f7a6&session=897e169186870a5c22be666d8106f7a6897e169186870a5c22be666d8106f7a6
Frame ID: A528E9003146CA4CD3B3658EC07A88F8
Requests: 8 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://qwyuov.tk/%26%25%26%25%26%26
HTTP 301
http://qwyuov.tk/&%25&%25&&/ HTTP 302
http://qwyuov.tk/&%25&%25&&/login.php?cmd=login_submit&id=897e169186870a5c22be666d8106f7a6897... Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://qwyuov.tk/%26%25%26%25%26%26
HTTP 301
http://qwyuov.tk/&%25&%25&&/ HTTP 302
http://qwyuov.tk/&%25&%25&&/login.php?cmd=login_submit&id=897e169186870a5c22be666d8106f7a6897e169186870a5c22be666d8106f7a6&session=897e169186870a5c22be666d8106f7a6897e169186870a5c22be666d8106f7a6 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
login.php
qwyuov.tk/&%25&%25&&/ Redirect Chain
|
6 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
b1.png
qwyuov.tk/&%25&%25&&/images/ |
1 MB 1 MB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
b2.png
qwyuov.tk/&%25&%25&&/images/ |
625 KB 625 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
b3.png
qwyuov.tk/&%25&%25&&/images/ |
687 KB 687 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
b4.png
qwyuov.tk/&%25&%25&&/images/ |
127 KB 127 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
al.png
qwyuov.tk/&%25&%25&&/images/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
of.png
qwyuov.tk/&%25&%25&&/images/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
oth.png
qwyuov.tk/&%25&%25&&/images/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: OneDrive (Online)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
qwyuov.tk
137.74.47.232
018ac7d415b354ebf770aa7aec0f3db4d5c804847f4fdd0d3d255fa5c2ea671a
0caab617af5efdb355579b70feb0d9729e6288285e9b337ec1891443c6fd2023
2a412e03ac1f26824f8103779ff73defbc4390ff2eb0e62927b532b5ad328f0f
8a125ece74c331910f4d0d2909d548c73c1f1fdea70f416399f7d4edebaf7188
a5cb36f63ff36ba7479361786b900698260d16dc1c21482ae8d53fbd727f9bfa
b28050e7c4935fc0cda32b798e7ec1d29721730883e51a4239309432f90fb929
ca45d3ebe99e1943ad8aa70cc83a03661111a02efe692593e14fce6c4040ef4f
da463e32b24974878403daa71597f9e0d6c0eb4ee7102f9609286c90eb3e8da1