qr-captcha.com
Open in
urlscan Pro
139.45.197.167
Malicious Activity!
Public Scan
Effective URL: https://qr-captcha.com/?t=0&ymid=720296103471489577
Submission: On August 29 via manual from NG — Scanned from DE
Summary
TLS certificate: Issued by R3 on June 16th 2023. Valid for: 3 months.
This is the only time qr-captcha.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Cloudflare (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 104.244.42.133 104.244.42.133 | 13414 (TWITTER) (TWITTER) | |
1 | 139.45.197.245 139.45.197.245 | 9002 (RETN-AS) (RETN-AS) | |
4 | 139.45.195.8 139.45.195.8 | 9002 (RETN-AS) (RETN-AS) | |
1 20 | 172.64.133.20 172.64.133.20 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
4 | 139.45.197.167 139.45.197.167 | 9002 (RETN-AS) (RETN-AS) | |
32 | 6 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
20 |
psaugourtauy.com
1 redirects
psaugourtauy.com — Cisco Umbrella Rank: 72523 |
71 KB |
4 |
qr-captcha.com
qr-captcha.com — Cisco Umbrella Rank: 361121 |
20 KB |
4 |
rtmark.net
my.rtmark.net — Cisco Umbrella Rank: 11867 |
2 KB |
1 |
zeekaihu.net
zeekaihu.net — Cisco Umbrella Rank: 232975 |
2 KB |
1 |
t.co
t.co — Cisco Umbrella Rank: 556 |
628 B |
32 | 5 |
Domain | Requested by | |
---|---|---|
20 | psaugourtauy.com |
1 redirects
zeekaihu.net
psaugourtauy.com |
4 | qr-captcha.com |
psaugourtauy.com
qr-captcha.com |
4 | my.rtmark.net |
zeekaihu.net
psaugourtauy.com |
1 | zeekaihu.net |
t.co
|
1 | t.co | |
32 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
t.co DigiCert TLS Hybrid ECC SHA384 2020 CA1 |
2023-02-05 - 2024-02-05 |
a year | crt.sh |
rtmark.net R3 |
2023-07-25 - 2023-10-23 |
3 months | crt.sh |
psaugourtauy.com E1 |
2023-08-14 - 2023-11-12 |
3 months | crt.sh |
qr-captcha.com R3 |
2023-06-16 - 2023-09-14 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://qr-captcha.com/?t=0&ymid=720296103471489577
Frame ID: 2D68107564E1B04BAA5936B6BB978C15
Requests: 36 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://t.co/tsMCw33nkf Page URL
- http://zeekaihu.net/4/6191987 Page URL
- https://psaugourtauy.com/?s=720296080214077844&ssk=c02d27489a3f1837db08ae20398cc238&svar=1693295487&z... Page URL
-
https://psaugourtauy.com/cdn-cgi/phish-bypass?atok=Qd3U0qYY_IIM9LBsGsanTeeBHu9rfsqSiK1tpIA_g.E-169329...
HTTP 301
https://psaugourtauy.com/?s=720296080214077844&ssk=c02d27489a3f1837db08ae20398cc238&svar=1693295487&z... Page URL
- https://psaugourtauy.com/?s=720296080214077844&ssk=c02d27489a3f1837db08ae20398cc238&svar=1693295487&z... Page URL
- https://psaugourtauy.com/submenu/4662728/?rhd=1&var=6191987&var3=720296080214077844&oaid=148aacb80283... Page URL
- https://qr-captcha.com/?t=0&ymid=720296103471489577 Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://t.co/tsMCw33nkf Page URL
- http://zeekaihu.net/4/6191987 Page URL
- https://psaugourtauy.com/?s=720296080214077844&ssk=c02d27489a3f1837db08ae20398cc238&svar=1693295487&z=6191987&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb Page URL
-
https://psaugourtauy.com/cdn-cgi/phish-bypass?atok=Qd3U0qYY_IIM9LBsGsanTeeBHu9rfsqSiK1tpIA_g.E-1693295487-0-%2F%3Fs%3D720296080214077844%26ssk%3Dc02d27489a3f1837db08ae20398cc238%26svar%3D1693295487%26z%3D6191987%26pz%3D4662709%26tb%3D4662728%26l%3DWGYVPKNMPvY53zb
HTTP 301
https://psaugourtauy.com/?s=720296080214077844&ssk=c02d27489a3f1837db08ae20398cc238&svar=1693295487&z=6191987&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb Page URL
- https://psaugourtauy.com/?s=720296080214077844&ssk=c02d27489a3f1837db08ae20398cc238&svar=1693295487&z=6191987&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb&rdc=2 Page URL
- https://psaugourtauy.com/submenu/4662728/?rhd=1&var=6191987&var3=720296080214077844&oaid=148aacb80283d2fa68d250c0413abb22 Page URL
- https://qr-captcha.com/?t=0&ymid=720296103471489577 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 6- https://psaugourtauy.com/cdn-cgi/phish-bypass?atok=Qd3U0qYY_IIM9LBsGsanTeeBHu9rfsqSiK1tpIA_g.E-1693295487-0-%2F%3Fs%3D720296080214077844%26ssk%3Dc02d27489a3f1837db08ae20398cc238%26svar%3D1693295487%26z%3D6191987%26pz%3D4662709%26tb%3D4662728%26l%3DWGYVPKNMPvY53zb HTTP 301
- https://psaugourtauy.com/?s=720296080214077844&ssk=c02d27489a3f1837db08ae20398cc238&svar=1693295487&z=6191987&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb
32 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
tsMCw33nkf
t.co/ |
282 B 628 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
6191987
zeekaihu.net/4/ |
1 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
img.gif
my.rtmark.net/ |
43 B 504 B |
Ping
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
psaugourtauy.com/ |
5 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cf.errors.css
psaugourtauy.com/cdn-cgi/styles/ |
24 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
icon-exclamation.png
psaugourtauy.com/cdn-cgi/images/ |
452 B 670 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
/
psaugourtauy.com/ Redirect Chain
|
39 KB 13 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gid.js
my.rtmark.net/ |
65 B 543 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
micro.tag.min.js
psaugourtauy.com/pfe/current/ |
26 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
327 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
/
psaugourtauy.com/19/4662728/ |
3 KB 2 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
/
psaugourtauy.com/ |
2 B 527 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
rhd
psaugourtauy.com/ |
2 KB 3 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
4662709
psaugourtauy.com/sw-check-permissions/ |
0 944 B |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
zone
psaugourtauy.com/ |
0 480 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gid.js
my.rtmark.net/ |
65 B 543 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
zone
psaugourtauy.com/ |
901 B 1 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
/
psaugourtauy.com/ |
39 KB 13 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
micro.tag.min.js
psaugourtauy.com/pfe/current/ |
26 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
327 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
/
psaugourtauy.com/19/4662728/ |
3 KB 2 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
/
psaugourtauy.com/ |
2 B 531 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
4662709
psaugourtauy.com/sw-check-permissions/ |
0 951 B |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
zone
psaugourtauy.com/ |
0 481 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gid.js
my.rtmark.net/ |
65 B 543 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
zone
psaugourtauy.com/ |
901 B 1 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
/
psaugourtauy.com/submenu/4662728/ |
933 B 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
qr-captcha.com/ |
20 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
animate.css
qr-captcha.com/Attention_files/ |
78 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
qrcode.js
qr-captcha.com/ |
32 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
new_free.svg
qr-captcha.com/Attention_files/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
loading.svg
qr-captcha.com/Attention_files/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
x76v737e5ug
qr-captcha.com/w/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
85 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
bg.gif
qr-captcha.com/assets/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
7 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- qr-captcha.com
- URL
- https://qr-captcha.com/Attention_files/loading.svg
- Domain
- qr-captcha.com
- URL
- https://qr-captcha.com/w/x76v737e5ug
- Domain
- qr-captcha.com
- URL
- https://qr-captcha.com/assets/bg.gif
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Cloudflare (Online)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture10 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.t.co/ | Name: muc Value: f92a83f0-c1d0-4d3a-b86d-ce2c5d64c159 |
|
zeekaihu.net/ | Name: OAID Value: 423a026d3ff6415896ebda73e2c4c7da |
|
zeekaihu.net/ | Name: oaidts Value: 1693295487 |
|
my.rtmark.net/ | Name: ID Value: 423a026d3ff6415896ebda73e2c4c7da |
|
.psaugourtauy.com/ | Name: __cf_mw_byp Value: Qd3U0qYY_IIM9LBsGsanTeeBHu9rfsqSiK1tpIA_g.E-1693295487-0-/?s=720296080214077844&ssk=c02d27489a3f1837db08ae20398cc238&svar=1693295487&z=6191987&pz=4662709&tb=4662728&l=WGYVPKNMPvY53zb |
|
psaugourtauy.com/ | Name: syncedCookie Value: true |
|
psaugourtauy.com/ | Name: OAID Value: 148aacb80283d2fa68d250c0413abb22 |
|
psaugourtauy.com/ | Name: prefetchAd_4662728 Value: true |
|
psaugourtauy.com/ | Name: reverse Value: 19O_py_kPgRbbwqO0q1FglT-mqRfMaTzGcjRYgsEyNk |
|
psaugourtauy.com/ | Name: oaidts Value: 1693295492 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | referrer always; |
Strict-Transport-Security | max-age=0 |
X-Xss-Protection | 0 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
my.rtmark.net
psaugourtauy.com
qr-captcha.com
t.co
zeekaihu.net
qr-captcha.com
104.244.42.133
139.45.195.8
139.45.197.167
139.45.197.245
172.64.133.20
098ce9563c02c3aa652989046a2455c8504dd6de542ac8e4f9195a91969bb71e
0af012d8e9fc5947d7827a8565c0636c97db54ae6fe5762f6c38d0be37c6919f
1103290e25ebda2712abe344a87facbac00ddaba712729be9fe5feef807bf91b
194f47a3f557b2e85bf64328ec3952d088f53c4a8a014c60006f2825e560e689
246f894b5ae96150cef756a3eb8b0cdca27017fd5b375983042d3d4d4b26159d
414af32e4b8883639a4d227bc7a9a9e6b42e1d22031dc4aaf81fff3c70d7488e
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4a711f5cd03c09fd79ae2f19bb2f71168e71c18b7562626a1ae8d99ebc3212ff
4ac8c1d09e42e0362fcde9dbfa6baa5127a1a9901a207b030a1736bf4cf3c8f2
56c09cdddbb52eff660021ca91896cde47f956f91be4b43601d8224873bdcbcc
88d9f25117274c41b5d31b6d4b35194f4f768a7196465659f39a94c057f7ba35
89bcc9a26f3ed7fb196ca1d744395e6fb79f4561ced17605eb27105a9f67e56e
8fc6f15eedacfd43a291b8ab04628565286f22ea884d9460c872e5ca13b17493
a7989312a5e027fc621ceec7b53ec2c8e24eac5601f9ed11e5c217361b115bc1
c748b2236ab63dfd97982f21f3df35348146a281ad2374055fcaa0aa9b8ec845
d1413e8c95a61b36e4ea9441e9ead3cce29089e85043b0706453597016c01fdb
d2079946b3e68504ca4b983b90947803dba2fb32c48c20383e566ecee7db0ad7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e85003d223919385f0964bee7967cd1d7cbd4e2d845f3bf62a1077060c44555b
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016