visa.co.jp.qrtrc.com
Open in
urlscan Pro
155.94.144.10
Malicious Activity!
Public Scan
Effective URL: https://visa.co.jp.qrtrc.com/index.html
Submission: On May 19 via manual from JP — Scanned from JP
Summary
TLS certificate: Issued by R3 on May 19th 2022. Valid for: 3 months.
This is the only time visa.co.jp.qrtrc.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Visa (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
7 | 155.94.144.10 155.94.144.10 | 8100 (ASN-QUADR...) (ASN-QUADRANET-GLOBAL) | |
7 | 2 |
ASN8100 (ASN-QUADRANET-GLOBAL, US)
PTR: 155.94.144.10.static.quadranet.com
visa.co.jp.qrtrc.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
qrtrc.com
visa.co.jp.qrtrc.com |
73 KB |
7 | 1 |
Domain | Requested by | |
---|---|---|
7 | visa.co.jp.qrtrc.com |
visa.co.jp.qrtrc.com
|
7 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
visa.co.jp.qrtrc.com R3 |
2022-05-19 - 2022-08-17 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://visa.co.jp.qrtrc.com/index.html
Frame ID: 44B7AAA25E9DF05CB9FEDF2BF452EE4C
Requests: 8 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
index.html
visa.co.jp.qrtrc.com/ |
782 B 935 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chunk-vendors.92390da4.js
visa.co.jp.qrtrc.com/js/ |
107 KB 41 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.0a0da6e7.js
visa.co.jp.qrtrc.com/js/ |
6 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.a90aa50f.css
visa.co.jp.qrtrc.com/css/ |
2 KB 814 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
885.4f81da06.js
visa.co.jp.qrtrc.com/js/ |
62 KB 25 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
403.d1796853.css
visa.co.jp.qrtrc.com/css/ |
1 KB 716 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
403.8a532e36.js
visa.co.jp.qrtrc.com/js/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Visa (Financial)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails object| webpackChunk_2022_5_180 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
visa.co.jp.qrtrc.com
155.94.144.10
3ec96f1dd5f9994912f053027b22e6607738cc9ff1edd09b1c55aee3eca77b13
4a2ebbba258820ef1ba6215a1b8bb84c865cffd1fb64433bfb642f1df84f3a03
787491771ee8eb8d5aa2034a272bc73b5b7688a5e1e2bcdf2367985fe9cd0405
c0d53f88c1416197d9acbec3c66e8143cf9797f7f928c4350e04d43750a222e7
c9953101beaf3aa72e1abcdfafe3dfdbcc73bf08817968ccd112008facaaa5f6
ce0b56c0170892cf224af14b629e494e5a0106250182e4540810046ad45fef1f
d54fed3e92612586cf49c90fa63dd615a74eed4f12e4c2f7fce4b1963cae31d3
f7963587918fb45db1b23726d58d44090045224c74dc4b57808ff01146b5bf6a