urlscan.io logo urlscan.io
SecurityTrails logo

captcha.aiysai.xyz Open in urlscan Pro
65.9.86.85  Public Scan

Go To Rescan Add Verdict Report
URL: https://captcha.aiysai.xyz/
Submission Tags: phishingrod
Submission: On February 01 via api from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 5 HTTP transactions. The main IP is 65.9.86.85, located in United States and belongs to AMAZON-02, US. The main domain is captcha.aiysai.xyz.
TLS certificate: Issued by Amazon RSA 2048 M01 on January 31st 2023. Valid for: a year.
This is the only time captcha.aiysai.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 65.9.86.85 16509 (AMAZON-02)
1 18.66.17.28 16509 (AMAZON-02)
1 2402:4e00:803... 45090 (TENCENT-N...)
1 43.152.137.23 ()
5 5
Apex Domain
Subdomains		 Transfer
1 gtimg.com
captcha.gtimg.com
43 KB
1 qq.com
ssl.captcha.qq.com — Cisco Umbrella Rank: 86694
t.captcha.qq.com Failed
61 KB
1 cloudfront.net
d2rsov1e776uy0.cloudfront.net
1 KB
1 aiysai.xyz
captcha.aiysai.xyz
6 KB
5 4
Domain Requested by
1 captcha.gtimg.com ssl.captcha.qq.com
1 ssl.captcha.qq.com d2rsov1e776uy0.cloudfront.net
1 d2rsov1e776uy0.cloudfront.net captcha.aiysai.xyz
1 captcha.aiysai.xyz
0 t.captcha.qq.com Failed captcha.gtimg.com
5 5

This site contains no links.

Subject Issuer Validity Valid
captcha.aiysai.xyz
Amazon RSA 2048 M01		 2023-01-31 -
2024-02-29		 a year crt.sh
*.cloudfront.net
Amazon RSA 2048 M01		 2022-12-08 -
2023-12-07		 a year crt.sh
*.captcha.qq.com
DigiCert Secure Site CN CA G3		 2022-09-19 -
2023-10-20		 a year crt.sh
*.captcha.gtimg.com
DigiCert Secure Site CN CA G3		 2022-12-06 -
2023-12-06		 a year crt.sh

This page contains 3 frames:

Primary Page: https://captcha.aiysai.xyz/
Frame ID: 83A1DB0A7EC7CDCCEB248ED717C75A18
Requests: 1 HTTP requests in this frame

Frame: https://d2rsov1e776uy0.cloudfront.net/
Frame ID: 54F4BABCDCF5F4D9A729F09290752F59
Requests: 3 HTTP requests in this frame

Frame: https://t.captcha.qq.com/template/drag_ele.html
Frame ID: E127A9096741810DE529B3F3002C403C
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

人机验证

Detected technologies

Overall confidence: 100%
Detected patterns
  • /TCaptcha\.js
  • captcha\.qq\.com/.*

Page Statistics

5
Requests

80 %
HTTPS

25 %
IPv6

4
Domains

5
Subdomains

5
IPs

2
Countries

111 kB
Transfer

206 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
captcha.aiysai.xyz/ 		6 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://captcha.aiysai.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.86.85 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-86-85.ams1.r.cloudfront.net
Software
openresty /
Resource Hash
d9b06d26fbf59499f1eaabfe4260ee24faef2cda301408782765c0ac3d643d77

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-type
text/html; charset=utf-8
date
Wed, 01 Feb 2023 08:36:57 GMT
server
openresty
via
1.1 8da78542dac6b4328eb443200c30bbfe.cloudfront.net (CloudFront)
x-amz-cf-id
L8SrvP4Wi97eTtu9YwpEy_FKYkIsP25jNyavBBQ9qAB1LPWEc7X_Rw==
x-amz-cf-pop
AMS1-C1
x-cache
Miss from cloudfront
/
d2rsov1e776uy0.cloudfront.net/ Frame 54F4 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://d2rsov1e776uy0.cloudfront.net/
Requested by
Host: captcha.aiysai.xyz
URL: https://captcha.aiysai.xyz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.17.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-17-28.vie50.r.cloudfront.net
Software
cloudflare /
Resource Hash
5562f000f6fb14850f36a82e6f78a8de4b9bb890a49335ca21fda555dc5eda49

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
36356
cf-cache-status
DYNAMIC
cf-ray
7925e5266c949a18-FRA
content-encoding
gzip
content-type
text/html
date
Tue, 31 Jan 2023 22:31:01 GMT
last-modified
Mon, 30 Jan 2023 19:31:55 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UPezna8Met%2FW6uUP9ZJ%2B3MgHNsk6yXaC6SMrjhSFuAQHNyl72UjqXVSNJKjFwFGS0MDWCZOd7z3d1EhVdoLLl8vHUKDS9rI8H%2FPcMNAv7%2BenvKhDPBk68OfF8cXVoYJhRckHbI4%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
via
1.1 7813cdcdfb1cffa9f5c7d09f66440476.cloudfront.net (CloudFront)
x-amz-cf-id
EmbN-p-jZRSpzGlLGW8duyTjY1FpGwV8YxumiLX92Po8-9ZXAhdxTg==
x-amz-cf-pop
VIE50-P1
x-cache
Hit from cloudfront
TCaptcha.js
ssl.captcha.qq.com/ Frame 54F4 		61 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ssl.captcha.qq.com/TCaptcha.js
Requested by
Host: d2rsov1e776uy0.cloudfront.net
URL: https://d2rsov1e776uy0.cloudfront.net/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2402:4e00:8030:1::71 , China, ASN45090 (TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited, CN),
Reverse DNS
Software
Trpc httpd, tencent http server /
Resource Hash
2c8dbe1df56535108eb91cbf087a6d1869f53eb3bb992284f948a9e1d80f2722

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date
Wed, 01 Feb 2023 08:36:59 GMT
Server
Trpc httpd, tencent http server
P3P
CP=CAO PSA OUR
Content-Type
text/javascript
Cache-Control
max-age=600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
62082
tcaptcha-frame.54fe033f.js
captcha.gtimg.com/1/ Frame 54F4 		138 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://captcha.gtimg.com/1/tcaptcha-frame.54fe033f.js
Requested by
Host: ssl.captcha.qq.com
URL: https://ssl.captcha.qq.com/TCaptcha.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
43.152.137.23 -, , ASN (),
Reverse DNS
Software
tencent-cos /
Resource Hash
e748a28d60204a8c5056974392f018858a44e70fd80d2ab3505e91c3d16a3d3e

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Thu, 12 Jan 2023 10:06:44 GMT
content-encoding
gzip
x-cache-lookup
Cache Hit
x-cosindex-replication-status
Complete
x-cos-storage-class
MAZ_STANDARD
x-cos-request-id
NjNiZmRiYjRfM2QzNjQwMGJfMjlmOWFfMzM3YTM5Ng==
x-cos-version-id
MTg0NDUwNzA3MzQ1MDA2MTIyNzg
content-length
43243
x-cos-hash-crc64ecma
6723984968120807441
last-modified
Tue, 10 Jan 2023 08:26:48 GMT
server
tencent-cos
etag
"047d598fe36d0affa2fdf549bd4946a1"
vary
Origin, Access-Control-Request-Headers, Access-Control-Request-Method
content-type
text/javascript
access-control-allow-origin
*
x-nws-log-uuid
13603937475045312013
accept-ranges
bytes
drag_ele.html
t.captcha.qq.com/template/ Frame E127 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
t.captcha.qq.com
URL
https://t.captcha.qq.com/template/drag_ele.html

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| oncontentvisibilityautostatechange

0 Cookies