![](/screenshots/a255cba4-864c-43e4-92ae-ef3b280758e8.png)
qr.fm
Open in
urlscan Pro
2606:4700:3034::6815:22d9
Malicious Activity!
Public Scan
Submission: On July 13 via automatic, source phishtank — Scanned from GB
Summary
TLS certificate: Issued by WE1 on July 1st 2024. Valid for: 3 months.
This is the only time qr.fm was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Cloudflare (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 9 | 2606:4700:303... 2606:4700:3034::6815:22d9 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
7 | 2a06:98c1:312... 2a06:98c1:3120::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 2 | 2606:4700:10:... 2606:4700:10::ac43:88d | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2a00:1450:400... 2a00:1450:4001:80b::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:803::2003 | 15169 (GOOGLE) (GOOGLE) | |
18 | 5 |
ASN13335 (CLOUDFLARENET, US)
whos.amung.us | |
widgets.amung.us |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
qr.fm
2 redirects
qr.fm |
102 KB |
7 |
qr.io
qr.io — Cisco Umbrella Rank: 188648 |
127 KB |
2 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 74 |
2 KB |
2 |
amung.us
1 redirects
whos.amung.us — Cisco Umbrella Rank: 16624 widgets.amung.us — Cisco Umbrella Rank: 28386 |
772 B |
1 |
gstatic.com
fonts.gstatic.com |
31 KB |
18 | 5 |
Domain | Requested by | |
---|---|---|
9 | qr.fm |
2 redirects
qr.fm
|
7 | qr.io |
qr.fm
|
2 | fonts.googleapis.com |
qr.io
|
1 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | widgets.amung.us |
qr.fm
|
1 | whos.amung.us | 1 redirects |
18 | 6 |
Subject Issuer | Validity | Valid | |
---|---|---|---|
qr.fm WE1 |
2024-07-01 - 2024-09-29 |
3 months | crt.sh |
qr.io GTS CA 1P5 |
2024-05-31 - 2024-08-29 |
3 months | crt.sh |
upload.video.google.com WR2 |
2024-06-24 - 2024-09-16 |
3 months | crt.sh |
*.gstatic.com WR2 |
2024-06-24 - 2024-09-16 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://qr.fm/aX2WKR
Frame ID: 7AC4C5EE04CB0F0383AE8DDB74F467E4
Requests: 18 HTTP requests in this frame
Screenshot
![](/screenshots/a255cba4-864c-43e4-92ae-ef3b280758e8.png)
Page Title
QR Code DeletedPage URL History Show full URLs
- https://qr.fm/aX2WKR Page URL
-
https://qr.fm/cdn-cgi/phish-bypass?atok=ph9Kug3EG2HrjZ2BV60uE.GUQ9jYurY9uMEM5_aujvI-172088...
HTTP 301
https://qr.fm/aX2WKR Page URL
Detected technologies
![](/vendor/wappa/icons/Font Awesome.png)
Detected patterns
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
![](/vendor/wappa/icons/Google Font API.png)
Detected patterns
- googleapis\.com/.+webfont
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Powered by QR.io
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://qr.fm/aX2WKR Page URL
-
https://qr.fm/cdn-cgi/phish-bypass?atok=ph9Kug3EG2HrjZ2BV60uE.GUQ9jYurY9uMEM5_aujvI-1720889551-0.0.1.1-%2FaX2WKR
HTTP 301
https://qr.fm/aX2WKR Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 3- https://qr.fm/favicon.ico HTTP 302
- https://qr.fm/
- https://whos.amung.us/swidget/qriostats.png HTTP 307
- https://widgets.amung.us/small/10/1091.png
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
aX2WKR
qr.fm/ |
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
cf.errors.css
qr.fm/cdn-cgi/styles/ |
23 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
icon-exclamation.png
qr.fm/cdn-cgi/images/ |
452 B 635 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
/
qr.fm/ Redirect Chain
|
6 KB 2 KB |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Primary Request
aX2WKR
qr.fm/ Redirect Chain
|
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
all.css
qr.fm/fontawesome-free-5.15.4-web/css/ |
72 KB 13 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
prism.css
qr.io/node_modules/prismjs/themes/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jqvmap.min.css
qr.io/node_modules/jqvmap/dist/ |
613 B 689 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
leaf.css
qr.io/css/ |
559 KB 75 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
vue@2.6.14.js
qr.io/vue-scripts/ |
92 KB 35 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
axios.min.js
qr.io/vue-scripts/ |
18 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
1091.png
widgets.amung.us/small/10/ Redirect Chain
|
337 B 548 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon-120-precomposed.png
qr.io/qrfav/ |
6 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
11 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
2 KB 525 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
fa-solid-900.woff2
qr.fm/fontawesome-free-5.15.4-web/webfonts/ |
76 KB 77 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pe0TMImSLYBIv1o4X1M8ce2xCx3yop4tQpF_MeTm0lfGWVpNn64CL7U8upHZIbMV51Q42ptCp7t1R-s.woff2
fonts.gstatic.com/s/nunitosans/v15/ |
30 KB 31 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon-32.png
qr.io/qrfav/ |
2 KB 2 KB |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Cloudflare (Online)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| Vue function| axios1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.qr.fm/ | Name: __cf_mw_byp Value: ph9Kug3EG2HrjZ2BV60uE.GUQ9jYurY9uMEM5_aujvI-1720889551-0.0.1.1-/aX2WKR |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
fonts.googleapis.com
fonts.gstatic.com
qr.fm
qr.io
whos.amung.us
widgets.amung.us
2606:4700:10::ac43:88d
2606:4700:3034::6815:22d9
2a00:1450:4001:803::2003
2a00:1450:4001:80b::200a
2a06:98c1:3120::3
0cb8cc3fee4275e182236ab19c3aae55274f43aa0ffde9c0510d8d59fcf8e5dc
1393acc632c160def86b45c2521c8ee742b7e6239d0d90fb95f51d55cf48b9c3
173bcee6c1ae7c4d5563958ceee0fbcf7112a8b9734ed151c9ca3b61ff683bed
32d26b3f38f5adcf544dcb92bd5ef604d67ac7300a28f7f8b072ae0e9f555a3c
55a0b98f35cc4f66ffa3f5395b705ae2d31e183fcd1216b2d355e4bb7f7916a7
565dbff14754261a039640abf421099afefb922ba1e32c4c17b80fd4e61ee840
6df562d9e42d2e0be020a7045f7acfa1453c5907c1dd08f8bbe440a37c4f03d3
7018a1ab979e80049d6bb8d223f28e5a65851d9b60f5f193e99527a12392ea06
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
9174c425c445377df4562ad9165ea08fdf9433a808296d7de5f619791df10e17
9834b82ad26e2a37583d22676a12dd2eb0fe7c80356a2114d0db1aa8b3899537
9e4a990dc8aad850a895f3ab7cb57f6d5f8d3aa8b05a992b906b2f00a39dcfa3
b00828aa594968071f062841833553f98541845061e2d1c3144da47acce5940d
b2302032fcb7cb2d82cae2916f83d61f747268ea6b646895b44b58d8c8d2d839
c25d5aea4b2c07449b8444cc969f070c795fb6ad1bdac11a6b7d16a932174ade
e46d8c411f698a25309dc8892d2399018e5ddccc830c045dbf07bf6e3cfbb94a
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
f89001456f4589d8b60de7f231674872df220b59e156aa0a95ac0eb6c5f29b0d