urlscan.io logo urlscan.io
SecurityTrails logo

qr.fm Open in urlscan Pro
2606:4700:3034::6815:22d9  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://qr.fm/aX2WKR
Submission: On July 13 via automatic, source phishtank — Scanned from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 5 domains to perform 18 HTTP transactions. The main IP is 2606:4700:3034::6815:22d9, located in United States and belongs to CLOUDFLARENET, US. The main domain is qr.fm.
TLS certificate: Issued by WE1 on July 1st 2024. Valid for: 3 months.
This is the only time qr.fm was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

IP Address AS Autonomous System
2 9 2606:4700:303... 13335 (CLOUDFLAR...)
7 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 2 2606:4700:10:... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
18 5
9    2606:4700:3034::6815:22d9 (United States)

ASN13335 (CLOUDFLARENET, US)
qr.fm
7    2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)
qr.io
2    2606:4700:10::ac43:88d (United States)

ASN13335 (CLOUDFLARENET, US)
whos.amung.us
widgets.amung.us
2    2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
Apex Domain
Subdomains		 Transfer
9 qr.fm
qr.fm
102 KB
7 qr.io
qr.io — Cisco Umbrella Rank: 188648
127 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 74
2 KB
2 amung.us
whos.amung.us — Cisco Umbrella Rank: 16624
widgets.amung.us — Cisco Umbrella Rank: 28386
772 B
1 gstatic.com
fonts.gstatic.com
31 KB
18 5
Domain Requested by
9 qr.fm 2 redirects qr.fm
7 qr.io qr.fm
2 fonts.googleapis.com qr.io
1 fonts.gstatic.com fonts.googleapis.com
1 widgets.amung.us qr.fm
1 whos.amung.us 1 redirects
18 6

This site contains links to these domains. Also see Links.

Domain
qr.io
Subject Issuer Validity Valid
qr.fm
WE1		 2024-07-01 -
2024-09-29		 3 months crt.sh
qr.io
GTS CA 1P5		 2024-05-31 -
2024-08-29		 3 months crt.sh
upload.video.google.com
WR2		 2024-06-24 -
2024-09-16		 3 months crt.sh
*.gstatic.com
WR2		 2024-06-24 -
2024-09-16		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://qr.fm/aX2WKR
Frame ID: 7AC4C5EE04CB0F0383AE8DDB74F467E4
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

QR Code Deleted

Page URL History Show full URLs

  1. https://qr.fm/aX2WKR Page URL
  2. https://qr.fm/cdn-cgi/phish-bypass?atok=ph9Kug3EG2HrjZ2BV60uE.GUQ9jYurY9uMEM5_aujvI-172088... HTTP 301
    https://qr.fm/aX2WKR Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • googleapis\.com/.+webfont

Page Statistics

18
Requests

89 %
HTTPS

100 %
IPv6

5
Domains

6
Subdomains

5
IPs

2
Countries

261 kB
Transfer

907 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://qr.fm/aX2WKR Page URL
  2. https://qr.fm/cdn-cgi/phish-bypass?atok=ph9Kug3EG2HrjZ2BV60uE.GUQ9jYurY9uMEM5_aujvI-1720889551-0.0.1.1-%2FaX2WKR HTTP 301
    https://qr.fm/aX2WKR Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3
  • https://qr.fm/favicon.ico HTTP 302
  • https://qr.fm/
Request Chain 10
  • https://whos.amung.us/swidget/qriostats.png HTTP 307
  • https://widgets.amung.us/small/10/1091.png

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
aX2WKR
qr.fm/ 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://qr.fm/aX2WKR
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::6815:22d9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e46d8c411f698a25309dc8892d2399018e5ddccc830c045dbf07bf6e3cfbb94a
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

cf-ray
8a2ac8b1c86463b2-LHR
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Sat, 13 Jul 2024 16:52:31 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A5SX6J9sr%2FV43Gu7d4dP7EFoqvot%2Bz9GntkUFt%2B9ifi42vQnqcjUVv9seqqNAGaGpF%2FTWr75Etnq39%2B4904V79ZjaPH%2BmZz8m6OcXNe6N8QNYXMgqwWh44J9QRFvT4NP%2Fsv8zQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
cf.errors.css
qr.fm/cdn-cgi/styles/ 		23 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://qr.fm/cdn-cgi/styles/cf.errors.css
Requested by
Host: qr.fm
URL: https://qr.fm/aX2WKR
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::6815:22d9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://qr.fm/aX2WKR
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 13 Jul 2024 16:52:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 11 Jul 2024 08:13:48 GMT
server
cloudflare
etag
W/"668f943c-5df3"
x-frame-options
DENY
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=7200, public
cf-ray
8a2ac8b2390e63b2-LHR
expires
Sat, 13 Jul 2024 18:52:31 GMT
icon-exclamation.png
qr.fm/cdn-cgi/images/ 		452 B
635 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://qr.fm/cdn-cgi/images/icon-exclamation.png?1376755637
Requested by
Host: qr.fm
URL: https://qr.fm/cdn-cgi/styles/cf.errors.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::6815:22d9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://qr.fm/cdn-cgi/styles/cf.errors.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 13 Jul 2024 16:52:31 GMT
x-content-type-options
nosniff
last-modified
Thu, 11 Jul 2024 08:13:48 GMT
server
cloudflare
etag
"668f943c-1c4"
x-frame-options
DENY
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=7200, public
accept-ranges
bytes
cf-ray
8a2ac8b2fa2263b2-LHR
content-length
452
expires
Sat, 13 Jul 2024 18:52:31 GMT
/
qr.fm/
Redirect Chain
  • https://qr.fm/favicon.ico
  • https://qr.fm/
6 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://qr.fm/
Protocol
H3
Server
2606:4700:3034::6815:22d9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
173bcee6c1ae7c4d5563958ceee0fbcf7112a8b9734ed151c9ca3b61ff683bed

Request headers

Referer
https://qr.fm/aX2WKR
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 13 Jul 2024 16:52:32 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ylGDI4aibeemf%2BoRE%2B9pjHSfcRCJ%2FlweoE84YA9qqUt6Zbytts5SZ9%2FhHdqcw69DxjJdnqzyScXn5AKbbCcyQCtHUwKjNeX60MhXoUG1jgy3NHBtCrce9ResEeHVTKwEQW7TeQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
cf-ray
8a2ac8b45bdb63b2-LHR
alt-svc
h3=":443"; ma=86400

Redirect headers

date
Sat, 13 Jul 2024 16:52:32 GMT
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VwhQ9DIIRQh4Dm2LKQRY%2BIKqgBhyJoAFlJKhFsNGdNOtf59BqRaFY8AOpegAXDpEZrBOv6fmhuP5yKQb%2FMggbka0K1%2F8Dz1wyqrZ%2BFXYz5VhvRlK7OohsQ1bJ262rlMxFJ5hGw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
location
https://qr.fm
cf-ray
8a2ac8b38acc63b2-LHR
alt-svc
h3=":443"; ma=86400
Primary Request aX2WKR
qr.fm/
Redirect Chain
  • https://qr.fm/cdn-cgi/phish-bypass?atok=ph9Kug3EG2HrjZ2BV60uE.GUQ9jYurY9uMEM5_aujvI-1720889551-0.0.1.1-%2FaX2WKR
  • https://qr.fm/aX2WKR
2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://qr.fm/aX2WKR
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::6815:22d9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b2302032fcb7cb2d82cae2916f83d61f747268ea6b646895b44b58d8c8d2d839

Request headers

Referer
https://qr.fm/aX2WKR
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8a2ac8d58f4b63b2-LHR
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sat, 13 Jul 2024 16:52:37 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TfwSVoU1QukaTflHSi6%2BaSJkSgwOKoqPv79N3VrdbDyIroqfjaHVa1SX22MzHRvToFybQWsapQdO0fyqXnUV0ckG%2B6L9YopVi1xMKrgqMC3Io7ACT0N9hy7NMltXx%2BEF%2FTb7mA%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare

Redirect headers

cache-control
private, no-cache
cf-ray
8a2ac8d53ef763b2-LHR
content-length
167
content-type
text/html
date
Sat, 13 Jul 2024 16:52:37 GMT
location
https://qr.fm/aX2WKR
server
cloudflare
x-content-type-options
nosniff
x-frame-options
DENY
all.css
qr.fm/fontawesome-free-5.15.4-web/css/ 		72 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://qr.fm/fontawesome-free-5.15.4-web/css/all.css
Requested by
Host: qr.fm
URL: https://qr.fm/aX2WKR
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::6815:22d9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0cb8cc3fee4275e182236ab19c3aae55274f43aa0ffde9c0510d8d59fcf8e5dc

Request headers

Referer
https://qr.fm/aX2WKR
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 13 Jul 2024 16:52:37 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Sat, 09 Sep 2023 21:07:07 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Sr6o6532qY4ACqSyXUE2zkvdqkZO73%2BXJfXb8Og4bVN886W8By%2Bb5psnMAp0szZhNQP49yG3kedYmEcYN9PMIdtlBNHt0NjPM4EODrDItutdgNBkQQuIcKJPBr%2BNX3zgFwBxfA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
8a2ac8d6c8c163b2-LHR
alt-svc
h3=":443"; ma=86400
prism.css
qr.io/node_modules/prismjs/themes/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://qr.io/node_modules/prismjs/themes/prism.css
Requested by
Host: qr.fm
URL: https://qr.fm/aX2WKR
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
565dbff14754261a039640abf421099afefb922ba1e32c4c17b80fd4e61ee840

Request headers

Referer
https://qr.fm/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 13 Jul 2024 16:52:37 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 12 Sep 2020 18:43:17 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
5127
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RRK6Zg1iZ8fy5bAuitde3sqE9aPUrXbQecTZXafFJGOjch%2F39IVsP3jsE%2B35Ups1Qmp3YR2FUQmv5jRwXHvjdtMfThTt5i47HYOsyDHfSQjZrUD2JRbuANDN2LEpvXVTr8YSGw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
8a2ac8d77fe994df-LHR
alt-svc
h3=":443"; ma=86400
jqvmap.min.css
qr.io/node_modules/jqvmap/dist/ 		613 B
689 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://qr.io/node_modules/jqvmap/dist/jqvmap.min.css
Requested by
Host: qr.fm
URL: https://qr.fm/aX2WKR
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
32d26b3f38f5adcf544dcb92bd5ef604d67ac7300a28f7f8b072ae0e9f555a3c

Request headers

Referer
https://qr.fm/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 13 Jul 2024 16:52:37 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Sat, 12 Sep 2020 18:43:10 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
5127
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6eu67aVSTmy3jV89gbcPpIoK%2BWJkodwgQNY5dzKM4%2BEoR%2BI%2BiXKfvvLEShyK2%2FYaLYZKwWjskvabvHGoj4amYC%2FV6P23ADA4NeDs%2Fcm8dbbz8INKjfaP%2FpVks9mHZej5oaFgTw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
8a2ac8d77ff494df-LHR
alt-svc
h3=":443"; ma=86400
leaf.css
qr.io/css/ 		559 KB
75 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://qr.io/css/leaf.css
Requested by
Host: qr.fm
URL: https://qr.fm/aX2WKR
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c25d5aea4b2c07449b8444cc969f070c795fb6ad1bdac11a6b7d16a932174ade

Request headers

Referer
https://qr.fm/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 13 Jul 2024 16:52:37 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Wed, 08 Nov 2023 12:07:50 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
5127
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pmDlDwOx5XcTod%2FYR90mSPXa24tBoMeVl4U8%2F49dFDI0AFQrqTLyMW44zwMPEZc0ltIArr%2FtLlEU5rsQs3mGIqCKA4rHzmU1ROqh44ZJwW0Zomu79c77NcbBQP5OMu6s8m3kNw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
8a2ac8d77ff994df-LHR
alt-svc
h3=":443"; ma=86400
vue@2.6.14.js
qr.io/vue-scripts/ 		92 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qr.io/vue-scripts/vue@2.6.14.js
Requested by
Host: qr.fm
URL: https://qr.fm/aX2WKR
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9174c425c445377df4562ad9165ea08fdf9433a808296d7de5f619791df10e17

Request headers

Referer
https://qr.fm/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 13 Jul 2024 16:52:37 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 07 Feb 2022 12:51:02 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
3922
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0D%2BF%2B62Q440H3jRXaI9pJWQJN6GFQfWYQydnmwKUA26eGtExFN24x8ZF7EG2ByQiSO%2B8wwRhvKBxJo2jkOeDZaj5aEj8lM%2F271n5FoeYaBt9R6KB3B7ZoazST9Pey2bSg04yuA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
8a2ac8d77ff294df-LHR
alt-svc
h3=":443"; ma=86400
axios.min.js
qr.io/vue-scripts/ 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qr.io/vue-scripts/axios.min.js
Requested by
Host: qr.fm
URL: https://qr.fm/aX2WKR
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b00828aa594968071f062841833553f98541845061e2d1c3144da47acce5940d

Request headers

Referer
https://qr.fm/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 13 Jul 2024 16:52:37 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 07 Feb 2022 12:51:01 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
5127
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CqAxHeyGy3%2FPYZ84nq9lKcJkPg2L5Wrb2Q0o7pXYFj3iF1KuDFEYeulQnh%2FhJWn%2FxLadB7AdKNbqhyMOXe5M0xYvVLZBtG%2F6aWVs90Q8uvGuqdv1mNRaN2Bz6c1rRjVOM7cUng%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
8a2ac8d77ff594df-LHR
alt-svc
h3=":443"; ma=86400
1091.png
widgets.amung.us/small/10/
Redirect Chain
  • https://whos.amung.us/swidget/qriostats.png
  • https://widgets.amung.us/small/10/1091.png
337 B
548 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://widgets.amung.us/small/10/1091.png
Requested by
Host: qr.fm
URL: https://qr.fm/aX2WKR
Protocol
H3
Server
2606:4700:10::ac43:88d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f89001456f4589d8b60de7f231674872df220b59e156aa0a95ac0eb6c5f29b0d

Request headers

Referer
https://qr.fm/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 13 Jul 2024 16:52:37 GMT
cf-cache-status
HIT
last-modified
Sun, 13 Jun 2010 09:48:30 GMT
server
cloudflare
age
2058803
etag
"4c14a96e-151"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=2678400
accept-ranges
bytes
cf-ray
8a2ac8d87dc2892a-LHR
alt-svc
h3=":443"; ma=86400
content-length
337
expires
Thu, 20 Jun 2024 20:59:14 GMT

Redirect headers

date
Sat, 13 Jul 2024 16:52:37 GMT
cf-cache-status
DYNAMIC
server
cloudflare
content-type
text/html; charset=UTF-8
location
https://widgets.amung.us/small/10/1091.png
cache-control
no-cache, no-store, must-revalidate
cf-ray
8a2ac8d77cb7892a-LHR
alt-svc
h3=":443"; ma=86400
favicon-120-precomposed.png
qr.io/qrfav/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://qr.io/qrfav/favicon-120-precomposed.png
Requested by
Host: qr.fm
URL: https://qr.fm/aX2WKR
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
55a0b98f35cc4f66ffa3f5395b705ae2d31e183fcd1216b2d355e4bb7f7916a7

Request headers

Referer
https://qr.fm/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 13 Jul 2024 16:52:37 GMT
cf-cache-status
HIT
last-modified
Wed, 16 Sep 2020 15:39:06 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
463
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gPFY3H34lAXqpJS7OeZTxMGyVr%2FTwh%2F6hmErIapR1nQlwp2uhPin23SSs4GBlHrrqgRES%2FUlHiJ5SQQVARamnCxb5iCR%2FNL61WjfGirhqP8rLI19KLVVuCi5p06HIYSVcJa1sQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
8a2ac8d77ffd94df-LHR
alt-svc
h3=":443"; ma=86400
content-length
6339
css
fonts.googleapis.com/ 		11 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Nunito+Sans:300,400,600,700,800&display=swap
Requested by
Host: qr.io
URL: https://qr.io/css/leaf.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
6df562d9e42d2e0be020a7045f7acfa1453c5907c1dd08f8bbe440a37c4f03d3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://qr.io/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sat, 13 Jul 2024 16:52:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sat, 13 Jul 2024 16:21:03 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 13 Jul 2024 16:52:37 GMT
css
fonts.googleapis.com/ 		2 KB
525 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Sanchez:400,400i&display=swap
Requested by
Host: qr.io
URL: https://qr.io/css/leaf.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
7018a1ab979e80049d6bb8d223f28e5a65851d9b60f5f193e99527a12392ea06
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://qr.io/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sat, 13 Jul 2024 16:52:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sat, 13 Jul 2024 16:52:38 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 13 Jul 2024 16:52:38 GMT
fa-solid-900.woff2
qr.fm/fontawesome-free-5.15.4-web/webfonts/ 		76 KB
77 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://qr.fm/fontawesome-free-5.15.4-web/webfonts/fa-solid-900.woff2
Requested by
Host: qr.fm
URL: https://qr.fm/fontawesome-free-5.15.4-web/css/all.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::6815:22d9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9834b82ad26e2a37583d22676a12dd2eb0fe7c80356a2114d0db1aa8b3899537

Request headers

Referer
https://qr.fm/fontawesome-free-5.15.4-web/css/all.css
Origin
https://qr.fm
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 13 Jul 2024 16:52:38 GMT
cf-cache-status
HIT
last-modified
Sat, 09 Sep 2023 21:23:33 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
4741
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3%2BoKGR7daaafo5ar0i7nnc7bKyIUpMn6OZ8kX2mPcK%2Fp%2FEFqxRHzKgr48qAZ106wQFy72DEhJYfJvoqxMBFjodoT4824cfwkQw%2BqdJmGOIqy00HMIvtdVeAHSCUHsfNHllSROA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
8a2ac8da0c8f63b2-LHR
alt-svc
h3=":443"; ma=86400
content-length
78268
pe0TMImSLYBIv1o4X1M8ce2xCx3yop4tQpF_MeTm0lfGWVpNn64CL7U8upHZIbMV51Q42ptCp7t1R-s.woff2
fonts.gstatic.com/s/nunitosans/v15/ 		30 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/nunitosans/v15/pe0TMImSLYBIv1o4X1M8ce2xCx3yop4tQpF_MeTm0lfGWVpNn64CL7U8upHZIbMV51Q42ptCp7t1R-s.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Nunito+Sans:300,400,600,700,800&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1393acc632c160def86b45c2521c8ee742b7e6239d0d90fb95f51d55cf48b9c3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://qr.fm
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 09 Jul 2024 09:42:54 GMT
x-content-type-options
nosniff
age
371384
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31052
x-xss-protection
0
last-modified
Thu, 27 Apr 2023 00:27:41 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 09 Jul 2025 09:42:54 GMT
favicon-32.png
qr.io/qrfav/ 		2 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://qr.io/qrfav/favicon-32.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9e4a990dc8aad850a895f3ab7cb57f6d5f8d3aa8b05a992b906b2f00a39dcfa3

Request headers

Referer
https://qr.fm/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Sat, 13 Jul 2024 16:52:38 GMT
cf-cache-status
HIT
last-modified
Wed, 16 Sep 2020 15:39:03 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
57
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qCnaibTETA1FpvftiCnNlG5P%2FkmJcH31RGr%2FReodJc1zU7rcW6OMNsRUVG5AK065%2BEG6lgpoml%2Fx5YPUT5kVPJPw%2BaCiy3fR4evQca%2FNFfeOpYiBMekr7FbJAjcxekqUT7cYKA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
8a2ac8dbce8d94df-LHR
alt-svc
h3=":443"; ma=86400
content-length
1782

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| Vue function| axios

1 Cookies

Domain/Path Name / Value
.qr.fm/ Name: __cf_mw_byp
Value: ph9Kug3EG2HrjZ2BV60uE.GUQ9jYurY9uMEM5_aujvI-1720889551-0.0.1.1-/aX2WKR

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
qr.fm
qr.io
whos.amung.us
widgets.amung.us
2606:4700:10::ac43:88d
2606:4700:3034::6815:22d9
2a00:1450:4001:803::2003
2a00:1450:4001:80b::200a
2a06:98c1:3120::3
0cb8cc3fee4275e182236ab19c3aae55274f43aa0ffde9c0510d8d59fcf8e5dc
1393acc632c160def86b45c2521c8ee742b7e6239d0d90fb95f51d55cf48b9c3
173bcee6c1ae7c4d5563958ceee0fbcf7112a8b9734ed151c9ca3b61ff683bed
32d26b3f38f5adcf544dcb92bd5ef604d67ac7300a28f7f8b072ae0e9f555a3c
55a0b98f35cc4f66ffa3f5395b705ae2d31e183fcd1216b2d355e4bb7f7916a7
565dbff14754261a039640abf421099afefb922ba1e32c4c17b80fd4e61ee840
6df562d9e42d2e0be020a7045f7acfa1453c5907c1dd08f8bbe440a37c4f03d3
7018a1ab979e80049d6bb8d223f28e5a65851d9b60f5f193e99527a12392ea06
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
9174c425c445377df4562ad9165ea08fdf9433a808296d7de5f619791df10e17
9834b82ad26e2a37583d22676a12dd2eb0fe7c80356a2114d0db1aa8b3899537
9e4a990dc8aad850a895f3ab7cb57f6d5f8d3aa8b05a992b906b2f00a39dcfa3
b00828aa594968071f062841833553f98541845061e2d1c3144da47acce5940d
b2302032fcb7cb2d82cae2916f83d61f747268ea6b646895b44b58d8c8d2d839
c25d5aea4b2c07449b8444cc969f070c795fb6ad1bdac11a6b7d16a932174ade
e46d8c411f698a25309dc8892d2399018e5ddccc830c045dbf07bf6e3cfbb94a
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
f89001456f4589d8b60de7f231674872df220b59e156aa0a95ac0eb6c5f29b0d