urlscan.io logo urlscan.io
SecurityTrails logo

qr-captcha.com Open in urlscan Pro
139.45.197.167  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://h9ixqvig9enl41fh.s3.amazonaws.com/0q7na0s84k8mxdhl/cba6aa6.html#TTsErt1WBdIdetOY7ZF276paNAYa?fnd3L8ccC4nTcyDyzcdc9KcBcDNL8kDzDcbbb5h
Effective URL: https://qr-captcha.com/?t=0&ymid=700755084178633051
Submission: On July 06 via api from BE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 5 countries across 12 domains to perform 14 HTTP transactions. The main IP is 139.45.197.167, located in United Kingdom and belongs to RETN-AS, GB. The main domain is qr-captcha.com. The Cisco Umbrella rank of the primary domain is 490951.
TLS certificate: Issued by R3 on June 16th 2023. Valid for: 3 months.
This is the only time qr-captcha.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Scam (Online)

Domain & IP information

IP Address AS Autonomous System
1 54.231.134.161 16509 (AMAZON-02)
1 1 45.91.94.123 63473 (HOSTHATCH)
1 65.98.109.147 25653 (FORTRESSITX)
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 1 51.161.115.163 16276 (OVH)
1 1 2604:9e00:1:1... 27257 (WEBAIR-IN...)
1 2 139.45.197.238 9002 (RETN-AS)
1 139.45.195.8 9002 (RETN-AS)
1 37.48.68.71 60781 (LEASEWEB-...)
6 139.45.197.167 9002 (RETN-AS)
14 9
1    54.231.134.161 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com
h9ixqvig9enl41fh.s3.amazonaws.com
1    45.91.94.123 (Vienna, Austria)

ASN63473 (HOSTHATCH, US)
PTR: white.arbizuracing.com
lockexaltatis.eu.org
1    65.98.109.147 (United States)

ASN25653 (FORTRESSITX, US)
PTR: creazionevideo.ml
lightsrains.com
1    2606:4700:3032::6815:1cae (United States)

ASN13335 (CLOUDFLARENET, US)
lynku.jukminung.com
1    2606:4700:3030::6815:588c (United States)

ASN13335 (CLOUDFLARENET, US)
www.forwardrock.com
1    2606:4700:3030::6815:4a8d (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.addlnk.com
1    51.161.115.163 (Canada)

ASN16276 (OVH, FR)
PTR: ns572483.ip-51-161-115.net
t3.hightid.com
1    2604:9e00:1:129::2:b2a (United States)

ASN27257 (WEBAIR-INTERNET, US)
go.savethereef.xyz
2    139.45.197.238 (United Kingdom)

ASN9002 (RETN-AS, GB)
feeloshu.com
1    139.45.195.8 (United Kingdom)

ASN9002 (RETN-AS, GB)
my.rtmark.net
1    37.48.68.71 (Amsterdam, Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
datatechone.com
6    139.45.197.167 (United Kingdom)

ASN9002 (RETN-AS, GB)
qr-captcha.com
Apex Domain
Subdomains		 Transfer
6 qr-captcha.com
qr-captcha.com — Cisco Umbrella Rank: 490951
21 KB
2 feeloshu.com
feeloshu.com — Cisco Umbrella Rank: 188155
13 KB
1 datatechone.com
datatechone.com — Cisco Umbrella Rank: 28697
465 B
1 rtmark.net
my.rtmark.net — Cisco Umbrella Rank: 9450
492 B
1 savethereef.xyz
go.savethereef.xyz — Cisco Umbrella Rank: 270745
210 B
1 hightid.com
t3.hightid.com — Cisco Umbrella Rank: 782459
519 B
1 addlnk.com
cdn.addlnk.com — Cisco Umbrella Rank: 373647
1 KB
1 forwardrock.com
www.forwardrock.com
1 KB
1 jukminung.com
lynku.jukminung.com
798 B
1 lightsrains.com
lightsrains.com
450 B
1 eu.org
lockexaltatis.eu.org
273 B
1 amazonaws.com
h9ixqvig9enl41fh.s3.amazonaws.com
844 B
14 12
Domain Requested by
6 qr-captcha.com qr-captcha.com
2 feeloshu.com 1 redirects www.forwardrock.com
1 datatechone.com feeloshu.com
1 my.rtmark.net feeloshu.com
1 go.savethereef.xyz 1 redirects
1 t3.hightid.com 1 redirects
1 cdn.addlnk.com www.forwardrock.com
1 www.forwardrock.com lightsrains.com
1 lynku.jukminung.com 1 redirects
1 lightsrains.com h9ixqvig9enl41fh.s3.amazonaws.com
1 lockexaltatis.eu.org 1 redirects
1 h9ixqvig9enl41fh.s3.amazonaws.com
14 12

This site contains no links.

Subject Issuer Validity Valid
*.s3.amazonaws.com
Amazon RSA 2048 M01		 2023-03-21 -
2023-12-19		 9 months crt.sh
lightsrains.com
Sectigo RSA Domain Validation Secure Server CA		 2022-10-27 -
2023-10-27		 a year crt.sh
forwardrock.com
GTS CA 1P5		 2023-05-28 -
2023-08-26		 3 months crt.sh
addlnk.com
GTS CA 1P5		 2023-06-13 -
2023-09-11		 3 months crt.sh
feeloshu.com
R3		 2023-06-13 -
2023-09-11		 3 months crt.sh
rtmark.net
R3		 2023-05-06 -
2023-08-04		 3 months crt.sh
datatechone.com
Sectigo RSA Domain Validation Secure Server CA		 2022-12-18 -
2023-12-24		 a year crt.sh
qr-captcha.com
R3		 2023-06-16 -
2023-09-14		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://qr-captcha.com/?t=0&ymid=700755084178633051
Frame ID: 935735F187EDC4EF71D7F155DDCE922E
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Attention

Page URL History Show full URLs

  1. https://h9ixqvig9enl41fh.s3.amazonaws.com/0q7na0s84k8mxdhl/cba6aa6.html Page URL
  2. http://lockexaltatis.eu.org/TTsErt1WBdIdetOY7ZF276paNAYa?fnd3L8ccC4nTcyDyzcdc9KcBcDNL8kDzDcbbb5h HTTP 302
    https://lightsrains.com/176430c00d915581000/2_933953_2761792/1598_4567622_4752985_31/833872393_45-14... Page URL
  3. https://lynku.jukminung.com/rc/9e8aef8068?affclick=1356663254&pubid=690391 HTTP 302
    https://www.forwardrock.com/rc/4fae28eb48?af5=pubid-not-valid Page URL
  4. https://t3.hightid.com/s.php?p=c%3As_8942pggbfij953c&d=631f396258fd6b044f727c62&pid=pub343aad91f5e4... HTTP 302
    https://go.savethereef.xyz/redirect?feed=491426&url=t3.hightid.com&subid=custom_11w034tpnx.de.windows.c... HTTP 302
    https://feeloshu.com/4/5908725 Page URL
  5. https://feeloshu.com/?z=5908725&syncedCookie=true&rhd=false HTTP 302
    https://qr-captcha.com/?t=0&ymid=700755084178633051 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link [^>]+(?:/([\d.]+)/)?animate\.(?:min\.)?css

Page Statistics

14
Requests

93 %
HTTPS

33 %
IPv6

12
Domains

12
Subdomains

9
IPs

5
Countries

38 kB
Transfer

169 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://h9ixqvig9enl41fh.s3.amazonaws.com/0q7na0s84k8mxdhl/cba6aa6.html Page URL
  2. http://lockexaltatis.eu.org/TTsErt1WBdIdetOY7ZF276paNAYa?fnd3L8ccC4nTcyDyzcdc9KcBcDNL8kDzDcbbb5h HTTP 302
    https://lightsrains.com/176430c00d915581000/2_933953_2761792/1598_4567622_4752985_31/833872393_45-141-152-77 Page URL
  3. https://lynku.jukminung.com/rc/9e8aef8068?affclick=1356663254&pubid=690391 HTTP 302
    https://www.forwardrock.com/rc/4fae28eb48?af5=pubid-not-valid Page URL
  4. https://t3.hightid.com/s.php?p=c%3As_8942pggbfij953c&d=631f396258fd6b044f727c62&pid=pub343aad91f5e44aed9b5cd0ae1d7451a7&s=5c5c1845 HTTP 302
    https://go.savethereef.xyz/redirect?feed=491426&url=t3.hightid.com&subid=custom_11w034tpnx.de.windows.chrome&query=5c5c1845&pub_clickid=64a68c85dfb32879bb4c62be&default_url=https%3A%2F%2Ft4.lowtid.com%2Fn.php%3Fp%3Dc%3A1ighcaypoihz05u69%26d%3D61e943f4a56e02198e0b0501%26s%3Ddu.%7Bpubfeed%7D%26d2%3D%7Breferrer_domain%7D HTTP 302
    https://feeloshu.com/4/5908725 Page URL
  5. https://feeloshu.com/?z=5908725&syncedCookie=true&rhd=false HTTP 302
    https://qr-captcha.com/?t=0&ymid=700755084178633051 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • http://lockexaltatis.eu.org/TTsErt1WBdIdetOY7ZF276paNAYa?fnd3L8ccC4nTcyDyzcdc9KcBcDNL8kDzDcbbb5h HTTP 302
  • https://lightsrains.com/176430c00d915581000/2_933953_2761792/1598_4567622_4752985_31/833872393_45-141-152-77
Request Chain 2
  • https://lynku.jukminung.com/rc/9e8aef8068?affclick=1356663254&pubid=690391 HTTP 302
  • https://www.forwardrock.com/rc/4fae28eb48?af5=pubid-not-valid
Request Chain 4
  • https://t3.hightid.com/s.php?p=c%3As_8942pggbfij953c&d=631f396258fd6b044f727c62&pid=pub343aad91f5e44aed9b5cd0ae1d7451a7&s=5c5c1845 HTTP 302
  • https://go.savethereef.xyz/redirect?feed=491426&url=t3.hightid.com&subid=custom_11w034tpnx.de.windows.chrome&query=5c5c1845&pub_clickid=64a68c85dfb32879bb4c62be&default_url=https%3A%2F%2Ft4.lowtid.com%2Fn.php%3Fp%3Dc%3A1ighcaypoihz05u69%26d%3D61e943f4a56e02198e0b0501%26s%3Ddu.%7Bpubfeed%7D%26d2%3D%7Breferrer_domain%7D HTTP 302
  • https://feeloshu.com/4/5908725

14 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
cba6aa6.html
h9ixqvig9enl41fh.s3.amazonaws.com/0q7na0s84k8mxdhl/ 		450 B
844 B 		Document
General
Check archive.org
Download Go to
Full URL
https://h9ixqvig9enl41fh.s3.amazonaws.com/0q7na0s84k8mxdhl/cba6aa6.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.231.134.161 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Content-Length
450
Content-Type
text/html
Date
Thu, 06 Jul 2023 09:42:27 GMT
ETag
"262772e70a22806ac9ebafa4253dfe9d"
Last-Modified
Thu, 06 Jul 2023 08:22:22 GMT
Server
AmazonS3
x-amz-id-2
OSSWafywfjo5M7GJ6vq7dptwKxA+IlcFS5acBW7PCYwXlU14/UqsOryC0U24A9JqnGsGHG+yfuA=
x-amz-request-id
E39SESSGHBBDQZMW
x-amz-server-side-encryption
AES256
833872393_45-141-152-77
lightsrains.com/176430c00d915581000/2_933953_2761792/1598_4567622_4752985_31/
Redirect Chain
  • http://lockexaltatis.eu.org/TTsErt1WBdIdetOY7ZF276paNAYa?fnd3L8ccC4nTcyDyzcdc9KcBcDNL8kDzDcbbb5h
  • https://lightsrains.com/176430c00d915581000/2_933953_2761792/1598_4567622_4752985_31/833872393_45-141-152-77
137 B
450 B 		Document
General
Check archive.org
Download Go to
Full URL
https://lightsrains.com/176430c00d915581000/2_933953_2761792/1598_4567622_4752985_31/833872393_45-141-152-77
Requested by
Host: h9ixqvig9enl41fh.s3.amazonaws.com
URL: https://h9ixqvig9enl41fh.s3.amazonaws.com/0q7na0s84k8mxdhl/cba6aa6.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
65.98.109.147 , United States, ASN25653 (FORTRESSITX, US),
Reverse DNS
creazionevideo.ml
Software
Apache /
Resource Hash

Request headers

Referer
https://h9ixqvig9enl41fh.s3.amazonaws.com/0q7na0s84k8mxdhl/cba6aa6.html#TTsErt1WBdIdetOY7ZF276paNAYa?fnd3L8ccC4nTcyDyzcdc9KcBcDNL8kDzDcbbb5h
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
close
Content-Length
137
Content-Type
text/html; charset=UTF-8
Date
Thu, 06 Jul 2023 09:42:28 GMT
Server
Apache

Redirect headers

Connection
close
Content-Length
0
Content-Type
text/html; charset=UTF-8
Date
Thu, 06 Jul 2023 09:42:27 GMT
Location
https://lightsrains.com/176430c00d915581000/2_933953_2761792/1598_4567622_4752985_31/833872393_45-141-152-77
Server
Apache
4fae28eb48
www.forwardrock.com/rc/
Redirect Chain
  • https://lynku.jukminung.com/rc/9e8aef8068?affclick=1356663254&pubid=690391
  • https://www.forwardrock.com/rc/4fae28eb48?af5=pubid-not-valid
1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.forwardrock.com/rc/4fae28eb48?af5=pubid-not-valid
Requested by
Host: lightsrains.com
URL: https://lightsrains.com/176430c00d915581000/2_933953_2761792/1598_4567622_4752985_31/833872393_45-141-152-77
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:588c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
92699336375d612d8a8f3dc9b3b9d9965034ab5155ac184bcc16511a79684f7d

Request headers

Referer
https://lightsrains.com/176430c00d915581000/2_933953_2761792/1598_4567622_4752985_31/833872393_45-141-152-77
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7e26e5dd1c6d993f-FRA
content-encoding
br
content-language
en-us
content-type
text/html; charset=utf-8
date
Thu, 06 Jul 2023 09:42:28 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0pB3dL8toUCXOWgRufUyJbtCvDLHsSLokeXKO6z5cA4%2Boi1chykXAV2KZVpc6O%2BD%2F0UJ5HjQjIgJsaNyoYaH0KerqbgfLW3fXWFEIaM8oBSOJ0k%2Frsg%2FPUmSySv%2BV7DhK%2B4gd0DT56xtBk6aN%2FpHpeQK"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding, Accept-Language, Cookie

Redirect headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7e26e5dc6e7a3647-FRA
content-language
en-us
content-type
text/html; charset=utf-8
date
Thu, 06 Jul 2023 09:42:28 GMT
location
https://www.forwardrock.com/rc/4fae28eb48?af5=pubid-not-valid
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=80XfvZUprkgFuFl8NkH0BaX%2BpRhhy72leRuQAnEadeUGCKiYuIAb6hDVgTkm0oWg3L1s1ivvfqZzXogIWjJRD09XAlRke%2BqsZNNM0Jz%2BxXzK9Iiq15i1htcOYJQn3AagAovNTJQPdFwwZlIrpMJPN770"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Language, Cookie
redirect.css
cdn.addlnk.com/ 		1 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.addlnk.com/redirect.css
Requested by
Host: www.forwardrock.com
URL: https://www.forwardrock.com/rc/4fae28eb48?af5=pubid-not-valid
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:4a8d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7817748dc7354950bf4943388276db534474269c0cd0ed6a629841ca3d7b81a1

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 06 Jul 2023 09:42:28 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
NR1VCTT25DE18GEE
age
6790
cf-polished
origSize=1680
alt-svc
h3=":443"; ma=86400
x-amz-id-2
qJS88FG3yYCBuvwumlwJIMI3tKfq1h6r3tzggcSW3yc40FITvlxepTtuFMs1iYTsw7RNqCy26bY=
cf-bgj
minify
last-modified
Wed, 13 Mar 2019 00:03:12 GMT
server
cloudflare
etag
W/"3ae56d32551602b41f9046c14d1cfde2"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oj0REDMyWtBG%2F4WpL73CXuDYMXXUtZaQpaMURdNrN4JsbMq1%2BLLgS5jN4X6o9u2HeL4yzACdzWHjNyLoCwi35QxWyh2%2FfW7Gq6JqCV4vl30YHD6tPIhnDsqwliGmtbdxn7fqaWiGGhEWxsrLFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cf-ray
7e26e5de1d112c77-FRA
5908725
feeloshu.com/4/
Redirect Chain
  • https://t3.hightid.com/s.php?p=c%3As_8942pggbfij953c&d=631f396258fd6b044f727c62&pid=pub343aad91f5e44aed9b5cd0ae1d7451a7&s=5c5c1845
  • https://go.savethereef.xyz/redirect?feed=491426&url=t3.hightid.com&subid=custom_11w034tpnx.de.windows.chrome&query=5c5c1845&pub_clickid=64a68c85dfb32879bb4c62be&default_url=https%3A%2F%2Ft4.lowtid....
  • https://feeloshu.com/4/5908725
27 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://feeloshu.com/4/5908725
Requested by
Host: www.forwardrock.com
URL: https://www.forwardrock.com/rc/4fae28eb48?af5=pubid-not-valid
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.197.238 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
7a1b49f55478bf862b5a88003daea65e223f474beb6f3562db560d3ce621e2e9

Request headers

Referer
https://www.forwardrock.com/rc/4fae28eb48?af5=pubid-not-valid
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin
* *
access-control-max-age
86400
cache-control
no-transform, no-store, no-cache, must-revalidate, max-age=0 no-store, no-cache, must-revalidate, max-age=0
content-encoding
gzip
content-type
text/html; charset=utf8
date
Thu, 06 Jul 2023 09:42:30 GMT
expires
Tue, 11 Jan 1994 10:00:00 GMT Mon, 26 Jul 1997 05:00:00 GMT
link
<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
pragma
no-cache no-cache
server
nginx
timing-allow-origin
*
x-trace-id
c769a500dca3212aca209329adb9be04

Redirect headers

Age
0
Cache-Control
no-store
Connection
keep-alive
Content-Length
0
Date
Thu, 06 Jul 2023 09:42:30 GMT
Location
https://feeloshu.com/4/5908725
Pragma
no-cache
Server
nginx
img.gif
my.rtmark.net/ 		43 B
492 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://my.rtmark.net/img.gif?f=merge&userId=57d30d0f8aa6460497c47fd4109beaf9
Requested by
Host: feeloshu.com
URL: https://feeloshu.com/4/5908725
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://feeloshu.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 06 Jul 2023 09:42:30 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
server
nginx
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
image/gif
access-control-allow-origin
*
access-control-expose-headers
Authorization
access-control-allow-credentials
true
timing-allow-origin
*, *
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length
43
add
datatechone.com/log/ 		2 B
465 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://datatechone.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
Requested by
Host: feeloshu.com
URL: https://feeloshu.com/4/5908725
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.48.68.71 Amsterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx/1.19.10 /
Resource Hash

Request headers

Referer
https://feeloshu.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Thu, 06 Jul 2023 09:42:30 GMT
Server
nginx/1.19.10
Access-Control-Allow-Methods
POST, GET, OPTIONS, PUT, DELETE
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
https://feeloshu.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length
2
Primary Request /
qr-captcha.com/
Redirect Chain
  • https://feeloshu.com/?z=5908725&syncedCookie=true&rhd=false
  • https://qr-captcha.com/?t=0&ymid=700755084178633051
20 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://qr-captcha.com/?t=0&ymid=700755084178633051
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.197.167 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
4ac8c1d09e42e0362fcde9dbfa6baa5127a1a9901a207b030a1736bf4cf3c8f2
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://feeloshu.com
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
public, max-age=0
content-encoding
br
content-type
text/html; charset=UTF-8
date
Thu, 06 Jul 2023 09:42:30 GMT
etag
W/"50f6-188c4485de8"
last-modified
Fri, 16 Jun 2023 12:57:37 GMT
server
nginx
strict-transport-security
max-age=1
vary
Accept-Encoding
x-content-type-options
nosniff

Redirect headers

access-control-allow-credentials
true
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://feeloshu.com
access-control-max-age
86400
cache-control
no-transform, no-store, no-cache, must-revalidate, max-age=0
content-length
0
date
Thu, 06 Jul 2023 09:42:30 GMT
expires
Tue, 11 Jan 1994 10:00:00 GMT
link
<https://qr-captcha.com>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://xobr219pa.com>; rel="preconnect dns-prefetch"
location
https://qr-captcha.com/?t=0&ymid=700755084178633051
pragma
no-cache
referrer-policy
no-referrer
server
nginx
strict-transport-security
max-age=1
timing-allow-origin
* *
x-content-type-options
nosniff
x-trace-id
90cac4f254e0c9130752dab876a10a53
animate.css
qr-captcha.com/Attention_files/ 		78 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://qr-captcha.com/Attention_files/animate.css
Requested by
Host: qr-captcha.com
URL: https://qr-captcha.com/?t=0&ymid=700755084178633051
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.197.167 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
d1413e8c95a61b36e4ea9441e9ead3cce29089e85043b0706453597016c01fdb
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://qr-captcha.com/?t=0&ymid=700755084178633051
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 06 Jul 2023 09:42:30 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
last-modified
Fri, 16 Jun 2023 12:57:37 GMT
server
nginx
content-encoding
br
etag
W/"1361f-188c4485de8"
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
public, max-age=0
qrcode.js
qr-captcha.com/ 		32 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qr-captcha.com/qrcode.js
Requested by
Host: qr-captcha.com
URL: https://qr-captcha.com/?t=0&ymid=700755084178633051
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.197.167 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
d2079946b3e68504ca4b983b90947803dba2fb32c48c20383e566ecee7db0ad7
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://qr-captcha.com/?t=0&ymid=700755084178633051
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 06 Jul 2023 09:42:30 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
last-modified
Fri, 16 Jun 2023 12:57:37 GMT
server
nginx
content-encoding
br
etag
W/"80f0-188c4485de8"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=0
new_free.svg
qr-captcha.com/Attention_files/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://qr-captcha.com/Attention_files/new_free.svg
Requested by
Host: qr-captcha.com
URL: https://qr-captcha.com/?t=0&ymid=700755084178633051
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.197.167 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
89bcc9a26f3ed7fb196ca1d744395e6fb79f4561ced17605eb27105a9f67e56e
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://qr-captcha.com/?t=0&ymid=700755084178633051
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 06 Jul 2023 09:42:30 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
last-modified
Fri, 16 Jun 2023 12:57:37 GMT
server
nginx
etag
W/"609-188c4485de8"
content-type
image/svg+xml
cache-control
public, max-age=0
accept-ranges
bytes
content-length
1545
loading.svg
qr-captcha.com/Attention_files/ 		386 B
600 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://qr-captcha.com/Attention_files/loading.svg
Requested by
Host: qr-captcha.com
URL: https://qr-captcha.com/?t=0&ymid=700755084178633051
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.197.167 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
d4d917c84ef07493d6dc83306cb754ddddc1cdb4fc879e09f5b54a0b6f11d451
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://qr-captcha.com/?t=0&ymid=700755084178633051
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 06 Jul 2023 09:42:30 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
last-modified
Fri, 16 Jun 2023 12:57:37 GMT
server
nginx
etag
W/"182-188c4485de8"
content-type
image/svg+xml
cache-control
public, max-age=0
accept-ranges
bytes
content-length
386
s7h8lueqhe
qr-captcha.com/w/ 		0
0
truncated
/ 		85 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4a711f5cd03c09fd79ae2f19bb2f71168e71c18b7562626a1ae8d99ebc3212ff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type
image/gif
bg.gif
qr-captcha.com/assets/ 		152 B
152 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://qr-captcha.com/assets/bg.gif
Requested by
Host: qr-captcha.com
URL: https://qr-captcha.com/?t=0&ymid=700755084178633051
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.197.167 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
ddf752a709ef05084d8373b3a377fe1971fc1338ce81d4ab3a16d00ed5f1a46a
Security Headers
Name Value
Content-Security-Policy default-src 'none'
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://qr-captcha.com/?t=0&ymid=700755084178633051
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 06 Jul 2023 09:42:30 GMT
content-security-policy
default-src 'none'
x-content-type-options
nosniff
content-encoding
br
server
nginx
vary
Accept-Encoding
content-type
text/html; charset=utf-8
truncated
/ 		7 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
73f9ab4d5da89277ef0ad3d291fd75e2e7466d8b0a32e059e1297884d1fccd2d

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type
image/png

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
qr-captcha.com
URL
https://qr-captcha.com/w/s7h8lueqhe

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Scam (Online)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend function| QRCode number| popupShows function| showDontLeavePopup function| imNotARobot

7 Cookies

Domain/Path Name / Value
lightsrains.com/ Name: uid15295
Value: 1356663254-20230706054228-33fc7afdeef159f03cc5cee21d743cd4-
lynku.jukminung.com/ Name: AWSALB
Value: GwuyU4ILmD5VP1+nmeY0fsgRAJErS4675eDhOteiNxikvIV6g6tC4My/EduV/RQLDYQPqdk8fNrc9gzPHqKT0gBPVC3cnrcuBmPNIe3VB90dVuntQ0xaPG8+mH/e
www.forwardrock.com/ Name: AWSALB
Value: i9JJO+k+wSk0usDaBG3+WqcDWivhqf82wk1e96r2/GfRmmuW6ejzfgkIGN3emH7GEUQpk9neD/j9Fyuap+F5oNMHVCtOaaDw/i6YEZhUyPYWDVjogt2r1JVPwL/L
feeloshu.com/ Name: OAID
Value: 57d30d0f8aa6460497c47fd4109beaf9
feeloshu.com/ Name: oaidts
Value: 1688636550
my.rtmark.net/ Name: ID
Value: 57d30d0f8aa6460497c47fd4109beaf9
feeloshu.com/ Name: syncedCookie
Value: true

1 Console Messages

Source Level URL
Text
network error URL: https://qr-captcha.com/assets/bg.gif
Message:
Failed to load resource: the server responded with a status of 404 ()