kauwouraig.com
Open in
urlscan Pro
172.67.205.44
Malicious Activity!
Public Scan
Submission: On October 12 via api from CA — Scanned from CA
Summary
TLS certificate: Issued by WE1 on September 14th 2024. Valid for: 3 months.
This is the only time kauwouraig.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Scam (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
21 | 172.67.205.44 172.67.205.44 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 104.18.10.244 104.18.10.244 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 139.45.195.8 139.45.195.8 | 9002 (RETN-AS) (RETN-AS) | |
1 1 | 88.214.195.101 88.214.195.101 | 46636 (NATCOWEB) (NATCOWEB) | |
1 | 88.214.195.112 88.214.195.112 | 46636 (NATCOWEB) (NATCOWEB) | |
26 | 4 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
21 |
kauwouraig.com
kauwouraig.com static.kauwouraig.com |
168 KB |
3 |
rtmark.net
my.rtmark.net — Cisco Umbrella Rank: 10912 |
2 KB |
2 |
r2drtb.com
1 redirects
track-us.r2drtb.com — Cisco Umbrella Rank: 573472 ads-us.r2drtb.com — Cisco Umbrella Rank: 955909 |
98 KB |
1 |
littlecdn.com
littlecdn.com — Cisco Umbrella Rank: 26547 |
2 KB |
26 | 4 |
Domain | Requested by | |
---|---|---|
20 | kauwouraig.com |
kauwouraig.com
|
3 | my.rtmark.net |
kauwouraig.com
|
1 | ads-us.r2drtb.com | |
1 | track-us.r2drtb.com | 1 redirects |
1 | static.kauwouraig.com |
kauwouraig.com
|
1 | littlecdn.com |
kauwouraig.com
|
26 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
oophaiwhemt.net |
glugreez.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
kauwouraig.com WE1 |
2024-09-14 - 2024-12-13 |
3 months | crt.sh |
littlecdn.com WE1 |
2024-09-04 - 2024-12-03 |
3 months | crt.sh |
rtmark.net R11 |
2024-08-30 - 2024-11-28 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://kauwouraig.com/?l=a3nQoMzllWU8Bfl&b=21377962&z=7661112&s=6708ba042fa86d00011d796f&var=12_E5FEEG4M7W&ymid=6708ba042fa86d00011d796f
Frame ID: 6FB85EB8969568A9BA9788DADB70E490
Requests: 26 HTTP requests in this frame
2 Outgoing links
These are links going to different origins than the main page.
Title: Install
Search URL Search Domain Scan URL
Title: Go to site
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 23- https://track-us.r2drtb.com/push/ic?auth=5xms58&c=81-uw5cSJ2yO_qEK6UPrEkAvkji6BN1gAk-0LJr9Z02N2vf_0IoR6rh0HCn5ZcbwXXxXD5EhsdlerYyHWMlN3HEUqCBMTf-FT8N6kEyKUePF9jormMURYZdPw2F8a4imtmtiCTB0hPtD-WY621ULjtIa1W38V080TQulpEhmw5lKiVdH-z7zFYMCscLsdwoeC9W9sO3R9i5tGbwWMDlcEV9TUfrY3m_BU3ifnYsNK0G1qg3vg4YPkSeKYmW8GJiSCJdpjQNwZ17O0oV_UOWwBOgJQsjNhKTP4f6l2IFCScwcpvK5Wj2sdhF901coMoilMQt6QtpuLkyGM4ezcLIEAd_L-9UaEeKPzTVJy2L7NbjTOtRkLdvSpeUgFOlIEWXVrwTYQPnoU1e8lFu6Fo0AsZb8OR55MMDlqbxTnYgFBumccVOP_S0FJF0LhVfTux_IFcHRQ-Ley-3qCdouDYq4DSBMHhxOBE4tv-MUBkxJ4FZCv7C9flLY9IgbzJ8 HTTP 302
- https://ads-us.r2drtb.com/creatives/yrxqwv29g84k154jkzepn631/1722423256708-DLUMzyj2ELJy.png
26 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H3 |
Primary Request
/
kauwouraig.com/ |
54 KB 16 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
speculation
kauwouraig.com/cdn-cgi/ |
128 B 565 B |
Other
application/speculationrules+json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
style.css
littlecdn.com/apps/templates/android-instructions/ios-system-message-custom/css/ |
6 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gid.js
my.rtmark.net/ |
65 B 543 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
micro.tag.min.js
kauwouraig.com/pfe/current/ |
45 KB 18 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
default.mp3
static.kauwouraig.com/templates/_assets/sounds/blip1/ |
7 KB 7 KB |
Media
audio/mpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gid.js
my.rtmark.net/ |
65 B 542 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
0142981268088.jpeg
kauwouraig.com/contents/s/5b/3e/3b/77a7a98d257d9aada41b33ebef/ |
113 KB 113 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
/
kauwouraig.com/ |
2 B 544 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.ico
kauwouraig.com/ |
0 419 B |
Other
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
7608761
kauwouraig.com/sw-check-permissions/ |
0 1 KB |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
zone
kauwouraig.com/ |
0 578 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
event
kauwouraig.com/ |
26 B 658 B |
Ping
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gid.js
my.rtmark.net/ |
65 B 542 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
event
kauwouraig.com/ |
26 B 657 B |
Ping
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
event
kauwouraig.com/ |
26 B 654 B |
Ping
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
event
kauwouraig.com/ |
26 B 658 B |
Ping
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
event
kauwouraig.com/ |
26 B 658 B |
Ping
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
zone
kauwouraig.com/ |
561 B 975 B |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
event
kauwouraig.com/ |
26 B 651 B |
Ping
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
rotate
kauwouraig.com/ |
2 KB 2 KB |
Fetch
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
track-impression-applab
kauwouraig.com/ |
746 B 1 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
event
kauwouraig.com/ |
26 B 661 B |
Ping
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
event
kauwouraig.com/ |
26 B 653 B |
Ping
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1722423256708-DLUMzyj2ELJy.png
ads-us.r2drtb.com/creatives/yrxqwv29g84k154jkzepn631/ Redirect Chain
|
98 KB 98 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
event
kauwouraig.com/ |
26 B 653 B |
Ping
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Scam (Online)44 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| global_vars function| redirectLocker function| getCookie function| addURLParams object| osVerPromise function| SentryObj function| LogDB function| ErrorLogger function| ObservableVariable function| openLink object| reverseConfig function| rtrDebugLog function| replaceInAllHrefs function| getGid function| processMarkerResponse function| writeCache function| readCache function| getData function| initAfterDOMReady function| IntentRedirector function| getRandomIntInclusive number| adxTraffic string| cpPushZone string| cpS string| cpZ string| cpDebug number| cpRetrySubReq string| srcDomain string| cpVar3 number| maxDefaultRDC string| mtRDC string| mtVar4 function| setCookie function| makePixelImg function| getIPPfromMarker string| ttbTime string| ttbUrl string| ttbZone string| ttbPZone string| ttbPParam function| redirectUrl function| backTb object| __ds3dcv__ object| zfgformats5 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
kauwouraig.com/ | Name: reverse Value: WAVitFQERTOsGCUlCJIILp0SoFFHjaz5Zg5llwHLnKw |
|
kauwouraig.com/ | Name: oaidts Value: 1728722608 |
|
kauwouraig.com/ | Name: syncedCookie Value: true |
|
my.rtmark.net/ | Name: ID Value: 0180f379b1ea44a3eea175658cc5329a |
|
kauwouraig.com/ | Name: OAID Value: 0800f393811c4c7afea32ddc38d99a5e |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ads-us.r2drtb.com
kauwouraig.com
littlecdn.com
my.rtmark.net
static.kauwouraig.com
track-us.r2drtb.com
104.18.10.244
139.45.195.8
172.67.205.44
88.214.195.101
88.214.195.112
0dae032d7b70b96c98adf6bffd9592c84db4f97538125b1e9230041919eac29a
11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d
1aacf7f3f2f1c7f5374623fc9c615f8240d4bde7bc839048a58701a42180f13a
235b928085dcdeafdaa0dbaae6ce1ef5329805c32938e258e8287df0fae2e3f9
280d59488d2d4a81c736c03ee7d24b60a9f484aecf20d666df7598297923ea1b
35b879d3f69df36396cda29c06301141ebf47dd3b5e4b70512b82147d0b38600
3e4664a625ba3e6b0c160554c578d5bf7170cb83bd5682d20a74720d1b27ec45
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4d425c31112cd5508aa73f0bdfd36c201578a60469cec66a9b832bcf58827745
4fdb5a03ae3f26e801517144609db3589bd0835a686fe11dfe7afddcdb750ef8
b604f0891ccfa751e041dfbc484bcf5d4b9c7773a62f5c284954e14ba4f43441
d01735d39af28d715f03c61991ebc08058e8f3f3b2737309ff28093d1463cbd3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3b7ff9b7ba21c92e9a280c3bdace590adad78291402a09fb20b4e7e11e9b7de
e99677f36e1163af4e3b7131bb735ec43d9658d8e3784bd468e0b5ab5d1ed04a
f5b8982a4023fbb3952dfd89da9edd2cdf2a2440872adeed2692dc1ab12d0cab