62.210.130.225 Open in urlscan Pro
62.210.130.225 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://62.210.130.225/m/
Effective URL:
http://62.210.130.225/m/dashboard.php?reference=038ad8253986dbdf2540
Submission: On February 16 via manual (February 16th 2024, 3:28:06 am UTC) from AU — Scanned from FR

Summary HTTP 14 Redirects Links 41 Behaviour Indicators

Summary

This website contacted 6 IPs in 3 countries across 4 domains to perform 14 HTTP transactions. The main IP is 62.210.130.225, located in France and belongs to Online SAS, FR. The main domain is 62.210.130.225.

This is the only time 62.210.130.225 was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Qantas (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1 10	62.210.130.225 62.210.130.225	12876 (Online SAS) (Online SAS)
1	3.212.217.228 3.212.217.228	() ()
1	92.123.104.62 92.123.104.62	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	184.86.251.13 184.86.251.13	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:80e::200a	15169 (GOOGLE) (GOOGLE)
14	6

10 62.210.130.225 (France) 1 redirects

ASN12876 (Online SAS, FR)

62.210.130.225	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.212.217.228 (Ashburn, United States)

ASN- ()
PTR: ec2-3-212-217-228.compute-1.amazonaws.com

qantas.resultspage.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 92.123.104.62 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a92-123-104-62.deploy.static.akamaitechnologies.com

cdn.qantasloyalty.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 184.86.251.13 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a184-86-251-13.deploy.static.akamaitechnologies.com

www.qantas.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	qantas.com www.qantas.com — Cisco Umbrella Rank: 188494	21 KB
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 434	33 KB
1	qantasloyalty.com cdn.qantasloyalty.com — Cisco Umbrella Rank: 440705	690 B
1	resultspage.com qantas.resultspage.com — Cisco Umbrella Rank: 624611	1 KB
14	4

	Domain	Requested by
2	www.qantas.com	62.210.130.225
1	ajax.googleapis.com	62.210.130.225
1	cdn.qantasloyalty.com	62.210.130.225
1	qantas.resultspage.com	62.210.130.225
14	4

This site contains links to these domains. Also see Links.

Domain
www.qantas.com
travelinsider.qantas.com.au
help.qantas.com
www.facebook.com
twitter.com
www.linkedin.com
www.youtube.com
instagram.com
www.jetstar.com

Subject Issuer	Validity	Valid
qantasloyalty.com DigiCert TLS RSA SHA256 2020 CA1	`2023-11-06` - `2024-09-10`	10 months	crt.sh
qantas.com DigiCert TLS RSA SHA256 2020 CA1	`2023-11-06` - `2024-11-05`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://62.210.130.225/m/dashboard.php?reference=038ad8253986dbdf2540
Frame ID: A9D8F38406D61783161C30B3E1A8894E
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

error iconCheckbox

Page URL History Show full URLs

http://62.210.130.225/m/ HTTP 302
http://62.210.130.225/m/dashboard.php?reference=038ad8253986dbdf2540 Page URL

Detected technologies

Adobe Experience Manager (CMS) Expand

Overall confidence: 100%
Detected patterns

/etc/designs/

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

14
Requests

21 %
HTTPS

20 %
IPv6

4
Domains

4
Subdomains

6
IPs

3
Countries

364 kB
Transfer

1110 kB
Size

0
Cookies

41 Outgoing links

These are links going to different origins than the main page.

URL: https://www.qantas.com/travel/airlines/viewing/global/en
Title: Upgrade my browser

Search URL Search Domain Scan URL

URL: https://www.qantas.com/us/en.html

Search URL Search Domain Scan URL

URL: https://www.qantas.com/au/en/qantas-experience/network-and-partner-airlines/oneworld.html
Title: Oneworld

Search URL Search Domain Scan URL

URL: https://www.qantas.com/travelinsider/en.html
Title: Travel Insider

Search URL Search Domain Scan URL

URL: https://www.qantas.com/directconnect/affinity
Title: Where can I go?

Search URL Search Domain Scan URL

URL: https://www.qantas.com/us/en/travel-guides/australia.html?int_cam=us:en:travel-guides-au:nav:en:flights

Search URL Search Domain Scan URL

URL: https://www.qantas.com/us/en/flight-deals/flights-to-australia.html/au
Title: Flights to Australia

Search URL Search Domain Scan URL

URL: https://www.qantas.com/us/en/flight-deals/flights-to-new-zealand.html/nz
Title: Flights to New Zealand

Search URL Search Domain Scan URL

URL: https://www.qantas.com/us/en/flight-deals.html
Title: Flights to Japan

Search URL Search Domain Scan URL

URL: https://www.qantas.com/us/en/flight-deals/flights-to-singapore.html/sin
Title: Flights to Singapore

Search URL Search Domain Scan URL

URL: https://www.qantas.com/us/en/flight-deals/flights-to-vanuatu.html/nou
Title: Flights to New Caledonia

Search URL Search Domain Scan URL

URL: https://www.qantas.com/us/en/flight-deals/international/flights-to-australia.html/economy/all/lowest?int_cam=us:en:flight-deals-au:nav:en:flights

Search URL Search Domain Scan URL

URL: http://travelinsider.qantas.com.au/qantas-magazine
Title: Qantas magazineOpens external site

Search URL Search Domain Scan URL

URL: https://www.qantas.com/us/en/book-a-trip/flights/qantas-explorer.html?int_cam=us:en:qantas-explorer:nav:en:flights

Search URL Search Domain Scan URL

URL: http://www.qantas.com/travel/airlines/flight-deals/us/en
Title: Flights to Australia

Search URL Search Domain Scan URL

URL: https://www.qantas.com/detect-site/coronavirus.html
Title: COVID-19 information

Search URL Search Domain Scan URL

URL: https://www.qantas.com/detect-site/manage-booking.html
Title: Manage booking

Search URL Search Domain Scan URL

URL: https://www.qantas.com/travel/airlines/baggage/global/en
Title: baggage allowances

Search URL Search Domain Scan URL

URL: https://www.qantas.com/us/en/qantas-experience/australian-domestic-flight-network.html?int_cam=us:en:mega-nav:domestic-network:en:flights

Search URL Search Domain Scan URL

URL: https://help.qantas.com/support/s/
Title: Help Opens external site

Search URL Search Domain Scan URL

URL: https://www.qantas.com/au/en/frequent-flyer/discover-and-join/terms-and-conditions.html
Title: Terms and Conditions

Search URL Search Domain Scan URL

URL: https://www.qantas.com/us/en/travel-info/baggage/allowance-and-fees.html
Title: Baggage & Optional Service Fees

Search URL Search Domain Scan URL

URL: https://www.qantas.com/us/en/support/customer-service-plan.html
Title: Customer Service Plan

Search URL Search Domain Scan URL

URL: https://www.qantas.com/us/en/qantas-group.html
Title: Qantas Group

Search URL Search Domain Scan URL

URL: https://www.qantas.com/us/en/about-us/news-room.html
Title: News Room

Search URL Search Domain Scan URL

URL: https://www.qantas.com/us/en/about-us/qantas-careers.html
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.qantas.com/us/en/about-us/our-company/our-airline-partners/oneworld.html
Title: oneworld

Search URL Search Domain Scan URL

URL: https://www.qantas.com/us/en/about-us.html
Title: More about Qantas

Search URL Search Domain Scan URL

URL: https://www.qantas.com/us/en/100-years-of-the-spirit-of-australia.html
Title: Qantas Centenary

Search URL Search Domain Scan URL

URL: https://www.qantas.com/content/dam/qantas/pdfs/about-us/corporate-governance/modern-slavery-and-human-trafficking-statement.pdf
Title: Modern Slavery Act Statement

Search URL Search Domain Scan URL

URL: https://www.facebook.com/Qantas/
Title: 1.4m+ likesOpens external site in a new window

Search URL Search Domain Scan URL

URL: https://twitter.com/Qantas
Title: 483k+ followersOpens external site in a new window

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/company/qantas
Title: 287k+ followersOpens external site in a new window

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/Qantas
Title: 93k+ subscribersOpens external site in a new window

Search URL Search Domain Scan URL

URL: http://instagram.com/Qantas
Title: 933k+ followersOpens external site in a new window

Search URL Search Domain Scan URL

URL: https://www.jetstar.com/
Title: JetstarOpens external site in a new window

Search URL Search Domain Scan URL

URL: https://www.qantas.com/us/en/support/essential-accessibility.html
Title: eSSENTIAL AccessibilityTM

Search URL Search Domain Scan URL

URL: https://www.qantas.com/us/en/support/privacy-and-security.html
Title: Privacy & Security

Search URL Search Domain Scan URL

URL: https://www.qantas.com/us/en/support/terms-of-use.html
Title: Terms of Use

Search URL Search Domain Scan URL

URL: https://www.qantas.com/us/en/book-a-trip/flights/conditions-of-carriage.html
Title: Conditions of Carriage

Search URL Search Domain Scan URL

URL: https://www.qantas.com/us/en/book-a-trip/flights/fare-types.html
Title: Fare types

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://62.210.130.225/m/ HTTP 302
http://62.210.130.225/m/dashboard.php?reference=038ad8253986dbdf2540 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request dashboard.php Show response
62.210.130.225/m/
Redirect Chain

http://62.210.130.225/m/
http://62.210.130.225/m/dashboard.php?reference=038ad8253986dbdf2540

543 KB
99 KB

33ms
33ms

Document
text/html

62.210.130.225
Online SAS

General

Check archive.org

Show headers Download Go to

Full URL: http://62.210.130.225/m/dashboard.php?reference=038ad8253986dbdf2540
Protocol: HTTP/1.1
Server: 62.210.130.225 , France, ASN12876 (Online SAS, FR),
Reverse DNS
Software: Apache/2.4.52 (Ubuntu) /
Resource Hash: 35fa5ea21f04e1a7a7034603bf54e989b0248ff403fd904dc6fbe4fdfcd7e02a

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

Connection: Keep-Alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Fri, 16 Feb 2024 03:28:01 GMT
Keep-Alive: timeout=5, max=99
Server: Apache/2.4.52 (Ubuntu)
Transfer-Encoding: chunked
Vary: Accept-Encoding

Redirect headers

Connection: Keep-Alive
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Fri, 16 Feb 2024 03:28:01 GMT
Keep-Alive: timeout=5, max=100
Location: dashboard.php?reference=038ad8253986dbdf2540
Server: Apache/2.4.52 (Ubuntu)

GET
H/1.1 200
OK main.css
62.210.130.225/m/ 210 KB
30 KB 53ms
31ms Stylesheet
text/css 62.210.130.225
Online SAS

General

Check archive.org

Show headers Download Go to

Full URL: http://62.210.130.225/m/main.css
Requested by: Host: 62.210.130.225
URL: http://62.210.130.225/m/dashboard.php?reference=038ad8253986dbdf2540
Protocol: HTTP/1.1
Server: 62.210.130.225 , France, ASN12876 (Online SAS, FR),
Reverse DNS
Software: Apache/2.4.52 (Ubuntu) /
Resource Hash: e33bf0e24ad4a7482d68c48aa84a576e57bd3d8cdd3256de1e72f3b08bff4fed

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://62.210.130.225/m/dashboard.php?reference=038ad8253986dbdf2540
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Fri, 16 Feb 2024 03:28:01 GMT
Content-Encoding: gzip
Last-Modified: Sun, 06 Nov 2022 16:58:22 GMT
Server: Apache/2.4.52 (Ubuntu)
ETag: "34870-5ecd036e6c780-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 29889

GET
H/1.1 200
OK sli-rac.css
qantas.resultspage.com/autocomplete/ 4 KB
1 KB 408ms
106ms Stylesheet
text/css 3.212.217.228

General

Check archive.org

Show headers Download Go to

Full URL: http://qantas.resultspage.com/autocomplete/sli-rac.css
Requested by: Host: 62.210.130.225
URL: http://62.210.130.225/m/dashboard.php?reference=038ad8253986dbdf2540
Protocol: HTTP/1.1
Server: 3.212.217.228 Ashburn, United States, ASN (),
Reverse DNS: ec2-3-212-217-228.compute-1.amazonaws.com
Software: Apache /
Resource Hash: 763a86d3b22b56dc063a25ec601d018d501c38aed49034fde8e2d3351f614f81

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://62.210.130.225/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Fri, 16 Feb 2024 03:28:02 GMT
Content-Encoding: gzip
Last-Modified: Tue, 27 Jun 2023 10:42:56 GMT
Server: Apache
Vary: Accept-Encoding
Upgrade: h2
Content-Type: text/css; charset=utf-8
Cache-Control: max-age=432000
Connection: Upgrade, Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1063
Expires: Wed, 21 Feb 2024 03:28:02 GMT

GET
H2 200 login.bundle.css
cdn.qantasloyalty.com/assets/widgets/login/v2/ 114 B
690 B 192ms
60ms Stylesheet
text/css 92.123.104.62
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.qantasloyalty.com/assets/widgets/login/v2/login.bundle.css

Requested by

Host: 62.210.130.225
URL: http://62.210.130.225/m/dashboard.php?reference=038ad8253986dbdf2540

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

92.123.104.62 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a92-123-104-62.deploy.static.akamaitechnologies.com

Software

AmazonS3 /

Resource Hash

acfecce6970a2ec8db6bbf3a51bcec7b2936d8930b0b7c84a079a315adb7b6c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://62.210.130.225/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 03:28:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubdomains;
x-amz-request-id: TB2RZF1DZAJNCFKK
x-amz-server-side-encryption: AES256
server-timing: cdn-cache; desc=HIT, edge; dur=14, origin; dur=0, ak_p; desc="1708054081917_388605886_828578508_1388_13782_30_64_255";dur=1
content-length: 111
x-amz-id-2: gUu7+AQmqymbHaxlIn4/9K+vHIAH5nrtP//nd8NRNIuv5DwuD7TCj+o9QFfanRNtDNeK2iE5VdI=
x-xss-protection: 1; mode=block
last-modified: Tue, 07 Nov 2023 00:29:29 GMT
server: AmazonS3
etag: "19c524b09b676f62aceedac324b217b9"
x-edgeconnect-cache-status: 1
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=300
accept-ranges: bytes
expires: Fri, 16 Feb 2024 03:33:02 GMT

GET
H2 200 main-noncritical.min.39f8b7e771e1f7442c41e2b0eb8c5459.css
www.qantas.com/etc/designs/qcom/site/ 74 KB
10 KB 201ms
68ms Stylesheet
text/css 184.86.251.13
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.qantas.com/etc/designs/qcom/site/main-noncritical.min.39f8b7e771e1f7442c41e2b0eb8c5459.css

Requested by

Host: 62.210.130.225
URL: http://62.210.130.225/m/dashboard.php?reference=038ad8253986dbdf2540

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.86.251.13 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a184-86-251-13.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

5a1d9e8f0951eaf775165f9381733d44a10df8b8997d478fb04fadbf8c955d66

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN, SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://62.210.130.225/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 03:28:02 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000
last-modified: Thu, 15 Feb 2024 06:34:01 GMT
server: nginx
etag: "12638-61165d022abd0-gzip"
x-frame-options: SAMEORIGIN, SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=86400
server-timing: ak_p; desc="1708054081965_3092568077_2397644589_2469_12626_30_62_255";dur=1
accept-ranges: bytes
content-length: 9540
x-xss-protection: 1; mode=block
expires: Sat, 17 Feb 2024 03:28:02 GMT

GET
H/1.1 200
OK qantas-masterbrand-logo-40px.svg
62.210.130.225/m/ 10 KB
10 KB 39ms
23ms Image
image/svg+xml 62.210.130.225
Online SAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://62.210.130.225/m/qantas-masterbrand-logo-40px.svg
Requested by: Host: 62.210.130.225
URL: http://62.210.130.225/m/dashboard.php?reference=038ad8253986dbdf2540
Protocol: HTTP/1.1
Server: 62.210.130.225 , France, ASN12876 (Online SAS, FR),
Reverse DNS
Software: Apache/2.4.52 (Ubuntu) /
Resource Hash: 568f298a407bc58446b100508660aa5cbcd3d1272b595330d56207b9767e20ea

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://62.210.130.225/m/dashboard.php?reference=038ad8253986dbdf2540
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Fri, 16 Feb 2024 03:28:01 GMT
Last-Modified: Sun, 23 Jul 2023 22:43:37 GMT
Server: Apache/2.4.52 (Ubuntu)
ETag: "28d3-6012f3a82b840"
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 10451

GET
H/1.1 200
OK escape-au.jpg
62.210.130.225/m/ 26 KB
27 KB 45ms
23ms Image
image/jpeg 62.210.130.225
Online SAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://62.210.130.225/m/escape-au.jpg
Requested by: Host: 62.210.130.225
URL: http://62.210.130.225/m/dashboard.php?reference=038ad8253986dbdf2540
Protocol: HTTP/1.1
Server: 62.210.130.225 , France, ASN12876 (Online SAS, FR),
Reverse DNS
Software: Apache/2.4.52 (Ubuntu) /
Resource Hash: 0664e82539264eafd54fe31718f5f4d885348fe8f8c8268482fe29c0043f3e98

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://62.210.130.225/m/dashboard.php?reference=038ad8253986dbdf2540
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Fri, 16 Feb 2024 03:28:01 GMT
Last-Modified: Tue, 05 Dec 2023 13:31:59 GMT
Server: Apache/2.4.52 (Ubuntu)
ETag: "69e6-60bc3424af1c0"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 27110

GET
H/1.1 200
OK Australia-flight-deals-190x135.jpg
62.210.130.225/m/ 8 KB
8 KB 46ms
23ms Image
image/jpeg 62.210.130.225
Online SAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://62.210.130.225/m/Australia-flight-deals-190x135.jpg
Requested by: Host: 62.210.130.225
URL: http://62.210.130.225/m/dashboard.php?reference=038ad8253986dbdf2540
Protocol: HTTP/1.1
Server: 62.210.130.225 , France, ASN12876 (Online SAS, FR),
Reverse DNS
Software: Apache/2.4.52 (Ubuntu) /
Resource Hash: 450bb80667b0393d6caa03b172876b02fd39a64dc3fae3c7d398d22dad852b64

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://62.210.130.225/m/dashboard.php?reference=038ad8253986dbdf2540
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Fri, 16 Feb 2024 03:28:01 GMT
Last-Modified: Tue, 05 Dec 2023 13:27:40 GMT
Server: Apache/2.4.52 (Ubuntu)
ETag: "203b-60bc332daeb00"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 8251

GET
H/1.1 200
OK qantas-explorer.jpg
62.210.130.225/m/ 26 KB
26 KB 46ms
24ms Image
image/jpeg 62.210.130.225
Online SAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://62.210.130.225/m/qantas-explorer.jpg
Requested by: Host: 62.210.130.225
URL: http://62.210.130.225/m/dashboard.php?reference=038ad8253986dbdf2540
Protocol: HTTP/1.1
Server: 62.210.130.225 , France, ASN12876 (Online SAS, FR),
Reverse DNS
Software: Apache/2.4.52 (Ubuntu) /
Resource Hash: 929994c943e6df422c54cdb9ab4e7b0b7e73cf9cd81d9e8f259789c8c5aacb15

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://62.210.130.225/m/dashboard.php?reference=038ad8253986dbdf2540
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Fri, 16 Feb 2024 03:28:01 GMT
Last-Modified: Tue, 05 Dec 2023 13:27:03 GMT
Server: Apache/2.4.52 (Ubuntu)
ETag: "67a8-60bc330a657c0"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 26536

GET
H/1.1 200
OK australian-domestic-network-190x440.jpg
62.210.130.225/m/ 9 KB
10 KB 524ms
502ms Image
image/jpeg 62.210.130.225
Online SAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://62.210.130.225/m/australian-domestic-network-190x440.jpg
Requested by: Host: 62.210.130.225
URL: http://62.210.130.225/m/dashboard.php?reference=038ad8253986dbdf2540
Protocol: HTTP/1.1
Server: 62.210.130.225 , France, ASN12876 (Online SAS, FR),
Reverse DNS
Software: Apache/2.4.52 (Ubuntu) /
Resource Hash: 572e61cc03f163934166ecdb2f2ff546e2c3910e1832f2928c5dded01d604db1

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://62.210.130.225/m/dashboard.php?reference=038ad8253986dbdf2540
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Fri, 16 Feb 2024 03:28:02 GMT
Last-Modified: Tue, 05 Dec 2023 13:26:21 GMT
Server: Apache/2.4.52 (Ubuntu)
ETag: "25ef-60bc32e257940"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 9711

GET
H/1.1 200
OK jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.9.1/ 90 KB
33 KB 63ms
32ms Script
text/javascript 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js

Requested by

Host: 62.210.130.225
URL: http://62.210.130.225/m/dashboard.php?reference=038ad8253986dbdf2540

Protocol

HTTP/1.1

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://62.210.130.225/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Thu, 15 Feb 2024 13:40:27 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 49654
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 33018
X-XSS-Protection: 0
Last-Modified: Tue, 03 Mar 2020 19:15:00 GMT
Server: sffe
Cross-Origin-Opener-Policy: same-origin; report-to="hosted-libraries-pushers"
Vary: Accept-Encoding
Report-To: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
Content-Type: text/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Expires: Fri, 14 Feb 2025 13:40:27 GMT

GET
H/1.1 200
OK 315CA1_3_0.woff2
62.210.130.225/m/ 48 KB
49 KB 24ms
23ms Font
font/woff2 62.210.130.225
Online SAS

General

Check archive.org

Show headers Download Go to

Full URL: http://62.210.130.225/m/315CA1_3_0.woff2
Requested by: Host: 62.210.130.225
URL: http://62.210.130.225/m/main.css
Protocol: HTTP/1.1
Server: 62.210.130.225 , France, ASN12876 (Online SAS, FR),
Reverse DNS
Software: Apache/2.4.52 (Ubuntu) /
Resource Hash: b2b64e5d45e5f4911d34343f60b7d15ba57d7ce1e4cc5dd69ac424bb79d84455

Request headers

Referer: http://62.210.130.225/m/main.css
Origin: http://62.210.130.225
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Fri, 16 Feb 2024 03:28:02 GMT
Last-Modified: Sun, 06 Nov 2022 01:09:34 GMT
Server: Apache/2.4.52 (Ubuntu)
ETag: "c10d-5ecc2f5ba6f80"
Content-Type: font/woff2
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 49421

GET
H2 200 spritesheet-9632fb7044385395ce89846b873ea4e3.png
www.qantas.com/etc/designs/qantas/global/img/ 11 KB
11 KB 43ms
43ms Image
image/avif 184.86.251.13
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.qantas.com/etc/designs/qantas/global/img/spritesheet-9632fb7044385395ce89846b873ea4e3.png

Requested by

Host: 62.210.130.225
URL: http://62.210.130.225/m/main.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.86.251.13 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a184-86-251-13.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

55adb2c8fa18eaba51ebf7ad393246020f4c827146c2d1fe30b38d4a47d2fbda

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://62.210.130.225/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 03:28:02 GMT
strict-transport-security: max-age=31536000
last-modified: Mon, 05 Feb 2024 05:18:44 GMT
server: Akamai Image Manager
x-serial: 434
x-check-cacheable: YES
etag: "64de-60fa3ac153e8e"
x-frame-options: SAMEORIGIN
content-type: image/avif
cache-control: private, no-transform, max-age=86400
server-timing: ak_p; desc="1708054082278_3092568077_2397644647_32_11884_30_0_146";dur=1
content-length: 11239
expires: Sat, 17 Feb 2024 03:28:02 GMT

GET
DATA 200
OK truncated
/ 736 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 445b7df4c1fa8a4f1847e39edc7476fb8bec4c9e7aa3c4127ce4e61a300f6e00

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: http://62.210.130.225/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H/1.1 200
OK 315CA1_1_0.woff2
62.210.130.225/m/ 49 KB
49 KB 24ms
24ms Font
font/woff2 62.210.130.225
Online SAS

General

Check archive.org

Show headers Download Go to

Full URL: http://62.210.130.225/m/315CA1_1_0.woff2
Requested by: Host: 62.210.130.225
URL: http://62.210.130.225/m/main.css
Protocol: HTTP/1.1
Server: 62.210.130.225 , France, ASN12876 (Online SAS, FR),
Reverse DNS
Software: Apache/2.4.52 (Ubuntu) /
Resource Hash: b964d246defe2ccf6dd3a0d3887ac9d09325a866b94bd57732219406654698a2

Request headers

Referer: http://62.210.130.225/m/main.css
Origin: http://62.210.130.225
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date: Fri, 16 Feb 2024 03:28:02 GMT
Last-Modified: Sun, 06 Nov 2022 01:10:02 GMT
Server: Apache/2.4.52 (Ubuntu)
ETag: "c2c8-5ecc2f765ae80"
Content-Type: font/woff2
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 49864

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Qantas (Transportation)

29 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
cdn.qantasloyalty.com
qantas.resultspage.com
www.qantas.com
184.86.251.13
2a00:1450:4001:80e::200a
3.212.217.228
62.210.130.225
92.123.104.62
0664e82539264eafd54fe31718f5f4d885348fe8f8c8268482fe29c0043f3e98
35fa5ea21f04e1a7a7034603bf54e989b0248ff403fd904dc6fbe4fdfcd7e02a
445b7df4c1fa8a4f1847e39edc7476fb8bec4c9e7aa3c4127ce4e61a300f6e00
450bb80667b0393d6caa03b172876b02fd39a64dc3fae3c7d398d22dad852b64
55adb2c8fa18eaba51ebf7ad393246020f4c827146c2d1fe30b38d4a47d2fbda
568f298a407bc58446b100508660aa5cbcd3d1272b595330d56207b9767e20ea
572e61cc03f163934166ecdb2f2ff546e2c3910e1832f2928c5dded01d604db1
5a1d9e8f0951eaf775165f9381733d44a10df8b8997d478fb04fadbf8c955d66
763a86d3b22b56dc063a25ec601d018d501c38aed49034fde8e2d3351f614f81
929994c943e6df422c54cdb9ab4e7b0b7e73cf9cd81d9e8f259789c8c5aacb15
acfecce6970a2ec8db6bbf3a51bcec7b2936d8930b0b7c84a079a315adb7b6c3
b2b64e5d45e5f4911d34343f60b7d15ba57d7ce1e4cc5dd69ac424bb79d84455
b964d246defe2ccf6dd3a0d3887ac9d09325a866b94bd57732219406654698a2
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
e33bf0e24ad4a7482d68c48aa84a576e57bd3d8cdd3256de1e72f3b08bff4fed

62.210.130.225 Open in urlscan Pro 62.210.130.225 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

14 Requests

21 %HTTPS

20 %IPv6

4 Domains

4 Subdomains

6 IPs

3 Countries

364 kBTransfer

1110 kBSize

0 Cookies

41 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

29 JavaScript Global Variables

0 Cookies

Indicators

62.210.130.225 Open in urlscan Pro
62.210.130.225 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

21 %
HTTPS

20 %
IPv6

4
Domains

4
Subdomains

6
IPs

3
Countries

364 kB
Transfer

1110 kB
Size

0
Cookies

14 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!