qpt.com.au
Open in
urlscan Pro
116.0.23.221
Malicious Activity!
Public Scan
Effective URL: https://qpt.com.au/prv886762284127236/9774455211.php?TokenID=tHIqywCbcywgJAuvcw
Submission: On July 16 via manual from GB
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on May 30th 2020. Valid for: 3 months.
This is the only time qpt.com.au was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: British Gas (Utility)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 2 | 116.0.19.203 116.0.19.203 | 38719 (DREAMSCAP...) (DREAMSCAPE-AS-AP Dreamscape Networks Limited) | |
2 23 | 116.0.23.221 116.0.23.221 | 38719 (DREAMSCAP...) (DREAMSCAPE-AS-AP Dreamscape Networks Limited) | |
1 | 185.225.208.133 185.225.208.133 | 13213 (UK2NET-AS) (UK2NET-AS) | |
1 | 67.202.94.94 67.202.94.94 | 32748 (STEADFAST) (STEADFAST) | |
23 | 4 |
ASN38719 (DREAMSCAPE-AS-AP Dreamscape Networks Limited, AU)
nepalconsulate.net.au |
Apex Domain Subdomains |
Transfer | |
---|---|---|
23 |
qpt.com.au
2 redirects
qpt.com.au |
643 KB |
2 |
nepalconsulate.net.au
2 redirects
nepalconsulate.net.au |
941 B |
1 |
amung.us
whos.amung.us |
145 B |
1 |
waust.at
waust.at |
7 KB |
23 | 4 |
Domain | Requested by | |
---|---|---|
23 | qpt.com.au |
2 redirects
qpt.com.au
|
2 | nepalconsulate.net.au | 2 redirects |
1 | whos.amung.us |
waust.at
|
1 | waust.at |
qpt.com.au
|
23 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
whos.amung.us |
Subject Issuer | Validity | Valid | |
---|---|---|---|
qpt.com.au cPanel, Inc. Certification Authority |
2020-05-30 - 2020-08-28 |
3 months | crt.sh |
whos.amung.us Sectigo RSA Domain Validation Secure Server CA |
2020-05-21 - 2022-05-21 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://qpt.com.au/prv886762284127236/9774455211.php?TokenID=tHIqywCbcywgJAuvcw
Frame ID: 6B8B16FEAE83A4CC8277C7FE5986C264
Requests: 24 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://nepalconsulate.net.au/nep
HTTP 301
http://nepalconsulate.net.au/nep/ HTTP 302
https://qpt.com.au/ HTTP 302
https://qpt.com.au/prv886762284127236 HTTP 301
https://qpt.com.au/prv886762284127236/ Page URL
- https://qpt.com.au/prv886762284127236/9774455211.php?TokenID=tHIqywCbcywgJAuvcw Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: 52
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://nepalconsulate.net.au/nep
HTTP 301
http://nepalconsulate.net.au/nep/ HTTP 302
https://qpt.com.au/ HTTP 302
https://qpt.com.au/prv886762284127236 HTTP 301
https://qpt.com.au/prv886762284127236/ Page URL
- https://qpt.com.au/prv886762284127236/9774455211.php?TokenID=tHIqywCbcywgJAuvcw Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://nepalconsulate.net.au/nep HTTP 301
- http://nepalconsulate.net.au/nep/ HTTP 302
- https://qpt.com.au/ HTTP 302
- https://qpt.com.au/prv886762284127236 HTTP 301
- https://qpt.com.au/prv886762284127236/
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Cookie set
/
qpt.com.au/prv886762284127236/ Redirect Chain
|
384 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
enc.js
qpt.com.au/prv886762284127236/files/v/ |
8 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
Cookie set
9774455211.php
qpt.com.au/prv886762284127236/ |
16 KB 16 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
d.js
waust.at/ |
13 KB 7 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg-vi-3.0.2.css
qpt.com.au/docs/include/ |
256 KB 257 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
font-awesome.min.css
qpt.com.au/docs/include/ |
30 KB 31 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vendor-6593e5f4e090a11492d9b56eb4e38aaa.css
qpt.com.au/docs/include/ |
103 KB 104 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
identity-f3bfb218359aabfe20b6c891ec255dcb.css
qpt.com.au/docs/include/ |
17 KB 17 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
hpp-embedded-integration-library.css
qpt.com.au/docs/include/ |
1 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg-logo-mobile.svg
qpt.com.au/docs/include/ |
5 KB 6 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Icon_Twitter.svg
qpt.com.au/docs/include/ |
1 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Icon_YouTube.svg
qpt.com.au/docs/include/ |
3 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Icon_Facebook.svg
qpt.com.au/docs/include/ |
673 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Icon_News.svg
qpt.com.au/docs/include/ |
852 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg_logo_white.svg
qpt.com.au/docs/include/ |
4 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
BGFlameWeb-Regular.woff2
qpt.com.au/docs/fonts/ |
25 KB 26 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
BGFlameWeb-Bold.woff2
qpt.com.au/docs/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
BGFlameWeb-Light.woff2
qpt.com.au/docs/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
glyphicons-halflings-regular.woff
qpt.com.au/docs/fonts/ |
23 KB 23 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fontawesome-webfont.woff2
qpt.com.au/docs/include/ |
75 KB 76 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
whos.amung.us/pingjs/ |
29 B 145 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
BGFlameWeb-Bold.woff
qpt.com.au/docs/fonts/ |
31 KB 32 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
BGFlameWeb-Light.woff
qpt.com.au/docs/fonts/ |
30 KB 31 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: British Gas (Utility)20 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| _0xa211 function| _kaktys_encode function| empty function| change object| _wau string| wau_w_col string| wau_w_siz object| WAU_ren function| WAU_dynamic function| WAU_dynamic_request function| WAU_r_d function| WAU_insert function| WAU_la function| WAU_addCommas function| WAU_lrd function| WAU_cps function| docReady object| x string| x1 string| x21 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
qpt.com.au/ | Name: PHPSESSID Value: 86bf2ee0441c0a64ebadd906f7b9b5c3 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
nepalconsulate.net.au
qpt.com.au
waust.at
whos.amung.us
116.0.19.203
116.0.23.221
185.225.208.133
67.202.94.94
0a5e7e4d3af18eb5f89aabeaf42c7b70007f77ed24c8b70dac05dd72272bb842
0b09bd432167b281c5a25bcc8b257e2f1c1ae28a7930d0cad0cbfbfb10759d21
21092efadab949c3ad748e1c67c0e5f14eaab93275d2f1ba142464ef02a3735a
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
3db5ee91578360c1c725bac3f7d9de9421e5f627a752961356bb444ed2e7fd60
4a174c292efa648ba20a3e103fafc192c88864990a38415ecbe66ea8f2c6c005
50647b5bfeb2b1b5ed0e0d0455ec76f9a13a7abacf6174e6db3062ca6d45b80a
54b42426f6ba0f866610ffb0f40bf0e911a1cec856db9d40698a0e4abc26ba4d
613916d58e7196680828686f8d384dcff1a4b1a6f41c8172d39918985ae13a4f
6aa7cdbfb4f322fcd03bf5c761f2c6d34cd3ed7420501f83f8d30eeff04f15c5
6f4587fb64cd2e7ce26ba21941c80f3ab8d28c257b73d04a87c949b32e4cde2d
941262527896b18c68b687338fc25cdde12d99ccf211e88a3e9688355cdbb341
a391c60287bb2b30133526ff803b607fb5a791a0779080222a3a2be3d776ac7e
aacd3def75b7a5df0d9bb8293dfc092d67a055d2c402e5c1d28524733bc9e4e8
b7e4ad0d6ad4c7eb74e69e6e90573965819855d3abc399ddafbdf9de97ffd78f
bc5c5b55010b215fda08a316c43cd46457222282277f075770b121bd17f42b89
d62644999f39f595e1b30aac2a761b2d8b737099929c5697b789d41c4c6301bb
dc40a98e7b83ebb528bee5f96d4d0af97b320ca2ab201f44ce57c903051010f6
f95e5597171608ccde00a937cfede193f4758b94b17aabdf9b567e04728d18d4
fbc3a4a3a7d15c7a69a77142bcb6a16fbced29af5eb5718e2b65d83989a23b8d
fc969dc1c6ff531abcf368089dcbaf5775133b0626ff56b52301a059fc0f9e1e