kashmirpresents.com
Open in
urlscan Pro
162.215.15.145
Malicious Activity!
Public Scan
Submitted URL: https://nigelcollis.co.nz/.be
Effective URL: https://kashmirpresents.com/.official/dashboard.php?reference=56723fc68d98b0279f86
Submission: On January 25 via manual from CA — Scanned from NZ
Effective URL: https://kashmirpresents.com/.official/dashboard.php?reference=56723fc68d98b0279f86
Submission: On January 25 via manual from CA — Scanned from NZ
Summary
This website contacted 7 IPs
in 2 countries
across 6 domains to perform 15 HTTP transactions.
The main IP is 162.215.15.145, located in
United States and
belongs to UNIFIEDLAYER-AS-1, US.
The main domain is kashmirpresents.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on January 15th 2024. Valid for: 3 months.
This is the only time kashmirpresents.com was scanned on urlscan.io!
TLS certificate: Issued by cPanel, Inc. Certification Authority on January 15th 2024. Valid for: 3 months.
This is the only time kashmirpresents.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Qantas (Transportation)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 2 | 185.184.154.81 185.184.154.81 | 38719 (DREAMSCAP...) (DREAMSCAPE-AS-AP Dreamscape Networks Limited) | |
| 1 5 | 162.215.15.145 162.215.15.145 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
| 1 | 3.212.217.228 3.212.217.228 | 14618 (AMAZON-AES) (AMAZON-AES) | |
| 1 | 23.32.5.86 23.32.5.86 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
| 7 | 23.32.5.88 23.32.5.88 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
| 1 | 2404:6800:400... 2404:6800:4006:813::200a | 15169 (GOOGLE) (GOOGLE) | |
| 15 | 7 |
2
185.184.154.81
(Sydney, Australia)
ASN38719 (DREAMSCAPE-AS-AP Dreamscape Networks Limited, AU)
PTR: ipb9b89a51.ipv4.syd02.ds.network
ASN38719 (DREAMSCAPE-AS-AP Dreamscape Networks Limited, AU)
PTR: ipb9b89a51.ipv4.syd02.ds.network
| nigelcollis.co.nz |
5
162.215.15.145
(United States)
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: server.zinmattlearn.com
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: server.zinmattlearn.com
| kashmirpresents.com |
1
3.212.217.228
(Ashburn, United States)
ASN14618 (AMAZON-AES, US)
PTR: ec2-3-212-217-228.compute-1.amazonaws.com
ASN14618 (AMAZON-AES, US)
PTR: ec2-3-212-217-228.compute-1.amazonaws.com
| qantas.resultspage.com |
1
23.32.5.86
(Sydney, Australia)
ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-32-5-86.deploy.static.akamaitechnologies.com
ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-32-5-86.deploy.static.akamaitechnologies.com
| cdn.qantasloyalty.com |
7
23.32.5.88
(Sydney, Australia)
ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-32-5-88.deploy.static.akamaitechnologies.com
ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-32-5-88.deploy.static.akamaitechnologies.com
| www.qantas.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 7 |
qantas.com
www.qantas.com — Cisco Umbrella Rank: 162665 |
96 KB |
| 5 |
kashmirpresents.com
1 redirects
kashmirpresents.com |
852 KB |
| 2 |
nigelcollis.co.nz
1 redirects
nigelcollis.co.nz |
269 B |
| 1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 369 |
33 KB |
| 1 |
qantasloyalty.com
cdn.qantasloyalty.com — Cisco Umbrella Rank: 355285 |
667 B |
| 1 |
resultspage.com
qantas.resultspage.com — Cisco Umbrella Rank: 378178 |
1 KB |
| 15 | 6 |
| Domain | Requested by | |
|---|---|---|
| 7 | www.qantas.com |
kashmirpresents.com
|
| 5 | kashmirpresents.com |
1 redirects
kashmirpresents.com
|
| 2 | nigelcollis.co.nz | 1 redirects |
| 1 | ajax.googleapis.com |
kashmirpresents.com
|
| 1 | cdn.qantasloyalty.com |
kashmirpresents.com
|
| 1 | qantas.resultspage.com |
kashmirpresents.com
|
| 15 | 6 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| www.qantas.com |
| travelinsider.qantas.com.au |
| help.qantas.com |
| www.facebook.com |
| twitter.com |
| www.linkedin.com |
| www.youtube.com |
| instagram.com |
| www.jetstar.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| nigelcollis.co.nz Sectigo RSA Domain Validation Secure Server CA |
2024-01-05 - 2025-02-04 |
a year | crt.sh |
| kashmirpresents.com cPanel, Inc. Certification Authority |
2024-01-15 - 2024-04-14 |
3 months | crt.sh |
| *.resultspage.com Starfield Secure Certificate Authority - G2 |
2023-05-05 - 2024-06-05 |
a year | crt.sh |
| qantasloyalty.com DigiCert TLS RSA SHA256 2020 CA1 |
2023-11-06 - 2024-09-10 |
10 months | crt.sh |
| qantas.com DigiCert TLS RSA SHA256 2020 CA1 |
2023-11-06 - 2024-11-05 |
a year | crt.sh |
| upload.video.google.com GTS CA 1C3 |
2023-12-11 - 2024-03-04 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://kashmirpresents.com/.official/dashboard.php?reference=56723fc68d98b0279f86
Frame ID: 61668B9086E5B03B69DF6E68483874FA
Requests: 16 HTTP requests in this frame
Screenshot
Page Title
error iconCheckboxPage URL History Show full URLs
-
https://kashmirpresents.com/.official/
HTTP 302
https://kashmirpresents.com/.official/dashboard.php?reference=56723fc68d98b0279f86 Page URL
Detected technologies
Adobe Experience Manager
(CMS)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- /etc/designs/
PHP
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- \.php(?:$|\?)
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
41 Outgoing links
These are links going to different origins than the main page.
URL: https://www.qantas.com/travel/airlines/viewing/global/en
Title: Upgrade my browser
Title: Upgrade my browser
Search URL Search Domain Scan URL
URL: https://www.qantas.com/us/en.html
Search URL Search Domain Scan URL
URL: https://www.qantas.com/au/en/qantas-experience/network-and-partner-airlines/oneworld.html
Title: Oneworld
Title: Oneworld
Search URL Search Domain Scan URL
URL: https://www.qantas.com/travelinsider/en.html
Title: Travel Insider
Title: Travel Insider
Search URL Search Domain Scan URL
URL: https://www.qantas.com/directconnect/affinity
Title: Where can I go?
Title: Where can I go?
Search URL Search Domain Scan URL
URL: https://www.qantas.com/us/en/travel-guides/australia.html?int_cam=us:en:travel-guides-au:nav:en:flights
Search URL Search Domain Scan URL
URL: https://www.qantas.com/us/en/flight-deals/flights-to-australia.html/au
Title: Flights to Australia
Title: Flights to Australia
Search URL Search Domain Scan URL
URL: https://www.qantas.com/us/en/flight-deals/flights-to-new-zealand.html/nz
Title: Flights to New Zealand
Title: Flights to New Zealand
Search URL Search Domain Scan URL
URL: https://www.qantas.com/us/en/flight-deals.html
Title: Flights to Japan
Title: Flights to Japan
Search URL Search Domain Scan URL
URL: https://www.qantas.com/us/en/flight-deals/flights-to-singapore.html/sin
Title: Flights to Singapore
Title: Flights to Singapore
Search URL Search Domain Scan URL
URL: https://www.qantas.com/us/en/flight-deals/flights-to-vanuatu.html/nou
Title: Flights to New Caledonia
Title: Flights to New Caledonia
Search URL Search Domain Scan URL
URL: https://www.qantas.com/us/en/flight-deals/international/flights-to-australia.html/economy/all/lowest?int_cam=us:en:flight-deals-au:nav:en:flights
Search URL Search Domain Scan URL
URL: http://travelinsider.qantas.com.au/qantas-magazine
Title: Qantas magazineOpens external site
Title: Qantas magazineOpens external site
Search URL Search Domain Scan URL
URL: https://www.qantas.com/us/en/book-a-trip/flights/qantas-explorer.html?int_cam=us:en:qantas-explorer:nav:en:flights
Search URL Search Domain Scan URL
URL: http://www.qantas.com/travel/airlines/flight-deals/us/en
Title: Flights to Australia
Title: Flights to Australia
Search URL Search Domain Scan URL
URL: https://www.qantas.com/detect-site/coronavirus.html
Title: COVID-19 information
Title: COVID-19 information
Search URL Search Domain Scan URL
URL: https://www.qantas.com/detect-site/manage-booking.html
Title: Manage booking
Title: Manage booking
Search URL Search Domain Scan URL
URL: https://www.qantas.com/travel/airlines/baggage/global/en
Title: baggage allowances
Title: baggage allowances
Search URL Search Domain Scan URL
URL: https://www.qantas.com/us/en/qantas-experience/australian-domestic-flight-network.html?int_cam=us:en:mega-nav:domestic-network:en:flights
Search URL Search Domain Scan URL
URL: https://help.qantas.com/support/s/
Title: Help Opens external site
Title: Help Opens external site
Search URL Search Domain Scan URL
URL: https://www.qantas.com/au/en/frequent-flyer/discover-and-join/terms-and-conditions.html
Title: Terms and Conditions
Title: Terms and Conditions
Search URL Search Domain Scan URL
URL: https://www.qantas.com/us/en/travel-info/baggage/allowance-and-fees.html
Title: Baggage & Optional Service Fees
Title: Baggage & Optional Service Fees
Search URL Search Domain Scan URL
URL: https://www.qantas.com/us/en/support/customer-service-plan.html
Title: Customer Service Plan
Title: Customer Service Plan
Search URL Search Domain Scan URL
URL: https://www.qantas.com/us/en/qantas-group.html
Title: Qantas Group
Title: Qantas Group
Search URL Search Domain Scan URL
URL: https://www.qantas.com/us/en/about-us/news-room.html
Title: News Room
Title: News Room
Search URL Search Domain Scan URL
URL: https://www.qantas.com/us/en/about-us/qantas-careers.html
Title: Careers
Title: Careers
Search URL Search Domain Scan URL
URL: https://www.qantas.com/us/en/about-us/our-company/our-airline-partners/oneworld.html
Title: oneworld
Title: oneworld
Search URL Search Domain Scan URL
URL: https://www.qantas.com/us/en/about-us.html
Title: More about Qantas
Title: More about Qantas
Search URL Search Domain Scan URL
URL: https://www.qantas.com/us/en/100-years-of-the-spirit-of-australia.html
Title: Qantas Centenary
Title: Qantas Centenary
Search URL Search Domain Scan URL
URL: https://www.qantas.com/content/dam/qantas/pdfs/about-us/corporate-governance/modern-slavery-and-human-trafficking-statement.pdf
Title: Modern Slavery Act Statement
Title: Modern Slavery Act Statement
Search URL Search Domain Scan URL
URL: https://www.facebook.com/Qantas/
Title: 1.4m+ likesOpens external site in a new window
Title: 1.4m+ likesOpens external site in a new window
Search URL Search Domain Scan URL
URL: https://twitter.com/Qantas
Title: 483k+ followersOpens external site in a new window
Title: 483k+ followersOpens external site in a new window
Search URL Search Domain Scan URL
URL: http://www.linkedin.com/company/qantas
Title: 287k+ followersOpens external site in a new window
Title: 287k+ followersOpens external site in a new window
Search URL Search Domain Scan URL
URL: https://www.youtube.com/user/Qantas
Title: 93k+ subscribersOpens external site in a new window
Title: 93k+ subscribersOpens external site in a new window
Search URL Search Domain Scan URL
URL: http://instagram.com/Qantas
Title: 933k+ followersOpens external site in a new window
Title: 933k+ followersOpens external site in a new window
Search URL Search Domain Scan URL
URL: https://www.jetstar.com/
Title: JetstarOpens external site in a new window
Title: JetstarOpens external site in a new window
Search URL Search Domain Scan URL
URL: https://www.qantas.com/us/en/support/essential-accessibility.html
Title: eSSENTIAL AccessibilityTM
Title: eSSENTIAL AccessibilityTM
Search URL Search Domain Scan URL
URL: https://www.qantas.com/us/en/support/privacy-and-security.html
Title: Privacy & Security
Title: Privacy & Security
Search URL Search Domain Scan URL
URL: https://www.qantas.com/us/en/support/terms-of-use.html
Title: Terms of Use
Title: Terms of Use
Search URL Search Domain Scan URL
URL: https://www.qantas.com/us/en/book-a-trip/flights/conditions-of-carriage.html
Title: Conditions of Carriage
Title: Conditions of Carriage
Search URL Search Domain Scan URL
URL: https://www.qantas.com/us/en/book-a-trip/flights/fare-types.html
Title: Fare types
Title: Fare types
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://kashmirpresents.com/.official/
HTTP 302
https://kashmirpresents.com/.official/dashboard.php?reference=56723fc68d98b0279f86 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://nigelcollis.co.nz/.be HTTP 301
- https://nigelcollis.co.nz/.be/
15 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
/
nigelcollis.co.nz/.be/ Redirect Chain
|
0 149 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Primary Request
dashboard.php
kashmirpresents.com/.official/ Redirect Chain
|
543 KB 544 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
main.css
kashmirpresents.com/.official/ |
210 KB 210 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
sli-rac.css
qantas.resultspage.com/autocomplete/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
login.bundle.css
cdn.qantasloyalty.com/assets/widgets/login/v2/ |
114 B 667 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
main-noncritical.min.39f8b7e771e1f7442c41e2b0eb8c5459.css
www.qantas.com/etc/designs/qcom/site/ |
74 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
qantas-masterbrand-logo-40px.svg
www.qantas.com/content/dam/qantas/logos/ |
10 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
escape-au.jpg
www.qantas.com/images/imb/img/190x440/ |
26 KB 27 KB |
Image
image/avif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Australia-flight-deals-190x135.jpg
www.qantas.com/images/imb/img/ |
8 KB 8 KB |
Image
image/avif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
qantas-explorer.jpg
www.qantas.com/images/imb/img/190x440/ |
26 KB 26 KB |
Image
image/avif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
australian-domestic-network-190x440.jpg
www.qantas.com/images/imb/img/190x440/ |
9 KB 10 KB |
Image
image/avif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.9.1/ |
90 KB 33 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
spritesheet-9632fb7044385395ce89846b873ea4e3.png
www.qantas.com/etc/designs/qantas/global/img/ |
11 KB 11 KB |
Image
image/avif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
315CA1_3_0.woff2
kashmirpresents.com/.official/ |
48 KB 49 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
736 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
315CA1_1_0.woff2
kashmirpresents.com/.official/ |
49 KB 49 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Qantas (Transportation)29 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| aler function| aler1 boolean| completed1 boolean| completed2 boolean| completed3 function| aler2 function| tcitle function| return_string function| checkelement2 function| all3 function| checkelement3 function| all4 function| checkelement4 function| all5 function| checkelement5 function| all6 function| checkelement6 function| $ function| jQuery function| formatString function| digitKeyOnly function| normalizeYear function| checkExp function| CCValidationWithType function| barranayek function| validinfo function| alorsondanse function| sleep function| demo0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
cdn.qantasloyalty.com
kashmirpresents.com
nigelcollis.co.nz
qantas.resultspage.com
www.qantas.com
162.215.15.145
185.184.154.81
23.32.5.86
23.32.5.88
2404:6800:4006:813::200a
3.212.217.228
0664e82539264eafd54fe31718f5f4d885348fe8f8c8268482fe29c0043f3e98
1bb066f13d04bd02c9d2e35e5c40a92b7985739b15649f2a42e69de8db42d72e
445b7df4c1fa8a4f1847e39edc7476fb8bec4c9e7aa3c4127ce4e61a300f6e00
450bb80667b0393d6caa03b172876b02fd39a64dc3fae3c7d398d22dad852b64
55adb2c8fa18eaba51ebf7ad393246020f4c827146c2d1fe30b38d4a47d2fbda
572e61cc03f163934166ecdb2f2ff546e2c3910e1832f2928c5dded01d604db1
5a1d9e8f0951eaf775165f9381733d44a10df8b8997d478fb04fadbf8c955d66
763a86d3b22b56dc063a25ec601d018d501c38aed49034fde8e2d3351f614f81
929994c943e6df422c54cdb9ab4e7b0b7e73cf9cd81d9e8f259789c8c5aacb15
abe83c8f1046deaa45805df9f097a32140095ea26d267b9761fc062c618513a1
acfecce6970a2ec8db6bbf3a51bcec7b2936d8930b0b7c84a079a315adb7b6c3
b2b64e5d45e5f4911d34343f60b7d15ba57d7ce1e4cc5dd69ac424bb79d84455
b964d246defe2ccf6dd3a0d3887ac9d09325a866b94bd57732219406654698a2
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
e33bf0e24ad4a7482d68c48aa84a576e57bd3d8cdd3256de1e72f3b08bff4fed
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855