qt.dfgerhd.top Open in urlscan Pro
206.238.70.111 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://666.gdsbjsj.com/666
Effective URL:
https://qt.dfgerhd.top/XNe1nvsNQF/
Submission: On February 02 via manual (February 2nd 2024, 12:31:18 am UTC) from JP — Scanned from JP

Summary HTTP 14 Redirects Links 10 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 5 domains to perform 14 HTTP transactions. The main IP is 206.238.70.111, located in Singapore, Singapore and belongs to TERAEXCH, US. The main domain is qt.dfgerhd.top.
TLS certificate: Issued by R3 on February 1st 2024. Valid for: 3 months.

This is the only time qt.dfgerhd.top was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Amazon Japan (Online) Amazon (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	2606:4700:303... 2606:4700:3033::6815:19ea	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	206.238.70.111 206.238.70.111	399077 (TERAEXCH) (TERAEXCH)
1	2606:4700::68... 2606:4700::6812:1baa	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2600:9000:221... 2600:9000:2218:9e00:10:1731:ff49:ac01	16509 (AMAZON-02) (AMAZON-02)
14	3

1 2606:4700:3033::6815:19ea (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

666.gdsbjsj.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 206.238.70.111 (Singapore, Singapore)

ASN399077 (TERAEXCH, US)

qt.dfgerhd.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
idu.nhetdef.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1baa (United States)

ASN13335 (CLOUDFLARENET, US)

api.ipregistry.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2218:9e00:10:1731:ff49:ac01 (United States)

ASN16509 (AMAZON-02, US)

images-cn.ssl-images-amazon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	dfgerhd.top qt.dfgerhd.top	326 KB
2	ssl-images-amazon.com images-cn.ssl-images-amazon.com — Cisco Umbrella Rank: 541724	69 KB
1	nhetdef.top idu.nhetdef.top	245 B
1	ipregistry.co api.ipregistry.co — Cisco Umbrella Rank: 142954	1 KB
1	gdsbjsj.com 1 redirects 666.gdsbjsj.com	461 B
14	5

	Domain	Requested by
10	qt.dfgerhd.top	qt.dfgerhd.top
2	images-cn.ssl-images-amazon.com
1	idu.nhetdef.top	amazonjp
1	api.ipregistry.co	amazonjp
1	666.gdsbjsj.com	1 redirects
14	5

This site contains links to these domains. Also see Links.

Domain
www.amazon.co.jp

Subject Issuer	Validity	Valid
qt.dfgerhd.top R3	`2024-02-01` - `2024-05-01`	3 months	crt.sh
ipregistry.co Cloudflare Inc ECC CA-3	`2023-10-03` - `2024-10-02`	a year	crt.sh
idu.nhetdef.top R3	`2024-02-01` - `2024-05-01`	3 months	crt.sh
images-cn.ssl-images-amazon.com Amazon RSA 2048 M03	`2023-10-14` - `2024-11-09`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://qt.dfgerhd.top/XNe1nvsNQF/
Frame ID: AC41CE8CD98EFA4916209196F816E793
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Amazonサインイン

Page URL History Show full URLs

https://666.gdsbjsj.com/666 HTTP 301
https://qt.dfgerhd.top/XNe1nvsNQF/ Page URL

Page Statistics

14
Requests

100 %
HTTPS

75 %
IPv6

5
Domains

5
Subdomains

3
IPs

2
Countries

396 kB
Transfer

1574 kB
Size

0
Cookies

10 Outgoing links

These are links going to different origins than the main page.

URL: https://www.amazon.co.jp/ref=ap_frn_logo

Search URL Search Domain Scan URL

URL: https://www.amazon.co.jp/gp/help/customer/display.html/ref=ap_signin_notification_condition_of_use?ie=UTF8&nodeId=643006
Title: 利用規約

Search URL Search Domain Scan URL

URL: https://www.amazon.co.jp/gp/help/customer/display.html/ref=ap_signin_notification_privacy_notice?ie=UTF8&nodeId=643000
Title: プライバシー規約

Search URL Search Domain Scan URL

URL: https://www.amazon.co.jp/ap/forgotpassword?showRememberMe=true&openid.pape.max_auth_age=0&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&pageId=jpflex&openid.return_to=https%3A%2F%2Fwww.amazon.co.jp%2F%3Fref_%3Dnav_ya_signin&prevRID=K26DFSSB80QBNZ66NXN2&openid.assoc_handle=jpflex&openid.mode=checkid_setup&prepopulatedLoginId=&failedSignInCount=0&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0
Title: パスワードを忘れた場合

Search URL Search Domain Scan URL

URL: https://www.amazon.co.jp/gp/help/customer/account-issues/ref=ap_login_with_otp_claim_collection?ie=UTF8
Title: その他のログインに関する問題

Search URL Search Domain Scan URL

URL: https://www.amazon.co.jp/business/register/welcome?ref_=ab_reg_signin
Title: Amazonビジネスでショッピング

Search URL Search Domain Scan URL

URL: https://www.amazon.co.jp/ap/register?showRememberMe=true&openid.pape.max_auth_age=0&openid.return_to=https%3A%2F%2Fwww.amazon.co.jp%2F%3Fref_%3Dnav_ya_signin&prevRID=K26DFSSB80QBNZ66NXN2&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.assoc_handle=jpflex&openid.mode=checkid_setup&prepopulatedLoginId=&failedSignInCount=0&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&pageId=jpflex&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0
Title: Amazonアカウントを作成する

Search URL Search Domain Scan URL

URL: https://www.amazon.co.jp/gp/help/customer/display.html/ref=ap_desktop_footer_cou?ie=UTF8&nodeId=643006
Title: 利用規約

Search URL Search Domain Scan URL

URL: https://www.amazon.co.jp/gp/help/customer/display.html/ref=ap_desktop_footer_privacy_notice?ie=UTF8&nodeId=643000
Title: プライバシー規約

Search URL Search Domain Scan URL

URL: https://www.amazon.co.jp/help
Title: ヘルプ

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://666.gdsbjsj.com/666 HTTP 301
https://qt.dfgerhd.top/XNe1nvsNQF/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
qt.dfgerhd.top/XNe1nvsNQF/
Redirect Chain

https://666.gdsbjsj.com/666
https://qt.dfgerhd.top/XNe1nvsNQF/

699 B
547 B

820ms
80ms

Document
text/html

206.238.70.111
TERAEXCH

General

Check archive.org

Show headers Download Go to

Full URL: https://qt.dfgerhd.top/XNe1nvsNQF/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 206.238.70.111 Singapore, Singapore, ASN399077 (TERAEXCH, US),
Reverse DNS
Software: Apache /
Resource Hash: 46336ec044c6d19ea9f1ae3415de903283ef805bdfdc4dcc9828b13dc18f061c

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: jp-JP,jp;q=0.9

Response headers

accept-ranges: bytes
content-encoding: gzip
content-length: 410
content-type: text/html
date: Fri, 02 Feb 2024 00:31:07 GMT
etag: "2bb-60f2206768800-gzip"
last-modified: Wed, 17 Jan 2024 10:51:12 GMT
server: Apache
vary: Accept-Encoding

Redirect headers

alt-svc: h3=":443"; ma=86400
cache-control: max-age=3600
cf-ray: 84ee5450aa3df671-NRT
date: Fri, 02 Feb 2024 00:31:06 GMT
expires: Fri, 02 Feb 2024 01:31:06 GMT
location: https://qt.dfgerhd.top/XNe1nvsNQF/
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dMBnQ1iSYdMt0BgBk3nZqBKtFAwn3Mcf5MNMPqy0W3t2WV%2FT%2BU6GTbrH85EfyRy4hcb9PNkrAaTzEP9yxW4ldaP%2BjeU2S5Vg%2BWjMxSW9rq6K53jfRy0redVPmx2yQOf28ph1N9AEeRciXjN%2FA2w%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H2 200 jk.js Show response
qt.dfgerhd.top/XNe1nvsNQF/ 358 B
426 B 84ms
82ms Script
text/javascript 206.238.70.111
TERAEXCH

General

Check archive.org

Show headers Download Go to

Full URL: https://qt.dfgerhd.top/XNe1nvsNQF/jk.js
Requested by: Host: qt.dfgerhd.top
URL: https://qt.dfgerhd.top/XNe1nvsNQF/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 206.238.70.111 Singapore, Singapore, ASN399077 (TERAEXCH, US),
Reverse DNS
Software: Apache /
Resource Hash: e3bc2c8dbfd6edeb33b2d93ebbbbdf16e57eae6a8b57728f68bae065759bd694

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://qt.dfgerhd.top/XNe1nvsNQF/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 00:31:07 GMT
content-encoding: gzip
last-modified: Thu, 01 Feb 2024 17:21:05 GMT
server: Apache
etag: "166-61055386d9cff-gzip"
vary: Accept-Encoding
content-type: text/javascript
accept-ranges: bytes
content-length: 337

GET
H2 200 chunk-vendors.js Show response
qt.dfgerhd.top/XNe1nvsNQF/js/ 598 KB
127 KB 173ms
172ms Script
text/javascript 206.238.70.111
TERAEXCH

General

Check archive.org

Show headers Download Go to

Full URL: https://qt.dfgerhd.top/XNe1nvsNQF/js/chunk-vendors.js
Requested by: Host: qt.dfgerhd.top
URL: https://qt.dfgerhd.top/XNe1nvsNQF/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 206.238.70.111 Singapore, Singapore, ASN399077 (TERAEXCH, US),
Reverse DNS
Software: Apache /
Resource Hash: d47ac008cf442468e1f708993ce275924cdcec09acf1a8455ac40238eda2d2e9

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://qt.dfgerhd.top/XNe1nvsNQF/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 00:31:07 GMT
content-encoding: gzip
last-modified: Wed, 17 Jan 2024 10:47:54 GMT
server: Apache
etag: "95857-60f21faa94a80-gzip"
vary: Accept-Encoding
content-type: text/javascript
accept-ranges: bytes

GET
H2 200 app.js Show response
qt.dfgerhd.top/XNe1nvsNQF/js/ 25 KB
5 KB 258ms
258ms Script
text/javascript 206.238.70.111
TERAEXCH

General

Check archive.org

Show headers Download Go to

Full URL: https://qt.dfgerhd.top/XNe1nvsNQF/js/app.js
Requested by: Host: qt.dfgerhd.top
URL: https://qt.dfgerhd.top/XNe1nvsNQF/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 206.238.70.111 Singapore, Singapore, ASN399077 (TERAEXCH, US),
Reverse DNS
Software: Apache /
Resource Hash: 27961d6fac2f36d45ef0585a878fe89844a5024ece1f28c3c46961125b3bb19b

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://qt.dfgerhd.top/XNe1nvsNQF/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 00:31:07 GMT
content-encoding: gzip
last-modified: Wed, 17 Jan 2024 10:47:54 GMT
server: Apache
etag: "63d9-60f21faa94a80-gzip"
vary: Accept-Encoding
content-type: text/javascript
accept-ranges: bytes
content-length: 5341

GET
H2 200 node_modules_css-loader_dist_runtime_api_js-node_modules_css-loader_dist_runtime_noSourceMaps-459a8b.js Show response
qt.dfgerhd.top/XNe1nvsNQF/js/ 150 KB
30 KB 87ms
86ms Script
text/javascript 206.238.70.111
TERAEXCH

General

Check archive.org

Show headers Download Go to

Full URL: https://qt.dfgerhd.top/XNe1nvsNQF/js/node_modules_css-loader_dist_runtime_api_js-node_modules_css-loader_dist_runtime_noSourceMaps-459a8b.js
Requested by: Host: qt.dfgerhd.top
URL: https://qt.dfgerhd.top/XNe1nvsNQF/js/app.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 206.238.70.111 Singapore, Singapore, ASN399077 (TERAEXCH, US),
Reverse DNS
Software: Apache /
Resource Hash: 90bb94c0ce692ce93aa73e0c7a0d3cfdaa123f9156274f8b9d76b354232467df

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://qt.dfgerhd.top/XNe1nvsNQF/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 00:31:07 GMT
content-encoding: gzip
last-modified: Wed, 17 Jan 2024 10:47:54 GMT
server: Apache
etag: "257d3-60f21faa94a80-gzip"
vary: Accept-Encoding
content-type: text/javascript
accept-ranges: bytes
content-length: 30781

GET
H2 200 src_views_check_vue.js Show response
qt.dfgerhd.top/XNe1nvsNQF/js/ 27 KB
4 KB 81ms
81ms Script
text/javascript 206.238.70.111
TERAEXCH

General

Check archive.org

Show headers Download Go to

Full URL: https://qt.dfgerhd.top/XNe1nvsNQF/js/src_views_check_vue.js
Requested by: Host: qt.dfgerhd.top
URL: https://qt.dfgerhd.top/XNe1nvsNQF/js/app.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 206.238.70.111 Singapore, Singapore, ASN399077 (TERAEXCH, US),
Reverse DNS
Software: Apache /
Resource Hash: dfd3f3c73cd7bf548bcd5c0691a8dfb76b7f75eb5c3036f93e3c5806599e0506

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://qt.dfgerhd.top/XNe1nvsNQF/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 00:31:07 GMT
content-encoding: gzip
last-modified: Wed, 17 Jan 2024 10:47:54 GMT
server: Apache
etag: "6c15-60f21faa94a80-gzip"
vary: Accept-Encoding
content-type: text/javascript
accept-ranges: bytes
content-length: 3753

GET
H2 200 / Show response
api.ipregistry.co/ 2 KB
1 KB 132ms
114ms XHR
application/json 2606:4700::6812:1baa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.ipregistry.co/?key=rqlf1ofqupi1o79x

Requested by

Host: amazonjp
URL: webpack://amazonjp/./node_modules/axios/lib/adapters/xhr.js?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1baa , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bc811751855d24dc412fb2e7c67a26493f2ba6eead7c7853b98ff13dd5d9edb1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Accept: application/json, text/plain, */*
Referer: https://qt.dfgerhd.top/
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 00:31:07 GMT
strict-transport-security: max-age=15724800; includeSubDomains
ipregistry-credits-consumed: 1
cf-cache-status: DYNAMIC
content-encoding: br
server: cloudflare
ipregistry-credits-remaining: 99609
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: Ipregistry-Credits-Remaining, Ipregistry-Credits-Consumed, Ipregistry-Version, Ipregistry-Pod
ipregistry-version: 1
cf-ray: 84ee5458fb8280a5-NRT
alt-svc: h3=":443"; ma=86400
ipregistry-pod: ipregistry-api-7776f5c689-h8bch

GET
H2 200 transition.e9225637.gif
qt.dfgerhd.top/XNe1nvsNQF/img/ 65 KB
65 KB 80ms
79ms Image
image/gif 206.238.70.111
TERAEXCH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qt.dfgerhd.top/XNe1nvsNQF/img/transition.e9225637.gif
Requested by: Host: qt.dfgerhd.top
URL: https://qt.dfgerhd.top/XNe1nvsNQF/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 206.238.70.111 Singapore, Singapore, ASN399077 (TERAEXCH, US),
Reverse DNS
Software: Apache /
Resource Hash: a75dd9dbb839047dff4d49527f40be3fb82dec9fee73cf3204569452bb89f6c1

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://qt.dfgerhd.top/XNe1nvsNQF/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 00:31:07 GMT
last-modified: Wed, 17 Jan 2024 10:47:54 GMT
server: Apache
accept-ranges: bytes
etag: "103b3-60f21faa94a80"
content-length: 66483
content-type: image/gif

GET
H2 200 ip Show response
idu.nhetdef.top/index/api/ 3 B
245 B 376ms
94ms XHR
text/html 206.238.70.111
TERAEXCH

General

Check archive.org

Show headers Download Go to

Full URL: https://idu.nhetdef.top/index/api/ip
Requested by: Host: amazonjp
URL: webpack://amazonjp/./node_modules/axios/lib/adapters/xhr.js?
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 206.238.70.111 Singapore, Singapore, ASN399077 (TERAEXCH, US),
Reverse DNS
Software: Apache /
Resource Hash: f9171164593756e56fb197327b529a4955590566560dbe62d586bff41be9d297

Request headers

Accept: application/json, text/plain, */*
Referer: https://qt.dfgerhd.top/
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 00:31:08 GMT
content-encoding: gzip
server: Apache
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Origin, Content-Type, X-Auth-Token, x-token
content-length: 23

GET
H2 200 node_modules_crypto-js_index_js-node_modules_css-loader_dist_runtime_getUrl_js-src_views_load-44292b.js Show response
qt.dfgerhd.top/XNe1nvsNQF/js/ 272 KB
46 KB 93ms
90ms Script
text/javascript 206.238.70.111
TERAEXCH

General

Check archive.org

Show headers Download Go to

Full URL: https://qt.dfgerhd.top/XNe1nvsNQF/js/node_modules_crypto-js_index_js-node_modules_css-loader_dist_runtime_getUrl_js-src_views_load-44292b.js
Requested by: Host: qt.dfgerhd.top
URL: https://qt.dfgerhd.top/XNe1nvsNQF/js/app.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 206.238.70.111 Singapore, Singapore, ASN399077 (TERAEXCH, US),
Reverse DNS
Software: Apache /
Resource Hash: f3a50736d823f0f6f6bae6afea074bbe8996d5822781e005696f1fb2883c1bce

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://qt.dfgerhd.top/XNe1nvsNQF/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 00:31:08 GMT
content-encoding: gzip
last-modified: Wed, 17 Jan 2024 10:47:54 GMT
server: Apache
etag: "4417f-60f21faa94a80-gzip"
vary: Accept-Encoding
content-type: text/javascript
accept-ranges: bytes
content-length: 46654

GET
H2 200 src_assets_css_01Sdjpc_css_vue_type_style_index_1_lang_css_external.js Show response
qt.dfgerhd.top/XNe1nvsNQF/js/ 85 KB
12 KB 86ms
84ms Script
text/javascript 206.238.70.111
TERAEXCH

General

Check archive.org

Show headers Download Go to

Full URL: https://qt.dfgerhd.top/XNe1nvsNQF/js/src_assets_css_01Sdjpc_css_vue_type_style_index_1_lang_css_external.js
Requested by: Host: qt.dfgerhd.top
URL: https://qt.dfgerhd.top/XNe1nvsNQF/js/app.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 206.238.70.111 Singapore, Singapore, ASN399077 (TERAEXCH, US),
Reverse DNS
Software: Apache /
Resource Hash: de72f2817964b8c9b662ed3393f86cfb88e10d9efbdc8a025f34fa529c35b933

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://qt.dfgerhd.top/XNe1nvsNQF/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 00:31:08 GMT
content-encoding: gzip
last-modified: Wed, 17 Jan 2024 10:47:54 GMT
server: Apache
etag: "1535c-60f21faa94a80-gzip"
vary: Accept-Encoding
content-type: text/javascript
accept-ranges: bytes
content-length: 11714

GET
H2 200 src_views_index_vue.js Show response
qt.dfgerhd.top/XNe1nvsNQF/js/ 281 KB
37 KB 89ms
87ms Script
text/javascript 206.238.70.111
TERAEXCH

General

Check archive.org

Show headers Download Go to

Full URL: https://qt.dfgerhd.top/XNe1nvsNQF/js/src_views_index_vue.js
Requested by: Host: qt.dfgerhd.top
URL: https://qt.dfgerhd.top/XNe1nvsNQF/js/app.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 206.238.70.111 Singapore, Singapore, ASN399077 (TERAEXCH, US),
Reverse DNS
Software: Apache /
Resource Hash: dc1d394954221bd4cdcf18e52101af9536b0b02fd8efcfa85020dd91f8bf95a9

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://qt.dfgerhd.top/XNe1nvsNQF/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 00:31:08 GMT
content-encoding: gzip
last-modified: Wed, 17 Jan 2024 10:47:54 GMT
server: Apache
etag: "4656c-60f21faa94a80-gzip"
vary: Accept-Encoding
content-type: text/javascript
accept-ranges: bytes
content-length: 37521

GET
H2 200 BgnVchebDR5Ds4h.png
images-cn.ssl-images-amazon.com/images/S/sash/ 60 KB
61 KB 165ms
12ms Image
image/png 2600:9000:2218:9e00:10:1731:ff49:ac01
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images-cn.ssl-images-amazon.com/images/S/sash/BgnVchebDR5Ds4h.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2218:9e00:10:1731:ff49:ac01 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: c5e829691be4103e8f645ee962bbc3de1ca51d083d147f1716fbf5d59f99c86a

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://qt.dfgerhd.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 12 Oct 2023 21:44:31 GMT
via: 1.1 cf1347347c410dc34434aa809f36a8b0.cloudfront.net (CloudFront)
x-amz-cf-pop: NRT51-P2
age: 5339895
edge-cache-tag: x-cache-229,/images/S/sash/BgnVchebDR5Ds4h
x-cache: Hit from cloudfront
x-nginx-cache-status: HIT
content-length: 61917
surrogate-key: x-cache-229 /images/S/sash/BgnVchebDR5Ds4h
last-modified: Tue, 17 Nov 2020 23:31:30 GMT
server: Server
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=630720000,public
x-amz-ir-id: f2627c57-b91a-4a33-a84f-1d8521f0cdfe
accept-ranges: bytes
timing-allow-origin: https://www.amazon.in, https://www.amazon.com
x-amz-cf-id: NvGQdAn_mlh2eYVKSRcobsaGNDJQgpysnbDy0l53YwzQXSW1OnKerw==
expires: Wed, 07 Oct 2043 21:44:31 GMT

GET
H2 200 mm6OmirOcWIcIVK.png
images-cn.ssl-images-amazon.com/images/S/sash/ 7 KB
7 KB 163ms
10ms Image
image/png 2600:9000:2218:9e00:10:1731:ff49:ac01
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://images-cn.ssl-images-amazon.com/images/S/sash/mm6OmirOcWIcIVK.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2218:9e00:10:1731:ff49:ac01 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: 5ad2ea1ac285aacee78ec964213ff95cdeb6428d6fad55cbc0a7f9dc3437c9e9

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://qt.dfgerhd.top/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 29 May 2023 03:39:44 GMT
via: 1.1 cf1347347c410dc34434aa809f36a8b0.cloudfront.net (CloudFront)
x-amz-cf-pop: NRT51-P2
age: 21502284
edge-cache-tag: x-cache-342,/images/S/sash/mm6OmirOcWIcIVK
x-cache: Hit from cloudfront
x-nginx-cache-status: HIT
content-length: 7057
surrogate-key: x-cache-342 /images/S/sash/mm6OmirOcWIcIVK
last-modified: Tue, 17 Nov 2020 23:31:27 GMT
server: Server
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=630720000,public
x-amz-ir-id: 312fd5e7-0047-4fe8-bdcf-b4dc846fb364
accept-ranges: bytes
timing-allow-origin: https://www.amazon.in, https://www.amazon.com
x-amz-cf-id: RCsiUY5Y46wVo5dNW3OLe-6k8TPEPq6Y9y9qaeXa2jBNaCiKVCwxFw==
expires: Sat, 23 May 2043 18:31:56 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Amazon Japan (Online) Amazon (Online)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

666.gdsbjsj.com
api.ipregistry.co
idu.nhetdef.top
images-cn.ssl-images-amazon.com
qt.dfgerhd.top
206.238.70.111
2600:9000:2218:9e00:10:1731:ff49:ac01
2606:4700:3033::6815:19ea
2606:4700::6812:1baa
27961d6fac2f36d45ef0585a878fe89844a5024ece1f28c3c46961125b3bb19b
46336ec044c6d19ea9f1ae3415de903283ef805bdfdc4dcc9828b13dc18f061c
5ad2ea1ac285aacee78ec964213ff95cdeb6428d6fad55cbc0a7f9dc3437c9e9
90bb94c0ce692ce93aa73e0c7a0d3cfdaa123f9156274f8b9d76b354232467df
a75dd9dbb839047dff4d49527f40be3fb82dec9fee73cf3204569452bb89f6c1
bc811751855d24dc412fb2e7c67a26493f2ba6eead7c7853b98ff13dd5d9edb1
c5e829691be4103e8f645ee962bbc3de1ca51d083d147f1716fbf5d59f99c86a
d47ac008cf442468e1f708993ce275924cdcec09acf1a8455ac40238eda2d2e9
dc1d394954221bd4cdcf18e52101af9536b0b02fd8efcfa85020dd91f8bf95a9
de72f2817964b8c9b662ed3393f86cfb88e10d9efbdc8a025f34fa529c35b933
dfd3f3c73cd7bf548bcd5c0691a8dfb76b7f75eb5c3036f93e3c5806599e0506
e3bc2c8dbfd6edeb33b2d93ebbbbdf16e57eae6a8b57728f68bae065759bd694
f3a50736d823f0f6f6bae6afea074bbe8996d5822781e005696f1fb2883c1bce
f9171164593756e56fb197327b529a4955590566560dbe62d586bff41be9d297

qt.dfgerhd.top Open in urlscan Pro 206.238.70.111 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

14 Requests

100 %HTTPS

75 %IPv6

5 Domains

5 Subdomains

3 IPs

2 Countries

396 kBTransfer

1574 kBSize

0 Cookies

10 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

10 JavaScript Global Variables

0 Cookies

Indicators

qt.dfgerhd.top Open in urlscan Pro
206.238.70.111 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

100 %
HTTPS

75 %
IPv6

5
Domains

5
Subdomains

3
IPs

2
Countries

396 kB
Transfer

1574 kB
Size

0
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!