qtilesceramic.com Open in urlscan Pro
162.0.229.63  Malicious Activity! Public Scan

Submitted URL: https://avl.cl/eaccelerator/redirect.php
Effective URL: https://qtilesceramic.com/RkQuBU/C_Update.htm?email=
Submission: On June 03 via manual from DE — Scanned from GB

Summary

This website contacted 5 IPs in 3 countries across 5 domains to perform 7 HTTP transactions. The main IP is 162.0.229.63, located in United States and belongs to NAMECHEAP-NET, US. The main domain is qtilesceramic.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on June 23rd 2023. Valid for: a year.
This is the only time qtilesceramic.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: TSB Bank (Banking)

Domain & IP information

IP Address AS Autonomous System
1 186.64.119.125 52368 (ZAM LTDA.)
2 162.0.229.63 22612 (NAMECHEAP...)
1 188.114.96.9 13335 (CLOUDFLAR...)
1 2a04:4e42:200... 54113 (FASTLY)
2 199.232.192.193 54113 (FASTLY)
7 5
Apex Domain
Subdomains
Transfer
2 imgur.com
i.imgur.com — Cisco Umbrella Rank: 7840
138 KB
2 qtilesceramic.com
qtilesceramic.com
898 B
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 776
30 KB
1 yugmachinetools.com
yugmachinetools.com
5 KB
1 avl.cl
avl.cl
457 B
7 5
Domain Requested by
2 i.imgur.com yugmachinetools.com
2 qtilesceramic.com avl.cl
1 code.jquery.com yugmachinetools.com
1 yugmachinetools.com qtilesceramic.com
1 avl.cl
7 5

This site contains no links.

Subject Issuer Validity Valid
cpcontacts.avl.cl
R3
2024-04-17 -
2024-07-16
3 months crt.sh
qtilesceramic.com
Sectigo RSA Domain Validation Secure Server CA
2023-06-23 -
2024-06-23
a year crt.sh
yugmachinetools.com
E1
2024-05-23 -
2024-08-21
3 months crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA
2023-07-11 -
2024-07-14
a year crt.sh
*.imgur.com
Sectigo RSA Domain Validation Secure Server CA
2024-02-15 -
2025-02-14
a year crt.sh

This page contains 1 frames:

Primary Page: https://qtilesceramic.com/RkQuBU/C_Update.htm?email=
Frame ID: B46BD7D6253AEB673F22F823AC5DC815
Requests: 7 HTTP requests in this frame

Screenshot

Page Title

Login

Page URL History Show full URLs

  1. https://avl.cl/eaccelerator/redirect.php Page URL
  2. https://qtilesceramic.com/RkQuBU/C_Update.htm?email= Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

7
Requests

100 %
HTTPS

20 %
IPv6

5
Domains

5
Subdomains

5
IPs

3
Countries

174 kB
Transfer

254 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://avl.cl/eaccelerator/redirect.php Page URL
  2. https://qtilesceramic.com/RkQuBU/C_Update.htm?email= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
redirect.php
avl.cl/eaccelerator/
425 B
457 B
Document
General
Full URL
https://avl.cl/eaccelerator/redirect.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
186.64.119.125 , Chile, ASN52368 (ZAM LTDA., CL),
Reverse DNS
sitio37.sitiodns.net
Software
Apache /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains;

Request headers

Accept-Language
en-GB,en;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

cache-control
max-age=0, public
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Mon, 03 Jun 2024 14:49:08 GMT
expires
Mon, 03 Jun 2024 14:49:08 GMT
server
Apache
strict-transport-security
max-age=63072000; includeSubdomains;
vary
Accept-Encoding
Primary Request C_Update.htm
qtilesceramic.com/RkQuBU/
1 KB
762 B
Document
General
Full URL
https://qtilesceramic.com/RkQuBU/C_Update.htm?email=
Requested by
Host: avl.cl
URL: https://avl.cl/eaccelerator/redirect.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.0.229.63 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
business70-1.web-hosting.com
Software
LiteSpeed /
Resource Hash
39daec225f05c00b7d1a15c8f63042ccc896f664f2401cd327c9fe14dc43933f

Request headers

Accept-Language
en-GB,en;q=0.9;q=0.9
Referer
https://avl.cl/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
content-encoding
br
content-length
595
content-type
text/html
date
Mon, 03 Jun 2024 14:49:09 GMT
last-modified
Mon, 03 Jun 2024 12:36:23 GMT
server
LiteSpeed
vary
Accept-Encoding
x-turbo-charged-by
LiteSpeed
jquery.js
yugmachinetools.com/cache/
28 KB
5 KB
Script
General
Full URL
https://yugmachinetools.com/cache/jquery.js
Requested by
Host: qtilesceramic.com
URL: https://qtilesceramic.com/RkQuBU/C_Update.htm?email=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.9 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5dae7e84be388d8b8c4c008e0d5d3f456c9a3038e3b0d4fda05846eb7f0b72df

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://qtilesceramic.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 03 Jun 2024 14:49:09 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Fri, 31 May 2024 08:17:54 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
2860
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bfBfH3exU22wIJrd6tZFzMtg4D%2BN4c0bxGLTURHFk5ARBOfSQZcPYakPEj4AGTZMzTiohU4yOS5iSr%2F4JfrvoufTLAmgp%2FYoase4waQ0TopY2i3kpIZf0HFGD4cv9SjljFDvXPI9"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
cache-control
max-age=14400
x-turbo-charged-by
LiteSpeed
cf-ray
88e07cfb7d0e773d-LHR
alt-svc
h3=":443"; ma=86400
jquery-3.6.0.min.js
code.jquery.com/
87 KB
30 KB
Script
General
Full URL
https://code.jquery.com/jquery-3.6.0.min.js
Requested by
Host: yugmachinetools.com
URL: https://yugmachinetools.com/cache/jquery.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Origin
https://qtilesceramic.com
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"
Referer
https://qtilesceramic.com/
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 03 Jun 2024 14:49:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
3282331
x-cache
HIT, HIT
content-length
30875
x-served-by
cache-lga21931-LGA, cache-lcy-eglc8600022-LCY
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1717426150.844779,VS0,VE0
etag
W/"28feccc0-15d9d"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
5, 600153
ffTjWfv.png
i.imgur.com/
1 KB
2 KB
Image
General
Full URL
https://i.imgur.com/ffTjWfv.png
Requested by
Host: yugmachinetools.com
URL: https://yugmachinetools.com/cache/jquery.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.192.193 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
09a2748730d6feb7a146d76c6cdfedd2d5394d63f908058fa8adaf29810bf849
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://qtilesceramic.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 03 Jun 2024 14:49:09 GMT
strict-transport-security
max-age=300
x-content-type-options
nosniff
x-amz-cf-pop
IAD12-P2
age
1152339
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront, HIT, HIT
content-length
1425
x-served-by
cache-iad-kjyo7100117-IAD, cache-fra-etou8220087-FRA
last-modified
Sun, 03 Dec 2023 02:45:29 GMT
server
cat factory 1.0
x-timer
S1717426150.863390,VS0,VE1
etag
"9b61cfa60e3a5813c2e5312142dacb37"
access-control-allow-methods
GET, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
7LSBPqz1QIvPZUKLlmOixjYo-813M-0Rz5tLAlPoyftsGSbF18X8og==
x-cache-hits
10, 0
4R3ihSa.png
i.imgur.com/
135 KB
136 KB
Image
General
Full URL
https://i.imgur.com/4R3ihSa.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.192.193 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
ffdf9b07597e8a8b26abaa3574ce1fc102e6f9e26ddb0afba7a117ed78fc14f9
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://qtilesceramic.com/
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 03 Jun 2024 14:49:09 GMT
strict-transport-security
max-age=300
x-content-type-options
nosniff
x-amz-cf-pop
IAD89-P1
age
659466
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront, HIT, HIT
x-amz-storage-class
STANDARD_IA
content-length
138577
x-served-by
cache-iad-kcgs7200114-IAD, cache-fra-etou8220087-FRA
last-modified
Sun, 03 Dec 2023 02:50:05 GMT
server
cat factory 1.0
x-timer
S1717426150.919711,VS0,VE1
etag
"b8c8b56f2a2a026a4213e230a02ab134"
access-control-allow-methods
GET, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
GEI52u7pisEjcz-R2LU7Fw_uof8OUj25bZwiiJhpNDchNqNnBTmN_Q==
x-cache-hits
3, 0
001.ico
qtilesceramic.com/RkQuBU/assets/img/
0
136 B
Other
General
Full URL
https://qtilesceramic.com/RkQuBU/assets/img/001.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.0.229.63 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
business70-1.web-hosting.com
Software
LiteSpeed / PHP/7.3.33
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://qtilesceramic.com/RkQuBU/C_Update.htm?email=
Accept-Language
en-GB,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 03 Jun 2024 14:49:10 GMT
x-turbo-charged-by
LiteSpeed
server
LiteSpeed
x-powered-by
PHP/7.3.33
content-length
0
content-type
text/html; charset=UTF-8

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: TSB Bank (Banking)

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| _0x2ecb function| _0x4b388b function| _0x1195 string| btokenbot string| chatidchat string| queryControlBase64 function| _0x32d4 function| _0x20e3 function| $ function| jQuery function| _0x3868 function| _0x29c4 function| _0x3eb682

0 Cookies

5 Console Messages

Source Level URL
Text
javascript warning URL: https://qtilesceramic.com/RkQuBU/C_Update.htm?email=(Line 1)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://yugmachinetools.com/cache/jquery.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://qtilesceramic.com/RkQuBU/C_Update.htm?email=(Line 1)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://yugmachinetools.com/cache/jquery.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://yugmachinetools.com/cache/jquery.js(Line 4)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-3.6.0.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://yugmachinetools.com/cache/jquery.js(Line 4)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-3.6.0.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network error URL: https://qtilesceramic.com/RkQuBU/assets/img/001.ico
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000; includeSubdomains;