advisory.howwasqantas.com
Open in
urlscan Pro
104.89.36.184
Public Scan
URL:
https://advisory.howwasqantas.com/jfe/form/SV_dhBIcAXifJlhu9T?Q_DL=lHd9obZIVT9gNPl_dhBIcAXifJlhu9T_CTR_eLjg7ONji84FtnE&Q_CHL=email
Submission: On May 02 via manual from HK — Scanned from DE
Submission: On May 02 via manual from HK — Scanned from DE
Summary
This website contacted 5 IPs
in 2 countries
across 4 domains to perform 16 HTTP transactions.
The main IP is 104.89.36.184, located in
Frankfurt am Main, Germany and
belongs to AKAMAI-AS, US.
The main domain is advisory.howwasqantas.com.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on January 11th 2022. Valid for: a year.
This is the only time advisory.howwasqantas.com was scanned on urlscan.io!
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on January 11th 2022. Valid for: a year.
This is the only time advisory.howwasqantas.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 11 | 104.89.36.184 104.89.36.184 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
| 1 | 23.35.228.138 23.35.228.138 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
| 1 | 52.222.174.26 52.222.174.26 | 16509 (AMAZON-02) (AMAZON-02) | |
| 2 | 54.175.220.249 54.175.220.249 | 14618 (AMAZON-AES) (AMAZON-AES) | |
| 16 | 5 |
11
104.89.36.184
(Frankfurt am Main, Germany)
ASN16625 (AKAMAI-AS, US)
PTR: a104-89-36-184.deploy.static.akamaitechnologies.com
ASN16625 (AKAMAI-AS, US)
PTR: a104-89-36-184.deploy.static.akamaitechnologies.com
| advisory.howwasqantas.com |
1
23.35.228.138
(Frankfurt am Main, Germany)
ASN16625 (AKAMAI-AS, US)
PTR: a23-35-228-138.deploy.static.akamaitechnologies.com
ASN16625 (AKAMAI-AS, US)
PTR: a23-35-228-138.deploy.static.akamaitechnologies.com
| qantasgroup.au1.qualtrics.com |
1
52.222.174.26
(United States)
ASN16509 (AMAZON-02, US)
PTR: server-52-222-174-26.cdg50.r.cloudfront.net
ASN16509 (AMAZON-02, US)
PTR: server-52-222-174-26.cdg50.r.cloudfront.net
| d3op16id4dloxg.cloudfront.net |
2
54.175.220.249
(Ashburn, United States)
ASN14618 (AMAZON-AES, US)
PTR: ec2-54-175-220-249.compute-1.amazonaws.com
ASN14618 (AMAZON-AES, US)
PTR: ec2-54-175-220-249.compute-1.amazonaws.com
| rvid.imperium.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 11 |
howwasqantas.com
advisory.howwasqantas.com survey.howwasqantas.com Failed |
522 KB |
| 2 |
imperium.com
rvid.imperium.com — Cisco Umbrella Rank: 79672 |
2 KB |
| 1 |
cloudfront.net
d3op16id4dloxg.cloudfront.net |
100 KB |
| 1 |
qualtrics.com
qantasgroup.au1.qualtrics.com |
377 KB |
| 16 | 4 |
| Domain | Requested by | |
|---|---|---|
| 11 | advisory.howwasqantas.com |
advisory.howwasqantas.com
|
| 2 | rvid.imperium.com |
advisory.howwasqantas.com
|
| 1 | d3op16id4dloxg.cloudfront.net |
advisory.howwasqantas.com
|
| 1 | qantasgroup.au1.qualtrics.com |
advisory.howwasqantas.com
|
| 0 | survey.howwasqantas.com Failed |
advisory.howwasqantas.com
|
| 16 | 5 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| www.qualtrics.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| akamaisecure3.qualtrics.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-01-11 - 2023-02-11 |
a year | crt.sh |
| *.qualtrics.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-01-21 - 2022-09-24 |
8 months | crt.sh |
| *.cloudfront.net Amazon |
2022-02-01 - 2023-01-31 |
a year | crt.sh |
| *.imperium.com Amazon |
2022-02-22 - 2023-03-23 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://advisory.howwasqantas.com/jfe/form/SV_dhBIcAXifJlhu9T?Q_DL=lHd9obZIVT9gNPl_dhBIcAXifJlhu9T_CTR_eLjg7ONji84FtnE&Q_CHL=email
Frame ID: 72310E1E75A82CFEB63080BE32CEE479
Requests: 15 HTTP requests in this frame
1 Outgoing links
These are links going to different origins than the main page.
URL: http://www.qualtrics.com/
Title: Powered by Qualtrics
Title: Powered by Qualtrics
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
16 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
SV_dhBIcAXifJlhu9T
advisory.howwasqantas.com/jfe/form/ |
39 KB 14 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
vendor.04949745891b21438af7.js
advisory.howwasqantas.com/jfe/static/dist/ |
261 KB 82 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jfe.3958c283574588dd084f.js
advisory.howwasqantas.com/jfe/static/dist/ |
254 KB 65 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
stylesheet.css
advisory.howwasqantas.com/jfe/themes/skins/qantasgroup/quantasgroup_3/version-1649629597705-00526a/ |
171 KB 172 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bg2.png
advisory.howwasqantas.com/jfe/themes/skins/qantasgroup/quantasgroup_3/version-1649629597705-00526a/files/ |
53 KB 53 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
logo.png
advisory.howwasqantas.com/jfe/themes/skins/qantasgroup/quantasgroup_3/version-1649629597705-00526a/files/ |
243 B 243 B |
Image
application/xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
File.php
survey.howwasqantas.com/CP/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
external-link-icon.woff
advisory.howwasqantas.com/jfe/themes/base-css/basestylesv4/version-1647462893189-59f924/files/ |
1004 B 1 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
mc.62704e92e4244f6ba4a3.js
advisory.howwasqantas.com/jfe/static/dist/c/ |
38 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jsApi.f90ab520a01ef0455322.js
advisory.howwasqantas.com/jfe/static/dist/c/ |
14 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Graphic.php
qantasgroup.au1.qualtrics.com/ControlPanel/ |
376 KB 377 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
prototype.ad3ea2baf13adce7a7f0.js
advisory.howwasqantas.com/jfe/static/dist/c/ |
91 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
relevantid.be16908029b9923bd268.js
advisory.howwasqantas.com/jfe/static/dist/c/ |
450 KB 96 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
RelevantID4.js
d3op16id4dloxg.cloudfront.net/ |
100 KB 100 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
dedupe
rvid.imperium.com/ |
2 KB 2 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
OPTIONS H2 |
dedupe
rvid.imperium.com/ |
0 0 |
Preflight
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- survey.howwasqantas.com
- URL
- https://survey.howwasqantas.com/CP/File.php?F=F_9NSAhbG47yJWVi5
Verdicts & Comments Add Verdict or Comment
197 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails object| QSettings function| webpackJsonp function| jQuery object| ErrorWatcher object| jQuery112408269218246812713 function| onLoadCaptcha object| experimental object| Page function| QBuilder object| Qualtrics object| QualtricsSETools function| $ function| $$ function| Sizzle function| Selector object| Prototype object| Ajax function| $F object| Abstract object| Form function| $A function| $H function| $R function| $w object| Class object| Enumerable function| Hash function| ObjectRange function| PeriodicalExecuter function| Template object| Try function| time_capture function| captureQuestionID function| RVIDResponseComplete object| RVIDPrivacy string| _RVIDCaptureString object| _extraDataPoints object| captureObject string| __xe1913148__ number| _hpd object| PluginDetect string| userAgent boolean| isIE boolean| isWin boolean| isMac boolean| is_iPhone boolean| is_iPod boolean| isLinux boolean| isAndroid boolean| isOpera boolean| isChrome boolean| isSafari boolean| isFF boolean| isAOL number| counter object| body1 number| jsver object| BrowserDetect string| propertyString1 object| RVIDFlash string| hasRIF function| sha256 string| imperiumOriginalSurvey string| imperiumOriginalCookie function| sendLogMessageAsync function| createRVIDXMLHttpRequest function| setHoPoDetection function| tochar function| rvidPing function| setRVIDDataReadyAndSubmitForm function| callRVIDNow function| addValue function| addCapValue function| getOS function| checkIframes function| getSilverlightVersion function| getSilverlightMajorVersion function| detectSilverlight function| detectDirector function| getDirectorVersion function| getWindowsMediaVersion function| detectWindowsMedia function| isFlip4MacInstalled function| Flip4MacVersion function| getFlashInfo function| canDetectNavigatorPlugins function| detectPlugin function| getAllPlugins function| createScriptTag function| getJavascriptVersion function| BrowserInfo function| Get_Cookie function| Set_Cookie function| GetFontSize function| getTimeZoneDiff function| getJavaScriptBuild function| getBrowserBuild function| getNetMeetingBuild function| getServicePack function| getUserLanguage function| getSystemLanguage function| detectGecko function| getGeckoBuildDateToInt function| getConnectionType function| supportsDHTML function| supportsXMLHttpRequest function| supportsXML function| getAolVersion function| isEmailCrawler function| canUploadFile function| persistentCookies function| sessionCookies function| ExpireCookie_ function| addToCapture function| getBrowserTime function| getBrowserTimeMS function| getJavaEnabled function| getDataPoints function| rvidFreezeSetProp function| AddScriptTag function| checkTime function| checkTimeTime function| getDateTime function| createDiv function| createSol function| writeRIF function| setRIF1 function| setRIF2 function| getRIF1 function| readRIF function| rifStatusCheck function| createField function| createRVIDField function| createOutputFields function| getScore function| IsPageTranslated function| executeService function| isPropStringValid function| LogWarningForAnyMissingRequestPars function| LogWarningForMissingRequestPar function| getFunctionHash function| ImperiumXhrPost function| ImperiumGetValue function| isSSLv3MigratedClient function| getCNprintLegacyHash function| getCNprintLegacy function| getCNprintHash function| getWebGLRenderer function| getWebGLDataHash function| Get_CookieRIF3 function| Set_CookieRIF3 function| Expire_CookieRIF3 function| setRIF3 function| getRIF3 function| isMobile function| isMobile1 function| inIframe function| featDetectBrowser function| _pluginContains function| checkForAutomatedBrowserProps function| notificationPermissions function| isNotificationPermissionsOverridden function| keyboardLayoutMapSize function| mediaDevicesConstraintsCount function| _supportsBluetooth function| storageManagerDetails function| _userAgentClientHints function| _accelDetect function| _gyroDetect function| getAudioSampleRate function| mediaDeviceGroups function| _detectPrivacyMode function| getAllMimeTypes function| rvidDevToolsOpen object| relevantID object| jstz number| RVIDTrack string| RVIDClientID object| C object| ZZZ object| MobileOSArray object| MobileType object| isThisMobile object| browserobject number| pluginsArrayCounter number| namesCounter object| ma number| RVIDReady object| start1 object| start2 number| rifFlag object| start4 number| k2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| advisory.howwasqantas.com/jfe/form | Name: RVIDExtId Value: 94DC09BC-C5C5-4BE3-BC2D-5E03B6212C7E |
|
| .advisory.howwasqantas.com/ | Name: %2FIm1MmmLSyFpy1yTjFw%2BeYRpGqumGxUVHhaC4ZeYumE%3D Value: FS_3L7mRQKTCdbra3W~jfe8 |
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| Strict-Transport-Security | max-age=31536000; includeSubDomains; preload |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
advisory.howwasqantas.com
d3op16id4dloxg.cloudfront.net
qantasgroup.au1.qualtrics.com
rvid.imperium.com
survey.howwasqantas.com
survey.howwasqantas.com
104.89.36.184
23.35.228.138
52.222.174.26
54.175.220.249
16330edeb7ac2b340bdb2ea5946da9eb73fd9a8536c07ab99d6de2dd43df202c
2a7e270e3045a1f2a56a806431eecd13438a5fb40b0ff3c6a52544197383a5c8
3ba8e60230d028b2679cdc5fb3e96f36cfdb130aed1b5b9c8d44b4ccd20f631a
5048c6be9fbe930eb06e264147aed24b826724bccafd81278dcf0add561a343c
5d375d6faa4bc90694173cca2301d3c74ecdd4b75e66e8f926ee243d096913be
84aca3cdda54b42e08d872181bd0dde58c554f744ad23ce1d9959ac0484deabc
a1aabc083ff05ff4cd83489fbfd165714717a29b2c83a4b19b52f791064847ee
ab7d6e45e3058cf7dff4d52fd3018ccaf618b9db166b76cae4b444bf4ad19e5e
b83b1d09f28c2481567aefcf2dbff0b6372ccaa2a8919a3c0a097b36e393da3e
c5550d7f8cc83561c801d3cdc4bb3c1784672cf0413ea79b5b32e890b1558c38
c9b110455c2206c9e0e70ac4e21451c2079a02f23d6ff24a138b12f09cb7f16a
e178290f64ff355ccca90c67916edc6e97087a75446ef9e3b1d18b38216b6ff8
f9d0af1c050ed21d4e1389f03502dbda19ccfaba2aecc613f4183afacb63bb4f
fb5b211052fd5bf1efbbd04f8cc9a06494bccc8ed7420a31b149613a5bf01f9f