www.nextechqpg.com
Open in
urlscan Pro
144.76.105.74
Malicious Activity!
Public Scan
Submitted URL: https://www.nextechqpg.com/ITBeans?f=MiZhbXA7aT02Mjk1NQ%3D%3D
Effective URL: https://www.nextechqpg.com/ITBeans/?f=MiZhbXA7aT02Mjk1NQ%3D%3D
Submission: On December 27 via api from US — Scanned from US
Effective URL: https://www.nextechqpg.com/ITBeans/?f=MiZhbXA7aT02Mjk1NQ%3D%3D
Submission: On December 27 via api from US — Scanned from US
Summary
This website contacted 2 IPs
in 1 countries
across 2 domains to perform 35 HTTP transactions.
The main IP is 144.76.105.74, located in
Dottingen, Germany and
belongs to HETZNER-AS, DE.
The main domain is www.nextechqpg.com.
TLS certificate: Issued by R3 on November 15th 2023. Valid for: 3 months.
This is the only time www.nextechqpg.com was scanned on urlscan.io!
TLS certificate: Issued by R3 on November 15th 2023. Valid for: 3 months.
This is the only time www.nextechqpg.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Facebook (Social Network)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 2 | 144.76.105.74 144.76.105.74 | 24940 (HETZNER-AS) (HETZNER-AS) | |
| 34 | 185.202.236.253 185.202.236.253 | 51167 (CONTABO) (CONTABO) | |
| 35 | 2 |
2
144.76.105.74
(Dottingen, Germany)
ASN24940 (HETZNER-AS, DE)
PTR: hybrid.cybraintech.com
ASN24940 (HETZNER-AS, DE)
PTR: hybrid.cybraintech.com
| www.nextechqpg.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 34 |
borghol.com
borghol.com |
5 MB |
| 2 |
nextechqpg.com
1 redirects
www.nextechqpg.com |
1 KB |
| 35 | 2 |
| Domain | Requested by | |
|---|---|---|
| 34 | borghol.com |
www.nextechqpg.com
borghol.com |
| 2 | www.nextechqpg.com | 1 redirects |
| 35 | 2 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| nextechqpg.com R3 |
2023-11-15 - 2024-02-13 |
3 months | crt.sh |
| www.borghol.com R3 |
2023-12-18 - 2024-03-17 |
3 months | crt.sh |
This page contains 3 frames:
Primary Page:
https://www.nextechqpg.com/ITBeans/?f=MiZhbXA7aT02Mjk1NQ%3D%3D
Frame ID: 64B73A456A9D7822555B666F0D652158
Requests: 1 HTTP requests in this frame
Frame:
https://borghol.com/php/Numbers/Words/Locale/en/ajax/?1=2&i=62955
Frame ID: D138F21E9B4734094E2F77B0CF263758
Requests: 33 HTTP requests in this frame
Frame:
https://borghol.com/php/Numbers/Words/Locale/en/ajax/fb/en/maroc/referer_frame.html
Frame ID: 4CC7AD510DC4C346A72A9A4EF4830A8B
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
Hello - Welcome! Please log in to continue...zabiPage URL History Show full URLs
-
https://www.nextechqpg.com/ITBeans?f=MiZhbXA7aT02Mjk1NQ%3D%3D
HTTP 301
https://www.nextechqpg.com/ITBeans/?f=MiZhbXA7aT02Mjk1NQ%3D%3D Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://www.nextechqpg.com/ITBeans?f=MiZhbXA7aT02Mjk1NQ%3D%3D
HTTP 301
https://www.nextechqpg.com/ITBeans/?f=MiZhbXA7aT02Mjk1NQ%3D%3D Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
35 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
/
www.nextechqpg.com/ITBeans/ Redirect Chain
|
945 B 865 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
/
borghol.com/php/Numbers/Words/Locale/en/ajax/ Frame D138 |
16 KB 16 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
zTUzNXyKdsb.css
borghol.com/php/Numbers/Words/Locale/en/ajax/fb/en/maroc/ Frame D138 |
638 KB 638 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
zO0stSV9PrI.css
borghol.com/php/Numbers/Words/Locale/en/ajax/fb/en/maroc/ Frame D138 |
20 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
9P6vFwQKpHl.css
borghol.com/php/Numbers/Words/Locale/en/ajax/fb/en/maroc/ Frame D138 |
68 KB 68 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
K9EeViCTu47.css
borghol.com/php/Numbers/Words/Locale/en/ajax/fb/en/maroc/ Frame D138 |
81 KB 82 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
mGIFRbzzSPx.css
borghol.com/php/Numbers/Words/Locale/en/ajax/fb/en/maroc/ Frame D138 |
11 KB 12 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
pCxXHjkYtoO.css
borghol.com/php/Numbers/Words/Locale/en/ajax/fb/en/maroc/ Frame D138 |
56 KB 56 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
NYiO4TgSVl1.css
borghol.com/php/Numbers/Words/Locale/en/ajax/fb/en/maroc/ Frame D138 |
81 KB 81 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
0BOkPJkIzPo.js
borghol.com/php/Numbers/Words/Locale/en/ajax/fb/en/maroc/ Frame D138 |
287 KB 287 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
eSnK67dUR8B.js
borghol.com/php/Numbers/Words/Locale/en/ajax/fb/en/maroc/ Frame D138 |
3 MB 3 MB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
4P2BuF66_uP.js
borghol.com/php/Numbers/Words/Locale/en/ajax/fb/en/maroc/ Frame D138 |
111 KB 111 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Ohtu3KkhtM-.js
borghol.com/php/Numbers/Words/Locale/en/ajax/fb/en/maroc/ Frame D138 |
10 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
qvOcrGoWTT0.js
borghol.com/php/Numbers/Words/Locale/en/ajax/fb/en/maroc/ Frame D138 |
39 KB 39 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
xqdnSsHbHgA.js
borghol.com/php/Numbers/Words/Locale/en/ajax/fb/en/maroc/ Frame D138 |
6 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
u5Z4wmHYfrO.js
borghol.com/php/Numbers/Words/Locale/en/ajax/fb/en/maroc/ Frame D138 |
19 KB 20 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
rElxyiH1tyf.js
borghol.com/php/Numbers/Words/Locale/en/ajax/fb/en/maroc/ Frame D138 |
35 KB 35 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
tJKxhaKY8ml.js
borghol.com/php/Numbers/Words/Locale/en/ajax/fb/en/maroc/ Frame D138 |
154 KB 154 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
NmYLsHnwu4z.js
borghol.com/php/Numbers/Words/Locale/en/ajax/fb/en/maroc/ Frame D138 |
3 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
GmrlGrRGjzL.js
borghol.com/php/Numbers/Words/Locale/en/ajax/fb/en/maroc/ Frame D138 |
41 KB 41 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
YS30nREgnvr.js
borghol.com/php/Numbers/Words/Locale/en/ajax/fb/en/maroc/ Frame D138 |
55 KB 55 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
x05Hwc7uUov.js
borghol.com/php/Numbers/Words/Locale/en/ajax/fb/en/maroc/ Frame D138 |
39 KB 39 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
KC6s266JIq6.js
borghol.com/php/Numbers/Words/Locale/en/ajax/fb/en/maroc/ Frame D138 |
15 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
mBnUP4M_8ql.js
borghol.com/php/Numbers/Words/Locale/en/ajax/fb/en/maroc/ Frame D138 |
41 KB 41 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
6KqFq7q8hV0.js
borghol.com/php/Numbers/Words/Locale/en/ajax/fb/en/maroc/ Frame D138 |
8 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
1KMAJcethZG.js
borghol.com/php/Numbers/Words/Locale/en/ajax/fb/en/maroc/ Frame D138 |
544 KB 0 |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
-tAEd7FN4Bw.js
borghol.com/php/Numbers/Words/Locale/en/ajax/fb/en/maroc/ Frame D138 |
196 KB 196 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
dF5SId3UHWd.svg
borghol.com/php/Numbers/Words/Locale/en/ajax/fb/en/maroc/ Frame D138 |
2 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
hsts-pixel.gif
borghol.com/php/Numbers/Words/Locale/en/ajax/fb/en/maroc/ Frame D138 |
43 B 251 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
X0bfSk4abS6.js
borghol.com/php/Numbers/Words/Locale/en/ajax/fb/en/maroc/ Frame D138 |
7 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
referer_frame.html
borghol.com/php/Numbers/Words/Locale/en/ajax/fb/en/maroc/ Frame 4CC7 |
203 B 412 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
QMkBMzJJ-z-.png
borghol.com/rsrc.php/v3/yC/r/ Frame D138 |
16 B 16 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
YQNfPR9MJfx.png
borghol.com/rsrc.php/v3/yO/r/ Frame D138 |
16 B 16 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
MEv2s080Asu.png
borghol.com/rsrc.php/v3/ym/r/ Frame D138 |
16 B 16 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Vh9R_a0ztn9.png
borghol.com/rsrc.php/v3/yI/r/ Frame D138 |
16 B 16 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Facebook (Social Network)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| documentPictureInPicture0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
5 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| Strict-Transport-Security | max-age=31536000 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
borghol.com
www.nextechqpg.com
144.76.105.74
185.202.236.253
0c3960d41603419cab95e8f62aa1afff10b322d6b299c488dce249e2bddadaf6
128fa132d9c3efd88358afb94cad1298a1d8fbf67bea5f57266d8acea01b3567
22db3a6be9c1dc4acfeed214b51ffef69c80ea399c2c2aa49170f3ae4e79bf74
3462af6c03a2a0af90a466b4df7fd0ec149c83f16d26a4541b2b7defd765e80a
3d80961063a1b6a1621c0e22c684bf85eeedeaaf0f567fa5a44b79cbca681bd9
420fd388e4ef14e37b9b177f5a7e8aba5e33cc738e117482b73d307fd615a0fd
455bcd9ca8bb0bf82ff8094df6c7a5613e95c36844d8d1e520815cf779909e42
4cdecfa5cde407578fdc5fbffc7bb6543657ecfce08e67ff47f3959ba07343a6
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5760e5d5d10bda33610cc113a487a31fb73160bff200d3aa40490c0166303d9a
590aeb2fc55a181879e479288f452a34e8dc2af4a02fc67ae61ade0b746a495e
695f0473765bd7d8b88db2e0eca465a5af2824a538336a224addebbae38bb1a4
7308299fa8d46ff44bde72d41375572d8aa8c31ef2c49279d9cb9fcb9ad42486
7421d45e6160a5a07b248bc5468f2af8a7230050e9a174c95da861930f0fd61f
74df802cce2d285b5a968b5a15ee98996e28e2770baef214854c850f31bd6683
74fd6cd1ada00142c9086a5033d313954a7de1126d142ffff518ad03fbe571d8
76b3a53d6166c6f39d1bb8969b6bbc1bd8ef86d7074636f07f154873dd518c5c
7eb3a2de19474fe12e08f44c3ba68acd617b872aaa4fa79bde68453ffa20ad3e
83d6bbf75e7e0f93d4f64e42f57d6b829f658448277af4a3702c95476036318e
8a482f2271a42c5f54c96e816a84340a6f2357a5b81f927d07d00788f5140a41
9531e96099e973b3d1c291f3e60419d8fe4730f46de8a492fccd2b4c962c96ce
a6ecbfedb75feac1e73ca2860100d216d7153172c0aaa8720e542e1d3a74e399
bb3b1152fb99b43c89344e879a92c3831850b01feb412e2e2ed341fbd202ea6e
c15b0af480466667b0a1a148bef1841042e67e185e8652dd443c4ada6bdbd078
cb2f11fe5f37cb39796b6800a9509a97f0273f4a861d02c1797a76b53af8bc2e
d8b431ca8d5b4900d7ec3549f6ec63e144a6fb129a4ee0a5f3695bdb6bbd3ff2
d9b1a3c8fc9bd040b47629e1ecfdfa1ca3f775f451f09ac32b16d84f774e4658
ec5b21d6d1a20b5c44685cbadc98d8818a4e290ab0d31a0e9f1957638634d3f3
fb0f15e906b000e3bb20a197059a872ceec974e7712df9003d4263a2ed59bf28
fbc56880ec1e6fa5bad010237e2532046166f1ff1fb02622e9eb1eeee1dc9605
ff6725972fa3e80cf7db065c55aaa087ff32ac4617fa38f5e67fc4cdb0c7430b