app.qpointsurvey.com Open in urlscan Pro
94.130.38.251 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://app.qpointsurvey.com/s/6mlvq9fdyzznrx8w
Submission: On May 10 via api (May 10th 2022, 9:57:40 pm UTC) from US — Scanned from DE

Summary HTTP 15 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 5 domains to perform 15 HTTP transactions. The main IP is 94.130.38.251, located in Germany and belongs to HETZNER-AS, DE. The main domain is app.qpointsurvey.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on November 12th 2021. Valid for: a year.

This is the only time app.qpointsurvey.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
2 11	94.130.38.251 94.130.38.251	24940 (HETZNER-AS) (HETZNER-AS)
2	2a00:1450:400... 2a00:1450:4001:802::200e	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:bcf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:800::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::2003	15169 (GOOGLE) (GOOGLE)
15	5

11 94.130.38.251 (Germany) 2 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.251.38.130.94.clients.your-server.de

app.qpointsurvey.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.qpointsurvey.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:802::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	qpointsurvey.com 2 redirects app.qpointsurvey.com cdn.qpointsurvey.com	443 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 46	3 KB
2	youtube.com www.youtube.com — Cisco Umbrella Rank: 91	52 KB
1	gstatic.com fonts.gstatic.com	16 KB
1	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 714	7 KB
15	5

	Domain	Requested by
9	app.qpointsurvey.com	2 redirects app.qpointsurvey.com
2	cdn.qpointsurvey.com	app.qpointsurvey.com
2	fonts.googleapis.com	app.qpointsurvey.com
2	www.youtube.com	app.qpointsurvey.com www.youtube.com
1	fonts.gstatic.com	fonts.googleapis.com
1	maxcdn.bootstrapcdn.com	app.qpointsurvey.com
15	6

This site contains links to these domains. Also see Links.

Domain
qpointsurvey.com

Subject Issuer	Validity	Valid
*.qpointsurvey.com Sectigo RSA Domain Validation Secure Server CA	`2021-11-12` - `2022-12-13`	a year	crt.sh
*.google.com GTS CA 1C3	`2022-04-18` - `2022-07-11`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-01-29` - `2023-01-29`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-04-18` - `2022-07-11`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-04-18` - `2022-07-11`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://app.qpointsurvey.com/s/6mlvq9fdyzznrx8w
Frame ID: 0AEB66E2E563E03EE3EE277A9A79D6B0
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Microsoft Office 365 Support Center

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

15
Requests

87 %
HTTPS

80 %
IPv6

5
Domains

6
Subdomains

5
IPs

2
Countries

521 kB
Transfer

1054 kB
Size

2
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://qpointsurvey.com/
Title: Create a survey, form or quiz

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 9

https://app.qpointsurvey.com/account_data/default/C2F599841F21AAEFEEABD2A60EF7BFE8/images/bc597b05.jpg HTTP 301
https://cdn.qpointsurvey.com/account_data/default/C2F599841F21AAEFEEABD2A60EF7BFE8/images/bc597b05.jpg

Request Chain 11

https://app.qpointsurvey.com/s/account_data/default/C2F599841F21AAEFEEABD2A60EF7BFE8/images/5d5aac48.png HTTP 301
https://cdn.qpointsurvey.com/account_data/default/C2F599841F21AAEFEEABD2A60EF7BFE8/images/5d5aac48.png

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request 6mlvq9fdyzznrx8w Show response
app.qpointsurvey.com/s/ 49 KB
12 KB 167ms
74ms Document
text/html 94.130.38.251
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://app.qpointsurvey.com/s/6mlvq9fdyzznrx8w
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.130.38.251 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.251.38.130.94.clients.your-server.de
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: bebaec02c99492e1e7a41998a4ff3f7b94d92e72262d145cdd89c8b5dbbb5378

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private
content-encoding: gzip
content-length: 12013
content-type: text/html; charset=utf-8
date: Tue, 10 May 2022 21:57:37 GMT
server: Microsoft-IIS/10.0
vary: Accept-Encoding
x-aspnet-version: 4.0.30319
x-aspnetmvc-version: 5.2
x-powered-by: ASP.NET

GET
H2 200 iframe_api Show response
www.youtube.com/ 980 B
2 KB 141ms
57ms Script
text/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: app.qpointsurvey.com
URL: https://app.qpointsurvey.com/s/6mlvq9fdyzznrx8w

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9f4c62ad756893055b9393007a6b9ac696fa1a3b37e87f86229f52b109534e4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.qpointsurvey.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 10 May 2022 21:57:35 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
critical-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
server: ESF
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
content-type: text/javascript; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: private, max-age=0
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
expires: Tue, 10 May 2022 21:57:35 GMT

GET
H2 200 panel-page
app.qpointsurvey.com/res/css/ 109 KB
17 KB 44ms
43ms Stylesheet
text/css 94.130.38.251
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://app.qpointsurvey.com/res/css/panel-page?v=_qD1Yq8RBTzm_IwxEtIEOYOtiML0P7Zg-modUlpG81w1
Requested by: Host: app.qpointsurvey.com
URL: https://app.qpointsurvey.com/s/6mlvq9fdyzznrx8w
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.130.38.251 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.251.38.130.94.clients.your-server.de
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 4adf1be0f14e987e7d2270f58f3f4aeb9a983c33dd223c7711d30c6cea50e0b8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.qpointsurvey.com/s/6mlvq9fdyzznrx8w
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 10 May 2022 21:57:37 GMT
content-encoding: gzip
last-modified: Tue, 10 May 2022 21:57:37 GMT
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
vary: User-Agent,Accept-Encoding
content-type: text/css; charset=utf-8
cache-control: public
content-length: 17213
expires: Wed, 10 May 2023 21:57:37 GMT

GET
H2 200 panel-app-page Show response
app.qpointsurvey.com/res/js/ 290 KB
116 KB 83ms
82ms Script
text/javascript 94.130.38.251
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://app.qpointsurvey.com/res/js/panel-app-page?v=gvXd2m5g_xtJZESCsq-1Z6VOmw4mwbGfSR-gYI6PNtM1
Requested by: Host: app.qpointsurvey.com
URL: https://app.qpointsurvey.com/s/6mlvq9fdyzznrx8w
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.130.38.251 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.251.38.130.94.clients.your-server.de
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: ff51efc5f6c9b6048f15f8d748247dc37b163d72d8c8f8f0e939703b13f865c5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.qpointsurvey.com/s/6mlvq9fdyzznrx8w
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 May 2022 21:57:37 GMT
content-encoding: gzip
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: no-cache
expires: -1

GET
H2 200 panel-page Show response
app.qpointsurvey.com/res/js/ 102 KB
28 KB 81ms
81ms Script
text/javascript 94.130.38.251
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://app.qpointsurvey.com/res/js/panel-page?v=XRi19UcR4XZ5jiHAMtzXQJsdw1SlmUsQ1Aa_LNSNQys1
Requested by: Host: app.qpointsurvey.com
URL: https://app.qpointsurvey.com/s/6mlvq9fdyzznrx8w
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.130.38.251 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.251.38.130.94.clients.your-server.de
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: d089a90ad876341ecfd73f780ba15640d1ce3c51517ea93d4a3d91062256f08e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.qpointsurvey.com/s/6mlvq9fdyzznrx8w
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 10 May 2022 21:57:37 GMT
content-encoding: gzip
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: no-cache
content-length: 28208
expires: -1

GET
H2 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/ 27 KB
7 KB 124ms
46ms Stylesheet
text/css 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css

Requested by

Host: app.qpointsurvey.com
URL: https://app.qpointsurvey.com/s/6mlvq9fdyzznrx8w

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ddd92f10ad162c7449eff0acaf40598c05b1111739587edb75e5326b6697c5d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.qpointsurvey.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 10 May 2022 21:57:35 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 617, 617
age: 9122552
cdn-cachedat: 2021-06-08 14:23:29
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: 990eb37a8813a99367bd383681b974a4
cf-ray: 7095ee709bdb915e-FRA
cdn-requestcountrycode: US
cdn-requestpullsuccess: True

GET
H2 200 css
fonts.googleapis.com/ 21 KB
2 KB 131ms
47ms Stylesheet
text/css 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: app.qpointsurvey.com
URL: https://app.qpointsurvey.com/s/6mlvq9fdyzznrx8w

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a07ed141e765002014310ad3852a98a871770cd2525cb9a9379cba0e3ad61b6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.qpointsurvey.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 10 May 2022 21:57:35 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 10 May 2022 21:57:35 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 10 May 2022 21:57:35 GMT

GET
H2 200 css
fonts.googleapis.com/ 17 KB
1 KB 132ms
48ms Stylesheet
text/css 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:400,400i,700,800|Ubuntu:400,400i,500,700&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext

Requested by

Host: app.qpointsurvey.com
URL: https://app.qpointsurvey.com/s/6mlvq9fdyzznrx8w

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9e5f6785008814a96c4aa5280fb53b9c5b2cf04c4bf0074815f12528b6a4fba2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.qpointsurvey.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 10 May 2022 21:57:35 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 10 May 2022 21:57:35 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 10 May 2022 21:57:35 GMT

GET
H2 200 QPF_small.jpg
app.qpointsurvey.com/res/images/ 30 KB
30 KB 40ms
40ms Image
image/jpeg 94.130.38.251
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://app.qpointsurvey.com/res/images/QPF_small.jpg
Requested by: Host: app.qpointsurvey.com
URL: https://app.qpointsurvey.com/s/6mlvq9fdyzznrx8w
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.130.38.251 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.251.38.130.94.clients.your-server.de
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 27f00b256bd918e38cc6954d9e772964e1e58016cfde50da5a94f2778dc7a99c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.qpointsurvey.com/s/6mlvq9fdyzznrx8w
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 10 May 2022 21:57:37 GMT
last-modified: Thu, 02 Jul 2020 08:26:18 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
etag: "c6d78b754a50d61:0"
content-type: image/jpeg
accept-ranges: bytes
content-length: 30818

GET
H2 200 www-widgetapi.js Show response
www.youtube.com/s/player/53aba266/www-widgetapi.vflset/ 154 KB
50 KB 37ms
37ms Script
text/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/53aba266/www-widgetapi.vflset/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8bbc76c3d03e206af2bb5bc11236555f0c3177fc677c66077bd651072853d26

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.qpointsurvey.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 10 May 2022 19:57:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7182
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51153
x-xss-protection: 0
last-modified: Mon, 09 May 2022 00:15:57 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Wed, 10 May 2023 19:57:53 GMT

GET
H2

200

bc597b05.jpg
cdn.qpointsurvey.com/account_data/default/C2F599841F21AAEFEEABD2A60EF7BFE8/images/
Redirect Chain

https://app.qpointsurvey.com/account_data/default/C2F599841F21AAEFEEABD2A60EF7BFE8/images/bc597b05.jpg
https://cdn.qpointsurvey.com/account_data/default/C2F599841F21AAEFEEABD2A60EF7BFE8/images/bc597b05.jpg

167 KB
167 KB

55ms
41ms

Image
image/jpeg

94.130.38.251
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.qpointsurvey.com/account_data/default/C2F599841F21AAEFEEABD2A60EF7BFE8/images/bc597b05.jpg
Requested by: Host: app.qpointsurvey.com
URL: https://app.qpointsurvey.com/s/6mlvq9fdyzznrx8w
Protocol: H2
Server: 94.130.38.251 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.251.38.130.94.clients.your-server.de
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: fa62c98e730e29e0c76279345adf39d3b95ce0ffe1695b0936ecfef47b1a7481

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.qpointsurvey.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 10 May 2022 21:57:37 GMT
last-modified: Sat, 07 May 2022 12:33:30 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
etag: "4a5ec7a8e62d81:0"
content-type: image/jpeg
access-control-allow-origin: *
accept-ranges: bytes
content-length: 170945

Redirect headers

location: https://cdn.qpointsurvey.com/account_data/default/C2F599841F21AAEFEEABD2A60EF7BFE8/images/bc597b05.jpg
date: Tue, 10 May 2022 21:57:37 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
content-length: 225
content-type: text/html; charset=UTF-8

GET
H2 200 getform Show response
app.qpointsurvey.com/panel/ 3 KB
3 KB 135ms
135ms XHR
application/json 94.130.38.251
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://app.qpointsurvey.com/panel/getform?token=6mlvq9fdyzznrx8w&_=1652219855507
Requested by: Host: app.qpointsurvey.com
URL: https://app.qpointsurvey.com/res/js/panel-app-page?v=gvXd2m5g_xtJZESCsq-1Z6VOmw4mwbGfSR-gYI6PNtM1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.130.38.251 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.251.38.130.94.clients.your-server.de
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 3de7ff7eb711bbd7db10d74acb7951d65d1461c6548199d10f564a247c6be224

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://app.qpointsurvey.com/s/6mlvq9fdyzznrx8w
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: application/json; charset=utf-8

Response headers

date: Tue, 10 May 2022 21:57:37 GMT
x-aspnetmvc-version: 5.2
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-type: application/json
cache-control: private
content-length: 3051

GET
H2

200

5d5aac48.png
cdn.qpointsurvey.com/account_data/default/C2F599841F21AAEFEEABD2A60EF7BFE8/images/
Redirect Chain

https://app.qpointsurvey.com/s/account_data/default/C2F599841F21AAEFEEABD2A60EF7BFE8/images/5d5aac48.png
https://cdn.qpointsurvey.com/account_data/default/C2F599841F21AAEFEEABD2A60EF7BFE8/images/5d5aac48.png

27 KB
27 KB

92ms
89ms

Image
image/png

94.130.38.251
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.qpointsurvey.com/account_data/default/C2F599841F21AAEFEEABD2A60EF7BFE8/images/5d5aac48.png
Requested by: Host: app.qpointsurvey.com
URL: https://app.qpointsurvey.com/s/6mlvq9fdyzznrx8w
Protocol: H2
Server: 94.130.38.251 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.251.38.130.94.clients.your-server.de
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 2b20e75baad803ddcaee951044d4fa97d2fc25aecc5607d58aa00ac686447749

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.qpointsurvey.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 10 May 2022 21:57:37 GMT
last-modified: Sat, 07 May 2022 12:33:58 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
etag: "70711ab9e62d81:0"
content-type: image/png
access-control-allow-origin: *
accept-ranges: bytes
content-length: 27735

Redirect headers

location: https://cdn.qpointsurvey.com/account_data/default/C2F599841F21AAEFEEABD2A60EF7BFE8/images/5d5aac48.png
date: Tue, 10 May 2022 21:57:37 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
content-length: 225
content-type: text/html; charset=UTF-8

GET
H2 200 qfont-icons.otf
app.qpointsurvey.com/res/fonts/ 42 KB
42 KB 41ms
41ms Font
font/otf 94.130.38.251
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://app.qpointsurvey.com/res/fonts/qfont-icons.otf
Requested by: Host: app.qpointsurvey.com
URL: https://app.qpointsurvey.com/res/css/panel-page?v=_qD1Yq8RBTzm_IwxEtIEOYOtiML0P7Zg-modUlpG81w1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.130.38.251 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.251.38.130.94.clients.your-server.de
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: cf59dc5f0cab22928388d6f744726e0aed8a7d8cec4160003afb9354d3fde609

Request headers

Referer: https://app.qpointsurvey.com/res/css/panel-page?v=_qD1Yq8RBTzm_IwxEtIEOYOtiML0P7Zg-modUlpG81w1
Origin: https://app.qpointsurvey.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 10 May 2022 21:57:37 GMT
last-modified: Thu, 02 Jul 2020 08:26:18 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
etag: "a5898b754a50d61:0"
content-type: font/otf
accept-ranges: bytes
content-length: 43340

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ 15 KB
16 KB 121ms
39ms Font
font/woff2 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://app.qpointsurvey.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 10 May 2022 18:59:49 GMT
x-content-type-options: nosniff
age: 10667
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 10 May 2023 18:59:49 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

75 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: tMHcsaV--9I
			.youtube.com/	1970-01-20 07:16:11	Name: VISITOR_INFO1_LIVE Value: MT1RGfT1wi4

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.qpointsurvey.com
cdn.qpointsurvey.com
fonts.googleapis.com
fonts.gstatic.com
maxcdn.bootstrapcdn.com
www.youtube.com
2606:4700::6812:bcf
2a00:1450:4001:800::200a
2a00:1450:4001:802::200e
2a00:1450:4001:811::2003
94.130.38.251
27f00b256bd918e38cc6954d9e772964e1e58016cfde50da5a94f2778dc7a99c
2b20e75baad803ddcaee951044d4fa97d2fc25aecc5607d58aa00ac686447749
3de7ff7eb711bbd7db10d74acb7951d65d1461c6548199d10f564a247c6be224
4adf1be0f14e987e7d2270f58f3f4aeb9a983c33dd223c7711d30c6cea50e0b8
9e5f6785008814a96c4aa5280fb53b9c5b2cf04c4bf0074815f12528b6a4fba2
9f4c62ad756893055b9393007a6b9ac696fa1a3b37e87f86229f52b109534e4d
a07ed141e765002014310ad3852a98a871770cd2525cb9a9379cba0e3ad61b6b
bebaec02c99492e1e7a41998a4ff3f7b94d92e72262d145cdd89c8b5dbbb5378
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
cf59dc5f0cab22928388d6f744726e0aed8a7d8cec4160003afb9354d3fde609
d089a90ad876341ecfd73f780ba15640d1ce3c51517ea93d4a3d91062256f08e
ddd92f10ad162c7449eff0acaf40598c05b1111739587edb75e5326b6697c5d5
e8bbc76c3d03e206af2bb5bc11236555f0c3177fc677c66077bd651072853d26
fa62c98e730e29e0c76279345adf39d3b95ce0ffe1695b0936ecfef47b1a7481
ff51efc5f6c9b6048f15f8d748247dc37b163d72d8c8f8f0e939703b13f865c5

app.qpointsurvey.com Open in urlscan Pro 94.130.38.251 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

15 Requests

87 %HTTPS

80 %IPv6

5 Domains

6 Subdomains

5 IPs

2 Countries

521 kBTransfer

1054 kBSize

2 Cookies

1 Outgoing links

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

75 JavaScript Global Variables

2 Cookies

Indicators

app.qpointsurvey.com Open in urlscan Pro
94.130.38.251 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

87 %
HTTPS

80 %
IPv6

5
Domains

6
Subdomains

5
IPs

2
Countries

521 kB
Transfer

1054 kB
Size

2
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!