qtechno-eg.com
Open in
urlscan Pro
192.185.73.134
Malicious Activity!
Public Scan
Submission: On September 30 via automatic, source openphish
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on August 8th 2018. Valid for: 3 months.
This is the only time qtechno-eg.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: BBVA (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
8 | 192.185.73.134 192.185.73.134 | 20013 (CYRUSONE) (CYRUSONE - CyrusOne LLC) | |
1 2 | 46.31.112.210 46.31.112.210 | 51625 (THY-AS) (THY-AS) | |
18 | 3 |
ASN20013 (CYRUSONE - CyrusOne LLC, US)
PTR: 192-185-73-134.unifiedlayer.com
qtechno-eg.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
qtechno-eg.com
qtechno-eg.com |
328 KB |
2 |
turkishcargo.com.tr
1 redirects
www.turkishcargo.com.tr |
859 KB |
0 |
dexemboutrse.cf
Failed
dexemboutrse.cf Failed |
|
18 | 3 |
Domain | Requested by | |
---|---|---|
8 | qtechno-eg.com |
qtechno-eg.com
|
2 | www.turkishcargo.com.tr |
1 redirects
qtechno-eg.com
|
0 | dexemboutrse.cf Failed |
qtechno-eg.com
|
18 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
rentingmov.bancosantander.es |
www.bancosantander.es |
particulares.gruposantander.es |
Subject Issuer | Validity | Valid | |
---|---|---|---|
qtechno-eg.com Let's Encrypt Authority X3 |
2018-08-08 - 2018-11-06 |
3 months | crt.sh |
*.turkishcargo.com.tr E-Tugra Organization Validated CA |
2018-06-18 - 2020-06-18 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://qtechno-eg.com/es/favicon/index/asistencia/Codigo.php
Frame ID: 6B6E18748FC722D334C802E721DB637B
Requests: 18 HTTP requests in this frame
Screenshot
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
Nginx (Web Servers) Expand
Detected patterns
- headers server /nginx(?:\/([\d.]+))?/i
AngularJS (JavaScript Frameworks) Expand
Detected patterns
- env /^angular$/i
Modernizr (JavaScript Libraries) Expand
Detected patterns
- env /^Modernizr$/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- env /^jQuery$/i
Page Statistics
3 Outgoing links
These are links going to different origins than the main page.
Title: Renting
Search URL Search Domain Scan URL
Title: Oficinas y cajeros
Search URL Search Domain Scan URL
Title: Versión clásica
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 6- http://www.turkishcargo.com.tr/documents/TurkishCargo/img/redloadingcircle.gif HTTP 302
- https://www.turkishcargo.com.tr/documents/TurkishCargo/img/redloadingcircle.gif
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Codigo.php
qtechno-eg.com/es/favicon/index/asistencia/ |
100 KB 38 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles.css
qtechno-eg.com/es/favicon/index/asistencia/konto/ |
211 KB 44 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
net.css
qtechno-eg.com/es/favicon/index/asistencia/konto// |
25 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
supernetAll_170710_161546.min.js
qtechno-eg.com/es/favicon/index/asistencia/konto/ |
726 KB 224 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.2.js
qtechno-eg.com/es/favicon/index/asistencia/konto/ |
24 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
utag.8.js
qtechno-eg.com/es/favicon/index/asistencia/konto/ |
21 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icn_renting.svg
qtechno-eg.com/es/favicon/index/asistencia/konto/ |
4 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
redloadingcircle.gif
www.turkishcargo.com.tr/documents/TurkishCargo/img/ Redirect Chain
|
858 KB 858 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg-menu.svg
qtechno-eg.com/es/favicon/index/asistencia/ |
599 B 819 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Lato-Regular-webfont.woff2
dexemboutrse.cf/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Lato-Light-webfont.woff2
dexemboutrse.cf/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Lato-Bold-webfont.woff2
dexemboutrse.cf/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Lato-Regular-webfont.woff
dexemboutrse.cf/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Lato-Light-webfont.woff
dexemboutrse.cf/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Lato-Bold-webfont.woff
dexemboutrse.cf/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Lato-Regular-webfont.ttf
dexemboutrse.cf/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Lato-Light-webfont.ttf
dexemboutrse.cf/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
Lato-Bold-webfont.ttf
dexemboutrse.cf/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- dexemboutrse.cf
- URL
- https://dexemboutrse.cf/fonts/Lato-Regular-webfont.woff2
- Domain
- dexemboutrse.cf
- URL
- https://dexemboutrse.cf/fonts/Lato-Light-webfont.woff2
- Domain
- dexemboutrse.cf
- URL
- https://dexemboutrse.cf/fonts/Lato-Bold-webfont.woff2
- Domain
- dexemboutrse.cf
- URL
- https://dexemboutrse.cf/fonts/Lato-Regular-webfont.woff
- Domain
- dexemboutrse.cf
- URL
- https://dexemboutrse.cf/fonts/Lato-Light-webfont.woff
- Domain
- dexemboutrse.cf
- URL
- https://dexemboutrse.cf/fonts/Lato-Bold-webfont.woff
- Domain
- dexemboutrse.cf
- URL
- https://dexemboutrse.cf/fonts/Lato-Regular-webfont.ttf
- Domain
- dexemboutrse.cf
- URL
- https://dexemboutrse.cf/fonts/Lato-Light-webfont.ttf
- Domain
- dexemboutrse.cf
- URL
- https://dexemboutrse.cf/fonts/Lato-Bold-webfont.ttf
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: BBVA (Financial)54 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| CryptoJS object| services function| formatMoney function| validaCuenta function| validaLibreta function| calcularIBAN function| trim object| arrayLetras function| fCalcularNIF function| fCalcularNIE function| fCalcularCIF function| fCalcularPasaporte function| validarXIF function| hexToString function| StringToHex function| cifraToken function| descifraToken function| descifraServidor function| cifraServidor function| timeStamp function| start object| nwptApp function| ImageExist function| checkBrowserValid function| get_browser_info function| ValoresController function| ConctactInfoController function| LoginController function| HomeController function| ImposicionController function| ProductController function| SendMoneyAccessController function| SendMoneyController function| TarjetaController function| SociusController function| PullOffersController function| ContractOffersController function| PBController function| PBProductController number| windowWidth function| $ function| jQuery object| Modernizr object| jstz object| angular object| Select2 function| removeHover object| GibberishAES function| hideMessage function| startTimer function| getUrlParam object| jQuery111109275819537099357 string| GoogleAnalyticsObject function| ga0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
dexemboutrse.cf
qtechno-eg.com
www.turkishcargo.com.tr
dexemboutrse.cf
192.185.73.134
46.31.112.210
1a31584ad3b47257575549863cf9a890f59d4a2f06e106813ad3c9d044b8b60e
451240502265cb6107d21e27b9a36297de049a127e02c13a6bad9714a46f66aa
6af1b99e57b00120df73324eb2b9d8eb3bf88754b175cdb0f65ade2d17ce7e98
a2ca412537556bd572a2095ca0cbc2eb7305f22273c62e5d8f2e8b3b1664f5f3
a8fa99938da27ebe6e3a72c52781f5ee1219a7b66f21cfb2c75948fead36f49e
bafdd97b96d6444a862d7df4a8e1c01496ec64c180e6da53890068e0d4bd8937
bb5f0c36cf1c488246ab81b4cb82ee5c01923109967d1764e14b6004e988ad08
bd865d3b49087c4d4626aafddcfb4a2adc6c5109acc9f4efe64d3ab54fe6db56
c1a892da96dda2555afab80d17910aa3e9865c03a8c5ab1086364c0df94c1ece