URL: https://qtechno-eg.com/es/favicon/index/asistencia/Codigo.php
Submission: On September 30 via automatic, source openphish

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 18 HTTP transactions. The main IP is 192.185.73.134, located in Houston, United States and belongs to CYRUSONE - CyrusOne LLC, US. The main domain is qtechno-eg.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on August 8th 2018. Valid for: 3 months.
This is the only time qtechno-eg.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BBVA (Financial)

Domain & IP information

IP Address AS Autonomous System
8 192.185.73.134 20013 (CYRUSONE)
1 2 46.31.112.210 51625 (THY-AS)
18 3
Apex Domain
Subdomains
Transfer
8 qtechno-eg.com
qtechno-eg.com
328 KB
2 turkishcargo.com.tr
www.turkishcargo.com.tr
859 KB
0 dexemboutrse.cf Failed
dexemboutrse.cf Failed
18 3
Domain Requested by
8 qtechno-eg.com qtechno-eg.com
2 www.turkishcargo.com.tr 1 redirects qtechno-eg.com
0 dexemboutrse.cf Failed qtechno-eg.com
18 3

This site contains links to these domains. Also see Links.

Domain
rentingmov.bancosantander.es
www.bancosantander.es
particulares.gruposantander.es
Subject Issuer Validity Valid
qtechno-eg.com
Let's Encrypt Authority X3
2018-08-08 -
2018-11-06
3 months crt.sh
*.turkishcargo.com.tr
E-Tugra Organization Validated CA
2018-06-18 -
2020-06-18
2 years crt.sh

This page contains 1 frames:

Primary Page: https://qtechno-eg.com/es/favicon/index/asistencia/Codigo.php
Frame ID: 6B6E18748FC722D334C802E721DB637B
Requests: 18 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Overall confidence: 100%
Detected patterns
  • env /^angular$/i

Overall confidence: 100%
Detected patterns
  • env /^Modernizr$/i

Overall confidence: 100%
Detected patterns
  • env /^jQuery$/i

Page Statistics

18
Requests

50 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

1187 kB
Transfer

1970 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6
  • http://www.turkishcargo.com.tr/documents/TurkishCargo/img/redloadingcircle.gif HTTP 302
  • https://www.turkishcargo.com.tr/documents/TurkishCargo/img/redloadingcircle.gif

18 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request Codigo.php
qtechno-eg.com/es/favicon/index/asistencia/
100 KB
38 KB
Document
General
Full URL
https://qtechno-eg.com/es/favicon/index/asistencia/Codigo.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.185.73.134 Houston, United States, ASN20013 (CYRUSONE - CyrusOne LLC, US),
Reverse DNS
192-185-73-134.unifiedlayer.com
Software
nginx/1.14.0 /
Resource Hash
6af1b99e57b00120df73324eb2b9d8eb3bf88754b175cdb0f65ade2d17ce7e98

Request headers

Host
qtechno-eg.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Server
nginx/1.14.0
Date
Sun, 30 Sep 2018 20:17:49 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Content-Encoding
gzip
styles.css
qtechno-eg.com/es/favicon/index/asistencia/konto/
211 KB
44 KB
Stylesheet
General
Full URL
https://qtechno-eg.com/es/favicon/index/asistencia/konto/styles.css
Requested by
Host: qtechno-eg.com
URL: https://qtechno-eg.com/es/favicon/index/asistencia/Codigo.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.185.73.134 Houston, United States, ASN20013 (CYRUSONE - CyrusOne LLC, US),
Reverse DNS
192-185-73-134.unifiedlayer.com
Software
nginx/1.14.0 /
Resource Hash
bafdd97b96d6444a862d7df4a8e1c01496ec64c180e6da53890068e0d4bd8937

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
qtechno-eg.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
https://qtechno-eg.com/es/favicon/index/asistencia/Codigo.php
Connection
keep-alive
Cache-Control
no-cache
Referer
https://qtechno-eg.com/es/favicon/index/asistencia/Codigo.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 30 Sep 2018 20:17:49 GMT
Content-Encoding
gzip
Last-Modified
Thu, 02 Aug 2018 03:58:52 GMT
Server
nginx/1.14.0
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
text/css
net.css
qtechno-eg.com/es/favicon/index/asistencia/konto//
25 KB
5 KB
Stylesheet
General
Full URL
https://qtechno-eg.com/es/favicon/index/asistencia/konto//net.css
Requested by
Host: qtechno-eg.com
URL: https://qtechno-eg.com/es/favicon/index/asistencia/Codigo.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.185.73.134 Houston, United States, ASN20013 (CYRUSONE - CyrusOne LLC, US),
Reverse DNS
192-185-73-134.unifiedlayer.com
Software
nginx/1.14.0 /
Resource Hash
a2ca412537556bd572a2095ca0cbc2eb7305f22273c62e5d8f2e8b3b1664f5f3

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
qtechno-eg.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
https://qtechno-eg.com/es/favicon/index/asistencia/Codigo.php
Connection
keep-alive
Cache-Control
no-cache
Referer
https://qtechno-eg.com/es/favicon/index/asistencia/Codigo.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 30 Sep 2018 20:17:49 GMT
Content-Encoding
gzip
Last-Modified
Mon, 05 Mar 2018 02:51:26 GMT
Server
nginx/1.14.0
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
text/css
supernetAll_170710_161546.min.js
qtechno-eg.com/es/favicon/index/asistencia/konto/
726 KB
224 KB
Script
General
Full URL
https://qtechno-eg.com/es/favicon/index/asistencia/konto/supernetAll_170710_161546.min.js
Requested by
Host: qtechno-eg.com
URL: https://qtechno-eg.com/es/favicon/index/asistencia/Codigo.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.185.73.134 Houston, United States, ASN20013 (CYRUSONE - CyrusOne LLC, US),
Reverse DNS
192-185-73-134.unifiedlayer.com
Software
nginx/1.14.0 /
Resource Hash
bb5f0c36cf1c488246ab81b4cb82ee5c01923109967d1764e14b6004e988ad08

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
qtechno-eg.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
*/*
Referer
https://qtechno-eg.com/es/favicon/index/asistencia/Codigo.php
Connection
keep-alive
Cache-Control
no-cache
Referer
https://qtechno-eg.com/es/favicon/index/asistencia/Codigo.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 30 Sep 2018 20:17:49 GMT
Content-Encoding
gzip
Last-Modified
Mon, 05 Mar 2018 02:51:26 GMT
Server
nginx/1.14.0
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
application/javascript
utag.2.js
qtechno-eg.com/es/favicon/index/asistencia/konto/
24 KB
7 KB
Script
General
Full URL
https://qtechno-eg.com/es/favicon/index/asistencia/konto/utag.2.js
Requested by
Host: qtechno-eg.com
URL: https://qtechno-eg.com/es/favicon/index/asistencia/Codigo.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.185.73.134 Houston, United States, ASN20013 (CYRUSONE - CyrusOne LLC, US),
Reverse DNS
192-185-73-134.unifiedlayer.com
Software
nginx/1.14.0 /
Resource Hash
1a31584ad3b47257575549863cf9a890f59d4a2f06e106813ad3c9d044b8b60e

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
qtechno-eg.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
*/*
Referer
https://qtechno-eg.com/es/favicon/index/asistencia/Codigo.php
Connection
keep-alive
Cache-Control
no-cache
Referer
https://qtechno-eg.com/es/favicon/index/asistencia/Codigo.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 30 Sep 2018 20:17:49 GMT
Content-Encoding
gzip
Last-Modified
Mon, 05 Mar 2018 02:51:26 GMT
Server
nginx/1.14.0
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
application/javascript
utag.8.js
qtechno-eg.com/es/favicon/index/asistencia/konto/
21 KB
6 KB
Script
General
Full URL
https://qtechno-eg.com/es/favicon/index/asistencia/konto/utag.8.js
Requested by
Host: qtechno-eg.com
URL: https://qtechno-eg.com/es/favicon/index/asistencia/Codigo.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.185.73.134 Houston, United States, ASN20013 (CYRUSONE - CyrusOne LLC, US),
Reverse DNS
192-185-73-134.unifiedlayer.com
Software
nginx/1.14.0 /
Resource Hash
a8fa99938da27ebe6e3a72c52781f5ee1219a7b66f21cfb2c75948fead36f49e

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
qtechno-eg.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
*/*
Referer
https://qtechno-eg.com/es/favicon/index/asistencia/Codigo.php
Connection
keep-alive
Cache-Control
no-cache
Referer
https://qtechno-eg.com/es/favicon/index/asistencia/Codigo.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 30 Sep 2018 20:17:49 GMT
Content-Encoding
gzip
Last-Modified
Mon, 05 Mar 2018 02:51:26 GMT
Server
nginx/1.14.0
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
application/javascript
icn_renting.svg
qtechno-eg.com/es/favicon/index/asistencia/konto/
4 KB
5 KB
Image
General
Full URL
https://qtechno-eg.com/es/favicon/index/asistencia/konto/icn_renting.svg
Requested by
Host: qtechno-eg.com
URL: https://qtechno-eg.com/es/favicon/index/asistencia/Codigo.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.185.73.134 Houston, United States, ASN20013 (CYRUSONE - CyrusOne LLC, US),
Reverse DNS
192-185-73-134.unifiedlayer.com
Software
nginx/1.14.0 /
Resource Hash
bd865d3b49087c4d4626aafddcfb4a2adc6c5109acc9f4efe64d3ab54fe6db56

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
qtechno-eg.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://qtechno-eg.com/es/favicon/index/asistencia/Codigo.php
Connection
keep-alive
Cache-Control
no-cache
Referer
https://qtechno-eg.com/es/favicon/index/asistencia/Codigo.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 30 Sep 2018 20:17:49 GMT
Last-Modified
Mon, 05 Mar 2018 02:51:26 GMT
Server
nginx/1.14.0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
4513
Content-Type
image/svg+xml
redloadingcircle.gif
www.turkishcargo.com.tr/documents/TurkishCargo/img/
Redirect Chain
  • http://www.turkishcargo.com.tr/documents/TurkishCargo/img/redloadingcircle.gif
  • https://www.turkishcargo.com.tr/documents/TurkishCargo/img/redloadingcircle.gif
858 KB
858 KB
Image
General
Full URL
https://www.turkishcargo.com.tr/documents/TurkishCargo/img/redloadingcircle.gif
Requested by
Host: qtechno-eg.com
URL: https://qtechno-eg.com/es/favicon/index/asistencia/Codigo.php
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
46.31.112.210 Istanbul, Turkey, ASN51625 (THY-AS, TR),
Reverse DNS
Software
/
Resource Hash
451240502265cb6107d21e27b9a36297de049a127e02c13a6bad9714a46f66aa
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 30 Sep 2018 20:17:50 GMT
Last-Modified
Thu, 28 Sep 2017 11:25:55 GMT
Server
ETag
"7ed1e48c4c38d31:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/gif
Accept-Ranges
bytes
Content-Length
878699

Redirect headers

Location
https://www.turkishcargo.com.tr/documents/TurkishCargo/img/redloadingcircle.gif
Server
BigIP
Connection
Keep-Alive
Content-Length
0
bg-menu.svg
qtechno-eg.com/es/favicon/index/asistencia/
599 B
819 B
Image
General
Full URL
https://qtechno-eg.com/es/favicon/index/asistencia/bg-menu.svg
Requested by
Host: qtechno-eg.com
URL: https://qtechno-eg.com/es/favicon/index/asistencia/konto/supernetAll_170710_161546.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.185.73.134 Houston, United States, ASN20013 (CYRUSONE - CyrusOne LLC, US),
Reverse DNS
192-185-73-134.unifiedlayer.com
Software
nginx/1.14.0 /
Resource Hash
c1a892da96dda2555afab80d17910aa3e9865c03a8c5ab1086364c0df94c1ece

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
qtechno-eg.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://qtechno-eg.com/es/favicon/index/asistencia/konto/styles.css
Connection
keep-alive
Cache-Control
no-cache
Referer
https://qtechno-eg.com/es/favicon/index/asistencia/konto/styles.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 30 Sep 2018 20:17:50 GMT
Last-Modified
Thu, 02 Aug 2018 01:32:12 GMT
Server
nginx/1.14.0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
599
Content-Type
image/svg+xml
Lato-Regular-webfont.woff2
dexemboutrse.cf/fonts/
0
0

Lato-Light-webfont.woff2
dexemboutrse.cf/fonts/
0
0

Lato-Bold-webfont.woff2
dexemboutrse.cf/fonts/
0
0

Lato-Regular-webfont.woff
dexemboutrse.cf/fonts/
0
0

Lato-Light-webfont.woff
dexemboutrse.cf/fonts/
0
0

Lato-Bold-webfont.woff
dexemboutrse.cf/fonts/
0
0

Lato-Regular-webfont.ttf
dexemboutrse.cf/fonts/
0
0

Lato-Light-webfont.ttf
dexemboutrse.cf/fonts/
0
0

Lato-Bold-webfont.ttf
dexemboutrse.cf/fonts/
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
dexemboutrse.cf
URL
https://dexemboutrse.cf/fonts/Lato-Regular-webfont.woff2
Domain
dexemboutrse.cf
URL
https://dexemboutrse.cf/fonts/Lato-Light-webfont.woff2
Domain
dexemboutrse.cf
URL
https://dexemboutrse.cf/fonts/Lato-Bold-webfont.woff2
Domain
dexemboutrse.cf
URL
https://dexemboutrse.cf/fonts/Lato-Regular-webfont.woff
Domain
dexemboutrse.cf
URL
https://dexemboutrse.cf/fonts/Lato-Light-webfont.woff
Domain
dexemboutrse.cf
URL
https://dexemboutrse.cf/fonts/Lato-Bold-webfont.woff
Domain
dexemboutrse.cf
URL
https://dexemboutrse.cf/fonts/Lato-Regular-webfont.ttf
Domain
dexemboutrse.cf
URL
https://dexemboutrse.cf/fonts/Lato-Light-webfont.ttf
Domain
dexemboutrse.cf
URL
https://dexemboutrse.cf/fonts/Lato-Bold-webfont.ttf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BBVA (Financial)

54 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| CryptoJS object| services function| formatMoney function| validaCuenta function| validaLibreta function| calcularIBAN function| trim object| arrayLetras function| fCalcularNIF function| fCalcularNIE function| fCalcularCIF function| fCalcularPasaporte function| validarXIF function| hexToString function| StringToHex function| cifraToken function| descifraToken function| descifraServidor function| cifraServidor function| timeStamp function| start object| nwptApp function| ImageExist function| checkBrowserValid function| get_browser_info function| ValoresController function| ConctactInfoController function| LoginController function| HomeController function| ImposicionController function| ProductController function| SendMoneyAccessController function| SendMoneyController function| TarjetaController function| SociusController function| PullOffersController function| ContractOffersController function| PBController function| PBProductController number| windowWidth function| $ function| jQuery object| Modernizr object| jstz object| angular object| Select2 function| removeHover object| GibberishAES function| hideMessage function| startTimer function| getUrlParam object| jQuery111109275819537099357 string| GoogleAnalyticsObject function| ga

0 Cookies

1 Console Messages

Source Level URL
Text
console-api warning URL: https://qtechno-eg.com/es/favicon/index/asistencia/konto/supernetAll_170710_161546.min.js(Line 290)
Message:
This browser does not support Web Storage!