egytechcenter.com
Open in
urlscan Pro
68.178.225.1
Malicious Activity!
Public Scan
Submission: On April 24 via automatic, source phishtank — Scanned from DE
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on April 28th 2023. Valid for: a year.
This is the only time egytechcenter.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Royal Mail (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
11 | 68.178.225.1 68.178.225.1 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC) | |
1 2 | 93.186.134.89 93.186.134.89 | 6762 (SEABONE-N...) (SEABONE-NET TELECOM ITALIA SPARKLE S.p.A.) | |
1 | 2a02:26f0:300... 2a02:26f0:3000:58e::11a6 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
3 | 79.140.94.176 79.140.94.176 | 6762 (SEABONE-N...) (SEABONE-NET TELECOM ITALIA SPARKLE S.p.A.) | |
1 | 2a02:26f0:300... 2a02:26f0:3000:487::11a6 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
2 | 2a02:26f0:710... 2a02:26f0:7100::687e:24e0 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
4 | 2a02:26f0:300... 2a02:26f0:3000:68a::228b | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
34 | 8 |
ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: 1.225.178.68.host.secureserver.net
egytechcenter.com |
ASN20940 (AKAMAI-ASN1, NL)
events.api.secureserver.net |
ASN20940 (AKAMAI-ASN1, NL)
csp.secureserver.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
egytechcenter.com
egytechcenter.com |
142 KB |
6 |
secureserver.net
events.api.secureserver.net — Cisco Umbrella Rank: 12922 csp.secureserver.net — Cisco Umbrella Rank: 13060 |
566 B |
3 |
royalmail.com
www.royalmail.com — Cisco Umbrella Rank: 63464 Failed |
3 KB |
2 |
go-mpulse.net
s.go-mpulse.net — Cisco Umbrella Rank: 1378 c.go-mpulse.net — Cisco Umbrella Rank: 625 |
51 KB |
2 |
wsimg.com
1 redirects
img1.wsimg.com — Cisco Umbrella Rank: 10156 |
21 KB |
0 |
Failed
function sub() { [native code] }. Failed |
|
34 | 6 |
Domain | Requested by | |
---|---|---|
11 | egytechcenter.com |
egytechcenter.com
|
4 | csp.secureserver.net |
img1.wsimg.com
|
3 | www.royalmail.com |
egytechcenter.com
|
2 | events.api.secureserver.net |
img1.wsimg.com
|
2 | img1.wsimg.com |
1 redirects
egytechcenter.com
|
1 | c.go-mpulse.net |
s.go-mpulse.net
|
1 | s.go-mpulse.net |
egytechcenter.com
|
0 | Failed |
egytechcenter.com
|
0 | 102.165.14.4 Failed |
egytechcenter.com
|
34 | 9 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.royalmail.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
egytechcenter.com Sectigo RSA Domain Validation Secure Server CA |
2023-04-28 - 2024-04-28 |
a year | crt.sh |
akstat.io DigiCert TLS RSA SHA256 2020 CA1 |
2024-03-06 - 2025-03-06 |
a year | crt.sh |
*.royalmail.com Entrust Certification Authority - L1K |
2024-04-08 - 2025-04-08 |
a year | crt.sh |
*.api.secureserver.net Starfield Secure Certificate Authority - G2 |
2023-07-10 - 2024-08-10 |
a year | crt.sh |
*.secureserver.net Starfield Secure Certificate Authority - G2 |
2023-10-10 - 2024-11-10 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://egytechcenter.com/wp-include/RM/Details.php
Frame ID: 477EC1C84F53BAE1C045D65CE7E41BDE
Requests: 31 HTTP requests in this frame
Frame:
https://s.go-mpulse.net/boomerang/HJFQV-8LNNV-HYVXV-9PJNM-6TRGV
Frame ID: B6DA2CEE8893FC8681A25C67CAE0422B
Requests: 2 HTTP requests in this frame
2 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: Back
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 9- https://img1.wsimg.com/traffic-assets/js/tccl.min.js HTTP 301
- https://img1.wsimg.com/signals/js/clients/scc-c2/scc-c2.min.js
34 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
Details.php
egytechcenter.com/wp-include/RM/ |
79 KB 27 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css_EBy71o2-hfUJZulTNkA6PC8g_t18uRFqm1G08-XptwY.css
egytechcenter.com/wp-include/RM/Details_files/ |
32 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css_GJCuIMEid1avQv8hIvGge0eGjdXS840r9JEbpPsV3Uc.css
egytechcenter.com/wp-include/RM/Details_files/ |
568 KB 64 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
modernizr.minacee.js.t%C3%A9l%C3%A9charger
egytechcenter.com/wp-include/RM/Details_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jq.js
egytechcenter.com/wp-include/RM/Details_files/ |
360 KB 32 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
egytechcenter.com/wp-include/RM/Details_files/ |
12 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js_N_KI8fthkjX7PMyEOVoTHk1Nru3hwZCDrPmp_fDKE3I.js.t%C3%A9l%C3%A9charger
egytechcenter.com/wp-include/RM/Details_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js_4hF8z2CKEplinmYgn1pg0gPwMzgW1yVY0TxVUZrZptc.js.t%C3%A9l%C3%A9charger
egytechcenter.com/wp-include/RM/Details_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js_ALnFpMGnSsUucTDRmFYexvEforblSHyhm8XZQCWodF0.js.t%C3%A9l%C3%A9charger
egytechcenter.com/wp-include/RM/Details_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js_JGlfNn7InCC-5kiRSNjMr8y4K0-6nZyiQrVkXIblog8.js.t%C3%A9l%C3%A9charger
egytechcenter.com/wp-include/RM/Details_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
scc-c2.min.js
img1.wsimg.com/signals/js/clients/scc-c2/ Redirect Chain
|
103 KB 20 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
receive_token
102.165.14.4/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
HJFQV-8LNNV-HYVXV-9PJNM-6TRGV
s.go-mpulse.net/boomerang/ Frame B6DA |
202 KB 51 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
utag.js
/C:/Users/admin/Desktop/roylmail/RM/tags.tiqcdn.com/utag/royalmail/main/prod/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
10 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
page.js
/C:/Users/admin/Desktop/roylmail/RM/static.addtoany.com/menu/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
jquery.validate.min.js
/C:/Users/admin/Desktop/roylmail/RM/cdn.jsdelivr.net/npm/jquery-validation%401.17.0/dist/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
additional-methods.min.js
/C:/Users/admin/Desktop/roylmail/RM/cdn.jsdelivr.net/npm/jquery-validation%401.17.0/dist/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
chevin-medium.woff
www.royalmail.com/themes/custom/rmlcwr/fonts/chevin/chevin-medium/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
search-white.svg
www.royalmail.com/themes/custom/rmlcwr/icons_fill/ |
289 B 563 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chevron-down.svg
www.royalmail.com/themes/custom/rmlcwr/icons_fill/ |
179 B 496 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rml-textured-background.png
egytechcenter.com/themes/custom/rmlcwr/textures/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
pfdintextstd-bold-webfont.woff
www.royalmail.com/themes/custom/rmlcwr/fonts/pf-din-text-std/pf-din-text-std-bold/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
chevin-bold.woff
www.royalmail.com/themes/custom/rmlcwr/fonts/chevin/chevin-bold/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
config.json
c.go-mpulse.net/api/ Frame B6DA |
51 B 214 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
chevin-bold.ttf
www.royalmail.com/themes/custom/rmlcwr/fonts/chevin/chevin-bold/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
pfdintextstd-bold-webfont.ttf
www.royalmail.com/themes/custom/rmlcwr/fonts/pf-din-text-std/pf-din-text-std-bold/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
chevin-medium.ttf
www.royalmail.com/themes/custom/rmlcwr/fonts/chevin-medium/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
event
events.api.secureserver.net/t/1/tl/ |
43 B 283 B |
Fetch
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
event
events.api.secureserver.net/t/1/tl/ |
43 B 283 B |
Fetch
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
www.royalmail.com/themes/custom/rmlcwr/ |
9 KB 2 KB |
Other
image/vnd.microsoft.icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
eventbus
csp.secureserver.net/ |
0 0 |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
eventbus
csp.secureserver.net/ |
0 0 |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H/1.1 |
eventbus
csp.secureserver.net/ Frame |
0 0 |
Preflight
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
OPTIONS H/1.1 |
eventbus
csp.secureserver.net/ Frame |
0 0 |
Preflight
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- 102.165.14.4
- URL
- http://102.165.14.4:5000/receive_token?referrer=loco
- Domain
- URL
- file:///C:/Users/admin/Desktop/roylmail/RM/tags.tiqcdn.com/utag/royalmail/main/prod/utag.js
- Domain
- URL
- file:///C:/Users/admin/Desktop/roylmail/RM/cdn.jsdelivr.net/npm/jquery-validation%401.17.0/dist/jquery.validate.min.js
- Domain
- URL
- file:///C:/Users/admin/Desktop/roylmail/RM/cdn.jsdelivr.net/npm/jquery-validation%401.17.0/dist/additional-methods.min.js
- Domain
- www.royalmail.com
- URL
- https://www.royalmail.com/themes/custom/rmlcwr/fonts/chevin/chevin-medium/chevin-medium.woff
- Domain
- www.royalmail.com
- URL
- https://www.royalmail.com/themes/custom/rmlcwr/fonts/pf-din-text-std/pf-din-text-std-bold/pfdintextstd-bold-webfont.woff
- Domain
- www.royalmail.com
- URL
- https://www.royalmail.com/themes/custom/rmlcwr/fonts/chevin/chevin-bold/chevin-bold.woff
- Domain
- www.royalmail.com
- URL
- https://www.royalmail.com/themes/custom/rmlcwr/fonts/chevin/chevin-bold/chevin-bold.ttf
- Domain
- www.royalmail.com
- URL
- https://www.royalmail.com/themes/custom/rmlcwr/fonts/pf-din-text-std/pf-din-text-std-bold/pfdintextstd-bold-webfont.ttf
- Domain
- www.royalmail.com
- URL
- https://www.royalmail.com/themes/custom/rmlcwr/fonts/chevin-medium/chevin-medium.ttf
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Royal Mail (Government)21 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 string| token object| a2a_config string| tokens string| url object| data object| BOOMR_mq string| BOOMR_API_key object| BOOMR number| BOOMR_lstart object| utag_data object| s object| _trfd object| _tcclInternal object| _expDataLayer object| _signalsDataLayer object| scc-c2 number| BOOMR_configt number| BOOMR_onload object| _trfq4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.egytechcenter.com/ | Name: _tccl_visitor Value: 2a483c8d-7daa-46e1-9963-d270f1a287e8 |
|
.egytechcenter.com/ | Name: _tccl_visit Value: 2a483c8d-7daa-46e1-9963-d270f1a287e8 |
|
.egytechcenter.com/ | Name: _scc_session Value: pc=1&C_TOUCH=2024-04-24T10:46:18.006Z |
|
.egytechcenter.com/ | Name: RT Value: "z=1&dm=egytechcenter.com&si=324y73ttbgu&ss=lvdowby3&sl=0&tt=0" |
23 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
102.165.14.4
c.go-mpulse.net
csp.secureserver.net
egytechcenter.com
events.api.secureserver.net
img1.wsimg.com
s.go-mpulse.net
www.royalmail.com
102.165.14.4
www.royalmail.com
2a02:26f0:3000:487::11a6
2a02:26f0:3000:58e::11a6
2a02:26f0:3000:68a::228b
2a02:26f0:7100::687e:24e0
68.178.225.1
79.140.94.176
93.186.134.89
15c179af6a66be10fa288925824cbf9fea1e277066233e55425c119dd01db43e
344b29deab56ac203aa9d4c258a097020f4b207da082f1267e2b9a4280903c34
45c8c74bf3e93cb181abe248adb7c3b44c745fefb0e499e997dcb6fd5424fc1b
51e0af0ef371a2295c8cf115b147bc14d729106bec94d4063463f15040720614
8d6e2756030ab54d6d730473f79b8611c4069756c87d74e198974f31440e9f9e
95a439c4e11ace2484e8d42c30ff56cf7db5ea7c6463df9ce2fdafa7f6ccbf54
ab0d37e28146cdcbaed1152d246a8bede90c4bb6c116e076622daf055b858c9f
ab4b5e968d24c8856868affe8055f2681577d5af57fc9ab1c24b9d8d3f745e2a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
e301943f5f3cb3486ab3f4c75c0315e96891268a76b8663b6a490324e39d1664
e88822074f2a38c08df45bbf44265d3e41e64d2282ca416a8909d18c27d5f30f
f59b6932a9e2d983854d82bd90519cba004eaea3110a6f1199ebda2551ac52d1
fa7edd45572ed20cda3ecee36116fd4d50c3caa32e9122259a684f64d049c22a