phototech.uz
Open in
urlscan Pro
83.69.139.151
Malicious Activity!
Public Scan
Effective URL: https://phototech.uz/wp-admin/network/about/sec_/xrp/user-566258/q6gcmrkdnfm8tzy55z6p6q4pra.php?pg=a&rem=ZXNwQHppdGNv...
Submission: On January 23 via manual from DK
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on January 13th 2020. Valid for: 3 months.
This is the only time phototech.uz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Email (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 5 | 83.69.139.151 83.69.139.151 | 31492 (UZSCI-AS ...) (UZSCI-AS Uzbek Scientific & Education Network) | |
1 | 2a00:1450:400... 2a00:1450:4001:818::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:821::2003 | 15169 (GOOGLE) (GOOGLE) | |
4 | 4 |
ASN31492 (UZSCI-AS Uzbek Scientific & Education Network, UZ)
PTR: server2.ahost.uz
phototech.uz |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
phototech.uz
3 redirects
phototech.uz |
344 KB |
1 |
gstatic.com
fonts.gstatic.com |
13 KB |
1 |
googleapis.com
fonts.googleapis.com |
451 B |
4 | 3 |
Domain | Requested by | |
---|---|---|
5 | phototech.uz |
3 redirects
phototech.uz
|
1 | fonts.gstatic.com | |
1 | fonts.googleapis.com |
phototech.uz
|
4 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
phototech.uz cPanel, Inc. Certification Authority |
2020-01-13 - 2020-04-12 |
3 months | crt.sh |
*.storage.googleapis.com GTS CA 1O1 |
2019-12-20 - 2020-03-13 |
3 months | crt.sh |
*.google.com GTS CA 1O1 |
2019-12-20 - 2020-03-13 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://phototech.uz/wp-admin/network/about/sec_/xrp/user-566258/q6gcmrkdnfm8tzy55z6p6q4pra.php?pg=a&rem=ZXNwQHppdGNvbS5kaw==&sessionid=0CA4BEQ1Tas7JWywfXbZDG=&Country=_ZSE6tfUoxyjWu2bvFIwM83plKnNCVQ791aDARJm4PkHg5esB=&r=&b=
Frame ID: 9AB1B45303A69E7B062E729E5C0E8DDE
Requests: 9 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://phototech.uz/wp-admin/network/about/sec_/cloud.php?rem=esp@zitcom.dk Page URL
-
https://phototech.uz/wp-admin/network/about/sec_/rc.php?rem=esp@zitcom.dk&j43lfkpqrz21mswvcx5g60a...
HTTP 302
https://phototech.uz/wp-admin/network/about/sec_/xrp/user-566258?pg=a&rem=esp@zitcom.dk&sessionid... HTTP 301
https://phototech.uz/wp-admin/network/about/sec_/xrp/user-566258/?pg=a&rem=esp@zitcom.dk&sessioni... HTTP 302
https://phototech.uz/wp-admin/network/about/sec_/xrp/user-566258/q6gcmrkdnfm8tzy55z6p6q4pra.php?p... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
Nginx (Web Servers) Expand
Detected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://phototech.uz/wp-admin/network/about/sec_/cloud.php?rem=esp@zitcom.dk Page URL
-
https://phototech.uz/wp-admin/network/about/sec_/rc.php?rem=esp@zitcom.dk&j43lfkpqrz21mswvcx5g60ay9tiuhn7ebo8d
HTTP 302
https://phototech.uz/wp-admin/network/about/sec_/xrp/user-566258?pg=a&rem=esp@zitcom.dk&sessionid=3Pn0QhWNj1pHouqf2FZCKB=LprKoC2nNsX7F3cHI0zbE6ukBRqVD1Zv9OfGgTyQx84daAwm=&r= HTTP 301
https://phototech.uz/wp-admin/network/about/sec_/xrp/user-566258/?pg=a&rem=esp@zitcom.dk&sessionid=3Pn0QhWNj1pHouqf2FZCKB=LprKoC2nNsX7F3cHI0zbE6ukBRqVD1Zv9OfGgTyQx84daAwm=&r= HTTP 302
https://phototech.uz/wp-admin/network/about/sec_/xrp/user-566258/q6gcmrkdnfm8tzy55z6p6q4pra.php?pg=a&rem=ZXNwQHppdGNvbS5kaw==&sessionid=0CA4BEQ1Tas7JWywfXbZDG=&Country=_ZSE6tfUoxyjWu2bvFIwM83plKnNCVQ791aDARJm4PkHg5esB=&r=&b= Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
4 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
cloud.php
phototech.uz/wp-admin/network/about/sec_/ |
10 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
q6gcmrkdnfm8tzy55z6p6q4pra.php
phototech.uz/wp-admin/network/about/sec_/xrp/user-566258/ Redirect Chain
|
509 KB 340 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
783 B 451 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
380 KB 0 |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
474 B 0 |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
280 B 0 |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
244 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
40 KB 40 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1Ptug8zYS_SKggPNyC0IT4ttDfA.woff2
fonts.gstatic.com/s/raleway/v14/ |
13 KB 13 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Email (Online)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
fonts.googleapis.com
fonts.gstatic.com
phototech.uz
2a00:1450:4001:818::200a
2a00:1450:4001:821::2003
83.69.139.151
03c8ae9f60964868fcb74674548cba109106ff8e55a22db3f412ceb52a08ade5
3147026ff99804131affcb3cadbdfd49c0a07583682aefcc1198f57e2614d5b0
7e347b66fb1145f780600551e06778b33ecaca5c45897ac90eb96eb4b6afd082
82f9f54fb300b20577d498c584ae80dcdbcabcc28d8b40b5ed6a21d6bd6c9a91
92fd40762d767ac7711c39b19506d470d901d31c8ac193499b3b673ec1261396
93480ff073d2be70226222836850f5e26b10e30d203b5a7f2be249a2b89a7de4
ae3ca3cd183c8dfe9acdf92751d544555cb50b5e2f3adfdd57edb1ba9a6250a4
d6fc3d1520a00be1c8c8cb060a85bdb76f8daa6596e58d2b2a977ea67bb0a886
e0820a01e8be18589121c87e194a0f23f631ad9da45637c4719d218f5d124bf5