urlscan.io logo urlscan.io
SecurityTrails logo

phototech.uz Open in urlscan Pro
83.69.139.151  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://phototech.uz/wp-admin/network/about/sec_/cloud.php?rem=esp@zitcom.dk
Effective URL: https://phototech.uz/wp-admin/network/about/sec_/xrp/user-566258/q6gcmrkdnfm8tzy55z6p6q4pra.php?pg=a&rem=ZXNwQHppdGNv...
Submission: On January 23 via manual from DK
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 4 HTTP transactions. The main IP is 83.69.139.151, located in Uzbekistan and belongs to UZSCI-AS Uzbek Scientific & Education Network, UZ. The main domain is phototech.uz.
TLS certificate: Issued by cPanel, Inc. Certification Authority on January 13th 2020. Valid for: 3 months.
This is the only time phototech.uz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Email (Online)

Domain & IP information

IP Address AS Autonomous System
3 5 83.69.139.151 31492 (UZSCI-AS ...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
4 4
Apex Domain
Subdomains		 Transfer
5 phototech.uz
phototech.uz
344 KB
1 gstatic.com
fonts.gstatic.com
13 KB
1 googleapis.com
fonts.googleapis.com
451 B
4 3
Domain Requested by
5 phototech.uz 3 redirects phototech.uz
1 fonts.gstatic.com
1 fonts.googleapis.com phototech.uz
4 3

This site contains no links.

Subject Issuer Validity Valid
phototech.uz
cPanel, Inc. Certification Authority		 2020-01-13 -
2020-04-12		 3 months crt.sh
*.storage.googleapis.com
GTS CA 1O1		 2019-12-20 -
2020-03-13		 3 months crt.sh
*.google.com
GTS CA 1O1		 2019-12-20 -
2020-03-13		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://phototech.uz/wp-admin/network/about/sec_/xrp/user-566258/q6gcmrkdnfm8tzy55z6p6q4pra.php?pg=a&rem=ZXNwQHppdGNvbS5kaw==&sessionid=0CA4BEQ1Tas7JWywfXbZDG=&Country=_ZSE6tfUoxyjWu2bvFIwM83plKnNCVQ791aDARJm4PkHg5esB=&r=&b=
Frame ID: 9AB1B45303A69E7B062E729E5C0E8DDE
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://phototech.uz/wp-admin/network/about/sec_/cloud.php?rem=esp@zitcom.dk Page URL
  2. https://phototech.uz/wp-admin/network/about/sec_/rc.php?rem=esp@zitcom.dk&j43lfkpqrz21mswvcx5g60a... HTTP 302
    https://phototech.uz/wp-admin/network/about/sec_/xrp/user-566258?pg=a&rem=esp@zitcom.dk&sessionid... HTTP 301
    https://phototech.uz/wp-admin/network/about/sec_/xrp/user-566258/?pg=a&rem=esp@zitcom.dk&sessioni... HTTP 302
    https://phototech.uz/wp-admin/network/about/sec_/xrp/user-566258/q6gcmrkdnfm8tzy55z6p6q4pra.php?p... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i
Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

4
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

397 kB
Transfer

1198 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://phototech.uz/wp-admin/network/about/sec_/cloud.php?rem=esp@zitcom.dk Page URL
  2. https://phototech.uz/wp-admin/network/about/sec_/rc.php?rem=esp@zitcom.dk&j43lfkpqrz21mswvcx5g60ay9tiuhn7ebo8d HTTP 302
    https://phototech.uz/wp-admin/network/about/sec_/xrp/user-566258?pg=a&rem=esp@zitcom.dk&sessionid=3Pn0QhWNj1pHouqf2FZCKB=LprKoC2nNsX7F3cHI0zbE6ukBRqVD1Zv9OfGgTyQx84daAwm=&r= HTTP 301
    https://phototech.uz/wp-admin/network/about/sec_/xrp/user-566258/?pg=a&rem=esp@zitcom.dk&sessionid=3Pn0QhWNj1pHouqf2FZCKB=LprKoC2nNsX7F3cHI0zbE6ukBRqVD1Zv9OfGgTyQx84daAwm=&r= HTTP 302
    https://phototech.uz/wp-admin/network/about/sec_/xrp/user-566258/q6gcmrkdnfm8tzy55z6p6q4pra.php?pg=a&rem=ZXNwQHppdGNvbS5kaw==&sessionid=0CA4BEQ1Tas7JWywfXbZDG=&Country=_ZSE6tfUoxyjWu2bvFIwM83plKnNCVQ791aDARJm4PkHg5esB=&r=&b= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
cloud.php
phototech.uz/wp-admin/network/about/sec_/ 		10 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://phototech.uz/wp-admin/network/about/sec_/cloud.php?rem=esp@zitcom.dk
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
83.69.139.151 , Uzbekistan, ASN31492 (UZSCI-AS Uzbek Scientific & Education Network, UZ),
Reverse DNS
server2.ahost.uz
Software
nginx / PHP/5.6.40
Resource Hash
03c8ae9f60964868fcb74674548cba109106ff8e55a22db3f412ceb52a08ade5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
phototech.uz
:scheme
https
:path
/wp-admin/network/about/sec_/cloud.php?rem=esp@zitcom.dk
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
sec-fetch-user
?1
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
none
sec-fetch-mode
navigate
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Sec-Fetch-User
?1

Response headers

status
200
server
nginx
date
Thu, 23 Jan 2020 10:07:20 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
x-powered-by
PHP/5.6.40
x-xss-protection
1; mode=block
x-content-type-options
nosniff
x-nginx-cache-status
BYPASS
x-server-powered-by
Engintron
content-encoding
gzip
Primary Request q6gcmrkdnfm8tzy55z6p6q4pra.php
phototech.uz/wp-admin/network/about/sec_/xrp/user-566258/
Redirect Chain
  • https://phototech.uz/wp-admin/network/about/sec_/rc.php?rem=esp@zitcom.dk&j43lfkpqrz21mswvcx5g60ay9tiuhn7ebo8d
  • https://phototech.uz/wp-admin/network/about/sec_/xrp/user-566258?pg=a&rem=esp@zitcom.dk&sessionid=3Pn0QhWNj1pHouqf2FZCKB=LprKoC2nNsX7F3cHI0zbE6ukBRqVD1Zv9OfGgTyQx84daAwm=&r=
  • https://phototech.uz/wp-admin/network/about/sec_/xrp/user-566258/?pg=a&rem=esp@zitcom.dk&sessionid=3Pn0QhWNj1pHouqf2FZCKB=LprKoC2nNsX7F3cHI0zbE6ukBRqVD1Zv9OfGgTyQx84daAwm=&r=
  • https://phototech.uz/wp-admin/network/about/sec_/xrp/user-566258/q6gcmrkdnfm8tzy55z6p6q4pra.php?pg=a&rem=ZXNwQHppdGNvbS5kaw==&sessionid=0CA4BEQ1Tas7JWywfXbZDG=&Country=_ZSE6tfUoxyjWu2bvFIwM83plKnNC...
509 KB
340 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://phototech.uz/wp-admin/network/about/sec_/xrp/user-566258/q6gcmrkdnfm8tzy55z6p6q4pra.php?pg=a&rem=ZXNwQHppdGNvbS5kaw==&sessionid=0CA4BEQ1Tas7JWywfXbZDG=&Country=_ZSE6tfUoxyjWu2bvFIwM83plKnNCVQ791aDARJm4PkHg5esB=&r=&b=
Requested by
Host: phototech.uz
URL: https://phototech.uz/wp-admin/network/about/sec_/cloud.php?rem=esp@zitcom.dk
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
83.69.139.151 , Uzbekistan, ASN31492 (UZSCI-AS Uzbek Scientific & Education Network, UZ),
Reverse DNS
server2.ahost.uz
Software
nginx / PHP/5.6.40
Resource Hash
82f9f54fb300b20577d498c584ae80dcdbcabcc28d8b40b5ed6a21d6bd6c9a91
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
phototech.uz
:scheme
https
:path
/wp-admin/network/about/sec_/xrp/user-566258/q6gcmrkdnfm8tzy55z6p6q4pra.php?pg=a&rem=ZXNwQHppdGNvbS5kaw==&sessionid=0CA4BEQ1Tas7JWywfXbZDG=&Country=_ZSE6tfUoxyjWu2bvFIwM83plKnNCVQ791aDARJm4PkHg5esB=&r=&b=
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
same-origin
sec-fetch-mode
navigate
referer
https://phototech.uz/wp-admin/network/about/sec_/cloud.php?rem=esp@zitcom.dk
accept-encoding
gzip, deflate, br
Origin
https://phototech.uz
Upgrade-Insecure-Requests
1
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://phototech.uz/wp-admin/network/about/sec_/cloud.php?rem=esp@zitcom.dk

Response headers

status
200
server
nginx
date
Thu, 23 Jan 2020 10:07:28 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
x-powered-by
PHP/5.6.40
x-xss-protection
1; mode=block
x-content-type-options
nosniff
x-nginx-cache-status
BYPASS
x-server-powered-by
Engintron
content-encoding
gzip

Redirect headers

status
302
server
nginx
date
Thu, 23 Jan 2020 10:07:27 GMT
content-type
text/html; charset=UTF-8
content-length
0
location
q6gcmrkdnfm8tzy55z6p6q4pra.php?pg=a&rem=ZXNwQHppdGNvbS5kaw==&sessionid=0CA4BEQ1Tas7JWywfXbZDG=&Country=_ZSE6tfUoxyjWu2bvFIwM83plKnNCVQ791aDARJm4PkHg5esB=&r=&b=
x-powered-by
PHP/5.6.40
x-xss-protection
1; mode=block
x-content-type-options
nosniff
x-nginx-cache-status
BYPASS
x-server-powered-by
Engintron
css
fonts.googleapis.com/ 		783 B
451 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Raleway
Requested by
Host: phototech.uz
URL: https://phototech.uz/wp-admin/network/about/sec_/xrp/user-566258/q6gcmrkdnfm8tzy55z6p6q4pra.php?pg=a&rem=ZXNwQHppdGNvbS5kaw==&sessionid=0CA4BEQ1Tas7JWywfXbZDG=&Country=_ZSE6tfUoxyjWu2bvFIwM83plKnNCVQ791aDARJm4PkHg5esB=&r=&b=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
3147026ff99804131affcb3cadbdfd49c0a07583682aefcc1198f57e2614d5b0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://phototech.uz/wp-admin/network/about/sec_/xrp/user-566258/q6gcmrkdnfm8tzy55z6p6q4pra.php?pg=a&rem=ZXNwQHppdGNvbS5kaw==&sessionid=0CA4BEQ1Tas7JWywfXbZDG=&Country=_ZSE6tfUoxyjWu2bvFIwM83plKnNCVQ791aDARJm4PkHg5esB=&r=&b=
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Thu, 23 Jan 2020 10:07:31 GMT
server
ESF
access-control-allow-origin
*
date
Thu, 23 Jan 2020 10:07:31 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection
0
expires
Thu, 23 Jan 2020 10:07:31 GMT
truncated
/ 		380 KB
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
93480ff073d2be70226222836850f5e26b10e30d203b5a7f2be249a2b89a7de4

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Content-Type
text/css
truncated
/ 		474 B
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d6fc3d1520a00be1c8c8cb060a85bdb76f8daa6596e58d2b2a977ea67bb0a886

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Content-Type
text/css
truncated
/ 		280 B
0 		Script
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
92fd40762d767ac7711c39b19506d470d901d31c8ac193499b3b673ec1261396

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Content-Type
application/x-javascript
truncated
/ 		244 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ae3ca3cd183c8dfe9acdf92751d544555cb50b5e2f3adfdd57edb1ba9a6250a4

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		40 KB
40 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e0820a01e8be18589121c87e194a0f23f631ad9da45637c4719d218f5d124bf5

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Origin
https://phototech.uz

Response headers

Content-Type
application/octet-stream
1Ptug8zYS_SKggPNyC0IT4ttDfA.woff2
fonts.gstatic.com/s/raleway/v14/ 		13 KB
13 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/raleway/v14/1Ptug8zYS_SKggPNyC0IT4ttDfA.woff2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7e347b66fb1145f780600551e06778b33ecaca5c45897ac90eb96eb4b6afd082
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Raleway
Origin
https://phototech.uz

Response headers

date
Wed, 22 Jan 2020 21:33:11 GMT
x-content-type-options
nosniff
last-modified
Tue, 23 Jul 2019 03:48:04 GMT
server
sffe
age
45260
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
13428
x-xss-protection
0
expires
Thu, 21 Jan 2021 21:33:11 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block