www.immtechnical.co.uk
Open in
urlscan Pro
178.62.92.244
Malicious Activity!
Public Scan
Effective URL: https://www.immtechnical.co.uk/wp-includes/fonts/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=B...
Submission: On March 05 via manual from IN
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on January 16th 2020. Valid for: 3 months.
This is the only time www.immtechnical.co.uk was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Canadian Government (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 2 | 91.158.217.60 91.158.217.60 | 719 (ELISA-AS ...) (ELISA-AS Helsinki) | |
14 | 178.62.92.244 178.62.92.244 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
1 | 185.225.208.133 185.225.208.133 | 13213 (UK2NET-AS) (UK2NET-AS) | |
1 | 67.202.94.94 67.202.94.94 | 32748 (STEADFAST) (STEADFAST) | |
17 | 5 |
ASN719 (ELISA-AS Helsinki, Finland, FI)
PTR: 91-158-217-60.elisa-laajakaista.fi
kaappi.ddns.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
immtechnical.co.uk
www.immtechnical.co.uk |
145 KB |
2 |
ddns.net
1 redirects
kaappi.ddns.net |
627 B |
1 |
amung.us
whos.amung.us |
144 B |
1 |
waust.at
waust.at |
7 KB |
17 | 4 |
Domain | Requested by | |
---|---|---|
14 | www.immtechnical.co.uk |
kaappi.ddns.net
www.immtechnical.co.uk |
2 | kaappi.ddns.net | 1 redirects |
1 | whos.amung.us |
waust.at
|
1 | waust.at |
www.immtechnical.co.uk
|
17 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
whos.amung.us |
Subject Issuer | Validity | Valid | |
---|---|---|---|
immtechnical.co.uk Let's Encrypt Authority X3 |
2020-01-16 - 2020-04-15 |
3 months | crt.sh |
whos.amung.us GeoTrust EV RSA CA 2018 |
2018-03-09 - 2020-05-25 |
2 years | crt.sh |
This page contains 3 frames:
Primary Page:
https://www.immtechnical.co.uk/wp-includes/fonts/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=BNvofnhdEYxpBrYzPDWziRbzPSleEVxnrINHwrfReLzlxjpSIWyZNeebgm
Frame ID: 42351F63017C8FD26246415076CF229C
Requests: 16 HTTP requests in this frame
Frame:
https://www.immtechnical.co.uk/wp-includes/fonts/cra_ca_service/door/wmms-blk.svg
Frame ID: 7621E2F7677E964C748C66CB1EFD0EB4
Requests: 1 HTTP requests in this frame
Frame:
https://www.immtechnical.co.uk/wp-includes/fonts/cra_ca_service/door/sig-blk-en.svg
Frame ID: 53286EB3C4487675BD961361DD2AE20C
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://kaappi.ddns.net/qsq
HTTP 301
http://kaappi.ddns.net/qsq/ Page URL
- https://www.immtechnical.co.uk/wp-includes/fonts/cra_ca_service/ Page URL
- https://www.immtechnical.co.uk/wp-includes/fonts/cra_ca_service/start.php?program=tax&target=details&lang=e... Page URL
Detected technologies
Raspbian (Operating Systems) ExpandDetected patterns
- headers server /Raspbian/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Font Awesome (Font Scripts) Expand
Detected patterns
- html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: 1
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://kaappi.ddns.net/qsq
HTTP 301
http://kaappi.ddns.net/qsq/ Page URL
- https://www.immtechnical.co.uk/wp-includes/fonts/cra_ca_service/ Page URL
- https://www.immtechnical.co.uk/wp-includes/fonts/cra_ca_service/start.php?program=tax&target=details&lang=en&idp=cms;jsessnid=BNvofnhdEYxpBrYzPDWziRbzPSleEVxnrINHwrfReLzlxjpSIWyZNeebgm Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://kaappi.ddns.net/qsq HTTP 301
- http://kaappi.ddns.net/qsq/
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
kaappi.ddns.net/qsq/ Redirect Chain
|
104 B 361 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.immtechnical.co.uk/wp-includes/fonts/cra_ca_service/ |
172 B 428 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
start.php
www.immtechnical.co.uk/wp-includes/fonts/cra_ca_service/ |
28 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
theme.css
www.immtechnical.co.uk/wp-includes/fonts/cra_ca_service/door/ |
290 KB 54 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
theme_002.css
www.immtechnical.co.uk/wp-includes/fonts/cra_ca_service/door/ |
28 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.css
www.immtechnical.co.uk/wp-includes/fonts/cra_ca_service/door/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.css
www.immtechnical.co.uk/wp-includes/fonts/cra_ca_service/door/ |
2 KB 656 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
theme-jb.css
www.immtechnical.co.uk/wp-includes/fonts/cra_ca_service/door/ |
96 KB 17 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
typeahead.css
www.immtechnical.co.uk/wp-includes/fonts/cra_ca_service/door/ |
2 KB 727 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
project-jb-style.css
www.immtechnical.co.uk/wp-includes/fonts/cra_ca_service/door/ |
118 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
project-style.css
www.immtechnical.co.uk/wp-includes/fonts/cra_ca_service/door/ |
42 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
d.js
waust.at/ |
13 KB 7 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css.css
www.immtechnical.co.uk/wp-includes/fonts/cra_ca_service/door/ |
15 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
glyphicons-halflings-regular.woff
www.immtechnical.co.uk/wp-includes/fonts/cra_ca_service/door/semi/ |
23 KB 23 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wmms-blk.svg
www.immtechnical.co.uk/wp-includes/fonts/cra_ca_service/door/ Frame 7621 |
5 KB 2 KB |
Document
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sig-blk-en.svg
www.immtechnical.co.uk/wp-includes/fonts/cra_ca_service/door/ Frame 5328 |
10 KB 2 KB |
Document
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
whos.amung.us/pingjs/ |
28 B 144 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Canadian Government (Government)18 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate object| _wau string| wau_w_col string| wau_w_siz object| WAU_ren function| WAU_dynamic function| WAU_dynamic_request function| WAU_r_d function| WAU_insert function| WAU_la function| WAU_addCommas function| WAU_lrd function| WAU_cps function| docReady object| x string| x1 string| x21 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.immtechnical.co.uk/ | Name: PHPSESSID Value: h0e4maei07daicabfiq9b770bh |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
kaappi.ddns.net
waust.at
whos.amung.us
www.immtechnical.co.uk
178.62.92.244
185.225.208.133
67.202.94.94
91.158.217.60
087280e8c5432abfa73e746559de4572d34263fefac3484f125d09386cb836a7
2cc052d474ce6ee267dd164a839814615a04865b2706d1bc1cb73160c55c549f
404a50854175c8cc3faad39897b6744158fd54e587d4868013a8057d6ba16f62
409431c6d45382c6f353dc8d2dbeff98b90e88c1c728f263e7299d68a55dda53
41fbb280ed197740a1c526e9619c00510e2b32dcbba016261890c9052d3243de
4b2b2cf26434c7e0ea495de5d0c2be5d12ca0947bcf91b59449189b3d4e46877
547620b6b2a052bd1fe65624db3a8f831414168f165c283f764259955f072588
59cbf75521f37224126ca5245658398f41f4edb1d1c4abdd08274e9acfefd937
6f4587fb64cd2e7ce26ba21941c80f3ab8d28c257b73d04a87c949b32e4cde2d
78d26ce7d009695f578280f7e2c8af03e943b873e6fc5301f3a08ed3e583ceca
792c90a99278257ce02b561b401f489f2bd5acf0147ded12115b92cc1fba2154
840787fa147628e52a9ee2f640e98efdf524beb19bdf532f2d9fed83e494a00b
9ed951193bc383c52e3b04ff98ecd426b1dc77222202360f4464d01b14f9c7f7
b493143147246fc0d7a9f377c2526560329e923b8be0bb4c9ac3e408adcfb06f
b9adc9d233ab5f39618b6fa8ff5b5a99aff51fbbe0cc4558e8f5024b15cc1281
e3f871276a81f087b28dcadca177edf7511d7fdd6c8287c51030c4ac454296ab
ea367de6df1889913977d3895f8144334678dd679f9d641b67fc82585a97336b
fc969dc1c6ff531abcf368089dcbaf5775133b0626ff56b52301a059fc0f9e1e