ittechreviewer.com Open in urlscan Pro
91.92.241.134 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://ittechreviewer.com/
Submission: On July 29 via api (July 29th 2024, 2:11:33 pm UTC) from US — Scanned from DE

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 12 HTTP transactions. The main IP is 91.92.241.134, located in Bulgaria and belongs to LIMENET, US. The main domain is ittechreviewer.com.
TLS certificate: Issued by R10 on July 28th 2024. Valid for: 3 months.

This is the only time ittechreviewer.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Rakuten (E-commerce)

Domain & IP information

	IP Address	AS Autonomous System
10	91.92.241.134 91.92.241.134	394711 (LIMENET) (LIMENET)
1	188.114.97.3 188.114.97.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	3

10 91.92.241.134 (Bulgaria)

ASN394711 (LIMENET, US)

ittechreviewer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 188.114.97.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

gg.aliyuncs.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	ittechreviewer.com ittechreviewer.com	49 KB
1	aliyuncs.online gg.aliyuncs.online
12	2

	Domain	Requested by
10	ittechreviewer.com	ittechreviewer.com
1	gg.aliyuncs.online	ittechreviewer.com
12	2

This site contains no links.

Subject Issuer	Validity	Valid
ittechreviewer.com R10	`2024-07-28` - `2024-10-26`	3 months	crt.sh
aliyuncs.online WE1	`2024-07-14` - `2024-10-12`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://ittechreviewer.com/
Frame ID: 76E1103C429F1E0F33A87E422DBC0737
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

【楽天市場】Shopping is Entertainment! ：インターネット最大級の通信販売、通販オンラインショッピングコミュニティ

Detected technologies

Vue.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+\sdata-v(?:ue)?-

Page Statistics

12
Requests

92 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

49 kB
Transfer

125 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
ittechreviewer.com/ 514 B
428 B 98ms
26ms Document
text/html 91.92.241.134
LIMENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ittechreviewer.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 91.92.241.134 , Bulgaria, ASN394711 (LIMENET, US),
Reverse DNS
Software: Apache /
Resource Hash: be68f84a0cbbcba05ccef742b4419c4de737ccf75e518de8f00eec5d30f80764

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
content-encoding: gzip
content-length: 291
content-type: text/html
date: Mon, 29 Jul 2024 14:11:29 GMT
etag: "202-61e4f5bba8453-gzip"
last-modified: Sun, 28 Jul 2024 14:14:10 GMT
server: Apache
vary: Accept-Encoding

GET
H2 200 main-iKy6fvbY.js Show response
ittechreviewer.com/assets/ 103 KB
40 KB 53ms
46ms Script
text/javascript 91.92.241.134
LIMENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ittechreviewer.com/assets/main-iKy6fvbY.js
Requested by: Host: ittechreviewer.com
URL: https://ittechreviewer.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 91.92.241.134 , Bulgaria, ASN394711 (LIMENET, US),
Reverse DNS
Software: Apache /
Resource Hash: 67ba942682e18a7e93415716839984780c6a7d14fc5262f520537db7f312e17f

Request headers

Referer: https://ittechreviewer.com/
Origin: https://ittechreviewer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 29 Jul 2024 14:11:29 GMT
content-encoding: gzip
last-modified: Thu, 25 Jul 2024 11:24:27 GMT
server: Apache
etag: "19d04-61e10a33c7cb8-gzip"
vary: Accept-Encoding
content-type: text/javascript
accept-ranges: bytes
content-length: 40552

GET
H2 200 http-Bpv2CJvK.js Show response
ittechreviewer.com/assets/ 337 B
334 B 31ms
26ms Script
text/javascript 91.92.241.134
LIMENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ittechreviewer.com/assets/http-Bpv2CJvK.js
Requested by: Host: ittechreviewer.com
URL: https://ittechreviewer.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 91.92.241.134 , Bulgaria, ASN394711 (LIMENET, US),
Reverse DNS
Software: Apache /
Resource Hash: a758e7f010a18f40b1651a87b4e758067704ff2dabae015dfa14eb3e54de9543

Request headers

Referer: https://ittechreviewer.com/
Origin: https://ittechreviewer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 29 Jul 2024 14:11:29 GMT
content-encoding: gzip
last-modified: Thu, 25 Jul 2024 11:24:27 GMT
server: Apache
etag: "151-61e10a33c7cb8-gzip"
vary: Accept-Encoding
content-type: text/javascript
accept-ranges: bytes
content-length: 269

GET
H2 200 lang-BemYAhPn.js Show response
ittechreviewer.com/assets/ 2 KB
939 B 30ms
26ms Script
text/javascript 91.92.241.134
LIMENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ittechreviewer.com/assets/lang-BemYAhPn.js
Requested by: Host: ittechreviewer.com
URL: https://ittechreviewer.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 91.92.241.134 , Bulgaria, ASN394711 (LIMENET, US),
Reverse DNS
Software: Apache /
Resource Hash: 01b56aa9cf1f4a591ba4c111f71d2f6130152a829d59e6bb1830fc9be0f9bf2f

Request headers

Referer: https://ittechreviewer.com/
Origin: https://ittechreviewer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 29 Jul 2024 14:11:29 GMT
content-encoding: gzip
last-modified: Thu, 25 Jul 2024 11:48:36 GMT
server: Apache
etag: "650-61e10f99c8ef5-gzip"
vary: Accept-Encoding
content-type: text/javascript
accept-ranges: bytes
content-length: 861

GET
H2 200 main-CJvDEJLw.css
ittechreviewer.com/assets/ 16 KB
4 KB 30ms
26ms Stylesheet
text/css 91.92.241.134
LIMENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ittechreviewer.com/assets/main-CJvDEJLw.css
Requested by: Host: ittechreviewer.com
URL: https://ittechreviewer.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 91.92.241.134 , Bulgaria, ASN394711 (LIMENET, US),
Reverse DNS
Software: Apache /
Resource Hash: 98298091a24e50b120b77db2069299e37ec342df66d243008286d60fef87cbab

Request headers

Referer: https://ittechreviewer.com/
Origin: https://ittechreviewer.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 29 Jul 2024 14:11:29 GMT
content-encoding: gzip
last-modified: Thu, 25 Jul 2024 11:24:27 GMT
server: Apache
etag: "3fb6-61e10a33c7cb8-gzip"
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 3813

OPTIONS
H3 403 rakuten.api.php
gg.aliyuncs.online/ 0
0 83ms
17ms Preflight
text/html 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://gg.aliyuncs.online/rakuten.api.php

Protocol

Security

QUIC, , AES_128_GCM

Server

188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://ittechreviewer.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: max-age=15
cf-ray: 8aadb2cc6dce9000-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 29 Jul 2024 14:11:29 GMT
expires: Mon, 29 Jul 2024 14:11:44 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UjdYvOwSoWyZIpMO44av984dTi1euClkyqbCY%2FXpctfIRyF4e6ciVIIk4%2BnC8AX3XKkT7ajinOQE3kLlPnF4a8BoB9azyylxKZrVQdZWBpf79xy8Enl6pz75ZBmc8ftbuecbHiI%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

POST rakuten.api.php
gg.aliyuncs.online/ 0
0

GET
H2 200 Rakuten_sp_28px@2x.png
ittechreviewer.com/img/ 2 KB
3 KB 19ms
18ms Image
image/png 91.92.241.134
LIMENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ittechreviewer.com/img/Rakuten_sp_28px@2x.png
Requested by: Host: ittechreviewer.com
URL: https://ittechreviewer.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 91.92.241.134 , Bulgaria, ASN394711 (LIMENET, US),
Reverse DNS
Software: Apache /
Resource Hash: e3c6fe7bec882eac29ed8b44fa4ea691c746025037bd31db0421673450f6f25e

Request headers

Referer: https://ittechreviewer.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 29 Jul 2024 14:11:29 GMT
last-modified: Wed, 04 Dec 2019 18:53:30 GMT
server: Apache
accept-ranges: bytes
etag: "9f4-598e55421fe80"
content-length: 2548
content-type: image/png

GET
H2 200 pop.gif
ittechreviewer.com/img/ 75 B
129 B 19ms
19ms Image
image/gif 91.92.241.134
LIMENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ittechreviewer.com/img/pop.gif
Requested by: Host: ittechreviewer.com
URL: https://ittechreviewer.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 91.92.241.134 , Bulgaria, ASN394711 (LIMENET, US),
Reverse DNS
Software: Apache /
Resource Hash: 7ab9a4d7f597471f82e8ebc6019525cd45f81decff7853062056a3c3417eba59

Request headers

Referer: https://ittechreviewer.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 29 Jul 2024 14:11:29 GMT
last-modified: Wed, 04 Dec 2019 18:53:30 GMT
server: Apache
accept-ranges: bytes
etag: "4b-598e55421fe80"
content-length: 75
content-type: image/gif

GET
H2 200 icon_circle.gif
ittechreviewer.com/img/ 342 B
413 B 19ms
19ms Image
image/gif 91.92.241.134
LIMENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ittechreviewer.com/img/icon_circle.gif
Requested by: Host: ittechreviewer.com
URL: https://ittechreviewer.com/assets/main-CJvDEJLw.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 91.92.241.134 , Bulgaria, ASN394711 (LIMENET, US),
Reverse DNS
Software: Apache /
Resource Hash: f0665d11143ffaff81d3720294bf52e56a0cafa1248c4d99a42680c4d0d77d88

Request headers

Referer: https://ittechreviewer.com/assets/main-CJvDEJLw.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 29 Jul 2024 14:11:29 GMT
last-modified: Wed, 04 Dec 2019 18:53:34 GMT
server: Apache
accept-ranges: bytes
etag: "156-598e5545f0780"
content-length: 342
content-type: image/gif

GET
H2 200 chevron.png
ittechreviewer.com/img/ 259 B
330 B 18ms
18ms Image
image/png 91.92.241.134
LIMENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ittechreviewer.com/img/chevron.png
Requested by: Host: ittechreviewer.com
URL: https://ittechreviewer.com/assets/main-CJvDEJLw.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 91.92.241.134 , Bulgaria, ASN394711 (LIMENET, US),
Reverse DNS
Software: Apache /
Resource Hash: 88eed35d75907988c5edf2688df02fd8f4a04eac7a5467d847da35ddd32c7270

Request headers

Referer: https://ittechreviewer.com/assets/main-CJvDEJLw.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 29 Jul 2024 14:11:29 GMT
last-modified: Wed, 04 Dec 2019 18:53:42 GMT
server: Apache
accept-ranges: bytes
etag: "103-598e554d91980"
content-length: 259
content-type: image/png

GET
H2 404 favicon.ico
ittechreviewer.com/ 265 B
315 B 19ms
17ms Other
text/html 91.92.241.134
LIMENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ittechreviewer.com/favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 91.92.241.134 , Bulgaria, ASN394711 (LIMENET, US),
Reverse DNS
Software: Apache /
Resource Hash: 027c3ac6d261783701394f6e90cdd4ad3f395fffd7089d14232b71343f44bf3a

Request headers

Referer: https://ittechreviewer.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Mon, 29 Jul 2024 14:11:29 GMT
server: Apache
content-length: 265
content-type: text/html; charset=iso-8859-1

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: gg.aliyuncs.online
URL: https://gg.aliyuncs.online/rakuten.api.php

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Rakuten (E-commerce)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| __VUE_INSTANCE_SETTERS__ object| __VUE_SSR_SETTERS__ boolean| __VUE__

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://ittechreviewer.com/#/ Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
network	error	URL: https://ittechreviewer.com/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()
javascript	error	URL: https://ittechreviewer.com/#/ Message: Access to fetch at 'https://gg.aliyuncs.online/rakuten.api.php' from origin 'https://ittechreviewer.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
network	error	URL: https://gg.aliyuncs.online/rakuten.api.php Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

gg.aliyuncs.online
ittechreviewer.com
gg.aliyuncs.online
188.114.97.3
91.92.241.134
01b56aa9cf1f4a591ba4c111f71d2f6130152a829d59e6bb1830fc9be0f9bf2f
027c3ac6d261783701394f6e90cdd4ad3f395fffd7089d14232b71343f44bf3a
67ba942682e18a7e93415716839984780c6a7d14fc5262f520537db7f312e17f
7ab9a4d7f597471f82e8ebc6019525cd45f81decff7853062056a3c3417eba59
88eed35d75907988c5edf2688df02fd8f4a04eac7a5467d847da35ddd32c7270
98298091a24e50b120b77db2069299e37ec342df66d243008286d60fef87cbab
a758e7f010a18f40b1651a87b4e758067704ff2dabae015dfa14eb3e54de9543
be68f84a0cbbcba05ccef742b4419c4de737ccf75e518de8f00eec5d30f80764
e3c6fe7bec882eac29ed8b44fa4ea691c746025037bd31db0421673450f6f25e
f0665d11143ffaff81d3720294bf52e56a0cafa1248c4d99a42680c4d0d77d88

ittechreviewer.com Open in urlscan Pro 91.92.241.134 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

12 Requests

92 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

49 kBTransfer

125 kBSize

0 Cookies

0 Outgoing links

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

4 Console Messages

Indicators

ittechreviewer.com Open in urlscan Pro
91.92.241.134 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

92 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

49 kB
Transfer

125 kB
Size

0
Cookies

12 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!