telecco.unex.es
Open in
urlscan Pro
158.49.112.140
Malicious Activity!
Public Scan
Effective URL: https://telecco.unex.es/wp-content/plugins/voyejvk/IMG/customer_center/user-925113/login.php
Submission: On February 02 via manual from NO — Scanned from NO
Summary
TLS certificate: Issued by GEANT OV RSA CA 4 on December 12th 2022. Valid for: a year.
This is the only time telecco.unex.es was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Netflix (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 103.47.184.53 103.47.184.53 | 9988 (MPT-AP My...) (MPT-AP Myanma Posts and Telecommunications) | |
3 9 | 158.49.112.140 158.49.112.140 | 766 (REDIRIS R...) (REDIRIS RedIRIS Autonomous System) | |
2 | 69.16.175.42 69.16.175.42 | 20446 (STACKPATH...) (STACKPATH-CDN) | |
6 | 142.251.39.4 142.251.39.4 | 15169 (GOOGLE) (GOOGLE) | |
9 | 142.250.201.195 142.250.201.195 | 15169 (GOOGLE) (GOOGLE) | |
4 | 142.251.39.35 142.251.39.35 | () () | |
1 | 45.57.90.1 45.57.90.1 | () () | |
29 | 7 |
ASN9988 (MPT-AP Myanma Posts and Telecommunications, MM)
rkhineseo.dbe.gov.mm |
ASN15169 (GOOGLE, US)
PTR: bud02s35-in-f3.1e100.net
www.gstatic.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
gstatic.com
www.gstatic.com fonts.gstatic.com |
597 KB |
9 |
unex.es
3 redirects
telecco.unex.es |
342 KB |
6 |
google.com
www.google.com — Cisco Umbrella Rank: 2 |
50 KB |
2 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 673 |
157 KB |
1 |
nflxext.com
assets.nflxext.com |
72 KB |
1 |
dbe.gov.mm
rkhineseo.dbe.gov.mm |
381 B |
29 | 6 |
Domain | Requested by | |
---|---|---|
9 | www.gstatic.com |
www.google.com
www.gstatic.com |
9 | telecco.unex.es |
3 redirects
telecco.unex.es
|
6 | www.google.com |
telecco.unex.es
www.gstatic.com www.google.com |
4 | fonts.gstatic.com |
www.google.com
|
2 | code.jquery.com |
telecco.unex.es
|
1 | assets.nflxext.com |
telecco.unex.es
|
1 | rkhineseo.dbe.gov.mm | |
29 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
telecco.unex.es GEANT OV RSA CA 4 |
2022-12-12 - 2023-12-12 |
a year | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2022-08-03 - 2023-07-14 |
a year | crt.sh |
www.google.com GTS CA 1C3 |
2023-01-09 - 2023-04-03 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2023-01-09 - 2023-04-03 |
3 months | crt.sh |
*.1.nflxso.net DigiCert Secure Site ECC CA-1 |
2023-01-22 - 2023-02-21 |
a month | crt.sh |
This page contains 3 frames:
Primary Page:
https://telecco.unex.es/wp-content/plugins/voyejvk/IMG/customer_center/user-925113/login.php
Frame ID: F4590B4054686E3E38F9A70AF2CDAA5F
Requests: 12 HTTP requests in this frame
Frame:
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Le10kQkAAAAAOXzrO6z4-PMBjPoV9kHLjsC8KqV&co=aHR0cHM6Ly90ZWxlY2NvLnVuZXguZXM6NDQz&hl=no&v=RGRQD9tdxHtnt-Bxkx9pM75S&size=invisible&cb=pz2f45gepgdq
Frame ID: 7953919B14727AA0E37B18C062B46F7A
Requests: 7 HTTP requests in this frame
Frame:
https://www.google.com/recaptcha/api2/bframe?hl=no&v=RGRQD9tdxHtnt-Bxkx9pM75S&k=6Le10kQkAAAAAOXzrO6z4-PMBjPoV9kHLjsC8KqV
Frame ID: 23D132021859CA13209E9AF4D8C680BA
Requests: 10 HTTP requests in this frame
Screenshot
Page Title
Redirection en cours...Page URL History Show full URLs
- http://rkhineseo.dbe.gov.mm/wp-content/plugins/qvygtvq/redi.php Page URL
-
https://telecco.unex.es/wp-content/plugins/voyejvk/IMG
HTTP 301
https://telecco.unex.es/wp-content/plugins/voyejvk/IMG/ HTTP 302
https://telecco.unex.es/wp-content/plugins/voyejvk/IMG/customer_center/user-925113 HTTP 301
https://telecco.unex.es/wp-content/plugins/voyejvk/IMG/customer_center/user-925113/ Page URL
- https://telecco.unex.es/wp-content/plugins/voyejvk/IMG/customer_center/user-925113/login.php Page URL
Detected technologies
WordPress (CMS) ExpandDetected patterns
- /wp-(?:content|includes)/
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
reCAPTCHA (Captchas) Expand
Detected patterns
- /recaptcha/api\.js
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://rkhineseo.dbe.gov.mm/wp-content/plugins/qvygtvq/redi.php Page URL
-
https://telecco.unex.es/wp-content/plugins/voyejvk/IMG
HTTP 301
https://telecco.unex.es/wp-content/plugins/voyejvk/IMG/ HTTP 302
https://telecco.unex.es/wp-content/plugins/voyejvk/IMG/customer_center/user-925113 HTTP 301
https://telecco.unex.es/wp-content/plugins/voyejvk/IMG/customer_center/user-925113/ Page URL
- https://telecco.unex.es/wp-content/plugins/voyejvk/IMG/customer_center/user-925113/login.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 1- https://telecco.unex.es/wp-content/plugins/voyejvk/IMG HTTP 301
- https://telecco.unex.es/wp-content/plugins/voyejvk/IMG/ HTTP 302
- https://telecco.unex.es/wp-content/plugins/voyejvk/IMG/customer_center/user-925113 HTTP 301
- https://telecco.unex.es/wp-content/plugins/voyejvk/IMG/customer_center/user-925113/
29 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
redi.php
rkhineseo.dbe.gov.mm/wp-content/plugins/qvygtvq/ |
182 B 381 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
telecco.unex.es/wp-content/plugins/voyejvk/IMG/customer_center/user-925113/ Redirect Chain
|
1 KB 768 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.3.1.js
code.jquery.com/ |
265 KB 79 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
api.js
www.google.com/recaptcha/ |
850 B 875 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
recaptcha__no.js
www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/ |
403 KB 161 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
anchor
www.google.com/recaptcha/api2/ Frame 7953 |
43 KB 23 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles__ltr.css
www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/ Frame 7953 |
55 KB 25 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
recaptcha__no.js
www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/ Frame 7953 |
403 KB 161 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo_48.png
www.gstatic.com/recaptcha/api2/ Frame 7953 |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 7953 |
15 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 7953 |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
webworker.js
www.google.com/recaptcha/api2/ Frame 7953 |
102 B 204 B |
Other
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bframe
www.google.com/recaptcha/api2/ Frame 23D1 |
7 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles__ltr.css
www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/ Frame 23D1 |
55 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
recaptcha__no.js
www.gstatic.com/recaptcha/releases/RGRQD9tdxHtnt-Bxkx9pM75S/ Frame 23D1 |
403 KB 161 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
reload
www.google.com/recaptcha/api2/ Frame 23D1 |
40 KB 24 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
userverify
www.google.com/recaptcha/api2/ Frame 23D1 |
701 B 669 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
Primary Request
login.php
telecco.unex.es/wp-content/plugins/voyejvk/IMG/customer_center/user-925113/ |
26 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
refresh_2x.png
www.gstatic.com/recaptcha/api2/ Frame 23D1 |
600 B 691 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
audio_2x.png
www.gstatic.com/recaptcha/api2/ Frame 23D1 |
530 B 622 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
info_2x.png
www.gstatic.com/recaptcha/api2/ Frame 23D1 |
665 B 757 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 23D1 |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 23D1 |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
telecco.unex.es/wp-content/plugins/voyejvk/IMG/customer_center/user-925113/assets/ |
124 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.3.1.js
code.jquery.com/ |
265 KB 79 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.js
telecco.unex.es/wp-content/plugins/voyejvk/IMG/customer_center/user-925113/assets/ |
2 KB 709 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
US-en-20190311-popsignuptwoweeks-perspective_alpha_website_large.jpg
telecco.unex.es/wp-content/plugins/voyejvk/IMG/customer_center/user-925113/assets/ |
313 KB 315 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
FB-f-Logo__blue_57.png
telecco.unex.es/wp-content/plugins/voyejvk/IMG/customer_center/user-925113/assets/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nf-icon-v1-93.woff
assets.nflxext.com/ffe/siteui/fonts/ |
72 KB 72 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Netflix (Online)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontentvisibilityautostatechange function| $ function| jQuery function| onSubmit object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
telecco.unex.es/ | Name: PHPSESSID Value: 22934pmp1sumrv010ai8fpupc4 |
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
assets.nflxext.com
code.jquery.com
fonts.gstatic.com
rkhineseo.dbe.gov.mm
telecco.unex.es
www.google.com
www.gstatic.com
103.47.184.53
142.250.201.195
142.251.39.35
142.251.39.4
158.49.112.140
45.57.90.1
69.16.175.42
0df77046512c465ac6d84db54ebeb558fe38ff7b1a70cb9ccbfeddf2f6f4e67f
154e9866c94f43a17d75aed32adc27020f95f614232f8b3cfedd7fc4bf2a48d3
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
3645d085f9558451d6f7c33b0aecd54ce0e8cbe7ef48a57c50e49d16142d6b3c
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3e49d9dc43267590184389ab3da0cb9f7308c9c848667dab109a0f7c73450ece
41e23844c57a909dbdacea0074c2a6614244d470c9d1f408154466d92b848a97
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5d0ef4db8b90ac7db8f8924a75141a15ebe15725ba7a5670d38fb7636d39efd0
73eccdc610db4f6f4fa210b27dc2e1ab70b439bf65525a8364c35b9045ef5d49
952833e41ba7a4b64c31a2d7b07dde81bf5bbacf5cbb967821cfe459d0c4a0d8
98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d
a01919a4431b1268e6cd61dec2d810d90a807ce2632f5f3d9c0aac44e5378021
aa680c45d9cbfec5a682ceb3790d385ed49264e24667ae6936d24af4199efab8
b64457b9ace23d4b9f6d5f3b82c2c9e3094fd6bbf8190fbed9f6e7f7d37ae660
b869748d5b881596b60d2701ab441dd5beef2059c76315516b3e7d81073ae72e
bbaa5ef5841e98dd6d251034505f119033a95746d6bc6f524b37f7d40fe7785e
bd135a106fbe23520bfd0bb67b70beba02b5f2f8a9ba3a8e7c83d7489db4986f
c8283d2442536c3a87d61d2a0bb64807009df4563a0bbea27184fb71c1067653
d8aa24ecc6cecb1a60515bc093f1c9da38a0392612d9ab8ae0f7f36e6eee1fad