firetechgulf.com
Open in
urlscan Pro
192.186.196.71
Malicious Activity!
Public Scan
Effective URL: http://firetechgulf.com/z/paypal.com.au/e958211a8a4d92777391575b76ec9d2e/login/
Submission: On June 25 via manual from US
Summary
This is the only time firetechgulf.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayPal (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 14 | 192.186.196.71 192.186.196.71 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com) | |
3 | 195.123.213.249 195.123.213.249 | 50979 (ITL-) (ITL-) | |
13 | 2 |
ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US)
PTR: ip-192-186-196-71.ip.secureserver.net
firetechgulf.com |
ASN50979 (ITL-, LV)
PTR: vds-shellycolmanl72-162414.hosted-by-itldc.com
195.123.213.249 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
firetechgulf.com
4 redirects
firetechgulf.com |
117 KB |
13 | 1 |
Domain | Requested by | |
---|---|---|
14 | firetechgulf.com |
4 redirects
firetechgulf.com
|
13 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://firetechgulf.com/z/paypal.com.au/e958211a8a4d92777391575b76ec9d2e/login/
Frame ID: 14764DB53096B0BDF0912DBB2DED3EC6
Requests: 13 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://firetechgulf.com/z/paypal.com.au
HTTP 301
http://firetechgulf.com/z/paypal.com.au/ HTTP 302
http://firetechgulf.com/z/paypal.com.au/e958211a8a4d92777391575b76ec9d2e HTTP 301
http://firetechgulf.com/z/paypal.com.au/e958211a8a4d92777391575b76ec9d2e/ HTTP 302
http://firetechgulf.com/z/paypal.com.au/e958211a8a4d92777391575b76ec9d2e/login/ Page URL
Detected technologies
AngularJS (JavaScript Frameworks) ExpandDetected patterns
- script /angular.*\.js/i
- env /^angular$/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Font Awesome (Font Scripts) Expand
Detected patterns
- html /<link[^>]* href=[^>]+font-awesome(?:\.min)?\.css/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js/i
- env /^jQuery$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://firetechgulf.com/z/paypal.com.au
HTTP 301
http://firetechgulf.com/z/paypal.com.au/ HTTP 302
http://firetechgulf.com/z/paypal.com.au/e958211a8a4d92777391575b76ec9d2e HTTP 301
http://firetechgulf.com/z/paypal.com.au/e958211a8a4d92777391575b76ec9d2e/ HTTP 302
http://firetechgulf.com/z/paypal.com.au/e958211a8a4d92777391575b76ec9d2e/login/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
firetechgulf.com/z/paypal.com.au/e958211a8a4d92777391575b76ec9d2e/login/ Redirect Chain
|
46 KB 9 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
firetechgulf.com/z/paypal.com.au/bower_components/jquery/dist/ |
85 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
font-awesome.min.css
firetechgulf.com/z/paypal.com.au/bower_components/font-awesome/css/ |
30 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.css
firetechgulf.com/z/paypal.com.au/login/ |
19 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
angular.min.js
firetechgulf.com/z/paypal.com.au/bower_components/angular/ |
165 KB 58 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
css.css
firetechgulf.com/z/paypal.com.au/login/ |
2 KB 930 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
form.js
firetechgulf.com/z/paypal.com.au/login/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ng.js
firetechgulf.com/z/paypal.com.au/login/ |
1 KB 993 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
token.js
firetechgulf.com/z/paypal.com.au/login/ |
4 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
token.php
195.123.213.249/mydick/gates/ |
65 B 274 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
token.php
195.123.213.249/mydick/gates/ |
58 B 267 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
paypal-logo-129x32.svg
firetechgulf.com/z/paypal.com.au/login/ |
5 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
token.php
195.123.213.249/mydick/gates/ |
65 B 273 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayPal (Financial)21 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery object| angular string| bid object| php_js string| el object| cookies object| loader_ function| send1 function| login_proxy object| lngs string| lenguage object| lng object| app object| bider_obj object| last_respond undefined| last_operation object| respond object| CORE__ object| REST_FN__ number| bidder_timer1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
firetechgulf.com/z/paypal.com.au/e958211a8a4d92777391575b76ec9d2e | Name: bid Value: e958211a8a4d92777391575b76ec9d2e |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
firetechgulf.com
192.186.196.71
195.123.213.249
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
2f0271c8e591a1a79bc2ce0c44087747404f34d5416f9613f3ebcf470fff4a78
315200f08ee3fe87434223a68414272bd61d5c3ab0f9c241795574c02b9d5111
35f73a70cca067828be9e0a712b8b48908e1bc4490637c62bd70158f95cd6e27
47e6fda875d813f1857c2e4c2d8a589844c1a90cb69b52132c57a1d6b38856b8
51874b152cfbb53e2383b9ba00071055f330ddf317f9b9a92c1e3e081d679753
53dfddc6d20367d2c63d217010ca1958ab5b5dd34edc1608d3c96f80206e95af
7087ac9607bd867220dbc2da783dca6623a2ab4add6c3085cca705bfc30653f2
763528752fc4552c96d36b1bd61d36210d08853f1c396716389c2d8b36a7778b
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
b3cc50b9e94bbecaaeb1079b64b8ca50616d1732824964c1cc2c5422627a0ec5
c535f53ec119185beb92eb66b039dcb2647e146791a78cae902c33d40a1d811f
ff940a5655478c91139fc042c8ab0fac0ec8227ccdcd64d5ff0056ff68f3499a