firetechgulf.com Open in urlscan Pro
192.186.196.71 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://firetechgulf.com/z/paypal.com.au
Effective URL:
http://firetechgulf.com/z/paypal.com.au/e958211a8a4d92777391575b76ec9d2e/login/
Submission: On June 25 via manual (June 25th 2018, 4:49:24 pm UTC) from US

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 1 domains to perform 13 HTTP transactions. The main IP is 192.186.196.71, located in Scottsdale, United States and belongs to AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US. The main domain is firetechgulf.com.

This is the only time firetechgulf.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

	IP Address	AS Autonomous System
4 14	192.186.196.71 192.186.196.71	26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com)
3	195.123.213.249 195.123.213.249	50979 (ITL-) (ITL-)
13	2

14 192.186.196.71 (Scottsdale, United States) 4 redirects

ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US)
PTR: ip-192-186-196-71.ip.secureserver.net

firetechgulf.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 195.123.213.249 (Ukraine)

ASN50979 (ITL-, LV)
PTR: vds-shellycolmanl72-162414.hosted-by-itldc.com

195.123.213.249	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	firetechgulf.com 4 redirects firetechgulf.com	117 KB
13	1

	Domain	Requested by
14	firetechgulf.com	4 redirects firetechgulf.com
13	1

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://firetechgulf.com/z/paypal.com.au/e958211a8a4d92777391575b76ec9d2e/login/
Frame ID: 14764DB53096B0BDF0912DBB2DED3EC6
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://firetechgulf.com/z/paypal.com.au HTTP 301
http://firetechgulf.com/z/paypal.com.au/ HTTP 302
http://firetechgulf.com/z/paypal.com.au/e958211a8a4d92777391575b76ec9d2e HTTP 301
http://firetechgulf.com/z/paypal.com.au/e958211a8a4d92777391575b76ec9d2e/ HTTP 302
http://firetechgulf.com/z/paypal.com.au/e958211a8a4d92777391575b76ec9d2e/login/ Page URL

Detected technologies

AngularJS (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

script /angular.*\.js/i
env /^angular$/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+font-awesome(?:\.min)?\.css/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js/i
env /^jQuery$/i

Page Statistics

13
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

2
Countries

117 kB
Transfer

361 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://firetechgulf.com/z/paypal.com.au HTTP 301
http://firetechgulf.com/z/paypal.com.au/ HTTP 302
http://firetechgulf.com/z/paypal.com.au/e958211a8a4d92777391575b76ec9d2e HTTP 301
http://firetechgulf.com/z/paypal.com.au/e958211a8a4d92777391575b76ec9d2e/ HTTP 302
http://firetechgulf.com/z/paypal.com.au/e958211a8a4d92777391575b76ec9d2e/login/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response firetechgulf.com/z/paypal.com.au/e958211a8a4d92777391575b76ec9d2e/login/ Redirect Chain http://firetechgulf.com/z/paypal.com.au http://firetechgulf.com/z/paypal.com.au/ http://firetechgulf.com/z/paypal.com.au/e958211a8a4d92777391575b76ec9d2e? http://firetechgulf.com/z/paypal.com.au/e958211a8a4d92777391575b76ec9d2e/? http://firetechgulf.com/z/paypal.com.au/e958211a8a4d92777391575b76ec9d2e/login/?	46 KB 9 KB	184ms 183ms	Document text/html	192.186.196.71 GoDaddy.com
General Check archive.org Show headers Download Go to Full URL http://firetechgulf.com/z/paypal.com.au/e958211a8a4d92777391575b76ec9d2e/login/? Protocol HTTP/1.1 Server 192.186.196.71 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US), Reverse DNS ip-192-186-196-71.ip.secureserver.net Software Apache / PHP/5.4.45 Resource Hash `315200f08ee3fe87434223a68414272bd61d5c3ab0f9c241795574c02b9d5111` Request headers Host firetechgulf.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Accept-Encoding gzip, deflate Cookie bid=e958211a8a4d92777391575b76ec9d2e Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 X-DevTools-Emulate-Network-Conditions-Client-Id 14764DB53096B0BDF0912DBB2DED3EC6 Response headers Date Mon, 25 Jun 2018 16:49:13 GMT Server Apache X-Powered-By PHP/5.4.45 Vary Accept-Encoding,User-Agent Content-Encoding gzip Content-Length 9059 Keep-Alive timeout=5 Connection Keep-Alive Content-Type text/html Redirect headers Date Mon, 25 Jun 2018 16:49:12 GMT Server Apache X-Powered-By PHP/5.4.45 Set-Cookie bid=e958211a8a4d92777391575b76ec9d2e location login/? Vary User-Agent Content-Length 0 Keep-Alive timeout=5 Connection Keep-Alive Content-Type text/html
GET H/1.1	200 OK	jquery.min.js Show response firetechgulf.com/z/paypal.com.au/bower_components/jquery/dist/	85 KB 30 KB	160ms 159ms	Script application/javascript	192.186.196.71 GoDaddy.com
General Check archive.org Show headers Download Go to Full URL http://firetechgulf.com/z/paypal.com.au/bower_components/jquery/dist/jquery.min.js Requested by Host: firetechgulf.com URL: http://firetechgulf.com/z/paypal.com.au/e958211a8a4d92777391575b76ec9d2e/login/? Protocol HTTP/1.1 Server 192.186.196.71 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US), Reverse DNS ip-192-186-196-71.ip.secureserver.net Software Apache / Resource Hash `160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host firetechgulf.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept / Referer http://firetechgulf.com/z/paypal.com.au/e958211a8a4d92777391575b76ec9d2e/login/? Connection keep-alive Cache-Control no-cache Referer http://firetechgulf.com/z/paypal.com.au/e958211a8a4d92777391575b76ec9d2e/login/? User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 25 Jun 2018 16:49:13 GMT Content-Encoding gzip Last-Modified Sat, 20 Jan 2018 14:26:56 GMT Server Apache ETag "7980d3c-1538f-56335fd33cc00-gzip" Vary Accept-Encoding,User-Agent Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5 Content-Length 30307
GET H/1.1	200 OK	font-awesome.min.css firetechgulf.com/z/paypal.com.au/bower_components/font-awesome/css/	30 KB 7 KB	311ms 158ms	Stylesheet text/css	192.186.196.71 GoDaddy.com
General Check archive.org Show headers Download Go to Full URL http://firetechgulf.com/z/paypal.com.au/bower_components/font-awesome/css/font-awesome.min.css Requested by Host: firetechgulf.com URL: http://firetechgulf.com/z/paypal.com.au/e958211a8a4d92777391575b76ec9d2e/login/? Protocol HTTP/1.1 Server 192.186.196.71 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US), Reverse DNS ip-192-186-196-71.ip.secureserver.net Software Apache / Resource Hash `799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host firetechgulf.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/css,/;q=0.1 Referer http://firetechgulf.com/z/paypal.com.au/e958211a8a4d92777391575b76ec9d2e/login/? Connection keep-alive Cache-Control no-cache Referer http://firetechgulf.com/z/paypal.com.au/e958211a8a4d92777391575b76ec9d2e/login/? User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 25 Jun 2018 16:49:13 GMT Content-Encoding gzip Last-Modified Sun, 09 Apr 2017 04:29:24 GMT Server Apache ETag "7980e06-7918-54cb44da47100-gzip" Vary Accept-Encoding,User-Agent Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5 Content-Length 7053
GET H/1.1	200 OK	index.css firetechgulf.com/z/paypal.com.au/login/	19 KB 5 KB	312ms 159ms	Stylesheet text/css	192.186.196.71 GoDaddy.com
General Check archive.org Show headers Download Go to Full URL http://firetechgulf.com/z/paypal.com.au/login/index.css Requested by Host: firetechgulf.com URL: http://firetechgulf.com/z/paypal.com.au/e958211a8a4d92777391575b76ec9d2e/login/? Protocol HTTP/1.1 Server 192.186.196.71 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US), Reverse DNS ip-192-186-196-71.ip.secureserver.net Software Apache / Resource Hash `47e6fda875d813f1857c2e4c2d8a589844c1a90cb69b52132c57a1d6b38856b8` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host firetechgulf.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/css,/;q=0.1 Referer http://firetechgulf.com/z/paypal.com.au/e958211a8a4d92777391575b76ec9d2e/login/? Connection keep-alive Cache-Control no-cache Referer http://firetechgulf.com/z/paypal.com.au/e958211a8a4d92777391575b76ec9d2e/login/? User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 25 Jun 2018 16:49:13 GMT Content-Encoding gzip Last-Modified Sat, 12 Nov 2016 09:02:18 GMT Server Apache ETag "7980e3f-4df1-54116dd185a80-gzip" Vary Accept-Encoding,User-Agent Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5 Content-Length 4614
GET H/1.1	200 OK	angular.min.js Show response firetechgulf.com/z/paypal.com.au/bower_components/angular/	165 KB 58 KB	317ms 164ms	Script application/javascript	192.186.196.71 GoDaddy.com
General Check archive.org Show headers Download Go to Full URL http://firetechgulf.com/z/paypal.com.au/bower_components/angular/angular.min.js Requested by Host: firetechgulf.com URL: http://firetechgulf.com/z/paypal.com.au/e958211a8a4d92777391575b76ec9d2e/login/? Protocol HTTP/1.1 Server 192.186.196.71 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US), Reverse DNS ip-192-186-196-71.ip.secureserver.net Software Apache / Resource Hash `35f73a70cca067828be9e0a712b8b48908e1bc4490637c62bd70158f95cd6e27` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host firetechgulf.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept / Referer http://firetechgulf.com/z/paypal.com.au/e958211a8a4d92777391575b76ec9d2e/login/? Connection keep-alive Cache-Control no-cache Referer http://firetechgulf.com/z/paypal.com.au/e958211a8a4d92777391575b76ec9d2e/login/? User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 25 Jun 2018 16:49:13 GMT Content-Encoding gzip Last-Modified Fri, 18 Aug 2017 14:37:28 GMT Server Apache ETag "7962f8e-2937c-5570811783a00-gzip" Vary Accept-Encoding,User-Agent Content-Type application/javascript Transfer-Encoding chunked Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5
GET H/1.1	200 OK	css.css firetechgulf.com/z/paypal.com.au/login/	2 KB 930 B	306ms 153ms	Stylesheet text/css	192.186.196.71 GoDaddy.com
General Check archive.org Show headers Download Go to Full URL http://firetechgulf.com/z/paypal.com.au/login/css.css Requested by Host: firetechgulf.com URL: http://firetechgulf.com/z/paypal.com.au/e958211a8a4d92777391575b76ec9d2e/login/? Protocol HTTP/1.1 Server 192.186.196.71 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US), Reverse DNS ip-192-186-196-71.ip.secureserver.net Software Apache / Resource Hash `51874b152cfbb53e2383b9ba00071055f330ddf317f9b9a92c1e3e081d679753` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host firetechgulf.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/css,/;q=0.1 Referer http://firetechgulf.com/z/paypal.com.au/e958211a8a4d92777391575b76ec9d2e/login/? Connection keep-alive Cache-Control no-cache Referer http://firetechgulf.com/z/paypal.com.au/e958211a8a4d92777391575b76ec9d2e/login/? User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 25 Jun 2018 16:49:13 GMT Content-Encoding gzip Last-Modified Mon, 25 Sep 2017 12:45:08 GMT Server Apache ETag "7980e49-6b3-55a02edb43d00-gzip" Vary Accept-Encoding,User-Agent Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5 Content-Length 600
GET H/1.1	200 OK	form.js Show response firetechgulf.com/z/paypal.com.au/login/	4 KB 2 KB	317ms 164ms	Script application/javascript	192.186.196.71 GoDaddy.com
General Check archive.org Show headers Download Go to Full URL http://firetechgulf.com/z/paypal.com.au/login/form.js?v=5b311d091c151 Requested by Host: firetechgulf.com URL: http://firetechgulf.com/z/paypal.com.au/e958211a8a4d92777391575b76ec9d2e/login/? Protocol HTTP/1.1 Server 192.186.196.71 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US), Reverse DNS ip-192-186-196-71.ip.secureserver.net Software Apache / Resource Hash `7087ac9607bd867220dbc2da783dca6623a2ab4add6c3085cca705bfc30653f2` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host firetechgulf.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept / Referer http://firetechgulf.com/z/paypal.com.au/e958211a8a4d92777391575b76ec9d2e/login/? Connection keep-alive Cache-Control no-cache Referer http://firetechgulf.com/z/paypal.com.au/e958211a8a4d92777391575b76ec9d2e/login/? User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 25 Jun 2018 16:49:13 GMT Content-Encoding gzip Last-Modified Thu, 17 May 2018 13:16:54 GMT Server Apache ETag "7980e3b-e94-56c66a62d3d80-gzip" Vary Accept-Encoding,User-Agent Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5 Content-Length 1319
GET H/1.1	200 OK	ng.js Show response firetechgulf.com/z/paypal.com.au/login/	1 KB 993 B	317ms 154ms	Script application/javascript	192.186.196.71 GoDaddy.com
General Check archive.org Show headers Download Go to Full URL http://firetechgulf.com/z/paypal.com.au/login/ng.js?v=5b311d091c18a Requested by Host: firetechgulf.com URL: http://firetechgulf.com/z/paypal.com.au/e958211a8a4d92777391575b76ec9d2e/login/? Protocol HTTP/1.1 Server 192.186.196.71 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US), Reverse DNS ip-192-186-196-71.ip.secureserver.net Software Apache / Resource Hash `2f0271c8e591a1a79bc2ce0c44087747404f34d5416f9613f3ebcf470fff4a78` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host firetechgulf.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept / Referer http://firetechgulf.com/z/paypal.com.au/e958211a8a4d92777391575b76ec9d2e/login/? Connection keep-alive Cache-Control no-cache Referer http://firetechgulf.com/z/paypal.com.au/e958211a8a4d92777391575b76ec9d2e/login/? User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 25 Jun 2018 16:49:13 GMT Content-Encoding gzip Last-Modified Thu, 17 May 2018 13:23:32 GMT Server Apache ETag "7980e51-5a9-56c66bde63d00-gzip" Vary Accept-Encoding,User-Agent Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5 Content-Length 649
GET H/1.1	200 OK	token.js Show response firetechgulf.com/z/paypal.com.au/login/	4 KB 1 KB	468ms 162ms	Script application/javascript	192.186.196.71 GoDaddy.com
General Check archive.org Show headers Download Go to Full URL http://firetechgulf.com/z/paypal.com.au/login/token.js?v=5b311d091c1c1 Requested by Host: firetechgulf.com URL: http://firetechgulf.com/z/paypal.com.au/e958211a8a4d92777391575b76ec9d2e/login/? Protocol HTTP/1.1 Server 192.186.196.71 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US), Reverse DNS ip-192-186-196-71.ip.secureserver.net Software Apache / Resource Hash `ff940a5655478c91139fc042c8ab0fac0ec8227ccdcd64d5ff0056ff68f3499a` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host firetechgulf.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept / Referer http://firetechgulf.com/z/paypal.com.au/e958211a8a4d92777391575b76ec9d2e/login/? Connection keep-alive Cache-Control no-cache Referer http://firetechgulf.com/z/paypal.com.au/e958211a8a4d92777391575b76ec9d2e/login/? User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 25 Jun 2018 16:49:13 GMT Content-Encoding gzip Last-Modified Mon, 12 Mar 2018 09:11:54 GMT Server Apache ETag "7980e4a-f80-5673388764a80-gzip" Vary Accept-Encoding,User-Agent Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5 Content-Length 1022
GET H/1.1	200 OK	token.php Show response 195.123.213.249/mydick/gates/	65 B 274 B	68ms 35ms	Script text/javascript	195.123.213.249 ITL-
General Check archive.org Show headers Download Go to Full URL http://195.123.213.249/mydick/gates/token.php?link=pp&bid=e958211a8a4d92777391575b76ec9d2e&callback=jQuery331004965564375349074_1529945353405&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1529945353406 Requested by Host: firetechgulf.com URL: http://firetechgulf.com/z/paypal.com.au/bower_components/jquery/dist/jquery.min.js Protocol HTTP/1.1 Server 195.123.213.249 , Ukraine, ASN50979 (ITL-, LV), Reverse DNS vds-shellycolmanl72-162414.hosted-by-itldc.com Software Apache/2.4.18 (Ubuntu) / Resource Hash `c535f53ec119185beb92eb66b039dcb2647e146791a78cae902c33d40a1d811f` Request headers Referer http://firetechgulf.com/z/paypal.com.au/e958211a8a4d92777391575b76ec9d2e/login/? User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 25 Jun 2018 16:49:13 GMT Server Apache/2.4.18 (Ubuntu) Connection Keep-Alive Keep-Alive timeout=5, max=100 Content-Length 65 Content-Type text/javascript;charset=UTF-8
GET H/1.1	200 OK	token.php Show response 195.123.213.249/mydick/gates/	58 B 267 B	70ms 36ms	Script text/javascript	195.123.213.249 ITL-
General Check archive.org Show headers Download Go to Full URL http://195.123.213.249/mydick/gates/token.php?link=pp&bid=e958211a8a4d92777391575b76ec9d2e&callback=jQuery331004965564375349074_1529945353407&data=%7B%22mes%22%3A%22User%20curently%20on%20the%20login%20page%22%7D&_=1529945353408 Requested by Host: firetechgulf.com URL: http://firetechgulf.com/z/paypal.com.au/bower_components/jquery/dist/jquery.min.js Protocol HTTP/1.1 Server 195.123.213.249 , Ukraine, ASN50979 (ITL-, LV), Reverse DNS vds-shellycolmanl72-162414.hosted-by-itldc.com Software Apache/2.4.18 (Ubuntu) / Resource Hash `53dfddc6d20367d2c63d217010ca1958ab5b5dd34edc1608d3c96f80206e95af` Request headers Referer http://firetechgulf.com/z/paypal.com.au/e958211a8a4d92777391575b76ec9d2e/login/? User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 25 Jun 2018 16:49:13 GMT Server Apache/2.4.18 (Ubuntu) Connection Keep-Alive Keep-Alive timeout=5, max=100 Content-Length 58 Content-Type text/javascript;charset=UTF-8
GET H/1.1	200 OK	paypal-logo-129x32.svg firetechgulf.com/z/paypal.com.au/login/	5 KB 2 KB	154ms 154ms	Image image/svg+xml	192.186.196.71 GoDaddy.com
General Check archive.org Show headers Download Go to Show image Full URL http://firetechgulf.com/z/paypal.com.au/login/paypal-logo-129x32.svg Requested by Host: firetechgulf.com URL: http://firetechgulf.com/z/paypal.com.au/e958211a8a4d92777391575b76ec9d2e/login/? Protocol HTTP/1.1 Server 192.186.196.71 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US), Reverse DNS ip-192-186-196-71.ip.secureserver.net Software Apache / Resource Hash `b3cc50b9e94bbecaaeb1079b64b8ca50616d1732824964c1cc2c5422627a0ec5` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host firetechgulf.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://firetechgulf.com/z/paypal.com.au/login/index.css Connection keep-alive Cache-Control no-cache Referer http://firetechgulf.com/z/paypal.com.au/login/index.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 25 Jun 2018 16:49:13 GMT Content-Encoding gzip Last-Modified Sat, 12 Nov 2016 06:21:38 GMT Server Apache ETag "7980e41-1351-541149e81a080-gzip" Vary Accept-Encoding,User-Agent Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5 Content-Length 1929
GET H/1.1	200 OK	token.php Show response 195.123.213.249/mydick/gates/	65 B 273 B	35ms 34ms	Script text/javascript	195.123.213.249 ITL-
General Check archive.org Show headers Download Go to Full URL http://195.123.213.249/mydick/gates/token.php?link=pp&bid=e958211a8a4d92777391575b76ec9d2e&callback=jQuery331004965564375349074_1529945353407&data=%7B%22online_bider%22%3A1%2C%22w%22%3A0%2C%22dev%22%3A3%7D&_=1529945353409 Requested by Host: firetechgulf.com URL: http://firetechgulf.com/z/paypal.com.au/bower_components/jquery/dist/jquery.min.js Protocol HTTP/1.1 Server 195.123.213.249 , Ukraine, ASN50979 (ITL-, LV), Reverse DNS vds-shellycolmanl72-162414.hosted-by-itldc.com Software Apache/2.4.18 (Ubuntu) / Resource Hash `763528752fc4552c96d36b1bd61d36210d08853f1c396716389c2d8b36a7778b` Request headers Referer http://firetechgulf.com/z/paypal.com.au/e958211a8a4d92777391575b76ec9d2e/login/? User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 25 Jun 2018 16:49:18 GMT Server Apache/2.4.18 (Ubuntu) Connection Keep-Alive Keep-Alive timeout=5, max=99 Content-Length 65 Content-Type text/javascript;charset=UTF-8

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			firetechgulf.com/z/paypal.com.au/e958211a8a4d92777391575b76ec9d2e	1969-12-31 23:59:59	Name: bid Value: e958211a8a4d92777391575b76ec9d2e

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

firetechgulf.com
192.186.196.71
195.123.213.249
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
2f0271c8e591a1a79bc2ce0c44087747404f34d5416f9613f3ebcf470fff4a78
315200f08ee3fe87434223a68414272bd61d5c3ab0f9c241795574c02b9d5111
35f73a70cca067828be9e0a712b8b48908e1bc4490637c62bd70158f95cd6e27
47e6fda875d813f1857c2e4c2d8a589844c1a90cb69b52132c57a1d6b38856b8
51874b152cfbb53e2383b9ba00071055f330ddf317f9b9a92c1e3e081d679753
53dfddc6d20367d2c63d217010ca1958ab5b5dd34edc1608d3c96f80206e95af
7087ac9607bd867220dbc2da783dca6623a2ab4add6c3085cca705bfc30653f2
763528752fc4552c96d36b1bd61d36210d08853f1c396716389c2d8b36a7778b
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
b3cc50b9e94bbecaaeb1079b64b8ca50616d1732824964c1cc2c5422627a0ec5
c535f53ec119185beb92eb66b039dcb2647e146791a78cae902c33d40a1d811f
ff940a5655478c91139fc042c8ab0fac0ec8227ccdcd64d5ff0056ff68f3499a

firetechgulf.com Open in urlscan Pro 192.186.196.71 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

13 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

2 Countries

117 kBTransfer

361 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

21 JavaScript Global Variables

1 Cookies

Indicators

firetechgulf.com Open in urlscan Pro
192.186.196.71 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

2
Countries

117 kB
Transfer

361 kB
Size

1
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!