birikimgrup.com
Open in
urlscan Pro
94.73.147.237
Malicious Activity!
Public Scan
Submission: On October 31 via automatic, source openphish
Summary
This is the only time birikimgrup.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayPal (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
18 | 94.73.147.237 94.73.147.237 | 34619 (CIZGI) (CIZGI) | |
1 | 2a00:1450:400... 2a00:1450:4001:814::200a | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
5 | 2.18.232.222 2.18.232.222 | 16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies) | |
24 | 3 |
ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-232-222.deploy.static.akamaitechnologies.com
www.paypalobjects.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
18 |
birikimgrup.com
birikimgrup.com |
389 KB |
5 |
paypalobjects.com
www.paypalobjects.com |
190 KB |
1 |
googleapis.com
ajax.googleapis.com |
33 KB |
24 | 3 |
Domain | Requested by | |
---|---|---|
18 | birikimgrup.com |
birikimgrup.com
|
5 | www.paypalobjects.com |
birikimgrup.com
|
1 | ajax.googleapis.com |
birikimgrup.com
|
24 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.googleapis.com Google Internet Authority G3 |
2018-10-09 - 2019-01-01 |
3 months | crt.sh |
www.paypal.com DigiCert SHA2 Extended Validation Server CA |
2018-08-14 - 2020-08-18 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
http://birikimgrup.com/app/sc/cgi/updatecarding.php?0fdb211806043774ad37837b61cd41f6?dispatch=
Frame ID: 2274AEFABE5AF5FC169AE4CDB5FFE531
Requests: 24 HTTP requests in this frame
Screenshot
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
LiteSpeed (Web Servers) Expand
Detected patterns
- headers server /^LiteSpeed$/i
PayPal (Payment Processors) Expand
Detected patterns
- env /^PAYPAL$/i
SiteCatalyst (Analytics) Expand
Detected patterns
- env /^s_(?:account|objectID|code|INST)$/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js/i
- env /^jQuery$/i
webpack (Miscellaneous) Expand
Detected patterns
- env /^webpackJsonp$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
24 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
updatecarding.php
birikimgrup.com/app/sc/cgi/ |
28 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ys_app.ltr.css
birikimgrup.com/app/sc/cgi/YSASSETS/css/ |
287 KB 46 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ys_ppl-sans.css
birikimgrup.com/app/sc/cgi/YSASSETS/css/ |
5 KB 740 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ys_summary.ltr.css
birikimgrup.com/app/sc/cgi/YSASSETS/css/ |
300 KB 55 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ys_app.css
birikimgrup.com/app/sc/cgi/YSASSETS/css/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ys_rotate.css
birikimgrup.com/app/sc/cgi/YSASSETS/css/ |
2 KB 878 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.12.4/ |
95 KB 33 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.maskedinput.js
birikimgrup.com/app/sc/cgi/YSASSETS/js/ |
10 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
information.png
birikimgrup.com/app/sc/cgi/YSASSETS/img/ |
27 KB 27 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
worning.png
birikimgrup.com/app/sc/cgi/YSASSETS/img/ |
445 B 737 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ys_ppl_647892.js
birikimgrup.com/app/sc/cgi/YSASSETS/js/ |
61 KB 23 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ys_pa.js
birikimgrup.com/app/sc/cgi/YSASSETS/js/ |
29 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ys_appli.js
birikimgrup.com/app/sc/cgi/YSASSETS/js/ |
529 KB 158 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ys_bootstrap.js
birikimgrup.com/app/sc/cgi/YSASSETS/js/ |
63 KB 19 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
updatecarding.php
birikimgrup.com/app/sc/cgi/ |
0 8 KB |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ys_zbilal9ithaBTdzabi.png
birikimgrup.com/app/sc/cgi/YSASSETS/img/ |
8 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ys_icon_input.png
birikimgrup.com/app/sc/cgi/YSASSETS/img/ |
24 KB 25 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
PayPalSansBig-Regular.woff2
www.paypalobjects.com/ui-web/paypal-sans-big/1-0-0/ |
38 KB 38 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
ConsumerIcons-Regular.woff
www.paypalobjects.com/ui-web/iconfont-consumer/3-3-0/fonts/ |
35 KB 35 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
PayPalSansBig-Medium.woff2
www.paypalobjects.com/ui-web/paypal-sans-big/1-0-0/ |
39 KB 39 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
PayPalSansBig-Light.woff2
www.paypalobjects.com/ui-web/paypal-sans-big/1-0-0/ |
37 KB 38 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
PayPalSansBig-Thin.woff2
www.paypalobjects.com/ui-web/paypal-sans-big/1-0-0/ |
39 KB 39 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
undefined
birikimgrup.com/app/sc/cgi/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ajaxError.js
birikimgrup.com/templates/widgets/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayPal (Financial)37 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery function| YASS_ta3rif_carte function| isNumberKey function| ValidateAlpha function| cc_format string| sc_code_ver string| s_account object| s function| s_doPlugins string| s_code undefined| s_objectID function| s_gi function| s_giqf string| s_an function| s_sp function| s_jn function| s_rep function| s_d function| s_fe function| s_fa function| s_ft object| s_c_il number| s_c_in number| s_giq object| PAYPAL object| fpti string| fptiserverurl function| webpackJsonp object| core object| __core-js_shared__ object| _REQJS_ object| dust object| jQuery11020023113085589122173 object| fireflyAPI object| ensBootstraps object| Bootstrapper1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.birikimgrup.com/ | Name: s_sess Value: %20s_ppv%3D96%3B |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
birikimgrup.com
www.paypalobjects.com
2.18.232.222
2a00:1450:4001:814::200a
94.73.147.237
1874ea5e78629eb0a0bac87800916d23b6a7796cc53fcb16ada872fea82b4230
2132859bb0ef10e8130e805c0df89044392c1233284bb489844ff1bc19fc227b
2351bbc39303736cd3a670db10427adc13c256dd6b639f0545bfd104947d3427
39bc33f508e63450012016fb13d7c204afcf075ff2af59986127bcb88a6b8407
4619d70d7bd1b3d7572940e9ee7f31bc4c07f4c9cad6ae2d3e5b2eb555b6a2c0
4800c374db604121f2520e1d663d56bafa65f6af519be9a6c225ffb53ffabd43
5ca63f9d668f1d38e6a85f426704c402571f11b25e54cabc0814c9079e77fc4a
60db5bdebc470b5204dc001969958339c0cb700c36403bb2dd2abdcf2ff7ed7e
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
707b984c5c13152e4eaff00bb6000a9e3050a0a086030d2a25525c8dd2bd536e
8bd273047bfdf81986ec87692e6feae83d44b36ccd15f3badd7e27c7af80e2c1
9600c17aa3b630f23242bcfa3762ce4de45776e3092efda870b7e23ecee79d72
96a8c02dd0bf6836178bc1886c11ecbc6be5925bd950130440c0c7aad628f69a
aedea09778957f213e165cf8566d24f6168d72c190f62442fb2966312b4c2af9
b0eb4632ccc36ee0f53aa0faa232b21a75c41d985069e78edebe9c8637714bee
c75ef4ed711014b31fe4cc01e7b96ee7723d2fe8b77c7158f45a885f1a15d4ad
d7793651ef95bfe8e9e0ca8660c9ee4e76744c40f04ee8427a388ca1005fc29b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ed31d6de23f26ffc0da51b24fd527e073c9c1ab1d1575e6d44cb515dcfc2a092
efbab891026f391a18fabc61efd3aa69327449d51ca75dbbe6a725e11f8e6289
f05c992487bb71e5f2f603728254ddce12b9f8c051501b9b3631c2c2e421ea0d
feeef692825e15f82abd557ca71f54d2991e2a9945ec31b5bcd7573bf12fa907