en.baikal-planet.ru
Open in
urlscan Pro
81.177.140.121
Malicious Activity!
Public Scan
Submission: On September 11 via api from TW
Summary
This is the only time en.baikal-planet.ru was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayPal (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 | 81.177.140.121 81.177.140.121 | 8342 (RTCOMM-AS) (RTCOMM-AS) | |
3 | 2a00:1450:400... 2a00:1450:4001:814::2004 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:815::2003 | 15169 (GOOGLE) (GOOGLE) | |
8 | 4 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
3 |
google.com
www.google.com |
551 B |
3 |
baikal-planet.ru
en.baikal-planet.ru |
163 KB |
1 |
gstatic.com
www.gstatic.com |
132 KB |
8 | 3 |
Domain | Requested by | |
---|---|---|
3 | www.google.com |
en.baikal-planet.ru
www.gstatic.com |
3 | en.baikal-planet.ru |
en.baikal-planet.ru
|
1 | www.gstatic.com |
www.google.com
|
8 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.google.com GTS CA 1O1 |
2020-08-26 - 2020-11-18 |
3 months | crt.sh |
*.gstatic.com GTS CA 1O1 |
2020-08-26 - 2020-11-18 |
3 months | crt.sh |
*.google.com GTS CA 1O1 |
2020-08-26 - 2020-11-18 |
3 months | crt.sh |
This page contains 3 frames:
Primary Page:
http://en.baikal-planet.ru/modules/locale/tests/translations/YY2X92NBPQSOK96123VVPSKOFDOCKCkKOAfr/
Frame ID: 4122D614EFC35586EEDA40D8D9E62091
Requests: 6 HTTP requests in this frame
Frame:
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdJ4bgUAAAAALd-V5YSdgMt8HEG0P4bgmP-H7HQ&co=aHR0cDovL2VuLmJhaWthbC1wbGFuZXQucnU6ODA.&hl=en&v=iSHzt4kCrNgSxGUYDFqaZAL9&size=normal&cb=7lacr27qtte2
Frame ID: 06AE5D8C8EB739E83D280E5C8BD06D9B
Requests: 1 HTTP requests in this frame
Frame:
https://www.google.com/recaptcha/api2/bframe?hl=en&v=iSHzt4kCrNgSxGUYDFqaZAL9&k=6LdJ4bgUAAAAALd-V5YSdgMt8HEG0P4bgmP-H7HQ&cb=2ps3zyirkpyd
Frame ID: 31962E41BCA64F784AA52253080B1E6D
Requests: 1 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
en.baikal-planet.ru/modules/locale/tests/translations/YY2X92NBPQSOK96123VVPSKOFDOCKCkKOAfr/ |
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
log.css
en.baikal-planet.ru/modules/locale/tests/translations/YY2X92NBPQSOK96123VVPSKOFDOCKCkKOAfr/cs/xBanana/lib/css/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
api.js
www.google.com/recaptcha/ |
736 B 551 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pp.svg
en.baikal-planet.ru/modules/locale/tests/translations/YY2X92NBPQSOK96123VVPSKOFDOCKCkKOAfr/cs/xBanana/lib/img/ |
4 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
recaptcha__en.js
www.gstatic.com/recaptcha/releases/iSHzt4kCrNgSxGUYDFqaZAL9/ |
336 KB 132 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bck.jpeg
en.baikal-planet.ru/modules/locale/tests/translations/YY2X92NBPQSOK96123VVPSKOFDOCKCkKOAfr/cs/xBanana/lib/img/ |
156 KB 157 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
anchor
www.google.com/recaptcha/api2/ Frame 06AE |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
bframe
www.google.com/recaptcha/api2/ Frame 3196 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- en.baikal-planet.ru
- URL
- http://en.baikal-planet.ru/modules/locale/tests/translations/YY2X92NBPQSOK96123VVPSKOFDOCKCkKOAfr/cs/xBanana/lib/css/log.css
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayPal (Financial)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| trustedTypes object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client function| correctCaptcha object| recaptcha object| closure_lm_7461040 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
en.baikal-planet.ru
www.google.com
www.gstatic.com
en.baikal-planet.ru
2a00:1450:4001:814::2004
2a00:1450:4001:815::2003
81.177.140.121
19455abeb5d16262ebc0ad8c9d07c8e7832510dabc6bc821937b7e22b51c5004
854f7a7915f240546d3950dd2b067466da13c013d04a3f8c790880c58ec61151
85816cdb3190281e1d4ce7ef9bb5688a68ed4e1d43fa366ba2197680e528e490
a128fb1545d3342544c7b05f795e565fca6d9458cd198558bc267e25c5d746a7
b38e3464dee0d0f1007c2c1195c69202c8212455c982d1fddf214b8aeedcb417