pp.bersca.com
Open in
urlscan Pro
2606:4700:30::681b:8a0c
Malicious Activity!
Public Scan
Effective URL: https://pp.bersca.com/?q16r=R1w2/T/3I9V8m4V/E/TemplateID/G/NL_He_CK/o/s001/malou%40vanhove.eu
Submission: On October 25 via api from BE
Summary
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on October 1st 2019. Valid for: a year.
This is the only time pp.bersca.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Scam (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 51.15.156.89 51.15.156.89 | 12876 (Online SAS) (Online SAS) | |
22 | 2606:4700:30:... 2606:4700:30::681b:8a0c | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
1 | 2606:4700::68... 2606:4700::6813:c397 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
1 | 2a00:1450:400... 2a00:1450:4001:806::200a | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
2 | 2a00:1450:400... 2a00:1450:4001:81a::2003 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
26 | 4 |
ASN12876 (Online SAS, FR)
PTR: g11.faridengineer.northshirecomputer.com
hardware.northshirecomputer.com |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
pp.bersca.com |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
cdnjs.cloudflare.com |
ASN15169 (GOOGLE - Google LLC, US)
fonts.googleapis.com |
ASN15169 (GOOGLE - Google LLC, US)
fonts.gstatic.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
22 |
bersca.com
pp.bersca.com |
837 KB |
2 |
gstatic.com
fonts.gstatic.com |
18 KB |
1 |
googleapis.com
fonts.googleapis.com |
1 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com |
6 KB |
1 |
northshirecomputer.com
1 redirects
hardware.northshirecomputer.com |
676 B |
26 | 5 |
Domain | Requested by | |
---|---|---|
22 | pp.bersca.com |
pp.bersca.com
|
2 | fonts.gstatic.com |
pp.bersca.com
|
1 | fonts.googleapis.com |
pp.bersca.com
|
1 | cdnjs.cloudflare.com |
pp.bersca.com
|
1 | hardware.northshirecomputer.com | 1 redirects |
26 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
mtp.capitalrtv.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com CloudFlare Inc ECC CA-2 |
2019-10-01 - 2020-09-30 |
a year | crt.sh |
ssl412106.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2 |
2019-08-10 - 2020-02-16 |
6 months | crt.sh |
*.googleapis.com GTS CA 1O1 |
2019-10-10 - 2020-01-02 |
3 months | crt.sh |
*.google.com GTS CA 1O1 |
2019-10-10 - 2020-01-02 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://pp.bersca.com/?q16r=R1w2/T/3I9V8m4V/E/TemplateID/G/NL_He_CK/o/s001/malou%40vanhove.eu
Frame ID: 2A4E6104F6F3E41144C6C536818A4C55
Requests: 26 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://hardware.northshirecomputer.com/ga/click/2-91169324-1438-148114-269886-170165-c5b61d535f-b770d1d942
HTTP 302
https://pp.bersca.com/?q16r=R1w2/T/3I9V8m4V/E/TemplateID/G/NL_He_CK/o/s001/malou%40vanhove.eu Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
- script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i
CloudFlare (CDN) Expand
Detected patterns
- headers server /^cloudflare$/i
Font Awesome (Font Scripts) Expand
Detected patterns
- html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
4 Outgoing links
These are links going to different origins than the main page.
Title: Amazon Cadeaubon(560)Aanbiedingsprijs: 3 €Waarde: 350 € Ik kies dit →
Search URL Search Domain Scan URL
Title: Amazon Prime Video Premium(560)Aanbiedingsprijs: 1 €Waarde: 129 € Ik kies dit →
Search URL Search Domain Scan URL
Title: Apple iPhone 11 Pro(560)Aanbiedingsprijs: 4 €Waarde: 1145 € Ik kies dit →
Search URL Search Domain Scan URL
Title: Apple iPhone XS(560)Aanbiedingsprijs: 3 €Waarde: 988.99 € Ik kies dit →
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://hardware.northshirecomputer.com/ga/click/2-91169324-1438-148114-269886-170165-c5b61d535f-b770d1d942
HTTP 302
https://pp.bersca.com/?q16r=R1w2/T/3I9V8m4V/E/TemplateID/G/NL_He_CK/o/s001/malou%40vanhove.eu Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
26 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
pp.bersca.com/ Redirect Chain
|
22 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.5.0/css/ |
27 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
pp.bersca.com/allcustomfiles/NL-Amazon2-New/ |
118 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
custome.css
pp.bersca.com/allcustomfiles/NL-Amazon2-New/ |
38 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
pp.bersca.com/allcustomfiles/NL-Amazon2-New/ |
85 KB 29 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
pp.bersca.com/allcustomfiles/NL-Amazon2-New/ |
36 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
serchmenu.png
pp.bersca.com/allcustomfiles/NL-Amazon2-New/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
serch_cart.png
pp.bersca.com/allcustomfiles/NL-Amazon2-New/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
amazon.jpg
pp.bersca.com/allcustomfiles/NL-Amazon2-New/ |
114 KB 114 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1.png
pp.bersca.com/allcustomfiles/NL-Amazon2-New/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2.png
pp.bersca.com/allcustomfiles/NL-Amazon2-New/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3.png
pp.bersca.com/allcustomfiles/NL-Amazon2-New/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
4.png
pp.bersca.com/allcustomfiles/NL-Amazon2-New/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
5.png
pp.bersca.com/allcustomfiles/NL-Amazon2-New/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all-shoes.png
pp.bersca.com/allcustomfiles/NL-Amazon2-New/ |
283 KB 284 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gift1.png
pp.bersca.com/allcustomfiles/NL-Amazon2-New/ |
15 KB 15 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
site-img153.png
pp.bersca.com/allcustomfiles/NL-Amazon2-New/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
prime.png
pp.bersca.com/allcustomfiles/NL-Amazon2-New/ |
82 KB 83 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
11.png
pp.bersca.com/allcustomfiles/NL-Amazon2-New/ |
45 KB 46 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
xs.png
pp.bersca.com/allcustomfiles/NL-Amazon2-New/ |
50 KB 50 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ssl.png
pp.bersca.com/allcustomfiles/NL-Amazon2-New/ |
6 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo-poup.png
pp.bersca.com/allcustomfiles/NL-Amazon2-New/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
26 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
water-mark.png
pp.bersca.com/allcustomfiles/NL-Amazon2-New/ |
130 KB 131 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v17/ |
9 KB 9 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v17/ |
9 KB 9 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Scam (Online)17 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery function| chkvali function| partstep function| toSimpleJson object| titleAry object| favcon number| idx number| interval function| setTitle function| startTimer function| what function| increaseJQ boolean| DoincreaseNos number| srt1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.bersca.com/ | Name: __cfduid Value: d11367e0e72de0bce4ca4294e0ab2db8c1571992307 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
fonts.googleapis.com
fonts.gstatic.com
hardware.northshirecomputer.com
pp.bersca.com
2606:4700:30::681b:8a0c
2606:4700::6813:c397
2a00:1450:4001:806::200a
2a00:1450:4001:81a::2003
51.15.156.89
023f00aa575c39012b25c347022b2000a86ba5fca39ceb8ef44ba19f0c6213d2
04d480e4a19dc22ba70a8c21089b67371e724cb19dde8708d8a1e0537be22f3f
07eb35288a776896b7eefbcbc77cebab38ff24ff7cbe0894c0f6e6784ebcb404
08819f846f3767d573569150377acc5f989c8cd6fbfda2a48e2e37c1912d4df9
0c8055d564aaa3cf6c7c8e3169c893cd38446f2f21e151f7c25160a657c557b7
1a0f9026f78ee01c916d6873438ff7ba714e72e2389d3af6e9c63fe2f0b99778
27a80567a73abf223ac116a73afe7d2689504b23cef50e4f73d0282f312101dc
3e48e5f1aa859ddc9061400fce486cd0543dcbe1f0158ae5f76c80acbef37440
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
60694fe72c08225bbaa64b76efc6c19e40c22d88f1bc41ec9fc1f707879ecff8
6dbe0068c96e68f999ecea3933c6d2db8bf6003369416ef48b4bfa69823c7b7e
8183b7a581a37e20445abebd19e0b2b37ddb618f1acf0ef5a6a0b3fcc5a131fe
8aa873a7243fb9292d7395eb570ef49a364a5632b4e764088ba6d1dbc325022a
9b349a187023849e575bef36ff125b3147d0e5675a9cccb96e4f70661333f472
a28ccf8a7b50522bdeea0cd83cdeca221c18fc1f9df3ee6b3d3c48d599206855
a48a6e4b14fe55f750c0a3dfb5a6f4941bdc06af0aa542b90de25c30c2b4625c
ba8f096e0cd89caf4db10915fc7808b4fa1ddcabbdba9538764d8b995d18b636
c0ea3d4efff6b9728051212b311a7e1cacda6f2c1750a7b33816c2d13cfad0b5
c68159dc354ef072d95b8a8b9c9f84485a20672f6172e43a3adc35e8932cdd0b
c8c708882d32db7e4d15c409291f7ca9bb16961e61a09331de892edb85d5e3df
c9ccef10e8a12a15401d32a4cae42c725e128af8d1b8d36d0b1d1e6c691123fc
ddd92f10ad162c7449eff0acaf40598c05b1111739587edb75e5326b6697c5d5
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c
fd2dda7485a9fef032f36694a1168141fbd485f1704eabca64e4a02d3ae14c9a
fd902546c431d08bcd848671975a0a0e126437bb3c8c032bb1b69218179222f1