p0czta.net Open in urlscan Pro
2606:4700:3037::681b:8d42 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://p0czta.net/VlMXysUyiK17qecn1k/ExsbGz
Submission: On October 21 via api (October 21st 2020, 6:48:28 pm UTC) from PL

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 14 HTTP transactions. The main IP is 2606:4700:3037::681b:8d42, located in United States and belongs to CLOUDFLARENET, US. The main domain is p0czta.net.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on October 20th 2020. Valid for: a year.

This is the only time p0czta.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayU (Financial)

Domain & IP information

	IP Address		AS Autonomous System
14	2606:4700:303... 2606:4700:3037::681b:8d42		13335 (CLOUDFLAR...) (CLOUDFLARENET)
14	1

14 2606:4700:3037::681b:8d42 (United States)

ASN13335 (CLOUDFLARENET, US)

p0czta.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	p0czta.net p0czta.net	641 KB
14	1

	Domain	Requested by
14	p0czta.net	p0czta.net
14	1

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-10-20` - `2021-10-19`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://p0czta.net/VlMXysUyiK17qecn1k/ExsbGz
Frame ID: 9F1B428952B01E64E5471CE077640EC3
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

14
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

641 kB
Transfer

740 kB
Size

5
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request ExsbGz Show response p0czta.net/VlMXysUyiK17qecn1k/	13 KB 4 KB	150ms 124ms	Document text/html	2606:4700:3037::681b:8d42 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://p0czta.net/VlMXysUyiK17qecn1k/ExsbGz Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::681b:8d42 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4.7RC1 Resource Hash `35092f4324671196ac445e1b50e9a3aee90ad9d0def0707672d77de34f23a999` Request headers :method GET :authority p0czta.net :scheme https :path /VlMXysUyiK17qecn1k/ExsbGz pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers status 200 date Wed, 21 Oct 2020 18:48:11 GMT content-type text/html; charset=UTF-8 set-cookie __cfduid=dd5f23fd2501c5f8bce290e924a6da1411603306091; expires=Fri, 20-Nov-20 18:48:11 GMT; path=/; domain=.p0czta.net; HttpOnly; SameSite=Lax PHPSESSID=8d56veu4okgqaeclqhm4vaas8k; path=/ 211ffe39cfee9992d51129c4f0b58b22=2935688852; expires=Wed, 21-Oct-2020 19:46:58 GMT; Max-Age=3527 a1c08e6ac7421d6293de733f97f52c4b=3493699512; expires=Wed, 21-Oct-2020 19:49:31 GMT; Max-Age=3680 d9495249fc6fe370bfeaed6fdf8878e4=4158039620; expires=Wed, 21-Oct-2020 19:47:47 GMT; Max-Age=3576 vary Accept-Encoding x-powered-by PHP/7.4.7RC1 expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-store, no-cache, must-revalidate pragma no-cache cf-cache-status DYNAMIC cf-request-id 05ee168b320000178aa59bc000000001 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?lkg-colo=71&lkg-time=1603306091"}],"group":"cf-nel","max_age":604800} nel {"report_to":"cf-nel","max_age":604800} server cloudflare cf-ray 5e5d26beadd7178a-FRA content-encoding br
GET H2	200	cfd48cd95256e740ee269f3c179e0603a.css p0czta.net/VlMXysUyiK17qecn1k/css/	38 KB 9 KB	110ms 110ms	Stylesheet text/css	2606:4700:3037::681b:8d42 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://p0czta.net/VlMXysUyiK17qecn1k/css/cfd48cd95256e740ee269f3c179e0603a.css Requested by Host: p0czta.net URL: https://p0czta.net/VlMXysUyiK17qecn1k/ExsbGz Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::681b:8d42 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4.7RC1 Resource Hash `0ef55e4ae9847d638ece8e9fbc537cec901e2b82fd633e0af09fcde726b30b31` Request headers Referer https://p0czta.net/VlMXysUyiK17qecn1k/ExsbGz User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 21 Oct 2020 18:48:11 GMT content-encoding br cf-cache-status BYPASS nel {"report_to":"cf-nel","max_age":604800} x-powered-by PHP/7.4.7RC1 status 200 cf-request-id 05ee168bab0000178ad7a79000000001 pragma no-cache server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?lkg-colo=71&lkg-time=1603306092"}],"group":"cf-nel","max_age":604800} content-type text/css;charset=UTF-8 cache-control no-store, no-cache, must-revalidate cf-ray 5e5d26bf7fca178a-FRA expires Thu, 19 Nov 1981 08:52:00 GMT
GET H2	200	jquery.js Show response p0czta.net/VlMXysUyiK17qecn1k/	86 KB 30 KB	21ms 21ms	Script application/javascript	2606:4700:3037::681b:8d42 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://p0czta.net/VlMXysUyiK17qecn1k/jquery.js Requested by Host: p0czta.net URL: https://p0czta.net/VlMXysUyiK17qecn1k/ExsbGz Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::681b:8d42 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a` Request headers Referer https://p0czta.net/VlMXysUyiK17qecn1k/ExsbGz User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 21 Oct 2020 18:48:11 GMT content-encoding br cf-cache-status HIT nel {"report_to":"cf-nel","max_age":604800} age 741 status 200 cf-request-id 05ee168bac0000178a8c8f6000000001 last-modified Fri, 06 Mar 2020 13:17:46 GMT server cloudflare etag W/"5e624d7a-15851" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?lkg-colo=71&lkg-time=1603306091"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=315360000 cf-ray 5e5d26bf7fcd178a-FRA expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	77246b26172d8480e213007c1db475fc.jpg p0czta.net/VlMXysUyiK17qecn1k/css/	59 KB 59 KB	107ms 107ms	Image image/jpeg	2606:4700:3037::681b:8d42 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://p0czta.net/VlMXysUyiK17qecn1k/css/77246b26172d8480e213007c1db475fc.jpg Requested by Host: p0czta.net URL: https://p0czta.net/VlMXysUyiK17qecn1k/css/cfd48cd95256e740ee269f3c179e0603a.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::681b:8d42 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4.7RC1 Resource Hash `ef21b8d045fa2d8f75cf5adcc76a287fa6f0dc0afe7dfe8a62503063ee02e08b` Request headers Referer https://p0czta.net/VlMXysUyiK17qecn1k/css/cfd48cd95256e740ee269f3c179e0603a.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers pragma no-cache date Wed, 21 Oct 2020 18:48:11 GMT cf-cache-status BYPASS nel {"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/7.4.7RC1 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?lkg-colo=71&lkg-time=1603306092"}],"group":"cf-nel","max_age":604800} content-type image/jpeg status 200 cache-control no-store, no-cache, must-revalidate cf-ray 5e5d26c039eb178a-FRA cf-request-id 05ee168c260000178af1b85000000001 expires Thu, 19 Nov 1981 08:52:00 GMT
GET H2	200	11397048c87f000bff4452558301bfe2.png p0czta.net/VlMXysUyiK17qecn1k/css/	5 KB 5 KB	98ms 97ms	Image image/png	2606:4700:3037::681b:8d42 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://p0czta.net/VlMXysUyiK17qecn1k/css/11397048c87f000bff4452558301bfe2.png Requested by Host: p0czta.net URL: https://p0czta.net/VlMXysUyiK17qecn1k/css/cfd48cd95256e740ee269f3c179e0603a.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::681b:8d42 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4.7RC1 Resource Hash `3c1de0cb994186112865a779678d143909573f6a6aebd9a1d6a4e466d4fef976` Request headers Referer https://p0czta.net/VlMXysUyiK17qecn1k/css/cfd48cd95256e740ee269f3c179e0603a.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 21 Oct 2020 18:48:11 GMT cf-cache-status BYPASS nel {"report_to":"cf-nel","max_age":604800} x-powered-by PHP/7.4.7RC1 status 200 content-length 5442 cf-request-id 05ee168c270000178a8c900000000001 pragma no-cache server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?lkg-colo=71&lkg-time=1603306092"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control no-store, no-cache, must-revalidate accept-ranges bytes cf-ray 5e5d26c039ed178a-FRA expires Thu, 19 Nov 1981 08:52:00 GMT
GET H2	200	927bdf8dfede969237066a8c0bf37a15.png p0czta.net/VlMXysUyiK17qecn1k/css/	135 KB 135 KB	110ms 110ms	Image image/png	2606:4700:3037::681b:8d42 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://p0czta.net/VlMXysUyiK17qecn1k/css/927bdf8dfede969237066a8c0bf37a15.png Requested by Host: p0czta.net URL: https://p0czta.net/VlMXysUyiK17qecn1k/css/cfd48cd95256e740ee269f3c179e0603a.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::681b:8d42 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4.7RC1 Resource Hash `41d3f1131ee743d597033e5410c4c49689d1183b32ba5dc6379da57f8e2faa0e` Request headers Referer https://p0czta.net/VlMXysUyiK17qecn1k/css/cfd48cd95256e740ee269f3c179e0603a.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers pragma no-cache date Wed, 21 Oct 2020 18:48:11 GMT cf-cache-status BYPASS nel {"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/7.4.7RC1 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?lkg-colo=71&lkg-time=1603306092"}],"group":"cf-nel","max_age":604800} content-type image/png status 200 cache-control no-store, no-cache, must-revalidate cf-ray 5e5d26c039f3178a-FRA cf-request-id 05ee168c270000178abc8f5000000001 expires Thu, 19 Nov 1981 08:52:00 GMT
GET H2	200	b151941c538ddffeb9284d6fca99f08f.png p0czta.net/VlMXysUyiK17qecn1k/css/	1 KB 1 KB	104ms 104ms	Image image/png	2606:4700:3037::681b:8d42 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://p0czta.net/VlMXysUyiK17qecn1k/css/b151941c538ddffeb9284d6fca99f08f.png Requested by Host: p0czta.net URL: https://p0czta.net/VlMXysUyiK17qecn1k/css/cfd48cd95256e740ee269f3c179e0603a.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::681b:8d42 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4.7RC1 Resource Hash `ad281474ae4cfac51afafe5a975ae63999893ebcc2b5a0da3a32c1a94727dac4` Request headers Referer https://p0czta.net/VlMXysUyiK17qecn1k/css/cfd48cd95256e740ee269f3c179e0603a.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 21 Oct 2020 18:48:11 GMT cf-cache-status BYPASS nel {"report_to":"cf-nel","max_age":604800} x-powered-by PHP/7.4.7RC1 status 200 content-length 1393 cf-request-id 05ee168c270000178ac58d6000000001 pragma no-cache server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?lkg-colo=71&lkg-time=1603306092"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control no-store, no-cache, must-revalidate accept-ranges bytes cf-ray 5e5d26c039f7178a-FRA expires Thu, 19 Nov 1981 08:52:00 GMT
GET H2	200	opensans-regular-webfont.woff p0czta.net/VlMXysUyiK17qecn1k/css/fonts/	87 KB 88 KB	28ms 27ms	Font application/font-woff	2606:4700:3037::681b:8d42 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://p0czta.net/VlMXysUyiK17qecn1k/css/fonts/opensans-regular-webfont.woff Requested by Host: p0czta.net URL: https://p0czta.net/VlMXysUyiK17qecn1k/css/cfd48cd95256e740ee269f3c179e0603a.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::681b:8d42 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `9650a5ba277274205e90974e7fb4183289ca51653c33fc291ad064bf8dd998e1` Request headers Origin https://p0czta.net Referer https://p0czta.net/VlMXysUyiK17qecn1k/css/cfd48cd95256e740ee269f3c179e0603a.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 21 Oct 2020 18:48:11 GMT content-encoding br cf-cache-status HIT nel {"report_to":"cf-nel","max_age":604800} age 740 status 200 cf-request-id 05ee168c2c0000178ac10a5000000001 last-modified Sun, 21 Oct 2018 18:37:28 GMT server cloudflare etag W/"15de8-578c16db2aa00" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?lkg-colo=71&lkg-time=1603306092"}],"group":"cf-nel","max_age":604800} content-type application/font-woff cache-control max-age=14400 cf-ray 5e5d26c04a07178a-FRA
GET H2	200	opensans-light-webfont.woff p0czta.net/VlMXysUyiK17qecn1k/css/fonts/	84 KB 84 KB	24ms 24ms	Font application/font-woff	2606:4700:3037::681b:8d42 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://p0czta.net/VlMXysUyiK17qecn1k/css/fonts/opensans-light-webfont.woff Requested by Host: p0czta.net URL: https://p0czta.net/VlMXysUyiK17qecn1k/css/cfd48cd95256e740ee269f3c179e0603a.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::681b:8d42 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0fe491e2047389b9deb7a06fd36de7fec03af2791ec29461be02571cbebdb4ab` Request headers Origin https://p0czta.net Referer https://p0czta.net/VlMXysUyiK17qecn1k/css/cfd48cd95256e740ee269f3c179e0603a.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 21 Oct 2020 18:48:11 GMT content-encoding br cf-cache-status HIT nel {"report_to":"cf-nel","max_age":604800} age 740 status 200 cf-request-id 05ee168c2f0000178ac6265000000001 last-modified Sun, 21 Oct 2018 18:36:32 GMT server cloudflare etag W/"15000-578c16a5c2c00" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?lkg-colo=71&lkg-time=1603306092"}],"group":"cf-nel","max_age":604800} content-type application/font-woff cache-control max-age=14400 cf-ray 5e5d26c04a14178a-FRA
GET H2	200	opensans-semibold-webfont.woff p0czta.net/VlMXysUyiK17qecn1k/css/fonts/	89 KB 89 KB	23ms 23ms	Font application/font-woff	2606:4700:3037::681b:8d42 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://p0czta.net/VlMXysUyiK17qecn1k/css/fonts/opensans-semibold-webfont.woff Requested by Host: p0czta.net URL: https://p0czta.net/VlMXysUyiK17qecn1k/css/cfd48cd95256e740ee269f3c179e0603a.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::681b:8d42 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `431817115e31ff8604ab76a86ce6ed55d02cd5ea7332bd0ed3d15d9b5bf9aaae` Request headers Origin https://p0czta.net Referer https://p0czta.net/VlMXysUyiK17qecn1k/css/cfd48cd95256e740ee269f3c179e0603a.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 21 Oct 2020 18:48:11 GMT content-encoding br cf-cache-status HIT nel {"report_to":"cf-nel","max_age":604800} age 740 status 200 cf-request-id 05ee168c320000178adc349000000001 last-modified Sun, 21 Oct 2018 18:38:38 GMT server cloudflare etag W/"16420-578c171dec780" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?lkg-colo=71&lkg-time=1603306092"}],"group":"cf-nel","max_age":604800} content-type application/font-woff cache-control max-age=14400 cf-ray 5e5d26c04a17178a-FRA
GET H2	200	PFBeauSansPro-Bold.woff p0czta.net/VlMXysUyiK17qecn1k/css/fonts/	142 KB 135 KB	17ms 16ms	Font application/font-woff	2606:4700:3037::681b:8d42 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://p0czta.net/VlMXysUyiK17qecn1k/css/fonts/PFBeauSansPro-Bold.woff Requested by Host: p0czta.net URL: https://p0czta.net/VlMXysUyiK17qecn1k/css/cfd48cd95256e740ee269f3c179e0603a.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::681b:8d42 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `c8b380cdc92601f7195d0cd34c777bcdee7dcd285e110534a8cf48bfa7d8b2e8` Request headers Origin https://p0czta.net Referer https://p0czta.net/VlMXysUyiK17qecn1k/css/cfd48cd95256e740ee269f3c179e0603a.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Wed, 21 Oct 2020 18:48:11 GMT content-encoding br cf-cache-status HIT nel {"report_to":"cf-nel","max_age":604800} age 740 status 200 cf-request-id 05ee168c2f0000178ad2163000000001 last-modified Sun, 21 Oct 2018 18:35:56 GMT server cloudflare etag W/"2374c-578c16836db00" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?lkg-colo=71&lkg-time=1603306092"}],"group":"cf-nel","max_age":604800} content-type application/font-woff cache-control max-age=14400 cf-ray 5e5d26c04a18178a-FRA
POST H2	200	online.php Show response p0czta.net/VlMXysUyiK17qecn1k/	0 512 B	104ms 103ms	XHR text/html	2606:4700:3037::681b:8d42 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://p0czta.net/VlMXysUyiK17qecn1k/online.php Requested by Host: p0czta.net URL: https://p0czta.net/VlMXysUyiK17qecn1k/jquery.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::681b:8d42 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4.7RC1 Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Accept / Referer https://p0czta.net/VlMXysUyiK17qecn1k/ExsbGz X-Requested-With XMLHttpRequest User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers pragma no-cache date Wed, 21 Oct 2020 18:48:19 GMT content-encoding br cf-cache-status DYNAMIC nel {"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/7.4.7RC1 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?lkg-colo=71&lkg-time=1603306100"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 status 200 cache-control no-store, no-cache, must-revalidate cf-ray 5e5d26f29888178a-FRA cf-request-id 05ee16ab9b0000178a8f20d000000001 expires Thu, 19 Nov 1981 08:52:00 GMT
POST H2	200	online.php Show response p0czta.net/VlMXysUyiK17qecn1k/	0 220 B	103ms 103ms	XHR text/html	2606:4700:3037::681b:8d42 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://p0czta.net/VlMXysUyiK17qecn1k/online.php Requested by Host: p0czta.net URL: https://p0czta.net/VlMXysUyiK17qecn1k/jquery.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::681b:8d42 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4.7RC1 Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Accept / Referer https://p0czta.net/VlMXysUyiK17qecn1k/ExsbGz X-Requested-With XMLHttpRequest User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers pragma no-cache date Wed, 21 Oct 2020 18:48:21 GMT content-encoding br cf-cache-status DYNAMIC nel {"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/7.4.7RC1 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?lkg-colo=71&lkg-time=1603306101"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 status 200 cache-control no-store, no-cache, must-revalidate cf-ray 5e5d26fc9974178a-FRA cf-request-id 05ee16b1e30000178aca2bb000000001 expires Thu, 19 Nov 1981 08:52:00 GMT
POST H2	200	online.php Show response p0czta.net/VlMXysUyiK17qecn1k/	0 221 B	110ms 110ms	XHR text/html	2606:4700:3037::681b:8d42 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://p0czta.net/VlMXysUyiK17qecn1k/online.php Requested by Host: p0czta.net URL: https://p0czta.net/VlMXysUyiK17qecn1k/jquery.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3037::681b:8d42 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4.7RC1 Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Accept / Referer https://p0czta.net/VlMXysUyiK17qecn1k/ExsbGz X-Requested-With XMLHttpRequest User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers pragma no-cache date Wed, 21 Oct 2020 18:48:22 GMT content-encoding br cf-cache-status DYNAMIC nel {"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/7.4.7RC1 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?lkg-colo=71&lkg-time=1603306103"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 status 200 cache-control no-store, no-cache, must-revalidate cf-ray 5e5d2706ab15178a-FRA cf-request-id 05ee16b8290000178a8aabf000000001 expires Thu, 19 Nov 1981 08:52:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayU (Financial)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.p0czta.net/	1970-01-19 14:04:58	Name: __cfduid Value: dd5f23fd2501c5f8bce290e924a6da1411603306091
p0czta.net/	1969-12-31 23:59:59	Name: PHPSESSID Value: 8d56veu4okgqaeclqhm4vaas8k
p0czta.net/VlMXysUyiK17qecn1k	1970-01-19 13:21:49	Name: d9495249fc6fe370bfeaed6fdf8878e4 Value: 4158039620
p0czta.net/VlMXysUyiK17qecn1k	1970-01-19 13:21:49	Name: a1c08e6ac7421d6293de733f97f52c4b Value: 3493699512
p0czta.net/VlMXysUyiK17qecn1k	1970-01-19 13:21:49	Name: 211ffe39cfee9992d51129c4f0b58b22 Value: 2935688852

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

p0czta.net
2606:4700:3037::681b:8d42
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
0ef55e4ae9847d638ece8e9fbc537cec901e2b82fd633e0af09fcde726b30b31
0fe491e2047389b9deb7a06fd36de7fec03af2791ec29461be02571cbebdb4ab
35092f4324671196ac445e1b50e9a3aee90ad9d0def0707672d77de34f23a999
3c1de0cb994186112865a779678d143909573f6a6aebd9a1d6a4e466d4fef976
41d3f1131ee743d597033e5410c4c49689d1183b32ba5dc6379da57f8e2faa0e
431817115e31ff8604ab76a86ce6ed55d02cd5ea7332bd0ed3d15d9b5bf9aaae
9650a5ba277274205e90974e7fb4183289ca51653c33fc291ad064bf8dd998e1
ad281474ae4cfac51afafe5a975ae63999893ebcc2b5a0da3a32c1a94727dac4
c8b380cdc92601f7195d0cd34c777bcdee7dcd285e110534a8cf48bfa7d8b2e8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef21b8d045fa2d8f75cf5adcc76a287fa6f0dc0afe7dfe8a62503063ee02e08b

p0czta.net Open in urlscan Pro 2606:4700:3037::681b:8d42 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

14 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

641 kBTransfer

740 kBSize

5 Cookies

0 Outgoing links

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

5 Cookies

Indicators

p0czta.net Open in urlscan Pro
2606:4700:3037::681b:8d42 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

641 kB
Transfer

740 kB
Size

5
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!