fakturatel.net Open in urlscan Pro
2606:4700:3031::6818:6428 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://fakturatel.net/l6hf43p5458/rJhO9R
Submission: On November 10 via api (November 10th 2020, 3:29:31 pm UTC) from PL

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 14 HTTP transactions. The main IP is 2606:4700:3031::6818:6428, located in United States and belongs to CLOUDFLARENET, US. The main domain is fakturatel.net.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on November 6th 2020. Valid for: a year.

This is the only time fakturatel.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayU (Financial)

Domain & IP information

	IP Address		AS Autonomous System
14	2606:4700:303... 2606:4700:3031::6818:6428		13335 (CLOUDFLAR...) (CLOUDFLARENET)
14	1

14 2606:4700:3031::6818:6428 (United States)

ASN13335 (CLOUDFLARENET, US)

fakturatel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	fakturatel.net fakturatel.net	644 KB
14	1

	Domain	Requested by
14	fakturatel.net	fakturatel.net
14	1

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-11-06` - `2021-11-05`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://fakturatel.net/l6hf43p5458/rJhO9R
Frame ID: F5D13C40F2087AA34EE33A1B1161C0E8
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

14
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

644 kB
Transfer

740 kB
Size

5
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request rJhO9R Show response fakturatel.net/l6hf43p5458/	13 KB 4 KB	129ms 106ms	Document text/html	2606:4700:3031::6818:6428 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://fakturatel.net/l6hf43p5458/rJhO9R Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::6818:6428 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4.7RC1 Resource Hash `165999b7aee9e431603af56d29d4a1b1485a9259983f87bc5e15d22050208994` Request headers :method GET :authority fakturatel.net :scheme https :path /l6hf43p5458/rJhO9R pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers status 200 date Tue, 10 Nov 2020 15:29:13 GMT content-type text/html; charset=UTF-8 set-cookie __cfduid=dc57c747d12ce5bcea3821d7cb22260091605022153; expires=Thu, 10-Dec-20 15:29:13 GMT; path=/; domain=.fakturatel.net; HttpOnly; SameSite=Lax PHPSESSID=ecq71ivepi7p4rrmpi58obnph5; path=/ c2378f36d5a1d04941fee5a3687a3c9d=3636362997; expires=Tue, 10-Nov-2020 16:24:03 GMT; Max-Age=3290 47b0205501384b9ab8d7b7fbc8190bd2=3310667178; expires=Tue, 10-Nov-2020 16:31:18 GMT; Max-Age=3725 de361e2b873c09909c1196e8aaf2a29f=674122276; expires=Tue, 10-Nov-2020 16:31:49 GMT; Max-Age=3756 vary Accept-Encoding x-powered-by PHP/7.4.7RC1 expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-store, no-cache, must-revalidate pragma no-cache cf-cache-status DYNAMIC cf-request-id 06545f93b70000175e80804000000001 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=OmJskoO8qhJKrbf%2F2QYRL4GiWJsHgDiAZjBCJrZC6P4oeFZ5V3TRnUvJUg5HLjCQf%2FMiRMQv%2FKBGWXyo05ZwRp2jd0ShQ81uHBVMnfxnwJdjz3fdS4iob0kf6A%3D%3D"}],"group":"cf-nel","max_age":604800} nel {"report_to":"cf-nel","max_age":604800} server cloudflare cf-ray 5f00cecc5c04175e-FRA content-encoding br
GET H2	200	c4fc2301d6e4ef9a3f78f27ccec8438d5.css fakturatel.net/l6hf43p5458/css/	38 KB 9 KB	107ms 107ms	Stylesheet text/css	2606:4700:3031::6818:6428 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://fakturatel.net/l6hf43p5458/css/c4fc2301d6e4ef9a3f78f27ccec8438d5.css Requested by Host: fakturatel.net URL: https://fakturatel.net/l6hf43p5458/rJhO9R Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::6818:6428 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4.7RC1 Resource Hash `642d75f6f2f4a8614671818dac7c64d3dd5bd2c143ecacff5bb3a4b7cacbad0f` Request headers Referer https://fakturatel.net/l6hf43p5458/rJhO9R User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Tue, 10 Nov 2020 15:29:13 GMT content-encoding br cf-cache-status BYPASS nel {"report_to":"cf-nel","max_age":604800} x-powered-by PHP/7.4.7RC1 status 200 cf-request-id 06545f94270000175e8ab1d000000001 pragma no-cache server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=MOrG%2BvAdjxZzq6VwJrpT2X30ln0WfMpHsmao9ErOdDtKmOzNAP0KUXY2pCr%2Bg1C8C%2BGQ1G425kaVw4v8BfGtxJd3e9QogsflsbZYGX%2B70BNxpFk6%2FskBd5BzlA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css;charset=UTF-8 cache-control no-store, no-cache, must-revalidate cf-ray 5f00cecd0dac175e-FRA expires Thu, 19 Nov 1981 08:52:00 GMT
GET H2	200	jquery.js Show response fakturatel.net/l6hf43p5458/	86 KB 30 KB	182ms 181ms	Script application/javascript	2606:4700:3031::6818:6428 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://fakturatel.net/l6hf43p5458/jquery.js Requested by Host: fakturatel.net URL: https://fakturatel.net/l6hf43p5458/rJhO9R Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::6818:6428 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a` Request headers Referer https://fakturatel.net/l6hf43p5458/rJhO9R User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Tue, 10 Nov 2020 15:29:13 GMT content-encoding br cf-cache-status MISS nel {"report_to":"cf-nel","max_age":604800} status 200 cf-request-id 06545f94280000175e6b26a000000001 last-modified Fri, 06 Mar 2020 13:17:46 GMT server cloudflare etag W/"5e624d7a-15851" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2F3vIUSWnXA6le6NZ7rjYNDJ0dFwya57qewjCj%2FmWgPTs8wux1J9eeQ5l78sxjlpHtSJQLuFY9kqni3m2tBFHH8mLHzlILO6i3v8ummUv%2Fqwdsoawx4PYFMH6Ow%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=315360000 cf-ray 5f00cecd0dae175e-FRA expires Thu, 31 Dec 2037 23:55:55 GMT
GET H2	200	d70314b7814acf46164309d014117234.jpg fakturatel.net/l6hf43p5458/css/	59 KB 60 KB	119ms 118ms	Image image/jpeg	2606:4700:3031::6818:6428 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://fakturatel.net/l6hf43p5458/css/d70314b7814acf46164309d014117234.jpg Requested by Host: fakturatel.net URL: https://fakturatel.net/l6hf43p5458/css/c4fc2301d6e4ef9a3f78f27ccec8438d5.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::6818:6428 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4.7RC1 Resource Hash `d22ed6d736a75d426ada28b3d1ca0ca6d411deb6a3bbf7f3c0a253ec01933602` Request headers Referer https://fakturatel.net/l6hf43p5458/css/c4fc2301d6e4ef9a3f78f27ccec8438d5.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers pragma no-cache date Tue, 10 Nov 2020 15:29:14 GMT cf-cache-status BYPASS nel {"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/7.4.7RC1 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=rS3cJc7dnhODXkR4Fuly17MUAYoiwhczX%2FE1LvELWEhs1Gg%2BoHNhM1NjlZKd8KOj3goJxXdAvDD7VZx%2F05z5iQXMQQ6YYd9T7eXZAyXjsGwekF7TyIaOkN0LVw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/jpeg status 200 cache-control no-store, no-cache, must-revalidate cf-ray 5f00cece4889175e-FRA cf-request-id 06545f94ee0000175e5192f000000001 expires Thu, 19 Nov 1981 08:52:00 GMT
GET H2	200	44b1bb15b251f065eca6424cd19b23d3.png fakturatel.net/l6hf43p5458/css/	5 KB 6 KB	137ms 136ms	Image image/png	2606:4700:3031::6818:6428 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://fakturatel.net/l6hf43p5458/css/44b1bb15b251f065eca6424cd19b23d3.png Requested by Host: fakturatel.net URL: https://fakturatel.net/l6hf43p5458/css/c4fc2301d6e4ef9a3f78f27ccec8438d5.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::6818:6428 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4.7RC1 Resource Hash `5825aae71f213fd95d8bb5b48ff91a36659fc20792ee3ba50a8d1df4bbc33944` Request headers Referer https://fakturatel.net/l6hf43p5458/css/c4fc2301d6e4ef9a3f78f27ccec8438d5.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Tue, 10 Nov 2020 15:29:14 GMT cf-cache-status BYPASS nel {"report_to":"cf-nel","max_age":604800} x-powered-by PHP/7.4.7RC1 status 200 content-length 5442 cf-request-id 06545f94ef0000175e6f2fd000000001 pragma no-cache server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=DXluPfw9OGadBNKrrO84Vi5cV72G%2FizfCZNUXD%2Bz8V9HsM1MYhX2ZSeaD%2BheS%2BGmdqNLsjA7OcgNoOSVOLg20uS1HSVSb2NXjGBa4xFMT%2FWI5oF4lS8fFhjX1A%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control no-store, no-cache, must-revalidate accept-ranges bytes cf-ray 5f00cece488b175e-FRA expires Thu, 19 Nov 1981 08:52:00 GMT
GET H2	200	cc12330fbf50b8d964319f298f247288.png fakturatel.net/l6hf43p5458/css/	135 KB 135 KB	95ms 95ms	Image image/png	2606:4700:3031::6818:6428 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://fakturatel.net/l6hf43p5458/css/cc12330fbf50b8d964319f298f247288.png Requested by Host: fakturatel.net URL: https://fakturatel.net/l6hf43p5458/css/c4fc2301d6e4ef9a3f78f27ccec8438d5.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::6818:6428 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4.7RC1 Resource Hash `8fa99c66f14ab77c85d5613046f47e5aa3db85a7f853020cca0f02cfba875f67` Request headers Referer https://fakturatel.net/l6hf43p5458/css/c4fc2301d6e4ef9a3f78f27ccec8438d5.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers pragma no-cache date Tue, 10 Nov 2020 15:29:14 GMT cf-cache-status BYPASS nel {"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/7.4.7RC1 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=R6uCG8dTl%2BedlRlgSAq8vqP5xeUEwpLROGJbEyuEnqlkJNA63MDE4Xia0VW52LeKquhGFznelqlD5Xr3S9b0whP0w3e%2BoULtxS9dYK%2F0N936m9sCmeHIr7Qvmg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png status 200 cache-control no-store, no-cache, must-revalidate cf-ray 5f00cece488c175e-FRA cf-request-id 06545f94ef0000175e3e9fa000000001 expires Thu, 19 Nov 1981 08:52:00 GMT
GET H2	200	3f83ee5a5742c74374df6ed79d761dcd.png fakturatel.net/l6hf43p5458/css/	1 KB 2 KB	120ms 120ms	Image image/png	2606:4700:3031::6818:6428 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://fakturatel.net/l6hf43p5458/css/3f83ee5a5742c74374df6ed79d761dcd.png Requested by Host: fakturatel.net URL: https://fakturatel.net/l6hf43p5458/css/c4fc2301d6e4ef9a3f78f27ccec8438d5.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::6818:6428 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4.7RC1 Resource Hash `a1351dbcfc6a872647af05e3e17d461614a100662fd688958d19827dcc39f9bb` Request headers Referer https://fakturatel.net/l6hf43p5458/css/c4fc2301d6e4ef9a3f78f27ccec8438d5.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Tue, 10 Nov 2020 15:29:14 GMT cf-cache-status BYPASS nel {"report_to":"cf-nel","max_age":604800} x-powered-by PHP/7.4.7RC1 status 200 content-length 1393 cf-request-id 06545f94f10000175e7da99000000001 pragma no-cache server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=9rs4X5%2B9Xlf%2BSgmRsoRfE6pvpSqxZZkW8N%2BfyWx3JDJo8Iq80u4HBj3rzgUZe%2BXwhsA06ZK5lDAwwghMQxRvHRy8G3yCIlqlGSklF1EqxecNUT%2FbfCGNrMPHJQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control no-store, no-cache, must-revalidate accept-ranges bytes cf-ray 5f00cece4896175e-FRA expires Thu, 19 Nov 1981 08:52:00 GMT
GET H2	200	opensans-regular-webfont.woff fakturatel.net/l6hf43p5458/css/fonts/	87 KB 88 KB	232ms 232ms	Font application/font-woff	2606:4700:3031::6818:6428 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://fakturatel.net/l6hf43p5458/css/fonts/opensans-regular-webfont.woff Requested by Host: fakturatel.net URL: https://fakturatel.net/l6hf43p5458/css/c4fc2301d6e4ef9a3f78f27ccec8438d5.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::6818:6428 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `9650a5ba277274205e90974e7fb4183289ca51653c33fc291ad064bf8dd998e1` Request headers Origin https://fakturatel.net Referer https://fakturatel.net/l6hf43p5458/css/c4fc2301d6e4ef9a3f78f27ccec8438d5.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Tue, 10 Nov 2020 15:29:14 GMT content-encoding br cf-cache-status MISS last-modified Sun, 21 Oct 2018 18:37:28 GMT server cloudflare etag W/"15de8-578c16db2aa00" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=jByM%2FPmpx8NJdkHO4UdNeP1%2B0V3R3etyLCohQS48TKoR6f53SJztlMAnfGYvyi8tRjW7FnpZsWLJl3MMViGfdIOYkJtxc%2BbBg59cglp0T8t%2Ba821sp%2FVlMqzfg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/font-woff status 200 cache-control max-age=14400 nel {"report_to":"cf-nel","max_age":604800} cf-ray 5f00cece58a3175e-FRA cf-request-id 06545f94f60000175eb8952000000001
GET H2	200	opensans-light-webfont.woff fakturatel.net/l6hf43p5458/css/fonts/	84 KB 84 KB	227ms 226ms	Font application/font-woff	2606:4700:3031::6818:6428 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://fakturatel.net/l6hf43p5458/css/fonts/opensans-light-webfont.woff Requested by Host: fakturatel.net URL: https://fakturatel.net/l6hf43p5458/css/c4fc2301d6e4ef9a3f78f27ccec8438d5.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::6818:6428 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0fe491e2047389b9deb7a06fd36de7fec03af2791ec29461be02571cbebdb4ab` Request headers Origin https://fakturatel.net Referer https://fakturatel.net/l6hf43p5458/css/c4fc2301d6e4ef9a3f78f27ccec8438d5.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Tue, 10 Nov 2020 15:29:14 GMT content-encoding br cf-cache-status MISS last-modified Sun, 21 Oct 2018 18:36:32 GMT server cloudflare etag W/"15000-578c16a5c2c00" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=mNvPHwN%2BVErBubPZYM27rLqP0GvwjdiCP2OKwqwSsxDy52VxSKEnHKH%2B1ZSxV6wCS7NwzbtzUZLqDlMYU0Xh43Yt6MNNL9G%2BL5vfo34ajyaS8z4W62kvh9kDyA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/font-woff status 200 cache-control max-age=14400 nel {"report_to":"cf-nel","max_age":604800} cf-ray 5f00cece68c0175e-FRA cf-request-id 06545f95050000175e740c8000000001
GET H2	200	opensans-semibold-webfont.woff fakturatel.net/l6hf43p5458/css/fonts/	89 KB 89 KB	244ms 243ms	Font application/font-woff	2606:4700:3031::6818:6428 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://fakturatel.net/l6hf43p5458/css/fonts/opensans-semibold-webfont.woff Requested by Host: fakturatel.net URL: https://fakturatel.net/l6hf43p5458/css/c4fc2301d6e4ef9a3f78f27ccec8438d5.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::6818:6428 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `431817115e31ff8604ab76a86ce6ed55d02cd5ea7332bd0ed3d15d9b5bf9aaae` Request headers Origin https://fakturatel.net Referer https://fakturatel.net/l6hf43p5458/css/c4fc2301d6e4ef9a3f78f27ccec8438d5.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Tue, 10 Nov 2020 15:29:14 GMT content-encoding br cf-cache-status MISS last-modified Sun, 21 Oct 2018 18:38:38 GMT server cloudflare etag W/"16420-578c171dec780" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=mbml6SDVbrZBWhrsq65hAmEYWik7rW7645wX2uORFiya8iwZLi4kEVZy97SUxXvmgleoLrN25VHI7dEULN3q7lf7ox%2BJzxiQcQkOTR1sagtarp9yS9kGj76uuQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/font-woff status 200 cache-control max-age=14400 nel {"report_to":"cf-nel","max_age":604800} cf-ray 5f00cece68c2175e-FRA cf-request-id 06545f95040000175e6b280000000001
GET H2	200	PFBeauSansPro-Bold.woff fakturatel.net/l6hf43p5458/css/fonts/	142 KB 136 KB	263ms 262ms	Font application/font-woff	2606:4700:3031::6818:6428 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://fakturatel.net/l6hf43p5458/css/fonts/PFBeauSansPro-Bold.woff Requested by Host: fakturatel.net URL: https://fakturatel.net/l6hf43p5458/css/c4fc2301d6e4ef9a3f78f27ccec8438d5.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::6818:6428 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `c8b380cdc92601f7195d0cd34c777bcdee7dcd285e110534a8cf48bfa7d8b2e8` Request headers Origin https://fakturatel.net Referer https://fakturatel.net/l6hf43p5458/css/c4fc2301d6e4ef9a3f78f27ccec8438d5.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Tue, 10 Nov 2020 15:29:14 GMT content-encoding br cf-cache-status MISS last-modified Sun, 21 Oct 2018 18:35:56 GMT server cloudflare etag W/"2374c-578c16836db00" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=INRYD%2FhmA1NseFSJR%2Fpvp2ATwTFQFtwix9Uaes71KQ7iJFN6iBMVEqunwwoEkfBlcWM9kFdkZADDsksW%2FtR2BD1qHToUEt%2F0OSnIs1bo%2BhM8pfI%2F88HTuxjYYQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/font-woff status 200 cache-control max-age=14400 nel {"report_to":"cf-nel","max_age":604800} cf-ray 5f00cece68c3175e-FRA cf-request-id 06545f95050000175eb8953000000001
POST H2	200	online.php Show response fakturatel.net/l6hf43p5458/	0 479 B	61ms 60ms	XHR text/html	2606:4700:3031::6818:6428 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://fakturatel.net/l6hf43p5458/online.php Requested by Host: fakturatel.net URL: https://fakturatel.net/l6hf43p5458/jquery.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::6818:6428 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4.7RC1 Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Accept / Referer https://fakturatel.net/l6hf43p5458/rJhO9R X-Requested-With XMLHttpRequest User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers pragma no-cache date Tue, 10 Nov 2020 15:29:22 GMT content-encoding br cf-cache-status DYNAMIC nel {"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/7.4.7RC1 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=R102CGG04Aj82IvwDea1fKtb7Wrs2HdFhZJPlPIABSH%2Bnb67%2BMkVQag7vU0gcTLXUdYU9W%2BHfEyn97RCadohuWD1lDYR%2FxXy4gFejHG1ceZv9Vt02GcIlgHAmg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 status 200 cache-control no-store, no-cache, must-revalidate cf-ray 5f00cf00c8d1175e-FRA cf-request-id 06545fb4800000175e5601b000000001 expires Thu, 19 Nov 1981 08:52:00 GMT
POST H2	200	online.php Show response fakturatel.net/l6hf43p5458/	0 395 B	99ms 99ms	XHR text/html	2606:4700:3031::6818:6428 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://fakturatel.net/l6hf43p5458/online.php Requested by Host: fakturatel.net URL: https://fakturatel.net/l6hf43p5458/jquery.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::6818:6428 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4.7RC1 Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Accept / Referer https://fakturatel.net/l6hf43p5458/rJhO9R X-Requested-With XMLHttpRequest User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers pragma no-cache date Tue, 10 Nov 2020 15:29:23 GMT content-encoding br cf-cache-status DYNAMIC nel {"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/7.4.7RC1 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=cMncLW3GVLvEEsR%2BfWxpbZ2RQRF4x0WRchdbQZb4NwhXmtGTMTbzQcxhUsgUurpef80WP%2Fx0tX%2FhjvMLquMcmbiXmxRs3rcSUx3TYOv%2Fv5wN8xZLmpPh%2ByXwGQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 status 200 cache-control no-store, no-cache, must-revalidate cf-ray 5f00cf0a8fc0175e-FRA cf-request-id 06545fba970000175e842b4000000001 expires Thu, 19 Nov 1981 08:52:00 GMT
POST H2	200	online.php Show response fakturatel.net/l6hf43p5458/	0 428 B	96ms 96ms	XHR text/html	2606:4700:3031::6818:6428 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://fakturatel.net/l6hf43p5458/online.php Requested by Host: fakturatel.net URL: https://fakturatel.net/l6hf43p5458/jquery.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3031::6818:6428 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/7.4.7RC1 Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Accept / Referer https://fakturatel.net/l6hf43p5458/rJhO9R X-Requested-With XMLHttpRequest User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Response headers pragma no-cache date Tue, 10 Nov 2020 15:29:25 GMT content-encoding br cf-cache-status DYNAMIC nel {"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/7.4.7RC1 expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Wzqt8PSYIp88%2Fh9zmGSszj73JvYAIay9aetlHdY2xv4KxCyOm1rj58HJRatxrmql7HGxl1qG0vcGSCJSTbJj6h3f%2Bz7rPW39Fcsd6DHRY2HROtMbOHjkG70rlw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 status 200 cache-control no-store, no-cache, must-revalidate cf-ray 5f00cf148de1175e-FRA cf-request-id 06545fc0d70000175e8c26c000000001 expires Thu, 19 Nov 1981 08:52:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayU (Financial)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
fakturatel.net/	1969-12-31 23:59:59	Name: PHPSESSID Value: ecq71ivepi7p4rrmpi58obnph5
.fakturatel.net/	1970-01-19 14:33:34	Name: __cfduid Value: dc57c747d12ce5bcea3821d7cb22260091605022153
fakturatel.net/l6hf43p5458	1970-01-19 13:50:25	Name: 47b0205501384b9ab8d7b7fbc8190bd2 Value: 3310667178
fakturatel.net/l6hf43p5458	1970-01-19 13:50:25	Name: de361e2b873c09909c1196e8aaf2a29f Value: 674122276
fakturatel.net/l6hf43p5458	1970-01-19 13:50:25	Name: c2378f36d5a1d04941fee5a3687a3c9d Value: 3636362997

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fakturatel.net
2606:4700:3031::6818:6428
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
0fe491e2047389b9deb7a06fd36de7fec03af2791ec29461be02571cbebdb4ab
165999b7aee9e431603af56d29d4a1b1485a9259983f87bc5e15d22050208994
431817115e31ff8604ab76a86ce6ed55d02cd5ea7332bd0ed3d15d9b5bf9aaae
5825aae71f213fd95d8bb5b48ff91a36659fc20792ee3ba50a8d1df4bbc33944
642d75f6f2f4a8614671818dac7c64d3dd5bd2c143ecacff5bb3a4b7cacbad0f
8fa99c66f14ab77c85d5613046f47e5aa3db85a7f853020cca0f02cfba875f67
9650a5ba277274205e90974e7fb4183289ca51653c33fc291ad064bf8dd998e1
a1351dbcfc6a872647af05e3e17d461614a100662fd688958d19827dcc39f9bb
c8b380cdc92601f7195d0cd34c777bcdee7dcd285e110534a8cf48bfa7d8b2e8
d22ed6d736a75d426ada28b3d1ca0ca6d411deb6a3bbf7f3c0a253ec01933602
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

fakturatel.net Open in urlscan Pro 2606:4700:3031::6818:6428 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

14 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

644 kBTransfer

740 kBSize

5 Cookies

0 Outgoing links

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

5 Cookies

Indicators

fakturatel.net Open in urlscan Pro
2606:4700:3031::6818:6428 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

644 kB
Transfer

740 kB
Size

5
Cookies

14 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!