payu24.de Open in urlscan Pro
2606:4700:3032::ac43:aadb  Malicious Activity! Public Scan

Submitted URL: http://payu24.de/s/klmao
Effective URL: https://payu24.de/s/klmao
Submission: On October 17 via automatic, source openphish — Scanned from DE

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 9 HTTP transactions. The main IP is 2606:4700:3032::ac43:aadb, located in United States and belongs to CLOUDFLARENET, US. The main domain is payu24.de.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 8th 2022. Valid for: a year.
This is the only time payu24.de was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

IP Address AS Autonomous System
1 10 2606:4700:303... 13335 (CLOUDFLAR...)
9 1
Apex Domain
Subdomains
Transfer
10 payu24.de
payu24.de
32 KB
9 1
Domain Requested by
10 payu24.de 1 redirects payu24.de
9 1

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2022-06-08 -
2023-06-07
a year crt.sh

This page contains 1 frames:

Primary Page: https://payu24.de/s/klmao
Frame ID: 434A5698B5B7D40EFB8B83D8BE82121D
Requests: 9 HTTP requests in this frame

Screenshot

Page Title

Facebook – zaloguj się lub zarejestruj

Page URL History Show full URLs

  1. http://payu24.de/s/klmao HTTP 301
    https://payu24.de/s/klmao Page URL

Page Statistics

9
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

32 kB
Transfer

77 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://payu24.de/s/klmao HTTP 301
    https://payu24.de/s/klmao Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request klmao
payu24.de/s/
Redirect Chain
  • http://payu24.de/s/klmao
  • https://payu24.de/s/klmao
15 KB
5 KB
Document
General
Full URL
https://payu24.de/s/klmao
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::ac43:aadb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a9e8982ed0bddb679d0e77270b9ec81590aac0605044a3d67fe2d3cd66865d2d

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
75b6e71c0c7c913d-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Mon, 17 Oct 2022 06:15:58 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DnpkXQW9VDj0QNoAEQXvpv4Yf%2FLPML16plJp0b4hgfvo%2FTut6%2FeLjRfuMXrurEVHp%2BgbjMwYY0OYiZdrPGKEnnBOCz2epAjRqDIYF3szcdyrTWleVueEUB1vxdHrkQ8u%2BTcrqPAXowQ%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

CF-RAY
75b6e71bac75bb86-FRA
Cache-Control
max-age=3600
Connection
keep-alive
Date
Mon, 17 Oct 2022 06:15:58 GMT
Expires
Mon, 17 Oct 2022 07:15:58 GMT
Location
https://payu24.de/s/klmao
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b48U9mmUrhLT5o9GufFOzN%2B%2FJKsp72u%2Bu5%2BOBfqMU1fu8SJSX5zLNSBpE3Y0bZUUrEvmoR8ORyD8PvktfZ%2FV2EGd4wiBjBEAFgYIGVqzCSx2%2BajLoSMYaGMt%2B7MyR9VEnuZeVI85s3g%3D"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
bxxuzrdTgyg.css
payu24.de/assets/phishing/fb/
16 KB
4 KB
Stylesheet
General
Full URL
https://payu24.de/assets/phishing/fb/bxxuzrdTgyg.css
Requested by
Host: payu24.de
URL: https://payu24.de/s/klmao
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::ac43:aadb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8c845558fef4817e2373fc03912d9c8bdf6de1f4c364ed770b1493591c7c76b3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payu24.de/s/klmao
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Mon, 17 Oct 2022 06:15:58 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Sun, 04 Sep 2022 16:43:02 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"3e67-5e7dca8101180-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FjWcM7KhlxyvW5%2BfpZa1rFsZi0ZnGfQgt0xN8krfusuqXr9pk2i6quMu72V%2BfdfQXGpYnO6TcA9j6v9xSyFPQsSGB9wtwoMRsSNfCudMh0cY%2F%2BpoR6l6s1Hz0TIYEba2e7ZRrlhS2LI%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
75b6e71cde24913d-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
OssD9jBxccC.css
payu24.de/assets/phishing/fb/
378 B
532 B
Stylesheet
General
Full URL
https://payu24.de/assets/phishing/fb/OssD9jBxccC.css
Requested by
Host: payu24.de
URL: https://payu24.de/s/klmao
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::ac43:aadb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c9eb23c12c7eb93a1f86e7e067d11288bd139f2787c99d66b6cb7271b5edbfd1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payu24.de/s/klmao
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Mon, 17 Oct 2022 06:15:58 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Sun, 04 Sep 2022 11:43:52 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"17a-5e7d87a28ce00-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q%2Bzfqd8wpn33wW9%2FQtbjQiKJhvx1rwZrFU0HtbpFdE94MdQbbWDwU0W9uMszo6RGbrR%2FZv6vzOt7tTJ1MUKHy17HjzCaS7%2FUxYmHHK3YuNURRcjIMHFvQumlJUhBn1bT0VWh%2BVm7jN0%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
75b6e71cde27913d-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
uliV2kFi04_.css
payu24.de/assets/phishing/fb/
7 KB
3 KB
Stylesheet
General
Full URL
https://payu24.de/assets/phishing/fb/uliV2kFi04_.css
Requested by
Host: payu24.de
URL: https://payu24.de/s/klmao
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::ac43:aadb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2f40d07930ba7f79e309c01bbb7ca57329baf1e00c44f6aff6e01bc581409e5c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payu24.de/s/klmao
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Mon, 17 Oct 2022 06:15:58 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Sun, 04 Sep 2022 11:43:51 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"1c34-5e7d87a198bc0-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W3IDnMjIlBWoxdqFtzlCabIXHikd1Qy2VUGVNSyjKKnXodxt0ECaNKLB0%2FuCrXI2%2ByWj%2FyD7rlamg9%2FPq7vtl%2FHDbjKgBfPta94ApQCAlbU3FRHGbTw%2BxBI0JqhGtTCGfrmsJlpqxAY%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
75b6e71cde28913d-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
l8544TqYVTV.css
payu24.de/assets/phishing/fb/
12 KB
4 KB
Stylesheet
General
Full URL
https://payu24.de/assets/phishing/fb/l8544TqYVTV.css
Requested by
Host: payu24.de
URL: https://payu24.de/s/klmao
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::ac43:aadb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6cf02f15e26b941cf30e738b3236d7622aaf841c4279000e40bedc83f0b130a9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payu24.de/s/klmao
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Mon, 17 Oct 2022 06:15:58 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Sun, 04 Sep 2022 16:42:18 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"2f19-5e7dca570ae80-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rn7Ovex5WtJ7gHSVHjVPs4jFrTh10jnx87Jjv%2F8F3p3uppUaaHfVlbKl0Uwekiy0SCiWqw0F9pDnc5A%2FnGQic00Lfcmc6TasL8ylz39d8slDUhACZEDg3MSue6i7bR9BREULOkDOCCM%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
75b6e71cde2a913d-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
kl_w5gQwgre.css
payu24.de/assets/phishing/fb/
17 KB
5 KB
Stylesheet
General
Full URL
https://payu24.de/assets/phishing/fb/kl_w5gQwgre.css
Requested by
Host: payu24.de
URL: https://payu24.de/s/klmao
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::ac43:aadb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5b4b6350b1914eda783dac1b2e4d93aea44fcbedeae8c98b1b6597ca6d85506c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payu24.de/s/klmao
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Mon, 17 Oct 2022 06:15:58 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Fri, 09 Sep 2022 11:35:07 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"4419-5e83cf012d0c0-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Bhb9K%2Bs9igHOVbtlvpWl8xAYJYkWHA6fuZtLFPo7iUf8UsVUm37BIcsbxZWpXNeL2bS%2BDllxhpRb1eFBS7W2IKuKPDBVFZQ7tqOhi%2B59jlE96N25SYNuyDRlJOcDbbl74j0HOQJa2cw%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
75b6e71cde2b913d-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
dF5SId3UHWd.svg
payu24.de/assets/phishing/fb/
2 KB
2 KB
Image
General
Full URL
https://payu24.de/assets/phishing/fb/dF5SId3UHWd.svg
Requested by
Host: payu24.de
URL: https://payu24.de/s/klmao
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:aadb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9531e96099e973b3d1c291f3e60419d8fe4730f46de8a492fccd2b4c962c96ce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payu24.de/s/klmao
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Mon, 17 Oct 2022 06:15:58 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Sun, 04 Sep 2022 11:43:51 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"951-5e7d87a198bc0"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IXhdzqYq11Gkyy2%2BcbBPRumwF3gVmVypOgtQCn7QKq3%2FAuovQORWUnFFFWrjn6JXkzeRwEZcP2dVTOx%2Bn1lAQ8p92cnle37P2IonC3d%2B%2BCbtxSC%2BrrDv3xWBrAVWNhpO19y01BtJhfY%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
max-age=14400
cf-ray
75b6e71cfbb88fe6-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
O7nelmd9XSI.png
payu24.de/assets/phishing/fb/
95 B
575 B
Image
General
Full URL
https://payu24.de/assets/phishing/fb/O7nelmd9XSI.png
Requested by
Host: payu24.de
URL: https://payu24.de/assets/phishing/fb/bxxuzrdTgyg.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:aadb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c0f9968d0fa5f4deff86babccd6df52306138314607a6f3f0acd2e7afc783d1c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payu24.de/assets/phishing/fb/bxxuzrdTgyg.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Mon, 17 Oct 2022 06:15:58 GMT
cf-cache-status
REVALIDATED
last-modified
Sun, 04 Sep 2022 16:39:19 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"5f-5e7dc9ac55bc0"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7gchdJdac10XHgX0y0XVifD02Q4Xz2Fo4%2FvHpSYUzoh%2Bz30WCOIi%2BXB8XoO3uw1qM6MeLD08Q9CmQ2mRkOWeYyL9mmdPxqEIwhjSY9xS4CztS3hHTevtQeyw1CXIuVfyy9FvHcGQDQs%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
75b6e71d8cb08fe6-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
95
VcstZr4fYTz.png
payu24.de/assets/phishing/fb/
7 KB
8 KB
Image
General
Full URL
https://payu24.de/assets/phishing/fb/VcstZr4fYTz.png
Requested by
Host: payu24.de
URL: https://payu24.de/assets/phishing/fb/l8544TqYVTV.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:aadb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a8dd4f4fdc807c57cc2d03b79f8eb13096f28a6557ca6ef670946e3e66f847e3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://payu24.de/assets/phishing/fb/l8544TqYVTV.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Mon, 17 Oct 2022 06:15:58 GMT
cf-cache-status
REVALIDATED
last-modified
Sun, 04 Sep 2022 16:39:40 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"1de1-5e7dc9c05cb00"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7JRPgahlZp1N%2FsZDFk%2Fy2hcypySV%2F%2Bh67psJscXsqJuA3qiwHmbaHoM0UbJ2fjh7x97M9YrxTZXp3Xq66iS9UvuyX4x7Llg6paeVqAD32VKZXt80nchYRawWpDMukvie2hUFOoR%2F3sc%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
75b6e71d8cb38fe6-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
7649

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation

1 Cookies

Domain/Path Name / Value
payu24.de/ Name: PHPSESSID
Value: 7720jk7c0bbhue5b5278kefj71