![](/screenshots/36c627c8-ca5d-4794-9597-5d87f5ee81cc.png)
onlinekurier.cloud
Open in
urlscan Pro
104.21.91.23
Malicious Activity!
Public Scan
Effective URL: https://onlinekurier.cloud/PK6WTXMar5m2f8m/5XI9Dy
Submission: On December 27 via api from US — Scanned from PL
Summary
TLS certificate: Issued by GTS CA 1P5 on December 13th 2023. Valid for: 3 months.
This is the only time onlinekurier.cloud was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayU (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 12 | 104.21.91.23 104.21.91.23 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
11 | 1 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
onlinekurier.cloud
1 redirects
onlinekurier.cloud |
645 KB |
11 | 1 |
Domain | Requested by | |
---|---|---|
12 | onlinekurier.cloud |
1 redirects
onlinekurier.cloud
|
11 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
onlinekurier.cloud GTS CA 1P5 |
2023-12-13 - 2024-03-12 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://onlinekurier.cloud/PK6WTXMar5m2f8m/5XI9Dy
Frame ID: 3F38AC4CA5E4CEE8B773B9624EF9B723
Requests: 11 HTTP requests in this frame
Screenshot
![](/screenshots/36c627c8-ca5d-4794-9597-5d87f5ee81cc.png)
Page Title
PayUPage URL History Show full URLs
-
https://onlinekurier.cloud/6723847
HTTP 302
https://onlinekurier.cloud/PK6WTXMar5m2f8m/5XI9Dy Page URL
Detected technologies
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://onlinekurier.cloud/6723847
HTTP 302
https://onlinekurier.cloud/PK6WTXMar5m2f8m/5XI9Dy Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
5XI9Dy
onlinekurier.cloud/PK6WTXMar5m2f8m/ Redirect Chain
|
13 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ca7062731b08811fc78810847ed6bec08.css
onlinekurier.cloud/PK6WTXMar5m2f8m/css/ |
38 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
onlinekurier.cloud/PK6WTXMar5m2f8m/ |
86 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
677070940cd95156ff9f8371c2a27fbb.jpg
onlinekurier.cloud/PK6WTXMar5m2f8m/css/ |
59 KB 60 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
4e65b3dd049ce0c7d3a0e82ee97d53b2.png
onlinekurier.cloud/PK6WTXMar5m2f8m/css/ |
5 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
912539d4c8fdbb50b4291f5e7e01b513.png
onlinekurier.cloud/PK6WTXMar5m2f8m/css/ |
135 KB 135 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
f8f5a5cdd7fcdbb2011a7665e002dadc.png
onlinekurier.cloud/PK6WTXMar5m2f8m/css/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
opensans-regular-webfont.woff
onlinekurier.cloud/PK6WTXMar5m2f8m/css/fonts/ |
87 KB 88 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
opensans-light-webfont.woff
onlinekurier.cloud/PK6WTXMar5m2f8m/css/fonts/ |
84 KB 84 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
opensans-semibold-webfont.woff
onlinekurier.cloud/PK6WTXMar5m2f8m/css/fonts/ |
89 KB 89 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PFBeauSansPro-Bold.woff
onlinekurier.cloud/PK6WTXMar5m2f8m/css/fonts/ |
142 KB 136 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayU (Financial)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture function| $ function| jQuery object| o91c1b02c function| online6 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
onlinekurier.cloud/PK6WTXMar5m2f8m | Name: e9cd96ff30df7029948bb278c20a699d Value: 468013598 |
|
onlinekurier.cloud/PK6WTXMar5m2f8m | Name: d88bb05e6b8f2af805c7b9bb183f6146 Value: 2551399588 |
|
onlinekurier.cloud/PK6WTXMar5m2f8m | Name: ec9cff91a5ca045aece1ea411de3dbca Value: 1943409119 |
|
onlinekurier.cloud/PK6WTXMar5m2f8m | Name: fed35e53ef366febaacecec2900a61e9 Value: 3457973521 |
|
onlinekurier.cloud/PK6WTXMar5m2f8m | Name: 8748aff1fa3680f090189ac96bc45bab Value: 1442700058 |
|
onlinekurier.cloud/ | Name: PHPSESSID Value: ballfsvd25ggs0vds9f6lg8ii0 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
onlinekurier.cloud
104.21.91.23
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
0fe491e2047389b9deb7a06fd36de7fec03af2791ec29461be02571cbebdb4ab
405484165e1c942deaeb95063482782b3c40d2a876992305a420a696241b7fac
431817115e31ff8604ab76a86ce6ed55d02cd5ea7332bd0ed3d15d9b5bf9aaae
50efbb1c3c9113b8b1d277e8684212b71188c002e165e4d88c1bda4cc5072d22
574bdc25db0da769574e5863234db3f5158446fb84460ddbfea75b8bb5b299c7
6e1ee50522c2e9c3817ebddd9807dbda45390c5267094261e704c2bffd5d3b99
9650a5ba277274205e90974e7fb4183289ca51653c33fc291ad064bf8dd998e1
9827b41b99b88992cf3bfad8fcef417249b245c98f9cd2546fd74099e659ae6f
c8b380cdc92601f7195d0cd34c777bcdee7dcd285e110534a8cf48bfa7d8b2e8
fb186ba0a9be968ef36aa14ea2898ce26e932aac623eaff6c8503003474ca314