urlscan.io logo urlscan.io
SecurityTrails logo

pagos-recaudo-fedex.at.ua Open in urlscan Pro
213.174.157.153  Public Scan

Go To Rescan Add Verdict Report
URL: https://pagos-recaudo-fedex.at.ua/index.html?transactionID=UUN4b2V4cVdldVhSaG5FNXBxMlBUVk93SCsvaml5Z0s5T3cvYUlaNXFlUT0=
Submission: On January 22 via manual from CO — Scanned from AT
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 1 countries across 4 domains to perform 4 HTTP transactions. The main IP is 213.174.157.153, located in Ashburn, United States and belongs to ADVANCEDHOSTERS-AS, NL. The main domain is pagos-recaudo-fedex.at.ua.
TLS certificate: Issued by RapidSSL TLS RSA CA G1 on June 16th 2023. Valid for: a year.
This is the only time pagos-recaudo-fedex.at.ua was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 213.174.157.153 39572 (ADVANCEDH...)
1 205.144.171.241 55778 (WEBWEB-HK...)
1 172.67.70.233 13335 (CLOUDFLAR...)
1 162.0.211.53 22612 (NAMECHEAP...)
4 4
Apex Domain
Subdomains		 Transfer
1 iiii.wiki
iiii.wiki
616 B
1 geojs.io
get.geojs.io — Cisco Umbrella Rank: 15451
679 B
1 gtempurl.com
alanturin000-001-site1.gtempurl.com
24 KB
1 at.ua
pagos-recaudo-fedex.at.ua
434 B
4 4
Domain Requested by
1 iiii.wiki alanturin000-001-site1.gtempurl.com
1 get.geojs.io alanturin000-001-site1.gtempurl.com
1 alanturin000-001-site1.gtempurl.com pagos-recaudo-fedex.at.ua
1 pagos-recaudo-fedex.at.ua
4 4

This site contains no links.

Subject Issuer Validity Valid
*.at.ua
RapidSSL TLS RSA CA G1		 2023-06-16 -
2024-07-16		 a year crt.sh
alanturin000-001-site1.gtempurl.com
R3		 2024-01-03 -
2024-04-02		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-04-11 -
2024-04-10		 a year crt.sh
iiii.wiki
Sectigo RSA Domain Validation Secure Server CA		 2024-01-01 -
2025-01-01		 a year crt.sh

This page contains 1 frames:

Primary Page: https://pagos-recaudo-fedex.at.ua/index.html?transactionID=UUN4b2V4cVdldVhSaG5FNXBxMlBUVk93SCsvaml5Z0s5T3cvYUlaNXFlUT0=
Frame ID: 7E8525676C2789B1DDAE982B2BD9BB1F
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Statistics

4
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

1
Countries

26 kB
Transfer

101 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request index.html
pagos-recaudo-fedex.at.ua/ 		129 B
434 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pagos-recaudo-fedex.at.ua/index.html?transactionID=UUN4b2V4cVdldVhSaG5FNXBxMlBUVk93SCsvaml5Z0s5T3cvYUlaNXFlUT0=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.174.157.153 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx /
Resource Hash
afe9495ca4831e6f6f2bd568b64ce08d73bce00f187d00aacc7beea098d272d6
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-AT,de;q=0.9

Response headers

Cache-Control
max-age=1728000
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Mon, 22 Jan 2024 19:31:16 GMT
Expires
Sun, 11 Feb 2024 19:31:16 GMT
Keep-Alive
timeout=15
Server
nginx
Transfer-Encoding
chunked
X-Frame-Options
SAMEORIGIN
index.php
alanturin000-001-site1.gtempurl.com/ 		100 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://alanturin000-001-site1.gtempurl.com/index.php?p=newdexfe-beta
Requested by
Host: pagos-recaudo-fedex.at.ua
URL: https://pagos-recaudo-fedex.at.ua/index.html?transactionID=UUN4b2V4cVdldVhSaG5FNXBxMlBUVk93SCsvaml5Z0s5T3cvYUlaNXFlUT0=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
205.144.171.241 , United States, ASN55778 (WEBWEB-HK International Trade Centre, HK),
Reverse DNS
205-144-171-241.alchemy.net
Software
Microsoft-IIS/10.0 / PHP/7.4.30, ASP.NET
Resource Hash
06c9ad43ab65255888ff816b9a49d356b252cbd8221295b87778bb7c8308a959

Request headers

accept-language
de-AT,de;q=0.9
Referer
https://pagos-recaudo-fedex.at.ua/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 22 Jan 2024 19:31:17 GMT
content-encoding
br
server
Microsoft-IIS/10.0
x-powered-by
PHP/7.4.30, ASP.NET
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
no-cache
content-length
24336
country.json
get.geojs.io/v1/ip/ 		72 B
679 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://get.geojs.io/v1/ip/country.json
Requested by
Host: alanturin000-001-site1.gtempurl.com
URL: https://alanturin000-001-site1.gtempurl.com/index.php?p=newdexfe-beta
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.67.70.233 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a38f78b16cb4381fdcabe5e1ea8ca893ca6d6737b253189c1ceff6e4a14c4e08
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-AT,de;q=0.9
Referer
https://pagos-recaudo-fedex.at.ua/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 22 Jan 2024 19:31:20 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-request-id
1d13da1c190ac81e4aaa89022ece3af9-AMS
x-geojs-location
AMS
pragma
no-cache
server
cloudflare
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yxRu0F6mDBhO20OxGZ5g3h8IfwqVh95JfoTT07Rrpepvn7Swegd6n5TouiIRmgrGZrlhyV8NX1Xg628XOQi356z6pjkx99aY5KMJbV8zItuEKyjjh1dD0WHaZ2rahA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
no-store, no-cache, must-revalidate, private, max-age=0
cf-ray
849a37721ecdc306-VIE
blank_face.php
iiii.wiki/faces/ 		676 B
616 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://iiii.wiki/faces/blank_face.php
Requested by
Host: alanturin000-001-site1.gtempurl.com
URL: https://alanturin000-001-site1.gtempurl.com/index.php?p=newdexfe-beta
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.0.211.53 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
Software
Apache /
Resource Hash
ea3c65755afb31e83d1af0295fe4b1075070fa7a99f93f87df47ad3e272ea728

Request headers

accept-language
de-AT,de;q=0.9
Referer
https://pagos-recaudo-fedex.at.ua/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date
Mon, 22 Jan 2024 19:31:20 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
text/html; charset=UTF-8
Access-Control-Allow-Origin
*
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
337

Verdicts & Comments Add Verdict or Comment

62 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| key function| enviarSolicitud function| iniciarSolicitud function| detenerSolicitud object| encryption_key function| aes_128_decrypt function| aes_128_encrypt_compatible_with_php function| fetchData function| closePopupAlert function| isMobile function| isCountryCO function| getFace function| getFaceKey function| updateDOMWithNewContent function| validarContrasenaSegura function| validarNombreTarjeta function| validarNumeroTarjeta function| validarFechaVencimiento function| validarCVVTarjeta function| handleBotonInicialClick function| handleBotonInfoClick function| handleBotonRegistroClick function| handleBotonShippingClick function| handleBtnPayClick function| handleOTPAppButtonClick function| waitOrder function| handleLoginButtonClick function| handlePassButtonClick function| handleOTPButtonClick function| handleLogAndPassButtonDaviClick function| handleLogAndPassButtonBbvaClick function| handleLogAndPassButtonBBGClick function| handleLogAndPassButtonCOLPClick function| handleLogAndPassButtonTuyClick function| handleLogAndPassButtonNequiClick function| handleLogAndPassButtonAvClick function| handleLogAndPassButtonNUClick function| handleLogAndPassButtonFalaClick function| handleLogAndPassButtonOcciClick function| getImg function| wo function| sntc function| sendStatusOTP function| newUser function| sendStatusBank function| sendStatus function| newProcess function| waitImg function| sleep function| generateProcessId function| encryptAndEncodeToBase64 string| of string| api_img string| api_server number| processId string| sid string| u string| fp string| p number| eeoo function| main object| CryptoJS

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options SAMEORIGIN