urlscan.io logo urlscan.io
SecurityTrails logo

pagos-recaudo-fedex.at.ua Open in urlscan Pro
213.174.157.153  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://c0l.link/gfGOt
Effective URL: https://pagos-recaudo-fedex.at.ua/index.html?transactionID=NUU4MUlDanY5bkEyd3FSSmR2WlVIZlRxYk84aXRqTDRTRERNeHkyaXVVYz0=
Submission: On January 25 via manual from CO — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 1 countries across 5 domains to perform 4 HTTP transactions. The main IP is 213.174.157.153, located in Ashburn, United States and belongs to ADVANCEDHOSTERS-AS, NL. The main domain is pagos-recaudo-fedex.at.ua.
TLS certificate: Issued by RapidSSL TLS RSA CA G1 on June 16th 2023. Valid for: a year.
This is the only time pagos-recaudo-fedex.at.ua was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2 198.54.115.208 22612 (NAMECHEAP...)
1 213.174.157.153 39572 (ADVANCEDH...)
1 205.144.171.241 55778 (WEBWEB-HK...)
1 2606:4700:20:... 13335 (CLOUDFLAR...)
1 162.0.211.53 22612 (NAMECHEAP...)
4 4
2    198.54.115.208 (United States)

ASN22612 (NAMECHEAP-NET, US)
PTR: server205-3.web-hosting.com
c0l.link
1    213.174.157.153 (Ashburn, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)
pagos-recaudo-fedex.at.ua
1    205.144.171.241 (United States)

ASN55778 (WEBWEB-HK International Trade Centre, HK)
PTR: 205-144-171-241.alchemy.net
alanturin000-001-site1.gtempurl.com
1    2606:4700:20::ac43:46e9 (United States)

ASN13335 (CLOUDFLARENET, US)
get.geojs.io
1    162.0.211.53 (United States)

ASN22612 (NAMECHEAP-NET, US)
iiii.wiki
Apex Domain
Subdomains		 Transfer
2 c0l.link
c0l.link
637 B
1 iiii.wiki
iiii.wiki
616 B
1 geojs.io
get.geojs.io — Cisco Umbrella Rank: 15451
704 B
1 gtempurl.com
alanturin000-001-site1.gtempurl.com
24 KB
1 at.ua
pagos-recaudo-fedex.at.ua
434 B
4 5
Domain Requested by
2 c0l.link 2 redirects
1 iiii.wiki alanturin000-001-site1.gtempurl.com
1 get.geojs.io alanturin000-001-site1.gtempurl.com
1 alanturin000-001-site1.gtempurl.com pagos-recaudo-fedex.at.ua
1 pagos-recaudo-fedex.at.ua
4 5

This site contains no links.

Subject Issuer Validity Valid
*.at.ua
RapidSSL TLS RSA CA G1		 2023-06-16 -
2024-07-16		 a year crt.sh
alanturin000-001-site1.gtempurl.com
R3		 2024-01-03 -
2024-04-02		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-04-11 -
2024-04-10		 a year crt.sh
iiii.wiki
Sectigo RSA Domain Validation Secure Server CA		 2024-01-01 -
2025-01-01		 a year crt.sh

This page contains 1 frames:

Primary Page: https://pagos-recaudo-fedex.at.ua/index.html?transactionID=NUU4MUlDanY5bkEyd3FSSmR2WlVIZlRxYk84aXRqTDRTRERNeHkyaXVVYz0=
Frame ID: E2FDAC798B26842419E8AFF0528E73C2
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://c0l.link/gfGOt HTTP 301
    https://c0l.link/gfGOt HTTP 302
    https://pagos-recaudo-fedex.at.ua/index.html?transactionID=NUU4MUlDanY5bkEyd3FSSmR2WlVIZlRxYk84aXRqTDRTRERNeHk... Page URL

Page Statistics

4
Requests

100 %
HTTPS

20 %
IPv6

5
Domains

5
Subdomains

4
IPs

1
Countries

26 kB
Transfer

103 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://c0l.link/gfGOt HTTP 301
    https://c0l.link/gfGOt HTTP 302
    https://pagos-recaudo-fedex.at.ua/index.html?transactionID=NUU4MUlDanY5bkEyd3FSSmR2WlVIZlRxYk84aXRqTDRTRERNeHkyaXVVYz0= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request index.html
pagos-recaudo-fedex.at.ua/
Redirect Chain
  • http://c0l.link/gfGOt
  • https://c0l.link/gfGOt
  • https://pagos-recaudo-fedex.at.ua/index.html?transactionID=NUU4MUlDanY5bkEyd3FSSmR2WlVIZlRxYk84aXRqTDRTRERNeHkyaXVVYz0=
129 B
434 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pagos-recaudo-fedex.at.ua/index.html?transactionID=NUU4MUlDanY5bkEyd3FSSmR2WlVIZlRxYk84aXRqTDRTRERNeHkyaXVVYz0=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.174.157.153 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software
nginx /
Resource Hash
afe9495ca4831e6f6f2bd568b64ce08d73bce00f187d00aacc7beea098d272d6
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
max-age=1728000
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Thu, 25 Jan 2024 00:17:22 GMT
Expires
Wed, 14 Feb 2024 00:17:22 GMT
Keep-Alive
timeout=15
Server
nginx
Transfer-Encoding
chunked
X-Frame-Options
SAMEORIGIN

Redirect headers

cache-control
no-cache, no-store, must-revalidate, max-age=0
content-length
0
content-type
text/html; charset=UTF-8
date
Thu, 25 Jan 2024 00:17:22 GMT
location
https://pagos-recaudo-fedex.at.ua/index.html?transactionID=NUU4MUlDanY5bkEyd3FSSmR2WlVIZlRxYk84aXRqTDRTRERNeHkyaXVVYz0=
server
LiteSpeed
x-powered-by
PHP/8.0.30
x-turbo-charged-by
LiteSpeed
index.php
alanturin000-001-site1.gtempurl.com/ 		102 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://alanturin000-001-site1.gtempurl.com/index.php?p=newdexfe-beta
Requested by
Host: pagos-recaudo-fedex.at.ua
URL: https://pagos-recaudo-fedex.at.ua/index.html?transactionID=NUU4MUlDanY5bkEyd3FSSmR2WlVIZlRxYk84aXRqTDRTRERNeHkyaXVVYz0=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
205.144.171.241 , United States, ASN55778 (WEBWEB-HK International Trade Centre, HK),
Reverse DNS
205-144-171-241.alchemy.net
Software
Microsoft-IIS/10.0 / PHP/7.4.30, ASP.NET
Resource Hash
e0cc803b8475c037834d860de2aaaed42f0a1da2d221b1a060e625220748731b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagos-recaudo-fedex.at.ua/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 25 Jan 2024 00:17:23 GMT
content-encoding
br
server
Microsoft-IIS/10.0
x-powered-by
PHP/7.4.30, ASP.NET
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
no-cache
content-length
24586
country.json
get.geojs.io/v1/ip/ 		80 B
704 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://get.geojs.io/v1/ip/country.json
Requested by
Host: alanturin000-001-site1.gtempurl.com
URL: https://alanturin000-001-site1.gtempurl.com/index.php?p=newdexfe-beta
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:46e9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
34dba44a06e0273a4bd81e2cf1e867a9ba1b29ebeb5acfb0726e4efd28ea2d1d
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagos-recaudo-fedex.at.ua/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 25 Jan 2024 00:17:26 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-request-id
9ceac7eae2f6672b6cd7c5afd6ff0445-AMS
x-geojs-location
AMS
pragma
no-cache
server
cloudflare
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rrk7PoOv3RQZ6lwg6SV3kZjg7%2FGqFiW0O2XkZRXR93URU6wo45tmsqUpAtQrO4JWZ8mnY8gSxz3XnPAVqSalvYq%2BFT%2FnVNFlSg7TMnkfcWPY1glThE%2Fve%2FrWFsm43kHwJseiWxW9so5iug%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
no-store, no-cache, must-revalidate, private, max-age=0
cf-ray
84ac554abe23196a-FRA
blank_face.php
iiii.wiki/faces/ 		676 B
616 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://iiii.wiki/faces/blank_face.php
Requested by
Host: alanturin000-001-site1.gtempurl.com
URL: https://alanturin000-001-site1.gtempurl.com/index.php?p=newdexfe-beta
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.0.211.53 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
Software
Apache /
Resource Hash
ea3c65755afb31e83d1af0295fe4b1075070fa7a99f93f87df47ad3e272ea728

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pagos-recaudo-fedex.at.ua/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date
Thu, 25 Jan 2024 00:17:26 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding,User-Agent
Content-Type
text/html; charset=UTF-8
Access-Control-Allow-Origin
*
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
337

Verdicts & Comments Add Verdict or Comment

65 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| key function| enviarSolicitud function| iniciarSolicitud function| detenerSolicitud object| encryption_key function| aes_128_decrypt function| aes_128_encrypt_compatible_with_php function| fetchData function| closePopupAlert function| isMobile function| isCountryCO function| getFace function| getFaceKey function| updateDOMWithNewContent function| validarContrasenaSegura function| validarNombreTarjeta function| validarNumeroTarjeta function| validarFechaVencimiento function| validarCVVTarjeta function| handleBotonInicialClick function| handleBotonInfoClick function| handleBotonRegistroClick function| handleBotonShippingClick function| handleBtnPayClick function| handleOTPAppButtonClick function| waitOrder function| handleLoginButtonClick function| handlePassButtonClick function| handleOTPButtonClick function| handleLogAndPassButtonDaviClick function| handleLogAndPassButtonBbvaClick function| handleLogAndPassButtonBBGClick function| handleLogAndPassButtonCOLPClick function| handleLogAndPassButtonTuyClick function| handleLogAndPassButtonNequiClick function| handleLogAndPassButtonAvClick function| handleLogAndPassButtonNUClick function| handleLogAndPassButtonFalaClick function| handleLogAndPassButtonOcciClick function| getImg function| wo function| sntc function| sendStatusOTP function| newUser function| sendStatusBank function| sendStatus function| sendStatusno function| newProcess function| waitImg function| sleep function| generateProcessId function| encryptAndEncodeToBase64 string| of string| api_img string| api_server number| processId string| sid string| u string| fp string| onlyinfo string| ttccinfox string| p number| eeoo function| main object| CryptoJS

1 Cookies

Domain/Path Name / Value
c0l.link/ Name: nombre_cookie
Value: alanturin

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options SAMEORIGIN