pakersi-pl.cloud Open in urlscan Pro
2606:4700:3032::ac43:a9f7 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://pakersi-pl.cloud/6g028iToCWgQtAbj/3du48A
Submission: On September 29 via api (September 29th 2022, 5:52:35 pm UTC) from FR — Scanned from FR

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 11 HTTP transactions. The main IP is 2606:4700:3032::ac43:a9f7, located in United States and belongs to CLOUDFLARENET, US. The main domain is pakersi-pl.cloud.
TLS certificate: Issued by E1 on September 27th 2022. Valid for: 3 months.

This is the only time pakersi-pl.cloud was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayU (Financial)

Domain & IP information

	IP Address		AS Autonomous System
11	2606:4700:303... 2606:4700:3032::ac43:a9f7		13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	1

11 2606:4700:3032::ac43:a9f7 (United States)

ASN13335 (CLOUDFLARENET, US)

pakersi-pl.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	pakersi-pl.cloud pakersi-pl.cloud	646 KB
11	1

	Domain	Requested by
11	pakersi-pl.cloud	pakersi-pl.cloud
11	1

This site contains no links.

Subject Issuer	Validity	Valid
*.pakersi-pl.cloud E1	`2022-09-27` - `2022-12-26`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://pakersi-pl.cloud/6g028iToCWgQtAbj/3du48A
Frame ID: 9A2AA06DC9DFCCDC78910486F768579A
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

PayU

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

11
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

646 kB
Transfer

740 kB
Size

6
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request 3du48A Show response pakersi-pl.cloud/6g028iToCWgQtAbj/	13 KB 4 KB	223ms 150ms	Document text/html	2606:4700:3032::ac43:a9f7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://pakersi-pl.cloud/6g028iToCWgQtAbj/3du48A Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3032::ac43:a9f7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/5.4.16 Resource Hash `e895e90170bdf1758efabbd72b6efc4d209e8859e74f6ca1a5ceba5025cb3b67` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36 accept-language fr-FR,fr;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cache-control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 cf-cache-status DYNAMIC cf-ray 752692abbf3a99df-CDG content-encoding br content-type text/html; charset=UTF-8 date Thu, 29 Sep 2022 17:52:30 GMT expires Thu, 19 Nov 1981 08:52:00 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L41ju4rTKreZyGK37Vx55kNosdQdOZIEMK5dP60G6hDScAuyEP8WF83%2FnUD6T0MvhMWV2jpNXyJuBjuSyJrNwC9VNtvVs5Ci9WkErlEvHgewHZPfKRuQ5yGYbKbLJcv6rcjdM%2BUcXjjL2ak6YZLI"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding x-powered-by PHP/5.4.16
GET H2	200	cc9f2fbc90790be9445d857894d82bb3d.css pakersi-pl.cloud/6g028iToCWgQtAbj/css/	38 KB 10 KB	158ms 158ms	Stylesheet text/css	2606:4700:3032::ac43:a9f7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://pakersi-pl.cloud/6g028iToCWgQtAbj/css/cc9f2fbc90790be9445d857894d82bb3d.css Requested by Host: pakersi-pl.cloud URL: https://pakersi-pl.cloud/6g028iToCWgQtAbj/3du48A Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3032::ac43:a9f7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/5.4.16 Resource Hash `1724f2b7d6a6fa48933a74a071725f4c2473c0aa67216097fd6956bb2e80a11b` Request headers accept-language fr-FR,fr;q=0.9 Referer https://pakersi-pl.cloud/6g028iToCWgQtAbj/3du48A User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36 Response headers pragma no-cache date Thu, 29 Sep 2022 17:52:30 GMT content-encoding br cf-cache-status BYPASS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/5.4.16 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kuS1UplVPk2oOGp9yNz6WlBXfwb6h77O%2F1GM5TjReLKhIJadvzy5BfDfydW4UvI50mNs4DtKbUGYDvyJyKF95rp1KSC9czP35ymcw7u1ccBXvcnhf%2BileattBzS5EsXE497j5Mz388G62adxOHrK"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 cf-ray 752692aca92699df-CDG alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Thu, 19 Nov 1981 08:52:00 GMT
GET H2	200	jquery.js Show response pakersi-pl.cloud/6g028iToCWgQtAbj/	86 KB 31 KB	42ms 41ms	Script application/javascript	2606:4700:3032::ac43:a9f7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://pakersi-pl.cloud/6g028iToCWgQtAbj/jquery.js Requested by Host: pakersi-pl.cloud URL: https://pakersi-pl.cloud/6g028iToCWgQtAbj/3du48A Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3032::ac43:a9f7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a` Request headers accept-language fr-FR,fr;q=0.9 Referer https://pakersi-pl.cloud/6g028iToCWgQtAbj/3du48A User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36 Response headers date Thu, 29 Sep 2022 17:52:30 GMT content-encoding br cf-cache-status HIT last-modified Sat, 17 Sep 2022 15:55:10 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 9188 etag W/"6325edde-15851" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s%2BZOtaEQHDuyjMh9fTO1D0yF4iwvtRw1K7Xu%2Bckvw7bmyhcZBDwwyUSgR4YN9ZNdYxoSOdliuR27LUCfwUaX0mU9ubXoM%2BOQMzmTKgp2UphaI%2FvckGlD1ceCgw5jZTVanTaVjA2cvIuQ2%2FK8B3Ig"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=315360000 cf-ray 752692aca92c99df-CDG alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Thu, 31 Dec 2037 23:55:55 GMT
GET H3	200	4dc6cfe96ae4f69255db825507b5fef7.jpg pakersi-pl.cloud/6g028iToCWgQtAbj/css/	59 KB 60 KB	144ms 143ms	Image image/jpeg	2606:4700:3032::ac43:a9f7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://pakersi-pl.cloud/6g028iToCWgQtAbj/css/4dc6cfe96ae4f69255db825507b5fef7.jpg Requested by Host: pakersi-pl.cloud URL: https://pakersi-pl.cloud/6g028iToCWgQtAbj/css/cc9f2fbc90790be9445d857894d82bb3d.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::ac43:a9f7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/5.4.16 Resource Hash `a71398f79d517fffd3abdd7245c3ef04aa3b37f7c99c93125fc2639efea0d900` Request headers accept-language fr-FR,fr;q=0.9 Referer https://pakersi-pl.cloud/6g028iToCWgQtAbj/css/cc9f2fbc90790be9445d857894d82bb3d.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36 Response headers pragma no-cache date Thu, 29 Sep 2022 17:52:30 GMT cf-cache-status BYPASS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/5.4.16 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4Mu3jr7PyitpDxmy2gIo2o10IvU1S4uUAXguPRcmNRua2OYwc2AVmA4OUn8C8HE75w%2Fj9S2EZtt4f%2Bp5OkzsJg5vL22A7bsxrDu8vsDD%2F3PxLZhFxOGuyn5fBOtYNDdc6VolcDv%2BSPwHZpgOOgO%2F"}],"group":"cf-nel","max_age":604800} content-type image/jpeg cache-control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 cf-ray 752692adea5fcdc3-CDG alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Thu, 19 Nov 1981 08:52:00 GMT
GET H3	200	54c2c4e86e80baad4bf0a7d5c633698c.png pakersi-pl.cloud/6g028iToCWgQtAbj/css/	5 KB 6 KB	207ms 207ms	Image image/png	2606:4700:3032::ac43:a9f7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://pakersi-pl.cloud/6g028iToCWgQtAbj/css/54c2c4e86e80baad4bf0a7d5c633698c.png Requested by Host: pakersi-pl.cloud URL: https://pakersi-pl.cloud/6g028iToCWgQtAbj/css/cc9f2fbc90790be9445d857894d82bb3d.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::ac43:a9f7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/5.4.16 Resource Hash `df4823bd02dc9dced654fe8171a401276b4a22faa416e50bcb2ea927001e2656` Request headers accept-language fr-FR,fr;q=0.9 Referer https://pakersi-pl.cloud/6g028iToCWgQtAbj/css/cc9f2fbc90790be9445d857894d82bb3d.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36 Response headers pragma no-cache date Thu, 29 Sep 2022 17:52:30 GMT cf-cache-status BYPASS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/5.4.16 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1ViS8yLd3geLOO10w8VeAsKIo8jhDT3eZoPUJB4VzqN%2B3pIC3A9%2FYzw7GBUR35%2BU%2BQGzawM9DxI5vHDK1s4XlR%2FrFst3vRPNcHE2F%2BqHydPVgV7j7i5lAZ%2FrJv16Q%2F4aHOAys5pTZi4ZqR98Hixq"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 accept-ranges bytes cf-ray 752692adea64cdc3-CDG alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 5442 expires Thu, 19 Nov 1981 08:52:00 GMT
GET H3	200	541eb355eda7eb5711f172b4994af114.png pakersi-pl.cloud/6g028iToCWgQtAbj/css/	135 KB 135 KB	210ms 210ms	Image image/png	2606:4700:3032::ac43:a9f7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://pakersi-pl.cloud/6g028iToCWgQtAbj/css/541eb355eda7eb5711f172b4994af114.png Requested by Host: pakersi-pl.cloud URL: https://pakersi-pl.cloud/6g028iToCWgQtAbj/css/cc9f2fbc90790be9445d857894d82bb3d.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::ac43:a9f7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/5.4.16 Resource Hash `6c42fad5bfb4c495428d8ee62ddfc35b4d4e279f371006b16027ae45fd0b230a` Request headers accept-language fr-FR,fr;q=0.9 Referer https://pakersi-pl.cloud/6g028iToCWgQtAbj/css/cc9f2fbc90790be9445d857894d82bb3d.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36 Response headers pragma no-cache date Thu, 29 Sep 2022 17:52:30 GMT cf-cache-status BYPASS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/5.4.16 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s1SBZiYaZzgTlZNSgh3GGWxP7EYzylhw%2BrHT7xgMkrIq7Z0Jz6o6fgrXaVfn8DtFuMu4gXElSq5bibFbiMvwq7q7LQuC413VeuI%2Fbz2ukQVxupynL9NqciY5QiuiowkTNpz%2FUWxoaLvGBQWxovcA"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 cf-ray 752692adea65cdc3-CDG alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Thu, 19 Nov 1981 08:52:00 GMT
GET H3	200	bf51ec161cc9b23f931e7e40a03112a1.png pakersi-pl.cloud/6g028iToCWgQtAbj/css/	1 KB 2 KB	139ms 139ms	Image image/png	2606:4700:3032::ac43:a9f7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://pakersi-pl.cloud/6g028iToCWgQtAbj/css/bf51ec161cc9b23f931e7e40a03112a1.png Requested by Host: pakersi-pl.cloud URL: https://pakersi-pl.cloud/6g028iToCWgQtAbj/css/cc9f2fbc90790be9445d857894d82bb3d.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::ac43:a9f7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/5.4.16 Resource Hash `473210a27e0e0c7a577eb5ad05b3b80ea6e560b1c12eed76ff9163ea4272e477` Request headers accept-language fr-FR,fr;q=0.9 Referer https://pakersi-pl.cloud/6g028iToCWgQtAbj/css/cc9f2fbc90790be9445d857894d82bb3d.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36 Response headers pragma no-cache date Thu, 29 Sep 2022 17:52:30 GMT cf-cache-status BYPASS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/5.4.16 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LpEzQnFVEwRqCBfGRlrjtyf3qFBPJ8BErcABda6lBvUWcyI9Dcf3OENlCOWfWr6dFe1tFisqHMCMB0fQhicUY1KhLPfYgsYQI5ItJeT33CzY2N8d51cSDfofV5UvFkqKQSLm%2B%2BPMu8ed5%2BYiASis"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 accept-ranges bytes cf-ray 752692adea68cdc3-CDG alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 1393 expires Thu, 19 Nov 1981 08:52:00 GMT
GET H3	200	opensans-regular-webfont.woff pakersi-pl.cloud/6g028iToCWgQtAbj/css/fonts/	87 KB 88 KB	165ms 165ms	Font application/font-woff	2606:4700:3032::ac43:a9f7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://pakersi-pl.cloud/6g028iToCWgQtAbj/css/fonts/opensans-regular-webfont.woff Requested by Host: pakersi-pl.cloud URL: https://pakersi-pl.cloud/6g028iToCWgQtAbj/css/cc9f2fbc90790be9445d857894d82bb3d.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::ac43:a9f7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `9650a5ba277274205e90974e7fb4183289ca51653c33fc291ad064bf8dd998e1` Request headers Referer https://pakersi-pl.cloud/6g028iToCWgQtAbj/css/cc9f2fbc90790be9445d857894d82bb3d.css Origin https://pakersi-pl.cloud accept-language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36 Response headers date Thu, 29 Sep 2022 17:52:30 GMT content-encoding br cf-cache-status REVALIDATED last-modified Sat, 17 Sep 2022 15:55:10 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"15de8-5e8e180dc976a" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wOxaM%2FVMkvNhgo9%2BqfyvFGXIMud8AXCouxwQ0Y8pRIwVWoU%2B980aTPCKViBp2KdRsoHT5Z6YtH54T%2BsJSQqd7UDgbwsFGZ5nveYAyY5oFH4Z7utT8UdGQauXbmaY9XwrbLfPbxpXXEOcpo2AxCPV"}],"group":"cf-nel","max_age":604800} content-type application/font-woff cache-control max-age=14400 cf-ray 752692adea6bcdc3-CDG alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	opensans-light-webfont.woff pakersi-pl.cloud/6g028iToCWgQtAbj/css/fonts/	84 KB 85 KB	362ms 361ms	Font application/font-woff	2606:4700:3032::ac43:a9f7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://pakersi-pl.cloud/6g028iToCWgQtAbj/css/fonts/opensans-light-webfont.woff Requested by Host: pakersi-pl.cloud URL: https://pakersi-pl.cloud/6g028iToCWgQtAbj/css/cc9f2fbc90790be9445d857894d82bb3d.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::ac43:a9f7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0fe491e2047389b9deb7a06fd36de7fec03af2791ec29461be02571cbebdb4ab` Request headers Referer https://pakersi-pl.cloud/6g028iToCWgQtAbj/css/cc9f2fbc90790be9445d857894d82bb3d.css Origin https://pakersi-pl.cloud accept-language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36 Response headers date Thu, 29 Sep 2022 17:52:30 GMT content-encoding br cf-cache-status MISS last-modified Sat, 17 Sep 2022 15:55:10 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"15000-5e8e180dc8bb2" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3tdDrsUF%2Bh5dZjhGwgvXAVX9PnRLU1MTyEKfE1KNhKGc%2BVC0wJ6yon%2F0dgGqQUut%2FZ6AGHGbGYT8CmvcAFsGPQshXnyL4qSls4Xb2Kg9FaF6lWA%2BaZR1fAAVHMCUnp5EJDOEDznIA2A8SKvRVQl%2B"}],"group":"cf-nel","max_age":604800} content-type application/font-woff cache-control max-age=14400 cf-ray 752692adea83cdc3-CDG alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	opensans-semibold-webfont.woff pakersi-pl.cloud/6g028iToCWgQtAbj/css/fonts/	89 KB 90 KB	400ms 399ms	Font application/font-woff	2606:4700:3032::ac43:a9f7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://pakersi-pl.cloud/6g028iToCWgQtAbj/css/fonts/opensans-semibold-webfont.woff Requested by Host: pakersi-pl.cloud URL: https://pakersi-pl.cloud/6g028iToCWgQtAbj/css/cc9f2fbc90790be9445d857894d82bb3d.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::ac43:a9f7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `431817115e31ff8604ab76a86ce6ed55d02cd5ea7332bd0ed3d15d9b5bf9aaae` Request headers Referer https://pakersi-pl.cloud/6g028iToCWgQtAbj/css/cc9f2fbc90790be9445d857894d82bb3d.css Origin https://pakersi-pl.cloud accept-language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36 Response headers date Thu, 29 Sep 2022 17:52:30 GMT content-encoding br cf-cache-status MISS last-modified Sat, 17 Sep 2022 15:55:10 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"16420-5e8e180dca322" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5tITf8JpDkvIlfeDHOWxCYxmkLvJobowx8osjk6jwWBVd4b5zuJZs6reNqJq9eHUxR%2BTzqg0KZe2oltIRLA6SS0p0QdB1u7P60cKRqBdIl4WKdkEbtTZ64jK9hsjZIHGA6nxFw5dMKYo459JVapW"}],"group":"cf-nel","max_age":604800} content-type application/font-woff cache-control max-age=14400 cf-ray 752692adea89cdc3-CDG alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	PFBeauSansPro-Bold.woff pakersi-pl.cloud/6g028iToCWgQtAbj/css/fonts/	142 KB 136 KB	342ms 342ms	Font application/font-woff	2606:4700:3032::ac43:a9f7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://pakersi-pl.cloud/6g028iToCWgQtAbj/css/fonts/PFBeauSansPro-Bold.woff Requested by Host: pakersi-pl.cloud URL: https://pakersi-pl.cloud/6g028iToCWgQtAbj/css/cc9f2fbc90790be9445d857894d82bb3d.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::ac43:a9f7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `c8b380cdc92601f7195d0cd34c777bcdee7dcd285e110534a8cf48bfa7d8b2e8` Request headers Referer https://pakersi-pl.cloud/6g028iToCWgQtAbj/css/cc9f2fbc90790be9445d857894d82bb3d.css Origin https://pakersi-pl.cloud accept-language fr-FR,fr;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36 Response headers date Thu, 29 Sep 2022 17:52:30 GMT content-encoding br cf-cache-status MISS last-modified Sat, 17 Sep 2022 15:55:10 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"2374c-5e8e180dcc64a" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mTxLOhwXdTyYMihK7QdBTdspKhhfxaHM6LxTd2nl2CzCszh%2BnZQw9R5ndef%2BEgHUdVVIU3WlXw6pJcOt5rArgdijyTXkiJZph2NsbS2m5YXz12E3piNeEpr3HehP%2FgWRi9iOVNhq%2BpoJfe0eDCFz"}],"group":"cf-nel","max_age":604800} content-type application/font-woff cache-control max-age=14400 cf-ray 752692adea8dcdc3-CDG alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayU (Financial)

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
pakersi-pl.cloud/6g028iToCWgQtAbj	1970-01-20 06:21:17	Name: 39cb936121f25e52b58ea4223acdb304 Value: 665702769
pakersi-pl.cloud/6g028iToCWgQtAbj	1970-01-20 06:21:17	Name: 64d8ded72c57bfb70af316a8d87a87a5 Value: 4243748422
pakersi-pl.cloud/6g028iToCWgQtAbj	1970-01-20 06:21:17	Name: 9b1f392ea28f261ac3e112bf540e319d Value: 1840967297
pakersi-pl.cloud/6g028iToCWgQtAbj	1970-01-20 06:21:17	Name: af50d3c9bdffefee6090f589ace935ef Value: 2520101858
pakersi-pl.cloud/6g028iToCWgQtAbj	1970-01-20 06:21:17	Name: a0987ab7ab94585292a3ac20c4e20016 Value: 215084700
pakersi-pl.cloud/	1969-12-31 23:59:59	Name: PHPSESSID Value: i26brn22snkd4113ou0ejta9a0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

pakersi-pl.cloud
2606:4700:3032::ac43:a9f7
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
0fe491e2047389b9deb7a06fd36de7fec03af2791ec29461be02571cbebdb4ab
1724f2b7d6a6fa48933a74a071725f4c2473c0aa67216097fd6956bb2e80a11b
431817115e31ff8604ab76a86ce6ed55d02cd5ea7332bd0ed3d15d9b5bf9aaae
473210a27e0e0c7a577eb5ad05b3b80ea6e560b1c12eed76ff9163ea4272e477
6c42fad5bfb4c495428d8ee62ddfc35b4d4e279f371006b16027ae45fd0b230a
9650a5ba277274205e90974e7fb4183289ca51653c33fc291ad064bf8dd998e1
a71398f79d517fffd3abdd7245c3ef04aa3b37f7c99c93125fc2639efea0d900
c8b380cdc92601f7195d0cd34c777bcdee7dcd285e110534a8cf48bfa7d8b2e8
df4823bd02dc9dced654fe8171a401276b4a22faa416e50bcb2ea927001e2656
e895e90170bdf1758efabbd72b6efc4d209e8859e74f6ca1a5ceba5025cb3b67

pakersi-pl.cloud Open in urlscan Pro 2606:4700:3032::ac43:a9f7 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

11 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

646 kBTransfer

740 kBSize

6 Cookies

0 Outgoing links

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

13 JavaScript Global Variables

6 Cookies

Indicators

pakersi-pl.cloud Open in urlscan Pro
2606:4700:3032::ac43:a9f7 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

646 kB
Transfer

740 kB
Size

6
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!