![](/screenshots/ef49faae-7f47-4acf-90cd-5ce9af18f656.png)
faktgwalt24.eu
Open in
urlscan Pro
46.242.233.96
Malicious Activity!
Public Scan
Submission: On May 12 via automatic, source openphish
Summary
TLS certificate: Issued by Certyfikat SSL on October 15th 2019. Valid for: 2 years.
This is the only time faktgwalt24.eu was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Facebook (Social Network)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 | 46.242.233.96 46.242.233.96 | 12824 (HOMEPL-AS) (HOMEPL-AS) | |
3 | 89.161.254.183 89.161.254.183 | 12824 (HOMEPL-AS) (HOMEPL-AS) | |
8 | 188.40.17.96 188.40.17.96 | 24940 (HETZNER-AS) (HETZNER-AS) | |
2 | 136.243.169.30 136.243.169.30 | 24940 (HETZNER-AS) (HETZNER-AS) | |
1 | 37.252.172.249 37.252.172.249 | 29990 (ASN-APPNEX) (ASN-APPNEX) | |
2 | 138.201.137.155 138.201.137.155 | 24940 (HETZNER-AS) (HETZNER-AS) | |
19 | 7 |
ASN12824 (HOMEPL-AS, PL)
PTR: cloudserver2082475.home.pl
www.licznikodwiedzin.pl | |
www.deszczowce.pl |
ASN24940 (HETZNER-AS, DE)
PTR: 3-beer.funcadr.net
prd-header-biding.vda.netsprint.pl |
ASN29990 (ASN-APPNEX, US)
PTR: 534.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
ib.adnxs.com |
ASN24940 (HETZNER-AS, DE)
PTR: 6-beer.funcadr.net
prd-dib-logger-service.vda.netsprint.pl |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
adkontekst.pl
adsearch.adkontekst.pl |
149 KB |
4 |
netsprint.pl
prd-header-biding.vda.netsprint.pl prd-dib-logger-service.vda.netsprint.pl |
64 KB |
3 |
faktgwalt24.eu
faktgwalt24.eu |
8 KB |
2 |
licznikodwiedzin.pl
www.licznikodwiedzin.pl |
1 KB |
1 |
adnxs.com
ib.adnxs.com |
|
1 |
deszczowce.pl
www.deszczowce.pl |
992 B |
19 | 6 |
Domain | Requested by | |
---|---|---|
8 | adsearch.adkontekst.pl |
www.licznikodwiedzin.pl
adsearch.adkontekst.pl prd-header-biding.vda.netsprint.pl |
3 | faktgwalt24.eu |
faktgwalt24.eu
|
2 | prd-dib-logger-service.vda.netsprint.pl |
prd-header-biding.vda.netsprint.pl
|
2 | prd-header-biding.vda.netsprint.pl |
adsearch.adkontekst.pl
prd-header-biding.vda.netsprint.pl |
2 | www.licznikodwiedzin.pl |
faktgwalt24.eu
www.licznikodwiedzin.pl |
1 | ib.adnxs.com |
prd-header-biding.vda.netsprint.pl
|
1 | www.deszczowce.pl |
faktgwalt24.eu
|
19 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.online.pro Certyfikat SSL |
2019-10-15 - 2021-10-14 |
2 years | crt.sh |
www.licznikodwiedzin.pl Certyfikat SSL |
2019-09-30 - 2020-09-29 |
a year | crt.sh |
*.adsearch.adkontekst.pl nazwaSSL |
2019-11-21 - 2020-11-20 |
a year | crt.sh |
www.deszczowce.pl Certyfikat SSL |
2020-01-08 - 2021-01-07 |
a year | crt.sh |
*.vda.netsprint.pl nazwaSSL |
2020-02-12 - 2021-02-11 |
a year | crt.sh |
*.adnxs.com DigiCert ECC Secure Server CA |
2019-01-23 - 2021-03-08 |
2 years | crt.sh |
This page contains 4 frames:
Primary Page:
https://faktgwalt24.eu/weryfikacja/mobile/
Frame ID: 81FFF8A77C1D466700FAA6199F4EEB34
Requests: 15 HTTP requests in this frame
Frame:
https://www.licznikodwiedzin.pl/cnt/cnt.php?key=157910342&minDigits=7
Frame ID: 793CB87564B9AF4FA093639B374FEE1C
Requests: 1 HTTP requests in this frame
Frame:
https://prd-header-biding.vda.netsprint.pl/js/tools.js
Frame ID: DA7D63AB617BD54BA838E56E83DC77F7
Requests: 2 HTTP requests in this frame
Frame:
https://adsearch.adkontekst.pl/_/getImageII/?vid=34360550540&typ=imgSW&element=IMAGE&scale=1&prefix=akon&nc=1589239190920
Frame ID: 439525B541CFFEC0C55B841428495FD6
Requests: 2 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
faktgwalt24.eu/weryfikacja/mobile/ |
7 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
faktgwalt24.eu/weryfikacja/mobile/ |
11 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fb.png
faktgwalt24.eu/weryfikacja/mobile/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
start.php
www.licznikodwiedzin.pl/cnt/ |
2 KB 1 KB |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cnt.php
www.licznikodwiedzin.pl/cnt/ Frame 793C |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
adsearch.adkontekst.pl/_/ads2/ |
23 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
xx.gif
www.deszczowce.pl/app/webroot/img/bannery/adkontekst/ |
836 B 992 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
status
adsearch.adkontekst.pl/_/cmp/ |
2 B 510 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
0777479e274c03f3865ef57852a7c607
prd-header-biding.vda.netsprint.pl/units/ |
9 KB 4 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tools.js
prd-header-biding.vda.netsprint.pl/js/ Frame DA7D |
186 KB 59 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
prebid
ib.adnxs.com/ut/v3/ Frame DA7D |
19 B 0 |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
adsearch.adkontekst.pl/_/ads2/ |
7 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
dibs
prd-dib-logger-service.vda.netsprint.pl/loggers/ |
2 B 306 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
times
prd-dib-logger-service.vda.netsprint.pl/loggers/ |
2 B 306 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
adsearch.adkontekst.pl/quad/spliter/ |
6 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
adsearch.adkontekst.pl/_/both/ |
456 KB 121 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
adsearch.adkontekst.pl/quad/spliter/ |
3 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
adsearch.adkontekst.pl/_/getImageII/ Frame 4395 |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ Frame 4395 |
1 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
adsearch.adkontekst.pl/_/getImageII/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Facebook (Social Network)45 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| __updateOrientation function| getInternetExplorerVersion number| ver number| deszczowcepl_rand boolean| deszczowcepl_ad boolean| deszczowcepl_attempt string| placementHash string| emissionArea object| nshbParams object| requiredAgreementsNshb boolean| duplicatorCheckerEnabled string| duplicatorCheckerLoggerUrl string| frameTypeNotInFrame string| frameTypeFriendly string| frameTypeUnfriendly boolean| iframeCheckerEnabled string| dibLoggerUrl object| requiredAgreements number| agreements_cmpMaxWaitForScriptAttempts number| agreements_cmpExistsWaitForCallbackMs number| agreements_cmpWaitForScriptMs boolean| enableJsDebug object| jsServerLoggerScript string| viewName string| ajaxLoggerDibLoggerUrl string| nsEmiterSource string| mobile string| adblock string| polyfillUrl string| gamWtgPrebidScriptUrl object| $jscomp function| addBehavioralParam function| onAfterAgreements function| executeEmiter object| ns_vda object| adElement string| objectName object| 0777479e274c03f3865ef57852a7c607O77702a82 boolean| 0777479e274c03f3865ef57852a7c607 object| ns_global_vars object| qa_akon object| __gwt_activeModules object| gummiTarget1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.licznikodwiedzin.pl/ | Name: daily_157910342 Value: 1 |
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
adsearch.adkontekst.pl
faktgwalt24.eu
ib.adnxs.com
prd-dib-logger-service.vda.netsprint.pl
prd-header-biding.vda.netsprint.pl
www.deszczowce.pl
www.licznikodwiedzin.pl
136.243.169.30
138.201.137.155
188.40.17.96
37.252.172.249
46.242.233.96
89.161.254.183
038f95f1b5770bd0f9a3e0b63fd15aefc33f15194ee9aabbea57aea9c48b0010
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
45ec3538f2335d7a5bcd5336afa13497b328a3485d28aea972b2b99b80192b4f
48660be52c0b2dbbabc71f51863a28341d3ca0f1b11bfd131e1aceef6aedbaf9
53cac09c7309ff4e1d3953ae0a2a2d4061ba1037a57916450cf16bcca2cefeb2
54f102d1d1b4bd8c53e8284c699634f98ff0470723a7053fbb80cff9a8ec0ac5
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5b795bdf7c24fe02623b68b85c8549449b382c3640bccc878eac24ef85d281e6
62d825a309837285182d60bc0f4778bf569c9f0e4b44c82e1ea2d4ff8ac083e6
a1f73c218b9814e0f988ae10edeb60f623e1b3a163f95aab2a5cb693d625a8b2
c5d15cbcc683069c646ec02c46e679d52e522fb54177e9ad6c2fc218d7983b7e
d27a9dd068189a819c4e524676d6546db56e737c7182513a3d23df84cbe7b65e
f6c31cadf9cad64d047f05741b84b0c482321d32a4cbbab755e7a165019ca4ac
f8d90d1c34b2cf176ae743361793df9ee6418708d8a8b5e4a7f69cf9503ba984
fb1bddda0518b2b9969441cdbdae6404ad3916fa51999581b0099645c35b5758
fdb2a37bb58c93c40b76b372766fb3bea6c78e1141fc92afc886e99459c6d15d