payment.wavemiedzyzdroje.pl Open in urlscan Pro
109.205.48.238 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://payment.wavemiedzyzdroje.pl/
Submission: On November 10 via automatic, source certstream-suspicious (November 10th 2023, 1:30:43 pm UTC) — Scanned from PL

Summary HTTP 8 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 8 HTTP transactions. The main IP is 109.205.48.238, located in Olsztyn, Poland and belongs to PL-BEYOND-AS, PL. The main domain is payment.wavemiedzyzdroje.pl.
TLS certificate: Issued by R3 on November 10th 2023. Valid for: 3 months.

This is the only time payment.wavemiedzyzdroje.pl was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
5	109.205.48.238 109.205.48.238	31229 (PL-BEYOND-AS) (PL-BEYOND-AS)
1	109.205.48.207 109.205.48.207	31229 (PL-BEYOND-AS) (PL-BEYOND-AS)
1	151.101.194.137 151.101.194.137	54113 (FASTLY) (FASTLY)
1	162.247.243.29 162.247.243.29	54113 (FASTLY) (FASTLY)
8	4

5 109.205.48.238 (Olsztyn, Poland)

ASN31229 (PL-BEYOND-AS, PL)
PTR: ip-109-205-48-238.beyond.pl

payment.wavemiedzyzdroje.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 109.205.48.207 (Olsztyn, Poland)

ASN31229 (PL-BEYOND-AS, PL)
PTR: ip-109-205-48-207.beyond.pl

js.espago.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.194.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.247.243.29 (United States)

ASN54113 (FASTLY, US)

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	wavemiedzyzdroje.pl payment.wavemiedzyzdroje.pl	329 KB
1	nr-data.net bam.nr-data.net — Cisco Umbrella Rank: 225	417 B
1	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 562	16 KB
1	espago.com js.espago.com	19 KB
8	4

	Domain	Requested by
5	payment.wavemiedzyzdroje.pl	payment.wavemiedzyzdroje.pl
1	bam.nr-data.net	js-agent.newrelic.com
1	js-agent.newrelic.com	payment.wavemiedzyzdroje.pl
1	js.espago.com
8	4

This site contains links to these domains. Also see Links.

Domain
espago.com

Subject Issuer	Validity	Valid
payment.wavemiedzyzdroje.pl R3	`2023-11-10` - `2024-02-08`	3 months	crt.sh
*.espago.com Certyfikat SSL	`2023-03-30` - `2024-03-29`	a year	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA 2023 Q2	`2023-04-13` - `2024-05-14`	a year	crt.sh
*.nr-data.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-29` - `2024-10-01`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://payment.wavemiedzyzdroje.pl/
Frame ID: 5AB2A4240CE18865A59B94D45D53E974
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Płatności kartą przez link pay-by-link | Espago Link

Page Statistics

8
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

365 kB
Transfer

467 kB
Size

2
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://espago.com/
Title: Powered by

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
payment.wavemiedzyzdroje.pl/ 32 KB
13 KB 185ms
58ms Document
text/html 109.205.48.238
PL-BEYOND-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://payment.wavemiedzyzdroje.pl/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

109.205.48.238 Olsztyn, Poland, ASN31229 (PL-BEYOND-AS, PL),

Reverse DNS

ip-109-205-48-238.beyond.pl

Software

nginx /

Resource Hash

67f5e531d77237749b7c72cc0dcd8bb61c30d39e3370926fb3af7d4ae0ec47b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language: pl-PL,pl;q=0.9

Response headers

Cache-Control: max-age=0, private, must-revalidate
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Fri, 10 Nov 2023 13:30:35 GMT
ETag: W/"67f5e531d77237749b7c72cc0dcd8bb6"
Link: </assets/payment-59458b7c0ad0f2daf20cf7b2880f845b21b558d892d0a3bd40965b61abc20250.css>; rel=preload; as=style; nopush,<https://js.espago.com/espago-1.2.js>; rel=preload; as=script; nopush,</assets/payment-548e9076ed16a628ec1b86012ac9192a877ccd578ae9565cca67e289fba26ab3.js>; rel=preload; as=script; nopush
Referrer-Policy: strict-origin-when-cross-origin
Server: nginx
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 0

GET
H/1.1 200
OK payment-59458b7c0ad0f2daf20cf7b2880f845b21b558d892d0a3bd40965b61abc20250.css
payment.wavemiedzyzdroje.pl/assets/ 21 KB
6 KB 33ms
28ms Stylesheet
text/css 109.205.48.238
PL-BEYOND-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://payment.wavemiedzyzdroje.pl/assets/payment-59458b7c0ad0f2daf20cf7b2880f845b21b558d892d0a3bd40965b61abc20250.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 109.205.48.238 Olsztyn, Poland, ASN31229 (PL-BEYOND-AS, PL),
Reverse DNS: ip-109-205-48-238.beyond.pl
Software: nginx /
Resource Hash: 8528ea0d9178af01a7b548100e3411df010e993d3864a181387c22e899085474

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://payment.wavemiedzyzdroje.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date: Fri, 10 Nov 2023 13:30:35 GMT
Content-Encoding: gzip
Last-Modified: Tue, 04 Apr 2023 23:19:16 GMT
Server: nginx
ETag: W/"642cb074-5387"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/css
Connection: keep-alive

GET
H2 200 espago-1.2.js Show response
js.espago.com/ 19 KB
19 KB 168ms
65ms Script
application/javascript 109.205.48.207
PL-BEYOND-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://js.espago.com/espago-1.2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

109.205.48.207 Olsztyn, Poland, ASN31229 (PL-BEYOND-AS, PL),

Reverse DNS

ip-109-205-48-207.beyond.pl

Software

nginx /

Resource Hash

ee3f392b61d92263c940ae54f92b84cdf00e760e00c0e77b0cc95065514162ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=16000000; includeSubDomains; preload;
X-Content-Type-Options	nosniff

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://payment.wavemiedzyzdroje.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date: Fri, 10 Nov 2023 13:30:35 GMT
strict-transport-security: max-age=16000000; includeSubDomains; preload;
x-content-type-options: nosniff
last-modified: Tue, 05 Feb 2019 16:03:34 GMT
server: nginx
etag: "5c59b3d6-4b22"
content-type: application/javascript
accept-ranges: bytes
content-length: 19234

GET
H/1.1 200
OK payment-548e9076ed16a628ec1b86012ac9192a877ccd578ae9565cca67e289fba26ab3.js Show response
payment.wavemiedzyzdroje.pl/assets/ 56 KB
14 KB 69ms
28ms Script
application/javascript 109.205.48.238
PL-BEYOND-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://payment.wavemiedzyzdroje.pl/assets/payment-548e9076ed16a628ec1b86012ac9192a877ccd578ae9565cca67e289fba26ab3.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 109.205.48.238 Olsztyn, Poland, ASN31229 (PL-BEYOND-AS, PL),
Reverse DNS: ip-109-205-48-238.beyond.pl
Software: nginx /
Resource Hash: de0d12db631817325a8c88f9bbed4467b02efbff671f29b9b32777ee764093f3

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://payment.wavemiedzyzdroje.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date: Fri, 10 Nov 2023 13:30:35 GMT
Content-Encoding: gzip
Last-Modified: Tue, 04 Apr 2023 23:19:16 GMT
Server: nginx
ETag: W/"642cb074-e011"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: keep-alive

GET
H/1.1 200
OK espago-98b6b59f4a80f1d6a28559f0395189a0745864218114ce90b78782e495e6b6c5.svg
payment.wavemiedzyzdroje.pl/assets/brand/ 9 KB
9 KB 75ms
29ms Image
image/svg+xml 109.205.48.238
PL-BEYOND-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://payment.wavemiedzyzdroje.pl/assets/brand/espago-98b6b59f4a80f1d6a28559f0395189a0745864218114ce90b78782e495e6b6c5.svg
Requested by: Host: payment.wavemiedzyzdroje.pl
URL: https://payment.wavemiedzyzdroje.pl/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 109.205.48.238 Olsztyn, Poland, ASN31229 (PL-BEYOND-AS, PL),
Reverse DNS: ip-109-205-48-238.beyond.pl
Software: nginx /
Resource Hash: 7225025fd58422e00264555a9939d7374337f217043435facc6feaccf2af9706

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://payment.wavemiedzyzdroje.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date: Fri, 10 Nov 2023 13:30:35 GMT
Last-Modified: Mon, 24 Jan 2022 22:05:06 GMT
Server: nginx
ETag: "61ef2292-2501"
Content-Type: image/svg+xml
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 9473

GET
H/1.1 200
OK SourceSansPro-Regular-8266941677f003341882bad669a69b56d7fb365709ec49c6c5a1aad0af4f4a63.ttf
payment.wavemiedzyzdroje.pl/assets/ 287 KB
287 KB 33ms
31ms Font
application/octet-stream 109.205.48.238
PL-BEYOND-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://payment.wavemiedzyzdroje.pl/assets/SourceSansPro-Regular-8266941677f003341882bad669a69b56d7fb365709ec49c6c5a1aad0af4f4a63.ttf
Requested by: Host: payment.wavemiedzyzdroje.pl
URL: https://payment.wavemiedzyzdroje.pl/assets/payment-59458b7c0ad0f2daf20cf7b2880f845b21b558d892d0a3bd40965b61abc20250.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 109.205.48.238 Olsztyn, Poland, ASN31229 (PL-BEYOND-AS, PL),
Reverse DNS: ip-109-205-48-238.beyond.pl
Software: nginx /
Resource Hash: 71d10a86b4c54a5a9c0c8b467e53ac67d79edb96c956e4e9f65a7074dfb9992a

Request headers

Referer: https://payment.wavemiedzyzdroje.pl/assets/payment-59458b7c0ad0f2daf20cf7b2880f845b21b558d892d0a3bd40965b61abc20250.css
Origin: https://payment.wavemiedzyzdroje.pl
accept-language: pl-PL,pl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Date: Fri, 10 Nov 2023 13:30:35 GMT
Last-Modified: Mon, 24 Jan 2022 22:05:06 GMT
Server: nginx
ETag: "61ef2292-47a8c"
Content-Type: application/octet-stream
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 293516

GET
H2 200 nr-rum-1.246.1.min.js Show response
js-agent.newrelic.com/ 44 KB
16 KB 195ms
57ms Script
application/javascript 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/nr-rum-1.246.1.min.js

Requested by

Host: payment.wavemiedzyzdroje.pl
URL: https://payment.wavemiedzyzdroje.pl/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.194.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

ef19e3064e5fd9e046a6f4661949e2c7b1c7862f5269ac227ab08b8f63da87fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://payment.wavemiedzyzdroje.pl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

x-amz-version-id: RDDAwCkVSpQHx6hy0l8q2dFgVzGGMuQC
content-encoding: br
via: 1.1 varnish
date: Fri, 10 Nov 2023 13:30:35 GMT
strict-transport-security: max-age=300
x-amz-request-id: DFZWV2Z0W8SVTMQ4
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 15673
x-amz-id-2: Y1o02ngYS9GSyYMTnZfNaLkZYF2Ng5U3OSMDbFJSoDOKwl98j5i58Sjtuv4hjeJbfl3Ks/nLW3I=
x-served-by: cache-fra-eddf8230099-FRA
last-modified: Tue, 31 Oct 2023 15:33:55 GMT
server: AmazonS3
x-timer: S1699623036.845440,VS0,VE0
etag: "04fdba12d14ecd22e6ac743bca4e0072"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=86400, stale-if-error=86400
accept-ranges: bytes
x-cache-hits: 123873

POST
H/1.1 200
OK 63e62dbf81 Show response
bam.nr-data.net/1/ 40 B
417 B 253ms
151ms XHR
text/plain 162.247.243.29
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/1/63e62dbf81?a=292075889&v=1.246.1&to=JV9ZFUFWCFhXRh5CAwFVRE5bVglR&rst=918&ck=0&s=45dfca9b28cf1f9d&ref=https://payment.wavemiedzyzdroje.pl/&ap=17&be=190&fe=459&dc=270&fsh=1&perf=%7B%22timing%22:%7B%22of%22:1699623035031,%22n%22:0,%22f%22:0,%22dn%22:60,%22dne%22:60,%22c%22:60,%22s%22:98,%22ce%22:133,%22rq%22:133,%22rp%22:191,%22rpe%22:206,%22di%22:450,%22ds%22:450,%22de%22:460,%22dc%22:646,%22l%22:646,%22le%22:649%7D,%22navigation%22:%7B%7D%7D&fp=457&fcp=457
Requested by: Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-rum-1.246.1.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.29 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 24c98b3653a1a89489a370d23ab35375bba6bf386f5c2cf8a34f59f1ee7ab2ee

Request headers

Referer: https://payment.wavemiedzyzdroje.pl/
accept-language: pl-PL,pl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
content-type: text/plain

Response headers

date: Fri, 10 Nov 2023 13:30:36 GMT
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
content-type: text/plain
access-control-allow-origin: https://payment.wavemiedzyzdroje.pl
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
Connection: keep-alive
Content-Length: 40
x-served-by: cache-fra-eddf8230111-FRA

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			payment.wavemiedzyzdroje.pl/	1970-01-21 01:43:03	Name: locale Value: pl
			payment.wavemiedzyzdroje.pl/	1969-12-31 23:59:59	Name: _links_payment_session Value: TDRRz%2BatMdWlNkcVxDRFWILNylaJMnV5H%2Fqh2cngY44EESe5vZrPCnWBJx6ncuElyOialxIL1R7L0cBpcRisxzkwCJIqdOmb4yH6bl3l7P2UKiEIcjnzv8vFeD1lKamzWt9sbR9v10G%2BSZeXmrWipQ560nf8oqeUIaglFVeguEAAtBtu4xgga8TTWuRyul4o%2B3cN2xIoF6qUkfRrKY%2Bj5%2BqzwLBVmufihK7dgW6Ee%2BwG%2FNWekaKKsLTLs5I0EBaQdIDcrCpG13OXD%2BIGEr1wy0x2M0tm5tzu43nSr47v--PsayIM2g6bVAVNO%2F--lvGwsW0RO09yfecdqLmPpQ%3D%3D

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bam.nr-data.net
js-agent.newrelic.com
js.espago.com
payment.wavemiedzyzdroje.pl
109.205.48.207
109.205.48.238
151.101.194.137
162.247.243.29
24c98b3653a1a89489a370d23ab35375bba6bf386f5c2cf8a34f59f1ee7ab2ee
67f5e531d77237749b7c72cc0dcd8bb61c30d39e3370926fb3af7d4ae0ec47b5
71d10a86b4c54a5a9c0c8b467e53ac67d79edb96c956e4e9f65a7074dfb9992a
7225025fd58422e00264555a9939d7374337f217043435facc6feaccf2af9706
8528ea0d9178af01a7b548100e3411df010e993d3864a181387c22e899085474
de0d12db631817325a8c88f9bbed4467b02efbff671f29b9b32777ee764093f3
ee3f392b61d92263c940ae54f92b84cdf00e760e00c0e77b0cc95065514162ba
ef19e3064e5fd9e046a6f4661949e2c7b1c7862f5269ac227ab08b8f63da87fe

payment.wavemiedzyzdroje.pl Open in urlscan Pro 109.205.48.238 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

8 Requests

100 %HTTPS

0 %IPv6

4 Domains

4 Subdomains

4 IPs

2 Countries

365 kBTransfer

467 kBSize

2 Cookies

1 Outgoing links

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

2 Cookies

Security Headers

Indicators

payment.wavemiedzyzdroje.pl Open in urlscan Pro
109.205.48.238 Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

365 kB
Transfer

467 kB
Size

2
Cookies

8 HTTP transactions
0 data transactions