pl.olxdelivery.com
Open in
urlscan Pro
94.154.129.50
Malicious Activity!
Public Scan
Effective URL: https://pl.olxdelivery.com/pay/158207459625
Submission: On April 04 via manual from PL
Summary
TLS certificate: Issued by R3 on March 16th 2021. Valid for: 3 months.
This is the only time pl.olxdelivery.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: OLX Group (E-commerce)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 14 | 94.154.129.50 94.154.129.50 | 44015 (LANDGARD-AS) (LANDGARD-AS) | |
1 | 2a00:1450:400... 2a00:1450:4001:827::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2606:4700::68... 2606:4700::6810:125e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
7 | 2606:4700::68... 2606:4700::6812:acf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 176.126.172.116 176.126.172.116 | 203053 (CLAUSWEB) (CLAUSWEB) | |
1 | 2a00:1450:400... 2a00:1450:4001:803::200e | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a02:6ea0:c70... 2a02:6ea0:c700::3 | 60068 (CDN77 (^_^)/) (CDN77 (^_^)/) | |
1 | 3.120.72.169 3.120.72.169 | 16509 (AMAZON-02) (AMAZON-02) | |
4 | 2a02:6ea0:c70... 2a02:6ea0:c700::4 | 60068 (CDN77 (^_^)/) (CDN77 (^_^)/) | |
30 | 9 |
ASN203053 (CLAUSWEB, RO)
PTR: cw176-abf-agb116.romania-webhosting.com
www.romaniajournal.ro |
ASN15169 (GOOGLE, US)
encrypted-tbn0.gstatic.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-3-120-72-169.eu-central-1.compute.amazonaws.com
bootstrap.smartsuppchat.com |
ASN60068 (CDN77 (^_^)/, GB)
widget-v2.smartsuppcdn.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
olxdelivery.com
1 redirects
pl.olxdelivery.com |
183 KB |
7 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com |
21 KB |
4 |
smartsuppcdn.com
widget-v2.smartsuppcdn.com |
214 KB |
2 |
smartsuppchat.com
www.smartsuppchat.com bootstrap.smartsuppchat.com |
9 KB |
1 |
gstatic.com
encrypted-tbn0.gstatic.com |
2 KB |
1 |
romaniajournal.ro
www.romaniajournal.ro |
36 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com |
3 KB |
1 |
googleapis.com
ajax.googleapis.com |
30 KB |
30 | 8 |
Domain | Requested by | |
---|---|---|
14 | pl.olxdelivery.com |
1 redirects
pl.olxdelivery.com
|
7 | maxcdn.bootstrapcdn.com |
pl.olxdelivery.com
|
4 | widget-v2.smartsuppcdn.com |
www.smartsuppchat.com
|
1 | bootstrap.smartsuppchat.com |
www.smartsuppchat.com
|
1 | www.smartsuppchat.com |
pl.olxdelivery.com
|
1 | encrypted-tbn0.gstatic.com |
pl.olxdelivery.com
|
1 | www.romaniajournal.ro |
pl.olxdelivery.com
|
1 | cdnjs.cloudflare.com |
pl.olxdelivery.com
|
1 | ajax.googleapis.com |
pl.olxdelivery.com
|
30 | 9 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
pl.olxdelivery.com R3 |
2021-03-16 - 2021-06-14 |
3 months | crt.sh |
upload.video.google.com GTS CA 1O1 |
2021-03-16 - 2021-06-08 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-10-21 - 2021-10-20 |
a year | crt.sh |
www.romaniajournal.ro GoGetSSL RSA DV CA |
2021-02-25 - 2022-03-28 |
a year | crt.sh |
*.gstatic.com GTS CA 1O1 |
2021-03-16 - 2021-06-08 |
3 months | crt.sh |
*.smartsuppchat.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1 |
2020-12-02 - 2021-12-30 |
a year | crt.sh |
*.smartsuppcdn.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1 |
2020-11-03 - 2021-12-04 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://pl.olxdelivery.com/pay/158207459625
Frame ID: 2A746460E3212908609CD67E3B6BDE29
Requests: 27 HTTP requests in this frame
Frame:
https://widget-v2.smartsuppcdn.com/static/js/runtime-main.1f6e870a.js
Frame ID: A54F7D1CB120396AC393B90D167E0644
Requests: 3 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://pl.olxdelivery.com/pay/158207459625
HTTP 307
https://pl.olxdelivery.com/pay/158207459625 Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://pl.olxdelivery.com/pay/158207459625
HTTP 307
https://pl.olxdelivery.com/pay/158207459625 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
30 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
158207459625
pl.olxdelivery.com/pay/ Redirect Chain
|
596 KB 68 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.4.1/ |
86 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.maskedinput.js
cdnjs.cloudflare.com/ajax/libs/jquery.maskedinput/1.4.1/ |
10 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cpg_waiter.css
pl.olxdelivery.com/pay/pay_files/ |
2 KB 473 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.selectBox.css
pl.olxdelivery.com/pay/pay_files/ |
4 KB 999 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pay-card.css
pl.olxdelivery.com/pay/pay_files/ |
595 KB 54 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
es5-shim.min.js
pl.olxdelivery.com/pay/pay_files/ |
25 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.selectBox.min.js
pl.olxdelivery.com/pay/pay_files/ |
15 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rb.js
pl.olxdelivery.com/pay/pay_files/ |
402 B 275 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
common.js
pl.olxdelivery.com/pay/pay_files/ |
2 KB 858 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cpg_waiter.js
pl.olxdelivery.com/pay/pay_files/ |
14 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
standard_waiter.js
pl.olxdelivery.com/pay/pay_files/ |
8 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/4.5.2/css/ |
157 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
_buttons.scss
maxcdn.bootstrapcdn.com/bootstrap/scss/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
_reboot.scss
maxcdn.bootstrapcdn.com/bootstrap/scss/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
_modal.scss
maxcdn.bootstrapcdn.com/bootstrap/scss/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loader.gif
pl.olxdelivery.com/pay/pay_files/ |
3 KB 3 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
OLX_Rebranding.png
www.romaniajournal.ro/wp-content/uploads/2020/04/ |
35 KB 36 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
confirm.jpg
pl.olxdelivery.com/ |
37 KB 37 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
images
encrypted-tbn0.gstatic.com/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
_buttons.scss
maxcdn.bootstrapcdn.com/bootstrap/scss/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
_reboot.scss
maxcdn.bootstrapcdn.com/bootstrap/scss/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
_modal.scss
maxcdn.bootstrapcdn.com/bootstrap/scss/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
youla-mobile-icons.svg
pl.olxdelivery.com/pay/ |
9 B 111 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loader.js
www.smartsuppchat.com/ |
21 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
792cefafd20ee074b446aac8b4cd35e513a44606.json
bootstrap.smartsuppchat.com/widget/ |
8 KB 3 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
asset-manifest.json
widget-v2.smartsuppcdn.com/ |
1 KB 634 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
runtime-main.1f6e870a.js
widget-v2.smartsuppcdn.com/static/js/ Frame A54F |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3.60fdb476.chunk.js
widget-v2.smartsuppcdn.com/static/js/ Frame A54F |
660 KB 186 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.d8cd5cd9.chunk.js
widget-v2.smartsuppcdn.com/static/js/ Frame A54F |
104 KB 26 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: OLX Group (E-commerce)41 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery undefined| returnExports function| SelectBox function| rb undefined| isSubmitButtonClicked undefined| isPasteDetected function| removeCardIdFromSelect function| removeCardRequest function| putSubmitButtonClickPixel function| putCopyPasteFillPixel function| sendFrameResizeMessage function| hidePayCardWrapper function| showPayCardWrapper function| CpgWaiter function| getBaseUrl function| createCpgWaiter undefined| restartPoll undefined| hideWaiter function| createCpgStandardWaiter function| assignFormHandlers function| load function| nextcard function| nextpay function| cardlog object| _smartsupp function| smartsupp function| setImmediate function| clearImmediate boolean| SMARTSUPP_LOADED object| $smartsupp3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.pl.olxdelivery.com/ | Name: __ddgid Value: je17WAFYakIWM1zR |
|
.pl.olxdelivery.com/ | Name: __ddgmark Value: K6jfuit0LNoQ49Fd |
|
.olxdelivery.com/ | Name: __ddg1 Value: 8fbP0D0CdRI0veM7THJ4 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=604800 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
bootstrap.smartsuppchat.com
cdnjs.cloudflare.com
encrypted-tbn0.gstatic.com
maxcdn.bootstrapcdn.com
pl.olxdelivery.com
widget-v2.smartsuppcdn.com
www.romaniajournal.ro
www.smartsuppchat.com
176.126.172.116
2606:4700::6810:125e
2606:4700::6812:acf
2a00:1450:4001:803::200e
2a00:1450:4001:827::200a
2a02:6ea0:c700::3
2a02:6ea0:c700::4
3.120.72.169
94.154.129.50
0019dfc4b32d63c1392aa264aed2253c1e0c2fb09216f8e2cc269bbfb8bb49b5
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
0c0155e4a44465b078d9d27b0942265f4da2728b2c0d5ca8cde6c33dcc08daee
0d17c2653e761f1126a917064534a4dcdc2ad5a8bd8d583ded616674299c14e3
12deefa8218c829188d170c77c49fe8996f9d5410ee40aa50164fb318ba64d8e
1862c9880175fa8efd1f4dbbe1b6b259da83e4347c93d17f02cd9291baac4300
42bef8a1c0b349f74a67922fd8043197994f7e7fb81b99e8b09f3fc8a4f77bff
5a33c07b0f4d4d445fc1c3c0b1f6de26475abe54b9648a653e0bf633252d09c5
5b0fbe5b7ad705f6a937c4998ad02f73d8f0d976fe231b74aef0ec996990c93a
618a29f18c179437af17595089d0d588424fec6fa965582b95658dbd0912c824
6db48a16bc1163bab7b56e9f36e40c07048cc1fd9ab9132d7b30ed7b976e6f11
6f89040fe20f30418d7b861165c536a6c77c86d8a4bd15a9a27f3909f33b2e2d
71f3ef549efada6191a4dfdc9f49350e812fe499b8836c5232120d924f7777cc
7ef14a1e070a6a2ec9ff44ccf5e923cb2a460c5861a3db8a9ae1e21557d27020
7fd84b8efa2c65b91c8f7fe2961bc1d2bb771a4f778df55660e60c7bb9072f9f
a55e338300024ec7d47ccdbcafa496a1fa700749a6d2f515c604a3fe278758d5
b1f4b2b5014d5a60523c88dbdd44c2a453c56009c7ce7e6ef37ae6380c8157ff
b5ccfb8a280bf080e1ca7b495e00bb24dad5a8c5568462a345788284d3d808e5
bffc353fcd98b8c3fd77fad0117dc6ce41ab85a046a60989f27b6d3d6bc63036
c85a5685c0c8d6ba0cf0fb33bbe296297c402fbe57f2ab03afa23e988ab3a433
ce53740de345840361c675748bb2faf91d23096ba590b990783c010cd9345264
ec26f9815468cf50679868ae50993420ab25b686be16b1b8d89c3706d00a0bf2
f04e08b36e901f46c3e765a8429701f91fed71642da73942a23af26d477b331a
fe0d2070b0650c949e96a6ff804be976c3f3a3d6c8ab100253bd2b43b6df6cfb