olx.ogl24.pl
Open in
urlscan Pro
172.67.185.168
Malicious Activity!
Public Scan
Submission: On August 26 via api from JP — Scanned from PL
Summary
TLS certificate: Issued by GTS CA 1P5 on August 21st 2023. Valid for: 3 months.
This is the only time olx.ogl24.pl was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayU (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 | 172.67.185.168 172.67.185.168 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 142.250.185.74 142.250.185.74 | 15169 (GOOGLE) (GOOGLE) | |
1 | 141.193.213.10 141.193.213.10 | 209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare) | |
4 | 13.227.219.30 13.227.219.30 | 16509 (AMAZON-02) (AMAZON-02) | |
11 | 4 |
ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f10.1e100.net
ajax.googleapis.com |
ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)
www.leadsquared.com |
ASN16509 (AMAZON-02, US)
PTR: server-13-227-219-30.ams54.r.cloudfront.net
static.payu.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
ogl24.pl
olx.ogl24.pl |
130 KB |
4 |
payu.com
static.payu.com — Cisco Umbrella Rank: 257807 |
404 KB |
1 |
leadsquared.com
www.leadsquared.com |
3 KB |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 366 |
33 KB |
11 | 4 |
Domain | Requested by | |
---|---|---|
5 | olx.ogl24.pl |
olx.ogl24.pl
|
4 | static.payu.com |
olx.ogl24.pl
|
1 | www.leadsquared.com |
olx.ogl24.pl
|
1 | ajax.googleapis.com |
olx.ogl24.pl
|
11 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
static.payu.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
ogl24.pl GTS CA 1P5 |
2023-08-21 - 2023-11-19 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-08-07 - 2023-10-30 |
3 months | crt.sh |
www.leadsquared.com Cloudflare Inc ECC CA-3 |
2022-09-28 - 2023-09-27 |
a year | crt.sh |
static.payu.com Entrust Certification Authority - L1K |
2023-03-20 - 2024-03-20 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://olx.ogl24.pl/ba0b314f-9d23-4203-8feb-b229d84b9454/payu
Frame ID: 532AE181AAAEAE807A15867C0FC0D269
Requests: 11 HTTP requests in this frame
Screenshot
Page Title
PayUDetected technologies
WordPress (CMS) ExpandDetected patterns
- /wp-(?:content|includes)/
jQuery (JavaScript Libraries) Expand
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Title: psady płatności PayU
Search URL Search Domain Scan URL
Title: Polityką Plików Cookies
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
payu
olx.ogl24.pl/ba0b314f-9d23-4203-8feb-b229d84b9454/ |
176 KB 58 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.45d9c61c4331.css
olx.ogl24.pl/static/ |
40 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.11.1/ |
94 KB 33 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
olx.png
www.leadsquared.com/wp-content/uploads/2022/03/ |
2 KB 3 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
blik.svg
olx.ogl24.pl/static/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
load.png
olx.ogl24.pl/static/ |
640 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
background_1920x1200.jpg
olx.ogl24.pl/static/ |
59 KB 59 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
opensans-semibold-webfont.woff
static.payu.com/fonts/ |
89 KB 90 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
opensans-regular-webfont.woff
static.payu.com/fonts/ |
87 KB 88 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
opensans-light-webfont.woff
static.payu.com/fonts/ |
84 KB 85 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PFBeauSansPro-Bold.woff
static.payu.com/fonts/ |
142 KB 142 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayU (Financial)20 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture function| $ function| jQuery function| generateString function| blikPayment function| waitingScreen function| cardPayment function| showOther function| showOther2 function| provideCardData function| changeCurrency1 function| parse function| backToCards function| hideWire function| changeCurrency function| showWire function| showOther3 function| formatString function| isNumberKey function| pay0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
olx.ogl24.pl
static.payu.com
www.leadsquared.com
13.227.219.30
141.193.213.10
142.250.185.74
172.67.185.168
08409343cceb460ccc130f464a20e347794b9347939043952964ef65a78563bd
0e1480fb0263b175fe83e27189cd093e9cd4973ead5addeacd3746f82ae4bc74
0fe491e2047389b9deb7a06fd36de7fec03af2791ec29461be02571cbebdb4ab
1dbb56e774834e5cf44bbacfacde7e486ce47b9ce6e77a6113c92450ad255cde
431817115e31ff8604ab76a86ce6ed55d02cd5ea7332bd0ed3d15d9b5bf9aaae
47145161018824891e6bbaec9ee81a5083a6b31e959d1b019640833524d6e0f2
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
62982a8122fc60399102627e311a2386f631c8410a82a126a4055fc8b8d98c3f
9650a5ba277274205e90974e7fb4183289ca51653c33fc291ad064bf8dd998e1
c8b380cdc92601f7195d0cd34c777bcdee7dcd285e110534a8cf48bfa7d8b2e8
f90f2fc71bf74b52f8cb3e438d7547cb1e7ff57935f5525824349a094b008cac