olx.olxpaypl.pl
Open in
urlscan Pro
2606:4700:3037::ac43:ab75
Malicious Activity!
Public Scan
Submission: On February 01 via manual from PL
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on January 15th 2021. Valid for: a year.
This is the only time olx.olxpaypl.pl was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: OLX Group (E-commerce)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
6 | 2606:4700:303... 2606:4700:3037::ac43:ab75 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 185.199.110.153 185.199.110.153 | 54113 (FASTLY) (FASTLY) | |
1 | 2a00:1450:400... 2a00:1450:4001:809::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a02:6ea0:c70... 2a02:6ea0:c700::3 | 60068 (CDN77 (^_^)/) (CDN77 (^_^)/) | |
1 | 151.101.112.193 151.101.112.193 | 54113 (FASTLY) (FASTLY) | |
1 | 18.159.76.117 18.159.76.117 | 16509 (AMAZON-02) (AMAZON-02) | |
6 | 2a02:6ea0:c70... 2a02:6ea0:c700::4 | 60068 (CDN77 (^_^)/) (CDN77 (^_^)/) | |
21 | 8 |
ASN16509 (AMAZON-02, US)
PTR: ec2-18-159-76-117.eu-central-1.compute.amazonaws.com
bootstrap.smartsuppchat.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
smartsuppcdn.com
widget-v2.smartsuppcdn.com |
224 KB |
6 |
olxpaypl.pl
olx.olxpaypl.pl |
116 KB |
2 |
smartsuppchat.com
www.smartsuppchat.com bootstrap.smartsuppchat.com |
8 KB |
1 |
imgur.com
i.imgur.com |
37 KB |
1 |
googleapis.com
fonts.googleapis.com |
739 B |
1 |
github.io
necolas.github.io |
2 KB |
0 |
olx.pl
Failed
www.olx.pl Failed |
|
21 | 7 |
Domain | Requested by | |
---|---|---|
6 | widget-v2.smartsuppcdn.com |
www.smartsuppchat.com
widget-v2.smartsuppcdn.com olx.olxpaypl.pl |
6 | olx.olxpaypl.pl |
olx.olxpaypl.pl
|
1 | bootstrap.smartsuppchat.com |
www.smartsuppchat.com
|
1 | i.imgur.com |
olx.olxpaypl.pl
|
1 | www.smartsuppchat.com |
olx.olxpaypl.pl
|
1 | fonts.googleapis.com |
olx.olxpaypl.pl
|
1 | necolas.github.io |
olx.olxpaypl.pl
|
0 | www.olx.pl Failed |
olx.olxpaypl.pl
|
21 | 8 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-01-15 - 2022-01-14 |
a year | crt.sh |
www.github.com DigiCert SHA2 High Assurance Server CA |
2020-05-06 - 2022-04-14 |
2 years | crt.sh |
upload.video.google.com GTS CA 1O1 |
2021-01-05 - 2021-03-30 |
3 months | crt.sh |
*.smartsuppchat.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1 |
2020-12-02 - 2021-12-30 |
a year | crt.sh |
*.imgur.com DigiCert SHA2 Secure Server CA |
2020-01-15 - 2022-03-16 |
2 years | crt.sh |
*.smartsuppcdn.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1 |
2020-11-03 - 2021-12-04 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://olx.olxpaypl.pl/cash88030506
Frame ID: 08BAA7CD9CD1C6A1E6F13F027AB55CF1
Requests: 17 HTTP requests in this frame
Frame:
https://widget-v2.smartsuppcdn.com/static/js/runtime-main.fd743743.js
Frame ID: 92B8C643C8B98F92D11D21E04B381A20
Requests: 5 HTTP requests in this frame
Screenshot
Detected technologies
CloudFlare (CDN) ExpandDetected patterns
- headers server /^cloudflare$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 9- https://olx.olxpaypl.pl/assets/fonts/firasans-medium.6d0873.woff HTTP 302
- https://www.olx.pl/assets/fonts/firasans-medium.6d0873.woff
- https://olx.olxpaypl.pl/assets/fonts/firasans-medium.12a58b.ttf HTTP 302
- https://www.olx.pl/assets/fonts/firasans-medium.12a58b.ttf
- https://olx.olxpaypl.pl/assets/fonts/opensans-semibold.1d8cbd.woff HTTP 302
- https://www.olx.pl/assets/fonts/opensans-semibold.1d8cbd.woff
- https://olx.olxpaypl.pl/assets/fonts/opensans-semibold.e1c83f.ttf HTTP 302
- https://www.olx.pl/assets/fonts/opensans-semibold.e1c83f.ttf
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
cash88030506
olx.olxpaypl.pl/ |
29 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
common.css
olx.olxpaypl.pl/assets/css/ |
404 KB 64 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
payments.css
olx.olxpaypl.pl/assets/css/ |
39 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
normalize.css
necolas.github.io/normalize.css/8.0.1/ |
6 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
4 KB 739 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
olx.olxpaypl.pl/ |
35 KB 36 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loader.js
www.smartsuppchat.com/ |
21 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
NXCI8Id.jpg
i.imgur.com/ |
37 KB 37 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
secure.62a90a.svg
olx.olxpaypl.pl/assets/img/ |
1 KB 821 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
shipping.0b7110.svg
olx.olxpaypl.pl/assets/img/ |
725 B 727 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
firasans-medium.6d0873.woff
www.olx.pl/assets/fonts/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 4 KB |
Font
font/truetype |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
674cf9109bfa935c44b7d00ab203663fbce25f0a.json
bootstrap.smartsuppchat.com/widget/ |
720 B 964 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
asset-manifest.json
widget-v2.smartsuppcdn.com/ |
2 KB 689 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
firasans-medium.12a58b.ttf
www.olx.pl/assets/fonts/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
runtime-main.fd743743.js
widget-v2.smartsuppcdn.com/static/js/ Frame 92B8 |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3.e3623732.chunk.js
widget-v2.smartsuppcdn.com/static/js/ Frame 92B8 |
646 KB 185 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.b06cfc68.chunk.js
widget-v2.smartsuppcdn.com/static/js/ Frame 92B8 |
106 KB 26 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
opensans-semibold.1d8cbd.woff
www.olx.pl/assets/fonts/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
en.json
widget-v2.smartsuppcdn.com/translates/ Frame 92B8 |
4 KB 2 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
blackberry2.mp3
widget-v2.smartsuppcdn.com/assets/sounds/ Frame 92B8 |
9 KB 9 KB |
Media
audio/mpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
opensans-semibold.e1c83f.ttf
www.olx.pl/assets/fonts/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- www.olx.pl
- URL
- https://www.olx.pl/assets/fonts/firasans-medium.6d0873.woff
- Domain
- www.olx.pl
- URL
- https://www.olx.pl/assets/fonts/firasans-medium.12a58b.ttf
- Domain
- www.olx.pl
- URL
- https://www.olx.pl/assets/fonts/opensans-semibold.1d8cbd.woff
- Domain
- www.olx.pl
- URL
- https://www.olx.pl/assets/fonts/opensans-semibold.e1c83f.ttf
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: OLX Group (E-commerce)16 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| _smartsupp function| smartsupp function| setImmediate function| clearImmediate boolean| SMARTSUPP_LOADED object| $smartsupp2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
olx.olxpaypl.pl/ | Name: 0800fc577294c34e0b28ad2839435945 Value: OTkxNzFhOTc2MTRmNzAzNzNmMzc1OTZmZTNiMTIxZjE%3D |
|
.olxpaypl.pl/ | Name: __cfduid Value: d7048ebffc011341f3abeaabd69d013dc1612181144 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bootstrap.smartsuppchat.com
fonts.googleapis.com
i.imgur.com
necolas.github.io
olx.olxpaypl.pl
widget-v2.smartsuppcdn.com
www.olx.pl
www.smartsuppchat.com
www.olx.pl
151.101.112.193
18.159.76.117
185.199.110.153
2606:4700:3037::ac43:ab75
2a00:1450:4001:809::200a
2a02:6ea0:c700::3
2a02:6ea0:c700::4
0d17c2653e761f1126a917064534a4dcdc2ad5a8bd8d583ded616674299c14e3
0ecbc9da79495a5b0460d0cfca200aa6064528d86b749576c18d083386f9a8f0
19601dc9c8c99a0e227d86ca446759bd98dff95910e474fea5a9b4e16f5b34e9
1b725f674b3b9f763dbd7400f898e3abb5c49e038f816ba268778536f3fe4bda
231ebc32cadbd1fd54f7ed9f9d8133373ad85f374b2fa2cfea712259197228f4
2479ba2e618ae4c6b3e1b289b7eb8b1d73504a66ac0b6c349d3b008bb43f0734
2dac82c181db29f567f8c6a98cb9dfc7cede1f4972031d27e374eb50cb6c23b6
3bdbebe8dcdcdcc3bcd63b11f927e0a5dd0b30ef0234e33669ea5225dee2e7d5
580818700724d42d7fcc4979b0197971fca1c6d2e0286769237a0ac897df5512
5e51a2831278b333383008645aed891edad3d26489380a1e57161e2df2a78e99
65f30861e432332de2693156980229db5445b909e0995e02f6c10b8c8ed86e29
713a1269cbe341333f360d6767939d33c6dc04754fe9028b34deb6ac59e0fc1a
a7142009b2fe89287c32d25ef057441e8966f205a2686c9b3fe4fd33bd1d1743
adb6323b98c72f04f2f5b94d283e51a74d7161bafb15c12fe994fd338d98d659
b3eef1a27fddc5cdb1e308c5417b692a43fabda5e6cd40bb9794d3e09c069fc8
b5f606dbe2fad9ce5055dea432d2955cc6a2f7eb92fb3abc56897bf90e5d2365
bffc353fcd98b8c3fd77fad0117dc6ce41ab85a046a60989f27b6d3d6bc63036
cd255fe83d09bf0230137b0538323aed945980816e7ae219a5a247a1ad6b2dd1