pay.oferta-dis.fun Open in urlscan Pro
188.114.97.3 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://pay.oferta-dis.fun/
Effective URL:
https://pay.oferta-dis.fun/LL/dd10dea8ab3b0475cdceb6305470daad/login/?param1=860&param2=1622
Submission Tags: suspect
Submission: On December 29 via api (December 29th 2024, 1:51:55 pm UTC) from BR — Scanned from NL

Summary HTTP 15 Redirects Links 12 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 1 domains to perform 15 HTTP transactions. The main IP is 188.114.97.3, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is pay.oferta-dis.fun.
TLS certificate: Issued by WE1 on December 29th 2024. Valid for: 3 months.

This is the only time pay.oferta-dis.fun was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 4	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	188.114.97.3 188.114.97.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
15	3

4 2a06:98c1:3120::3 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

pay.oferta-dis.fun	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 188.114.97.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

pay.oferta-dis.fun	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	oferta-dis.fun 2 redirects pay.oferta-dis.fun	432 KB
15	1

	Domain	Requested by
15	pay.oferta-dis.fun	2 redirects pay.oferta-dis.fun
15	1

This site contains links to these domains. Also see Links.

Domain
my.disney.com
privacy.thewaltdisneycompany.com
disneytermsofuse.com
www.disneyplus.com
help.disneyplus.com
preferences-mgr.trustarc.com
www.onetrust.com

Subject Issuer	Validity	Valid
oferta-dis.fun WE1	`2024-12-29` - `2025-03-29`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://pay.oferta-dis.fun/LL/dd10dea8ab3b0475cdceb6305470daad/login/?param1=860&param2=1622
Frame ID: 3F1275A15BE423003436D3727B7ABFEC
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Disney+

Page URL History Show full URLs

http://pay.oferta-dis.fun/ HTTP 307
https://pay.oferta-dis.fun/ Page URL
https://pay.oferta-dis.fun/LL/dd10dea8ab3b0475cdceb6305470daad?param1=860&param2=1622 HTTP 301
http://pay.oferta-dis.fun/LL/dd10dea8ab3b0475cdceb6305470daad/?param1=860&param2=1622 HTTP 307
https://pay.oferta-dis.fun/LL/dd10dea8ab3b0475cdceb6305470daad/?param1=860&param2=1622 HTTP 302
https://pay.oferta-dis.fun/LL/dd10dea8ab3b0475cdceb6305470daad/login/?param1=860&param2=1622 Page URL

Detected technologies

AngularJS (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

\bangular.{0,32}\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

15
Requests

87 %
HTTPS

50 %
IPv6

1
Domains

1
Subdomains

3
IPs

2
Countries

493 kB
Transfer

1223 kB
Size

2
Cookies

12 Outgoing links

These are links going to different origins than the main page.

URL: https://my.disney.com/
Title: i nie tylko

Search URL Search Domain Scan URL

URL: https://privacy.thewaltdisneycompany.com/pl/polityka-prywatnosci/
Title: Polityce prywatności

Search URL Search Domain Scan URL

URL: https://disneytermsofuse.com/polish/
Title: Warunków użytkowania Disney

Search URL Search Domain Scan URL

URL: https://www.disneyplus.com/legal/polityk%C4%85-dotycz%C4%85c%C4%85-plik%C3%B3w-cookie
Title: Polityką dotyczącą plików cookie

Search URL Search Domain Scan URL

URL: https://privacy.thewaltdisneycompany.com/pl/polityka-prywatnosci/uwagi-dotyczace-polityki-prywatnosci/
Title: Zasadami ochrony prywatności w WB i UE

Search URL Search Domain Scan URL

URL: https://www.disneyplus.com/legal/umowa-subskrypcji
Title: Umowa subskrypcji

Search URL Search Domain Scan URL

URL: https://help.disneyplus.com/?utm_source=disneyplus&utm_medium=web&utm_campaign=unified-footer&utm_content=home-page
Title: Pomoc

Search URL Search Domain Scan URL

URL: https://help.disneyplus.com/csp?id=csp_article_content&article=devices-supported
Title: Obsługiwane urządzenia

Search URL Search Domain Scan URL

URL: https://help.disneyplus.com/csp?id=csp_article_content&article=introduction
Title: O nas

Search URL Search Domain Scan URL

URL: https://preferences-mgr.trustarc.com/?pid=disney01&aid=disneyplusemea01&type=disneyplusemea
Title: Reklamy dostosowane do zainteresowań

Search URL Search Domain Scan URL

URL: https://privacy.thewaltdisneycompany.com/pl/
Title: plików cookie

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://pay.oferta-dis.fun/ HTTP 307
https://pay.oferta-dis.fun/ Page URL
https://pay.oferta-dis.fun/LL/dd10dea8ab3b0475cdceb6305470daad?param1=860&param2=1622 HTTP 301
http://pay.oferta-dis.fun/LL/dd10dea8ab3b0475cdceb6305470daad/?param1=860&param2=1622 HTTP 307
https://pay.oferta-dis.fun/LL/dd10dea8ab3b0475cdceb6305470daad/?param1=860&param2=1622 HTTP 302
https://pay.oferta-dis.fun/LL/dd10dea8ab3b0475cdceb6305470daad/login/?param1=860&param2=1622 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://pay.oferta-dis.fun/ HTTP 307
https://pay.oferta-dis.fun/

15 HTTP transactions
4 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ Show response pay.oferta-dis.fun/ Redirect Chain http://pay.oferta-dis.fun/ https://pay.oferta-dis.fun/	242 B 876 B	146ms 71ms	Document text/html	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://pay.oferta-dis.fun/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `dbd19d58a7b295a366f7156ded3dd48449ed517a60b15f7d7000cca5263b88e7` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 8f9a446ac92f9f5e-AMS content-encoding zstd content-type text/html; charset=UTF-8 date Sun, 29 Dec 2024 13:51:51 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lM1a0oSomvjXdFKB9yv%2Bw8BDYV4gS031E%2FtX1vUMLqDueaB%2FHEGQOUkqMkIYudCj1c%2BQKcznuG1SWQ8Cg5BItsStFHPt7HbtdbZawuD8qzdL7cUIGk8S5IIec0GoXiPJ0GLFjWa4BdQnB9Z0iSmW1RM%3D"}],"group":"cf-nel","max_age":604800} server cloudflare server-timing cfL4;desc="?proto=TCP&rtt=14361&min_rtt=14281&rtt_var=2307&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3897&recv_bytes=2249&delivery_rate=270039&cwnd=253&unsent_bytes=0&cid=052e6b590bb9f026&ts=79&x=0" vary Accept-Encoding Redirect headers Location https://pay.oferta-dis.fun/ Non-Authoritative-Reason HttpsUpgrades
GET H3	200	Primary Request / Show response pay.oferta-dis.fun/LL/dd10dea8ab3b0475cdceb6305470daad/login/ Redirect Chain https://pay.oferta-dis.fun/LL/dd10dea8ab3b0475cdceb6305470daad?param1=860&param2=1622 http://pay.oferta-dis.fun/LL/dd10dea8ab3b0475cdceb6305470daad/?param1=860&param2=1622 https://pay.oferta-dis.fun/LL/dd10dea8ab3b0475cdceb6305470daad/?param1=860&param2=1622 https://pay.oferta-dis.fun/LL/dd10dea8ab3b0475cdceb6305470daad/login/?param1=860&param2=1622	776 KB 295 KB	568ms 568ms	Document text/html	188.114.97.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://pay.oferta-dis.fun/LL/dd10dea8ab3b0475cdceb6305470daad/login/?param1=860&param2=1622 Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `96ab4d41e30488d8f5939c4a0b8bced39f9b7c41a9b5d4997ef3a4bbbfa24645` Request headers Referer https://pay.oferta-dis.fun/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0 Response headers alt-svc h3=":443"; ma=86400 cache-control no-cache, no-store, must-revalidate cf-cache-status DYNAMIC cf-ray 8f9a446c489bfdcb-SIN content-encoding zstd content-type text/html; charset=UTF-8 date Sun, 29 Dec 2024 13:51:52 GMT expires 0 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache priority u=0,i report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yeqRNBTSV1%2FkJObtd2p220Vii4JnQZRJz%2FJw3sm6%2Bi8k81cduMUdgYGght8HoC9nG3Dpz3sqwLRYt1R7ZXbdJEw6VN%2F2jclo2XoVcQxLBox3lzD7Kr5C%2BrSHLjy%2FOVwKqHWZ5dQ%3D"}],"group":"cf-nel","max_age":604800} server cloudflare server-timing cfL4;desc="?proto=QUIC&rtt=190726&min_rtt=190571&rtt_var=40324&sent=13&recv=9&lost=0&retrans=0&sent_bytes=4169&recv_bytes=4512&delivery_rate=3027&cwnd=12000&unsent_bytes=0&cid=a66affa544c68ef3&ts=573&x=1" cfExtPri cfHdrFlush;dur=0 vary Accept-Encoding Redirect headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 8f9a446b99c49f5e-AMS content-type text/html; charset=UTF-8 date Sun, 29 Dec 2024 13:51:51 GMT location login/?param1=860&param2=1622 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JY3H2XSIX5bgAy75064O%2ByBGjMaoDNcPfa8eDQq1R6KgkEl8V%2BCcfrwM5fkeJ%2BUALiG9fzpIjNJI9%2FxuhyIZaySWp4%2FO2hFVmwKsih2kD4J%2F%2FOrqkw5UlKKW2xMPW2QAvraaFdLIM%2BRZliV6pjoS%2FMo%3D"}],"group":"cf-nel","max_age":604800} server cloudflare server-timing cfL4;desc="?proto=TCP&rtt=14361&min_rtt=14213&rtt_var=1030&sent=16&recv=17&lost=0&retrans=0&sent_bytes=6578&recv_bytes=2636&delivery_rate=270039&cwnd=257&unsent_bytes=0&cid=052e6b590bb9f026&ts=168&x=0"
GET H2	404	favicon.ico pay.oferta-dis.fun/	280 B 682 B	54ms 54ms	Other text/html	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://pay.oferta-dis.fun/favicon.ico Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers User-Agent Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0 Referer https://pay.oferta-dis.fun/ Response headers cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding zstd cf-cache-status MISS report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tznhYBpdnfhi92eyZ0cSVMtgdxVzaA9svFjjRNGDVM6X4R7nihHIc5FlNlGUr35VoyVsOw%2FyQ39ivgwPyq6Xz7GG1eXiUqUeHTBLIzVnBGXVBNQfo%2FzrV9Md%2BLaAAeCAKnzz5J77YQHgKuv2uASN6CM%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8f9a446b59949f5e-AMS alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=TCP&rtt=14367&min_rtt=14213&rtt_var=1357&sent=14&recv=16&lost=0&retrans=0&sent_bytes=5830&recv_bytes=2636&delivery_rate=270039&cwnd=257&unsent_bytes=0&cid=052e6b590bb9f026&ts=151&x=0" date Sun, 29 Dec 2024 13:51:51 GMT content-type text/html; charset=iso-8859-1 vary Accept-Encoding server cloudflare
GET H3	200	jquery.min.js Show response pay.oferta-dis.fun/bower_components/jquery/dist/	85 KB 30 KB	773ms 772ms	Script application/javascript	188.114.97.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://pay.oferta-dis.fun/bower_components/jquery/dist/jquery.min.js Requested by Host: pay.oferta-dis.fun URL: https://pay.oferta-dis.fun/LL/dd10dea8ab3b0475cdceb6305470daad/login/?param1=860&param2=1622 Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de` Request headers User-Agent Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0 Referer https://pay.oferta-dis.fun/LL/dd10dea8ab3b0475cdceb6305470daad/login/?param1=860&param2=1622 Response headers content-encoding gzip cf-cache-status MISS etag "15283-62a5bb0b0d2a1-gzip" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x7PFCSmnkt8xOLplklcoLw8tt03ONrlECkC2OlSB3cqvqrfi42ZfWUPAmiB8XmkLazk8Re3TaFP9fzA8N0Rh6delcCyao5PHGuRgEhNbQUL3059z56TGsbV%2FsgOxdHY5GUptDGw%3D"}],"group":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=191485&min_rtt=190385&rtt_var=487&sent=287&recv=70&lost=0&retrans=0&sent_bytes=327435&recv_bytes=10334&delivery_rate=470099&cwnd=169200&unsent_bytes=0&cid=a66affa544c68ef3&ts=1349&x=1", cfExtPri, cfHdrFlush;dur=0 date Sun, 29 Dec 2024 13:51:52 GMT content-type application/javascript last-modified Sat, 28 Dec 2024 21:59:15 GMT vary Accept-Encoding priority u=1,i=?0 cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8f9a446fdabcfdcb-SIN accept-ranges bytes content-length 30138 server cloudflare
GET H3	200	ua-parser.min.js Show response pay.oferta-dis.fun/bower_components/ua-parser-js/dist/	17 KB 7 KB	761ms 760ms	Script application/javascript	188.114.97.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://pay.oferta-dis.fun/bower_components/ua-parser-js/dist/ua-parser.min.js Requested by Host: pay.oferta-dis.fun URL: https://pay.oferta-dis.fun/LL/dd10dea8ab3b0475cdceb6305470daad/login/?param1=860&param2=1622 Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0fda30cf243e7650bf3e1666eddeb4fbba6b788ede36753eda5e2964cc14c896` Request headers User-Agent Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0 Referer https://pay.oferta-dis.fun/LL/dd10dea8ab3b0475cdceb6305470daad/login/?param1=860&param2=1622 Response headers content-encoding gzip cf-cache-status MISS etag "4298-62a5bb0b0e241-gzip" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iTuqbTqEDbZFEd4T%2Fudt2dwHYpci0lFtrLckoaRDl9P02g9oaGdaeBJcFKGugS2zdfAVGjRV88loHRfNthJk%2BRAUHex%2Fk%2Fod2EAuQSWDELuoUSUiPqtG55TjOCoW3N2mMxe0OCg%3D"}],"group":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=191025&min_rtt=190571&rtt_var=643&sent=84&recv=34&lost=0&retrans=0&sent_bytes=88164&recv_bytes=8739&delivery_rate=63641&cwnd=48000&unsent_bytes=0&cid=a66affa544c68ef3&ts=1131&x=1", cfExtPri, cfHdrFlush;dur=14 date Sun, 29 Dec 2024 13:51:52 GMT content-type application/javascript last-modified Sat, 28 Dec 2024 21:59:15 GMT vary Accept-Encoding priority u=1,i=?0 cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8f9a446fdabdfdcb-SIN accept-ranges bytes content-length 6063 server cloudflare
GET H3	200	font-awesome.min.css pay.oferta-dis.fun/bower_components/font-awesome/css/	30 KB 8 KB	2456ms 2455ms	Stylesheet text/css	188.114.97.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://pay.oferta-dis.fun/bower_components/font-awesome/css/font-awesome.min.css Requested by Host: pay.oferta-dis.fun URL: https://pay.oferta-dis.fun/LL/dd10dea8ab3b0475cdceb6305470daad/login/?param1=860&param2=1622 Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd` Request headers User-Agent Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0 Referer https://pay.oferta-dis.fun/LL/dd10dea8ab3b0475cdceb6305470daad/login/?param1=860&param2=1622 Response headers content-encoding gzip cf-cache-status MISS etag "7918-62a5bb0b0d2a1-gzip" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q4LZnDw80Q4dibp8UEK9%2FOV24eX33hD2uJ9cIU%2Fit1rV9oGUlcH4CfBZmrNUaijgPv4F2rmuuPFrN57B21ouNWGcgXQvktwkBO%2BfdbQ6WUyLKW1fKDY%2B5vVtmzCsdtrR%2BgCpK3A%3D"}],"group":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=193114&min_rtt=190385&rtt_var=2141&sent=391&recv=98&lost=0&retrans=0&sent_bytes=445227&recv_bytes=12632&delivery_rate=29781&cwnd=190800&unsent_bytes=0&cid=a66affa544c68ef3&ts=3033&x=1", cfExtPri, cfHdrFlush;dur=0 date Sun, 29 Dec 2024 13:51:54 GMT content-type text/css last-modified Sat, 28 Dec 2024 21:59:15 GMT vary Accept-Encoding priority u=0,i=?0 cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8f9a446fdabffdcb-SIN accept-ranges bytes content-length 7053 server cloudflare
GET H3	200	jquery.maskedinput.min.js Show response pay.oferta-dis.fun/bower_components/jquery.maskedinput/dist/	16 KB 4 KB	761ms 760ms	Script application/javascript	188.114.97.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://pay.oferta-dis.fun/bower_components/jquery.maskedinput/dist/jquery.maskedinput.min.js Requested by Host: pay.oferta-dis.fun URL: https://pay.oferta-dis.fun/LL/dd10dea8ab3b0475cdceb6305470daad/login/?param1=860&param2=1622 Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `6a2f967ab83a1b16b06c60bbbbbe901f1719b620718f43ee6b7a48d7578cee67` Request headers User-Agent Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0 Referer https://pay.oferta-dis.fun/LL/dd10dea8ab3b0475cdceb6305470daad/login/?param1=860&param2=1622 Response headers content-encoding gzip cf-cache-status MISS etag "4001-62a5bb0b0e241-gzip" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=644zCBGXlt9bXm2Q7slkvq7%2F40QNw2a9sTZLKKxgn11JicFz1K81Q7hT2YxuZA30xRm9pdiqri1%2BHMGyaFDKx%2FfiQGQZGZ%2FrGrtJhfHJnWyxQJaa0NQSsvkPKinjJ9qGmQThnfs%3D"}],"group":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=191025&min_rtt=190571&rtt_var=643&sent=84&recv=34&lost=0&retrans=0&sent_bytes=88164&recv_bytes=8739&delivery_rate=63641&cwnd=48000&unsent_bytes=0&cid=a66affa544c68ef3&ts=1139&x=1", cfExtPri, cfHdrFlush;dur=6 date Sun, 29 Dec 2024 13:51:52 GMT content-type application/javascript last-modified Sat, 28 Dec 2024 21:59:15 GMT vary Accept-Encoding priority u=1,i=?0 cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8f9a446fdac0fdcb-SIN accept-ranges bytes content-length 3284 server cloudflare
GET H3	200	core_form.js Show response pay.oferta-dis.fun/core/form/	39 KB 21 KB	790ms 789ms	Script application/javascript	188.114.97.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://pay.oferta-dis.fun/core/form/core_form.js Requested by Host: pay.oferta-dis.fun URL: https://pay.oferta-dis.fun/LL/dd10dea8ab3b0475cdceb6305470daad/login/?param1=860&param2=1622 Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `def531e60df4416b91ba949c9d7935e902f5b62e52ae2b191efc8c6f7bcf5e6b` Request headers User-Agent Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0 Referer https://pay.oferta-dis.fun/LL/dd10dea8ab3b0475cdceb6305470daad/login/?param1=860&param2=1622 Response headers content-encoding gzip cf-cache-status MISS etag "9c43-62a5bb0b0c301-gzip" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LSelEcI0npGnI0Wjac0wWETxsms%2BsEXhbbhPV4E2QMArsoTuwETY1ngzyX87DP%2Bev4cSQHxpJbpeGTuDcQ6e2dIRQ1zyoGJgz2O4h%2BJFXTbp5ICTv3Ug4BUs3YFVQmCcDFSS4fU%3D"}],"group":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=191638&min_rtt=190385&rtt_var=673&sent=314&recv=71&lost=0&retrans=0&sent_bytes=358933&recv_bytes=10380&delivery_rate=442536&cwnd=180000&unsent_bytes=0&cid=a66affa544c68ef3&ts=1367&x=1", cfExtPri, cfHdrFlush;dur=0 date Sun, 29 Dec 2024 13:51:52 GMT content-type application/javascript last-modified Sat, 28 Dec 2024 21:59:15 GMT vary Accept-Encoding priority u=1,i=?0 cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8f9a446fdac1fdcb-SIN accept-ranges bytes content-length 20686 server cloudflare
GET H3	200	core_token.js Show response pay.oferta-dis.fun/core/token/	19 KB 2 KB	761ms 760ms	Script application/javascript	188.114.97.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://pay.oferta-dis.fun/core/token/core_token.js Requested by Host: pay.oferta-dis.fun URL: https://pay.oferta-dis.fun/LL/dd10dea8ab3b0475cdceb6305470daad/login/?param1=860&param2=1622 Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `8cb5d48770d2f00c98cd74535a9cfa614076791903e63701d1a5a001bc8c840a` Request headers User-Agent Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0 Referer https://pay.oferta-dis.fun/LL/dd10dea8ab3b0475cdceb6305470daad/login/?param1=860&param2=1622 Response headers content-encoding gzip cf-cache-status MISS etag "4ca3-62a5bb0b0c301-gzip" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OJYxYIIP8gvvqGdI9M6cftALiQLAeKNBm4cHACYZCgE8a2ydAylXKfa%2F68jpp5VQlo1R1r9RNpTyZtAFDkSXCwciI0%2B36z76TN5aUZf4bbq3h7PaH05%2B%2F62MgyFZ5%2Fi4SHbqrZs%3D"}],"group":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=191171&min_rtt=190385&rtt_var=273&sent=165&recv=54&lost=0&retrans=0&sent_bytes=184164&recv_bytes=9611&delivery_rate=251505&cwnd=96000&unsent_bytes=0&cid=a66affa544c68ef3&ts=1168&x=1", cfExtPri, cfHdrFlush;dur=0 date Sun, 29 Dec 2024 13:51:52 GMT content-type application/javascript last-modified Sat, 28 Dec 2024 21:59:15 GMT vary Accept-Encoding priority u=1,i=?0 cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8f9a446fdac4fdcb-SIN accept-ranges bytes content-length 1856 server cloudflare
GET H3	200	core_form.css pay.oferta-dis.fun/core/form/	4 KB 2 KB	1441ms 1440ms	Stylesheet text/css	188.114.97.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://pay.oferta-dis.fun/core/form/core_form.css Requested by Host: pay.oferta-dis.fun URL: https://pay.oferta-dis.fun/LL/dd10dea8ab3b0475cdceb6305470daad/login/?param1=860&param2=1622 Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `920c530b4566468a0412e51d8a0ee2a7518b1c8bd6e15a96e8601fbb187f00d1` Request headers User-Agent Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0 Referer https://pay.oferta-dis.fun/LL/dd10dea8ab3b0475cdceb6305470daad/login/?param1=860&param2=1622 Response headers content-encoding gzip cf-cache-status MISS etag "ef3-62a5bb0b0c301-gzip" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gBTCXHj4Y4hHv0nE9uU%2BsINMIlKzR0vM%2BBWwPW5gymXURRiI%2F1M9LweRaueEx7qGNdTEMvqf21BF3aj2yU%2B%2BPcf1ivAznbr8gAUE5XOEynjRmgmcSyyvt9OjkPPfcykU2nUSNT4%3D"}],"group":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=193159&min_rtt=190385&rtt_var=2238&sent=387&recv=96&lost=0&retrans=0&sent_bytes=441780&recv_bytes=12540&delivery_rate=123019&cwnd=190800&unsent_bytes=0&cid=a66affa544c68ef3&ts=2018&x=1", cfExtPri, cfHdrFlush;dur=0 date Sun, 29 Dec 2024 13:51:53 GMT content-type text/css last-modified Sat, 28 Dec 2024 21:59:15 GMT vary Accept-Encoding priority u=0,i=?0 cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8f9a446fdac5fdcb-SIN accept-ranges bytes content-length 866 server cloudflare
GET H3	200	angular.min.js Show response pay.oferta-dis.fun/bower_components/angular/	165 KB 58 KB	1001ms 1000ms	Script application/javascript	188.114.97.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://pay.oferta-dis.fun/bower_components/angular/angular.min.js Requested by Host: pay.oferta-dis.fun URL: https://pay.oferta-dis.fun/LL/dd10dea8ab3b0475cdceb6305470daad/login/?param1=860&param2=1622 Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `35f73a70cca067828be9e0a712b8b48908e1bc4490637c62bd70158f95cd6e27` Request headers User-Agent Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0 Referer https://pay.oferta-dis.fun/LL/dd10dea8ab3b0475cdceb6305470daad/login/?param1=860&param2=1622 Response headers server cloudflare cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} content-encoding gzip cf-cache-status MISS etag "2937c-62a5bb0b0d2a1-gzip" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dSG1fWkMmIDtbINScMvK%2Bx2CmOraaxC8TRLezRwNGzuCeJrLn%2BUkFucLDQHAKTfYuqY7Ugl0drNi9gpDX6ONfFQUytwW9sGlhVlZChJcq2UE29Kjd1caen1bNl7e4SvQnRS0OGI%3D"}],"group":"cf-nel","max_age":604800} cf-ray 8f9a446fdac8fdcb-SIN alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=192010&min_rtt=190385&rtt_var=1200&sent=335&recv=88&lost=0&retrans=0&sent_bytes=380821&recv_bytes=12181&delivery_rate=782613&cwnd=190800&unsent_bytes=0&cid=a66affa544c68ef3&ts=1579&x=1", cfExtPri, cfHdrFlush;dur=0 date Sun, 29 Dec 2024 13:51:53 GMT content-type application/javascript last-modified Sat, 28 Dec 2024 21:59:15 GMT vary Accept-Encoding priority u=1,i=?0
GET H3	200	css.css pay.oferta-dis.fun/login/form/	563 B 888 B	567ms 567ms	Stylesheet text/css	188.114.97.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://pay.oferta-dis.fun/login/form/css.css Requested by Host: pay.oferta-dis.fun URL: https://pay.oferta-dis.fun/LL/dd10dea8ab3b0475cdceb6305470daad/login/?param1=860&param2=1622 Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d335a372bae61d5d3e3aa43d81db8e7bb75d2a430f4c5c163048bca93d5bb7d0` Request headers User-Agent Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0 Referer https://pay.oferta-dis.fun/LL/dd10dea8ab3b0475cdceb6305470daad/login/?param1=860&param2=1622 Response headers content-encoding gzip cf-cache-status MISS etag "233-62a5bb0b120c1-gzip" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bpWb8feXvCDleOydzkSiZ6EFbGTV45E7dW5hagdLVoGOmhy7%2FOStc5y5khCJiiMMfZngAqmQNqypfL0qmwMRzolwWybIzLt6EL5xOEI0crfwtLddGlqB7kARK4%2FRM0a0YGYQj%2FU%3D"}],"group":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=191025&min_rtt=190571&rtt_var=643&sent=84&recv=34&lost=0&retrans=0&sent_bytes=88164&recv_bytes=8739&delivery_rate=63641&cwnd=48000&unsent_bytes=0&cid=a66affa544c68ef3&ts=1128&x=1", cfExtPri, cfHdrFlush;dur=17 date Sun, 29 Dec 2024 13:51:52 GMT content-type text/css last-modified Sat, 28 Dec 2024 21:59:15 GMT vary Accept-Encoding priority u=0,i=?0 cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8f9a446fdacafdcb-SIN accept-ranges bytes content-length 205 server cloudflare
GET		form.js pay.oferta-dis.fun/login/form/	0 0

GET H3	200	ng.js Show response pay.oferta-dis.fun/login/ng/	3 KB 2 KB	1582ms 1581ms	Script application/javascript	188.114.97.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://pay.oferta-dis.fun/login/ng/ng.js?v=677153f87ee77 Requested by Host: pay.oferta-dis.fun URL: https://pay.oferta-dis.fun/LL/dd10dea8ab3b0475cdceb6305470daad/login/?param1=860&param2=1622 Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `9e7d74d8733620d2d8c3ee9e2f9bbf11ffecfdb33c19d5ebfaa589a779f50a1a` Request headers User-Agent Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0 Referer https://pay.oferta-dis.fun/LL/dd10dea8ab3b0475cdceb6305470daad/login/?param1=860&param2=1622 Response headers content-encoding gzip cf-cache-status MISS etag "c50-62a5bb0b120c1-gzip" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7DU2FkiGrZamQCkEiC5le20hLZO63jUYfO5W9BvkEQ%2FtpQ1wRNxqfscnTybRIQ1x4eCSoQLQDD1Z5YxCHDhT5nWJ%2FZDuNVMe3gYi0TX1GRCYjX2crrOcuHC99d87dAh6OQjpBXE%3D"}],"group":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=193114&min_rtt=190385&rtt_var=2141&sent=389&recv=98&lost=0&retrans=0&sent_bytes=443385&recv_bytes=12632&delivery_rate=29781&cwnd=190800&unsent_bytes=0&cid=a66affa544c68ef3&ts=2937&x=1", cfExtPri, cfHdrFlush;dur=0 date Sun, 29 Dec 2024 13:51:54 GMT content-type application/javascript last-modified Sat, 28 Dec 2024 21:59:15 GMT vary Accept-Encoding priority u=1,i=?0 cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8f9a4474b955fdcb-SIN accept-ranges bytes content-length 1107 server cloudflare
GET		token.js pay.oferta-dis.fun/login/token/	0 0

GET DATA	200 OK	truncated /	45 KB 45 KB		Font binary/octet-stream
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `b19eeb8814be03c555e6015803b098237b6acf283ef7cce38c115b63a553c750` Request headers User-Agent Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0 Origin https://pay.oferta-dis.fun Referer Response headers Content-Type binary/octet-stream
GET DATA	200 OK	truncated /	18 KB 18 KB		Image mage/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `90b70e482fdbaaf3eb114649007158a4951d89270cba5e00da4fab657d420865` Request headers User-Agent Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0 Referer Response headers Content-Type mage/png
GET DATA	200 OK	truncated /	5 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d` Request headers User-Agent Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0 Referer Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	43 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957` Request headers User-Agent Mozilla/5.0 (Android 13; Mobile; rv:112.0) Gecko/112.0 Firefox/112.0 Referer Response headers Content-Type image/gif

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: pay.oferta-dis.fun
URL: https://pay.oferta-dis.fun/login/form/form.js?v=677153f87ee71

Domain: pay.oferta-dis.fun
URL: https://pay.oferta-dis.fun/login/token/token.js?v=677153f87ee78

Verdicts & Comments Add Verdict or Comment

39 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			pay.oferta-dis.fun/	1969-12-31 23:59:59	Name: real Value: 7136d12d7945e21b2cb290160633509b
			pay.oferta-dis.fun/	1970-01-21 02:47:52	Name: bid Value: dd10dea8ab3b0475cdceb6305470daad

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://pay.oferta-dis.fun/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()
other	warning	URL: https://pay.oferta-dis.fun/LL/dd10dea8ab3b0475cdceb6305470daad/login/?param1=860&param2=1622(Line 402) Message: <link rel=preload> has an invalid `href` value

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

pay.oferta-dis.fun
pay.oferta-dis.fun
188.114.97.3
2a06:98c1:3120::3
0fda30cf243e7650bf3e1666eddeb4fbba6b788ede36753eda5e2964cc14c896
35f73a70cca067828be9e0a712b8b48908e1bc4490637c62bd70158f95cd6e27
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
6a2f967ab83a1b16b06c60bbbbbe901f1719b620718f43ee6b7a48d7578cee67
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
8cb5d48770d2f00c98cd74535a9cfa614076791903e63701d1a5a001bc8c840a
90b70e482fdbaaf3eb114649007158a4951d89270cba5e00da4fab657d420865
920c530b4566468a0412e51d8a0ee2a7518b1c8bd6e15a96e8601fbb187f00d1
96ab4d41e30488d8f5939c4a0b8bced39f9b7c41a9b5d4997ef3a4bbbfa24645
9e7d74d8733620d2d8c3ee9e2f9bbf11ffecfdb33c19d5ebfaa589a779f50a1a
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b19eeb8814be03c555e6015803b098237b6acf283ef7cce38c115b63a553c750
d335a372bae61d5d3e3aa43d81db8e7bb75d2a430f4c5c163048bca93d5bb7d0
dbd19d58a7b295a366f7156ded3dd48449ed517a60b15f7d7000cca5263b88e7
def531e60df4416b91ba949c9d7935e902f5b62e52ae2b191efc8c6f7bcf5e6b

pay.oferta-dis.fun Open in urlscan Pro 188.114.97.3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

15 Requests

87 %HTTPS

50 %IPv6

1 Domains

1 Subdomains

3 IPs

2 Countries

493 kBTransfer

1223 kBSize

2 Cookies

12 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

39 JavaScript Global Variables

2 Cookies

2 Console Messages

Indicators

pay.oferta-dis.fun Open in urlscan Pro
188.114.97.3 Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

87 %
HTTPS

50 %
IPv6

1
Domains

1
Subdomains

3
IPs

2
Countries

493 kB
Transfer

1223 kB
Size

2
Cookies

15 HTTP transactions
4 data transactions