olx.pl.safe.payments-id.site Open in urlscan Pro
81.91.178.9  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request unlock72413276 Show response olx.pl.safe.payments-id.site/	34 KB 8 KB	344ms 300ms	Document text/html	81.91.178.9 Netherlands
General Check archive.org Show headers Download Go to Full URL https://olx.pl.safe.payments-id.site/unlock72413276 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 81.91.178.9 Amsterdam, Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL), Reverse DNS payments-id.site Software ddos-guard / Resource Hash 6f6a84204a90f1c4f1b834f24348664b132d54e1185e142d9a034d5b28e88ed6 Security Headers Name Value Strict-Transport-Security max-age=31536000; preload Request headers :method GET :authority olx.pl.safe.payments-id.site :scheme https :path /unlock72413276 pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers server ddos-guard set-cookie __ddg1=6jTUDpUDbWb9jgGmzUiG; Domain=.payments-id.site; HttpOnly; Path=/; Expires=Mon, 04-Apr-2022 19:49:41 GMT 0800fc577294c34e0b28ad2839435945=NmE0ZGI0ZjE2ZWViNGNkODVjNjM3ZWFkNjFjNmU4MmE%3D; expires=Sun, 18-Apr-2021 19:49:41 GMT; Max-Age=1209600; path=/ date Sun, 04 Apr 2021 19:49:41 GMT strict-transport-security max-age=31536000; preload vary Accept-Encoding content-encoding gzip content-length 7449 content-type text/html; charset=UTF-8
GET H2	200	maestro.svg olx.pl.safe.payments-id.site/	4 KB 2 KB	21ms 20ms	Image image/svg+xml	81.91.178.9 Netherlands
General Check archive.org Show headers Download Go to Show image Full URL https://olx.pl.safe.payments-id.site/maestro.svg Requested by Host: olx.pl.safe.payments-id.site URL: https://olx.pl.safe.payments-id.site/unlock72413276 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 81.91.178.9 Amsterdam, Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL), Reverse DNS payments-id.site Software ddos-guard / Resource Hash 807ba40efe276301a3b1d35e9d2d26d1aed6f1e4f5194e009cda3aee782df4b8 Security Headers Name Value Strict-Transport-Security max-age=31536000; preload Request headers Referer https://olx.pl.safe.payments-id.site/unlock72413276 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 04 Apr 2021 19:07:01 GMT content-encoding br last-modified Sun, 04 Apr 2021 11:52:35 GMT server ddos-guard age 2560 etag "119b-5bf243797dbd1" vary Accept-Encoding content-type image/svg+xml strict-transport-security max-age=31536000; preload accept-ranges bytes content-length 1870
GET H2	200	mastercard.svg olx.pl.safe.payments-id.site/	7 KB 3 KB	22ms 22ms	Image image/svg+xml	81.91.178.9 Netherlands
General Check archive.org Show headers Download Go to Show image Full URL https://olx.pl.safe.payments-id.site/mastercard.svg Requested by Host: olx.pl.safe.payments-id.site URL: https://olx.pl.safe.payments-id.site/unlock72413276 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 81.91.178.9 Amsterdam, Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL), Reverse DNS payments-id.site Software ddos-guard / Resource Hash aa9274cfced968be598621385aadbc7ed6fcb8b6f6c1b5030f8dae9710c84bc5 Security Headers Name Value Strict-Transport-Security max-age=31536000; preload Request headers Referer https://olx.pl.safe.payments-id.site/unlock72413276 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 04 Apr 2021 19:07:01 GMT content-encoding br last-modified Sun, 04 Apr 2021 11:52:36 GMT server ddos-guard age 2560 etag "1cf4-5bf2437a26adf" vary Accept-Encoding content-type image/svg+xml strict-transport-security max-age=31536000; preload accept-ranges bytes content-length 2795
GET H2	200	visa.svg olx.pl.safe.payments-id.site/	2 KB 909 B	25ms 25ms	Image image/svg+xml	81.91.178.9 Netherlands
General Check archive.org Show headers Download Go to Show image Full URL https://olx.pl.safe.payments-id.site/visa.svg Requested by Host: olx.pl.safe.payments-id.site URL: https://olx.pl.safe.payments-id.site/unlock72413276 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 81.91.178.9 Amsterdam, Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL), Reverse DNS payments-id.site Software ddos-guard / Resource Hash aa48a736f2aadd9c1b26b663f1dcb7de9af32490bf05fc4de878825735bf16eb Security Headers Name Value Strict-Transport-Security max-age=31536000; preload Request headers Referer https://olx.pl.safe.payments-id.site/unlock72413276 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 04 Apr 2021 19:07:01 GMT content-encoding br last-modified Sun, 04 Apr 2021 11:52:25 GMT server ddos-guard age 2560 etag "697-5bf2436fb2f78" vary Accept-Encoding content-type image/svg+xml strict-transport-security max-age=31536000; preload accept-ranges bytes content-length 829
GET H2	200	operator-img.png olx.pl.safe.payments-id.site/	123 KB 123 KB	24ms 24ms	Image image/png	81.91.178.9 Netherlands
General Check archive.org Show headers Download Go to Show image Full URL https://olx.pl.safe.payments-id.site/operator-img.png Requested by Host: olx.pl.safe.payments-id.site URL: https://olx.pl.safe.payments-id.site/unlock72413276 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 81.91.178.9 Amsterdam, Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL), Reverse DNS payments-id.site Software ddos-guard / Resource Hash 6ad959dc0c70ef9d40126cefdcc3ad6aaba451078b3533a4204aff83e1de81f3 Security Headers Name Value Strict-Transport-Security max-age=31536000; preload Request headers Referer https://olx.pl.safe.payments-id.site/unlock72413276 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 04 Apr 2021 19:44:29 GMT last-modified Sun, 04 Apr 2021 11:52:38 GMT server ddos-guard age 312 etag "1ea0a-5bf2437bd8432" strict-transport-security max-age=31536000; preload content-type image/png accept-ranges bytes content-length 125450
GET H2	200	logo.php olx.pl.safe.payments-id.site/	35 KB 36 KB	42ms 42ms	Image image/png	81.91.178.9 Netherlands
General Check archive.org Show headers Download Go to Show image Full URL https://olx.pl.safe.payments-id.site/logo.php Requested by Host: olx.pl.safe.payments-id.site URL: https://olx.pl.safe.payments-id.site/unlock72413276 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 81.91.178.9 Amsterdam, Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL), Reverse DNS payments-id.site Software ddos-guard / Resource Hash bffc353fcd98b8c3fd77fad0117dc6ce41ab85a046a60989f27b6d3d6bc63036 Security Headers Name Value Strict-Transport-Security max-age=31536000; preload Request headers Referer https://olx.pl.safe.payments-id.site/unlock72413276 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 04 Apr 2021 19:47:06 GMT server ddos-guard age 155 content-length 36192 strict-transport-security max-age=31536000; preload content-type image/png
GET H2	200	cardback.svg olx.pl.safe.payments-id.site/	5 KB 2 KB	43ms 42ms	Image image/svg+xml	81.91.178.9 Netherlands
General Check archive.org Show headers Download Go to Show image Full URL https://olx.pl.safe.payments-id.site/cardback.svg Requested by Host: olx.pl.safe.payments-id.site URL: https://olx.pl.safe.payments-id.site/unlock72413276 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 81.91.178.9 Amsterdam, Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL), Reverse DNS payments-id.site Software ddos-guard / Resource Hash 1707816257215c14b6d47e19577bad542b0020ce64c7be6f209eb63debb90b13 Security Headers Name Value Strict-Transport-Security max-age=31536000; preload Request headers Referer https://olx.pl.safe.payments-id.site/unlock72413276 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 04 Apr 2021 19:07:01 GMT content-encoding br last-modified Sun, 04 Apr 2021 11:52:28 GMT server ddos-guard age 2560 etag "1360-5bf243725b9d1" vary Accept-Encoding content-type image/svg+xml strict-transport-security max-age=31536000; preload accept-ranges bytes content-length 1824
GET H2	200	chap.png olx.pl.safe.payments-id.site/	476 B 740 B	39ms 39ms	Image image/png	81.91.178.9 Netherlands
General Check archive.org Show headers Download Go to Show image Full URL https://olx.pl.safe.payments-id.site/chap.png Requested by Host: olx.pl.safe.payments-id.site URL: https://olx.pl.safe.payments-id.site/unlock72413276 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 81.91.178.9 Amsterdam, Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL), Reverse DNS payments-id.site Software ddos-guard / Resource Hash d052aaa1ea1ab5c149c656fbd3a9e162336ef22561e61f979c187387d3a3454f Security Headers Name Value Strict-Transport-Security max-age=31536000; preload Request headers Referer https://olx.pl.safe.payments-id.site/unlock72413276 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sun, 04 Apr 2021 19:44:29 GMT last-modified Sun, 04 Apr 2021 11:52:29 GMT server ddos-guard age 312 etag "1dc-5bf24373336da" strict-transport-security max-age=31536000; preload content-type image/png accept-ranges bytes content-length 476
POST H2	200	support.php Show response olx.pl.safe.payments-id.site/	0 25 B	123ms 122ms	XHR text/html	81.91.178.9 Netherlands
General Check archive.org Show headers Download Go to Full URL https://olx.pl.safe.payments-id.site/support.php Requested by Host: olx.pl.safe.payments-id.site URL: https://olx.pl.safe.payments-id.site/unlock72413276 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 81.91.178.9 Amsterdam, Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL), Reverse DNS payments-id.site Software ddos-guard / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; preload Request headers Referer https://olx.pl.safe.payments-id.site/unlock72413276 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers date Sun, 04 Apr 2021 19:49:41 GMT content-encoding br server ddos-guard strict-transport-security max-age=31536000; preload vary Accept-Encoding content-type text/html; charset=UTF-8
POST H2	200	support.php Show response olx.pl.safe.payments-id.site/	0 135 B	110ms 110ms	XHR text/html	81.91.178.9 Netherlands
General Check archive.org Show headers Download Go to Full URL https://olx.pl.safe.payments-id.site/support.php Requested by Host: olx.pl.safe.payments-id.site URL: https://olx.pl.safe.payments-id.site/unlock72413276 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 81.91.178.9 Amsterdam, Netherlands, ASN204601 (ON-LINE-DATA Server location - Netherlands, Dronten, NL), Reverse DNS payments-id.site Software ddos-guard / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; preload Request headers Referer https://olx.pl.safe.payments-id.site/unlock72413276 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers date Sun, 04 Apr 2021 19:49:51 GMT content-encoding br server ddos-guard strict-transport-security max-age=31536000; preload vary Accept-Encoding content-type text/html; charset=UTF-8

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: OLX Group (E-commerce)

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| inputMask function| cardValid function| checkButton function| stringInsert function| verifcard object| supportbutton object| supportwindow object| docdoc object| chatscroll object| smstosupbutton object| msgtext function| ajaxsup function| sendmsg

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.olx.pl.safe.payments-id.site/	1970-01-19 17:20:52	Name: __ddgmark Value: WqJrB5d7RGIvC0wE
			.olx.pl.safe.payments-id.site/	1970-01-20 02:05:02	Name: __ddgid Value: EchRmN2wS7PhVun9
			olx.pl.safe.payments-id.site/	1970-01-19 17:39:35	Name: 0800fc577294c34e0b28ad2839435945 Value: NmE0ZGI0ZjE2ZWViNGNkODVjNjM3ZWFkNjFjNmU4MmE%3D
			.payments-id.site/	1970-01-20 02:05:01	Name: __ddg1 Value: 6jTUDpUDbWb9jgGmzUiG

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

olx.pl.safe.payments-id.site
81.91.178.9
1707816257215c14b6d47e19577bad542b0020ce64c7be6f209eb63debb90b13
6ad959dc0c70ef9d40126cefdcc3ad6aaba451078b3533a4204aff83e1de81f3
6f6a84204a90f1c4f1b834f24348664b132d54e1185e142d9a034d5b28e88ed6
807ba40efe276301a3b1d35e9d2d26d1aed6f1e4f5194e009cda3aee782df4b8
aa48a736f2aadd9c1b26b663f1dcb7de9af32490bf05fc4de878825735bf16eb
aa9274cfced968be598621385aadbc7ed6fcb8b6f6c1b5030f8dae9710c84bc5
bffc353fcd98b8c3fd77fad0117dc6ce41ab85a046a60989f27b6d3d6bc63036
d052aaa1ea1ab5c149c656fbd3a9e162336ef22561e61f979c187387d3a3454f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855