test.kurierzamojski.pl Open in urlscan Pro
109.95.159.54 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://test.kurierzamojski.pl/brt-it/check/app/payment.php
Effective URL:
https://test.kurierzamojski.pl/brt-it/check/app/payment.php
Submission: On November 11 via api (November 11th 2024, 3:20:12 pm UTC) from US — Scanned from PL

Summary HTTP 23 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 23 HTTP transactions. The main IP is 109.95.159.54, located in Poland and belongs to DHOSTING-AS Warsaw, Poland, PL. The main domain is test.kurierzamojski.pl.
TLS certificate: Issued by dhosting.pl CA on February 24th 2016. Valid for: 10 years.

This is the only time test.kurierzamojski.pl was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BRT S.p.A (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
22	109.95.159.54 109.95.159.54	48896 (DHOSTING-...) (DHOSTING-AS Warsaw)
1	188.114.97.3 188.114.97.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
23	2

22 109.95.159.54 (Poland)

ASN48896 (DHOSTING-AS Warsaw, Poland, PL)
PTR: web03-s206.ewh.eu1.dhosting.com

test.kurierzamojski.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 188.114.97.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

db.onlinewebfonts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
22	kurierzamojski.pl test.kurierzamojski.pl	1 MB
1	onlinewebfonts.com db.onlinewebfonts.com — Cisco Umbrella Rank: 10538	1 KB
23	2

	Domain	Requested by
22	test.kurierzamojski.pl	test.kurierzamojski.pl
1	db.onlinewebfonts.com	test.kurierzamojski.pl
23	2

This site contains no links.

Subject Issuer	Validity	Valid
*.ftp.dhosting.pl dhosting.pl CA	`2016-02-24` - `2026-02-21`	10 years	crt.sh
onlinewebfonts.com WE1	`2024-11-03` - `2025-02-01`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://test.kurierzamojski.pl/brt-it/check/app/payment.php
Frame ID: 9F0E743730CD47DB64D4B0A4D02C5389
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Pagamento

Page URL History Show full URLs

http://test.kurierzamojski.pl/brt-it/check/app/payment.php HTTP 307
https://test.kurierzamojski.pl/brt-it/check/app/payment.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

23
Requests

4 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

1030 kB
Transfer

1059 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://test.kurierzamojski.pl/brt-it/check/app/payment.php HTTP 307
https://test.kurierzamojski.pl/brt-it/check/app/payment.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

23 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request payment.php Show response test.kurierzamojski.pl/brt-it/check/app/ Redirect Chain http://test.kurierzamojski.pl/brt-it/check/app/payment.php https://test.kurierzamojski.pl/brt-it/check/app/payment.php	13 KB 2 KB	170ms 41ms	Document text/html	109.95.159.54 DHOSTING-AS Warsaw
General Check archive.org Show headers Download Go to Full URL https://test.kurierzamojski.pl/brt-it/check/app/payment.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 109.95.159.54 , Poland, ASN48896 (DHOSTING-AS Warsaw, Poland, PL), Reverse DNS web03-s206.ewh.eu1.dhosting.com Software LiteSpeed / Resource Hash `95df655e3d989b0e2c46bfc91b523a9fd37d976048b021287bdfa61a1edc597a` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Response headers alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" content-encoding br content-type text/html; charset=UTF-8 date Mon, 11 Nov 2024 15:20:06 GMT server LiteSpeed vary Accept-Encoding Redirect headers Location https://test.kurierzamojski.pl/brt-it/check/app/payment.php Non-Authoritative-Reason HttpsUpgrades
GET H2	200	header.css test.kurierzamojski.pl/brt-it/check/app/styles/	797 B 446 B	39ms 37ms	Stylesheet text/css	109.95.159.54 DHOSTING-AS Warsaw
General Check archive.org Show headers Download Go to Full URL https://test.kurierzamojski.pl/brt-it/check/app/styles/header.css Requested by Host: test.kurierzamojski.pl URL: https://test.kurierzamojski.pl/brt-it/check/app/payment.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 109.95.159.54 , Poland, ASN48896 (DHOSTING-AS Warsaw, Poland, PL), Reverse DNS web03-s206.ewh.eu1.dhosting.com Software LiteSpeed / Resource Hash `f1e0b3f86a810a495db90cd9ed18f15ed6d9b63db09266481cd983c22237a45e` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://test.kurierzamojski.pl/brt-it/check/app/payment.php Response headers cache-control public, max-age=2592000 content-encoding br etag "31d-6731dac7-595e5e1151a70d91;br" expires Wed, 11 Dec 2024 15:20:06 GMT accept-ranges bytes content-length 309 date Mon, 11 Nov 2024 15:20:06 GMT content-type text/css last-modified Mon, 11 Nov 2024 10:21:59 GMT vary Accept-Encoding server LiteSpeed
GET H3	200	e5e8240915fa9efabe13f3bfeccef3db db.onlinewebfonts.com/c/	1 KB 1 KB	284ms 230ms	Stylesheet text/css	188.114.97.3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://db.onlinewebfonts.com/c/e5e8240915fa9efabe13f3bfeccef3db?family=Pluto+Sans Requested by Host: test.kurierzamojski.pl URL: https://test.kurierzamojski.pl/brt-it/check/app/payment.php Protocol H3 Security QUIC, , AES_128_GCM Server 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `34b62d97af795b3c08c84994f3c9c0c95fcb52989ff6848df8d0928895961524` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://test.kurierzamojski.pl/ Response headers content-encoding gzip cf-cache-status DYNAMIC report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uGIi25w0MAbyxev85iHHST%2Fkducd0rZx1I9tLwDa3658zCsiFm9WWzDfjDADL77virzV7%2FGh0qbZNTgN1V7feSfEN7yq%2F7d4pk35tpbJnIHOpNmoiJS3Q9mLI559qvfTp5E%2Fk9DWtFY%3D"}],"group":"cf-nel","max_age":604800} access-control-allow-methods GET,POST,OPTIONS alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=34068&sent=11&recv=10&lost=0&retrans=0&sent_bytes=4141&recv_bytes=4449&delivery_rate=470&cwnd=12000&unsent_bytes=0&cid=665762cf9a2b8a20&ts=239&x=1", cfExtPri, cfHdrFlush;dur=0 date Mon, 11 Nov 2024 15:20:06 GMT content-type text/css;charset=UTF-8 vary Accept-Encoding priority u=0,i=?0 access-control-allow-headers X-Requested-With cache-control public,max-age=86400,must-revalidate nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 8e0f43b04e585aa1-VIE access-control-allow-origin * server cloudflare
GET H2	200	main.css test.kurierzamojski.pl/brt-it/check/app/styles/	4 KB 1 KB	38ms 37ms	Stylesheet text/css	109.95.159.54 DHOSTING-AS Warsaw
General Check archive.org Show headers Download Go to Full URL https://test.kurierzamojski.pl/brt-it/check/app/styles/main.css Requested by Host: test.kurierzamojski.pl URL: https://test.kurierzamojski.pl/brt-it/check/app/payment.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 109.95.159.54 , Poland, ASN48896 (DHOSTING-AS Warsaw, Poland, PL), Reverse DNS web03-s206.ewh.eu1.dhosting.com Software LiteSpeed / Resource Hash `2af0907e734056a085e1ae40a20835be43860a08dbefcca901361fa92447cf48` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://test.kurierzamojski.pl/brt-it/check/app/payment.php Response headers cache-control public, max-age=2592000 content-encoding br etag "10a2-6731dac7-dd5341487c18ca8c;br" expires Wed, 11 Dec 2024 15:20:06 GMT accept-ranges bytes content-length 999 date Mon, 11 Nov 2024 15:20:06 GMT content-type text/css last-modified Mon, 11 Nov 2024 10:21:59 GMT vary Accept-Encoding server LiteSpeed
GET H2	200	mobile.css test.kurierzamojski.pl/brt-it/check/app/styles/	2 KB 506 B	39ms 38ms	Stylesheet text/css	109.95.159.54 DHOSTING-AS Warsaw
General Check archive.org Show headers Download Go to Full URL https://test.kurierzamojski.pl/brt-it/check/app/styles/mobile.css Requested by Host: test.kurierzamojski.pl URL: https://test.kurierzamojski.pl/brt-it/check/app/payment.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 109.95.159.54 , Poland, ASN48896 (DHOSTING-AS Warsaw, Poland, PL), Reverse DNS web03-s206.ewh.eu1.dhosting.com Software LiteSpeed / Resource Hash `17715c79d886ca5fb8e6194cb720cebe189f37e20ebf1760bc7e6bc1a88fada0` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://test.kurierzamojski.pl/brt-it/check/app/payment.php Response headers cache-control public, max-age=2592000 content-encoding br etag "6b9-6731dac7-ae41ea1afa1f60ab;br" expires Wed, 11 Dec 2024 15:20:06 GMT accept-ranges bytes content-length 446 date Mon, 11 Nov 2024 15:20:06 GMT content-type text/css last-modified Mon, 11 Nov 2024 10:21:59 GMT vary Accept-Encoding server LiteSpeed
GET H2	200	pc.css test.kurierzamojski.pl/brt-it/check/app/styles/	49 B 107 B	40ms 39ms	Stylesheet text/css	109.95.159.54 DHOSTING-AS Warsaw
General Check archive.org Show headers Download Go to Full URL https://test.kurierzamojski.pl/brt-it/check/app/styles/pc.css Requested by Host: test.kurierzamojski.pl URL: https://test.kurierzamojski.pl/brt-it/check/app/payment.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 109.95.159.54 , Poland, ASN48896 (DHOSTING-AS Warsaw, Poland, PL), Reverse DNS web03-s206.ewh.eu1.dhosting.com Software LiteSpeed / Resource Hash `3510ed18d70cbcd0d1d7359a6268c6249ba375894cdb5be6c6c59e6a36b11903` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://test.kurierzamojski.pl/brt-it/check/app/payment.php Response headers cache-control public, max-age=2592000 etag "31-6731dac7-a2f5cd6be957fcb8;;;" expires Wed, 11 Dec 2024 15:20:06 GMT accept-ranges bytes content-length 49 date Mon, 11 Nov 2024 15:20:06 GMT content-type text/css last-modified Mon, 11 Nov 2024 10:21:59 GMT server LiteSpeed
GET H2	200	brt-background3.jpg test.kurierzamojski.pl/brt-it/check/app/images/	191 KB 191 KB	39ms 38ms	Image image/jpeg	109.95.159.54 DHOSTING-AS Warsaw
General Check archive.org Show headers Download Go to Show image Full URL https://test.kurierzamojski.pl/brt-it/check/app/images/brt-background3.jpg Requested by Host: test.kurierzamojski.pl URL: https://test.kurierzamojski.pl/brt-it/check/app/payment.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 109.95.159.54 , Poland, ASN48896 (DHOSTING-AS Warsaw, Poland, PL), Reverse DNS web03-s206.ewh.eu1.dhosting.com Software LiteSpeed / Resource Hash `9b6e8117d1546091dcea2394ce697c509be3f11e6f6d7f54531bf73293fde953` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://test.kurierzamojski.pl/brt-it/check/app/payment.php Response headers cache-control public, max-age=2592000 etag "2fae1-6731dac7-771c684cb1c3a94a;;;" expires Wed, 11 Dec 2024 15:20:06 GMT accept-ranges bytes content-length 195297 date Mon, 11 Nov 2024 15:20:06 GMT content-type image/jpeg last-modified Mon, 11 Nov 2024 10:21:59 GMT server LiteSpeed
GET H2	200	brt-background2.jpg test.kurierzamojski.pl/brt-it/check/app/images/	174 KB 174 KB	110ms 109ms	Image image/jpeg	109.95.159.54 DHOSTING-AS Warsaw
General Check archive.org Show headers Download Go to Show image Full URL https://test.kurierzamojski.pl/brt-it/check/app/images/brt-background2.jpg Requested by Host: test.kurierzamojski.pl URL: https://test.kurierzamojski.pl/brt-it/check/app/payment.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 109.95.159.54 , Poland, ASN48896 (DHOSTING-AS Warsaw, Poland, PL), Reverse DNS web03-s206.ewh.eu1.dhosting.com Software LiteSpeed / Resource Hash `9f71dde1e427a12a5f007cb81e87e816d4bd4492b6ef5f0049418d2019c8a4fb` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://test.kurierzamojski.pl/brt-it/check/app/payment.php Response headers cache-control public, max-age=2592000 etag "2b879-6731dac7-b12f808b5696dd1d;;;" expires Wed, 11 Dec 2024 15:20:06 GMT accept-ranges bytes content-length 178297 date Mon, 11 Nov 2024 15:20:06 GMT content-type image/jpeg last-modified Mon, 11 Nov 2024 10:21:59 GMT server LiteSpeed
GET H2	200	brt.png test.kurierzamojski.pl/brt-it/check/app/images/	338 KB 338 KB	126ms 122ms	Image image/png	109.95.159.54 DHOSTING-AS Warsaw
General Check archive.org Show headers Download Go to Show image Full URL https://test.kurierzamojski.pl/brt-it/check/app/images/brt.png Requested by Host: test.kurierzamojski.pl URL: https://test.kurierzamojski.pl/brt-it/check/app/payment.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 109.95.159.54 , Poland, ASN48896 (DHOSTING-AS Warsaw, Poland, PL), Reverse DNS web03-s206.ewh.eu1.dhosting.com Software LiteSpeed / Resource Hash `6b8bcb8f77668bec2cdf00ed339c7d544ae3ffe477f81a9db2ea8a35c83a9d3e` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://test.kurierzamojski.pl/brt-it/check/app/payment.php Response headers cache-control public, max-age=2592000 etag "548c6-6731dac7-3e852a2f83f8ce71;;;" expires Wed, 11 Dec 2024 15:20:06 GMT accept-ranges bytes content-length 346310 date Mon, 11 Nov 2024 15:20:06 GMT content-type image/png last-modified Mon, 11 Nov 2024 10:21:59 GMT server LiteSpeed
GET H2	200	details.svg test.kurierzamojski.pl/brt-it/check/app/images/	261 B 331 B	127ms 124ms	Image image/svg+xml	109.95.159.54 DHOSTING-AS Warsaw
General Check archive.org Show headers Download Go to Show image Full URL https://test.kurierzamojski.pl/brt-it/check/app/images/details.svg Requested by Host: test.kurierzamojski.pl URL: https://test.kurierzamojski.pl/brt-it/check/app/payment.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 109.95.159.54 , Poland, ASN48896 (DHOSTING-AS Warsaw, Poland, PL), Reverse DNS web03-s206.ewh.eu1.dhosting.com Software LiteSpeed / Resource Hash `905e5be42d7c438ce1d397f72d3a8e405476a8d5ba8e6d6f1fbfd4bc8418af72` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://test.kurierzamojski.pl/brt-it/check/app/payment.php Response headers cache-control public, max-age=2592000 etag "105-6731dac7-a41b8fdaed23f80c;;;" expires Wed, 11 Dec 2024 15:20:06 GMT accept-ranges bytes content-length 261 date Mon, 11 Nov 2024 15:20:06 GMT content-type image/svg+xml last-modified Mon, 11 Nov 2024 10:21:59 GMT server LiteSpeed
GET H2	200	visa.png test.kurierzamojski.pl/brt-it/check/app/images/	80 KB 81 KB	88ms 86ms	Image image/png	109.95.159.54 DHOSTING-AS Warsaw
General Check archive.org Show headers Download Go to Show image Full URL https://test.kurierzamojski.pl/brt-it/check/app/images/visa.png Requested by Host: test.kurierzamojski.pl URL: https://test.kurierzamojski.pl/brt-it/check/app/payment.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 109.95.159.54 , Poland, ASN48896 (DHOSTING-AS Warsaw, Poland, PL), Reverse DNS web03-s206.ewh.eu1.dhosting.com Software LiteSpeed / Resource Hash `60fc37f80886700e21b2f04c04bf880087a5a69d87a530e33d11e4eaea5ac67c` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://test.kurierzamojski.pl/brt-it/check/app/payment.php Response headers cache-control public, max-age=2592000 etag "141d3-6731dac7-9fb1bbaa0ffc096f;;;" expires Wed, 11 Dec 2024 15:20:06 GMT accept-ranges bytes content-length 82387 date Mon, 11 Nov 2024 15:20:06 GMT content-type image/png last-modified Mon, 11 Nov 2024 10:21:59 GMT server LiteSpeed
GET H2	200	mastercard.jpg test.kurierzamojski.pl/brt-it/check/app/images/	103 KB 103 KB	88ms 86ms	Image image/jpeg	109.95.159.54 DHOSTING-AS Warsaw
General Check archive.org Show headers Download Go to Show image Full URL https://test.kurierzamojski.pl/brt-it/check/app/images/mastercard.jpg Requested by Host: test.kurierzamojski.pl URL: https://test.kurierzamojski.pl/brt-it/check/app/payment.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 109.95.159.54 , Poland, ASN48896 (DHOSTING-AS Warsaw, Poland, PL), Reverse DNS web03-s206.ewh.eu1.dhosting.com Software LiteSpeed / Resource Hash `d8b0c64f17fef96d35ef346f05acb617ffb26a38ed5ae986965c33364b473d9d` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://test.kurierzamojski.pl/brt-it/check/app/payment.php Response headers cache-control public, max-age=2592000 etag "19a3d-6731dac7-19e08cb0919412e3;;;" expires Wed, 11 Dec 2024 15:20:06 GMT accept-ranges bytes content-length 105021 date Mon, 11 Nov 2024 15:20:06 GMT content-type image/jpeg last-modified Mon, 11 Nov 2024 10:21:59 GMT server LiteSpeed
GET H2	200	amex.png test.kurierzamojski.pl/brt-it/check/app/images/	35 KB 36 KB	88ms 86ms	Image image/png	109.95.159.54 DHOSTING-AS Warsaw
General Check archive.org Show headers Download Go to Show image Full URL https://test.kurierzamojski.pl/brt-it/check/app/images/amex.png Requested by Host: test.kurierzamojski.pl URL: https://test.kurierzamojski.pl/brt-it/check/app/payment.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 109.95.159.54 , Poland, ASN48896 (DHOSTING-AS Warsaw, Poland, PL), Reverse DNS web03-s206.ewh.eu1.dhosting.com Software LiteSpeed / Resource Hash `0b5a6e9ebd217ed4b2bf8fc8e9d350b2ae07989fe9834e57714dd6211abd65f0` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://test.kurierzamojski.pl/brt-it/check/app/payment.php Response headers cache-control public, max-age=2592000 etag "8dd9-6731dac7-2936bfdaf9b5ae84;;;" expires Wed, 11 Dec 2024 15:20:06 GMT accept-ranges bytes content-length 36313 date Mon, 11 Nov 2024 15:20:06 GMT content-type image/png last-modified Mon, 11 Nov 2024 10:21:59 GMT server LiteSpeed
GET H2	200	maestro.png test.kurierzamojski.pl/brt-it/check/app/images/	40 KB 40 KB	89ms 86ms	Image image/png	109.95.159.54 DHOSTING-AS Warsaw
General Check archive.org Show headers Download Go to Show image Full URL https://test.kurierzamojski.pl/brt-it/check/app/images/maestro.png Requested by Host: test.kurierzamojski.pl URL: https://test.kurierzamojski.pl/brt-it/check/app/payment.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 109.95.159.54 , Poland, ASN48896 (DHOSTING-AS Warsaw, Poland, PL), Reverse DNS web03-s206.ewh.eu1.dhosting.com Software LiteSpeed / Resource Hash `255c01d6580e09159070c65d900876e6024f34ed23e8519e8c764414410147c2` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://test.kurierzamojski.pl/brt-it/check/app/payment.php Response headers cache-control public, max-age=2592000 etag "a012-6731dac7-57b0f6a1bfd90912;;;" expires Wed, 11 Dec 2024 15:20:06 GMT accept-ranges bytes content-length 40978 date Mon, 11 Nov 2024 15:20:06 GMT content-type image/png last-modified Mon, 11 Nov 2024 10:21:59 GMT server LiteSpeed
GET H2	200	linkdin.png test.kurierzamojski.pl/brt-it/check/app/images/	8 KB 8 KB	89ms 87ms	Image image/png	109.95.159.54 DHOSTING-AS Warsaw
General Check archive.org Show headers Download Go to Show image Full URL https://test.kurierzamojski.pl/brt-it/check/app/images/linkdin.png Requested by Host: test.kurierzamojski.pl URL: https://test.kurierzamojski.pl/brt-it/check/app/payment.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 109.95.159.54 , Poland, ASN48896 (DHOSTING-AS Warsaw, Poland, PL), Reverse DNS web03-s206.ewh.eu1.dhosting.com Software LiteSpeed / Resource Hash `c8cef8389d9c9a8c2ff16afa6eb276268099aa921bdb36d2eefe2b33af50f50c` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://test.kurierzamojski.pl/brt-it/check/app/payment.php Response headers cache-control public, max-age=2592000 etag "20d3-6731dac7-7900998244d8c654;;;" expires Wed, 11 Dec 2024 15:20:06 GMT accept-ranges bytes content-length 8403 date Mon, 11 Nov 2024 15:20:06 GMT content-type image/png last-modified Mon, 11 Nov 2024 10:21:59 GMT server LiteSpeed
GET H2	200	insta.png test.kurierzamojski.pl/brt-it/check/app/images/	11 KB 11 KB	88ms 87ms	Image image/png	109.95.159.54 DHOSTING-AS Warsaw
General Check archive.org Show headers Download Go to Show image Full URL https://test.kurierzamojski.pl/brt-it/check/app/images/insta.png Requested by Host: test.kurierzamojski.pl URL: https://test.kurierzamojski.pl/brt-it/check/app/payment.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 109.95.159.54 , Poland, ASN48896 (DHOSTING-AS Warsaw, Poland, PL), Reverse DNS web03-s206.ewh.eu1.dhosting.com Software LiteSpeed / Resource Hash `7e56e7b4b4c6004151eb38ab7edac2e59c8b1dba84167972aea5c36f5ef7b4f6` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://test.kurierzamojski.pl/brt-it/check/app/payment.php Response headers cache-control public, max-age=2592000 etag "2cfd-6731dac7-c01a664b741af655;;;" expires Wed, 11 Dec 2024 15:20:06 GMT accept-ranges bytes content-length 11517 date Mon, 11 Nov 2024 15:20:06 GMT content-type image/png last-modified Mon, 11 Nov 2024 10:21:59 GMT server LiteSpeed
GET H2	200	ytb.png test.kurierzamojski.pl/brt-it/check/app/images/	13 KB 13 KB	88ms 87ms	Image image/png	109.95.159.54 DHOSTING-AS Warsaw
General Check archive.org Show headers Download Go to Show image Full URL https://test.kurierzamojski.pl/brt-it/check/app/images/ytb.png Requested by Host: test.kurierzamojski.pl URL: https://test.kurierzamojski.pl/brt-it/check/app/payment.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 109.95.159.54 , Poland, ASN48896 (DHOSTING-AS Warsaw, Poland, PL), Reverse DNS web03-s206.ewh.eu1.dhosting.com Software LiteSpeed / Resource Hash `0342963ffb9a54079b741bfa9b72652710e7d6ccce3e8e8073261f5f0c200ec9` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://test.kurierzamojski.pl/brt-it/check/app/payment.php Response headers cache-control public, max-age=2592000 etag "33f0-6731dac7-c94d8100438d6b9;;;" expires Wed, 11 Dec 2024 15:20:06 GMT accept-ranges bytes content-length 13296 date Mon, 11 Nov 2024 15:20:06 GMT content-type image/png last-modified Mon, 11 Nov 2024 10:21:59 GMT server LiteSpeed
GET H2	200	twi.png test.kurierzamojski.pl/brt-it/check/app/images/	16 KB 16 KB	89ms 87ms	Image image/png	109.95.159.54 DHOSTING-AS Warsaw
General Check archive.org Show headers Download Go to Show image Full URL https://test.kurierzamojski.pl/brt-it/check/app/images/twi.png Requested by Host: test.kurierzamojski.pl URL: https://test.kurierzamojski.pl/brt-it/check/app/payment.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 109.95.159.54 , Poland, ASN48896 (DHOSTING-AS Warsaw, Poland, PL), Reverse DNS web03-s206.ewh.eu1.dhosting.com Software LiteSpeed / Resource Hash `4bcc1e5b6bfb781478082f1cbc21589c5b5e6935cfb2ca855eddd245cfe9cd28` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://test.kurierzamojski.pl/brt-it/check/app/payment.php Response headers cache-control public, max-age=2592000 etag "40e8-6731dac7-96d30477f4a07f78;;;" expires Wed, 11 Dec 2024 15:20:06 GMT accept-ranges bytes content-length 16616 date Mon, 11 Nov 2024 15:20:06 GMT content-type image/png last-modified Mon, 11 Nov 2024 10:21:59 GMT server LiteSpeed
GET H2	200	footer-logo.png test.kurierzamojski.pl/brt-it/check/app/images/	5 KB 5 KB	90ms 89ms	Image image/png	109.95.159.54 DHOSTING-AS Warsaw
General Check archive.org Show headers Download Go to Show image Full URL https://test.kurierzamojski.pl/brt-it/check/app/images/footer-logo.png Requested by Host: test.kurierzamojski.pl URL: https://test.kurierzamojski.pl/brt-it/check/app/payment.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 109.95.159.54 , Poland, ASN48896 (DHOSTING-AS Warsaw, Poland, PL), Reverse DNS web03-s206.ewh.eu1.dhosting.com Software LiteSpeed / Resource Hash `07fb85ec6f21fa9861447a6dcd851e42ba67b4c51f771fb8a90c4a23a9b67a0f` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://test.kurierzamojski.pl/brt-it/check/app/payment.php Response headers cache-control public, max-age=2592000 etag "13f4-6731dac7-3eaf9f0b294dc4e6;;;" expires Wed, 11 Dec 2024 15:20:06 GMT accept-ranges bytes content-length 5108 date Mon, 11 Nov 2024 15:20:06 GMT content-type image/png last-modified Mon, 11 Nov 2024 10:21:59 GMT server LiteSpeed
GET H2	200	juniaframework.js Show response test.kurierzamojski.pl/brt-it/check/app/javascript/	21 KB 6 KB	88ms 85ms	Script application/x-javascript	109.95.159.54 DHOSTING-AS Warsaw
General Check archive.org Show headers Download Go to Full URL https://test.kurierzamojski.pl/brt-it/check/app/javascript/juniaframework.js Requested by Host: test.kurierzamojski.pl URL: https://test.kurierzamojski.pl/brt-it/check/app/payment.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 109.95.159.54 , Poland, ASN48896 (DHOSTING-AS Warsaw, Poland, PL), Reverse DNS web03-s206.ewh.eu1.dhosting.com Software LiteSpeed / Resource Hash `0ce34c540c10651e8e5991321111d8d1098121f68ae03c78d0ce9c6fa7a1dcfc` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://test.kurierzamojski.pl/brt-it/check/app/payment.php Response headers cache-control public, max-age=2592000 content-encoding br etag "5298-6731dac7-5003bb2b7bdf6351;br" expires Wed, 11 Dec 2024 15:20:06 GMT accept-ranges bytes content-length 6102 date Mon, 11 Nov 2024 15:20:06 GMT content-type application/x-javascript last-modified Mon, 11 Nov 2024 10:21:59 GMT vary Accept-Encoding server LiteSpeed
GET H2	200	script.js Show response test.kurierzamojski.pl/brt-it/check/app/javascript/	206 B 264 B	127ms 124ms	Script application/x-javascript	109.95.159.54 DHOSTING-AS Warsaw
General Check archive.org Show headers Download Go to Full URL https://test.kurierzamojski.pl/brt-it/check/app/javascript/script.js Requested by Host: test.kurierzamojski.pl URL: https://test.kurierzamojski.pl/brt-it/check/app/payment.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 109.95.159.54 , Poland, ASN48896 (DHOSTING-AS Warsaw, Poland, PL), Reverse DNS web03-s206.ewh.eu1.dhosting.com Software LiteSpeed / Resource Hash `23ff0afe4369621392a6c71066c11515d1aefb5b558d8d30c868b6a9ad5b3e32` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://test.kurierzamojski.pl/brt-it/check/app/payment.php Response headers cache-control public, max-age=2592000 etag "ce-6731dac7-99df987615821dc6;;;" expires Wed, 11 Dec 2024 15:20:06 GMT accept-ranges bytes content-length 206 date Mon, 11 Nov 2024 15:20:06 GMT content-type application/x-javascript last-modified Mon, 11 Nov 2024 10:21:59 GMT server LiteSpeed
GET H2	200	jq.js Show response test.kurierzamojski.pl/brt-it/check/app/js/	745 B 341 B	871ms 868ms	Script text/html	109.95.159.54 DHOSTING-AS Warsaw
General Check archive.org Show headers Download Go to Full URL https://test.kurierzamojski.pl/brt-it/check/app/js/jq.js Requested by Host: test.kurierzamojski.pl URL: https://test.kurierzamojski.pl/brt-it/check/app/payment.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 109.95.159.54 , Poland, ASN48896 (DHOSTING-AS Warsaw, Poland, PL), Reverse DNS web03-s206.ewh.eu1.dhosting.com Software LiteSpeed / Resource Hash `d2234ccc1dc592cd0166aa580de257892c28f6ca300599c85e7dfcb67f2998cd` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://test.kurierzamojski.pl/brt-it/check/app/payment.php Response headers content-encoding br content-length 281 date Mon, 11 Nov 2024 15:20:07 GMT content-type text/html; charset=UTF-8 vary Accept-Encoding server LiteSpeed
GET H2	200	favicon.ico test.kurierzamojski.pl/brt-it/check/app/images/	1 KB 1 KB	38ms 37ms	Other image/x-icon	109.95.159.54 DHOSTING-AS Warsaw
General Check archive.org Show headers Download Go to Full URL https://test.kurierzamojski.pl/brt-it/check/app/images/favicon.ico Protocol H2 Security TLS 1.3, , AES_128_GCM Server 109.95.159.54 , Poland, ASN48896 (DHOSTING-AS Warsaw, Poland, PL), Reverse DNS web03-s206.ewh.eu1.dhosting.com Software LiteSpeed / Resource Hash `50fb9b0362d99bc8671991bcbb18493aeec3de00b6a771bda72a723d206ad119` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://test.kurierzamojski.pl/brt-it/check/app/payment.php Response headers cache-control public, max-age=2592000 etag "47e-6731dac7-f24712ea63bb5417;;;" expires Wed, 11 Dec 2024 15:20:07 GMT accept-ranges bytes content-length 1150 date Mon, 11 Nov 2024 15:20:07 GMT content-type image/x-icon last-modified Mon, 11 Nov 2024 10:21:59 GMT server LiteSpeed

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BRT S.p.A (Transportation)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| Cleave string| cd

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

db.onlinewebfonts.com
test.kurierzamojski.pl
109.95.159.54
188.114.97.3
0342963ffb9a54079b741bfa9b72652710e7d6ccce3e8e8073261f5f0c200ec9
07fb85ec6f21fa9861447a6dcd851e42ba67b4c51f771fb8a90c4a23a9b67a0f
0b5a6e9ebd217ed4b2bf8fc8e9d350b2ae07989fe9834e57714dd6211abd65f0
0ce34c540c10651e8e5991321111d8d1098121f68ae03c78d0ce9c6fa7a1dcfc
17715c79d886ca5fb8e6194cb720cebe189f37e20ebf1760bc7e6bc1a88fada0
23ff0afe4369621392a6c71066c11515d1aefb5b558d8d30c868b6a9ad5b3e32
255c01d6580e09159070c65d900876e6024f34ed23e8519e8c764414410147c2
2af0907e734056a085e1ae40a20835be43860a08dbefcca901361fa92447cf48
34b62d97af795b3c08c84994f3c9c0c95fcb52989ff6848df8d0928895961524
3510ed18d70cbcd0d1d7359a6268c6249ba375894cdb5be6c6c59e6a36b11903
4bcc1e5b6bfb781478082f1cbc21589c5b5e6935cfb2ca855eddd245cfe9cd28
50fb9b0362d99bc8671991bcbb18493aeec3de00b6a771bda72a723d206ad119
60fc37f80886700e21b2f04c04bf880087a5a69d87a530e33d11e4eaea5ac67c
6b8bcb8f77668bec2cdf00ed339c7d544ae3ffe477f81a9db2ea8a35c83a9d3e
7e56e7b4b4c6004151eb38ab7edac2e59c8b1dba84167972aea5c36f5ef7b4f6
905e5be42d7c438ce1d397f72d3a8e405476a8d5ba8e6d6f1fbfd4bc8418af72
95df655e3d989b0e2c46bfc91b523a9fd37d976048b021287bdfa61a1edc597a
9b6e8117d1546091dcea2394ce697c509be3f11e6f6d7f54531bf73293fde953
9f71dde1e427a12a5f007cb81e87e816d4bd4492b6ef5f0049418d2019c8a4fb
c8cef8389d9c9a8c2ff16afa6eb276268099aa921bdb36d2eefe2b33af50f50c
d2234ccc1dc592cd0166aa580de257892c28f6ca300599c85e7dfcb67f2998cd
d8b0c64f17fef96d35ef346f05acb617ffb26a38ed5ae986965c33364b473d9d
f1e0b3f86a810a495db90cd9ed18f15ed6d9b63db09266481cd983c22237a45e

test.kurierzamojski.pl Open in urlscan Pro 109.95.159.54 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

23 Requests

4 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

1030 kBTransfer

1059 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

23 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

0 Cookies

Indicators

test.kurierzamojski.pl Open in urlscan Pro
109.95.159.54 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

23
Requests

4 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

1030 kB
Transfer

1059 kB
Size

0
Cookies

23 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!