olx.blue
Open in
urlscan Pro
190.115.18.63
Malicious Activity!
Public Scan
Submission: On January 26 via api from PL
Summary
TLS certificate: Issued by R3 on January 14th 2021. Valid for: 3 months.
This is the only time olx.blue was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: OLX Group (E-commerce)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
9 | 190.115.18.63 190.115.18.63 | 262254 (DDOS-GUAR...) (DDOS-GUARD CORP.) | |
1 | 2a00:1450:400... 2a00:1450:4001:808::200a | 15169 (GOOGLE) (GOOGLE) | |
2 | 151.101.112.193 151.101.112.193 | 54113 (FASTLY) (FASTLY) | |
2 | 2a00:1450:400... 2a00:1450:4001:82b::2003 | 15169 (GOOGLE) (GOOGLE) | |
14 | 4 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
olx.blue
olx.blue |
310 KB |
2 |
gstatic.com
fonts.gstatic.com |
26 KB |
2 |
imgur.com
i.imgur.com |
57 KB |
1 |
googleapis.com
ajax.googleapis.com |
32 KB |
14 | 4 |
Domain | Requested by | |
---|---|---|
9 | olx.blue |
olx.blue
|
2 | fonts.gstatic.com |
olx.blue
|
2 | i.imgur.com |
olx.blue
|
1 | ajax.googleapis.com |
olx.blue
|
14 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
olx.pl |
www.olx.pl |
Subject Issuer | Validity | Valid | |
---|---|---|---|
olx.blue R3 |
2021-01-14 - 2021-04-14 |
3 months | crt.sh |
upload.video.google.com GTS CA 1O1 |
2021-01-05 - 2021-03-30 |
3 months | crt.sh |
*.imgur.com DigiCert SHA2 Secure Server CA |
2020-01-15 - 2022-03-16 |
2 years | crt.sh |
*.gstatic.com GTS CA 1O1 |
2021-01-05 - 2021-03-30 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://olx.blue/f2f/6188840107
Frame ID: 0FC4A79DC043EB43DE40037D2A2A806E
Requests: 14 HTTP requests in this frame
2 Outgoing links
These are links going to different origins than the main page.
Title:
Search URL Search Domain Scan URL
Title: Umowa użytkownika
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
6188840107
olx.blue/f2f/ |
11 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
olx.blue/assets/css/ |
26 KB 27 KB |
Stylesheet
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ultra.css
olx.blue/assets/css/ |
500 KB 72 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.9.1/ |
90 KB 32 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
OLX.png
olx.blue/assets/img/ |
28 KB 28 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
GTfigtf.jpg
i.imgur.com/ |
29 KB 29 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
shield.svg
olx.blue/assets/img/ |
4 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ac83mcP.png
i.imgur.com/ |
27 KB 28 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
opensans-bold.8dd1fb.woff
olx.blue/build/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
opensans-regular.552ea4.woff
olx.blue/build/fonts/ |
110 KB 88 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
opensans-semibold.1d8cbd.woff
olx.blue/build/fonts/ |
112 KB 91 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
opensans-bold.f5331c.ttf
olx.blue/build/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mem5YaGs126MiZpBA-UN7rgOUuhp.woff2
fonts.gstatic.com/s/opensans/v17/ |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mem5YaGs126MiZpBA-UN7rgOXOhpOqc.woff2
fonts.gstatic.com/s/opensans/v17/ |
11 KB 12 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: OLX Group (E-commerce)11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
olx.blue/ | Name: PHPSESSID Value: kljib6mnoe3csumd0kessiq2r4 |
|
.olx.blue/ | Name: __ddg1 Value: LItDYYRaNiDA08ws82dV |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | upgrade-insecure-requests; |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
fonts.gstatic.com
i.imgur.com
olx.blue
151.101.112.193
190.115.18.63
2a00:1450:4001:808::200a
2a00:1450:4001:82b::2003
08da1b8d71bcfc3909ac356c0939dd793c7a9d5cc47aa598994c4a7774b033d9
324f0c65f646d99cccc7eb6840b0ed12b55e6ea7698a7045cd1dc9397baaeca9
376d7167fc8be8c9744b35b7133e9f64c9de89dee3761ce0057587ce50e9ae55
40a2b247db5bdf98b559fa4aeb374b9ea3dae7c3717b908c9d49096d7c4e7293
74201a4b97ec1d5e86252dd0180eafd8c5378a9235864dbcd682f3575b41c85b
950b1c07dd96de4ae42cd06f0d3b8bb65a0301e0a597288adec661d0af2e4c18
97ac7cdc69f85fa4a230c8e616f9dc5f644c1c2b92a9cb83003c1f024c5a3eec
9dc6600b6014562cb88b026cafe5d32280552deda9a1e8adcbf0570302dc9232
af4d1c1c2187f07af64d7ddc5f3f899092441df8977113b2f21a03cf8f4c7e82
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
cdd3f533cbb03aa426012b4b7b2a2a0b3e6d474733891f74e225bbd58538c145
ef22b8a0a2246874da565962204b44fce483accb1e723c0d5c3ad2a4005c114c