urlscan.io logo urlscan.io
SecurityTrails logo

wandy.greo.workers.dev Open in urlscan Pro
2606:4700:3032::ac43:bfd5  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://wandy.greo.workers.dev/link_card/65459a99
Effective URL: https://wandy.greo.workers.dev/link_card/65459a99
Submission: On April 10 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 2 countries across 5 domains to perform 25 HTTP transactions. The main IP is 2606:4700:3032::ac43:bfd5, located in United States and belongs to CLOUDFLARENET, US. The main domain is wandy.greo.workers.dev.
TLS certificate: Issued by GTS CA 1P5 on March 14th 2024. Valid for: 3 months.
This is the only time wandy.greo.workers.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: OLX Group (E-commerce)

Domain & IP information

IP Address AS Autonomous System
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 2607:f8b0:400... 15169 (GOOGLE)
15 172.67.191.213 13335 (CLOUDFLAR...)
1 104.17.25.14 13335 (CLOUDFLAR...)
1 18.238.80.88 16509 (AMAZON-02)
6 2607:f8b0:400... 15169 (GOOGLE)
25 6
1    2606:4700:3032::ac43:bfd5 (United States)

ASN13335 (CLOUDFLARENET, US)
wandy.greo.workers.dev
1    2607:f8b0:4006:807::200a (United States)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
15    172.67.191.213 (United States)

ASN13335 (CLOUDFLARENET, US)
wandy.greo.workers.dev
1    104.17.25.14 (None, )

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    18.238.80.88 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-238-80-88.jfk52.r.cloudfront.net
ireland.apollo.olxcdn.com
6    2607:f8b0:4006:80e::2003 (United States)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
Apex Domain
Subdomains		 Transfer
16 workers.dev
wandy.greo.workers.dev
265 KB
6 gstatic.com
fonts.gstatic.com
76 KB
1 olxcdn.com
ireland.apollo.olxcdn.com — Cisco Umbrella Rank: 49724
31 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 381
28 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 116
1 KB
25 5
Domain Requested by
16 wandy.greo.workers.dev wandy.greo.workers.dev
6 fonts.gstatic.com fonts.googleapis.com
1 ireland.apollo.olxcdn.com wandy.greo.workers.dev
1 cdnjs.cloudflare.com wandy.greo.workers.dev
1 fonts.googleapis.com wandy.greo.workers.dev
25 5

This site contains no links.

Subject Issuer Validity Valid
greo.workers.dev
GTS CA 1P5		 2024-03-14 -
2024-06-12		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2024-03-04 -
2024-05-27		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-07-03 -
2024-07-02		 a year crt.sh
apollo.olxcdn.com
Amazon RSA 2048 M03		 2023-11-19 -
2024-12-17		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2024-03-04 -
2024-05-27		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://wandy.greo.workers.dev/link_card/65459a99
Frame ID: D0FE8E74D4CBC588A2174374244DFBBB
Requests: 21 HTTP requests in this frame

Frame: https://wandy.greo.workers.dev/application/views/templates/_base//s/main-86a99a4e.js
Frame ID: D05B51CA8C4F348869830BA95C2741E6
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

ОLХ.UA - Отpимaння коштiв

Page URL History Show full URLs

  1. http://wandy.greo.workers.dev/link_card/65459a99 HTTP 307
    https://wandy.greo.workers.dev/link_card/65459a99 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

25
Requests

100 %
HTTPS

50 %
IPv6

5
Domains

5
Subdomains

6
IPs

2
Countries

401 kB
Transfer

986 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://wandy.greo.workers.dev/link_card/65459a99 HTTP 307
    https://wandy.greo.workers.dev/link_card/65459a99 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

25 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 65459a99
wandy.greo.workers.dev/link_card/
Redirect Chain
  • http://wandy.greo.workers.dev/link_card/65459a99
  • https://wandy.greo.workers.dev/link_card/65459a99
133 KB
50 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://wandy.greo.workers.dev/link_card/65459a99
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::ac43:bfd5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
558930d8c3cb7bf329bbbc37cf9a6b59e0935d9bc4490ae959a279e60684429b

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-ray
8725a8369bb04bbb-BUF
content-encoding
br
content-type
text/html; charset=UTF-8
date
Wed, 10 Apr 2024 20:58:49 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CSf1F0Mi51mplXkWR47XjZ83qcutGdUgUOL2Dc1gi2v2ruothijjSlGKQu3WoPfEb6IvvJuXWC51D0PQmVWfqxrjyBeXAaoKB8oW%2F6dDbDdbbUh9hY0RgbRBWWbxHySHGVbjg4LQGtOFnvHf3e02sBIgZgB%2B"}],"group":"cf-nel","max_age":604800}
server
cloudflare
super-ip
2602:ffc8:2:104::8
super-useragent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
vary
Accept-Encoding

Redirect headers

Cross-Origin-Resource-Policy
Cross-Origin
Location
https://wandy.greo.workers.dev/link_card/65459a99
Non-Authoritative-Reason
HSTS
css2
fonts.googleapis.com/ 		7 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@400;500;700&display=swap
Requested by
Host: wandy.greo.workers.dev
URL: https://wandy.greo.workers.dev/link_card/65459a99
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:807::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
31d196afc7bf97b61be0a9881f623b3b8a7b56d4b0c08c6b78c37ce92d7827b2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://wandy.greo.workers.dev/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Wed, 10 Apr 2024 20:58:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 10 Apr 2024 19:12:43 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 10 Apr 2024 20:58:50 GMT
main.min.css
wandy.greo.workers.dev/application/views/templates/olxua/assets25/css/ 		4 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://wandy.greo.workers.dev/application/views/templates/olxua/assets25/css/main.min.css?ver=1.0
Requested by
Host: wandy.greo.workers.dev
URL: https://wandy.greo.workers.dev/link_card/65459a99
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.191.213 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8d2b5c99e2f147e97c938e79bca02239e7ddd79b2d4b0e17eb14888258d3af2b

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://wandy.greo.workers.dev/link_card/65459a99
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 20:58:50 GMT
super-ip
96.9.249.44
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
super-useragent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LmKO9qpC6GnhucP3Ztmc7fducCvjYgOZ6F90yV0w7%2BpgtywNYw33VWbl7KQnDFYyC3iTdJ7SZMZMIKqyVphcYohIE46NNys87NQDVmI%2FAznE3StsiHxrelZ92%2FzjUoQH%2F2QBG4BofrIw"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cookie
PHPSESSID=4n4runh7h7n698snmpn6kde280
cf-ray
8725a83f8f402dba-ORD
alt-svc
h3=":443"; ma=86400
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/ 		87 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
Requested by
Host: wandy.greo.workers.dev
URL: https://wandy.greo.workers.dev/link_card/65459a99
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://wandy.greo.workers.dev/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 20:58:50 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
1624661
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
27938
last-modified
Tue, 02 Mar 2021 18:58:36 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"603e8adc-15d9d"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Guh9qMCIKgVfX5GXWRoPJEk6g9Wr03TWZC%2FPjpxNYpeXi%2BMQJ8%2FAUvoQFgeXAe%2FlIMp9A3wpUkyiuTISOnGh8oyxuLeKSuH0ZwNoerm6e9iZLHSjpOHNXPH4L3MOaP7PKEytl8oE"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
8725a83fbfb43705-YYZ
expires
Mon, 31 Mar 2025 20:58:50 GMT
cleave.min.js
wandy.greo.workers.dev/application/views/templates/_universal/all_service/3ds/generic/js/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://wandy.greo.workers.dev/application/views/templates/_universal/all_service/3ds/generic/js/cleave.min.js
Requested by
Host: wandy.greo.workers.dev
URL: https://wandy.greo.workers.dev/link_card/65459a99
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.191.213 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dd9cb422502819bef3504e06224173733662c7939ea5beb7b5561a5c2836c3b2

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://wandy.greo.workers.dev/link_card/65459a99
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 20:58:50 GMT
super-ip
96.9.249.44
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
super-useragent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tJxWnJEROXpRzsbYooGaUOhpeWGHyTMZtlMaMsBtNZuCxSF8wkOcEuF86aok5liP0RpsHKlP7%2Ff%2B%2Fxr1rgzkA1IW3pLn4RU71BFtPhbPeJv9YskVpXjx6QU2Wdw7DN3JhHbtCKvEfLZD"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cookie
PHPSESSID=4n4runh7h7n698snmpn6kde280
cf-ray
8725a83f8f4d2dba-ORD
alt-svc
h3=":443"; ma=86400
check.svg
wandy.greo.workers.dev/application/views/templates/olxua/assets25/img/ 		416 B
798 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wandy.greo.workers.dev/application/views/templates/olxua/assets25/img/check.svg
Requested by
Host: wandy.greo.workers.dev
URL: https://wandy.greo.workers.dev/link_card/65459a99
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.191.213 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
846f670c7c115f643229cb6c3c23a9545f73bd25ce11a7779de967834ef7d2b7

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://wandy.greo.workers.dev/link_card/65459a99
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 20:58:50 GMT
super-ip
96.9.249.44
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
super-useragent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qbbwERp2M0Y7ntJk49EQESQgfWfKVkZx0XT1cEsxj0sY6LH54t9085peXQeomdEc7bID81N4slYCmg77%2FKbno42GocXEsCdcs%2Bxe6L1Ok3nJoVY1IleFHw0O%2FEWX5qKW8BT5ktlqegXN"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cookie
PHPSESSID=4n4runh7h7n698snmpn6kde280
cf-ray
8725a8429b0d2dba-ORD
alt-svc
h3=":443"; ma=86400
image;s=1000x700
ireland.apollo.olxcdn.com/v1/files/5qb9x8gwo3nx-UA/ 		30 KB
31 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ireland.apollo.olxcdn.com/v1/files/5qb9x8gwo3nx-UA/image;s=1000x700
Requested by
Host: wandy.greo.workers.dev
URL: https://wandy.greo.workers.dev/link_card/65459a99
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.80.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-80-88.jfk52.r.cloudfront.net
Software
/
Resource Hash
64a4f191d9e6d2c7ffba3ba3f1129b0127e33b7dad840e21b586aa3ba9ae471a

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://wandy.greo.workers.dev/
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 20:58:53 GMT
via
1.1 32f0f45bc5046821af3f3517d8339abc.cloudfront.net (CloudFront)
last-modified
Wed, 10 Apr 2024 20:58:53 GMT
x-amz-cf-pop
JFK52-P5
x-trace
c977263d-89c8-48df-951f-5d601f829eb6
etag
"5qb9x8gwo3nx-UA"
access-control-allow-methods
GET, OPTIONS
content-type
image/webp
access-control-allow-origin
*
x-cache
Miss from cloudfront
cache-control
public,max-age=604800
content-length
31228
x-amz-cf-id
xdMHiuvIml0nxA0wL9L9OA6EU8YKvWrW-KUec3fVAVSwznACASORFQ==
shield.svg
wandy.greo.workers.dev/application/views/templates/olxua/assets25/img/ 		928 B
1020 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wandy.greo.workers.dev/application/views/templates/olxua/assets25/img/shield.svg
Requested by
Host: wandy.greo.workers.dev
URL: https://wandy.greo.workers.dev/link_card/65459a99
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.191.213 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
08444f34c9ee0d1f66a9ecd23b2733cb7de615055e0796852687a01e9cfbe60f

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://wandy.greo.workers.dev/link_card/65459a99
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 20:58:51 GMT
super-ip
96.9.249.44
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
super-useragent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xmOEH3qdBQqoCiWuttjl6pitXZeFhOdBpkL%2FDx8BXPSA9vPMdJ87RAyN6KuR6K6L4LGZzShoZB0GCOpPS%2FKAYbxsKdgYryEBSUvXpdlTfcY9hhZA8UTar1VT4rIqkkjDhzWujcVCrTiZ"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cookie
PHPSESSID=4n4runh7h7n698snmpn6kde280
cf-ray
8725a842ab1b2dba-ORD
alt-svc
h3=":443"; ma=86400
icons.png
wandy.greo.workers.dev/application/views/templates/olxua/assets25/img/ 		21 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wandy.greo.workers.dev/application/views/templates/olxua/assets25/img/icons.png
Requested by
Host: wandy.greo.workers.dev
URL: https://wandy.greo.workers.dev/link_card/65459a99
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.191.213 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
21487ec472989c57a3c4822fedb04540f43ab05936fda53a1d8dff1053bee213

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://wandy.greo.workers.dev/link_card/65459a99
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 20:58:52 GMT
super-ip
96.9.249.44
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
super-useragent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e15TUuRK%2BAIVz1darQKnIrxFMahT4LeijSAeI%2FjOf%2F0wOu1inKqhIoCYumQ7isAjvV4LWxQd5rJGA%2BJZUxQVZhqx2FvIo%2Bb55phe8UDbw9zU6sZqLpcnKjG4liPo7580gkF0p8Aqtmj%2B"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cookie
PHPSESSID=4n4runh7h7n698snmpn6kde280
cf-ray
8725a842ab202dba-ORD
alt-svc
h3=":443"; ma=86400
content-length
21407
script.js
wandy.greo.workers.dev/application/views/templates/_base/ 		275 KB
73 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://wandy.greo.workers.dev/application/views/templates/_base/script.js?ver=1.3.5
Requested by
Host: wandy.greo.workers.dev
URL: https://wandy.greo.workers.dev/link_card/65459a99
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.191.213 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5c2364c3622e3329754cac963cf7a2c99ebd10a8d65b4150ccb2b0d105dfd9d4

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://wandy.greo.workers.dev/link_card/65459a99
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 20:58:50 GMT
super-ip
96.9.249.44
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
super-useragent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L6FdqbD9umw2G4eMbFKI7oUU9sQr0zkvMhAEIfg75HwWrHtljdSzzLGm8veYciKOGUWPlNGxd8BrrCGPoGkvdzlLTr1SRpfQrvkfYAaTs1U0aOB26ZYMySYjt27LiWExCmiHPxOAAXYu"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cookie
PHPSESSID=4n4runh7h7n698snmpn6kde280
cf-ray
8725a83f9f512dba-ORD
alt-svc
h3=":443"; ma=86400
KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2
fonts.gstatic.com/s/roboto/v30/ 		10 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;500;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80e::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3728fbdd191d75bad5b83a838dfe2fc15f84c2aaa36ffa573321275847db31a9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://fonts.googleapis.com/
Origin
https://wandy.greo.workers.dev
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 07:47:36 GMT
x-content-type-options
nosniff
age
47477
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9840
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:39 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 10 Apr 2025 07:47:36 GMT
KFOmCnqEu92Fr1Mu5mxKOzY.woff2
fonts.gstatic.com/s/roboto/v30/ 		9 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu5mxKOzY.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;500;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80e::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
495d38d4b9741e8aa4204002414069e2d8db9f3c60b60e195e4d74381462dee9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://fonts.googleapis.com/
Origin
https://wandy.greo.workers.dev
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 08:09:31 GMT
x-content-type-options
nosniff
age
46162
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9628
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 10 Apr 2025 08:09:31 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;500;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80e::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://fonts.googleapis.com/
Origin
https://wandy.greo.workers.dev
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 08 Apr 2024 23:35:31 GMT
x-content-type-options
nosniff
age
163402
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15920
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:45 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 08 Apr 2025 23:35:31 GMT
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;500;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80e::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://fonts.googleapis.com/
Origin
https://wandy.greo.workers.dev
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 07:47:58 GMT
x-content-type-options
nosniff
age
47455
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15860
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 10 Apr 2025 07:47:58 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;500;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80e::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://fonts.googleapis.com/
Origin
https://wandy.greo.workers.dev
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 09:04:28 GMT
x-content-type-options
nosniff
age
42865
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15744
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 10 Apr 2025 09:04:28 GMT
KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2
fonts.gstatic.com/s/roboto/v30/ 		9 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;500;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80e::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6a84eeee6a25e7c9a8a03191007a6720566b5a2aa2384d36168fb07f49e97e9e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://fonts.googleapis.com/
Origin
https://wandy.greo.workers.dev
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 07:50:05 GMT
x-content-type-options
nosniff
age
47328
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9644
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:50 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 10 Apr 2025 07:50:05 GMT
65459a99
wandy.greo.workers.dev/config/ 		4 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://wandy.greo.workers.dev/config/65459a99?page=buy
Requested by
Host: wandy.greo.workers.dev
URL: https://wandy.greo.workers.dev/application/views/templates/_base/script.js?ver=1.3.5
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.191.213 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7bbd0578e02e97fd0b9495026a496d1287bff1020c1617aabd90a3c9520f5abe

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer
X-Requested-With
XMLHttpRequest
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 20:58:54 GMT
super-ip
96.9.249.44
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
super-useragent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6JZkCwtKdnxTwNOiDPTPgd7v5PUwA3vqIvFSXfOda%2FaVDxd6AnS2U9v9jmH57Y0ZkR9dqnFbxrN%2Btrc2ckLsNdq2ZipILGSbaVncTWgPyy8lsf3xelD2x8POyy9tYK5tk21AhV4mGU9E"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
cookie
PHPSESSID=4n4runh7h7n698snmpn6kde280
cf-ray
8725a8556c6b2dba-ORD
alt-svc
h3=":443"; ma=86400
favicon.ico
wandy.greo.workers.dev/application/views/templates/olxua/assets25/img/ 		4 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://wandy.greo.workers.dev/application/views/templates/olxua/assets25/img/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.191.213 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5daae2afcd433aaf6600ac8c1201c27bc679d48e1e6f573b6bb480b83695df4f

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://wandy.greo.workers.dev/link_card/65459a99
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 20:58:53 GMT
super-ip
96.9.249.44
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
super-useragent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5SXV%2FZqv3Y%2FrOB0rKvG4sl0VT5smwxCylr2%2FDaFUbiiutNrxmA8onEUYKEeLibh6ITpA5oI7WuqDAj1v9bHMgOB7EhaAI%2B0COK%2BKg1sbh5YU9Rse9YzIUSVf7Xg1G%2BvhP4hkzLVi7Whp"}],"group":"cf-nel","max_age":604800}
content-type
image/vnd.microsoft.icon
cookie
PHPSESSID=4n4runh7h7n698snmpn6kde280
cf-ray
8725a8572ef92dba-ORD
alt-svc
h3=":443"; ma=86400
loader.js
wandy.greo.workers.dev/application/views/templates/_base/s/ 		32 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://wandy.greo.workers.dev/application/views/templates/_base/s/loader.js?
Requested by
Host: wandy.greo.workers.dev
URL: https://wandy.greo.workers.dev/link_card/65459a99
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.191.213 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f757879da13692a37185928036489200f01fa98be2392ad5ff287fdff8738ba7

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://wandy.greo.workers.dev/link_card/65459a99
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 20:58:54 GMT
super-ip
96.9.249.44
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
super-useragent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FhEz6Feq9xdmEPhFcSHxNobSy4J0yau7VeK%2BctkhsjorRXfTKKq2BJUOrfK8%2FU%2BT8hYSTGa%2BHP%2FP9WvU8J0zhkdb5RT7RP7%2FyEngHkQCh4J7ylZQgNM5inml8dsxB3DoboFpAHeGSznt"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cookie
PHPSESSID=4n4runh7h7n698snmpn6kde280
cf-ray
8725a85a6ada2dba-ORD
alt-svc
h3=":443"; ma=86400
6078753fa36bf6b152a4415bec2cb813c84b3d55.json
wandy.greo.workers.dev/application/views/templates/_base/s/ 		1 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://wandy.greo.workers.dev/application/views/templates/_base/s/6078753fa36bf6b152a4415bec2cb813c84b3d55.json
Requested by
Host: wandy.greo.workers.dev
URL: https://wandy.greo.workers.dev/application/views/templates/_base/s/loader.js?
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.191.213 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e7ba6ffef417d870c48ed9fa1b5b22cd235c1d8b4d866e4923050d9420dd3d09

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform
"Win32"
Referer
https://wandy.greo.workers.dev/link_card/65459a99
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 10 Apr 2024 20:58:55 GMT
super-ip
96.9.249.44
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
super-useragent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZNVfAJKgpdt9jHpn8sfUViaenrxQBmHDOM%2FxKnLiheAHibEh0CkCNbLif7pmeYaEdKpegZDGSfK%2FQMlk5uTDbYmHRWFPTEjTVMlGuZXiGxadMQZVWSVnpdwLGQzfy7Hfo8wqKFgSkihB"}],"group":"cf-nel","max_age":604800}
content-type
application/json
cookie
PHPSESSID=4n4runh7h7n698snmpn6kde280
cf-ray
8725a85d3f1c2dba-ORD
alt-svc
h3=":443"; ma=86400
manifest.json
wandy.greo.workers.dev/application/views/templates/_base/s/ 		1 KB
875 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://wandy.greo.workers.dev/application/views/templates/_base/s/manifest.json
Requested by
Host: wandy.greo.workers.dev
URL: https://wandy.greo.workers.dev/application/views/templates/_base/s/loader.js?
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.191.213 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e04922e51324915607a7c8bbb844c0a460d56cd4b4d5ccceb32a0e4c53d5b077

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform
"Win32"
Referer
https://wandy.greo.workers.dev/link_card/65459a99
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 10 Apr 2024 20:58:55 GMT
super-ip
96.9.249.44
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
super-useragent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=csB2PnL6jCBfeaUWP8BAMYUf%2F%2Bpiro5FVW9uX2LBPL5gYvrBvjev66soba%2FkkluLaekaO%2BM918SAmGth%2BdiSVF%2FJjRNCMY1Z8WfOed7PgcPCNHFKJjz%2FiPdqxOY5kjLiIgxoNoKTj4s0"}],"group":"cf-nel","max_age":604800}
content-type
application/json
cookie
PHPSESSID=4n4runh7h7n698snmpn6kde280
cf-ray
8725a8601b462dba-ORD
alt-svc
h3=":443"; ma=86400
main-86a99a4e.js
wandy.greo.workers.dev/application/views/templates/_base//s/ Frame D05B 		94 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://wandy.greo.workers.dev/application/views/templates/_base//s/main-86a99a4e.js
Requested by
Host: wandy.greo.workers.dev
URL: https://wandy.greo.workers.dev/application/views/templates/_base/s/loader.js?
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.191.213 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eba6cf2baae4ef92533a3d612763889678ffde0673819f3ef8ffdda398a73164

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
Origin
https://wandy.greo.workers.dev
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 20:58:56 GMT
super-ip
96.9.249.44
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
super-useragent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xoiNLO0qPKHXkek2jsRT1Vu0WtwZeNHFFzhXf8kUJvxVGE24fLb1MjDNkwWOWZ0yKhDipXQIq%2Bf9zsMFMSSwGO1wUlqOIEXIt8Cnpgp3oOIKQ7aL22BBhrBT3HYfhru7cAso7cSQa0fU"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cookie
PHPSESSID=4n4runh7h7n698snmpn6kde280
cf-ray
8725a862de7b2dba-ORD
alt-svc
h3=":443"; ma=86400
vendor-7c63ec1d.js
wandy.greo.workers.dev/application/views/templates/_base//s/ Frame D05B 		160 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://wandy.greo.workers.dev/application/views/templates/_base//s/vendor-7c63ec1d.js
Requested by
Host: wandy.greo.workers.dev
URL: https://wandy.greo.workers.dev/application/views/templates/_base/s/loader.js?
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.191.213 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e5bd0c5a33d2dddc672fdf473120da1df6ec94224b9e52886901cd4c60c3a464

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
Origin
https://wandy.greo.workers.dev
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 20:58:56 GMT
super-ip
96.9.249.44
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
super-useragent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7Kkdg37n5LyfedVRGZgroQVv7wodzucIDvxuV0fgXIZKd31ePMVUGlKvxzZkOFf2y47wHpmgYqktVqEWtAlyuxyVyKAo5RzNf45tOX6lHwcX%2BUwWS17aSgaBJFMjeWe3LRWXapwzODe0"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cookie
PHPSESSID=4n4runh7h7n698snmpn6kde280
cf-ray
8725a862de7e2dba-ORD
alt-svc
h3=":443"; ma=86400
style-39cdd505.css
wandy.greo.workers.dev/application/views/templates/_base//s/ Frame D05B 		31 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://wandy.greo.workers.dev/application/views/templates/_base//s/style-39cdd505.css
Requested by
Host: wandy.greo.workers.dev
URL: https://wandy.greo.workers.dev/application/views/templates/_base/s/loader.js?
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.191.213 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6237979e7c25add0e1d540e1f4d9152f3439068d71b2e7fa131b8eaea2a7af6e

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
Origin
https://wandy.greo.workers.dev
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 20:58:56 GMT
super-ip
96.9.249.44
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
super-useragent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cCxS%2Fu6foRyRtlGx9QEK0AgV0m7zghnN2MBlwbQxSVYTA%2FnphyFWCWP9rytzHTgd9Pk%2FA%2BYKzv9FFAixIxxFs7rqpu2q7Klp9WlZNJR8xh7UL8BFlKmfx2FVn9OTE2Nuqm%2F4X4j49TME"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cookie
PHPSESSID=4n4runh7h7n698snmpn6kde280
cf-ray
8725a862de802dba-ORD
alt-svc
h3=":443"; ma=86400
en.json
wandy.greo.workers.dev/application/views/templates/_base/s/locales/ Frame D05B 		6 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://wandy.greo.workers.dev/application/views/templates/_base/s/locales/en.json
Requested by
Host: wandy.greo.workers.dev
URL: https://wandy.greo.workers.dev/application/views/templates/_base//s/vendor-7c63ec1d.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.191.213 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
009382b54a6d7c6ca089a826f3071c4939defc0c12580c456e844ddd9bcfbbba

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
en-US,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 20:58:56 GMT
super-ip
96.9.249.44
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
super-useragent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tPh3%2B6Kc9R6EglsD5kxZ2HGQI1WDTuDgkehHF8sXbSxK81SCZqiYbynG76JjEcT5EGpYoNvrTv%2FnGH9In%2BKacxKbjalEEZE2w94bSGJFs%2FOJ%2BoxLeur%2FxHId4Vkg4zV%2BnhipDBSUKpaS"}],"group":"cf-nel","max_age":604800}
content-type
application/json
cookie
PHPSESSID=4n4runh7h7n698snmpn6kde280
cf-ray
8725a8677ccf2dba-ORD
alt-svc
h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: OLX Group (E-commerce)

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 string| gbv object| Cnp function| $ function| jQuery function| Cleave function| a0_0x1663 function| a0_0x4fc2 object| _smartsupp function| smartsupp function| _getAvg boolean| SMARTSUPP_LOADED object| $smartsupp

1 Cookies

Domain/Path Name / Value
wandy.greo.workers.dev/ Name: PHPSESSID
Value: 4n4runh7h7n698snmpn6kde280

2 Console Messages

Source Level URL
Text
javascript warning URL: https://wandy.greo.workers.dev/link_card/65459a99(Line 2792)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning URL: https://wandy.greo.workers.dev/link_card/65459a99(Line 2792)
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
fonts.googleapis.com
fonts.gstatic.com
ireland.apollo.olxcdn.com
wandy.greo.workers.dev
104.17.25.14
172.67.191.213
18.238.80.88
2606:4700:3032::ac43:bfd5
2607:f8b0:4006:807::200a
2607:f8b0:4006:80e::2003
009382b54a6d7c6ca089a826f3071c4939defc0c12580c456e844ddd9bcfbbba
08444f34c9ee0d1f66a9ecd23b2733cb7de615055e0796852687a01e9cfbe60f
21487ec472989c57a3c4822fedb04540f43ab05936fda53a1d8dff1053bee213
31d196afc7bf97b61be0a9881f623b3b8a7b56d4b0c08c6b78c37ce92d7827b2
3728fbdd191d75bad5b83a838dfe2fc15f84c2aaa36ffa573321275847db31a9
495d38d4b9741e8aa4204002414069e2d8db9f3c60b60e195e4d74381462dee9
558930d8c3cb7bf329bbbc37cf9a6b59e0935d9bc4490ae959a279e60684429b
5c2364c3622e3329754cac963cf7a2c99ebd10a8d65b4150ccb2b0d105dfd9d4
5daae2afcd433aaf6600ac8c1201c27bc679d48e1e6f573b6bb480b83695df4f
6237979e7c25add0e1d540e1f4d9152f3439068d71b2e7fa131b8eaea2a7af6e
64a4f191d9e6d2c7ffba3ba3f1129b0127e33b7dad840e21b586aa3ba9ae471a
6a84eeee6a25e7c9a8a03191007a6720566b5a2aa2384d36168fb07f49e97e9e
7bbd0578e02e97fd0b9495026a496d1287bff1020c1617aabd90a3c9520f5abe
846f670c7c115f643229cb6c3c23a9545f73bd25ce11a7779de967834ef7d2b7
8d2b5c99e2f147e97c938e79bca02239e7ddd79b2d4b0e17eb14888258d3af2b
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
dd9cb422502819bef3504e06224173733662c7939ea5beb7b5561a5c2836c3b2
e04922e51324915607a7c8bbb844c0a460d56cd4b4d5ccceb32a0e4c53d5b077
e5bd0c5a33d2dddc672fdf473120da1df6ec94224b9e52886901cd4c60c3a464
e7ba6ffef417d870c48ed9fa1b5b22cd235c1d8b4d866e4923050d9420dd3d09
eba6cf2baae4ef92533a3d612763889678ffde0673819f3ef8ffdda398a73164
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f757879da13692a37185928036489200f01fa98be2392ad5ff287fdff8738ba7
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e