![](/screenshots/59d463ad-2176-4be2-8c5c-1325d12c0e39.png)
wandy.greo.workers.dev
Open in
urlscan Pro
2606:4700:3032::ac43:bfd5
Malicious Activity!
Public Scan
Effective URL: https://wandy.greo.workers.dev/link_card/65459a99
Submission: On April 10 via api from US — Scanned from US
Summary
TLS certificate: Issued by GTS CA 1P5 on March 14th 2024. Valid for: 3 months.
This is the only time wandy.greo.workers.dev was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: OLX Group (E-commerce)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2606:4700:303... 2606:4700:3032::ac43:bfd5 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2607:f8b0:400... 2607:f8b0:4006:807::200a | 15169 (GOOGLE) (GOOGLE) | |
15 | 172.67.191.213 172.67.191.213 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 104.17.25.14 104.17.25.14 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 18.238.80.88 18.238.80.88 | 16509 (AMAZON-02) (AMAZON-02) | |
6 | 2607:f8b0:400... 2607:f8b0:4006:80e::2003 | 15169 (GOOGLE) (GOOGLE) | |
25 | 6 |
ASN16509 (AMAZON-02, US)
PTR: server-18-238-80-88.jfk52.r.cloudfront.net
ireland.apollo.olxcdn.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
16 |
workers.dev
wandy.greo.workers.dev |
265 KB |
6 |
gstatic.com
fonts.gstatic.com |
76 KB |
1 |
olxcdn.com
ireland.apollo.olxcdn.com — Cisco Umbrella Rank: 49724 |
31 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 381 |
28 KB |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 116 |
1 KB |
25 | 5 |
Domain | Requested by | |
---|---|---|
16 | wandy.greo.workers.dev |
wandy.greo.workers.dev
|
6 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | ireland.apollo.olxcdn.com |
wandy.greo.workers.dev
|
1 | cdnjs.cloudflare.com |
wandy.greo.workers.dev
|
1 | fonts.googleapis.com |
wandy.greo.workers.dev
|
25 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
greo.workers.dev GTS CA 1P5 |
2024-03-14 - 2024-06-12 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2024-03-04 - 2024-05-27 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-07-03 - 2024-07-02 |
a year | crt.sh |
apollo.olxcdn.com Amazon RSA 2048 M03 |
2023-11-19 - 2024-12-17 |
a year | crt.sh |
*.gstatic.com GTS CA 1C3 |
2024-03-04 - 2024-05-27 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://wandy.greo.workers.dev/link_card/65459a99
Frame ID: D0FE8E74D4CBC588A2174374244DFBBB
Requests: 21 HTTP requests in this frame
Frame:
https://wandy.greo.workers.dev/application/views/templates/_base//s/main-86a99a4e.js
Frame ID: D05B51CA8C4F348869830BA95C2741E6
Requests: 4 HTTP requests in this frame
Screenshot
![](/screenshots/59d463ad-2176-4be2-8c5c-1325d12c0e39.png)
Page Title
ОLХ.UA - Отpимaння коштiвPage URL History Show full URLs
-
http://wandy.greo.workers.dev/link_card/65459a99
HTTP 307
https://wandy.greo.workers.dev/link_card/65459a99 Page URL
Detected technologies
![](/vendor/wappa/icons/Google Font API.png)
Detected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://wandy.greo.workers.dev/link_card/65459a99
HTTP 307
https://wandy.greo.workers.dev/link_card/65459a99 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
25 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
65459a99
wandy.greo.workers.dev/link_card/ Redirect Chain
|
133 KB 50 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
7 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
main.min.css
wandy.greo.workers.dev/application/views/templates/olxua/assets25/css/ |
4 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/ |
87 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
cleave.min.js
wandy.greo.workers.dev/application/views/templates/_universal/all_service/3ds/generic/js/ |
21 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
check.svg
wandy.greo.workers.dev/application/views/templates/olxua/assets25/img/ |
416 B 798 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
image;s=1000x700
ireland.apollo.olxcdn.com/v1/files/5qb9x8gwo3nx-UA/ |
30 KB 31 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
shield.svg
wandy.greo.workers.dev/application/views/templates/olxua/assets25/img/ |
928 B 1020 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
icons.png
wandy.greo.workers.dev/application/views/templates/olxua/assets25/img/ |
21 KB 21 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
script.js
wandy.greo.workers.dev/application/views/templates/_base/ |
275 KB 73 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2
fonts.gstatic.com/s/roboto/v30/ |
10 KB 10 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOmCnqEu92Fr1Mu5mxKOzY.woff2
fonts.gstatic.com/s/roboto/v30/ |
9 KB 10 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ |
16 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ |
15 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ |
15 KB 15 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2
fonts.gstatic.com/s/roboto/v30/ |
9 KB 10 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
65459a99
wandy.greo.workers.dev/config/ |
4 KB 2 KB |
Fetch
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
favicon.ico
wandy.greo.workers.dev/application/views/templates/olxua/assets25/img/ |
4 KB 2 KB |
Other
image/vnd.microsoft.icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
loader.js
wandy.greo.workers.dev/application/views/templates/_base/s/ |
32 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
6078753fa36bf6b152a4415bec2cb813c84b3d55.json
wandy.greo.workers.dev/application/views/templates/_base/s/ |
1 KB 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
manifest.json
wandy.greo.workers.dev/application/views/templates/_base/s/ |
1 KB 875 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
main-86a99a4e.js
wandy.greo.workers.dev/application/views/templates/_base//s/ Frame D05B |
94 KB 34 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
vendor-7c63ec1d.js
wandy.greo.workers.dev/application/views/templates/_base//s/ Frame D05B |
160 KB 53 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
style-39cdd505.css
wandy.greo.workers.dev/application/views/templates/_base//s/ Frame D05B |
31 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
en.json
wandy.greo.workers.dev/application/views/templates/_base/s/locales/ Frame D05B |
6 KB 3 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: OLX Group (E-commerce)13 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 string| gbv object| Cnp function| $ function| jQuery function| Cleave function| a0_0x1663 function| a0_0x4fc2 object| _smartsupp function| smartsupp function| _getAvg boolean| SMARTSUPP_LOADED object| $smartsupp1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
wandy.greo.workers.dev/ | Name: PHPSESSID Value: 4n4runh7h7n698snmpn6kde280 |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
fonts.googleapis.com
fonts.gstatic.com
ireland.apollo.olxcdn.com
wandy.greo.workers.dev
104.17.25.14
172.67.191.213
18.238.80.88
2606:4700:3032::ac43:bfd5
2607:f8b0:4006:807::200a
2607:f8b0:4006:80e::2003
009382b54a6d7c6ca089a826f3071c4939defc0c12580c456e844ddd9bcfbbba
08444f34c9ee0d1f66a9ecd23b2733cb7de615055e0796852687a01e9cfbe60f
21487ec472989c57a3c4822fedb04540f43ab05936fda53a1d8dff1053bee213
31d196afc7bf97b61be0a9881f623b3b8a7b56d4b0c08c6b78c37ce92d7827b2
3728fbdd191d75bad5b83a838dfe2fc15f84c2aaa36ffa573321275847db31a9
495d38d4b9741e8aa4204002414069e2d8db9f3c60b60e195e4d74381462dee9
558930d8c3cb7bf329bbbc37cf9a6b59e0935d9bc4490ae959a279e60684429b
5c2364c3622e3329754cac963cf7a2c99ebd10a8d65b4150ccb2b0d105dfd9d4
5daae2afcd433aaf6600ac8c1201c27bc679d48e1e6f573b6bb480b83695df4f
6237979e7c25add0e1d540e1f4d9152f3439068d71b2e7fa131b8eaea2a7af6e
64a4f191d9e6d2c7ffba3ba3f1129b0127e33b7dad840e21b586aa3ba9ae471a
6a84eeee6a25e7c9a8a03191007a6720566b5a2aa2384d36168fb07f49e97e9e
7bbd0578e02e97fd0b9495026a496d1287bff1020c1617aabd90a3c9520f5abe
846f670c7c115f643229cb6c3c23a9545f73bd25ce11a7779de967834ef7d2b7
8d2b5c99e2f147e97c938e79bca02239e7ddd79b2d4b0e17eb14888258d3af2b
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
dd9cb422502819bef3504e06224173733662c7939ea5beb7b5561a5c2836c3b2
e04922e51324915607a7c8bbb844c0a460d56cd4b4d5ccceb32a0e4c53d5b077
e5bd0c5a33d2dddc672fdf473120da1df6ec94224b9e52886901cd4c60c3a464
e7ba6ffef417d870c48ed9fa1b5b22cd235c1d8b4d866e4923050d9420dd3d09
eba6cf2baae4ef92533a3d612763889678ffde0673819f3ef8ffdda398a73164
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f757879da13692a37185928036489200f01fa98be2392ad5ff287fdff8738ba7
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e