olx.moe Open in urlscan Pro
95.181.158.9  Malicious Activity! Public Scan

2 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request 1959089109 Show response olx.moe/f2f/	11 KB 3 KB	914ms 527ms	Document text/html	95.181.158.9 QWARTA
General Check archive.org Show headers Download Go to Full URL https://olx.moe/f2f/1959089109 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 95.181.158.9 , Russian Federation, ASN50214 (QWARTA, RU), Reverse DNS localhost.net Software my-server / Resource Hash b024cd4a235c0df2cb6411c6f223f07dab2f7e26201d8a0a19fc7f47da186045 Request headers :method GET :authority olx.moe :scheme https :path /f2f/1959089109 pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 16 Mar 2021 08:32:39 GMT content-type text/html; charset=UTF-8 content-length 3010 expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 pragma no-cache set-cookie PHPSESSID=c24hg48md6oevv2lbi9pj7fau0; path=/ vary X-FORWARDED-PROTO,Accept-Encoding content-encoding gzip server my-server
GET H2	200	css olx.moe/assets/css/	26 KB 1 KB	334ms 333ms	Stylesheet application/octet-stream	95.181.158.9 QWARTA
General Check archive.org Show headers Download Go to Full URL https://olx.moe/assets/css/css Requested by Host: olx.moe URL: https://olx.moe/f2f/1959089109 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 95.181.158.9 , Russian Federation, ASN50214 (QWARTA, RU), Reverse DNS localhost.net Software my-server / Resource Hash 08da1b8d71bcfc3909ac356c0939dd793c7a9d5cc47aa598994c4a7774b033d9 Request headers Referer https://olx.moe/f2f/1959089109 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 16 Mar 2021 08:32:39 GMT content-encoding gzip last-modified Wed, 27 Jan 2021 21:21:00 GMT server my-server etag W/"6011d93c-69fd" content-type application/octet-stream
GET H2	200	ultra.css olx.moe/assets/css/	500 KB 70 KB	64ms 64ms	Stylesheet text/css	95.181.158.9 QWARTA
General Check archive.org Show headers Download Go to Full URL https://olx.moe/assets/css/ultra.css Requested by Host: olx.moe URL: https://olx.moe/f2f/1959089109 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 95.181.158.9 , Russian Federation, ASN50214 (QWARTA, RU), Reverse DNS localhost.net Software my-server / Resource Hash 950b1c07dd96de4ae42cd06f0d3b8bb65a0301e0a597288adec661d0af2e4c18 Request headers Referer https://olx.moe/f2f/1959089109 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 16 Mar 2021 08:32:39 GMT content-encoding br last-modified Wed, 27 Jan 2021 21:21:00 GMT server my-server etag W/"6011d93c-7d199" content-type text/css
GET H2	200	jquery.min.js Show response ajax.googleapis.com/ajax/libs/jquery/1.9.1/	90 KB 32 KB	7ms 7ms	Script text/javascript	2a00:1450:4001:811::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js Requested by Host: olx.moe URL: https://olx.moe/f2f/1959089109 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://olx.moe/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 16 Mar 2021 08:30:07 GMT content-encoding gzip x-content-type-options nosniff age 152 cross-origin-resource-policy cross-origin alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 33018 x-xss-protection 0 last-modified Tue, 03 Mar 2020 19:15:00 GMT server sffe vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=2592000 accept-ranges bytes timing-allow-origin * expires Wed, 16 Mar 2022 08:30:07 GMT
GET H2	200	OLX.png olx.moe/assets/img/	28 KB 27 KB	65ms 64ms	Image image/png	95.181.158.9 QWARTA
General Check archive.org Show headers Download Go to Show image Full URL https://olx.moe/assets/img/OLX.png Requested by Host: olx.moe URL: https://olx.moe/f2f/1959089109 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 95.181.158.9 , Russian Federation, ASN50214 (QWARTA, RU), Reverse DNS localhost.net Software my-server / Resource Hash 9dc6600b6014562cb88b026cafe5d32280552deda9a1e8adcbf0570302dc9232 Request headers Referer https://olx.moe/f2f/1959089109 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 16 Mar 2021 08:32:39 GMT content-encoding gzip last-modified Wed, 27 Jan 2021 21:21:00 GMT server my-server etag W/"6011d93c-6fe3" content-type image/png
GET H2	200	image;s=1000x700 ireland.apollo.olxcdn.com/v1/files/a0sp8f7hz14e1-PL/	137 KB 137 KB	137ms 60ms	Image image/webp	13.226.159.115 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://ireland.apollo.olxcdn.com/v1/files/a0sp8f7hz14e1-PL/image;s=1000x700 Requested by Host: olx.moe URL: https://olx.moe/f2f/1959089109 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.226.159.115 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-226-159-115.dus51.r.cloudfront.net Software / Resource Hash a7c8ca0f110c789adefc94fb7bdc0b80ba60d34d017824ec4776bdb92c3a6434 Request headers Referer https://olx.moe/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Sat, 13 Mar 2021 16:51:17 GMT via 1.1 8ad073ef904d92431b3428f3430707af.cloudfront.net (CloudFront) last-modified Sat, 13 Mar 2021 16:51:17 GMT age 229283 x-trace d4b85d50-012e-4985-987e-f4424d57a481 etag "a0sp8f7hz14e1-PL" access-control-allow-methods GET, OPTIONS content-type image/webp access-control-allow-origin * cache-control public,max-age=604800 x-cache Hit from cloudfront x-amz-cf-pop DUS51-C1 content-length 139968 x-amz-cf-id n5GIdWX72gq2CdpvZqAUBFCTmryERw3mL2RwJzzzYGyBQD_C24cjSA==
GET H2	200	shield.svg olx.moe/assets/img/	4 KB 1 KB	62ms 61ms	Image image/svg+xml	95.181.158.9 QWARTA
General Check archive.org Show headers Download Go to Show image Full URL https://olx.moe/assets/img/shield.svg Requested by Host: olx.moe URL: https://olx.moe/f2f/1959089109 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 95.181.158.9 , Russian Federation, ASN50214 (QWARTA, RU), Reverse DNS localhost.net Software my-server / Resource Hash ef22b8a0a2246874da565962204b44fce483accb1e723c0d5c3ad2a4005c114c Request headers Referer https://olx.moe/f2f/1959089109 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 16 Mar 2021 08:32:40 GMT content-encoding gzip last-modified Wed, 27 Jan 2021 21:21:00 GMT server my-server etag W/"6011d93c-e70" content-type image/svg+xml
GET H2	200	ac83mcP.png i.imgur.com/	27 KB 28 KB	99ms 32ms	Image image/png	151.101.112.193 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://i.imgur.com/ac83mcP.png Requested by Host: olx.moe URL: https://olx.moe/assets/css/ultra.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 151.101.112.193 Frankfurt am Main, Germany, ASN54113 (FASTLY, US), Reverse DNS Software cat factory 1.0 / Resource Hash 376d7167fc8be8c9744b35b7133e9f64c9de89dee3761ce0057587ce50e9ae55 Security Headers Name Value Strict-Transport-Security max-age=300 X-Content-Type-Options nosniff Request headers Referer https://olx.moe/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 16 Mar 2021 08:32:40 GMT x-content-type-options nosniff age 3530664 x-cache HIT, HIT content-length 28100 x-served-by cache-bwi5127-BWI, cache-hhn4058-HHN last-modified Tue, 26 May 2020 09:21:53 GMT server cat factory 1.0 x-timer S1615883560.109713,VS0,VE1 etag "fc75541e0cc1e1009ea9138203bf0b95" strict-transport-security max-age=300 access-control-allow-methods GET, OPTIONS content-type image/png access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes x-cache-hits 1, 1
GET H2	404	opensans-bold.8dd1fb.woff olx.moe/build/fonts/	0 0	62ms 61ms	Font text/html	95.181.158.9 QWARTA
General Check archive.org Show headers Download Go to Full URL https://olx.moe/build/fonts/opensans-bold.8dd1fb.woff Requested by Host: olx.moe URL: https://olx.moe/assets/css/ultra.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 95.181.158.9 , Russian Federation, ASN50214 (QWARTA, RU), Reverse DNS localhost.net Software my-server / Resource Hash Request headers Origin https://olx.moe Referer https://olx.moe/assets/css/ultra.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 16 Mar 2021 08:32:40 GMT content-encoding br last-modified Sun, 14 Feb 2021 12:30:27 GMT server my-server etag W/"328-5bb4b08c7bd43" content-type text/html; charset=utf8
GET H2	200	opensans-regular.552ea4.woff olx.moe/build/fonts/	110 KB 88 KB	69ms 64ms	Font font/woff	95.181.158.9 QWARTA
General Check archive.org Show headers Download Go to Full URL https://olx.moe/build/fonts/opensans-regular.552ea4.woff Requested by Host: olx.moe URL: https://olx.moe/assets/css/ultra.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 95.181.158.9 , Russian Federation, ASN50214 (QWARTA, RU), Reverse DNS localhost.net Software my-server / Resource Hash 324f0c65f646d99cccc7eb6840b0ed12b55e6ea7698a7045cd1dc9397baaeca9 Request headers Origin https://olx.moe Referer https://olx.moe/assets/css/ultra.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 16 Mar 2021 08:32:40 GMT content-encoding gzip last-modified Wed, 27 Jan 2021 21:21:00 GMT server my-server etag W/"6011d93c-1b6f0" content-type font/woff
GET H2	200	opensans-semibold.1d8cbd.woff olx.moe/build/fonts/	112 KB 90 KB	145ms 140ms	Font font/woff	95.181.158.9 QWARTA
General Check archive.org Show headers Download Go to Full URL https://olx.moe/build/fonts/opensans-semibold.1d8cbd.woff Requested by Host: olx.moe URL: https://olx.moe/assets/css/ultra.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 95.181.158.9 , Russian Federation, ASN50214 (QWARTA, RU), Reverse DNS localhost.net Software my-server / Resource Hash 97ac7cdc69f85fa4a230c8e616f9dc5f644c1c2b92a9cb83003c1f024c5a3eec Request headers Origin https://olx.moe Referer https://olx.moe/assets/css/ultra.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 16 Mar 2021 08:32:40 GMT content-encoding gzip last-modified Wed, 27 Jan 2021 21:21:00 GMT server my-server etag W/"6011d93c-1c034" content-type font/woff
GET H2	404	opensans-bold.f5331c.ttf olx.moe/build/fonts/	0 0	269ms 268ms	Font text/html	95.181.158.9 QWARTA
General Check archive.org Show headers Download Go to Full URL https://olx.moe/build/fonts/opensans-bold.f5331c.ttf Requested by Host: olx.moe URL: https://olx.moe/assets/css/ultra.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 95.181.158.9 , Russian Federation, ASN50214 (QWARTA, RU), Reverse DNS localhost.net Software my-server / Resource Hash Request headers Origin https://olx.moe Referer https://olx.moe/assets/css/ultra.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Response headers date Tue, 16 Mar 2021 08:32:40 GMT content-encoding br last-modified Sun, 14 Feb 2021 12:30:27 GMT server my-server etag W/"328-5bb4b08c7bd43" content-type text/html; charset=utf8

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: OLX Group (E-commerce)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			olx.moe/	1969-12-31 23:59:59	Name: PHPSESSID Value: c24hg48md6oevv2lbi9pj7fau0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
i.imgur.com
ireland.apollo.olxcdn.com
olx.moe
13.226.159.115
151.101.112.193
2a00:1450:4001:811::200a
95.181.158.9
08da1b8d71bcfc3909ac356c0939dd793c7a9d5cc47aa598994c4a7774b033d9
324f0c65f646d99cccc7eb6840b0ed12b55e6ea7698a7045cd1dc9397baaeca9
376d7167fc8be8c9744b35b7133e9f64c9de89dee3761ce0057587ce50e9ae55
950b1c07dd96de4ae42cd06f0d3b8bb65a0301e0a597288adec661d0af2e4c18
97ac7cdc69f85fa4a230c8e616f9dc5f644c1c2b92a9cb83003c1f024c5a3eec
9dc6600b6014562cb88b026cafe5d32280552deda9a1e8adcbf0570302dc9232
a7c8ca0f110c789adefc94fb7bdc0b80ba60d34d017824ec4776bdb92c3a6434
b024cd4a235c0df2cb6411c6f223f07dab2f7e26201d8a0a19fc7f47da186045
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
ef22b8a0a2246874da565962204b44fce483accb1e723c0d5c3ad2a4005c114c