Submitted URL: https://abc22.feed-xml.com/tracking/pc?adid=T1689803368U1671B9BB1DF8E096_702513_796414
Effective URL: https://www1.wmgf.art/18plus.php?click_id={$click_id}&tracker=fallBack&p_id=256004&d_id=359865&a_id=2378837
Submission: On July 19 via api from US — Scanned from GB

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 6 HTTP transactions. The main IP is 108.170.27.42, located in Phoenix, United States and belongs to SSASN2, US. The main domain is www1.wmgf.art.
TLS certificate: Issued by R3 on June 12th 2023. Valid for: 3 months.
This is the only time www1.wmgf.art was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2a0c:5c81:511... 55081 (24SHELLS)
1 4 131.153.42.224 20454 (SSASN2)
3 108.170.27.42 20454 (SSASN2)
6 3
Apex Domain
Subdomains
Transfer
4 pssy.xyz
r.pssy.xyz — Cisco Umbrella Rank: 423002
d.pssy.xyz — Cisco Umbrella Rank: 229583
7 KB
3 wmgf.art
www1.wmgf.art
16 KB
1 feed-xml.com
abc22.feed-xml.com — Cisco Umbrella Rank: 292495
975 B
6 3
Domain Requested by
3 d.pssy.xyz www1.wmgf.art
3 www1.wmgf.art www1.wmgf.art
1 r.pssy.xyz 1 redirects
1 abc22.feed-xml.com 1 redirects
6 4

This site contains no links.

Subject Issuer Validity Valid
wmgf.art
R3
2023-06-12 -
2023-09-10
3 months crt.sh
pssy.xyz
R3
2023-07-13 -
2023-10-11
3 months crt.sh

This page contains 2 frames:

Primary Page: https://www1.wmgf.art/18plus.php?click_id={$click_id}&tracker=fallBack&p_id=256004&d_id=359865&a_id=2378837
Frame ID: 405971FBF257A556870DF54B218C2785
Requests: 6 HTTP requests in this frame

Frame: https://d.pssy.xyz/d/n/iframe?domain=www1.wmgf.art&id=1924405
Frame ID: 044D92130A237C21E94871273A9BE03F
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

## 18+ ##

Page URL History Show full URLs

  1. https://abc22.feed-xml.com/tracking/pc?adid=T1689803368U1671B9BB1DF8E096_702513_796414 HTTP 302
    http://r.pssy.xyz/?source=traffic&id=7885244&position=1&feed_id=2378837&bid=0.000375&signature... HTTP 302
    https://www1.wmgf.art/18plus.php?click_id={$click_id}&tracker=fallBack&p_id=256004&d_id=359865&a_i... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

6
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

4
Subdomains

3
IPs

2
Countries

23 kB
Transfer

67 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://abc22.feed-xml.com/tracking/pc?adid=T1689803368U1671B9BB1DF8E096_702513_796414 HTTP 302
    http://r.pssy.xyz/?source=traffic&id=7885244&position=1&feed_id=2378837&bid=0.000375&signature=5bc307153d6035783a4d608aac4d88c5a375c92b8e2a4b3e946641930042e3a5&s2=00d020d660a1fbcfb54fa6583068d03a718c97ce3b9d8486074e1730dcb46652&vip=88.20.211.26&ua=Mozilla%2F5.0%28Macintosh%3BIntelMacOSX10_15_7%29AppleWebKit%2F537.36%28KHTML%2ClikeGecko%29Chrome%2F114.0.0.0Safari%2F537.36&sip=185.239.173.172&ssid=790562744&cip=88.20.211.26&xrw=&nxrw=1&o_ip=88.20.211.26&pr_tsid=6efa6ae716d5a358f19eeedcc44fce29eb99fd3900f66ae070ec5779b824b983&pr_tsids=b8dd79f159f916d359c25d9e1e61ca4bd43dc9a407ac24b4554b5e394838a025&tracker=198475 HTTP 302
    https://www1.wmgf.art/18plus.php?click_id={$click_id}&tracker=fallBack&p_id=256004&d_id=359865&a_id=2378837 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request 18plus.php
www1.wmgf.art/
Redirect Chain
  • https://abc22.feed-xml.com/tracking/pc?adid=T1689803368U1671B9BB1DF8E096_702513_796414
  • http://r.pssy.xyz/?source=traffic&id=7885244&position=1&feed_id=2378837&bid=0.000375&signature=5bc307153d6035783a4d608aac4d88c5a375c92b8e2a4b3e946641930042e3a5&s2=00d020d660a1fbcfb54fa6583068d03a71...
  • https://www1.wmgf.art/18plus.php?click_id={$click_id}&tracker=fallBack&p_id=256004&d_id=359865&a_id=2378837
8 KB
4 KB
Document
General
Full URL
https://www1.wmgf.art/18plus.php?click_id={$click_id}&tracker=fallBack&p_id=256004&d_id=359865&a_id=2378837
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
108.170.27.42 Phoenix, United States, ASN20454 (SSASN2, US),
Reverse DNS
Software
nginx / PHP/5.4.16
Resource Hash
ac30d8a99aa5ec64a7a21f41aa503fe7395cb7c395bcff6a6b79138971c9f517

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Wed, 19 Jul 2023 21:49:56 GMT
Server
nginx
Transfer-Encoding
chunked
X-Powered-By
PHP/5.4.16

Redirect headers

Access-Control-Allow-Origin
*
Cache-Control
no-cache, must-revalidate, no-transform
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Date
Wed, 19 Jul 2023 21:49:56 GMT
Expires
Tue, 31 Dec 2013 23:59:59 GMT
Location
https://www1.wmgf.art/18plus.php?click_id={$click_id}&tracker=fallBack&p_id=256004&d_id=359865&a_id=2378837
Server
nginx
Transfer-Encoding
chunked
cnitvreveo.php
www1.wmgf.art/
35 KB
11 KB
Script
General
Full URL
https://www1.wmgf.art/cnitvreveo.php
Requested by
Host: www1.wmgf.art
URL: https://www1.wmgf.art/18plus.php?click_id={$click_id}&tracker=fallBack&p_id=256004&d_id=359865&a_id=2378837
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
108.170.27.42 Phoenix, United States, ASN20454 (SSASN2, US),
Reverse DNS
Software
nginx / PHP/5.4.16
Resource Hash
91e6817d47a0a46c00e77a85587c8ccf08877e8114c4cd341ad4fa3c90ed5b9a

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www1.wmgf.art/18plus.php?click_id={$click_id}&tracker=fallBack&p_id=256004&d_id=359865&a_id=2378837
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

Date
Wed, 19 Jul 2023 21:49:56 GMT
Content-Encoding
gzip
Server
nginx
X-Powered-By
PHP/5.4.16
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
max-age=120
Connection
keep-alive
truncated
/
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
226fec78d633cbd16180916ee3033c9c161dee03b64e30e8ef1a156686d3c7d0

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

Content-Type
image/png
/
d.pssy.xyz/d/
14 KB
4 KB
XHR
General
Full URL
https://d.pssy.xyz/d/?resource=bundler&nada=1&widgets=1924405:1&isct=1689803306&rfrr=https://www1.wmgf.art/18plus.php?click_id=175.29.132.91&tracker=chaMan&p_id=&d_id=&a_id=&iscs=MWJmMzBjMTcyMmVlZjIyMWYxNjdkM2NlOTViZTUwMDJhNjFkY2Q4ZWFkNmU0NzY3NzU3MzQzZTU3ODQyZjM2YXwwfDV8MTA4LjE3MC4yNy40MnxNb3ppbGxhLzUuMCAoTGludXg7IEFuZHJvaWQgMTM7IFNNLUc5NjBVIEJ1aWxkL1BQUjEuMTgwNjEwLjAxMSkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExMy4wLjU2NzIuMTYyIE1vYmlsZSBTYWZhcmkvNTM3LjM2fDM0Mjc0NnwxNjg5ODAzMzA2fGliYUhSMGNITTZMeTkzZDNjeExuZHRaMll1WVhKMEx6RTRjR3gxY3k1d2FIQS9ZMnhwWTJ0ZmFXUTlNVGMxTGpJNUxqRXpNaTQ1TVNaMGNtRmphMlZ5UFdOb1lVMWhiaVp3WDJsa1BTWmtYMmxrUFNaaFgybGtQUT09&reqc=1&ver=45b9473d1e557040.1689803306380&page=aHR0cHM6Ly93d3cxLndtZ2YuYXJ0LzE4cGx1cy5waHA_Y2xpY2tfaWQ9eyRjbGlja19pZH0mdHJhY2tlcj1mYWxsQmFjayZwX2lkPTI1NjAwNCZkX2lkPTM1OTg2NSZhX2lkPTIzNzg4Mzc=
Requested by
Host: www1.wmgf.art
URL: https://www1.wmgf.art/cnitvreveo.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
131.153.42.224 Phoenix, United States, ASN20454 (SSASN2, US),
Reverse DNS
Software
nginx / Express
Resource Hash
51358b4cbf5e2903442bcb8ea3dc96740c8d2d5f895db51c8e9b47a9536f9cba

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www1.wmgf.art/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

Date
Wed, 19 Jul 2023 21:49:57 GMT
Content-Encoding
gzip
Server
nginx
X-Powered-By
Express
ETag
W/"37a6-X0CvbeJNMzBPNmtMaFBOXBRN2F4"
Transfer-Encoding
chunked
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://www1.wmgf.art
Access-Control-Allow-Credentials
true
Connection
keep-alive
iframe
d.pssy.xyz/d/n/ Frame 044D
5 KB
2 KB
Document
General
Full URL
https://d.pssy.xyz/d/n/iframe?domain=www1.wmgf.art&id=1924405
Requested by
Host: www1.wmgf.art
URL: https://www1.wmgf.art/18plus.php?click_id={$click_id}&tracker=fallBack&p_id=256004&d_id=359865&a_id=2378837
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
131.153.42.224 Phoenix, United States, ASN20454 (SSASN2, US),
Reverse DNS
Software
nginx / Express
Resource Hash
8887de28483395fc09757b4d903abdc79223a4e343316e41a32b7ab1d1175c97

Request headers

Referer
https://www1.wmgf.art/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=utf-8
Date
Wed, 19 Jul 2023 21:49:57 GMT
ETag
W/"1483-BR2rNJdGfWCgs6ET8N16qywz5m8"
Server
nginx
Transfer-Encoding
chunked
X-Powered-By
Express
cnitvreveo.php
www1.wmgf.art/
2 KB
1 KB
XHR
General
Full URL
https://www1.wmgf.art/cnitvreveo.php?sw
Requested by
Host: www1.wmgf.art
URL: https://www1.wmgf.art/18plus.php?click_id={$click_id}&tracker=fallBack&p_id=256004&d_id=359865&a_id=2378837
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
108.170.27.42 Phoenix, United States, ASN20454 (SSASN2, US),
Reverse DNS
Software
nginx / PHP/5.4.16
Resource Hash
10c56879e71a60114dec53b1c6038800c9a8e2e511bca86beb802b9f08184045

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www1.wmgf.art/18plus.php?click_id={$click_id}&tracker=fallBack&p_id=256004&d_id=359865&a_id=2378837
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

Date
Wed, 19 Jul 2023 21:49:57 GMT
Content-Encoding
gzip
Server
nginx
X-Powered-By
PHP/5.4.16
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
max-age=120
Connection
keep-alive
t.php
d.pssy.xyz/
0
410 B
Image
General
Full URL
https://d.pssy.xyz/t.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
131.153.42.224 Phoenix, United States, ASN20454 (SSASN2, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://www1.wmgf.art/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.98 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Wed, 19 Jul 2023 21:49:58 GMT
Content-Encoding
gzip
Server
nginx
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8

Verdicts & Comments Add Verdict or Comment

57 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| onbeforetoggle object| onscrollend string| VCN boolean| face boolean| face_Url boolean| face_widget_id boolean| face_cookie_name boolean| nativeInjectionPlugs boolean| burst boolean| p_name boolean| p_settings boolean| p_expires boolean| p_widget_id boolean| sn boolean| snId boolean| snCN boolean| ipn boolean| ipnId boolean| tars boolean| vOw function| vOwf boolean| vOwb boolean| vOwbi boolean| vOwv boolean| vOwvi boolean| updates number| updatesId boolean| tnl string| domains_delivery string| conf_delivery_resource_http string| conf_delivery_resource_ws string| nativeInjectionPlugsId string| kodak_moment string| integrationScriptCreatedTimestamp string| rfrr string| integrationTypeAdblockSafe object| Pub2a function| Pub2b undefined| nativeInjectionAd number| _WiState object| pub function| Pub2 function| verGenerate function| getStyle function| handleSignup function| handleNoSignup number| timeleft number| downloadTimer object| body function| FullScreen boolean| isOldTitle string| oldTitle string| newTitle function| changeTitle boolean| pubappended string| key

3 Cookies

Domain/Path Name / Value
.feed-xml.com/ Name: vmuid
Value: 436c9d561ebb8de5
r.pssy.xyz/ Name: woa1quur7O
Value: 7cbd3e828fe228ddcdeca54ac1efc8381a7698d18e098279e2c6d99f34a6fb3c9b3c236421f67f83fa8736d78cf181a9a37f018bd2e20c07b8662e732ddbfa2c
.pssy.xyz/ Name: guid
Value: 3824c3c0-48be-403b-b9b5-a27d09ff0156

1 Console Messages

Source Level URL
Text
intervention error URL: https://www1.wmgf.art/18plus.php?click_id={$click_id}&tracker=fallBack&p_id=256004&d_id=359865&a_id=2378837(Line 96)
Message:
Blocked call to navigator.vibrate because user hasn't tapped on the frame or any embedded frame yet: https://www.chromestatus.com/feature/5644273861001216.