guisong-2.pages.dev
Open in
urlscan Pro
2606:4700:310c::ac42:2ca1
Malicious Activity!
Public Scan
Submitted URL: http://guisong-2.pages.dev/
Effective URL: https://guisong-2.pages.dev/
Submission Tags: threatview.io malwar3ninja rule: suspected phishing scam automated-submission Search All
Submission: On November 18 via api from DE — Scanned from DE
Effective URL: https://guisong-2.pages.dev/
Submission Tags: threatview.io malwar3ninja rule: suspected phishing scam automated-submission Search All
Submission: On November 18 via api from DE — Scanned from DE
Summary
This website contacted 4 IPs
in 2 countries
across 2 domains to perform 21 HTTP transactions.
The main IP is 2606:4700:310c::ac42:2ca1, located in
United States and
belongs to CLOUDFLARENET, US.
The main domain is guisong-2.pages.dev.
TLS certificate: Issued by WE1 on November 15th 2024. Valid for: 3 months.
This is the only time guisong-2.pages.dev was scanned on urlscan.io!
TLS certificate: Issued by WE1 on November 15th 2024. Valid for: 3 months.
This is the only time guisong-2.pages.dev was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Cloudflare (Online)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 6 | 2606:4700:310... 2606:4700:310c::ac42:2ca1 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 14 | 43.152.28.111 43.152.28.111 | 139341 (ACE-AS-AP...) (ACE-AS-AP ACE) | |
| 2 | 43.159.26.129 43.159.26.129 | 132203 (TENCENT-N...) (TENCENT-NET-AP-CN Tencent Building) | |
| 21 | 4 |
2
43.159.26.129
(Singapore)
ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN)
ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN)
| support.wechat.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 16 |
wechat.com
newres.wechat.com — Cisco Umbrella Rank: 476052 support.wechat.com — Cisco Umbrella Rank: 349805 |
362 KB |
| 6 |
pages.dev
1 redirects
guisong-2.pages.dev |
14 KB |
| 21 | 2 |
| Domain | Requested by | |
|---|---|---|
| 14 | newres.wechat.com |
guisong-2.pages.dev
newres.wechat.com |
| 6 | guisong-2.pages.dev |
1 redirects
guisong-2.pages.dev
|
| 2 | support.wechat.com |
guisong-2.pages.dev
|
| 21 | 3 |
This site contains links to these domains. Also see Links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| guisong-2.pages.dev WE1 |
2024-11-15 - 2025-02-13 |
3 months | crt.sh |
| *.wechat.com DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1 |
2024-07-30 - 2025-07-29 |
a year | crt.sh |
| comm.weixin.qq.com DigiCert Secure Site CN CA G3 |
2024-07-30 - 2025-06-04 |
10 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://guisong-2.pages.dev/
Frame ID: 9E96CB82BD0BAE41528826592578EEE2
Requests: 22 HTTP requests in this frame
Screenshot
Page Title
WeChat - Kostenloses Nachrichten- und Anruf-AppPage URL History Show full URLs
-
http://guisong-2.pages.dev/
HTTP 307
https://guisong-2.pages.dev/ Page URL
-
https://guisong-2.pages.dev/cdn-cgi/phish-bypass?atok=sjZYPFHsbH1mxdccgqoDflCkb2uWoveEtsZtAu.9Wt4-173191...
HTTP 301
https://guisong-2.pages.dev/ Page URL
Detected technologies
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
16 Outgoing links
These are links going to different origins than the main page.
URL: https://itunes.apple.com/us/app/wechat/id414478124?mt=8
Search URL Search Domain Scan URL
URL: https://play.google.com/store/apps/details?id=com.tencent.mm&referrer=utm_source%3Dwechat.com%26utm_medium%3Ddesktop
Title: Google Play
Title: Google Play
Search URL Search Domain Scan URL
URL: https://weixin.qq.com/
Title: Weixin Version
Title: Weixin Version
Search URL Search Domain Scan URL
URL: https://apps.apple.com/us/app/wechat/id836500024
Search URL Search Domain Scan URL
URL: https://apps.microsoft.com/store/detail/XPFCKBRNFZQ62G?hl=en
Search URL Search Domain Scan URL
URL: http://help.wechat.com/cgi-bin/micromsg-bin/oshelpcenter?opcode=2&lang=en&plat=android&id=1703037JBzqu1703037vue22&Channel=WeChatOfficialWebsite
Title: Erste Schritte
Title: Erste Schritte
Search URL Search Domain Scan URL
URL: http://blog.wechat.com/
Title: Neuheiten
Title: Neuheiten
Search URL Search Domain Scan URL
URL: http://help.wechat.com/oshelpcenter/?lang=de&Channel=helpcenter
Title: Hilfecenter
Title: Hilfecenter
Search URL Search Domain Scan URL
URL: https://safety.wechat.com/
Title: Sicherheitscenter
Title: Sicherheitscenter
Search URL Search Domain Scan URL
URL: https://open.weixin.qq.com/
Title: Plattform
Title: Plattform
Search URL Search Domain Scan URL
URL: https://pay.weixin.qq.com/index.php/public/wechatpay/home
Title: Weixin Pay
Title: Weixin Pay
Search URL Search Domain Scan URL
URL: https://pay.wechat.com/zh_hk/index.shtml
Title: WeChat Pay HK
Title: WeChat Pay HK
Search URL Search Domain Scan URL
URL: https://pay.wechat.com/en_my/index.html
Title: WeChat Pay Malaysia
Title: WeChat Pay Malaysia
Search URL Search Domain Scan URL
URL: https://www.wechat.com/
Title: WeChat
Title: WeChat
Search URL Search Domain Scan URL
URL: https://www.facebook.com/wechatapp
Search URL Search Domain Scan URL
URL: https://twitter.com/#!/wechatapp
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://guisong-2.pages.dev/
HTTP 307
https://guisong-2.pages.dev/ Page URL
-
https://guisong-2.pages.dev/cdn-cgi/phish-bypass?atok=sjZYPFHsbH1mxdccgqoDflCkb2uWoveEtsZtAu.9Wt4-1731910517-0.0.1.1-%2F
HTTP 301
https://guisong-2.pages.dev/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://guisong-2.pages.dev/ HTTP 307
- https://guisong-2.pages.dev/
21 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H3 |
/
guisong-2.pages.dev/ Redirect Chain
|
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
cf.errors.css
guisong-2.pages.dev/cdn-cgi/styles/ |
23 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
icon-exclamation.png
guisong-2.pages.dev/cdn-cgi/images/ |
452 B 635 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
favicon.ico
guisong-2.pages.dev/ |
15 KB 3 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H3 |
Primary Request
/
guisong-2.pages.dev/ Redirect Chain
|
10 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
46172cee66bf4f26d72091b7741b1a7e.css
newres.wechat.com/t/wx_fed/base/wechat/wechat-main-page/wechat-main-page-oversea-new/res/static/css/ |
10 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
1-MVNBf.png
newres.wechat.com/t/wx_fed/base/wechat/wechat-main-page/wechat-main-page-oversea-new/res/static/img/ |
164 KB 164 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
1g86NjO.png
newres.wechat.com/t/wx_fed/base/wechat/wechat-main-page/wechat-main-page-oversea-new/res/static/img/ |
15 KB 15 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.min.js
newres.wechat.com/t/wx_fed/cdn_libs/res/jquery/1.7.2/ |
93 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
260 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
index_f89dbf8.js
newres.wechat.com/t/wx_fed/base/wechat/wechat-main-page/wechat-main-page-oversea-new/res/static/js/ |
95 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
3cBQnDI.jpg
newres.wechat.com/t/wx_fed/base/wechat/wechat-main-page/wechat-main-page-oversea-new/res/static/img/ |
90 KB 91 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
3ou3PnG.png
newres.wechat.com/t/wx_fed/base/wechat/wechat-main-page/wechat-main-page-oversea-new/res/static/img/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
3MmDWEv.png
newres.wechat.com/t/wx_fed/base/wechat/wechat-main-page/wechat-main-page-oversea-new/res/static/img/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
uq8YAlZ.png
newres.wechat.com/t/wx_fed/base/wechat/wechat-main-page/wechat-main-page-oversea-new/res/static/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
u7U1PY3.png
newres.wechat.com/t/wx_fed/base/wechat/wechat-main-page/wechat-main-page-oversea-new/res/static/img/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
2d9odS_.png
newres.wechat.com/t/wx_fed/base/wechat/wechat-main-page/wechat-main-page-oversea-new/res/static/img/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
1TQxEzr.png
newres.wechat.com/t/wx_fed/base/wechat/wechat-main-page/wechat-main-page-oversea-new/res/static/img/ |
292 B 531 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
1on3CPc.png
newres.wechat.com/t/wx_fed/base/wechat/wechat-main-page/wechat-main-page-oversea-new/res/static/img/ |
769 B 1013 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
reportforweb
support.wechat.com/cgi-bin/mmsupport-bin/ |
0 26 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
reportforweb
support.wechat.com/cgi-bin/mmsupport-bin/ |
0 20 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
NTI4MWU5.ico
newres.wechat.com/t/fed_upload/25d133b0-63d9-4102-857c-5cc84c752232/ |
827 B 1 KB |
Other
image/vnd.microsoft.icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Cloudflare (Online)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery function| _1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| .guisong-2.pages.dev/ | Name: __cf_mw_byp Value: sjZYPFHsbH1mxdccgqoDflCkb2uWoveEtsZtAu.9Wt4-1731910517-0.0.1.1-/ |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
guisong-2.pages.dev
newres.wechat.com
support.wechat.com
2606:4700:310c::ac42:2ca1
43.152.28.111
43.159.26.129
0b253aef5e474cce4bab6a0cbe67145d6ce2625b4ad45f737dc1a5a19972b25e
0fb170f24675c84f8228ad6b61d69bf6705030949cc2fec316b3a006eab282f8
18ede824b7d5c69d433082289d017feb88145e1d37d81b91e14ba17da35fac2a
30e61aafd210c9811c2ccd56d7dfffca753922892e1f74c3c87e99c7755b37a0
383ffabc2acede3e97f1106deb3a54f46ba13b5766a3dc515e3d1d852ab12823
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
999ac1a2b60d99e6f84189f2490555d5354002474f5cc257653d1a1f088e7019
9f3619f7fb23d72c6c88e1d9cc222828a42a4335692d6784e38075dca445359a
a62d7d84bd02b1718106d294d1f2c8387f9967239696c1e8b446201b63f34dc7
b2776425c088d2b7fe3af7f31de3f1d6b53e700414000e67e9579e022dd8d70b
b892b1299d03ba635ef48036cfbbecdb3bc5cb9101dc26a823ed721aaa701a78
bdae8284141567888d1be53d094325242dfec516845a7f87d47b6fd93f736864
bdf6f9a5259b321625a79bdaf405530e7ec53999c30205b9a159a838a1c03595
d4f8bf01169ac0bda2b5b45c28acac527b1bb5dde66aa012ef123640d2e384cc
d8ebb902b541cae5eedb3a5bf67aa464261c040341ed58bb20118fa951657fb2
dc56657604da88181fe70fd1de45f53da88b99ad5d7e38eed627a4c04a85dc51
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
f5b03e2d8e09b423315d2700a47327be8464747c01cb2d6014afa87cfe86d893
f6f8922330d3eccddfb7d9e8598094f0096b3798075eca5f7a4c1cbc0ecb278c
ff8c7c36fc5b565b5aadde6371ed98674def40ca5693c30d8241e332c9b21aed