xweb.wolmif.club Open in urlscan Pro
2606:4700:3033::6815:5893 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.bing.com/aclick?ld=e8C-Yvw7Y_W0KJ7XsG2Q9m_zVUCUyYn-dxh_r72zDcg_9CSsM3zkPlqsH5XVwvdRn7mLT5u3_O_VMDyJUopu7u...
Effective URL:
https://xweb.wolmif.club/
Submission: On August 22 via api (August 22nd 2023, 9:08:25 pm UTC) from US — Scanned from US

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 5 domains to perform 12 HTTP transactions. The main IP is 2606:4700:3033::6815:5893, located in United States and belongs to CLOUDFLARENET, US. The main domain is xweb.wolmif.club.
TLS certificate: Issued by GTS CA 1P5 on August 13th 2023. Valid for: 3 months.

This is the only time xweb.wolmif.club was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: WhatsApp (Instant Messenger)

Domain & IP information

	IP Address	AS Autonomous System
1	2600:1400:d::... 2600:1400:d::1721:ee13	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
8	2606:4700:303... 2606:4700:3033::6815:5893	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	240e:908:8003... 240e:908:8003:1:3::3fe	137698 (CHINATELE...) (CHINATELECOM-HEILONGJIANG-HANAN-IDC HaerbingHeilongjiang Province)
1	2606:4700:303... 2606:4700:3030::ac43:d2bd	() ()
12	5

1 2600:1400:d::1721:ee13 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)

www.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700:3033::6815:5893 (United States)

ASN13335 (CLOUDFLARENET, US)

xweb.wolmif.club	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 240e:908:8003:1:3::3fe (China)

ASN137698 (CHINATELECOM-HEILONGJIANG-HANAN-IDC HaerbingHeilongjiang Province, P.R.China., CN)

cdn.staticfile.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3030::ac43:d2bd (None, )

ASN- ()

17srv.anscxnyfrtg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	wolmif.club xweb.wolmif.club	174 KB
1	anscxnyfrtg.com 17srv.anscxnyfrtg.com	2 KB
1	staticfile.org cdn.staticfile.org — Cisco Umbrella Rank: 55793	33 KB
1	bing.com www.bing.com — Cisco Umbrella Rank: 68	3 KB
0	whatsapp.com Failed web.whatsapp.com Failed
12	5

	Domain	Requested by
8	xweb.wolmif.club	www.bing.com xweb.wolmif.club
1	17srv.anscxnyfrtg.com
1	cdn.staticfile.org	xweb.wolmif.club
1	www.bing.com
0	web.whatsapp.com Failed	xweb.wolmif.club
12	5

This site contains no links.

Subject Issuer	Validity	Valid
r.bing.com Microsoft RSA TLS CA 01	`2022-11-15` - `2023-11-15`	a year	crt.sh
wolmif.club GTS CA 1P5	`2023-08-13` - `2023-11-11`	3 months	crt.sh
*.staticfile.org GeoTrust RSA CN CA G2	`2022-09-05` - `2023-10-03`	a year	crt.sh
anscxnyfrtg.com GTS CA 1P5	`2023-08-04` - `2023-11-02`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://xweb.wolmif.club/
Frame ID: 3CA3E745E628DCD2049EAD4951A61ABD
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://www.bing.com/aclick?ld=e8C-Yvw7Y_W0KJ7XsG2Q9m_zVUCUyYn-dxh_r72zDcg_9CSsM3zkPlqsH5XVwvdRn7... Page URL
https://xweb.wolmif.club/ Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

12
Requests

92 %
HTTPS

100 %
IPv6

5
Domains

5
Subdomains

5
IPs

2
Countries

212 kB
Transfer

707 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.bing.com/aclick?ld=e8C-Yvw7Y_W0KJ7XsG2Q9m_zVUCUyYn-dxh_r72zDcg_9CSsM3zkPlqsH5XVwvdRn7mLT5u3_O_VMDyJUopu7uT6FIqcXlqr-K6EDx-jyFMeIV57Mqqb3au3ebRggWLpy38LrIkQgVtDD70XD5AYxcjisxw0vTfXoSkrkt_LgujKreyY91jI5BrDJJ8ZSLEsTnnXLxvw&ntb=1&rlid=f7b7b63f912b1fba4856d2e44e0caf77&u=aHR0cHMlM2ElMmYlMmZ4d2ViLndvbG1pZi5jbHVi Page URL
https://xweb.wolmif.club/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	aclick www.bing.com/	2 KB 3 KB	144ms 71ms	Document text/html	2600:1400:d::1721:ee13 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://www.bing.com/aclick?ld=e8C-Yvw7Y_W0KJ7XsG2Q9m_zVUCUyYn-dxh_r72zDcg_9CSsM3zkPlqsH5XVwvdRn7mLT5u3_O_VMDyJUopu7uT6FIqcXlqr-K6EDx-jyFMeIV57Mqqb3au3ebRggWLpy38LrIkQgVtDD70XD5AYxcjisxw0vTfXoSkrkt_LgujKreyY91jI5BrDJJ8ZSLEsTnnXLxvw&ntb=1&rlid=f7b7b63f912b1fba4856d2e44e0caf77&u=aHR0cHMlM2ElMmYlMmZ4d2ViLndvbG1pZi5jbHVi Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2600:1400:d::1721:ee13 New York, United States, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 accept-language en-US,en;q=0.9 Response headers accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version alt-svc h3=":443"; ma=93600 cache-control no-store content-length 1945 content-type text/html; charset=UTF-8 date Tue, 22 Aug 2023 21:07:48 GMT expires Fri, 01 Jan 1990 00:00:00 GMT p3p CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo pragma no-cache referrer-policy origin x-cdn-traceid 0.0fee2117.1692738468.1d81944a x-msedge-ref Ref A: 4A5C283DDFE045FC95047BA841233090 Ref B: EWR30EDGE0817 Ref C: 2023-08-22T21:07:48Z
GET H2	200	Primary Request / Show response xweb.wolmif.club/	25 KB 10 KB	248ms 155ms	Document text/html	2606:4700:3033::6815:5893 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xweb.wolmif.club/ Requested by Host: www.bing.com URL: https://www.bing.com/aclick?ld=e8C-Yvw7Y_W0KJ7XsG2Q9m_zVUCUyYn-dxh_r72zDcg_9CSsM3zkPlqsH5XVwvdRn7mLT5u3_O_VMDyJUopu7uT6FIqcXlqr-K6EDx-jyFMeIV57Mqqb3au3ebRggWLpy38LrIkQgVtDD70XD5AYxcjisxw0vTfXoSkrkt_LgujKreyY91jI5BrDJJ8ZSLEsTnnXLxvw&ntb=1&rlid=f7b7b63f912b1fba4856d2e44e0caf77&u=aHR0cHMlM2ElMmYlMmZ4d2ViLndvbG1pZi5jbHVi Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::6815:5893 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0b8a5ff73d8a9e11cd6d9c11381d868581f06786b39387fc16b73ca6cd2207b1` Request headers Referer https://www.bing.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 accept-language en-US,en;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 7fae1665ceafc44f-EWR content-encoding br content-type text/html date Tue, 22 Aug 2023 21:07:48 GMT last-modified Sat, 19 Aug 2023 06:50:52 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T0DyZL0vNlresAMUqMYwX31JGoSr3lM%2B6fOgy7Tgmw74htBnJuOc%2FZRWT6ZnQmKXNp1prHDbK8iF4kqBqLjZ2C4KuVvVakS5NBaqOoDUU7LGyEl7qrDunFAkxH%2FHSCq2bueXeLqsv2VrKYd0In7p"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H/1.1	200 OK	jquery.min.js Show response cdn.staticfile.org/jquery/1.10.2/	91 KB 33 KB	4097ms 2616ms	Script application/javascript	240e:908:8003:1:3::3fe CHINATELECOM-HEIL...
General Check archive.org Show headers Download Go to Full URL https://cdn.staticfile.org/jquery/1.10.2/jquery.min.js Requested by Host: xweb.wolmif.club URL: https://xweb.wolmif.club/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 240e:908:8003:1:3::3fe , China, ASN137698 (CHINATELECOM-HEILONGJIANG-HANAN-IDC HaerbingHeilongjiang Province, P.R.China., CN), Reverse DNS Software Tengine / Resource Hash `89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e` Request headers accept-language en-US,en;q=0.9 Referer https://xweb.wolmif.club/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers X-Log X-Log Date Tue, 22 Aug 2023 16:12:15 GMT Via cache52.l2cn3102[46,45,304-0,M], cache4.l2cn3102[47,0], vcache10.cn3465[0,0,200-0,H], vcache26.cn3465[1,0] Content-Encoding gzip X-Svr IO X-Reqid iDYAAAB8a3OKwH0X Age 17735 X-Swift-CacheTime 86400 X-Cache HIT TCP_MEM_HIT dirn:11:256307308 Content-Transfer-Encoding binary Content-Disposition inline; filename="jquery.min.js"; filename=utf-8''jquery.min.js Connection* keep-alive X-Swift-SaveTime Tue, 22 Aug 2023 16:12:15 GMT Content-Length 32989 Last-Modified Tue, 16 Feb 2016 04:22:54 GMT Server Tengine Etag "FuLzYD4jcR9kRvJ4pBHZBWI9ZSAe.gz" Access-Control-Max-Age 2592000 Vary Accept-Encoding Content-Type application/javascript Access-Control-Allow-Origin * Ali-Swift-Global-Savetime 1692720735 Access-Control-Expose-Headers X-Log, X-Reqid Cache-Control public, max-age=31536000 Accept-Ranges bytes X-Qiniu-Zone 0 Timing-Allow-Origin * EagleId 2a65002e16927384705187986e
GET H2	200	qrcode.min.js Show response xweb.wolmif.club/	19 KB 7 KB	21ms 18ms	Script application/javascript	2606:4700:3033::6815:5893 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xweb.wolmif.club/qrcode.min.js Requested by Host: xweb.wolmif.club URL: https://xweb.wolmif.club/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::6815:5893 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `c541ef06327885a8415bca8df6071e14189b4855336def4f36db54bde8484f36` Request headers accept-language en-US,en;q=0.9 Referer https://xweb.wolmif.club/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Tue, 22 Aug 2023 21:07:48 GMT content-encoding br cf-cache-status HIT last-modified Sat, 15 Jul 2023 13:50:51 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 2940 etag W/"64b2a43b-4dd7" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=INlfOBYpb7E3KRyQNDwRLj2SjQZkngXP8%2FoFxhp5BzwXisetz52BXnGaMhN1tJt8deV%2BCTj1sE%2BorgnfLcm2zhmdB66aV1J5o7Q2SOY77qXXOPihBdOtqNtcjRAa5cPxDcJKSBGrgNYWYcbKJcgI"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=43200 cf-ray 7fae1666d846c44f-EWR alt-svc h3=":443"; ma=86400 expires Wed, 23 Aug 2023 08:18:48 GMT
GET H2	200	stylex-ce269a9819ee8f292840728689a22cc5.css xweb.wolmif.club/WhatsApp_files/	175 KB 43 KB	18ms 15ms	Stylesheet text/css	2606:4700:3033::6815:5893 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xweb.wolmif.club/WhatsApp_files/stylex-ce269a9819ee8f292840728689a22cc5.css Requested by Host: xweb.wolmif.club URL: https://xweb.wolmif.club/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::6815:5893 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `775fafc214e32a36e2a39e694322fed097e37d964c9dce65663655b64492d068` Request headers accept-language en-US,en;q=0.9 Referer https://xweb.wolmif.club/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Tue, 22 Aug 2023 21:07:48 GMT content-encoding br cf-cache-status HIT last-modified Sat, 15 Jul 2023 07:33:03 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 2940 etag W/"64b24baf-2bb72" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ig%2F6az8zlswR7ZPybHQpDL20fXXqoj6dfy4%2Fx7FrpnKWjl2XeK19UkjL6fNZSJ7ynf45teel7HZX2ONFpcnae%2Fya2dFC3DteQLd1M1cfaXHAwdb5uS033DOsvj5hvcT9OYQRsoN84M0rvTuTWaFC"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=43200 cf-ray 7fae1666c841c44f-EWR alt-svc h3=":443"; ma=86400 expires Wed, 23 Aug 2023 08:18:48 GMT
GET H2	200	app-6d34864fd47903428794.css xweb.wolmif.club/WhatsApp_files/	187 KB 57 KB	301ms 299ms	Stylesheet text/css	2606:4700:3033::6815:5893 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xweb.wolmif.club/WhatsApp_files/app-6d34864fd47903428794.css Requested by Host: xweb.wolmif.club URL: https://xweb.wolmif.club/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::6815:5893 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `69acbe3d7c92af1a509b7351cabfac35b356c18eef8c9299f5ac354acfdba079` Request headers accept-language en-US,en;q=0.9 Referer https://xweb.wolmif.club/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Tue, 22 Aug 2023 21:07:49 GMT content-encoding br cf-cache-status MISS last-modified Sat, 15 Jul 2023 07:33:01 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"64b24bad-2eab4" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bt50BV6jJrY%2FIFFDYDDpN95AiU%2F1xd5fFhsLGmhnBn%2FXProAwm4DNVKZCUn0HG0JxZUQqygitlphnO%2B4%2BeYQlZCAgVMsOxGJ5xirwjFhchXrtid%2BBqb3LDTMrW0R6yKN609Qpc8yt8xOUQp%2FSWli"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=43200 cf-ray 7fae1666c842c44f-EWR alt-svc h3=":443"; ma=86400 expires Wed, 23 Aug 2023 09:07:49 GMT
GET H2	200	main~.b66100b3486cd1857cd3.css xweb.wolmif.club/WhatsApp_files/	21 KB 5 KB	159ms 157ms	Stylesheet text/css	2606:4700:3033::6815:5893 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xweb.wolmif.club/WhatsApp_files/main~.b66100b3486cd1857cd3.css Requested by Host: xweb.wolmif.club URL: https://xweb.wolmif.club/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::6815:5893 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `8a636dbd66666f13902713e7bc7d2e1cab497b299f533495759a2c68c459c5a4` Request headers accept-language en-US,en;q=0.9 Referer https://xweb.wolmif.club/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Tue, 22 Aug 2023 21:07:49 GMT content-encoding br cf-cache-status MISS last-modified Sat, 15 Jul 2023 07:33:03 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"64b24baf-55b9" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BZAS1s1CSreGEt7QdsQDxOTgrzLSDWacU1%2FIosNZXMBS%2FYoSQqlkhnd1eFMT2nyu%2BB9iXrBYCwgcEnQXrYmXK10Xr4reqFKBMdM4MF73WCutaYOirOa2CGfOWllsa50WAg4O5%2BrzngOxb%2BT7T%2F1F"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=43200 cf-ray 7fae1666d843c44f-EWR alt-svc h3=":443"; ma=86400 expires Wed, 23 Aug 2023 09:07:49 GMT
GET H2	200	main.fdf0caa2786c3269572d.css xweb.wolmif.club/WhatsApp_files/	150 KB 30 KB	236ms 234ms	Stylesheet text/css	2606:4700:3033::6815:5893 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xweb.wolmif.club/WhatsApp_files/main.fdf0caa2786c3269572d.css Requested by Host: xweb.wolmif.club URL: https://xweb.wolmif.club/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::6815:5893 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `79acde4aa0ad3feafd96271141640066d0c52c050724b13272b1ca3d6930f8d1` Request headers accept-language en-US,en;q=0.9 Referer https://xweb.wolmif.club/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Tue, 22 Aug 2023 21:07:49 GMT content-encoding br cf-cache-status MISS last-modified Sat, 15 Jul 2023 07:33:02 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"64b24bae-257df" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hQtAMm0hHO1mJv0O0n6yykCHxWYrxcb7RVsYOYXjTRS%2Fe5r1GZMZssvRKufj7EdIO22RQvTjXZt2FmC3RyfuWr38ySV0WL0E0DanAXqHaoBU4EGCNqAVEiuFXPi9knCV1CdiN4VHPl9kBwpzFtqK"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=43200 cf-ray 7fae1666d844c44f-EWR alt-svc h3=":443"; ma=86400 expires Wed, 23 Aug 2023 09:07:49 GMT
GET H3	200	qr-video_0c6ec69b054fdeb31cf3e5e10290fd8e.png xweb.wolmif.club/WhatsApp_files/	16 KB 16 KB	222ms 221ms	Image image/png	2606:4700:3033::6815:5893 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://xweb.wolmif.club/WhatsApp_files/qr-video_0c6ec69b054fdeb31cf3e5e10290fd8e.png Requested by Host: xweb.wolmif.club URL: https://xweb.wolmif.club/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3033::6815:5893 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d980ab372658f4c7c8f07d730ef6dc67e3fb3471f37928274f915c0308850994` Request headers Referer https://xweb.wolmif.club/ Origin https://xweb.wolmif.club accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Tue, 22 Aug 2023 21:07:49 GMT cf-cache-status MISS last-modified Sat, 15 Jul 2023 07:33:03 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "64b24baf-3f83" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ogQaORwrzupl8JQiyeWgS4H0qdhPd7DJyZd5Rbs%2FGMU30lTNp5OfQJazgV1tl5vq39qrgRWdgXMJhiLtN5fzAcL9RKtEn0IC6LvS8GPnQSiFmlmQeHdq64JUg0%2B7QPwAID0i4kdswzojc8BwWclF"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=2592000 accept-ranges bytes cf-ray 7fae1669af0443be-EWR alt-svc h3=":443"; ma=86400 content-length 16259 expires Thu, 21 Sep 2023 21:07:49 GMT
GET		binary-transparency-manifest-2.2325.3.json web.whatsapp.com/	0 0

GET H3	200	main.js Show response xweb.wolmif.club/	19 KB 6 KB	155ms 155ms	Script application/javascript	2606:4700:3033::6815:5893 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xweb.wolmif.club/main.js?ver=7.15 Requested by Host: xweb.wolmif.club URL: https://xweb.wolmif.club/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3033::6815:5893 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `89dbdd093cf0503208450dbfb93af1dca5554859b10ec2350abeb532066bb654` Request headers accept-language en-US,en;q=0.9 Referer https://xweb.wolmif.club/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Tue, 22 Aug 2023 21:07:49 GMT content-encoding br cf-cache-status MISS last-modified Sat, 19 Aug 2023 06:50:38 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"64e0663e-4d9b" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eX1GuC73Hn2W4roAQ4uBzJmOPUj74zJhS5eiKPA7f0PLaHTY7LAsKF76ZwkqESG4mdHM2VbHGxFRf2l3GJ5ZyTwE8zvWc1XPKIsHhpOGQKkeNDFWrW0V1ebekGQrWMhYGi3ld0M7%2BxN4tzf2vc%2FW"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=43200 cf-ray 7fae1668be0443be-EWR alt-svc h3=":443"; ma=86400 expires Wed, 23 Aug 2023 09:07:49 GMT
GET H3	200	e05ab61a-6bac-4144-9b0d-17ce6100e397.png 17srv.anscxnyfrtg.com/qrcodes/	2 KB 2 KB	482ms 461ms	Image image/png	2606:4700:3030::ac43:d2bd
General Check archive.org Show headers Download Go to Show image Full URL https://17srv.anscxnyfrtg.com/qrcodes/e05ab61a-6bac-4144-9b0d-17ce6100e397.png?1692738504270 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3030::ac43:d2bd -, , ASN (), Reverse DNS Software cloudflare / Express Resource Hash Request headers accept-language en-US,en;q=0.9 Referer https://xweb.wolmif.club/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Tue, 22 Aug 2023 21:08:24 GMT cf-cache-status MISS last-modified Tue, 22 Aug 2023 21:08:10 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by Express etag W/"6b3-18a1f138ed8" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g6m2VTT%2FgjtT2yOisSmzkJVr4YOCzUKD5AK%2Bl0RQXsE1BaNtw6s5Pw8v7ZsB95fyF%2B1QHpM8z5JHL2lk1T0Ow0YkIQe11euD%2B7o%2BycdW5EifS1Tz6CWlplC4zzaaUDMf0%2FxAvznO94nbzT3Ana0Yi5G2Dk8%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=14400 accept-ranges bytes cf-ray 7fae1743de1d4352-EWR alt-svc h3=":443"; ma=86400 content-length 1715

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: web.whatsapp.com
URL: https://web.whatsapp.com/binary-transparency-manifest-2.2325.3.json

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WhatsApp (Instant Messenger)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.bing.com/	1969-12-31 23:59:59	Name: _EDGE_S Value: F=1&SID=3985B836096962702B32AB43081B63C5
.bing.com/	1970-01-20 23:33:54	Name: _EDGE_V Value: 1
.bing.com/	1970-01-20 23:33:54	Name: MUID Value: 271698DEF112612F3ECB8BABF0606017

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://xweb.wolmif.club/ Message: Access to link element resource at 'https://web.whatsapp.com/binary-transparency-manifest-2.2325.3.json' from origin 'https://xweb.wolmif.club' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://web.whatsapp.com/binary-transparency-manifest-2.2325.3.json Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

17srv.anscxnyfrtg.com
cdn.staticfile.org
web.whatsapp.com
www.bing.com
xweb.wolmif.club
web.whatsapp.com
240e:908:8003:1:3::3fe
2600:1400:d::1721:ee13
2606:4700:3030::ac43:d2bd
2606:4700:3033::6815:5893
0b8a5ff73d8a9e11cd6d9c11381d868581f06786b39387fc16b73ca6cd2207b1
69acbe3d7c92af1a509b7351cabfac35b356c18eef8c9299f5ac354acfdba079
775fafc214e32a36e2a39e694322fed097e37d964c9dce65663655b64492d068
79acde4aa0ad3feafd96271141640066d0c52c050724b13272b1ca3d6930f8d1
89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e
89dbdd093cf0503208450dbfb93af1dca5554859b10ec2350abeb532066bb654
8a636dbd66666f13902713e7bc7d2e1cab497b299f533495759a2c68c459c5a4
c541ef06327885a8415bca8df6071e14189b4855336def4f36db54bde8484f36
d980ab372658f4c7c8f07d730ef6dc67e3fb3471f37928274f915c0308850994

xweb.wolmif.club Open in urlscan Pro 2606:4700:3033::6815:5893 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

12 Requests

92 %HTTPS

100 %IPv6

5 Domains

5 Subdomains

5 IPs

2 Countries

212 kBTransfer

707 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

3 Cookies

2 Console Messages

Indicators

xweb.wolmif.club Open in urlscan Pro
2606:4700:3033::6815:5893 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

92 %
HTTPS

100 %
IPv6

5
Domains

5
Subdomains

5
IPs

2
Countries

212 kB
Transfer

707 kB
Size

3
Cookies

12 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!