xweb.wolmif.club
Open in
urlscan Pro
2606:4700:3033::6815:5893
Malicious Activity!
Public Scan
Effective URL: https://xweb.wolmif.club/
Submission: On August 22 via api from US — Scanned from US
Summary
TLS certificate: Issued by GTS CA 1P5 on August 13th 2023. Valid for: 3 months.
This is the only time xweb.wolmif.club was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: WhatsApp (Instant Messenger)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2600:1400:d::... 2600:1400:d::1721:ee13 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
8 | 2606:4700:303... 2606:4700:3033::6815:5893 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 240e:908:8003... 240e:908:8003:1:3::3fe | 137698 (CHINATELE...) (CHINATELECOM-HEILONGJIANG-HANAN-IDC HaerbingHeilongjiang Province) | |
1 | 2606:4700:303... 2606:4700:3030::ac43:d2bd | () () | |
12 | 5 |
ASN137698 (CHINATELECOM-HEILONGJIANG-HANAN-IDC HaerbingHeilongjiang Province, P.R.China., CN)
cdn.staticfile.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
wolmif.club
xweb.wolmif.club |
174 KB |
1 |
anscxnyfrtg.com
17srv.anscxnyfrtg.com |
2 KB |
1 |
staticfile.org
cdn.staticfile.org — Cisco Umbrella Rank: 55793 |
33 KB |
1 |
bing.com
www.bing.com — Cisco Umbrella Rank: 68 |
3 KB |
0 |
whatsapp.com
Failed
web.whatsapp.com Failed |
|
12 | 5 |
Domain | Requested by | |
---|---|---|
8 | xweb.wolmif.club |
www.bing.com
xweb.wolmif.club |
1 | 17srv.anscxnyfrtg.com | |
1 | cdn.staticfile.org |
xweb.wolmif.club
|
1 | www.bing.com | |
0 | web.whatsapp.com Failed |
xweb.wolmif.club
|
12 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
r.bing.com Microsoft RSA TLS CA 01 |
2022-11-15 - 2023-11-15 |
a year | crt.sh |
wolmif.club GTS CA 1P5 |
2023-08-13 - 2023-11-11 |
3 months | crt.sh |
*.staticfile.org GeoTrust RSA CN CA G2 |
2022-09-05 - 2023-10-03 |
a year | crt.sh |
anscxnyfrtg.com GTS CA 1P5 |
2023-08-04 - 2023-11-02 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://xweb.wolmif.club/
Frame ID: 3CA3E745E628DCD2049EAD4951A61ABD
Requests: 12 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://www.bing.com/aclick?ld=e8C-Yvw7Y_W0KJ7XsG2Q9m_zVUCUyYn-dxh_r72zDcg_9CSsM3zkPlqsH5XVwvdRn7... Page URL
- https://xweb.wolmif.club/ Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://www.bing.com/aclick?ld=e8C-Yvw7Y_W0KJ7XsG2Q9m_zVUCUyYn-dxh_r72zDcg_9CSsM3zkPlqsH5XVwvdRn7mLT5u3_O_VMDyJUopu7uT6FIqcXlqr-K6EDx-jyFMeIV57Mqqb3au3ebRggWLpy38LrIkQgVtDD70XD5AYxcjisxw0vTfXoSkrkt_LgujKreyY91jI5BrDJJ8ZSLEsTnnXLxvw&ntb=1&rlid=f7b7b63f912b1fba4856d2e44e0caf77&u=aHR0cHMlM2ElMmYlMmZ4d2ViLndvbG1pZi5jbHVi Page URL
- https://xweb.wolmif.club/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
aclick
www.bing.com/ |
2 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
xweb.wolmif.club/ |
25 KB 10 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
cdn.staticfile.org/jquery/1.10.2/ |
91 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
qrcode.min.js
xweb.wolmif.club/ |
19 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
stylex-ce269a9819ee8f292840728689a22cc5.css
xweb.wolmif.club/WhatsApp_files/ |
175 KB 43 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app-6d34864fd47903428794.css
xweb.wolmif.club/WhatsApp_files/ |
187 KB 57 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main~.b66100b3486cd1857cd3.css
xweb.wolmif.club/WhatsApp_files/ |
21 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.fdf0caa2786c3269572d.css
xweb.wolmif.club/WhatsApp_files/ |
150 KB 30 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
qr-video_0c6ec69b054fdeb31cf3e5e10290fd8e.png
xweb.wolmif.club/WhatsApp_files/ |
16 KB 16 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
binary-transparency-manifest-2.2325.3.json
web.whatsapp.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
main.js
xweb.wolmif.club/ |
19 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
e05ab61a-6bac-4144-9b0d-17ce6100e397.png
17srv.anscxnyfrtg.com/qrcodes/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- web.whatsapp.com
- URL
- https://web.whatsapp.com/binary-transparency-manifest-2.2325.3.json
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: WhatsApp (Instant Messenger)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.bing.com/ | Name: _EDGE_S Value: F=1&SID=3985B836096962702B32AB43081B63C5 |
|
.bing.com/ | Name: _EDGE_V Value: 1 |
|
.bing.com/ | Name: MUID Value: 271698DEF112612F3ECB8BABF0606017 |
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
17srv.anscxnyfrtg.com
cdn.staticfile.org
web.whatsapp.com
www.bing.com
xweb.wolmif.club
web.whatsapp.com
240e:908:8003:1:3::3fe
2600:1400:d::1721:ee13
2606:4700:3030::ac43:d2bd
2606:4700:3033::6815:5893
0b8a5ff73d8a9e11cd6d9c11381d868581f06786b39387fc16b73ca6cd2207b1
69acbe3d7c92af1a509b7351cabfac35b356c18eef8c9299f5ac354acfdba079
775fafc214e32a36e2a39e694322fed097e37d964c9dce65663655b64492d068
79acde4aa0ad3feafd96271141640066d0c52c050724b13272b1ca3d6930f8d1
89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e
89dbdd093cf0503208450dbfb93af1dca5554859b10ec2350abeb532066bb654
8a636dbd66666f13902713e7bc7d2e1cab497b299f533495759a2c68c459c5a4
c541ef06327885a8415bca8df6071e14189b4855336def4f36db54bde8484f36
d980ab372658f4c7c8f07d730ef6dc67e3fb3471f37928274f915c0308850994