wenet.site
Open in
urlscan Pro
136.243.252.137
Malicious Activity!
Public Scan
Effective URL: https://wenet.site/wp-content/cana/Login.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=42&id=7340477988&em...
Submission: On January 07 via manual from GB
Summary
TLS certificate: Issued by COMODO RSA Domain Validation Secure S... on April 11th 2018. Valid for: a year.
This is the only time wenet.site was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 162.241.188.178 162.241.188.178 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1 - Unified Layer) | |
3 26 | 136.243.252.137 136.243.252.137 | 24940 (HETZNER-AS) (HETZNER-AS) | |
2 | 2a02:26f0:6c0... 2a02:26f0:6c00:283::35c1 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 2a02:26f0:6c0... 2a02:26f0:6c00:2bf::35c1 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
2 | 2a00:1450:400... 2a00:1450:4001:808::200a | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 | 2606:4700::68... 2606:4700::6813:c497 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
29 | 5 |
ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US)
PTR: bjk.bjkhost.com
xpreshuntv.com.ng |
ASN24940 (HETZNER-AS, DE)
PTR: static.137.252.243.136.clients.your-server.de
wenet.site |
ASN20940 (AKAMAI-ASN1, US)
secure.aadcdn.microsoftonline-p.com |
ASN20940 (AKAMAI-ASN1, US)
secure.aadcdn.microsoftonline-p.com |
ASN15169 (GOOGLE - Google LLC, US)
fonts.googleapis.com | |
ajax.googleapis.com |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
cdnjs.cloudflare.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
26 |
wenet.site
3 redirects
wenet.site |
737 KB |
3 |
microsoftonline-p.com
secure.aadcdn.microsoftonline-p.com |
294 KB |
2 |
googleapis.com
fonts.googleapis.com ajax.googleapis.com |
30 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com |
48 KB |
1 |
xpreshuntv.com.ng
1 redirects
xpreshuntv.com.ng |
346 B |
29 | 5 |
Domain | Requested by | |
---|---|---|
26 | wenet.site |
3 redirects
wenet.site
|
3 | secure.aadcdn.microsoftonline-p.com |
wenet.site
|
1 | cdnjs.cloudflare.com |
wenet.site
|
1 | ajax.googleapis.com |
wenet.site
|
1 | fonts.googleapis.com |
wenet.site
|
1 | xpreshuntv.com.ng | 1 redirects |
29 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.microsoft.com |
privacy.microsoft.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
wenet.site COMODO RSA Domain Validation Secure Server CA |
2018-04-11 - 2019-04-11 |
a year | crt.sh |
secure.aadcdn.microsoftonline-p.com Microsoft IT TLS CA 1 |
2017-08-15 - 2019-08-15 |
2 years | crt.sh |
*.googleapis.com Google Internet Authority G3 |
2018-12-04 - 2019-02-26 |
3 months | crt.sh |
ssl412106.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2 |
2018-09-22 - 2019-03-31 |
6 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://wenet.site/wp-content/cana/Login.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=42&id=7340477988&email=calibration@norfolk.gov.uk
Frame ID: 8F580C469181E61F3ABA36D3AFC04471
Requests: 6 HTTP requests in this frame
Frame:
https://wenet.site/wp-content/cana/data_files/Prefetch.html/
Frame ID: C126E04AD94523199679397D825A020A
Requests: 23 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://xpreshuntv.com.ng/?email=calibration@norfolk.gov.uk
HTTP 302
https://wenet.site/wp-content/cana?email=calibration@norfolk.gov.uk HTTP 301
https://wenet.site/wp-content/cana/?email=calibration@norfolk.gov.uk HTTP 302
https://wenet.site/wp-content/cana/Login.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched... Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Title: Terms of use
Search URL Search Domain Scan URL
Title: Privacy & Cookies
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://xpreshuntv.com.ng/?email=calibration@norfolk.gov.uk
HTTP 302
https://wenet.site/wp-content/cana?email=calibration@norfolk.gov.uk HTTP 301
https://wenet.site/wp-content/cana/?email=calibration@norfolk.gov.uk HTTP 302
https://wenet.site/wp-content/cana/Login.php?websrc=59c275dc2e97dd3b896ed4ff2b82a8fd&dispatched=42&id=7340477988&email=calibration@norfolk.gov.uk Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 3- https://wenet.site/wp-content/cana/data_files/Prefetch.html HTTP 301
- https://wenet.site/wp-content/cana/data_files/Prefetch.html/
29 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
Login.php
wenet.site/wp-content/cana/ Redirect Chain
|
9 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
converged.login.min.css
wenet.site/wp-content/cana/data_files/ |
84 KB 85 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
microsoft_logo.svg
wenet.site/wp-content/cana/data_files/ |
4 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
picker_account_aad.svg
secure.aadcdn.microsoftonline-p.com/ests/2.1.6970.12/content/images/ |
756 B 866 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
wenet.site/wp-content/cana/data_files/Prefetch.html/ Frame C126 Redirect Chain
|
20 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
0-small.jpg
secure.aadcdn.microsoftonline-p.com/ests/2.1.6387.8/content/images/backgrounds/ |
1 KB 1 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
0.jpg
secure.aadcdn.microsoftonline-p.com/ests/2.1.6387.8/content/images/backgrounds/ |
291 KB 292 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
wenet.site/wp-content/themes/spacious/ Frame C126 |
153 KB 153 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.js
wenet.site/wp-includes/js/jquery/ Frame C126 |
95 KB 95 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-migrate.min.js
wenet.site/wp-includes/js/jquery/ Frame C126 |
10 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
js.min.js
wenet.site/wp-content/plugins/kk-star-ratings/ Frame C126 |
4 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon
fonts.googleapis.com/ Frame C126 |
574 B 430 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
%D8%B3%D8%A7%DB%8C%D8%AA-%D8%B3%D8%A7%D8%B2-%D9%88%DB%8C%D9%86%D8%AA.png
wenet.site/wp-content/uploads/2018/04/ Frame C126 |
15 KB 15 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
%D8%A7%D8%B1%D8%AA%D9%82%D8%A7-%D8%B1%D8%AA%D8%A8%D9%87-%D8%B3%D8%A7%DB%8C%D8%AA.jpg
wenet.site/wp-content/uploads/2018/03/ Frame C126 |
36 KB 36 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
%D8%A7%DB%8C%D9%86%D8%B3%D8%AA%D8%A7%DA%AF%D8%B1%D8%A7%D9%85-%D9%88-%D9%81%D8%B1%D9%88%D8%B4%DA%AF%D8%A7%D9%87-%D8%A7%DB%8C%D9%86%D8%AA%D8%B1%D9%86%D8%AA%DB%8C.jpg
wenet.site/wp-content/uploads/2018/04/ Frame C126 |
47 KB 47 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
%D8%B3%D8%A6%D9%88-%D8%B3%D8%A7%DB%8C%D8%AA.jpg
wenet.site/wp-content/uploads/2018/04/ Frame C126 |
19 KB 19 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
%D9%85%D8%AF%DB%8C%D8%B1%DB%8C%D8%AA-%D8%B3%D8%A7%DB%8C%D8%AA-%D8%B3%D8%A7%D8%B2-%D9%88%DB%8C%D9%86%D8%AA.jpg
wenet.site/wp-content/uploads/2018/03/ Frame C126 |
88 KB 89 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
facebook.png
wenet.site/wp-content/uploads/2018/04/ Frame C126 |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
google-plus.png
wenet.site/wp-content/uploads/2018/04/ Frame C126 |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
twitter.png
wenet.site/wp-content/uploads/2018/04/ Frame C126 |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
linkedin.png
wenet.site/wp-content/uploads/2018/04/ Frame C126 |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
instagram.png
wenet.site/wp-content/uploads/2018/04/ Frame C126 |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
telegram-wenet.png
wenet.site/wp-content/uploads/2018/04/ Frame C126 |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.1.1/ Frame C126 |
82 KB 29 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
materialize.min.js
cdnjs.cloudflare.com/ajax/libs/materialize/0.100.2/js/ Frame C126 |
162 KB 48 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ScrollMagic.min.js
wenet.site/wp-content/themes/spacious/js/ Frame C126 |
17 KB 17 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
startup.js
wenet.site/wp-content/themes/spacious/js/ Frame C126 |
136 KB 136 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
wp-embed.min.js
wenet.site/wp-includes/js/ Frame C126 |
1 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
admin-ajax.php
wenet.site/wp-admin/ Frame C126 |
129 B 738 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
wenet.site/ | Name: PHPSESSID Value: mmg6trpa04v3dnisv02a87vqq2 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
cdnjs.cloudflare.com
fonts.googleapis.com
secure.aadcdn.microsoftonline-p.com
wenet.site
xpreshuntv.com.ng
136.243.252.137
162.241.188.178
2606:4700::6813:c497
2a00:1450:4001:808::200a
2a02:26f0:6c00:283::35c1
2a02:26f0:6c00:2bf::35c1
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
0974a834e5a0870922979534340adc39d33773cd7293b7aeb708aa682cd48a2b
0c15c04f955e765acbbd6cb7831fac3a14e689234e346ff4e17b8f88c8f263ad
12036e1f92ca55074b3ad3b71e80cf8c477fa4b6d1071ed77bb84db072527ded
126423621f4af4f5be54c10891f429d994017ba6940e915e7ff6ca0f03109b49
20fc4be33aac0b85e93684bc1d6ff564530f5284b85ea44d5f34e86b0d12e79a
2152557cac69e2bd7d6debef5037a9f554f9209cc305b8141b3329acb10c42b7
3849b5f9424c9f7748fc0a7c05d6a1eed3cd9de87eaabb479f7840040b5a6ddd
3f54598582e0a1af8d837adcb7e65f2d93ea150dc173101141f6b62c667bb302
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
4f962ec8ae085492d496fcbbd74185ab1c8e377438dbcb5ec4f8517b7bd9293f
5d3357bd875b7335ace42e8ee3a64578e4253bed1a4e279109de403eedae3a69
62faab60433070e2ea52c235f0f18db228759f2a08bb6f9e5711630df8321214
6c03fe5cc3317107db6fffdf35c349a5f0da9e20a9d0033dd226bd5eb492b11d
6d5d57dcc3f1e35f03db0bb054564e87b5b8954195270bd2e50d30dcb82c5813
6ebdbdf01e78babe586c8cc981e09e38b3c080a54a8fdc16d5e4d757a866307b
874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4
8925a8dd6a7050006a4c3fb80b4c77266a1fd22d298a9c59d2cf205d3041a69a
8a6541d3fbac0027463c345f5a5905a933d665e89eba6069f759fc1baeab16ab
97cf310541798ea1cceea20747bda2d30f4a1ee232af6f1e1ef1a68ecd043347
a7882dd9f63b6bd7e72fe6ebea3a4b11abac664511c866fb56ed41856d249c11
af06d830851e28f6a072189c2c0bf88f64740e1e3eaf2159a29a582b86782ae0
b74cc490da8bdb3d7f355f7f0c3db9d358c78c4d5d424ff292e5868f8f36db76
b96b525d112bc07f647494c8af5b307c71499ff77f590eacef68042ce1d74063
baffbf9a64fe37d1dc3fe34bce63262b5b7bfe4a96960564f861c2466ea6f4dd
c13db279143e1845ee4aaee5afedc5bd75e9f7d50024b63883b45332c4960b3b
c479fca2f449a81f76ba295f00a4e0758a6eca9238afbc11efc86e34ea39f899
dec467015bc8a67aa6c71ff99bd2b6260c7050ff052c43a3d882aa879de12060
fc48d1d80ece71a79a7b39877f4104d49d3da6c3665cf6dc203000fb7df4447e