clients.wlzlnk.es
Open in
urlscan Pro
2606:4700:3032::6815:1450
Malicious Activity!
Public Scan
Effective URL: https://clients.wlzlnk.es/
Submission: On August 14 via manual from ES — Scanned from ES
Summary
TLS certificate: Issued by GTS CA 1P5 on June 30th 2023. Valid for: 3 months.
This is the only time clients.wlzlnk.es was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: WiZink (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2606:4700:303... 2606:4700:3035::ac43:bffb | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 2606:4700:303... 2606:4700:3032::6815:1450 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 146.59.9.33 146.59.9.33 | 16276 (OVH) (OVH) | |
4 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
wlzlnk.es
1 redirects
clients.wlzlnk.es |
121 KB |
1 |
vsegda-pomnim.com
vsegda-pomnim.com |
646 KB |
4 | 2 |
Domain | Requested by | |
---|---|---|
4 | clients.wlzlnk.es |
1 redirects
clients.wlzlnk.es
|
1 | vsegda-pomnim.com |
clients.wlzlnk.es
|
4 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
wlzlnk.es GTS CA 1P5 |
2023-06-30 - 2023-09-28 |
3 months | crt.sh |
vsegda-pomnim.com R3 |
2023-07-28 - 2023-10-26 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://clients.wlzlnk.es/
Frame ID: E8DA2991141DABF889BC2F21448D8BE8
Requests: 11 HTTP requests in this frame
Screenshot
Page Title
Weeze pagePage URL History Show full URLs
-
http://clients.wlzlnk.es/
HTTP 301
https://clients.wlzlnk.es/ Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://clients.wlzlnk.es/
HTTP 301
https://clients.wlzlnk.es/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
4 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
clients.wlzlnk.es/ Redirect Chain
|
184 KB 119 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.js
clients.wlzlnk.es/js/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
inputs.js
clients.wlzlnk.es/js/ |
446 B 630 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
563 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
24 KB 24 KB |
Font
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
23 KB 23 KB |
Font
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
24 KB 24 KB |
Font
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
25 KB 25 KB |
Font
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1649291495_56-vsegda-pomnim-com-p-more-volni-plyazh-foto-75.jpg
vsegda-pomnim.com/uploads/posts/2022-04/ |
645 KB 646 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: WiZink (Banking)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
clients.wlzlnk.es
vsegda-pomnim.com
146.59.9.33
2606:4700:3032::6815:1450
2606:4700:3035::ac43:bffb
0355658ab998ab73195c8f6bb61247a59ae54fbccd1772246b6f5f9c5498d426
18c52ff29d6d8b4d773d8a54a13b9e66256b50935d8bf967084a67b5c9340a56
1f238be2c439d7b559125c18f82e6af0a5d823e283ab94a0a1b551a3af2e90ad
3c6e1b9559ffa2d53db9a4f0f80b9f9e20b66a6d017a6c7f6316fa3f919de853
524143a6041d05b55a96b1cbee60aec945c9fb12986d2a06310bc100e37c7ab9
6607bb2027bb8f4336a60ca8ffe7a840973d8aa593d0ab468e59df1985242d58
9a3a4748ff8bada68f61d9143223e6447d957e0beee548e2e8a3de587d045c0b
c7a6a02712d9d0d6259c486ea830f19968afdd70ebf306766d9ea4a8e1df9f78
c7acd6ac6d7d6b81f1da1eec0a759993761161a1ff73e8a26ebb31c28021b868
ef6bb7b59a63508f715333c232c33afad2f8245dd378b39feaa0838cfde0c50c
f823579344088ab273a94b1476d9790669d6939e528a2595f350b2bb726046da