clients.wlzlnk.es Open in urlscan Pro
2606:4700:3032::6815:1450  Malicious Activity! Public Scan

Submitted URL: http://clients.wlzlnk.es/
Effective URL: https://clients.wlzlnk.es/
Submission: On August 14 via manual from ES — Scanned from ES

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 4 HTTP transactions. The main IP is 2606:4700:3032::6815:1450, located in United States and belongs to CLOUDFLARENET, US. The main domain is clients.wlzlnk.es.
TLS certificate: Issued by GTS CA 1P5 on June 30th 2023. Valid for: 3 months.
This is the only time clients.wlzlnk.es was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: WiZink (Banking)

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
3 2606:4700:303... 13335 (CLOUDFLAR...)
1 146.59.9.33 16276 (OVH)
4 3
Apex Domain
Subdomains
Transfer
4 wlzlnk.es
clients.wlzlnk.es
121 KB
1 vsegda-pomnim.com
vsegda-pomnim.com
646 KB
4 2
Domain Requested by
4 clients.wlzlnk.es 1 redirects clients.wlzlnk.es
1 vsegda-pomnim.com clients.wlzlnk.es
4 2

This site contains no links.

Subject Issuer Validity Valid
wlzlnk.es
GTS CA 1P5
2023-06-30 -
2023-09-28
3 months crt.sh
vsegda-pomnim.com
R3
2023-07-28 -
2023-10-26
3 months crt.sh

This page contains 1 frames:

Primary Page: https://clients.wlzlnk.es/
Frame ID: E8DA2991141DABF889BC2F21448D8BE8
Requests: 11 HTTP requests in this frame

Screenshot

Page Title

Weeze page

Page URL History Show full URLs

  1. http://clients.wlzlnk.es/ HTTP 301
    https://clients.wlzlnk.es/ Page URL

Page Statistics

4
Requests

100 %
HTTPS

67 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

863 kB
Transfer

932 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://clients.wlzlnk.es/ HTTP 301
    https://clients.wlzlnk.es/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
clients.wlzlnk.es/
Redirect Chain
  • http://clients.wlzlnk.es/
  • https://clients.wlzlnk.es/
184 KB
119 KB
Document
General
Full URL
https://clients.wlzlnk.es/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6815:1450 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c7a6a02712d9d0d6259c486ea830f19968afdd70ebf306766d9ea4a8e1df9f78

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language
es-ES,es;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7f6ccb145e202160-MAD
content-encoding
br
content-type
text/html
date
Mon, 14 Aug 2023 22:56:49 GMT
last-modified
Thu, 08 Sep 2022 10:39:18 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oTDHlB8uA%2Ft8fnL5bH5L09%2FJf8Q2rE7HkBWw5uQhRmHdTRiXVYlizuKSBppytAb6r9nnV37IY0AxaMEd7tBEz88ElbpmgLi42qYLpbWoRZbh3fmWLnYVRwWA2HGJrdnnDCDtLvU4NN9IeeveXbYuog%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

CF-RAY
7f6ccb139debd671-MAD
Cache-Control
max-age=3600
Connection
keep-alive
Date
Mon, 14 Aug 2023 22:56:49 GMT
Expires
Mon, 14 Aug 2023 23:56:49 GMT
Location
https://clients.wlzlnk.es/
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y8sjDjAcVIXYHbRJj8T7VxVduvaSlmU0EhlJ7Rmm1vHJ49JUpWoygIcoo2cC%2Fbv8IucMZvXZgkwk%2BKW%2F%2BbjaoUGSrxflQiVUtJ7aGLqYcdAO4z0NEs4NY%2FaGZ6c101eKXMZzaUJv1trrfzu%2BayS09Q%3D%3D"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
alt-svc
h3=":443"; ma=86400
main.js
clients.wlzlnk.es/js/
2 KB
1 KB
Script
General
Full URL
https://clients.wlzlnk.es/js/main.js
Requested by
Host: clients.wlzlnk.es
URL: https://clients.wlzlnk.es/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6815:1450 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
524143a6041d05b55a96b1cbee60aec945c9fb12986d2a06310bc100e37c7ab9

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://clients.wlzlnk.es/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 22:56:49 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Fri, 09 Sep 2022 10:19:07 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
177014
etag
W/"631b131b-689"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r9kYnIjifh0mCg8XOv12hicO4L6Zyig5J8OxXtIqCJTwqKhMMnsWb7H6%2Faa9fh2ahF%2BmJNgIOgk%2FDmYq4Q07FU3k9%2B9q2gI037oqxc0k8J%2BGTMiU%2BKxsbtItfaFTrqtjRRF4CFXNDrIJpf3UYXJHLQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=315360000
cf-ray
7f6ccb17ea542160-MAD
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
inputs.js
clients.wlzlnk.es/js/
446 B
630 B
Script
General
Full URL
https://clients.wlzlnk.es/js/inputs.js
Requested by
Host: clients.wlzlnk.es
URL: https://clients.wlzlnk.es/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6815:1450 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3c6e1b9559ffa2d53db9a4f0f80b9f9e20b66a6d017a6c7f6316fa3f919de853

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://clients.wlzlnk.es/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 22:56:49 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 08 Sep 2022 10:42:47 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
177014
etag
W/"6319c727-1be"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kls%2BLsfl1RGdCpk0kjvMk1kvANnoMzImoRHKt42uKq2WlSMfoqYmcj4rDRjuci6j3lpqpgzRFP9gl%2FLAtc%2FU%2BNHdIpkOpnt%2BwpPszU3fsZOFjfQ0qJ2%2BcsjfH4NAXSNDNKrDQXfxygmYkKLZIzBq1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=315360000
cf-ray
7f6ccb17ea572160-MAD
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
truncated
/
563 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0355658ab998ab73195c8f6bb61247a59ae54fbccd1772246b6f5f9c5498d426

Request headers

accept-language
es-ES,es;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f823579344088ab273a94b1476d9790669d6939e528a2595f350b2bb726046da

Request headers

accept-language
es-ES,es;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
3 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c7acd6ac6d7d6b81f1da1eec0a759993761161a1ff73e8a26ebb31c28021b868

Request headers

accept-language
es-ES,es;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
24 KB
24 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6607bb2027bb8f4336a60ca8ffe7a840973d8aa593d0ab468e59df1985242d58

Request headers

Referer
Origin
https://clients.wlzlnk.es
accept-language
es-ES,es;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Type
text/plain
truncated
/
23 KB
23 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef6bb7b59a63508f715333c232c33afad2f8245dd378b39feaa0838cfde0c50c

Request headers

Referer
Origin
https://clients.wlzlnk.es
accept-language
es-ES,es;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Type
text/plain
truncated
/
24 KB
24 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9a3a4748ff8bada68f61d9143223e6447d957e0beee548e2e8a3de587d045c0b

Request headers

Referer
Origin
https://clients.wlzlnk.es
accept-language
es-ES,es;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Type
text/plain
truncated
/
25 KB
25 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1f238be2c439d7b559125c18f82e6af0a5d823e283ab94a0a1b551a3af2e90ad

Request headers

Referer
Origin
https://clients.wlzlnk.es
accept-language
es-ES,es;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Type
text/plain
1649291495_56-vsegda-pomnim-com-p-more-volni-plyazh-foto-75.jpg
vsegda-pomnim.com/uploads/posts/2022-04/
645 KB
646 KB
Image
General
Full URL
https://vsegda-pomnim.com/uploads/posts/2022-04/1649291495_56-vsegda-pomnim-com-p-more-volni-plyazh-foto-75.jpg
Requested by
Host: clients.wlzlnk.es
URL: https://clients.wlzlnk.es/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.59.9.33 , France, ASN16276 (OVH, FR),
Reverse DNS
ip33.ip-146-59-9.eu
Software
nginx /
Resource Hash
18c52ff29d6d8b4d773d8a54a13b9e66256b50935d8bf967084a67b5c9340a56

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://clients.wlzlnk.es/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Mon, 14 Aug 2023 22:56:50 GMT
last-modified
Thu, 07 Apr 2022 00:29:59 GMT
server
nginx
etag
"624e3087-a12d0"
content-type
image/jpeg
cache-control
max-age=315360000
accept-ranges
bytes
content-length
660176
expires
Thu, 31 Dec 2037 23:55:55 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WiZink (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies