www.waothemes.com Open in urlscan Pro
2606:4700:3030::681c:192e Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://www.waothemes.com/wp-content/languages/plugins/ccc/prelogin.php
Submission Tags: @ipnigh
Submission: On March 01 via api (March 1st 2020, 12:43:19 am UTC) from GB

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 16 HTTP transactions. The main IP is 2606:4700:3030::681c:192e, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.waothemes.com.

This is the only time www.waothemes.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Abu Dhabi Commercial Bank (Banking)

Domain & IP information

	IP Address		AS Autonomous System
16	2606:4700:303... 2606:4700:3030::681c:192e		13335 (CLOUDFLAR...) (CLOUDFLARENET)
16	1

16 2606:4700:3030::681c:192e (United States)

ASN13335 (CLOUDFLARENET, US)

www.waothemes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	waothemes.com www.waothemes.com	179 KB
16	1

	Domain	Requested by
16	www.waothemes.com	www.waothemes.com
16	1

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://www.waothemes.com/wp-content/languages/plugins/ccc/prelogin.php
Frame ID: 6AE3FE24D485A1815888002EF9CB8C73
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

16
Requests

0 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

179 kB
Transfer

495 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Cookie set prelogin.php Show response www.waothemes.com/wp-content/languages/plugins/ccc/	34 KB 5 KB	47ms 34ms	Document text/html	2606:4700:3030::681c:192e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://www.waothemes.com/wp-content/languages/plugins/ccc/prelogin.php Protocol HTTP/1.1 Server 2606:4700:3030::681c:192e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0083648e2d254edad67314740143589c2d4d93743931fe70ef5a475833260ed9` Request headers Host www.waothemes.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sun, 01 Mar 2020 00:42:46 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection keep-alive Set-Cookie __cfduid=da3cf4bbcda7630300dbaf4e53bfd8d0c1583023366; expires=Tue, 31-Mar-20 00:42:46 GMT; path=/; domain=.waothemes.com; HttpOnly; SameSite=Lax Cache-Control public, max-age=2592000 Expires max-age=2592000, public Vary Accept-Encoding X-Turbo-Charged-By LiteSpeed CF-Cache-Status DYNAMIC Server cloudflare CF-RAY 56ced7096f69dfbf-FRA Content-Encoding gzip
GET H/1.1	200 OK	adcbcss83b6.css www.waothemes.com/wp-content/languages/plugins/ccc/ADCBIB/desktopweb/jslib/tparty/libraries/jqueryWithCustomCSS/	16 KB 5 KB	34ms 32ms	Stylesheet text/css	2606:4700:3030::681c:192e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://www.waothemes.com/wp-content/languages/plugins/ccc/ADCBIB/desktopweb/jslib/tparty/libraries/jqueryWithCustomCSS/adcbcss83b6.css?ver=4.6.2 Requested by Host: www.waothemes.com URL: http://www.waothemes.com/wp-content/languages/plugins/ccc/prelogin.php Protocol HTTP/1.1 Server 2606:4700:3030::681c:192e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `7db891ac8b3e3af046573a98181a3e6be3187b15bc8f8547ff1e946459dd3741` Request headers Referer http://www.waothemes.com/wp-content/languages/plugins/ccc/prelogin.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sun, 01 Mar 2020 00:42:46 GMT Content-Encoding gzip CF-Cache-Status MISS Last-Modified Sun, 22 Sep 2019 12:05:52 GMT Server cloudflare Vary Accept-Encoding Content-Type text/css Cache-Control public, max-age=2592000 X-Turbo-Charged-By LiteSpeed Connection keep-alive Accept-Ranges bytes CF-RAY 56ced709b807dfbf-FRA Content-Length 4257 Expires max-age=2592000, public
GET H/1.1	200 OK	adcb.qtip83b6.css www.waothemes.com/wp-content/languages/plugins/ccc/ADCBIB/desktopweb/jslib/tparty/libraries/jqueryWithCustomCSS/	12 KB 4 KB	38ms 32ms	Stylesheet text/css	2606:4700:3030::681c:192e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://www.waothemes.com/wp-content/languages/plugins/ccc/ADCBIB/desktopweb/jslib/tparty/libraries/jqueryWithCustomCSS/adcb.qtip83b6.css?ver=4.6.2 Requested by Host: www.waothemes.com URL: http://www.waothemes.com/wp-content/languages/plugins/ccc/prelogin.php Protocol HTTP/1.1 Server 2606:4700:3030::681c:192e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `4651913302a21598d7b2b77d21bc6f2f7e1745fe79930bbe3b8df1ecf8c03ada` Request headers Referer http://www.waothemes.com/wp-content/languages/plugins/ccc/prelogin.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sun, 01 Mar 2020 00:42:46 GMT Content-Encoding gzip CF-Cache-Status MISS Last-Modified Sun, 22 Sep 2019 12:05:52 GMT Server cloudflare Vary Accept-Encoding Content-Type text/css Cache-Control public, max-age=2592000 X-Turbo-Charged-By LiteSpeed Connection keep-alive Accept-Ranges bytes CF-RAY 56ced709cfcf3248-FRA Content-Length 3644 Expires max-age=2592000, public
GET H/1.1	200 OK	konywebkit83b6.css www.waothemes.com/wp-content/languages/plugins/ccc/ADCBIB/desktopweb/conventionalRed/	252 KB 37 KB	37ms 30ms	Stylesheet text/css	2606:4700:3030::681c:192e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://www.waothemes.com/wp-content/languages/plugins/ccc/ADCBIB/desktopweb/conventionalRed/konywebkit83b6.css?ver=4.6.2 Requested by Host: www.waothemes.com URL: http://www.waothemes.com/wp-content/languages/plugins/ccc/prelogin.php Protocol HTTP/1.1 Server 2606:4700:3030::681c:192e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `8b8b52a55c7b59644ed36758902c5088d83e528f09d3effb74b4c7491f8c3e8f` Request headers Referer http://www.waothemes.com/wp-content/languages/plugins/ccc/prelogin.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sun, 01 Mar 2020 00:42:46 GMT Content-Encoding gzip CF-Cache-Status MISS Last-Modified Sun, 22 Sep 2019 12:00:54 GMT Server cloudflare Vary Accept-Encoding Content-Type text/css Cache-Control public, max-age=2592000 X-Turbo-Charged-By LiteSpeed Connection keep-alive Accept-Ranges bytes CF-RAY 56ced709cd921f4d-FRA Content-Length 37638 Expires max-age=2592000, public
GET H/1.1	200 OK	logo.png www.waothemes.com/wp-content/languages/plugins/ccc/ADCBIB/	11 KB 11 KB	27ms 21ms	Image image/png	2606:4700:3030::681c:192e CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL http://www.waothemes.com/wp-content/languages/plugins/ccc/ADCBIB/logo.png Requested by Host: www.waothemes.com URL: http://www.waothemes.com/wp-content/languages/plugins/ccc/prelogin.php Protocol HTTP/1.1 Server 2606:4700:3030::681c:192e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `94801eadb3ff7808a7221df40af914fe7485cdc58effed27756f5c85435938ee` Request headers Referer http://www.waothemes.com/wp-content/languages/plugins/ccc/prelogin.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sun, 01 Mar 2020 00:42:46 GMT CF-Cache-Status HIT Last-Modified Tue, 12 Nov 2013 12:37:58 GMT Server cloudflare Age 2476 Vary Accept-Encoding Content-Type image/png Cache-Control public, max-age=2592000 X-Turbo-Charged-By LiteSpeed Connection keep-alive Accept-Ranges bytes CF-RAY 56ced709cb56d6c9-FRA Content-Length 10800 Expires max-age=2592000, public
GET H/1.1	200 OK	android_red.png www.waothemes.com/wp-content/languages/plugins/ccc/ADCBIB/desktopweb/images/	471 B 876 B	22ms 14ms	Image image/png	2606:4700:3030::681c:192e CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL http://www.waothemes.com/wp-content/languages/plugins/ccc/ADCBIB/desktopweb/images/android_red.png Requested by Host: www.waothemes.com URL: http://www.waothemes.com/wp-content/languages/plugins/ccc/prelogin.php Protocol HTTP/1.1 Server 2606:4700:3030::681c:192e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `717074cf4fbdee2dbb6819087f2f3de853a3ede9494ac84f36353408a49e49da` Request headers Referer http://www.waothemes.com/wp-content/languages/plugins/ccc/prelogin.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sun, 01 Mar 2020 00:42:46 GMT CF-Cache-Status HIT Last-Modified Sun, 22 Sep 2019 11:39:34 GMT Server cloudflare Age 2476 Vary Accept-Encoding Content-Type image/png Cache-Control public, max-age=2592000 X-Turbo-Charged-By LiteSpeed Connection keep-alive Accept-Ranges bytes CF-RAY 56ced709ce6b1762-FRA Content-Length 471 Expires max-age=2592000, public
GET H/1.1	522	apple_red.png www.waothemes.com/wp-content/languages/plugins/ccc/ADCBIB/desktopweb/images/	5 KB 5 KB	15463ms 15457ms	Image text/html	2606:4700:3030::681c:192e CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL http://www.waothemes.com/wp-content/languages/plugins/ccc/ADCBIB/desktopweb/images/apple_red.png Requested by Host: www.waothemes.com URL: http://www.waothemes.com/wp-content/languages/plugins/ccc/prelogin.php Protocol HTTP/1.1 Server 2606:4700:3030::681c:192e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `59d42f60a959c72d0489312c57ae264eec28d82030f562819c12b308379e9894` Request headers Referer http://www.waothemes.com/wp-content/languages/plugins/ccc/prelogin.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Pragma no-cache Date Sun, 01 Mar 2020 00:43:02 GMT Server cloudflare Transfer-Encoding chunked Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection keep-alive CF-RAY 56ced709ccf6e007-FRA Expires Thu, 01 Jan 1970 00:00:01 GMT
GET H/1.1	200 OK	bb_red.png www.waothemes.com/wp-content/languages/plugins/ccc/ADCBIB/desktopweb/images/	574 B 979 B	13ms 13ms	Image image/png	2606:4700:3030::681c:192e CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL http://www.waothemes.com/wp-content/languages/plugins/ccc/ADCBIB/desktopweb/images/bb_red.png Requested by Host: www.waothemes.com URL: http://www.waothemes.com/wp-content/languages/plugins/ccc/prelogin.php Protocol HTTP/1.1 Server 2606:4700:3030::681c:192e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d4f7f5081265a80d778e0593d140c12384cc2996359daea45928ebdfe902f1e7` Request headers Referer http://www.waothemes.com/wp-content/languages/plugins/ccc/prelogin.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sun, 01 Mar 2020 00:42:46 GMT CF-Cache-Status HIT Last-Modified Sun, 22 Sep 2019 11:39:16 GMT Server cloudflare Age 2476 Vary Accept-Encoding Content-Type image/png Cache-Control public, max-age=2592000 X-Turbo-Charged-By LiteSpeed Connection keep-alive Accept-Ranges bytes CF-RAY 56ced709de921762-FRA Content-Length 574 Expires max-age=2592000, public
GET H/1.1	200 OK	login_icon.png www.waothemes.com/wp-content/languages/plugins/ccc/ADCBIB/desktopweb/images/	1 KB 2 KB	11ms 10ms	Image image/png	2606:4700:3030::681c:192e CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL http://www.waothemes.com/wp-content/languages/plugins/ccc/ADCBIB/desktopweb/images/login_icon.png Requested by Host: www.waothemes.com URL: http://www.waothemes.com/wp-content/languages/plugins/ccc/prelogin.php Protocol HTTP/1.1 Server 2606:4700:3030::681c:192e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `da3bfccf9fc20cbcec3540f7a992b7663bfb982204e39d2d648e56f3e8ff08d8` Request headers Referer http://www.waothemes.com/wp-content/languages/plugins/ccc/prelogin.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sun, 01 Mar 2020 00:42:46 GMT CF-Cache-Status HIT Last-Modified Sun, 22 Sep 2019 11:39:24 GMT Server cloudflare Age 2476 Vary Accept-Encoding Content-Type image/png Cache-Control public, max-age=2592000 X-Turbo-Charged-By LiteSpeed Connection keep-alive Accept-Ranges bytes CF-RAY 56ced709eb8ad6c9-FRA Content-Length 1252 Expires max-age=2592000, public
GET H/1.1	200 OK	info.png www.waothemes.com/wp-content/languages/plugins/ccc/ADCBIB/desktopweb/images/	1 KB 2 KB	10ms 10ms	Image image/png	2606:4700:3030::681c:192e CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL http://www.waothemes.com/wp-content/languages/plugins/ccc/ADCBIB/desktopweb/images/info.png Requested by Host: www.waothemes.com URL: http://www.waothemes.com/wp-content/languages/plugins/ccc/prelogin.php Protocol HTTP/1.1 Server 2606:4700:3030::681c:192e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `1b669d4b4918d76f33da0447fb8cf720e132b497998d957c5e9f2a1b031285f2` Request headers Referer http://www.waothemes.com/wp-content/languages/plugins/ccc/prelogin.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sun, 01 Mar 2020 00:42:46 GMT CF-Cache-Status HIT Last-Modified Sun, 22 Sep 2019 11:39:36 GMT Server cloudflare Age 2476 Vary Accept-Encoding Content-Type image/png Cache-Control public, max-age=2592000 X-Turbo-Charged-By LiteSpeed Connection keep-alive Accept-Ranges bytes CF-RAY 56ced709f849dfbf-FRA Content-Length 1218 Expires max-age=2592000, public
GET H/1.1	200 OK	bullet.png www.waothemes.com/wp-content/languages/plugins/ccc/ADCBIB/desktopweb/images/	207 B 612 B	16ms 16ms	Image image/png	2606:4700:3030::681c:192e CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL http://www.waothemes.com/wp-content/languages/plugins/ccc/ADCBIB/desktopweb/images/bullet.png Requested by Host: www.waothemes.com URL: http://www.waothemes.com/wp-content/languages/plugins/ccc/prelogin.php Protocol HTTP/1.1 Server 2606:4700:3030::681c:192e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `fc8e98c34d52f0e44ee834531302b0760dddb184fab412df9c72af9e7daea975` Request headers Referer http://www.waothemes.com/wp-content/languages/plugins/ccc/prelogin.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sun, 01 Mar 2020 00:42:46 GMT CF-Cache-Status HIT Last-Modified Sun, 22 Sep 2019 11:39:24 GMT Server cloudflare Age 2476 Vary Accept-Encoding Content-Type image/png Cache-Control public, max-age=2592000 X-Turbo-Charged-By LiteSpeed Connection keep-alive Accept-Ranges bytes CF-RAY 56ced709feb01762-FRA Content-Length 207 Expires max-age=2592000, public
GET H/1.1	200 OK	rlogo.png www.waothemes.com/wp-content/languages/plugins/ccc/ADCBIB/desktopweb/images/	3 KB 3 KB	11ms 10ms	Image image/png	2606:4700:3030::681c:192e CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL http://www.waothemes.com/wp-content/languages/plugins/ccc/ADCBIB/desktopweb/images/rlogo.png Requested by Host: www.waothemes.com URL: http://www.waothemes.com/wp-content/languages/plugins/ccc/prelogin.php Protocol HTTP/1.1 Server 2606:4700:3030::681c:192e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0fbcf9abf711729b831a7ab1740dd5b90b5b82c2c481cc8b88465dc638f4f9de` Request headers Referer http://www.waothemes.com/wp-content/languages/plugins/ccc/prelogin.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sun, 01 Mar 2020 00:42:46 GMT CF-Cache-Status HIT Last-Modified Sun, 22 Sep 2019 11:39:34 GMT Server cloudflare Age 2476 Vary Accept-Encoding Content-Type image/png Cache-Control public, max-age=2592000 X-Turbo-Charged-By LiteSpeed Connection keep-alive Accept-Ranges bytes CF-RAY 56ced709fba2d6c9-FRA Content-Length 2819 Expires max-age=2592000, public
GET H/1.1	200 OK	aecertlogo.png www.waothemes.com/wp-content/languages/plugins/ccc/ADCBIB/desktopweb/images/	28 KB 28 KB	10ms 10ms	Image image/png	2606:4700:3030::681c:192e CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL http://www.waothemes.com/wp-content/languages/plugins/ccc/ADCBIB/desktopweb/images/aecertlogo.png Requested by Host: www.waothemes.com URL: http://www.waothemes.com/wp-content/languages/plugins/ccc/prelogin.php Protocol HTTP/1.1 Server 2606:4700:3030::681c:192e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a99682dbf1e6d0472e36f01bbff31f178f7811068c581ed8fbcf8b8eab0ef998` Request headers Referer http://www.waothemes.com/wp-content/languages/plugins/ccc/prelogin.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sun, 01 Mar 2020 00:42:46 GMT CF-Cache-Status HIT Last-Modified Sun, 22 Sep 2019 11:39:14 GMT Server cloudflare Age 2476 Vary Accept-Encoding Content-Type image/png Cache-Control public, max-age=2592000 X-Turbo-Charged-By LiteSpeed Connection keep-alive Accept-Ranges bytes CF-RAY 56ced709f8163248-FRA Content-Length 28251 Expires max-age=2592000, public
GET H/1.1	200 OK	pinc.gif www.waothemes.com/wp-content/languages/plugins/ccc/ADCBIB/desktopweb/conventionalRed/images/	2 KB 3 KB	11ms 11ms	Image image/gif	2606:4700:3030::681c:192e CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL http://www.waothemes.com/wp-content/languages/plugins/ccc/ADCBIB/desktopweb/conventionalRed/images/pinc.gif Requested by Host: www.waothemes.com URL: http://www.waothemes.com/wp-content/languages/plugins/ccc/prelogin.php Protocol HTTP/1.1 Server 2606:4700:3030::681c:192e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `7510f58383cc71e5a94c036d5c831735b42e05f217825b02f1195d4527dfe09b` Request headers Referer http://www.waothemes.com/wp-content/languages/plugins/ccc/ADCBIB/desktopweb/conventionalRed/konywebkit83b6.css?ver=4.6.2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sun, 01 Mar 2020 00:42:46 GMT CF-Cache-Status HIT Last-Modified Sun, 22 Sep 2019 11:39:14 GMT Server cloudflare Age 2476 Vary Accept-Encoding Content-Type image/gif Cache-Control public, max-age=2592000 X-Turbo-Charged-By LiteSpeed Connection keep-alive Accept-Ranges bytes CF-RAY 56ced70a083a3248-FRA Content-Length 2417 Expires max-age=2592000, public
GET H/1.1	200 OK	museoSans_300.ttf www.waothemes.com/wp-content/languages/plugins/ccc/ADCBIB/desktopweb/conventionalRed/	65 KB 37 KB	17ms 17ms	Font font/ttf	2606:4700:3030::681c:192e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://www.waothemes.com/wp-content/languages/plugins/ccc/ADCBIB/desktopweb/conventionalRed/museoSans_300.ttf Requested by Host: www.waothemes.com URL: http://www.waothemes.com/wp-content/languages/plugins/ccc/prelogin.php Protocol HTTP/1.1 Server 2606:4700:3030::681c:192e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `940cb953d38ed38d61a456c086d814e1d9081bc014c82adceee5a8387795902a` Request headers Origin http://www.waothemes.com Referer http://www.waothemes.com/wp-content/languages/plugins/ccc/ADCBIB/desktopweb/conventionalRed/konywebkit83b6.css?ver=4.6.2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sun, 01 Mar 2020 00:42:46 GMT Content-Encoding gzip CF-Cache-Status HIT Last-Modified Sun, 22 Sep 2019 11:39:22 GMT Server cloudflare Age 2437 Vary Accept-Encoding Content-Type font/ttf Cache-Control public, max-age=604800 Transfer-Encoding chunked X-Turbo-Charged-By LiteSpeed Connection keep-alive CF-RAY 56ced70a0ee21762-FRA Expires max-age=2592000, public
GET H/1.1	200 OK	museoSans_500.ttf www.waothemes.com/wp-content/languages/plugins/ccc/ADCBIB/desktopweb/conventionalRed/	64 KB 37 KB	17ms 17ms	Font font/ttf	2606:4700:3030::681c:192e CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://www.waothemes.com/wp-content/languages/plugins/ccc/ADCBIB/desktopweb/conventionalRed/museoSans_500.ttf Requested by Host: www.waothemes.com URL: http://www.waothemes.com/wp-content/languages/plugins/ccc/prelogin.php Protocol HTTP/1.1 Server 2606:4700:3030::681c:192e , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `b1668c9dacf109ad52bbf92710bcc8c809fef30c5d95722c534ba2ba2af85c6f` Request headers Origin http://www.waothemes.com Referer http://www.waothemes.com/wp-content/languages/plugins/ccc/ADCBIB/desktopweb/conventionalRed/konywebkit83b6.css?ver=4.6.2 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Sun, 01 Mar 2020 00:42:46 GMT Content-Encoding gzip CF-Cache-Status HIT Last-Modified Sun, 22 Sep 2019 11:39:32 GMT Server cloudflare Age 2437 Vary Accept-Encoding Content-Type font/ttf Cache-Control public, max-age=604800 Transfer-Encoding chunked X-Turbo-Charged-By LiteSpeed Connection keep-alive CF-RAY 56ced70a1bc2d6c9-FRA Expires max-age=2592000, public

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Abu Dhabi Commercial Bank (Banking)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.waothemes.com/	1970-01-19 07:43:43	Name: cf_use_ob Value: 80
			www.waothemes.com/	1970-01-19 07:43:43	Name: cf_ob_info Value: 522:56ced709ccf6e007:FRA

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.waothemes.com
2606:4700:3030::681c:192e
0083648e2d254edad67314740143589c2d4d93743931fe70ef5a475833260ed9
0fbcf9abf711729b831a7ab1740dd5b90b5b82c2c481cc8b88465dc638f4f9de
1b669d4b4918d76f33da0447fb8cf720e132b497998d957c5e9f2a1b031285f2
4651913302a21598d7b2b77d21bc6f2f7e1745fe79930bbe3b8df1ecf8c03ada
59d42f60a959c72d0489312c57ae264eec28d82030f562819c12b308379e9894
717074cf4fbdee2dbb6819087f2f3de853a3ede9494ac84f36353408a49e49da
7510f58383cc71e5a94c036d5c831735b42e05f217825b02f1195d4527dfe09b
7db891ac8b3e3af046573a98181a3e6be3187b15bc8f8547ff1e946459dd3741
8b8b52a55c7b59644ed36758902c5088d83e528f09d3effb74b4c7491f8c3e8f
940cb953d38ed38d61a456c086d814e1d9081bc014c82adceee5a8387795902a
94801eadb3ff7808a7221df40af914fe7485cdc58effed27756f5c85435938ee
a99682dbf1e6d0472e36f01bbff31f178f7811068c581ed8fbcf8b8eab0ef998
b1668c9dacf109ad52bbf92710bcc8c809fef30c5d95722c534ba2ba2af85c6f
d4f7f5081265a80d778e0593d140c12384cc2996359daea45928ebdfe902f1e7
da3bfccf9fc20cbcec3540f7a992b7663bfb982204e39d2d648e56f3e8ff08d8
fc8e98c34d52f0e44ee834531302b0760dddb184fab412df9c72af9e7daea975

www.waothemes.com Open in urlscan Pro 2606:4700:3030::681c:192e Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

16 Requests

0 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

179 kBTransfer

495 kBSize

2 Cookies

0 Outgoing links

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

2 Cookies

Indicators

www.waothemes.com Open in urlscan Pro
2606:4700:3030::681c:192e Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

0 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

179 kB
Transfer

495 kB
Size

2
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!