one.wqwai.com Open in urlscan Pro
154.3.35.141 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://one.wqwai.com/
Effective URL:
https://one.wqwai.com/index.html
Submission: On December 02 via api (December 2nd 2023, 4:25:38 pm UTC) from FI — Scanned from NZ

Summary HTTP 8 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 8 HTTP transactions. The main IP is 154.3.35.141, located in Hong Kong and belongs to DMIT, US. The main domain is one.wqwai.com.
TLS certificate: Issued by R3 on December 1st 2023. Valid for: 3 months.

This is the only time one.wqwai.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 5	154.3.35.141 154.3.35.141	906 (DMIT) (DMIT)
4	2606:4700:20:... 2606:4700:20::681a:1be	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	202.95.9.71 202.95.9.71	4808 (CHINA169-...) (CHINA169-BJ China Unicom Beijing Province Network)
8	3

5 154.3.35.141 (Hong Kong) 2 redirects

ASN906 (DMIT, US)
PTR: Host-By.DMIT.com

one.wqwai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:20::681a:1be (United States)

ASN13335 (CLOUDFLARENET, US)

fonts.loli.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
gstatic.loli.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 202.95.9.71 (Singapore)

ASN4808 (CHINA169-BJ China Unicom Beijing Province Network, CN)

baiwa.art	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	wqwai.com 2 redirects one.wqwai.com	139 KB
4	loli.net fonts.loli.net — Cisco Umbrella Rank: 592348 gstatic.loli.net	67 KB
1	baiwa.art baiwa.art
8	3

	Domain	Requested by
5	one.wqwai.com	2 redirects one.wqwai.com
2	gstatic.loli.net	fonts.loli.net
2	fonts.loli.net	one.wqwai.com
1	baiwa.art	one.wqwai.com
8	4

This site contains links to these domains. Also see Links.

Domain
my.baiwa.art

Subject Issuer	Validity	Valid
one.wqwai.com R3	`2023-12-01` - `2024-02-29`	3 months	crt.sh
loli.net Cloudflare Inc ECC CA-3	`2023-04-05` - `2024-04-04`	a year	crt.sh
baiwa.art R3	`2023-11-02` - `2024-01-31`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://one.wqwai.com/index.html
Frame ID: 2C48655153C1E4F9A3BF6F0FF686E9AD
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

白瓦网络

Page URL History Show full URLs

http://one.wqwai.com/ HTTP 301
https://one.wqwai.com/ HTTP 301
https://one.wqwai.com/index.html Page URL

Page Statistics

8
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

4
Subdomains

3
IPs

3
Countries

206 kB
Transfer

1376 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://my.baiwa.art/
Title: 前往用户中心

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://one.wqwai.com/ HTTP 301
https://one.wqwai.com/ HTTP 301
https://one.wqwai.com/index.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request index.html Show response
one.wqwai.com/
Redirect Chain

http://one.wqwai.com/
https://one.wqwai.com/
https://one.wqwai.com/index.html

1 KB
967 B

230ms
229ms

Document
text/html

154.3.35.141
DMIT

General

Check archive.org

Show headers Download Go to

Full URL: https://one.wqwai.com/index.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 154.3.35.141 , Hong Kong, ASN906 (DMIT, US),
Reverse DNS: Host-By.DMIT.com
Software: nginx/1.22.0 /
Resource Hash: d692035c96048f7c156b8891a89986356165ff8772a43fdf8d5cf125d9bdc4bd

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Mobile/15E148 Safari/604.1
accept-language: en-NZ,en;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html
Date: Sun, 03 Dec 2023 00:23:34 GMT
ETag: W/"62f0dd81-562"
Last-Modified: Mon, 08 Aug 2022 09:55:13 GMT
Server: nginx/1.22.0
Transfer-Encoding: chunked

Redirect headers

Connection: keep-alive
Content-Length: 169
Content-Type: text/html
Date: Sun, 03 Dec 2023 00:23:34 GMT
Location: https://one.wqwai.com/index.html
Server: nginx/1.22.0

GET
H/1.1 200
OK nicepage.css
one.wqwai.com/ 1 MB
137 KB 284ms
283ms Stylesheet
text/css 154.3.35.141
DMIT

General

Check archive.org

Show headers Download Go to

Full URL: https://one.wqwai.com/nicepage.css
Requested by: Host: one.wqwai.com
URL: https://one.wqwai.com/index.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 154.3.35.141 , Hong Kong, ASN906 (DMIT, US),
Reverse DNS: Host-By.DMIT.com
Software: nginx/1.22.0 /
Resource Hash: 1e480a813ec589364bf0de0f279ad555d2011a0c8f22e33f53e1ba3541f979c1

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://one.wqwai.com/index.html
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Mobile/15E148 Safari/604.1

Response headers

Date: Sun, 03 Dec 2023 00:23:34 GMT
Content-Encoding: gzip
Last-Modified: Mon, 08 Aug 2022 09:53:33 GMT
Server: nginx/1.22.0
ETag: W/"62f0dd1d-1388da"
Transfer-Encoding: chunked
Content-Type: text/css
Connection: keep-alive

GET
H/1.1 200
OK Home.css
one.wqwai.com/ 1 KB
774 B 684ms
228ms Stylesheet
text/css 154.3.35.141
DMIT

General

Check archive.org

Show headers Download Go to

Full URL: https://one.wqwai.com/Home.css
Requested by: Host: one.wqwai.com
URL: https://one.wqwai.com/index.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 154.3.35.141 , Hong Kong, ASN906 (DMIT, US),
Reverse DNS: Host-By.DMIT.com
Software: nginx/1.22.0 /
Resource Hash: ad13ba434e51f96910941b373841a70aefd5bc2fa25818a20c96467f9cce7656

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://one.wqwai.com/index.html
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Mobile/15E148 Safari/604.1

Response headers

Date: Sun, 03 Dec 2023 00:23:34 GMT
Content-Encoding: gzip
Last-Modified: Mon, 08 Aug 2022 09:53:32 GMT
Server: nginx/1.22.0
ETag: W/"62f0dd1c-5f2"
Transfer-Encoding: chunked
Content-Type: text/css
Connection: keep-alive

GET
H2 200 css
fonts.loli.net/ 58 KB
2 KB 2066ms
1615ms Stylesheet
text/css 2606:4700:20::681a:1be
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.loli.net/css?family=Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i|Open+Sans:300,300i,400,400i,500,500i,600,600i,700,700i,800,800i

Requested by

Host: one.wqwai.com
URL: https://one.wqwai.com/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:1be , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ced1d9eee8efaac4625f6983c80920f397c5769aa3ab36f478683d1fafb6e499

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://one.wqwai.com/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Mobile/15E148 Safari/604.1

Response headers

date: Sat, 02 Dec 2023 16:25:26 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k8oYmGHmjkbFx8%2FRMkT2CBhFglApFtekwxRG3gG4roqrbo3Xnu5gwKTFZJFeiQRhd%2Bp7KruFhDMrR2OFYwVLsMMWe0dYMOR8nAwtGS30VIXi3ur3i%2BKbSFd4dJQD6FbYKufdFrh65e2YS2r6"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
timing-allow-origin: *
cf-ray: 82f4ecf8bb70aacb-SYD
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 css
fonts.loli.net/ 1 KB
1 KB 1726ms
1276ms Stylesheet
text/css 2606:4700:20::681a:1be
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.loli.net/css?family=Alex+Brush:400

Requested by

Host: one.wqwai.com
URL: https://one.wqwai.com/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:1be , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a425fd095907067d246f2e70d7e832f24a63a65ae5e86d2be257a4bd2886c2bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://one.wqwai.com/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Mobile/15E148 Safari/604.1

Response headers

date: Sat, 02 Dec 2023 16:25:25 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ukb6JzNqsw87qVoyt2Lc7303aGYFMINQiPdhTZVXSFGw5leN31cRst0rFAGPHgdqpr%2Fx60glcQDiB2FgfiL9vAFuWIaxQ%2B%2BmWCTw5dV9wfvISx19lPA6rqUYmh10cz8wlsl9WLhvIMvqj%2Bwn"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
timing-allow-origin: *
cf-ray: 82f4ecf8bb72aacb-SYD
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 404 newbaiwa.jpg
baiwa.art/ 0
0 592ms
193ms Image
text/html 202.95.9.71
CHINA169-BJ China...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://baiwa.art/newbaiwa.jpg
Requested by: Host: one.wqwai.com
URL: https://one.wqwai.com/Home.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 202.95.9.71 , Singapore, ASN4808 (CHINA169-BJ China Unicom Beijing Province Network, CN),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-NZ,en;q=0.9
Referer: https://one.wqwai.com/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Mobile/15E148 Safari/604.1

Response headers

GET
H2 200 SZc83FzrJKuqFbwMKk6EhUXz7RlNiCY.woff2
gstatic.loli.net/s/alexbrush/v22/ 22 KB
22 KB 1285ms
722ms Font
font/woff2 2606:4700:20::681a:1be
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://gstatic.loli.net/s/alexbrush/v22/SZc83FzrJKuqFbwMKk6EhUXz7RlNiCY.woff2

Requested by

Host: fonts.loli.net
URL: https://fonts.loli.net/css?family=Alex+Brush:400

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:1be , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f3b217c04f16a176dc801a1a8472af86d77b4b921e1e84d79218255a4a90b4cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://fonts.loli.net/
Origin: https://one.wqwai.com
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Mobile/15E148 Safari/604.1

Response headers

date: Sat, 02 Dec 2023 16:25:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 22072
x-xss-protection: 1; mode=block
last-modified: Tue, 02 May 2023 15:43:51 GMT
server: cloudflare
cross-origin-opener-policy: same-origin; report-to="apps-themes"
x-frame-options: SAMEORIGIN
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=315360000
vary: Accept-Encoding
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 82f4ed066c6f5d24-SYD
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-mu0SC55I.woff2
gstatic.loli.net/s/opensans/v36/ 42 KB
42 KB 1413ms
851ms Font
font/woff2 2606:4700:20::681a:1be
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://gstatic.loli.net/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-mu0SC55I.woff2

Requested by

Host: fonts.loli.net
URL: https://fonts.loli.net/css?family=Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i|Open+Sans:300,300i,400,400i,500,500i,600,600i,700,700i,800,800i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:1be , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9e39ec7b42b5f6e62f36e4f1ee181796d0663bc05e2fdf12422d6fc8e2765001

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://fonts.loli.net/
Origin: https://one.wqwai.com
accept-language: en-NZ,en;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 17_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Mobile/15E148 Safari/604.1

Response headers

date: Sat, 02 Dec 2023 16:25:27 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 43172
x-xss-protection: 1; mode=block
last-modified: Thu, 14 Sep 2023 00:26:59 GMT
server: cloudflare
cross-origin-opener-policy: same-origin; report-to="apps-themes"
x-frame-options: SAMEORIGIN
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=315360000
vary: Accept-Encoding
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 82f4ed066c6e5d24-SYD
expires: Thu, 31 Dec 2037 23:55:55 GMT

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://baiwa.art/newbaiwa.jpg Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

baiwa.art
fonts.loli.net
gstatic.loli.net
one.wqwai.com
154.3.35.141
202.95.9.71
2606:4700:20::681a:1be
1e480a813ec589364bf0de0f279ad555d2011a0c8f22e33f53e1ba3541f979c1
9e39ec7b42b5f6e62f36e4f1ee181796d0663bc05e2fdf12422d6fc8e2765001
a425fd095907067d246f2e70d7e832f24a63a65ae5e86d2be257a4bd2886c2bf
ad13ba434e51f96910941b373841a70aefd5bc2fa25818a20c96467f9cce7656
ced1d9eee8efaac4625f6983c80920f397c5769aa3ab36f478683d1fafb6e499
d692035c96048f7c156b8891a89986356165ff8772a43fdf8d5cf125d9bdc4bd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f3b217c04f16a176dc801a1a8472af86d77b4b921e1e84d79218255a4a90b4cf

one.wqwai.com Open in urlscan Pro 154.3.35.141 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

8 Requests

100 %HTTPS

33 %IPv6

3 Domains

4 Subdomains

3 IPs

3 Countries

206 kBTransfer

1376 kBSize

0 Cookies

1 Outgoing links

Page URL History

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

0 Cookies

1 Console Messages

Indicators

one.wqwai.com Open in urlscan Pro
154.3.35.141 Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

4
Subdomains

3
IPs

3
Countries

206 kB
Transfer

1376 kB
Size

0
Cookies

8 HTTP transactions
0 data transactions