app.wnnvqtg.cn
Open in
urlscan Pro
43.245.199.189
Malicious Activity!
Public Scan
Submission: On May 17 via api from US — Scanned from DE
Summary
TLS certificate: Issued by R3 on April 18th 2024. Valid for: 3 months.
This is the only time app.wnnvqtg.cn was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: imToken (Crypto)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
16 | 43.245.199.189 43.245.199.189 | 55799 (IPTELECOM...) (IPTELECOM-AP IPTELECOM ASIA) | |
16 | 1 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
16 |
wnnvqtg.cn
app.wnnvqtg.cn |
105 KB |
16 | 1 |
Domain | Requested by | |
---|---|---|
16 | app.wnnvqtg.cn |
app.wnnvqtg.cn
|
16 | 1 |
This site contains links to these domains. Also see Links.
Domain |
---|
apps.apple.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
cn.im-tekon.net R3 |
2024-04-18 - 2024-07-17 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://app.wnnvqtg.cn/
Frame ID: EAD8FA2F9A6888F7B78F2F0D35C149C4
Requests: 16 HTTP requests in this frame
Screenshot
Page Title
imTekon | Ethereum & Bitcoin WalletimToken 官網Detected technologies
Ant Design (JavaScript Frameworks) ExpandDetected patterns
- <[^>]*class="ant-(?:btn|col|row|layout|breadcrumb|menu|pagination|steps|select|cascader|checkbox|calendar|form|input-number|input|mention|rate|radio|slider|switch|tree-select|time-picker|transfer|upload|avatar|badge|card|carousel|collapse|list|popover|tooltip|table|tabs|tag|timeline|tree|alert|modal|message|notification|progress|popconfirm|spin|anchor|back-top|divider|drawer)
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
app.wnnvqtg.cn/ |
9 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
min.css
app.wnnvqtg.cn/images/ |
22 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
c8.css
app.wnnvqtg.cn/images/ |
92 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
1f.css
app.wnnvqtg.cn/images/ |
250 KB 29 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Logo.png
app.wnnvqtg.cn/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
menu.png
app.wnnvqtg.cn/images/ |
198 B 245 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
alarm.png
app.wnnvqtg.cn/images/ |
650 B 721 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pg.png
app.wnnvqtg.cn/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
az.png
app.wnnvqtg.cn/images/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ewm_icon.png
app.wnnvqtg.cn/images/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ewm.png
app.wnnvqtg.cn/ |
261 B 261 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app-store.png
app.wnnvqtg.cn/images/ |
261 B 261 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
apk-zh.png
app.wnnvqtg.cn/images/ |
261 B 261 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
google-play.png
app.wnnvqtg.cn/images/ |
0 58 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
banner.png
app.wnnvqtg.cn/images/ |
45 KB 45 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
app.wnnvqtg.cn/ |
261 B 311 B |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: imToken (Crypto)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
app.wnnvqtg.cn
43.245.199.189
1ba807b60f7df0e6e19193194d045845b50a1d76af1e473e9ef7ed52143648d6
4344ea6e66694a6be70c74c5c1786294f459bc734d5949e8b20d5c7b88f61c81
5b175bb18fa40440531948ef26193ddf96e94391285b78aa1cb70813585e9ebb
72ca9f3dec597bf643b1900715e42d1e2f17d1a3b95ce2f560fdc3c808b55be2
9027ae8720dcf2ba21cef7df6c9fd3c7788953c7d190343925c84edd049cf449
962b5b27c637c7cf19a4f3fdb41eb23f06c81c0093ec3aea5185cd76af9eaef6
981dfb9c5716dce1c57c17c650f33245c0cf1f72d7252c28be392615e1e5a53f
a068ca95789eb8ef8185989fce563012b7d7afa2bbe30004863898b8418a8de3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3c68a29756cadafe87d1cf2e9b02a1006c2b0d127bd73c82ef425677294d56a
eb9ccf2adf24f364553dd1fad2a8008efe0973f9d117160981e69a24e5f2bbe0
ec98313bc0502aa53bcf38ac918ec150ac8438001a51a8e57fd3b7d02ef232c3
f6af45fea6e4da3b442fdd8b8eac5a3ce4de9041f61e5fccd5a201423ea01a75