weqbgt.club
Open in
urlscan Pro
2606:4700:3033::6818:7b61
Malicious Activity!
Public Scan
Submission: On July 31 via manual from IT
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 31st 2020. Valid for: a year.
This is the only time weqbgt.club was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Tech Support Scam (Consumer) Microsoft Defender (Consumer) Generic (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
9 | 2606:4700:303... 2606:4700:3033::6818:7b61 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:80b::2008 | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a00:1450:400... 2a00:1450:4001:808::200e | 15169 (GOOGLE) (GOOGLE) | |
12 | 4 |
ASN15169 (GOOGLE, US)
www.googletagmanager.com |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
weqbgt.club
weqbgt.club |
477 KB |
2 |
google-analytics.com
www.google-analytics.com |
18 KB |
1 |
googletagmanager.com
www.googletagmanager.com |
33 KB |
12 | 3 |
Domain | Requested by | |
---|---|---|
9 | weqbgt.club |
weqbgt.club
|
2 | www.google-analytics.com |
www.googletagmanager.com
weqbgt.club |
1 | www.googletagmanager.com |
weqbgt.club
|
12 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-07-31 - 2021-07-31 |
a year | crt.sh |
*.google-analytics.com GTS CA 1O1 |
2020-07-07 - 2020-09-29 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://weqbgt.club/Wim_dowsfITavLpAx64r7yMFb9n3ts1ei8ZQE5/juYICWaDhwi4d6E3PKkqgxv2fzBTQH/PR9sm0Og6x/?n_b=MSg4NDQpNDY5IDk0ODY=
Frame ID: 93040A9D1B39281537363B97356B913C
Requests: 11 HTTP requests in this frame
Frame:
https://weqbgt.club/Wim_dowsfITavLpAx64r7yMFb9n3ts1ei8ZQE5/juYICWaDhwi4d6E3PKkqgxv2fzBTQH/PR9sm0Og6x/err.mp3
Frame ID: 937E849AF06C6AC9929FD28EE1C045E5
Requests: 2 HTTP requests in this frame
Screenshot
Detected technologies
CloudFlare (CDN) ExpandDetected patterns
- headers server /^cloudflare$/i
Google Analytics (Analytics) Expand
Detected patterns
- script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
weqbgt.club/Wim_dowsfITavLpAx64r7yMFb9n3ts1ei8ZQE5/juYICWaDhwi4d6E3PKkqgxv2fzBTQH/PR9sm0Og6x/ |
55 KB 20 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
weqbgt.club/Wim_dowsfITavLpAx64r7yMFb9n3ts1ei8ZQE5/juYICWaDhwi4d6E3PKkqgxv2fzBTQH/PR9sm0Og6x/js/ |
95 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bg-1.jpg
weqbgt.club/Wim_dowsfITavLpAx64r7yMFb9n3ts1ei8ZQE5/juYICWaDhwi4d6E3PKkqgxv2fzBTQH/PR9sm0Og6x/img/ |
12 KB 12 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bg-3.jpg
weqbgt.club/Wim_dowsfITavLpAx64r7yMFb9n3ts1ei8ZQE5/juYICWaDhwi4d6E3PKkqgxv2fzBTQH/PR9sm0Og6x/img/ |
3 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
defender.png
weqbgt.club/Wim_dowsfITavLpAx64r7yMFb9n3ts1ei8ZQE5/juYICWaDhwi4d6E3PKkqgxv2fzBTQH/PR9sm0Og6x/img/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
image.png
weqbgt.club/Wim_dowsfITavLpAx64r7yMFb9n3ts1ei8ZQE5/juYICWaDhwi4d6E3PKkqgxv2fzBTQH/PR9sm0Og6x/ |
11 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
85 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
239 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
err.mp3
weqbgt.club/Wim_dowsfITavLpAx64r7yMFb9n3ts1ei8ZQE5/juYICWaDhwi4d6E3PKkqgxv2fzBTQH/PR9sm0Og6x/ |
196 KB 197 KB |
Media
audio/mpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
err.mp3
weqbgt.club/Wim_dowsfITavLpAx64r7yMFb9n3ts1ei8ZQE5/juYICWaDhwi4d6E3PKkqgxv2fzBTQH/PR9sm0Og6x/ Frame 937E |
0 0 |
Document
audio/mpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
45 KB 18 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
collect
www.google-analytics.com/r/ |
35 B 98 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
err.mp3
weqbgt.club/Wim_dowsfITavLpAx64r7yMFb9n3ts1ei8ZQE5/juYICWaDhwi4d6E3PKkqgxv2fzBTQH/PR9sm0Og6x/ Frame 937E |
196 KB 197 KB |
Media
audio/mpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Tech Support Scam (Consumer) Microsoft Defender (Consumer) Generic (Online)43 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery function| formatAMPM function| getURLParameter function| random_betw string| phone string| text number| w number| h boolean| isOpera boolean| isFirefox boolean| isSafari boolean| isChrome boolean| isIE string| nm string| encode_version string| uygxy object| __0x43002 function| _0x49a7 function| _0x4a0146 function| _0x509800 function| _0x199647 function| _0x47d4df function| _0x8dceb3 function| _0x191503 function| get_browser boolean| InternetEx boolean| isIEedge object| browser undefined| msg_ff function| gtag object| dataLayer object| modal object| btn undefined| span function| addEvent object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| gaplugins object| gaGlobal object| gaData4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.weqbgt.club/ | Name: _gat_gtag_UA_140514612_1 Value: 1 |
|
.weqbgt.club/ | Name: _gid Value: GA1.2.1150205722.1596215368 |
|
.weqbgt.club/ | Name: _ga Value: GA1.2.397332356.1596215368 |
|
.weqbgt.club/ | Name: __cfduid Value: dc891c7b1dd4a798fcb4eb4d2520290da1596215367 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
weqbgt.club
www.google-analytics.com
www.googletagmanager.com
2606:4700:3033::6818:7b61
2a00:1450:4001:808::200e
2a00:1450:4001:80b::2008
1194f4b1c4226e5bcd550b672ebec8f8c938e67385238ec4dce70cb59d1b22cf
2057ade9777eda1859f6ee90a91e8fe260beee28fb9a0731e350a5fbba0df187
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8dd62189df99f0da594ae7adc0d990cc784479bb7af39661b5646a4787903f6a
95914789b5f3307a3718679e867d61b9d4c03f749cd2e2970570331d7d6c8ed9
b91c55f5f6c3e7f4868b22a07b618e6800d16fcf292e30f504a7bfe811b867f3
bd08b9849632e73574f62ca80572a17f9bbd9bb1010fe8c6380e641460abd96c
c316ec8899c3eb14745e05ebe6e60cf8b85f9e355578abd453e4e9a372fe5754
e10d4fc1e82baa4008a190b5c4be5f2010da7d3b2fb11c805d10eec5b5fb5842
fc59bbb18f923747b9cd3f3b23537ff09c5ad2fdfc1505a4800a3f269a234e65
fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955