wempy.xyz Open in urlscan Pro
2606:4700:3036::ac43:d8c5 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://wempy.xyz/waw-note/assets/public/js/.../a/clients/
Submission: On December 13 via automatic, source openphish (December 13th 2022, 1:06:42 am UTC) — Scanned from DE

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 16 HTTP transactions. The main IP is 2606:4700:3036::ac43:d8c5, located in United States and belongs to . The main domain is wempy.xyz.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 11th 2022. Valid for: a year.

This is the only time wempy.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Nickel (Financial)

Domain & IP information

	IP Address	AS Autonomous System
1 11	2606:4700:303... 2606:4700:3036::ac43:d8c5	() ()
4	23.3.88.64 23.3.88.64	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:1b	() ()
1	2a06:98c1:312... 2a06:98c1:3120::3	() ()
16	4

11 2606:4700:3036::ac43:d8c5 (United States) 1 redirects

ASN- ()

wempy.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.3.88.64 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-3-88-64.deploy.static.akamaitechnologies.com

app.nickel.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static-resources.nickel.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:1b (Netherlands)

ASN- ()

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3120::3 (United States)

ASN- ()

rawgit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	wempy.xyz 1 redirects wempy.xyz	41 KB
4	nickel.eu app.nickel.eu static-resources.nickel.eu	289 KB
1	rawgit.com rawgit.com — Cisco Umbrella Rank: 9351	38 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 687	30 KB
16	4

	Domain	Requested by
11	wempy.xyz	1 redirects wempy.xyz
3	static-resources.nickel.eu	wempy.xyz
1	rawgit.com	wempy.xyz
1	code.jquery.com	wempy.xyz
1	app.nickel.eu	wempy.xyz
16	5

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-05-11` - `2023-05-10`	a year	crt.sh
bnp09s.bnpparibas.com DigiCert TLS RSA SHA256 2020 CA1	`2022-10-11` - `2023-03-22`	5 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-03` - `2023-07-14`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://wempy.xyz/waw-note/assets/public/js/.../a/clients/
Frame ID: B7399F7C276BF1BBAA7C869C79471232
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Espace client : Gérer son compte | Nickel

Page URL History Show full URLs

https://wempy.xyz/waw-note/assets/public/js/.../a/clients HTTP 301
https://wempy.xyz/waw-note/assets/public/js/.../a/clients/ Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

16
Requests

100 %
HTTPS

75 %
IPv6

4
Domains

5
Subdomains

4
IPs

3
Countries

398 kB
Transfer

820 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://wempy.xyz/waw-note/assets/public/js/.../a/clients HTTP 301
https://wempy.xyz/waw-note/assets/public/js/.../a/clients/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
wempy.xyz/waw-note/assets/public/js/.../a/clients/
Redirect Chain

https://wempy.xyz/waw-note/assets/public/js/.../a/clients
https://wempy.xyz/waw-note/assets/public/js/.../a/clients/

185 KB
26 KB

46ms
46ms

Document
text/html

2606:4700:3036::ac43:d8c5

General

Check archive.org

Show headers Download Go to

Full URL: https://wempy.xyz/waw-note/assets/public/js/.../a/clients/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:d8c5 , United States, ASN (),
Reverse DNS
Software: cloudflare / PHP/7.4.33
Resource Hash: b38dc0f21d38df11cb79d0efd1beaf886d6d2372fad9b169066b649b93bdf605

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 778acc5aeb3a9106-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 13 Dec 2022 01:06:37 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u6kSZWfAwdrA13eoB27xM1I3B42eIqF%2BnYdPHMRTu0pJhkG8NHPzpMEa047mK3wuNeGzlvpNS%2BcvFLJFgWV58WfKwKFHn75DzZHLe55gZdqz%2Bs5AHS2neBbISlwdDXNTrDn8ttXN%2BI0%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
x-turbo-charged-by: LiteSpeed

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 778acc5a9af79106-FRA
content-type: text/html
date: Tue, 13 Dec 2022 01:06:37 GMT
location: https://wempy.xyz/waw-note/assets/public/js/.../a/clients/
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IbWndO%2FT0%2F4SRyi3bEpKREXAiXL%2BbCLMimyy3JBRzQn0p2KqAWnIQfTRA93CPz24bJRsOE2G0Ph8mmN8iuWs0DdHZgKlx7D2Ute6bD%2BbPqBDDGQ%2BZE8oY81IWPGYH2buAKGMXyoxlkQ%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-turbo-charged-by: LiteSpeed

GET
H3 200 86fffa26.chunk.css
wempy.xyz/waw-note/assets/public/js/.../a/assets/css/ 18 KB
3 KB 30ms
29ms Stylesheet
text/css 2606:4700:3036::ac43:d8c5

General

Check archive.org

Show headers Download Go to

Full URL: https://wempy.xyz/waw-note/assets/public/js/.../a/assets/css/86fffa26.chunk.css
Requested by: Host: wempy.xyz
URL: https://wempy.xyz/waw-note/assets/public/js/.../a/clients/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:d8c5 , United States, ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 6f460df1a967cbbaccb20773ed122111eed14dadf91a4f77830e3daefeafb31b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wempy.xyz/waw-note/assets/public/js/.../a/clients/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 01:06:37 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1014
cf-polished: origSize=26079
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Sat, 19 Nov 2022 15:09:09 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tyy%2BXk2hHKnlqlc36lG1ftkVI2%2FZPbOY7W976%2FrGYsC%2BIEuupJy1%2BpDgY0alJ7TvyjSyyIJF4qcd10UB0BkK9FI%2FHoRzrbvW02D%2F%2B78ZQ6vkvRacqEA2UVxV5vk3RIfVzlpwlajMhLw%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 778acc5b38439a05-FRA
expires: Tue, 20 Dec 2022 00:49:43 GMT

GET
H3 200 24571a40.chunk.css
wempy.xyz/waw-note/assets/public/js/.../a/assets/css/ 24 KB
5 KB 32ms
29ms Stylesheet
text/css 2606:4700:3036::ac43:d8c5

General

Check archive.org

Show headers Download Go to

Full URL: https://wempy.xyz/waw-note/assets/public/js/.../a/assets/css/24571a40.chunk.css
Requested by: Host: wempy.xyz
URL: https://wempy.xyz/waw-note/assets/public/js/.../a/clients/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:d8c5 , United States, ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 4ee5b1c0d5fb43cdd9f10a69542383483827bdb0ce117709d649ff8f33fdc818

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wempy.xyz/waw-note/assets/public/js/.../a/clients/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 01:06:37 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 96827
cf-polished: origSize=32830
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Sat, 19 Nov 2022 15:09:09 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BKwM6xdiuoNOGI%2FDeP5cy0cYorJsUBCUPzCPbfaLZD0XZJpkNcGNGnkKlmmhgPAln5Wd9OamTZP33Ky0o3YtNOmyxj7yDH70NeMKiQ6GvAQJUajA3kEL9wAzLOSx7bezS68UAxu%2FN%2Fc%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 778acc5b38479a05-FRA
expires: Sun, 18 Dec 2022 22:12:51 GMT

GET
H3 200 des.css
wempy.xyz/waw-note/assets/public/js/.../a/assets/css/ 8 KB
2 KB 36ms
34ms Stylesheet
text/css 2606:4700:3036::ac43:d8c5

General

Check archive.org

Show headers Download Go to

Full URL: https://wempy.xyz/waw-note/assets/public/js/.../a/assets/css/des.css
Requested by: Host: wempy.xyz
URL: https://wempy.xyz/waw-note/assets/public/js/.../a/clients/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:d8c5 , United States, ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 5550e78968b92aaa536d2e7fa9ec9229cb213d83d3804745a03f5afa059d1ea5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wempy.xyz/waw-note/assets/public/js/.../a/clients/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 01:06:37 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1014
cf-polished: origSize=10184
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Sat, 19 Nov 2022 15:09:09 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XARv8MvpCFObDIBU3wT46%2F8brlGp89sazXgeWLonCGieYNbh4ZDGxYJvIAyhqHHnLjSf1ANwmHRK0zZanC3liXmz6Hlz20hoBK5Ha2wVr8RKZkMMI4l%2FC6JlhjguUZFjtXt6Fdljwuw%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 778acc5b38489a05-FRA
expires: Tue, 20 Dec 2022 00:49:43 GMT

GET
H3 200 f55d3599.chunk.css
wempy.xyz/waw-note/assets/public/js/.../a/assets/css/ 4 KB
1 KB 36ms
34ms Stylesheet
text/css 2606:4700:3036::ac43:d8c5

General

Check archive.org

Show headers Download Go to

Full URL: https://wempy.xyz/waw-note/assets/public/js/.../a/assets/css/f55d3599.chunk.css
Requested by: Host: wempy.xyz
URL: https://wempy.xyz/waw-note/assets/public/js/.../a/clients/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:d8c5 , United States, ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: dade3890ef84ee8cb67257689bb3b353af9e3605da903a2fcbb7968e1142cafd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wempy.xyz/waw-note/assets/public/js/.../a/clients/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 01:06:37 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1013
cf-polished: origSize=5859
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Sat, 19 Nov 2022 15:09:09 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1C9T5OtskD29ld4UgzCMU19KUx1gH05KWcnMOlZY%2BVBcW%2BzEGt6ioUqAjk%2FiXvhwRtQQsEET4%2FLOv%2FO6bpur0K5fwrVMOU%2BU3DUyRxsDrx3f4iJLfPK4vnAHG%2BMnrOlBMinG%2FU%2FjdLU%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 778acc5b38499a05-FRA
expires: Tue, 20 Dec 2022 00:49:44 GMT

GET
H3 200 645939e1.chunk.css
wempy.xyz/waw-note/assets/public/js/.../a/assets/css/ 8 KB
2 KB 33ms
31ms Stylesheet
text/css 2606:4700:3036::ac43:d8c5

General

Check archive.org

Show headers Download Go to

Full URL: https://wempy.xyz/waw-note/assets/public/js/.../a/assets/css/645939e1.chunk.css
Requested by: Host: wempy.xyz
URL: https://wempy.xyz/waw-note/assets/public/js/.../a/clients/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:d8c5 , United States, ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 6c7d3526de58f942950705335bf809740f3cb68a51f7bfa67ac5980d1615f22d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wempy.xyz/waw-note/assets/public/js/.../a/clients/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 01:06:37 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1013
cf-polished: origSize=10233
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Sat, 19 Nov 2022 15:09:09 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zFuy1S958XC%2FQmo4nb8hA5WmfviYJxx430WOTPDtHcW9fFmyWQ13zqrRUvtiDWh6LJjgATqOwt0cCHtRoOK%2FN2msJ%2Fk6PN4QpWo7tta7I4Wb58fRGzZoheJYVDS%2Bj%2BpIjB8r%2FWHxQFw%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 778acc5b384b9a05-FRA
expires: Tue, 20 Dec 2022 00:49:44 GMT

GET
H3 200 fe9185d1.chunk.css
wempy.xyz/waw-note/assets/public/js/.../a/assets/css/ 4 KB
1 KB 32ms
30ms Stylesheet
text/css 2606:4700:3036::ac43:d8c5

General

Check archive.org

Show headers Download Go to

Full URL: https://wempy.xyz/waw-note/assets/public/js/.../a/assets/css/fe9185d1.chunk.css
Requested by: Host: wempy.xyz
URL: https://wempy.xyz/waw-note/assets/public/js/.../a/clients/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:d8c5 , United States, ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: 3903d8031116d50b81d237dfdd6a9215d7415ecc8d852f039d5471abb1fe5d09

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wempy.xyz/waw-note/assets/public/js/.../a/clients/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 01:06:37 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1013
cf-polished: origSize=5595
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Sat, 19 Nov 2022 15:09:09 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1c26CtmAJNE2OXU3iJYXRMrjV8nh6BnmfSomS37ON9kCNErLLZLzt8lhqN0MU%2BzyU9pGjeFrzdLKlfg1%2Fb7zc8AdMBjTcNMm6X1sYebL99QPsoFdTZjb2r8hjlTx6diUN04vYU%2Fdr5c%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
x-turbo-charged-by: LiteSpeed
cf-ray: 778acc5b384d9a05-FRA
expires: Tue, 20 Dec 2022 00:49:44 GMT

GET
H3 404 2282daa7.chunk.css
wempy.xyz/waw-note/assets/public/js/.../a/assets/css/ 0
0 50ms
48ms Stylesheet
text/html 2606:4700:3036::ac43:d8c5

General

Check archive.org

Show headers Download Go to

Full URL: https://wempy.xyz/waw-note/assets/public/js/.../a/assets/css/2282daa7.chunk.css
Requested by: Host: wempy.xyz
URL: https://wempy.xyz/waw-note/assets/public/js/.../a/clients/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:d8c5 , United States, ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wempy.xyz/waw-note/assets/public/js/.../a/clients/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Dec 2022 01:06:37 GMT
content-encoding: br
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6KtKS%2Bk8uH77czOFrOisPSTZVgMIcXz8iN3SzTSFlAowPGdAtQR2%2Bd6BoeBsuWZ4lkQVICuXHukbPMZutIOgGf08ML5sBbP28yDM46czxFJrzH3PJs188p%2BhVQhIsfI8kCZb1g%2BIhkc%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
x-turbo-charged-by: LiteSpeed
cf-ray: 778acc5b384e9a05-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 404 74.b7389af6.chunk.css
wempy.xyz/waw-note/assets/public/js/.../a/assets/css/ 0
0 52ms
50ms Stylesheet
text/html 2606:4700:3036::ac43:d8c5

General

Check archive.org

Show headers Download Go to

Full URL: https://wempy.xyz/waw-note/assets/public/js/.../a/assets/css/74.b7389af6.chunk.css
Requested by: Host: wempy.xyz
URL: https://wempy.xyz/waw-note/assets/public/js/.../a/clients/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:d8c5 , United States, ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wempy.xyz/waw-note/assets/public/js/.../a/clients/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Dec 2022 01:06:37 GMT
content-encoding: br
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vMqUQQs2lcHGVY7uHLLbc%2FdoOagY0bq%2Fzpv61NPQHp6wO1xXIDpxBpeM6%2FfSQ8pcH9I4gRZCcd5%2BMItGZnlhebRh6ZEdlFJqYFK9RtPiaezhC7hKRnXsZ4sY1YYA1vx9WSqRRMTazKY%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
x-turbo-charged-by: LiteSpeed
cf-ray: 778acc5b38509a05-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 404 65.045f2d82.chunk.css
wempy.xyz/waw-note/assets/public/js/.../a/assets/css/ 0
0 50ms
49ms Stylesheet
text/html 2606:4700:3036::ac43:d8c5

General

Check archive.org

Show headers Download Go to

Full URL: https://wempy.xyz/waw-note/assets/public/js/.../a/assets/css/65.045f2d82.chunk.css
Requested by: Host: wempy.xyz
URL: https://wempy.xyz/waw-note/assets/public/js/.../a/clients/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::ac43:d8c5 , United States, ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wempy.xyz/waw-note/assets/public/js/.../a/clients/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 13 Dec 2022 01:06:37 GMT
content-encoding: br
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1mhm04uvM14oFRKl3R3S%2Bu3GO5TELH4C10xlK7LodjA5KtahKTqCksEEw3Id%2B1JuEDcW0A3QzC5vpCqx%2F7If%2Bo3pHTDSZiXuZ%2F74mLRT8tDeznFs2dr%2FqR80T4t4sD5R1EjPSoTJVHM%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
x-turbo-charged-by: LiteSpeed
cf-ray: 778acc5b38519a05-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H/1.1 200
OK sketch-homepage.a14b9180.png
app.nickel.eu/static/media/ 193 KB
194 KB 275ms
64ms Image
image/png 23.3.88.64
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://app.nickel.eu/static/media/sketch-homepage.a14b9180.png

Requested by

Host: wempy.xyz
URL: https://wempy.xyz/waw-note/assets/public/js/.../a/clients/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.3.88.64 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-3-88-64.deploy.static.akamaitechnologies.com

Software

Resource Hash

234a61d9c004512f92960323b0e8ea01bf7138f7e3daa22648f50000bec54301

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wempy.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
x-envoy-decorator-operation: espace-perso.spartacus-frontend.svc.cluster.local:80/*
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self'
Last-Modified: Wed, 02 Nov 2022 13:55:29 GMT
Date: Tue, 13 Dec 2022 01:06:38 GMT
ETag: "636276d1-304db"
X-Frame-Options: sameorigin
Content-Type: image/png
Cache-Control: public
x-envoy-upstream-service-time: 0
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 197851
X-Xss-Protection: 1; mode=block

GET
H2 200 jquery-3.6.0.min.js Show response
code.jquery.com/ 87 KB
30 KB 34ms
10ms Script
application/javascript 2001:4de0:ac18::1:a:1b

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.0.min.js
Requested by: Host: wempy.xyz
URL: https://wempy.xyz/waw-note/assets/public/js/.../a/clients/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:1b , Netherlands, ASN (),
Reverse DNS
Software: nginx /
Resource Hash: ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wempy.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 01:06:38 GMT
content-encoding: gzip
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
server: nginx
etag: W/"611feac9-15d9d"
vary: Accept-Encoding
x-hw: 1670893598.dop204.fr8.t,1670893598.cds226.fr8.hn,1670893598.cds144.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30875

GET
H2 200 jquery.inputmask.js Show response
rawgit.com/RobinHerbots/Inputmask/5.x/dist/ 195 KB
38 KB 222ms
192ms Script
application/javascript 2a06:98c1:3120::3

General

Check archive.org

Show headers Download Go to

Full URL

https://rawgit.com/RobinHerbots/Inputmask/5.x/dist/jquery.inputmask.js

Requested by

Host: wempy.xyz
URL: https://wempy.xyz/waw-note/assets/public/js/.../a/clients/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN (),

Reverse DNS

Software

cloudflare /

Resource Hash

e465d49655799b49db7226d6a33c4abb13ce8294aa91f1c5164b9198539c37c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wempy.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Tue, 13 Dec 2022 01:06:38 GMT
strict-transport-security: max-age=31536000; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
rawgit-cache-status: EXPIRED
server: cloudflare
etag: W/"3570f14dcd4846ed412dfa7e401c50c22c546d27f456714e243f252214957706"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gzh%2FoN73AywuHnMudOWu9kdz5lDucNpHI9IKAcdyjEtNH5ufiy4yY8G1jxTNZIkkyF%2FaWhqSgTtueBP1oP3Ya2bRm1xJISUeHx7IkspOKCTd7HNtvITRbvkKqsfYOwj36hYWZa4sHxGJ"}],"group":"cf-nel","max_age":604800}
sunset: Tue, 01 Oct 2019 00:00:00 GMT
access-control-allow-origin: *
content-type: application/javascript;charset=utf-8
cache-control: max-age=3600, s-maxage=300
x-robots-tag: none
link: <https://rawgit.com/>; rel="sunset"; title="RawGit will soon shut down. Please stop using it."
cf-ray: 778acc5b8c276922-FRA

GET
H/1.1 200
OK MullerNarrow-Light.woff2
static-resources.nickel.eu/fonts/ 31 KB
32 KB 136ms
43ms Font
font/woff2 23.3.88.64
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://static-resources.nickel.eu/fonts/MullerNarrow-Light.woff2

Requested by

Host: wempy.xyz
URL: https://wempy.xyz/waw-note/assets/public/js/.../a/assets/css/86fffa26.chunk.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.3.88.64 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-3-88-64.deploy.static.akamaitechnologies.com

Software

Resource Hash

f0e7fef75b97057f33e9ba884f068688dd6514ad2e303685ab29418e1390b842

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://wempy.xyz/
Origin: https://wempy.xyz
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15724800; includeSubDomains
x-envoy-decorator-operation: static-resources.spartacus-frontend.svc.cluster.local:80/*
Date: Tue, 13 Dec 2022 01:06:38 GMT
Last-Modified: Wed, 01 Sep 2021 15:49:38 GMT
ETag: "612fa112-7d18"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate
x-envoy-upstream-service-time: 0
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 32024

GET
H/1.1 200
OK MullerNarrow-ExtraBold.woff2
static-resources.nickel.eu/fonts/ 30 KB
31 KB 118ms
27ms Font
font/woff2 23.3.88.64
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://static-resources.nickel.eu/fonts/MullerNarrow-ExtraBold.woff2

Requested by

Host: wempy.xyz
URL: https://wempy.xyz/waw-note/assets/public/js/.../a/assets/css/86fffa26.chunk.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.3.88.64 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-3-88-64.deploy.static.akamaitechnologies.com

Software

Resource Hash

e671416c9ac25a7877362f1c6581b91fbe987ec04e187b365a96a3feecc2bb1a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://wempy.xyz/
Origin: https://wempy.xyz
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15724800; includeSubDomains
x-envoy-decorator-operation: static-resources.spartacus-frontend.svc.cluster.local:80/*
Date: Tue, 13 Dec 2022 01:06:38 GMT
Last-Modified: Wed, 01 Sep 2021 15:49:38 GMT
ETag: "612fa112-78f8"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate
x-envoy-upstream-service-time: 0
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 30968

GET
H/1.1 200
OK MullerNarrow-Medium.woff2
static-resources.nickel.eu/fonts/ 32 KB
33 KB 153ms
63ms Font
font/woff2 23.3.88.64
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://static-resources.nickel.eu/fonts/MullerNarrow-Medium.woff2

Requested by

Host: wempy.xyz
URL: https://wempy.xyz/waw-note/assets/public/js/.../a/assets/css/86fffa26.chunk.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.3.88.64 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-3-88-64.deploy.static.akamaitechnologies.com

Software

Resource Hash

f996d7eb10768373376f60c455f38135808f5ad7d6a347aec0584362de092fa7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://wempy.xyz/
Origin: https://wempy.xyz
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15724800; includeSubDomains
x-envoy-decorator-operation: static-resources.spartacus-frontend.svc.cluster.local:80/*
Date: Tue, 13 Dec 2022 01:06:38 GMT
Last-Modified: Wed, 01 Sep 2021 15:49:38 GMT
ETag: "612fa112-8114"
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate
x-envoy-upstream-service-time: 0
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 33044

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Nickel (Financial)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			wempy.xyz/	1969-12-31 23:59:59	Name: PHPSESSID Value: 65c4d9ebce6262d7772c2adb799d0604

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://wempy.xyz/waw-note/assets/public/js/.../a/assets/css/2282daa7.chunk.css Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://wempy.xyz/waw-note/assets/public/js/.../a/assets/css/65.045f2d82.chunk.css Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://wempy.xyz/waw-note/assets/public/js/.../a/assets/css/74.b7389af6.chunk.css Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.nickel.eu
code.jquery.com
rawgit.com
static-resources.nickel.eu
wempy.xyz
2001:4de0:ac18::1:a:1b
23.3.88.64
2606:4700:3036::ac43:d8c5
2a06:98c1:3120::3
234a61d9c004512f92960323b0e8ea01bf7138f7e3daa22648f50000bec54301
3903d8031116d50b81d237dfdd6a9215d7415ecc8d852f039d5471abb1fe5d09
4ee5b1c0d5fb43cdd9f10a69542383483827bdb0ce117709d649ff8f33fdc818
5550e78968b92aaa536d2e7fa9ec9229cb213d83d3804745a03f5afa059d1ea5
6c7d3526de58f942950705335bf809740f3cb68a51f7bfa67ac5980d1615f22d
6f460df1a967cbbaccb20773ed122111eed14dadf91a4f77830e3daefeafb31b
b38dc0f21d38df11cb79d0efd1beaf886d6d2372fad9b169066b649b93bdf605
dade3890ef84ee8cb67257689bb3b353af9e3605da903a2fcbb7968e1142cafd
e465d49655799b49db7226d6a33c4abb13ce8294aa91f1c5164b9198539c37c3
e671416c9ac25a7877362f1c6581b91fbe987ec04e187b365a96a3feecc2bb1a
f0e7fef75b97057f33e9ba884f068688dd6514ad2e303685ab29418e1390b842
f996d7eb10768373376f60c455f38135808f5ad7d6a347aec0584362de092fa7
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

wempy.xyz Open in urlscan Pro 2606:4700:3036::ac43:d8c5 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

16 Requests

100 %HTTPS

75 %IPv6

4 Domains

5 Subdomains

4 IPs

3 Countries

398 kBTransfer

820 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

1 Cookies

3 Console Messages

Indicators

wempy.xyz Open in urlscan Pro
2606:4700:3036::ac43:d8c5 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

100 %
HTTPS

75 %
IPv6

4
Domains

5
Subdomains

4
IPs

3
Countries

398 kB
Transfer

820 kB
Size

1
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!