wempy.xyz
Open in
urlscan Pro
2606:4700:3036::ac43:d8c5
Malicious Activity!
Public Scan
Submission: On December 13 via automatic, source openphish — Scanned from DE
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 11th 2022. Valid for: a year.
This is the only time wempy.xyz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Nickel (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 11 | 2606:4700:303... 2606:4700:3036::ac43:d8c5 | () () | |
4 | 23.3.88.64 23.3.88.64 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 2001:4de0:ac1... 2001:4de0:ac18::1:a:1b | () () | |
1 | 2a06:98c1:312... 2a06:98c1:3120::3 | () () | |
16 | 4 |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-3-88-64.deploy.static.akamaitechnologies.com
app.nickel.eu | |
static-resources.nickel.eu |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
wempy.xyz
1 redirects
wempy.xyz |
41 KB |
4 |
nickel.eu
app.nickel.eu static-resources.nickel.eu |
289 KB |
1 |
rawgit.com
rawgit.com — Cisco Umbrella Rank: 9351 |
38 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 687 |
30 KB |
16 | 4 |
Domain | Requested by | |
---|---|---|
11 | wempy.xyz |
1 redirects
wempy.xyz
|
3 | static-resources.nickel.eu |
wempy.xyz
|
1 | rawgit.com |
wempy.xyz
|
1 | code.jquery.com |
wempy.xyz
|
1 | app.nickel.eu |
wempy.xyz
|
16 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-05-11 - 2023-05-10 |
a year | crt.sh |
bnp09s.bnpparibas.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-10-11 - 2023-03-22 |
5 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2022-08-03 - 2023-07-14 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://wempy.xyz/waw-note/assets/public/js/.../a/clients/
Frame ID: B7399F7C276BF1BBAA7C869C79471232
Requests: 16 HTTP requests in this frame
Screenshot
Page Title
Espace client : GĂ©rer son compte | NickelPage URL History Show full URLs
-
https://wempy.xyz/waw-note/assets/public/js/.../a/clients
HTTP 301
https://wempy.xyz/waw-note/assets/public/js/.../a/clients/ Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://wempy.xyz/waw-note/assets/public/js/.../a/clients
HTTP 301
https://wempy.xyz/waw-note/assets/public/js/.../a/clients/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
wempy.xyz/waw-note/assets/public/js/.../a/clients/ Redirect Chain
|
185 KB 26 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
86fffa26.chunk.css
wempy.xyz/waw-note/assets/public/js/.../a/assets/css/ |
18 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
24571a40.chunk.css
wempy.xyz/waw-note/assets/public/js/.../a/assets/css/ |
24 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
des.css
wempy.xyz/waw-note/assets/public/js/.../a/assets/css/ |
8 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
f55d3599.chunk.css
wempy.xyz/waw-note/assets/public/js/.../a/assets/css/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
645939e1.chunk.css
wempy.xyz/waw-note/assets/public/js/.../a/assets/css/ |
8 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
fe9185d1.chunk.css
wempy.xyz/waw-note/assets/public/js/.../a/assets/css/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
2282daa7.chunk.css
wempy.xyz/waw-note/assets/public/js/.../a/assets/css/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
74.b7389af6.chunk.css
wempy.xyz/waw-note/assets/public/js/.../a/assets/css/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
65.045f2d82.chunk.css
wempy.xyz/waw-note/assets/public/js/.../a/assets/css/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sketch-homepage.a14b9180.png
app.nickel.eu/static/media/ |
193 KB 194 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.6.0.min.js
code.jquery.com/ |
87 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.inputmask.js
rawgit.com/RobinHerbots/Inputmask/5.x/dist/ |
195 KB 38 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
MullerNarrow-Light.woff2
static-resources.nickel.eu/fonts/ |
31 KB 32 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
MullerNarrow-ExtraBold.woff2
static-resources.nickel.eu/fonts/ |
30 KB 31 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
MullerNarrow-Medium.woff2
static-resources.nickel.eu/fonts/ |
32 KB 33 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Nickel (Financial)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontentvisibilityautostatechange function| $ function| jQuery function| Inputmask function| default function| resetpass function| refreshpass1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
wempy.xyz/ | Name: PHPSESSID Value: 65c4d9ebce6262d7772c2adb799d0604 |
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
app.nickel.eu
code.jquery.com
rawgit.com
static-resources.nickel.eu
wempy.xyz
2001:4de0:ac18::1:a:1b
23.3.88.64
2606:4700:3036::ac43:d8c5
2a06:98c1:3120::3
234a61d9c004512f92960323b0e8ea01bf7138f7e3daa22648f50000bec54301
3903d8031116d50b81d237dfdd6a9215d7415ecc8d852f039d5471abb1fe5d09
4ee5b1c0d5fb43cdd9f10a69542383483827bdb0ce117709d649ff8f33fdc818
5550e78968b92aaa536d2e7fa9ec9229cb213d83d3804745a03f5afa059d1ea5
6c7d3526de58f942950705335bf809740f3cb68a51f7bfa67ac5980d1615f22d
6f460df1a967cbbaccb20773ed122111eed14dadf91a4f77830e3daefeafb31b
b38dc0f21d38df11cb79d0efd1beaf886d6d2372fad9b169066b649b93bdf605
dade3890ef84ee8cb67257689bb3b353af9e3605da903a2fcbb7968e1142cafd
e465d49655799b49db7226d6a33c4abb13ce8294aa91f1c5164b9198539c37c3
e671416c9ac25a7877362f1c6581b91fbe987ec04e187b365a96a3feecc2bb1a
f0e7fef75b97057f33e9ba884f068688dd6514ad2e303685ab29418e1390b842
f996d7eb10768373376f60c455f38135808f5ad7d6a347aec0584362de092fa7
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e