wab.whatlto3hd.icu Open in urlscan Pro
2606:4700:3032::6815:1be1 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://wab.whatlto3hd.icu/
Submission: On July 11 via api (July 11th 2024, 9:55:08 am UTC) from HK — Scanned from DE

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 13 HTTP transactions. The main IP is 2606:4700:3032::6815:1be1, located in United States and belongs to CLOUDFLARENET, US. The main domain is wab.whatlto3hd.icu.
TLS certificate: Issued by WE1 on July 7th 2024. Valid for: 3 months.

This is the only time wab.whatlto3hd.icu was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: WhatsApp (Instant Messenger)

Domain & IP information

	IP Address		AS Autonomous System
13	2606:4700:303... 2606:4700:3032::6815:1be1		13335 (CLOUDFLAR...) (CLOUDFLARENET)
13	2

13 2606:4700:3032::6815:1be1 (United States)

ASN13335 (CLOUDFLARENET, US)

wab.whatlto3hd.icu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	whatlto3hd.icu wab.whatlto3hd.icu	405 KB
13	1

	Domain	Requested by
13	wab.whatlto3hd.icu	wab.whatlto3hd.icu
13	1

This site contains no links.

Subject Issuer	Validity	Valid
whatlto3hd.icu WE1	`2024-07-07` - `2024-10-05`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://wab.whatlto3hd.icu/
Frame ID: F86B7DDBD0DC8948E8B0DACE93D0CF6C
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

wab.whatlto3hd.icu

Detected technologies

Vue.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+\sdata-v(?:ue)?-

Page Statistics

13
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

405 kB
Transfer

1335 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
2 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H3	200	Primary Request / Show response wab.whatlto3hd.icu/	1 KB 955 B	513ms 455ms	Document text/html	2606:4700:3032::6815:1be1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wab.whatlto3hd.icu/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::6815:1be1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `94d19eed9a1fee2cef132d393711f3756b5835ac48a1b1c1ef9e1496d05dacfe` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 8a17ea6bdad69fd8-AMS content-encoding br content-type text/html date Thu, 11 Jul 2024 09:55:04 GMT last-modified Sun, 07 Jul 2024 13:01:07 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8RWPf5%2F7j%2BjeMJCVuLLa2%2FD0HXnwesI1ZQjv%2Bwh0G9kt30CHwc%2Bk0M3BJfEH1PvIlYMNGn%2Btv2GQpg9%2FDyVcuwON6pKG8b5Hd04Ub5uy%2FqsdiyG3hP8%2B2YebxxHxAI9Pcrb1TBBT6mLxff053inD998%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H3	200	1eeIM8Xgjv.css wab.whatlto3hd.icu/static/css/	624 KB 167 KB	27ms 27ms	Stylesheet text/css	2606:4700:3032::6815:1be1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wab.whatlto3hd.icu/static/css/1eeIM8Xgjv.css Requested by Host: wab.whatlto3hd.icu URL: https://wab.whatlto3hd.icu/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::6815:1be1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0d01d617f126f1ea839757569abad5dd9ab1e99248b8ab635076d9a015487f87` Request headers Referer https://wab.whatlto3hd.icu/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Thu, 11 Jul 2024 09:55:04 GMT content-encoding gzip cf-cache-status HIT last-modified Sun, 07 Jul 2024 13:01:07 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 2166 etag W/"668a9193-9c092" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AQjh%2FAWe3bQKpMDs3Ooh0yh0DywghTZp4ihjhSKYO2z4MIYjeRbHwiiw2NuWvkVQJ%2BH6XWYzDjpTATmZU9cfu7kQ0Eog%2FkpWPqwbgD%2BV6GobIQfATAH1w7a3fOcMq1TH4%2BpBFd%2BHpOZpAS33QVuUn7I%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 8a17ea6ebf049fd8-AMS alt-svc h3=":443"; ma=86400
GET H3	200	b84OfEIlk7.css wab.whatlto3hd.icu/static/css/	1 KB 904 B	81ms 81ms	Stylesheet text/css	2606:4700:3032::6815:1be1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wab.whatlto3hd.icu/static/css/b84OfEIlk7.css Requested by Host: wab.whatlto3hd.icu URL: https://wab.whatlto3hd.icu/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::6815:1be1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `759dc14a647618bcae5099437c89998c28a2828fd56784bf1ce88edea1c037fa` Request headers Referer https://wab.whatlto3hd.icu/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Thu, 11 Jul 2024 09:55:04 GMT content-encoding gzip cf-cache-status HIT last-modified Sun, 07 Jul 2024 13:01:07 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 2166 etag W/"668a9193-47e" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MlWl5gpHAdt541UgGSVT3B4pIDCZUHJ5wMasYeSfAOmcJHbBnhVcVxQMpbjyNY0HRF0ETehEP5xYN2HCp4jCdSzccgRcf97U1pQmgZTUiAC92nb7vu%2F%2BzhyJMFVKmGeNUV0Phg0zenuZHcKHlgWz%2BpA%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 8a17ea6ebf069fd8-AMS alt-svc h3=":443"; ma=86400
GET H3	200	LESdw6Pt.js Show response wab.whatlto3hd.icu/static/js/	25 KB 9 KB	25ms 25ms	Script application/javascript	2606:4700:3032::6815:1be1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wab.whatlto3hd.icu/static/js/LESdw6Pt.js Requested by Host: wab.whatlto3hd.icu URL: https://wab.whatlto3hd.icu/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::6815:1be1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `1160f4a3691e84eeb85fece0b9d6682661c35f7aba056b30697bffae9d69be5e` Request headers Referer https://wab.whatlto3hd.icu/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Thu, 11 Jul 2024 09:55:04 GMT content-encoding gzip cf-cache-status HIT last-modified Sun, 07 Jul 2024 13:01:07 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 2166 etag W/"668a9193-6354" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BtLOGa%2BD%2BThBNKdf1L98vfmqlnnJhr2QbNypJQdRENiCylP0eGCoGUTFE1zOCmPLq5GdeISJ3uTx3J8yYOZxocr4A1iWTH5HYHnWFVmAG78NELCgAXPfdAVbCD%2BguofqsY23x8ziIVRVzeASheX3itI%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 8a17ea6ebf079fd8-AMS alt-svc h3=":443"; ma=86400
GET H3	200	f3NB4y7ZDM.js Show response wab.whatlto3hd.icu/static/js/	517 KB 166 KB	80ms 80ms	Script application/javascript	2606:4700:3032::6815:1be1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wab.whatlto3hd.icu/static/js/f3NB4y7ZDM.js Requested by Host: wab.whatlto3hd.icu URL: https://wab.whatlto3hd.icu/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::6815:1be1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `306871f8a6eb477bdee44bccf7282e04e33b9c82353084e89f6f15212babe953` Request headers Referer https://wab.whatlto3hd.icu/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Thu, 11 Jul 2024 09:55:04 GMT content-encoding gzip cf-cache-status HIT last-modified Sun, 07 Jul 2024 13:01:07 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 2166 etag W/"668a9193-814c0" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NGKqXj2jO%2F3OM6rQJmQ%2Bbb8qG96Vzckvs0X%2B2eSI1Y96lcBSzglglNBf82c3e8qWffSRzRuAzeIsnxXeBABiQKHfQ0zWB6UyAXzER9i7m7oLziyVPY0U0sIzm4urwZlPaA%2FmAe6u2Z6gxjK6qaWJBbE%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 8a17ea6ebf089fd8-AMS alt-svc h3=":443"; ma=86400
GET H3	200	644OfEIlk7.css wab.whatlto3hd.icu/static/css/	0 1 KB	75ms 75ms	Other text/css	2606:4700:3032::6815:1be1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wab.whatlto3hd.icu/static/css/644OfEIlk7.css Requested by Host: wab.whatlto3hd.icu URL: https://wab.whatlto3hd.icu/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::6815:1be1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer https://wab.whatlto3hd.icu/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Thu, 11 Jul 2024 09:55:04 GMT content-encoding gzip cf-cache-status HIT last-modified Sun, 07 Jul 2024 13:01:07 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 2166 etag W/"668a9193-e93" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oGMyVNJ95h0w%2Fmh9zdhX7qiLwqWl6Tj5PDoj41KedluuJbLxyPLk%2Fr9KBTg5Ok7po%2F0m3cU5ZW6oMLqhyq%2FCyJeUtQDEGp%2FOcwpC0ZDVgI9L9%2Bx41Q0FsjA0fFY%2BFYuffWgtD1BHCcN7mzfsO7AnFQc%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 8a17ea6ecf369fd8-AMS alt-svc h3=":443"; ma=86400
GET H3	200	8c4OfEIlk7.css wab.whatlto3hd.icu/static/css/	0 639 B	75ms 75ms	Other text/css	2606:4700:3032::6815:1be1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wab.whatlto3hd.icu/static/css/8c4OfEIlk7.css Requested by Host: wab.whatlto3hd.icu URL: https://wab.whatlto3hd.icu/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::6815:1be1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer https://wab.whatlto3hd.icu/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Thu, 11 Jul 2024 09:55:04 GMT content-encoding br cf-cache-status HIT last-modified Sun, 07 Jul 2024 13:01:07 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 2166 etag W/"668a9193-16f" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uNazllW5rJ%2BxuBzT2oDh8RlZy%2BO3tpD%2BWMweObOH9h6Zrh9Ahl%2Bxg26JftWPpGtQt6sOyEYb86j8uAT4IxUuXVeDX8pjvukoOfAt9OVOF5Y%2FOLyPcj1rOGkOnS8STBSdE6BGYFn8Ez4EVJGSXdDfKNw%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 8a17ea6ecf379fd8-AMS alt-svc h3=":443"; ma=86400
GET H3	200	19NB4y7ZDM.js wab.whatlto3hd.icu/static/js/	0 38 KB	78ms 77ms	Other application/javascript	2606:4700:3032::6815:1be1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wab.whatlto3hd.icu/static/js/19NB4y7ZDM.js Requested by Host: wab.whatlto3hd.icu URL: https://wab.whatlto3hd.icu/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::6815:1be1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer https://wab.whatlto3hd.icu/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Thu, 11 Jul 2024 09:55:04 GMT content-encoding gzip cf-cache-status HIT last-modified Sun, 07 Jul 2024 13:01:07 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 2166 etag W/"668a9193-22440" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tDHIzYM%2FtE4kYCuJ0Ky8%2FExoOsI1Zxs%2Bt7Jae7NLXOKqRI4eJvpgcBT7dWZjBhJAfzEhJmnRHoWorAsDXqX5HU4zgIU6EO0HZQgFvJV5ZVF92qENIbhHJ27ix2Qu6iewOuwSee9hZVwgRmGnWqPW61Y%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 8a17ea6ecf3b9fd8-AMS alt-svc h3=":443"; ma=86400
GET H3	200	f9NB4y7ZDM.js wab.whatlto3hd.icu/static/js/	0 4 KB	77ms 77ms	Other application/javascript	2606:4700:3032::6815:1be1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wab.whatlto3hd.icu/static/js/f9NB4y7ZDM.js Requested by Host: wab.whatlto3hd.icu URL: https://wab.whatlto3hd.icu/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::6815:1be1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers Referer https://wab.whatlto3hd.icu/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Thu, 11 Jul 2024 09:55:04 GMT content-encoding gzip cf-cache-status HIT last-modified Sun, 07 Jul 2024 13:01:07 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 2166 etag W/"668a9193-2237" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zJ9Jyc0Y5smDJtOSg9EpNxFgoQjEMDfSNtyRm7xwCJTCAwlnlY3MZeUf6b99aSY%2B2UZmZZwVfE%2B9VsVxxJZYM5CELFwwsnZS8zVBl7CnTDKvoBLVywe35XSLNXfnRr%2B1fp8oTMZvUQH8Kv%2B0iOEV%2BEU%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 8a17ea6ecf409fd8-AMS alt-svc h3=":443"; ma=86400
GET H3	200	644OfEIlk7.css wab.whatlto3hd.icu/static/css/	4 KB 0	0ms 0ms	Stylesheet text/css	2606:4700:3032::6815:1be1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wab.whatlto3hd.icu/static/css/644OfEIlk7.css Requested by Host: wab.whatlto3hd.icu URL: https://wab.whatlto3hd.icu/static/js/LESdw6Pt.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::6815:1be1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f9d1c35016f08c47c1867183e2347313bd84811083c2451d5d522967f1d15eb0` Request headers Referer https://wab.whatlto3hd.icu/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Thu, 11 Jul 2024 09:55:04 GMT content-encoding gzip cf-cache-status HIT last-modified Sun, 07 Jul 2024 13:01:07 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 2166 etag W/"668a9193-e93" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oGMyVNJ95h0w%2Fmh9zdhX7qiLwqWl6Tj5PDoj41KedluuJbLxyPLk%2Fr9KBTg5Ok7po%2F0m3cU5ZW6oMLqhyq%2FCyJeUtQDEGp%2FOcwpC0ZDVgI9L9%2Bx41Q0FsjA0fFY%2BFYuffWgtD1BHCcN7mzfsO7AnFQc%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 8a17ea6ecf369fd8-AMS alt-svc h3=":443"; ma=86400
GET H3	200	19NB4y7ZDM.js Show response wab.whatlto3hd.icu/static/js/	137 KB 0	0ms 0ms	Script application/javascript	2606:4700:3032::6815:1be1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wab.whatlto3hd.icu/static/js/19NB4y7ZDM.js Requested by Host: wab.whatlto3hd.icu URL: https://wab.whatlto3hd.icu/static/js/LESdw6Pt.js Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::6815:1be1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `087519851ff3b71f5e7657b93bfa027c3e70a68e144abdf4094cb41ff75058f4` Request headers Referer https://wab.whatlto3hd.icu/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Thu, 11 Jul 2024 09:55:04 GMT content-encoding gzip cf-cache-status HIT last-modified Sun, 07 Jul 2024 13:01:07 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 2166 etag W/"668a9193-22440" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tDHIzYM%2FtE4kYCuJ0Ky8%2FExoOsI1Zxs%2Bt7Jae7NLXOKqRI4eJvpgcBT7dWZjBhJAfzEhJmnRHoWorAsDXqX5HU4zgIU6EO0HZQgFvJV5ZVF92qENIbhHJ27ix2Qu6iewOuwSee9hZVwgRmGnWqPW61Y%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 8a17ea6ecf3b9fd8-AMS alt-svc h3=":443"; ma=86400
GET H3	200	qr-video.0c6ec69b.png wab.whatlto3hd.icu/static/img/	16 KB 16 KB	25ms 25ms	Image image/png	2606:4700:3032::6815:1be1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://wab.whatlto3hd.icu/static/img/qr-video.0c6ec69b.png Requested by Host: wab.whatlto3hd.icu URL: https://wab.whatlto3hd.icu/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::6815:1be1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d980ab372658f4c7c8f07d730ef6dc67e3fb3471f37928274f915c0308850994` Request headers Referer https://wab.whatlto3hd.icu/ Origin https://wab.whatlto3hd.icu User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Thu, 11 Jul 2024 09:55:04 GMT cf-cache-status HIT last-modified Sun, 07 Jul 2024 13:01:07 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 2159 etag "668a9193-3f83" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lQmiTaxuxOQB2vsBNK%2FA3vo176Ir8Ewd02zYyzIDpw65vcJdFAoihjbqD7x%2BASc%2FysoO7B9Cz2aNQKmTHYs4AGXhStgKKrb%2B5zsQCq827sTvXHUvKDLvMt1hcNQoEy8WRf7kIqJrcU18t2YoD61tUk0%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 8a17ea7038f79fd8-AMS alt-svc h3=":443"; ma=86400 content-length 16259
GET H3	200	favicon.ico wab.whatlto3hd.icu/	787 B 1 KB	449ms 448ms	Other image/x-icon	2606:4700:3032::6815:1be1 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://wab.whatlto3hd.icu/favicon.ico Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3032::6815:1be1 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d0cadf240e89340b93df35240e7809039c1c574be05fbe2cf3243e2f487bc9ec` Request headers Referer https://wab.whatlto3hd.icu/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Thu, 11 Jul 2024 09:55:04 GMT content-encoding br cf-cache-status MISS last-modified Sun, 07 Jul 2024 13:01:07 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"668a9193-313" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FOkb3wPUxZO71iWvVaQqAtKCEOTzGxa6HUuhVGexDHWIyuHy5VGJ9bC5cXGenmK5b6Qq7PPIhURjf3A5z6jeSK49R9aCDABboRjAkri508yDY1sGn6GLlV0GVQvTqCR0aqACk1Z3caYKLWTB9bLuDBs%3D"}],"group":"cf-nel","max_age":604800} content-type image/x-icon cache-control max-age=14400 cf-ray 8a17ea7069459fd8-AMS alt-svc h3=":443"; ma=86400
GET DATA	200 OK	truncated /	85 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `4a711f5cd03c09fd79ae2f19bb2f71168e71c18b7562626a1ae8d99ebc3212ff` Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/gif
GET DATA	200 OK	truncated /	9 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `8f7c9c926a275dafd84b192875b3b9f1867edc4a20b0084e8ee5981feb2d99e4` Request headers Referer User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WhatsApp (Instant Messenger)

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

wab.whatlto3hd.icu
2606:4700:3032::6815:1be1
087519851ff3b71f5e7657b93bfa027c3e70a68e144abdf4094cb41ff75058f4
0d01d617f126f1ea839757569abad5dd9ab1e99248b8ab635076d9a015487f87
1160f4a3691e84eeb85fece0b9d6682661c35f7aba056b30697bffae9d69be5e
306871f8a6eb477bdee44bccf7282e04e33b9c82353084e89f6f15212babe953
4a711f5cd03c09fd79ae2f19bb2f71168e71c18b7562626a1ae8d99ebc3212ff
759dc14a647618bcae5099437c89998c28a2828fd56784bf1ce88edea1c037fa
8f7c9c926a275dafd84b192875b3b9f1867edc4a20b0084e8ee5981feb2d99e4
94d19eed9a1fee2cef132d393711f3756b5835ac48a1b1c1ef9e1496d05dacfe
d0cadf240e89340b93df35240e7809039c1c574be05fbe2cf3243e2f487bc9ec
d980ab372658f4c7c8f07d730ef6dc67e3fb3471f37928274f915c0308850994
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f9d1c35016f08c47c1867183e2347313bd84811083c2451d5d522967f1d15eb0

wab.whatlto3hd.icu Open in urlscan Pro 2606:4700:3032::6815:1be1 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

13 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

405 kBTransfer

1335 kBSize

0 Cookies

0 Outgoing links

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

19 JavaScript Global Variables

0 Cookies

Indicators

wab.whatlto3hd.icu Open in urlscan Pro
2606:4700:3032::6815:1be1 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

405 kB
Transfer

1335 kB
Size

0
Cookies

13 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!