xweb.wngwmk.club Open in urlscan Pro
2606:4700:3035::6815:1f5b  Malicious Activity! Public Scan

2 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response xweb.wngwmk.club/	25 KB 10 KB	660ms 188ms	Document text/html	2606:4700:3035::6815:1f5b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xweb.wngwmk.club/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::6815:1f5b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0b8a5ff73d8a9e11cd6d9c11381d868581f06786b39387fc16b73ca6cd2207b1 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 accept-language en-US,en;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 7fb46b30ce0d4bcd-BUF content-encoding br content-type text/html date Wed, 23 Aug 2023 15:34:16 GMT last-modified Sat, 19 Aug 2023 06:50:52 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gRQMaP6kDVmdNBJ%2Bef%2F1ZdMB%2BPBvsCRpgHfWEQ0c2rUajWV90zp3Dt2jJH4EJm6pHdPLwb0LlqibTTtqQqtj5FSv6GECiprbVQJZIg689nq%2BIPZy4%2FcSXAI8x6tVzoUhvoX6xzWapN%2Ba1lIPTqpI"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H/1.1	200 OK	jquery.min.js Show response cdn.staticfile.org/jquery/1.10.2/	91 KB 33 KB	2235ms 1506ms	Script application/javascript	240e:908:8003:1:3::3fd CHINATELECOM-HEIL...
General Check archive.org Show headers Download Go to Full URL https://cdn.staticfile.org/jquery/1.10.2/jquery.min.js Requested by Host: xweb.wngwmk.club URL: https://xweb.wngwmk.club/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 240e:908:8003:1:3::3fd , China, ASN137698 (CHINATELECOM-HEILONGJIANG-HANAN-IDC HaerbingHeilongjiang Province, P.R.China., CN), Reverse DNS Software Tengine / Resource Hash 89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e Request headers accept-language en-US,en;q=0.9 Referer https://xweb.wngwmk.club/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers X-Log X-Log Date Tue, 22 Aug 2023 16:12:15 GMT Via cache52.l2cn3102[46,45,304-0,M], cache4.l2cn3102[47,0], vcache10.cn3465[0,0,200-0,H], vcache21.cn3465[4,0] Content-Encoding gzip X-Svr IO X-Reqid iDYAAAB8a3OKwH0X Age 84123 X-Swift-CacheTime 86400 X-Cache HIT TCP_MEM_HIT dirn:11:256307308 Content-Transfer-Encoding binary Content-Disposition inline; filename="jquery.min.js"; filename*=utf-8''jquery.min.js Connection keep-alive X-Swift-SaveTime Tue, 22 Aug 2023 16:12:15 GMT Content-Length 32989 Last-Modified Tue, 16 Feb 2016 04:22:54 GMT Server Tengine Etag "FuLzYD4jcR9kRvJ4pBHZBWI9ZSAe.gz" Access-Control-Max-Age 2592000 Vary Accept-Encoding Content-Type application/javascript Access-Control-Allow-Origin * Ali-Swift-Global-Savetime 1692720735 Access-Control-Expose-Headers X-Log, X-Reqid Cache-Control public, max-age=31536000 Accept-Ranges bytes X-Qiniu-Zone 0 Timing-Allow-Origin * EagleId 2a65002916928048584728490e
GET H2	200	qrcode.min.js Show response xweb.wngwmk.club/	19 KB 7 KB	190ms 188ms	Script application/javascript	2606:4700:3035::6815:1f5b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xweb.wngwmk.club/qrcode.min.js Requested by Host: xweb.wngwmk.club URL: https://xweb.wngwmk.club/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::6815:1f5b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c541ef06327885a8415bca8df6071e14189b4855336def4f36db54bde8484f36 Request headers accept-language en-US,en;q=0.9 Referer https://xweb.wngwmk.club/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Wed, 23 Aug 2023 15:34:16 GMT content-encoding br cf-cache-status MISS last-modified Sat, 15 Jul 2023 13:50:51 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"64b2a43b-4dd7" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZFNoDvlqLj%2Fzf830%2FjgjTHFvjUlnbt3XgLGEMAVUeqgjNMZGjWJYrkf2RcJ2paVb979Juuie1QY4TCZFG9lDG0LggM6ALokVSeq8DZEJbQodhYNMjEmFSLCFe3D8ghmbYzAM23mS3AAaegAiRNf%2B"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=43200 cf-ray 7fb46b321e194bcd-BUF alt-svc h3=":443"; ma=86400 expires Thu, 24 Aug 2023 03:34:16 GMT
GET H2	200	stylex-ce269a9819ee8f292840728689a22cc5.css xweb.wngwmk.club/WhatsApp_files/	175 KB 43 KB	355ms 353ms	Stylesheet text/css	2606:4700:3035::6815:1f5b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xweb.wngwmk.club/WhatsApp_files/stylex-ce269a9819ee8f292840728689a22cc5.css Requested by Host: xweb.wngwmk.club URL: https://xweb.wngwmk.club/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::6815:1f5b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 775fafc214e32a36e2a39e694322fed097e37d964c9dce65663655b64492d068 Request headers accept-language en-US,en;q=0.9 Referer https://xweb.wngwmk.club/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Wed, 23 Aug 2023 15:34:16 GMT content-encoding br cf-cache-status MISS last-modified Sat, 15 Jul 2023 07:33:03 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"64b24baf-2bb72" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JctSZHRJfOTcopAh6Kl%2BUZIe5mBAoWA6n8ay88aS3I6%2F9Vil9sGVJfLf6ClyPoUzvytSylIJ%2B2OHwJy3ZLY1lsdDEGkXm3oJAB4UNu5S7XxjLJxcdzEbCgbSuuY7khDH4kzWRFAszrLd6%2FxLxe7s"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=43200 cf-ray 7fb46b321e184bcd-BUF alt-svc h3=":443"; ma=86400 expires Thu, 24 Aug 2023 03:34:16 GMT
GET H2	200	app-6d34864fd47903428794.css xweb.wngwmk.club/WhatsApp_files/	187 KB 56 KB	208ms 206ms	Stylesheet text/css	2606:4700:3035::6815:1f5b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xweb.wngwmk.club/WhatsApp_files/app-6d34864fd47903428794.css Requested by Host: xweb.wngwmk.club URL: https://xweb.wngwmk.club/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::6815:1f5b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 69acbe3d7c92af1a509b7351cabfac35b356c18eef8c9299f5ac354acfdba079 Request headers accept-language en-US,en;q=0.9 Referer https://xweb.wngwmk.club/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Wed, 23 Aug 2023 15:34:16 GMT content-encoding br cf-cache-status MISS last-modified Sat, 15 Jul 2023 07:33:01 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"64b24bad-2eab4" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=760I%2F%2FCfY7ZKYpMbArI%2BZyv2lS4FAY32IGQgfat%2BwVaKQU9HTfamR9BefDvz1gQ4oRH6iDdvRDtz4XT5n84FLSz7ja3oTGAAwpAjQBYgMYq3FjoR4cE38hbN9F6BbQoNjz5b1a8qmU%2FBilsk%2Bp8n"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=43200 cf-ray 7fb46b321e1a4bcd-BUF alt-svc h3=":443"; ma=86400 expires Thu, 24 Aug 2023 03:34:16 GMT
GET H2	200	main~.b66100b3486cd1857cd3.css xweb.wngwmk.club/WhatsApp_files/	21 KB 5 KB	204ms 203ms	Stylesheet text/css	2606:4700:3035::6815:1f5b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xweb.wngwmk.club/WhatsApp_files/main~.b66100b3486cd1857cd3.css Requested by Host: xweb.wngwmk.club URL: https://xweb.wngwmk.club/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::6815:1f5b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 8a636dbd66666f13902713e7bc7d2e1cab497b299f533495759a2c68c459c5a4 Request headers accept-language en-US,en;q=0.9 Referer https://xweb.wngwmk.club/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Wed, 23 Aug 2023 15:34:16 GMT content-encoding br cf-cache-status MISS last-modified Sat, 15 Jul 2023 07:33:03 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"64b24baf-55b9" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oJALvz%2BrZtJZ4lJj4S8PdGbfM%2BdJ3hlx7hxdT8qk%2BDo%2FBya1Tj8qpmVn55a0Dw07bT6dc9zeTK1MRWbJmwl2nN8RSkm2FTMkVktJzEQU5H7%2FtDqIrWMDMBodWaIW%2BYwR7WrV7lLXiUXfGO4v%2BjUM"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=43200 cf-ray 7fb46b321e1b4bcd-BUF alt-svc h3=":443"; ma=86400 expires Thu, 24 Aug 2023 03:34:16 GMT
GET H2	200	main.fdf0caa2786c3269572d.css xweb.wngwmk.club/WhatsApp_files/	150 KB 30 KB	322ms 321ms	Stylesheet text/css	2606:4700:3035::6815:1f5b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xweb.wngwmk.club/WhatsApp_files/main.fdf0caa2786c3269572d.css Requested by Host: xweb.wngwmk.club URL: https://xweb.wngwmk.club/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::6815:1f5b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 79acde4aa0ad3feafd96271141640066d0c52c050724b13272b1ca3d6930f8d1 Request headers accept-language en-US,en;q=0.9 Referer https://xweb.wngwmk.club/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Wed, 23 Aug 2023 15:34:16 GMT content-encoding br cf-cache-status MISS last-modified Sat, 15 Jul 2023 07:33:02 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"64b24bae-257df" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PUTVeSDRAQ9Jp%2FXETxVf8J5kR9j%2BK%2BCfYiWoyrHUBJTt5UFOKWjDuL6Vn2ZymtfrRsgdb1ZZW8RS1X2U%2FJWdPGT2foPFuXKIiMfHxDLaBuxiHidcQpe84mpo13McGvwhIbLGuOBqUd4XUX%2Fc%2B0Bu"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=43200 cf-ray 7fb46b321e1c4bcd-BUF alt-svc h3=":443"; ma=86400 expires Thu, 24 Aug 2023 03:34:16 GMT
GET H3	200	qr-video_0c6ec69b054fdeb31cf3e5e10290fd8e.png xweb.wngwmk.club/WhatsApp_files/	16 KB 16 KB	280ms 280ms	Image image/png	2606:4700:3035::6815:1f5b CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://xweb.wngwmk.club/WhatsApp_files/qr-video_0c6ec69b054fdeb31cf3e5e10290fd8e.png Requested by Host: xweb.wngwmk.club URL: https://xweb.wngwmk.club/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:1f5b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d980ab372658f4c7c8f07d730ef6dc67e3fb3471f37928274f915c0308850994 Request headers Referer https://xweb.wngwmk.club/ Origin https://xweb.wngwmk.club accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Wed, 23 Aug 2023 15:34:17 GMT cf-cache-status MISS last-modified Sat, 15 Jul 2023 07:33:03 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "64b24baf-3f83" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=frIRx5%2FKx6KYRIN1RoPV2dERvhoCL69eQRe%2BVPYAs48BmOdgaXQoDagNSdLCpOurj9zcElwUDrg59uqsD2nm2j7MCOSno%2BxypDMQuzQXiQCcgp%2Fod7NTkFLwWNqvQwteW9RPU7nrDEcheiI2dgMA"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=2592000 accept-ranges bytes cf-ray 7fb46b358faf4bbd-BUF alt-svc h3=":443"; ma=86400 content-length 16259 expires Fri, 22 Sep 2023 15:34:17 GMT
GET		binary-transparency-manifest-2.2325.3.json web.whatsapp.com/	0 0
GET H3	200	main.js Show response xweb.wngwmk.club/	19 KB 6 KB	192ms 192ms	Script application/javascript	2606:4700:3035::6815:1f5b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xweb.wngwmk.club/main.js?ver=7.15 Requested by Host: xweb.wngwmk.club URL: https://xweb.wngwmk.club/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:1f5b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 89dbdd093cf0503208450dbfb93af1dca5554859b10ec2350abeb532066bb654 Request headers accept-language en-US,en;q=0.9 Referer https://xweb.wngwmk.club/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Wed, 23 Aug 2023 15:34:17 GMT content-encoding br cf-cache-status MISS last-modified Sat, 19 Aug 2023 06:50:38 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"64e0663e-4d9b" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=itvaB2hV%2FNBOKY%2BRlNUOlYPnDOTf2Mbx92AiGc329V9nt8sLiaU4eUjD1wH2I1T5Gox%2F5KdKlkluDarczxvMyh80DmLpXyUC7vTC1EB6J3axzb13b7Oe5Tke3JjXybuW%2B7kELPCqW7HHp8K15yET"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=43200 cf-ray 7fb46b345fa64bbd-BUF alt-svc h3=":443"; ma=86400 expires Thu, 24 Aug 2023 03:34:17 GMT
GET H3	200	31ba5d61-29ad-4e18-a4a1-4a75dc19387e.png 17srv.anscxnyfrtg.com/qrcodes/	2 KB 2 KB	568ms 465ms	Image image/png	2606:4700:3030::ac43:d2bd CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://17srv.anscxnyfrtg.com/qrcodes/31ba5d61-29ad-4e18-a4a1-4a75dc19387e.png?1692804860032 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3030::ac43:d2bd , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash 5d3bfc32a47eb1164a236cc94861fed3c733578bbea00752e0f99f268bff5858 Request headers accept-language en-US,en;q=0.9 Referer https://xweb.wngwmk.club/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Wed, 23 Aug 2023 15:34:20 GMT cf-cache-status MISS last-modified Wed, 23 Aug 2023 15:34:01 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by Express etag W/"6a8-18a230800ea" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p5MoOFF0%2BRL7HOGWnIReaNAMmZ%2BIkmwfHt%2BERw6kQ9S9QXIxPw%2Fcnd3jJ39NgDAKkjpl5aWgVYL%2FeOcGVzBs8IsN0nliFPszm0Yauwb4fS92%2BgrE7fkM7lVGucyQOcZkDA0ymD1y8xfdJEUPkgH7O%2F8bBuM%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=14400 accept-ranges bytes cf-ray 7fb46b47ea764bbb-BUF alt-svc h3=":443"; ma=86400 content-length 1704
GET H3	200	31ba5d61-29ad-4e18-a4a1-4a75dc19387e.png 17srv.anscxnyfrtg.com/qrcodes/	2 KB 2 KB	510ms 508ms	Image image/png	2606:4700:3030::ac43:d2bd CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://17srv.anscxnyfrtg.com/qrcodes/31ba5d61-29ad-4e18-a4a1-4a75dc19387e.png?1692804863037 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3030::ac43:d2bd , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash 3efbaa12c8dd611c44a09cff945cd94800943ea7cd5922bd35f757862ed275f8 Request headers accept-language en-US,en;q=0.9 Referer https://xweb.wngwmk.club/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Wed, 23 Aug 2023 15:34:23 GMT cf-cache-status MISS last-modified Wed, 23 Aug 2023 15:34:21 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by Express etag W/"6a4-18a23084f1d" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a998lryi7j3nIX49VrDKIpIE5SWG4vpCC5emQB4wxh4B0rsxU640kvFET79jriJ2dcpYGVyOMh7%2FRKNYZ3s7JTXQ3SVjpVCuImqH6DLExz%2F19wgIt1Lgs5Lj0WOeJ9lgOYJSIDhy6rFWX2UaoYtQIrq76cE%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=14400 accept-ranges bytes cf-ray 7fb46b5a7ad14bbb-BUF alt-svc h3=":443"; ma=86400 content-length 1700
GET H3	200	31ba5d61-29ad-4e18-a4a1-4a75dc19387e.png 17srv.anscxnyfrtg.com/qrcodes/	2 KB 2 KB	468ms 464ms	Image image/png	2606:4700:3030::ac43:d2bd CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://17srv.anscxnyfrtg.com/qrcodes/31ba5d61-29ad-4e18-a4a1-4a75dc19387e.png?1692804866034 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3030::ac43:d2bd , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash 3efbaa12c8dd611c44a09cff945cd94800943ea7cd5922bd35f757862ed275f8 Request headers accept-language en-US,en;q=0.9 Referer https://xweb.wngwmk.club/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Wed, 23 Aug 2023 15:34:26 GMT cf-cache-status MISS last-modified Wed, 23 Aug 2023 15:34:21 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by Express etag W/"6a4-18a23084f1d" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O65nxxaAvYIDAi45o8XrfEOxEiTEWSqqLCecLKHS5K1S8iTfF09b%2BpK29jK1tiNlTuWFF%2BWn2jPgQJhLtJmLd7JLzDOGRk7Ps50zcA6ejw4S4MEKw6%2FHDPmcEFhFi6SgmhE2bbBQRBimTYcPUFfAWVdtKV4%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=14400 accept-ranges bytes cf-ray 7fb46b6cdb264bbb-BUF alt-svc h3=":443"; ma=86400 content-length 1700
GET H3	200	31ba5d61-29ad-4e18-a4a1-4a75dc19387e.png 17srv.anscxnyfrtg.com/qrcodes/	2 KB 2 KB	467ms 467ms	Image image/png	2606:4700:3030::ac43:d2bd CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://17srv.anscxnyfrtg.com/qrcodes/31ba5d61-29ad-4e18-a4a1-4a75dc19387e.png?1692804869034 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3030::ac43:d2bd , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash 3efbaa12c8dd611c44a09cff945cd94800943ea7cd5922bd35f757862ed275f8 Request headers accept-language en-US,en;q=0.9 Referer https://xweb.wngwmk.club/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36 Response headers date Wed, 23 Aug 2023 15:34:29 GMT cf-cache-status MISS last-modified Wed, 23 Aug 2023 15:34:21 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by Express etag W/"6a4-18a23084f1d" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yk9d32mRanDjp%2BAk6wyGT2TN%2BKRcxfbCh%2Fh94TutmskPrEpBzaI0W3IRk%2FhF%2FTjJ9w%2BhUjzouMNQot2cez%2FnY7vlFxjDI4Fclhgqpx3f9AAp36iAgZWcHMkEDZaFpznTEIbPPHqsNtrpjUgNsOLbJUvl4SY%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=14400 accept-ranges bytes cf-ray 7fb46b7f8bd14bbb-BUF alt-svc h3=":443"; ma=86400 content-length 1700

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

web.whatsapp.com

URL

https://web.whatsapp.com/binary-transparency-manifest-2.2325.3.json

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WhatsApp (Instant Messenger)

28 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| $ function| jQuery function| QRCode function| guid function| getUUID string| uuid boolean| systemThemeDark object| theme object| systemThemeMode object| systemTheme boolean| darkTheme object| webpackChunkwhatsapp_web_client function| version_ function| _0x37ba7b string| srv number| i_referer number| isEnable function| _0x4e35 function| _0x5ec2 function| xorEncryptDecrypt object| ws function| status_callback function| refershQrCode boolean| webdriver object| json number| code string| qrcode_text

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://xweb.wngwmk.club/ Message: Access to link element resource at 'https://web.whatsapp.com/binary-transparency-manifest-2.2325.3.json' from origin 'https://xweb.wngwmk.club' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://web.whatsapp.com/binary-transparency-manifest-2.2325.3.json Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

17srv.anscxnyfrtg.com
cdn.staticfile.org
web.whatsapp.com
xweb.wngwmk.club
web.whatsapp.com
240e:908:8003:1:3::3fd
2606:4700:3030::ac43:d2bd
2606:4700:3035::6815:1f5b
0b8a5ff73d8a9e11cd6d9c11381d868581f06786b39387fc16b73ca6cd2207b1
3efbaa12c8dd611c44a09cff945cd94800943ea7cd5922bd35f757862ed275f8
5d3bfc32a47eb1164a236cc94861fed3c733578bbea00752e0f99f268bff5858
69acbe3d7c92af1a509b7351cabfac35b356c18eef8c9299f5ac354acfdba079
775fafc214e32a36e2a39e694322fed097e37d964c9dce65663655b64492d068
79acde4aa0ad3feafd96271141640066d0c52c050724b13272b1ca3d6930f8d1
89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e
89dbdd093cf0503208450dbfb93af1dca5554859b10ec2350abeb532066bb654
8a636dbd66666f13902713e7bc7d2e1cab497b299f533495759a2c68c459c5a4
c541ef06327885a8415bca8df6071e14189b4855336def4f36db54bde8484f36
d980ab372658f4c7c8f07d730ef6dc67e3fb3471f37928274f915c0308850994