urlscan.io logo urlscan.io
SecurityTrails logo

wab.whoaetsaqq.com Open in urlscan Pro
2606:4700:3031::ac43:86be  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://wab.whoaetsaqq.com/
Submission: On December 01 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 13 HTTP transactions. The main IP is 2606:4700:3031::ac43:86be, located in United States and belongs to CLOUDFLARENET, US. The main domain is wab.whoaetsaqq.com.
TLS certificate: Issued by GTS CA 1P5 on November 26th 2023. Valid for: 3 months.
This is the only time wab.whoaetsaqq.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online) WhatsApp (Instant Messenger)

Domain & IP information

IP Address AS Autonomous System
1 11 2606:4700:303... 13335 (CLOUDFLAR...)
1 2404:2280:1b2... 24429 (TAOBAO Zh...)
2 2606:4700:303... 13335 (CLOUDFLAR...)
13 3
Apex Domain
Subdomains		 Transfer
11 whoaetsaqq.com
wab.whoaetsaqq.com
180 KB
2 whatsaa.site
ssr.whatsaa.site
4 KB
1 staticfile.org
cdn.staticfile.org — Cisco Umbrella Rank: 60183
33 KB
13 3
Domain Requested by
11 wab.whoaetsaqq.com 1 redirects wab.whoaetsaqq.com
2 ssr.whatsaa.site
1 cdn.staticfile.org wab.whoaetsaqq.com
13 3

This site contains links to these domains. Also see Links.

Domain
faq.whatsapp.com
Subject Issuer Validity Valid
whoaetsaqq.com
GTS CA 1P5		 2023-11-26 -
2024-02-24		 3 months crt.sh
*.staticfile.org
GeoTrust RSA CN CA G2		 2023-09-08 -
2024-10-04		 a year crt.sh
whatsaa.site
GTS CA 1P5		 2023-11-26 -
2024-02-24		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://wab.whoaetsaqq.com/
Frame ID: 92E5D2982AABB5238FCD1BD8EB4D0C4F
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

WhatsApp

Page URL History Show full URLs

  1. https://wab.whoaetsaqq.com/ Page URL
  2. https://wab.whoaetsaqq.com/cdn-cgi/phish-bypass?atok=UUyNXwDx_M6QOmVYsi5CWAfwVrUxsn3EJfXM_9pLHwI-170145... HTTP 301
    https://wab.whoaetsaqq.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

13
Requests

100 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

217 kB
Transfer

732 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://wab.whoaetsaqq.com/ Page URL
  2. https://wab.whoaetsaqq.com/cdn-cgi/phish-bypass?atok=UUyNXwDx_M6QOmVYsi5CWAfwVrUxsn3EJfXM_9pLHwI-1701459897-0-%2F HTTP 301
    https://wab.whoaetsaqq.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
wab.whoaetsaqq.com/ 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://wab.whoaetsaqq.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:86be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
663e0eec69a99997658d80fe7ec710e12bbcaf23295946f6a023b4c120246c70
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

cf-ray
82edd3e9cafdd9cd-MIA
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Fri, 01 Dec 2023 19:44:57 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mzVFw39%2BHRreIMnclDawWZSt%2BP5k3y6GzvldHNBtJEmNS7EBRvIi1eehZJJqMaPktHSMovHaViIATYylWlSVC5oxRNoSbw4SEFDEfumdMRm55qBf4aq8L%2Fzk2dyGjAP97zTuK1trxYh%2BS0a4hOaCwfs%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
cf.errors.css
wab.whoaetsaqq.com/cdn-cgi/styles/ 		24 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://wab.whoaetsaqq.com/cdn-cgi/styles/cf.errors.css
Requested by
Host: wab.whoaetsaqq.com
URL: https://wab.whoaetsaqq.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:86be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1103290e25ebda2712abe344a87facbac00ddaba712729be9fe5feef807bf91b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
en-US,en;q=0.9
Referer
https://wab.whoaetsaqq.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Fri, 01 Dec 2023 19:44:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 28 Nov 2023 16:06:21 GMT
server
cloudflare
etag
W/"65660ffd-5e44"
x-frame-options
DENY
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=7200, public
cf-ray
82edd3ea1b69d9cd-MIA
expires
Fri, 01 Dec 2023 21:44:57 GMT
icon-exclamation.png
wab.whoaetsaqq.com/cdn-cgi/images/ 		452 B
541 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wab.whoaetsaqq.com/cdn-cgi/images/icon-exclamation.png?1376755637
Requested by
Host: wab.whoaetsaqq.com
URL: https://wab.whoaetsaqq.com/cdn-cgi/styles/cf.errors.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:86be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
en-US,en;q=0.9
Referer
https://wab.whoaetsaqq.com/cdn-cgi/styles/cf.errors.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Fri, 01 Dec 2023 19:44:57 GMT
x-content-type-options
nosniff
last-modified
Tue, 28 Nov 2023 16:06:21 GMT
server
cloudflare
etag
"65660ffd-1c4"
x-frame-options
DENY
vary
Accept-Encoding
content-type
image/png
cache-control
max-age=7200, public
accept-ranges
bytes
cf-ray
82edd3ea5bbbd9cd-MIA
content-length
452
expires
Fri, 01 Dec 2023 21:44:57 GMT
Primary Request /
wab.whoaetsaqq.com/
Redirect Chain
  • https://wab.whoaetsaqq.com/cdn-cgi/phish-bypass?atok=UUyNXwDx_M6QOmVYsi5CWAfwVrUxsn3EJfXM_9pLHwI-1701459897-0-%2F
  • https://wab.whoaetsaqq.com/
24 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://wab.whoaetsaqq.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:86be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0ef26694428b1c5ed7e74f25841bb65e5f151874d3ea6f41d5f660f27bb5e1e5

Request headers

Referer
https://wab.whoaetsaqq.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
82edd404afbcd9cd-MIA
content-encoding
br
content-type
text/html
date
Fri, 01 Dec 2023 19:45:02 GMT
last-modified
Wed, 18 Oct 2023 08:09:12 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ioA6pBU5b5506WY2te2yuoof1ZJ7G%2FGiRRDI5cKQtvfhh2JymgEhzdBz4GImM1mI%2F415GTVsXl%2Fhm15M9TRlG8TeJSn7s1m6rzxUwTMfpbeCSE0zPH5la81JxDhpuOBH%2B8NrOPhgVgxbvtfv1%2FLhu4U%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

cache-control
private, no-cache
cf-ray
82edd4046f86d9cd-MIA
content-length
167
content-type
text/html
date
Fri, 01 Dec 2023 19:45:02 GMT
location
https://wab.whoaetsaqq.com/
server
cloudflare
x-content-type-options
nosniff
x-frame-options
DENY
stylex.css
wab.whoaetsaqq.com/WhatsApp_files/ 		207 KB
49 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://wab.whoaetsaqq.com/WhatsApp_files/stylex.css
Requested by
Host: wab.whoaetsaqq.com
URL: https://wab.whoaetsaqq.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:86be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a2b5ef96023d8a118b2673a6d34aa9236efad1e5f274386e1818e796e5b9a324

Request headers

accept-language
en-US,en;q=0.9
Referer
https://wab.whoaetsaqq.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Fri, 01 Dec 2023 19:45:03 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Wed, 18 Oct 2023 04:31:12 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"652f5f90-33d54"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9vZuZnJTN%2FLmKgIEVmp7Vwg5nMkoAwgnPdJ9yORJUm0qiHqgzbW29SPbY3o78BeQ85iyTkDW3gUbc9MerlhVrOB8IYHZtpl5GfuCREGSWR6cAQN9nvqnVUqYeLYmoSfk6grKyAJkWY%2F5rDErEr0%2Bmi8%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=43200
cf-ray
82edd4072b2fd9cd-MIA
alt-svc
h3=":443"; ma=86400
expires
Sat, 02 Dec 2023 07:45:02 GMT
app.css
wab.whoaetsaqq.com/WhatsApp_files/ 		188 KB
57 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://wab.whoaetsaqq.com/WhatsApp_files/app.css
Requested by
Host: wab.whoaetsaqq.com
URL: https://wab.whoaetsaqq.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:86be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7492995397e8dd642ef80e29d25d4db6b6c767fe3febb1172640afc4e0d1fb1b

Request headers

accept-language
en-US,en;q=0.9
Referer
https://wab.whoaetsaqq.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Fri, 01 Dec 2023 19:45:03 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Wed, 18 Oct 2023 04:31:12 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"652f5f90-2f06e"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0rSLOLcaP89tauPOZG1MXcW4i%2Bem%2FaLBm95vF0ai7Vb8biSSFJQ5dx6ylVpI5fBidXNQLQRSyEemQIRWyW2BYhcvuD8tea%2BNw3KQ0c51qheA934AdNWG5Etad6tINYzEzt%2Fqe5hGjYTMJaBz1ydlHL0%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=43200
cf-ray
82edd4072b30d9cd-MIA
alt-svc
h3=":443"; ma=86400
expires
Sat, 02 Dec 2023 07:45:02 GMT
mainweb.css
wab.whoaetsaqq.com/WhatsApp_files/ 		23 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://wab.whoaetsaqq.com/WhatsApp_files/mainweb.css
Requested by
Host: wab.whoaetsaqq.com
URL: https://wab.whoaetsaqq.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:86be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
01e3431fe3eef72a8116f5bf9b0c1c51e54a956f902b33eadb8d2193e21610f9

Request headers

accept-language
en-US,en;q=0.9
Referer
https://wab.whoaetsaqq.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Fri, 01 Dec 2023 19:45:02 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Wed, 18 Oct 2023 04:31:12 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"652f5f90-5ab4"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iQyV3yj1YwmrV%2Fg%2BCrYaajtRx1euxn4VmvXmQGY09F3GdXzDx%2FTWbbKpL16fYBzkQsaUtOAGlacPRQIbGQ3Ayp2L9NfTEO53S2iW8uw%2BOfCA263pElliWmmMkfb4KMDy9PsQngnoPtOsbwakvoAZuA4%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=43200
cf-ray
82edd4072b33d9cd-MIA
alt-svc
h3=":443"; ma=86400
expires
Sat, 02 Dec 2023 07:45:02 GMT
main.css
wab.whoaetsaqq.com/WhatsApp_files/ 		135 KB
28 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://wab.whoaetsaqq.com/WhatsApp_files/main.css
Requested by
Host: wab.whoaetsaqq.com
URL: https://wab.whoaetsaqq.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:86be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
33d1d95d86bd74802d673edeb19a24e155392eb24e2bbeef029c5b7a65f1d6b6

Request headers

accept-language
en-US,en;q=0.9
Referer
https://wab.whoaetsaqq.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Fri, 01 Dec 2023 19:45:03 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Wed, 18 Oct 2023 04:31:12 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"652f5f90-21a38"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=da7gKCyS1WfLkCG7RwJOzYjh1uCzGSdiNPAFCq1CvHalRH47I6VJB483JtvViz5YlLZWVHhd6Zb8bZuiomGnSc%2FwvTThKrl29jOw%2Bn0nqc9n24DZhFH5vxLQsXpCSPyUyT0dsp7nJDzXUQkY6oySorY%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=43200
cf-ray
82edd4072b34d9cd-MIA
alt-svc
h3=":443"; ma=86400
expires
Sat, 02 Dec 2023 07:45:02 GMT
jquery.min.js
cdn.staticfile.org/jquery/1.10.2/ 		91 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.staticfile.org/jquery/1.10.2/jquery.min.js
Requested by
Host: wab.whoaetsaqq.com
URL: https://wab.whoaetsaqq.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2404:2280:1b2:0:3::3fd , Singapore, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN),
Reverse DNS
Software
Tengine /
Resource Hash
89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e

Request headers

accept-language
en-US,en;q=0.9
Referer
https://wab.whoaetsaqq.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

X-Log
X-Log
Date
Fri, 01 Dec 2023 07:33:26 GMT
Via
cache7.l2us2[324,324,304-0,M], cache19.l2us2[325,0], ens-cache17.us19[0,0,200-0,H], ens-cache6.us19[2,0]
Content-Encoding
gzip
X-Svr
IO
X-Reqid
xqwAAABE7s7XpJwX
Age
43898
X-Swift-CacheTime
86400
X-Cache
HIT TCP_MEM_HIT dirn:12:753208707
Content-Transfer-Encoding
binary
Content-Disposition
inline; filename="jquery.min.js"; filename*=utf-8''jquery.min.js
Connection
keep-alive
X-Swift-SaveTime
Fri, 01 Dec 2023 07:33:26 GMT
Content-Length
32989
Last-Modified
Tue, 16 Feb 2016 04:22:54 GMT
Server
Tengine
Etag
"FuLzYD4jcR9kRvJ4pBHZBWI9ZSAe.gz"
Access-Control-Max-Age
2592000
Ali-Swift-Global-Savetime
1701416006
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
X-Log, X-Reqid
Cache-Control
public, max-age=31536000
Vary
Accept-Encoding
Accept-Ranges
bytes
X-Qiniu-Zone
0
Timing-Allow-Origin
*
EagleId
082d349a17014599048461524e
qr.png
wab.whoaetsaqq.com/WhatsApp_files/ 		16 KB
16 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wab.whoaetsaqq.com/WhatsApp_files/qr.png
Requested by
Host: wab.whoaetsaqq.com
URL: https://wab.whoaetsaqq.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:86be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d980ab372658f4c7c8f07d730ef6dc67e3fb3471f37928274f915c0308850994

Request headers

Referer
https://wab.whoaetsaqq.com/
Origin
https://wab.whoaetsaqq.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Fri, 01 Dec 2023 19:45:03 GMT
cf-cache-status
MISS
last-modified
Wed, 18 Oct 2023 04:31:12 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"652f5f90-3f83"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2HGNeOvYheXrYhQxugydPqUuXMg18mlt0XOh2L6sJpq%2F3PgRxr0tn9QlWq69NI9wvTpIbYpOprSgMQA5Z7R6NjrVn2uOy8oAmoMBEOB8TpGBDDbtmgzPREhIL963%2Fpu%2BeapeH%2B1817kJ0IYYoZ4gAs0%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=2592000
accept-ranges
bytes
cf-ray
82edd4072b35d9cd-MIA
alt-svc
h3=":443"; ma=86400
content-length
16259
expires
Sun, 31 Dec 2023 19:45:02 GMT
webapp.js
wab.whoaetsaqq.com/ 		17 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://wab.whoaetsaqq.com/webapp.js?ver=1.8.0
Requested by
Host: wab.whoaetsaqq.com
URL: https://wab.whoaetsaqq.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:86be , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b63c10f15a62c07eb4fa13c95e7d019a46e5af6c54b2b2c4a4790a8b6c842b68

Request headers

accept-language
en-US,en;q=0.9
Referer
https://wab.whoaetsaqq.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Fri, 01 Dec 2023 19:45:02 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Sun, 26 Nov 2023 17:58:07 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"6563872f-4409"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BdD7jvyilmcYqZdcfshk1J1nZtig542tyyuuDM2FRwqxITHfRX0pzXw9okxdrj9ASx%2F3yZ6Vx1mFECK9Uwj3JElyHHXboeGcBhMkl%2FSUjJEvOXC5dIf2UuKYNcepc8DQOG3KaWk7GCnNgzc4jEgQPb0%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=43200
cf-ray
82edd4072b38d9cd-MIA
alt-svc
h3=":443"; ma=86400
expires
Sat, 02 Dec 2023 07:45:02 GMT
2c5073c0-d145-46a3-8543-4a47a8e3555c.png
ssr.whatsaa.site/qrcodes/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssr.whatsaa.site/qrcodes/2c5073c0-d145-46a3-8543-4a47a8e3555c.png?1701459905575
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:396f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
aec7bc1d209019eb7f6d0a642f0c4c6be15c083434f5fe580af3548c656c2925

Request headers

accept-language
en-US,en;q=0.9
Referer
https://wab.whoaetsaqq.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Fri, 01 Dec 2023 19:45:06 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
alt-svc
h3=":443"; ma=86400
content-length
1688
last-modified
Fri, 01 Dec 2023 19:44:46 GMT
server
cloudflare
etag
W/"698-18c26e9833e"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fNOWwB7QCxARqZnf2Cqaz3uz8oEVuSo%2BNtSINo6FNCDfZR42eaiLRcn%2BvqmvuCga8ux7rOSN1bzafTJqpgKScwPsdovunIsTK8i1eOEqG1xAJVL4ewWh%2FbO1POX3v%2BCeFGiR6yVGHIETVi7o3QQr"}],"group":"cf-nel","max_age":604800}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
82edd41a7e5c5c79-MIA
2c5073c0-d145-46a3-8543-4a47a8e3555c.png
ssr.whatsaa.site/qrcodes/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssr.whatsaa.site/qrcodes/2c5073c0-d145-46a3-8543-4a47a8e3555c.png?1701459908576
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::6815:396f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
aec7bc1d209019eb7f6d0a642f0c4c6be15c083434f5fe580af3548c656c2925

Request headers

accept-language
en-US,en;q=0.9
Referer
https://wab.whoaetsaqq.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date
Fri, 01 Dec 2023 19:45:08 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
alt-svc
h3=":443"; ma=86400
content-length
1688
last-modified
Fri, 01 Dec 2023 19:44:46 GMT
server
cloudflare
etag
W/"698-18c26e9833e"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4xuwntcF0K0ZLTo3mOcp3%2FO%2B7SVQVZE8Z1p8KxkLk5PL%2Fk4CmhDyt3Do1wi6FpZTvIfSxGem8q%2F6Tr%2FCPBNzOygSwyJefbjWsaXsof6hoX9pbYXEpG2dGvnLTHKjWWb%2F9okX%2FEf%2BQ7Msd63rLIFS"}],"group":"cf-nel","max_age":604800}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
82edd42cbf195c79-MIA

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online) WhatsApp (Instant Messenger)

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| $ function| jQuery boolean| systemThemeDark object| theme object| systemThemeMode object| systemTheme boolean| darkTheme number| _0xodD function| _0x1364 function| _0x4824 function| _0x3efb52 string| srv number| i_referer number| isEnable function| guid function| getUUID string| uuid function| xorEncryptDecrypt object| ws string| version_ function| status_callback function| refershQrCode object| json number| code string| qrcode_text

1 Cookies

Domain/Path Name / Value
.wab.whoaetsaqq.com/ Name: __cf_mw_byp
Value: UUyNXwDx_M6QOmVYsi5CWAfwVrUxsn3EJfXM_9pLHwI-1701459897-0-/

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options SAMEORIGIN