hweb.wgnrt14.club Open in urlscan Pro
2606:4700:3033::6815:3f0b Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://hweb.wgnrt14.club/
Submission: On August 22 via api (August 22nd 2023, 3:27:34 pm UTC) from US — Scanned from US

Summary HTTP 15 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 15 HTTP transactions. The main IP is 2606:4700:3033::6815:3f0b, located in United States and belongs to CLOUDFLARENET, US. The main domain is hweb.wgnrt14.club.
TLS certificate: Issued by GTS CA 1P5 on August 20th 2023. Valid for: 3 months.

This is the only time hweb.wgnrt14.club was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: WhatsApp (Instant Messenger)

Domain & IP information

	IP Address	AS Autonomous System
8	2606:4700:303... 2606:4700:3033::6815:3f0b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	240e:908:8003... 240e:908:8003:1:3::3fd	137698 (CHINATELE...) (CHINATELECOM-HEILONGJIANG-HANAN-IDC HaerbingHeilongjiang Province)
5	2606:4700:303... 2606:4700:3033::6815:2d41	13335 (CLOUDFLAR...) (CLOUDFLARENET)
15	4

8 2606:4700:3033::6815:3f0b (United States)

ASN13335 (CLOUDFLARENET, US)

hweb.wgnrt14.club	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 240e:908:8003:1:3::3fd (China)

ASN137698 (CHINATELECOM-HEILONGJIANG-HANAN-IDC HaerbingHeilongjiang Province, P.R.China., CN)

cdn.staticfile.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:3033::6815:2d41 (United States)

ASN13335 (CLOUDFLARENET, US)

119srv.anscxnyfrtg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	wgnrt14.club hweb.wgnrt14.club	168 KB
5	anscxnyfrtg.com 119srv.anscxnyfrtg.com	11 KB
1	staticfile.org cdn.staticfile.org — Cisco Umbrella Rank: 55793	33 KB
0	whatsapp.com Failed web.whatsapp.com Failed
15	4

	Domain	Requested by
8	hweb.wgnrt14.club	hweb.wgnrt14.club
5	119srv.anscxnyfrtg.com
1	cdn.staticfile.org	hweb.wgnrt14.club
0	web.whatsapp.com Failed	hweb.wgnrt14.club
15	4

This site contains links to these domains. Also see Links.

Domain
whaydf.yexap.site
faq.whatsapp.com

Subject Issuer	Validity	Valid
wgnrt14.club GTS CA 1P5	`2023-08-20` - `2023-11-18`	3 months	crt.sh
*.staticfile.org GeoTrust RSA CN CA G2	`2022-09-05` - `2023-10-03`	a year	crt.sh
anscxnyfrtg.com GTS CA 1P5	`2023-08-04` - `2023-11-02`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://hweb.wgnrt14.club/
Frame ID: 85586DA4630177CD57D3010A8B0781A0
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

WhatsApp

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

15
Requests

93 %
HTTPS

100 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

212 kB
Transfer

697 kB
Size

0
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://whaydf.yexap.site/
Title: WhatsApp 客户端下载

Search URL Search Domain Scan URL

URL: https://faq.whatsapp.com/1317564962315842?lang=en
Title: Need help to get started?

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response hweb.wgnrt14.club/	25 KB 10 KB	300ms 173ms	Document text/html	2606:4700:3033::6815:3f0b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hweb.wgnrt14.club/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::6815:3f0b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `96d9214dcec77566751901db1cfd44bd4176f5b3750e9786033f1390a46a5cc9` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 accept-language en-US,en;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 7fac239a3a394bc6-BUF content-encoding br content-type text/html date Tue, 22 Aug 2023 15:27:18 GMT last-modified Sat, 19 Aug 2023 08:42:48 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bxMb9bvDKdsyUoztX114D9ueUGbpYlhNQOhLicbqKy4OZQHP1EcaNs19DC6Jg9hhsmn28TamrA511wJ88e4nyH5ZC1vLxroc8nIym4mRs0JpYX1pjOsLoGOrII3Dg%2Bj9w4DrZIQ3eDziAz7djRT9XA%3D%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H/1.1	200 OK	jquery.min.js Show response cdn.staticfile.org/jquery/1.10.2/	91 KB 33 KB	2046ms 270ms	Script application/javascript	240e:908:8003:1:3::3fd CHINATELECOM-HEIL...
General Check archive.org Show headers Download Go to Full URL https://cdn.staticfile.org/jquery/1.10.2/jquery.min.js Requested by Host: hweb.wgnrt14.club URL: https://hweb.wgnrt14.club/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 240e:908:8003:1:3::3fd , China, ASN137698 (CHINATELECOM-HEILONGJIANG-HANAN-IDC HaerbingHeilongjiang Province, P.R.China., CN), Reverse DNS Software Tengine / Resource Hash `89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e` Request headers accept-language en-US,en;q=0.9 Referer https://hweb.wgnrt14.club/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers X-Log X-Log Date Mon, 21 Aug 2023 16:12:12 GMT Via cache52.l2cn3102[0,0,304-0,H], cache68.l2cn3102[0,0], vcache10.cn3465[0,0,200-0,H], vcache25.cn3465[2,0] Content-Encoding gzip X-Svr IO X-Reqid fr4AAADrQzj1cX0X Age 83707 X-Swift-CacheTime 86366 X-Cache HIT TCP_MEM_HIT dirn:11:256307308 Content-Transfer-Encoding binary Content-Disposition inline; filename="jquery.min.js"; filename=utf-8''jquery.min.js Connection* keep-alive X-Swift-SaveTime Mon, 21 Aug 2023 16:12:47 GMT Content-Length 32989 Last-Modified Tue, 16 Feb 2016 04:22:54 GMT Server Tengine Etag "FuLzYD4jcR9kRvJ4pBHZBWI9ZSAe.gz" Access-Control-Max-Age 2592000 Vary Accept-Encoding Content-Type application/javascript Access-Control-Allow-Origin * Ali-Swift-Global-Savetime 1692634333 Access-Control-Expose-Headers X-Log, X-Reqid Cache-Control public, max-age=31536000 Accept-Ranges bytes X-Qiniu-Zone 0 Timing-Allow-Origin * EagleId 2a65002d16927180401858935e
GET H2	404	qrcode.min.js hweb.wgnrt14.club/	0 0	180ms 176ms	Script text/html	2606:4700:3033::6815:3f0b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hweb.wgnrt14.club/qrcode.min.js Requested by Host: hweb.wgnrt14.club URL: https://hweb.wgnrt14.club/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::6815:3f0b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers accept-language en-US,en;q=0.9 Referer https://hweb.wgnrt14.club/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Tue, 22 Aug 2023 15:27:18 GMT content-encoding br cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ctvx0X5UZqZRMh79pQ4Kavy3UcnIGsFCKrMficXVYP42mB1iiIeEHGlJybk1aqWGXrnb7BuRiBXeC7egXD6cDnKoI4lLxre27JdguLElInoIVCLnzxLiQcDEYfRk4vgm08CWy%2B2CFdxMN%2B%2FCqWuJJg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html cache-control max-age=14400 cf-ray 7fac239b5a444bc6-BUF alt-svc h3=":443"; ma=86400
GET H2	200	stylex-ce269a9819ee8f292840728689a22cc5.css hweb.wgnrt14.club/WhatsApp_files/	175 KB 43 KB	341ms 338ms	Stylesheet text/css	2606:4700:3033::6815:3f0b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hweb.wgnrt14.club/WhatsApp_files/stylex-ce269a9819ee8f292840728689a22cc5.css Requested by Host: hweb.wgnrt14.club URL: https://hweb.wgnrt14.club/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::6815:3f0b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `775fafc214e32a36e2a39e694322fed097e37d964c9dce65663655b64492d068` Request headers accept-language en-US,en;q=0.9 Referer https://hweb.wgnrt14.club/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Tue, 22 Aug 2023 15:27:18 GMT content-encoding br cf-cache-status MISS last-modified Thu, 17 Aug 2023 19:08:16 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"64de7020-2bb72" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2dr2SnaDF5sIX3zorBXuLO8qNZI6t0a3walLt966%2B1q2Y%2Blpx1PIEljpxcoan38IyJUq%2B1Kyf35TdtKRbGJe%2BOeLgo5v6Qqa8e64o0OiOm%2B3MrP9DKOOD%2BWZ4%2F%2FHIFFmZ%2FGJOeY57vfidb%2FZzwBnVg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=43200 cf-ray 7fac239b5a434bc6-BUF alt-svc h3=":443"; ma=86400 expires Wed, 23 Aug 2023 03:27:18 GMT
GET H2	200	app-6d34864fd47903428794.css hweb.wgnrt14.club/WhatsApp_files/	187 KB 57 KB	311ms 309ms	Stylesheet text/css	2606:4700:3033::6815:3f0b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hweb.wgnrt14.club/WhatsApp_files/app-6d34864fd47903428794.css Requested by Host: hweb.wgnrt14.club URL: https://hweb.wgnrt14.club/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::6815:3f0b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `69acbe3d7c92af1a509b7351cabfac35b356c18eef8c9299f5ac354acfdba079` Request headers accept-language en-US,en;q=0.9 Referer https://hweb.wgnrt14.club/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Tue, 22 Aug 2023 15:27:18 GMT content-encoding br cf-cache-status MISS last-modified Thu, 17 Aug 2023 19:08:09 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"64de7019-2eab4" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zvhEFpDhFPf1XPRYLPD00tEy9snJGkbYBT4%2ByUeMub%2FmYlqXyy1B78GDjGpS%2BVB%2F4SVIsDBQbcwD%2FX6LBdkvhR9ksT0RW1FeurUjaATSYXTGLL7aB9dGCaKjC5vUD4n6C4z6nEXgw4kKalQDBccxhQ%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=43200 cf-ray 7fac239b5a454bc6-BUF alt-svc h3=":443"; ma=86400 expires Wed, 23 Aug 2023 03:27:18 GMT
GET H2	200	main~.b66100b3486cd1857cd3.css hweb.wgnrt14.club/WhatsApp_files/	21 KB 5 KB	108ms 105ms	Stylesheet text/css	2606:4700:3033::6815:3f0b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hweb.wgnrt14.club/WhatsApp_files/main~.b66100b3486cd1857cd3.css Requested by Host: hweb.wgnrt14.club URL: https://hweb.wgnrt14.club/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::6815:3f0b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `8a636dbd66666f13902713e7bc7d2e1cab497b299f533495759a2c68c459c5a4` Request headers accept-language en-US,en;q=0.9 Referer https://hweb.wgnrt14.club/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Tue, 22 Aug 2023 15:27:18 GMT content-encoding br cf-cache-status MISS last-modified Thu, 17 Aug 2023 19:08:14 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"64de701e-55b9" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cWHZ5nNkNjNl6uyxkClrA2y68lFOt272aKiCIYUcqtUfvP51oaKMdvf13bc%2BU6m4CBlDk2EQlAhnWsk4g3340XRblERFd195zsONJZQPh4Nz73vgq0WUxvIKvSZuaHMb%2BPCtR9x6Jwiz7Wffma4XNA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=43200 cf-ray 7fac239b5a464bc6-BUF alt-svc h3=":443"; ma=86400 expires Wed, 23 Aug 2023 03:27:18 GMT
GET H2	200	main.fdf0caa2786c3269572d.css hweb.wgnrt14.club/WhatsApp_files/	150 KB 30 KB	246ms 244ms	Stylesheet text/css	2606:4700:3033::6815:3f0b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hweb.wgnrt14.club/WhatsApp_files/main.fdf0caa2786c3269572d.css Requested by Host: hweb.wgnrt14.club URL: https://hweb.wgnrt14.club/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::6815:3f0b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `79acde4aa0ad3feafd96271141640066d0c52c050724b13272b1ca3d6930f8d1` Request headers accept-language en-US,en;q=0.9 Referer https://hweb.wgnrt14.club/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Tue, 22 Aug 2023 15:27:18 GMT content-encoding br cf-cache-status MISS last-modified Thu, 17 Aug 2023 19:08:14 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"64de701e-257df" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uT9qvSrgCEU3G5WJju5MHQ4tAyP%2B15EM0YJYZwEajcDZ%2FaxL0ytKamjqOeObz7BfBqwq30xnnVpi67VT%2BDc6Hzx9Jx1MMbwpoGL93hPiWWZqX6ptC7CdkPf4vU5tQPlmMQ2%2BY7GMAau7725Zr0pGNg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=43200 cf-ray 7fac239b5a474bc6-BUF alt-svc h3=":443"; ma=86400 expires Wed, 23 Aug 2023 03:27:18 GMT
GET H3	200	qr-video_0c6ec69b054fdeb31cf3e5e10290fd8e.png hweb.wgnrt14.club/WhatsApp_files/	16 KB 16 KB	240ms 239ms	Image image/png	2606:4700:3033::6815:3f0b CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://hweb.wgnrt14.club/WhatsApp_files/qr-video_0c6ec69b054fdeb31cf3e5e10290fd8e.png Requested by Host: hweb.wgnrt14.club URL: https://hweb.wgnrt14.club/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3033::6815:3f0b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d980ab372658f4c7c8f07d730ef6dc67e3fb3471f37928274f915c0308850994` Request headers Referer https://hweb.wgnrt14.club/ Origin https://hweb.wgnrt14.club accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Tue, 22 Aug 2023 15:27:19 GMT cf-cache-status MISS last-modified Thu, 17 Aug 2023 19:08:15 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "64de701f-3f83" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=704TsLVASziuvSXYxmmYu5adEaDuoTnj6cVQvEQ40KrNN4%2Fx5sFw0JdWQboqwrB9CETXltUJvof3QFYRbEkHe9zW%2FK2PRCyrTaZkAOtYhfY0Jk8iERx%2F7Q4wTB%2Fl1lFu27IE8gLZsFv1If4yeKUDrg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=2592000 accept-ranges bytes cf-ray 7fac239eaf084bd8-BUF alt-svc h3=":443"; ma=86400 content-length 16259 expires Thu, 21 Sep 2023 15:27:18 GMT
GET		binary-transparency-manifest-2.2325.3.json web.whatsapp.com/	0 0

GET H3	200	main.js Show response hweb.wgnrt14.club/	24 KB 8 KB	178ms 177ms	Script application/javascript	2606:4700:3033::6815:3f0b CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://hweb.wgnrt14.club/main.js?ver=7.15 Requested by Host: hweb.wgnrt14.club URL: https://hweb.wgnrt14.club/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3033::6815:3f0b , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d1b03d51502bb6f110457df631770285eaea8e4dde3f3c937e580d1a425fe111` Request headers accept-language en-US,en;q=0.9 Referer https://hweb.wgnrt14.club/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Tue, 22 Aug 2023 15:27:18 GMT content-encoding br cf-cache-status MISS last-modified Sat, 19 Aug 2023 08:42:36 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"64e0807c-5fa7" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YqtHVgTqK%2FgNXb6yvVbZNxOnxyJIcD4Poe0KYjOEiQOwHh2ZSqjdfRb5TlCwxylQQQQG72J2UUmwAgDFjaV9mta6b36aIi%2Fp0Oe2Se%2Fm8nfaczhoNR4jvZ%2Bi7TqTfcPKAXYoDFTQB0akv8GNC40c%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=43200 cf-ray 7fac239d8f034bd8-BUF alt-svc h3=":443"; ma=86400 expires Wed, 23 Aug 2023 03:27:18 GMT
GET H3	200	bcb98ecd-3f8b-4cf6-bfe1-ab43842d69b8.png 119srv.anscxnyfrtg.com/qrcodes/	2 KB 2 KB	536ms 467ms	Image image/png	2606:4700:3033::6815:2d41 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://119srv.anscxnyfrtg.com/qrcodes/bcb98ecd-3f8b-4cf6-bfe1-ab43842d69b8.png?1692718041657 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3033::6815:2d41 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `95f6244de991d0db5e08428acc80bf4ac27b7555a137889814f5663e94152dc0` Request headers accept-language en-US,en;q=0.9 Referer https://hweb.wgnrt14.club/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Tue, 22 Aug 2023 15:27:22 GMT cf-cache-status MISS last-modified Tue, 22 Aug 2023 15:27:11 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by Express etag W/"6af-18a1ddb6286" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=phrkYpMujDynIZLwhq3jd22bGVgQkXOzUiCvCWNM7VSO7iA8arB1rXGho2GYB7O3Mh8Zc6QyoMrTKQ4UYZgD%2FYtk%2FK0CU8UZLgy5KbyLmUMNvz%2BiOumXYWzo3WOcBYKziLHKviLjf6dRi8u4sySrW%2BGKrzDu"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=14400 accept-ranges bytes cf-ray 7fac23b0e9fd4bd2-BUF alt-svc h3=":443"; ma=86400 content-length 1711
GET H3	200	bcb98ecd-3f8b-4cf6-bfe1-ab43842d69b8.png 119srv.anscxnyfrtg.com/qrcodes/	2 KB 2 KB	460ms 459ms	Image image/png	2606:4700:3033::6815:2d41 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://119srv.anscxnyfrtg.com/qrcodes/bcb98ecd-3f8b-4cf6-bfe1-ab43842d69b8.png?1692718044663 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3033::6815:2d41 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `95f6244de991d0db5e08428acc80bf4ac27b7555a137889814f5663e94152dc0` Request headers accept-language en-US,en;q=0.9 Referer https://hweb.wgnrt14.club/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Tue, 22 Aug 2023 15:27:25 GMT cf-cache-status MISS last-modified Tue, 22 Aug 2023 15:27:11 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by Express etag W/"6af-18a1ddb6286" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=efoF8bTOVK6eV1JqLJ3hfkRsSlmFukSqO%2FSj7CDmGXLm0NYxxfTvY00tTzDksBmkHNhp1%2B4rEE01601oSBTNat9LpBmygXpJk9GwX1bK%2BSkayG9eMjDJsABAgy89Q%2BpLIvqMf5NUtLPNC8X1zhLMT1d48dns"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=14400 accept-ranges bytes cf-ray 7fac23c33b054bd2-BUF alt-svc h3=":443"; ma=86400 content-length 1711
GET H3	200	bcb98ecd-3f8b-4cf6-bfe1-ab43842d69b8.png 119srv.anscxnyfrtg.com/qrcodes/	2 KB 2 KB	461ms 461ms	Image image/png	2606:4700:3033::6815:2d41 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://119srv.anscxnyfrtg.com/qrcodes/bcb98ecd-3f8b-4cf6-bfe1-ab43842d69b8.png?1692718047663 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3033::6815:2d41 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `95f6244de991d0db5e08428acc80bf4ac27b7555a137889814f5663e94152dc0` Request headers accept-language en-US,en;q=0.9 Referer https://hweb.wgnrt14.club/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Tue, 22 Aug 2023 15:27:28 GMT cf-cache-status MISS last-modified Tue, 22 Aug 2023 15:27:11 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by Express etag W/"6af-18a1ddb6286" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jxDYEpTRr4%2BxOkSfXSuAj2XOlAZ1EUKkqQVmITUXcC3%2BOfx%2FnvC05H9pL%2BLjpYTGFU%2F7ZZyypmjmvtqfJcYz7cT8L%2BOmHf0NuMp6jnDupWATReqy%2FrqYjejPQYUSprQPU6N3W5uQuapv5p7KbYPDZX7QAoqJ"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=14400 accept-ranges bytes cf-ray 7fac23d5fbaf4bd2-BUF alt-svc h3=":443"; ma=86400 content-length 1711
GET H3	200	bcb98ecd-3f8b-4cf6-bfe1-ab43842d69b8.png 119srv.anscxnyfrtg.com/qrcodes/	2 KB 2 KB	493ms 471ms	Image image/png	2606:4700:3033::6815:2d41 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://119srv.anscxnyfrtg.com/qrcodes/bcb98ecd-3f8b-4cf6-bfe1-ab43842d69b8.png?1692718050663 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3033::6815:2d41 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `95f6244de991d0db5e08428acc80bf4ac27b7555a137889814f5663e94152dc0` Request headers accept-language en-US,en;q=0.9 Referer https://hweb.wgnrt14.club/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Tue, 22 Aug 2023 15:27:31 GMT cf-cache-status MISS last-modified Tue, 22 Aug 2023 15:27:11 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by Express etag W/"6af-18a1ddb6286" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uLoyfYwGt0gifHW6Czk4aSiXJVc8ZzWQTyF%2Br%2FqXvk1FhvVV%2BUa5G2wEXsifDxHVaZx14fwNl%2FXU2vkOapzsDA%2BK%2F6NDCJBRUA4aKngjBHVY%2F0Z9PfW0pvURO%2BI1VSpXfqWmt7EHrHNUkAqpKgfQ2yN8kALK"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=14400 accept-ranges bytes cf-ray 7fac23e8fc844bd2-BUF alt-svc h3=":443"; ma=86400 content-length 1711
GET H3	200	bcb98ecd-3f8b-4cf6-bfe1-ab43842d69b8.png 119srv.anscxnyfrtg.com/qrcodes/	2 KB 2 KB	462ms 461ms	Image image/png	2606:4700:3033::6815:2d41 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://119srv.anscxnyfrtg.com/qrcodes/bcb98ecd-3f8b-4cf6-bfe1-ab43842d69b8.png?1692718053663 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3033::6815:2d41 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `f2db433e8f34a153a8eb4dc04cca2e327643331ba635737313b81cbd378d4a39` Request headers accept-language en-US,en;q=0.9 Referer https://hweb.wgnrt14.club/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Tue, 22 Aug 2023 15:27:34 GMT cf-cache-status MISS last-modified Tue, 22 Aug 2023 15:27:31 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by Express etag W/"6b6-18a1ddbb0aa" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3L4Jt1CrxPgDw4adS%2BQARNJnZ2WrYHNRH6wUGDxNI3XU1kmCzsRYLXpHK2DTa46sByAjWt8y0rng4vdUO4KXHQcr76m%2BrBJDA3hfLH9ZOXy%2BeaPazae1056%2FlRkwNNpK3OalNtD2wkNQbPi9%2BlpvJhHWwe9i"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=14400 accept-ranges bytes cf-ray 7fac23fb7da14bd2-BUF alt-svc h3=":443"; ma=86400 content-length 1718

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: web.whatsapp.com
URL: https://web.whatsapp.com/binary-transparency-manifest-2.2325.3.json

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WhatsApp (Instant Messenger)

27 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://hweb.wgnrt14.club/qrcode.min.js Message: Failed to load resource: the server responded with a status of 404 ()
javascript	error	URL: https://hweb.wgnrt14.club/ Message: Access to link element resource at 'https://web.whatsapp.com/binary-transparency-manifest-2.2325.3.json' from origin 'https://hweb.wgnrt14.club' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://web.whatsapp.com/binary-transparency-manifest-2.2325.3.json Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

119srv.anscxnyfrtg.com
cdn.staticfile.org
hweb.wgnrt14.club
web.whatsapp.com
web.whatsapp.com
240e:908:8003:1:3::3fd
2606:4700:3033::6815:2d41
2606:4700:3033::6815:3f0b
69acbe3d7c92af1a509b7351cabfac35b356c18eef8c9299f5ac354acfdba079
775fafc214e32a36e2a39e694322fed097e37d964c9dce65663655b64492d068
79acde4aa0ad3feafd96271141640066d0c52c050724b13272b1ca3d6930f8d1
89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e
8a636dbd66666f13902713e7bc7d2e1cab497b299f533495759a2c68c459c5a4
95f6244de991d0db5e08428acc80bf4ac27b7555a137889814f5663e94152dc0
96d9214dcec77566751901db1cfd44bd4176f5b3750e9786033f1390a46a5cc9
d1b03d51502bb6f110457df631770285eaea8e4dde3f3c937e580d1a425fe111
d980ab372658f4c7c8f07d730ef6dc67e3fb3471f37928274f915c0308850994
f2db433e8f34a153a8eb4dc04cca2e327643331ba635737313b81cbd378d4a39

hweb.wgnrt14.club Open in urlscan Pro 2606:4700:3033::6815:3f0b Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

15 Requests

93 %HTTPS

100 %IPv6

4 Domains

4 Subdomains

4 IPs

2 Countries

212 kBTransfer

697 kBSize

0 Cookies

2 Outgoing links

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

27 JavaScript Global Variables

0 Cookies

3 Console Messages

Indicators

hweb.wgnrt14.club Open in urlscan Pro
2606:4700:3033::6815:3f0b Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

93 %
HTTPS

100 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

212 kB
Transfer

697 kB
Size

0
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!