yweb.wfgrrr.club Open in urlscan Pro
2606:4700:3036::ac43:8bf4 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.googleadservices.com/pagead/aclk?adurl=&ai=DChcSEwjD1OOo8NSAAxULpZYKHZWNB9EYABAAGgJ0bA&cid=CAASJeRozWLBqfgyzFZdgF6BDS...
Effective URL:
https://yweb.wfgrrr.club/?gclid=EAIaIQobChMIw9TjqPDUgAMVC6WWCh2VjQfREAMYASAAEgKMJvD_BwE
Submission: On August 22 via api (August 22nd 2023, 9:11:15 pm UTC) from US — Scanned from US

Summary HTTP 12 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 5 domains to perform 12 HTTP transactions. The main IP is 2606:4700:3036::ac43:8bf4, located in United States and belongs to CLOUDFLARENET, US. The main domain is yweb.wfgrrr.club.
TLS certificate: Issued by GTS CA 1P5 on August 9th 2023. Valid for: 3 months.

This is the only time yweb.wfgrrr.club was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: WhatsApp (Instant Messenger)

Domain & IP information

	IP Address	AS Autonomous System
1 1	172.217.13.194 172.217.13.194	15169 (GOOGLE) (GOOGLE)
8	2606:4700:303... 2606:4700:3036::ac43:8bf4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	240e:908:8003... 240e:908:8003:1:3::3fd	137698 (CHINATELE...) (CHINATELECOM-HEILONGJIANG-HANAN-IDC HaerbingHeilongjiang Province)
2	2606:4700:303... 2606:4700:3033::6815:2d41	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	4

1 172.217.13.194 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: yul03s05-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700:3036::ac43:8bf4 (United States)

ASN13335 (CLOUDFLARENET, US)

yweb.wfgrrr.club	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 240e:908:8003:1:3::3fd (China)

ASN137698 (CHINATELECOM-HEILONGJIANG-HANAN-IDC HaerbingHeilongjiang Province, P.R.China., CN)

cdn.staticfile.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3033::6815:2d41 (United States)

ASN13335 (CLOUDFLARENET, US)

16srv.anscxnyfrtg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	wfgrrr.club yweb.wfgrrr.club	168 KB
2	anscxnyfrtg.com 16srv.anscxnyfrtg.com	4 KB
1	staticfile.org cdn.staticfile.org — Cisco Umbrella Rank: 55793	33 KB
1	googleadservices.com 1 redirects www.googleadservices.com — Cisco Umbrella Rank: 157	724 B
0	whatsapp.com Failed web.whatsapp.com Failed
12	5

	Domain	Requested by
8	yweb.wfgrrr.club	yweb.wfgrrr.club
2	16srv.anscxnyfrtg.com
1	cdn.staticfile.org	yweb.wfgrrr.club
1	www.googleadservices.com	1 redirects
0	web.whatsapp.com Failed	yweb.wfgrrr.club
12	5

This site contains links to these domains. Also see Links.

Domain
whaydf.yexap.site
faq.whatsapp.com

Subject Issuer	Validity	Valid
wfgrrr.club GTS CA 1P5	`2023-08-09` - `2023-11-07`	3 months	crt.sh
*.staticfile.org GeoTrust RSA CN CA G2	`2022-09-05` - `2023-10-03`	a year	crt.sh
anscxnyfrtg.com GTS CA 1P5	`2023-08-04` - `2023-11-02`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://yweb.wfgrrr.club/?gclid=EAIaIQobChMIw9TjqPDUgAMVC6WWCh2VjQfREAMYASAAEgKMJvD_BwE
Frame ID: 9045F826FCED0666E686B85B100FBA5B
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

WhatsApp

Page URL History Show full URLs

https://www.googleadservices.com/pagead/aclk?adurl=&ai=DChcSEwjD1OOo8NSAAxULpZYKHZWNB9EYABAAGgJ0bA&cid=CAASJe... HTTP 302
https://yweb.wfgrrr.club/?gclid=EAIaIQobChMIw9TjqPDUgAMVC6WWCh2VjQfREAMYASAAEgKMJvD_BwE Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

12
Requests

92 %
HTTPS

75 %
IPv6

5
Domains

5
Subdomains

4
IPs

2
Countries

205 kB
Transfer

691 kB
Size

1
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://whaydf.yexap.site/
Title: WhatsApp 客户端下载

Search URL Search Domain Scan URL

URL: https://faq.whatsapp.com/1317564962315842?lang=en
Title: Need help to get started?

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.googleadservices.com/pagead/aclk?adurl=&ai=DChcSEwjD1OOo8NSAAxULpZYKHZWNB9EYABAAGgJ0bA&cid=CAASJeRozWLBqfgyzFZdgF6BDSD_-lPCqAVlBey94yDsC53wKR_A8kw&gclid=EAIaIQobChMIw9TjqPDUgAMVC6WWCh2VjQfREAMYASAAEgKMJvD_BwE&ohost=www.google.com&q=&sa=L&sig=AOD64_3L49TEva19yd-RZHgi19cS3ovH9A&ved=2ahUKEwinsd2o8NSAAxWem1YBHSqFAUUQ0Qx6BAgGEAE HTTP 302
https://yweb.wfgrrr.club/?gclid=EAIaIQobChMIw9TjqPDUgAMVC6WWCh2VjQfREAMYASAAEgKMJvD_BwE Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response yweb.wfgrrr.club/ Redirect Chain https://www.googleadservices.com/pagead/aclk?adurl=&ai=DChcSEwjD1OOo8NSAAxULpZYKHZWNB9EYABAAGgJ0bA&cid=CAASJeRozWLBqfgyzFZdgF6BDSD_-lPCqAVlBey94yDsC53wKR_A8kw&gclid=EAIaIQobChMIw9TjqPDUgAMVC6WWCh2V... https://yweb.wfgrrr.club/?gclid=EAIaIQobChMIw9TjqPDUgAMVC6WWCh2VjQfREAMYASAAEgKMJvD_BwE	25 KB 10 KB	174ms 154ms	Document text/html	2606:4700:3036::ac43:8bf4 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://yweb.wfgrrr.club/?gclid=EAIaIQobChMIw9TjqPDUgAMVC6WWCh2VjQfREAMYASAAEgKMJvD_BwE Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::ac43:8bf4 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `9295a6ed18d9d2b4862a98086cd85f881656426850489e30849de791b6dd6191` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 accept-language en-US,en;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 7fae1b46b9d90f85-EWR content-encoding br content-type text/html date Tue, 22 Aug 2023 21:11:08 GMT last-modified Sat, 19 Aug 2023 08:48:50 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tIOLtCBsACZTgxbu345qyYtF0IrSWTEIpF0WSeEDYrJBVt%2Bk9Yf0SpWEwxM0UCOB%2B3DXx%2BxR1oRACL7bAI9JDO57mPjP5yxb579xByoHWPdmCC4OkbcYRW3%2FPb1gx%2FHG%2FSaBxqaztUnTDf7oV8oW"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding Redirect headers accept-ch Sec-CH-UA-Platform Sec-CH-UA-Platform-Version Sec-CH-UA-Full-Version Sec-CH-UA-Arch Sec-CH-UA-Model Sec-CH-UA-Bitness Sec-CH-UA-Full-Version-List Sec-CH-UA-WoW64 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control no-cache, must-revalidate content-length 0 content-type text/html; charset=UTF-8 date Tue, 22 Aug 2023 21:11:08 GMT expires Fri, 01 Jan 1990 00:00:00 GMT location https://yweb.wfgrrr.club/?gclid=EAIaIQobChMIw9TjqPDUgAMVC6WWCh2VjQfREAMYASAAEgKMJvD_BwE p3p policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" pragma no-cache server adclick_server x-content-type-options nosniff x-xss-protection 0
GET H/1.1	200 OK	jquery.min.js Show response cdn.staticfile.org/jquery/1.10.2/	91 KB 33 KB	883ms 257ms	Script application/javascript	240e:908:8003:1:3::3fd CHINATELECOM-HEIL...
General Check archive.org Show headers Download Go to Full URL https://cdn.staticfile.org/jquery/1.10.2/jquery.min.js Requested by Host: yweb.wfgrrr.club URL: https://yweb.wfgrrr.club/?gclid=EAIaIQobChMIw9TjqPDUgAMVC6WWCh2VjQfREAMYASAAEgKMJvD_BwE Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 240e:908:8003:1:3::3fd , China, ASN137698 (CHINATELECOM-HEILONGJIANG-HANAN-IDC HaerbingHeilongjiang Province, P.R.China., CN), Reverse DNS Software Tengine / Resource Hash `89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e` Request headers accept-language en-US,en;q=0.9 Referer https://yweb.wfgrrr.club/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers X-Log X-Log Date Tue, 22 Aug 2023 16:12:15 GMT Via cache52.l2cn3102[46,45,304-0,M], cache4.l2cn3102[47,0], vcache10.cn3465[0,0,200-0,H], vcache18.cn3465[1,0] Content-Encoding gzip X-Svr IO X-Reqid iDYAAAB8a3OKwH0X Age 17934 X-Swift-CacheTime 86400 X-Cache HIT TCP_MEM_HIT dirn:11:256307308 Content-Transfer-Encoding binary Content-Disposition inline; filename="jquery.min.js"; filename=utf-8''jquery.min.js Connection* keep-alive X-Swift-SaveTime Tue, 22 Aug 2023 16:12:15 GMT Content-Length 32989 Last-Modified Tue, 16 Feb 2016 04:22:54 GMT Server Tengine Etag "FuLzYD4jcR9kRvJ4pBHZBWI9ZSAe.gz" Access-Control-Max-Age 2592000 Vary Accept-Encoding Content-Type application/javascript Access-Control-Allow-Origin * Ali-Swift-Global-Savetime 1692720735 Access-Control-Expose-Headers X-Log, X-Reqid Cache-Control public, max-age=31536000 Accept-Ranges bytes X-Qiniu-Zone 0 Timing-Allow-Origin * EagleId 2a65002616927386696456362e
GET H2	404	qrcode.min.js yweb.wfgrrr.club/	0 0	153ms 151ms	Script text/html	2606:4700:3036::ac43:8bf4 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://yweb.wfgrrr.club/qrcode.min.js Requested by Host: yweb.wfgrrr.club URL: https://yweb.wfgrrr.club/?gclid=EAIaIQobChMIw9TjqPDUgAMVC6WWCh2VjQfREAMYASAAEgKMJvD_BwE Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::ac43:8bf4 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers accept-language en-US,en;q=0.9 Referer https://yweb.wfgrrr.club/?gclid=EAIaIQobChMIw9TjqPDUgAMVC6WWCh2VjQfREAMYASAAEgKMJvD_BwE User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Tue, 22 Aug 2023 21:11:09 GMT content-encoding br cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=25FLRNlM0M3HW1O%2FWz383E6wAsM5KgPuaG7Q2efvndmvgELbqHlJ0Pe0eNeszPNSf3gHl6HY0ubnCbdc5UUKIFQ2S9odSSaBnDhmt2tuqyLi1r2tV8Uom9%2Fn3I5r1auODUQU3BTHWZfgholKLbC5"}],"group":"cf-nel","max_age":604800} content-type text/html cache-control max-age=14400 cf-ray 7fae1b48bb9f0f85-EWR alt-svc h3=":443"; ma=86400
GET H2	200	stylex-ce269a9819ee8f292840728689a22cc5.css yweb.wfgrrr.club/WhatsApp_files/	175 KB 43 KB	310ms 308ms	Stylesheet text/css	2606:4700:3036::ac43:8bf4 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://yweb.wfgrrr.club/WhatsApp_files/stylex-ce269a9819ee8f292840728689a22cc5.css Requested by Host: yweb.wfgrrr.club URL: https://yweb.wfgrrr.club/?gclid=EAIaIQobChMIw9TjqPDUgAMVC6WWCh2VjQfREAMYASAAEgKMJvD_BwE Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::ac43:8bf4 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `775fafc214e32a36e2a39e694322fed097e37d964c9dce65663655b64492d068` Request headers accept-language en-US,en;q=0.9 Referer https://yweb.wfgrrr.club/?gclid=EAIaIQobChMIw9TjqPDUgAMVC6WWCh2VjQfREAMYASAAEgKMJvD_BwE User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Tue, 22 Aug 2023 21:11:09 GMT content-encoding br cf-cache-status MISS last-modified Thu, 17 Aug 2023 19:01:45 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"64de6e99-2bb72" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fEtN%2Bfosl7UGHzIC98P%2F%2BxW1cIeoTcC9y4Rml416P5jsvKffPdSdW%2FtlS1A62YjfCshzny60Hk1L%2BaaB6FQUBXMWGRI%2Fi7IpBJgGXok%2BQPgzFbBuwSfxQYA099KnYd4Tfj9YmBgKkn8ecCOi%2FxVm"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=43200 cf-ray 7fae1b48bb9b0f85-EWR alt-svc h3=":443"; ma=86400 expires Wed, 23 Aug 2023 09:11:09 GMT
GET H2	200	app-6d34864fd47903428794.css yweb.wfgrrr.club/WhatsApp_files/	187 KB 56 KB	313ms 311ms	Stylesheet text/css	2606:4700:3036::ac43:8bf4 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://yweb.wfgrrr.club/WhatsApp_files/app-6d34864fd47903428794.css Requested by Host: yweb.wfgrrr.club URL: https://yweb.wfgrrr.club/?gclid=EAIaIQobChMIw9TjqPDUgAMVC6WWCh2VjQfREAMYASAAEgKMJvD_BwE Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::ac43:8bf4 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `69acbe3d7c92af1a509b7351cabfac35b356c18eef8c9299f5ac354acfdba079` Request headers accept-language en-US,en;q=0.9 Referer https://yweb.wfgrrr.club/?gclid=EAIaIQobChMIw9TjqPDUgAMVC6WWCh2VjQfREAMYASAAEgKMJvD_BwE User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Tue, 22 Aug 2023 21:11:09 GMT content-encoding br cf-cache-status MISS last-modified Thu, 17 Aug 2023 19:01:35 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"64de6e8f-2eab4" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CqAXpuvMrPJ1bTnjn33BCwLvxSrBp5RLp8UfETYkQase9tewBJLBLtfrdmjATT0vH3o1HvDACPn1porDzTEGy1jU7OAESmpiQHnT3cDtTu2CsolEEt2xq%2BBurOVrGVFN9XEHWYiUuQJ9b3DoduiA"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=43200 cf-ray 7fae1b48bb9c0f85-EWR alt-svc h3=":443"; ma=86400 expires Wed, 23 Aug 2023 09:11:09 GMT
GET H2	200	main~.b66100b3486cd1857cd3.css yweb.wfgrrr.club/WhatsApp_files/	21 KB 5 KB	157ms 155ms	Stylesheet text/css	2606:4700:3036::ac43:8bf4 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://yweb.wfgrrr.club/WhatsApp_files/main~.b66100b3486cd1857cd3.css Requested by Host: yweb.wfgrrr.club URL: https://yweb.wfgrrr.club/?gclid=EAIaIQobChMIw9TjqPDUgAMVC6WWCh2VjQfREAMYASAAEgKMJvD_BwE Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::ac43:8bf4 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `8a636dbd66666f13902713e7bc7d2e1cab497b299f533495759a2c68c459c5a4` Request headers accept-language en-US,en;q=0.9 Referer https://yweb.wfgrrr.club/?gclid=EAIaIQobChMIw9TjqPDUgAMVC6WWCh2VjQfREAMYASAAEgKMJvD_BwE User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Tue, 22 Aug 2023 21:11:09 GMT content-encoding br cf-cache-status MISS last-modified Thu, 17 Aug 2023 19:01:43 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"64de6e97-55b9" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LVTAtDpQ5vYzy4iKDiTtjGtGb4JgnrCxlIhxuLcOXvnX8ELylxzmmh1QPuHGBw5FqOH5TVAjTHSBxr8fOQ9adV%2FvXinK2Qm8cxy0TYtpr8zqt7XMFE3ph5OdM9uUM%2Bx5oi2i4schExrPHNsc4xTY"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=43200 cf-ray 7fae1b48bb9e0f85-EWR alt-svc h3=":443"; ma=86400 expires Wed, 23 Aug 2023 09:11:09 GMT
GET H2	200	main.fdf0caa2786c3269572d.css yweb.wfgrrr.club/WhatsApp_files/	150 KB 30 KB	238ms 237ms	Stylesheet text/css	2606:4700:3036::ac43:8bf4 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://yweb.wfgrrr.club/WhatsApp_files/main.fdf0caa2786c3269572d.css Requested by Host: yweb.wfgrrr.club URL: https://yweb.wfgrrr.club/?gclid=EAIaIQobChMIw9TjqPDUgAMVC6WWCh2VjQfREAMYASAAEgKMJvD_BwE Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3036::ac43:8bf4 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `79acde4aa0ad3feafd96271141640066d0c52c050724b13272b1ca3d6930f8d1` Request headers accept-language en-US,en;q=0.9 Referer https://yweb.wfgrrr.club/?gclid=EAIaIQobChMIw9TjqPDUgAMVC6WWCh2VjQfREAMYASAAEgKMJvD_BwE User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Tue, 22 Aug 2023 21:11:09 GMT content-encoding br cf-cache-status MISS last-modified Thu, 17 Aug 2023 19:01:43 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"64de6e97-257df" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qiv0L76Poq9LdA5QqShUsHcd51LqC9HjdFjIk7GdoDGN4J%2BvDnnftFK02fxBdUnVQK%2FS0uK6S%2BLmApaKqt9w%2F%2BOyXEZG%2Bi56xCs%2FMMyVglOEujdkqEEgSvOiJjUIiRrP7p0qVZaXOLb8JZI00nBm"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=43200 cf-ray 7fae1b48bba00f85-EWR alt-svc h3=":443"; ma=86400 expires Wed, 23 Aug 2023 09:11:09 GMT
GET H3	200	qr-video_0c6ec69b054fdeb31cf3e5e10290fd8e.png yweb.wfgrrr.club/WhatsApp_files/	16 KB 16 KB	12ms 11ms	Image image/png	2606:4700:3036::ac43:8bf4 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://yweb.wfgrrr.club/WhatsApp_files/qr-video_0c6ec69b054fdeb31cf3e5e10290fd8e.png Requested by Host: yweb.wfgrrr.club URL: https://yweb.wfgrrr.club/?gclid=EAIaIQobChMIw9TjqPDUgAMVC6WWCh2VjQfREAMYASAAEgKMJvD_BwE Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:8bf4 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d980ab372658f4c7c8f07d730ef6dc67e3fb3471f37928274f915c0308850994` Request headers Referer https://yweb.wfgrrr.club/?gclid=EAIaIQobChMIw9TjqPDUgAMVC6WWCh2VjQfREAMYASAAEgKMJvD_BwE Origin https://yweb.wfgrrr.club accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Tue, 22 Aug 2023 21:11:09 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 3115 alt-svc h3=":443"; ma=86400 content-length 16259 last-modified Thu, 17 Aug 2023 19:01:44 GMT server cloudflare etag "64de6e98-3f83" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sqB9X1gPBn4yTXKyiNcRc3d0o5Z7bWlFILJlsJqNGEo0wCKaZDbjN4vr1aSXqAol3HpTgRLw6FazYTGHAf4vJIYKeVJ0lsZaMryBdjMeRuVnDdAl8WFEMq6eG0VA7heKBRwCWFMfPLoTEFMr%2BuzK"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=2592000 accept-ranges bytes cf-ray 7fae1b4c8ca10f90-EWR expires Thu, 21 Sep 2023 20:19:14 GMT
GET		binary-transparency-manifest-2.2325.3.json web.whatsapp.com/	0 0

GET H3	200	main.js Show response yweb.wfgrrr.club/	23 KB 7 KB	13ms 13ms	Script application/javascript	2606:4700:3036::ac43:8bf4 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://yweb.wfgrrr.club/main.js?ver=7.15b Requested by Host: yweb.wfgrrr.club URL: https://yweb.wfgrrr.club/?gclid=EAIaIQobChMIw9TjqPDUgAMVC6WWCh2VjQfREAMYASAAEgKMJvD_BwE Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3036::ac43:8bf4 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `82ce4cc05c54c0f013f3d5de0ff009acd0e22ca0e050c94359271ac63a209e66` Request headers accept-language en-US,en;q=0.9 Referer https://yweb.wfgrrr.club/?gclid=EAIaIQobChMIw9TjqPDUgAMVC6WWCh2VjQfREAMYASAAEgKMJvD_BwE User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Tue, 22 Aug 2023 21:11:09 GMT content-encoding br cf-cache-status HIT last-modified Sat, 19 Aug 2023 08:48:41 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 3115 etag W/"64e081e9-5bac" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a%2FK4KU5s1I5v%2F7MeG7F8yUNCCgpQNjE0V%2BX%2Bjr7%2BYK36%2BMCAQzKYRoWmsrn2Z2%2BmKxSYmgruwB2kj8MWu7qnhV8ejwVARbx9cXecp%2BoyX6Z43HMqhWfp37aCP8BCN0Pw2q4OO9kbwkCYYLx65xHn"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=43200 cf-ray 7fae1b4aca4e0f90-EWR alt-svc h3=":443"; ma=86400 expires Wed, 23 Aug 2023 08:19:14 GMT
GET H3	200	4e622f01-ebd2-4359-9406-c7c59a1fcb76.png 16srv.anscxnyfrtg.com/qrcodes/	2 KB 2 KB	511ms 486ms	Image image/png	2606:4700:3033::6815:2d41 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://16srv.anscxnyfrtg.com/qrcodes/4e622f01-ebd2-4359-9406-c7c59a1fcb76.png?1692738670968 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3033::6815:2d41 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `15e47b08f52452e474196cb76245d8148cc8b04edfdd833ddf50bb685ae20cba` Request headers accept-language en-US,en;q=0.9 Referer https://yweb.wfgrrr.club/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Tue, 22 Aug 2023 21:11:11 GMT cf-cache-status MISS last-modified Tue, 22 Aug 2023 21:10:57 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by Express etag W/"6b8-18a1f161e29" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qWiKLKkqI5c2VB9k4yQNTFrQi%2F9Pcfor8EW6s8LQxsgjyeRCUw9yxY8REsMdRrABoCmreX8%2FyBT%2FZ%2BMxQX5cLyUL61VKMheRjme21dwV%2FH8zun7ZuW03rUGT4UkEB88OykpMNc9oHGfwQYa9veOqUH0riyo%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=14400 accept-ranges bytes cf-ray 7fae1b55ba481a28-EWR alt-svc h3=":443"; ma=86400 content-length 1720
GET H3	200	4e622f01-ebd2-4359-9406-c7c59a1fcb76.png 16srv.anscxnyfrtg.com/qrcodes/	2 KB 2 KB	490ms 490ms	Image image/png	2606:4700:3033::6815:2d41 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://16srv.anscxnyfrtg.com/qrcodes/4e622f01-ebd2-4359-9406-c7c59a1fcb76.png?1692738673970 Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3033::6815:2d41 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `15e47b08f52452e474196cb76245d8148cc8b04edfdd833ddf50bb685ae20cba` Request headers accept-language en-US,en;q=0.9 Referer https://yweb.wfgrrr.club/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36 Response headers date Tue, 22 Aug 2023 21:11:14 GMT cf-cache-status MISS last-modified Tue, 22 Aug 2023 21:10:57 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by Express etag W/"6b8-18a1f161e29" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mx0zW6u6IBE5OfAza3dtLWTx8nCWB7Lb4DWuT9XsEp0NH4wohGxZ300Yc8Ye8ZEbON%2BKvtTsFrj3eMVUoZhjV%2BF8bMnKNJXBl6lBhisOcwp9eevoXc647SqbREIWMQcahulAcVfz31ti0eUENglHEEHwG%2Fw%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=14400 accept-ranges bytes cf-ray 7fae1b6859911a28-EWR alt-svc h3=":443"; ma=86400 content-length 1720

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: web.whatsapp.com
URL: https://web.whatsapp.com/binary-transparency-manifest-2.2325.3.json

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WhatsApp (Instant Messenger)

27 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.googleadservices.com/pagead/conversion/11294149487/	1970-01-20 16:21:54	Name: Conversion Value: EgwIABUAAAAAHQAAAAAYASCAstj89vmWmLkBSAFqN0VBSWFJUW9iQ2hNSXc5VGpxUERVZ0FNVkM2V1dDaDJWalFmUkVBTVlBU0FBRWdLTUp2RF9Cd0Vwivy47JbxgAOQAcyu07GuEZgBAA

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://yweb.wfgrrr.club/?gclid=EAIaIQobChMIw9TjqPDUgAMVC6WWCh2VjQfREAMYASAAEgKMJvD_BwE Message: Access to link element resource at 'https://web.whatsapp.com/binary-transparency-manifest-2.2325.3.json' from origin 'https://yweb.wfgrrr.club' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://web.whatsapp.com/binary-transparency-manifest-2.2325.3.json Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://yweb.wfgrrr.club/qrcode.min.js Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

16srv.anscxnyfrtg.com
cdn.staticfile.org
web.whatsapp.com
www.googleadservices.com
yweb.wfgrrr.club
web.whatsapp.com
172.217.13.194
240e:908:8003:1:3::3fd
2606:4700:3033::6815:2d41
2606:4700:3036::ac43:8bf4
15e47b08f52452e474196cb76245d8148cc8b04edfdd833ddf50bb685ae20cba
69acbe3d7c92af1a509b7351cabfac35b356c18eef8c9299f5ac354acfdba079
775fafc214e32a36e2a39e694322fed097e37d964c9dce65663655b64492d068
79acde4aa0ad3feafd96271141640066d0c52c050724b13272b1ca3d6930f8d1
82ce4cc05c54c0f013f3d5de0ff009acd0e22ca0e050c94359271ac63a209e66
89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e
8a636dbd66666f13902713e7bc7d2e1cab497b299f533495759a2c68c459c5a4
9295a6ed18d9d2b4862a98086cd85f881656426850489e30849de791b6dd6191
d980ab372658f4c7c8f07d730ef6dc67e3fb3471f37928274f915c0308850994

yweb.wfgrrr.club Open in urlscan Pro 2606:4700:3036::ac43:8bf4 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

12 Requests

92 %HTTPS

75 %IPv6

5 Domains

5 Subdomains

4 IPs

2 Countries

205 kBTransfer

691 kBSize

1 Cookies

2 Outgoing links

Page URL History

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

27 JavaScript Global Variables

1 Cookies

3 Console Messages

Indicators

yweb.wfgrrr.club Open in urlscan Pro
2606:4700:3036::ac43:8bf4 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

92 %
HTTPS

75 %
IPv6

5
Domains

5
Subdomains

4
IPs

2
Countries

205 kB
Transfer

691 kB
Size

1
Cookies

12 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!