yweb.wfgrrr.club
Open in
urlscan Pro
2606:4700:3036::ac43:8bf4
Malicious Activity!
Public Scan
Submission: On August 22 via api from US — Scanned from US
Summary
This is the only time yweb.wfgrrr.club was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: WhatsApp (Instant Messenger)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
8 | 2606:4700:303... 2606:4700:3036::ac43:8bf4 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 240e:908:8003... 240e:908:8003:1:3::3fe | 137698 (CHINATELE...) (CHINATELECOM-HEILONGJIANG-HANAN-IDC HaerbingHeilongjiang Province) | |
5 | 2606:4700:303... 2606:4700:3033::6815:2d41 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
15 | 4 |
ASN137698 (CHINATELECOM-HEILONGJIANG-HANAN-IDC HaerbingHeilongjiang Province, P.R.China., CN)
cdn.staticfile.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
wfgrrr.club
yweb.wfgrrr.club |
195 KB |
5 |
anscxnyfrtg.com
16srv.anscxnyfrtg.com |
11 KB |
1 |
staticfile.org
cdn.staticfile.org — Cisco Umbrella Rank: 55793 |
33 KB |
0 |
whatsapp.com
Failed
web.whatsapp.com Failed |
|
15 | 4 |
Domain | Requested by | |
---|---|---|
8 | yweb.wfgrrr.club |
yweb.wfgrrr.club
|
5 | 16srv.anscxnyfrtg.com | |
1 | cdn.staticfile.org |
yweb.wfgrrr.club
|
0 | web.whatsapp.com Failed |
yweb.wfgrrr.club
|
15 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
whaydf.yexap.site |
faq.whatsapp.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.staticfile.org GeoTrust RSA CN CA G2 |
2022-09-05 - 2023-10-03 |
a year | crt.sh |
anscxnyfrtg.com GTS CA 1P5 |
2023-08-04 - 2023-11-02 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://yweb.wfgrrr.club/?gclid=EAIaIQobChMIw9TjqPDUgAMVC6WWCh2VjQfREAMYASAAEgKMJvD_BwE
Frame ID: 528E97F7ADA13156C92DE65CE4E0C8DF
Requests: 15 HTTP requests in this frame
2 Outgoing links
These are links going to different origins than the main page.
Title: WhatsApp 客户端下载
Search URL Search Domain Scan URL
Title: Need help to get started?
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
yweb.wfgrrr.club/ |
25 KB 10 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
cdn.staticfile.org/jquery/1.10.2/ |
91 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
qrcode.min.js
yweb.wfgrrr.club/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
stylex-ce269a9819ee8f292840728689a22cc5.css
yweb.wfgrrr.club/WhatsApp_files/ |
175 KB 50 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app-6d34864fd47903428794.css
yweb.wfgrrr.club/WhatsApp_files/ |
187 KB 66 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main~.b66100b3486cd1857cd3.css
yweb.wfgrrr.club/WhatsApp_files/ |
21 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.fdf0caa2786c3269572d.css
yweb.wfgrrr.club/WhatsApp_files/ |
150 KB 37 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
qr-video_0c6ec69b054fdeb31cf3e5e10290fd8e.png
yweb.wfgrrr.club/WhatsApp_files/ |
16 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
binary-transparency-manifest-2.2325.3.json
web.whatsapp.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.js
yweb.wfgrrr.club/ |
23 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
6f7e8e87-3e98-4ee2-992f-5f307ae82119.png
16srv.anscxnyfrtg.com/qrcodes/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
6f7e8e87-3e98-4ee2-992f-5f307ae82119.png
16srv.anscxnyfrtg.com/qrcodes/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
6f7e8e87-3e98-4ee2-992f-5f307ae82119.png
16srv.anscxnyfrtg.com/qrcodes/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
6f7e8e87-3e98-4ee2-992f-5f307ae82119.png
16srv.anscxnyfrtg.com/qrcodes/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
6f7e8e87-3e98-4ee2-992f-5f307ae82119.png
16srv.anscxnyfrtg.com/qrcodes/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- web.whatsapp.com
- URL
- https://web.whatsapp.com/binary-transparency-manifest-2.2325.3.json
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: WhatsApp (Instant Messenger)26 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery function| guid function| getUUID string| uuid boolean| systemThemeDark object| theme object| systemThemeMode object| systemTheme boolean| darkTheme object| webpackChunkwhatsapp_web_client function| version_ function| _0x3f21f7 string| srv number| i_referer number| isEnable function| _0x3e2f function| _0x2c83 function| xorEncryptDecrypt object| ws function| status_callback function| refershQrCode boolean| webdriver object| json number| code string| qrcode_text0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
16srv.anscxnyfrtg.com
cdn.staticfile.org
web.whatsapp.com
yweb.wfgrrr.club
web.whatsapp.com
240e:908:8003:1:3::3fe
2606:4700:3033::6815:2d41
2606:4700:3036::ac43:8bf4
1daa343fb80d565a7616601a75a1c25b8f4e1c654e8760c717fa8f6f915c93d5
69acbe3d7c92af1a509b7351cabfac35b356c18eef8c9299f5ac354acfdba079
775fafc214e32a36e2a39e694322fed097e37d964c9dce65663655b64492d068
79acde4aa0ad3feafd96271141640066d0c52c050724b13272b1ca3d6930f8d1
82ce4cc05c54c0f013f3d5de0ff009acd0e22ca0e050c94359271ac63a209e66
89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e
8a636dbd66666f13902713e7bc7d2e1cab497b299f533495759a2c68c459c5a4
9295a6ed18d9d2b4862a98086cd85f881656426850489e30849de791b6dd6191
d980ab372658f4c7c8f07d730ef6dc67e3fb3471f37928274f915c0308850994
f5a70fda609c2d58bbe8725c317e222cbab1e1fa977314c56b245c4240083ac9