xweb.wqdfqf.club Open in urlscan Pro
2a06:98c1:3121::3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwjy7urfutKAAxX9CnsHHcK-DioYABABGgJ0bQ&gclid=Cj0KCQjwldKmBhCCARIsAP-0rf...
Effective URL:
https://xweb.wqdfqf.club/?gclid=Cj0KCQjwldKmBhCCARIsAP-0rfye7sTXjkgQYJIsnrIImT71nd_WfzNN6mI6TVmOqemx6iA_7iQYpSEaAkl3EALw_wcB
Submission: On August 10 via manual (August 10th 2023, 4:46:35 pm UTC) from HK — Scanned from DE

Summary HTTP 12 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 5 domains to perform 12 HTTP transactions. The main IP is 2a06:98c1:3121::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is xweb.wqdfqf.club.
TLS certificate: Issued by GTS CA 1P5 on July 17th 2023. Valid for: 3 months.

This is the only time xweb.wqdfqf.club was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: WhatsApp (Instant Messenger)

Domain & IP information

	IP Address	AS Autonomous System
1 1	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
8	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2408:877f:30:... 2408:877f:30:5:3::3fb	134542 (UNICOM-GU...) (UNICOM-GUIAN China Unicom IP network)
1	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	4

1 142.250.185.162 (Grosse Pointe, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

xweb.wqdfqf.club	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2408:877f:30:5:3::3fb (China)

ASN134542 (UNICOM-GUIAN China Unicom IP network, CN)

cdn.staticfile.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

17srv.anscxnyn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	wqdfqf.club xweb.wqdfqf.club	186 KB
1	anscxnyn.com 17srv.anscxnyn.com	2 KB
1	staticfile.org cdn.staticfile.org — Cisco Umbrella Rank: 59227	33 KB
1	googleadservices.com 1 redirects www.googleadservices.com — Cisco Umbrella Rank: 150	791 B
0	whatsapp.com Failed web.whatsapp.com Failed
12	5

	Domain	Requested by
8	xweb.wqdfqf.club	xweb.wqdfqf.club
1	17srv.anscxnyn.com
1	cdn.staticfile.org	xweb.wqdfqf.club
1	www.googleadservices.com	1 redirects
0	web.whatsapp.com Failed	xweb.wqdfqf.club
12	5

This site contains links to these domains. Also see Links.

Domain
whaydf.yexap.site
faq.whatsapp.com

Subject Issuer	Validity	Valid
wqdfqf.club GTS CA 1P5	`2023-07-17` - `2023-10-15`	3 months	crt.sh
*.staticfile.org GeoTrust RSA CN CA G2	`2022-09-05` - `2023-10-03`	a year	crt.sh
anscxnyn.com E1	`2023-08-04` - `2023-11-02`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://xweb.wqdfqf.club/?gclid=Cj0KCQjwldKmBhCCARIsAP-0rfye7sTXjkgQYJIsnrIImT71nd_WfzNN6mI6TVmOqemx6iA_7iQYpSEaAkl3EALw_wcB
Frame ID: 605751D2F18D53021C4D0E3F7E237720
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

WhatsApp

Page URL History Show full URLs

https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwjy7urfutKAAxX9CnsHHcK-DioYABABGgJ0bQ&gclid=Cj0KCQ... HTTP 302
https://xweb.wqdfqf.club/?gclid=Cj0KCQjwldKmBhCCARIsAP-0rfye7sTXjkgQYJIsnrIImT71nd_WfzNN6mI6TVmOqemx6... Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

12
Requests

83 %
HTTPS

75 %
IPv6

5
Domains

5
Subdomains

4
IPs

2
Countries

221 kB
Transfer

736 kB
Size

1
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://whaydf.yexap.site/
Title: WhatsApp 客户端下载

Search URL Search Domain Scan URL

URL: https://faq.whatsapp.com/1317564962315842?lang=en
Title: Need help to get started?

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwjy7urfutKAAxX9CnsHHcK-DioYABABGgJ0bQ&gclid=Cj0KCQjwldKmBhCCARIsAP-0rfye7sTXjkgQYJIsnrIImT71nd_WfzNN6mI6TVmOqemx6iA_7iQYpSEaAkl3EALw_wcB&ohost=www.google.com&cid=CAESbOD2tmUGPOQ2uW5jt2flpuFS-OLu_TC5nrB0ITvbnXzLFcs0-OQqxDiUSGeq0pSYUX9osssVw8Gpgu0P2jwsA69vks5SkDmwKGF5VoM_e8m9GdFbo_3Oi5_pIywQqYO_My_wcF_eFklkgboytA&sig=AOD64_1KjQCL6NS04YMrKQ0cTV2yCh6wyQ&q&adurl&ved=2ahUKEwjQ0uPfutKAAxV1mVYBHWvjBaU4FBDRDHoECAEQAQ HTTP 302
https://xweb.wqdfqf.club/?gclid=Cj0KCQjwldKmBhCCARIsAP-0rfye7sTXjkgQYJIsnrIImT71nd_WfzNN6mI6TVmOqemx6iA_7iQYpSEaAkl3EALw_wcB Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response xweb.wqdfqf.club/ Redirect Chain https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwjy7urfutKAAxX9CnsHHcK-DioYABABGgJ0bQ&gclid=Cj0KCQjwldKmBhCCARIsAP-0rfye7sTXjkgQYJIsnrIImT71nd_WfzNN6mI6TVmOqemx6iA_7iQYpSEaAkl3EALw_wcB&o... https://xweb.wqdfqf.club/?gclid=Cj0KCQjwldKmBhCCARIsAP-0rfye7sTXjkgQYJIsnrIImT71nd_WfzNN6mI6TVmOqemx6iA_7iQYpSEaAkl3EALw_wcB	42 KB 17 KB	490ms 368ms	Document text/html	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xweb.wqdfqf.club/?gclid=Cj0KCQjwldKmBhCCARIsAP-0rfye7sTXjkgQYJIsnrIImT71nd_WfzNN6mI6TVmOqemx6iA_7iQYpSEaAkl3EALw_wcB Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0d294c79516899b018bd6d750e435492c033418ea926fade8fc4fd6ffa520d64` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 7f49b7127cc5bb5b-FRA content-encoding br content-type text/html date Thu, 10 Aug 2023 16:46:28 GMT last-modified Wed, 02 Aug 2023 08:09:32 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wPf6vQOWUDNkDW4R7v%2FA3Nk6X3qhbuyLQGtAIG9QpOzot%2FroQLnWvBxOqbV%2BMLa7duzR%2FRorcLqytrReYuXJ0%2BpkPQek65WSj3i%2BaY528D78B1o%2F0eWFJC%2B4vAX59WXXGTm7KrsiQ%2FbAIL1898Ev"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding Redirect headers accept-ch Sec-CH-UA-Platform Sec-CH-UA-Platform-Version Sec-CH-UA-Full-Version Sec-CH-UA-Arch Sec-CH-UA-Model Sec-CH-UA-Bitness Sec-CH-UA-Full-Version-List Sec-CH-UA-WoW64 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control no-cache, must-revalidate content-length 0 content-type text/html; charset=UTF-8 date Thu, 10 Aug 2023 16:46:28 GMT expires Fri, 01 Jan 1990 00:00:00 GMT location https://xweb.wqdfqf.club/?gclid=Cj0KCQjwldKmBhCCARIsAP-0rfye7sTXjkgQYJIsnrIImT71nd_WfzNN6mI6TVmOqemx6iA_7iQYpSEaAkl3EALw_wcB p3p policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" pragma no-cache server adclick_server x-content-type-options nosniff x-xss-protection 0
GET H/1.1	200 OK	jquery.min.js Show response cdn.staticfile.org/jquery/1.10.2/	91 KB 33 KB	1700ms 333ms	Script application/javascript	2408:877f:30:5:3::3fb UNICOM-GUIAN Chin...
General Check archive.org Show headers Download Go to Full URL https://cdn.staticfile.org/jquery/1.10.2/jquery.min.js Requested by Host: xweb.wqdfqf.club URL: https://xweb.wqdfqf.club/?gclid=Cj0KCQjwldKmBhCCARIsAP-0rfye7sTXjkgQYJIsnrIImT71nd_WfzNN6mI6TVmOqemx6iA_7iQYpSEaAkl3EALw_wcB Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 2408:877f:30:5:3::3fb , China, ASN134542 (UNICOM-GUIAN China Unicom IP network, CN), Reverse DNS Software Tengine / Resource Hash `89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e` Request headers accept-language de-DE,de;q=0.9 Referer https://xweb.wqdfqf.club/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36 Response headers X-Log X-Log Date Thu, 10 Aug 2023 02:58:01 GMT Via cache60.l2cn2602[0,0,304-0,H], cache2.l2cn2602[0,0], cache27.cn3235[0,0,200-0,H], cache15.cn3235[1,0] Content-Encoding gzip X-Svr IO X-Reqid ScsAAAA1ATM85nkX Age 49709 X-Swift-CacheTime 64947 X-Cache HIT TCP_MEM_HIT dirn:11:533549332 Content-Transfer-Encoding binary Content-Disposition inline; filename="jquery.min.js"; filename=utf-8''jquery.min.js Connection* keep-alive X-Swift-SaveTime Thu, 10 Aug 2023 08:55:34 GMT Content-Length 32989 Last-Modified Tue, 16 Feb 2016 04:22:54 GMT Server Tengine Etag "FuLzYD4jcR9kRvJ4pBHZBWI9ZSAe.gz" Access-Control-Max-Age 2592000 Vary Accept-Encoding Content-Type application/javascript Access-Control-Allow-Origin * Ali-Swift-Global-Savetime 1691636281 Access-Control-Expose-Headers X-Log, X-Reqid Cache-Control public, max-age=31536000 Accept-Ranges bytes X-Qiniu-Zone 0 Timing-Allow-Origin * EagleId 3b501ca316916859900868310e
GET H2	200	qrcode.min.js Show response xweb.wqdfqf.club/	19 KB 7 KB	368ms 366ms	Script application/javascript	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xweb.wqdfqf.club/qrcode.min.js Requested by Host: xweb.wqdfqf.club URL: https://xweb.wqdfqf.club/?gclid=Cj0KCQjwldKmBhCCARIsAP-0rfye7sTXjkgQYJIsnrIImT71nd_WfzNN6mI6TVmOqemx6iA_7iQYpSEaAkl3EALw_wcB Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `c541ef06327885a8415bca8df6071e14189b4855336def4f36db54bde8484f36` Request headers accept-language de-DE,de;q=0.9 Referer https://xweb.wqdfqf.club/?gclid=Cj0KCQjwldKmBhCCARIsAP-0rfye7sTXjkgQYJIsnrIImT71nd_WfzNN6mI6TVmOqemx6iA_7iQYpSEaAkl3EALw_wcB User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36 Response headers date Thu, 10 Aug 2023 16:46:28 GMT content-encoding br cf-cache-status MISS last-modified Sat, 15 Jul 2023 13:50:51 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"64b2a43b-4dd7" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1R2uNy8XAFcuS64%2FAOtlxStedxvcbs%2Fz2iWzowqQgyPc6GnNECsMtWdot9joWEnofSc%2BUnHsH21vNwNvgt7QahQwjterSiRwuK7TDD1IDbI1nd%2F%2FKzqSnfGWUoKAc0EMcJGVsnDMzzzTHQB5k2SL"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=43200 cf-ray 7f49b714dfbebb5b-FRA alt-svc h3=":443"; ma=86400 expires Fri, 11 Aug 2023 04:46:28 GMT
GET H2	200	stylex-ce269a9819ee8f292840728689a22cc5.css xweb.wqdfqf.club/WhatsApp_files/	175 KB 43 KB	661ms 660ms	Stylesheet text/css	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xweb.wqdfqf.club/WhatsApp_files/stylex-ce269a9819ee8f292840728689a22cc5.css Requested by Host: xweb.wqdfqf.club URL: https://xweb.wqdfqf.club/?gclid=Cj0KCQjwldKmBhCCARIsAP-0rfye7sTXjkgQYJIsnrIImT71nd_WfzNN6mI6TVmOqemx6iA_7iQYpSEaAkl3EALw_wcB Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `775fafc214e32a36e2a39e694322fed097e37d964c9dce65663655b64492d068` Request headers accept-language de-DE,de;q=0.9 Referer https://xweb.wqdfqf.club/?gclid=Cj0KCQjwldKmBhCCARIsAP-0rfye7sTXjkgQYJIsnrIImT71nd_WfzNN6mI6TVmOqemx6iA_7iQYpSEaAkl3EALw_wcB User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36 Response headers date Thu, 10 Aug 2023 16:46:29 GMT content-encoding br cf-cache-status MISS last-modified Sat, 15 Jul 2023 07:33:03 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"64b24baf-2bb72" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BK%2FyEUL8qmsV7xyLsQIUxGvoSxsMyb97XG9aGr9X6fxEwI2QytuVJdddqvfLM0TTXAj9PKkOLi0h6GOpIMetiPXwLBQbCMFNEBIKCrf5nLVHcN%2FaSNjBDeeczauWvxPtovaOEhNZKDjnEBIeQauW"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=43200 cf-ray 7f49b714dfb9bb5b-FRA alt-svc h3=":443"; ma=86400 expires Fri, 11 Aug 2023 04:46:28 GMT
GET H2	200	app-6d34864fd47903428794.css xweb.wqdfqf.club/WhatsApp_files/	187 KB 56 KB	677ms 675ms	Stylesheet text/css	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xweb.wqdfqf.club/WhatsApp_files/app-6d34864fd47903428794.css Requested by Host: xweb.wqdfqf.club URL: https://xweb.wqdfqf.club/?gclid=Cj0KCQjwldKmBhCCARIsAP-0rfye7sTXjkgQYJIsnrIImT71nd_WfzNN6mI6TVmOqemx6iA_7iQYpSEaAkl3EALw_wcB Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `69acbe3d7c92af1a509b7351cabfac35b356c18eef8c9299f5ac354acfdba079` Request headers accept-language de-DE,de;q=0.9 Referer https://xweb.wqdfqf.club/?gclid=Cj0KCQjwldKmBhCCARIsAP-0rfye7sTXjkgQYJIsnrIImT71nd_WfzNN6mI6TVmOqemx6iA_7iQYpSEaAkl3EALw_wcB User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36 Response headers date Thu, 10 Aug 2023 16:46:29 GMT content-encoding br cf-cache-status MISS last-modified Sat, 15 Jul 2023 07:33:01 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"64b24bad-2eab4" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3Z34VPoYWKBXyHbIB40up0vdMQYKijpt3jyd%2FnvTPcknbQhoc4SezUMm6ffFHrMGkuNrgWhd7fDYP2fOXvJuvXo53GvWrfEeHS79%2BjUoDp3XmSaMxwgrfVQgSjio%2B6IWWDIcX9TzCB6Iu8E8GHWP"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=43200 cf-ray 7f49b714dfbabb5b-FRA alt-svc h3=":443"; ma=86400 expires Fri, 11 Aug 2023 04:46:28 GMT
GET H2	200	main~.b66100b3486cd1857cd3.css xweb.wqdfqf.club/WhatsApp_files/	21 KB 5 KB	409ms 407ms	Stylesheet text/css	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xweb.wqdfqf.club/WhatsApp_files/main~.b66100b3486cd1857cd3.css Requested by Host: xweb.wqdfqf.club URL: https://xweb.wqdfqf.club/?gclid=Cj0KCQjwldKmBhCCARIsAP-0rfye7sTXjkgQYJIsnrIImT71nd_WfzNN6mI6TVmOqemx6iA_7iQYpSEaAkl3EALw_wcB Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `8a636dbd66666f13902713e7bc7d2e1cab497b299f533495759a2c68c459c5a4` Request headers accept-language de-DE,de;q=0.9 Referer https://xweb.wqdfqf.club/?gclid=Cj0KCQjwldKmBhCCARIsAP-0rfye7sTXjkgQYJIsnrIImT71nd_WfzNN6mI6TVmOqemx6iA_7iQYpSEaAkl3EALw_wcB User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36 Response headers date Thu, 10 Aug 2023 16:46:28 GMT content-encoding br cf-cache-status MISS last-modified Sat, 15 Jul 2023 07:33:03 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"64b24baf-55b9" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TD0VdhLtN9eblkxvEzMMnEniaExg15S7Ma84j9QIR%2F70wzEAg6heu5xmeTdLTyOw7Wx0%2FmZfIJurTrY65h0fDvXeVs8knOVO1I4gsVJBAYDUerTRWtYH6NVJU4GjeTc2Mwsru%2FYhZ09mx4IAHPXV"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=43200 cf-ray 7f49b714dfbbbb5b-FRA alt-svc h3=":443"; ma=86400 expires Fri, 11 Aug 2023 04:46:28 GMT
GET H2	200	main.fdf0caa2786c3269572d.css xweb.wqdfqf.club/WhatsApp_files/	150 KB 30 KB	525ms 524ms	Stylesheet text/css	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xweb.wqdfqf.club/WhatsApp_files/main.fdf0caa2786c3269572d.css Requested by Host: xweb.wqdfqf.club URL: https://xweb.wqdfqf.club/?gclid=Cj0KCQjwldKmBhCCARIsAP-0rfye7sTXjkgQYJIsnrIImT71nd_WfzNN6mI6TVmOqemx6iA_7iQYpSEaAkl3EALw_wcB Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `79acde4aa0ad3feafd96271141640066d0c52c050724b13272b1ca3d6930f8d1` Request headers accept-language de-DE,de;q=0.9 Referer https://xweb.wqdfqf.club/?gclid=Cj0KCQjwldKmBhCCARIsAP-0rfye7sTXjkgQYJIsnrIImT71nd_WfzNN6mI6TVmOqemx6iA_7iQYpSEaAkl3EALw_wcB User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36 Response headers date Thu, 10 Aug 2023 16:46:29 GMT content-encoding br cf-cache-status MISS last-modified Sat, 15 Jul 2023 07:33:02 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"64b24bae-257df" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Dwn5QDGa4oyev2EVMhZIwk2syA1AB01ohK2wzQStoRaaUfz4CTpdiO7esl6eWxAbR1%2BHpWnWsumsWG%2FlOEreg2PhL7H4vzZruEOFtddSDrS9QMP3n5o7mnJNDCa5J8mnT23Oqq1tNXrIJKBSL4EL"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=43200 cf-ray 7f49b714dfbdbb5b-FRA alt-svc h3=":443"; ma=86400 expires Fri, 11 Aug 2023 04:46:28 GMT
GET H3	200	qr-video_0c6ec69b054fdeb31cf3e5e10290fd8e.png xweb.wqdfqf.club/WhatsApp_files/	16 KB 16 KB	510ms 510ms	Image image/png	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://xweb.wqdfqf.club/WhatsApp_files/qr-video_0c6ec69b054fdeb31cf3e5e10290fd8e.png Requested by Host: xweb.wqdfqf.club URL: https://xweb.wqdfqf.club/?gclid=Cj0KCQjwldKmBhCCARIsAP-0rfye7sTXjkgQYJIsnrIImT71nd_WfzNN6mI6TVmOqemx6iA_7iQYpSEaAkl3EALw_wcB Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d980ab372658f4c7c8f07d730ef6dc67e3fb3471f37928274f915c0308850994` Request headers Referer https://xweb.wqdfqf.club/?gclid=Cj0KCQjwldKmBhCCARIsAP-0rfye7sTXjkgQYJIsnrIImT71nd_WfzNN6mI6TVmOqemx6iA_7iQYpSEaAkl3EALw_wcB Origin https://xweb.wqdfqf.club accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36 Response headers date Thu, 10 Aug 2023 16:46:30 GMT cf-cache-status MISS last-modified Sat, 15 Jul 2023 07:33:03 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "64b24baf-3f83" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PczM%2BMASGWoDaHCl0K09022sAj4oZujn3hVhtzlBIDZw9DgeO4E2ojz%2FXWEg3SeiCov5we%2B2BIzJB4IfWHRx5h1bv3HNK%2F0Spyn64VA5u9Yaac08Nh1Di61aZUb2E%2FEJlv9NALJ5z26EEUIub5Jd"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=2592000 accept-ranges bytes cf-ray 7f49b71b8cc21c22-FRA alt-svc h3=":443"; ma=86400 content-length 16259 expires Sat, 09 Sep 2023 16:46:29 GMT
GET		binary-transparency-manifest-2.2325.3.json web.whatsapp.com/	0 0

GET H3	200	main.js Show response xweb.wqdfqf.club/	33 KB 10 KB	357ms 357ms	Script application/javascript	2a06:98c1:3121::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://xweb.wqdfqf.club/main.js?ver=7.14 Requested by Host: xweb.wqdfqf.club URL: https://xweb.wqdfqf.club/?gclid=Cj0KCQjwldKmBhCCARIsAP-0rfye7sTXjkgQYJIsnrIImT71nd_WfzNN6mI6TVmOqemx6iA_7iQYpSEaAkl3EALw_wcB Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `86dc791b8232c89a4a16da5fb98a4f047a974675c5d01340582a0cdd2179544e` Request headers accept-language de-DE,de;q=0.9 Referer https://xweb.wqdfqf.club/?gclid=Cj0KCQjwldKmBhCCARIsAP-0rfye7sTXjkgQYJIsnrIImT71nd_WfzNN6mI6TVmOqemx6iA_7iQYpSEaAkl3EALw_wcB User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36 Response headers date Thu, 10 Aug 2023 16:46:29 GMT content-encoding br cf-cache-status MISS last-modified Mon, 17 Jul 2023 08:00:47 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"64b4f52f-85cc" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5BV7g5NQWaz4pqfl%2B68Pt0siKmDmC9D73KffnHwAfIM%2BChCwrIZB38By%2Fr46NpoqH5cFsU0vPcny9O1OBAoKP0SDNIl83bMdJqAkRkXqsD1HzQBRvq5lyltF6R9EFhrxhfOZxmSd4mgYrsizYDlF"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=43200 cf-ray 7f49b71949dd1c22-FRA alt-svc h3=":443"; ma=86400 expires Fri, 11 Aug 2023 04:46:29 GMT
GET H3	200	f655f5a7-37d1-450b-88f4-ebf1b60eb5b7.png 17srv.anscxnyn.com/qrcodes/	2 KB 2 KB	602ms 553ms	Image image/png	2a06:98c1:3120::3 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://17srv.anscxnyn.com/qrcodes/f655f5a7-37d1-450b-88f4-ebf1b60eb5b7.png?1691685991978 Protocol H3 Security QUIC, , AES_128_GCM Server 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `0824768c1707ed433bc950ddc9303026a0ce85038038711fa71ebe8f36942112` Request headers accept-language de-DE,de;q=0.9 Referer https://xweb.wqdfqf.club/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36 Response headers date Thu, 10 Aug 2023 16:46:32 GMT cf-cache-status MISS last-modified Thu, 10 Aug 2023 04:15:31 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by Express etag W/"6af-189dda823e1" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oIOfdSQXEkqnZfI1k8%2F%2F9aOJb6PMbUaw739KGA3ri8JjmPthN7PbBbdngRiFa1VfKLmtWuiY93Bn3zs%2F3lDHMeWpj1Aw%2BEe4sjSckF%2BMvwLSkQ%2F0KHCwDjcnWvjMhcggvMXrO%2Fr1w2UieXisMDJpv50%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=14400 accept-ranges bytes cf-ray 7f49b72a4c561947-FRA alt-svc h3=":443"; ma=86400 content-length 1711
GET		f655f5a7-37d1-450b-88f4-ebf1b60eb5b7.png 17srv.anscxnyn.com/qrcodes/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: web.whatsapp.com
URL: https://web.whatsapp.com/binary-transparency-manifest-2.2325.3.json

Domain: 17srv.anscxnyn.com
URL: https://17srv.anscxnyn.com/qrcodes/f655f5a7-37d1-450b-88f4-ebf1b60eb5b7.png?1691685994979

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WhatsApp (Instant Messenger)

29 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.googleadservices.com/pagead/conversion/11294054503/	1970-01-20 16:04:21	Name: Conversion Value: EgwIABUAAAAAHQAAAAAYASC-guLkiZ3dgLsBSAFqXENqMEtDUWp3bGRLbUJoQ0NBUklzQVAtMHJmeWU3c1RYamtnUVlKSXNucklJbVQ3MW5kX1dmek5ONm1JNlRWbU9xZW14NmlBXzdpUVlwU0VhQWtsM0VBTHdfd2NCcM6ovKzF0oADkAHqt_7a6hGYAQA

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://xweb.wqdfqf.club/?gclid=Cj0KCQjwldKmBhCCARIsAP-0rfye7sTXjkgQYJIsnrIImT71nd_WfzNN6mI6TVmOqemx6iA_7iQYpSEaAkl3EALw_wcB Message: Access to link element resource at 'https://web.whatsapp.com/binary-transparency-manifest-2.2325.3.json' from origin 'https://xweb.wqdfqf.club' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://web.whatsapp.com/binary-transparency-manifest-2.2325.3.json Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

17srv.anscxnyn.com
cdn.staticfile.org
web.whatsapp.com
www.googleadservices.com
xweb.wqdfqf.club
17srv.anscxnyn.com
web.whatsapp.com
142.250.185.162
2408:877f:30:5:3::3fb
2a06:98c1:3120::3
2a06:98c1:3121::3
0824768c1707ed433bc950ddc9303026a0ce85038038711fa71ebe8f36942112
0d294c79516899b018bd6d750e435492c033418ea926fade8fc4fd6ffa520d64
69acbe3d7c92af1a509b7351cabfac35b356c18eef8c9299f5ac354acfdba079
775fafc214e32a36e2a39e694322fed097e37d964c9dce65663655b64492d068
79acde4aa0ad3feafd96271141640066d0c52c050724b13272b1ca3d6930f8d1
86dc791b8232c89a4a16da5fb98a4f047a974675c5d01340582a0cdd2179544e
89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e
8a636dbd66666f13902713e7bc7d2e1cab497b299f533495759a2c68c459c5a4
c541ef06327885a8415bca8df6071e14189b4855336def4f36db54bde8484f36
d980ab372658f4c7c8f07d730ef6dc67e3fb3471f37928274f915c0308850994

xweb.wqdfqf.club Open in urlscan Pro 2a06:98c1:3121::3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

12 Requests

83 %HTTPS

75 %IPv6

5 Domains

5 Subdomains

4 IPs

2 Countries

221 kBTransfer

736 kBSize

1 Cookies

2 Outgoing links

Page URL History

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

29 JavaScript Global Variables

1 Cookies

2 Console Messages

Indicators

xweb.wqdfqf.club Open in urlscan Pro
2a06:98c1:3121::3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

83 %
HTTPS

75 %
IPv6

5
Domains

5
Subdomains

4
IPs

2
Countries

221 kB
Transfer

736 kB
Size

1
Cookies

12 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!