rweb.wqdfcf.club Open in urlscan Pro
2a06:98c1:3120::3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://rweb.wqdfcf.club/
Submission: On September 08 via api (September 8th 2023, 8:46:56 am UTC) from LU — Scanned from NL

Summary HTTP 15 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 15 HTTP transactions. The main IP is 2a06:98c1:3120::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is rweb.wqdfcf.club.

This is the only time rweb.wqdfcf.club was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online) WhatsApp (Instant Messenger)

Domain & IP information

	IP Address	AS Autonomous System
1 12	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	240e:908:8003... 240e:908:8003:1:3::3fe	137698 (CHINATELE...) (CHINATELECOM-HEILONGJIANG-HANAN-IDC HaerbingHeilongjiang Province)
1	2606:4700:303... 2606:4700:3033::ac43:c0b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
15	4

12 2a06:98c1:3120::3 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

rweb.wqdfcf.club	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 240e:908:8003:1:3::3fe (China)

ASN137698 (CHINATELECOM-HEILONGJIANG-HANAN-IDC HaerbingHeilongjiang Province, P.R.China., CN)

cdn.staticfile.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3033::ac43:c0b0 (United States)

ASN13335 (CLOUDFLARENET, US)

8srv.anscxnyfrtg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	wqdfcf.club 1 redirects rweb.wqdfcf.club	204 KB
1	anscxnyfrtg.com 8srv.anscxnyfrtg.com	2 KB
1	staticfile.org cdn.staticfile.org — Cisco Umbrella Rank: 56297	33 KB
0	whatsapp.com Failed web.whatsapp.com Failed
15	4

	Domain	Requested by
12	rweb.wqdfcf.club	1 redirects rweb.wqdfcf.club
1	8srv.anscxnyfrtg.com
1	cdn.staticfile.org	rweb.wqdfcf.club
0	web.whatsapp.com Failed	rweb.wqdfcf.club
15	4

This site contains links to these domains. Also see Links.

Domain
wss.wsxazq.com
faq.whatsapp.com

Subject Issuer	Validity	Valid
*.staticfile.org GeoTrust RSA CN CA G2	`2023-09-08` - `2024-10-04`	a year	crt.sh
anscxnyfrtg.com GTS CA 1P5	`2023-08-04` - `2023-11-02`	3 months	crt.sh

This page contains 1 frames:

Primary Page: http://rweb.wqdfcf.club/
Frame ID: B1FD310B9C030E2702F9072C5BB09FEF
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

WhatsApp

Page URL History Show full URLs

http://rweb.wqdfcf.club/ Page URL
http://rweb.wqdfcf.club/cdn-cgi/phish-bypass?atok=KgvD5gyd2TPLkMQnIO3TBnnI1ChdKI_Wy2SdyruHu7Y-169416... HTTP 301
http://rweb.wqdfcf.club/ Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

15
Requests

13 %
HTTPS

100 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

239 kB
Transfer

719 kB
Size

1
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://wss.wsxazq.com/
Title: WhatsApp 客户端下载

Search URL Search Domain Scan URL

URL: https://faq.whatsapp.com/1317564962315842?lang=en
Title: Need help to get started?

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://rweb.wqdfcf.club/ Page URL
http://rweb.wqdfcf.club/cdn-cgi/phish-bypass?atok=KgvD5gyd2TPLkMQnIO3TBnnI1ChdKI_Wy2SdyruHu7Y-1694162805-0-%2F HTTP 301
http://rweb.wqdfcf.club/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK / Show response
rweb.wqdfcf.club/ 4 KB
2 KB 71ms
35ms Document
text/html 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://rweb.wqdfcf.club/

Protocol

HTTP/1.1

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e1f69aad206233225f9d21a8c438497b135e7e23043fc847f42486ef3793a705

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.82 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

CF-RAY: 8035ec414bb20b50-AMS
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Fri, 08 Sep 2023 08:46:45 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kqk%2FrUtsAbWpsKdN8hA5gFWh7g8PoS1GLRcDEwIQMmPI6Gu2pPiWkhzGS8Xe0z69hcYo7OB4vkQINslesxY9h30B15BUVz7UsYCmKzZk43QVk1mRuvSXGJZjuUXwsayJkITFX%2FvwkdT5mlvgULSN"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN

GET
H/1.1 200
OK cf.errors.css
rweb.wqdfcf.club/cdn-cgi/styles/ 24 KB
5 KB 28ms
28ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

http://rweb.wqdfcf.club/cdn-cgi/styles/cf.errors.css

Requested by

Host: rweb.wqdfcf.club
URL: http://rweb.wqdfcf.club/

Protocol

HTTP/1.1

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1103290e25ebda2712abe344a87facbac00ddaba712729be9fe5feef807bf91b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: http://rweb.wqdfcf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.82 Safari/537.36

Response headers

Date: Fri, 08 Sep 2023 08:46:46 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Mon, 04 Sep 2023 08:31:24 GMT
Server: cloudflare
ETag: W/"64f595dc-5e44"
Transfer-Encoding: chunked
X-Frame-Options: DENY
Content-Type: text/css
Vary: Accept-Encoding
Cache-Control: max-age=7200, public
Connection: keep-alive
CF-RAY: 8035ec418c0e0b50-AMS
Expires: Fri, 08 Sep 2023 10:46:46 GMT

GET
H/1.1 200
OK icon-exclamation.png
rweb.wqdfcf.club/cdn-cgi/images/ 452 B
889 B 27ms
27ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://rweb.wqdfcf.club/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: rweb.wqdfcf.club
URL: http://rweb.wqdfcf.club/cdn-cgi/styles/cf.errors.css

Protocol

HTTP/1.1

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: http://rweb.wqdfcf.club/cdn-cgi/styles/cf.errors.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.82 Safari/537.36

Response headers

Date: Fri, 08 Sep 2023 08:46:46 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 04 Sep 2023 08:31:24 GMT
Server: cloudflare
ETag: "64f595dc-1c4"
X-Frame-Options: DENY
Vary: Accept-Encoding
Content-Type: image/png
Cache-Control: max-age=7200, public
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 8035ec41dc8a0b50-AMS
Content-Length: 452
Expires: Fri, 08 Sep 2023 10:46:46 GMT

GET
H/1.1

200
OK

Primary Request / Show response
rweb.wqdfcf.club/
Redirect Chain

http://rweb.wqdfcf.club/cdn-cgi/phish-bypass?atok=KgvD5gyd2TPLkMQnIO3TBnnI1ChdKI_Wy2SdyruHu7Y-1694162805-0-%2F
http://rweb.wqdfcf.club/

25 KB
10 KB

363ms
363ms

Document
text/html

2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://rweb.wqdfcf.club/
Protocol: HTTP/1.1
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5a5c1f88028b4d90f17de12897281de2478adb3cebdf1e4bd4955bc13f05ab91

Request headers

Referer: http://rweb.wqdfcf.club/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.82 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

CF-Cache-Status: DYNAMIC
CF-RAY: 8035ec604be30b50-AMS
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html
Date: Fri, 08 Sep 2023 08:46:51 GMT
Last-Modified: Wed, 30 Aug 2023 03:38:37 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c8fborZmzubbFDJ0CIJeCbzrRAr6hncppH%2Bb5gyNZMXPC6n%2FH9CRWA%2BvGWg2Bi0CvUrg2RNamQ9f42t3Ll%2F8e2FRxVU29sbqY%2Fqs1QHO3E5w1tNJR1RXuARr%2BmaoQQuzI35j5k0tJZUk72UqYX%2Fy"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400

Redirect headers

CF-RAY: 8035ec601ba20b50-AMS
Cache-Control: private, no-cache
Connection: keep-alive
Content-Length: 167
Content-Type: text/html
Date: Fri, 08 Sep 2023 08:46:50 GMT
Location: http://rweb.wqdfcf.club/
Server: cloudflare
X-Content-Type-Options: nosniff
X-Frame-Options: DENY

GET
H/1.1 200
OK jquery.min.js Show response
cdn.staticfile.org/jquery/1.10.2/ 91 KB
33 KB 851ms
295ms Script
application/javascript 240e:908:8003:1:3::3fe
CHINATELECOM-HEIL...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.staticfile.org/jquery/1.10.2/jquery.min.js
Requested by: Host: rweb.wqdfcf.club
URL: http://rweb.wqdfcf.club/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 240e:908:8003:1:3::3fe , China, ASN137698 (CHINATELECOM-HEILONGJIANG-HANAN-IDC HaerbingHeilongjiang Province, P.R.China., CN),
Reverse DNS
Software: Tengine /
Resource Hash: 89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: http://rweb.wqdfcf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.82 Safari/537.36

Response headers

X-Log: X-Log
Date: Thu, 07 Sep 2023 16:13:07 GMT
Via: cache52.l2cn3102[0,0,304-0,H], cache25.l2cn3102[1,0], vcache10.cn3465[0,0,200-0,H], vcache19.cn3465[1,0]
Content-Encoding: gzip
X-Svr: IO
X-Reqid: LnUAAABhpKDfqYIX
Age: 59624
X-Swift-CacheTime: 86397
X-Cache: HIT TCP_MEM_HIT dirn:9:44890140
Content-Transfer-Encoding: binary
Content-Disposition: inline; filename="jquery.min.js"; filename*=utf-8''jquery.min.js
Connection: keep-alive
X-Swift-SaveTime: Thu, 07 Sep 2023 16:13:10 GMT
Content-Length: 32989
Last-Modified: Tue, 16 Feb 2016 04:22:54 GMT
Server: Tengine
Etag: "FuLzYD4jcR9kRvJ4pBHZBWI9ZSAe.gz"
Access-Control-Max-Age: 2592000
Ali-Swift-Global-Savetime: 1694103187
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Log, X-Reqid
Cache-Control: public, max-age=31536000
Vary: Accept-Encoding
Accept-Ranges: bytes
X-Qiniu-Zone: 0
Timing-Allow-Origin: *
EagleId: 2a65002716941628119364791e

GET
H/1.1 404
Not Found qrcode.min.js
rweb.wqdfcf.club/ 0
0 356ms
355ms Script
text/html 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://rweb.wqdfcf.club/qrcode.min.js
Requested by: Host: rweb.wqdfcf.club
URL: http://rweb.wqdfcf.club/
Protocol: HTTP/1.1
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: http://rweb.wqdfcf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.82 Safari/537.36

Response headers

Date: Fri, 08 Sep 2023 08:46:51 GMT
Content-Encoding: gzip
CF-Cache-Status: EXPIRED
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vO4NbdV6p0HbHykVkoVG%2BMnqZwnPt21j7dEqB5ZzJpj4sCy7M668BJtB1EcOKNm2R3sF%2FWDU6Gm8z0PVjVy1Gt5QJcVQNchmVRGqeb7d8CgHOK9y9D3ENvYLw93ijuFyWFfkRoYZAajKppoFpY8N"}],"group":"cf-nel","max_age":604800}
Content-Type: text/html
Vary: Accept-Encoding
Cache-Control: max-age=14400
Connection: keep-alive
CF-RAY: 8035ec629f2f0b50-AMS
alt-svc: h3=":443"; ma=86400

GET
H/1.1 200
OK stylex-ce269a9819ee8f292840728689a22cc5.css
rweb.wqdfcf.club/WhatsApp_files/ 175 KB
50 KB 399ms
373ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://rweb.wqdfcf.club/WhatsApp_files/stylex-ce269a9819ee8f292840728689a22cc5.css
Requested by: Host: rweb.wqdfcf.club
URL: http://rweb.wqdfcf.club/
Protocol: HTTP/1.1
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 775fafc214e32a36e2a39e694322fed097e37d964c9dce65663655b64492d068

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: http://rweb.wqdfcf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.82 Safari/537.36

Response headers

Date: Fri, 08 Sep 2023 08:46:51 GMT
Content-Encoding: gzip
CF-Cache-Status: REVALIDATED
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Last-Modified: Thu, 17 Aug 2023 19:04:14 GMT
Server: cloudflare
ETag: W/"64de6f2e-2bb72"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OypKEUWCKZ0MzKncBMak4KPPDkd50DGsaB5KB2IyBgpiwiHlRTKOpnLHqCyRBNog6MUAcI3pvazNORRigB04%2FOPIBl6zcQuI558j77dy9T%2B0kRrBiljryVk9UMi7hHkpYgwrY65T%2F1HSEHCqAfHq"}],"group":"cf-nel","max_age":604800}
Content-Type: text/css
Cache-Control: max-age=43200
CF-RAY: 8035ec62ca41b924-AMS
Expires: Fri, 08 Sep 2023 20:46:51 GMT

GET
H/1.1 200
OK app-6d34864fd47903428794.css
rweb.wqdfcf.club/WhatsApp_files/ 187 KB
66 KB 498ms
472ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://rweb.wqdfcf.club/WhatsApp_files/app-6d34864fd47903428794.css
Requested by: Host: rweb.wqdfcf.club
URL: http://rweb.wqdfcf.club/
Protocol: HTTP/1.1
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 69acbe3d7c92af1a509b7351cabfac35b356c18eef8c9299f5ac354acfdba079

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: http://rweb.wqdfcf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.82 Safari/537.36

Response headers

Date: Fri, 08 Sep 2023 08:46:51 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Last-Modified: Thu, 17 Aug 2023 19:04:06 GMT
Server: cloudflare
ETag: W/"64de6f26-2eab4"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l40RbZevAruihy8BFb6cny9QYBZLWfOQtcCGxO1v%2BfLMJ8eGTA10HLyXC7iuKZc5ocJkSBbpwgkbOBLRAvptxGGJYpJd11tOdcMpf%2BvF8adDIJgZEbjYFtK6nRiW88b2o8gyADqLM%2F2eTG6VqOdP"}],"group":"cf-nel","max_age":604800}
Content-Type: text/css
Cache-Control: max-age=43200
CF-RAY: 8035ec62cbd1b980-AMS
Expires: Fri, 08 Sep 2023 20:46:51 GMT

GET
H/1.1 200
OK main~.b66100b3486cd1857cd3.css
rweb.wqdfcf.club/WhatsApp_files/ 21 KB
6 KB 68ms
42ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://rweb.wqdfcf.club/WhatsApp_files/main~.b66100b3486cd1857cd3.css
Requested by: Host: rweb.wqdfcf.club
URL: http://rweb.wqdfcf.club/
Protocol: HTTP/1.1
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8a636dbd66666f13902713e7bc7d2e1cab497b299f533495759a2c68c459c5a4

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: http://rweb.wqdfcf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.82 Safari/537.36

Response headers

Date: Fri, 08 Sep 2023 08:46:51 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 30294
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Last-Modified: Thu, 17 Aug 2023 19:04:12 GMT
Server: cloudflare
ETag: W/"64de6f2c-55b9"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9GOizFsS99MMjEmrjUpdxjxaxwL3FX5lMaLy%2BL4nKPqPZibMm9SUKYYUSrRC8yp7kh%2BAbS9hspOsfji99yd7SQYnZNCHPj%2BRnYbm4AFoskPnEU%2BwmqGdc1ox40rC8peq0FLC6JvyhRn7G9FrkARb"}],"group":"cf-nel","max_age":604800}
Content-Type: text/css
Cache-Control: max-age=43200
CF-RAY: 8035ec62cbfdb7de-AMS
Expires: Fri, 08 Sep 2023 12:21:57 GMT

GET
H/1.1 200
OK main.fdf0caa2786c3269572d.css
rweb.wqdfcf.club/WhatsApp_files/ 150 KB
37 KB 515ms
489ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://rweb.wqdfcf.club/WhatsApp_files/main.fdf0caa2786c3269572d.css
Requested by: Host: rweb.wqdfcf.club
URL: http://rweb.wqdfcf.club/
Protocol: HTTP/1.1
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 79acde4aa0ad3feafd96271141640066d0c52c050724b13272b1ca3d6930f8d1

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: http://rweb.wqdfcf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.82 Safari/537.36

Response headers

Date: Fri, 08 Sep 2023 08:46:51 GMT
Content-Encoding: gzip
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Last-Modified: Thu, 17 Aug 2023 19:04:12 GMT
Server: cloudflare
ETag: W/"64de6f2c-257df"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z2oNK37Q8A0CZiCMp%2BvXTnHOJhQVUNrnY1X3qfsiSMH6H0lq0IrxuIEV9jAU7xC%2F3agTABDjBSqxQvExCV8QHMqlfISEeeQjiF1ZAg9JucCRcEs3D%2BbYs3M9Z7cCzgTv%2Fns12ikU6PwrElHCjHnE"}],"group":"cf-nel","max_age":604800}
Content-Type: text/css
Cache-Control: max-age=43200
CF-RAY: 8035ec62cfec0a73-AMS
Expires: Fri, 08 Sep 2023 20:46:51 GMT

GET
H/1.1 200
OK qr-video_0c6ec69b054fdeb31cf3e5e10290fd8e.png
rweb.wqdfcf.club/WhatsApp_files/ 16 KB
17 KB 509ms
508ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://rweb.wqdfcf.club/WhatsApp_files/qr-video_0c6ec69b054fdeb31cf3e5e10290fd8e.png
Requested by: Host: rweb.wqdfcf.club
URL: http://rweb.wqdfcf.club/
Protocol: HTTP/1.1
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d980ab372658f4c7c8f07d730ef6dc67e3fb3471f37928274f915c0308850994

Request headers

Referer: http://rweb.wqdfcf.club/
Origin: http://rweb.wqdfcf.club
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.82 Safari/537.36

Response headers

Date: Fri, 08 Sep 2023 08:46:52 GMT
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 16259
Last-Modified: Thu, 17 Aug 2023 19:04:13 GMT
Server: cloudflare
ETag: "64de6f2d-3f83"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4RlnnuLHTSovNMaHfZ0vnFsyEvNf89tQ38oTlyWZyrza%2BfrjeN1w7gJ%2BLpo29jRSPuzk5MLxmWhGLOI68K0zPIPuIfAzU%2Fe3tXAcTecU7M8RkowrbHdNnNzXe5PUQfifxirUv%2B8LDrWzv8faUSmo"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Cache-Control: max-age=2592000
Accept-Ranges: bytes
CF-RAY: 8035ec68aa45b980-AMS
Expires: Sun, 08 Oct 2023 08:46:52 GMT

GET binary-transparency-manifest-2.2325.3.json
web.whatsapp.com/ 0
0

GET
H/1.1 200
OK main.js Show response
rweb.wqdfcf.club/ 24 KB
9 KB 327ms
327ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://rweb.wqdfcf.club/main.js?ver=7.15b
Requested by: Host: rweb.wqdfcf.club
URL: http://rweb.wqdfcf.club/
Protocol: HTTP/1.1
Server: 2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0a458a2c3f77b0c022ffacf8ed9797606b6cc3c342aa9ac2ce6e03e304cd7a66

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: http://rweb.wqdfcf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.82 Safari/537.36

Response headers

Date: Fri, 08 Sep 2023 08:46:52 GMT
Content-Encoding: gzip
CF-Cache-Status: REVALIDATED
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Last-Modified: Sat, 19 Aug 2023 08:48:01 GMT
Server: cloudflare
ETag: W/"64e081c1-60df"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9Ma2F3zhek7bKAI84hy8wnlqDJmSOzLoIoWNuz53ZfuFkOT3ilEgewPGSQfIVEvgXtU%2B2FAdz7VAJYY7UoRE%2Fm9bPNfnmTT1BXuwUW%2FIEBmK7f4eExE1XrGymLJgOXu%2F6p%2BL%2Bsh30%2BF49UJ8o9xo"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
Cache-Control: max-age=43200
CF-RAY: 8035ec669fc2b980-AMS
Expires: Fri, 08 Sep 2023 20:46:52 GMT

GET
H2 200 dcab91f7-4ebc-42ce-943b-e737b0b3c82e.png
8srv.anscxnyfrtg.com/qrcodes/ 2 KB
2 KB 591ms
535ms Image
image/png 2606:4700:3033::ac43:c0b0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://8srv.anscxnyfrtg.com/qrcodes/dcab91f7-4ebc-42ce-943b-e737b0b3c82e.png?1694162813502
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:c0b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 425edd675714d0bbef8740b13e9a67ddc6cea132109af9bf4b1c4aa60d868f70

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: http://rweb.wqdfcf.club/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.82 Safari/537.36

Response headers

date: Fri, 08 Sep 2023 08:46:54 GMT
cf-cache-status: MISS
last-modified: Fri, 08 Sep 2023 08:46:37 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
etag: W/"697-18a73f8c279"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8lwfooUGwwtAVtcewk40EDyB2yYu7WwjiQIdDZOhXE43KZmmZkyMp52GI948Bm%2F129F2p0cq5a3I4kDvxKA5pFQRTRi18gQ%2B1%2BSMGZUIj4qF9LagHT6y%2FFd8IuEWLWPbmlZIkOmRfUSziBNqmpa26%2BlL1g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 8035ec70da0a1e81-AMS
alt-svc: h3=":443"; ma=86400
content-length: 1687

GET dcab91f7-4ebc-42ce-943b-e737b0b3c82e.png
8srv.anscxnyfrtg.com/qrcodes/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: web.whatsapp.com
URL: https://web.whatsapp.com/binary-transparency-manifest-2.2325.3.json

Domain: 8srv.anscxnyfrtg.com
URL: https://8srv.anscxnyfrtg.com/qrcodes/dcab91f7-4ebc-42ce-943b-e737b0b3c82e.png?1694162816504

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online) WhatsApp (Instant Messenger)

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.rweb.wqdfcf.club/	1970-01-20 14:37:29	Name: __cf_mw_byp Value: KgvD5gyd2TPLkMQnIO3TBnnI1ChdKI_Wy2SdyruHu7Y-1694162805-0-/

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: http://rweb.wqdfcf.club/qrcode.min.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
javascript	error	URL: http://rweb.wqdfcf.club/ Message: Access to link element resource at 'https://web.whatsapp.com/binary-transparency-manifest-2.2325.3.json' from origin 'http://rweb.wqdfcf.club' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://web.whatsapp.com/binary-transparency-manifest-2.2325.3.json Message: Failed to load resource: net::ERR_FAILED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

8srv.anscxnyfrtg.com
cdn.staticfile.org
rweb.wqdfcf.club
web.whatsapp.com
8srv.anscxnyfrtg.com
web.whatsapp.com
240e:908:8003:1:3::3fe
2606:4700:3033::ac43:c0b0
2a06:98c1:3120::3
0a458a2c3f77b0c022ffacf8ed9797606b6cc3c342aa9ac2ce6e03e304cd7a66
1103290e25ebda2712abe344a87facbac00ddaba712729be9fe5feef807bf91b
425edd675714d0bbef8740b13e9a67ddc6cea132109af9bf4b1c4aa60d868f70
5a5c1f88028b4d90f17de12897281de2478adb3cebdf1e4bd4955bc13f05ab91
69acbe3d7c92af1a509b7351cabfac35b356c18eef8c9299f5ac354acfdba079
775fafc214e32a36e2a39e694322fed097e37d964c9dce65663655b64492d068
79acde4aa0ad3feafd96271141640066d0c52c050724b13272b1ca3d6930f8d1
89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e
8a636dbd66666f13902713e7bc7d2e1cab497b299f533495759a2c68c459c5a4
d980ab372658f4c7c8f07d730ef6dc67e3fb3471f37928274f915c0308850994
e1f69aad206233225f9d21a8c438497b135e7e23043fc847f42486ef3793a705
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

rweb.wqdfcf.club Open in urlscan Pro 2a06:98c1:3120::3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

15 Requests

13 %HTTPS

100 %IPv6

4 Domains

4 Subdomains

4 IPs

2 Countries

239 kBTransfer

719 kBSize

1 Cookies

2 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

26 JavaScript Global Variables

1 Cookies

3 Console Messages

Security Headers

Indicators

rweb.wqdfcf.club Open in urlscan Pro
2a06:98c1:3120::3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

13 %
HTTPS

100 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

239 kB
Transfer

719 kB
Size

1
Cookies

15 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!