200 OK 9.8 kB URL User Request GET HTTP/2 IP
Certificate IssuerLet's Encrypt
Subjectwxeflm.club
Fingerprint90:97:9B:87:AE:42:E3:DE:C9:84:79:90:EC:8C:C7:AD:DF:92:8A:1F
ValidityFri, 28 Jul 2023 11:39:27 GMT - Thu, 26 Oct 2023 11:39:26 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (3991), with CRLF line terminators
Hash 31496a0eba0da44aa6e68f1d5169dfd0
f4c0f32b10b87d420004a8f193d6ba228bf56bde
0b24b4a9838cceaf24a95db5e288ff6b622d7e95be14be70873518ea80372114
Analyzer Verdict Alert OpenPhish phishing WhatsApp
GET / HTTP/1.1
Host: dweb.wxeflm.club
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 24 Sep 2023 00:54:35 GMT
content-type: text/html
last-modified: Wed, 30 Aug 2023 03:39:52 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tz%2FRuEkYAf%2F4AikiVj6GKqlLijCmYclIU1j%2BD7xCyu%2B0bGh6pxhyBD%2FXznSCSTANaE%2Fy4iwHLPOCCU6rEguEwz%2F8n1oWKrkOUid%2BNpartmrafgpK91g6U56OLZ%2B5jbpN3ra0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b70e957ddc569a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
web.whatsapp.com/binary-transparency-manifest-2.2325.3.json
400 Bad Request 2.5 kB URL GET HTTP/2 web.whatsapp.com/binary-transparency-manifest-2.2325.3.json
IP
Requested by https://dweb.wxeflm.club/
Certificate IssuerDigiCert Inc
Subject*.whatsapp.net
FingerprintF9:E0:4E:C3:A9:3B:B9:FA:44:A3:A7:41:81:01:36:D3:5F:9D:C6:F8
ValidityFri, 07 Jul 2023 00:00:00 GMT - Sun, 01 Oct 2023 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2793)
Hash f1ac791356b3b6a884f9d3341fabe1da
85c8d6a72ce89e3254dea435474c3ee04d0c8cbd
87d28f909a65f055c786a96751a9e3467ff378c56f9d38f5cffcfdaf0d724f1d
GET /binary-transparency-manifest-2.2325.3.json HTTP/1.1
Host: web.whatsapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dweb.wxeflm.club
DNT: 1
Connection: keep-alive
Referer: https://dweb.wxeflm.club/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 400 Bad Request
content-encoding: br
cross-origin-opener-policy: unsafe-none
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: text/html; charset="utf-8"
x-fb-debug: QHWHAWKhNSGuiAvIqAI3f0VvVJ4ftLjsw+mk9FcBgWu/2B8rn8U3EdDg2UrQDBFiYhtu8ZhESKDU5WvRRXhF7A==
content-length: 2460
date: Sun, 24 Sep 2023 00:54:36 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
dweb.wxeflm.club/WhatsApp_files/qr-video_0c6ec69b054fdeb31cf3e5e10290fd8e.png
200 OK 16 kB URL GET HTTP/3 dweb.wxeflm.club/WhatsApp_files/qr-video_0c6ec69b054fdeb31cf3e5e10290fd8e.png
IP
Requested by https://dweb.wxeflm.club/
Certificate IssuerLet's Encrypt
Subjectwxeflm.club
Fingerprint90:97:9B:87:AE:42:E3:DE:C9:84:79:90:EC:8C:C7:AD:DF:92:8A:1F
ValidityFri, 28 Jul 2023 11:39:27 GMT - Thu, 26 Oct 2023 11:39:26 GMT
File type PNG image data, 560 x 315, 8-bit colormap, non-interlaced\012- data
Hash 0c6ec69b054fdeb31cf3e5e10290fd8e
5b2d2ef0e3b5824addcc34d642769f5f14671411
d980ab372658f4c7c8f07d730ef6dc67e3fb3471f37928274f915c0308850994
Analyzer Verdict Alert OpenPhish phishing WhatsApp
GET /WhatsApp_files/qr-video_0c6ec69b054fdeb31cf3e5e10290fd8e.png HTTP/1.1
Host: dweb.wxeflm.club
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dweb.wxeflm.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 24 Sep 2023 00:54:36 GMT
content-type: image/png
content-length: 16259
last-modified: Sat, 15 Jul 2023 07:33:03 GMT
etag: "64b24baf-3f83"
expires: Tue, 24 Oct 2023 00:54:36 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wI%2FlhGBKZ5uvgfs8iNm8DvFFqlNFd2j5fHwJGZPwtCf2L05uDFNTKgAHTJQV5O3iz04XriuPKzOd0EuwasYXRsniMlSfwcpB6bM7Jze7Ih9GyEiYsCj%2B8jFKI%2FjDcgs1SAll"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80b70e9accf156a9-OSL
alt-svc: h3=":443"; ma=86400
ocsp.digicert.cn/
471 B IP
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Hash ad2b92be15a3adb3713844eab9a68760
157c273b95802dbec8cdd5ec6eb9f3b0c6258fde
026064070079938cef59e3a9a1a1999fe6c2b204f8d02b733798053e6bba154b
POST / HTTP/1.1
Host: ocsp.digicert.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: max-age=7200
Date: Sun, 24 Sep 2023 00:54:37 GMT
Ali-Swift-Global-Savetime: 1695516877
Via: cache5.l2de2[297,297,200-0,M], cache5.l2de2[298,0], cache7.se1[320,320,200-0,M], cache7.se1[321,0]
X-Cache: MISS TCP_MISS dirn:-2:-2
X-Swift-SaveTime: Sun, 24 Sep 2023 00:54:37 GMT
X-Swift-CacheTime: 0
Timing-Allow-Origin: *
EagleId: 2ff62c9b16955168767502238e
cdn.staticfile.org/jquery/1.10.2/jquery.min.js
200 OK 33 kB URL GET HTTP/1.1 cdn.staticfile.org/jquery/1.10.2/jquery.min.js
IP
ASN #24429 Zhejiang Taobao Network Co.,Ltd
Requested by https://dweb.wxeflm.club/
Certificate IssuerDigiCert Inc
Subject*.staticfile.org
Fingerprint04:4F:B9:B3:68:BF:B4:16:B7:18:CF:24:77:47:51:08:AE:EC:4B:B2
ValidityFri, 08 Sep 2023 00:00:00 GMT - Fri, 04 Oct 2024 23:59:59 GMT
File type ASCII text, with very long lines (32072)
Hash e0e0559014b222245deb26b6ae8bd940
e2f3603e23711f6446f278a411d905623d65201e
89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e
GET /jquery/1.10.2/jquery.min.js HTTP/1.1
Host: cdn.staticfile.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dweb.wxeflm.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/javascript
Content-Length: 32989
Connection: keep-alive
Date: Sat, 23 Sep 2023 13:23:28 GMT
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-Log, X-Reqid
Access-Control-Max-Age: 2592000
Cache-Control: public, max-age=31536000
X-Reqid: 6gcAAADu6JbmiYcX
X-Svr: IO
X-Qiniu-Zone: 0
X-Log: X-Log
Accept-Ranges: bytes
Content-Disposition: inline; filename="jquery.min.js"; filename*=utf-8''jquery.min.js
Content-Transfer-Encoding: binary
Ali-Swift-Global-Savetime: 1695475408
Via: cache23.l2de2[0,0,304-0,H], cache20.l2de2[1,0], cache1.se1[0,0,200-0,H], cache3.se1[1,0]
Etag: "FuLzYD4jcR9kRvJ4pBHZBWI9ZSAe.gz"
Vary: Accept-Encoding
Last-Modified: Tue, 16 Feb 2016 04:22:54 GMT
Content-Encoding: gzip
Age: 41469
X-Cache: HIT TCP_MEM_HIT dirn:11:342163023
X-Swift-SaveTime: Sat, 23 Sep 2023 13:25:11 GMT
X-Swift-CacheTime: 86297
Timing-Allow-Origin: *
EagleId: 2ff62c9716955168770777120e
web.whatsapp.com/apple-touch-icon.png
400 Bad Request 2.5 kB URL GET HTTP/3 web.whatsapp.com/apple-touch-icon.png
IP
Requested by https://dweb.wxeflm.club/
Certificate IssuerDigiCert Inc
Subject*.whatsapp.net
FingerprintF9:E0:4E:C3:A9:3B:B9:FA:44:A3:A7:41:81:01:36:D3:5F:9D:C6:F8
ValidityFri, 07 Jul 2023 00:00:00 GMT - Sun, 01 Oct 2023 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2793)
Hash f1ac791356b3b6a884f9d3341fabe1da
85c8d6a72ce89e3254dea435474c3ee04d0c8cbd
87d28f909a65f055c786a96751a9e3467ff378c56f9d38f5cffcfdaf0d724f1d
GET /apple-touch-icon.png HTTP/1.1
Host: web.whatsapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dweb.wxeflm.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 400 Bad Request
content-encoding: br
cross-origin-opener-policy: unsafe-none
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: text/html; charset="utf-8"
x-fb-debug: oAfXpVi221HD3SkMMQbMdLBXI5mY0n6qnIb8CYyJCHQ7uoeKZzD7CbwszEe1Wd73kpKMRsH/O/IOOq+BO3a8aw==
content-length: 2460
date: Sun, 24 Sep 2023 00:54:37 GMT
alt-svc: h3=":443"; ma=86400
priority: u=6
dweb.wxeflm.club/WhatsApp_files/main.fdf0caa2786c3269572d.css
200 OK 32 kB URL GET HTTP/3 dweb.wxeflm.club/WhatsApp_files/main.fdf0caa2786c3269572d.css
IP
Requested by https://dweb.wxeflm.club/
Certificate IssuerLet's Encrypt
Subjectwxeflm.club
Fingerprint90:97:9B:87:AE:42:E3:DE:C9:84:79:90:EC:8C:C7:AD:DF:92:8A:1F
ValidityFri, 28 Jul 2023 11:39:27 GMT - Thu, 26 Oct 2023 11:39:26 GMT
File type Unicode text, UTF-8 text, with very long lines (8773)
Hash e521494eaab76cd47c500800e4f7b167
8568e69ae91ab80338d49220858bc1fae66d5fbf
79acde4aa0ad3feafd96271141640066d0c52c050724b13272b1ca3d6930f8d1
Analyzer Verdict Alert OpenPhish phishing WhatsApp
GET /WhatsApp_files/main.fdf0caa2786c3269572d.css HTTP/1.1
Host: dweb.wxeflm.club
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dweb.wxeflm.club/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 24 Sep 2023 00:54:36 GMT
content-type: text/css
last-modified: Sat, 15 Jul 2023 07:33:02 GMT
vary: Accept-Encoding
etag: W/"64b24bae-257df"
expires: Sun, 24 Sep 2023 12:54:36 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d%2F591jv25ugBSc%2F%2FiJvV8TBInPz1CCS8tVFLzY%2BjAl5CEF9yIry2TVtHAzt7VUy3jR%2FqS1eVD643quDt32e1vpwRCJxRDkVt%2BA92hs4cTkCwQeqa6P7dDcdhoFgnhWwYddta"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b70e9accef56a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
7srv.anscxnyfrtg.com/
0 B IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: 7srv.anscxnyfrtg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://dweb.wxeflm.club
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: nk3pALK94WBb6CMP7M0GoQ==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Sun, 24 Sep 2023 00:54:37 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: phvG+59XLvLgeLs29972VYKPyCI=
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JwSyGaGyNLEZG4xwZ3VrOxQ32H8DARd4ceg7qUCnSew9amoJU8YjzG5G%2BuXclL7aH9CR5mlBviwTenafF6FS8mGwQudnXzxx8XcMEegbKgVi%2BoeMtwMIFnQosHP43yFraqqeXGNyNg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 80b70ea38c140afa-OSL
alt-svc: h3=":443"; ma=86400
7srv.anscxnyfrtg.com/qrcodes/6de4269a-e1ce-4a7d-8af4-fed2c22fe5dd.png?1695516878504
200 OK 1.7 kB URL GET HTTP/3 7srv.anscxnyfrtg.com/qrcodes/6de4269a-e1ce-4a7d-8af4-fed2c22fe5dd.png?1695516878504
IP
Requested by https://dweb.wxeflm.club/
Certificate IssuerGoogle Trust Services LLC
Subjectanscxnyfrtg.com
FingerprintD9:0D:77:8A:CA:E2:2E:89:7A:66:2A:C1:CB:B3:08:A0:04:DD:9A:97
ValidityFri, 04 Aug 2023 12:14:07 GMT - Thu, 02 Nov 2023 12:14:06 GMT
File type PNG image data, 345 x 345, 8-bit grayscale, non-interlaced\012- data
Hash cb32e317a8a217cf9c5dbf48227c8050
aae117975684a31fcc6d8a5d7613f971a0cddb67
59b2898946ecd33d2be452669c5f46e83181b8110fd8b0218615cb72a2d20123
GET /qrcodes/6de4269a-e1ce-4a7d-8af4-fed2c22fe5dd.png?1695516878504 HTTP/1.1
Host: 7srv.anscxnyfrtg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dweb.wxeflm.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 24 Sep 2023 00:54:38 GMT
content-type: image/png
content-length: 1715
x-powered-by: Express
cache-control: public, max-age=14400
last-modified: Sun, 24 Sep 2023 00:54:34 GMT
etag: W/"6b3-18ac4ae55a5"
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qAYNsLgoIrKcccOAkUws60FsPNco3vPUcgG77xh%2FJTsL6c%2BTXRdLP4T6FaVXVP5RrNkQWGB0d08ZWbXrG%2FkzcpZ%2Fh5hOarNkibabtITnFoQnAcJaAs%2BLMXt%2FyO9lMCxYqu1C0DcKdA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80b70ea92dcc569a-OSL
alt-svc: h3=":443"; ma=86400
7srv.anscxnyfrtg.com/qrcodes/6de4269a-e1ce-4a7d-8af4-fed2c22fe5dd.png?1695516881507
200 OK 1.7 kB URL GET HTTP/3 7srv.anscxnyfrtg.com/qrcodes/6de4269a-e1ce-4a7d-8af4-fed2c22fe5dd.png?1695516881507
IP
Requested by https://dweb.wxeflm.club/
Certificate IssuerGoogle Trust Services LLC
Subjectanscxnyfrtg.com
FingerprintD9:0D:77:8A:CA:E2:2E:89:7A:66:2A:C1:CB:B3:08:A0:04:DD:9A:97
ValidityFri, 04 Aug 2023 12:14:07 GMT - Thu, 02 Nov 2023 12:14:06 GMT
File type PNG image data, 345 x 345, 8-bit grayscale, non-interlaced\012- data
Hash cb32e317a8a217cf9c5dbf48227c8050
aae117975684a31fcc6d8a5d7613f971a0cddb67
59b2898946ecd33d2be452669c5f46e83181b8110fd8b0218615cb72a2d20123
GET /qrcodes/6de4269a-e1ce-4a7d-8af4-fed2c22fe5dd.png?1695516881507 HTTP/1.1
Host: 7srv.anscxnyfrtg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dweb.wxeflm.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 24 Sep 2023 00:54:41 GMT
content-type: image/png
content-length: 1715
x-powered-by: Express
cache-control: public, max-age=14400
last-modified: Sun, 24 Sep 2023 00:54:34 GMT
etag: W/"6b3-18ac4ae55a5"
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vvGZmA8zlyrY%2FrWpyg5G8yO7zgYSWnoBsbiFyWyrnY5e%2BSatlyDv9R%2FkfZWLlPrim2a2xYVE%2BNudRGjo41oPiIba2Gfms%2BICUvutuXOtGO6TV5l6Y6Dyv1rXljMTl2X8B%2F2FXMNXPQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80b70ebbed76569a-OSL
alt-svc: h3=":443"; ma=86400
dweb.wxeflm.club/qrcode.min.js
404 Not Found 1.8 kB URL GET HTTP/3 dweb.wxeflm.club/qrcode.min.js
IP
Requested by https://dweb.wxeflm.club/
Certificate IssuerLet's Encrypt
Subjectwxeflm.club
Fingerprint90:97:9B:87:AE:42:E3:DE:C9:84:79:90:EC:8C:C7:AD:DF:92:8A:1F
ValidityFri, 28 Jul 2023 11:39:27 GMT - Thu, 26 Oct 2023 11:39:26 GMT
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
Analyzer Verdict Alert OpenPhish phishing WhatsApp
GET /qrcode.min.js HTTP/1.1
Host: dweb.wxeflm.club
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dweb.wxeflm.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 404 Not Found
date: Sun, 24 Sep 2023 00:54:37 GMT
content-type: text/html
cache-control: max-age=14400
cf-cache-status: HIT
age: 1
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QFR932nXHM71vJa%2BYv2nODdNNVpWIUDizyu8BStnMA%2FXBhlGL2%2BL3%2B%2FzXVJDMR5w77PwJE9TgcKrrfpPASgku17h%2F8AZDjQwer%2FgemOfSSW%2BHLeiQtDwCVddZ1ihQxbupi65"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80b70ea28f8a56a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
7srv.anscxnyfrtg.com/qrcodes/6de4269a-e1ce-4a7d-8af4-fed2c22fe5dd.png?1695516887507
200 OK 1.7 kB URL GET HTTP/3 7srv.anscxnyfrtg.com/qrcodes/6de4269a-e1ce-4a7d-8af4-fed2c22fe5dd.png?1695516887507
IP
Requested by https://dweb.wxeflm.club/
Certificate IssuerGoogle Trust Services LLC
Subjectanscxnyfrtg.com
FingerprintD9:0D:77:8A:CA:E2:2E:89:7A:66:2A:C1:CB:B3:08:A0:04:DD:9A:97
ValidityFri, 04 Aug 2023 12:14:07 GMT - Thu, 02 Nov 2023 12:14:06 GMT
File type PNG image data, 345 x 345, 8-bit grayscale, non-interlaced\012- data
Hash cb32e317a8a217cf9c5dbf48227c8050
aae117975684a31fcc6d8a5d7613f971a0cddb67
59b2898946ecd33d2be452669c5f46e83181b8110fd8b0218615cb72a2d20123
GET /qrcodes/6de4269a-e1ce-4a7d-8af4-fed2c22fe5dd.png?1695516887507 HTTP/1.1
Host: 7srv.anscxnyfrtg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dweb.wxeflm.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 24 Sep 2023 00:54:47 GMT
content-type: image/png
content-length: 1715
x-powered-by: Express
cache-control: public, max-age=14400
last-modified: Sun, 24 Sep 2023 00:54:34 GMT
etag: W/"6b3-18ac4ae55a5"
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zaPoLPZ3P9azA9VeMlhBJNJDA4exzsOfrcduKZJbaYNNEak4evIYCqvp9Cj%2FWxSuYJ9ggZAQ6bHAKJ0nfvcs6uYl4q7t3tWSiwU%2F2H3kLodt7piVBNu3Iuq1DOq81Dv5MO9W%2FVAcVg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80b70ee16bd1569a-OSL
alt-svc: h3=":443"; ma=86400
7srv.anscxnyfrtg.com/
101 Switching Protocols 0 B IP
Requested by https://dweb.wxeflm.club/
Certificate IssuerGoogle Trust Services LLC
Subjectanscxnyfrtg.com
FingerprintD9:0D:77:8A:CA:E2:2E:89:7A:66:2A:C1:CB:B3:08:A0:04:DD:9A:97
ValidityFri, 04 Aug 2023 12:14:07 GMT - Thu, 02 Nov 2023 12:14:06 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: 7srv.anscxnyfrtg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://dweb.wxeflm.club
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: nk3pALK94WBb6CMP7M0GoQ==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Sun, 24 Sep 2023 00:54:37 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: phvG+59XLvLgeLs29972VYKPyCI=
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JwSyGaGyNLEZG4xwZ3VrOxQ32H8DARd4ceg7qUCnSew9amoJU8YjzG5G%2BuXclL7aH9CR5mlBviwTenafF6FS8mGwQudnXzxx8XcMEegbKgVi%2BoeMtwMIFnQosHP43yFraqqeXGNyNg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 80b70ea38c140afa-OSL
alt-svc: h3=":443"; ma=86400
dweb.wxeflm.club/WhatsApp_files/main~.b66100b3486cd1857cd3.css
200 OK 22 kB URL GET HTTP/3 dweb.wxeflm.club/WhatsApp_files/main~.b66100b3486cd1857cd3.css
IP
Requested by https://dweb.wxeflm.club/
Certificate IssuerLet's Encrypt
Subjectwxeflm.club
Fingerprint90:97:9B:87:AE:42:E3:DE:C9:84:79:90:EC:8C:C7:AD:DF:92:8A:1F
ValidityFri, 28 Jul 2023 11:39:27 GMT - Thu, 26 Oct 2023 11:39:26 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert OpenPhish phishing WhatsApp
GET /WhatsApp_files/main~.b66100b3486cd1857cd3.css HTTP/1.1
Host: dweb.wxeflm.club
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dweb.wxeflm.club/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 24 Sep 2023 00:54:36 GMT
content-type: text/css
last-modified: Sat, 15 Jul 2023 07:33:03 GMT
vary: Accept-Encoding
etag: W/"64b24baf-55b9"
expires: Sun, 24 Sep 2023 12:54:36 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YY0OfDeFCVcZPolduSBQWx1ufvTW0AmdK4IdmwT0H63Q%2Bh%2F0OsyxbEl9mz5DwkKuRxbrO9fniOAYvqJ6lOzBRmrCZcWhbhLU9NXcjyUtwGROvru9bxsQO7RYY8tDFPHQdo8o"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b70e9accee56a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
7srv.anscxnyfrtg.com/qrcodes/6de4269a-e1ce-4a7d-8af4-fed2c22fe5dd.png?1695516884509
200 OK 1.7 kB URL GET HTTP/3 7srv.anscxnyfrtg.com/qrcodes/6de4269a-e1ce-4a7d-8af4-fed2c22fe5dd.png?1695516884509
IP
Requested by https://dweb.wxeflm.club/
Certificate IssuerGoogle Trust Services LLC
Subjectanscxnyfrtg.com
FingerprintD9:0D:77:8A:CA:E2:2E:89:7A:66:2A:C1:CB:B3:08:A0:04:DD:9A:97
ValidityFri, 04 Aug 2023 12:14:07 GMT - Thu, 02 Nov 2023 12:14:06 GMT
File type PNG image data, 345 x 345, 8-bit grayscale, non-interlaced\012- data
Hash cb32e317a8a217cf9c5dbf48227c8050
aae117975684a31fcc6d8a5d7613f971a0cddb67
59b2898946ecd33d2be452669c5f46e83181b8110fd8b0218615cb72a2d20123
GET /qrcodes/6de4269a-e1ce-4a7d-8af4-fed2c22fe5dd.png?1695516884509 HTTP/1.1
Host: 7srv.anscxnyfrtg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dweb.wxeflm.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 24 Sep 2023 00:54:44 GMT
content-type: image/png
content-length: 1715
x-powered-by: Express
cache-control: public, max-age=14400
last-modified: Sun, 24 Sep 2023 00:54:34 GMT
etag: W/"6b3-18ac4ae55a5"
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6DAQGaDoHZTWp1r4THynHBMvo72nuC8%2FM3rCW81WfD3825X7Na0EEimYKj2JkmvOmQxtwWauN5AB%2BVeWe8tCXhJRm5cYLjGpxmjInYhBQ6%2F2b57aEQW5HBOpp6zMX2o%2Bo4Q06Ydtjw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80b70ecebd7a569a-OSL
alt-svc: h3=":443"; ma=86400
dweb.wxeflm.club/main.js?ver=7.15b
200 OK 22 kB URL GET HTTP/3 dweb.wxeflm.club/main.js?ver=7.15b
IP
Requested by https://dweb.wxeflm.club/
Certificate IssuerLet's Encrypt
Subjectwxeflm.club
Fingerprint90:97:9B:87:AE:42:E3:DE:C9:84:79:90:EC:8C:C7:AD:DF:92:8A:1F
ValidityFri, 28 Jul 2023 11:39:27 GMT - Thu, 26 Oct 2023 11:39:26 GMT
File type ASCII text, with very long lines (21508), with no line terminators
Hash ddd9adb565b448ffd79ef6f7b52b5bd3
d7c80375c179f842bd0f2b65538572adb29f1ccb
b62386772aa4bb583f04a48608d4aebd755b7a3d6bfc4be971e4aac01d9fb983
Analyzer Verdict Alert OpenPhish phishing WhatsApp
GET /main.js?ver=7.15b HTTP/1.1
Host: dweb.wxeflm.club
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dweb.wxeflm.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 24 Sep 2023 00:54:36 GMT
content-type: application/javascript
last-modified: Sat, 19 Aug 2023 08:47:08 GMT
vary: Accept-Encoding
etag: W/"64e0818c-5404"
expires: Sun, 24 Sep 2023 12:54:36 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=18SspMJIzm%2F47XRu8s4T3%2FzAUkv05FX4zVYLi6hA9Kx0SpuJ4mutpYzhVlBmcBYRTNmqnLSBsAgEolrf96ZlPL0R%2FR1QSJm%2BoPGotkmEEbnSrEbDfWWC6tYhaa%2BC6FvHrTAM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b70e9accf256a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
dweb.wxeflm.club/WhatsApp_files/app-6d34864fd47903428794.css
200 OK 191 kB URL GET HTTP/3 dweb.wxeflm.club/WhatsApp_files/app-6d34864fd47903428794.css
IP
Requested by https://dweb.wxeflm.club/
Certificate IssuerLet's Encrypt
Subjectwxeflm.club
Fingerprint90:97:9B:87:AE:42:E3:DE:C9:84:79:90:EC:8C:C7:AD:DF:92:8A:1F
ValidityFri, 28 Jul 2023 11:39:27 GMT - Thu, 26 Oct 2023 11:39:26 GMT
File type ASCII text, with very long lines (17444)
Size 191 kB (191156 bytes)
Hash bfafa571a7a8ba0853896553a2463e98
af7358ff5de66bab7fcdbaf3b0b1169084aa5dba
69acbe3d7c92af1a509b7351cabfac35b356c18eef8c9299f5ac354acfdba079
Analyzer Verdict Alert OpenPhish phishing WhatsApp
GET /WhatsApp_files/app-6d34864fd47903428794.css HTTP/1.1
Host: dweb.wxeflm.club
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dweb.wxeflm.club/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 24 Sep 2023 00:54:36 GMT
content-type: text/css
last-modified: Sat, 15 Jul 2023 07:33:01 GMT
vary: Accept-Encoding
etag: W/"64b24bad-2eab4"
expires: Sun, 24 Sep 2023 12:54:36 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VpX9H3q4sRD4MqIggpBukxO%2BdlBN%2FGbqsjeI6q2hNJY1u%2BT%2BGg1OFLacB0%2F0pSAjs7cDHi%2B7xEaoqj6Ms9DEpGIk%2B22RrDlTjV89ybLs0C7qISJ01AIi%2F7R6ttDQypX%2F5VXw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b70e9abced56a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
web.whatsapp.com/img/favicon_c5088e888c97ad440a61d247596f88e5.png
400 Bad Request 0 B URL GET HTTP/3 web.whatsapp.com/img/favicon_c5088e888c97ad440a61d247596f88e5.png
IP
Requested by https://dweb.wxeflm.club/
Certificate IssuerDigiCert Inc
Subject*.whatsapp.net
FingerprintF9:E0:4E:C3:A9:3B:B9:FA:44:A3:A7:41:81:01:36:D3:5F:9D:C6:F8
ValidityFri, 07 Jul 2023 00:00:00 GMT - Sun, 01 Oct 2023 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /img/favicon_c5088e888c97ad440a61d247596f88e5.png HTTP/1.1
Host: web.whatsapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dweb.wxeflm.club/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 400 Bad Request
content-encoding: br
cross-origin-opener-policy: unsafe-none
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: text/html; charset="utf-8"
x-fb-debug: kyk9ceqDv2FrZVu4iQJXSUWBPikhqZQE23CyunL3rG8JBBuSCUBWsTSsGM8kT83nA3FgXX2k+solmWXlFiF9/w==
content-length: 2460
date: Sun, 24 Sep 2023 00:54:37 GMT
alt-svc: h3=":443"; ma=86400
priority: u=6
dweb.wxeflm.club/WhatsApp_files/stylex-ce269a9819ee8f292840728689a22cc5.css
200 OK 179 kB URL GET HTTP/3 dweb.wxeflm.club/WhatsApp_files/stylex-ce269a9819ee8f292840728689a22cc5.css
IP
Requested by https://dweb.wxeflm.club/
Certificate IssuerLet's Encrypt
Subjectwxeflm.club
Fingerprint90:97:9B:87:AE:42:E3:DE:C9:84:79:90:EC:8C:C7:AD:DF:92:8A:1F
ValidityFri, 28 Jul 2023 11:39:27 GMT - Thu, 26 Oct 2023 11:39:26 GMT
File type ASCII text, with very long lines (937)
Size 179 kB (179058 bytes)
Hash bddd6c64513ffb50747ea146307b410a
bf67bf8e2eed16259a332e1a3aaf4ba7f5f0b606
775fafc214e32a36e2a39e694322fed097e37d964c9dce65663655b64492d068
Analyzer Verdict Alert OpenPhish phishing WhatsApp
GET /WhatsApp_files/stylex-ce269a9819ee8f292840728689a22cc5.css HTTP/1.1
Host: dweb.wxeflm.club
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://dweb.wxeflm.club/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 24 Sep 2023 00:54:36 GMT
content-type: text/css
last-modified: Sat, 15 Jul 2023 07:33:03 GMT
vary: Accept-Encoding
etag: W/"64b24baf-2bb72"
expires: Sun, 24 Sep 2023 12:54:36 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XeMzTQV0tDFq3s%2BsS6V91i4DYGBe2mj79tzTmz%2F3FwZgrEf4Oqdylo6Xaj5DB0mfr3UChNSDspTjcLHnAncQF7YjQekC%2BtV8Dhl9Or%2BmCHRF16SiypLyKBArdLhYEg8RIW8l"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80b70e9abce956a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
104.21.5.246
47.246.44.211