www.whatsappviralgrooups.jkub.com Open in urlscan Pro
173.212.225.120 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.whatsappviralgrooups.jkub.com/
Submission: On September 15 via automatic, source certstream-suspicious (September 15th 2019, 2:19:43 pm UTC)

Summary HTTP 23 Redirects Behaviour Indicators

Similar DOM Content API

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 23 HTTP transactions. The main IP is 173.212.225.120, located in Nuremberg, Germany and belongs to CONTABO, DE. The main domain is www.whatsappviralgrooups.jkub.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on September 15th 2019. Valid for: 3 months.

This is the only time www.whatsappviralgrooups.jkub.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: WhatsApp (Instant Messenger)

Domain & IP information

	IP Address		AS Autonomous System
18	173.212.225.120 173.212.225.120		51167 (CONTABO) (CONTABO)
1	2606:4700:30:... 2606:4700:30::681c:86e		13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	180.250.66.131 180.250.66.131		17974 (TELKOMNET...) (TELKOMNET-AS2-AP PT Telekomunikasi Indonesia)
23	4

18 173.212.225.120 (Nuremberg, Germany)

ASN51167 (CONTABO, DE)
PTR: vmi291504.contaboserver.net

www.whatsappviralgrooups.jkub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:30::681c:86e (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

pluspng.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 180.250.66.131 (Jakarta, Indonesia)

ASN17974 (TELKOMNET-AS2-AP PT Telekomunikasi Indonesia, ID)
PTR: 131.subnet180-250-66.speedy.telkom.net.id

p03.notifa.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	jkub.com www.whatsappviralgrooups.jkub.com	1002 KB
1	notifa.info p03.notifa.info
1	pluspng.com pluspng.com	42 KB
0	googleapis.com Failed fonts.googleapis.com Failed
23	4

	Domain	Requested by
18	www.whatsappviralgrooups.jkub.com	www.whatsappviralgrooups.jkub.com
1	p03.notifa.info	www.whatsappviralgrooups.jkub.com
1	pluspng.com	www.whatsappviralgrooups.jkub.com
0	fonts.googleapis.com Failed	www.whatsappviralgrooups.jkub.com
23	4

This site contains no links.

Subject Issuer	Validity	Valid
whatsappviralgrooups.jkub.com Let's Encrypt Authority X3	`2019-09-15` - `2019-12-14`	3 months	crt.sh
	`1970-01-01` - `1970-01-01`	a few seconds	crt.sh
*.uzone.id COMODO RSA Domain Validation Secure Server CA	`2016-01-27` - `2019-01-26`	3 years	crt.sh

This page contains 1 frames:

Primary Page: https://www.whatsappviralgrooups.jkub.com/
Frame ID: 5B65FA0969096C40FF714854C59D4D7A
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

animate.css (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link [^>]+(?:\/([\d.]+)\/)?animate\.(?:min\.)?css/i

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

23
Requests

78 %
HTTPS

33 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

1044 kB
Transfer

1427 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

23 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response www.whatsappviralgrooups.jkub.com/	35 KB 10 KB	312ms 57ms	Document text/html	173.212.225.120 CONTABO
General Check archive.org Show headers Download Go to Full URL https://www.whatsappviralgrooups.jkub.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 173.212.225.120 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS vmi291504.contaboserver.net Software / Resource Hash `6584fc52888c760ebd67f2b4a7c4bd5a7591b6d87fcbd912a855a61401248331` Request headers :method GET :authority www.whatsappviralgrooups.jkub.com :scheme https :path / pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 sec-fetch-mode navigate sec-fetch-user ?1 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3 sec-fetch-site none accept-encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Response headers status 200 content-type text/html last-modified Sun, 23 Jun 2019 17:53:44 GMT accept-ranges bytes content-encoding br vary Accept-Encoding content-length 10457 date Sun, 15 Sep 2019 14:19:24 GMT alt-svc quic=":443"; ma=2592000; v="39,43,46", h3-22=":443"; ma=2592000
GET H2	200	font-awesome.min.css www.whatsappviralgrooups.jkub.com/assets/landing_pages/fa/css/	29 KB 6 KB	81ms 80ms	Stylesheet text/css	173.212.225.120 CONTABO
General Check archive.org Show headers Download Go to Full URL https://www.whatsappviralgrooups.jkub.com/assets/landing_pages/fa/css/font-awesome.min.css Requested by Host: www.whatsappviralgrooups.jkub.com URL: https://www.whatsappviralgrooups.jkub.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 173.212.225.120 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS vmi291504.contaboserver.net Software / Resource Hash `e1b9e2dc4f216da02dd78bccadaa42de1327f637d82c394ca5c913b261662402` Request headers Sec-Fetch-Mode no-cors User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sun, 15 Sep 2019 14:19:24 GMT content-encoding br last-modified Mon, 30 Jan 2017 19:33:54 GMT vary Accept-Encoding content-type text/css status 200 cache-control public, max-age=604800 accept-ranges bytes alt-svc quic=":443"; ma=2592000; v="39,43,46", h3-22=":443"; ma=2592000 content-length 6383 expires Sun, 22 Sep 2019 14:19:24 GMT
GET H2	200	jquery-ui.min.css www.whatsappviralgrooups.jkub.com/assets/landing_pages/jqueryui/	31 KB 7 KB	83ms 81ms	Stylesheet text/css	173.212.225.120 CONTABO
General Check archive.org Show headers Download Go to Full URL https://www.whatsappviralgrooups.jkub.com/assets/landing_pages/jqueryui/jquery-ui.min.css Requested by Host: www.whatsappviralgrooups.jkub.com URL: https://www.whatsappviralgrooups.jkub.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 173.212.225.120 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS vmi291504.contaboserver.net Software / Resource Hash `47cbd399f2a844e3a0e1bf92cf13a95144b9675adf0373832a66d90f0365846d` Request headers Sec-Fetch-Mode no-cors User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sun, 15 Sep 2019 14:19:24 GMT content-encoding br last-modified Mon, 30 Jan 2017 19:33:56 GMT vary Accept-Encoding content-type text/css status 200 cache-control public, max-age=604800 accept-ranges bytes alt-svc quic=":443"; ma=2592000; v="39,43,46", h3-22=":443"; ma=2592000 content-length 7214 expires Sun, 22 Sep 2019 14:19:24 GMT
GET H2	200	css_front.css www.whatsappviralgrooups.jkub.com/assets/content_lockers/	6 KB 1 KB	85ms 83ms	Stylesheet text/css	173.212.225.120 CONTABO
General Check archive.org Show headers Download Go to Full URL https://www.whatsappviralgrooups.jkub.com/assets/content_lockers/css_front.css Requested by Host: www.whatsappviralgrooups.jkub.com URL: https://www.whatsappviralgrooups.jkub.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 173.212.225.120 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS vmi291504.contaboserver.net Software / Resource Hash `a316fe7b1efa45b37b1c03c170e5772d1d5f2ffd084af6ca474a984c3b0bcc3c` Request headers Sec-Fetch-Mode no-cors User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sun, 15 Sep 2019 14:19:24 GMT content-encoding br last-modified Mon, 30 Jan 2017 19:33:54 GMT vary Accept-Encoding content-type text/css status 200 cache-control public, max-age=604800 accept-ranges bytes alt-svc quic=":443"; ma=2592000; v="39,43,46", h3-22=":443"; ma=2592000 content-length 1247 expires Sun, 22 Sep 2019 14:19:24 GMT
GET H2	200	animate.css www.whatsappviralgrooups.jkub.com/assets/content_lockers/noty-2.3.8/demo/	71 KB 4 KB	86ms 85ms	Stylesheet text/css	173.212.225.120 CONTABO
General Check archive.org Show headers Download Go to Full URL https://www.whatsappviralgrooups.jkub.com/assets/content_lockers/noty-2.3.8/demo/animate.css Requested by Host: www.whatsappviralgrooups.jkub.com URL: https://www.whatsappviralgrooups.jkub.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 173.212.225.120 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS vmi291504.contaboserver.net Software / Resource Hash `88683b0a41b07f465377c8846933bdfb1e57fc9a54accef3e5fd0125bd052cc7` Request headers Sec-Fetch-Mode no-cors User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sun, 15 Sep 2019 14:19:24 GMT content-encoding br last-modified Mon, 30 Jan 2017 19:33:54 GMT vary Accept-Encoding content-type text/css status 200 cache-control public, max-age=604800 accept-ranges bytes alt-svc quic=":443"; ma=2592000; v="39,43,46", h3-22=":443"; ma=2592000 content-length 3809 expires Sun, 22 Sep 2019 14:19:24 GMT
GET H2	404	font-awesome.min.css www.whatsappviralgrooups.jkub.com/assest/css/	0 0	88ms 86ms	Stylesheet text/html	173.212.225.120 CONTABO
General Check archive.org Show headers Download Go to Full URL https://www.whatsappviralgrooups.jkub.com/assest/css/font-awesome.min.css Requested by Host: www.whatsappviralgrooups.jkub.com URL: https://www.whatsappviralgrooups.jkub.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 173.212.225.120 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS vmi291504.contaboserver.net Software / Resource Hash Request headers Sec-Fetch-Mode no-cors User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers status 404 pragma no-cache date Sun, 15 Sep 2019 14:19:24 GMT cache-control private, no-cache, no-store, must-revalidate, max-age=0 alt-svc quic=":443"; ma=2592000; v="39,43,46", h3-22=":443"; ma=2592000 content-length 618 content-type text/html
GET H/1.1	200 OK	whatsapp-png--1500.png pluspng.com/img-png/	41 KB 42 KB	63ms 31ms	Image image/png	2606:4700:30::681c:86e Cloudflare
General Check archive.org Show headers Download Go to Show image Full URL http://pluspng.com/img-png/whatsapp-png--1500.png Requested by Host: www.whatsappviralgrooups.jkub.com URL: https://www.whatsappviralgrooups.jkub.com/ Protocol HTTP/1.1 Security , , Server 2606:4700:30::681c:86e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash `f7168bd1a76913fe9add32d08bf4be607631fe5b1e4c00a95a19d250bcfd64f7` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Pragma public Date Sun, 15 Sep 2019 14:19:24 GMT CF-Cache-Status HIT Last-Modified Sun, 10 Sep 2017 04:16:43 GMT Server cloudflare Age 43892 Vary Accept-Encoding Content-Type image/png Cache-Control public, max-age=5356800 Connection keep-alive Accept-Ranges bytes CF-RAY 516b3c449c0259be-VIE Content-Length 42476 Expires Sat, 16 Nov 2019 14:19:24 GMT
GET H2	200	1d.gif www.whatsappviralgrooups.jkub.com/img/	773 KB 774 KB	88ms 87ms	Image image/gif	173.212.225.120 CONTABO
General Check archive.org Show headers Download Go to Show image Full URL https://www.whatsappviralgrooups.jkub.com/img/1d.gif Requested by Host: www.whatsappviralgrooups.jkub.com URL: https://www.whatsappviralgrooups.jkub.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 173.212.225.120 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS vmi291504.contaboserver.net Software / Resource Hash `d57d6eaa4c9b8c1d7a12832ab2e41987028e4fbc186dadf93c85a2112f66505c` Request headers Sec-Fetch-Mode no-cors User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sun, 15 Sep 2019 14:19:24 GMT last-modified Fri, 02 Feb 2018 05:18:36 GMT content-type image/gif status 200 cache-control public, max-age=604800 accept-ranges bytes alt-svc quic=":443"; ma=2592000; v="39,43,46", h3-22=":443"; ma=2592000 content-length 791829 expires Sun, 22 Sep 2019 14:19:24 GMT
GET H2	404	jquery.js www.whatsappviralgrooups.jkub.com/ajax.googleapis.com/ajax/libs/jquery/1/	0 0	103ms 102ms	Script text/html	173.212.225.120 CONTABO
General Check archive.org Show headers Download Go to Full URL https://www.whatsappviralgrooups.jkub.com/ajax.googleapis.com/ajax/libs/jquery/1/jquery.js Requested by Host: www.whatsappviralgrooups.jkub.com URL: https://www.whatsappviralgrooups.jkub.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 173.212.225.120 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS vmi291504.contaboserver.net Software / Resource Hash Request headers Sec-Fetch-Mode no-cors User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers status 404 pragma no-cache date Sun, 15 Sep 2019 14:19:24 GMT cache-control private, no-cache, no-store, must-revalidate, max-age=0 alt-svc quic=":443"; ma=2592000; v="39,43,46", h3-22=":443"; ma=2592000 content-length 618 content-type text/html
GET H2	200	jquery-ui.min.js Show response www.whatsappviralgrooups.jkub.com/assets/landing_pages/jqueryui/	247 KB 63 KB	104ms 103ms	Script application/javascript	173.212.225.120 CONTABO
General Check archive.org Show headers Download Go to Full URL https://www.whatsappviralgrooups.jkub.com/assets/landing_pages/jqueryui/jquery-ui.min.js Requested by Host: www.whatsappviralgrooups.jkub.com URL: https://www.whatsappviralgrooups.jkub.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 173.212.225.120 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS vmi291504.contaboserver.net Software / Resource Hash `b827f5917d353d0862dbd30720e73926f4488b88f19fede11ca9d206b49f4831` Request headers Sec-Fetch-Mode no-cors User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sun, 15 Sep 2019 14:19:24 GMT content-encoding br last-modified Mon, 30 Jan 2017 19:33:56 GMT vary Accept-Encoding content-type application/javascript status 200 cache-control public, max-age=604800 accept-ranges bytes alt-svc quic=":443"; ma=2592000; v="39,43,46", h3-22=":443"; ma=2592000 content-length 64042 expires Sun, 22 Sep 2019 14:19:24 GMT
GET H2	200	locker.js Show response www.whatsappviralgrooups.jkub.com/	22 KB 6 KB	125ms 124ms	Script application/javascript	173.212.225.120 CONTABO
General Check archive.org Show headers Download Go to Full URL https://www.whatsappviralgrooups.jkub.com/locker.js Requested by Host: www.whatsappviralgrooups.jkub.com URL: https://www.whatsappviralgrooups.jkub.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 173.212.225.120 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS vmi291504.contaboserver.net Software / Resource Hash `4d9e5c69afebfe736f5c72f115e98dd41705e81e5e2562b38a3cec33929c8aaf` Request headers Sec-Fetch-Mode no-cors User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sun, 15 Sep 2019 14:19:24 GMT content-encoding br last-modified Tue, 12 Feb 2019 09:42:00 GMT vary Accept-Encoding content-type application/javascript status 200 cache-control public, max-age=604800 accept-ranges bytes alt-svc quic=":443"; ma=2592000; v="39,43,46", h3-22=":443"; ma=2592000 content-length 5989 expires Sun, 22 Sep 2019 14:19:24 GMT
GET H2	200	jquery.noty.packaged.js Show response www.whatsappviralgrooups.jkub.com/assets/content_lockers/noty-2.3.8/js/noty/packaged/	46 KB 6 KB	125ms 124ms	Script application/javascript	173.212.225.120 CONTABO
General Check archive.org Show headers Download Go to Full URL https://www.whatsappviralgrooups.jkub.com/assets/content_lockers/noty-2.3.8/js/noty/packaged/jquery.noty.packaged.js Requested by Host: www.whatsappviralgrooups.jkub.com URL: https://www.whatsappviralgrooups.jkub.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 173.212.225.120 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS vmi291504.contaboserver.net Software / Resource Hash `2727db8841f5a577e0d4bed1ab8f6b6bffa353dbffc087123c80ed1017a0b9bc` Request headers Sec-Fetch-Mode no-cors User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sun, 15 Sep 2019 14:19:24 GMT content-encoding br last-modified Mon, 30 Jan 2017 19:33:54 GMT vary Accept-Encoding content-type application/javascript status 200 cache-control public, max-age=604800 accept-ranges bytes alt-svc quic=":443"; ma=2592000; v="39,43,46", h3-22=":443"; ma=2592000 content-length 6557 expires Sun, 22 Sep 2019 14:19:24 GMT
GET H2	404	analytics.js www.whatsappviralgrooups.jkub.com/www.google-analytics.com/	0 0	133ms 133ms	Script text/html	173.212.225.120 CONTABO
General Check archive.org Show headers Download Go to Full URL https://www.whatsappviralgrooups.jkub.com/www.google-analytics.com/analytics.js Requested by Host: www.whatsappviralgrooups.jkub.com URL: https://www.whatsappviralgrooups.jkub.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 173.212.225.120 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS vmi291504.contaboserver.net Software / Resource Hash Request headers Sec-Fetch-Mode no-cors User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers status 404 pragma no-cache date Sun, 15 Sep 2019 14:19:24 GMT cache-control private, no-cache, no-store, must-revalidate, max-age=0 alt-svc quic=":443"; ma=2592000; v="39,43,46", h3-22=":443"; ma=2592000 content-length 618 content-type text/html
GET		css fonts.googleapis.com/	0 0

GET		css fonts.googleapis.com/	0 0

GET		css fonts.googleapis.com/	0 0

GET H2	200	bg.png www.whatsappviralgrooups.jkub.com/img/	125 KB 125 KB	95ms 94ms	Image image/png	173.212.225.120 CONTABO
General Check archive.org Show headers Download Go to Show image Full URL https://www.whatsappviralgrooups.jkub.com/img/bg.png Requested by Host: www.whatsappviralgrooups.jkub.com URL: https://www.whatsappviralgrooups.jkub.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 173.212.225.120 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS vmi291504.contaboserver.net Software / Resource Hash `2338a2a528f58b1b58e843fa7b00f69d7b13d1aa2b56dcaabd00ebf44c4320d3` Request headers Sec-Fetch-Mode no-cors User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers date Sun, 15 Sep 2019 14:19:24 GMT last-modified Fri, 02 Feb 2018 05:23:32 GMT content-type image/png status 200 cache-control public, max-age=604800 accept-ranges bytes alt-svc quic=":443"; ma=2592000; v="39,43,46", h3-22=":443"; ma=2592000 content-length 127796 expires Sun, 22 Sep 2019 14:19:24 GMT
GET H2	404	external9cc6.html www.whatsappviralgrooups.jkub.com/	0 0	99ms 98ms	Font text/html	173.212.225.120 CONTABO
General Check archive.org Show headers Download Go to Full URL https://www.whatsappviralgrooups.jkub.com/external9cc6.html?link=http://s3-us-west-1.amazonaws.com/bucket.cpabuild.com/assets/landing_pages/fa/fonts/fontawesome-webfont.woff2?v=4.6.3 Requested by Host: www.whatsappviralgrooups.jkub.com URL: https://www.whatsappviralgrooups.jkub.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 173.212.225.120 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS vmi291504.contaboserver.net Software / Resource Hash Request headers Sec-Fetch-Mode cors Referer https://www.whatsappviralgrooups.jkub.com/assets/landing_pages/fa/css/font-awesome.min.css Origin https://www.whatsappviralgrooups.jkub.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers status 404 pragma no-cache date Sun, 15 Sep 2019 14:19:24 GMT cache-control private, no-cache, no-store, must-revalidate, max-age=0 alt-svc quic=":443"; ma=2592000; v="39,43,46", h3-22=":443"; ma=2592000 content-length 618 content-type text/html
GET H2	404	html.397125.a5bf3.0.js www.whatsappviralgrooups.jkub.com/public/external/v2/	0 0	58ms 57ms	Script text/html	173.212.225.120 CONTABO
General Check archive.org Show headers Download Go to Full URL https://www.whatsappviralgrooups.jkub.com/public/external/v2/html.397125.a5bf3.0.js Requested by Host: www.whatsappviralgrooups.jkub.com URL: https://www.whatsappviralgrooups.jkub.com/locker.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 173.212.225.120 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS vmi291504.contaboserver.net Software / Resource Hash Request headers Sec-Fetch-Mode no-cors User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers status 404 pragma no-cache date Sun, 15 Sep 2019 14:19:24 GMT cache-control private, no-cache, no-store, must-revalidate, max-age=0 alt-svc quic=":443"; ma=2592000; v="39,43,46", h3-22=":443"; ma=2592000 content-length 618 content-type text/html
GET H2	404	css_front.css www.whatsappviralgrooups.jkub.com/public/external/	0 0	58ms 57ms	Stylesheet text/html	173.212.225.120 CONTABO
General Check archive.org Show headers Download Go to Full URL https://www.whatsappviralgrooups.jkub.com/public/external/css_front.css Requested by Host: www.whatsappviralgrooups.jkub.com URL: https://www.whatsappviralgrooups.jkub.com/locker.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 173.212.225.120 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS vmi291504.contaboserver.net Software / Resource Hash Request headers Sec-Fetch-Mode no-cors User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers status 404 pragma no-cache date Sun, 15 Sep 2019 14:19:24 GMT cache-control private, no-cache, no-store, must-revalidate, max-age=0 alt-svc quic=":443"; ma=2592000; v="39,43,46", h3-22=":443"; ma=2592000 content-length 618 content-type text/html
GET H/1.1	503 Service Temporarily Unavailable	request p03.notifa.info/3fsmd3/	0 0	3276ms 372ms	Script text/html	180.250.66.131 TELKOMNET-AS2-AP ...
General Check archive.org Show headers Download Go to Full URL https://p03.notifa.info/3fsmd3/request?id=1&enc=9UwkxLgY9&params=4TtHaUQnUEiP6K%2fc5C582JKzDzTsXZH2b2aaey6j7VTCeQRXyt9Rzw5QQQWe04sMukBZeGyLO1JDB8LtyqDA8urrAtKppCeH5KVmRfxwicqIbmKxL9zdd%2bDzatwaEqZnHSw64AcMI%2fPjY1Mik0IVykbGi1rTTFgvZ6REFK5cdEbKR3jsVoLV3QKNpAWWorQHyjQQWUzJmcvTbxeyTPE%2fxjHwRZJwMucbeUvXwsMXi7MMh0FQn5e5WmJ7gx9Tirqeet%2fpIjRDh8cucmsA860Fx5xTjGYewtcG5zF7FczRu1UzB4ah13gSQ0QnDpRxNqH8BVp5w00fzbiknq1DQMb3caqD%2fuSl0K16NkholpirLRr43BsGASgEL3j%2flMrmRCp6gAHwCmDco9B1jrYJXyNqdbMEj5KdyIpYxbwusO%2btgvZ1rL4MQEgI5ZNaqaduoX6fOPD%2fPkHSoh1yLvf8cvurY2jDgIORyovMVb1Ea0sII05%2f35S5C5hxfg%3d%3d&idc_r=20899518444&domain=www.whatsappviralgrooups.jkub.com&sw=1600&sh=1200 Requested by Host: www.whatsappviralgrooups.jkub.com URL: https://www.whatsappviralgrooups.jkub.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 180.250.66.131 Jakarta, Indonesia, ASN17974 (TELKOMNET-AS2-AP PT Telekomunikasi Indonesia, ID), Reverse DNS 131.subnet180-250-66.speedy.telkom.net.id Software / Resource Hash Request headers Sec-Fetch-Mode no-cors User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers
GET H2	404	external0b63.html www.whatsappviralgrooups.jkub.com/	0 0	48ms 48ms	Font text/html	173.212.225.120 CONTABO
General Check archive.org Show headers Download Go to Full URL https://www.whatsappviralgrooups.jkub.com/external0b63.html?link=http://s3-us-west-1.amazonaws.com/bucket.cpabuild.com/assets/landing_pages/fa/fonts/fontawesome-webfont.woff?v=4.6.3 Requested by Host: www.whatsappviralgrooups.jkub.com URL: https://www.whatsappviralgrooups.jkub.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 173.212.225.120 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS vmi291504.contaboserver.net Software / Resource Hash Request headers Sec-Fetch-Mode cors Referer https://www.whatsappviralgrooups.jkub.com/assets/landing_pages/fa/css/font-awesome.min.css Origin https://www.whatsappviralgrooups.jkub.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers status 404 pragma no-cache date Sun, 15 Sep 2019 14:19:24 GMT cache-control private, no-cache, no-store, must-revalidate, max-age=0 alt-svc quic=":443"; ma=2592000; v="39,43,46", h3-22=":443"; ma=2592000 content-length 618 content-type text/html
GET H2	404	external84a8.html www.whatsappviralgrooups.jkub.com/	0 0	48ms 48ms	Font text/html	173.212.225.120 CONTABO
General Check archive.org Show headers Download Go to Full URL https://www.whatsappviralgrooups.jkub.com/external84a8.html?link=http://s3-us-west-1.amazonaws.com/bucket.cpabuild.com/assets/landing_pages/fa/fonts/fontawesome-webfont.ttf?v=4.6.3 Requested by Host: www.whatsappviralgrooups.jkub.com URL: https://www.whatsappviralgrooups.jkub.com/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 173.212.225.120 Nuremberg, Germany, ASN51167 (CONTABO, DE), Reverse DNS vmi291504.contaboserver.net Software / Resource Hash Request headers Sec-Fetch-Mode cors Referer https://www.whatsappviralgrooups.jkub.com/assets/landing_pages/fa/css/font-awesome.min.css Origin https://www.whatsappviralgrooups.jkub.com User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers status 404 pragma no-cache date Sun, 15 Sep 2019 14:19:24 GMT cache-control private, no-cache, no-store, must-revalidate, max-age=0 alt-svc quic=":443"; ma=2592000; v="39,43,46", h3-22=":443"; ma=2592000 content-length 618 content-type text/html

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Open+Sans:300

Domain: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Open+Sans:400

Domain: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Open+Sans:700

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WhatsApp (Instant Messenger)

50 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| GoogleAnalyticsObject function| ga object| CPABUILDSETTINGS object| CPABUILDContentLocker function| CPBContentLocker function| CPABuildLock function| CPABuildGetFeedURL function| CPABuildGetIframeURL function| CPABuildGetIframeHTML function| CPABuildUnlock function| CPABuildOfferComplete function| CPABuildOffersComplete function| CPABuildCheckForLead function| og_load function| CPABuildComplete function| call_locker object| ChatUserNames object| ChatContent object| userChatListJson number| userChatListOverride object| userMsgListJson number| userMsgListOverride number| enable_chat number| enable_notifications undefined| skip_generate undefined| min_noti_delay undefined| max_noti_delay undefined| min_noti_points undefined| max_noti_points function| stickyNote function| addChatEntry undefined| min_chat_delay undefined| max_chat_delay function| startChat function| randomUsername function| randomMessage function| random function| commaFormat undefined| d undefined| date undefined| loadingMessages undefined| loadingDom undefined| loadingStatusContainer undefined| errorField function| getChangeValues function| nextMessage function| addStatus function| netbro_cache_analytics function| sync function| requestCfs

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
p03.notifa.info
pluspng.com
www.whatsappviralgrooups.jkub.com
fonts.googleapis.com
173.212.225.120
180.250.66.131
2606:4700:30::681c:86e
2338a2a528f58b1b58e843fa7b00f69d7b13d1aa2b56dcaabd00ebf44c4320d3
2727db8841f5a577e0d4bed1ab8f6b6bffa353dbffc087123c80ed1017a0b9bc
47cbd399f2a844e3a0e1bf92cf13a95144b9675adf0373832a66d90f0365846d
4d9e5c69afebfe736f5c72f115e98dd41705e81e5e2562b38a3cec33929c8aaf
6584fc52888c760ebd67f2b4a7c4bd5a7591b6d87fcbd912a855a61401248331
88683b0a41b07f465377c8846933bdfb1e57fc9a54accef3e5fd0125bd052cc7
a316fe7b1efa45b37b1c03c170e5772d1d5f2ffd084af6ca474a984c3b0bcc3c
b827f5917d353d0862dbd30720e73926f4488b88f19fede11ca9d206b49f4831
d57d6eaa4c9b8c1d7a12832ab2e41987028e4fbc186dadf93c85a2112f66505c
e1b9e2dc4f216da02dd78bccadaa42de1327f637d82c394ca5c913b261662402
f7168bd1a76913fe9add32d08bf4be607631fe5b1e4c00a95a19d250bcfd64f7