whats-app.supportsassistance.com Open in urlscan Pro
95.217.28.78 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://whats-app.supportsassistance.com/
Submission: On November 27 via automatic, source certstream-suspicious (November 27th 2020, 4:44:04 pm UTC)

Summary HTTP 3 Redirects Links 80 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 3 HTTP transactions. The main IP is 95.217.28.78, located in Finland and belongs to HETZNER-AS, DE. The main domain is whats-app.supportsassistance.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on November 27th 2020. Valid for: 3 months.

This is the only time whats-app.supportsassistance.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: WhatsApp (Instant Messenger)

Domain & IP information

	IP Address	AS Autonomous System
2	95.217.28.78 95.217.28.78	24940 (HETZNER-AS) (HETZNER-AS)
1	2001:4de0:ac1... 2001:4de0:ac19::1:b:2b	20446 (HIGHWINDS3) (HIGHWINDS3)
3	2

2 95.217.28.78 (Finland)

ASN24940 (HETZNER-AS, DE)
PTR: static.78.28.217.95.clients.your-server.de

whats-app.supportsassistance.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac19::1:b:2b (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	supportsassistance.com whats-app.supportsassistance.com	961 KB
1	jquery.com code.jquery.com	30 KB
3	2

	Domain	Requested by
2	whats-app.supportsassistance.com	whats-app.supportsassistance.com
1	code.jquery.com	whats-app.supportsassistance.com
3	2

This site contains links to these domains. Also see Links.

Domain
www.whatsapp.com
scontent.whatsapp.net
web.whatsapp.com
www.whatsappbrand.com
blog.whatsapp.com
faq.whatsapp.com
twitter.com
www.facebook.com

Subject Issuer	Validity	Valid
whats-app.supportsassistance.com Let's Encrypt Authority X3	`2020-11-27` - `2021-02-25`	3 months	crt.sh
jquery.org Sectigo RSA Domain Validation Secure Server CA	`2020-10-06` - `2021-10-16`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://whats-app.supportsassistance.com/
Frame ID: F8F3CF69E8B6A9E0121963031898077C
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

3
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

991 kB
Transfer

1046 kB
Size

0
Cookies

80 Outgoing links

These are links going to different origins than the main page.

URL: https://www.whatsapp.com/

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=az
Title: azərbaycan

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=af
Title: Afrikaans

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=id
Title: Bahasa Indonesia

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=ms
Title: Melayu

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=ca
Title: català

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=cs
Title: čeština

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=da
Title: dansk

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=de
Title: Deutsch

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=et
Title: eesti

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=en
Title: English

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=es
Title: español

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=fr
Title: français

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=ga
Title: Gaeilge

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=hr
Title: hrvatski

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=it
Title: italiano

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=sw
Title: Kiswahili

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=lv
Title: latviešu

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=lt
Title: lietuvių

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=hu
Title: magyar

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=nl
Title: Nederlands

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=nb
Title: norsk bokmål

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=uz
Title: o‘zbek

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=fil
Title: Filipino

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=pl
Title: polski

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=pt_br
Title: Português (Brasil)

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=pt_pt
Title: Português (Portugal)

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=ro
Title: română

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=sq
Title: shqip

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=sk
Title: slovenčina

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=sl
Title: slovenščina

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=fi
Title: suomi

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=sv
Title: svenska

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=vi
Title: Tiếng Việt

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=tr
Title: Türkçe

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=el
Title: Ελληνικά

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=bg
Title: български

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=kk
Title: қазақ тілі

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=mk
Title: македонски

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=ru
Title: русский

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=sr
Title: српски

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=uk
Title: українська

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=he
Title: עברית

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=ar
Title: العربية

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=fa
Title: فارسی

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=ur
Title: اردو

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=bn
Title: বাংলা

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=hi
Title: हिन्दी

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=gu
Title: ગુજરાતી

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=kn
Title: ಕನ್ನಡ

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=mr
Title: मराठी

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=pa
Title: ਪੰਜਾਬੀ

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=ta
Title: தமிழ்

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=te
Title: తెలుగు

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=ml
Title: മലയാളം

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=th
Title: ไทย

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=zh_cn
Title: 简体中文

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=zh_tw
Title: 繁體中文

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=ja
Title: 日本語

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/?lang=ko
Title: 한국어

Search URL Search Domain Scan URL

URL: https://scontent.whatsapp.net/v/t61.22868-34/62599558_455388561676730_4004424832305867160_n.patch/whatsapp.patch?_nc_sid=4a4126&_nc_ohc=eSyNdFPZfJMAX_xAMps&_nc_ht=scontent.whatsapp.net&oh=64670722daba80a2a9ecac17e0666c55&oe=5EEE9043
Title: Modifiche di WhatsApp

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/features/
Title: Funzioni

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/security/
Title: Sicurezza

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/download/
Title: Scarica

Search URL Search Domain Scan URL

URL: https://web.whatsapp.com/
Title: WhatsApp Web

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/business/
Title: Business

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/privacy
Title: Privacy

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/about/
Title: Info

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/join/
Title: Opportunità di lavoro

Search URL Search Domain Scan URL

URL: https://www.whatsappbrand.com/
Title: Il nostro marchio

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/contact/
Title: Contattaci

Search URL Search Domain Scan URL

URL: https://blog.whatsapp.com/
Title: Blog

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/stories/
Title: Storie di WhatsApp

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/android/
Title: Android

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/appstore/
Title: iPhone

Search URL Search Domain Scan URL

URL: https://faq.whatsapp.com/
Title: FAQ

Search URL Search Domain Scan URL

URL: https://twitter.com/whatsapp
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.facebook.com/WhatsApp
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/coronavirus/
Title: Coronavirus

Search URL Search Domain Scan URL

URL: https://www.whatsapp.com/legal/
Title: Privacy e Termini

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
whats-app.supportsassistance.com/ 954 KB
956 KB 144ms
44ms Document
text/html 95.217.28.78
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://whats-app.supportsassistance.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

95.217.28.78 , Finland, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.78.28.217.95.clients.your-server.de

Software

nginx/1.17.6 /

Resource Hash

d6d8be4f8098fc88c2dea29d883aa99535408aba3bfdd151fd6f6863a1c0039d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:method: GET
:authority: whats-app.supportsassistance.com
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

server: nginx/1.17.6
date: Fri, 27 Nov 2020 16:43:48 GMT
content-type: text/html
content-length: 976590
last-modified: Mon, 26 Oct 2020 15:05:46 GMT
etag: "5f96e5ca-ee6ce"
accept-ranges: bytes
strict-transport-security: max-age=31536000

GET
H2 200 jquery-3.5.1.min.js Show response
code.jquery.com/ 87 KB
30 KB 29ms
15ms Script
application/javascript 2001:4de0:ac19::1:b:2b
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.5.1.min.js
Requested by: Host: whats-app.supportsassistance.com
URL: https://whats-app.supportsassistance.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac19::1:b:2b , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Request headers

Origin: https://whats-app.supportsassistance.com
Referer: https://whats-app.supportsassistance.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 27 Nov 2020 16:43:48 GMT
content-encoding: gzip
last-modified: Mon, 04 May 2020 23:02:39 GMT
server: nginx
etag: W/"5eb09f0f-15d84"
vary: Accept-Encoding
x-hw: 1606495428.dop109.fr8.t,1606495428.cds214.fr8.hc,1606495428.cds142.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30879

GET
H2 200 -r3j-x8ZnM7.svg
whats-app.supportsassistance.com/ 5 KB
5 KB 45ms
44ms Image
image/svg+xml 95.217.28.78
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://whats-app.supportsassistance.com/-r3j-x8ZnM7.svg

Requested by

Host: whats-app.supportsassistance.com
URL: https://whats-app.supportsassistance.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

95.217.28.78 , Finland, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.78.28.217.95.clients.your-server.de

Software

nginx/1.17.6 /

Resource Hash

4c38e1097b864a873243dee54c73acca2dbcfd48112e5afde26973b627b40835

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://whats-app.supportsassistance.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 27 Nov 2020 16:43:48 GMT
last-modified: Mon, 26 Oct 2020 15:02:41 GMT
server: nginx/1.17.6
etag: "5f96e511-1323"
strict-transport-security: max-age=31536000
content-type: image/svg+xml
accept-ranges: bytes
content-length: 4899

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WhatsApp (Instant Messenger)

41 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
whats-app.supportsassistance.com
2001:4de0:ac19::1:b:2b
95.217.28.78
4c38e1097b864a873243dee54c73acca2dbcfd48112e5afde26973b627b40835
d6d8be4f8098fc88c2dea29d883aa99535408aba3bfdd151fd6f6863a1c0039d
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

whats-app.supportsassistance.com Open in urlscan Pro 95.217.28.78 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

3 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

991 kBTransfer

1046 kBSize

0 Cookies

80 Outgoing links

Redirected requests

3 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

41 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

whats-app.supportsassistance.com Open in urlscan Pro
95.217.28.78 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

3
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

991 kB
Transfer

1046 kB
Size

0
Cookies

3 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!