wvw-whalsapp-us.com
Open in
urlscan Pro
2606:4700:3036::ac43:c965
Malicious Activity!
Public Scan
Effective URL: https://wvw-whalsapp-us.com/download/
Submission: On February 02 via api from SG — Scanned from DE
Summary
TLS certificate: Issued by GTS CA 1P5 on January 24th 2023. Valid for: 3 months.
This is the only time wvw-whalsapp-us.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Cloudflare (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 2 | 188.127.239.132 188.127.239.132 | 56694 (SMARTAPE) (SMARTAPE) | |
1 5 | 2606:4700:303... 2606:4700:3036::ac43:c965 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2001:4de0:ac1... 2001:4de0:ac18::1:a:3a | 20446 (STACKPATH...) (STACKPATH-CDN) | |
2 | 2606:4700:303... 2606:4700:3037::ac43:b969 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700::68... 2606:4700::6810:5614 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
8 | 5 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
wvw-whalsapp-us.com
1 redirects
wvw-whalsapp-us.com |
157 KB |
2 |
smoothiediet.com
go.smoothiediet.com |
32 KB |
2 |
whatsabb.space
2 redirects
whatsabb.space |
297 B |
1 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 359 |
2 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 673 |
31 KB |
8 | 5 |
Domain | Requested by | |
---|---|---|
5 | wvw-whalsapp-us.com |
1 redirects
wvw-whalsapp-us.com
|
2 | go.smoothiediet.com |
wvw-whalsapp-us.com
|
2 | whatsabb.space | 2 redirects |
1 | cdn.jsdelivr.net |
wvw-whalsapp-us.com
|
1 | code.jquery.com |
wvw-whalsapp-us.com
|
8 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.whatsapp.com |
web.whatsapp.com |
faq.whatsapp.com |
apps.apple.com |
whatsapp.com |
www.facebook.com |
blog.whatsapp.com |
twitter.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.wvw-whalsapp-us.com GTS CA 1P5 |
2023-01-24 - 2023-04-24 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2022-08-03 - 2023-07-14 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-05-01 - 2023-05-01 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://wvw-whalsapp-us.com/download/
Frame ID: A79C6104207F6D1A6AE0ECD9C20B273B
Requests: 13 HTTP requests in this frame
Screenshot
Page Title
WhatsAppPage URL History Show full URLs
-
http://whatsabb.space/
HTTP 301
https://whatsabb.space/ HTTP 301
https://wvw-whalsapp-us.com/download/ Page URL
-
https://wvw-whalsapp-us.com/cdn-cgi/phish-bypass?atok=i.ZnBp1TwAR0kinQoiwuXI_4KGZM70FihUa48lOiVKM-167537...
HTTP 301
https://wvw-whalsapp-us.com/download/ Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jsDelivr (CDN) Expand
Detected patterns
- //cdn\.jsdelivr\.net/
Page Statistics
87 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: WHATSAPP WEB
Search URL Search Domain Scan URL
Title: FEATURES
Search URL Search Domain Scan URL
Title: DOWNLOAD
Search URL Search Domain Scan URL
Title: PRIVACY
Search URL Search Domain Scan URL
Title: HELP CENTER
Search URL Search Domain Scan URL
Title: azərbaycan
Search URL Search Domain Scan URL
Title: Afrikaans
Search URL Search Domain Scan URL
Title: Bahasa Indonesia
Search URL Search Domain Scan URL
Title: Melayu
Search URL Search Domain Scan URL
Title: català
Search URL Search Domain Scan URL
Title: čeština
Search URL Search Domain Scan URL
Title: dansk
Search URL Search Domain Scan URL
Title: Deutsch
Search URL Search Domain Scan URL
Title: eesti
Search URL Search Domain Scan URL
Title: English
Search URL Search Domain Scan URL
Title: español
Search URL Search Domain Scan URL
Title: français
Search URL Search Domain Scan URL
Title: Gaeilge
Search URL Search Domain Scan URL
Title: hrvatski
Search URL Search Domain Scan URL
Title: italiano
Search URL Search Domain Scan URL
Title: Kiswahili
Search URL Search Domain Scan URL
Title: latviešu
Search URL Search Domain Scan URL
Title: lietuvių
Search URL Search Domain Scan URL
Title: magyar
Search URL Search Domain Scan URL
Title: Nederlands
Search URL Search Domain Scan URL
Title: norsk bokmål
Search URL Search Domain Scan URL
Title: o‘zbek
Search URL Search Domain Scan URL
Title: Filipino
Search URL Search Domain Scan URL
Title: polski
Search URL Search Domain Scan URL
Title: Português (Brasil)
Search URL Search Domain Scan URL
Title: Português (Portugal)
Search URL Search Domain Scan URL
Title: română
Search URL Search Domain Scan URL
Title: shqip
Search URL Search Domain Scan URL
Title: slovenčina
Search URL Search Domain Scan URL
Title: slovenščina
Search URL Search Domain Scan URL
Title: suomi
Search URL Search Domain Scan URL
Title: svenska
Search URL Search Domain Scan URL
Title: Tiếng Việt
Search URL Search Domain Scan URL
Title: Türkçe
Search URL Search Domain Scan URL
Title: Ελληνικά
Search URL Search Domain Scan URL
Title: български
Search URL Search Domain Scan URL
Title: қазақ тілі
Search URL Search Domain Scan URL
Title: македонски
Search URL Search Domain Scan URL
Title: русский
Search URL Search Domain Scan URL
Title: српски
Search URL Search Domain Scan URL
Title: українська
Search URL Search Domain Scan URL
Title: עברית
Search URL Search Domain Scan URL
Title: العربية
Search URL Search Domain Scan URL
Title: فارسی
Search URL Search Domain Scan URL
Title: اردو
Search URL Search Domain Scan URL
Title: বাংলা
Search URL Search Domain Scan URL
Title: हिन्दी
Search URL Search Domain Scan URL
Title: ગુજરાતી
Search URL Search Domain Scan URL
Title: ಕನ್ನಡ
Search URL Search Domain Scan URL
Title: मराठी
Search URL Search Domain Scan URL
Title: ਪੰਜਾਬੀ
Search URL Search Domain Scan URL
Title: தமிழ்
Search URL Search Domain Scan URL
Title: తెలుగు
Search URL Search Domain Scan URL
Title: മലയാളം
Search URL Search Domain Scan URL
Title: ไทย
Search URL Search Domain Scan URL
Title: 简体中文
Search URL Search Domain Scan URL
Title: 繁體中文(台灣)
Search URL Search Domain Scan URL
Title: 繁體中文(香港)
Search URL Search Domain Scan URL
Title: 日本語
Search URL Search Domain Scan URL
Title: 한국어
Search URL Search Domain Scan URL
Title: Download
Search URL Search Domain Scan URL
Title: Features
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Title: Get in touch
Search URL Search Domain Scan URL
Title: Android
Search URL Search Domain Scan URL
Title: iPhone
Search URL Search Domain Scan URL
Title: whatsapp.com/dl
Search URL Search Domain Scan URL
Title: Terms & Privacy Policy
Search URL Search Domain Scan URL
Title: Download for Windows
Search URL Search Domain Scan URL
Title: Learn more about desktop experiences on WhatsApp
Search URL Search Domain Scan URL
Title: Business
Search URL Search Domain Scan URL
Title: About
Search URL Search Domain Scan URL
Title: Careers
Search URL Search Domain Scan URL
Title: Brand Center
Search URL Search Domain Scan URL
Title: Get in touch
Search URL Search Domain Scan URL
Title: Blog
Search URL Search Domain Scan URL
Title: WhatsApp Stories
Search URL Search Domain Scan URL
Title: Android
Search URL Search Domain Scan URL
Title: Twitter
Search URL Search Domain Scan URL
Title: Facebook
Search URL Search Domain Scan URL
Title: Coronavirus
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://whatsabb.space/
HTTP 301
https://whatsabb.space/ HTTP 301
https://wvw-whalsapp-us.com/download/ Page URL
-
https://wvw-whalsapp-us.com/cdn-cgi/phish-bypass?atok=i.ZnBp1TwAR0kinQoiwuXI_4KGZM70FihUa48lOiVKM-1675370507-0-%2Fdownload%2F
HTTP 301
https://wvw-whalsapp-us.com/download/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://whatsabb.space/ HTTP 301
- https://whatsabb.space/ HTTP 301
- https://wvw-whalsapp-us.com/download/
8 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
wvw-whalsapp-us.com/download/ Redirect Chain
|
5 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cf.errors.css
wvw-whalsapp-us.com/cdn-cgi/styles/ |
24 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
icon-exclamation.png
wvw-whalsapp-us.com/cdn-cgi/images/ |
452 B 671 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Primary Request
/
wvw-whalsapp-us.com/download/ Redirect Chain
|
366 KB 150 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
9 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
22 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
22 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
65 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.6.1.min.js
code.jquery.com/ |
88 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-2.1.0.min.js
go.smoothiediet.com/assets/js/ |
82 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ouibounce.js
go.smoothiediet.com/assets/js/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
FileSaver.min.js
cdn.jsdelivr.net/npm/file-saver@2.0.5/dist/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Cloudflare (Online)26 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontentvisibilityautostatechange function| envFlush object| Env number| __DEV__ function| $ function| jQuery function| ouibounce function| saveAs object| FileSaver object| params function| downloadAfterJSON number| settings object| hid string| url_type string| base64_type string| base64_string string| url_file undefined| base64_full function| storeAtLocal function| toDataUri function| toBlob function| getAdditionalInfo function| extensionMatcher function| assemble function| save function| sendReq4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.wvw-whalsapp-us.com/ | Name: __cf_mw_byp Value: i.ZnBp1TwAR0kinQoiwuXI_4KGZM70FihUa48lOiVKM-1675370507-0-/download/ |
|
wvw-whalsapp-us.com/ | Name: PHPSESSID Value: tqic56aj5mor44ehg3om4f7v9l |
|
.wvw-whalsapp-us.com/ | Name: _subid Value: 1p0uvjhc57h |
|
.wvw-whalsapp-us.com/ | Name: 34ab8 Value: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjIzMlwiOjE2NzUzNzA1MTJ9LFwiY2FtcGFpZ25zXCI6e1wiNDhcIjoxNjc1MzcwNTEyfSxcInRpbWVcIjoxNjc1MzcwNTEyfSJ9.CeruepdsTmpF4I-Y8LGbO9msRh1JTQkigh1jxZawMLE |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.jsdelivr.net
code.jquery.com
go.smoothiediet.com
whatsabb.space
wvw-whalsapp-us.com
188.127.239.132
2001:4de0:ac18::1:a:3a
2606:4700:3036::ac43:c965
2606:4700:3037::ac43:b969
2606:4700::6810:5614
1103290e25ebda2712abe344a87facbac00ddaba712729be9fe5feef807bf91b
41505de876b91a25066c01e5fb52c6968e3a8260ed2ff1fee092659c2a6c3e02
533ef6670e3d9c0e44718d0afa43f2edda11b58586e9da4e8f621145cf84d4d2
68f54da553e2a6df12af5c1e087b4232c30a5655fd43528a1d1e820f6898b3e3
708f4f787db19dcb4cca817e1c38fba2baf0216b092c90d59648464791d57abb
736ec0b63c70e29a0dad38ffb5a2f40c1b66062ac2e31ee4c21e43f2890b00e2
82c0e95421976376332a5c09dda6ad817660a852770f73f70992b47b6c49faaf
a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74
ac640e08e8f994b77548c9345e87480683139048ab947c99cecfb8dd965fab2a
c68874cbaa2fd1650b7d770b328680ea765fb3376023cc3608427fde4f0d0481
cd899e99d525898009bc4673d29cf38ebdc2ddc6d14bd7263f2c53e322ef2ef4
d13fdf1ab798da33ba39837041c1bba34ba0e4b54cf927f3182056c6e588b11e
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016