URL:
https://www.whatsappgroup.mynumber.org/
Submission: On December 01 via automatic, source certstream-suspicious
Submission: On December 01 via automatic, source certstream-suspicious
Summary
This website contacted 2 IPs
in 2 countries
across 2 domains to perform 6 HTTP transactions.
The main IP is 5.189.159.42, located in
Nuremberg, Germany and
belongs to CONTABO, DE.
The main domain is www.whatsappgroup.mynumber.org.
TLS certificate: Issued by Let's Encrypt Authority X3 on December 1st 2019. Valid for: 3 months.
This is the only time www.whatsappgroup.mynumber.org was scanned on urlscan.io!
TLS certificate: Issued by Let's Encrypt Authority X3 on December 1st 2019. Valid for: 3 months.
This is the only time www.whatsappgroup.mynumber.org was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: WhatsApp (Instant Messenger)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 5 | 5.189.159.42 5.189.159.42 | 51167 (CONTABO) (CONTABO) | |
| 1 | 2a03:2880:f21... 2a03:2880:f21c:81c5:face:b00c:0:167 | 32934 (FACEBOOK) (FACEBOOK - Facebook) | |
| 6 | 2 |
5
5.189.159.42
(Nuremberg, Germany)
ASN51167 (CONTABO, DE)
PTR: login.planetserver.ru
ASN51167 (CONTABO, DE)
PTR: login.planetserver.ru
| www.whatsappgroup.mynumber.org |
1
2a03:2880:f21c:81c5:face:b00c:0:167
(Ireland)
ASN32934 (FACEBOOK - Facebook, Inc., US)
ASN32934 (FACEBOOK - Facebook, Inc., US)
| www-cdn.whatsapp.net |
| Domain Subdomains |
Transfer | |
|---|---|---|
| 5 |
mynumber.org
|
1 MB |
| 1 |
whatsapp.net
|
5 KB |
| 6 | 2 |
| Domain | Requested by | |
|---|---|---|
| 5 | www.whatsappgroup.mynumber.org |
www.whatsappgroup.mynumber.org
|
| 1 | www-cdn.whatsapp.net |
www.whatsappgroup.mynumber.org
|
| 6 | 2 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| www.whatsapp.com |
| translate.whatsapp.com |
| web.whatsapp.com |
| www.whatsappbrand.com |
| blog.whatsapp.com |
| Subject / Issuer | Validity | Valid |
|---|---|---|
| whatsappgroup.mynumber.org Let's Encrypt Authority X3 |
2019-12-01 - 2020-02-29 |
3 months |
| *.whatsapp.net DigiCert SHA2 High Assurance Server CA |
2019-11-17 - 2020-02-15 |
3 months |
Screenshot
Detected technologies
Apache
(Web Servers)
Web
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
jQuery
(JavaScript Libraries)
Web
Overall confidence: 100%
Detected patterns
Detected patterns
- script /jquery[.-]([\d.]*\d)[^\/]*\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Stats
0
Requests
0
%
HTTPS
0
%
IPv6
0
Domains
0
Subdomains
0
IPs
0
Countries
0
kB
Transfer
0
kB
Size
0
Cookies
19 Outgoing links
These are links going to different origins than the main page. For each link, only the first name is shown.
- https://www.whatsapp.com/
- https://translate.whatsapp.com/
Title: Help translate WhatsApp into your language - https://www.whatsapp.com/download
Title: Download - https://www.whatsapp.com/features/
Title: Features - https://www.whatsapp.com/security/
Title: Security - https://www.whatsapp.com/download/
Title: Download - https://web.whatsapp.com/
Title: WhatsApp Web - https://www.whatsapp.com/about/
Title: About - https://www.whatsapp.com/join/
Title: Careers - https://www.whatsappbrand.com/
Title: Brand Center - https://www.whatsapp.com/contact/
Title: Get in touch - https://blog.whatsapp.com/
Title: Blog - https://www.whatsapp.com/android/
Title: Android - https://www.whatsapp.com/appstore/
Title: iPhone - https://www.whatsapp.com/wp/
Title: Windows Phone - https://www.whatsapp.com/ota/
Title: BlackBerry - https://www.whatsapp.com/nokia/
Title: Nokia - https://www.whatsapp.com/faq/
Title: FAQ - https://www.whatsapp.com/legal/
Title: Privacy & Terms
6 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
/
|
20 KB 20 KB |
Document text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
style.build35e635e6.css?v=32fe13a
/css/v4 |
241 KB 241 KB |
Stylesheet text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery-1.12.2.min.js
/js/v4 |
95 KB 95 KB |
Script application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
whatsapp-logo.svg?v=46fe27fc8
www-cdn.whatsapp.net/img/v4 |
5 KB 5 KB |
Image image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
icon-chat.png
/img/v4 |
20 KB 20 KB |
Image text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
1a.gif
/img |
721 KB 721 KB |
Image image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Redirect requests
There were HTTP redirects (301, 302) for the following requests:
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: WhatsApp (Instant Messenger)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
www-cdn.whatsapp.net
www.whatsappgroup.mynumber.org
2a03:2880:f21c:81c5:face:b00c:0:167
5.189.159.42
1afce3d874a6b7638773240ea6d4172e6b296d804a1c11d0b744a509a1fc5a77
45dc92046e30064bee0a777e9ab0d916a4164db023a38128c88dba58c770831f
4c38e1097b864a873243dee54c73acca2dbcfd48112e5afde26973b627b40835
95914789b5f3307a3718679e867d61b9d4c03f749cd2e2970570331d7d6c8ed9
c02c024bbb2b3a23b611e79fb20f0512c2931cc4e1958024b6b52ae7bcfaad51
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855