wzz.whatsllotq.icu
Open in
urlscan Pro
2606:4700:3032::6815:22f7
Malicious Activity!
Public Scan
Effective URL: https://wzz.whatsllotq.icu/
Submission: On July 04 via api from HK — Scanned from DE
Summary
TLS certificate: Issued by WE1 on July 2nd 2024. Valid for: 3 months.
This is the only time wzz.whatsllotq.icu was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: WhatsApp (Instant Messenger) Generic Cloudflare (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 15 | 2606:4700:303... 2606:4700:3032::6815:22f7 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
14 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
whatsllotq.icu
1 redirects
wzz.whatsllotq.icu |
216 KB |
14 | 1 |
Domain | Requested by | |
---|---|---|
15 | wzz.whatsllotq.icu |
1 redirects
wzz.whatsllotq.icu
|
14 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
whatsllotq.icu WE1 |
2024-07-02 - 2024-09-30 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://wzz.whatsllotq.icu/
Frame ID: A975A286C9509F89B62370DE4B578417
Requests: 16 HTTP requests in this frame
Screenshot
Page Title
QR code LoginPage URL History Show full URLs
-
http://wzz.whatsllotq.icu/
HTTP 307
https://wzz.whatsllotq.icu/ Page URL
-
https://wzz.whatsllotq.icu/cdn-cgi/phish-bypass?atok=xDVFz_279ifSG.2CBbLUjkPLRIVPzgkWrW1NZjejdgM-172008...
HTTP 301
https://wzz.whatsllotq.icu/ Page URL
Detected technologies
Vue.js (JavaScript Frameworks) ExpandDetected patterns
- <[^>]+\sdata-v(?:ue)?-
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://wzz.whatsllotq.icu/
HTTP 307
https://wzz.whatsllotq.icu/ Page URL
-
https://wzz.whatsllotq.icu/cdn-cgi/phish-bypass?atok=xDVFz_279ifSG.2CBbLUjkPLRIVPzgkWrW1NZjejdgM-1720085195-0.0.1.1-%2F
HTTP 301
https://wzz.whatsllotq.icu/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://wzz.whatsllotq.icu/ HTTP 307
- https://wzz.whatsllotq.icu/
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
wzz.whatsllotq.icu/ Redirect Chain
|
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cf.errors.css
wzz.whatsllotq.icu/cdn-cgi/styles/ |
23 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon-exclamation.png
wzz.whatsllotq.icu/cdn-cgi/images/ |
452 B 540 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
wzz.whatsllotq.icu/ |
787 B 1 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
wzz.whatsllotq.icu/ Redirect Chain
|
1 KB 723 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
b81f3f69.css
wzz.whatsllotq.icu/static/css/ |
1 KB 909 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ed74c755.css
wzz.whatsllotq.icu/static/css/ |
10 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
d35de392.js
wzz.whatsllotq.icu/static/js/ |
24 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
f31354d5.js
wzz.whatsllotq.icu/static/js/ |
517 KB 165 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
8cb0399b.css
wzz.whatsllotq.icu/static/css/ |
0 670 B |
Other
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
c65a02c0.js
wzz.whatsllotq.icu/static/js/ |
0 24 KB |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
efb0b0c2.js
wzz.whatsllotq.icu/static/js/ |
0 4 KB |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
c65a02c0.js
wzz.whatsllotq.icu/static/js/ |
82 KB 0 |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
wzz.whatsllotq.icu/ |
787 B 0 |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
85 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
9 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: WhatsApp (Instant Messenger) Generic Cloudflare (Online)22 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
undefined| event object| fence object| sharedStorage function| a3_0x368856 function| a3_0x100a63 function| a3_0x5017d7 function| a3_0x399d function| a3_0x5c139e function| a3_0x3d7b function| a3_0x5c4ff3 object| webpackJsonp function| a0_0x1133 function| a0_0x5396 function| _0x11cd3a object| $cookies function| a1_0x5a05 function| a1_0x3f03 function| a1_0x1c805f function| a1_0x231591 function| a1_0x1eca59 function| a1_0x4fc022 function| a1_0x3cb7ec1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.wzz.whatsllotq.icu/ | Name: __cf_mw_byp Value: xDVFz_279ifSG.2CBbLUjkPLRIVPzgkWrW1NZjejdgM-1720085195-0.0.1.1-/ |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
wzz.whatsllotq.icu
2606:4700:3032::6815:22f7
099a36d4c6594642d2d794431e94712b85599b6960e122b7c1e76b2362a4aff6
3cc20c9c6af34ae062c52af6365ee9a4b5d35014759bd700736a796430571345
49ef8f9f3383ce25457cfa17d4f11e1c76e6bc21856c85f6f6a1888f142be5d7
4a711f5cd03c09fd79ae2f19bb2f71168e71c18b7562626a1ae8d99ebc3212ff
652037e3c9a9f1cba87dbabe3263c5945361cf4909c875f2e8b9e3caeaf3d218
6ad47184b37f307576748d5c619b3c760fc87ecb0f7916b5b427e1a30a0fd25c
759dc14a647618bcae5099437c89998c28a2828fd56784bf1ce88edea1c037fa
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
8c366f0448ef28db6b2daac87ff13dfa80867c321a10bb65cc4ca7965c087f41
d0cadf240e89340b93df35240e7809039c1c574be05fbe2cf3243e2f487bc9ec
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eae74f3767a11fc1b6accf9aa631fd71018ddc92f82e2b7bea85778f0db479db
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016