![](/screenshots/aaf68aa8-e78e-498a-bc67-f74590ddca17.png)
cp.whasiozp.com
Open in
urlscan Pro
172.67.148.1
Malicious Activity!
Public Scan
Effective URL: https://cp.whasiozp.com/
Submission: On August 28 via manual from HK — Scanned from IS
Summary
TLS certificate: Issued by GTS CA 1P5 on July 2nd 2023. Valid for: 3 months.
This is the only time cp.whasiozp.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: WhatsApp (Instant Messenger)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 142.250.186.34 142.250.186.34 | 15169 (GOOGLE) (GOOGLE) | |
8 | 172.67.197.1 172.67.197.1 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 163.181.56.225 163.181.56.225 | 24429 (TAOBAO Zh...) (TAOBAO Zhejiang Taobao Network Co.) | |
1 | 104.21.45.65 104.21.45.65 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 172.67.148.1 172.67.148.1 | () () | |
23 | 5 |
ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net
www.googleadservices.com |
ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN)
cdn.staticfile.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
wworwy.club
cweb.wworwy.club |
168 KB |
1 |
whasiozp.com
cp.whasiozp.com |
|
1 |
anscxnyfrtg.com
8srv.anscxnyfrtg.com |
2 KB |
1 |
staticfile.org
cdn.staticfile.org — Cisco Umbrella Rank: 63118 |
33 KB |
1 |
googleadservices.com
1 redirects
www.googleadservices.com — Cisco Umbrella Rank: 150 |
725 B |
0 |
whatoppjku.com
Failed
qingtian.whatoppjku.com Failed |
|
0 |
elemecdn.com
Failed
npm.elemecdn.com Failed |
|
0 |
whatsapp.com
Failed
web.whatsapp.com Failed |
|
23 | 8 |
Domain | Requested by | |
---|---|---|
8 | cweb.wworwy.club |
cweb.wworwy.club
|
1 | cp.whasiozp.com |
cweb.wworwy.club
cp.whasiozp.com |
1 | 8srv.anscxnyfrtg.com | |
1 | cdn.staticfile.org |
cweb.wworwy.club
|
1 | www.googleadservices.com | 1 redirects |
0 | qingtian.whatoppjku.com Failed |
cp.whasiozp.com
|
0 | npm.elemecdn.com Failed |
cp.whasiozp.com
|
0 | web.whatsapp.com Failed |
cweb.wworwy.club
|
23 | 8 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
wworwy.club GTS CA 1P5 |
2023-08-26 - 2023-11-24 |
3 months | crt.sh |
*.staticfile.org GeoTrust RSA CN CA G2 |
2022-09-05 - 2023-10-03 |
a year | crt.sh |
anscxnyfrtg.com GTS CA 1P5 |
2023-08-04 - 2023-11-02 |
3 months | crt.sh |
whasiozp.com GTS CA 1P5 |
2023-07-02 - 2023-09-30 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://cp.whasiozp.com/
Frame ID: 5C5F7F66A1659E16982C984A28606F12
Requests: 23 HTTP requests in this frame
Screenshot
![](/screenshots/aaf68aa8-e78e-498a-bc67-f74590ddca17.png)
Page URL History Show full URLs
-
https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwim_cKJ6P6AAxVX2BYFHUdNAIgYABABGgJ0bA&gclid=EAIaIQ...
HTTP 302
https://cweb.wworwy.club/?gclid=EAIaIQobChMIpv3Ciej-gAMVV9gWBR1HTQCIEAMYAyAAEgLJBvD_BwE Page URL
- https://cp.whasiozp.com/ Page URL
Detected technologies
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwim_cKJ6P6AAxVX2BYFHUdNAIgYABABGgJ0bA&gclid=EAIaIQobChMIpv3Ciej-gAMVV9gWBR1HTQCIEAMYAyAAEgLJBvD_BwE&ohost=www.google.com&cid=CAASJeRonJ08dy40Kq7iDhLaLyR4FYgCVFhj9ZS6NREcqOgEn2iL7pg&sig=AOD64_2Cyrx6hxtYcNBdVhdxUwlHWjpjAQ&q&adurl&ved=2ahUKEwi6wL2J6P6AAxWqgFYBHU7FCc8Q0Qx6BAgMEAE
HTTP 302
https://cweb.wworwy.club/?gclid=EAIaIQobChMIpv3Ciej-gAMVV9gWBR1HTQCIEAMYAyAAEgLJBvD_BwE Page URL
- https://cp.whasiozp.com/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwim_cKJ6P6AAxVX2BYFHUdNAIgYABABGgJ0bA&gclid=EAIaIQobChMIpv3Ciej-gAMVV9gWBR1HTQCIEAMYAyAAEgLJBvD_BwE&ohost=www.google.com&cid=CAASJeRonJ08dy40Kq7iDhLaLyR4FYgCVFhj9ZS6NREcqOgEn2iL7pg&sig=AOD64_2Cyrx6hxtYcNBdVhdxUwlHWjpjAQ&q&adurl&ved=2ahUKEwi6wL2J6P6AAxWqgFYBHU7FCc8Q0Qx6BAgMEAE HTTP 302
- https://cweb.wworwy.club/?gclid=EAIaIQobChMIpv3Ciej-gAMVV9gWBR1HTQCIEAMYAyAAEgLJBvD_BwE
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
cweb.wworwy.club/ Redirect Chain
|
25 KB 10 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
cdn.staticfile.org/jquery/1.10.2/ |
91 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
qrcode.min.js
cweb.wworwy.club/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
stylex-ce269a9819ee8f292840728689a22cc5.css
cweb.wworwy.club/WhatsApp_files/ |
175 KB 43 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app-6d34864fd47903428794.css
cweb.wworwy.club/WhatsApp_files/ |
187 KB 57 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main~.b66100b3486cd1857cd3.css
cweb.wworwy.club/WhatsApp_files/ |
21 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.fdf0caa2786c3269572d.css
cweb.wworwy.club/WhatsApp_files/ |
150 KB 30 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
qr-video_0c6ec69b054fdeb31cf3e5e10290fd8e.png
cweb.wworwy.club/WhatsApp_files/ |
16 KB 16 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
binary-transparency-manifest-2.2325.3.json
web.whatsapp.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.js
cweb.wworwy.club/ |
24 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
81715288-8092-4fef-a3df-af537d046c75.png
8srv.anscxnyfrtg.com/qrcodes/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
cp.whasiozp.com/ |
11 KB 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
81715288-8092-4fef-a3df-af537d046c75.png
8srv.anscxnyfrtg.com/qrcodes/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
stylex-ab5c1c8c5b049782577ecc019febecea.css
cp.whasiozp.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
app-af367c33bcf644294e0b.css
cp.whasiozp.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
layui.css
npm.elemecdn.com/layuicdns@1.1.0/layui/css/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
layui.js
npm.elemecdn.com/layuicdns@1.1.0/layui/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
app.js
qingtian.whatoppjku.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
binary-transparency-manifest-2.2335.9.json
cp.whasiozp.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
libsignal-protocol-ee5b8ba.min.js
cp.whasiozp.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
runtime.ccd01329764b032b998b.js
cp.whasiozp.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
vendor1~app.7f14216f970118f62a35.js
cp.whasiozp.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
app.007cfdb344cabd1c5678.js
cp.whasiozp.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- web.whatsapp.com
- URL
- https://web.whatsapp.com/binary-transparency-manifest-2.2325.3.json
- Domain
- 8srv.anscxnyfrtg.com
- URL
- https://8srv.anscxnyfrtg.com/qrcodes/81715288-8092-4fef-a3df-af537d046c75.png?1693207167494
- Domain
- cp.whasiozp.com
- URL
- https://cp.whasiozp.com/stylex-ab5c1c8c5b049782577ecc019febecea.css
- Domain
- cp.whasiozp.com
- URL
- https://cp.whasiozp.com/app-af367c33bcf644294e0b.css
- Domain
- npm.elemecdn.com
- URL
- https://npm.elemecdn.com/layuicdns@1.1.0/layui/css/layui.css
- Domain
- npm.elemecdn.com
- URL
- https://npm.elemecdn.com/layuicdns@1.1.0/layui/layui.js
- Domain
- qingtian.whatoppjku.com
- URL
- https://qingtian.whatoppjku.com/app.js?ver=1.3
- Domain
- cp.whasiozp.com
- URL
- https://cp.whasiozp.com/binary-transparency-manifest-2.2335.9.json
- Domain
- cp.whasiozp.com
- URL
- https://cp.whasiozp.com/libsignal-protocol-ee5b8ba.min.js
- Domain
- cp.whasiozp.com
- URL
- https://cp.whasiozp.com/runtime.ccd01329764b032b998b.js
- Domain
- cp.whasiozp.com
- URL
- https://cp.whasiozp.com/vendor1~app.7f14216f970118f62a35.js
- Domain
- cp.whasiozp.com
- URL
- https://cp.whasiozp.com/app.007cfdb344cabd1c5678.js
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: WhatsApp (Instant Messenger)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.googleadservices.com/pagead/conversion/11312969435/ | Name: Conversion Value: EgwIABUAAAAAHQAAAAAYASC-stq5zKDjy_4BSAFqN0VBSWFJUW9iQ2hNSXB2M0NpZWotZ0FNVlY5Z1dCUjFIVFFDSUVBTVlBeUFBRWdMSkJ2RF9Cd0Vw8Zaxl-j-gAOQAbzJyOX3EZgBAA |
5 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
8srv.anscxnyfrtg.com
cdn.staticfile.org
cp.whasiozp.com
cweb.wworwy.club
npm.elemecdn.com
qingtian.whatoppjku.com
web.whatsapp.com
www.googleadservices.com
8srv.anscxnyfrtg.com
cp.whasiozp.com
npm.elemecdn.com
qingtian.whatoppjku.com
web.whatsapp.com
104.21.45.65
142.250.186.34
163.181.56.225
172.67.148.1
172.67.197.1
0a458a2c3f77b0c022ffacf8ed9797606b6cc3c342aa9ac2ce6e03e304cd7a66
69acbe3d7c92af1a509b7351cabfac35b356c18eef8c9299f5ac354acfdba079
775fafc214e32a36e2a39e694322fed097e37d964c9dce65663655b64492d068
79acde4aa0ad3feafd96271141640066d0c52c050724b13272b1ca3d6930f8d1
89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e
8a636dbd66666f13902713e7bc7d2e1cab497b299f533495759a2c68c459c5a4
b09c3d28be8cacc5a88c53d70093b1258f1413601bbecf0ef8cd62ba5ba1df49
d3ff129e3a49744ad0c045eb6fe06737d02930eed78b99cfd7cabfe7af7bfea9
d980ab372658f4c7c8f07d730ef6dc67e3fb3471f37928274f915c0308850994