cn.whatsapps.us Open in urlscan Pro
2606:4700:3030::6815:ff7 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://cn.whatsapps.us/
Submission: On January 06 via automatic, source openphish (January 6th 2023, 1:17:45 pm UTC) — Scanned from US

Summary HTTP 17 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 17 HTTP transactions. The main IP is 2606:4700:3030::6815:ff7, located in United States and belongs to CLOUDFLARENET, US. The main domain is cn.whatsapps.us.
TLS certificate: Issued by E1 on January 5th 2023. Valid for: 3 months.

This is the only time cn.whatsapps.us was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: WhatsApp (Instant Messenger)

Domain & IP information

	IP Address		AS Autonomous System
11	2606:4700:303... 2606:4700:3030::6815:ff7		13335 (CLOUDFLAR...) (CLOUDFLARENET)
17	2

11 2606:4700:3030::6815:ff7 (United States)

ASN13335 (CLOUDFLARENET, US)

cn.whatsapps.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	whatsapps.us cn.whatsapps.us	137 KB
0	telegtrkhhhh.com Failed telegtrkhhhh.com Failed
17	2

	Domain	Requested by
11	cn.whatsapps.us	cn.whatsapps.us
0	telegtrkhhhh.com Failed	cn.whatsapps.us
17	2

This site contains no links.

Subject Issuer	Validity	Valid
*.whatsapps.us E1	`2023-01-05` - `2023-04-05`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://cn.whatsapps.us/
Frame ID: F39ABBD3C85AB314D87E2215AA6AD001
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

WhatsApp

Page Statistics

17
Requests

65 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

137 kB
Transfer

281 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response cn.whatsapps.us/	31 KB 6 KB	366ms 291ms	Document text/html	2606:4700:3030::6815:ff7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cn.whatsapps.us/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::6815:ff7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `c32846942323ecbe889e2961c23d92dc6195c8a5358a8c337bffb611c83c3b32` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 accept-language en-US,en;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 7854bc22d83e8cda-EWR content-encoding br content-type text/html date Fri, 06 Jan 2023 13:17:37 GMT last-modified Fri, 06 Jan 2023 12:29:15 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cRqr1fainUfozDaDsvXIrbqgDFo%2F0Yq%2BwfT1%2FxeVb4kpt94Wm5e1vfZBl85xmg0l9C4bTjf4Apw4lZzMUq0nc82TArbemAqDCJ6xDW48uMh1dcUtEeZj7fSzuvtVTS5PggQwxmrheCZ9%2FmDQWT4%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H2	200	92yU3_1E6qP.css cn.whatsapps.us/img/	7 KB 2 KB	41ms 39ms	Stylesheet text/css	2606:4700:3030::6815:ff7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cn.whatsapps.us/img/92yU3_1E6qP.css Requested by Host: cn.whatsapps.us URL: https://cn.whatsapps.us/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::6815:ff7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `b1dec9c543ba7d88bd189d02e6b4b783e20061171c49094a928fc819ec788bcc` Request headers accept-language en-US,en;q=0.9 Referer https://cn.whatsapps.us/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 06 Jan 2023 13:17:37 GMT content-encoding br cf-cache-status HIT last-modified Thu, 05 Jan 2023 07:17:08 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 21260 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cef1LWy6vzl12UJa3enjeoFb%2FXnPtwtBq7sPLAgNGGWYD4ERijqhfdXkRXcyr1zpp4BqHRqhSti0rWxAcNCZdbsu3gBDQLBsLq5E%2F7eUBlM5%2FR6iWC2uXVGutKTTvWrfbVP3vfRNfL%2FCks%2F0fjs%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=43200 cf-ray 7854bc24bba48cda-EWR alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Fri, 06 Jan 2023 19:23:17 GMT
GET H2	200	xnxHL8zVBjo.css cn.whatsapps.us/img/	120 KB 19 KB	33ms 31ms	Stylesheet text/css	2606:4700:3030::6815:ff7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cn.whatsapps.us/img/xnxHL8zVBjo.css Requested by Host: cn.whatsapps.us URL: https://cn.whatsapps.us/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::6815:ff7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `9e2685a4154bd83732582374bfa0af8629d052c6c459d3a5f7e49bbe936d49fb` Request headers accept-language en-US,en;q=0.9 Referer https://cn.whatsapps.us/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 06 Jan 2023 13:17:37 GMT content-encoding br cf-cache-status HIT last-modified Thu, 05 Jan 2023 07:17:08 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 21260 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sPDa1T70zJ6glunOwoL%2B2pbMICr7tSiQ%2FM3355dWC7vR38grP5JxpmGp6o6f4IXG1KL1PBreAuRZlqxNvYQrDGT%2FzOjZxUL4%2BXa9lKqfrm%2BS7PEc3RWawHzHebYEHiJi5Rm%2FsftYoQhskGYkVws%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=43200 cf-ray 7854bc24bba68cda-EWR alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Fri, 06 Jan 2023 19:23:17 GMT
GET H2	200	EsyfAiyWshR.css cn.whatsapps.us/img/	13 KB 4 KB	34ms 33ms	Stylesheet text/css	2606:4700:3030::6815:ff7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cn.whatsapps.us/img/EsyfAiyWshR.css Requested by Host: cn.whatsapps.us URL: https://cn.whatsapps.us/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::6815:ff7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `6939b27f67ead8086687d1279d7646fe6c774167323ef8284da42debd717d41a` Request headers accept-language en-US,en;q=0.9 Referer https://cn.whatsapps.us/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 06 Jan 2023 13:17:37 GMT content-encoding br cf-cache-status HIT last-modified Thu, 05 Jan 2023 07:17:08 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 21260 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AR8JVrpjunrNYr1WhM4%2Bg2bkDIeKlAYJ4%2FoYB06FLskWpHgrGFoWDpkxG9f%2FY52j4wLAFXPlKdZ%2B45t8DoEzkjbVREZCXEyXAeiaNkCbPoASeWloLJ4Hg%2FBTUHQbtdq2Ld13mXSQfJzg3%2Fhkyas%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=43200 cf-ray 7854bc24bba88cda-EWR alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Fri, 06 Jan 2023 19:23:17 GMT
GET H2	200	28bZN702Ikw.css cn.whatsapps.us/img/	839 B 632 B	30ms 29ms	Stylesheet text/css	2606:4700:3030::6815:ff7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cn.whatsapps.us/img/28bZN702Ikw.css Requested by Host: cn.whatsapps.us URL: https://cn.whatsapps.us/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::6815:ff7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `61431d485e72642790d1d1ff91b5b962c274c47d33ec561f041c917198cf60cb` Request headers accept-language en-US,en;q=0.9 Referer https://cn.whatsapps.us/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 06 Jan 2023 13:17:37 GMT content-encoding br cf-cache-status HIT last-modified Thu, 05 Jan 2023 07:17:08 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 21260 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4LE6jawmj1j7F08D%2F4LBQk3V6%2BXnIbw1Z6XxEzvjCI1y1aZnOTmKcA8ApoNAzjWB3mgPHQ3%2BNq%2FmkKdEnTyxcwxzEjfb7y35w7uTlHlKlXKASc38dxY%2BfWBrcJi1AlAsGAEgroIThZwiVFjEIpc%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=43200 cf-ray 7854bc24bbaa8cda-EWR alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Fri, 06 Jan 2023 19:23:17 GMT
GET H2	200	dow.js Show response cn.whatsapps.us/img/	564 B 819 B	20ms 19ms	Script application/x-javascript	2606:4700:3030::6815:ff7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cn.whatsapps.us/img/dow.js Requested by Host: cn.whatsapps.us URL: https://cn.whatsapps.us/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3030::6815:ff7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `b001dfac399431e6aef658e4b08dac787a77564862961faf0925743f78a40445` Request headers accept-language en-US,en;q=0.9 Referer https://cn.whatsapps.us/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 06 Jan 2023 13:17:37 GMT content-encoding br cf-cache-status HIT last-modified Fri, 06 Jan 2023 12:24:12 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 885 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qf2d9VbFL32R3phkr3isiHKe5ORWkN%2FCxvSLDh24Ke4ATrUbznGzqvitfNqdGFTeXRIfM7YazcW2Rj4JfvplSjyzNkDA8LMD7YN3HZ87ATPshjX4lcNuoUD6%2FODIM929sX0ck0ZlYWoW8YiseIY%3D"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript cache-control max-age=43200 cf-ray 7854bc24bbac8cda-EWR alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 expires Sat, 07 Jan 2023 01:02:52 GMT
GET H3	200	36B424nhiL4.svg cn.whatsapps.us/	9 KB 4 KB	21ms 21ms	Image image/svg+xml	2606:4700:3030::6815:ff7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cn.whatsapps.us/36B424nhiL4.svg Requested by Host: cn.whatsapps.us URL: https://cn.whatsapps.us/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3030::6815:ff7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `708f4f787db19dcb4cca817e1c38fba2baf0216b092c90d59648464791d57abb` Request headers accept-language en-US,en;q=0.9 Referer https://cn.whatsapps.us/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 06 Jan 2023 13:17:37 GMT content-encoding br cf-cache-status HIT last-modified Thu, 05 Jan 2023 07:17:06 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 3622 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4z9wPrS0D4%2FOLJkpalo8yx%2BJN%2FhRKYVDkC6yIRsSNgCATPaqS%2F6NVmwAK9rEBVbgiFhgaQYQSNjKEA%2BO39umSFORY7zoRFv%2FWETaV1fWHUukLZO4qwK9K0Z4QcesH70NyPtowwAC%2FolRrSTBLE0%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control max-age=14400 cf-ray 7854bc252af919bf-EWR alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	lOol7j-zq4u.svg cn.whatsapps.us/	3 KB 2 KB	19ms 18ms	Image image/svg+xml	2606:4700:3030::6815:ff7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cn.whatsapps.us/lOol7j-zq4u.svg Requested by Host: cn.whatsapps.us URL: https://cn.whatsapps.us/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3030::6815:ff7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `533ef6670e3d9c0e44718d0afa43f2edda11b58586e9da4e8f621145cf84d4d2` Request headers accept-language en-US,en;q=0.9 Referer https://cn.whatsapps.us/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 06 Jan 2023 13:17:37 GMT content-encoding br cf-cache-status HIT last-modified Thu, 05 Jan 2023 07:17:06 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 3789 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z5WdhwQboKIMLjkuZaPV6w0cUvEA1iFEfuqJQQ9hZ68%2B8Hx3Wcg3BLM%2FIkTtsoqolh4fZdmCdkwBiuTUl2iEiu%2F0WLC2Bcqms0iqpm8sTPK5%2FgHMBaQm3yMFoC2eHjZg%2FjeeeWteljC1Ir4%2FNF8%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control max-age=14400 cf-ray 7854bc255b3619bf-EWR alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	199496234_481826579786653_2728461741738467210_n.png cn.whatsapps.us/img/	22 KB 22 KB	37ms 36ms	Image image/png	2606:4700:3030::6815:ff7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cn.whatsapps.us/img/199496234_481826579786653_2728461741738467210_n.png Requested by Host: cn.whatsapps.us URL: https://cn.whatsapps.us/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3030::6815:ff7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `736ec0b63c70e29a0dad38ffb5a2f40c1b66062ac2e31ee4c21e43f2890b00e2` Request headers accept-language en-US,en;q=0.9 Referer https://cn.whatsapps.us/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 06 Jan 2023 13:17:37 GMT cf-cache-status HIT last-modified Thu, 05 Jan 2023 07:17:06 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 21260 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MeQ2iEwdENxvdcGgPISRZPDGHaEfJwrLkuJCl6bkMjokpyb5%2FdSEJyi5sOobiXVYWeKu7GJPqqL6NH0vQNAflgC0b2NRcAYRihuL9OWUPWlhNDGBFAa2DP%2FeXIxzlQAok6jLODO05xq2X%2FmMD%2Bs%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=2592000 accept-ranges bytes cf-ray 7854bc255b3a19bf-EWR alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 22083 expires Sun, 05 Feb 2023 07:23:17 GMT
GET H3	200	199550118_324755862565614_5691081457398710133_n.png cn.whatsapps.us/img/	22 KB 22 KB	22ms 21ms	Image image/png	2606:4700:3030::6815:ff7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cn.whatsapps.us/img/199550118_324755862565614_5691081457398710133_n.png Requested by Host: cn.whatsapps.us URL: https://cn.whatsapps.us/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3030::6815:ff7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `cd899e99d525898009bc4673d29cf38ebdc2ddc6d14bd7263f2c53e322ef2ef4` Request headers accept-language en-US,en;q=0.9 Referer https://cn.whatsapps.us/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 06 Jan 2023 13:17:37 GMT cf-cache-status HIT last-modified Thu, 05 Jan 2023 07:17:06 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 21260 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SLQ%2BpFl2aDJHsE4jO0QExEFq6NVvpKi75XhSJTau6ZFmXqbKm%2B3fKtPGKwBofSlyDVPfoK49Z7kKSypElbr%2Bu1TmQ0mvlaIybnmp64jMfvXjyzv9CK25JHyQgXIMjKAhYWnU9BA66U5Ebe4fw5U%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=2592000 accept-ranges bytes cf-ray 7854bc255b3c19bf-EWR alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 22023 expires Sun, 05 Feb 2023 07:23:17 GMT
GET H3	200	200489840_212859424015902_6843985089037031179_n.png cn.whatsapps.us/img/	55 KB 56 KB	24ms 23ms	Image image/png	2606:4700:3030::6815:ff7 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://cn.whatsapps.us/img/200489840_212859424015902_6843985089037031179_n.png?ccb=1-5&_nc_sid=2fbf2a&_nc_ohc=juYEDneC6ZwAX8BZDbQ&_nc_ht=scontent.whatsapp.net&oh=01_AVwTiAjyLXIN-Si27fk-6Emqqeg-vLnM5HBSbdXGng4itw&oe=627168B5 Requested by Host: cn.whatsapps.us URL: https://cn.whatsapps.us/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3030::6815:ff7 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `c230016694c1b4234b5b3330a1bb720efcc3152727ccde28ae63d9a89418cd24` Request headers accept-language en-US,en;q=0.9 Referer https://cn.whatsapps.us/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36 Response headers date Fri, 06 Jan 2023 13:17:37 GMT cf-cache-status HIT last-modified Thu, 05 Jan 2023 07:17:06 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 21260 vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EQDbBItNEUe7tQ1EdsdDNzwyTZqB9LSp%2BfJJmL1TyG9QxU%2Bo6xqKO3aanUXLBg%2B4mcQSRd8rzvDp708MLlx%2B729HBuaJS00rU1BWvMPR8mqQCLjfguqnnttpDd5Kr%2BG0BKhek1SoF9urtTZQoKc%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=2592000 accept-ranges bytes cf-ray 7854bc255b3d19bf-EWR alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 56702 expires Sun, 05 Feb 2023 07:23:17 GMT
GET		c_1vdG88uNh.woff2 telegtrkhhhh.com/img/	0 0

GET		KKlOyJQcRfr.woff telegtrkhhhh.com/img/	0 0

GET		RuiWHQ9HuZ-.woff2 telegtrkhhhh.com/img/	0 0

GET		5vZjyJccuEw.woff telegtrkhhhh.com/img/	0 0

GET		zSaFQ46AO2w.woff2 telegtrkhhhh.com/img/	0 0

GET		_gCoI-iROin.woff telegtrkhhhh.com/img/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: telegtrkhhhh.com
URL: http://telegtrkhhhh.com/img/c_1vdG88uNh.woff2

Domain: telegtrkhhhh.com
URL: http://telegtrkhhhh.com/img/KKlOyJQcRfr.woff

Domain: telegtrkhhhh.com
URL: http://telegtrkhhhh.com/img/RuiWHQ9HuZ-.woff2

Domain: telegtrkhhhh.com
URL: http://telegtrkhhhh.com/img/5vZjyJccuEw.woff

Domain: telegtrkhhhh.com
URL: http://telegtrkhhhh.com/img/zSaFQ46AO2w.woff2

Domain: telegtrkhhhh.com
URL: http://telegtrkhhhh.com/img/_gCoI-iROin.woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WhatsApp (Instant Messenger)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange function| durl

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://cn.whatsapps.us/ Message: Mixed Content: The page at 'https://cn.whatsapps.us/' was loaded over HTTPS, but requested an insecure font 'http://telegtrkhhhh.com/img/c_1vdG88uNh.woff2'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://cn.whatsapps.us/ Message: Mixed Content: The page at 'https://cn.whatsapps.us/' was loaded over HTTPS, but requested an insecure font 'http://telegtrkhhhh.com/img/KKlOyJQcRfr.woff'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://cn.whatsapps.us/ Message: Mixed Content: The page at 'https://cn.whatsapps.us/' was loaded over HTTPS, but requested an insecure font 'http://telegtrkhhhh.com/img/RuiWHQ9HuZ-.woff2'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://cn.whatsapps.us/ Message: Mixed Content: The page at 'https://cn.whatsapps.us/' was loaded over HTTPS, but requested an insecure font 'http://telegtrkhhhh.com/img/5vZjyJccuEw.woff'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://cn.whatsapps.us/ Message: Mixed Content: The page at 'https://cn.whatsapps.us/' was loaded over HTTPS, but requested an insecure font 'http://telegtrkhhhh.com/img/zSaFQ46AO2w.woff2'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://cn.whatsapps.us/ Message: Mixed Content: The page at 'https://cn.whatsapps.us/' was loaded over HTTPS, but requested an insecure font 'http://telegtrkhhhh.com/img/_gCoI-iROin.woff'. This request has been blocked; the content must be served over HTTPS.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cn.whatsapps.us
telegtrkhhhh.com
telegtrkhhhh.com
2606:4700:3030::6815:ff7
533ef6670e3d9c0e44718d0afa43f2edda11b58586e9da4e8f621145cf84d4d2
61431d485e72642790d1d1ff91b5b962c274c47d33ec561f041c917198cf60cb
6939b27f67ead8086687d1279d7646fe6c774167323ef8284da42debd717d41a
708f4f787db19dcb4cca817e1c38fba2baf0216b092c90d59648464791d57abb
736ec0b63c70e29a0dad38ffb5a2f40c1b66062ac2e31ee4c21e43f2890b00e2
9e2685a4154bd83732582374bfa0af8629d052c6c459d3a5f7e49bbe936d49fb
b001dfac399431e6aef658e4b08dac787a77564862961faf0925743f78a40445
b1dec9c543ba7d88bd189d02e6b4b783e20061171c49094a928fc819ec788bcc
c230016694c1b4234b5b3330a1bb720efcc3152727ccde28ae63d9a89418cd24
c32846942323ecbe889e2961c23d92dc6195c8a5358a8c337bffb611c83c3b32
cd899e99d525898009bc4673d29cf38ebdc2ddc6d14bd7263f2c53e322ef2ef4

cn.whatsapps.us Open in urlscan Pro 2606:4700:3030::6815:ff7 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

17 Requests

65 %HTTPS

100 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

137 kBTransfer

281 kBSize

0 Cookies

0 Outgoing links

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

0 Cookies

6 Console Messages

Indicators

cn.whatsapps.us Open in urlscan Pro
2606:4700:3030::6815:ff7 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

65 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

137 kB
Transfer

281 kB
Size

0
Cookies

17 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!