cn.whatsapps.us
Open in
urlscan Pro
2606:4700:3030::6815:ff7
Malicious Activity!
Public Scan
Submission: On January 06 via automatic, source openphish — Scanned from US
Summary
TLS certificate: Issued by E1 on January 5th 2023. Valid for: 3 months.
This is the only time cn.whatsapps.us was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: WhatsApp (Instant Messenger)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
11 | 2606:4700:303... 2606:4700:3030::6815:ff7 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
17 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
whatsapps.us
cn.whatsapps.us |
137 KB |
0 |
telegtrkhhhh.com
Failed
telegtrkhhhh.com Failed |
|
17 | 2 |
Domain | Requested by | |
---|---|---|
11 | cn.whatsapps.us |
cn.whatsapps.us
|
0 | telegtrkhhhh.com Failed |
cn.whatsapps.us
|
17 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.whatsapps.us E1 |
2023-01-05 - 2023-04-05 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://cn.whatsapps.us/
Frame ID: F39ABBD3C85AB314D87E2215AA6AD001
Requests: 17 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
17 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
cn.whatsapps.us/ |
31 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
92yU3_1E6qP.css
cn.whatsapps.us/img/ |
7 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
xnxHL8zVBjo.css
cn.whatsapps.us/img/ |
120 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
EsyfAiyWshR.css
cn.whatsapps.us/img/ |
13 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
28bZN702Ikw.css
cn.whatsapps.us/img/ |
839 B 632 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dow.js
cn.whatsapps.us/img/ |
564 B 819 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
36B424nhiL4.svg
cn.whatsapps.us/ |
9 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
lOol7j-zq4u.svg
cn.whatsapps.us/ |
3 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
199496234_481826579786653_2728461741738467210_n.png
cn.whatsapps.us/img/ |
22 KB 22 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
199550118_324755862565614_5691081457398710133_n.png
cn.whatsapps.us/img/ |
22 KB 22 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
200489840_212859424015902_6843985089037031179_n.png
cn.whatsapps.us/img/ |
55 KB 56 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
c_1vdG88uNh.woff2
telegtrkhhhh.com/img/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
KKlOyJQcRfr.woff
telegtrkhhhh.com/img/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
RuiWHQ9HuZ-.woff2
telegtrkhhhh.com/img/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
5vZjyJccuEw.woff
telegtrkhhhh.com/img/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
zSaFQ46AO2w.woff2
telegtrkhhhh.com/img/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
_gCoI-iROin.woff
telegtrkhhhh.com/img/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- telegtrkhhhh.com
- URL
- http://telegtrkhhhh.com/img/c_1vdG88uNh.woff2
- Domain
- telegtrkhhhh.com
- URL
- http://telegtrkhhhh.com/img/KKlOyJQcRfr.woff
- Domain
- telegtrkhhhh.com
- URL
- http://telegtrkhhhh.com/img/RuiWHQ9HuZ-.woff2
- Domain
- telegtrkhhhh.com
- URL
- http://telegtrkhhhh.com/img/5vZjyJccuEw.woff
- Domain
- telegtrkhhhh.com
- URL
- http://telegtrkhhhh.com/img/zSaFQ46AO2w.woff2
- Domain
- telegtrkhhhh.com
- URL
- http://telegtrkhhhh.com/img/_gCoI-iROin.woff
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: WhatsApp (Instant Messenger)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontentvisibilityautostatechange function| durl0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
6 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cn.whatsapps.us
telegtrkhhhh.com
telegtrkhhhh.com
2606:4700:3030::6815:ff7
533ef6670e3d9c0e44718d0afa43f2edda11b58586e9da4e8f621145cf84d4d2
61431d485e72642790d1d1ff91b5b962c274c47d33ec561f041c917198cf60cb
6939b27f67ead8086687d1279d7646fe6c774167323ef8284da42debd717d41a
708f4f787db19dcb4cca817e1c38fba2baf0216b092c90d59648464791d57abb
736ec0b63c70e29a0dad38ffb5a2f40c1b66062ac2e31ee4c21e43f2890b00e2
9e2685a4154bd83732582374bfa0af8629d052c6c459d3a5f7e49bbe936d49fb
b001dfac399431e6aef658e4b08dac787a77564862961faf0925743f78a40445
b1dec9c543ba7d88bd189d02e6b4b783e20061171c49094a928fc819ec788bcc
c230016694c1b4234b5b3330a1bb720efcc3152727ccde28ae63d9a89418cd24
c32846942323ecbe889e2961c23d92dc6195c8a5358a8c337bffb611c83c3b32
cd899e99d525898009bc4673d29cf38ebdc2ddc6d14bd7263f2c53e322ef2ef4