chat-whatsapp-ggokntu5khehn869xlmhti.nl
Open in
urlscan Pro
167.86.87.133
Malicious Activity!
Public Scan
Submission: On November 20 via automatic, source certstream-suspicious
Summary
TLS certificate: Issued by chat-whatsapp-ggokntu5khehn869xlmhti.nl on November 20th 2020. Valid for: a year.
This is the only time chat-whatsapp-ggokntu5khehn869xlmhti.nl was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: WhatsApp (Instant Messenger)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 | 167.86.87.133 167.86.87.133 | 51167 (CONTABO) (CONTABO) | |
14 | 2a03:2880:f22... 2a03:2880:f22d:c2:face:b00c:0:1cc9 | 32934 (FACEBOOK) (FACEBOOK) | |
18 | 2 |
ASN51167 (CONTABO, DE)
PTR: vmi467671.contaboserver.net
chat-whatsapp-ggokntu5khehn869xlmhti.nl |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
fbcdn.net
z-p3-static.xx.fbcdn.net |
187 KB |
4 |
chat-whatsapp-ggokntu5khehn869xlmhti.nl
chat-whatsapp-ggokntu5khehn869xlmhti.nl |
64 KB |
18 | 2 |
Domain | Requested by | |
---|---|---|
14 | z-p3-static.xx.fbcdn.net |
chat-whatsapp-ggokntu5khehn869xlmhti.nl
z-p3-static.xx.fbcdn.net |
4 | chat-whatsapp-ggokntu5khehn869xlmhti.nl |
chat-whatsapp-ggokntu5khehn869xlmhti.nl
z-p3-static.xx.fbcdn.net |
18 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
chat-whatsapp-ggokntu5khehn869xlmhti.nl chat-whatsapp-ggokntu5khehn869xlmhti.nl |
2020-11-20 - 2021-11-20 |
a year | crt.sh |
*.facebook.com DigiCert SHA2 High Assurance Server CA |
2020-11-02 - 2021-01-30 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://chat-whatsapp-ggokntu5khehn869xlmhti.nl/
Frame ID: B8D083ED1B40BC9D96B7AC76C5F08C57
Requests: 18 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
chat-whatsapp-ggokntu5khehn869xlmhti.nl/ |
321 KB 35 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
li1FVv8ji_p.css
z-p3-static.xx.fbcdn.net/rsrc.php/v3/y7/l/0,cross/ |
7 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
-FqGavqvSZ6.css
z-p3-static.xx.fbcdn.net/rsrc.php/v3/yE/l/0,cross/ |
227 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Sc982v7GTGi.css
z-p3-static.xx.fbcdn.net/rsrc.php/v3/yA/l/0,cross/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Lv5aJk9unC2.js
z-p3-static.xx.fbcdn.net/rsrc.php/v3/yr/r/ |
267 KB 71 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
-r3j-x8ZnM7.svg
z-p3-static.xx.fbcdn.net/rsrc.php/yv/r/ |
5 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
grup.jpeg
chat-whatsapp-ggokntu5khehn869xlmhti.nl/img/ |
26 KB 26 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
eEsWn1Jy2SD.js
z-p3-static.xx.fbcdn.net/rsrc.php/v3/yZ/r/ |
6 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hvHSiHpk88i.js
z-p3-static.xx.fbcdn.net/rsrc.php/v3/yQ/r/ |
53 KB 16 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gimtHmJGnao.js
z-p3-static.xx.fbcdn.net/rsrc.php/v3i7M54/yO/l/en_US/ |
137 KB 35 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
-Nusi-NCXO_.js
z-p3-static.xx.fbcdn.net/rsrc.php/v3/ye/r/ |
32 KB 10 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
neRd8sBApii.js
z-p3-static.xx.fbcdn.net/rsrc.php/v3/yA/r/ |
2 KB 998 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hZ69DXl-3k7.js
z-p3-static.xx.fbcdn.net/rsrc.php/v3/yc/r/ |
41 KB 13 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
uyDXATJj33w.js
z-p3-static.xx.fbcdn.net/rsrc.php/v3iqES4/yA/l/en_US/ |
18 KB 6 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
7oVtGLsr9D2.js
z-p3-static.xx.fbcdn.net/rsrc.php/v3/yH/r/ |
7 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
-PAXP-deijE.gif
z-p3-static.xx.fbcdn.net/rsrc.php/v3/y4/r/ |
43 B 239 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
bz
chat-whatsapp-ggokntu5khehn869xlmhti.nl/ajax/ |
1 KB 1 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
bz
chat-whatsapp-ggokntu5khehn869xlmhti.nl/ajax/ |
1 KB 1 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: WhatsApp (Instant Messenger)64 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated number| _cstart function| envFlush object| Env number| __DEV__ function| CavalryLogger function| emptyFunction function| __annotator function| __bodyWrapper function| __t function| __w function| FB_enumerate function| __m object| babelHelpers function| define function| require function| requireDynamic function| requireLazy function| __d function| $RefreshReg$ function| $RefreshSig$ object| ErrorSerializer function| getErrorSafe object| ErrorGuard object| ErrorUtils function| Arbiter object| JSCC function| $ function| ge object| Parent object| TimeSlice function| goURI object| Bootloader object| PageEvents function| _domcontentready function| onloadRegister_DEPRECATED function| onloadRegister function| onafterloadRegister_DEPRECATED function| onafterloadRegister function| onleaveRegister function| onbeforeunloadRegister function| onunloadRegister function| $E object| onloadhooks function| now_inl object| bigPipe object| PageHooks function| _domreadyHook function| _onloadHook function| runHook function| runHooks function| keep_window_set_as_loaded object| onafterunloadhooks function| AsyncRequest boolean| domready boolean| loaded0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
chat-whatsapp-ggokntu5khehn869xlmhti.nl
z-p3-static.xx.fbcdn.net
167.86.87.133
2a03:2880:f22d:c2:face:b00c:0:1cc9
0a21b0a5f665f1e1dcfc3e3b6c966e67b1a55826719036d051f2873d7abd330a
2a46b7b1639b1f426166dfbe62906974259e3103ac71a41703d27ca85c8be069
2f9c8d7c39622692b763480432c7553d6d46e0ef448e0f268dac7c6e0a425ca1
3408c12b00a8f8f1b32eae70fcfef2889419540d2a3c7684818152c39d1ee8e7
46e7d7455f292ed282cfd1c545b3cac97182e5e7ce0c563ffd9ecd1635acf48a
4c38e1097b864a873243dee54c73acca2dbcfd48112e5afde26973b627b40835
565e8f89ea9414cb55ba735d8316a72fb180542172e0b9b4e0483d1a20ee4727
5a52dbaf980be015c37ea658dc83e753f345ecb7c48a7dafd71bf1ed67e8b4bd
79ce4e2bbf25c4a4d91458d191d6ef268b4592169ae6586ba52242f412670b5d
7b8a0b8bee2bd3970a3c6a510b79e18af573752ab08570f5a24c73d6f0467598
96781f4c333b7f724462190868ebb6a1127c9675257a5e51287c0294024f43da
a570728392ffa25080543d1495467eb6d61f5f7aa7ad554da485baa609884ea1
a7c8d899afe1a6abeeae1060e9d5f67e5399e80fb7fb952ba514e68442ae9839
ac050fd3ed162ceba45fbb688258f7e48aa2f59c064a471cd1a8470360b9f98a
adcaccf132864ab14cf4ddd7bda40a8f4e8d0471ed98be0d6183e5db35f24e0d
c6ba6f2740a5cae239de4c2b289c872e222dded00cef3ee636eb435b3be22a95
cfdf2ab53c21e586a4bc0c04c7f07f3e5ed88d999e165c63af1194fb471c0c17