web.whatsapp.com.web.whatsapp.portoseguro1.myshn.net
Open in
urlscan Pro
52.68.137.139
Malicious Activity!
Public Scan
Effective URL: https://web.whatsapp.com.web.whatsapp.portoseguro1.myshn.net/
Submission: On December 04 via api from US — Scanned from US
Summary
TLS certificate: Issued by GlobalSign RSA OV SSL CA 2018 on December 4th 2023. Valid for: a year.
This is the only time web.whatsapp.com.web.whatsapp.portoseguro1.myshn.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: WhatsApp (Instant Messenger)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 18.180.140.154 18.180.140.154 | 16509 (AMAZON-02) (AMAZON-02) | |
20 | 52.68.137.139 52.68.137.139 | 16509 (AMAZON-02) (AMAZON-02) | |
20 | 2 |
ASN16509 (AMAZON-02, US)
PTR: ec2-18-180-140-154.ap-northeast-1.compute.amazonaws.com
web.whatsapp.portoseguro1.myshn.net |
ASN16509 (AMAZON-02, US)
PTR: ec2-52-68-137-139.ap-northeast-1.compute.amazonaws.com
web.whatsapp.com.web.whatsapp.portoseguro1.myshn.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
21 |
myshn.net
1 redirects
web.whatsapp.portoseguro1.myshn.net web.whatsapp.com.web.whatsapp.portoseguro1.myshn.net |
4 MB |
20 | 1 |
Domain | Requested by | |
---|---|---|
20 | web.whatsapp.com.web.whatsapp.portoseguro1.myshn.net |
web.whatsapp.com.web.whatsapp.portoseguro1.myshn.net
|
1 | web.whatsapp.portoseguro1.myshn.net | 1 redirects |
20 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
web.whatsapp.portoseguro1.myshn.net GlobalSign RSA OV SSL CA 2018 |
2023-12-04 - 2025-01-04 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://web.whatsapp.com.web.whatsapp.portoseguro1.myshn.net/
Frame ID: 60FA08D2324453D3418FCA2AB1CF6680
Requests: 26 HTTP requests in this frame
Screenshot
Page Title
WhatsAppPage URL History Show full URLs
-
https://web.whatsapp.portoseguro1.myshn.net/
HTTP 302
https://web.whatsapp.com.web.whatsapp.portoseguro1.myshn.net/ Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://web.whatsapp.portoseguro1.myshn.net/
HTTP 302
https://web.whatsapp.com.web.whatsapp.portoseguro1.myshn.net/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
web.whatsapp.com.web.whatsapp.portoseguro1.myshn.net/ Redirect Chain
|
12 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
stylex-f5a41c55844b1e99ccf3d8b58dbb99f0.css
web.whatsapp.com.web.whatsapp.portoseguro1.myshn.net/ |
219 KB 54 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app-c1c9f745bb0ae3c63811.css
web.whatsapp.com.web.whatsapp.portoseguro1.myshn.net/ |
205 KB 64 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
binary-transparency-manifest-2.2353.0.json
web.whatsapp.com.web.whatsapp.portoseguro1.myshn.net/ |
17 KB 12 KB |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
libsignal-protocol-ee5b8ba.min.js
web.whatsapp.com.web.whatsapp.portoseguro1.myshn.net/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
runtime.bb8f0d615cc1abcb0c34.js
web.whatsapp.com.web.whatsapp.portoseguro1.myshn.net/ |
16 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vendor1~app.faf9096ea5e5e9ae7ce7.js
web.whatsapp.com.web.whatsapp.portoseguro1.myshn.net/ |
696 KB 227 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app.e6352145ea3a831d9908.js
web.whatsapp.com.web.whatsapp.portoseguro1.myshn.net/ |
6 MB 2 MB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
web.whatsapp.com.web.whatsapp.portoseguro1.myshn.net/killswitch/ |
2 KB 3 KB |
Fetch
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vendors~main.d7dcd71433cd9547deff.js
web.whatsapp.com.web.whatsapp.portoseguro1.myshn.net/ |
316 KB 94 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main~.f2adc58d624d4f3afb72.js
web.whatsapp.com.web.whatsapp.portoseguro1.myshn.net/ |
141 KB 38 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.8f7da06be393dce894b1.css
web.whatsapp.com.web.whatsapp.portoseguro1.myshn.net/ |
147 KB 31 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.09aa8246bb66447e103e.js
web.whatsapp.com.web.whatsapp.portoseguro1.myshn.net/ |
5 MB 1 MB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
44 B 0 |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
667 B 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
66 B 0 |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
en.5b8773da0c5e79cdd44f.js
web.whatsapp.com.web.whatsapp.portoseguro1.myshn.net/locales/ |
602 B 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
notification_2a485d84012c106acef03b527bb54635.mp3
web.whatsapp.com.web.whatsapp.portoseguro1.myshn.net/ |
56 KB 58 KB |
Media
audio/mpeg3 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
check-update
web.whatsapp.com.web.whatsapp.portoseguro1.myshn.net/ |
120 B 3 KB |
Fetch
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
qr-video_0c6ec69b054fdeb31cf3e5e10290fd8e.png
web.whatsapp.com.web.whatsapp.portoseguro1.myshn.net/img/ |
16 KB 18 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
82 B 0 |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
90 B 0 |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
38 B 0 |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon_c5088e888c97ad440a61d247596f88e5.png
web.whatsapp.com.web.whatsapp.portoseguro1.myshn.net/img/ |
787 B 3 KB |
XHR
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
WAWebWorker.5d49685d1f4bf511cd69.worker.js
web.whatsapp.com.web.whatsapp.portoseguro1.myshn.net/ |
934 KB 279 KB |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
en.json
web.whatsapp.com.web.whatsapp.portoseguro1.myshn.net/emoji_suggestions/ |
132 KB 43 KB |
Fetch
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: WhatsApp (Instant Messenger)14 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture boolean| systemThemeDark object| theme object| systemThemeMode object| systemTheme boolean| darkTheme object| webpackChunkwhatsapp_web_client function| __LOG__ function| SEND_LOGS undefined| requestFileSystem object| Modernizr function| Velocity object| Debug object| updater0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
5 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | frame-ancestors 'self'; default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://ajax.googleapis.com https://api.search.live.net https://maps.googleapis.com https://www.youtube.com https://s.ytimg.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://*.giphy.com https://*.tenor.co https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://www.bingapis.com/api/v6/images/search https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com;img-src 'self' data: blob: *;media-src 'self' data: blob: https://*.whatsapp.net https://*.giphy.com https://*.tenor.co https://*.cdninstagram.com https://*.streamable.com https://*.sharechat.com https://*.fbcdn.net mediastream:;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com;block-all-mixed-content;upgrade-insecure-requests; |
Strict-Transport-Security | max-age=63072000; includeSubDomains; preload |
X-Content-Type-Options | nosniff |
X-Xss-Protection | 0 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
web.whatsapp.com.web.whatsapp.portoseguro1.myshn.net
web.whatsapp.portoseguro1.myshn.net
18.180.140.154
52.68.137.139
03aa23091dcfe93757f891f89bac84ab7ce81d53ff2c019e18ec0b6522a31700
14cf15efede67fa5e6ea2a5ec61e488314379787284c804e1bc4ce8a35144df5
190f6e263de8f24523aaf4277e5de718b339d51bc9c080791b49fb47ba37b713
2e3ef134fa6ca35c92c73fa10a54fb9499e1030b0001df31c621d750d1f02258
31e5ab5a66af66d335acc08b24dcb48b08060452a6c1f08dcba676b3ed55201c
345a7f619e726c9ed21fa1e83646623f3491056eb1c9e0f3af797c42d38255c1
38788c48c82e5373fddf58728da578d4e23ee11ff65c3c675f8bec38550a1e0b
3f695c3dd7bf58b301294e83aa206257a2585611a861afd2c039ff20834da229
414db7ceda368d4b45697245afdfa30ebc73092341cb8cdd4a267d397ff6ef8d
52dc24c0429ea6ccc5b579a6da8bb79bf41e471fe5108a62009f3c2e195551c0
76bfdea638e82cc7249e7bb3da9cb423141bd9732ec4355d4cf1495749d4ab23
7ce23bb169d56e3dc218181172c5d318dc16526e035b539e038f605a893ea551
8cc91e17191f145516e169babd035ce221e553579621b73308b970499314d62b
937c19a32d0dce93d3bcf7abfa91d4cb18d28a24534da92afb252ec5d539c046
aeed8667abf14d733abba00d3c11afb9dfa2f96420edb414b202df1a22a36492
b1b6a2b13f84e0d0784a0841e09d95f7dcbccc82a19b2e43128bb73263bee81d
b42455729579391c58b9c37e9e71a82181f2cfd05728e2d2924ec43abff291d9
b6b1c335997b44425ea6a0d1f9e49e806b9f6045abb0a332af26bd2caef09d02
b71c20271d9c80d1a71aa0ab9935281c4fa8ac404533f1a0747d7fb03fc68e79
bd25bde9fc4427cd6f3babcb8f888fe6174ca48881c103e243d4c6f83f30aab6
c91299b09d17bb336c97719fed04d726624f532254a16b3f154ef1e8066a0b32
d0cadf240e89340b93df35240e7809039c1c574be05fbe2cf3243e2f487bc9ec
d50ea7711e5be6c53f8f7f6cb9a603945b104c6b2c8ca518b83f94418e46f203
d980ab372658f4c7c8f07d730ef6dc67e3fb3471f37928274f915c0308850994
edd8db5c29b96b7a290a5e266d426dca85541b7cd7a62b180e5ec89dc635f05f