urlscan.io logo urlscan.io
SecurityTrails logo

chat.whatzsapp.com Open in urlscan Pro
2606:4700:3034::6815:176  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://chat.whatzsapp.com/5AExYw7ZdOpHGATtKvRwp
Effective URL: https://chat.whatzsapp.com/3HGATtKvRwtRw2ot7vRwp/
Submission Tags: falconsandbox
Submission: On January 27 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 2 countries across 4 domains to perform 13 HTTP transactions. The main IP is 2606:4700:3034::6815:176, located in United States and belongs to CLOUDFLARENET, US. The main domain is chat.whatzsapp.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on October 25th 2020. Valid for: a year.
This is the only time chat.whatzsapp.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: WhatsApp (Instant Messenger)

Domain & IP information

12    2606:4700:3034::6815:176 (United States)

ASN13335 (CLOUDFLARENET, US)
chat.whatzsapp.com
1    2a00:1450:4001:802::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2606:4700:3030::6815:58cf (United States)

ASN13335 (CLOUDFLARENET, US)
chat.whatuspp.com
1    2a00:1450:4001:801::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2a00:1450:4001:802::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
3    2a00:1450:4001:824::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
Domain Requested by
12 chat.whatzsapp.com 6 redirects chat.whatzsapp.com
4 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 www.googletagmanager.com chat.whatzsapp.com
www.googletagmanager.com
1 chat.whatuspp.com chat.whatzsapp.com
13 4

This site contains links to these domains. Also see Links.

Domain
oy.gy
translate.whatsapp.com
Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2020-10-25 -
2021-10-24		 a year crt.sh
*.google-analytics.com
GTS CA 1O1		 2021-01-05 -
2021-03-30		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://chat.whatzsapp.com/3HGATtKvRwtRw2ot7vRwp/
Frame ID: AD69D277ACDF90D27A9CF5925378F95F
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://chat.whatzsapp.com/5AExYw7ZdOpHGATtKvRwp HTTP 301
    https://chat.whatzsapp.com/5AExYw7ZdOpHGATtKvRwp/ Page URL
  2. https://chat.whatzsapp.com/5AExYw7ZdOpHGATtKvRwp/e HTTP 301
    https://chat.whatzsapp.com/5AExYw7ZdOpHGATtKvRwp/e/ HTTP 302
    https://chat.whatzsapp.com/5AExYw7ZdOpHGATtKvRwp/a HTTP 301
    https://chat.whatzsapp.com/5AExYw7ZdOpHGATtKvRwp/a/ HTTP 302
    https://chat.whatzsapp.com/3HGATtKvRwtRw2ot7vRwp HTTP 301
    https://chat.whatzsapp.com/3HGATtKvRwtRw2ot7vRwp/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Page Statistics

13
Requests

100 %
HTTPS

100 %
IPv6

4
Domains

4
Subdomains

7
IPs

2
Countries

216 kB
Transfer

506 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://chat.whatzsapp.com/5AExYw7ZdOpHGATtKvRwp HTTP 301
    https://chat.whatzsapp.com/5AExYw7ZdOpHGATtKvRwp/ Page URL
  2. https://chat.whatzsapp.com/5AExYw7ZdOpHGATtKvRwp/e HTTP 301
    https://chat.whatzsapp.com/5AExYw7ZdOpHGATtKvRwp/e/ HTTP 302
    https://chat.whatzsapp.com/5AExYw7ZdOpHGATtKvRwp/a HTTP 301
    https://chat.whatzsapp.com/5AExYw7ZdOpHGATtKvRwp/a/ HTTP 302
    https://chat.whatzsapp.com/3HGATtKvRwtRw2ot7vRwp HTTP 301
    https://chat.whatzsapp.com/3HGATtKvRwtRw2ot7vRwp/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://chat.whatzsapp.com/5AExYw7ZdOpHGATtKvRwp HTTP 301
  • https://chat.whatzsapp.com/5AExYw7ZdOpHGATtKvRwp/

13 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
chat.whatzsapp.com/5AExYw7ZdOpHGATtKvRwp/
Redirect Chain
  • https://chat.whatzsapp.com/5AExYw7ZdOpHGATtKvRwp
  • https://chat.whatzsapp.com/5AExYw7ZdOpHGATtKvRwp/
473 B
552 B 		Document
General
Check archive.org
Download Go to
Full URL
https://chat.whatzsapp.com/5AExYw7ZdOpHGATtKvRwp/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:176 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.2.34
Resource Hash

Request headers

:method
GET
:authority
chat.whatzsapp.com
:scheme
https
:path
/5AExYw7ZdOpHGATtKvRwp/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
__cfduid=dca4a72053dada73f4b88afddee4f26661611720409
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 27 Jan 2021 04:06:49 GMT
content-type
text/html; charset=UTF-8
x-powered-by
PHP/7.2.34
vary
Accept-Encoding
cf-cache-status
DYNAMIC
cf-request-id
07e39ed94600002c364f1eb000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=YLtBZWUwCT8dT08xsRhMK32Qsj6N54I1nDNzlXMuIhjg9jOvBeiKrF%2F7TKhyKsY11mfSpvWRl3%2B7C2T4xMXdnldKZpTnOoxYxYLBc0Cid2NfirJU9dkK1FQTSRSpoSM%3D"}],"max_age":604800}
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
617f9a6edc0a2c36-FRA
content-encoding
br

Redirect headers

date
Wed, 27 Jan 2021 04:06:49 GMT
content-type
text/html; charset=iso-8859-1
set-cookie
__cfduid=dca4a72053dada73f4b88afddee4f26661611720409; expires=Fri, 26-Feb-21 04:06:49 GMT; path=/; domain=.whatzsapp.com; HttpOnly; SameSite=Lax; Secure
location
https://chat.whatzsapp.com/5AExYw7ZdOpHGATtKvRwp/
cf-cache-status
DYNAMIC
cf-request-id
07e39ed80800002c36a420c000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=7yY1Vuy3hPmLuIRcDbet40hTbLKIfctvQ4pYJsDvwVzHqMyuz7ub3ff%2F75tBcayxsoJC6litNPF3JPJwRsMex2dtN4X%2BSiXA4Q22wSzEOzTEhFY%2BbpvfFkbuZl7sAuo%3D"}],"max_age":604800}
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
617f9a6cd9e52c36-FRA
Primary Request /
chat.whatzsapp.com/3HGATtKvRwtRw2ot7vRwp/
Redirect Chain
  • https://chat.whatzsapp.com/5AExYw7ZdOpHGATtKvRwp/e
  • https://chat.whatzsapp.com/5AExYw7ZdOpHGATtKvRwp/e/
  • https://chat.whatzsapp.com/5AExYw7ZdOpHGATtKvRwp/a
  • https://chat.whatzsapp.com/5AExYw7ZdOpHGATtKvRwp/a/
  • https://chat.whatzsapp.com/3HGATtKvRwtRw2ot7vRwp
  • https://chat.whatzsapp.com/3HGATtKvRwtRw2ot7vRwp/
26 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://chat.whatzsapp.com/3HGATtKvRwtRw2ot7vRwp/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:176 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.2.34
Resource Hash
30eb6777dc3dc2cafed1a62c85865d95a384967fa507c3475106283385dd1af8

Request headers

:method
GET
:authority
chat.whatzsapp.com
:scheme
https
:path
/3HGATtKvRwtRw2ot7vRwp/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://chat.whatzsapp.com/5AExYw7ZdOpHGATtKvRwp/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
__cfduid=dca4a72053dada73f4b88afddee4f26661611720409
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://chat.whatzsapp.com/5AExYw7ZdOpHGATtKvRwp/

Response headers

date
Wed, 27 Jan 2021 04:06:51 GMT
content-type
text/html; charset=UTF-8
x-powered-by
PHP/7.2.34
vary
Accept-Encoding
cf-cache-status
DYNAMIC
cf-request-id
07e39ee19d00002c366d235000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=mLRAlfB90%2FE%2B6lNeMWlcolxp99p5IOsuiAaw7WjUxTpl%2FpqJC1xcEmaP6hpDM3xnzTHQIvUz%2BAagVhjn4D1CfpAS96AhFZ9xNwyYdYtA2155CxI8sA1Od4mwP4MIKSs%3D"}],"max_age":604800}
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
617f9a7c2a9f2c36-FRA
content-encoding
br

Redirect headers

date
Wed, 27 Jan 2021 04:06:51 GMT
content-type
text/html; charset=iso-8859-1
location
https://chat.whatzsapp.com/3HGATtKvRwtRw2ot7vRwp/
cf-cache-status
DYNAMIC
cf-request-id
07e39ee05700002c366936d000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=8HmknHf5Ot31aUdAWHVB5Vy9DJdkD374lMJLfhwXhLEcJfySFoSh3rUintrzATQGFkSqD6xSUpgmE1QHMht1oCHxaoQnIrqV6spAzdUOds2MXL%2B3rpfUs%2BTgYdA5WrE%3D"}],"max_age":604800}
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
cf-ray
617f9a7a28452c36-FRA
invite.css
chat.whatzsapp.com/x_files/ 		14 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://chat.whatzsapp.com/x_files/invite.css
Requested by
Host: chat.whatzsapp.com
URL: https://chat.whatzsapp.com/3HGATtKvRwtRw2ot7vRwp/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:176 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1525ff682f8616316d31b26a6f38ce98c0c79bfec35f2ad35695ed41861e7206

Request headers

Referer
https://chat.whatzsapp.com/3HGATtKvRwtRw2ot7vRwp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 27 Jan 2021 04:06:52 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Sun, 25 Oct 2020 09:48:54 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=vSIGpsUWdJ5%2F20wm1FMIKc36bEHA6JcTVNFCUi0VGTjg7CoscW37wmGvFHXfeNGShatSuFxMcLbz9UhyzuUC0Igh8qsnHQw242rRI75P8Tcx87PezbC18DCI53MBzbw%3D"}],"max_age":604800}
content-type
text/css
cache-control
max-age=14400
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
617f9a7d5be72c36-FRA
cf-request-id
07e39ee25300002c364c05a000000001
js
www.googletagmanager.com/gtag/ 		98 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-126692131-4
Requested by
Host: chat.whatzsapp.com
URL: https://chat.whatzsapp.com/3HGATtKvRwtRw2ot7vRwp/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
66f10bc611da1836d117b29f76b3a05b29efa4371eeb2749d620eaa9588eec2e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://chat.whatzsapp.com/3HGATtKvRwtRw2ot7vRwp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 27 Jan 2021 04:06:51 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39650
x-xss-protection
0
last-modified
Wed, 27 Jan 2021 03:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 27 Jan 2021 04:06:51 GMT
jquery-1.js.descarga
chat.whatzsapp.com/x_files/ 		95 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://chat.whatzsapp.com/x_files/jquery-1.js.descarga
Requested by
Host: chat.whatzsapp.com
URL: https://chat.whatzsapp.com/3HGATtKvRwtRw2ot7vRwp/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:176 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e76acb5d863d93580337e8a1f53b6ee086a2658f37dfeedd0ad6df8933a49be1

Request headers

Referer
https://chat.whatzsapp.com/3HGATtKvRwtRw2ot7vRwp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 27 Jan 2021 04:06:52 GMT
content-encoding
br
cf-cache-status
DYNAMIC
last-modified
Sun, 25 Oct 2020 09:48:55 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ro0jb%2F0ZotNciaQ4He8wHgk%2BZzMN%2F4xL2u7tvNGJXxXMZVzVwHDAEwd6%2F9DDnsbOnmzef4LZbSjojKE3VcML8IWLNKIiClXcDNIQzYy4%2Ba54jaaG%2FLbYNtLYycPH%2Fvw%3D"}],"max_age":604800}
content-type
application/javascript
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
617f9a7d5be82c36-FRA
cf-request-id
07e39ee25400002c3684946000000001
jquery.min.js.descarga
chat.whatzsapp.com/x_files/ 		82 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://chat.whatzsapp.com/x_files/jquery.min.js.descarga
Requested by
Host: chat.whatzsapp.com
URL: https://chat.whatzsapp.com/3HGATtKvRwtRw2ot7vRwp/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:176 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5

Request headers

Referer
https://chat.whatzsapp.com/3HGATtKvRwtRw2ot7vRwp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 27 Jan 2021 04:06:52 GMT
content-encoding
br
cf-cache-status
DYNAMIC
last-modified
Sun, 25 Oct 2020 09:48:58 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=YByB8kiibXvOZ2W6shMXjiGWQPEyYKpefFA%2BI9t2lIYVtLPli3OInpGSUCn8r4iypnJYHvspX%2FgamPtjXnTJyPT1ZaS3RaxiVz59%2FvqcA%2BMl88YCOk%2FkoUXP9%2F9kxLg%3D"}],"max_age":604800}
content-type
application/javascript
nel
{"report_to":"cf-nel","max_age":604800}
cf-ray
617f9a7d5be92c36-FRA
cf-request-id
07e39ee25400002c36ce0f1000000001
d2.jpg
chat.whatuspp.com/ 		45 KB
46 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://chat.whatuspp.com/d2.jpg
Requested by
Host: chat.whatzsapp.com
URL: https://chat.whatzsapp.com/3HGATtKvRwtRw2ot7vRwp/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:58cf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1fd07577d23a55297d762f2de11bb8fb75870ceb5512d92e39f833e2e0768a48

Request headers

Referer
https://chat.whatzsapp.com/3HGATtKvRwtRw2ot7vRwp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 27 Jan 2021 04:06:52 GMT
cf-cache-status
HIT
last-modified
Tue, 20 Oct 2020 07:25:18 GMT
server
cloudflare
age
4181
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=I1rl5DU6lBljF8EbDeUgvHd5iqvtjl1M7TlkEgbe2s%2F0ne3gTnKjAqD2oJf1dboWkcQRGam%2FkAyNEf2c5YOc2mxKQYdBj%2B5ayE%2BqJRIi4F0b5YueWaA1jI8VHlcjOw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=14400
nel
{"report_to":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
617f9a807ea94a85-FRA
content-length
46187
cf-request-id
07e39ee44a00004a85308cd000000001
js
www.googletagmanager.com/gtag/ 		98 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-126692131-1&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-126692131-4
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
fd0f76869b91f5dc64e1be96bb7dc4bcf4f7d36e19ccc19a2901aa1c4b39a700
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://chat.whatzsapp.com/3HGATtKvRwtRw2ot7vRwp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 27 Jan 2021 04:06:52 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
39666
x-xss-protection
0
last-modified
Wed, 27 Jan 2021 03:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 27 Jan 2021 04:06:52 GMT
analytics.js
www.google-analytics.com/ 		46 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-126692131-1&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://chat.whatzsapp.com/3HGATtKvRwtRw2ot7vRwp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 23 Oct 2020 03:00:57 GMT
server
Golfe2
age
6033
date
Wed, 27 Jan 2021 02:26:19 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18817
expires
Wed, 27 Jan 2021 04:26:19 GMT
collect
www.google-analytics.com/j/ 		1 B
389 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j87&a=545734130&t=pageview&_s=1&dl=https%3A%2F%2Fchat.whatzsapp.com%2F3HGATtKvRwtRw2ot7vRwp%2F&ul=en-us&de=UTF-8&dt=WhatsApp%20Group&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUABAAAAAC~&jid=433452730&gjid=663842621&cid=1042087511.1611720412&tid=UA-126692131-1&_gid=1742383281.1611720412&_r=1&gtm=2ou1d0&z=1482232538
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://chat.whatzsapp.com/3HGATtKvRwtRw2ot7vRwp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 27 Jan 2021 04:06:52 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://chat.whatzsapp.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/ 		1 B
24 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j87&a=545734130&t=pageview&_s=1&dl=https%3A%2F%2Fchat.whatzsapp.com%2F3HGATtKvRwtRw2ot7vRwp%2F&ul=en-us&de=UTF-8&dt=WhatsApp%20Group&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEDAAUABAAAAAC~&jid=167522318&gjid=896388744&cid=1042087511.1611720412&tid=UA-126692131-4&_gid=1742383281.1611720412&_r=1&gtm=2ou1d0&z=2075222218
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://chat.whatzsapp.com/3HGATtKvRwtRw2ot7vRwp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 27 Jan 2021 04:06:52 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://chat.whatzsapp.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/ 		2 B
27 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j87&a=545734130&t=pageview&_s=1&dl=https%3A%2F%2Fchat.whatzsapp.com%2F3HGATtKvRwtRw2ot7vRwp%2F&ul=en-us&de=UTF-8&dt=WhatsApp%20Group&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=KEDAAUABAAAAAC~&jid=64059871&gjid=1824229623&cid=1042087511.1611720412&tid=UA-84339563-1&_gid=1742383281.1611720412&_r=1&_slc=1&z=1675069571
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://chat.whatzsapp.com/3HGATtKvRwtRw2ot7vRwp/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 27 Jan 2021 04:06:52 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://chat.whatzsapp.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
icon-chat.png
chat.whatzsapp.com/img/v4/invite/ 		315 B
315 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://chat.whatzsapp.com/img/v4/invite/icon-chat.png
Requested by
Host: chat.whatzsapp.com
URL: https://chat.whatzsapp.com/x_files/invite.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:176 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

Referer
https://chat.whatzsapp.com/x_files/invite.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 27 Jan 2021 04:06:52 GMT
content-encoding
br
cf-cache-status
EXPIRED
nel
{"report_to":"cf-nel","max_age":604800}
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Ubu2qX1vY8lUxogJgi%2B%2BbWhNX1jzyOgwIQu%2Bch2AC2rarYjrZ4GZeYOREnNErQyWfJAh9H6GMZvLUBS9zUjcTFFvy360b1Bcn9qzArNQEIORO3zaUbFPAlQBqmS33xc%3D"}],"max_age":604800}
content-type
text/html; charset=iso-8859-1
cache-control
max-age=14400
cf-ray
617f9a8158662c36-FRA
cf-request-id
07e39ee4d500002c368d0ec000000001
truncated
/ 		157 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fb2ceb00d62c62740a0d175a3a943ce09a66c30c9eb8a6f98760f8bc774b182c

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WhatsApp (Instant Messenger)

52 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| gtag object| dataLayer object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| gaplugins object| gaGlobal object| gaData function| $ function| jQuery string| image_save_msg string| no_menu_msg string| smessage function| disableEnterKey function| disable_copy function| disable_copy_ie function| reEnable function| disableSelection function| nocontext object| _0xb070 object| objetos function| aleatorio object| rlink string| msgamigo number| shareCountG string| urlpubliMovil string| urlpubliPC string| msg function| setCookie function| getCookie number| c string| g function| fng function| random function| checkZero function| timer1 number| ii number| iy function| hidepop object| citas number| alea function| newPopup

7 Cookies

Domain/Path Name / Value
.whatzsapp.com/ Name: _gat
Value: 1
.whatzsapp.com/ Name: _gat_gtag_UA_126692131_4
Value: 1
.whatzsapp.com/ Name: _gid
Value: GA1.2.1742383281.1611720412
.whatzsapp.com/ Name: _gat_gtag_UA_126692131_1
Value: 1
.whatzsapp.com/ Name: _ga
Value: GA1.2.1042087511.1611720412
.whatzsapp.com/ Name: __cfduid
Value: dca4a72053dada73f4b88afddee4f26661611720409
chat.whatzsapp.com/3HGATtKvRwtRw2ot7vRwp Name: invgrupo
Value: 0