whatsapplijs.com Open in urlscan Pro
103.142.103.148 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://whatsapplijs.com/
Submission: On May 22 via api (May 22nd 2023, 2:48:43 am UTC) from SG — Scanned from SG

Summary HTTP 14 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 14 HTTP transactions. The main IP is 103.142.103.148, located in China and belongs to CLOUDIE-AS-AP Cloudie Limited, HK. The main domain is whatsapplijs.com.

This is the only time whatsapplijs.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: WhatsApp (Instant Messenger)

Domain & IP information

	IP Address	AS Autonomous System
4 14	103.142.103.148 103.142.103.148	55933 (CLOUDIE-A...) (CLOUDIE-AS-AP Cloudie Limited)
2	162.159.137.2 162.159.137.2	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	43.154.32.158 43.154.32.158	132203 (TENCENT-N...) (TENCENT-NET-AP-CN Tencent Building)
14	4

14 103.142.103.148 (China) 4 redirects

ASN55933 (CLOUDIE-AS-AP Cloudie Limited, HK)

whatsapplijs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.159.137.2 (None, )

ASN13335 (CLOUDFLARENET, US)

supcache.miancp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 43.154.32.158 (Central, Hong Kong)

ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN)

down2.anqiuzp.cn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	whatsapplijs.com 4 redirects whatsapplijs.com	277 KB
2	miancp.com supcache.miancp.com	73 KB
1	anqiuzp.cn down2.anqiuzp.cn	1023 KB
0	whatsapp.com Failed web.whatsapp.com Failed
14	4

	Domain	Requested by
14	whatsapplijs.com	4 redirects whatsapplijs.com
2	supcache.miancp.com	whatsapplijs.com
1	down2.anqiuzp.cn	whatsapplijs.com
0	web.whatsapp.com Failed	whatsapplijs.com
14	4

This site contains links to these domains. Also see Links.

Domain
faq.whatsapp.com

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://whatsapplijs.com/
Frame ID: 74B1E992554EE50A564306C44D9E710E
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

WhatsApp

Page URL History Show full URLs

http://whatsapplijs.com/ Page URL
http://whatsapplijs.com/?__W=307dd2c2c0a4ee6790a57de8d66a661c91684723717_18184615 HTTP 302
http://whatsapplijs.com/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

14
Requests

0 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

1447 kB
Transfer

2076 kB
Size

1
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://faq.whatsapp.com/web/download-and-installation/how-to-log-in-or-out?lang=zh-CN
Title: 需要登入帮助吗？

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://whatsapplijs.com/ Page URL
http://whatsapplijs.com/?__W=307dd2c2c0a4ee6790a57de8d66a661c91684723717_18184615 HTTP 302
http://whatsapplijs.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 7

http://whatsapplijs.com/img/01.jpg HTTP 302
https://supcache.miancp.com/data/whatsapplijs.com/img/01.jpg

Request Chain 8

http://whatsapplijs.com/index_files/video.png HTTP 302
https://supcache.miancp.com/data/whatsapplijs.com/index_files/video.png

Request Chain 12

http://whatsapplijs.com/index_files/whatsapp-webclient-login_c09223f0813e7c3adc16476cba2a5d0d.mp4 HTTP 302
https://down2.anqiuzp.cn/data/whatsapplijs.com/index_files/whatsapp-webclient-login_c09223f0813e7c3adc16476cba2a5d0d.mp4

14 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	/ whatsapplijs.com/	193 B 344 B	355ms 38ms	Document text/html	103.142.103.148 CLOUDIE-AS-AP Clo...
General Check archive.org Show headers Download Go to Full URL http://whatsapplijs.com/ Protocol HTTP/1.1 Server 103.142.103.148 , China, ASN55933 (CLOUDIE-AS-AP Cloudie Limited, HK), Reverse DNS Software / Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 accept-language zh-SG,zh;q=0.9 Response headers Cache-Control no-cache,no-store Connection close Content-Type text/html; charset=utf-8 Transfer-Encoding chunked
GET H/1.1	200 OK	Primary Request / Show response whatsapplijs.com/ Redirect Chain http://whatsapplijs.com/?__W=307dd2c2c0a4ee6790a57de8d66a661c91684723717_18184615 http://whatsapplijs.com/	19 KB 8 KB	199ms 198ms	Document text/html	103.142.103.148 CLOUDIE-AS-AP Clo...
General Check archive.org Show headers Download Go to Full URL http://whatsapplijs.com/ Requested by Host: whatsapplijs.com URL: http://whatsapplijs.com/ Protocol HTTP/1.1 Server 103.142.103.148 , China, ASN55933 (CLOUDIE-AS-AP Cloudie Limited, HK), Reverse DNS Software nginx / Resource Hash `217ba3afba88ce551cd08b4ea6e31ba0e3ad155d95b0da690b259ade4c326165` Request headers Referer http://whatsapplijs.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 accept-language zh-SG,zh;q=0.9 Response headers Age 1 Content-Encoding gzip Content-Type text/html Date Mon, 22 May 2023 02:48:34 GMT Last-Modified Fri, 12 May 2023 11:10:00 GMT Server nginx Transfer-Encoding chunked X-Cache MISS from HK-HOST 1V229 Redirect headers Content-Length 0 Location /
GET H/1.1	200 OK	stylex-2d46744708947781f1f33a0069cbc308.css whatsapplijs.com/index_files/	116 KB 29 KB	351ms 351ms	Stylesheet text/css	103.142.103.148 CLOUDIE-AS-AP Clo...
General Check archive.org Show headers Download Go to Full URL http://whatsapplijs.com/index_files/stylex-2d46744708947781f1f33a0069cbc308.css Requested by Host: whatsapplijs.com URL: http://whatsapplijs.com/ Protocol HTTP/1.1 Server 103.142.103.148 , China, ASN55933 (CLOUDIE-AS-AP Cloudie Limited, HK), Reverse DNS Software nginx / Resource Hash `d7569133e6781f16019c6c9a1c029f5b11295fadd6d1b494eb29c1722dd4d4d3` Request headers accept-language zh-SG,zh;q=0.9 Referer http://whatsapplijs.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers Date Mon, 22 May 2023 02:48:34 GMT Content-Encoding gzip Last-Modified Tue, 09 May 2023 07:54:48 GMT Server nginx Transfer-Encoding chunked X-Cache MISS from HK-HOST 1V229 Content-Type text/css
GET H/1.1	200 OK	bootstrap_qr-e2b403f65ed52d327e90.css whatsapplijs.com/index_files/	173 KB 56 KB	308ms 269ms	Stylesheet text/css	103.142.103.148 CLOUDIE-AS-AP Clo...
General Check archive.org Show headers Download Go to Full URL http://whatsapplijs.com/index_files/bootstrap_qr-e2b403f65ed52d327e90.css Requested by Host: whatsapplijs.com URL: http://whatsapplijs.com/ Protocol HTTP/1.1 Server 103.142.103.148 , China, ASN55933 (CLOUDIE-AS-AP Cloudie Limited, HK), Reverse DNS Software nginx / Resource Hash `304ec2931578cb1873fa13bfb6dfdd1c5c5dd727db1432bc7cbef7ec415edf7d` Request headers accept-language zh-SG,zh;q=0.9 Referer http://whatsapplijs.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers Date Mon, 22 May 2023 02:48:34 GMT Content-Encoding gzip Last-Modified Tue, 09 May 2023 07:54:46 GMT Server nginx Transfer-Encoding chunked X-Cache MISS from HK-HOST 1V229 Content-Type text/css
GET H/1.1	200 OK	bootstrap_main.9d6050e3d2fff5b782d3.css whatsapplijs.com/index_files/	226 KB 45 KB	489ms 449ms	Stylesheet text/css	103.142.103.148 CLOUDIE-AS-AP Clo...
General Check archive.org Show headers Download Go to Full URL http://whatsapplijs.com/index_files/bootstrap_main.9d6050e3d2fff5b782d3.css Requested by Host: whatsapplijs.com URL: http://whatsapplijs.com/ Protocol HTTP/1.1 Server 103.142.103.148 , China, ASN55933 (CLOUDIE-AS-AP Cloudie Limited, HK), Reverse DNS Software nginx / Resource Hash `21ca687dccf712e6f92f4e20c352ecc6ed7171d2fd5f0f51ca66a97b4fefbb69` Request headers accept-language zh-SG,zh;q=0.9 Referer http://whatsapplijs.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers Date Mon, 22 May 2023 02:48:34 GMT Content-Encoding gzip Last-Modified Tue, 09 May 2023 07:54:45 GMT Server nginx Transfer-Encoding chunked X-Cache MISS from HK-HOST 1V229 Content-Type text/css
GET H/1.1	200 OK	jquery.min.js Show response whatsapplijs.com/index_files/	91 KB 33 KB	369ms 329ms	Script application/x-javascript	103.142.103.148 CLOUDIE-AS-AP Clo...
General Check archive.org Show headers Download Go to Full URL http://whatsapplijs.com/index_files/jquery.min.js Requested by Host: whatsapplijs.com URL: http://whatsapplijs.com/ Protocol HTTP/1.1 Server 103.142.103.148 , China, ASN55933 (CLOUDIE-AS-AP Cloudie Limited, HK), Reverse DNS Software nginx / Resource Hash `fa411409e767595b83bf12f7204d69a856031ec9466998358316f6cbbfedd8a6` Request headers accept-language zh-SG,zh;q=0.9 Referer http://whatsapplijs.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers Date Mon, 22 May 2023 02:48:34 GMT Content-Encoding gzip Last-Modified Tue, 09 May 2023 07:54:46 GMT Server nginx Transfer-Encoding chunked X-Cache MISS from HK-HOST 1V229 Content-Type application/x-javascript
GET H/1.1	200 OK	jquery.cookie.js Show response whatsapplijs.com/index_files/	3 KB 2 KB	198ms 159ms	Script application/x-javascript	103.142.103.148 CLOUDIE-AS-AP Clo...
General Check archive.org Show headers Download Go to Full URL http://whatsapplijs.com/index_files/jquery.cookie.js Requested by Host: whatsapplijs.com URL: http://whatsapplijs.com/ Protocol HTTP/1.1 Server 103.142.103.148 , China, ASN55933 (CLOUDIE-AS-AP Cloudie Limited, HK), Reverse DNS Software nginx / Resource Hash `a6c71bcbfaab90e153dbedb09eba32fb495330d7b59d3f472ea5bebb8ee63469` Request headers accept-language zh-SG,zh;q=0.9 Referer http://whatsapplijs.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers Date Mon, 22 May 2023 02:48:34 GMT Content-Encoding gzip Last-Modified Tue, 09 May 2023 07:54:46 GMT Server nginx Transfer-Encoding chunked X-Cache MISS from HK-HOST 1V229 Content-Type application/x-javascript
GET H/1.1	200 OK	qrcode.min.js Show response whatsapplijs.com/index_files/	19 KB 7 KB	303ms 263ms	Script application/x-javascript	103.142.103.148 CLOUDIE-AS-AP Clo...
General Check archive.org Show headers Download Go to Full URL http://whatsapplijs.com/index_files/qrcode.min.js Requested by Host: whatsapplijs.com URL: http://whatsapplijs.com/ Protocol HTTP/1.1 Server 103.142.103.148 , China, ASN55933 (CLOUDIE-AS-AP Cloudie Limited, HK), Reverse DNS Software nginx / Resource Hash `c541ef06327885a8415bca8df6071e14189b4855336def4f36db54bde8484f36` Request headers accept-language zh-SG,zh;q=0.9 Referer http://whatsapplijs.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers Date Mon, 22 May 2023 02:48:34 GMT Content-Encoding gzip Last-Modified Tue, 09 May 2023 07:54:47 GMT Server nginx Transfer-Encoding chunked X-Cache MISS from HK-HOST 1V229 Content-Type application/x-javascript
GET H2	200	01.jpg supcache.miancp.com/data/whatsapplijs.com/img/ Redirect Chain http://whatsapplijs.com/img/01.jpg https://supcache.miancp.com/data/whatsapplijs.com/img/01.jpg	57 KB 57 KB	385ms 227ms	Image image/jpeg	162.159.137.2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://supcache.miancp.com/data/whatsapplijs.com/img/01.jpg Requested by Host: whatsapplijs.com URL: http://whatsapplijs.com/ Protocol H2 Server 162.159.137.2 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `71d2eed0d752300710ab0c31e661b9506e71a9c9b8c7443a8b06a7a470d64142` Request headers accept-language zh-SG,zh;q=0.9 Referer http://whatsapplijs.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Mon, 22 May 2023 02:48:39 GMT cf-cache-status HIT last-modified Fri, 12 May 2023 10:56:00 GMT cf-bgj h2pri server cloudflare nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4wEx%2BBiNHxefdP9W7kmfLH7hF2Aiy4D4Vhp4EOfXMp9W46riXV4rbQ0dBB%2F1DYZVauVNj1UsA86DXfRLMc8ERAe%2BA%2BtuJi1sE9dpICmlKHBMp0PKzGpU0sWDn1mHooU3FgD4lj5D"}],"group":"cf-nel","max_age":604800} x-cache MISS from TUcache-els content-type image/jpeg cache-control max-age=7200 cf-ray 7cb1bdcb88886bb1-SIN alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 Redirect headers Location https://supcache.miancp.com/data/whatsapplijs.com/img/01.jpg Date Mon, 22 May 2023 02:48:38 GMT Server HK-HOST 1V229 Content-Length 0
GET H2	200	video.png supcache.miancp.com/data/whatsapplijs.com/index_files/ Redirect Chain http://whatsapplijs.com/index_files/video.png https://supcache.miancp.com/data/whatsapplijs.com/index_files/video.png	16 KB 16 KB	372ms 214ms	Image image/png	162.159.137.2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://supcache.miancp.com/data/whatsapplijs.com/index_files/video.png Requested by Host: whatsapplijs.com URL: http://whatsapplijs.com/ Protocol H2 Server 162.159.137.2 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d980ab372658f4c7c8f07d730ef6dc67e3fb3471f37928274f915c0308850994` Request headers accept-language zh-SG,zh;q=0.9 Referer http://whatsapplijs.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Mon, 22 May 2023 02:48:39 GMT content-encoding gzip cf-cache-status HIT last-modified Tue, 09 May 2023 07:54:48 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8kke1uzVyTdl7%2BPam2M2RwMWQeTfT4n3lC2ugqgJNI%2BsCoyoUm6wPjrH%2FNG5z43BZNT3v1vs5osu2J5E9zGuDOLAf1D9vorW%2Bp0EnV7EFF5AKojecnt2kGnfDMIfqL9D57Fhjtxa"}],"group":"cf-nel","max_age":604800} x-cache MISS from TUcache-els content-type image/png cache-control max-age=7200 cf-ray 7cb1bdcb88896bb1-SIN alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 Redirect headers Location https://supcache.miancp.com/data/whatsapplijs.com/index_files/video.png Date Mon, 22 May 2023 02:48:38 GMT Server HK-HOST 1V229 Content-Length 0
GET		binary-transparency-manifest-2.2232.8.json web.whatsapp.com/	0 0

GET H/1.1	200 OK	libsignal-protocol-ee5b8ba.min.js Show response whatsapplijs.com/index_files/	244 KB 89 KB	328ms 327ms	Script application/x-javascript	103.142.103.148 CLOUDIE-AS-AP Clo...
General Check archive.org Show headers Download Go to Full URL http://whatsapplijs.com/index_files/libsignal-protocol-ee5b8ba.min.js Requested by Host: whatsapplijs.com URL: http://whatsapplijs.com/ Protocol HTTP/1.1 Server 103.142.103.148 , China, ASN55933 (CLOUDIE-AS-AP Cloudie Limited, HK), Reverse DNS Software nginx / Resource Hash `a7d68668e103d6d1dc9c64b5982b9e68d3be22ac54a13811ef2da92bc0c6383f` Request headers accept-language zh-SG,zh;q=0.9 Referer http://whatsapplijs.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers Date Mon, 22 May 2023 02:48:34 GMT Content-Encoding gzip Last-Modified Tue, 09 May 2023 07:54:47 GMT Server nginx Transfer-Encoding chunked X-Cache MISS from HK-HOST 1V229 Content-Type application/x-javascript
GET H/1.1	200 OK	runtime.88c356058afe3d58a508.js Show response whatsapplijs.com/index_files/	15 KB 7 KB	157ms 156ms	Script application/x-javascript	103.142.103.148 CLOUDIE-AS-AP Clo...
General Check archive.org Show headers Download Go to Full URL http://whatsapplijs.com/index_files/runtime.88c356058afe3d58a508.js Requested by Host: whatsapplijs.com URL: http://whatsapplijs.com/ Protocol HTTP/1.1 Server 103.142.103.148 , China, ASN55933 (CLOUDIE-AS-AP Cloudie Limited, HK), Reverse DNS Software nginx / Resource Hash `e9b590e9c7eb7faefaa5bb9cecaa7eb7dc3460b17bb01a666919b442ac5933a8` Request headers accept-language zh-SG,zh;q=0.9 Referer http://whatsapplijs.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers Date Mon, 22 May 2023 02:48:34 GMT Content-Encoding gzip Last-Modified Tue, 09 May 2023 07:54:48 GMT Server nginx Transfer-Encoding chunked X-Cache MISS from HK-HOST 1V229 Content-Type application/x-javascript
GET H2	206	whatsapp-webclient-login_c09223f0813e7c3adc16476cba2a5d0d.mp4 down2.anqiuzp.cn/data/whatsapplijs.com/index_files/ Redirect Chain http://whatsapplijs.com/index_files/whatsapp-webclient-login_c09223f0813e7c3adc16476cba2a5d0d.mp4 https://down2.anqiuzp.cn/data/whatsapplijs.com/index_files/whatsapp-webclient-login_c09223f0813e7c3adc16476cba2a5d0d.mp4	1022 KB 1023 KB	415ms 40ms	Media video/mp4	43.154.32.158 TENCENT-NET-AP-CN...
General Check archive.org Show headers Download Go to Full URL https://down2.anqiuzp.cn/data/whatsapplijs.com/index_files/whatsapp-webclient-login_c09223f0813e7c3adc16476cba2a5d0d.mp4 Requested by Host: whatsapplijs.com URL: http://whatsapplijs.com/ Protocol H2 Server 43.154.32.158 Central, Hong Kong, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN), Reverse DNS Software QYServer-PHP52 / Resource Hash `89afeba51801739c6ad599cfe9e6d57ad224de70507423fe79649bea2a13ee3b` Request headers accept-language zh-SG,zh;q=0.9 Referer http://whatsapplijs.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers date Wed, 10 May 2023 07:54:53 GMT last-modified Tue, 09 May 2023 07:54:49 GMT server QYServer-PHP52 age 1010877 x-cache HIT from DOWN-43.154.32.158-1V248 content-type video/mp4 Content-Range bytes 0-1046449/1046450 Content-Length 1046450 Redirect headers Location https://down2.anqiuzp.cn/data/whatsapplijs.com/index_files/whatsapp-webclient-login_c09223f0813e7c3adc16476cba2a5d0d.mp4 Date Mon, 22 May 2023 02:48:38 GMT Server HK-HOST 1V229 Content-Length 0
GET DATA	200 OK	truncated /	75 KB 75 KB		Other application/octet-stream
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `9462066cd31fa7927d08b725df1ef816ef2401a5f565649d6a053207f216877e` Request headers accept-language zh-SG,zh;q=0.9 Referer http://whatsapplijs.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers Content-Type application/octet-stream

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: web.whatsapp.com
URL: https://web.whatsapp.com/binary-transparency-manifest-2.2232.8.json

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WhatsApp (Instant Messenger)

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			whatsapplijs.com/	1970-01-20 12:03:31	Name: security_session_verify Value: 063e660c6ba9d97d51ab9e7e0b0869b7

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: http://whatsapplijs.com/ Message: Access to link element resource at 'https://web.whatsapp.com/binary-transparency-manifest-2.2232.8.json' from origin 'http://whatsapplijs.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://web.whatsapp.com/binary-transparency-manifest-2.2232.8.json Message: Failed to load resource: net::ERR_FAILED
javascript	warning	URL: http://whatsapplijs.com/ Message: The resource https://web.whatsapp.com/binary-transparency-manifest-2.2232.8.json was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

down2.anqiuzp.cn
supcache.miancp.com
web.whatsapp.com
whatsapplijs.com
web.whatsapp.com
103.142.103.148
162.159.137.2
43.154.32.158
217ba3afba88ce551cd08b4ea6e31ba0e3ad155d95b0da690b259ade4c326165
21ca687dccf712e6f92f4e20c352ecc6ed7171d2fd5f0f51ca66a97b4fefbb69
304ec2931578cb1873fa13bfb6dfdd1c5c5dd727db1432bc7cbef7ec415edf7d
71d2eed0d752300710ab0c31e661b9506e71a9c9b8c7443a8b06a7a470d64142
89afeba51801739c6ad599cfe9e6d57ad224de70507423fe79649bea2a13ee3b
9462066cd31fa7927d08b725df1ef816ef2401a5f565649d6a053207f216877e
a6c71bcbfaab90e153dbedb09eba32fb495330d7b59d3f472ea5bebb8ee63469
a7d68668e103d6d1dc9c64b5982b9e68d3be22ac54a13811ef2da92bc0c6383f
c541ef06327885a8415bca8df6071e14189b4855336def4f36db54bde8484f36
d7569133e6781f16019c6c9a1c029f5b11295fadd6d1b494eb29c1722dd4d4d3
d980ab372658f4c7c8f07d730ef6dc67e3fb3471f37928274f915c0308850994
e9b590e9c7eb7faefaa5bb9cecaa7eb7dc3460b17bb01a666919b442ac5933a8
fa411409e767595b83bf12f7204d69a856031ec9466998358316f6cbbfedd8a6

whatsapplijs.com Open in urlscan Pro 103.142.103.148 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

14 Requests

0 %HTTPS

0 %IPv6

4 Domains

4 Subdomains

4 IPs

3 Countries

1447 kBTransfer

2076 kBSize

1 Cookies

1 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

17 JavaScript Global Variables

1 Cookies

3 Console Messages

Indicators

whatsapplijs.com Open in urlscan Pro
103.142.103.148 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

0 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

1447 kB
Transfer

2076 kB
Size

1
Cookies

14 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!