whatsapplijs.com
Open in
urlscan Pro
103.142.103.148
Malicious Activity!
Public Scan
Submission: On May 22 via api from SG — Scanned from SG
Summary
This is the only time whatsapplijs.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: WhatsApp (Instant Messenger)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 14 | 103.142.103.148 103.142.103.148 | 55933 (CLOUDIE-A...) (CLOUDIE-AS-AP Cloudie Limited) | |
2 | 162.159.137.2 162.159.137.2 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 43.154.32.158 43.154.32.158 | 132203 (TENCENT-N...) (TENCENT-NET-AP-CN Tencent Building) | |
14 | 4 |
ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN)
down2.anqiuzp.cn |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
whatsapplijs.com
4 redirects
whatsapplijs.com |
277 KB |
2 |
miancp.com
supcache.miancp.com |
73 KB |
1 |
anqiuzp.cn
down2.anqiuzp.cn |
1023 KB |
0 |
whatsapp.com
Failed
web.whatsapp.com Failed |
|
14 | 4 |
Domain | Requested by | |
---|---|---|
14 | whatsapplijs.com |
4 redirects
whatsapplijs.com
|
2 | supcache.miancp.com |
whatsapplijs.com
|
1 | down2.anqiuzp.cn |
whatsapplijs.com
|
0 | web.whatsapp.com Failed |
whatsapplijs.com
|
14 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
faq.whatsapp.com |
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://whatsapplijs.com/
Frame ID: 74B1E992554EE50A564306C44D9E710E
Requests: 15 HTTP requests in this frame
Screenshot
Page Title
WhatsAppPage URL History Show full URLs
- http://whatsapplijs.com/ Page URL
-
http://whatsapplijs.com/?__W=307dd2c2c0a4ee6790a57de8d66a661c91684723717_18184615
HTTP 302
http://whatsapplijs.com/ Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: 需要登入帮助吗?
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://whatsapplijs.com/ Page URL
-
http://whatsapplijs.com/?__W=307dd2c2c0a4ee6790a57de8d66a661c91684723717_18184615
HTTP 302
http://whatsapplijs.com/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 7- http://whatsapplijs.com/img/01.jpg HTTP 302
- https://supcache.miancp.com/data/whatsapplijs.com/img/01.jpg
- http://whatsapplijs.com/index_files/video.png HTTP 302
- https://supcache.miancp.com/data/whatsapplijs.com/index_files/video.png
- http://whatsapplijs.com/index_files/whatsapp-webclient-login_c09223f0813e7c3adc16476cba2a5d0d.mp4 HTTP 302
- https://down2.anqiuzp.cn/data/whatsapplijs.com/index_files/whatsapp-webclient-login_c09223f0813e7c3adc16476cba2a5d0d.mp4
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
whatsapplijs.com/ |
193 B 344 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
whatsapplijs.com/ Redirect Chain
|
19 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
stylex-2d46744708947781f1f33a0069cbc308.css
whatsapplijs.com/index_files/ |
116 KB 29 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap_qr-e2b403f65ed52d327e90.css
whatsapplijs.com/index_files/ |
173 KB 56 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap_main.9d6050e3d2fff5b782d3.css
whatsapplijs.com/index_files/ |
226 KB 45 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
whatsapplijs.com/index_files/ |
91 KB 33 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.cookie.js
whatsapplijs.com/index_files/ |
3 KB 2 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
qrcode.min.js
whatsapplijs.com/index_files/ |
19 KB 7 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
01.jpg
supcache.miancp.com/data/whatsapplijs.com/img/ Redirect Chain
|
57 KB 57 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
video.png
supcache.miancp.com/data/whatsapplijs.com/index_files/ Redirect Chain
|
16 KB 16 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
binary-transparency-manifest-2.2232.8.json
web.whatsapp.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
libsignal-protocol-ee5b8ba.min.js
whatsapplijs.com/index_files/ |
244 KB 89 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
runtime.88c356058afe3d58a508.js
whatsapplijs.com/index_files/ |
15 KB 7 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
whatsapp-webclient-login_c09223f0813e7c3adc16476cba2a5d0d.mp4
down2.anqiuzp.cn/data/whatsapplijs.com/index_files/ Redirect Chain
|
1022 KB 1023 KB |
Media
video/mp4 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
75 KB 75 KB |
Other
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- web.whatsapp.com
- URL
- https://web.whatsapp.com/binary-transparency-manifest-2.2232.8.json
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: WhatsApp (Instant Messenger)17 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless function| $ function| jQuery function| QRCode function| guid function| sock function| qrcode function| qrcode2 function| refreshqrcode boolean| systemThemeDark object| theme object| systemThemeMode object| systemTheme boolean| darkTheme object| libsignal object| dcodeIO object| webpackChunkwhatsapp_web_client1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
whatsapplijs.com/ | Name: security_session_verify Value: 063e660c6ba9d97d51ab9e7e0b0869b7 |
3 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
down2.anqiuzp.cn
supcache.miancp.com
web.whatsapp.com
whatsapplijs.com
web.whatsapp.com
103.142.103.148
162.159.137.2
43.154.32.158
217ba3afba88ce551cd08b4ea6e31ba0e3ad155d95b0da690b259ade4c326165
21ca687dccf712e6f92f4e20c352ecc6ed7171d2fd5f0f51ca66a97b4fefbb69
304ec2931578cb1873fa13bfb6dfdd1c5c5dd727db1432bc7cbef7ec415edf7d
71d2eed0d752300710ab0c31e661b9506e71a9c9b8c7443a8b06a7a470d64142
89afeba51801739c6ad599cfe9e6d57ad224de70507423fe79649bea2a13ee3b
9462066cd31fa7927d08b725df1ef816ef2401a5f565649d6a053207f216877e
a6c71bcbfaab90e153dbedb09eba32fb495330d7b59d3f472ea5bebb8ee63469
a7d68668e103d6d1dc9c64b5982b9e68d3be22ac54a13811ef2da92bc0c6383f
c541ef06327885a8415bca8df6071e14189b4855336def4f36db54bde8484f36
d7569133e6781f16019c6c9a1c029f5b11295fadd6d1b494eb29c1722dd4d4d3
d980ab372658f4c7c8f07d730ef6dc67e3fb3471f37928274f915c0308850994
e9b590e9c7eb7faefaa5bb9cecaa7eb7dc3460b17bb01a666919b442ac5933a8
fa411409e767595b83bf12f7204d69a856031ec9466998358316f6cbbfedd8a6