wws.whptapps.com Open in urlscan Pro
2606:4700:3035::ac43:c1a6  Malicious Activity! Public Scan

URL: http://wws.whptapps.com/
Submission: On October 16 via api from CN — Scanned from DE

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 10 HTTP transactions. The main IP is 2606:4700:3035::ac43:c1a6, located in United States and belongs to CLOUDFLARENET, US. The main domain is wws.whptapps.com.
This is the only time wws.whptapps.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: WhatsApp (Instant Messenger)

Domain & IP information

IP Address AS Autonomous System
7 2606:4700:303... 13335 (CLOUDFLAR...)
1 163.181.92.187 24429 (TAOBAO Zh...)
2 2606:4700:303... 13335 (CLOUDFLAR...)
10 3
Apex Domain
Subdomains
Transfer
7 whptapps.com
wws.whptapps.com
185 KB
2 wjalttas.vip
ssr.wjalttas.vip
4 KB
1 staticfile.org
cdn.staticfile.org — Cisco Umbrella Rank: 66016
33 KB
10 3
Domain Requested by
7 wws.whptapps.com wws.whptapps.com
2 ssr.wjalttas.vip
1 cdn.staticfile.org wws.whptapps.com
10 3

This site contains links to these domains. Also see Links.

Domain
faq.whatsapp.com
Subject Issuer Validity Valid
*.staticfile.org
GeoTrust RSA CN CA G2
2023-09-08 -
2024-10-04
a year crt.sh
wjalttas.vip
E1
2023-09-30 -
2023-12-29
3 months crt.sh

This page contains 1 frames:

Primary Page: http://wws.whptapps.com/
Frame ID: 419F23930879C69546D01A2E62AE56A2
Requests: 10 HTTP requests in this frame

Screenshot

Page Title

WhatsApp

Detected technologies

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

10
Requests

30 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

223 kB
Transfer

664 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
wws.whptapps.com/
18 KB
7 KB
Document
General
Full URL
http://wws.whptapps.com/
Protocol
HTTP/1.1
Server
2606:4700:3035::ac43:c1a6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a456b1dee284e827c4dc7fffe7495606cc92efcae3e3c217c01353a63ecc1f13

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

CF-Cache-Status
DYNAMIC
CF-RAY
816f71c9caca4d74-FRA
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Mon, 16 Oct 2023 09:58:38 GMT
Last-Modified
Sat, 30 Sep 2023 16:44:59 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ApY%2BZeQVMbhM4A3ElHcRpJmha5rGkVYmMfm6X3v1VHxhrUYwN8ZqcdtG4ITAuVcCLBLSivHHFgs4nJMrE5Kgd7TH1s%2BBHBmaZ9Cdlnvl4gOC9AORssSEDqLyyX5fOozX7Or8uFI31GnnFbekz%2BcK"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
alt-svc
h3=":443"; ma=86400
jquery.min.js
cdn.staticfile.org/jquery/1.10.2/
91 KB
33 KB
Script
General
Full URL
https://cdn.staticfile.org/jquery/1.10.2/jquery.min.js
Requested by
Host: wws.whptapps.com
URL: http://wws.whptapps.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
163.181.92.187 Frankfurt am Main, Germany, ASN24429 (TAOBAO Zhejiang Taobao Network Co.,Ltd, CN),
Reverse DNS
Software
Tengine /
Resource Hash
89a15e9c40bc6b14809f236ee8cd3ed1ea42393c1f6ca55c7855cd779b3f922e

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://wws.whptapps.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

X-Log
X-Log
Date
Sun, 15 Oct 2023 13:24:43 GMT
Via
cache23.l2de2[0,0,304-0,H], cache2.l2de2[0,0], ens-cache13.de5[0,0,200-0,H], ens-cache10.de5[1,0]
Content-Encoding
gzip
X-Svr
IO
X-Reqid
B7EAAABjmaa8So4X
Age
74035
X-Swift-CacheTime
86398
X-Cache
HIT TCP_MEM_HIT dirn:11:412510519
Content-Transfer-Encoding
binary
Content-Disposition
inline; filename="jquery.min.js"; filename*=utf-8''jquery.min.js
Connection
keep-alive
X-Swift-SaveTime
Sun, 15 Oct 2023 13:24:45 GMT
Content-Length
32989
Last-Modified
Tue, 16 Feb 2016 04:22:54 GMT
Server
Tengine
Etag
"FuLzYD4jcR9kRvJ4pBHZBWI9ZSAe.gz"
Access-Control-Max-Age
2592000
Ali-Swift-Global-Savetime
1697376283
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
X-Log, X-Reqid
Cache-Control
public, max-age=31536000
Vary
Accept-Encoding
Accept-Ranges
bytes
X-Qiniu-Zone
0
Timing-Allow-Origin
*
EagleId
a3b55c9e16974503189761230e
stylex-ce269a9819ee8f292840728689a22cc5.css
wws.whptapps.com/WhatsApp_files/
175 KB
50 KB
Stylesheet
General
Full URL
http://wws.whptapps.com/WhatsApp_files/stylex-ce269a9819ee8f292840728689a22cc5.css
Requested by
Host: wws.whptapps.com
URL: http://wws.whptapps.com/
Protocol
HTTP/1.1
Server
2606:4700:3035::ac43:c1a6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
775fafc214e32a36e2a39e694322fed097e37d964c9dce65663655b64492d068

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://wws.whptapps.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Date
Mon, 16 Oct 2023 09:58:38 GMT
Content-Encoding
gzip
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
10
Transfer-Encoding
chunked
Connection
keep-alive
alt-svc
h3=":443"; ma=86400
Last-Modified
Sat, 15 Jul 2023 07:33:04 GMT
Server
cloudflare
ETag
W/"64b24bb0-2bb72"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=29qi6dP3zsQ6oQw04JMUE2WWJWL%2Bd%2F%2B7Dwk%2BVvEDKuWboBeAcabRX3Zkqap87QUVBmaqe2v2SDRVm281i1zScxxd8TjlSCgMQ91E5bY1TgPL%2BXel%2FW5YxpVYK35C0GFF6EFqR49pRnUq4%2FwK9GJ8"}],"group":"cf-nel","max_age":604800}
Content-Type
text/css
Cache-Control
max-age=43200
CF-RAY
816f71cb7ce54d74-FRA
Expires
Mon, 16 Oct 2023 21:58:28 GMT
app-6d34864fd47903428794.css
wws.whptapps.com/WhatsApp_files/
187 KB
66 KB
Stylesheet
General
Full URL
http://wws.whptapps.com/WhatsApp_files/app-6d34864fd47903428794.css
Requested by
Host: wws.whptapps.com
URL: http://wws.whptapps.com/
Protocol
HTTP/1.1
Server
2606:4700:3035::ac43:c1a6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
69acbe3d7c92af1a509b7351cabfac35b356c18eef8c9299f5ac354acfdba079

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://wws.whptapps.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Date
Mon, 16 Oct 2023 09:58:39 GMT
Content-Encoding
gzip
CF-Cache-Status
REVALIDATED
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Transfer-Encoding
chunked
Connection
keep-alive
alt-svc
h3=":443"; ma=86400
Last-Modified
Sat, 15 Jul 2023 07:33:02 GMT
Server
cloudflare
ETag
W/"64b24bae-2eab4"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RCSdHV3tmvYn9hU6Gk3nOrYC1i%2Ff4rfocYTf4RSzhXyywN%2BMTWxWg8lGmF1YFW6IYeBKpcoFAMqQWByoqtvwxoCEVMifuddIzqs1pfiynt8NeDg%2FZAh%2BkktXG5QPubji4ILyQQhwUW7l9WlHMqh1"}],"group":"cf-nel","max_age":604800}
Content-Type
text/css
Cache-Control
max-age=43200
CF-RAY
816f71cb8e3939f1-FRA
Expires
Mon, 16 Oct 2023 21:58:39 GMT
main~.b66100b3486cd1857cd3.css
wws.whptapps.com/WhatsApp_files/
21 KB
6 KB
Stylesheet
General
Full URL
http://wws.whptapps.com/WhatsApp_files/main~.b66100b3486cd1857cd3.css
Requested by
Host: wws.whptapps.com
URL: http://wws.whptapps.com/
Protocol
HTTP/1.1
Server
2606:4700:3035::ac43:c1a6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8a636dbd66666f13902713e7bc7d2e1cab497b299f533495759a2c68c459c5a4

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://wws.whptapps.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Date
Mon, 16 Oct 2023 09:58:39 GMT
Content-Encoding
gzip
CF-Cache-Status
REVALIDATED
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Transfer-Encoding
chunked
Connection
keep-alive
alt-svc
h3=":443"; ma=86400
Last-Modified
Sat, 15 Jul 2023 07:33:04 GMT
Server
cloudflare
ETag
W/"64b24bb0-55b9"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6nRnukO7rMLFOztLeeQHvvJ%2BbWHb8hnsNA49sAMMiCt6tjhlA0EbKLOisNBEss53ZlOyx%2BT6P%2BtsD4qCpUErMpb4BNrs3eCvxdMsWic9CaHlel6wPuyoJIxPMcWK14M34LA98Y80RjCNEDTjWCP5"}],"group":"cf-nel","max_age":604800}
Content-Type
text/css
Cache-Control
max-age=43200
CF-RAY
816f71cb8a5a4da6-FRA
Expires
Mon, 16 Oct 2023 21:58:39 GMT
main.fdf0caa2786c3269572d.css
wws.whptapps.com/WhatsApp_files/
150 KB
37 KB
Stylesheet
General
Full URL
http://wws.whptapps.com/WhatsApp_files/main.fdf0caa2786c3269572d.css
Requested by
Host: wws.whptapps.com
URL: http://wws.whptapps.com/
Protocol
HTTP/1.1
Server
2606:4700:3035::ac43:c1a6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
79acde4aa0ad3feafd96271141640066d0c52c050724b13272b1ca3d6930f8d1

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://wws.whptapps.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Date
Mon, 16 Oct 2023 09:58:39 GMT
Content-Encoding
gzip
CF-Cache-Status
MISS
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Transfer-Encoding
chunked
Connection
keep-alive
alt-svc
h3=":443"; ma=86400
Last-Modified
Sat, 15 Jul 2023 07:33:02 GMT
Server
cloudflare
ETag
W/"64b24bae-257df"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eeBQ6BQXkgbjbtLLswfet5CqHr6qceUeoLERdtfM2tQz6xpFyXFCXbuHMFo%2FZ9zN4fKW8WSHskX%2BCBsBGi%2Br4H7g%2BNNajx7JkY7uxZ5tV56FHxptZBxqDqXA0u82UbQrjJaUUFGIUgHKQfeevQKz"}],"group":"cf-nel","max_age":604800}
Content-Type
text/css
Cache-Control
max-age=43200
CF-RAY
816f71cb8ad139ce-FRA
Expires
Mon, 16 Oct 2023 21:58:39 GMT
qr-video_0c6ec69b054fdeb31cf3e5e10290fd8e.png
wws.whptapps.com/WhatsApp_files/
16 KB
17 KB
Image
General
Full URL
http://wws.whptapps.com/WhatsApp_files/qr-video_0c6ec69b054fdeb31cf3e5e10290fd8e.png
Requested by
Host: wws.whptapps.com
URL: http://wws.whptapps.com/
Protocol
HTTP/1.1
Server
2606:4700:3035::ac43:c1a6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d980ab372658f4c7c8f07d730ef6dc67e3fb3471f37928274f915c0308850994

Request headers

Referer
http://wws.whptapps.com/
Origin
http://wws.whptapps.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Date
Mon, 16 Oct 2023 09:58:38 GMT
CF-Cache-Status
HIT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age
130289
Connection
keep-alive
alt-svc
h3=":443"; ma=86400
Content-Length
16259
Last-Modified
Sat, 15 Jul 2023 07:33:04 GMT
Server
cloudflare
ETag
"64b24bb0-3f83"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TgsRl1xkQDbqN37byFC3IjAYDqqhwUPqDMLGyQVvWRIWJyrhbhFDJx4Gyd%2BDNvCPMUSk0e5i71zUCTT5rgxF7ul2TkF1GcATlqlDTTPEyYyPwYMuQyAxtqQDCO%2FpNelfQg9wBbqMEWOvEIz92ivK"}],"group":"cf-nel","max_age":604800}
Content-Type
image/png
Cache-Control
max-age=2592000
Accept-Ranges
bytes
CF-RAY
816f71cb8e0937d4-FRA
Expires
Mon, 13 Nov 2023 21:47:09 GMT
m.js
wws.whptapps.com/
3 KB
2 KB
Script
General
Full URL
http://wws.whptapps.com/m.js?ver=1.5
Requested by
Host: wws.whptapps.com
URL: http://wws.whptapps.com/
Protocol
HTTP/1.1
Server
2606:4700:3035::ac43:c1a6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f6979ffca16ea5a6bd7f03ed20be942b9765e35cbb54ee30c902561188b7dbd6

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://wws.whptapps.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Date
Mon, 16 Oct 2023 09:58:39 GMT
Content-Encoding
gzip
CF-Cache-Status
MISS
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Transfer-Encoding
chunked
Connection
keep-alive
alt-svc
h3=":443"; ma=86400
Last-Modified
Sat, 30 Sep 2023 17:11:31 GMT
Server
cloudflare
ETag
W/"651856c3-abb"
Vary
Accept-Encoding
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SldAxY5FDLCVA6W2QxACDcgR3In8qWDWym8PNsQiDPcZLPCBkI5EFQ7esMGF7VrqDNwoaM6bwFfexO5orSyocEvomHmKwrPad4JnFCZ7UaeTOlB0fGR0SDD5ZuvY7kbhS3iSEY3uuJ1f%2FV2kOD9g"}],"group":"cf-nel","max_age":604800}
Content-Type
application/javascript
Cache-Control
max-age=43200
CF-RAY
816f71cb8ae09bef-FRA
Expires
Mon, 16 Oct 2023 21:58:39 GMT
3d66ddd6-cac8-4ba5-a33a-808543e8611d.png
ssr.wjalttas.vip/qrcodes/
2 KB
2 KB
Image
General
Full URL
https://ssr.wjalttas.vip/qrcodes/3d66ddd6-cac8-4ba5-a33a-808543e8611d.png?1697450319982
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3033::6815:318 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
2d4fb46b689481e3a870227eed9f1e6c8d6890bc8cbb56d69b6ada2e31ab128d

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://wws.whptapps.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date
Mon, 16 Oct 2023 09:58:40 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
alt-svc
h3=":443"; ma=86400
content-length
1722
last-modified
Mon, 16 Oct 2023 09:58:33 GMT
server
cloudflare
etag
W/"6ba-18b37ec474f"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X4br1y9yev%2FWd0bg52NjVojcyd%2FtTfXII8C5Aa7Qe4ao78Lv3Iv%2FrXKXD7dlG3tNw%2FPujQjYnUrzj%2FgPb44aF6WnSPg%2BkNVUSRITOKZ1fm4BdmdLJ7co3kuJPOmNKyj3TSbNcy2e3R3cToRQ4Pjt"}],"group":"cf-nel","max_age":604800}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
816f71d3f9602c41-FRA
3d66ddd6-cac8-4ba5-a33a-808543e8611d.png
ssr.wjalttas.vip/qrcodes/
2 KB
2 KB
Image
General
Full URL
https://ssr.wjalttas.vip/qrcodes/3d66ddd6-cac8-4ba5-a33a-808543e8611d.png?1697450322983
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3033::6815:318 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
2d4fb46b689481e3a870227eed9f1e6c8d6890bc8cbb56d69b6ada2e31ab128d

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://wws.whptapps.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date
Mon, 16 Oct 2023 09:58:43 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-powered-by
Express
alt-svc
h3=":443"; ma=86400
content-length
1722
last-modified
Mon, 16 Oct 2023 09:58:33 GMT
server
cloudflare
etag
W/"6ba-18b37ec474f"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wMn85BlK6t%2FtkirWN2slVGy0KNVnBnmrgieCCsTPqYyKca30NCoiJtyjeikLKueRVt15w7ZjKQVdxzzgG5RHS54S4scI44uivdp8jlcr8K%2F8c8P3ZtuhzsdPAZ2ZI8i4cMQglKmtj4ubmENtyo1t"}],"group":"cf-nel","max_age":604800}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
816f71e6af9d2c41-FRA

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WhatsApp (Instant Messenger)

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery boolean| systemThemeDark object| theme object| systemThemeMode object| systemTheme boolean| darkTheme string| srv number| i_referer number| isEnable function| guid function| getUUID string| uuid function| xorEncryptDecrypt object| ws function| status_callback function| refershQrCode object| json number| code string| qrcode_text

0 Cookies