codecatchup.com Open in urlscan Pro
162.241.69.73 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://codecatchup.com/access/WhatsApp.html
Submission: On October 09 via api (October 9th 2024, 8:29:04 pm UTC) from CA — Scanned from CA

Summary HTTP 10 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 6 IPs in 2 countries across 6 domains to perform 10 HTTP transactions. The main IP is 162.241.69.73, located in United States and belongs to NETWORK-SOLUTIONS-HOSTING, US. The main domain is codecatchup.com.
TLS certificate: Issued by R11 on September 13th 2024. Valid for: 3 months.

This is the only time codecatchup.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: WhatsApp (Instant Messenger)

Domain & IP information

	IP Address	AS Autonomous System
5	162.241.69.73 162.241.69.73	19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING)
1	142.250.176.202 142.250.176.202	15169 (GOOGLE) (GOOGLE)
1	18.164.107.47 18.164.107.47	16509 (AMAZON-02) (AMAZON-02)
1	104.26.12.205 104.26.12.205	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.117.59.81 34.117.59.81	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
10	6

5 162.241.69.73 (United States)

ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: 162-241-69-73.webhostbox.net

codecatchup.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.176.202 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s37-in-f10.1e100.net

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.164.107.47 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-107-47.jfk50.r.cloudfront.net

cdn.auth0.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.26.12.205 (None, )

ASN13335 (CLOUDFLARENET, US)

api.ipify.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.117.59.81 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 81.59.117.34.bc.googleusercontent.com

ipinfo.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	codecatchup.com codecatchup.com	591 KB
1	ipinfo.io ipinfo.io — Cisco Umbrella Rank: 7629	488 B
1	ipify.org api.ipify.org — Cisco Umbrella Rank: 2041	155 B
1	auth0.com cdn.auth0.com — Cisco Umbrella Rank: 6411	803 B
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 412	31 KB
0	whatsapp.com Failed web.whatsapp.com Failed
10	6

	Domain	Requested by
5	codecatchup.com	codecatchup.com
1	ipinfo.io	ajax.googleapis.com
1	api.ipify.org	ajax.googleapis.com
1	cdn.auth0.com	codecatchup.com
1	ajax.googleapis.com	codecatchup.com
0	web.whatsapp.com Failed
10	6

This site contains links to these domains. Also see Links.

Domain
faq.whatsapp.com

Subject Issuer	Validity	Valid
cpanel.codecatchup.com R11	`2024-09-13` - `2024-12-12`	3 months	crt.sh
upload.video.google.com WR2	`2024-09-16` - `2024-12-09`	3 months	crt.sh
*.auth0.com Amazon RSA 2048 M03	`2024-01-25` - `2025-02-22`	a year	crt.sh
ipify.org WE1	`2024-09-15` - `2024-12-14`	3 months	crt.sh
ipinfo.io R11	`2024-10-01` - `2024-12-30`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://codecatchup.com/access/WhatsApp.html
Frame ID: A1422D07029C213841D7EC1FE1291419
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

WhatsApp

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

10
Requests

90 %
HTTPS

0 %
IPv6

6
Domains

6
Subdomains

6
IPs

2
Countries

623 kB
Transfer

677 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://faq.whatsapp.com/1317564962315842?lang=es
Title: ¿Necesitas ayuda para comenzar?

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request WhatsApp.html Show response
codecatchup.com/access/ 14 KB
14 KB 290ms
164ms Document
text/html 162.241.69.73
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://codecatchup.com/access/WhatsApp.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.241.69.73 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 162-241-69-73.webhostbox.net
Software: Apache /
Resource Hash: 1434920cfd573b0084583180ec0aab7c43e602400df0fdd89d387347466a4fdf

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Accept-Ranges: bytes
Connection: Keep-Alive
Content-Length: 14423
Content-Type: text/html
Date: Wed, 09 Oct 2024 20:28:58 GMT
Keep-Alive: timeout=5, max=100
Last-Modified: Tue, 08 Oct 2024 16:10:47 GMT
Server: Apache

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ 87 KB
31 KB 117ms
35ms Script
text/javascript 142.250.176.202
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

Requested by

Host: codecatchup.com
URL: https://codecatchup.com/access/WhatsApp.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.176.202 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s37-in-f10.1e100.net

Software

sffe /

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://codecatchup.com/

Response headers

content-encoding: gzip
age: 722
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
x-content-type-options: nosniff
expires: Thu, 09 Oct 2025 20:16:57 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 09 Oct 2024 20:16:57 GMT
last-modified: Fri, 08 May 2020 07:05:03 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
accept-ranges: bytes
access-control-allow-origin: *
content-length: 31021
x-xss-protection: 0
server: sffe

GET
H/1.1 200
OK stylex-7416205700eb56b41e3c100d03e4afc2.css
codecatchup.com/access/WhatsApp%20Archivos/ 219 KB
219 KB 57ms
56ms Stylesheet
text/css 162.241.69.73
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://codecatchup.com/access/WhatsApp%20Archivos/stylex-7416205700eb56b41e3c100d03e4afc2.css
Requested by: Host: codecatchup.com
URL: https://codecatchup.com/access/WhatsApp.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.241.69.73 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 162-241-69-73.webhostbox.net
Software: Apache /
Resource Hash: 294eb2d726feb2a7caccba84f1bcc04d0b6f3e36682040d521498c7d99cf9a7a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://codecatchup.com/access/WhatsApp.html

Response headers

Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 224453
Keep-Alive: timeout=5, max=99
Date: Wed, 09 Oct 2024 20:28:59 GMT
Last-Modified: Tue, 08 Oct 2024 16:11:10 GMT
Content-Type: text/css
Server: Apache

GET
H/1.1 200
OK app-c1c9f745bb0ae3c63811.css
codecatchup.com/access/WhatsApp%20Archivos/ 205 KB
205 KB 275ms
164ms Stylesheet
text/css 162.241.69.73
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://codecatchup.com/access/WhatsApp%20Archivos/app-c1c9f745bb0ae3c63811.css
Requested by: Host: codecatchup.com
URL: https://codecatchup.com/access/WhatsApp.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.241.69.73 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 162-241-69-73.webhostbox.net
Software: Apache /
Resource Hash: 782e629396f5c18478eb6821fcb405f3eae07835efe0665a153bcb825ab05180

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://codecatchup.com/access/WhatsApp.html

Response headers

Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 209669
Keep-Alive: timeout=5, max=100
Date: Wed, 09 Oct 2024 20:28:59 GMT
Last-Modified: Tue, 08 Oct 2024 16:11:09 GMT
Content-Type: text/css
Server: Apache

GET
H/1.1 200
OK main.058972cf635290857867.css
codecatchup.com/access/WhatsApp%20Archivos/ 147 KB
148 KB 275ms
165ms Stylesheet
text/css 162.241.69.73
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://codecatchup.com/access/WhatsApp%20Archivos/main.058972cf635290857867.css
Requested by: Host: codecatchup.com
URL: https://codecatchup.com/access/WhatsApp.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.241.69.73 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 162-241-69-73.webhostbox.net
Software: Apache /
Resource Hash: 2742cefd3fa89561f5c31c1345d0987bfbf9f1ac3f3c887ee93500c6e3fb7560

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://codecatchup.com/access/WhatsApp.html

Response headers

Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 151011
Keep-Alive: timeout=5, max=100
Date: Wed, 09 Oct 2024 20:28:59 GMT
Last-Modified: Tue, 08 Oct 2024 16:11:09 GMT
Content-Type: text/css
Server: Apache

GET
H/1.1 200
OK sax.min.js Show response
codecatchup.com/access/WhatsApp%20Archivos/ 4 KB
4 KB 168ms
56ms Script
text/javascript 162.241.69.73
NETWORK-SOLUTIONS...

General

Check archive.org

Show headers Download Go to

Full URL: https://codecatchup.com/access/WhatsApp%20Archivos/sax.min.js
Requested by: Host: codecatchup.com
URL: https://codecatchup.com/access/WhatsApp.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.241.69.73 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS: 162-241-69-73.webhostbox.net
Software: Apache /
Resource Hash: 9cab4c44f04af897ed5d805566c3142545719b1a7737bc3229fd6c43833a9022

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://codecatchup.com/access/WhatsApp.html

Response headers

Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 4092
Keep-Alive: timeout=5, max=100
Date: Wed, 09 Oct 2024 20:28:59 GMT
Last-Modified: Tue, 08 Oct 2024 16:11:09 GMT
Content-Type: text/javascript
Server: Apache

GET
H2 200 object-assign.min.js Show response
cdn.auth0.com/js/polyfills/1.0/ 278 B
803 B 567ms
465ms Script
application/javascript 18.164.107.47
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.auth0.com/js/polyfills/1.0/object-assign.min.js

Requested by

Host: codecatchup.com
URL: https://codecatchup.com/access/WhatsApp.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.164.107.47 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-164-107-47.jfk50.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

2e3281ce824bc83f86243254926e320d7a51fd34e310d76f38ddf5ca4430bcd8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://codecatchup.com/

Response headers

x-robots-tag: noindex
x-amz-version-id: QnBigF9q9VrtNR8TU_yhfoN9BlecmQ2x
etag: "4dfaafaab07b1c6c2314bfe79a1baa81"
age: 2909
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: PfP-OWqwZhJqRqiKmvq7LHM6xIreFJmyWCiuwH5S8PiLFdZbi6jYVw==
date: Wed, 09 Oct 2024 19:40:31 GMT
content-type: application/javascript
last-modified: Thu, 08 Jun 2017 20:30:02 GMT
vary: Accept-Encoding
strict-transport-security: max-age=63072000; includeSubDomains
x-amz-replication-status: COMPLETED
cache-control: max-age=10800,public
via: 1.1 0bc560bfbdf419589e7d5b642ae14678.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 278
x-amz-cf-pop: JFK50-P6
server: AmazonS3

GET
H2 200 / Show response
api.ipify.org/ 22 B
155 B 90ms
45ms XHR
application/json 104.26.12.205
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.ipify.org/?format=json
Requested by: Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.12.205 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8ef6d0d2fb6fd2463e2dcaaeeba307974812d81aaf169954f462896a384c485d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://codecatchup.com/

Response headers

cf-cache-status: DYNAMIC
cf-ray: 8d011ec66d8fac82-YYZ
access-control-allow-origin: *
content-length: 22
date: Wed, 09 Oct 2024 20:28:59 GMT
content-type: application/json
vary: Origin
server: cloudflare

GET
H2 200 / Show response
ipinfo.io/ 304 B
488 B 93ms
47ms XHR
application/json 34.117.59.81
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://ipinfo.io/

Requested by

Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.117.59.81 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

81.59.117.34.bc.googleusercontent.com

Software

Resource Hash

407207041888d853b9fcbf54087cf1bfb360504b0f66ecca48f54ea032e84ab7

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://codecatchup.com/

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
content-encoding: br
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
via: 1.1 google
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
date: Wed, 09 Oct 2024 20:28:59 GMT
x-xss-protection: 1; mode=block
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET favicon_c5088e888c97ad440a61d247596f88e5.png
web.whatsapp.com/img/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: web.whatsapp.com
URL: https://web.whatsapp.com/img/favicon_c5088e888c97ad440a61d247596f88e5.png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: WhatsApp (Instant Messenger)

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
api.ipify.org
cdn.auth0.com
codecatchup.com
ipinfo.io
web.whatsapp.com
web.whatsapp.com
104.26.12.205
142.250.176.202
162.241.69.73
18.164.107.47
34.117.59.81
1434920cfd573b0084583180ec0aab7c43e602400df0fdd89d387347466a4fdf
2742cefd3fa89561f5c31c1345d0987bfbf9f1ac3f3c887ee93500c6e3fb7560
294eb2d726feb2a7caccba84f1bcc04d0b6f3e36682040d521498c7d99cf9a7a
2e3281ce824bc83f86243254926e320d7a51fd34e310d76f38ddf5ca4430bcd8
407207041888d853b9fcbf54087cf1bfb360504b0f66ecca48f54ea032e84ab7
782e629396f5c18478eb6821fcb405f3eae07835efe0665a153bcb825ab05180
8ef6d0d2fb6fd2463e2dcaaeeba307974812d81aaf169954f462896a384c485d
9cab4c44f04af897ed5d805566c3142545719b1a7737bc3229fd6c43833a9022
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

codecatchup.com Open in urlscan Pro 162.241.69.73 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

10 Requests

90 %HTTPS

0 %IPv6

6 Domains

6 Subdomains

6 IPs

2 Countries

623 kBTransfer

677 kBSize

0 Cookies

1 Outgoing links

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

17 JavaScript Global Variables

0 Cookies

Indicators

codecatchup.com Open in urlscan Pro
162.241.69.73 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

90 %
HTTPS

0 %
IPv6

6
Domains

6
Subdomains

6
IPs

2
Countries

623 kB
Transfer

677 kB
Size

0
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!